Celerium Inc. is the owner and provider of certain cyber defense solutions (“Solutions”) and provides certain services incidental to the provision of such Solutions (“Services”). Access to and use of the Celerium Solutions and Services is subject to the following terms and conditions.
PLEASE READ CAREFULLY AS ACCEPTANCE OF THESE TERMS AND CONDITIONS CREATES A BINDING AGREEMENT. THESE TERMS AND CONDITIONS OF USE (“TERMS”) CONSTITUTE AN AGREEMENT (“AGREEMENT”) MADE BY AND BETWEEN CELERIUM INC. (“CELERIUM”) AND THE COMPANY, ORGANIZATION, OR LEGAL ENTITY (“CUSTOMER”) SUBSCRIBING TO OR OTHERWISE ACCESSING AND USING THE CELERIUM SOLUTIONS AND/OR SERVICES. THE INDIVIDUAL ACCEPTING THESE TERMS ON BEHALF OF CUSTOMER REPRESENTS AND WARRANTS THAT HE/SHE/THEY HAS FULL AUTHORITY TO BIND SUCH CUSTOMER TO THIS AGREEMENT. UNLESS THE CUSTOMER AND CELERIUM HAVE ENTERED INTO A SEPARATE WRITTEN AGREEMENT SIGNED BY BOTH PARTIES FOR THE ACCESS AND USE OF THE CELERIUM SOLUTIONS, THESE TERMS GOVERN CUSTOMER’S RIGHTS TO USE THE SOLUTIONS. BY ACCEPTING THESE TERMS (WHETHER BY CLICKING TO ACCEPT, CHECKING A BOX, SUBSCRIBING VIA AN ONLINE SERVICE (E.G., AWS MARKETPLACE), OR PLACING AN ORDER WITH CELERIUM), CUSTOMER AGREES TO BE BOUND BY THIS AGREEMENT. IF THE INDIVIDUAL ACCEPTING THESE TERMS DOES NOT HAVE AUTHORITY TO BIND THE CUSTOMER, OR THE CUSTOMER DOES NOT AGREE TO OR CANNOT COMPLY WITH ALL OF THESE TERMS, THEN DO NOT ACCEPT THESE TERMS. IN SUCH EVENT, CUSTOMER WILL NOT BE AUTHORIZED TO ACCESS OR USE THE CELERIUM SOLUTIONS.
These Terms cover all Celerium Cyber Defense Network (CDN) Solutions. Where certain terms or conditions are specified as applying to a specific Solution, then such terms or conditions shall apply only to the extent Customer has subscribed to, accessed, or used such Solution.
Effective Date. These Terms are binding on Customer as of the earliest to occur of the following (“Effective Date”): (i) the date on which Customer accepts these Terms, (ii) the date set forth on an Order, or (iii) the date on which Customer first accesses or uses the Solutions or Services.
Updates to Terms. Celerium may change, add, or remove portions of these Terms at any time by notifying Customer of the change in writing, which may be by email, or by updating the “Last Updated” date above. Such changes will become effective immediately upon posting, and Customer’s continued use of the Solutions following the posting of updated Terms will indicate acceptance of such terms and conditions.
1.1 “Affiliate” means any entity controlled, controlled by, or under common control with a party, where “control” means (i) ownership of 50 percent or more of the equity interest in an entity, (ii) the right to direct the vote of 50 percent or more of the voting interests of an entity, or (iii) the right generally to direct the activity and business of the entity.
1.2 “Agreement” means these Celerium Terms together with a corresponding Order.
1.3 “API” means an application program or programming interface.
1.4 “Authorized User(s)” means any employee or Contractor authorized by Customer to use the Solution solely on behalf of and for the benefit of Customer.
1.5 “Celerium Competitor” means a person or entity in the business of developing or providing cyber defense solutions substantially similar to or in competition with Celerium’s Solutions.
1.6 “Celerium Data” means any summary insights or other reports generated or created by Celerium, which may be derived from data generated by the Solution and/or use of certain aggregated or anonymized Customer Data.
1.7 “Confidential Information” will have the meaning set forth in Section 11 (Confidentiality).
1.8 “Contractor” means any individual or entity that: (i) has an agreement to provide services to Customer or an Affiliate; (ii) is accessing and using the Solutions provided under this Agreement solely on behalf of Customer or an Affiliate and solely for Customer’s or an Affiliate’s internal use; (iii) is under an agreement of confidentiality that covers Celerium’s Confidential Information, substantially in conformance with Section 11 (Confidentiality); and (iv) is not a Celerium Competitor.
1.9 “Customer” means the entity accepting these Terms and using the Celerium Solutions or Services pursuant to this Agreement. “Customer” also means any Customer Affiliate that accesses or uses any Solution or Service hereunder, or benefits from the Customer’s use of the Solutions or Services.
1.10 “Customer Data” means metadata (e.g., IP addresses, and data relating to syslog, NetFlow, or Layer 3 data) collected by the Solution from Customer Firewall(s) and sent to Celerium Systems, and other data Customer may provide to Celerium for providing the Solutions or Services (e.g., server identification), if any. Customer Data is considered Customer’s Confidential Information as defined in Section 11 (Confidentiality) and subject to the exclusions, exceptions and obligations set forth therein and at Schedule A, Data Security and Privacy Schedule, to this Agreement.
1.11 “Data Sharing” means, collectively, the basic data sharing that is required in order to use the Solutions and any selected data sharing that Customer may choose, all in accordance with Section 5.3 (Data Usage and Sharing; Data Retention).
1.12 “Documentation” means the Celerium end-user documentation and other materials in any form or medium customarily provided by Celerium to Customer end-users of the Solutions.
1.13 “Firewall(s)” means the Customer firewall(s) from which the Solution is collecting Customer Data.
1.14 “Order” means any subscription order via an online ordering platform (e.g., AWS Marketplace), purchase order, or other ordering document accepted by Celerium or a reseller for the Celerium Solutions.
1.15 “Personal Data” will have the meaning set forth in Schedule A (Data Security and Privacy Schedule), to this Agreement.
1.16 “Services” means, collectively, technical support to assist Customer with the provisioning of the Solution, training, and other limited technical support services which may be ordinarily provided by Celerium with, and incidental to, the Solutions. “Services” do not include professional services or any other services requiring a proposal or statement of work.
1.17 “Solution(s)” means any Celerium cloud-based Solution(s) provided by Celerium to Customer, along with any available accompanying scripts (if any are provided), any API’s (if any are provided), the Celerium Data, any Documentation, and any Updates thereto that Celerium may make available to Customer.
1.18 “Subscription Term” means the time period during which Customer is authorized to access and use the Solutions and Services, as more specifically set forth at Section 8 (Term) below.
1.19 “Updates” means any update, bug fix, correction, patch, or other modification or addition made by Celerium to the Solution from time to time when commercially available.
4. PILOT, EVALUATION, OR TRIAL USE; ACCESS AND USE RIGHTS; ADDITIONAL CUSTOMER OBLIGATIONS
4.1 Pilot, Evaluation, or Trial Use. If Celerium approves the use of one of its Solutions on a pilot, evaluation, or trial basis, these Terms apply to such use, except as follows: (i) the duration of the pilot, evaluation, or trial shall be as mutually agreed upon by Celerium and Customer; (ii) access to and use of the Solution shall be for Customer’s internal use for such pilot, evaluation, or trial purposes only and strictly limited to Customer’s employees; and (iii) the Solution is provided for such use on an “AS IS” basis without warranty of any kind as further set forth at Section 13.1 below. Either Customer or Celerium may terminate the pilot, evaluation, or trial at any time with written notice to the other party which may be via email. Customer shall not disclose or divulge to any third-party or publish without Celerium’s prior written consent: (i) that Customer is evaluating the Solutions and/or Services; (ii) any results or opinions from the pilot, evaluation, or trial; or (iii) the existence or content of any communications and reports prepared for Customer during the duration of the pilot, evaluation, or trial.
4.2 Access and Use Rights. Subject to the Terms of this Agreement, Celerium hereby grants to Customer a limited, non-exclusive, non-transferable, non-sublicensable, non-assignable, and revocable license to access and use the Solutions in accordance with applicable Documentation and in accordance with these Terms during the applicable Subscription Term and as authorized by this Agreement. Customer may access and use the Solutions or Services for Customer’s and its Affiliates’ own cyber defense and information security purposes. For Solutions offering a data sharing feature or option, Customer may also choose to share data in accordance with Section 5.3.2, below. Authorized use shall not include any access, use, or data sharing: (i) that benefits any person or entity other than Customer, its Affiliates, or those persons or entities benefitting as a result of Data Sharing, when applicable and as contemplated by this Agreement; (ii) for the development of any product or service; or (iii) for any use inconsistent with the terms and conditions of this Agreement. Access and use of the Solutions are limited to Authorized Users.
4.3 Solution Updates/Upgrades. During the Subscription Term, Celerium may provide Updates to the Solutions when available, as well as version upgrades which may include major enhancements. Updates and version upgrades will be automatically included in the Solution and require no action on the part of Customer. During the Subscription Term, Customer may be provided the opportunity to access and use certain pre-production features, components, or versions of the Solutions, in which case the Solutions provided by Celerium may consist of both production and/or pre-production versions or components being considered by Celerium (and which may later become separate solutions) for Customer’s evaluation and Feedback.
4.4 Restrictions on Use. Customer shall not directly or indirectly, without Celerium’s express prior written consent, which consent may be given or withheld in Celerium’s sole discretion: (i) allow any third party to access or use the Solutions, except for Customer Contractors or Affiliates as expressly provided for under this Agreement; (ii) allow any Celerium Competitor to use or view the Solutions or Documentation, including the provision of services to Customer that would require a Celerium Competitor access to, use of, or viewing of the Solutions or Documentation; (iii) use the Solutions in violation of applicable law; (iv) sublicense, transfer, or otherwise assign your rights to access to and/or use of the Solutions; (v) use the Solutions to provide services to third parties; (vi) remove or alter any proprietary rights notice(s) as they appear on or in a Solution; (vii) probe, scan, or conduct any testing, analysis or security measures on the Solutions or Celerium systems or networks and/or attempt to identify vulnerabilities or breach, impair, or circument any security or authentication measures protecting the Solutions or Services; (viii) publish any opinion or performance data concerning a Solution; (ix) attempt to gain unauthorized access to a Celerium Solution, system, or network; (x) alter, adapt, publicly display, translate, create derivative works of, or otherwise modify any Solution or Documentation; or (xi) modify, reverse engineer, decompile, disassemble or otherwise attempt to discover the underlying computer source code (if any) for the Solutions. Some jurisdictions may offer a limited right to reverse engineer a product. To the extent such law may be applicable, neither Customer nor any of Customer’s agents or Affiliates may (i) do so in excess of what such law permits, (ii) use or export such reverse engineering results (a) outside of the jurisdiction to which such law applies, (b) for the benefit of any third party, or (c) for any commercial purpose.
4.5 Use by Contractors. If Customer engages the services of a Contractor that requires Contractor’s access and use of the Solutions or Services, Customer hereby authorizes Celerium to provide such Contractor with access and use of the Solutions on behalf of Customer. Contractors shall only use the Solutions as necessary to provide its services to Customer and strictly for Customer’s internal use and for no other purpose. Customer shall ensure Contractor’s access and use is limited to the period that Contractor is performing services for Customer and shall notify Celerium when the Contractor is no longer engaged by Customer or Contractor access and use of the Solutions is no longer required. Contractors are subject to the Terms of this Agreement while using the Solutions on behalf of Customer. Customer shall be responsible for Contractor’s acts and omissions, and Celerium shall have no responsibility or liability for Contractor’s actions while accessing and using the Solutions on behalf of Customer.
5. USER ACCOUNTS; PROVISIONING; DATA USAGE; DATA SHARING; THIRD-PARTY LINKS
5.1 User Accounts. Use of the Celerium Solutions requires the creation of a user account. Minimal Personal Data must be provided in order to create a user account (e.g., name, work email address, etc.). Only a single Authorized User assigned to a user account may access or use the Solutions. Customer is responsible for all acts and omissions occurring under Customer’s user accounts for the Solutions. Customer shall promptly notify Celerium if it learns of any unauthorized access or use of a Customer user account or password for a Solution.
5.2 Provisioning and Limited Technical Support. Celerium will provide limited technical support to assist Customer in the provisioning of the Solution, training, and other limited technical support services. Provisioning of the Solution does not require installation of any hardware, software, or code on Customer’s servers or workstations. Nor will Celerium have direct access to any content or Personal Data on Customer’s server or workstation. Celerium will have access only to the metadata (e.g., IP addresses, and data relating to syslog, NetFlow, or Layer 3 data) collected by the Solution from Customer’s Firewalls. Technical support will be provided in accordance with Schedule B, Celerium Support Schedule.
5.3 Data Usage and Sharing; Data Retention.
5.3.1 Required Basic Use and Data Sharing. Customer Data will be used and shared as follows: (i) as necessary to provide the Solutions and Services, including with Celerium’s cloud-based service provider where the Solutions are hosted (e.g., AWS Cloud); (ii) for sharing with the individual Customer; (iii) for providing a summary (anonymized) of information to a trial or pilot community of which Customer is a participating member, (iv) for any selected data sharing chosen by Customer in accordance with Section 5.3.2 below; and (v) for Celerium’s own internal use to: (a) provide internal insights, (b) calculate summary metrics, (c) to generate reports using aggregated and anonymized data; (d) analyze trends and performance; and (e) improve, enhance, or develop Celerium solutions and services.
5.3.2 Selected Data Sharing at Customer Discretion. If Customer has subscribed to a Solution offering a data sharing feature, or is participating in a pilot, trial, or evaluation of a Solution offering a data sharing feature, Customer may have an opportunity, at its discretion, to make defined Customer Data and related information available to selected other entities. Solely by way of example, such other entities may include, but are not necessarily limited to, an ISAC to which Customer is a member, a State Association of Counties, statewide cybersecurity planning groups, DHS, or CISA.
5.3.3 Data Retention. Personal Data and Customer Data will be retained by Celerium in order to provide the Solution and Services for the Subscription Term. No Personal Data or Customer Data will be retained following the expiration or termination of the Subscription Term.
5.4 Third-Party Links. The Solutions may contain links to other websites or resources over which Celerium does not have control ("External Sites"). Celerium is providing these links to you only as a convenience. Such links do not constitute an endorsement by Celerium of those External Sites. Your use of any External Site is subject to the terms of service and privacy policies located on the linked External Site.
6.1 Pilot, Evaluation, or Trial Use. In consideration for the access and use of the Solutions for a pilot, evaluation or trial, You agree to provide feedback to Celerium regarding the Solutions, Documentation, and Services without attribution or compensation (“Feedback”). Any and all Feedback provided by You is non-confidential and will become the property of Celerium. You hereby assign to Celerium all right, title and interest worldwide in such Feedback and any and all related intellectual property rights therein, and agree to assist Celerium, at Celerium’s expense, in perfecting and enforcing any such rights.
6.2 Production Use. Customer may from time to time provide feedback to Celerium regarding the Solutions, Documentation, and Services (“Feedback”). Any and all Feedback provided by Customer to Celerium is non-confidential and will become the property of Celerium without attribution or compensation. Customer hereby assigns to Celerium all right, title and interest worldwide in such Feedback and any and all related intellectual property rights therein, and agrees to assist Celerium, at Celerium’s expense, in perfecting and enforcing any such rights.
Celerium will provide remote technical support to assist Customer in the provisioning of the Solutions, training and other limited technical support customarily provided as part of its Solutions to Customer. All support will be provided remotely by telephone or email, during normal business hours, Monday-Friday, from 8:00 am EST to 5:00 pm EST.
8.1 Pilot, Evaluation, or Trial Term. The term of any pilot, evaluation, or trial will be as mutually agreed upon by Customer and Celerium and reduced to writing.
8.2 Subscription Term for Production Use. Unless otherwise mutually agreed in writing by the parties, the Subscription Term shall be for one year following the Order date, unless otherwise terminated in accordance with the following. By purchasing a Solution Subscription, you agree to pay the annual fee in advance for the Subscription in accordance with this Agreement.
8.3 Suspension and Termination. Celerium may immediately suspend and/or terminate Customer’s access to, or use of, the Solution if: (i) Celerium determines, in its sole discretion, that immediate suspension or termination is: (a) required by applicable Law; (b) necessary to prevent harm to Celerium, Customer, or any Authorized Users; or (c) reasonably necessary to enforce the Terms of this Agreement; or (ii) Celerium believes that there is a significant threat to the security, integrity, functionality, or availability of the Solutions or any content, data, or applications in the Solutions. Either party may terminate this Agreement upon 30 day’s written notice of a material breach by the other party, unless such breach is cured within the 30-day notice period. Unless Celerium has agreed in writing otherwise, if Customer terminates prior to the end of a Subscription Term, Celerium will not refund any prepaid fees. Celerium may choose to discontinue free offerings of the Solution at any time, at its sole discretion. Upon termination of this Agreement for any reason: (i) all Customer’s access and use rights granted hereunder will terminate; (ii) Customer’s access to and use of the Solution will be promptly disabled; and (iii) Customer Data will be deleted in accordance with this Agreement.
8.4 Survival. Sections 1, 4.4, 5.3.1(v), 6, 9, 11, 15, 17, and 18 of these Terms shall survive termination or expiration of the Agreement.
The Solutions and corresponding Documentation are made available for use or licensed, not sold. Celerium owns and retains all right, title and interest (including any and all intellectual property rights) in and to the Solutions, Documentation, and Services, and any Celerium trademarks, service marks and logos contained therein.
Each Party (the “Disclosing Party”) may disclose to the other Party (the “Receiving Party”) certain information which the Disclosing Party considers to be its confidential or trade secret information (“Confidential Information”). Such Confidential Information may include, but is not necessarily limited to, any technical data or know-how (including but not limited to, information on research, products, solutions, software, source code, services, development, inventions, applications, systems, components, technologies, processes, engineering, marketing, techniques, customers, pricing, internal procedures, business and marketing plans or strategies, finances, and employees) disclosed by the Disclosing Party to Receiving Party either directly or indirectly in any form that the Disclosing Party designates as confidential to Receiving Party or should be reasonably known by the Receiving Party to be Confidential Information due to the character and nature of the information and/or given the circumstances surrounding the disclosure. Confidential Information shall not include information that the Receiving Party can prove: (i) was generally available to the public at the time Receiving Party received the information from the Disclosing Party (other than by disclosure by Recipient in violation of this Agreement); (ii) was known to the Receiving Party, without restriction, at the time of disclosure by the Disclosing Party; (iii) is disclosed with the prior written approval of the Disclosing Party; (iv) was independently developed by the Receiving Party without any use of Disclosing Party’s Confidential Information; (v) becomes known to the Receiving Party without restriction, from a source other than the Disclosing Party and without a duty of confidentiality; or (vi) is disclosed in response to an order or requirement of a court, administrative agency, or other governmental body, a subpoena, or by the rules of a securities market or exchange on which the Disclosing Party’s securities are traded; provided, however, that (a) the Receiving Party must provide prompt advance notice of the proposed disclosure to the Disclosing Party, and (b) any Confidential Information so disclosed shall otherwise remain subject to the provisions of this Section 11 (Confidentiality). The burden of proof in establishing that any Confidential Information is subject to any of the foregoing exceptions shall be borne by the Receiving Party.
Each Party shall use the Confidential Information of the other Party solely in the performance of its obligations under this Agreement, treat as confidential all Confidential Information of the other Party, and not disclose such Confidential Information, except to authorized employees of the Receiving Party or its Affiliates, its legal counsel and accountants, who are contractually under a duty of confidentiality no less restrictive that the duty imposed by this Section 11 (Confidentiality), and that the Receiving Party shall remain jointly and severally liable for any breach of confidentiality by such parties. Without limiting the foregoing, each Party shall treat the other Party’s Confidential Information with at least the same degree of care it uses to prevent the disclosure of its own Confidential Information, but in no event less than reasonable care. Each Party shall promptly notify the other Party of any actual or suspected misuse or unauthorized disclosure of the other Party’s Confidential Information. Upon expiration or termination of this Agreement, each Party shall return or destroy all copies of any Confidential Information received from the other Party, and upon request of the Disclosing Party, provide a writing certifying to such destruction.
Each Party acknowledges that money damages would not be a sufficient remedy for any breach of this Section 11 (Confidentiality), and will result in irreparable injury to the Disclosing Party. The Disclosing Party shall be entitled to seek equitable relief from the Receiving Party as a remedy for any breach. Such remedies shall not be deemed to be the exclusive remedies for any breach but shall be in addition to all other remedies available at law or in equity.
Each Party agrees to comply with all U.S. federal, state, local and non-U.S. laws directly applicable to such Party in the performance of this Agreement, including but not limited to, applicable export and import, anti-corruption and employment laws. Customer acknowledges and agrees that the Solutions shall not be used, transferred, exported, re-exported, or supplied except as authorized by United States law and the laws of the jurisdictions in which the Solution was obtained or is being used. In particular, but without limitation, the Solution may not be exported or re-exported (a) into (or to a national or resident of) any country subject to U.S. economic sanctions or (b) to anyone on the U.S. Treasury Department’s list of Specially Designated Nationals or any entity or organization owned 50 percent or more by one or more such designated national(s), or on the U.S. Department of Commerce Denied Persons List or Entity List. By using the Solution, Customer represents and warrants that neither Customer, any Affiliate, nor any Authorized Users are located in, under control of, or a national or resident of any such country or on any such list.
13.1 No Warranty for Pilot, Trial, Evaluation or Pre-Production Versions. Customer acknowledges and agrees that a Solution provided for purposes of a pilot, trial, evaluation, or any pre-production feature or version of any Solution is provided “AS IS” with all faults and without warranty of any kind. Celerium shall not be under any obligation to continue to develop, support, offer, update or upgrade, or otherwise provide any pre-production feature or version, and Customer agrees that any purchase of a Solution Subscription is not made based on Celerium providing any such pre-production feature or version.
13.2 Solution Warranty.
(a) If Customer procures a paid Subscription to a Celerium Solution, Celerium warrants to Customer during the applicable Subscription Term that: (i) Celerium is a corporation in good standing and has the legal right to enter into and perform its obligations under this Agreement; (ii) the Solution provided under this Agreement will function in all material respects as described in Celerium’s published Documentation; and (iii) at the time of Customer access, to the best of Celerium’s knowledge, the Solution provided under this Agreement does not violate or in any way infringe upon the intellectual property rights of any third party. For purposes of this Agreement, “knowledge” of a business entity shall mean the actual knowledge of its executive officers and key managers. Customer must promptly report any defects in the Solution to Celerium in writing in order to receive the warranty remedy set forth below.
(b) Customer’s sole and exclusive remedy, and Celerium’s sole obligation, under this Solution warranty shall be, at Celerium’s discretion, to provide a work around or correction for, or replace, any defective or nonconforming Solution so as to enable the Solution to materially conform to the Documentation or otherwise as warranted above. If Celerium does not provide a work around or correction for, or replace, the Solution so that it materially conforms to the Documentation within the resolution time provided by Celerium to Customer, then Celerium will, upon Customer’s written request for cancellation of the order, terminate Customer’s access to and use of the Solution and refund the Subscription fee that was paid by Customer to Celerium for the order, pro-rated for the balance remaining in the then-current Subscription Term.
(c) Celerium shall have no obligation under this warranty if: (i) the Solution has been used other than in accordance with this Agreement or the Documentation; (ii) if Customer had changed applicable firewall hardware or software; (iii) if Customer is using incompatible firewall hardware or software and requests that Celerium perform a work around in order to use the Solutions with the incompatible hardware or software.
(d) Any third-party websites, hypertext links, or other third-party information included in a Solution is provided as a convenience only and is not warranted or guaranteed by Celerium.
(e) THE REMEDIES SET FORTH IN THIS SECTION 13.2 ARE THE SOLE AND EXCLUSIVE REMEDIES FOR BREACH OF THE WARRANTIES GIVEN BY CELERIUM HEREUNDER. CELERIUM AND ITS SUPPLIERS MAKE NO WARRANTIES OR CONDITIONS TO ANY PERSON OR ENTITY WITH RESPECT TO THE SOLUTIONs (OTHER THAN THOSE SET FORTH IN THIS SECTION 13.2) OR ANY DERIVATIVES THEREOF AND DISCLAIM ALL IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION ANY WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, INFORMATIONAL CONTENT, SYSTEM INTEGRATION, OR ENJOYMENT.
13.3 No Guarantee. CUSTOMER ACKNOWLEDGES AND AGREES THAT CELERIUM DOES NOT GUARANTEE OR WARRANT THAT THE SOLUTION WILL DETECT AND/OR BLOCK ALL OF CUSTOMER’S OR ITS AFFILIATE’S CYBERSECURITY THREATS OR VULNERABILITIES CORRESPONDING TO THE FIREWALLS FOR WHICH IT IS PROVISIONED, AND CELERIUM SHALL NOT BE HELD RESPONSIBLE FOR SAME.
13.4 Disclaimer. EXCEPT FOR THE EXPRESS WARRANTIES IN SECTION 13.2, above, CELERIUM PROVIDES THE SOLUTIONS AND SERVICES ON AN “AS IS” BASIS WITH ALL FAULTS AND WITHOUT WARRANTIES OF ANY KIND. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, CELERIUM SPECIFICALLY DISCLAIMS ALL OTHER WARRANTIES AND CONDITIONS WITH RESPECT TO THE SOLUTIONS AND SERVICES, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES AND/OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, INFORMATIONAL CONTENT, AND NON-INFRINGEMENT. CELERIUM DOES NOT WARRANT THAT THE SOLUTIONS WILL BE UNINTERUPTED OR ERROR FREE, OR WILL FULFILL ANY OF CUSTOMER’S PARTICULAR EXPECTATIONS, PURPOSES OR NEEDS. CELERIUM DOES NOT MAKE ANY WARRANTY AS TO THE RESULTS OBTAINED FROM THE USE OF THE SOLUTIONS OR TO THE ACCURACY OF ANY DATA GENERATED THEREFROM. UNDER NO CIRCUMSTANCES WILL CELERIUM BE RESPONSIBLE FOR ANY CYBERSECURITY ATTACK OR DATA SECURITY INCIDENT EXPERIENCED BY CUSTOMER. CELERIUM DOES NOT WARRANT AGAINST INTERFERENCE WITH CUSTOMER’S ENJOYMENT OF THE SOLUTIONS, THAT THE FUNCTIONS CONTAINED IN THE SOLUTIONS WILL MEET CUSTOMER’S REQUIREMENTS, THAT THE OPERATION OF THE SOLUTIONS WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT ANY DEFECTS IN THE SOLUTIONS WILL BE CORRECTED. THE SOLUTIONS ARE NOT FAULT-TOLERANT AND ARE NOT DESIGNED OR INTENDED FOR USE WITH RESPECT TO ANY ENVIRONMENT REQUIRING FAIL-SAFE PERFORMANCE OR OPERATION OR WHERE FAILURE COULD RESULT IN DEATH, SEVERE PHYSICAL INJURY, OR PROPERTY DAMAGE. CELERIUM DOES NOT WARRRANT ANY THIRD-PARTY PRODUCTS OR SERVICES. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY CELERIUM OR A CELERIUM AUTHORIZED REPRESENTATIVE SHALL CREATE A WARRANTY.
14.1 Celerium’s Obligation. Celerium shall, at its cost and expense, indemnify, defend and/or settle, and hold harmless Customer from and against any claim brought against Customer by an unaffiliated third party relating to a claim that the Solution infringes or violates that third party’s intellectual property rights, provided that Customer: (i) gives Celerium prompt written notice of such claim; (ii) provide Celerium with reasonable cooperation at Celerium’s expense in connection with the defense or settlement of such claim; and (iii) permit Celerium to solely control and direct the defense or settlement of such claim (however, Celerium shall not enter into any settlement imposing liability or obligation on Customer without Customer’s prior written consent). Customer may, at its option and expense, participate in the defense of any claim.
14.2 Remedies. Should the Solution become, or in Celerium’s opinion is reasonably likely to become, the subject of a claim of misappropriation or infringement, Celerium at its sole option and expense, shall either: (i) procure for Customer the right to continue using the applicable Solution or (ii) replace the applicable Solution with a functionally-equivalent solution, or modify such applicable Solution to make it non-infringing, or (c) if neither option (i) nor (ii) is commercially feasible or reasonably available, terminate Customer’s license and use of the Solution and refund to Customer any prepaid Fees corresponding to use of the Solution, pro-rated for the balance of the then-current Subscription Term. Celerium shall have no liability with respect to infringement of any proprietary right, except as set forth in this Section 14 (Indemnification).
14.3 Exclusions. Celerium shall have no obligations under this Section 14 (Indemnification) if the claim is based upon or rises out of: (i) any modification of the Solution not made by Celerium; (ii) any combination or use of the applicable Solution with or in any third-party software, hardware, process, firmware, or data, to the extent that such claim is based on such combination or use; (iii) Customer’s continued use of the allegedly infringing Solution after being notified of the alleged infringement or after being provided a modified version of the Solution by Celerium at no additional cost that is intended to address such alleged infringement; (iv) Customer’s use of the Solution outside the scope of the rights granted under this Agreement.
14.4 Exclusive Remedy. THE REMEDIES SET FORTH IN THIS SECTION 14 (INDEMNIFICATION) CONSTITUTE CUSTOMER’S SOLE AND EXCLUSIVE REMEDIES, AND CELERIUM’S ENTIRE LIABILITY, WITH RESPECT TO ANY INFRINGEMENT OF THIRD-PARTY INTELLECTUAL PROPERTY RIGHTS.
15. LIMITATION OF LIABILITY
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EXCEPT WITH RESPECT TO LIABILITY OF ANY AMOUNTS PAID OR PAYABLE TO THIRD PARTIES UNDER SECTION 14 (INDEMNIFICATION), IN NO EVENT SHALL CELERIUM, ITS AFFILIATES, OR LICENSORS, OR ANY OF THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, OR AGENTS BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, OR ANY OTHER PECUNIARY LOSS) ARISING OUT OF THE USE OF OR INABILITY TO USE THE SOLUTIONS OR FAILURE TO PROVIDE THE SERVICES, EVEN IF CELERIUM HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. UNDER NO CIRCUMSTANCES SHALL CELERIUM BE RESPONSIBLE FOR ANY CYBERSECURITY ATTACK OR DATA SECURITY INCIDENT EXPERIENCED BY CUSTOMER. IN ANY CASE, CELERIUM’S MAXIMUM AGGREGATE LIABILITY FOR ANY AND ALL CLAIMS ARISING IN CONNECTION WITH THIS AGREEMENT SHALL BE LIMITED TO THE AMOUNT OF FEES ACTUALLY PAID BY CUSTOMER TO CELERIUM OVER THE PRIOR TWELVE (12) MONTHS FOR THE SOLUTIONS OR SERVICES WHICH ARE THE SUBJECT OF THE CLAIM. CUSTOMER AGREES THAT WITHOUT THE LIMITATIONS SET FORTH IN THIS SECTION 15 (LIMITATION OF LIABLITY) THE FEE CHARGED FOR THE SOLUTINS AND SERVICES WOULD BE HIGHER.
In the event of any dispute or claim arising under this Agreement between Celerium and Customer, Celerium or Customer as applicable will notify the other of the dispute or claim with as much detail as possible. The Parties will use good faith efforts to resolve the dispute or claim within thirty (30) days after receipt of such notice. If the Parties are not able to resolve the dispute or claim or agree upon the appropriate corrective action to be taken within such thirty (30) day period, then such dispute or claim shall be exclusively resolved by binding arbitration to take place exclusively in Los Angeles County, California, in accordance with the commercial rules of the American Arbitration Association. Any award rendered by the arbitrator shall be final and binding on the parties and may be entered as a judgment by any court of competent jurisdiction. Costs of arbitration (including reasonable attorneys’ fees) shall be made a part of the arbitrator’s award. Notwithstanding the foregoing, in the event irreparable injury can be shown, either party may obtain injunctive relief exclusively in the appropriate federal or state court in Los Angeles County, California, whether or not Celerium or Customer has pursued informal resolution or arbitration in accordance with this Section 16 (Dispute Resolution). Any litigation arising out of or relating to this Agreement shall take place exclusively in the appropriate state or federal court in Los Angeles County, California and each party irrevocably consents to the jurisdiction of such courts.
This notice applies to all acquisitions by or for the U.S. Government or any U.S. Government prime contractor or subcontractor at any tier (collectively “Government Users”) under any U.S. Government contract, grant, or other agreement. The Celerium Solutions and corresponding Documentation are deemed to be “commercial items,” as that term is defined in Federal Acquisition Regulations (“FAR”) (48 C.F.R) 2.101, consisting of “commercial computer software” and “commercial computer software documentation,” respectively, pursuant to DFAR Section 227.7202-1 through 227.7202-4 and FAR Sections 12.211 and 12.212, as applicable. The Solutions and Documentation are licensed to the Government Users pursuant to the terms and conditions of the license customarily provided to the public as set forth in this Agreement, unless such terms are inconsistent with United States procurement law. Any use, modification, reproduction, release, performance, display or disclosure of the Solutions or Documentation by any Government Users shall be governed solely by the terms of this Agreement and shall be prohibited except to the extent expressly permitted by the terms hereof.
18.1 Assignment. This Agreement shall be binding upon and inure to the benefit of the parties to this Agreement and their respective successors and permitted assigns, provided that neither this Agreement nor any license or right hereunder may be assigned by Customer (whether by operation of law or otherwise) without Celerium’s prior written consent. Celerium may assign all or any part of its rights and obligations under this Agreement without consent to (a) any entity resulting from any merger, consolidation or other reorganization of Celerium, (b) any Affiliate of Celerium, (c) any entity acquiring the Solution product line as a result of divestiture or sale of the product line by Celerium, or (d) any purchaser of all or substantially all of the assets of Celerium.
18.2 Non-Solicitation of Employees. Each Party agrees that during the term of this Agreement and for a period of two years after its expiration or termination, neither Party will solicit or encourage any employee or consultant to discontinue their employment or engagement with the other Party. This Section 18.2 shall not apply to employment opportunities of either Party advertised to the general public (e.g., newspaper advertisement, internet advertisement or listing, etc.) to which an employee of either Party may respond.
18.3 Order of Precedence; Modifications. Any amendment, supplementation or other modification of any provision of this Agreement shall be effective only if in writing and signed by both Parties. It is the intent of the Parties that this provision shall expressly apply to exclude any pre-printed terms or conditions set forth in any Order issued by Customer, and requires instead a writing between the Parties that is separate and apart from any such Order to amend, alter or add to this Agreement.
18.4 Force Majeure. Neither party shall be held liable for any damages or penalty for delay in the performance of its obligations hereunder (other than Customer’s obligation to make payments under this Agreement) when such delay is due to the elements, acts of God or a public enemy, act of any military, civil or regulatory authority, disruption or outage of communications, power or other utility, pandemic, or other causes beyond its reasonable control. The party experiencing a force majeure event will use commercially reasonably efforts to provide notice to the other party.
18.5 Email Notices. Customer agrees that Celerium may provide Customer and/or its Authorized Users with information about the Solutions, Services, content and messages, new or changed services or features, training opportunities or webinars, Solution renewals, and other Celerium information via email. Authorized Users may use the opt-out feature if they no longer desire to receive such emails.
18.6 Severability. If any provision of this Agreement is determined by an arbitrator or court of competent jurisdiction to be invalid or unenforceable, such determination shall not affect the validity or enforceability of any other part or provision of this Agreement.
18.7 Waiver. Waiver of any breach or failure to enforce any term of this Agreement shall not be deemed a waiver of any breach or right to enforce which may thereafter occur. Any waiver, amendment, supplementation or other modification or supplementation of any provision of this Agreement shall be effective only if in writing and signed by both parties.
18.8 Governing Law. This Agreement shall be governed by and construed in accordance with the substantive laws of the United States and the State of California, without regard to any conflict of laws principles. This Agreement shall not be governed by the United Nations Convention on Contracts for the International Sale of Goods, the application of which is expressly excluded.
18.9 Notices. All notices required or permitted under this Agreement shall be in writing, shall reference this Agreement and will be deemed given: (i) five (5) business days after having been sent by registered or certified mail (or 10 days for international mail), return receipt requested, postage prepaid; (ii) when personally delivered; or (iii) on the reported delivery date if sent by a recognized commercial overnight or international carrier, with written verification of receipt. For purposes of clarity, all Orders, confirmations, invoices, and other documentation relating to the order processing, payments, or provisioning of the Solutions are not deemed legal notices and may be delivered electronically in accordance with each party’s standard processes. All legal notice communications shall be sent to the contact information set forth below or to such other contact information as may be designated by a party by giving written notice to the other party pursuant to this Section 18.9:
To Celerium: Celerium Inc.
21515 Hawthorne Blvd., Suite 520
Torrance, CA 90503
Attn: Randall Smith, CFO
With copy to: firstname.lastname@example.org
To Customer: At the address supplied by Customer when procuring a Solution Subscription.
18.10 Relationship of Parties; No Third Party Rights. This Agreement shall not be construed as creating an agency, partnership, joint venture or any other form of legal association between the parties and each party is an independent contractor. No provision of this Agreement is intended or shall be construed as creating any rights in a third party with respect to the subject matter of this Agreement.
18.11 Attorneys Fees. In any action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover costs and attorney’s fees.
18.12 Entire Agreement. This Agreement, including the Attachments hereto, constitutes the entire agreement between the parties with respect to the subject matter of this Agreement, and supersedes and replaces all prior or contemporaneous statements, understandings or agreements, written or oral, regarding such subject matter.
18.13 Governing Language. This Agreement has been negotiated and executed by the parties in English, and any interpretation or construction of this Agreement shall be based thereon. If this Agreement or any documents or notices relating to it are translated into another language, the English version shall govern and control in the event of any discrepancies between the two.
18.14 Counterparts; Headings: Electronic Signature and Delivery. This Agreement may be executed in several counterparts, each of which shall be deemed an original, but such counterparts shall together constitute but one and the same Agreement. This Agreement may be executed and delivered in counterpart signature pages executed and delivered via electronic transmission, and any such counterpart executed and delivered via electronic transmission shall be deemed an original for all intents and purposes. The Article and Section headings in this Agreement are inserted for convenience of reference only and shall not constitute a part hereof.
DATA SECURITY AND PRIVACY SCHEDULE
1.1 “Celerium Systems” means those computer systems hosting the Solution, which include third-party cloud-based services.
1.2 “Customer Data” shall have the meaning set forth above.
1.3 “Personal Data” means information provided by Customer to Celerium or collected by Celerium from Customer that is related to an identified or identifiable natural person (such as name, company email, company address, phone number) and used, directly or indirectly, by Celerium to identify a particular natural person. Personal Data also includes such other information about a particular natural person to the extent that the data protection laws applicable to the jurisdiction in which such person resides define such information as Personal Data.
1.4 “Privacy and Security Laws” means applicable U.S. federal, state and local laws, as well as non-U.S. laws, including those of the European Union, that regulate the privacy or security of Personal Data and that are directly applicable to Celerium.
1.5 “Security Breach” means unauthorized access to, or unauthorized acquisition of, Customer Data or Personal Data stored on Celerium Systems that results in the compromise of such Customer Data or Personal Data.
Celerium’s Solutions are designed to assess and respond to potential malicious activity by detecting, assessing, identifying, and responding to potential security threats and intrusions. Celerium’s Solutions do this by collecting metadata (e.g., IP addresses, and data relating to syslog, NetFlow, or Layer 3 data) from Customer Firewalls and securely sending it to Celerium Systems where the data is analyzed for defensive actions and generating reports. The metadata collected by Celerium Solutions does not include any Personal Data or content from Customer’s networks or workstations. Celerium has the right to aggregate and anonymize any data collected and use the data to: (i) provide the Solutions; (ii) analyze trends and performance; (iii) improve, enhance, or develop Celerium solutions and services; (iv) create summary insights or other reports for Celerium and its customers to improve cybersecurity; and (v) share the data or reports generated with communities to which customers have agreed to be a member. Data sharing is further set forth in the agreement between Celerium and its customers.
3.1 Provisioning/Use of Solutions. Celerium complies with applicable Pricacy and Security Laws in the processing of Personal Data. Personal Data may be collected and used as follows: in the provisioning and use of the Solutions; in order to provide and improve the Solutions; to administer Customer and user accounts; to comply with applicable laws; to provide support and training and respond to Customer inquiries; to act in accordance with Customer’s instructions; to administer this Agreement; to inform Customer and/or Authorized Users of Solution updates or enhancements, upcoming webinars or training, or otherwise manage and further the business relationship between Customer and Celerium; and otherwise in accordance with this Agreement. Celerium and its personnel will comply with Customer’s instructions in accordance with applicable law concerning the handling of Personal Data. Upon Customer’s request and within a reasonable time, Celerium will correct, delete, and/or block an individual’s Personal Data from further processing and/or use. Customer consents to: (i) the collection, use, storage and transfer of Personal Data by Celerium as contemplated by this Agreement, and (ii) if Customer or an Authorized User is located outside of the United States, the transfer of Personal Data out of the Customer’s country or the country or region in which the data subject resides or from which the Personal Data otherwise originates to the United States.
3.2 Customer Obligations. Customer will be responsible for providing any notice and choice requirements under applicable law to individuals for whom it provides Personal Data to Celerium. Customer represents and warrants that: (i) its provision of the Personal Data and Customer Data to Celerium hereunder complies with all applicable laws, including applicable data protection laws; (ii) it is and will at all relevant times remain duly and effectively authorized to enter into this Agreement and instruct Celerium to provide the Solutions and Services; (iii) it has a lawful basis in having Celerium process the Customer Data and Personal Data; (iv) it has made all necessary disclosures, obtained all necessary consents and government authorizations required under applicable law to permit the processing and international transfer of Customer Data and Personal Data from each Customer Affiliate, Contractor, and/or Authorized User.
4.1 Information Security Safeguards. Celerium will maintain appropriate organizational and technical safeguards and security protocols commensurate with the sensitivity of the Personal Data and Customer Data processed by Celerium, substantially in conformance with the NIST SP 800-171 control framework (“Celerium Information Security Controls”). The Celerium Information Security Controls are designed to protect the confidentiality, integrity, and security of the Personal Data and Customer Data processed by Celerium, and to protect such Personal Data and Customer Data against accidental or unlawful destruction or loss, unauthorized access or disclosure. Celerium will notify Customer within seven (7) days of any confirmed breach of Celerium’s Systems or unauthorized access to Personal Data or Customer Data (“Information Security Breach”) in accordance with applicable law. Upon any such discovery and confirmation, Celerium will (a) investigate, remediate, and mitigate the effects of the Information Security Breach, and (b) provide Customer with assurances that actions have been taken to avoid such Information Security Breach from recurring.
4.2 Customer Requests for Work Around. If Customer uses incompatible firewall hardware or software and requests that Celerium provide a work around so that Customer may use the Solution with such incompatible hardware or software, Customer acknowledges and agrees that such work around may not provide for the Information Security Safeguards set forth above. Customer accepts all security and other risks associated with such work around.
4.3 Technical Information. Customer agrees that Celerium may collect and use technical information related to Customer’s use of the Solutions, Services, and/or Celerium’s website(s). Such information may include, without limitation, information about Customer’s use of the Solution, Services, and/or website and information about the devices and systems for which the Solution is provisioned or Services are provided, and/or websites accessed. Celerium may use this information to improve its solutions, services or technologies, and will not disclose such information in a form that personally identifies specific persons or entities or any data or messaging that may be stored or transmitted in or through Customer’s use of the Solution, Services, or Celerium website.
4.4 Compliance with Subpoena; Other Legal Process; Regulators. Celerium will make reasonable efforts to avoid disclosure of the data set forth in this Data Security and Privacy Schedule, unless otherwise stated or agreed upon by the parties. If Celerium becomes legally compelled, as a result of a subpoena, regulatory request, court order or other legal process, to disclose any Customer Data, Personal Data or other information Celerium has collected from Customer, Celerium may disclose such Customer Data or Personal Data without the prior consent of Customer; provided, however, that in such case Celerium shall, to the extent permitted by law, give notice to Customer at least five (5) days prior to disclosing Personal Data or Customer Data, and Celerium shall provide such reasonable co-operation and assistance as Customer may reasonably request in its efforts to obtain a protective order or other similar relief concerning such Customer Data or Personal Data. In any event, Celerium shall disclose only that portion of such Customer Data or Personal Data that, in the opinion of Celerium’s legal counsel, is legally required to be disclosed.
CELERIUM SUPPORT SCHEDULE
Celerium Standard Customer Support Policy
Service Level Definitions
LEVEL 1 – Support provides the following services:
LEVEL 2 – Support provides the following services which include a more detailed understanding of the inner workings of the application:
LEVEL 3 – Support services provide code level changes to the application
Definition: System down or unavailable for use.
Examples of Severity 1 issues:
· Application is down
· No users can log into the portal
· Affects all users or a large portion of users
· Blocklists are not being generated
Initial Response Time
8am ET to 8pm ET email/ticket; Phone requests handled 24/7. Initial Response within 2-4 hours. Celerium will provide follow-up status to Customer every hour
As the resolution time depends on the type of problem or request, it cannot be determined in advance. Once the problem is identified, Celerium will provide Customer with an estimated resolution time.
Definition: Major service functions down or not working as expected.
Example of Severity 2 issues:
· Users can log into portal, but errors are encountered preventing normal use
· Portal is slow to use
· Sensor no longer working (red indicator)
· Notifications are not working
· Configuration changes Celerium made to customer equipment caused customer outage
· Tableau reports not functioning properly Users can log into portal, but errors are encountered
Initial Response Time
All severity 2 problem reports or service requests can be submitted to the Support Center 24/7. However, responses to these requests will only be made Monday through Friday from 8AM ET to 5PM ET, excluding legal holidays. Initial Response will be provided within 2-4 hours during these business hours. Celerium will provide follow-up status to Customer on a daily basis.
As the resolution time depends on the type of problem or request, it cannot be determined in advance. Once the problem is identified, Celerium will provide Customer with an estimated resolution time.
Priority to be determined
Definition: Minor function down or not working as expected / incorrect configuration
Examples of a Severity 3 issues:
· Blocklist no longer working
· API authentication issues
Initial Response Time
All severity 3 problem reports or service requests can be submitted to the Support Center 24/7. However, responses to these requests will only be made Monday through Friday from 8AM ET to 5PM ET excluding legal holidays. Initial Response will be within 24 hours during these business hours. Celerium will provide the follow-up status to Customer every 2-3 days.
As the resolution time depends on the type of problem or request, it cannot be determined in advance. Once the problem is identified, Celerium will provide Customer with an estimated resolution time.
Priority to be determined
Definition: Feature requests or cosmetic issues
Examples of Severity 4 issues:
· Portal works but data is not rendered correctly
· Feature requests or suggestions
· Reports not being generated
· Password resets
· User/Admin Training
Initial Response Time
All Severity 4 problem reports or service requests can be submitted to the Support Center 24/7. However, responses to these requests will only be made between Monday through Friday, 8AM ET and 5PM ET, excluding legal holidays. Initial Response will be provided within 24 hours during these business hours. Celerium will provide follow-up as appropriate.
Celerium will work on the problem / request during normal businessa hours until the problem is resolved with the assistance of the customer.
Definition: Scheduled Maintenance or Downtime