END USER SOFTWARE LICENSE AGREEMENT

THIS END USER SOFTWARE LICENSE AGREEMENT (THE “AGREEMENT) IS MADE BY AND BETWEEN BIGID INC., A DELAWARE CORPORATION HAVING AN ADDRESS OF 379 WEST BROADWAY, FL 2, NEW YORK, NY 10012 (“BIGID”) AND THE CUSTOMER INDICATED IN AN ORDER (DEFINED BELOW) OR AN ONLINE REGISTRATION FORM (“CUSTOMER”) DETAILING CUSTOMER’S SUBSCRIPTION TO BIGID’S SOFTWARE AND/OR SERVICES. BY CLICKING ITS ACCEPTANCE ELECTRONICALLY OF THIS AGREEMENT OR ANY OTHER TERMS AND CONDITIONS THAT INCORPORATES, BY REFERENCE, THIS AGREEMENT, OR EXECUTING AN ORDER THAT REFERENCES THIS AGREEMENT, CUSTOMER AGREES TO BE BOUND BY THE TERMS AND CONDITIONS HEREOF

1. Definitions.

1.1 “Advisory Services” means configuration assistance, training, and/or best practices guidance related to the use of the Software as described in an agreed Order, Task Organization Plan (TOP) or Statement of Work (SOW).

1.2 “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with a party hereto, for so long as such control exists. The term “control” means ownership of more than fifty percent (50%) of the voting securities of an entity.

1.3 “Applicable Law” means any statute, law, ordinance, regulation, rule, code, order, constitution, treaty, judgment, or rule of any governmental entity that possesses the force of law and applies to a party’s respective obligations under this Agreement.

1.4 “BigID Property” means any technology, content, dashboards, screens, document or report templates, techniques, ideas, methods, processes, data, software, algorithms, interfaces, utilities, designs, trade secrets, know-how, or intellectual property that has been or is acquired, created, developed or licensed by BigID and any improvement, Feedback, modification or other derivative works thereof; and all Intellectual Property Rights in the foregoing; and includes, without limitation, BigID Confidential Information, the Software and the Documentation.

1.5 “BigID Systems” means the information technology infrastructure, including all computers, software, databases, electronic systems, and networks, owned or controlled by BigID and used to provide the Software and/or Services.

1.6 “Customer Data” means data, documents, content, intellectual property, or information of any kind input into the Software by or on behalf of Customer or output from Customer’s use of the Software.

1.7 “Customer Systems” means any information technology infrastructure, including all computers, software, databases, electronic systems, and networks, within Customer’s custody or control or managed by a third-party contractor or cloud services provider on Customer’s behalf for Customer’s use.

1.8 “Documentation” means the applicable user documentation relating to the use of Software provided to Customer by BigID.

1.9 “Hosted Software” means BigID Software made available for access and use to Customer and its authorized Representatives on demand via the Internet.

1.10 “Intellectual Property Rights” means any registered and unregistered rights granted or applied for including without limitation any patent, copyright, trademark, trade secret, or other intellectual property rights, and all similar rights or forms of protection in any part of the world.

1.11 “Loss” means damages, liabilities, claims, actions, judgments, interest, awards, penalties, or fines, including reasonable attorneys’ fees.

1.12 “Order” means a written sales order, in a mutually agreed form, signed by both parties or which is provided by BigID and referenced by order number in a Customer purchase order; provided that if the Software or Services are purchased through an authorized BigID reseller, the term Order shall refer to the order entered into between BigID and such reseller.

1.13 “Personal Information” is information that identifies or could be used to identify an individual or relates to an identifiable person, including “Personal Information” or “Personal Data” as such terms are defined under Applicable Law. Personal Information does not mean encrypted metadata.

1.14 “Representatives” means, with respect to a party, that party and its Affiliates and their respective employees, officers and directors, consultants, agents, independent contractors, subcontractors, legal, financial, and accounting advisors.

1.15 “Services” means Advisory Services and Support provided by BigID and its Affiliates. Unless otherwise stated in an Order, Services shall exclude all Third-Party Services.

1.16 “Software” means BigID’s software, utilities, connectors, and/or applications as described in an Order, together with any Updates made available to Customer by BigID. Software shall be specified in an Order as either “On-Premise (self-managed) Software” or “Hosted (Cloud) Software.” Unless otherwise stated in an Order, Software shall exclude all Third-Party Software that is not embedded in the Software.

1.17 “Subscription Term” means the term of the Software subscription license as stated in an applicable Order.

1.18 “Support Policy” means the BigID Support Policy attached hereto as Exhibit A, which applies without customization to every BigID customer.

1.19 “Third Party Products” means (i) software products owned by a third party or which are supplied by a third party, that are resold by BigID either pursuant to an Order (“Third Party Software”); (ii) any support and/or professional services provided by a third party (“Third Party Services”); and (ii) any related third party documentation.

1.20 “Task Organization Plan” or “TOP” or “Statement of Work” or “SOW” means a mutually agreed document describing the Advisory Services.

2. Orders.

2.1 Order Process. The parties may agree to enter into one or more Order(s) for a subscription license to the Software and Services. An Order will include: (i) a description of the Software and Services; (ii) applicable quantities and/or other licensing parameters; (iii) Customer’s entity and billing information; (iv) payment terms; and (v) fees. The terms and conditions of this Agreement are automatically incorporated into each Order and shall apply whether Customer purchases directly from BigID or through an authorized BigID reseller. If Customer purchases through an authorized BigID reseller, BigID shall enter into an Order with such reseller and Customer shall pay the reseller for the Software and Services pursuant to a separate order document entered into between Customer and the reseller.

2.2 Affiliate Orders.  Customer’s Affiliates may enter into an Order pursuant to this Agreement. By entering into an Order, the Affiliate shall be considered the Customer for purposes of such Order and agrees to be bound to this Agreement with respect to such Order as if a party hereto.

3. Software License; Support; Services.

3.1 On-Premise (Self-Managed) Software. For on-premise licenses, BigID will make a copy of the Software in executable form available via electronic means for installation on Customer Systems. Customer may make a reasonable number of copies of the on-premise Software as necessary for production use, testing, disaster recovery or archival purposes. Customer is responsible for providing any necessary hardware and software as specified in the Documentation for on-premise Software.

3.2 Hosted (Cloud) Software. If purchased by Customer, BigID will make the Hosted Software available on a software platform for access and use by Customer remotely through the internet. BigID shall supply Customer with user or administrator IDs and passwords for Customer and its authorized Representatives to access and use the Hosted Software. Customer agrees to keep confidential any identification codes and/or passwords and to restrict access to such codes or passwords to its authorized Representatives. Customer agrees to notify BigID immediately if Customer becomes aware that unauthorized persons have obtained access to such identification codes or passwords, or any instance of unauthorized use of Customer’s accounts, or if Customer becomes aware of any other breach of security related to the Hosted Software. BigID reserves the right to temporarily suspend the account and/or passwords in the event of an actual or probable suspected security breach that poses a security threat to BigID’s Hosted Software platform. Customer agrees that is responsible for (i) providing the systems, servers, software, network and communications necessary to connect to and utilize the Software consistent with the Documentation; (ii) the accuracy and integrity of the Customer Data made available to BigID; (iii) backing up the Customer Data in Customer Systems; and (iv) obtaining any necessary licenses, consents and/or permissions to grant BigID the right to use the Customer Data in combination with the Software and Services to the extent necessary to enable BigID to perform its obligations hereunder.

3.3 Software License. During the Subscription Term and subject to payment of the applicable fees, BigID grants Customer a non-exclusive, non-sublicensable and non-transferable, limited subscription license to use the Software and Documentation in accordance with the Documentation and the Order. The subscription license is also limited to the license parameters (i.e. number of Data Sources, Connected Data Volume, named Customer entity, other license metrics) and any other mutually agreed limitations in the Order. The Software and Documentation shall be used solely by and for the benefit of Customer for its internal business purposes. Customer is responsible for its Representatives to the same extent it is responsible for its own acts and omissions.

3.4 License & Use Restrictions. The Software will remain the exclusive property of BigID. Customer shall not, and shall not permit any other party to,: (i) except as expressly stated herein with respect to on-premise Software, copy the Software, in whole or in part; (ii) modify, translate, or otherwise prepare derivative works of or improvements to the Software or Documentation; (iii) rent, lease, loan, sell, sublicense, distribute, publish, transfer or otherwise make the Software available to any third party, or use the Software on behalf of or for the benefit of any third party, including on or in connection any time-sharing, service bureau, software as a service, or other similar service; (iv) reverse engineer, disassemble, decompile or attempt to re-create the Software or otherwise attempt to derive or gain access to the source code of the Software; (v) bypass or breach any security device or protection relating to the Software; (vi) remove, modify or supplement any proprietary notices in the Software or Documentation; (vii) publish or disclose to a third party the results of any benchmarking or competitive analysis of the Software or (viii) use the Software to develop a competing software product or service. Customer shall take commercially reasonable measures to safeguard the Software and Documentation from unauthorized access.

3.5 Pre-Release Software. If BigID provides Customer any software or services identified as evaluation software, pre-release, early access, “alpha”, “beta” or similar, then notwithstanding anything to the contrary herein, such software and services are provided “as is” and without any warranty, support or service commitment or liability of any kind, but are otherwise provided in accordance with and subject to the terms of this Agreement.

3.6 Support. BigID will provide Customer with support services in accordance with BigID’s Support Policy (“Support”).

3.7 Advisory Services. The parties may mutually agree upon Advisory Services to be provided by BigID to Customer in an Order, TOP or SOW. The fees for Advisory Services shall be in the Order.

4. Performance & Support Data.

4.1 Performance Data. In connection with Software and/or Services provided under this Agreement, Customer authorizes BigID to collect certain operational, usage and performance data solely for internal purposes relating to the Software and/or Services including (i) diagnostic, usage, performance and related technical data; (ii) data regarding Customer’s containers (Disk, IO, RAM, CPU, Network) servicing and hosting the Software; (iii) Customer support logs; and (iv) other information related to the Software and/or Services (collectively “Customer Usage Information”). Customer authorizes BigID to collect such Customer Usage Information (a) via telemetry; and (b) as may be manually provided by Customer solely for BigID internal purposes. Customer shall not include Personal Information in the Support logs, except for Customer’s Representatives’ business contact details (e.g., name, business email, business phone, professional title). To the extent Customer Data is made available to BigID, BigID may use such Customer Data solely for internal purposes as reasonably necessary to perform BigID’s obligations under this Agreement and to improve the Software.

4.2 Support Data. In a continuous effort to enhance the performance, quality and support of the Software, BigID collects and uses certain metadata derived from Customer usage of the Software to create generic, anonymous, statistical and/or benchmarking data (“Statistical Data”) and aggregates with other customer information (the “Aggregated Data”). Such Aggregated Data does not identify and cannot be used to identify Customer, any Customer System or any specific Customer Data. Customer grants BigID a perpetual, fully paid-up, royalty-free worldwide right to use the Statistical Data as incorporated into the Aggregated Data solely for improving, optimizing, and monitoring the performance of the Software and Services.

4.3 Customer Data Back-Ups. BigID shall be responsible for maintaining regular back-ups of all Customer Data stored on BigID Systems, if any, while in BigID’s custody or control.

5. Fees & Payment.

5.1 Fees. Customer will pay BigID the Software and Services fees in the Order.

5.2 Payment. Unless otherwise stated in an Order, Customer will pay all invoices in US Dollars within thirty (30) days of the invoice date. If Customer fails to make any payment within ten (10) days following written notice of a failure to pay the amount when due, which amount is not the subject of a good faith dispute, BigID may charge interest on the past due amount at the rate of 1% per month or, if lower, the highest rate permitted under Applicable Law. All costs of collection (including reasonable attorneys’ fees) shall be borne by Customer.

5.3 Taxes. Amounts payable by Customer under this Agreement are exclusive of taxes and similar assessments. Customer is responsible for all sales, service, use and excise taxes, and any other similar taxes, duties and charges of any kind, other than any taxes imposed on BigID’s income.

5.4 License True Up. Customer’s use of the Software shall conform to the license metrics (e.g. number of Data Sources or Connected Data Volume) in the applicable Order. Customer shall monitor the volume usage feature in the Software to verify Customer’s usage complies with the license metrics in the Order. Customer shall promptly notify BigID if it exceeds the license metrics. Upon request, but no more than twice per year, Customer shall provide BigID with a report with confirmation of compliance with the license metrics during the reporting period. Customer shall pay any applicable excess fees specified in the Order or if not indicated in the Order the then current fees for usage exceeding the license metrics.

5.5 License Use Verification. BigID (including applicable Representatives) may, on reasonable request, verify Customer’s use of the Software during the Subscription Term. The verification will be conducted during regular business hours, and no more frequently than once in any 12-month period. Customer shall make available all reasonably requested records, systems, information, and personnel, and provide reasonable cooperation. Customer shall pay BigID for any use exceeding the license metrics. If the verification shows use in excess of 5% of Customer’s license metrics, Customer shall pay BigID its reasonable costs in conducting the verification.

6. Confidentiality.

6.1 Confidential Information. In connection with this Agreement, each party (as the “Disclosing Party”) may disclose or make available to the other party (as the “Receiving Party”) Confidential Information. “Confidential Information” means information, whether oral, written, electronic, visual etc., which is identified as confidential at the time of disclosure or should reasonably be understood to be confidential given the nature of the information and the circumstances surrounding the disclosure, including without limitation information relating to the business, operations, finances, technologies, products and services, software, data, pricing, personnel, customers and suppliers of a party and includes without limitation (i) with regard to Customer, the Customer Data; and (ii) with regard to BigID, the BigID Property. Confidential Information does not include information that: (a) is or becomes publicly known or made generally available to the public without a breach of this Agreement by Receiving Party or its Representatives; (b) is already rightfully known to Receiving Party at the time of disclosure by Disclosing Party as established by documentary evidence; (c) is obtained by Receiving Party from a third party without a duty of confidentiality and without a breach of such third party’s obligations of confidentiality to Disclosing Party; or (d) is independently developed by Receiving Party without reference to, use of, or benefit from, in whole or in part, any of Disclosing Party’s Confidential Information, as established by documentary evidence; provided that any combination of individual items of information shall not be deemed to be within any of the foregoing exceptions merely because one or more of the individual items are within such exception, unless the combination as a whole is within such exception.

6.2 Protection of Confidential Information. The Receiving Party shall retain in confidence and use the same degree of care and discretion (but not less than reasonable care) designed to prevent the unauthorized access to or disclosure of the Disclosing Party’s Confidential Information as it uses with its own Confidential Information of a similar nature. The Receiving Party will use the Disclosing Party’s Confidential Information solely to perform its obligations and exercise its rights under this Agreement. Except as authorized in this Agreement, the Receiving Party will not disclose the Disclosing Party’s Confidential Information to a third party other than to its Representatives needing to know in connection with the performance of this Agreement and then only subject to an obligation of confidentiality at least as protective as the terms herein. The Receiving Party shall be liable to the Disclosing Party for any violation of this Agreement by its Representatives. The Receiving Party may disclose Confidential Information to the extent required to comply with orders of governmental entities as required by law, provided that the Receiving Party (i) to the extent legally permissible, gives the Disclosing Party reasonable advance written notice to allow the Disclosing Party to seek a protective order or other appropriate remedy; (ii) uses commercially reasonable efforts to obtain confidential treatment for any Confidential Information so disclosed; and (iii) limits disclosure only to such Confidential Information expressly required by such legal request.

7. Security & Data Processing.

7.1 Data Processing. Where BigID processes Customer Data, the terms of the Data Processing Addendum available at https://bigid.com/dpa/ shall apply to such processing and are hereby incorporated by reference. Customer uses Amazon Web Services (AWS) for its data infrastructure located in the United States, European Union (Ireland), Japan, Singapore, and Australia. Subject to applicable cloud hosting pricing, Customer may select one or more geographical AWS data centers. Customer is responsible for ensuring its provision of Customer Data, including transnational processing, complies with Applicable Law. BigID does not control the jurisdiction where Customer Data originates, and neither BigID nor any subprocessor shall be deemed a “data controller” under Applicable Law with respect to Customer Data. As between Customer and BigID, Customer is the sole “data controller. BigID follows the privacy practices in the notice available at https://bigid.com/privacy-notice/ with respect to Customer Data.

7.2 Security Obligations. At Customer’s request, BigID will, on an annual basis, furnish to Customer its then current Security Measures (defined below) and its then current independent SSAE18 SOC 2 or successor attestation report. Such reports and policies are BigID Confidential Information. In addition to the confidentiality obligations set forth herein, BigID shall store and process any Customer Data in compliance with Applicable Law. BigID shall maintain commercially reasonable administrative, physical and technical safeguards designed to guard against the destruction, loss, or alteration of Customer Data while within its custody or control in accordance with the Security Measures set forth in BigID’s Data Processing Addendum available at https://bigid.com/dpa/ (“Security Measures”). BigID shall (i) maintain and enforce an information security program including administrative, physical and technical security policies and procedures with respect to its processing of Customer Data and Customer Personal Information that meet or exceed commercially reasonable industry practices; (ii) provide technical and organizational safeguards for the BigID Systems processing Customer Data designed to protect against accidental, unlawful or unauthorized access to, or use or destruction of, such information and ensure a level of security appropriate to the risks presented by the processing of such information and the nature of such information, consistent with commercially reasonable industry practices; and (iii) take commercially reasonable measures to secure the BigID Systems against “hackers” and others who may seek, without authorization, to disrupt, damage, modify, or otherwise access the BigID Systems. Additionally, BigID shall periodically test and continuously monitor the BigID Systems for security threats and shall also periodically conduct security testing, including penetration testing. BigID is not responsible for internet connections outside the BigID Systems.

7.3 Subprocessors. BigID may use third party subprocessors in connection with providing the Software (e.g. AWS, Azure) and the performance of the Services, provided that BigID shall be responsible for the acts and omissions of its subprocessors to the same extent as it would be responsible hereunder for its own acts and omissions. BigID shall maintain a current list of its subprocessors at: https://bigid.com/sub-processors/. BigID shall provide an automated electronic notification of updates to the list. Customer shall have the right to object to any change to the list by providing written notice to BigID within thirty (30) days of the date notice is issued on grounds that the subprocessor is not reasonably capable of meeting applicable obligations under this Agreement. If the parties cannot resolve Customer’s objection through good faith efforts, Customer shall have the right to terminate the affected Order upon written notice.

8. Intellectual Property Rights.

8.1 Ownership of BigID Property and Work Product. As between BigID and Customer, BigID owns and retains all right, title and interest in the BigID Property and BigID Confidential Information. Except as otherwise expressly provided in an Order, BigID shall own all right, title and interest in any Work Product created as part of the Advisory Services. Work Product shall not be works made for hire (as that term is used in the U.S. Copyright laws). During the Subscription Term and subject to payment of the applicable fees, BigID hereby grants Customer a non-exclusive, non-sublicensable and non-transferable, limited right to use any Work Product for Customer’s internal business purposes solely in connection with Customer’s use of the Software. “Work Product” shall mean any documents, materials, software, information, reports, data or other work product of any kind, regardless of form, which are used or created by BigID in connection with the Advisory Services.

8.2 Ownership of Customer Data. As between BigID and Customer, Customer shall own all right, title and interest in any Customer Data and Customer Confidential Information.

8.3 Feedback. Any ideas, suggestions, feedback, guidance or feature recommendations shared by Customer with BigID relating to the Software (“Feedback”) shall be owned by BigID including all Intellectual Property Rights therein. Feedback is provided by Customer “as is” without warranty of any kind.

9. Representations & Warranties.

9.1 Mutual Representations and Warranties. Each party represents and warrants to the other party that (i) it has the corporate authority to enter into this Agreement and to perform its obligations under the Agreement; and (ii) it will comply with Applicable Laws.

9.2 Disabling Software. BigID shall use generally accepted industry best practices including the use of a leading virus detection product designed to prevent the Software, as provided, from containing any malicious program routine or device, including without limitation a time bomb, virus, software lock, drop-dead device, worm, trojan horse or trap door, that is intentionally designed to disable, deactivate, adversely interfere with or otherwise prevent Customer’s use of or access to the Software, or which is intended to cause harm to Customer Systems.

9.3 Software Warranty. BigID warrants to Customer during the Subscription Term that the Software will substantially conform to the Documentation, when installed, operated and used in accordance with the Documentation, the Order and the terms and conditions of this Agreement (“Software Warranty”). To state a Software Warranty claim, Customer must provide BigID with written notice of the nonconformance within thirty (30) days of the date on which the nonconformance occurred. The Software Warranty has certain limited exclusions for misuse of the Software set forth in the Support Policy below. Upon receipt of a timely Software Warranty claim, BigID will, at its expense, use reasonable efforts to correct the nonconformance. If (i) BigID fails to correct the nonconformance within thirty (30) days of its receipt of a Software Warranty claim notice and (ii) Customer has provided complete and timely cooperation, then Customer shall have the option to extend the period for correction or terminate the affected Order for a prorated refund of prepaid fees paid for the Software representing the period of the Subscription Term remaining post-termination. Such correction efforts and/or termination with a prorated refund shall be Customer’s sole and exclusive remedy for any Software Warranty claim.

9.4 Advisory Services Warranty. BigID warrants to Customer that the Advisory Services will be performed in a diligent and professional manner, by appropriately qualified personnel, with the skills, knowledge, and training reasonably necessary to perform the Advisory Services (“Advisory Services Warranty”). Customer must notify BigID within thirty (30) days of a nonconformance of such Advisory Services with the Advisory Services Warranty. Upon receipt of timely notice, BigID will, at its expense, use reasonable efforts to correct the nonconformance. If (i) BigID fails to correct the nonconformance within thirty (30) days of its receipt of notice and (ii) Customer has provided complete and timely cooperation, then Customer shall have the option to either extend the period for correction or receive a refund of any fees paid for the nonconforming Advisory Services. Such correction efforts and/or refund of any fees paid for the nonconforming Advisory Services shall be Customer’s sole and exclusive remedy for any Advisory Services Warranty claim.

9.5 Open Source. BigID represents and warrants that the Software will not be subject to any open source license or other terms that, if used or distributed as permitted under this Agreement, would require the Customer Data to be disclosed or distributed, to become subject to any third party or open source license (including for creation of derivative works), or to be redistributable at no charge.

9.6 Third Party Services Use. Customer agrees that the Software may operate in combination with one or more cloud hosting and/or software services platforms operated by third parties to which Customer subscribes directly (e.g. Salesforce.com) (“Customer Sourced Services”). To the extent that the Software operates in combination with such Customer Sourced Services, Customer is responsible for providing BigID with credentials to access such Customer Sourced Services and for obtaining any approvals required to permit such use. BigID is not responsible for the operation or availability of any such Customer Sourced Services. Any interaction between Customer and Customer Sourced Services is solely governed by such Customer Sourced Services provider’s applicable license terms between Customer and the provider. BigID does not make any representations or warranties with respect to the Customer Sourced Services.

9.7 Third Party Products. Unless otherwise expressly stated in an Order, Third Party Products resold by BigID on a stand-alone basis are governed exclusively by the applicable third-party provider’s agreement and BigID makes no representations or warranties and assumes no obligations or liability with respect to such Third Party Products.

9.8 Disclaimer of Warranties. The express warranties set forth in this Section 9 are the only warranties made with respect to the Software and Services. BigID disclaims all other representations and warranties of any kind, whether express, implied, statutory or otherwise, including all warranties arising from course of dealing, usage or trade practice, merchantability, fitness for a particular purpose, title and non-infringement. BigID does not warrant the accuracy or completeness of data or informational content, that the operation or use of the Software will be uninterrupted or error-free, that all errors in the Software will be corrected, or that the Software will meet Customer’s requirements.

10. Indemnification.

10.1 BigID Indemnification. If a third party sues Customer claiming the Software infringes the third party’s Intellectual Property Rights, then, subject to the provisions below, BigID will indemnify and defend Customer from any Losses actually awarded or incurred arising from that third party claim. The foregoing duty to indemnify and defend does not apply to the extent arising out of or relating to any (i) open source components; (ii) modification of the Software by Customer or a third party; (iii) failure to implement any Update or replacement of the Software made available to Customer by BigID; (iv) use of the Software other than in compliance with the Documentation, Order, and/or Agreement; or (v) use of the Software in combination with any Customer or third party software, system, hardware or data. If BigID thinks the Software is likely to or does become the subject of a claim of infringement of any third-party Intellectual Property Right, then BigID may, at its option and sole cost and expense, do one of the following: (a) obtain the right for Customer to continue to use the Software as contemplated by this Agreement; (b) modify or replace the Software, in whole or in part, while providing materially equivalent functionality; or (c) terminate the affected Order(s) and provide Customer with a pro-rata refund of the prepaid Software fees representing the period of the Subscription Term remaining post-termination. This Section 10.1 sets forth Customer’s sole and exclusive remedies and BigID’s sole liability for any claims that the Software infringes, misappropriates or violates any third-party Intellectual Property Rights.

10.2 Customer Indemnification. Customer will indemnify and defend BigID from and against any Losses actually awarded or incurred by BigID in connection with any claim or action by a third party to the extent that such Losses arise out of any third party claim that the Customer Data infringes, misappropriates or violates any Intellectual Property Right or privacy right of a third party, or is improperly collected or furnished to BigID.

10.3 Indemnification Procedure. Each party will promptly notify the other party in writing of any action for which such party seeks indemnification. A party’s indemnification obligation hereunder shall be reduced or excused to the extent any delay in a party’s notice requirement prejudices the other party. The party seeking indemnification (the “Indemnitee”) will cooperate with the other party (the “Indemnitor”) at the Indemnitor’s sole cost and expense. The Indemnitor will have sole authority and control over the defense and settlement of such action, at the Indemnitor’s sole cost and expense, provided that no such settlement requires admission of wrongdoing or payment of damages by the Indemnitee. The Indemnitee may participate in but not control the defense of the claim, at its own cost and expense, with counsel of its own choosing.

11. Limitations of Liability.

11.1 Mutual Exclusion of Damages. To the fullest extent permitted by Applicable Law, in no event will either party be liable for consequential, incidental, indirect, loss of or damage to data or software, loss of profits or revenue, loss of goodwill or reputation, exemplary, special, enhanced or punitive damages, regardless of the theory of liability, including breach of contract, tort (including negligence), strict liability and otherwise. Without limiting the foregoing, in no event will BigID be liable for the cost of replacement goods or services.

11.2 Mutual Limitation of Liability. To the fullest extent permitted by Applicable Law, in no event will the total aggregate liability of either party arising out of or related to this Agreement, regardless of the theory of liability including breach of contract, tort (including negligence), strict liability and otherwise, exceed the total of the annualized fees paid during the most current annual Subscription Term then in effect. The foregoing limitations apply even if any remedy fails its essential purpose.

11.3 Exceptions. The exclusions and limitations of liability in Section 11.1 and 11.2 shall not apply to liability arising out of (i) either party’s breach of Section 6 (Confidentiality); (ii) a party’s indemnification obligations under Section 10; (iii) a party’s gross negligence or willful misconduct; (iv) either party’s violation or infringement (including statutory) of the other party’s Intellectual Property Rights; or (v) Customer’s obligation to pay fees under an Order. Notwithstanding the foregoing, regardless of the theory of liability, BigID’s total aggregate liability for breach of its security, data privacy, or data protection obligations under this Agreement, as well as any related data protection agreement and data protection laws, including without limitation any confidentiality, indemnification obligations and/or any claims for violation of law relating thereto, shall not exceed the greater of $400,000 or two (2) times the total of the annualized fees paid during the most current annual Subscription Term then in effect.

12. Term & Termination.

12.1 Agreement Term & Termination. The term of this Agreement commences as of the Effective Date and will continue in effect unless terminated in accordance with the terms hereof. Either party may terminate this Agreement immediately upon prior written notice if there is no Order then in effect.

12.2 Order Term. Each Order shall remain in effect for the Subscription Term specified in the Order unless earlier terminated as provided for in this Section 12.

12.3 Order Termination for Cause. Except as otherwise set forth in this Agreement, an Order may be terminated (in whole but not in part) by a party solely if the other party fails to cure a material breach of such Order, or of this Agreement as it relates to such Order, within thirty (30) days after receiving written notice of the breach from the non-breaching party.

12.4 Termination for Insolvency. This Agreement and all Orders may be terminated at any time by either party upon written notice, effective immediately if the other party (i) becomes insolvent or is generally unable to pay its debts as they become due; or (ii) becomes the subject of any voluntary or involuntary bankruptcy proceeding under any domestic or foreign bankruptcy or insolvency Applicable Law.

12.5 Effect of Termination or Expiration. Upon expiration or earlier termination of an Order: (i) all Software rights granted to Customer under such Order will immediately terminate and Customer will immediately cease all use of the Software, Documentation and BigID Property; (ii) BigID will destroy any Customer Data and, upon request, any Customer Confidential Information within thirty (30) business days, provided that BigID shall be permitted to hold any Customer Data or Confidential Information to the extent required by Applicable Law and/or in accordance with BigID’s record keeping in the ordinary course consistent with normal industry practices, and BigID shall confirm such destruction upon request; (iii) within fifteen (15) days, Customer shall deliver to BigID, or at BigID’s written request destroy, and permanently erase from all devices and systems, the Software, the Documentation and BigID’s Confidential Information and, upon request, certify to BigID in writing that it has complied with the requirements of this Section 12.5; and (iv) except where the Order is terminated by Customer due to an unremedied material breach by BigID and unless otherwise expressly provided herein, all amounts payable by Customer to BigID pursuant to such Order shall be immediately due and payable. Any right, obligation or provision under this Agreement arising prior to termination or that, by its nature or to give effect to its meaning or purpose, should survive termination or expiration of this Agreement, will survive any expiration or termination of this Agreement.

13. General.

13.1 Force Majeure. In no event will either party be liable to the other party or be deemed to have breached this Agreement for any failure or delay in performing under this Agreement (except for any payment obligation), to the extent such failure or delay is caused by any circumstances beyond such party’s reasonable control (a “Force Majeure Event”), including without limitation acts of God, pandemic, epidemic, flood, fire, earthquake or explosion, war, terrorism, change of Applicable Law, power, internet or telecommunications failure. Either party may terminate this Agreement if a Force Majeure Event continues substantially uninterrupted for forty-five (45) days or more.

13.2 Publicity. Neither party will issue any announcement, statement, press release or marketing materials relating to this Agreement or, unless expressly permitted under this Agreement, otherwise use the other party’s trademarks or logos, without the prior written consent of the other party. However, BigID may use Customer’s name and logo to list Customer as a BigID customer.

13.3 Assignment. Except as otherwise expressly provided herein, neither party may assign this Agreement or an Order, or any of its rights or obligations hereunder (in whole or in part), without the prior written consent of the other party; provided, however, that either party may assign this Agreement, without the other party’s consent, in whole (but not in part) to a successor in interest to the business of such party in connection with a merger, sale of substantially all of its assets, change of control or by operation of law, or to an Affiliate, provided that (i) the assignee agrees to assume the obligations under this Agreement; and (ii) the assignment does not change the scope of license under any Order then in effect and the use of the Software and Services shall remain limited to the business of Customer (as specified in the Order) as such business existed prior to the assignment. The terms of this Agreement shall be binding upon the permitted successors and assigns of each party. Any purported assignment, delegation or transfer in violation of this Section 13.3 is void.

13.4 Subcontractors. BigID may use third party subcontractors to provide the Software and Services. BigID shall be responsible for the acts and omissions of its third party subcontractors to the same extent as it would be responsible for its own acts and omissions.

13.5 Relationship of the parties. The parties are independent contractors. Nothing contained in this Agreement will be construed as creating any agency, partnership, joint venture or other form of joint enterprise, employment or fiduciary relationship between the parties, and neither party will have authority to contract for or bind the other party in any manner whatsoever.

13.6 No Third-party Beneficiaries. This Agreement is for the sole benefit of the parties hereto and their respective permitted successors and permitted assigns and nothing herein, express or implied, confers on any other party any legal or equitable right, benefit or remedy of any nature whatsoever under this Agreement.

13.7 Export Regulation. Customer will not, nor permit any other party to, export, re-export or release, directly or indirectly, the Software to any country, jurisdiction or party which (i) is prohibited by Applicable Law; and/or (ii) without obtaining any necessary export license or other governmental approval.

13.8 Governing Law; Jurisdiction. This Agreement is governed by and construed in accordance with the internal laws of the State of New York without regard to its conflict of laws principles. Any legal action or proceeding arising out of or related to this Agreement will be instituted exclusively in the federal courts of or State courts having jurisdiction over New York County, New York, and each party irrevocably submits to the exclusive jurisdiction of such courts in any such action or proceeding. The Uniform Computer Information Transactions Act, United Nations treaties, and the Uniform Commercial Code shall not apply to this Agreement.

13.9 Equitable Remedies. Each party agrees that a breach or threatened breach by such party of any of its obligations under Section 3.4 (License & Use Restrictions), Section 6 (Confidentiality), or Section 8 (Intellectual Property Rights) of this Agreement would cause the other party irreparable harm for which monetary damages will not be an adequate remedy and that, in the event of such breach or threatened breach, the other party will be entitled to seek equitable relief, including an injunction, specific performance and any other relief that may be available from any court of competent jurisdiction, without any requirement to post a bond or other security, or to prove actual damages or that monetary damages are not an adequate remedy. Such equitable remedies are not exclusive and are in addition to all other remedies that may be available at law, in equity or otherwise.

13.10 Notices. All legal notices related to this Agreement will be sent in writing to the addresses set forth at the outset of the Agreement by personal delivery or internationally recognized overnight delivery service and will be deemed given on the date of delivery when delivered personally or one (1) business day after deposit for next day delivery with a recognized overnight delivery service. All other notices may be delivered by the same means as legal notices or via electronic mail, and if sent via email, will be deemed delivered only upon confirmed receipt. Notices to BigID shall be to the attention of its legal department with a copy to [email protected].

13.11 Severability. If any provision of this Agreement is found to be invalid or otherwise unenforceable, the Agreement will remain fully effective and the parties will be bound by obligations that approximate, as closely as possible, the effect of the provision found invalid or unenforceable, without being themselves invalid or unenforceable.

13.12 Entire Agreement; Waiver & Amendment. This Agreement, together with all attached exhibits and any other documents incorporated herein by reference, constitutes the sole and entire agreement of the parties with respect to the subject matter of this Agreement and supersedes all prior and contemporaneous agreements, proposals, quotes, RFPs, presentations, representations and warranties, both written and oral, with respect to such subject matter. This Agreement shall govern with respect to Customer’s use of the Software and Services and any transactions relating thereto, whether such rights are purchased from BigID or through an authorized reseller and shall apply to all Orders and forms of purchases (e.g. marketplaces), unless otherwise agreed by both parties in writing. Unless the Order expressly amends this Agreement, the terms and conditions of this Agreement shall take precedence over any conflicting terms in the Order. Any waiver, amendment, or modification of this Agreement, or any additional or different terms other than the Order, will not be effective unless expressly agreed to by both parties in a signed document. Without limiting the foregoing, BigID rejects any additional or conflicting terms in purchase orders or other purchase documents.

13.13 Counterparts. This Agreement may be executed in counterparts, each of which is deemed an original, but all of which together are deemed to be the same agreement. A signed copy of this Agreement delivered by e-mail or other means of electronic transmission is deemed to have the same legal effect as delivery of an original signed copy of this Agreement.

 

Exhibit A

BigID Support Policy – Standard Level Support

Support Services:

1. Definitions.

a. “Error” means a bug, defect, or error in the Software that causes material nonconformance in the performance and operation of the Software as set forth in the Documentation.

b. “Severity Level” or “Sev” means the classification of an Error based on the definitions in Table 1 below.

c. “Support Hour” and “Support Day” shall mean an hour and/or a day, as applicable, within the specified time period that Support is made available pursuant to Section 2.

d. “Update(s)” means any update, upgrade, release, or other adaptation, modification or replacement of the Software that BigID may provide from time to time, in its sole discretion, to licensees of the Software, which may contain, among other things, error corrections, enhancements, improvements or other changes to the Software.

2. Support. BigID shall provide Support Services together with all Updates in accordance with the terms of this Support Policy and the Agreement. Support Services include:

a. Support Hours.

i. Standard support hours are 8:00 am to 8:00 pm (USA Eastern time) Monday-Friday (excluding US federal holidays) for online and callback phone support for Sev1 and Sev2 technical issues relating to the use of the Software (including Errors or problems and assistance understanding specific features) (“Standard Support”); or

– Customer may elect to define standard support hours from 8:00 am to 5:00 pm for a single alternate time zone such as IST (India Standard Time) in lieu of USA support hours.

ii. If Customer purchases Extended Support, Customer Support hours are 24 hours, 5 days a week (24×5) (“Extended Support”) for Sev3 and Sev4 and 24 hours, 7 days a week (24×7) for Sev1 and Sev2. E-mail: [email protected]; Phone: (917) 765-5958.

b. Severity Level Definitions. At the time it reports an Error to BigID, Customer shall in good faith designate the Severity Level for such Error, using the definitions in Table 1 below. BigID will not modify such designation without Customer’s consent, provided that the parties shall work in good faith to properly classify the Severity Level; provided, however, that if it is determined that the root cause of an incident is outside the Software or BigID control, then, upon notice to Customer, BigID may modify the designation.

c. Support & Warranty Exclusions. BigID’s Software Warranty and Support obligations shall not apply to any Errors or Software Warranty claim(s) to the extent arising out of or relating to: (i) modifications made to the Software by Customer or its Representatives including improper maintenance or configuration changes; (ii) use of the Software other than as specified in the Documentation and/or the Order, including any use in combination with any technology (including any software, hardware, firmware, system or network) or service not specified for use therein; (iii) Customer’s or its Representative’s negligence or intentional misconduct in the use of the Software; (iv) Customer’s failure to promptly install all Updates to the extent the Update would have avoided the issue, provided that BigID will provide Support for a prior release for 12 months of the most current release; (v) the operation or malfunction of, or access to, Customer’s or a third party’s technology, system or network; (vi) pre-release software or software that BigID makes available for testing or demonstration purposes; (vii) any modifications to the Software made at Customer’s request that are made specifically and uniquely for Customer; or (viii) any other circumstances or causes outside of the reasonable control of BigID. Customer will install all Updates promptly upon their release.

d. Escalations. If a Sev1 or Sev2 Error is not progressing toward resolution, or other objectively exceptional circumstances, then Customer may escalate a support incident to its designated escalation contact.

Updated:6/17/2024