TERMS & CONDITIONS
The following are the terms and conditions (the “Terms and Conditions”) on which we will provide the Security Solutions and Services set forth in the above Quote. Together, the Terms and Conditions and the Quote are referred to as the “Contract,” which forms the entire agreement between NopSec and Customer relating to the Security Solutions and Services.
- Any variation to this Contract, notwithstanding any variation to the Services specified in the Proposal, shall be set forth in a separate proposal executed by both parties which will be made part of this Contract. All covenants, conditions and agreements contained in the confidentiality Agreement by and between the parties executed as of the latest countersignature date are hereby made a part of this contract to the same extent and with the same force as if fully set forth herein.
- If we do not receive payment of any invoice within 30 days of the invoice date, we shall be entitled, without prejudice to any other rights that we may have, to suspend provision of the Security Solution and Services until all sums due are paid in full.
- NopSec’s fees are based, in part, on specification and assumption information provided by Customer. If any such information is incorrect or requires revision, NopSec’s fees may be adjusted accordingly. All additional work required due to changes in assumptions, specifications, or conditions of the site, will only be performed pursuant to a valid change order.
- If the Customer purchases Offensive Security Services, specifically internal network pentesting, NopSec may send a small physical appliance to the Customer to be installed in Customer’s network. This appliance is the property of NopSec and is loaned to the Customer solely to fulfill the obligations of delivering the Services purchased. The Customer must return the appliance to NopSec within 30 days of conclusion of the test. If the appliance is not returned within 30 days, NopSec will consider the appliance lost and the Customer will be responsible for the replacement cost plus administrative fees.
- If the Customer purchases Offensive Security Services and fails to comply with the scheduling policies that state if: a) the test subject is not accessible with appropriate permissions 5 days prior to the test, or b) the Customer reschedules with fewer than 5 business days prior to the scheduled test start date, then the Customer will automatically forfeit 50% of the cost of the pentest, and the test will be rescheduled only after Customer signs a change order and associated quote for a new pentest.
- The term of NopSec and Customer agreement shall take effect upon effective date and shall continue for a period of 12 months from the effective Date.
- NopSec makes no representation or warranty that its services will disclose all vulnerabilities.
Limitation of Liability
- Notwithstanding anything herein to the contrary, neither party, nor its directors, officers, employees, contractors, agents and affiliates, shall be liable for any incidental or consequential damages of any kind (including, without limitation, indirect, special, punitive, or business reputation, business interruption, loss of profits, loss of goodwill or business information) due to, resulting from or arising in connection with any of the Services or the performance of or failure to perform its obligations under this Contract, even if advised of the possibility of such damages, provided, however, that the
proceeding limitation of a liability shall not apply in the event of any liabilities arising from, relating to or caused by:
(a) the gross negligence or willful misconduct of such party, or its employees,
agents, Subcontractors, as determined by a court of competent jurisdiction in a
final non-appealable judgment;
(b) a violation of the obligations of such party, or its employees, agents and/or
subcontractors, under the Confidentiality Agreement executed by and between
(c) actual or alleged infringement of a third party’s intellectual property rights, or rights of a third party in respect of its Confidential Information; and/or (d) NopSec’s breach of any indemnification obligation set forth in this Agreement.
- Each Party agrees to indemnify and hold harmless and defend the other Party and its directors, officers, employees, contractors, agents and affiliates and each of the heirs, executors, successors and assigns of any of the foregoing (collectively the “Indemnitees”), from and against any and all claims, actions, liabilities, losses, damages, investigations, subpoenas, costs and expenses (including without limitation, reasonable attorney’s fees and costs) of the other Party relating to, arising out of or resulting from (a) any breach by the Party (and/or its subcontractor(s), if any) of this Contract or any Schedule herein, or (b) any claim or allegation that any Deliverables or any reasonably foreseeable use or adaptation thereof, infringes or violates any right(s) (including, without limitation, any intellectual property right(s)) of any third party, except to the extent caused by the gross negligence or willful misconduct of the other Party, as determined by a court of competent jurisdiction in a final non-appealable judgment.
- Neither Party shall be responsible for any loss, damages or delays occasioned by fire, strikes, acts of God, terrorism, severe weather, war or other causes beyond the Other Party’s reasonable control.
Unauthorized Use of NopSec Software
- The Customer shall not:
(a) copy or otherwise reproduce, whether in whole or in part, the Service or the Service Software;
(b) modify or create any derivative work of the Service or the Service Software;
(c) sell, rent, loan, license, sub-license, distribute, assign or otherwise transfer the NopSec’s Service or the NopSec’s Service Software;
(d) cause or permit the disassembly, decompilation or reverse engineering of the NopSec’s Service Software or otherwise attempt to gain access to the source code to the NopSec’s Service Software; or
(e) cause or permit any third party to do any of the foregoing; and such restrictions shall survive the expiration or termination of NopSec and Customer agreement.
Non-Solicitation of Employees
- The parties acknowledge that each will have contact with the others’ employees, consultants, independent contractors or employees of independent contractors (collectively, “Employee”) in connection with ongoing performance pursuant to his Agreement, that such party’s Employees will be rendering valuable services, the interruption or termination of which may cause serious disruption and damage to such party. The parties agree that they will not solicit, hire, or retain, in any capacity whatsoever, either directly or indirectly, any Employee of the other party who performed any service under this Agreement. This non-solicitation provision shall remain in effect for the term of this Agreement and for a period of one year after the termination of this agreement.
Preservation of Confidential Information
- Information received from the other party for the purposes of providing or receiving the Services is deemed “Confidential”. All parties agree that any Confidential information received from the other party shall only be used for the purposes of providing or receiving the Services under this or any other contract between us. In addition, neither party will disclose, without the prior written consent of the other party, any such confidential information to any third party.
- Notwithstanding the foregoing, either party will be entitled to disclose Confidential information of the other (a) to our respective insurers or legal advisors, and (b) to a third party to the extent required by any court of competent jurisdiction, or by a governmental, administrative or regulatory authority, or where there is a legal right, duty or requirement to disclose, provided that, where reasonably practicable, and without breaching any legal or regulatory requirement, not less than two (2) business days’ notice in writing is first given to the other party.
- Either party may terminate this Contract in the event that the other party has breached any material provision thereof and such breach has not been cured within thirty (30) business days after receipt of written notice from the non-breaching party.
- Upon termination of this Contract for any reason, each party shall, upon written request from the other, return to the other all property and documentation of the other in its possession.
Other Terms and Provisions
- Except in the event of our willful misconduct or fraud, in no event shall we be liable to you (or any person claiming through you), under any legal theory, for any amount in excess of the total professional fees paid by you to us under
this Contract or any addendum to which the claim relates. In no event shall we be liable to you under this Proposal under any legal theory or for any consequential, indirect, lost profit or similar damages relating to or arising from the Services provided under this Contract.
- Each party accept and acknowledge that any legal proceeding arising from or in connection with this Contract (or any variation or addition thereto) must be commenced within one (1) year from the date when you become aware of
the facts giving rise to the alleged liability. Each Party also agree that no action or claim will be brought against any NopSec employee personally.
- Each party hereto hereby absolutely, irrevocably and unconditionally waives to the fullest extent permitted by applicable law, any and all right to trial by jury of any claim or cause of action based upon or arising out of or relating to this agreement in any action, proceeding or other litigation of any type brought by any of the parties hereto, whether with respect to contract claims, tort claims, or otherwise.
- Except for your payment obligations, neither of us will be liable to the other for any delay or failure to fulfill obligations caused by circumstances outside our reasonable control.
- The parties hereby irrevocably consent to the exclusive jurisdiction of the Federal and State Courts located in New York City. This agreement shall be governed by the laws of New York State, without regard to its choice of law Principle.
Use of Deliverables
- Notwithstanding anything herein to the contrary, the Customer may disclose the Services and Deliverables to any governmental authority, agency or regulator (“Regulator”) with jurisdiction over the Customer in the normal course of supervision; provided that the Customer’s disclosure to such Regulator is consistent with the description of the Services and Deliverables included in this engagement letter and the Customer informs NopSec of any such disclosure to the extent permitted under applicable laws and regulations.
Ownership and License
- Customer is hereby granted all right, title and interest in and to all Services and Deliverables, including all related work products, all as and when created or delivered from time to time. If the Customer provides copies of Services or Deliverables (or summaries thereof) to any third party(ies), the Customer may, but shall not be required to identify that same have been prepared by NopSec. Customer may revise or alter the Deliverables or as Customer deems appropriate, provided that NopSec shall have no responsibility for any Services or Deliverables that have been materially revised or altered by Customer. Each party shall retain all right, title and interest in and to their respective intellectual property rights in pre-existing materials and any improvements thereto or derivatives thereof in connection with the Services and Deliverables to the Customer. If the Customer is precluded from using any Services or Deliverables due to an actual or claimed infringement or violation of any third-party right, or for any other reason, then NopSec shall, at its sole expense (i) procure for the Customer the right to continue to use such Deliverables and/or (ii) replace or modify such Deliverables so that it becomes non-infringing, but only in a manner not causing such Deliverables to deviate in any material way from its applicable functional specifications. NopSec shall have the right to use the names of customers on the website and marketing materials from time to time to promote the company’s product and services unless the Customer provides a written request to be explicitly removed.
Notice of Significant Events
- NopSec shall notify the Customer promptly upon the occurrence of any of the following: a. Any material incident of unauthorized access to, or any other security breach relating to, Confidential Information of Customer; b. Any material adverse change to the insurance coverage or information security and data protection policies of NopSec applicable to this Agreement; c. Any events of default or development or change in the business or affairs of NopSec that has had, or in the opinion of management, will have a material adverse effect on the ability of NopSec to perform its obligations under this Agreement; and d. The entering into a definitive Agreement with respect to any change of control or other merger, acquisition or disposition that has had, or in the opinion of management, will have a material adverse effect to the ability of NopSec to perform its obligations under this Agreement.
Termination for Regulatory Reasons
NopSec understands and acknowledges that the Services performed and the furnishing of Deliverables are subject to review and examination by Regulators and other governmental departments or agencies, and Vendor agrees to cooperate fully with any examination, review or inquiry by or on behalf of any Regulator or other governmental department or agency with or asserting jurisdiction over Customer. NopSec further acknowledges that Customer is required to engage in oversight of its relationship with NopSec, including, but not limited to NopSec’s financial condition, compliance with privacy, and other laws, regulations and guidance, insurance coverage and performance under this Agreement. NopSec shall cooperate with Customer in monitoring NopSec and its performance under this Agreement and shall provide Customer with updated information and documents at the Customer’s request from time to time, in such form as Customer shall reasonably request. The Customer shall be entitled to terminate this Agreement if (i) NopSec fails to cooperate with Customer in monitoring NopSec and/or its performance hereunder or (ii) directed in writing or otherwise required or recommended (through guidance) or by a Regulator or other governmental department or agency with or asserting jurisdiction over the Customer. The Customer may exercise such right upon thirty (30) days’ prior notice, or such shorter timeframe as required or recommended by such Regulator or other governmental department or agency or as Customer otherwise deems necessary and/or appropriate in order to comply with applicable laws, rules, regulations and/or guidance.
Survival of Rights on Termination or Expiration
Termination or expiration of this Agreement shall not affect any rights or obligations which may have accrued prior to termination or expiration. The obligations of each party set out in any section intended to survive such termination or expiration shall continue in full force and effect notwithstanding termination or expiration of this Agreement.