1.  Access and Use

1.1. Access and Use. Subject to payment of all applicable fees set forth in the Order or payment in accordance with an Indirect Order through a Channel Partner (as appropriate) and the terms and conditions of this Agreement, CyberArk grants Customer, during the Subscription Term, a non-exclusive, non-transferable right to access and use (and permit Authorized Users to access and use) the SaaS Products and applicable Documentation solely for Customer’s and its Affiliates’ internal business purposes in accordance with the Documentation and in the quantity specified in the applicable Order.

1.2. Access and Use Restrictions. Customer shall not (directly or indirectly): (a) copy or reproduce the SaaS Products or the Documentation except as permitted under this Agreement; (b) exceed the subscribed quantities, users or other entitlement measures of the SaaS Products as set forth in the applicable Order; (c) remove or destroy any copyright, trademark or other proprietary marking or legends placed on or contained in the SaaS Products, Documentation or CyberArk Intellectual Property; (d) assign, sell, resell, sublicense, rent, lease, time-share, distribute or otherwise transfer the rights granted to Customer under this Agreement to any third party except as expressly set forth herein; (e) modify, reverse engineer or disassemble the SaaS Products; (f) except to the limited extent applicable laws specifically prohibit such restriction, decompile, attempt to derive the source code or underlying ideas or algorithms of any part of the SaaS Products, attempt to recreate the SaaS Products or use the SaaS Products for any competitive or benchmark purposes; (g) create, translate or otherwise prepare derivative works based upon the SaaS Products, Documentation or CyberArk Intellectual Property; (h) interfere with or disrupt the integrity or performance of the SaaS Products; (i) attempt to gain unauthorized access to the SaaS Products or its related systems or networks, or perform unauthorized penetrating testing on the SaaS Products; (j) use the SaaS Products in a manner that infringes on the Intellectual Property rights, publicity rights, or privacy rights of any third party, or to store or transfer defamatory, trade libelous or otherwise unlawful data; or (k) store in or process with the SaaS Products any personal health data, credit card data, personal financial data or other such sensitive regulated data not required by the Documentation, or any Customer Data that is subject to the International Traffic in Arms Regulations maintained by the United States Department of State. Fees for the SaaS Products are based on use of the SaaS Products in a manner consistent with the Documentation. If Customer uses the SaaS products in a manner that is outside or in violation of the Documentation, then Customer will cooperate with CyberArk to address any applicable burden on the SaaS Products or pay an additional mutually agreed upon fee.

1.3. Login Access to the SaaS Products. Customer is solely responsible for ensuring: (i) that only appropriate Authorized Users have access to the SaaS Products, (ii) that such Authorized Users have been trained in proper use of the SaaS Products, and (iii) proper usage of passwords, tokens and access procedures with respect to logging into the SaaS Products. CyberArk reserves the right to refuse registration of, or to cancel, login IDs that it reasonably believes to violate the terms and conditions set forth in this Agreement, in which case CyberArk will promptly inform Customer in writing of such refusal or cancellation. In addition to the rights set forth in this Agreement, CyberArk may suspend Customer’s access and use of the SaaS Products if there is an unusual and material spike or increase in Customer’s use of the SaaS Products and CyberArk reasonably suspects or knows that such traffic or use is fraudulent or materially and negatively impacting the operating capability of the SaaS Products. CyberArk will provide notice prior to such suspension if permitted by applicable law or unless CyberArk reasonably believes that providing such notice poses a risk to the security of the SaaS Products. CyberArk will promptly reinstate Customer’s access and use once the issue has been resolved.

1.4. Trial Services. If Customer is using a free trial, a proof of concept version of the SaaS Products, a beta version of the SaaS Products, or using the SaaS Products on any other free-of-charge basis as specified in an Order including any related support services to the extent provided by CyberArk in its sole discretion (collectively, “Trial Services”), CyberArk makes such Trial Services available to Customer until the earlier of: (i) the end of the free trial or proof of concept period or beta testing period as communicated by CyberArk or specified in an Order; (ii) the start date of any purchased version of such SaaS Products; or (iii) written notice of termination from CyberArk (“Trial Services Period”). CyberArk grants Customer, during the Trial Services Period, a non-exclusive, non-transferable right to access and use the Trial Services for Customer’s internal evaluation purposes in accordance with the Documentation and subject to the access and use restrictions set forth in this Agreement. Customer is authorized to use Trial Services only for evaluation and not for any business or productive purposes, unless otherwise authorized by CyberArk in writing. Any data Customer enters into the Trial Services and any configurations made to the Trial Services by or for Customer during the term of such Trial Services will be permanently lost unless Customer: (a) has purchased a subscription to the same SaaS Products as covered by the Trial Services; or (b) exports such data or configurations before the end of such free period. There is no guarantee that features or functions of the Trial Services will be available, or if available will be the same, in the general release version of the SaaS Products, and Customer should review the SaaS Products features and functions before making a purchase. CyberArk will be under no obligation to provide Customer any maintenance or support services with respect to the Trial Services. Notwithstanding anything to the contrary, CyberArk provides the Trial Services “as is” and “as available” without any warranties or representations of any kind. To the extent permitted by law, CyberArk disclaims all implied warranties and representations, including, without limitation, any implied warranty of merchantability, fitness for a particular purpose and non-infringement. Customer assumes all risks and all costs associated with its use of the Trial Services. Customer’s sole and exclusive remedy in case of any dissatisfaction or CyberArk’s breach of the Agreement with respect to such Trial Services is termination of the Trial Services. Any obligations on behalf of CyberArk to indemnify, defend, or hold harmless under this Agreement are not applicable to Customers using Trial Services.

1.5. Third Party Materials. The SaaS Products include Third-Party Materials, use of which is subject to their respective OSS Licenses as indicated in the Documentation. CyberArk warrants that the inclusion of such Third-Party Materials in the SaaS Products will not prevent Customer from exercising the license rights provided to Customer herein in respect of the SaaS Products or limit Customer’s ability to use the SaaS Products in accordance with the Documentation. Nothing herein shall derogate from mandatory rights Customer may have under any OSS Licenses, if any. Customer may obtain a copy of the source code for certain Third-Party Materials by following the instructions set forth in the Documentation.

1.6.  Support. As part of its provision of the SaaS Products, CyberArk shall make available technical support to Customer in accordance with CyberArk’s then applicable SaaS support terms. Upon notification from CyberArk, Customer shall promptly update any Agents on Customer systems that interact with the SaaS Products. Customer acknowledges and agrees that its failure to timely install such an update may result in disruptions to or failures of the SaaS Products, security risks or suspension of Customer’s access to the SaaS Products, without any liability on the part of CyberArk to Customer.

1.7.  Mobile Applications. With regard to SaaS Products that require the use of mobile applications by an Authorized User, Customer shall ensure that all Authorized Users promptly download and install all available updates for the mobile applications. Customer further acknowledges and agrees that the SaaS Products may not properly operate should any Authorized User fail to do so, and that CyberArk is not liable for any damages caused by a failure to update mobile applications accordingly.

2. Payment and Taxes

2.1. Payment Terms. Customer shall pay all invoices within thirty (30) days of date of invoice, without any deduction or set-off (except for any amount disputed promptly and in writing by Customer in good faith), and payment will be sent to the address specified by CyberArk. Any amounts arising in relation to this Agreement not paid when due will be subject to a late charge of one and one-half percent (1 ½ %) per month on the unpaid balance or the maximum rate allowed by law, whichever is less. Without prejudice to Customer’s rights set out elsewhere in this Agreement, all SaaS Products fees are non-refundable and payable in advance. CyberArk may invoice for purchases of SaaS Products upon delivery.

2.2. Taxes. The fees and charges covered by this Agreement are exclusive of any Indirect Taxes imposed or levied, currently or in the future based on applicable legislation, on the SaaS Products. Unless otherwise agreed between the Parties, Customer will be liable for compliance with reporting and payment of such Indirect Taxes in its tax jurisdiction. CyberArk shall include the Indirect Taxes on its invoice to Customer and remit such Indirect Taxes collected to the relevant authority if required by applicable law. For the avoidance of doubt, CyberArk will be responsible for direct taxes imposed on CyberArk’s net income or gross receipts in its tax jurisdiction.

2.3. Indirect Orders. If Customer places an Indirect Order, then CyberArk grants the rights described in this Agreement in consideration for and subject to: (a) Customer’s agreement to comply with the pricing and payment terms of the Indirect Order, to be separately agreed between Customer and the applicable Channel Partner; and (b) Customer’s agreement to comply with its obligations set forth in this Agreement (including the restrictions on use of the SaaS Products). Notwithstanding the foregoing, the final sales price or rate shall be freely and independently determined between the applicable Channel Partner and Customer. For the avoidance of doubt, in the case of such an Indirect Order, any indication in this Agreement of an agreement between Customer and CyberArk for the price payable by Customer for such Indirect Order shall be null and void and not form a binding part of this Agreement and the provisions of this Agreement related to payment terms, pricing and/or order procedures shall not apply.

3. Rights in Intellectual Property

3.1. Intellectual Property. Except for the rights granted in this Agreement, all rights, title, and interest in and to the SaaS Products, Documentation, and CyberArk Intellectual Property are hereby reserved by CyberArk, its Affiliates or licensors. Except as provided for herein, all rights, title, and interest in and to Customer Intellectual Property are hereby reserved by Customer, its Affiliates or licensors. Nothing in this Agreement shall transfer ownership of any Intellectual Property rights from one Party to the other.

3.2. Customer Data. Customer owns all right, title and interest in all Customer Data. Nothing in this Agreement shall be construed to grant CyberArk any rights in Customer Data beyond those expressly provided herein. Customer grants CyberArk and its Affiliates the limited, non-exclusive, worldwide license to view and use the Customer Data solely for the purpose of providing the SaaS Products.

3.3. Usage Data and Suggestions. CyberArk shall be permitted to collect and use the Usage Data for its reasonable business purposes and for Customer’s benefit. In the event CyberArk wishes to disclose the Usage Data or any part thereof to third parties (either during the Subscription Term or thereafter), such data shall be anonymized and/or presented in the aggregate so that it will not identify Customer or its Authorized Users. The foregoing shall not limit in any way CyberArk’s confidentiality obligations pursuant to section 4 below. To the extent that Customer provides CyberArk with Suggestions, such Suggestions shall be free from any confidentiality restrictions that might otherwise be imposed upon CyberArk pursuant to this Agreement, and may be implemented by CyberArk in its sole discretion. Customer acknowledges that any CyberArk products or materials incorporating any such Suggestions shall be the sole and exclusive property of CyberArk.

4. Confidentiality

4.1.  Confidential Information. The Parties acknowledge that each may disclose certain valuable confidential and proprietary information to the other Party. The receiving Party may only use the disclosing Party’s Confidential Information to fulfill the purposes of this Agreement. The receiving Party will protect the disclosing Party’s Confidential Information by using at least the same degree of care as the receiving Party uses to protect its own Confidential Information of a like nature (but no less than a reasonable degree of care) to prevent the unauthorized use, dissemination, disclosure or publication of such Confidential Information. Notwithstanding the foregoing, the receiving Party may disclose Confidential Information to its (and its Affiliates) employees, advisors, consultants, and agents on a need-to-know basis and provided that such party is bound by obligations of confidentiality substantially similar to those contained herein. This section 4 supersedes any and all prior or contemporaneous understandings and agreements, whether written or oral, between the Parties with respect to Confidential Information and is a complete and exclusive statement thereof. Additionally, the obligations set forth in section 5.3 and not this section 4 herein apply to Customer Data.

4.2.  Exceptions. Information will not be deemed Confidential Information if it: (i) is known to the receiving Party prior to receipt from the disclosing Party directly or indirectly from a source other than one having an obligation of confidentiality to the disclosing Party; (ii) becomes known (independently of disclosure by the disclosing Party) to the receiving Party directly or indirectly from a source other than one having an obligation of confidentiality to the disclosing Party; (iii) becomes publicly known or otherwise ceases to be secret or confidential, except through a breach of this Agreement by the receiving Party; or (iv) is independently developed by the receiving Party without use of or reliance upon the disclosing Party’s Confidential Information, and the receiving Party can provide evidence to that effect. The receiving Party may disclose Confidential Information pursuant to the requirements of a court, governmental agency or by operation of law but shall (to the extent permissible by law) limit such disclosure to only the information requested and give the disclosing Party prior written notice sufficient to permit the disclosing Party to contest such disclosure.

4.3. Advertising and Publicity. Neither Party shall make or permit to be made any public announcement concerning the existence, subject matter or terms of this Agreement or relationship between the Parties without the prior written consent of the other Party except as expressly permitted in this section. Customer grants CyberArk and its Affiliates during the term of the Agreement the right to use Customer’s trade names, logos, and symbols (“Customer Marks”) in its public promotional materials and communications for the sole purpose of identifying Customer as a CyberArk customer. CyberArk shall not modify the Customer Marks, or display the Customer Marks any larger or more prominent on its promotional materials than the names, logos, or symbols of other CyberArk customers. The foregoing promotional materials and communications may be created, displayed, and reproduced without Customer’s review, provided that they are in compliance with this section and any Customer Marks usage guidelines provided by Customer to CyberArk in writing.

5. Security and Processing of Personal Data

5.1. Customer Data Content. As between CyberArk and Customer, Customer is solely responsible for: (i) the content, quality and accuracy of Customer Data as made available by Customer and by Authorized Users; (ii) providing notice to Authorized Users with regards to how Customer Data will be collected and used for the purpose of the SaaS Products; (iii) ensuring Customer has a valid legal basis for processing Customer Data and for sharing Customer Data with CyberArk (to the extent applicable); and (iv) ensuring that the Customer Data as made available by Customer complies with applicable laws and regulations including Applicable Data Protection Laws.

5.2. Data Protection Laws. The Parties shall comply with their respective obligations under the Applicable Data Protection Laws. In particular, if Customer is established in the European Economic Area (“EEA”), in the United Kingdom (“UK”) or in California, or will, in connection with the SaaS Products, provide CyberArk with personal data relating to an individual located within the EEA, the UK or California, the Parties shall comply with the Data Processing Addendum found at https://www.cyberark.com/CyberArk-Data-Processing-Addendum.pdf (“DPA”) which in such case is hereby incorporated into this Agreement.

5.3. Security of Customer Data. CyberArk shall: (i) ensure that is has in place appropriate administrative, physical and technical measures designed to protect the security and confidentiality of Customer Data against any accidental or illicit destruction, alteration or unauthorized access or disclosure to third parties; (ii) have measures in place designed to protect the security and confidentiality of Customer Data; and (iii) access and use the Customer Data solely to perform its obligations in accordance with the terms of this Agreement, and as otherwise expressly permitted in this Agreement. CyberArk shall not materially diminish its security controls with respect to Customer Data during a particular SaaS Products term.

6. Warranties

6.1. Limited SaaS Products Warranty. During the applicable Subscription Term, CyberArk warrants that: (a) the SaaS Products will perform in substantial conformity with the Documentation; and (b) CyberArk will use industry standard measures designed to detect viruses, worms, Trojan horses or other unintended malicious or destructive code in the SaaS Products. The foregoing warranties are void if the failure of the SaaS Products has resulted from negligence, error, or misuse of the SaaS Products (including use not in accordance with the Documentation) by Customer, the Authorized User or by anyone other than CyberArk. Customer shall be required to report any breach of warranty to CyberArk within a period of thirty (30) days of the date on which the incident giving rise to the claim occurred. CyberArk’s sole and exclusive liability, and Customer’s sole and exclusive remedy, for breach of these warranties will be for CyberArk, at its expense, to use reasonable commercial efforts to correct such nonconformity within thirty (30) days of the date that notice of the breach was provided; and, if CyberArk fails to correct the breach within such cure period, Customer may terminate the affected Order and, in such event, CyberArk shall provide Customer with a pro-rata refund of any unused pre-paid fees paid for the period following termination as calculated on a monthly basis for the affected SaaS Products. Without derogating from CyberArk’s obligations under this Agreement, Customer warrants that it shall take and maintain appropriate steps within its control to protect the confidentiality, integrity, and security of its Confidential Information and Customer Data, including: (i) operating the SaaS Products in accordance with the Documentation and applicable law and; and (ii) dedicating reasonably adequate personnel and resources to implement and maintain the security controls set forth in the Documentation. Customer will be responsible for the acts and omissions of its Authorized Users.

6.2. Compliance with Law. Each Party shall comply with all applicable, laws and regulations in connection with the performance of its obligations and the exercise of its rights under this Agreement.

6.3. Disclaimer. Any and all warranties, expressed, incorporated or implied, are limited to the extent and period mentioned in this Agreement. To the maximum extent allowed by applicable law, CyberArk disclaims (and disclaims on behalf of its licensors and/or contributors to any Third-Party Materials) all other warranties, conditions and other terms, whether express or implied or incorporated into this Agreement by statute, common law or otherwise, including the implied conditions and warranties of merchantability and fitness for a particular purpose. CyberArk will have no liability for delays, failures or losses attributable or related in any way to the use or implementation of third-party software or services not provided by CyberArk.

7. Indemnification

7.1. Infringement Indemnity. CyberArk shall defend and indemnify Customer and/or its Affiliates and their officers, directors and employees against all third-party claims, suits and proceedings resulting from the violation, misappropriation, or infringement of such third party’s patent, copyright, trademark or trade secret caused by Customer’s use of the SaaS Products in accordance with this Agreement and the Documentation, and all directly related losses, liabilities, damages, costs and expenses (including reasonable attorneys’ fees).

7.2. Customer Data and Use Indemnity. Customer shall defend and indemnify CyberArk and/or its Affiliates and their officers, directors and employees against any third-party claims, suits and proceedings (including those brought by a government entity) resulting from: (i) an alleged infringement or violation by the Customer Data of such third-party’s patent, copyright, trademark, trade secret; or (ii) CyberArk’s use of the Customer Data, in accordance with the terms of this Agreement and (where applicable) with the terms of the DPA, violates applicable law; and all directly related losses, liabilities, damages, costs and expenses (including reasonable attorneys’ fees).

7.3. Process. Each Party’s defense and indemnification obligations herein will become effective upon, and are subject to: (a) the indemnified Party’s prompt notification to the indemnifying Party of any claims in writing; and (b) the indemnified Party providing the indemnifying Party with full and complete control, authority and information for the defense of the claim, provided that the indemnifying Party will have no authority to enter into any settlement or admission of the indemnified Party’s wrongdoing on behalf of the indemnified Party without the indemnified Party’s prior written consent (not to be unreasonably withheld). At the indemnifying Party’s request, the indemnified Party shall reasonably cooperate with the indemnifying Party in defending or settling any claim.

7.4. Exclusions. The above CyberArk obligations to defend and indemnify will not apply in the event that a claim arises from or relates to: (a) use of the SaaS Products not in accordance with the Documentation and this Agreement; (b) Customer’s use of the SaaS Products in violation of applicable laws; (c) any modification, alteration or conversion of the SaaS Products not created or approved in writing by CyberArk; (d) any combination or use of the SaaS Products with any computer, hardware, software, data or service not required by the Documentation; (e) CyberArk’s compliance with specifications, requirements or requests of Customer; or (f) Customer’s gross negligence or willful misconduct.

7.5. Remedies. If the SaaS Products becomes, or CyberArk reasonably determines that the SaaS Products is likely to become, subject to a claim of infringement for which CyberArk must indemnify Customer as described above, CyberArk may at its option and expense: (a) procure for Customer the right to continue to access and use the SaaS Products, (b) replace or modify the SaaS Products so that it becomes non-infringing without causing a material adverse effect on the functionality provided by the infringing SaaS Products, or (c) if neither of the foregoing options are available in a timely manner on commercially reasonable terms, terminate the affected Order and provide Customer with a pro-rata refund of any unused pre-paid fees paid for the period following termination as calculated on a monthly basis for the affected SaaS Product. This section states the sole liability of CyberArk and the exclusive remedy of Customer with respect to any indemnification claims arising out of or related to this Agreement.

8. Limitation of Liability

8.1. Maximum Liability. Except for liability caused by CyberArk’s intellectual property infringement indemnification obligations in section 7.1, Customer’s data infringement indemnity in section 7.2, and Customer’s payment obligations herein, in no event will either Party’s maximum aggregate liability arising out of or related to this Agreement, regardless of the cause of action and whether in contract, tort (including negligence), warranty, indemnity or any other legal theory, exceed the total amount paid or payable to CyberArk under this Agreement during the twelve (12) month period preceding the date of initial claim.

8.2. No Consequential Damages. Neither Party will have any liability to the other Party for any loss of profits or revenues, loss of goodwill, or for any indirect, special, incidental, consequential or punitive damages arising out of, or in connection with this Agreement, however caused, whether in contract, tort (including negligence), warranty, indemnity or any other legal theory, and whether or not the Party has been advised of the possibility of such damages.

8.3. Construction. This Agreement is not intended to and will not be construed as excluding or limiting any liability which cannot be limited or excluded by applicable law, including liability for (a) death or bodily injury caused by a Party’s negligence; or (b) gross negligence, willful misconduct, or fraud.

9. Assignment. Neither Party may assign any of its rights or obligations under this Agreement without the other Party’s prior written consent, which will not be unreasonably withheld. Notwithstanding the foregoing, either Party may assign any and all of its rights and obligations under this Agreement to a successor in interest in the event of a merger or acquisition or to an Affiliate, upon written notice to the other Party.

10. Restricted Rights and Export Control

10.1. Export Control. The exportation of the SaaS Products and Documentation, and all related technology and information thereof are subject to U.S. laws and regulations pertaining to export controls and trade and economic sanctions, including the U.S. Export Administration Act, Export Administration Regulations, the Export Control Reform Act, and the Office of Foreign Assets Control’s sanctions programs, the laws of the State of Israel, and the laws of any country or organization of nations within whose jurisdiction Customer (or its Authorized Users who may use or otherwise receive the SaaS Products as expressly authorized by this Agreement) operates or does business, as amended, and the rules and regulations promulgated from time to time thereunder. Specifically, Customer hereby undertakes not to export, re-export, access or grant access to the SaaS Products and all related technology, information, materials and any upgrades thereto to: (a) any Prohibited Persons; (b) any country to which such export, re-export or access from is restricted or prohibited per the foregoing applicable laws; or (c) otherwise in violation of any applicable export or import restrictions, laws or regulations. Customer also certifies that it is not a Prohibited Person nor owned, controlled by, or acting on behalf of a Prohibited Person.

10.2. Commercial Computer Software. If Customer is an agency or contractor of the United States Government, Customer acknowledges and agrees that: (i) the SaaS Products (including any software forming a part thereof) were developed entirely at private expense; (ii) the SaaS Products (including any software forming a part thereof) in all respects constitute proprietary data belonging solely to CyberArk; (iii) the SaaS Products (including any software forming a part thereof) are not in the public domain; and (iv) the software forming a part of the SaaS Products is “Commercial Computer Software” as defined in sub-paragraph (a)(1) of DFAR section 252.227-7014 or FAR Part 12.212. Customer shall provide no rights in the Software (including any software forming a part thereof) to any U.S. Government agency or any other party except as expressly provided in this Agreement.

11. Professional Services. Customer may separately purchase from CyberArk professional services in relation to the SaaS Products as may be generally available by CyberArk to its customers, pursuant to CyberArk’s then applicable professional services terms.

12. Term and Termination

12.1. Term. This Agreement will be effective upon signature by both Parties and shall remain in force during the applicable Subscription Term of the SaaS Products unless or until terminated by either Party pursuant to this section.

12.2. Termination. Either Party may terminate this Agreement immediately upon notice to the other Party if the other Party: (i) materially breaches this Agreement and fails to remedy such breach within thirty (30) days after receiving written notice of the breach from the other Party; or (ii) commences bankruptcy or dissolution proceedings, has a receiver appointed for a substantial part of its assets or ceases to operate in the ordinary course of business. In addition, a Party may terminate this Agreement, a SOW, or an Order , in whole or in part, or cease provision of the SaaS Products if required to comply with applicable law or regulation, and such termination will not constitute a breach of this Agreement by the terminating Party. CyberArk reserves the right to suspend Customer’s access to the applicable SaaS Products upon 30 days’ written notice to Customer if: (a) an invoice is more than sixty (60) days past due; or (b) if there is an uncured material breach of this Agreement. CyberArk will promptly reinstate Customer’s access and use of the SaaS Products/provision of the Professional Services once the issue has been resolved. Upon termination or expiration of the Agreement or an Order, (x) any accrued rights and obligations will survive; (y) all outstanding fees and other charges under the Agreement or Order (as applicable) will become immediately due and payable, and (z) Customer will have no further right to access or use the applicable SaaS Products or professional services. If Customer is converting its perpetual on-premise software licenses to a SaaS Product, the applicable previously licensed perpetual on-premise software licenses will be terminated, along with any associated maintenance services, in accordance with the terms of the applicable Order.

12.3. Effects of Termination/Expiration. Upon termination or expiration of an applicable Subscription Term: (i) Customer will have no further right to access or use the SaaS Products; and (ii) each Party shall within thirty (30) days after written request return or destroy any tangible Confidential Information of the other Party within its possession or control that is not contained on the SaaS Products. Any Customer Data contained on the SaaS Products will be deleted within sixty (60) days of termination/expiration of Customer’s Subscription Term. Customer acknowledges that it is responsible for exporting any Customer Data to which Customer desires continued access after termination/expiration, and CyberArk shall have no liability for any failure of Customer to retrieve such Customer Data and no obligation to store or retain any such Customer Data after such sixty (60) day period. Following termination of the SaaS Products, CyberArk may immediately deactivate Customer’s account. Any accrued rights and obligations will survive termination.

13. Miscellaneous

13.1. Independent Contractors. Nothing in this Agreement will be construed to imply a joint venture, partnership or principal-agent relationship between CyberArk and Customer, and neither Party will have the right, power or authority to obligate or bind the other in any manner whatsoever.

13.2. Notices. All Notices will be in writing and will be deemed to have been duly given: (a) when delivered by hand; (b) three (3) days after being sent by registered or certified mail, return receipt requested and postage prepaid; (c) one (1) day after deposit with a nationally recognized overnight delivery or express courier service; or (d) when provided via email when the sender has received a delivery/read receipt. Notices for CyberArk should be sent to the following addresses: (i) for physical Notices the address specified for CyberArk in section 13.4 “Governing Law and Jurisdiction” and; (ii) for electronic Notices to: [email protected].

13.3. Force Majeure. With the exception of Customer’s payment obligations herein, neither Party will be liable to the other Party for any delay or failure to perform which is due to fire, pandemic, virus, epidemic, travel advisories as to health, security and/or terrorism, flood, lockout, transportation delay, war, acts of God, governmental rule or order, strikes or other labor difficulties, or other causes beyond its reasonable control. However, in such event, both Parties will resume performance promptly after the cause of such delay or failure has been removed.

13.4. Governing Law and Jurisdiction. Each Party agrees to the applicable governing law below without regard to choice or conflicts of law rules, and to the exclusive jurisdiction of the applicable courts below with respect to any dispute, claim, action, suit or proceeding (including non-contractual disputes or claims) arising out of or in connection with this Agreement, or its subject matter or formation. To the extent not prohibited by applicable law, each of the Parties hereby irrevocably waives any and all right to trial by jury in any legal proceeding arising out of or related to this Agreement.


CyberArk entity entering into Agreement: With Principal Office at: Choice of Law: Exclusive Jurisdiction:
CyberArk Software, Inc. 60 Wells Avenue,
Newton, MA 02459, U.S.A.
Laws of Commonwealth of Massachusetts, U.S.A. Courts of Boston, Massachusetts, U.S.A.
Cyber-Ark Software (UK) Ltd. One Pear Place, 152-158 Waterloo Road, London, SE1 8SB, U.K. Laws of England and Wales Courts of London, England
CyberArk Software Ltd. 9 Hapsagot St. Park Ofer 2, P.O. Box 3143, Petach-Tikva 4951040, Israel Laws of Israel Courts of Tel Aviv Jaffa, Israel
CyberArk Software Canada Inc. 1200 Waterfront Centre 200 Burrard Street PO Box 48600, Vancouver BC V7X 1T2, Canada Laws of Ontario and the federal laws of Canada applicable therein Courts of Toronto, Ontario, Canada
CyberArk Software (Singapore) Pte. Ltd. 3 Anson Road #24-02, Springleaf Tower, Singapore 079909 Laws of Singapore Courts of Singapore
CyberArk Software (Japan) K.K. Pacific Century Place 8F, 1-11-1, Marunouchi, Chiyoda-ku, Tokyo Laws of Japan Courts of Japan
CyberArk Software (India) Private Limited 3rd Floor, SY No. 136, Sreshta Marvel, Gachibowli Kondapur Main Road, Gachibowli, Ranga Reddy, Telangana, 500032, India Laws of India Courts of Hyderabad, India


13.5. Entire Agreement, Execution, and Modification. This Agreement supersedes all prior agreements and representations between the Parties regarding the subject matter of this Agreement. The terms and conditions contained in any Order issued by Customer will be of no force or effect, even if the Order is accepted by CyberArk. CyberArk may make changes to these Terms of Service from time to time. If CyberArk makes a material change to any of the foregoing, CyberArk will inform Customer by e-mail to the e-mail address(es) noted on the Order (or subsequently designated by Customer in writing as a contact for notifications from CyberArk), or through a banner or other prominent notice within the SaaS Products, or through the CyberArk support platform. If Customer does not agree to the change, Customer must so notify CyberArk by e-mail to [email protected] within thirty (30) days after CyberArk’s notice. If Customer so notifies CyberArk, then Customer will remain governed by the most recent terms of service applicable to Customer until the end of the then-current year of the Subscription Term and the updated terms shall apply upon the commencement of the subsequent Subscription Term.

13.6. Severability and Waiver. This Agreement shall be deemed severable, and the invalidity or unenforceability of any term or provision hereof shall not affect the validity or enforceability of this Agreement or of any other term or provision hereof. Should any term or provision of this Agreement be declared void or unenforceable by any court of competent jurisdiction, the Parties intend that a substitute provision will be added to this Agreement that, to the greatest extent possible, achieves the intended commercial result of the original provision. The failure of either Party to enforce any rights granted to it hereunder or to take action against the other Party in the event of any breach hereunder will not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches.

13.7. Definitions and Interpretation. The following definitions and rules of interpretation apply in this Agreement:

“Affiliate” means a company controlling, controlled by, or under common control with a Party (an entity will be deemed to have control if it owns over 50% of another entity).

“Agents” means CyberArk’s proprietary software, systems and locally-installed software agents and connectors that interact with the SaaS Products as may be provided by CyberArk in connection with the SaaS Products.

“Applicable Data Protection Laws” means the EU General Data Protection Regulation (2016/679) (“GDPR”), any applicable laws of EU member states implementing the GDPR (including the UK Data Protection Act 2018), and the California Consumer Privacy Act, in each case as amended, consolidated, re-enacted or replaced from time to time and only if and insofar as they apply.

“Authorized Users” means employees, agents, consultants, contractors, or vendors authorized by Customer to use the SaaS Products solely for the internal use of Customer and its Affiliates, subject to the terms and conditions of this Agreement.

“Channel Partner” means a third-party business entity that CyberArk has appointed as an approved partner to as applicable, distribute, re-sell and support the SaaS Products.

“Confidential Information” means all information provided by the disclosing Party to the receiving Party concerning the disclosing Party or its Affiliates’ business, products or services that is not generally known to the public, including information relating to customers, vendors, trade secrets, prices, products, services, computer programs and other intellectual property and any other information which a Party should reasonably understand to be considered Confidential Information whether or not such information is marked “Confidential” or contains such similar legend by the disclosing Party at the time of disclosure.

“Customer Data” means all data and/or content uploaded to the SaaS Products by Customer (including where applicable Authorized Users), and in all data derived from it. For the avoidance of doubt, Customer Data does not include Usage Data.

“CyberArk” means the CyberArk legal entity specified on the signature line below, at the address specified in section 13.4 “Governing Law and Jurisdiction.”

“Documentation” means the user guides, installation documents, and specifications for the SaaS Products that are made available from time to time by CyberArk in electronic or tangible form and found at docs.cyberark.com, including the documentation located therein under the ‘Security’ section for the relevant SaaS Products, but excluding any sales or marketing materials.

“Indirect Order” means an Order for the Software or Services from a Channel Partner of Customer’s choosing pursuant to an independent commercial agreement.

“Indirect Taxes” means excise, sales, use, gross-turnover, value added, goods and services tax or other similar types of indirect taxes on turnover and/or revenues, duties, customs or tariffs (however designated, levied or based and whether foreign or domestic, federal, state or province).

“Intellectual Property” means a Party’s proprietary material, technology, or processes (excluding the SaaS Products and Documentation), including services, software tools, proprietary framework and methodology, hardware designs, algorithms, objects and documentation (both printed and electronic), network designs, know-how, trade secrets and any related intellectual property rights throughout the world (whether owned or licensed by a third party) and any derivatives, improvements, enhancements or extensions of such Intellectual Property conceived, reduced to practice, or developed.

“Notice” means any notice or other communication required or permitted under this Agreement.

“Order” means CyberArk’s quote accepted by Customer via Customer’s purchase order or other ordering document submitted to CyberArk (directly or indirectly through a Channel Partner) to order CyberArk’s SaaS Products, which references the SaaS Products, pricing, payment terms, quantities, expiration date and other applicable terms set forth in an applicable CyberArk quote or ordering document.

“OSS Licenses” means the respective open source licenses that the Third-Party Materials are subject to.

“Prohibited Persons” means anyone on the U.S. Commerce Department’s Denied Persons, Entity, or Unverified Lists or the U.S. Treasury Department’s list of Specially Designated Nationals and Consolidated Sanctions list.

“SaaS Products” means the software-as-a-service products specified in the Order as further described in the Documentation (including any updates and upgrades to the SaaS Products provided by CyberArk in its sole discretion, and any software, systems and locally-installed software agents and connectors that interact with the SaaS Products as may be provided by CyberArk in connection with the SaaS Products), provided that any free trial saas software, proof of concept of the SaaS Products, beta version of the SaaS Products, or any other free-of-charge software product (“Trial Version”) will not be subject to this Agreement and instead will be governed by the applicable terms of service embedded in, or provided with, such Trial Version.

“Subscription Term” means the period of time during which Customer is subscribed to the SaaS Products, as specified in an Order and which shall begin upon delivery of the SaaS Products.

“Suggestions” means, any ideas or suggestions for improvements, new features, functionalities, corrections, enhancements or changes to the SaaS Products suggested by Customer to CyberArk.

“Third-Party Materials” means open source software programs that are made available by third parties under their respective OSS Licenses.

“Usage Data” means data generated in connection with Customer’s access, use and configuration of the SaaS Products and data derived from it (e.g., types of applications or accounts utilized or interacting with the SaaS Products).

Any words following the terms including or include shall be regarded as examples only and not construed as an exhaustive list.

Should Customer have any questions concerning this Agreement, or if Customer desires to contact CyberArk for any reason, please e-mail us at: [email protected].

Last updated: August 31st, 2021