Master Services Agreement

1.1. "Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. "Control," for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

1.2. "Agreement" means this MSA and any Order Forms.

1.3. "ArmadaAI" means CyberConvoy's proprietary artificial intelligence engine and associated technologies that power aspects of the Services, including but not limited to alert triage, detection engineering, and predictive threat modeling.

1.4. "Authorized User" means an individual who is an employee or contractor of Customer or its Affiliates and is authorized by Customer to use the Services, for whom Customer has purchased a subscription.

1.5. "C.O.R.E. Platform" means the proprietary "Continuous Observation, Response & Eradication" platform developed and maintained by CyberConvoy.

1.6. "Customer Data" means all electronic data or information submitted by or for Customer to the Services, including logs, telemetry, and messages from Customer's Monitored Sources.

1.7. "Documentation" means the applicable security and technical documentation and usage guides for the Services provided by CyberConvoy.

1.8. "Monitored Asset" means a Customer-controlled user account, endpoint, server, firewall, or other data source as specified in an Order Form, from which the Services are authorized to ingest Customer Data.

1.9. "Order Form" means an ordering document or online order specifying the Services to be provided hereunder that is entered into between Customer and CyberConvoy.

1.10. "Services" means the software-as-a-service products and services that are ordered by Customer under an Order Form and made available online by CyberConvoy, including the C.O.R.E. Platform and associated offline components, as described in the Documentation.

1.11. "Usage Credits" means the credits purchased by Customer which are consumed to use the Services, based on the Usage Metrics.

1.12. "Usage Metrics" means the metrics used to determine the consumption of Usage Credits, as set forth in an Order Form, such as the number of users, endpoints, servers, and firewalls.

2.1. Provision of Services. CyberConvoy will make the Services available to Customer pursuant to this Agreement and the applicable Order Forms during a subscription term. Customer agrees that its purchases are not contingent on the delivery of any future functionality or features.

2.2. CyberConvoy Responsibilities. CyberConvoy will: (a) provide the Services with the skill, care, and diligence required in accordance with good industry practice; (b) use commercially reasonable efforts to make the Services available 24 hours a day, 7 days a week, except for: (i) planned downtime (of which CyberConvoy shall give at least 8 hours electronic notice), and (ii) any unavailability caused by circumstances beyond CyberConvoy's reasonable control, including, for example, an act of God, act of government, flood, fire, earthquake, civil unrest, act of terror, strike or other labor problem, Internet service provider failure or delay, or denial of service attack.

2.3. Customer Responsibilities. Customer will: (a) be responsible for Authorized Users' compliance with this Agreement and the Documentation; (b) be responsible for the accuracy, quality, and legality of Customer Data and the means by which Customer acquired Customer Data; (c) use commercially reasonable efforts to prevent unauthorized access to or use of Services, and notify CyberConvoy promptly of any such unauthorized access or use; and (d) use Services only in accordance with this Agreement, the Documentation, and applicable laws.

3.1. Fees. Customer will pay all fees specified in all Order Forms. Except as otherwise specified herein or in an Order Form, (a) fees are based on Usage Credits purchased and not actual usage, (b) payment obligations are non-cancelable and fees paid are non-refundable, and (c) quantities purchased cannot be decreased during the relevant subscription term.

3.2. Credit Roll-Over. Unused Usage Credits from a subscription term will roll over to the immediately following renewal term only if Customer has executed a renewal Order Form for such subsequent term where the total fees are equal to or greater than the total fees of the expiring term. Any unused Usage Credits are immediately forfeited upon non-renewal or upon renewal at a lesser annual contract value. Rolled-over credits expire at the end of the renewal term to which they were rolled and cannot be rolled over a second time.

3.3. Invoicing and Payment. Fees will be invoiced in advance and otherwise in accordance with the relevant Order Form. Unless otherwise stated in the Order Form, all invoices are due thirty (30) days from the invoice date.

3.4. Taxes. Fees are exclusive of all taxes, levies, or duties imposed by taxing authorities, and Customer shall be responsible for payment of all such taxes, levies, or duties, excluding only taxes based solely on CyberConvoy's income.

4.1. Reservation of Rights. Subject to the limited rights expressly granted hereunder, CyberConvoy and its licensors reserve and shall retain all of their right, title, and interest in and to the Services, C.O.R.E. Platform, ArmadaAI, including all of their related intellectual property rights. No rights are granted to Customer hereunder other than as expressly set forth herein.

4.2. Use Restrictions. Customer will not (a) make any Service available to anyone other than Customer or Authorized Users, (b) sell, resell, license, sublicense, distribute, rent or lease any Service, (c) use a Service to store or transmit infringing, libelous, or otherwise unlawful or tortious material, (d) use a Service to store or transmit malicious code, (e) interfere with or disrupt the integrity or performance of any Service or third-party data contained therein, (f) attempt to gain unauthorized access to any Service or its related systems or networks, (g) permit direct or indirect access to or use of any Service in a way that circumvents a contractual usage limit, (h) copy a Service or any part, feature, function or user interface thereof, or (i) reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas, know-how or algorithms relevant to the Services, C.O.R.E. Platform, or ArmadaAI.

4.3. License by Customer to CyberConvoy. Customer grants CyberConvoy and its Affiliates a worldwide, limited-term, royalty-free license to host, copy, transmit, and display Customer Data as necessary for CyberConvoy to provide the Services in accordance with this Agreement.

4.4. License by Customer to Use Feedback. Customer grants to CyberConvoy a worldwide, perpetual, irrevocable, royalty-free license to use and incorporate into its services any suggestion, enhancement request, recommendation, correction, or other feedback provided by Customer or Authorized Users.

4.5. AI Model Training. CyberConvoy shall have the right to collect, use, and analyze anonymized, aggregated, and de-identified data derived from Customer Data ("Derived Data") for its business purposes, including but not limited to training its machine learning models, improving the Services, and for industry analysis and reporting. For the avoidance of doubt, Derived Data will not identify Customer, its Authorized Users, or any individual.

4.6. Publicity. Customer agrees that CyberConvoy may use Customer's name and logo to identify Customer as a customer of CyberConvoy on CyberConvoy's website and in other marketing materials.

5.1. Definition of Confidential Information. "Confidential Information" means all information disclosed by a party ("Disclosing Party") to the other party ("Receiving Party"), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. CyberConvoy's Confidential Information includes the Services, its technology, and pricing. Customer's Confidential Information includes Customer Data.

5.2. Protection of Confidential Information. The Receiving Party will use the same degree of care that it uses to protect the confidentiality of its own like-kind information (but not less than reasonable care) to (a) not use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement, and (b) except as otherwise authorized by the Disclosing Party in writing, limit access to Confidential Information of the Disclosing Party to those of its and its Affiliates' employees and contractors who need that access for purposes consistent with this Agreement and who are bound by confidentiality obligations with the Receiving Party containing protections no less stringent than those herein.

5.3. Compelled Disclosure. The Receiving Party may disclose Confidential Information of the Disclosing Party to the extent compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of the compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party's cost, if the Disclosing Party wishes to contest the disclosure.

6.1. Security Measures. CyberConvoy will maintain administrative, physical, and technical safeguards for the protection of the security, confidentiality, and integrity of Customer Data, as described in the Documentation. Those safeguards will include measures for preventing access, use, modification, or disclosure of Customer Data by CyberConvoy personnel except (a) to provide the Services and prevent or address service or technical problems, (b) as compelled by law, or (c) as expressly permitted in writing by Customer.

7.1. Warranties. Each party warrants that it has validly entered into this Agreement and has the legal power to do so. CyberConvoy warrants that the Services will perform materially in accordance with the Documentation.

7.2. Disclaimer. EXCEPT AS EXPRESSLY PROVIDED HEREIN, NEITHER PARTY MAKES ANY WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND EACH PARTY SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. THE SERVICES ARE PROVIDED "AS IS," EXCLUSIVE OF ANY WARRANTY WHATSOEVER.

7.3. Scope of Responsibility for Self-Managed Service. The Services are a software-as-a-service platform that Customer manages and operates via its own security team. Customer is solely responsible for its use of the Services, for configuring the Services to meet its security requirements, and for the security outcomes of its actions or inactions. CyberConvoy's sole responsibility is to ensure the uptime and functionality of the C.O.R.E. Platform as described in the Documentation. Unless a separate managed services agreement is executed, CyberConvoy shall have no liability for Customer's failure to detect, respond to, or eradicate any security threats.

8.1. Indemnification by CyberConvoy. CyberConvoy will defend Customer against any claim, demand, suit, or proceeding made or brought against Customer by a third party alleging that the use of the Services as permitted hereunder infringes or misappropriates the intellectual property rights of a third party ("Infringement Claim"), and will indemnify Customer for any damages, attorney fees and costs finally awarded against Customer as a result of, or for amounts paid by Customer under a court-approved settlement of, an Infringement Claim.

8.2. Indemnification by Customer. Customer will defend CyberConvoy against any claim, demand, suit or proceeding made or brought against CyberConvoy by a third party alleging that Customer Data, or Customer's use of any Service in breach of this Agreement, infringes or misappropriates the intellectual property rights of a third party or violates applicable law ("Customer Claim"), and will indemnify CyberConvoy for any damages, attorney fees and costs finally awarded against CyberConvoy as a result of, or for amounts paid by CyberConvoy under a court-approved settlement of, a Customer Claim.

9.1. Limitation of Liability. IN NO EVENT SHALL THE AGGREGATE LIABILITY OF EITHER PARTY ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE TOTAL AMOUNT PAID BY CUSTOMER HEREUNDER FOR THE SERVICES GIVING RISE TO THE LIABILITY IN THE TWELVE MONTHS PRECEDING THE FIRST INCIDENT OUT OF WHICH THE LIABILITY AROSE.

9.2. Exclusion of Consequential and Related Damages. IN NO EVENT WILL EITHER PARTY HAVE ANY LIABILITY TO THE OTHER PARTY FOR ANY LOST PROFITS, REVENUES OR GOODWILL, OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER, BUSINESS INTERRUPTION OR PUNITIVE DAMAGES, WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY, EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

10.1. Term of Agreement. This Agreement commences on the Effective Date and continues until all subscription terms hereunder have expired or have been terminated.

10.2. Termination for Cause. A party may terminate this Agreement for cause upon 30 days written notice to the other party of a material breach if such breach remains uncured at the expiration of such period.

10.3. Data Portability and Deletion. Upon request by Customer made within 30 days after the effective date of termination or expiration of this Agreement, CyberConvoy will make Customer Data available to Customer for export or download. After such 30-day period, CyberConvoy will have no obligation to maintain or provide any Customer Data, and may thereafter delete or destroy all copies of Customer Data in its systems or otherwise in its possession or control, unless legally prohibited.

11.1. Governing Law and Jurisdiction. This Agreement shall be governed by and construed in accordance with the laws of the State of New York, without regard to its conflict of laws principles. The state and federal courts located in New York County, New York shall have exclusive jurisdiction to adjudicate any dispute arising out of or relating to this Agreement.

11.2. Notices. All notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by email; the day after it is sent, if sent for next day delivery by recognized overnight delivery service; and upon receipt, if sent by certified or registered mail, return receipt requested.

11.3. Assignment. Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the other party's prior written consent (not to be unreasonably withheld); provided, however, either party may assign this Agreement in its entirety (including all Order Forms), without the other party's consent to its Affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets.

11.4. Force Majeure. Neither party will be liable for any failure or delay in performance under this Agreement (other than for delay in the payment of money due and payable hereunder) for causes beyond that party's reasonable control and occurring without that party's fault or negligence, including, but not limited to, acts of God, acts of government, flood, fire, civil unrest, acts of terror, strikes or other labor problems.

11.5. Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision will be deemed null and void, and the remaining provisions of this Agreement will remain in effect.

11.6. Entire Agreement. This Agreement, including all exhibits and addenda hereto and all Order Forms, constitutes the entire agreement between the parties and supersedes all prior agreements and understandings between the parties relating to the subject matter hereof.