TERMS OF SERVICE (SAAS)
PLEASE READ THESE TERMS OF SERVICE CAREFULLY. THESE TERMS OF SERVICE ARE A BINDING AGREEMENT (THE “AGREEMENT”) ENTERED INTO BETWEEN CYBERARK SOFTWARE LTD. OR ITS AFFILIATES (“CYBERARK”) AND THE ENTITY OR PERSON IDENTIFIED ON ANY ORDER FOR SOFTWARE AS A SERVICE (FOR SUBSCRIPTION SERVICES OR ON TRIAL BASIS), WHICH IS CONFIRMED BY CYBERARK (“CUSTOMER”, “ORDER” AND RESPECTIVELY).
BY (I) CUSTOMER CLICKING THROUGH THIS AGREEMENT ELECTRONICALLY, (II) THE PARTIES ENTERING INTO AN ORDER REFERENCING THIS AGREEMENT, OR (III) CUSTOMER USING THE SERVICES, CUSTOMER AND CYBERARK MUTUALLY AGREE TO BE BOUND BY THE TERMS AND CONDITIONS HEREOF. EACH ORDER SHALL BE MUTUALLY AGREED TO AND ENTERED INTO BETWEEN CUSTOMER AND CYBERARK, PROVIDED THAT, IF CUSTOMER PURCHASES THE SERVICES THROUGH A CYBERARK AUTHORIZED PARTNER (“RESELLER”), THE ORDER SHALL BE THE ORDER ENTERED INTO BETWEEN CYBERARK AND THE RESELLER FOR CUSTOMER’S USE. IF YOU DO NOT ACCEPT THE TERMS OF THIS AGREEMENT, YOU ARE NOT PERMITTED TO USE THE SERVICES.
IF YOU ARE ENTERING INTO THIS AGREEMENT AS AN AGENT, EMPLOYEE OR REPRESENTATIVE OF YOUR EMPLOYER, THE TERM “CUSTOMER” MEANS YOUR EMPLOYER AND/OR ANY OTHER PARTY ON WHOSE BEHALF YOU ACT, AND YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO ACT ON SUCH PARTY’S BEHALF.
1. DEFINITIONS. “Affiliate” means any entity controlled by, controlling, or under common control with a party to this Agreement during the period such control exists, where “control” means the power to direct the operation, policies and management of an entity through the ownership of at least fifty percent (50%) of the voting stock or other ownership interests of such entity or the ability, by voting securities, contract or otherwise, to elect a majority of the board of directors or other governing body of such entity or to direct or cause the direction of the management and policies of such entity. “Documentation” means the user guidelines and other user documentation related to the use or operation of the Services, each as officially published and made available by CyberArk electronically via the Services or otherwise in writing. “Services” means the services specified in the Order as further described in the Documentation (including any updates to the Services provided by CyberArk in its sole discretion, and any software, systems and locally-installed software agents and connectors that interact with the Services as may be provided by CyberArk in connection with the Services).
2.1 License Grant. Subject to the terms and conditions of this Agreement, CyberArk grants Customer, during the subscription term specified in an Order, a non-exclusive, non-transferable license (without the right to sub-license) to access and use the Services for Customer’s internal business purposes in accordance with the Documentation. In connection with such use, Customer shall have the right to allow its employees and contractors (“Authorized Users”) to use the Services on Customer’s behalf, subject to their compliance with the terms of this Agreement, and Customer shall remain liable for any non-compliance by Authorized Users. CyberArk, and/or any of its Affiliates, owns all right, title and interest in the Services and in the underlying intellectual property thereof. Nothing in this Agreement shall be construed to grant Customer any rights in CyberArk’s Services or its underlying intellectual property beyond those expressly provided for herein.
2.2 License Restrictions. Customer shall not (directly or indirectly): (i) remove any notice of proprietary rights from the Services, (ii) modify or reverse engineer any part of the Services, (iii) except to the limited extent applicable laws specifically prohibit such restriction, decompile, attempt to derive the source code or underlying ideas or algorithms of any part of the Services, attempt to recreate the Services or use the Services for any competitive purpose, (iv) copy, modify, translate or otherwise create derivative works of any part of the Services, (v) sell, resell, encumber, rent, lease, time-share, distribute, transfer or otherwise use or exploit or make available any of the Services to or for the benefit of any third party, or (vi) use the Services to infringe on the intellectual property rights, publicity rights, or privacy rights of any third party, or to store defamatory, trade libelous, or otherwise unlawful data. Customer’s authorized use of the Services is subject to the purchased quantities and features set forth in the applicable Order for the Services, and any usage guidelines and acceptable use policies to the extent applicable to Customer’s usage of the Service.
2.3 Login Access to the Services. Customer is solely responsible for ensuring: (i) that only appropriate Authorized Users have access to the Services, (ii) that such Authorized Users have been trained in proper use of the Services, and (iii) proper usage of passwords, tokens and access procedures with respect to logging into the Services. CyberArk reserves the right to refuse registration of, or to cancel, login IDs that it reasonably believes to violate the terms and conditions set forth in this Agreement, in which case CyberArk will promptly inform Customer in writing of such refusal or cancellation.
2.4 Trial Services. If Customer is using a free trial, proof of concept version of the Services, a beta version of the Services, or using the Services on any other free-of-charge basis as specified in an Order including any related support services to the extent provided by CyberArk in its sole discretion (collectively, “Trial Services”), CyberArk makes such Trial Services available to Customer until the earlier of (i) the end of the free trial or proof of concept period or beta testing period as communicated by CyberArk, (ii) the start date of any purchased version of such Services, or (iii) written notice of termination from CyberArk (“Trial Services Period”). CyberArk grants Customer, during the Trial Services Period, a non-exclusive, non-transferable license (without the right to sub-license) to access and use the Trial Services for Customer’s internal evaluation purposes in accordance with the Documentation. Customer is authorized to use Trial Services only for evaluation and not for any business or productive purposes, unless otherwise authorized by CyberArk in writing. Any data Customer enters into the Trial Services and any configurations made to the Trial Services by or for Customer during the term of such Trial Services will be permanently lost unless Customer (a) has purchased a subscription to the same Services as covered by the Trial Services or (b) exports such data or configurations before the end of such free period. There is no guarantee that features or functions of the Trial Services will be available, or if available will be the same, in the general release version of the Service, and Customer should review the Service features and functions before making a purchase. CyberArk will be under no obligation to provide Customer any maintenance or support services with respect to the Trial Services. Notwithstanding anything to the contrary, CyberArk provides the Trial Services “as is” and “as available” without any warranties or representations of any kind. To the extent permitted by law, CyberArk disclaims all implied warranties and representations, including, without limitation, any implied warranty of merchantability, fitness for a particular purpose and non-infringement. Customer assumes all risks and all costs associated with its use of the Trial Services. Customer’s sole and exclusive remedy in case of any dissatisfaction or CyberArk’s breach of the Agreement with respect to such Trial Services is termination of the Trial Services. Any obligations on behalf of CyberArk to indemnify, defend, or hold harmless under this Agreement (including without limitation CyberArk’s obligations under Section 9) are not applicable to Customers using Trial Services.
2.5 Hosting. Customer acknowledges that CyberArk’s Services operate on one or more third party cloud computing platforms and that CyberArk shall have the right to change or add to the cloud computing platforms on which its Services operate.
2.6 Third Party Materials. The Services include open source software programs that are made available by third parties under their respective open source licenses as indicated in the Documentation (“Third Party Materials” and “OSS Licenses”, respectively). CyberArk warrants that such Third Party Materials will not diminish the license rights provided to Customer herein, or limit Customer’s ability to use the Services in accordance with the Documentation, or create any obligation on the part of Customer to license Customer’s software or products under any open source or similar license. Nothing herein shall derogate from mandatory rights Customer may have under any OSS Licenses, if any.
2.7 Updates and Support. CyberArk shall make available to Customers who have paid fees for the Services, support, updates, and maintenance in accordance with CyberArk’s then applicable maintenance and support terms (based on the support level purchased by Customer). Upon notification from CyberArk, Customer shall promptly update any locally-installed software agents on Customer systems that interact with the Services. Customer acknowledges and agrees that its failure to timely install such an update may result in disruptions to or failures of the Services, or suspension of Customer’s access to the Services, without any liability on the part of CyberArk to Customer.
With regard to Services that require the use of mobile applications by an Authorized User, Customer shall ensure that all Authorized Users promptly download and install all available updates for the mobile applications. Customer further acknowledges and agrees that the Services may not properly operate should Authorized User fail to do so.
3. CUSTOMER DATA.
Customer owns all right, title and interest in all data and/or content created or provided by Customer (including where applicable Authorized Users), and in all data derived from it, including personal data and specifically excluding the Non-Identifiable Aggregated Data and Non-Identifiable Threat Indicators (defined below) (“Customer Data”). Nothing in this Agreement shall be construed to grant CyberArk any rights in Customer Data beyond those expressly provided herein. Customer agrees that CyberArk shall own all right, title and interest in the Non-Identifiable Aggregated Data and Non-Identifiable Threat Indicators. For clarity, CyberArk will not store any Customer Data other than as required for the provision of the Services, except to the extent that it constitutes Customer Meta-Data or Non-Identifiable Threat Indicators. As between CyberArk and Customer, Customer is solely responsible for (i) the content, quality and accuracy of Customer Data as made available by Customer and by Authorized Users, (ii) providing notice to Authorized Users with regards to how Customer Data will be collected and used for the purpose of the Services (including, for certain Services, with regard to biometric data), (iii) ensuring Customer has a valid legal basis for processing Customer Data and for sharing Customer Data with CyberArk (to the extent applicable), and (iv) ensuring that the Customer Data as made available by Customer complies with applicable laws and regulations including (where applicable) the EU General Data Protection Regulation (2016/679) and any applicable national implementing laws (including the UK Data Protection Act 2018), in each case as amended, consolidated, re-enacted or replaced from time to time (collectively, “Applicable Data Protection Laws”).
Notwithstanding any other restrictions on use of data in this or any other agreement:
3.1 Use of Customer Data. Customer grants CyberArk the limited, non-exclusive right to use the Customer Data solely for the purpose of providing the Services to Customer in accordance with the Documentation (including routine actions taken to enable data backups and disaster recovery and business continuity procedures).
3.2 Use of Customer Meta-Data. Customer grants CyberArk the limited, non-exclusive right to view, and use the Customer Data to create meta-data derived from Customer Data which may include, by way of example only, file modification dates, audit trails, and the number of times a file has been accessed) (“Customer Meta-Data”), for the purpose of providing and improving the Services.
3.3 Use of Aggregated Data. Customer grants CyberArk the right to collect and use anonymized generic statistical information derived from such Customer Meta-Data (but not the Customer Data itself) and aggregate it with statistical information from other customers (“Non-Identifiable Aggregated Data”) for CyberArk’s reasonable business purposes, including without limitation for analyzing customer needs and improving the Services.
3.4 Use of Threat Intelligence Indicators. With respect to certain Services, Customer grants CyberArk the right to collect and use anonymized threat intelligence indicators directly derived from the provision of the Services, including an automated content scan of Customer Data stored in the Services (“Non-Identifiable Threat Indicators”) for CyberArk’s reasonable business purposes, including without limitation for improving the Services. Certain Services have deep scanning and data analytics capabilities, as described in the Documentation, and if Customer has purchased such Services, Customer shall ensure that the use of the Services on its endpoints complies with Customer’s internal privacy policies and procedures with respect to analysis of endpoint data for information security purposes.
3.5 Processing of Personal Data. To the extent required by applicable laws, Customer warrants that it complies with its obligations under the Applicable Data Protection Laws in respect of its processing of personal data created or provided by Customer to CyberArk and in any processing instructions that Customer issues to CyberArk as a data processor, including any obligations specific to Customer’s role as a data controller and as set out in the Data Processing Addendum (SaaS) found at https://www.cyberark.com/addendum_saas.pdf which is hereby incorporated into this Agreement (“DPA (SaaS)”). In particular, if Customer is established in the European Economic Area (“EEA”) or in the United Kingdom (“UK”) and will, in connection with the Services, provide CyberArk with personal data relating to an individual located within the EEA or in the UK, the DPA (SaaS) will apply. Without limitation to the foregoing, Customer shall ensure that its instructions comply with all laws, regulations and rules applicable to such personal data.
4.1 Payment Terms. Fees for the Services are due in advance net thirty (30) days from date of invoice unless otherwise agreed between the parties. Fees do not include sales, use, value added or other excise tax. Customer is responsible for payment of all such taxes based on fees paid or payable hereunder (but not taxes based on CyberArk’s gross revenues or net income) together with any interest on such taxes if not due to CyberArk’s delay. Delinquent payments may be assessed interest at the rate of one-and-one-half percent per month (or the highest rate permissible by law if less) from the payment due date until paid in full.
4.2 Reasonable Use of Services. Fees for the Services are based on “normal usage” of the Services in a manner consistent with its intended purposes and as described in the Documentation. If Customer’s usage is in a manner outside of the intended purposes or otherwise exceeds the quantities listed in the Order, then CyberArk reserves the right to require Customer to either comply with such limits or pay an additional mutually agreed fee, not to exceed CyberArk’s list price for such additional usage.
4.3 Authorized Channel Partners. If Customer places an order for the Services from CyberArk’s authorized channel partner pursuant to an independent commercial agreement (“Indirect Order”), then CyberArk grants the rights described in this Agreement in consideration for and subject to (a) Customer’s agreement to comply with the pricing and payment terms of the Indirect Order, to be separately agreed between Customer and CyberArk’s authorized channel partner, and (b) Customer’s agreement to comply with its obligations set forth in this Agreement (including the license restrictions). Notwithstanding the foregoing, the final sales price or rate shall be freely and independently determined between that channel partner and Customer. For the avoidance of doubt, in the case of such an Indirect Order, any indication in this Agreement of an agreement between Customer and CyberArk for the price payable by Customer for such Indirect Order shall be null and void and not form a binding part of this Agreement and the provisions of this Agreement related to payment terms, pricing, and/or order procedures shall not apply.
5. TERM AND RENEWAL.
5.1 Term of the Agreement. CyberArk will provide the Services during the term specified in an Order that was confirmed by CyberArk, which term shall be at least one (1) year. During that period, this Agreement shall remain in effect unless or until terminated in accordance with the terms hereof. Prior to the end of the subscription period, Customer may contact CyberArk to extend the term of this Agreement and if agreed by the Parties, the term of this Agreement would be extended for the period stated in the renewal Order.
5.2 Termination of Agreement; Cessation of Services. Either party may terminate this Agreement, upon sixty (60) days prior written notice, for any reason, provided however that: (i) if CyberArk terminates the Agreement, it will refund the fees paid to it for the unused subscription term to the Customer, pro-rated, and (ii) if Customer terminates the Agreement, it shall not be entitled to any refund.
5.3 Termination or Suspension of Services for Cause. Either party may terminate the Agreement upon written notice to the other party if the other party materially breaches this Agreement and fails to cure such breach within thirty (30) days after receiving written notice of such breach. Further, CyberArk may terminate the Agreement and/or suspend the Services upon written notice to Customer if CyberArk has not received payment for such Services and if such failure is not cured within the period of time stated in CyberArk written notice advising of such failure (which shall be at least 5 business days).
5.4 Effect of Termination. Upon termination of the Services: (i) Customer will have no further right to access or use the Services; ; and (ii) each party will use commercially reasonable efforts to return any tangible Confidential Information and destroy any electronic Confidential Information of the other party within its possession or control Customer acknowledges that, prior to termination, Customer is responsible for exporting any Customer Data to which Customer desires continued access after termination, and CyberArk shall have no liability for any failure of Customer to retrieve such Customer Data and no obligation to store or retain any such Customer Data. The provisions of Sections 3, 4, 5.4, 6, 8, 9, 10, 12, and 13 shall survive termination. Following termination of the Services, CyberArk may immediately deactivate Customer’s account and following a reasonable period may delete Customer’s account and all Customer Data from the Services.
6.1 Confidential Information. Each party may have access to information that is confidential or proprietary to the other party and/or its Affiliates. For purposes of this Agreement, “Confidential Information” means the confidential information of a party and/or its Affiliates which is disclosed to the other party in connection with this Agreement, whether disclosed in written, oral, electronic, visual or other form, which is identified as confidential at the time of disclosure or should reasonably be understood to be confidential given the nature of the information and the circumstances surrounding the disclosure, including without limitation information regarding a party’s business, operations, finances, technologies, current and future products and services, pricing, personnel, customers and suppliers, the Customer Data, CyberArk’s Services and each Party’s intellectual property. Confidential Information excludes information to the extent such information (i) is or becomes part of the public domain or otherwise is publicly available through no act or omission of the receiving party; (ii) was in the receiving party’s lawful possession prior to the disclosure and was not obtained directly or indirectly from the disclosing party; (iii) is lawfully disclosed to the receiving party by a third party without restriction on disclosure; or (iv) is independently developed by the receiving party without use of or reference to the disclosing party’s Confidential Information.
6.2 Restrictions on Use and Disclosure of Confidential Information. The receiving party will use the disclosing party’s Confidential Information solely as necessary in connection with the performance of this Agreement. The receiving party shall maintain the confidentiality of the disclosing party’s Confidential Information using at least the same degree of care that such party uses to protect its own Confidential Information of a similar nature, and shall restrict disclosure of the disclosing party’s Confidential Information to its employees, consultants, contractors, agents and representatives who have a need to know such information and are bound by obligations of confidentiality and non-use no less restrictive than those set forth herein; provided, that a party may disclose the disclosing party’s Confidential Information if required by law and provided the receiving party provides prompt notice of such requirement and disclosure to the other party to the extent allowed by law. The receiving party shall have the right to disclose Confidential Information of the other party pursuant to the order or requirement of a court, administrative agency, or other governmental body provided that the receiving party provides prompt, advance written notice thereof to enable the disclosing party to seek a protective order or otherwise prevent such disclosure. In the event such a protective order is not obtained by the disclosing party, the receiving party shall disclose only that portion of the Confidential Information which its legal counsel advises that it is legally required to disclose. Confidential Information so disclosed shall continue to be deemed Confidential Information.
6.3 Equitable and Injunctive Relief. If a party breaches any of its obligations with respect to confidentiality or use or disclosure of Confidential Information hereunder, the other party is entitled to seek equitable and injunctive relief in addition to all other remedies that may be available to protect its interest without having to post a bond or prove irreparable harm.
7. WARRANTIES AND DISCLAIMERS.
7.1 Limited Services Warranty. During the term of this Agreement, CyberArk warrants that the Services will perform in substantial conformity with the Documentation, and that the Services are not designed to contain viruses, worms, Trojan horses or other unintended malicious or destructive code, or any code designed to intentionally cause the Services to stop functioning. CyberArk further warrants that it shall maintain and enforce reasonable safety and security procedures in providing the Services that are compliant with applicable industry standards for such Services. The foregoing warranties are void if the failure of the Services has resulted from negligence, error, or misuse of the Services by Customer, the Authorized User or by anyone other than CyberArk. Customer shall be required to report any breach of warranty to CyberArk within a period of thirty (30) days of the date on which the incident giving rise to the claim occurred. CyberArk’s sole and exclusive liability, and Customer’s sole and exclusive remedy, for breach of this warranty will be for CyberArk, at its expense, to use reasonable commercial efforts to correct such nonconformity within thirty (30) days of the date that notice of the breach was provided; and, if CyberArk fails to correct the breach within such cure period, Customer may terminate the affected Order and, in such event, CyberArk shall provide Customer with a pro-rata refund of any unused pre-paid fees paid for the period following termination as calculated on a monthly basis.
7.2 Compliance with Law. Each party shall comply with all applicable, laws and regulations in connection with the performance of its obligations and the exercise of its rights under this Agreement.
7.3 Disclaimer. THE EXPRESS WARRANTIES SET FORTH IN THIS SECTION ARE THE ONLY WARRANTIES GIVEN BY CYBERARK WITH RESPECT TO THE SERVICES OR THIS AGREEMENT. CYBERARK DISCLAIMS ALL OTHER WARRANTIES, EXPRESS, IMPLIED OR ARISING BY CUSTOM OR TRADE USAGE, INCLUDING WITHOUT LIMITATION WARRANTIES THAT THE SERVICES ARE MERCHANTABLE, WILL OPERATE UNINTERRUPTED OR FREE OF DEFECT OR ERROR, NON-INFRINGING, OR FIT FOR ANY PARTICULAR PURPOSE. CYBERARK DOES NOT MAKE ANY REPRESENTATIONS OR WARRANTIES REGARDING THE ACCURACY OR COMPLETENESS OF THE SERVICES. CUSTOMER AGREES THAT ITS PURCHASES HEREUNDER ARE FOR THE CURRENTLY AVAILABLE SERVICES AND ARE NEITHER CONTINGENT ON THE DELIVERY OF ANY FUTURE FUNCTIONALITY OR FEATURES NOR DEPENDENT ON ANY ORAL OR WRITTEN PUBLIC COMMENTS MADE BY CYBERARK REGARDING FUTURE FUNCTIONALITY OR FEATURES. CYBERARK WILL HAVE NO LIABILITY FOR DELAYS, FAILURES OR LOSSES ATTRIBUTABLE OR RELATED IN ANY WAY TO THE USE OR IMPLEMENTATION OF THIRD-PARTY SOFTWARE OR SERVICES NOT PROVIDED BY CYBERARK.
8.1 Infringement Indemnity. CyberArk shall indemnify and defend Customer and its Affiliates, officers, directors and employees (the “Customer Indemnified Parties”) against all third-party claims, suits and proceedings resulting from Customer’s use of the Services in accordance with this Agreement and Documentation violating, misappropriating, or infringing such third party’s patent, copyright, trademark, trade secret or other intellectual property right, and all directly related losses, liabilities, damages, costs and expenses (including reasonable attorneys’ fees); provided that CyberArk shall not be responsible for any Claim to the extent arising from (i) use of the Services in violation of the terms of this Agreement, (ii) Customer’s use of the Services in violation of Applicable Data Protection Laws, (iii) Customer’s use of the Services in combination with software, hardware, systems or data not required by the Documentation (iv) CyberArk’s compliance with specifications, requirements or requests of Customer, or (v) Customer’s gross negligence or willful misconduct. If the Services become, or in CyberArk’s opinion are likely to become, the subject of a valid claim of infringement or the like under any applicable law, CyberArk shall have the right, at its option and expense, either to (a) obtain for Customer a license permitting the continued use of the Services, (b) replace or modify the Services so that they become non-infringing, or (c) if neither of the foregoing options are available in a timely manner on commercially reasonable terms, terminate the affected Order and provide Customer with a pro-rata refund of any unused pre-paid fees paid for the period following termination as calculated on a monthly basis.
8.2 Customer Data and Use Indemnity. Customer shall defend, at its expense, any claims, suits and proceedings brought by a third party against CyberArk and/or its Affiliates or their officers, directors and employees (the “CyberArk Indemnified Parties”) arising from an alleged infringement or violation by the Customer Data of a third party patent, copyright or trade secret, or CyberArk’s use of the Customer Data in accordance with the terms of this Agreement and (where applicable) with the terms of the DPA (SaaS); and Customer shall indemnify and hold the CyberArk Indemnified Parties harmless against all damages and costs awarded against the CyberArk Indemnified Parties in connection with such claim, suit or proceeding.
8.3 Indemnification Process and Exclusivity. A party’s indemnification and defense obligations herein will become effective upon, and are subject to, (a) the indemnified party’s prompt notification to the indemnifying party of any claims, suits or proceedings (a “Claim”) in writing, and (b) the indemnified party providing the indemnifying party with full and complete control, authority and information for the defense of the Claim, provided that the indemnifying party will have no authority to enter into any non-monetary settlement or admission of indemnified party’s wrongdoing on behalf of the indemnified party without the indemnified party’s prior written consent (not to be unreasonably withheld). At the indemnifying party’s written request, the indemnified party shall reasonably cooperate with the indemnifying party in defending or settling any Claim. The rights and remedies set forth in this Section 9 state a party’s sole and exclusive liability and the other party’s sole and exclusive rights and remedies with regard to any Claims arising out of or relating to this Agreement.
9. Limitations of Liability. TO THE MAXIMUM EXTENT PERMITTED BY LAW AND EXCEPT FOR EITHER PARTY’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR SPECIAL, INDIRECT, INCIDENTAL, TORT OR CONSEQUENTIAL DAMAGES (INCLUDING ANY DAMAGES RESULTING FROM LOSS OF USE, LOSS OF OR DAMAGE TO SOFTWARE OR DATA, LOSS OF PROFITS OR LOSS OF BUSINESS) ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR THE SERVICES FURNISHED HEREUNDER, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
TO THE MAXIMUM EXTENT PERMITTED BY LAW, AND EXCEPT FOR ANY CLAIM TO THE EXTENT ARISING FROM OR IN CONNECTION WITH EITHER PARTY’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, OR EITHER PARTY’S INDEMNIFICATION OBLIGATIONS PURSUANT TO SECTION 9 ABOVE, OR PERSONAL INJURY, DEATH OR DAMAGE TO TANGIBLE PROPERTY, IN NO EVENT SHALL THE AGGREGATE LIABILITY OF EITHER PARTY HEREUNDER EXCEED (I) EXCEPT AS PROVIDED IN (II) BELOW, THE TOTAL OF THE FEES PAID AND PAYABLE BY CUSTOMER TO CYBERARK FOR THE THEN CURRENT SUBSCRIPTION TERM UNDER THE ORDER TO WHICH THE INITIAL CLAIM RELATES (THE “AGGREGATE FEES”), OR (II) SOLELY FOR DAMAGES RESULTING FROM A PARTY’S BREACH OF ITS CONFIDENTIALITY OBLIGATIONS PURSUANT TO SECTION 7, THREE (3) TIMES THE AGGREGATE FEES. THE LIMITATIONS OF LIABILITY IN THIS PARAGRAPH APPLY WHETHER SUCH LIABILITY ARISES IN CONTRACT, TORT (INCLUDING NEGLIGENCE), UNDER STATUTE OR OTHERWISE.
10. U.S. GOVERNMENT RESTRICTED RIGHTS; EXPORT RESTRICTIONS. If Customer is an agency or contractor of the United States Government, Customer acknowledges and agrees that (i) the Services (including any software forming a part thereof) were developed entirely at private expense, (ii) the Services (including any software forming a part thereof) in all respects constitute proprietary data belonging solely to CyberArk, (iii) the Services (including any software forming a part thereof) are not in the public domain, and (iv) the software forming a part of the Services is “Commercial Computer Software” as defined in sub-paragraph (a)(1) of DFAR Section 252.227-7014 or FAR Part 12.212. Customer agrees not to store or process any Customer Data that is subject to the International Traffic in Arms Regulations maintained by the United States Department of State. The Services are subject to: (i) the U.S. Export Administration Act, as amended, and the rules and regulations promulgated from time to time thereunder, (ii) the laws of the State of Israel, and (iii) the laws of any country or organization of nations within whose jurisdiction Customer (or its Authorized Users who may use, access or otherwise receive the Services as expressly authorized by this Agreement) operates or does business. Neither Party shall export, re-export or allow access to the Services or any part thereof directly or indirectly other than in compliance with applicable export law. Customer represents that it is not named on any U.S. government denied-party list.
11. SERVICE SUGGESTIONS. To the extent that Customer provides CyberArk with ideas or suggestions for improvements or changes to the Services which constitute intellectual property rights under applicable law (“Suggestions”), Customer hereby assigns to CyberArk ownership of such Suggestions and CyberArk will have sole discretion as to whether and how to implement such Suggestions into the Services.
12. MODIFICATIONS. CyberArk may make changes to these Terms of Service from time to time. If CyberArk makes a material change to any of the foregoing, CyberArk will inform Customer by e-mail to the e-mail address(es) noted on the Order (or subsequently designated by Customer in writing as a contact for notifications from CyberArk), or through a banner or other prominent notice within the Services, or through CyberArk Support platform. If Customer does not agree to the change, Customer must so notify CyberArk by e-mail to [email protected] within thirty (30) days after CyberArk’s notice. If Customer so notifies CyberArk, then Customer will remain governed by the most recent terms of service applicable to Customer until the end of the then-current year of the Services term and the updated terms shall apply upon the commencement of the subsequent year of the Services term.
13. GENERAL PROVISIONS.
13.1 Notices. All notices under this Agreement shall be made in writing and delivered to each party at the address under its signature hereto. Notices shall be deemed delivered (i) upon personal delivery with signature required, (ii) one Business Day after they have been sent to the recipient by reputable overnight courier service (charges prepaid and signature required), or (iii) upon successful transmission of an email containing such notice if sent between 9 a.m. and 5 p.m., local time of the recipient, on any Business Day, and as of 9 a.m. local time of the recipient on the next Business Day if sent at any other time, or (iv) three Business Days after deposit in the mail. “Business Day” as used in this Section 14.1 shall mean any day other than Saturday, Sunday or a day on which banking institutions are not required to be open in the Commonwealth of Massachusetts.
13.2 Entire Agreement. This Agreement together with each Order represent the entire agreement between Customer and CyberArk with respect to the subject matter hereof, and supersede all prior proposals, representations and agreements, whether written or oral, with respect thereto. This Agreement shall govern with respect to all Orders and forms of purchases, whether submitted through electronic transmissions or otherwise, unless otherwise agreed by both parties in writing. The terms and conditions of this Agreement shall take precedence over any conflicting terms in the Order (or, an agreement between CyberArk and the Reseller, if applicable) unless the Order (or the Reseller’s agreement) expressly amends this Agreement and is signed by both parties. Any waiver, amendment, or modification of any right or remedy, in whole or in part under this Agreement, or any additional or different terms in any purchase orders, acknowledgments or other documents other than the Order, will not be effective unless expressly agreed to by both parties in writing or electronic form. If Customer issues a purchase order in connection with an Order, such purchase order shall be solely for Customer’s internal administrative purposes and to facilitate payment. In no event shall the terms of such purchase order modify or become part of these Terms of Service or become binding on CyberArk even if CyberArk signs an acknowledgment copy of such purchase order.
13.3 Assignment and Subcontractors. Neither Party may assign any of its rights or obligations under this Agreement without the other Party’s prior written consent, which will not be unreasonably withheld. Notwithstanding the foregoing, either Party may assign any and all of its rights and obligations under this Agreement to a successor in interest in the event of a merger or acquisition or to an Affiliate, upon prior written notice to the other Party. The terms of this Agreement shall be binding upon the permitted successors and assigns of each party.. CyberArk may use subcontractors in connection with the performance of the Services provided that it shall be responsible for the acts and omissions of its subcontractors to the same extent as it would be responsible hereunder for its own acts and omissions.
13.4 CyberArk Contracting Party, Governing Law and Jurisdiction. Each Party agrees to the applicable governing law below without regard to choice or conflicts of law rules, and to the exclusive jurisdiction of the applicable courts below with respect to any dispute, claim, action, suit or proceeding (including non-contractual disputes or claims) arising out of or in connection with this Agreement, or its subject matter or formation.
|If Customer is domiciled in:||The CyberArk entity entering into this Agreement is: (unless otherwise indicated in the Order)||Choice of Law||Exclusive Jurisdiction|
|U.S., Canada, Latin America||CyberArk Software, Inc.||Laws of Commonwealth of Massachusetts, United States||Courts of Boston, Massachusetts, United States|
|Europe, Africa or Middle East (excluding Israel)||Cyber-Ark Software (UK) Ltd.||Laws of England and Wales||Courts of London, England|
|Israel||CyberArk Software Ltd.||Laws of Israel||Courts of Tel Aviv Jaffa, Israel|
|Asia Pacific||CyberArk Software (Singapore) Pte. Ltd.||Laws of Singapore||Courts of Singapore|
|Japan||CyberArk Software (Japan) K.K.||Laws of Singapore||Courts of Singapore|
To the extent not prohibited by law, each of the Parties hereby irrevocably waives any and all right to trial by jury in any legal proceeding arising out of or related to this Agreement.
13.5 Force Majeure. Neither party shall be liable for any breach of this Agreement to the extent that such breach arises from factors outside its reasonable control. Customer’s subscription to the Services is predicated on Customer’s use of cloud computing services provided by a third party cloud service provider, and CyberArk will not be responsible for the acts or omissions of Customer’s cloud service provider.
13.6 Severability. It is intended that this Agreement shall not violate any applicable law and the unenforceability or invalidity of any provision (other than the provisions obligating Customer to make payments to CyberArk) shall not affect the force and validity of the remaining provisions and such provisions determined to be invalid shall be deemed severed from this Agreement and, to the extent possible, be replaced with terms which as closely as possible approximate the interest and economic intent of such invalid provisions.
Should Customer have any questions concerning this Agreement, or if Customer desires to contact CyberArk for any reason, please e-mail us at: [email protected]
Last updated: July 10, 2019