If the order is for Proofpoint’s Wombat Security products, the Wombat Products EULA applies to Customer’s order https://www.wombatsecurity.com/end-user-license-agreement

Customer Agreement

Unless the end user customer (“Customer”) has a written license agreement in place with Proofpoint for the products listed in the Proofpoint quotation, Customer’s issuance of a purchase order for those products (either directly to Proofpoint or through an authorized Proofpoint partner) constitutes Customer’s agreement that its use of the Proofpoint products is governed solely by the terms of this Proofpoint Customer Agreement, which contains terms regarding license and usage, disclaimers and limitations of liability, Proofpoint’s right to suspend or terminate Customer’s subscription for non-payment, and automatic renewal of the subscription.  THE CUSTOMER AND PROOFPOINT AGREE THAT THIS CUSTOMER AGREEMENT IS THE COMPLETE AND EXCLUSIVE STATEMENT OF THE TERMS BETWEEN THE PARTIES RELATING TO THE SUBJECT MATTER HEREOF, AND SUPERSEDES ALL PROPOSALS OR PRIOR OR CONTEMPORANEOUS AGREEMENTS, ORAL OR WRITTEN, INCLUDING, BUT NOT LIMITED TO, ANY TERMS CONTAINED IN CUSTOMER’S PURCHASE ORDER.

  1. DEFINITIONS. In the Agreement:
    1. "Affiliate" means, with respect to a party, any entity which directly or indirectly controls, is controlled by, or is under common control with, such party. "Control," for purposes of this definition, means ownership or control, directly or indirectly, of more than 50% of the voting interests of the subject entity.
    2. "Agreement" means this Customer Agreement, each Product Exhibit, each SOW (if any) and any other document executed by the parties.
    3. "Appliance(s)" means a virtual or hardware device containing the Software.
    4. "Confidential Information" shared between the parties, as defined in Section 3.
    5. "Customer Content" means the Customer specific configurations and rules implemented in the Proofpoint Products, and any Customer content processed by the Proofpoint Products (e.g. email text and attachments) that is not Personal Data.
    6. "Customer Equipment" means Customer’s computer hardware, software and network infrastructure used to access Software.
    7. "Documentation" means the technical description of the Proofpoint Product(s) contained in the then-current Proofpoint Product descriptions made available by Proofpoint to Customer upon license of the Proofpoint Product(s).
    8. "Extension Term(s)" means each additional one-year (or other agreed upon period) subscription term for which the subscription term for a Proofpoint Product is extended pursuant to Section 8.
    9. "Initial Term" means the initial subscription term for a Proofpoint Product that is defined on the applicable Purchase Order.
    10. "License(s)" means the license metric (e.g. type and quantity) identified in the Proofpoint sales quote and/or in the applicable Product Exhibit (which in turn may be referenced in the Purchase Order).  Customer needs a License in order to legally use a Proofpoint Product.
    11. "Personal Data" means data about an identifiable individual that is protected by privacy laws where the individual resides.  Examples of personal data include name, religion, gender, financial information, national identifier numbers, health information, email addresses, IP addresses, online identifiers and location data.  Proofpoint’s protection of Personal Data is described in Section 4.
    12. "Product Exhibit(s)" means the exhibit to this Agreement containing additional terms specific to the Proofpoint Product(s) licensed to Customer.
    13. "Professional Services" means installation, implementation, data migration or other advisory services provided by Proofpoint to Customer.
    14. "Proofpoint Product(s)" means the Appliance, Service or Software licensed and/or purchased by Customer under a Purchase Order.
    15. "Purchase Order(s)" means an ordering document for a Proofpoint Product issued by Customer or Reseller that contains at least the following information: product name, license quantity, subscription term, price, and billing contact.
    16. "Reseller" means a third-party authorized by Proofpoint to resell Proofpoint Products directly to Customer.
    17. "Service" means any Proofpoint Product licensed on a hosted basis as software as a service. 
    18. "Software" means any Proofpoint binary software programs licensed by Proofpoint to Customer, together with all the Software Updates.
    19. "Software Update(s)" means each Software update and enhancement that Proofpoint generally makes available at no additional charge to its customers who are current in payment of applicable Subscription Fees, or otherwise provides to Customer under this Agreement.
    20. "SOW" means each statement of work, engagement letter or other writing signed by Proofpoint and Customer that describes the Professional Services provided by Proofpoint. Each SOW shall reference this Agreement and will be subject to the terms and conditions hereof. Additionally, a Proofpoint service brief identified in a Purchase Order is also considered an SOW but does not require a separate signature.
    21. "Subscription Fees" mean the fees paid by Customer for the right to use (and receive applicable Updates to) the applicable subscription-based Proofpoint Products for the Initial Term or Extension Term, as applicable.
    22. "Taxes" means any direct or indirect local, state, federal or foreign taxes, levies, duties or similar governmental assessments of any nature, including value-added, sales, use or withholding taxes.
    23. "Term" means the Initial Term and any Extension Term applicable to each Purchase Order.
    24. "Threat Analytics" means information collected, generated and/or analyzed by the Proofpoint Products such as log files, statistics, aggregated data and derivatives thereof. 
    25. "User" means Customer's and its Affiliates' employees, agents, subcontractors, consultants or other individuals authorized to use the Proofpoint Product.
    26. "Work Product" means all work product developed or created by Proofpoint during the course of providing support or Professional Services to Customer. Notwithstanding anything herein to the contrary, Work Product shall not include any Customer Confidential Information, Customer Content, or Personal Data.
  2. GENERAL LICENSE TERMS
    1. License.  Subject to the terms of this Agreement and each applicable Product Exhibit, Proofpoint grants to Customer and its Affiliates a worldwide, royalty-free, non-exclusive, time-limited, non-transferable (except to a successor in interest as permitted hereunder), limited license to access and/or use (as applicable) the Proofpoint Products during the Term in the quantities specified in the applicable Purchase Order, and solely for Customer’s own internal business purposes. Customer may authorize subcontractors to access and/or use the Proofpoint Products, subject to the number of Licenses authorized by the Agreement, provided Customer is jointly and severally liable for all acts and omissions of the subcontractors. Customer may use the Documentation in connection with the License granted hereunder.
    2. Restrictions.  Customer specifically agrees to limit the use of the Proofpoint Products to those parameters set forth in the applicable Purchase Order and Product Exhibit. Without limiting the foregoing, Customer specifically agrees not to: (i) resell, sublicense, lease, time-share or otherwise make a Proofpoint Product (including the Documentation) available to any third party (except Affiliates and subcontractors); (ii) attempt to gain unauthorized access to, or disrupt the integrity or performance of, a Proofpoint Product or the data contained therein (including but not limited to hacking or penetration testing Proofpoint’s systems); (iii) modify, copy or create derivative works based on a Proofpoint Product; (iv) decompile, disassemble, reverse engineer or otherwise attempt to derive source code from a Proofpoint Product, in whole or in part; or (v) access a Proofpoint Product for the purpose of building a competitive product or service or copying its features or user interface.   
    3. Prohibitions.  In addition, Customer agrees not to use a Proofpoint Product, or permit it to be used, for purposes of: (i) product evaluation, benchmarking or other comparative analysis intended for publication outside the Customer organization without Proofpoint's prior written consent; (ii) infringement on the intellectual property rights of any third party or any rights of publicity or privacy; (iii) violation of any law, statute, ordinance, or regulation (including, but not limited to, the laws and regulations governing export/import control, unfair competition, anti-discrimination, and/or false advertising); (iv) propagation of any virus, worms, Trojan horses, or other programming routine intended to damage any system or data; and/or (v) filing copyright or patent applications that include the Software and/or Documentation or any portion thereof.
  3. CONFIDENTIALITY 
    1. As used herein, "Confidential Information" means all confidential and proprietary information of a party ("Disclosing Party") disclosed to the other party ("Receiving Party"), whether orally or in writing, that is designated as “confidential” or the like, or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure, including  the terms and conditions of this Agreement (including pricing and other terms reflected in a Purchase Order), the Proofpoint Products business and marketing plans, technology and technical information, product designs, and business processes.
    2. "Confidential Information" shall not include information that (i) is or becomes a matter of public knowledge through no act or omission of the Receiving Party; (ii) was in the Receiving Party’s lawful possession prior to the disclosure without restriction on disclosure; (iii) is lawfully disclosed to the Receiving Party by a third party that lawfully and rightfully possesses such information without restriction on disclosure; (iv) the Receiving Party can document resulted from its own research and development, independent of receipt of the disclosure from the Disclosing Party; or (v) is disclosed with the prior written approval of the Disclosing Party.
    3. Receiving Party shall not (i) disclose any Confidential Information of the Disclosing Party to any third party, except as otherwise expressly permitted herein or (ii) use any Confidential Information of Disclosing Party for any purpose outside the scope of this Agreement or in any manner that would constitute a violation of any laws or regulations, including without limitation the export control laws of the United States, except with Disclosing Party's prior written consent. The Receiving Party shall not make Confidential Information available to any of its employees or consultants except those that have agreed to obligations of confidentiality at least as restrictive as those set forth herein and have a “need to know” such Confidential Information.  The Receiving Party agrees to hold the Disclosing Party’s Confidential Information in confidence and to take all precautions to protect such Confidential Information that the Receiving Party employs with respect to its own Confidential Information of a like nature, but in no case shall the Receiving Party employ less than reasonable precautions. Receiving Party shall promptly notify Disclosing Party if it becomes aware of any actual or reasonably suspected breach of confidentiality of Disclosing Party's Confidential Information. This Agreement will not be construed to prohibit disclosure of Confidential Information to the extent that such disclosure is required to by law or valid order of a court or other governmental authority; provided, however, to the extent permitted by law, the responding party shall give prompt written notice to the other party to enable the other party to seek a protective order or otherwise prevent or restrict such disclosure and, if disclosed, the scope of such disclosure is limited to the extent possible.
    4. The Receiving Party will return all copies of the Disclosing Party’s Confidential Information upon the earlier of (i) the Disclosing Party’s request, or (ii) the termination or expiration of this Agreement. Instead of returning such Confidential Information, the Receiving Party may destroy all copies of such Confidential Information in its possession; provided, however, the Receiving Party may retain a copy of any Confidential Information disclosed to it solely for archival purposes, provided that such copy is retained in secure storage and held in the strictest confidence for so long as the Confidential Information remains in the possession of the Receiving Party.
    5. The parties acknowledge and agree that the confidentiality obligations set forth in this Agreement are reasonable and necessary for the protection of the parties’ business interests, that irreparable injury may result if such obligations are breached, and that, in the event of any actual or potential breach of Section 3, the non-breaching party may have no adequate remedy at law and shall be entitled to seek injunctive and/or other equitable relief as may be deemed proper by a court of competent jurisdiction.
  4. DATA PROTECTION Proofpoint will maintain administrative, physical, and technical safeguards for protection of the security and confidentiality of Customer Content and Personal Data, including, but will not be limited to, measures for preventing unauthorized access, use, modification or disclosure of Customer Content and Personal Data.  Proofpoint’s current data security terms are described in the Data Security Policy document found on Proofpoint’s website at http://www.proofpoint.com/license.
  5. OWNERSHIP
    1. Customer retains all title, intellectual property and other ownership rights in all Customer Confidential Information, Customer Content and all data, text, files, output, programs, information, or other information and material that Customer provides, develops, makes available, or uses in conjunction with the Proofpoint Products.  Proofpoint retains all title, intellectual property and other ownership rights throughout the world in and to the Proofpoint Products, Documentation, any Service offering and the Work Product. Proofpoint hereby grants to Customer a non-exclusive, non-transferable, fully paid up, license to use the Work Product in connection with the Proofpoint Product licensed under this Agreement and solely for Customer’s internal business purposes. Professional Services (and any resulting Work Product) are specific to the Proofpoint Products and are not provided on a “work made for hire” basis.
    2. There are no implied rights and all rights not expressly granted herein are reserved. No license, right or interest in any Proofpoint trademark, copyright, patent, trade name or service mark is granted hereunder. Customer shall not remove from any full or partial copies made by Customer of the Software, Software Updates and Documentation any copyright or other proprietary notice contained in or on the original, as delivered to Customer.
    3. Each party acknowledges that the Proofpoint Products contain valuable trade secrets and proprietary information of Proofpoint, that in the event of any actual or threatened breach of the scope of any of the licenses granted hereunder, such breach shall constitute immediate, irreparable harm to Proofpoint for which monetary damages would be an inadequate remedy, and that injunctive relief is an appropriate remedy for such breach in addition to whatever remedies Proofpoint might have at law or under this Agreement.
  6. FEES, PAYMENT AND REPORTING
    1. Fees.  Fees for the Proofpoint Products will be the Subscription Fees and other fees set forth in the Purchase Orders (collectively, the “Fees”). The Fees stated in each Purchase Order shall be effective during the Initial Term specified in that Purchase Order; the Subscription Fees and other fees for each Extension Term shall be defined in the applicable Purchase Order or, in the absence of any such terms regarding Fees for Extension Terms, by mutual agreement of the parties.
    2. ​​​Taxes.  Customer will be liable for payment of all Taxes that are levied upon and related to the performance of obligations or exercise of rights under this Agreement.  Proofpoint may be required to collect and remit Taxes from Customer, unless Customer provides Proofpoint with a valid tax exemption certificate. The amounts received by Proofpoint, after the provision for any Tax or withholding required by any country, will be equal to the amounts specified on the Purchase Order. In no event will either party be responsible for any taxes levied against the other party's net income.
    3. Payment.  Unless otherwise agreed between Customer and Reseller, all Fees due under a Purchase Order shall be due and payable within thirty (30) days of receipt of invoice. Except as otherwise expressly permitted herein, all Fees owed pursuant to a Purchase Order are non-cancellable and non-refundable for the Term. Any payment not received from Customer by the due date may accrue (except for amounts then under reasonable and good faith dispute) interest at the rate of one and one-half percent (1.5%) of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower, from the date such payment was due until the date paid. Proofpoint may decline to make any shipments of Proofpoint Products or provide Services if, in Proofpoint’s reasonable opinion, circumstances exist which raise doubt as to Customer’s ability or willingness to pay as provided herein. Failure to make timely payment may result in immediate termination of access to the Proofpoint Products. Upon default by Customer, Proofpoint will have all remedies available at law or in equity. No refunds will be made except as expressly provided for under warranties and intellectual property indemnity for the applicable Proofpoint Product.
    4. Disputed Invoices.  Customer shall have the right to withhold payment of any invoiced amounts that are disputed in good faith until the parties reach agreement with respect to such disputed amounts, and such withholding of disputed amounts shall not be deemed a breach of this Agreement nor shall any interest be paid thereon. In such case, Customer shall promptly (and in no event more than ten (10) business days from receipt of invoice) provide written notice to Proofpoint of any such dispute prior to withholding such payment, specifying in reasonable detail the nature of the dispute and the amount withheld, and shall pay all undisputed amounts set forth on such invoice in accordance with this Section. The parties will negotiate in good faith to attempt to resolve such disputes within thirty (30) days of submission of such dispute by Customer.
    5. License True-Up.  Customer shall monitor and report its actual usage of the subscription-based Proofpoint Products based on the applicable Licenses and inform Proofpoint by email at accountsreceivable@proofpoint.com of the then current actual count (“License Count”) upon the occurrence of the following events: (i) on or before any increase in the License Count equal or greater than ten percent (10%) of the then current licensed License Count and (ii) on the thirtieth (30th) day preceding each anniversary of the Effective Date. Proofpoint may also itself at any time produce an actual License Count for verification by Customer. If such number exceeds the License Count for which Customer has paid Subscription Fees (“Base License Count”) by more than five percent (5%), then Customer shall pay Proofpoint for each License beyond the Base License Count from the time such License was activated through the remainder of the Initial Term or Extension Term, as applicable.  If such number exceeds the Base License Count by five percent (5%) or less, then Customer shall pay Proofpoint for each License beyond the Base License Count from the reporting date of the count through the remainder of the Initial Term or Extension Term, as applicable.
  7. SUPPORT AND PROFESSIONAL SERVICES
    1. Proofpoint shall provide support provided Customer is current in payment of the applicable Fees and any additional fees for platinum or premium support, if applicable. Proofpoint’s current Support Services Program terms are described on Proofpoint’s website at http://www.proofpoint.com/license/.
    2. Proofpoint shall provide the Professional Services, if any, specified in one or more SOWs. All Professional Services shall be billed as stated in the applicable SOW and Customer agrees that, if Customer has not used the Professional Services within one (1) year of paying for such Professional Services, then Proofpoint has no further obligations and Customer shall not be entitled to a refund except as set forth expressly in the applicable SOW.
    3. Proofpoint warrants it will provide Professional Services in a professional and workmanlike manner consistent with good industry standards and practices. As Customer’s sole and exclusive remedy and Proofpoint’s entire liability for any breach of the foregoing warranty, Proofpoint will use reasonable efforts to re-perform the Professional Services or, if Proofpoint is unable to do so, terminate the applicable SOW and refund that portion of any Fees paid to Proofpoint or Reseller that correspond to the allegedly defective Professional Services.
  8. TERMINATION AND EXPIRATION
    1. Either party may terminate the Agreement or Product Exhibit or any Purchase Order (i) immediately upon written notice if the other party commits a non-remediable material breach; or (ii) if the other party fails to cure any remediable material breach within thirty (30) days of being of notified in writing of such breach, unless such breach is for non-payment and then within five (5) days of such notice.
    2. Either party may terminate the Agreement and each Product Exhibit immediately by written notice if no Purchase Order is in effect.
    3. On termination or expiration of the Agreement, all Software licenses and Service access granted under this Agreement shall automatically terminate with immediate effect.
    4. Unless otherwise set forth in the applicable Product Exhibit or Purchase Order, the Initial Term applicable to each Purchase Order (including follow-on orders) commences on  the later of: (i) the date Proofpoint ships a production Appliance to Customer, (ii) the date Proofpoint processes the applicable Purchase Order for a Proofpoint Product evaluated by the Customer, or (iii) for all other Proofpoint Product orders, the date Proofpoint sends to Customer an email indicating that the Proofpoint Products are available for use (to the extent each of the foregoing applies to Customer’s engagement). Upon expiration of the Initial Term under each Purchase Order the subscription term applicable to such Purchase Order shall automatically renew for Extension Terms unless otherwise agreed by the parties or either party gives the other notice of non-renewal at least thirty (30) days prior to the end of the relevant subscription term.
    5. In the event of the termination or expiration of this Agreement, the provisions of this Agreement which by their nature extend beyond the expiration or termination of this Agreement shall survive, including but not limited to Sections 2.2-2.3 (“License Restrictions”); 3 (“Confidentiality”); 4 (Data Protection); 5 (“Ownership”); 6 (“Fees, Payment and Reporting”); 8 (“Termination and Expiration”); 11 (“Limitation of Liability”); and 12 (“General”); and any accrued rights to payment shall remain in effect beyond such termination or expiration until fulfilled.
  9. INTELLECTUAL PROPERTY INDEMNITY
    1. Duty to Indemnify & Hold Harmless.  Subject to Section 9.3 below, Proofpoint agrees to defend and indemnify Customer from and against any third-party claim filed against Customer in Australia, Canada, the European Union, New Zealand, Switzerland, the United States or United Kingdom alleging that the Proofpoint Product(s), as sold and delivered to Customer (the “Indemnified Products”), directly infringe the valid intellectual property rights of a third party (a “Claim”). Proofpoint agrees to pay and hold Customer harmless against any amounts finally awarded by a court of law in respect of such Claim or pursuant to its signed settlement. Proofpoint may, at its sole election and expense: (i) procure sufficient rights to allow Customer continued use and exploitation of the Indemnified Products under the terms of this Agreement; (ii) replace or modify the Indemnified Products to avoid the alleged infringement; or (iii) if the foregoing options are not reasonably practicable, terminate Customer’s rights to use the Indemnified Products and refund all amounts paid by Customer to Proofpoint attributable to Customers’ future usage or access to the Indemnified Products.
    2. Exclusions.  Proofpoint shall have no obligation or any liability to Customer for any Claim arising out of or related to: (i) modification or adaptation to the Indemnified Products made by Customer or Customer’s agents; (ii) the use of the Indemnified Products in combination with any other product, service or device, if the Claim would have been avoided by the use of the Indemnified Products without such other product, service or device not provided by Proofpoint to Customer or Customer’s agents; (iii) compliance with Customer’s specific instructions for customization of an Indemnified Product made solely for or on behalf of Customer; (iv) use or exploitation of the Indemnified Products other than as set forth in this Agreement or applicable Proofpoint Documentation; or (v) Customer is given an update, modification, or replacement to Indemnified Products by Proofpoint and fails to implement within a reasonable period of time.
    3. Process.  Proofpoint’s obligations under this Section 9 are conditioned upon the following: (i) Customer first providing written notice of the Claim to Proofpoint within thirty (30) days after Customer becomes aware of or reasonably should have been aware of the Claim (provided, however, the failure to provide such notice will only relieve Proofpoint of its indemnity obligations hereunder to the extent Proofpoint is prejudiced thereby); (ii) Customer tendering sole and exclusive control of the Claim to Proofpoint at the time Customer provides written notice of such Claim to Proofpoint, and (iii) Customer providing reasonable assistance, cooperation and required information with respect to defense and/or settlement of the Claim, including Customer providing Proofpoint with access to documents and personnel at Proofpoint’s request and expense. Customer may at its sole expense participate in the Claim, except that Proofpoint will retain sole control of the defense and/or settlement. Proofpoint shall not agree to any settlement of a Claim that includes an injunction against Customer or admits Customer liability without Customer’s prior written consent, which consent shall not be unreasonably withheld, conditioned or delayed.
    4. The foregoing is the sole and exclusive remedy of Customer and the entire liability of Proofpoint with respect to any Claim.
  10. WARRANTIES, REMEDIES AND DISCLAIMERS
    1. Each party represents and warrants that (i) it has the legal power to enter into and perform under this Agreement; and (ii) it shall comply with all applicable laws in its performance hereunder.
    2. Warranties specific to each Proofpoint Product shall be set forth in an applicable Product Exhibit, executed by both parties.
    3. EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH ABOVE AND IN EACH PRODUCT EXHIBIT, PROOFPOINT AND PROOFPOINT LICENSORS DISCLAIM ANY AND ALL OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AS WELL AS ANY WARRANTIES OF REGULATORY COMPLIANCE, PERFORMANCE, ACCURACY, RELIABILITY, AND NONINFRINGEMENT. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THE AGREEMENT. SOME STATES DO NOT ALLOW LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS SO THE FOREGOING LIMITATIONS MAY NOT APPLY TO CUSTOMER.
  11. LIMITATION OF LIABILITY
    1. EXCEPT FOR (i) INTELLECTUAL PROPERTY INDEMNIFICATION OBLIGATIONS; (ii) DAMAGES RESULTING FROM EITHER PARTY’S GROSS NEGLIGENCE, FRAUD OR WILLFUL MISCONDUCT; (iii) DAMAGES RESULTING FROM EITHER PARTY’S MATERIAL BREACH OF SECTION 3 (CONFIDENTIALITY); (iv) CUSTOMER’S BREACH OF SECTION 2.2 (“RESTRICTIONS”), OR (v) CUSTOMER’S PAYMENT OBLIGATIONS, EACH PARTY’S AGGREGATE LIABILITY UNDER THIS AGREEMENT SHALL IN NO EVENT EXCEED THE ANNUALIZED SUBSCRIPTION FEES PAID FOR THE APPLICABLE PROOFPOINT PRODUCT.
    2. EXCEPT FOR (i)  DAMAGES RESULTING FROM EITHER PARTY’S MATERIAL BREACH OF SECTION 3 (“CONFIDENTIALITY”) OR (ii) CUSTOMER’S BREACH OF SECTION 2.2 (“RESTRICTIONS”), IN NO EVENT SHALL EITHER PARTY OR ITS LICENSORS OR SUPPLIERS HAVE ANY LIABILITY TO THE OTHER OR ANY THIRD PARTY FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS, LOSS OF DATA, BUSINESS INTERRUPTION, OR COVER DAMAGES OR LOSSES, ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, HOWEVER CAUSED AND WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY AND WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    3. THE LIMITATION OF LIABILITY AND EXCLUSION OF CERTAIN DAMAGES STATED HEREIN WILL APPLY REGARDLESS OF THE FAILURE OF ESSENTIAL PURPOSE OF ANY REMEDY. BOTH PARTIES HEREUNDER SPECIFICALLY ACKNOWLEDGE THAT THESE LIMITATIONS OF LIABILITY ARE REFLECTED IN THE PRICING.
  12. GENERAL
    1. Government End-User Notice.  This Section shall apply only if Customer is a federal government entity. The Proofpoint Products are deemed commercially available hosted services and commercial computer software as defined in FAR 12.212 (Software) and/or commercially available technical data as defined in FAR 12.211 (Technical Data), and are subject to Proofpoint’s commercial licensing/use terms, as required by and FAR 52.227-19 (Commercial Computer Licensed Software – Restricted Rights) and, for Department of Defense transactions, DFAR 252.227-7015 (Technical Data – Commercial Items) and DFAR 227.7202-3 (Rights in Commercial Computer Software or Computer Software Documentation). If greater rights are needed, a mutually acceptable written addendum specifically conveying such rights must be included in this Agreement.
    2. Publicity.  Neither party may issue press releases or otherwise publicize the parties’ relationship without the other party’s prior written consent.
    3. Independent Contractors; Relationship with Third Parties.  The parties are independent contractors, and no partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties is created hereby. There are no third-party beneficiaries to this Agreement.
    4. All notices shall be in writing to the General Counsel of each party’s address on the signature page of this Agreement (or as updated by a party in writing to the other) and effective upon receipt.
    5. Entire Agreement; Integration.  This Agreement constitutes the entire agreement of the parties and supersedes all prior or contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. No amendment or waiver of any provision of this Agreement shall be effective unless in writing and signed by the party against whom the amendment or waiver is to be asserted.  Notwithstanding any language to the contrary therein, any purchase order issued by Customer or Reseller shall be deemed a convenient order and payment device only and no terms (other than product name, license quantity, price, subscription term, and billing contact) stated in any purchase order shall be incorporated into this Agreement, and all such other terms shall be void and of no effect.  In the event of any conflict between the Agreement, each Product Exhibit, SOW (if applicable), and/or Purchase Order, the order of precedence will be the following: the applicable Product Exhibit(s), SOW(s), this Agreement, and then the applicable Purchase Order(s).
    6. Waiver.  No failure or delay in exercising any right hereunder shall constitute a waiver of such right. Except as otherwise provided, remedies provided herein are in addition to, and not exclusive of, any other remedies of a party at law or in equity. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, such provision shall be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions shall remain in effect.
    7. Force Majeure.  Neither party shall be liable to the other for any delay or failure to perform hereunder (excluding payment obligations) due to circumstances beyond such party's reasonable control, including acts of God, acts of government, flood, fire, earthquakes, civil unrest, acts of terror, strikes or other labor problems (excluding those involving such party's employees), service disruptions involving hardware, software or power systems not within such party's possession or reasonable control, and denial of service attacks.
    8. Assignment.  Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other (not to be unreasonably withheld). Notwithstanding the foregoing, either party may assign this Agreement in its entirety (including all Product Exhibits hereunder) upon written notice, without consent of the other party, to its successor in interest in connection with a merger, reorganization, or sale of all or substantially all assets or equity not involving a direct competitor of the other party.
    9. Export Restrictions.  Each party agrees to comply with all applicable regulations of the United States Department of Commerce and with the United States Export Administration Act, as amended from time to time, and with all applicable laws and regulations of other jurisdictions with respect to the importation and use of the Proofpoint Products and Proofpoint Confidential Information and any media.
    10. Applicable Law.
      1. If Customer is in any country on the American continent, this Agreement will be governed by the laws of the State of California and the United States of America, without regard to conflict of law principles. The parties hereby irrevocably consent to the exclusive jurisdiction and venue of the state and federal courts located in Santa Clara County, California, for resolution of any disputes arising out of this Agreement.
      2. If Customer is in any country outside the American continent, this Agreement will be governed by the laws of the England and Wales, without regard to conflict of law principles. The parties hereby irrevocably consent to the exclusive jurisdiction and venue of the High Court of Justice,  located in London, England, for resolution of any disputes arising out of this Agreement.
      3. The United Nations Convention on Contracts for the International Sale of Goods shall not apply to this Agreement.
    11. Counterparts. This Agreement and each Product Exhibit may be executed by facsimile and in counterparts.
    12. Headings; Language.  All headings used herein are for convenience of reference only and will not in any way affect the interpretation hereof. The English language version of this Agreement controls. It is the express wish of both parties that this Agreement, and any associated documentation, be written and signed in English.

LIST OF PRODUCT EXHIBITS

DIGITAL RISK PRODUCTS EXHIBIT

Digital Risk Products are:  Domain Discover for Digital Risk, Mobile Discover, Social Archiver, Social Anglerphish, Social Discover, Social Patrol, Social Sight, and Social Syndicate, and any future names or bundles by which Proofpoint identifies and makes available these Products.  When Digital Risk products are licensed by the Customer the following additional terms apply (the ‘Digital Risk Products Exhibit (“Exhibit”)’). Capitalized terms used in this Exhibit without separate definition shall have the meaning specified in the Agreement.

  1. TERMS OF USE.  Proofpoint’s Digital Risk Products are SaaS products and are made available to Customer and its Affiliates in accordance with the Agreement, Purchase Order, this Exhibit and the Documentation.   Customer’s right to use the Proofpoint Product is limited to the maximum number of Licenses for each module and any other limitations specified in this Exhibit and each Purchase Order and/or Quote.
  2. CUSTOMER RESPONSIBILITIES.  Customer is responsible for (i) all activities conducted under its User logins; (ii) obtaining and maintaining any necessary equipment and configurations set forth in the Documentation; and (iii) complying with all applicable laws, rules and regulations, and acquiring all necessary data subject consents.  Customer is responsible for maintaining the user accounts and the security of its user names and passwords at the user level and for promptly changing or deleting any user name or password that Customer believes may have been compromised. Proofpoint reserves the right to institute password requirements (such as the length of password or the required use of numbers, symbols etc.) and to refuse registration of, or cancel passwords it deems inappropriate.  "Customer Equipment" means Customer’s computer hardware, software and network infrastructure used to access the Proofpoint Products.
  3. THIRD PARTY SERVICES.  The Proofpoint Products may allow Customer to interface with a variety of third party software or services (e.g., Facebook, Twitter, LinkedIn).  No endorsement of any such service should be inferred as a result of any integration with the Proofpoint Products and Proofpoint is not responsible for the data, operation or functionality of such third-party services. While Proofpoint may, in its sole discretion, customize the Proofpoint Products to interoperate with various third party services: (i) Customer is responsible for complying with the terms and policies of each such third-party service including, without limitation, any payment obligations related thereto; and (ii) Proofpoint cannot guarantee that such third-party services will continue to interoperate with the Service.
  4. SECURITY.  Proofpoint maintains commercially reasonable safeguards to protect the security and integrity of customer data. Such safeguards include commercially reasonable (a) backup and recovery procedures, (b) firewalls and access controls designed to prevent unauthorized access to the Services, and (c) using a SSAE 16 SOC 2 certified (or equivalent) data center.
  5. WARRANTIES.
    1. Proofpoint warrants that the Proofpoint Products will substantially conform in all material respects in accordance with the Documentation.  Customer will provide prompt written notice of any non-conformity. Proofpoint may modify the Documentation in its sole discretion, provided the functionality of the Proofpoint Products will not be materially decreased during the Term. As Customer’s sole and exclusive remedy and Proofpoint’s entire liability for any breach of the foregoing warranty, Proofpoint will (i) use reasonable efforts to fix, provide a work around, or otherwise repair or replace the Proofpoint Products or, if Proofpoint is unable to do so, (ii) terminate this Exhibit and return the Subscription Fees paid to Proofpoint or Reseller for such allegedly defective Proofpoint Products for the period commencing from Customer’s notice of nonconformity through the remainder of the Initial Term or Extension Term, as applicable.
    2. Proofpoint warrants that the Digital Risk Products will meet the requirements set forth in the Proofpoint Digital Risk Service Level Agreement (“SLA”), as described on Proofpoint’s website at http://www.proofpoint.com/license. In the event of a breach of the foregoing warranty, as Customer’s sole and exclusive remedy, Proofpoint will provide the remedy set forth in the respective SLA.
    3. PROOFPOINT DOES NOT WARRANT THAT THE PROOFPOINT PRODUCTS WILL PROTECT AGAINST ALL POSSIBLE THREATS OR ATTACKS; NOR DOES IT MAKE ANY WARRANTY AS TO THE DATA OR RESULTS THAT MAY BE OBTAINED FROM USE OF THE SERVICES.  CUSTOMER ACKNOWLEDGES THAT PROOFPOINT ANALYZES DATA THAT IS MADE AVAILABLE PUBLICLY THROUGH THE INTERNET AND THAT PROOFPOINT MAKES NO REPRESENTATIONS WITH RESPECT THERETO.

INFORMATION & COMPLIANCE PRODUCTS EXHIBIT

Information & Compliance Products are Archive, Archiver, Compliance Gateway, Content Collection, eDiscovery Analytics, Governance, and Supervision, and any future names or bundles by which Proofpoint identifies and makes available these Products.   When Information & Compliance Products are licensed by the Customer the following additional terms apply (the ‘Information & Compliance Products Exhibit (“Exhibit”)’). Capitalized terms used in this Exhibit without separate definition shall have the meaning specified in the Agreement.  

  1. TERMS OF USE.  Proofpoint shall make the Proofpoint Product available to Customer and its Affiliates in accordance with the Agreement, Purchase Order, this Exhibit and the Documentation.   Customer’s right to use the Proofpoint Product is limited to the maximum number of Licenses for each module, the deployment type (Appliance, Software, or  Service (SaaS)), and any other limitations specified in this Exhibit, including Schedule 1, and each Purchase Order and/or Quote.
  2. WARRANTIES; DISCLAIMERS.
    1. Appliance Warranty.  Proofpoint warrants to Customer that the physical Appliance will be free from defects in materials and workmanship, under normal intended use, for the period and under the terms described at https://www.proofpoint.com/us/support/email-appliance-warranty-eol (“Appliance Warranty”).  Customer will provide prompt written notice of any non-conformity during the Appliance Warranty period.  Provided that Proofpoint receives such timely notification, Customer’s sole and exclusive remedy and Proofpoint’s entire liability for any breach of the foregoing warranty is to ship a replacement Appliance.  If the Appliance is replaced, such replacement Appliance is warranted for the unexpired portion of the original Appliance Warranty.  If the Appliance is damaged due to Customer’s negligence or willful misconduct, Customer will be responsible for all shipping and repair costs. Otherwise, Proofpoint will be responsible for all shipping costs related to shipping the replacement Appliance to Customer. Any Appliance that is replaced becomes the property of Proofpoint.   Proofpoint will not be responsible for Customer’s or any third party’s software, firmware, information, or data contained in or stored on any Appliance returned to Proofpoint, whether under warranty or not.  This Appliance Warranty does not apply to (a) an Appliance that is improperly installed or used in a manner other than as authorized under the Agreement, to the extent such improper installation or use cause the breach of warranty; (b) an Appliance that has been modified or repaired by Customer or any party other than Proofpoint, to the extent such modifications cause the breach of warranty; (c) an Appliance that is damaged due to Customer’s mishandling, abuse, negligence, or improper storage, servicing or operation; or (d) an Appliance that is damaged due to power failures, surges, lightning strikes, fire, flood, accident, and actions of third parties or other events outside Proofpoint’s reasonable control. 
    2. SaaS Warranty.  Proofpoint warrants that the Services will substantially conform in all material respects in accordance with the Services Documentation (“SaaS Warranty”).  Customer will provide prompt written notice of any non-conformity. Proofpoint may modify the Services Documentation in its sole discretion, provided the functionality of the Services will not be materially decreased during the Term. As Customer’s sole and exclusive remedy and Proofpoint’s entire liability for any breach of the SaaS Warranty, Proofpoint will (i) use reasonable efforts to fix, provide a work around, or otherwise repair or replace the Service or, if Proofpoint is unable to do so, (ii) terminate this Exhibit and return the Subscription Fees paid to Proofpoint or Reseller for such allegedly defective Services for the period commencing from Customer’s notice of nonconformity through the remainder of the Initial Term or Extension Term, as applicable.
    3. Software Warranty.  Proofpoint warrants that for a period of three (3) months following delivery of the Software to Customer it will function in substantial conformance in all material respects with the Documentation (“Software Warranty”).  Proofpoint may modify the Documentation in its sole discretion, provided the functionality of the Software will not be materially decreased during the Term.  Customer will provide prompt written notice of any non-conformity. The Software Warranty does not apply to: (a) Software that has been modified by any party other than Proofpoint; or (b) Software that has been improperly installed or used in a manner other than as authorized under the Agreement to the extent such modification(s) or improper installation cause the Software to be nonconforming.  As Customer’s sole and exclusive remedy and Proofpoint’s entire liability for any breach of the foregoing warranty, Proofpoint will (i) use reasonable efforts to fix, provide a work around, or otherwise repair or replace the Software or, if Proofpoint is unable to do so, (ii) terminate this Exhibit and return the Subscription Fees paid to Proofpoint or Reseller for such allegedly defective Software for the period commencing from Customer’s notice of nonconformity through the remainder of the Initial Term or Extension Term, as applicable.  If the non-conforming Software was included with an Appliance and if, in the parties’ reasonable judgment, the functionality or utility of the physical Appliance is materially impacted as a result of Proofpoint’s termination of Customer’s right to use the non-conforming Software under this Section IC 2.3, Customer may return the physical Appliance in accordance with the return provisions specified in Section IC 2.1 and Proofpoint will refund the fees paid to Proofpoint for such physical Appliance. If Customer has purchased the physical Appliance through a Reseller, then Reseller shall refund the foregoing fees to Customer.
    4. SEC Rule 17a-4 Warranty.  Proofpoint warrants that the Archive storage media meets the conditions set forth in SEC Rule 17a-4 paragraph f (2) (ii),  which requires electronic storage media to (i) preserve the records exclusively in a non-rewriteable, non-erasable format; (ii) verify automatically the quality and accuracy of the storage media recording process; (iii) serialize the original and, if applicable, duplicate units of storage media, and time-date for the required period of retention the information placed on such electronic storage media; and (iv) have the capacity to readily download indexes and records preserved on the electronic storage media to any medium acceptable as required by the SEC or the self-regulatory organizations of which the member, broker, or dealer is a member.
    5. PROOFPOINT DOES NOT WARRANT THAT THE PROOFPOINT PRODUCTS WILL MEET CUSTOMER’S REQUIREMENTS OR THAT EMAIL WILL NOT BE LOST. PROOFPOINT DOES NOT WARRANT THE OPERATION OF THE PROOFPOINT PRODUCTS WILL BE UNINTERRUPTED OR ERROR-FREE or that all Software errors will be corrected.
  3. APPLIANCE SHIPMENT, DELIVERY, TITLE, RISK OF LOSS.   Proofpoint will ship the physical Appliance Ex Works (Proofpoint’s facility), as defined by Incoterms 2010.  Unless specified in advance by Customer, Proofpoint will select the carrier in its own discretion.  Customer will be responsible for all freight, packing, duties, import fees and related taxes, insurance and other shipping-related expenses from Proofpoint’s location.  Title to the physical Appliance (excluding any software or firmware embedded in the Appliance) and risk of loss will pass to Customer upon Proofpoint‘s delivery of the physical Appliance to the carrier.  Any Software Updates shall be delivered via file transfer protocol unless physical shipment (e.g. compact disk) is specifically requested by Customer.
  4. SERVICE LEVEL AGREEMENT.  Proofpoint provides a Service Level Agreement (“SLA”) for some of the Proofpoint Services.  The SLA is posted on Proofpoint’s website at http://www.proofpoint.com/license.  In the event of a breach of the foregoing warranty, as Customer’s sole and exclusive remedy, Proofpoint will provide the remedy set forth in the respective SLA.
  5. DISPOSITION OF DATA UPON TERMINATION.
    1. Archive.  Upon termination or expiration of Customer’s license to use the Proofpoint Product, for a period of thirty (30) days after termination or expiration (“Wind Down Period”) Customer may continue to access and retrieve its data that has been stored in the Archive product prior to termination.  During the Wind Down Period, Customer may not use the Proofpoint Product to archive new email messages. For an additional fee, Proofpoint will export customer’s data for delivery to Customer on standard storage media.  If Proofpoint has not received a written request from Customer to export customer’s data prior to the end of the Wind Down Period, Proofpoint will initiate the removal of customer’s data in such a manner that it cannot be restored in human readable form from any and all storage mediums (including backups), which will be completed within thirty (30) days.
    2. Content Collection and Compliance Gateway.  When Customer’s license to use the Proofpoint Product ceases Proofpoint will delete all backed-up Customer configuration settings and Customer metadata from Proofpoint systems within thirty (30) days.
    3. Governance.  Upon termination or expiration of Customer’s license to use the Proofpoint Product, for a period of thirty (30) days after termination or expiration (“Wind Down Period”) Customer may continue to access and retrieve customer data that has been stored in the Proofpoint Product prior to termination.  During the Wind Down Period, Customer may not use the Proofpoint Product to manage new or additional documents. At the end of the Wind Down Period, Proofpoint will initiate the removal of customer’s data in such a manner that it cannot be restored in human readable form from any and all storage mediums (including backups), which will be completed within thirty (30) days.

PROOFPOINT SECURITY PRODUCTS EXHIBIT

Security Products are: Cloud Account Defense (CAD), Cloudmark Authority, Cloudmark  Safe Messaging Cloud (SMC), Cloudmark Security Platform, and Cloudmark Spam Reporting Service (SRS), Continuity, Data Discover, Domain Discover, Email Data Loss Prevention (DLP), Email Encryption, Email Brand Defense, Email Fraud Defense, Email Protection, Emerging Threats Intelligence Query, Emerging Threats Pro Ruleset, Emerging Threats Reputation, Internal Mail Defense (IMD), Mail Routing Agent (MRA), PhishAlarm, PhishAlarm Analyzer, Cloud App Security Broker (CASB), Secure Share, Targeted Attack Protection (TAP), TAP Isolation – Personal Browsing Defense, TAP Isolation – Personal Webmail Defense, Threat Response, Threat Response Auto Pull, ThreatSim and Wombat Security Training Modules, and any future names or bundles by which Proofpoint identifies and makes available these Products.  When Security Products are licensed by the Customer the following additional terms apply (the Security Products Exhibit (“Exhibit”)’). Capitalized terms used in this Exhibit without separate definition shall have the meaning specified in the Agreement.

  1. TERMS OF USE.  Proofpoint shall make the Proofpoint Product available to Customer and its Affiliates in accordance with the Agreement, Purchase Order, this Exhibit and the Documentation. Customer’s right to use the Proofpoint Product is limited to the maximum number of Licenses for each module, the deployment type (Appliance, Software, or Service (SaaS)), and any other limitations specified in this Exhibit, including the Product Specific Terms in Schedule 1, and each Purchase Order and/or Quote.
  2. WarrantIES.
    1. Appliance Warranty.  Proofpoint warrants to Customer that the physical Appliance will be free from defects in materials and workmanship, under normal intended use, for the period and under the terms described at https://www.proofpoint.com/us/support/email-appliance-warranty-eol (“Appliance Warranty”). Customer will provide prompt written notice of any non-conformity during the Appliance Warranty period. Provided that Proofpoint receives such timely notification, Customer’s sole and exclusive remedy and Proofpoint’s entire liability for any breach of the foregoing warranty is to ship a replacement Appliance. If the Appliance is replaced, such replacement Appliance is warranted for the unexpired portion of the original Appliance Warranty. If the Appliance is damaged due to Customer’s negligence or willful misconduct, Customer will be responsible for all shipping and repair costs. Otherwise, Proofpoint will be responsible for all shipping costs related to shipping the replacement Appliance to Customer. Any Appliance that is replaced becomes the property of Proofpoint.   Proofpoint will not be responsible for Customer’s or any third party’s software, firmware, information, or data contained in or stored on any Appliance returned to Proofpoint, whether under warranty or not. This Appliance Warranty does not apply to (a) an Appliance that is improperly installed or used in a manner other than as authorized under the Agreement, to the extent such improper installation or use cause the breach of warranty; (b) an Appliance that has been modified or repaired by Customer or any party other than Proofpoint, to the extent such modifications cause the breach of warranty; (c) an Appliance that is damaged due to Customer’s mishandling, abuse, negligence, or improper storage, servicing or operation; or (d) an Appliance that is damaged due to power failures, surges, lightning strikes, fire, flood, accident, and actions of third parties or other events outside Proofpoint’s reasonable control.
    2. SaaS Warranty.  Proofpoint warrants that the Services will substantially conform in all material respects in accordance with the Services Documentation (“SaaS Warranty”). Customer will provide prompt written notice of any non-conformity. Proofpoint may modify the Services Documentation in its sole discretion, provided the functionality of the Services will not be materially decreased during the Term. As Customer’s sole and exclusive remedy and Proofpoint’s entire liability for any breach of the SaaS Warranty, Proofpoint will (a) use reasonable efforts to fix, provide a work around, or otherwise repair or replace the Service or, if Proofpoint is unable to do so, (b) terminate this Exhibit and return the Subscription Fees paid to Proofpoint or Reseller for such allegedly defective Services for the period commencing from Customer’s notice of nonconformity through the remainder of the Initial Term or Extension Term, as applicable.
    3. Software Warranty.  Proofpoint warrants that for a period of three (3) months following delivery of the Software to Customer it will function in substantial conformance in all material respects with the Documentation (“Software Warranty”).  Proofpoint may modify the Documentation in its sole discretion, provided the functionality of the Software will not be materially decreased during the Term.  Customer will provide prompt written notice of any non-conformity. The Software Warranty does not apply to: (a) Software that has been modified by any party other than Proofpoint; or (b) Software that has been improperly installed or used in a manner other than as authorized under the Agreement to the extent such modification(s) or improper installation cause the Software to be nonconforming. As Customer’s sole and exclusive remedy and Proofpoint’s entire liability for any breach of the foregoing warranty, Proofpoint will (x) use reasonable efforts to fix, provide a work around, or otherwise repair or replace the Software or, if Proofpoint is unable to do so, (y) terminate this Exhibit and return the Subscription Fees paid to Proofpoint or Reseller for such allegedly defective Software for the period commencing from Customer’s notice of nonconformity through the remainder of the Initial Term or Extension Term, as applicable.  If the non-conforming Software was included with an Appliance and if, in the parties’ reasonable judgment, the functionality or utility of the physical Appliance is materially impacted as a result of Proofpoint’s termination of Customer’s right to use the non-conforming Software under this Section SP 2.3, Customer may return the physical Appliance in accordance with the return provisions specified in Section SP 2.1 and Proofpoint will refund the fees paid to Proofpoint for such physical Appliance. If Customer has purchased the physical Appliance through a Reseller, then Reseller shall refund the foregoing fees to Customer.
    4. Disclaimer. PROOFPOINT DOES NOT WARRANT THE ACCURACY OF THE INTENDED EMAIL BLOCKING OF ANY MAIL MESSAGE, THAT THE PROOFPOINT PRODUCTS (SOFTWARE, APPLIANCE, OR SERVICE) WILL MEET CUSTOMER’S REQUIREMENTS OR THAT EMAIL WILL NOT BE LOST OR THAT THE PROOFPOINT PRODUCTS WILL NOT GIVE FALSE POSITIVE OR FALSE NEGATIVE RESULTS OR THAT ALL SPAM AND VIRUSES WILL BE ELIMINATED OR THAT LEGITIMATE MESSAGES WILL NOT BE OCCASIONALLY QUARANTINED AS SPAM. PROOFPOINT DOES NOT WARRANT THE OPERATION OF THE PROOFPOINT PRODUCTS WILL BE UNINTERRUPTED OR ERROR-FREE or that all Software errors will be corrected.
  3. APPLIANCE Shipment, Delivery, Title, Risk of Loss.  Proofpoint will ship the physical Appliance Ex Works (Proofpoint’s facility), as defined by Incoterms 2010. Unless specified in advance by Customer, Proofpoint will select the carrier in its own discretion. Customer will be responsible for all freight, packing, duties, import fees and related taxes, insurance and other shipping-related expenses from Proofpoint’s location. Title to the physical Appliance (excluding any software or firmware embedded in the Appliance) and risk of loss will pass to Customer upon Proofpoint‘s delivery of the physical Appliance to the carrier. Any Software Updates shall be delivered via file transfer protocol unless physical shipment (e.g. compact disk) is specifically requested by Customer.
  4. SERVICE LEVEL AGREEMENT.  Proofpoint provides a Service Level Agreement (“SLA”) for some of the Proofpoint Services. The SLA is posted on Proofpoint’s website at http://www.proofpoint.com/license. In the event of a breach of the foregoing warranty, as Customer’s sole and exclusive remedy, Proofpoint will provide the remedy set forth in the respective SLA.
  5. PROOFPOINT’S LICENSE.
    1. During the Term of the Agreement Customer hereby grants to Proofpoint and its service providers a worldwide, limited term license to collect and process certain Customer Confidential Information, Customer Data and Personal Data for: (a) abuse and threat awareness, detection and prevention, (b) compliance, and (c) security purposes; in accordance with the Agreement.
    2. Customer acknowledges and agrees that development of Threat Analytics from Proofpoint’s ecosystem is critical to the functionality of the Proofpoint Products.   Customer hereby grants a worldwide license to Proofpoint to collect Threat Analytics during the Term of the Agreement.   Further, Customer hereby grants a worldwide license to Proofpoint to use Threat Analytics to maintain, improve and enhance Proofpoint services; provided that if Customer provides written legal notice to Proofpoint on or after expiration or termination of the applicable Proofpoint Services instructing Proofpoint to delete any Personal Data included in Threat Analytics it will be deleted within 18 months of such notice. This Section SP 5.2 survives termination and expiration of the Agreement.

SCHEDULE 1

PRODUCT SPECIFIC TERMS

Cloudmark Products.  Cloudmark Products include Cloudmark Authority, Cloudmark Safe Messaging Cloud (SMC), and Cloudmark Spam Reporting Service (SRS).  Notwithstanding anything to the contrary in the Agreement, the parties hereby agree that Work Product resulting from Professional Services for Cloudmark Products includes Customer configurations.  Proofpoint grants to Customer a license to such Work Product (including Customer configurations) pursuant to Section 5.1 of the Agreement.  Additionally, Customer acknowledges that use of the “Cloudmark Network Feedback System” involves sending unencrypted Customer e-mail and spam samples into this system. This process is optional for the Customer and only occurs for an email message when a User chooses to click on the “This is Spam” button or the “This is NOT spam” button for a given email message.  Proofpoint analyses theses spam reports and unblock reports in order to increase the accuracy of the Proofpoint Product.

Continuity.  Continuity is licensed on a User basis. Customer acknowledges that Continuity is only to serve as a secondary, emergency failover option in the event of failure of Customer’s email service, and not to serve as a primary email archive solution or a primary failover solution. Customer is required to have a current subscription for Proofpoint email protection to use Continuity. Customer is responsible for: (i) all activities conducted under its User logins; and (ii) obtaining and maintaining any Customer Equipment and any ancillary services needed to connect to, access or otherwise use Continuity and ensuring that the Customer Equipment and any ancillary services are compatible with Continuity and comply with all configuration requirements set forth in Continuity’s Documentation; and (iii) supporting and resolving any password reset issues for Continuity for Customer’s Users. Customer is solely responsible for any damage or loss to a third party resulting from the Customer's own use of the Proofpoint Product in violation of: (a) applicable law; or (b) the terms and conditions of the Agreement.

Continuity Plus.  Continuity Plus is licensed on a User basis Customer must: (i) enable the email journaling feature within Customer’s Microsoft Exchange Server, or Microsoft Office 365 service; and (ii) ensure that the Customer’s network has proper policies to allow journaling emails to be transmitted to the Proofpoint hostnames and IP addresses for Continuity Plus. This feature for emergency storage of outbound and intra-domain email is only supported for select versions of Microsoft Exchange Server and Microsoft Office 365. Customer is solely responsible for any damage or loss to a third party resulting from the Customer's own use of the Proofpoint Product in violation of: (a) applicable law; or (b) the terms and conditions of the Agreement.

Domain Discover.  Customer is responsible for (i) all activities conducted under its User logins; (ii) obtaining and maintaining any necessary equipment and configurations set forth in the Documentation; and (iii) complying with all applicable laws, rules and regulations, and acquiring all necessary data subject consents. Customer is responsible for maintaining the user accounts and the security of its user names and passwords at the user level and for promptly changing or deleting any user name or password that Customer believes may have been compromised. Proofpoint reserves the right to institute password requirements (such as the length of password or the required use of numbers, symbols etc.) and to refuse registration of, or cancel passwords it deems inappropriate. The Proofpoint Products may allow Customer to interface with a variety of third party software or services (e.g., Facebook, Twitter, LinkedIn). No endorsement of any such service should be inferred as a result of any integration with the Proofpoint Products and Proofpoint is not responsible for the data, operation or functionality of such third-party services. While Proofpoint may, in its sole discretion, customize the Proofpoint Products to interoperate with various third-party services: (a) Customer is responsible for complying with the terms and policies of each such third-party service including, without limitation, any payment obligations related thereto; and (b) Proofpoint cannot guarantee that such third-party services will continue to interoperate with the Service.

Email Protection.  Email Protection is licensed on a User basis. When using Email Protection Customer is responsible for all activities conducted under its user logins. Email Protection is for use with normal business messaging traffic only, and Customer shall not use Email Protection for the machine generated message delivery of bulk or unsolicited emails or emails sent from an account not assigned to an individual. Customer is responsible for maintaining the outbound email filtering Email Protection configuration settings to block emails identified by Proofpoint as either containing a virus or having a spam score of ninety-five (95) or higher. If Proofpoint has reason to believe that Customer has modified the outbound email configuration setting, Proofpoint reserves the right to monitor and reset such settings. Customer is solely responsible for any damage or loss to a third party resulting from the Customer's own use of the Proofpoint Product in violation of: (a) applicable law; or (b) the terms and conditions of the Agreement. Each User must be assigned a separate account on Customer’s email server for sending or receiving messages or data within Customer’s email system or network.

Mail Routing Agent.  Customer is responsible for maintaining the outbound email filtering MRA configuration settings established by Proofpoint to filter and block emails identified by Proofpoint as either containing a virus or having a spam score of 95 or higher. If Proofpoint has reason to believe that Customer has modified the outbound email configuration setting, Proofpoint reserves the right to monitor and reset such settings.

PhishAlarm & PhishAlarm Analyzer.  PhishAlarm & PhishAlarm Analyzer do not filter, scan, analyze or determine if any email received by any User of the PhishAlarm Software is a phishing attack.  Other Proofpoint Products provide these functions. "User" means Customer's and its Affiliates' employees, agents, contractors, consultants or other individuals licensed to use the Proofpoint Product.

Targeted Attack Protection (TAP).  TAP is licensed on a User basis. Customer is solely responsible for any damage or loss to a third party resulting from the Customer's own use of the Proofpoint Product in violation of: (a) applicable law; or (b) the terms and conditions of the Agreement.

Threat Response.  Threat Response is licensed on a User basis and interoperates with certain supported: (i) third-party data sources (“Event Source”); and (ii) third-party security enforcement platforms (e.g. firewalls, and web proxy servers) (“Enforcement Device”).  As between Proofpoint and Customer, Proofpoint shall have no liability whatsoever with respect to the accuracy, availability, or quality of Event Sources or Enforcement Devices. Customer may configure additional Event Sources and Enforcement Devices as needed by Customer in connection to Customer’s use of Threat Response.  Customer is solely responsible for any damage or loss to a third party resulting from the Customer's own use of the Proofpoint Product in violation of: (a) applicable law; or (b) the terms and conditions of the Agreement.

Threat Response Auto Pull.  Threat Response Auto Pull is licensed on a User basis and may only be integrated with either Microsoft Exchange Server, Microsoft Office 365, Google Gmail or IBM Domino as an Enforcement Device and can only be used with the following data Event Sources: Proofpoint TAP, FireEye EX, Proofpoint Smart Search results, Splunk (events for email quarantine only) and JSON (events for email quarantine only). Upon written notice (via email) to Customer’s Named Support Contact from Proofpoint, Customer will send a copy of its specific TRAP system configuration to Proofpoint for review.  Customer is solely responsible for any damage or loss to a third party resulting from the Customer's own use of the Proofpoint Product in violation of: (a) applicable law; or (b) the terms and conditions of the Agreement.

ThreatSim.  Customer may only conduct simulated phishing emails to domains owned by the Customer as set forth in the Purchase Order. Customer may include in the simulated phishing emails logos, customer names, e-mail addresses of Users and any other identifying information (“Customer Information”). Customer represents and warrants that it has the right to distribute, reproduce, publish, upload, use the Customer Information.

TAP Isolation – Personal Browsing Defense & Personal Webmail Defense.  Personal Browsing Defense and Personal Webmail Defense are both licensed on a User basis.  Customer will not use either TAP Isolation product to monitor any User’s internet activities and will not allow Users to transmit through or post on either TAP Isolation product infringing, defamatory, threatening or offensive material.

Wombat Security Training Modules. Wombat Security Training Modules enable Customer to send security awareness training to Users to teach Users secure behavior.  On-premise versions of the Training Modules can also be provided.  Training Modules are compatible with single SCO SCORM 1.2 and 2004 compliant Learning Management Systems, controlled by the Customer.

Agreement version Dec. 11, 2018.