.

Professional Service Terms

Last Modified: January 9, 2024

These Professional Services Terms (“Agreement”) set forth the terms for the Professional Services (as defined below) between the ForAllSecure, Inc. (“ForAllSecure”) and the customer identified on the applicable Order (as defined below) (“Customer”). This Agreement is entered into between Customer and ForAllSecure as of the date Customer executes the first Order for the Professional Services (“Effective Date”). ForAllSecure may update the terms of this Agreement from time to time.

1. Definitions

Affiliate” means any entity that directly or indirectly controls or is controlled by, or is under common control with, the party specified. For purposes of this definition, “control” means direct or indirect ownership of more than fifty percent (50%) of the voting interests of the subject entity.

Cloud Services” means any of the products and services ordered by Customer under an Order or online purchasing portal, or provided to Customer free of charge or under a free trial (each as applicable), and made available online by ForAllSecure, including offline products and services, as described in the Documentation, and including but not limited to Mayhem for Code product (“Mayhem for Code”), Mayhem for API product (“Mayhem for API”), the CLI or future products, enhancements, updates, modifications provided by ForAllSecure under this Agreement, which is further described on ForAllSecure’s website and, if applicable, as reflected in the Customer’s Order documents.

Customer Documentation” means any documentation developed, conceived, or acquired specifically for, or on behalf of, Customer, during the Term (as defined below) of this Agreement, in connection with the Professional Services.

Customer Materials” means any information, specifications, instructions, or materials provided by Customer in connection with the Professional Services.

Deliverables” means any deliverables or work products developed, conceived, or acquired, during the Term (as defined below) of this Agreement, in connection with the Professional Services. Deliverables excludes Customer Documentation.

Order” means an order document or statement of work between Customer and ForAllSecure, or any of their Affiliates, that identifies the applicable Professional Services being purchased, the mutually agreed upon rate for such Professional Services and any other applicable commercial terms related to the Professional Services,including any modifications, amendments, or attachments thereto.

Professional Services” means the professional services provided to Customer, including, without limitation, the development and delivery of any Deliverables related thereto. Professional Services excludes Cloud Services (as defined above).

Subcontractors” means any third party that assists ForAllSecure in providing the Professional Services.

ForAllSecure IP” means any documentation, technical configuration, or workflow templates, starter code, software components, content, documentation, materials, methodologies, or other intellectual property that is developed, conceived, or acquired by ForAllSecure (a) prior to the Effective Date or (b) outside of the scope of this Agreement or the applicable Order.

ForAllSecure Personnel” means ForAllSecure’s employees and contractors, and employees of Subcontractors that assist in providing the Professional Services.

Any capitalized term not defined in this Section 1 will have the meaning provided in this Agreement.

2. Professional Services

2.1 Performance. ForAllSecure will provide the Professional Services in accordance with this Agreement and the applicable Order. ForAllSecure is responsible for (a) ForAllSecure Personnel’s and any Subcontractor’s provision of the Professional Services in accordance with this Agreement and the applicable Order and (b) all matters related to ForAllSecure Personnel’s employment, including, without limitation, compensation, benefits, and any statutory obligations. ForAllSecure will only allocate ForAllSecure Personnel for the provision of the Professional Services once Customer has executed the applicable Order. Customer will not cancel or terminate an executed Order for the Professional Services if there are less than fourteen (14) days remaining until ForAllSecure commences the provision of such Professional Services.

2.2 Customer Responsibilities. Customer will comply with the terms of this Agreement and the applicable Order. Customer will cooperate reasonably and in good faith with ForAllSecure Personnel in their provision of the Professional Services including, without limitation: (a) providing ForAllSecure Personnel sufficient resources, knowledgeable employees or staff of Customer, and safe working facilities with Internet access; (b) timely access to accurate and complete Customer Materials; (c) timely, accurate, and complete responses to inquiries or requests for feedback or information from ForAllSecure Personnel; (d) appointing a Customer representative for each Professional Services project to serve as a primary point of contact for ForAllSecure Personnel and to make authorized decisions on behalf of Customer; and (e) actively participating in scheduled project meetings with ForAllSecure Personnel. If Customer’s failure to comply with this Section 2.2 prevents ForAllSecure from providing the Professional Services, as determined by ForAllSecure in its sole discretion, ForAllSecure’s obligation to provide the Professional Services will be excused until Customer remedies such failure and ForAllSecure will not be responsible for any delays resulting therefrom. If any delay in the provision of Professional Services is caused by Customer and results in additional fees, Customer will pay such additional fees. 

3. Fees and Taxes

3.1 Fees. Customer will pay ForAllSecure,the fees, including out-of-pocket expenses, set forth in the applicable Order. If Customer is invoiced, Customer will pay the fees due within thirty (30) days of the date of the invoice, except as otherwise set forth in the applicable Order. If Customer fails to make any payment when due, including because of failure to update the payment method, without limiting ForAllSecure’s other rights and remedies: (i) ForAllSecure may charge interest on the past due amount at the rate of 1.5% per month calculated daily and compounded monthly or, if lower, the highest rate permitted under applicable law; (ii) Customer shall be liable for and shall reimburse ForAllSecure for all costs incurred by ForAllSecure in collecting any late payments or interest on unpaid Fees, including attorneys’ fees, court costs, and collection agency fees; and (iii) ForAllSecure may suspend the provision of the Professional Services until such amounts are paid in full, without incurring any obligation or liability to Customer by reason of such suspension.


3.2 Taxes. All fees are exclusive of any applicable taxes, levies, duties, or other similar exactions imposed by a legal, governmental, or regulatory authority in any applicable jurisdiction, including, without limitation, sales, use, value-added, consumption, or withholding taxes (collectively, “Taxes”). Customer will pay Taxes in connection with this Agreement (excluding any taxes based on ForAllSecure’s net income, property, or employees), unless the necessary tax exemption information is provided to ForAllSecure or a valid tax exemption certificate is provided to ForAllSecure and approved by ForAllSecure. Any exemption from paying Taxes will be on a going-forward basis. If the appropriate tax authority determines, at any time, that Customer is not exempt from paying Taxes, Customer will promptly pay such Taxes to ForAllSecure, plus any applicable interest or penalties.

3.3 Payment Disputes. If Customer wishes to dispute any fees or Taxes, Customer must provide written notice of such dispute to ForAllSecure within thirty (30) days of being billed. Where Customer is disputing any fees or Taxes, Customer must act reasonably and in good faith and will cooperate diligently with ForAllSecure to resolve the dispute.

4. Ownership and Licenses. Customer acknowledges and agrees that the Deliverables are developed solely to be used with the Cloud Services and will otherwise be inoperative in standalone form or if used with third-party products and services. Accordingly, (a) ForAllSecure owns all right, title, and interest in and to Confidential Information (as defined below) of ForAllSecure, the Deliverables, and the ForAllSecure IP and (b) Customer hereby assigns all right, title, and interest in and to the Deliverables to ForAllSecure. If ForAllSecure uses the Deliverables for any purpose outside of the scope of this Agreement, such Deliverables will not contain any Confidential Information of Customer. Customer owns all right, title, and interest in and to Confidential Information of Customer, the Customer Materials, and the Customer Documentation. Customer grants ForAllSecure the right and license to use the Customer Materials solely as necessary to provide the Professional Services. 

5. Confidentiality. “Confidential Information” means any information or data, regardless of whether it is in tangible form, disclosed by either party (“Disclosing Party”) to the other party (“Receiving Party”) that is marked or otherwise designated as confidential or proprietary or that should otherwise be reasonably understood to be confidential given the nature of the information and the circumstances surrounding the disclosure. Confidential Information does not include any information which: (a) is publicly available through no breach of this Agreement or fault of Receiving Party; (b) was properly known by Receiving Party, and to its knowledge, without any restriction, prior to disclosure by Disclosing Party; (c) was properly disclosed to Receiving Party, and to its knowledge, without any restriction, by another person without violation of Disclosing Party's rights; or (d) is independently developed by Receiving Party without use of or reference to Confidential Information of Disclosing Party. Except as otherwise authorized by Disclosing Party in writing, Receiving Party will not (i) use any Confidential Information of Disclosing Party for any purpose outside of exercising Receiving Party’s rights or fulfilling its obligations under this Agreement and (ii) disclose or make Confidential Information of Disclosing Party available to any party, except to Receiving Party’s Affiliates and Receiving Party’s and its Affiliates’ respective employees, legal counsel, accountants, contractors, and subcontractors (collectively, “Representatives”) who have a “need to know” as necessary for Receiving Party to exercise its rights or fulfill its obligations under this Agreement. Receiving Party will be responsible for its Representatives’ compliance with this Section 5. Representatives will be legally bound to protect Confidential Information of Disclosing Party under terms of confidentiality that are at least as protective as the terms of this Section 5. Receiving Party will protect the confidentiality of Confidential Information of Disclosing Party using the same degree of care that it uses to protect the confidentiality of its own confidential information but in no event less than reasonable care. Receiving Party may disclose Confidential Information of Disclosing Party if so required under a regulation, law, subpoena, or court order (“Compelled Disclosure”), provided Receiving Party gives Disclosing Party written notice to the extent legally permitted. Receiving Party will provide reasonable cooperation to Disclosing Party in connection with a Compelled Disclosure at Disclosing Party’s sole expense. Disclosing Party will be entitled to seek injunctive and other equitable relief, without waiving any other rights or remedies available to it, for an actual or threatened breach of this Section 5 by Receiving Party.

6. Warranty and Disclaimer. ForAllSecure warrants that ForAllSecure Personnel will provide the Professional Services in a professional and workmanlike manner. Customer’s sole and exclusive remedy for ForAllSecure’s breach of this Section 6 will be for ForAllSecure to re-perform the non-conforming portions of the Professional Services. THE EXPRESS WARRANTY IN THIS SECTION 6 IS EXCLUSIVE AND IN LIEU OF ALL OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT AS OTHERWISE PROVIDED IN THIS SECTION 6, THE PROFESSIONAL SERVICES, DELIVERABLES, FORALLSECURE IP, AND CUSTOMER DOCUMENTATION ARE PROVIDED TO CUSTOMER “AS IS.” CUSTOMER IS SOLELY RESPONSIBLE FOR ITS RELIANCE UPON THE PROFESSIONAL SERVICES, DELIVERABLES, FORALLSECURE IP, AND CUSTOMER DOCUMENTATION.

7. Mutual Indemnification

7.1 Indemnification by ForAllSecure. ForAllSecure will defend Customer, its Affiliates, and each of their directors, officers, and employees (collectively, Customer Indemnified Parties”) from and against any claim, demand, suit, or proceeding made or brought against a Customer Indemnified Party by a third party arising out of (a) the ForAllSecure IP or Deliverables infringing or misappropriating such third party’s intellectual property rights (“ForAllSecure Indemnifiable Claim”). ForAllSecure will indemnify Customer from any damages, attorney fees, and costs awarded against a Customer Indemnified Party or for settlement amounts approved by ForAllSecure for a ForAllSecure Indemnifiable Claim. If the ForAllSecure IP or Deliverables become, or in ForAllSecure’s opinion are likely to become, the subject of any ForAllSecure Indemnifiable Claim for third-party intellectual property rights infringement or misappropriation, ForAllSecure may at its option and expense: (x) procure for Customer the right to continue using the ForAllSecure IP or Deliverables; (y) modify the ForAllSecure IP or Deliverables to make such ForAllSecure IP or Deliverables non-infringing; or (z) if the foregoing options are not reasonably practicable, terminate this Agreement or the applicable Order and refund Customer the fees paid under the applicable Order. ForAllSecure will have no obligation under this Section 7.1 with respect to any ForAllSecure Indemnifiable Claim arising out of (i) Customer’s breach of this Agreement or the applicable Order; (ii) Customer’s or a third party’s modification of the ForAllSecure IP or Deliverables, where the unmodified version would not be infringing; (iii) any Customer Materials or ForAllSecure’s reliance on any Customer Materials; or (iv) the combination, operation, or use of the ForAllSecure IP or Deliverables with hardware, software, products, services, applications, or any portions thereof, by Customer or a third party, where the ForAllSecure IP or Deliverables would not by themselves be infringing.

7.2 Indemnification by Customer. Customer will defend ForAllSecure, its Affiliates, and each of their directors, officers, and employees (collectively, “ForAllSecure Indemnified Parties”) from and against any claim, demand, suit, or proceeding made or brought against a ForAllSecure Indemnified Party by a third party arising out of Customer’s acts and omissions set forth in Sections 7.1(i), (ii), (iii), or (iv) (“Customer Indemnifiable Claim”). Customer will indemnify ForAllSecure from any damages, attorney fees, and costs awarded against a ForAllSecure Indemnified Party or for settlement amounts approved by Customer for a Customer Indemnifiable Claim.

7.3 Conditions of Indemnification. As a condition of the foregoing indemnification obligations: (a) indemnified party (“Indemnified Party”) will promptly notify indemnifying party (“Indemnifying Party”) of any ForAllSecure Indemnifiable Claim or Customer Indemnifiable Claim, as applicable (individually or collectively referred to herein as a “Claim”) in writing; provided, however, that the failure to give prompt written notice will not relieve Indemnifying Party of its obligations hereunder, except to the extent that Indemnifying Party was actually and materially prejudiced by such failure; (b) Indemnifying Party will have the sole authority to defend or settle a Claim; and (c) Indemnified Party will reasonably cooperate with Indemnifying Party in connection with Indemnifying Party’s activities hereunder, at Indemnifying Party’s expense. Indemnified Party reserves the right, at its own expense, to participate in the defense of a Claim. Notwithstanding anything herein to the contrary, Indemnifying Party will not settle any Claim for which it has an obligation to indemnify under this Section 7 admitting liability or fault on behalf of Indemnified Party, nor create any obligation on behalf of Indemnified Party without Indemnified Party’s prior written consent, which will not be unreasonably withheld, conditioned, or delayed. This Section 7 states Indemnifying Party’s sole liability to, and Indemnified Party’s exclusive remedy against, the other party for any third-party claims.

8. Limitation of Liability. IN NO EVENT WILL EITHER PARTY OR ITS AFFILIATES HAVE ANY LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT FOR ANY LOST PROFITS, REVENUES, GOODWILL, OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER, LOST DATA, BUSINESS INTERRUPTION, OR PUNITIVE DAMAGES, WHETHER AN ACTION IS IN CONTRACT OR TORT, AND REGARDLESS OF THE THEORY OF LIABILITY, EVEN IF A PARTY OR ITS AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR IF A PARTY’S OR ITS AFFILIATES’ REMEDY OTHERWISE FAILS OF ITS ESSENTIAL PURPOSE. THE DISCLAIMER IN THE PRECEDING SENTENCE WILL NOT APPLY TO THE EXTENT PROHIBITED BY LAW. IN NO EVENT WILL THE AGGREGATE LIABILITY OF EITHER PARTY OR ITS AFFILIATES ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE AMOUNTS PAID OR PAYABLE BY CUSTOMER OR ITS AFFILIATES UNDER THE APPLICABLE ORDER FOR THE PROFESSIONAL SERVICES OUT OF WHICH THE LIABILITY AROSE. THE FOREGOING LIMITATION WILL APPLY WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY. THIS SECTION 8 WILL NOT APPLY TO CUSTOMER’S AND ITS AFFILIATES’ BREACH OF SECTION 3 (FEES AND TAXES) OR AMOUNTS PAYABLE PURSUANT TO A PARTY’S INDEMNIFICATION OBLIGATIONS UNDER SECTION 7 (MUTUAL INDEMNIFICATION).

9. Term and Termination

9.1 Agreement Term. This Agreement will commence on the Effective Date and will continue in effect until the end of the term set forth in the Order or as otherwise agreed in writing (Termination) (“Term”).

9.2 Termination. ForAllSecure may terminate this Agreement, for any reason upon 30 days’ advance notice; provided that in the event of a termination solely pursuant to this section, ForAllSecure shall refund Customer such unused pre-paid fees. Either party may terminate this Agreement, effective on written notice to the other party, if the other party materially breaches this Agreement, and such breach is incapable of cure or being capable of cure, remains uncured 30 days after the non-breaching party provides the breaching party with written notice of such breach. Subject to applicable law, either party may terminate this Agreement immediately by providing written notice in the event of the other party’s liquidation, commencement of dissolution proceedings or any other proceeding relating to a receivership, failure to continue business, assignment for the benefit of creditors, or becoming the subject of bankruptcy. The following provisions will survive any termination of this Agreement: Section 3 (Fees and Taxes), Section 4 (Ownership and Licenses), Section 5 (Confidentiality), Section 7 (Mutual Indemnification), Section 8 (Limitation of Liability), and Section 10 (General).

10. General

10.1 Assignment. Neither party may assign or otherwise transfer this Agreement, in whole or in part, without the other party’s prior written consent (not to be unreasonably withheld or delayed), unless a party is assigning this Agreement to (a) a successor to all or part of its assets or business or (b) an Affiliate. Any attempted assignment or transfer by either party in violation of this Section 10.1 will be void. Subject to the foregoing, this Agreement will be binding on the parties and their respective successors and permitted assigns.

10.2 Notices. Notices to ForAllSecure will be provided via email to legal@forallsecure.com. Billing-related notices will be provided via email to Customer to the relevant billing contact(s) designated by Customer in its account. All other notices to Customer will be provided via email to Customer’s representative designated for the applicable Professional Services project.

10.3 Governing Law and Attorneys’ Fees. This Agreement is governed by and construed in accordance with the internal laws of the State of Pennsylvania without giving effect to any choice or conflict of law provision or rule that would require or permit the application of the laws of any jurisdiction other than those of the State of Pennsylvania. Any legal suit, action, or proceeding arising out of or related to this Agreement or the rights granted hereunder will be instituted in the federal courts of the United States or the courts of the State of Pennsylvania in each case located in the city of Pittsburgh and County of Allegheny, and each party irrevocably submits to the jurisdiction of such courts in any such suit, action, or proceeding.  In the event of any adjudication of any dispute under this Agreement, the prevailing party in such action will be entitled to reimbursement of its attorneys’ fees and related costs by the non-prevailing party.

10.5 Force Majeure. No failure, delay, or default in performance of any obligation of a party will constitute an event of default or breach of this Agreement to the extent that such failure to perform, delay or default arises out of a cause, existing or future, that is beyond the control and without negligence of such party (collectively, “Force Majeure Events”). The party affected by a Force Majeure Event will take all reasonable actions to minimize the consequences of any such event.

10.6 Entire Agreement. ForAllSecure is providing the Professional Services as an independent contractor and not as an employee, agent, joint venturer, or partner of Customer. Neither party has the authority to bind or act on behalf of the other party in any capacity or circumstance whether by contract or otherwise. This Agreement does not confer any benefits on any third party, including, without limitation, an Affiliate, unless it expressly states that it does. This Agreement constitutes the entire agreement between the parties with respect to the subject matter hereof and supersedes all prior and contemporaneous understandings, proposals, statements, sales materials, presentations, or non-disclosure or other agreements, whether oral or written. No failure or delay by either party in exercising any right or enforcing any provision under this Agreement will constitute a waiver of that right or provision or any other provision. Any modification to or waiver of any provision under this Agreement will be in writing and executed by both parties. Any terms and conditions stated on Customer’s vendor registration form, registration portal, purchase order, or similar document will be null and void even if accepted or executed by ForAllSecure. In the event of a conflict or inconsistency between the terms of this Agreement and the terms of the applicable Order, the terms of the applicable Order will prevail.