The terms and conditions of this Subscription Agreement, including the Exhibits attached hereto, and the Software License Order Form ("Order Form") executed by Proofpoint, Inc. (“Proofpoint”) and the Customer specified in the Order Form (collectively the "Agreement") constitute the entire agreement between Proofpoint and Customer related to the software (and, if applicable, Managed Services and Security Awareness Communications Materials) specified in the Order Form.
1. WEB-BASED SECURITY SOFTWARE SERVICE
This Agreement provides Customer and its Affiliates access to proprietary web-based security software (“Software”) as specified on the Order Form. Proofpoint will provide the functionality of the Software through a URL within a hosted server environment under the terms below (“Service”). An “Affiliate” is a company which Customer controls through ownership of more than fifty percent (50%) of the voting shares or other controlling interest.
The Service enables Customer to send simulated phishing messages and security awareness training to employees and contractors (“Users”) to test their susceptibility to phishing attacks and to teach employees secure behavior. Customer is granted the ability to send phishing and security awareness training exercises to no more than the number of unique Users specified in the Order Form ("Subscription Limit"). Each unique email address is considered a separate unique User; any quantity of unique Users greater than the Subscription Limit will require additional fees.
The Service is provided as an annual subscription in a “Software-as-a-Service” (SaaS) model. Customer will be granted access to Proofpoint’s security education platform (“Platform”) for Customer’s Administrator upon Service initiation. An ”Administrator” is defined as the Customer staff responsible for managing Customer’s security awareness program. Customer may allow Administrators to access the Platform and use the Service and an Administrator may only use the Service for the Users who have been granted electronic access by Customer into its systems and are using a Customer email address on the Customer’s email domain(s) as set forth in the Order Form or any amendments thereto. Customer must notify Proofpoint upon termination of any Administrator so such credentials can be changed. Users of the Service are not granted access to the Platform.
2. SOFTWARE AND SERVICES
The terms of this Agreement will apply to the Service and any of the Software licensed by Customer. Additional terms for specific Software and Services are provided in Exhibit A attached hereto.
3. USE OF SERVICES BY CUSTOMER
a). Proofpoint’s Customer Support. Proofpoint will provide customer support for the Service. Support requests are submitted via the Proofpoint support line as detailed below or via email (firstname.lastname@example.org). Proofpoint shall respond to all submitted requests for customer support within 24 hours (next business day) from the receipt of such requests, between the hours of 2:00 AM – 9:00 PM Eastern Time Monday through Friday excluding Proofpoint holidays.
Support Telephone/Fax Numbers
U.S. Phone: +1 412-621-1484 press option 2
U.K. Phone: +44 (20) 3807-3472
b). Customer Responsibilities. Customer (i) is solely responsible for activity in its account for the Service and all use of the Software; (ii) must use commercially reasonable efforts to prevent unauthorized access to its account and will notify Proofpoint promptly of any such unauthorized access; (iii) may use the Service and Software only in accordance with guidance within the Platform; (iv) must use the Service, Software and any resulting reports only in compliance with applicable law and (v) may only conduct simulated phishing emails to domains owned by the Customer as set forth in the Order Form or any amendments thereto. Customer warrants and undertakes that, as required by the applicable law of any state or country, it will provide notice to its Users regarding why Personal Data will be collected and used and will obtain User consents for Customer to provide Personal Data to Proofpoint in connection with the Services provided hereunder. “Personal Data” means first name or first initial and last name, plus email address of Users.
c). Customer Restrictions: Customer may not (i) sell, resell, rent or lease the Service or Software; (ii) use the Service or Software to store or transmit infringing, unsolicited marketing emails, libelous, or otherwise objectionable, unlawful or tortious material, or to store or transmit material in violation of third-party rights; (iii) interfere with or disrupt the integrity or performance of the Service or Software; or (iv) attempt to gain unauthorized access to the Service or Software or their related systems or networks.
d). Customer Information. All information, images, and other files uploaded by Customer (“Customer Information”) remain the sole property of Customer or its licensor, as between Proofpoint and Customer. Customer shall be solely responsible for the accuracy of all Customer Information and for obtaining all required rights and licenses to use and display all Customer Information in connection with Customer's use of the Service. Customer grants Proofpoint the right to use the Customer Information solely for purposes of performing Services under this Agreement. Customer Information includes logos, customer names, e-mail addresses of Users and any other identifying information. Customer represents and warrants that it has the right to upload the Customer Information, and grant Proofpoint a license to use the Customer Information solely for purpose of providing the Services.
e). Customer Indemnity. Customer shall indemnify, defend, and hold Proofpoint harmless against any and all losses, damages, claims, or liabilities of any nature that are threatened, brought against, or incurred by Proofpoint (including reasonable attorneys' fees) arising out of Customer's use of the Software or the Services in a manner not in accordance with the terms of the Agreement. Customer’s obligations under this Section 3(e) are also contingent upon (i) Proofpoint providing Customer with prompt written notice of such claim; (ii) Proofpoint providing reasonable cooperation to Customer in Customer’s defense of any such claim; and (iii) Proofpoint granting to Customer sole authority and control over the defense and settlement of such claim, however, Customer shall not settle any claim in a manner that results in admission of any liability by Proofpoint without Proofpoint’s prior written consent, such consent shall not be unreasonably withheld.
4. SHIPPING AND PAYMENT TERMS
Customer must pay all undisputed fees within 30 days of the date of an invoice. Customer is responsible for the payment of all applicable sales, use, withholding, VAT and other similar taxes (except for taxes based on the net income of Proofpoint). Shipping, if applicable, will be FOB origin, as defined by Incoterms 2010.
5. WARRANTY AND REMEDY
a). Warranty. Proofpoint warrants to Customer that: (i) the Services will substantially conform to the Documentation during the Term; and (ii) the Services will be provided in a professional and workmanlike manner. Proofpoint is not responsible for any breach of the warranty caused by software not provided by Proofpoint including Customer's server, learning management system, or any other Customer or third party software. THE SERVICE MAY BE INTERRUPTED OR CONTAIN ERRORs. notwithstanding the above, different warranties may be provided for certain services, and those warranties are set forth in Exhibit A.
b). Remedy. In the event of any breach of the warranties set forth above, Customer shall notify Proofpoint, and Proofpoint shall, at Proofpoint’s option either promptly repair or replace the relevant functionality or features of the Service giving rise to the substantial non-conformity, or re-perform the Services at no additional cost to Customer. Such repair, replacement or re-performance shall be the sole and exclusive remedy of the Customer for any breach of the warranty.
THE WARRANTY SPECIFIED ABOVE, OR AS SET FORTH IN EXHIBIT A WITH RESPECT TO CERTAIN SERVICES, IS THE SOLE AND EXCLUSIVE WARRANTY RELATING TO THE SOFTWARE OR SERVICES PROVIDED HEREUNDER AND Proofpoint DISCLAIMS ALL OTHER WARRANTIES, express or imPLIED, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE AND FITNESS FOR A PARTICULAR PURPOSE.
6. MUTUAL CONFIDENTIALITY
a). Definition of Confidential Information. Confidential information means all information disclosed by a party (“Discloser”) to the other party (“Recipient”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure (“Confidential Information”). Proofpoint’s Confidential Information includes, without limitation, the Service, Software and Documentation, and each of their parts and pricing (including without limitation the Service user interface design and layout). Customer’s Confidential Information includes, without limitation, Customer Information and Personal Data.
b). Protection of Confidential Information. The Recipient: (i) will not disclose the Confidential Information of the Discloser to any third party; (ii) will use the Confidential Information of the Discloser only as authorized under this Agreement; and (iii) will use the same degree of care to protect the Confidential Information of the Discloser that it uses to protect the confidentiality of its own confidential information but in no event less than reasonable care. The Recipient will limit access to Confidential Information of Discloser to those of its employees and contractors who need such access for purposes consistent with this Agreement and who have signed confidentiality agreements with Recipient no less restrictive than the confidentiality terms of this Agreement.
c). Exclusions. Confidential Information excludes information that: (i) is or becomes generally known to the public without breach of any obligation owed to Discloser; (ii) was known to the Recipient prior to its disclosure by the Discloser without an obligation of confidentiality; (iii) is received from a third party without an obligation of confidentiality; or (iv) was independently developed by the Recipient without use or access to the Confidential Information.
d). Disclosure Required by Law. The Recipient may disclose Confidential Information to the extent required by law or court order, but will provide Discloser with advance notice to seek a protective order.
e). Equitable Relief. Recipient agrees and acknowledges that any breach of the provisions regarding ownership or confidentiality contained in this Agreement may cause Discloser irreparable harm and Discloser may seek to obtain injunctive relief as well as seek all other remedies available to Discloser in law or in equity in the event of breach or threatened breach of such provisions.
f). Certain Authorized Use. Proofpoint may anonymize and aggregate data from Customer for analysis and reporting, provided none of the individual data is able to be identified as received from Customer or any of its Users.
7. PROPRIETARY RIGHTS
a). Reservation of Rights by Proofpoint. The Software, workflow processes, user interface, designs, know-how, and Documentation, and other technologies provided by Proofpoint as part of the Service are the proprietary property of Proofpoint and its licensors, and all right, title and interest in and to such items, including all associated intellectual property rights, remain only with Proofpoint. Proofpoint reserves all rights unless expressly granted in this Agreement.
b). Customer Restrictions. Customer may not:
- Reverse engineer the Service, Software or Documentation;
- Remove or modify any proprietary marking or restrictive legends in the Service, Software or Documentation; or
- Access the Service or use the Software or Documentation to build a competitive service or product, or copy any feature, function or graphic for competitive purposes.
c). Software and Documentation. The Administrator Manual and other Proofpoint-published technical documentation provided through and with the Service or Software or by Proofpoint (“Documentation”) and the Software are licensed to Customer as follows: Proofpoint grants Customer a limited, non-exclusive, non-transferable and non-sublicenseable license during the Term to such Software and Documentation for use solely with the Service (“Limited License”). All Software will be provided only in object code.
d). Proofpoint Indemnity. Proofpoint shall indemnify, defend, and hold Customer harmless against any and all losses, damages, claims, or liabilities to the extent that they are based upon a third party claim that Customer’s use of the Service in accordance with the terms of this Agreement, provided by Proofpoint hereunder, infringes a valid U.S. patent or copyright. Proofpoint’s obligations under this Section 7(d) are also contingent upon (i) Customer providing Proofpoint with prompt written notice of such claim; (ii) Customer providing reasonable cooperation to Proofpoint in Proofpoint’s defense of any such claim; and (iii) Customer granting to Proofpoint sole authority and control over the defense and settlement of such claim, however, Proofpoint shall not settle any claim in a manner that results in admission of any liability by Customer, such consent shall not be unreasonably withheld. If the Service hereunder becomes, or in Proofpoint’s opinion is likely to become, the subject of a claim of infringement, Proofpoint may, at its option: (i) procure for Customer the right to continue to use the Service; (ii) replace or modify the Service to make it non-infringing; or (iii) terminate this Agreement and refund the fees paid for such Service for the then-current license term. Proofpoint will have no liability for any claim based on: (w) any modification of the Service except with respect to modifications performed by Proofpoint; (x) any use of the Service other than as expressly permitted under this Agreement; or (y) any use or combination of the Service with any third party products. Section 7(d) sets forth Proofpoint’s complete liability, and Customer’s sole remedy, with respect to claims relating to infringement of intellectual property rights.
8. EXCLUSION OF DAMAGES AND LIMITATION OF LIABILITY
a). EXCLUSION OF CERTAIN DAMAGES. PROOFPOINT IS NOT LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER ARISING UNDER CONTRACT, WARRANTY, TORT, NEGLIGENCE, OR ANY OTHER THEORY OF LIABILITY INCLUDING, WITHOUT LIMITATION, COSTS OF DELAY, LOSS OF DATA, RECORDS OR INFORMATION, AND ANY FAILURE OF DELIVERY OF THE SERVICE OR SOFTWARE.
b). LIMITATION OF LIABILITY. EXCEPT FOR PROOFPOINT’S INDEMNITY OBLIGATIONS, PROOFPOINT’S LIABILITY FOR DIRECT DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT (WHETHER ARISING UNDER CONTRACT, TORT OR OTHERWISE) FOR THE SERVICE OR SOFTWARE WILL NOT EXCEED THE ACTUAL AMOUNT PAID BY CUSTOMER WITHIN THE PRECEDING 12 MONTHS UNDER THIS AGREEMENT FOR THE APPLICABLE SERVICE OR SOFTWARE.
9. TERM AND TERMINATION
a). Term. This Agreement shall commence on the Effective Date and remain in effect for as long as Customer has the right to continue to use any Software based on the applicable License Term specified in the Order Form term ("Initial Order Form Term"). The Initial Order Form Term shall renew for additional one (1) year terms (each a “Renewal Term”) upon the parties signing a new Order Form for the Renewal Term. Additionally, Customer agrees to provide Proofpoint with a purchase order, if applicable, and any requested changes (including, but not limited to, changes in Software licensed, term or number of Users) for billing purposes only for each Renewal Term. The Initial Order Form Term and any Renewal Term(s) shall collectively be called the “Term”.
b). Mutual Termination for Material Breach. If a party is in material breach of this Agreement and such breach has not been cured within thirty (30) days from written notice by the non-breaching party, the non-breaching party may terminate the Agreement.
Actions upon Termination for Material Breach.
i. Upon any termination as provided in Section 9(b) above by Customer, Proofpoint must refund any prepaid and unused fees covering the remainder of the Term. All access to the Service and Software will also be terminated.
ii. Upon any termination as provided in Section 9(b) above by Proofpoint, Customer must pay any undisputed and unpaid fees. All access to the Service or Software will also be terminated.
c). Return or Destroy Proofpoint Property Upon Termination. Upon termination or expiration of this Agreement for any reason, Customer must destroy or return all property of Proofpoint. Customer will confirm its compliance with this destruction or return requirement in writing upon request of Proofpoint.
d). Return of Customer Information.
i. For a period of 60-days following termination, upon request Proofpoint will make the Service available for Customer to export the Customer Information.
ii. After such 60-day period, Proofpoint has no obligation to maintain the Customer Information and will destroy it.
Proofpoint maintains the technical and organizational security measures to protect Customer’s Personal Data and Confidential Information. Such measures include, but are not limited to:
a). Physical Security. Proofpoint will maintain and enforce safety and physical security procedures that are at least (a) equal to industry standards for such types of service; and (b) as rigorous as those procedures in effect as of the Effective Date of the Agreement.
b). Data Security. Proofpoint will take all commercially reasonable steps necessary to retain, maintain and protect against the loss or alteration of all Personal Data and Customer Confidential Information provided to Proofpoint in connection with the Agreement. Customer Confidential Information and Personal Data will be encrypted at rest and/or during transmission. In addition, each Proofpoint internal resource will obtain access through two-factor authentication; password aging will be enforced for each level of authentication; and accounts of terminated Proofpoint employees will be disabled the same day as their departure.
c). Disaster Recovery Plan. Proofpoint will undertake a disaster recovery plan that will take into account the partial or full destruction of Proofpoint’s data center. For purposes of this Section, the term “Disaster” will apply to any event that prevents the Proofpoint’s data center infrastructure from providing the Services to Customer within normal response intervals. Such events may include full or partial destruction of Proofpoint’s primary data center facility, failure of redundant access circuits to such facility, and fires, earthquakes or floods affecting the facility. Such events may also include systemic failures of shared equipment within the facility or within Proofpoint’s cages due to hardware or software issues.
11. MISCELLANEOUS OTHER TERMS
a). Entire Agreement and Changes; Counterparts. This Agreement and the Exhibits constitute the entire Agreement between the parties, and supersede all prior or contemporaneous negotiations, agreements and representations, whether oral or written, related to this subject matter. No modification of this Agreement is effective unless both parties sign it, and no waiver is effective unless the party waiving the right signs a waiver in writing. In the event Customer's purchase order or any other form contains terms additional to or different from those set forth herein, Proofpoint expressly rejects such terms and the agreement between the parties shall be exclusively governed by the terms of this Agreement.
b). No Assignment. Neither party may assign or transfer this Agreement or an order to a third party without the other party’s prior written consent, except that this Agreement with all orders may be assigned as part of a merger or sale of all, or substantially all, of the business or assets, of a party.
c). Independent Contractors. The parties are independent contractors with respect to each other.
d). Enforceability; Waiver. If any term of this Agreement is invalid or unenforceable, the other terms remain in effect and the court shall enforce such invalid provision to the extent permitted by law. Failure to enforce a provision of this Agreement shall not act as a continuing waiver of such provision.
e). Order of Precedence. If there is an inconsistency between this Agreement and Exhibit A, the provisions of Exhibit A will prevail as to such Service or Software.
f). Survival of Terms. The following provisions will survive termination or expiration of this Agreement for any reason: Section 3(e) (Customer Indemnity), Section 6 (Mutual Confidentiality), Section 7 (Proprietary Rights), Section 8 (Exclusion of Damages and Limitation of Liability), and Section 9 (Term and Termination).
g). Governing Law. This Agreement shall be construed in accordance with applicable U.S. federal law and the laws of the State of California without regard to conflict of laws principles. The Convention on Contracts for the International Sale of Goods does not apply.
h). Notices. Any notices to be provided under this Agreement shall be in writing and sent via express mail by a recognized delivery service to the most recent address of a party.
i). Publicity. With Customer’s prior written consent, Proofpoint may refer to Customer as one of its customers on Proofpoint's website and in other marketing material, including a possible joint press release coinciding with the launch of the Software by Customer.
j). Export. Customer acknowledges that the Software may be subject to United States export laws and regulations, and Customer will comply with such laws and regulations.
EXHIBIT A: ADDITIONAL PROVISIONS
Exhibit A Section 1
Security Awareness Materials and Security Awareness Campaigns
Exhibit A Section 2
Exhibit A Section 3
PhishAlarm™ or PhishAlarm Analyzer
Exhibit A Section 4
Exhibit A Section 5
Exhibit A Section 6
End User Sync
Exhibit A Section 7
The following provisions will only apply if the Customer is purchasing the applicable Service or Software and are in addition to the provisions specified in the Agreement.
- On-Site Software for Customer’s Learning Management System
- Proofpoint grants Customer a Limited License to access and use the Software as single SCO based SCORM 1.2 or 2004 compliant format on a learning management system controlled by the Customer (“On-Site Software”). Customer will be responsible for the deployment and maintenance of the On-Site Software.
- All of the restrictions on use of the Service and Software in the Agreement will also apply to use of the On-Site Software.
- Proofpoint warrants to Customer that the On-Site Software will materially comply with the Documentation for a period of ninety (90) days from the date Customer is provided access to the On-Site Software. Proofpoint is not responsible for any breach of the warranty caused by software not provided by Proofpoint including Customer's server, learning management system, or any other Customer or third party software. In the event of any breach of this warranty, Customer shall notify Proofpoint, and Proofpoint shall promptly repair or replace the relevant functionality or features of the On-Site Software at no additional cost to Customer. Such repair or replacement shall be the sole and exclusive remedy of the Customer for any breach of this warranty.
- At Proofpoint’s written request, Customer will furnish Proofpoint with a certificate signed by an authorized signatory of Customer verifying that the On-Site Software is being used pursuant to the terms of the Agreement. Upon at least fifteen (15) days’ prior written notice, Proofpoint may audit Customer’s use of the On-Site Software to ensure that Customer is in compliance with the terms of this Agreement and Customer will provide Proofpoint with access to the relevant Customer records and facilities. Customer shall maintain copies of all such records for two (2) years after the expiration of this Agreement.
- Security Awareness Materials and Security Awareness Campaigns
- Proofpoint grants Customer a Limited License to use the Security Awareness Materials (“Security Awareness Materials”) and Security Awareness Campaigns (“Security Awareness Campaigns”) for Customer’s own internal use. The Security Awareness Materials are based on the number of Users listed in the Order Form.
- Security Awareness Materials will be digital versions of articles, blog posts, posters, screen savers and giveaway item formats and will be provided in digital download files only. Printing and other costs are the responsibility of Customer. Security Awareness Campaigns will be downloadable video files.
- Any attempt to sell, transfer, create derivative works from, broadcast or post on any external network or media is prohibited. Customer is permitted to broadcast or post the Security Awareness Materials and Security Awareness Campaigns on or through Customer’s internal communications channels.
- Customer may brand Security Awareness Materials and Security Awareness Campaigns with Customer’s own trademarks. Proofpoint takes no responsibility for such use or any additions or modifications made to the Security Awareness Materials or Security Awareness Campaigns.
- Managed Services
- In the event that Customer desires Proofpoint to manage its security awareness program using Software (“Managed Services”), a Managed Services fee will be specified in Exhibit B.
- PhishAlarm or PhishAlarm Analyzer Software
- Proofpoint does not have any responsibility to determine if any email received by any User of the PhishAlarm Software ("Suspect Email") is a phishing attack. Proofpoint's sole and exclusive obligation shall be to use reasonable commercial efforts to forward any Suspect Email received by Proofpoint using PhishAlarm Analyzer from a User of the PhishAlarm Software to the address designated by Customer.
- Proofpoint is not responsible for any damage to the Customer's network as a result of the Suspect Email. Customer has the sole and exclusive obligation to evaluate any Suspect Email and take any and all actions Customer determines are appropriate as a result of such Suspect Email.
- Proofpoint warrants to Customer that the PhishAlarm and PhishAlarm Analyzer Software will materially comply with the Documentation for a period of ninety (90) days from the date Customer is provided access to the PhishAlarm or PhishAlarm Analyzer Software. Proofpoint is not responsible for any breach of the warranty caused by software not provided by Proofpoint including Customer's server, learning management system, or any other Customer or third party software. In the event of any breach of this warranty Customer shall notify Proofpoint, and Proofpoint shall promptly repair or replace the relevant functionality or features of PhishAlarm or PhishAlarm Analyzer Software at no additional cost to Customer. Such repair or replacement shall be the sole and exclusive remedy of the Customer for any breach of this warranty.
- SmishGuru Services
- The SmishGuru Service will be used to send text messages to US-based telephone numbers provided to Proofpoint by Customer ("Provided Numbers"). Customer represents and warrants that the users of the telephone assigned to the Provided Numbers has provided consent for Proofpoint to contact such users on such Provided Numbers. Customer directs Proofpoint to send text messages to the Provided Numbers on behalf of Customer in accordance with the SmishGuru Service purchased by Customer.
- Delivery of Services using the SmishGuru Service may be delayed due to the restrictions in effect by mobile phone service providers. Proofpoint is not responsible for any such delays.
- USBGuru Services
- Proofpoint will purchase and bundle USB devices ("USBGuru Devices") and then ship to Customer for Customer’s distribution. Customer must provide the information needed by Proofpoint in order to customize the USBGuru Devices no later than the date specified in the Order Form. Information needed by Proofpoint includes, but is not limited to the following and shall be provided by Customer to Proofpoint within thirty days of the Effective Date:
- Teachable moment
- File names for files loaded on USB's
- Locations and batch quantity
- Drop Dates
- The USBGuru Devices are intended to be distributed by Customer to Customer's employees. Proofpoint is not responsible for any third party claims which are the result of any use of the USBGuru Devices.
- THE USBGURU DEVICES ARE PROVIDED AS-IS AND PROOFPOINT DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT WITH RESPECT TO THE USBGURU DEVICES.
- End User Sync Software
- Proofpoint grants Customer a limited, non-exclusive, non-transferable and non-sublicenseable license to access and use the End User Sync software provided by Proofpoint (“End User Sync Software”). Customer will be responsible for the deployment and maintenance of the End User Sync Software.
- All of the restrictions on use of the Service and Software in the Agreement will also apply to use of the End User Sync Software.
- Proofpoint warrants to Customer that the End User Sync Software will materially comply with the Documentation for a period of ninety (90) days from the date Customer is provided access to the End User Sync Software. Proofpoint is not responsible for any breach of the warranty caused by software not provided by Proofpoint including Customer's server, or any other Customer or third-party hardware or software. In the event of any breach of this warranty, Customer shall notify Proofpoint, and Proofpoint shall promptly repair or replace the relevant functionality or features of the End User Sync Software at no additional cost to Customer. Such repair or replacement shall be the sole and exclusive remedy of the Customer for any breach of this warranty.