Simple Cyber Terms and Conditions

Terms of Service

These Terms of Service (the “Terms”) govern Customer’s access to and use of the cybersecurity-related services offered by ACS hereunder and is effective as of the date of Customer’s purchase of the Subscription (the “Effective Date”). Customer and ACS may be referred to individually as a “Party” and collectively as the “Parties” in these Terms.

1. Provision of Subscription.

Subject to Customer’s compliance with the terms and conditions in these Terms and the Schedules attached thereto, ACS will (a) make available to Customer a licensed subscription to the cybersecurity services solution and related technology components and platforms, which shall be comprised of the Products and Services identified in Schedule A and Schedule B attached hereto (collectively, the “Subscription”).

2. Use of the Subscription; End Users

These Terms govern Customer’s use of the Products and the data, content, and services available on the Products. Each End User (“End Users” means Customer and one or more individuals who have been authorized by Customer to access the Subscription on behalf of Customer) will be provided with a user account, license keys, passwords, and/or other login credentials necessary to access the Subscription (“Login Credentials”), provided that End Users are limited to employees and contractors of Customer and shall be subject to the limitations in the Terms. End Users may be required to provide email address, usernames, passwords, and other customary personal information to create the Login Credentials. Customer and End Users must reasonably protect, keep confidential and secure their Login Credentials, including their user account, license keys, username, and passwords, and not make them available to persons or entities not authorized to the Subscription on behalf of Customer. Customer will (a) be responsible for End Users compliance with these Terms and liable for any End Users breach thereof, (b) comply with all laws applicable to the use of the Subscription, (c) use industry standard means to prevent unauthorized access to, use of or reproduction of the Subscription, and notify ACS promptly of any such unauthorized access, use or reproduction, (d) use the Subscription only as permitted in these Terms and by applicable laws, and (e) advise its employees, agents and contractors who have access to the Subscription of the restrictions in these Terms.

3. Customer Responsibilities and Acknowledgements.

3.1 Customer Data. Customer will be solely responsible for (a) its use of the Subscription and (b) the accuracy, quality, and legality of the data input by Customer into the Subscription and the results of processing of such data by the Subscription (collectively, the “Customer Data”) and the means by which Customer acquired the same. Customer agrees that its use of the Subscription and its use and disclosure of Customer Data will comply with all applicable laws.

3.2 Usage Restrictions. Customer will not (a) make the Subscription available to anyone other than Customer and its End Users or use any of the Subscription for the benefit of anyone other than Customer, for compensation or otherwise; (b) license, sublicense, resell, distribute, lease, rent, lend, transfer, assign, pledge, or otherwise dispose of the Subscription (or any Product, Service or components thereof) or any Documentation; (c) use the Subscription other than as permitted by the Terms and in conformity with the Documentation; (d) use the Subscription in violation of any laws or regulations, including, without limitation, to use Subscription to store or transmit infringing, libelous, or otherwise unlawful, tortious, harassing, abusive, threatening, vulgar, obscene, or otherwise objectionable material, or material that is harmful to minors in any way; (e) use the Subscription to store or send material in violation of third party property, personal, or privacy rights or other rights; (f) use the Subscription to store, transmit, or test for any virus, worm, spyware, Trojan Horse, or other software routines or other code designed to permit unauthorized access, disable, erase, or otherwise harm software, hardware, or data, or to perform any other harmful actions (“Malicious Code”) to the Subscription; (g) interfere with or disrupt the integrity or performance of any Subscription or any networks or computer systems used to provide the Subscription; (h) attempt to gain unauthorized access to any of the Subscription or networks or computer systems used to provide the Subscription or obtain the Service by any means or device with intent to avoid paying the fees that would otherwise be payable for such access or use; (i) probe, scan, or test the efficacy or vulnerability of the Subscription (or any Product or components thereof), or take any action in an effort to circumvent or undermine the Subscription technology, except for the legitimate testing of the Subscription in coordination with ACS, in connection with considering a subscription to the Services as licensed herein; (j) modify, translate, copy, exploit, or create derivative works of the Subscription, or any part, feature, function, or user interface thereof, except as expressly permitted herein; (k) access, test, and/or use any Subscription in order to build a competitive product or service; (l) attempt to or actually decompile, disassemble, reverse engineer, copy, frame, mirror, reduce to human-perceivable form, or seek access to any source code, algorithms, methods, or techniques embodied in or underlying any part or content of the Subscription, in whole or in part (to the extent such restriction is not prohibited by law); (m) attempt to remove, modify, or obscure any proprietary notices on the Products, Services or Documentation; (n) have any right to receive the code for the Subscription; (o) disclose to any third party or publish in any media any performance information or analysis relating to the Subscription; (p) make unauthorized, false, or misleading or illegal statements concerning the subject matter of these Terms, including the Subscription; or (q) harvest or collect information or data regarding other users of the Subscription. There are no implied licenses granted by ACS or its Third-Party Service Provider(s) under these Terms.

3.3 Suspension. If an End User is in material uncured breach of these Terms, or ACS reasonably suspects material breach of these Terms, without limiting ACS’s other rights or remedies, ACS may immediately suspend the End User’s use of the Subscription.

3.4 Modifications to Subscription. ACS may update the Subscription to reflect changes in, among other things, laws, regulations, rules, technology, industry practices, patterns of system use, and other relevant factors. ACS’s updates to the Subscription will not materially reduce the level of performance, functionality, or security of the Subscription.

3.5 Subcontracting. ACS may, as it deems appropriate, engage independent contractors, consultants, or other persons or entities (collectively, referred to as “Subcontractors”) to aid ACS in performing ACS’s duties under these Terms, so long as such Subcontractors agree in writing to abide by the terms of these Terms.

3.6 Third-Party Service Provider(s). The Subscription includes a bundled offering of the Products described in Schedule A. The Products are wholly or partially provided by an authorized third-party vendor(s) of ACS (“Third-Party Service Provider(s)”). Customer and End User use of and access to the Subscription may be limited by and is further governed by the additional third-party terms and conditions set forth in Schedule A inclusive of such Third-Party Service Provider(s)’ separate terms of service, privacy policies, other documentation, and Third-Party Licenses (defined in Section 6.3). Customer authorizes ACS to share any Customer Data, including any Confidential Information needed for the Third-Party Service Provider(s) to provide the Subscription. Customer is solely responsible for obtaining any necessary or required consents or authorizations for use of Customer Data in connection with the Subscription, to the extent applicable. For any Third-Party Service Provider Product that is provided pursuant to a separate agreement between the Third-Party Service Provider and ACS, if such separate agreement is terminated for any reason, ACS may immediately terminate such Product or Services without further liability; provided, however, that ACS shall endeavor to secure a substitute product from another Third-Party Service Provider to continue the inclusion of the same or a substantially similar product as provided by such terminated Third-Party Service Provider. With respect to any such partial termination of the Subscription, Customer shall only be responsible for fees and expenses for the applicable terminated Product that have accrued up to the effective date of termination.

4. Confidentiality.

4.1 By virtue of these Terms, the Parties may disclose to each other information that is confidential (“Confidential Information”). Confidential Information shall include but not be limited to the terms and pricing under these Terms (including the Schedules attached to the Terms), Customer Data residing in the Subscription, and all information clearly identified as confidential at the time of disclosure or which a reasonable person would understand to be subject to confidential treatment by the disclosing Party.

4.2 A Party’s Confidential Information shall not include information that: (a) is or becomes a part of the public domain through no act or omission of the other Party; (b) was in the other Party’s lawful possession prior to the disclosure and had not been obtained by the other Party either directly or indirectly from the disclosing Party; (c) is lawfully disclosed to the other Party by a third party without restriction on the disclosure; or (d) is independently developed by the other Party.

4.3 Each Party agrees not to disclose the other Party’s Confidential Information to any third party other than as set forth in the following sentence for a period of five (5) years from the date of the disclosing Party’s disclosure of the Confidential Information to the receiving Party; however, ACS will protect the confidentiality of Customer Data residing in the Subscription for as long as such information resides in the Subscription. Each Party may disclose Confidential Information only to those employees, agents or Subcontractors who are required to protect it against unauthorized disclosure in a manner no less protective than required under these Terms, and each Party may disclose the other Party’s Confidential Information in any legal proceeding or to a governmental entity as required by law; provided, however, that such Party must first, to the extent lawful, provide the other Party with prompt written notice of such requirement and shall cooperate with that Party to appropriately protect against or limit the scope of such disclosure. ACS will protect the confidentiality of Customer Data residing in the Subscription in accordance with Section 7.

5. Fees and Payment.

5.1 Fees and Expenses. Customer will pay the then-current Subscription cost multiplied by the number of laptops, desktops, servers and other protected endpoints (each, an “End Point”) identified at the point of sale (the “Fees”) plus any applicable taxes. Customer is responsible for payment of all Fees and applicable taxes. Except as otherwise specified in these Terms, (a) Fees are due by Customer regardless of whether the Subscription is activated or used, (b) payment obligations are non-cancelable and Fees paid are non-refundable, and (c) prices are stated in U.S. dollars. Customer may add additional End Points at any time during the Term and any Subscriptions for such additional End Points will be calculated at the Subscription cost at the time of such addition. If, at any time, Customer exceeds the number of End Points using the Subscription initially purchased (an “Overage”), Customer shall be charged for such Overage at the then-current cost of the Subscription, beginning as of the month in which such Overage first occurred and for each month thereafter in which such Overage continues.

5.2 Payment. Fees will be automatically charged to Customer’s payment method on file each month. If payment cannot be processed by Customer’s payment method on file, ACS will provide Customer with notice thereof via email, and Customer shall provide payment within thirty (30) days thereof (the “Cure Period”). If Fees remain unpaid at the end of the Cure Period, ACS may, in its sole discretion and without limiting its other rights and remedies, suspend or terminate any and all Subscriptions as of such date and Fees incurred prior to such date (including, but not limited to, those with respect to any Overage) shall be due and owing by Customer.

5.3 Renewals. Upon expiration of the applicable Term, the Subscription shall automatically renew in accordance with Section 12.2 below. Fees charged for each Renewal Term shall be determined and calculated based on the greatest number of Endpoints active in the Subscription during the thirty (30) day period immediately preceding the effective date of the Subscription renewal. At the expiration of the then-current Term, if any individual component of the Subscription has been renamed, upgraded or replaced, each subsequent renewal will be modified to account for any such modification, including any related pricing adjustment(s), as applicable.

5.4 Increases. Fees may be increased by ACS to the then-current cost of the Subscription. Any increase in Fees shall be automatically applied to Customer’s Subscription at the time such increase takes effect.

5.5 Taxes. Fees do not include any taxes, levies, duties, or similar governmental assessments of any nature, including, for example, value-added, sales, use, or withholding taxes, assessable by any jurisdiction whatsoever (collectively, “Taxes”). Any applicable Taxes shall be calculated and applied at the point of sale. Customer is responsible for paying all Taxes associated with its purchases hereunder. If ACS has the legal obligation to pay or collect Taxes for which Customer is responsible under this Section 5.5, ACS will identify such Taxes in its payment processing with Customer and Customer will pay that amount. For clarity, ACS is solely responsible for taxes assessable against it based on its income, property, and employees.

5.6 Audit. During the Term and for a period of one (1) year following the termination of the Subscription, except as to Overages that are otherwise determined by ACS, in order for ACS to verify and confirm Customer’s actual usage of any Product hereunder, upon written request to Customer, which request shall not be made more than once per quarter during the Term, Customer shall provide ACS reasonable access to the relevant Customer records, Product usage logs generated by any of the Product systems, and any other information reasonably related thereto to demonstrate compliance with these Terms. ACS may invoice Customer if, as a result of such audit, it learns of any shortfalls or additional Overages, and Fees charged to Customer for the Overage will be based on ACS’s then-current price list and fees shall be charged, commencing upon the date the additional usage first occurs, for the duration in which those End Points remain active.

5.7 Future Functionality. Customer agrees that its purchases are not contingent on the delivery of any future functionality or features, or dependent on any oral or written comments made by ACS regarding future functionality or features.

6. Proprietary Rights and Licenses.

6.1 Reservation of Rights. Subject to the limited rights expressly granted hereunder, ACS, the Third-Party Service Provider(s) and its and their respective licensors reserve all of their right, title, and interest in and to the Subscription, including all of their related intellectual property rights. No rights are granted to Customer other than as expressly set forth in these Terms.

6.2 Permission to Use Subscription. ACS grants to Customer a non-exclusive, non-transferable, non-sublicensable right to use the Products, the Services, and any user manuals, release notes, installation notes, and other materials delivered by ACS with the Subscription (the “Documentation”) ordered by Customer, solely during the Term, and solely for Customer’s internal business operations and to permit its End Users to do the foregoing, all subject to the terms and conditions of these Terms.

6.3 Third-Party Service Provider Requirements. Customer recognizes that ACS has various licenses for software and databases that enables it to provide the Subscription (the “Third-Party Licenses”), including but not limited to those referenced in Schedule A. Customer recognizes that the Third-Party Licenses have various limitations, restrictions, and requirements, including, without limitation, copyright, and trademark protections. ACS agrees to adhere to all Third-Party Licenses referenced in this paragraph and those attached as schedules or addenda to these Terms, if applicable. Customer agrees to adhere to all Third-Party Licenses referenced in this paragraph and attached as schedules or addenda to these Terms (which may include end user license agreements), and further agrees that all usage restrictions described in Section 3.2 of these Terms apply to such Third-Party Licenses, even if the Third-Party licenses are not included in Schedule A. Customer recognizes that the Terms may be amended from time to time unilaterally upon written notice to Customer to reflect any changes between the Third-Party Service Provider(s) and ACS; provided, however, that Customer shall have the right to terminate the particular portion of the Subscription affected by such changes if they materially affect such Subscriptions provided by ACS hereunder, either directly or via Third-Party Service Provider(s), and Customer shall be entitled to a refund of amounts paid for any such portion of the Subscription that are not provided to Customer by ACS as of the termination date.

6.4 License by Customer to Use Feedback. Customer grants to ACS and its affiliates a worldwide, non-exclusive, perpetual, irrevocable, royalty-free, transferable, sublicensable license to use and incorporate into the Products and Services in a manner that does not halt, interrupt, interfere with, or negatively impact the Subscription, any suggestion, enhancement request, recommendation, correction, or other feedback (“Feedback”) provided by Customer or its End Users relating to the Products and Services. ACS will not be obligated to credit Customer or its End Users for Feedback or hold any Feedback in confidence. For the avoidance of doubt, all Feedback may be shared by ACS with its Third-Party Service Provider(s), in ACS’s sole discretion.

7. Customer Data; Security; Privacy.

7.1 Ownership. Customer will retain ownership of Customer Data.

7.2 Processing Limitations and Security Obligations. In providing the Subscription, ACS and its Third-Party Service Provider(s) will: (i) store, process and access Customer Data only to the extent reasonably necessary to provide the Subscription and to improve the Subscription, and (ii) implement and maintain industry best practices and commercially reasonable technical, physical, administrative and organizational measures to protect the security, confidentiality and integrity of Customer Data hosted by ACS, Third-Party Service Provider(s), and/or their authorized third parties from unauthorized access, use, alteration or disclosure. ACS and Customer agree that the Data Processing Addendum, attached hereto at Schedule C, forms an integral part of the Terms.

7.3 Use of Customer Data. Subject to Section 4, Customer hereby grants to ACS a sub-licensable, non-exclusive, royalty-free, worldwide license and right (including under Customer’s intellectual property rights, whether owned by or licensed to Customer) to use, reproduce, electronically distribute, transmit, have transmitted, modify, de-identify, perform, display, store, archive, aggregate, index, and create derivative works from Customer Data solely for the purposes of providing the Subscription to Customer. To the extent applicable, Customer shall obtain all necessary and appropriate consents to upload and process Customer Data in compliance with these Terms and applicable data protection and privacy laws and regulations, including all laws and regulations applicable to personal data / personally identifiable information.

7.4 Data Privacy. “Personal Information” shall have the meaning given in ACS’s Privacy Policy available at acrisure.com/privacy (the “Privacy Policy”). ACS will handle Customers’ Personal Information in accordance with the Privacy Policy, these Terms and privacy laws applicable to the Personal Information collected by the Subscription. Such privacy laws include, to the extent applicable, the California Civil Code Sec. 1798.100 et seq. (“CCPA”) and EU General Data Protection Regulation 2016/679 (“GDPR”) and ACS shall act exclusively as a service provider (as defined by CCPA) and data processor (as defined in GDPR) and shall retain, use, disclose, and process Personal Information solely for the purpose of providing and enhancing the Services and Products subject to these Terms, and as otherwise instructed by Customer.

7.5 Data transfer and restrictions. ACS shall not use or disclose Customer Data, except to its Third-Party Service Provider(s) and its and their licensors and (i) as compelled by law; (ii) as expressly permitted by these Terms or by Customer in writing; (iii) to implement and deliver the features and functionality associated with the normal use of the Subscription and/or to perform its obligations hereunder, including support; or (iv) to help Customer prevent or address service or technical problems.

7.6 Hosting Location. Unless otherwise specifically agreed, Customer Data may be hosted by ACS, Third-Party Service Provider(s), or their authorized Third-Party Service Provider(s) in the United States, the European Economic Area (“EAA”), or other locations around the world.

7.7 ACS Data. Notwithstanding anything to the contrary in these Terms, ACS shall have the right to monitor, collect, use, store, and analyze data and other information relating to the provision, use, and performance of various aspects of the Subscription and related systems and technologies (including, without limitation, information concerning Customer Data and data derived therefrom) (“ACS Data”), and ACS will be free (during and after the Term) to: (i) use ACS Data to improve and enhance the Subscription and for other development, diagnostic, and corrective purposes in connection with the Subscription and other ACS offerings; and (ii) disclose ACS Data solely in aggregate or other de-identified form in connection with its business. For the avoidance of doubt, ACS Data shall not be considered Customer Data.

8. Representations, Warranties, Exclusive Remedies and Disclaimers.

8.1 ACS Representations. ACS hereby represents and warrants to Customer that (i) it has the full right, power and authority to enter into these Terms; (ii) ACS’s Terms, and its performance hereunder, does not and shall not violate any law, statute, or regulation or any contractual obligation of ACS; (iii) the Subscription shall be provided in accordance with all applicable laws, regulations, and safety standards, and shall not infringe upon or violate any right of any nature or kind of any third party; and (iv) ACS shall take commercially reasonable efforts to ensure that the Subscription are free of any defects including, without limitation, Malicious Code.

8.2 ACS Services Warranty. ACS warrants that the ordered Products and related Services will conform in all material respects to any description of the Subscription in the Documentation. If ACS breaches this warranty, Customer’s sole and exclusive remedy, and ACS’s entire liability, will be, correction or reperformance of the deficient portion of the Subscription, or if ACS cannot so correct or reperform the deficient portion of the Subscription within ninety (90) days of receipt of Customer’s written notice thereof, Customer may terminate the affected Product or Service without further liability other than for fees and expenses that have accrued up to the effective date of termination. This limited warranty will not apply to the extent (i) the nonconformity was caused by Customer’s abuse, misuse, or improper use of the Subscription or other violation of these Terms; (ii) if the Subscription is not used in compliance with the applicable Documentation; (iii) if the Subscription or any part thereof has been modified other than by ACS, its Subcontractors, or any Third-Party Service Provider(s) or with ACS’s written approval or Customer fails to accept or adopt any update offered by ACS or its Third-Party Service Provider(s); or (iv) to Evaluations or Demonstrations of the Subscription.

8.3 DISCLAIMERS. EXCEPT AS EXPRESSLY PROVIDED HEREIN, ACS DOES NOT MAKE ANY REPRESENTATION, WARRANTY OR GUARANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND ACS DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SATISFACTORY QUALITY, OR NON-INFRINGEMENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. ACS DOES NOT REPRESENT OR WARRANT THAT (A) THE SUBSCRIPTION OR DATA WILL BE CONTINUOUSLY AVAILABLE, ERROR-FREE, ACCURATE, COMPLETE, OR COMPLETELY SECURE, (B) MALICIOUS CODE WILL NOT BE TRANSMITTED TO CUSTOMER IN USE OF THE SUBSCRIPTION, (C) ALL DEFECTS IN THE SUBSCRIPTION WILL BE CORRECTED, (D) THE SUBSCRIPTION WILL MEET CUSTOMER’S REQUIREMENTS OR EXPECTATIONS, OR (E) CUSTOMER WILL ACHIEVE ANY PARTICULAR RESULT. ANY USE OR RELIANCE UPON THE REPORTS BY CUSTOMER SHALL BE AT ITS OWN RISK. ACS WILL NOT BE LIABLE IN ANY WAY RELATED TO ANY THIRD-PARTY CONTENT, DATA OR APPLICATION. SUBSCRIPTIONS USED ON AN EVALUATION OR DEMONSTRATION BASIS ARE PROVIDED “AS-IS.”

9. Infringement Claims.

9.1 Remediation of Infringement Claims. If ACS believes or it is determined that the Subscription (or any Product or Service provided as a part of the Subscription) may have violated a third party’s intellectual property rights, ACS , in its sole discretion, shall either modify the Subscription to be non-infringing (while substantially preserving its utility or functionality) or obtain a license to allow for continued use, or secure a substitute Product from a third party to continue the uninterrupted provision of the Subscription, or if these alternatives are not commercially reasonable, ACS may terminate the affected portion of the Subscription and refund any unused, prepaid fees for the affected Products or Services Customer may have paid.

9.2 Exclusive Remedy. This Section 9 states ACS’s sole liability, and Customer’s exclusive remedy, for any type of third-party claim described in this Section 9.

10. Insurance.

At all times during the Term, ACS shall procure and maintain, at its sole cost and expense, at least the following types and amounts of insurance coverage:

(a) Commercial General Liability with limits no less than $1,000,000 per occurrence and $2,000,000, in the aggregate, including bodily injury and property damage and products and completed operations and advertising liability, which policy will include contractual liability coverage insuring the activities of ACS under these Terms;
(b) Errors and Omissions/Professional Liability with limits no less than $1,000,000 per claim and $5,000,000, in the aggregate; and
(c) Cyber Liability Insurance with limits no less than $1,000,000 per claim and $10,000,000, in the aggregate.

All such insurance policies shall (i) be issued by insurance companies with a financial strength rating of A or higher and (ii) provide that such insurance be primary insurance and any similar insurance in the name of and/or for the benefit of Customer shall be excess and non-contributory.

11. LIMITATION OF LIABILITY AND CLAIMS.

11.1 LIMITATION OF LIABILITY. NEITHER ACS, THE THIRD-PARTY SERVICE PROVIDER(S), NOR CUSTOMER WILL BE LIABLE UNDER THESE TERMS FOR ANY LOST INCOME OR LOST PROFITS OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER OR PUNITIVE DAMAGES, WHETHER FOR TORT (INCLUDING NEGLIGENCE), CONTRACT, BREACH OF WARRANTY OR ANY OTHER CAUSE OF ACTION OR THEORY OF LIABILITY, WHETHER OR NOT FORESEEABLE AND HOWEVER RISING, AND EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. EACH PARTY’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THE SUBSCRIPTION, THESE TERMS, WHETHER FOR TORT (INCLUDING NEGLIGENCE), CONTRACT, BREACH OF WARRANTY, OR ANY OTHER CAUSE OF ACTION OR THEORY OF LIABILITY, WILL NOT EXCEED THE AMOUNT CUSTOMER PAID FOR THE SUBSCRIPTION TO ACS TO WHICH THE CLAIM RELATES DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM, WITH THE EXCEPTION OF ACS’S LIABILITY UNDER SECTION 9 WHICH SHALL BE LIMITED AS STATED IN SECTION 9. THE LIMITATIONS HEREIN WILL APPLY EVEN IF A REMEDY FAILS OF ITS ESSENTIAL PURPOSE. NOTWITHSTANDING THE FOREGOING, THE LIMITATIONS HEREIN SHALL NOT APPLY IN THE EVENT THE CLAIM ARISES OUT OF OR RESULTS FROM THE GROSS NEGLIGENCE, CRIMINAL, FRAUDULENT, RECKLESS, OR WILLFUL MISCONDUCT OF THE OTHER PARTY OR BREACHES OF SECTION 3.2 CUSTOMER ACKNOWLEDGES AND AGREES THAT THE LIMITATIONS HEREIN ARE REASONABLE AND A BASIS OF THE BARGAIN, AND THAT ACS WOULD NOT ENTER INTO THESE TERMS WITHOUT CUSTOMER’S AGREEMENT TO SUCH LIMITATIONS.

11.2 LIMITATION ON TIME TO FILE CLAIMS. A PARTY MUST FILE ANY CLAIM ARISING FROM OR RELATED TO THESE TERMS WITHIN ONE (1) YEAR AFTER THE CLAIM AROSE, OR THE CLAIM WILL BE FORFEITED AND FOREVER BARRED.

12. Term and Termination.

12.1 Term. These Terms shall commence on the date a Subscription is purchased and shall continue for so long as Customer maintains an active Subscription.

12.2 Subscription Term. A Subscription shall commence on the date such Subscription is first purchased and shall continue for a period of twelve (12) months (the “Initial Term”). Unless Customer logs into the Customer Portal and notifies ACS therein that it does not want to renew a Subscription prior to the end of the Initial Term in accordance with Section 12.3, then, in accordance with Section 5.3, such Subscription shall automatically renew for a successive twelve (12) month term (each a “Renewal Term”) (the Initial Term and each and every Renewal Term collectively referred to as the “Term”).

12.3 Non-Renewal. Prior to the expiration of a current Term, Customer will receive notice of automatic renewal pursuant to Section 5.3. Prior to the commencement of the Renewal Term, Customer must update their automatic renewal to non-renewing or non-renewal status in the Customer Portal through the instructions provided in the renewal notice.

12.4 Termination. If either Party commits a material breach of any term or condition of these Terms (including, but not limited to, Customer’s failure to pay amounts when due hereunder and ACS’s failure to deliver or provide the Subscription in accordance with these Terms) that is not cured within thirty (30) days following receipt of notice of the breach, the non-breaching Party may terminate the Subscription immediately with written notice to the other Party.

12.5 Termination of the Subscription will not relieve Customer of its obligation to pay any Fees owed to ACS for the Subscription rendered prior to the effective date of termination. Customer’s right to use the Services ordered will terminate immediately and automatically upon the expiration or termination of the Subscription. The following Sections will survive any termination or expiration of these Terms: 3.1, 3.2, 4, 5, 6.1, 6.3, 6.4, 7, 8, 9, 10, 11, 12, 13.7, 13.8, and 13.12.

13. General Provisions.

13.1 Trade Sanctions, Export, and Import Compliance. The Subscription, and derivatives thereof, may be subject to trade sanctions, export laws, import laws, and regulations of the United States and other jurisdictions. Customer represents that it is not named on any U.S. government denied restricted-party list (including the Specially Designated Nationals and Blocked Persons List, Foreign Sanctions Evaders List, and Sectoral Sanctions Identifications List, administered by U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”), and the Denied Party List, Entity List and Unverified List, administered by U.S. Commerce Department’s Bureau of Industry and Security ("BIS")). Customer will not access or use a Subscription in a U.S.-embargoed country or in violation of any U.S. Sanctions and Export Laws or regulations and will comply with all applicable export controls, trade sanctions, and import laws, and regulations in Customer’s use of the Subscription, including without limitation the regulations of BIS and OFAC.

13.2 Entire Agreement. These Terms, the Schedules included with these Terms, and all of the Third-Party Service Provider terms and conditions and Third-Party Licenses (which are hereby incorporated into these Terms) contain the entire agreement between ACS and Customer regarding ACS’s provision of, and Customer’s receipt and use of, the Subscription (including the Products and Services), and supersede all prior and contemporaneous agreements, proposals, or representations, written or oral, concerning their subject matter.

13.3 Modifications to Terms. ACS may make modifications to these Terms and the Schedules incorporated therein from time to time as required or reasonably deemed to be necessary by ACS in accordance with modifications to the Subscription as contemplated by Section 3.4 or as required by Third-Party Service Provider(s); provided, however, that Customer shall have the right to terminate the Subscription if any such modifications materially reduce the functionality, substantially affect the nature and/or pricing of the Subscription provided by ACS hereunder, either directly or via requirements of the Third-Party Service Provider, and Customer shall be entitled to a refund of amounts pre-paid for any Subscription provided after the effective date of termination. Customer may view the most current version of these Terms and the Schedules by visiting https://about.acrisure.com/simple-cyber-terms, which shall contain the corresponding effective date thereof.

13.4 Relationship. The Parties are independent contractors. These Terms do not create a partnership, joint venture, agency, or employment relationship between the Parties.

13.5 Publicity. Customer hereby grants ACS a non-exclusive license solely during the Term to list Customer’s name and display Customer’s logo in the customer section of ACS’s website and to use Customer’s name and logo in ACS’s customer lists. Any other use by ACS of Customer’s name, logo, or trademark requires Customer’s prior written consent (such consent not to be unreasonably withheld).

13.6 Third-Party Beneficiaries. There are no third-party beneficiaries of these Terms.

13.7 Injunctive Relief. A Party’s breach of these Terms related to confidential information, intellectual property rights or a breach of the usage restrictions may cause the non-breaching Party irreparable harm for which the recovery of money damages would be inadequate. Therefore, if a Party breaches or threatens to breach these Terms related to the other Party’s confidential Information, intellectual property rights, or the usage restrictions, the non-breaching Party will be entitled to seek injunctive relief, without the need to post a bond or prove actual monetary damages, to protect its rights under these Terms, in addition to any and all remedies available at law.

13.8 Waiver. No failure or delay by either Party in exercising any right under these Terms will constitute a waiver of that right. A Party can enforce a waiver only if the other Party made the waiver in writing.

13.9 Severability. If any provision of these Terms is held by a court of competent jurisdiction to be contrary to law, the provision will be reformed to the nearest enforceable provision (or deemed severed from these Terms to the extent that is impermissible), and the remaining provisions of these Terms will remain in effect.

13.10 Construction. These Terms will be construed against the drafter. Lists following “include”, “includes” or “include” are illustrative and not exhaustive.

13.11 Force Majeure. Each Party’s non-performance under these Terms will be excused to the extent due to a cause beyond its reasonable control.

13.12 Governing Law. These Terms, and all obligations resulting here from, and all claims or causes of action arising from or related hereto (regardless of form) shall be construed and enforced in accordance with and governed by the laws of the State of Michigan, USA, without giving effect to any principle of law that would cause the application of the law of any other jurisdiction.

13.13 Notices. All notices related to these Terms will be in writing and will be effective upon (a) personal delivery or (b) the second day after delivered or sent by an internationally recognized overnight delivery service, costs prepaid.

Last updated: [July 17, 2024], 2024

Schedule A

Products Included in the Subscription

I. Managed Detection & Response Services

Customer agrees and acknowledges that the Subscription is comprised of a bundled Services offering of Products provided to Customer by a Third-Party Service Provider(s), Sophos Ltd (“Sophos”), namely, End Point Detection and Response Email Security, a description of which is available here:

https://www.sophos.com/en-us/legal/mdr-description

Sophos has passed through certain provisions governing use of its Products hereunder. Customer agrees and acknowledges that ACS is an authorized reseller for Sophos. Customer further agrees and acknowledges that Sophos may require Customer and End Users to agree to and accept the following End User Terms of Use provided as part of the registration process. Accordingly, use of and access to the Products by Customer and End Users requires continued contractual agreement between ACS and the Third-Party Service Provider(s).

https://www.sophos.com/en-us/legal/sophos-end-user-terms-of-use

Customer agrees and acknowledges that ACS’s provision of the Subscription is conditioned upon Customer’s systems meeting, at all times during the Term, each of the following requirements, as applicable:

https://support.sophos.com/support/s/article/KB-000034671?language=en_US

II. ACS

In providing the Services, ACS will assist Customer upon its request in onboarding the Products into the client technology environment. To that end, ACS will use commercially reasonable efforts to assist Customer in configuring its SaaS mail environment for Sophos email security, provided Customer meets the minimum system requirements as laid out in the applicable Sophos product terms. ACS will also deploy endpoint detection and response agent software to all identified Customer workstations, provided it meets the minimum system requirements as laid out in the Sophos product terms and a sufficient broadband internet connection exists to facilitate remote access to the machine(s). At no point shall any of the Services provided by ACS be expected to be performed onsite or in person. ACS will also apply a base configuration for email and endpoint security leveraging well-known industry best practices.

See Schedule B for additional details regarding the Services provided by ACS.

Schedule B

Support Services

ACS will provide basic help desk technical support services to Customer related to the performance of the Sophos Managed Detection & Response products as set forth in Schedule A.

Customer will report perceived or actual issues directly to ACS. The primary function of ACS support is to collect relevant information, perform first level troubleshooting, problem identification, analyze and quantify the issue, and determine the source of the issue and resolve if possible and related to the Sophos MDR products.

Deployment:

ACS will provide Customer with an onboarding link and Customer will authorize Microsoft 365 or Google Workspace API access per ACS-provided instructions, ACS will be available to assist in the deployment of email security into the mail tenant.

In order to facilitate proper mail security routing, ACS will need to assist Customer in updating Domain Name Server (“DNS”) settings, with the expectation Customer will need to have appropriate account access to their domain register or DNS server settings.

ACS will contact Customer with a scheduling request at which time they will assist in deploying the endpoint security product onto all applicable workstations and ensure that competing endpoint security products, where possible, are removed.

Proactive and Reactive Approaches:

Proactive: Through system monitoring, Sophos will trigger alerts and attempt an automatic resolution. Should Sophos be unable to remedy security incidents within their own system response, their team will reach out to ACS who will make best-effort attempts to resolve the alerted issue.

Reactive: Upon a perceived or actual issue, Customer may submit a ticket via chat support in the Customer Portal. The ticket is created, Customer will be entered into chat support with the ACS helpdesk and then routed to a support or support escalation workflow as necessary. Customer agrees and understands that while all of Customer employees may access the Customer Portal, only Customer’s designated primary account contact (i.e., the person whose email is listed/identified in the Subscription purchase) is permitted to open a chat support ticket for deployment or assistance.

Customer will timely report false positive (safe email erroneously quarantined by products email security) or false negative (malicious email not quarantined by products email security) emails to ACS via ACS Client Portal chat to ACS support. Customer is solely responsible for responding to inquiries from Customer’s end-users.

External Repair:

If the issue is determined to result from an issue external to the specific configuration or deployment of the Sophos MDR toolset, ACS will notify Customer for their recommendations for a repair. Customer may choose to engage with ACS for ad-hoc support outside the scope of the Subscription to resolve external issues. Any ad-hoc services are not included in the Fees and are subject to additional fees to Customer, as mutually agreed by the Parties.

ACS itself or through its Third-Party Service Provider is responsible for providing external repair support to Customer. The primary function of external repair support is to perform targeted, diagnostic testing of the operation of the Products to determine the nature of the problem in the Solution Component.

Priority Levels:

Critical: A “Critical” priority is given to issues that adversely affect the Services or a Product, rendering it unusable.

High: A “High” priority is given to issues that impair some features or functionality of the Services but does not impact the basic use of the affected Product or the Services.

Standard: A “Standard” priority is given to an issue that does not impact the operation or use of any Product.

Response and Resolution Table: Once a problem has been classified by ACS as falling within ACS’s technical support responsibilities, ACS must respond and resolve the issue according to the timeframes established in the table below:

Priority Levels	Initial ACS Response Time	ACS Final Resolution Time
Critical	Two (2) hours after Customer reports the issue to ACS	ACS will work diligently to resolve the issue or propose a workaround and will follow up with Customer every four (4) hours until the problem is resolved.
High	Twelve (12) hours after Customer reports the issue to ACS	ACS will work diligently to resolve the issue or propose a workaround and will follow up with Customer every twelve (12) hours until the problem is resolved
Standard	Twenty-four (24) hours after Customer reports the issue to ACS	ACS will work diligently to resolve the issue or propose a workaround and will follow up with Customer every twenty-four (24) hours until the problem is resolved

Conditions and Ticket Closure:

Exclusions. ACS is not obligated to provide the Support Services in the following situations: (i) the problem is caused by Customer’s or End User’s gross negligence, hardware malfunction, or other causes beyond the reasonable control of ACS; or (ii) the problem is with third-party software not licensed through or provided by ACS.

Ticket Closure. ACS reserves the right to conclude its performance of a particular Support Services case when, in its reasonable discretion, ACS determines that it has provided a satisfactory resolution or workaround for the issue.

Online Support Schedule. Notwithstanding anything contained within this Schedule, to the extent a conflict between these Support Services Terms and any ACS support plans made available in the Documentation or on ACS’s website, the support plans made available online shall apply in lieu of, and supersede, the support related commitments contained in this Schedule.

Schedule C

Data Processing Addendum

The terms used in this Data Processing Addendum (the “DPA”) shall have the meanings set forth in this DPA. Capitalized terms not otherwise defined herein shall have the meaning given to them in the Terms. Except as modified below, the Terms shall remain in full force and effect.

The parties hereby agree that the terms and conditions set out below shall be added as an addendum to the Terms.

1. Definitions.

1.1.1 “Affiliate” means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with either Customer or ACS respectively, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise.
1.1.2 “Applicable Laws” means any privacy or security law that applies to Customer Personal Data, including, but not limited to, the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act of 2020).
1.1.3 “Customer Personal Data” means information that is processed by ACS, or collected by ACS, on behalf of Customer which identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular identified or identifiable person or household.
1.1.4 “Data Subject” means any identifiable individual or household included, or previously included, within Customer Personal Data.
1.1.5 “Process” means any operation or set of operations that are performed on Customer Personal Data.
1.1.6 “Processor” means any entity that performs the Processing of Customer personal data. For the purposes of the Terms and DPA, ACS, and any applicable Third-Party Service Provider(s) or Subcontractors, are Processors.
1.1.7 “Subprocessor” means any Processor (including any third party and any ACS Affiliate) engaged by ACS to Process Customer Personal Data.

2. Authorization to Process Data.

2.1.1 ACS shall only Process Customer Personal Data on behalf of Customer and in accordance with Customer’s instructions, the Terms, and Applicable Laws. The parties agree that as part of the services, ACS may Process Customer Personal Data for research, development, and analysis purposes in order to improve the services, customer experience, products, and as needed for related legitimate business purposes. ACS shall not Process Customer Personal Data for any other purpose and shall immediately inform Customer if, in its opinion, any request related to the Processing of Customer Personal Data or any request for audits, or inspections, of ACS’s compliance with this DPA infringes upon any Applicable Law.
2.1.2 ACS shall not sell Customer Personal Data as the term “sell” (or similar term) is defined by Applicable Laws.

3. Access and Confidentiality. ACS will limit access to those individuals who need to access Customer Personal Data and will require all individuals who have access to Customer Personal Data to keep such data confidential.

4. Security.

4.1.1 ACS shall implement reasonable and appropriate technical and organizational measures to protect Customer Personal Data consistent with Applicable Laws, as further described in Exhibit 1 to this DPA (“Security Measures”). ACS may, in its discretion, make reasonable updates or modifications to the Security Measures set out in Exhibit 1 from time to time.
4.1.2 In assessing the appropriate level of security, ACS shall take into account the risks that are presented by Processing, in particular from accidental, unauthorized, or unlawful destruction, loss, alteration, damage, disclosure of, or access to, Customer Personal Data transmitted or stored.

5. Subprocessing.

5.1.1 The parties agree that ACS has general authorization to utilize Subprocessors.
5.1.2 ACS shall confirm that all Subprocessors are subject to written privacy and security terms that impose materially the same obligations as those set out in this DPA.

6. Data Subject Rights.

6.1.1 ACS shall promptly notify Customer if it receives a request, complaint, or other communication from a Data Subject in respect to Customer Personal Data, including a request by a Data Subject that ACS access, modify, or delete Customer Personal Data. Customer shall be responsible for responding to any such issue. To the extent that Customer needs ACS’s assistance in addressing any such request, Customer shall provide instructions to ACS for providing such assistance.
6.1.2 Upon receipt of instructions from Customer in accordance with Section 6.1, ACS shall reasonably assist Customer in addressing such instructions.

7. Security Incident. ACS shall, without undue delay, notify Customer of any unauthorized disclosure, destruction, or loss or access of Customer Personal Data (“Security Incident”). ACS’s obligation to report or respond to a Security Incident does not alter Customer’s responsibility and liability with regard to Security Incident under Applicable Laws and will not be construed as an acknowledgement by ACS of any fault or liability with respect to the Security Incident.

8. Deletion or return of Customer Personal Data.

8.1.1 ACS shall promptly upon Customer’s request or in any event within 90 calendar days of the effective date of termination of the Terms: (a) securely return a copy of all Customer Personal Data to Customer; or (b) delete and procure the deletion of all other copies of Customer Personal Data Processed by ACS or any Subprocessor, excluding any back-up or archival copies which shall be deleted in accordance with ACS’s data retention schedule.
8.1.2 Notwithstanding Section 8.1.1 of this DPA, ACS may retain Customer Personal Data to the extent required by Applicable Laws, but only to the extent and for such period as required by Applicable Laws. If required by law to retain Customer Personal Data, ACS will continue to ensure the confidentiality of such Customer Personal Data and only Process Customer Personal Data as necessary for the purpose specified in the Applicable Laws that require its storage and in accordance with the terms of this DPA.

9. General Terms. Customer and ACS hereby agree that the terms and conditions set out herein shall be added as an DPA to the Terms. This DPA and the other portions of the Terms shall be read together and construed, to the extent possible, to be in concert with each other. With respect to any conflict between the Terms and this DPA, the DPA shall prevail.

EXHIBIT 1 to DATA PROCESSING ADDENDUM

DETAILS OF SECURITY MEASURES FOLLOWED BY ACS

As of the Effective Date, ACS will take and implement the Security Measures set out in this Exhibit 1. Taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, ACS shall implement appropriate administrative, technical, and organizational measures to ensure a level of security appropriate to the risk, including, inter alia, as appropriate:

1. the pseudonymization and encryption of Customer Personal Data;
2. the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services;
3. the ability to restore the availability and access to Customer Personal Data in a timely manner in the event of a physical or technical incident; and
4. a process for regularly testing, assessing, and evaluating the effectiveness of administrative, technical, and organizational measures for ensuring the security of the processing.

Legal & Policies