Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

 
SONATYPE, INC.
SONATYPE LIFT SERVICE AGREEMENT
PLEASE READ THIS AGREEMENT CAREFULLY

 

YOU MUST BE AUTHORIZED TO BIND THE ENTITY REQUESTING ACCESS TO THE SERVICE (“COMPANY”) AND, AS SUCH, BY COMPLETING AN ORDER AND INSTALLING, INCLUDING CLICKING ON THE “I ACCEPT” (OR SIMILAR CONSENT) BUTTON, COMPANY HEREBY ACCEPTS ALL OF THE TERMS AND CONDITIONS OF THIS SERVICE AGREEMENT (THIS “AGREEMENT”).  COMPANY AGREES THAT THIS AGREEMENT IS ENFORCEABLE LIKE ANY WRITTEN NEGOTIATED AGREEMENT EXECUTED BY AN AUTHORIZED REPRESENTATIVE OF COMPANY.

IF COMPANY DOES NOT AGREE TO ALL OF THESE TERMS AND CONDITIONS, DO NOT CLICK TO ACCEPT OR OTHERWISE (A) DOWNLOAD, INSTALL OR USE ALL OR ANY PORTION OF THE SERVICES, OR (B) ACCEPT OR USE ALL OR ANY PORTION OF THE SUPPORT.  COMPANY WILL NOT BE GIVEN ACCESS TO ANY SERVICE OR SUPPORT UNLESS AND UNTIL COMPANY ACCEPTS THE TERMS OF THIS AGREEMENT.  

IF COMPANY HAS ENTERED INTO A SEPARATE WRITTEN AGREEMENT WITH SONATYPE FOR USE OF A SERVICE OR SUPPORT, THE TERMS AND CONDITIONS OF SUCH OTHER AGREEMENT SHALL PREVAIL OVER ANY CONFLICTING TERMS OR CONDITIONS IN THIS AGREEMENT.

This Agreement is entered into by Company and between Sonatype, Inc. “("Sonatype”) and governs all access and use of the Services by Company, its employees its Contractors and Affiliates. Capitalized terms have the definitions set forth herein.

Unless Sonatype has provided its express written consent, Sonatype’s competitors, including anyone acting on their behalf, are strictly prohibited from accessing the Services for any reason (trial or otherwise).

1. DEFINITIONS

Acceptable Use Policy” means Sonatype’s acceptable use policy and terms of service as modified from time to time, and which is posted at https://www.sonatype.com/usage/lift-terms.

“Affiliates” means any entity that is controlled by, under the control of, or under common control with a Party where “control” means ownership of, or the right to control, greater than 50% of the voting securities of such entity.

“Application” means any computer software application. 

"Company Data" means information, data, software, text, audio files, graphic files and other content, in any form or medium, that is submitted, posted, processed or otherwise transmitted by or on behalf of Company through a Service. For the avoidance of doubt, “Company Data” excludes Non-Sonatype Applications and Usage Information. 

“Contractor” means any third party, which is not a competitor of Sonatype, engaged (directly or indirectly) by Company to perform services for the benefit of Company.

“Data Feed” means any and all software, data, documentation, reports, text, images, sounds, video and content made available by Sonatype to Company, whether via a Service, the Reports, or otherwise, including data related to open source projects, components, and metadata, that is developed, maintained and/or curated by Sonatype and made available by Sonatype to Company, whether via one or more Services, the Reports, or otherwise.  

“Documentation” means the user guide and technical specifications for the applicable Service delivered or otherwise made available by Sonatype along with the relevant Service, as may be updated by Sonatype from time to time.

“Effective Date” means the date on which Company accepts the terms and conditions of this Agreement by completing an order and installing, including clicking the “I Accept” (or similar consent) button, or by signing and/or otherwise accepting the applicable Ordering Document. 

Non-Sonatype Applications” means a web-based or offline software application (including GitHub) that is provided by Company or a third party and interoperates with a Service.

Open Source Software” means any third-party open source software or other similar community or free software (including software code licensed under any version of the GNU GPL, MIT, Mozilla or Apache licenses).

"Order Form" means a document governing purchases made by Company hereunder of Subscriptions to the Service(s) and/or related Training Services that is accepted by each Party pursuant to the terms set forth therein, including by signing a written order form, submitting a PO, and/or submitting an order electronically through Sonatype’s website or an online marketplace.

Ordering Document” means any and all Order Forms and/or Renewal Quotes, collectively and/or individually. 

“Person” means an individual, including all employees and Contractors of Company and its Affiliates (subject to Section 3(h)).

“Renewal Quote” means a document governing renewal purchases of Service Subscriptions made by Company hereunder that is accepted by each Party pursuant to the terms set forth therein, including by signing a written order form, submitting a PO, and/or submitting an order electronically through either Sonatype’s website or an online marketplace.

“Reports” means any reports or other data generated by a Service by, for, and/or on behalf of Company.

“Scan Unit” means an Application, or any part thereof, that is assigned a unique Scan ID for purposes of being scanned by a Service.

“Scan ID” means the unique identifier that is assigned to each Scan Unit for purposes of being scanned by a Service.

"Service" means the Sonatype software-as-a-service offering(s) (including any and all related websites and/or Data Feed(s)): (a) identified in one or more Ordering Document(s) and for which Company purchases a Subscription pursuant to the terms of this Agreement; or (b) to which Sonatype grants Company Free Use of a Service in accordance with Section 2 below.

Software Asset” means a software artifact or any portion thereof (including code, configuration file and/or container images) that is stored in or scanned, analyzed or otherwise evaluated by a Service (including via a Service’s website or by submitting the code in a pull-request on a repository where a Service is enabled).

“Software Component Identifiers” means certain software binaries, header files, hashed data and/or other metadata that serve to identify a software component. 

“Subscription” means the right and license granted to Company by Sonatype to access and use a Service in accordance with the terms of this Agreement during the specified Subscription Term. 

“Subscription Term” has the meaning set forth in Section 11(b) of this Agreement. 

"User" means an individual who uses a Service, as further defined in Section 3(c).  

Sonatype and Company may be referred to individually in this agreement as a “Party” or collectively as the “Parties.”

2. FREE TRIAL

With regard to any permitted access to and use of a Service by Company related to a free trial, free use, evaluation, license key extension, or other non-production use authorized by Sonatype (the “Free Use”), Sonatype agrees, subject to the terms set forth in this Section and this Agreement, to make such Service available to Company for a term to expire on the earlier of: (a) the end of the period for which Company is granted access to such Free Use of a Service; or (b) the start date of any Subscription for such Service purchased by Company from Sonatype (the “Free Use Period”); provided, that Sonatype may terminate the Free Use Period at its sole discretion by providing notice to Company. In the event of a conflict between this Section and any other portion of this Agreement, this Section shall control.  Additional terms and conditions governing such Free Use may be imposed by Sonatype, and any such additional terms and conditions are incorporated into this Agreement by reference and are legally binding. ANY COMPANY DATA THAT COMPANY ENTERS INTO A SERVICE, AND ANY PERMITTED CUSTOMIZATIONS MADE TO SUCH SERVICE BY OR FOR COMPANY, DURING THE FREE USE PERIOD WILL BE PERMANENTLY LOST UNLESS COMPANY EXPORTS SUCH DATA BEFORE THE END OF THE FREE USE PERIOD. SONATYPE IS UNDER NO OBLIGATION TO TRANSFER, OR ASSIST COMPANY WITH ANY TRANSFER OF, ANY COMPANY DATA. DURING THE FREE USE PERIOD, NOTWITHSTANDING (i) SECTION 8 (WARRANTIES AND DISCLAIMERS), THE SERVICES ARE PROVIDED “AS-IS” WITHOUT ANY WARRANTY, (ii) SECTION 9 (INDEMNIFICATION), SONATYPE PROVIDES NO INDEMNITIES TO COMPANY, AND (iii) SECTION 10 (LIMITATION OF LIABILITY), WITH RESPECT TO THE SERVICES PROVIDED TO COMPANY DURING THE FREE USE PERIOD IN NO CIRCUMSTANCES SHALL THE AGGREGATE LIABILITY OF SONATYPE ARISING OUT OF OR RELATING TO THIS AGREEMENT EXCEED USD $1,000. 

3. SERVICES

  1. Order Forms; Provision of the Services. Each Ordering Document shall form a part of this Agreement and be subject to the terms and conditions set forth herein.  All Services and Documentation shall be made available to Company by electronic means.  Company agrees that Company’s purchases hereunder are neither contingent on the delivery of any future functionality or features nor dependent on any oral or written comments made by Sonatype regarding future functionality or features. 
  2. Subscriptions.  Subject to the terms of this Agreement and the applicable Ordering Document, Sonatype hereby grants to Company a non-transferable, non-assignable (except as otherwise stated in Section 13(h)), non-sublicensable, non-exclusive, limited right to access and use a Service solely for Company’s internal business purposes only during the Subscription Term.  Unless otherwise set forth in an Ordering Document, any additional Subscriptions purchased by Company during a Subscription Term will be prorated for the remainder of that Subscription Term and will terminate on the date on which the Subscription Term expires.  
  3. User-Based Subscriptions.  With regard to Subscriptions that are purchased by Company on a per-User basis as specified in the applicable Ordering Document, unless otherwise specified in the Ordering Document, a separate Subscription must be purchased for each Person who: (i) produces, consumes, or evaluates one or more Software Assets, and/or (ii) evaluates or in any way uses any Reports generated by a Service. For the avoidance of doubt, the Subscriptions may not be accessed by more than the licensed number of Users and Subscriptions are restricted for use by designated Users only and cannot be shared or used by more than one User; provided that Company may reassign a Subscription to a new User replacing a former User who no longer requires ongoing use of or access to a Service.
  4. Scan ID-Based Subscriptions.  With regard to Subscriptions that are purchased by Company on a per-Scan ID basis as specified in the applicable Ordering Document, unless otherwise specified in the Ordering Document, (i) a separate Scan ID Subscription must be purchased for each Scan Unit that will be scanned, analyzed or otherwise evaluated by a Service; (ii) each Scan ID can be used to scan one Scan Unit and cannot be used to scan, analyze or otherwise evaluate more than one Scan Unit; and (iii) once an Scan ID is assigned to a Scan Unit, it may not be reassigned to scan a different Scan Unit. The right to use any Scan ID that is purchased by Company but not used during the applicable Subscription Term will terminate upon expiration of the Subscription Term without refund or set-off and may not be used by Company during any Renewal Term. 
  5. Restrictions. In addition to the restrictions set forth in Sections 3 (c) and (d) above, as applicable, Company shall not, or permit any third party, (i) to access a Service and/or Training Materials except as permitted herein or in an Ordering Document, (ii) modify, translate, reverse engineer, decompile, disassemble, create derivative works of or copy a Service or otherwise seek to obtain or use the source code, underlying ideas, algorithms or non-public APIs of a Service, except to the extent expressly permitted by applicable law (and then only upon advance written notice to Sonatype), (iii) remove, alter or obscure any proprietary notices, labels or marks on any component or portion of a Service, (iv) use a Service in a manner that breaches Section 13(a) below; (v) market, sell, resell, rent, sublicense, distribute or lease a Service, (vi) scrape, collect, mirror, or in any manner compile Software Component Identifiers from any public repository using a Service for the purpose of creating a copy of that repository (or any portion thereof), (vii) use a Service for the benefit of any third party including use of any such Service to operate as a service bureau, ASP, or hosting service, (viii) circumvent any measures present in a Service that limit access to or use or distribution of a Data Feed; (ix) access any of the Services, or permit access to a Service, for purposes of (A) monitoring their availability, performance or functionality, or for any other benchmarking or competitive purposes, or (B) copying any features, functions or graphics of, or data or information in, any such Service and/or Training Materials. 
  6. Reports.  If a Service allow Company to generate Reports or to access any Data Feed(s), then Company may use and copy such Reports and/or Data Feed solely for its internal business purposes; provided that use of such Reports and/or Data Feed(s) is subject to the restrictions set forth in Section 3(e) and the disclaimer set forth in Section 8(c).
  7. Training Services.  From time to time, Sonatype may perform certain training courses, workshops, and other professional services that are related to a Service (collectively, the “Training Services”) but only to the extent that any such Training Services are identified in an Ordering Document. All rights, title and interest in and to the documentation, training materials, work product, guides, and presentations developed by Sonatype for use during the performance of the Training Services (“Training Materials”) shall be retained by Sonatype.
  8. Use by Affiliates and Contractors. Subject to the terms and conditions of this Agreement, Company’s Affiliates and Contractors may use a Service made available to Company hereunder, provided that (a) such use is strictly limited to use for the benefit of Company’s internal business purposes; (b) Company remains liable for the acts and omissions of, and responsible for compliance with the terms and conditions of this Agreement by, each Affiliate and Contractor; and (c) the aggregated use by Company, its Affiliates, and its Contractors does not exceed the scope of the Subscription purchased by Company pursuant to the applicable Ordering Document.
  9. Sonatype Responsibilities: Sonatype will use commercially reasonable efforts to (a) make a Service available to Company pursuant to this Agreement and the applicable Ordering Document and Documentation, (b) subject to Section 8(c), make a Service available 24 hours a day, 7 days a week, except for planned downtime or emergency maintenance; (c) maintain the security and integrity of a Service; (d) provide Company with support services related to the applicable Service pursuant to the terms of the support policy set forth at http://www.sonatype.com/Usage/Software-Support-Policy (“Support”) and (e) provide the Service in accordance with laws (including data privacy) applicable to Sonatype’s provision of such Service to its customers generally (i.e., without regard for Company’s particular use of such Service), and subject to Company’s use of the Service in accordance with this Agreement, the Documentation, and the applicable Ordering Document. Sonatype reserves the right, in its sole discretion, to add, disable or remove features and functionalities, increase or decrease limits and system resources related to a Service, and make any other changes, updates, or improvements to such Service; provided, that such changes do not materially degrade the essential functionality of such Service purchased by Company pursuant to the applicable Ordering Document. 
  10. Company Responsibilities. Company shall ensure that all Users comply with Company’s obligations under this Agreement and will be responsible for the acts and omissions of all Users and for the contents of their transmissions through the Services. Company will (a) use the Services only in accordance with this Agreement, Documentation, the Acceptable Use Policy, Ordering Documents, and applicable laws and government regulations, (b) be responsible for the accuracy, quality, backing up, maintenance and legality of Company Data, the means by which Company acquired Company Data, and Company’s use of Company Data with the Services, (c) prevent unauthorized access to or use of the Services, and notify Sonatype promptly of any attempted or actual unauthorized access or use, and (d) comply with terms of service of Non-Sonatype Applications with which Company uses a Service. In the event that Sonatype reasonably considers that any User’s use of any of the Services (A) breaches the terms of this Agreement, (B) threatens the security, integrity or availability of such Service, or (C) may adversely impact such Service, systems or content of any other Sonatype customer, Sonatype may, with immediate effect, suspend Company’s and/or any User’s access to the Services. Sonatype will use commercially reasonable efforts under the circumstances to provide Company with notice and an opportunity to remedy such violation or threat prior to any such suspension. Upon any suspension of Company’s or any User’s right to access or use the Services (any portion thereof), Company will (y) remain responsible for payment of all fees and charges set forth in the applicable Ordering Document; and (z) remain responsible for any applicable fees and charges for any Services to which Company or any User continue to have access.  Sonatype’s right to suspend Company’s or any User’s right to access or use the Services is in addition to Sonatype’s right to terminate this Agreement pursuant to Section 11.
  11. Registration; Passwords; Company Security. Users may be required to register in order to gain access to a Service. Company is responsible for maintaining control over, and the confidentiality of, all User IDs, usernames, passwords, and other access credentials for each Service provided by Sonatype.  Company is solely responsible for (i) all use of the Services by those who have access to such Services through Company (directly or indirectly, (ii) taking steps to maintain appropriate security, protection, and back-up of the Company Data and login credentials. In the event Company becomes aware of a suspected breach, Company will notify Sonatype immediately and cooperate with Sonatype to remedy the security incident.
  12. Non-Sonatype Applications. Company and its Users may enable, register an account and/or log in to a Service via various Non-Sonatype Applications. Sonatype may ask Users to authenticate, register for or log into Non-Sonatype Applications on the websites of their respective providers. As part of such integration, the Non- Sonatype Applications will provide Sonatype with access to certain information that Users have provided to such Non- Sonatype, and Sonatype will use, store and disclose such information in accordance with Sonatype’s Privacy Policy (https://www.sonatype.com/privacy-policy). The manner in which Non-Sonatype Applications use, store and disclose Company and User information is governed solely by the policies of the third parties operating the Non- Sonatype Applications, and Sonatype will have no liability or responsibility for the privacy practices or other actions of any third party site or service that may be enabled within a Service. In addition, Sonatype is not responsible for the accuracy, availability or reliability of any information, content, goods, data, opinions, advice or statements made available in connection with Non- Sonatype Applications. As such, Sonatype will not be liable for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such Non- Sonatype Applications. Sonatype enables these features merely as a convenience and the integration or inclusion of such features does not imply an endorsement or recommendation.
  13. Sonatype Community. Where Company has not registered with the Sonatype community (as further defined in the Sonatype Community Terms), by agreeing to the terms of this Agreement it shall be automatically registered with the Sonatype community and shall be deemed to have agreed to the terms and conditions at https://my.sonatype.com/eula (“Sonatype Community Terms”). Where Company has already registered with the Sonatype Community it agrees to continue to be bound by the Sonatype Community Terms. For the avoidance of doubt, the Sonatype Community Terms shall only apply to Company’s use of the Sonatype community and Company’s use of the Product shall be governed solely by the terms of this Agreement. 

4. COMPANY DATA

  1. Company Data. Sonatype acknowledges that, as between Sonatype and Company, Company owns all right, title, and interest in and to the Company Data (including all intellectual property rights therein). Company hereby grants to Sonatype a non-exclusive, royalty-free, worldwide license to host, copy, transmit, reproduce, distribute, and otherwise use and display the Company Data and perform all acts with respect to the Company Data as may be necessary for Sonatype to provide and improve a Service, Training Services and/or Support. Company shall ensure that Company’s use of the Services and all Company Data is at all times compliant with all applicable privacy policies and all applicable local, state, federal, and international laws, regulations, and conventions. Company represents and warrants to Sonatype that Company has sufficient rights in and to the Company Data to grant the rights granted to Sonatype under this Agreement and that the rights granted to Sonatype for the Company Data do not infringe the rights of any third party. 
  2. Usage Information. Company hereby acknowledges and agrees that Sonatype reserves the right to compile, maintain, and use technical, statistical, metric, and performance information regarding Company's use of the Services, including information that may identify Company’s computer (such as the Internet Protocol Address), browser type, operating system, and application usage (the "Usage Information"). Company further acknowledges and agrees that the Services may contain a feature that sends Usage Information along with other information regarding the operation of the Services to Sonatype. For the avoidance of doubt: (i) other than information used to authenticate Users, Usage Information does not include any personally identifiable information; (ii) all non-anonymized Usage Information received by Sonatype from Company is hereby deemed to be Company’s Confidential Information; and (iii) Sonatype will only (A) use the Usage Information to provide the Services and Support, and (B) use anonymized and aggregated extracts from the Usage Information to improve and enhance its Services offerings. 

5. FEES AND PAYMENTS

  1. Fees. Company will pay all fees specified in each Ordering Document and shall reimburse Sonatype, at Sonatype’s actual cost and without mark-up, for Sonatype’s reasonable travel expenses that are incurred as a result of Sonatype’s performance of Training Services.  Except as otherwise specified herein or in an Ordering Document, (i) fees are based on Service Subscriptions purchased and not actual usage, and (ii) all fees owed hereunder are non-cancelable, non-refundable, and shall be paid without recoupment or set-off. 
  2. Payment. Sonatype will submit an invoice for all fees payable by Company pursuant to an Ordering Document and Company shall pay all amounts set forth in each invoice no later than thirty (30) days from the date of the invoice.  
  3. Overdue Charges; Suspension of Services. If any fees are not received from Company when due then such unpaid fees may, at Sonatype’s sole discretion, accrue interest at the rate equal to the lesser of 1.5% of the outstanding balance per month or the maximum rate permitted by law from the date such payment was due until the date paid.  If any amount owing by Company pursuant to this Agreement is thirty (30) or more days overdue, Sonatype may, without limiting Sonatype’s other rights and remedies, suspend Company’s access to the Services and/or provision of the Training Services or Support until such amounts are paid in full.  For the avoidance of doubt, Sonatype will not exercise its rights under this Section 5(c) if the applicable charges are under reasonable and good-faith dispute and Company is cooperating diligently to resolve the dispute.  
  4. Taxes. Unless otherwise stated, Sonatype’s fees do not include any taxes, levies, duties or similar governmental assessments of any nature, including value-added, sales, use or withholding taxes, assessable by any local, state, provincial, federal or foreign jurisdiction (collectively, "Taxes"). Except for Taxes assessable against Sonatype based on Sonatype’s income, Company is responsible for paying all Taxes associated with Company’s purchases hereunder. If Sonatype has the legal obligation to pay or collect Taxes for which Company is responsible under this paragraph, the appropriate amount shall be invoiced to and paid by Company in accordance with Section 5(b) above, unless Company provides Sonatype with a valid tax exemption certificate authorized by the appropriate taxing authority. 
  5. Audit.  Company agrees to maintain complete and accurate records with respect to matters necessary to ensure Company’s compliance with this Agreement.  Sonatype will have the right, at its own expense and upon reasonable prior notice, to inspect and audit Company’s records with respect to matters covered by this Agreement (the “Audit”).  If such Audit reveals that Company has underpaid Sonatype with respect to any amounts due and payable during the period to which the Audit relates, Company shall promptly pay such amounts as are necessary to rectify such underpayment, together with interest, in accordance with this Section 5.  Such inspection and audit rights shall extend throughout the term of this Agreement and for a period of one year thereafter.

6. PROPRIETARY RIGHTS

  1. Reservation of Rights. Subject to the limited rights expressly granted hereunder, Sonatype, for itself and on behalf of its licensors, reserves all rights in the Services and Training Materials that are not expressly granted to Company in this Agreement, and Company acknowledges and agrees that Sonatype owns all rights, title, and interest in and to the Services and Training Materials.  All rights, title and interest in and to any and all improvements, modifications, derivative works, and innovations of, to and/or involving the Services and/or Training Materials will be retained in full and owned by Sonatype even if such improvements, modifications, derivative works or innovations result from suggestions, enhancement requests, recommendations or other feedback provided to Sonatype by or on behalf of Company.  Company agrees (i) not to challenge, directly or indirectly, Sonatype’s right, title, and interest in and to the Services or Training Materials, and (ii) that it will not directly or indirectly, register, apply for registration, or attempt, secure any legal protection or intellectual property rights in or to the Services and/or Training Materials. 
  2. Open Source Software.  The Services may be provided together with, or otherwise contain, certain Open Source Software, each licensed to Company under the respective open source license agreement (the “Open Source License”) and Company hereby acknowledges and agrees to the terms and conditions in each such Open Source License.  Any fees charged by Sonatype in connection with the Services do not apply to any Open Source Software for which fees may not be charged under the applicable Open Source License.  In the event of a conflict between the terms of an applicable Open Source License and the terms of this Agreement, the terms of the Open Source License shall control solely with respect to the applicable Open Source Software.  If the terms of any specific Open Source License entitle Company to the source code of the respective Open Source Software (if any), that source code may be available from Sonatype upon request (a nominal fee may be charged by Sonatype for processing such request).    

7. CONFIDENTIALITY

  1. Definition of Confidential Information. As used herein, "Confidential Information" means all confidential information disclosed by a Party ("Disclosing Party") to the other Party ("Receiving Party"), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure.  Confidential Information of each Party shall include the terms and conditions of this Agreement and all Ordering Documents, as well as business and marketing plans, research, development, services, customers, customer lists, designs, drawings, technology and technical information, products, product plans, software, developments, inventions, processes, formulas, finances, and business processes of such Party; and Sonatype’s Confidential Information shall include the Services, the Training Materials, and the Documentation.  However, Confidential Information shall not include any information that (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party, (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party, (iii) is received from a third party without breach of any obligation owed to the Disclosing Party, or (iv) was independently developed by the Receiving Party without use of or access to the Disclosing Party’s Confidential Information. 
  2. Protection of Confidential Information. Except as otherwise permitted in writing by the Disclosing Party or as otherwise set forth in this Agreement, (i) the Receiving Party shall use the same degree of care that it uses to protect its own confidential information of like kind (but in no event less than reasonable care) not to disclose any Confidential Information of the Disclosing Party or use it for any purpose beyond the scope of this Agreement, and (ii) the Receiving Party shall limit access to Confidential Information of the Disclosing Party to those of its employees, contractors, and agents who need such access for purposes consistent with this Agreement, who have signed confidentiality agreements with the Receiving Party containing terms that are no less protective of the Confidential Information than those herein, and for whom the Receiving Party remains fully liable.
  3. Compelled Disclosure. The Receiving Party may disclose Confidential Information of the Disclosing Party if it is compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior written notice of such compelled disclosure (to the extent not legally prohibited) and reasonable assistance, at the Disclosing Party's cost, if the Disclosing Party wishes to contest the disclosure.
  4. Injunctive Relief.  Each Party acknowledges that the extent of damages in the event of any threatened or actual breach of this Section 7 would be difficult or impossible to ascertain and that there would be available no adequate remedy at law in the event of any such breach.  Each Party therefore agrees that, in the event it breaches this Section 7, the other Party will be entitled to specific performance and injunctive or other equitable relief, in addition to any other relief to which it may be entitled at law or in equity.  Any such relief shall be in addition to and not in lieu of any relief in the form of monetary damages.

8. WARRANTIES AND DISCLAIMERS

  1. Sonatype’s Warranties. Sonatype warrants that: (i)  all Training Services will be performed by Sonatype in a professional and workmanlike manner; provided that Company’s exclusive remedy in the event of a breach of this warranty will be re-performance of the Training Services by Sonatype; and (ii) a Service shall perform materially in accordance with the Documentation; provided that Sonatype’s sole liability and Company’s sole and exclusive remedy for any breach of this warranty shall be, in Sonatype’s sole discretion and at no charge to Company, to use commercially reasonable efforts to provide Company with an error correction or work-around that corrects the reported non-conformity or, if Sonatype determines such remedy to be impracticable, to terminate the Subscription Term and, provided Company complies with its post-termination obligations hereunder, refund to Company a pro-rata portion of the Subscription fees paid by Company to Sonatype for the applicable Service equal to the unused portion of the Subscription Term; provided further that the limited warranty set forth in this Section 8(a)(ii) will not apply: (A) if a Service is used with third-party network equipment, hardware or software not specified in the Documentation, (B) if the error was caused by misuse, unauthorized modifications or third-party hardware, software or services or by Company’s use of the Services in a manner that does not comply with this Agreement, (C) any disruption to the Services caused by the Company Data, or (D) failure of Company to access the Services due to interruptions in its internet access or other downtime caused by or attributable to Company’s internet provider.
  2. Mutual Warranties. Each Party represents and warrants that (i) it has the full right, power, and authority to enter into this Agreement and perform its obligations hereunder; (ii) its execution, delivery, and performance of this Agreement will not conflict with or result in a breach or other violation of any agreement or other third party obligation by which it is bound; and (iii) when accepted electronically or otherwise, this Agreement will constitute a legal, valid, and binding obligation enforceable against it in accordance with its terms. 
  3. General Disclaimers.  EXCEPT AS OTHERWISE PROVIDED IN THIS AGREEMENT, SONATYPE MAKES NO AND HEREBY DISCLAIMS, AND COMPANY HEREBY WAIVES, ANY AND ALL REPRESENTATIONS AND WARRANTIES REGARDING THIS AGREEMENT, THE SERVICES, TRAINING SERVICES, REPORTS, AND/OR TRAINING MATERIALS CONTEMPLATED HEREBY, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND ERROR-FREE OR UNINTERRUPTED SERVICE.  FURTHERMORE, THE SERVICES, TRAINING SERVICES, REPORTS, AND TRAINING MATERIALS MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS, AND SONATYPE IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, OR OTHER DAMAGES RESULTING FROM SUCH PROBLEMS.  MOREOVER, ALL REPORTS GENERATED BY THE SERVICES INCLUDE PUBLICLY AVAILABLE LICENSE AND SECURITY INFORMATION RELEVANT TO CERTAIN SOFTWARE COMPONENT IDENTIFIERS AND, ALTHOUGH SONATYPE WILL MAKE COMMERCIALLY REASONABLE EFFORTS TO ENSURE THAT SUCH REPORTS ARE CURRENT AND ACCURATE, THERE ARE NATURAL LATENCIES ASSOCIATED WITH OBTAINING AND MAKING AVAILABLE INFORMATION AND DATA ASSOCIATED WITH SOFTWARE COMPONENT IDENTIFIERS.  AS SUCH, COMPANY ACKNOWLEDGES AND AGREES THAT THE INFORMATION AND DATA INCLUDED IN SUCH REPORTS MAY NOT BE ACCURATE OR COMPLETE. FURTHERMORE, REFERENCES TO AND ANY CATEGORIZATION OF OPEN SOURCE SOFTWARE LICENSE AGREEMENTS (OR TERMS THEREOF) INCLUDED IN A REPORT DO NOT CONSTITUTE LEGAL ADVICE OR GUIDANCE AND COMPANY ACKNOWLEDGES AND AGREES THAT IT IS RESPONSIBLE FOR SEEKING APPROPRIATE LEGAL ADVICE REGARDING COMPANY’S RIGHTS AND OBLIGATIONS SET FORTH IN ANY SUCH LICENSE AGREEMEN
  4. Open Source Software Disclaimers.  Company may use a Service to access and use certain Open Source Software as artifacts that Company may retrieve from certain Open Source Software code repositories or any other public places or sites.  Any such Open Source Software is not licensed by or through Sonatype and Company is solely responsible for determining its right to copy, modify or otherwise use such Open Source Software and for complying with the terms and conditions of the applicable license that governs such Open Source Software. SONATYPE MAKES NO WARRANTIES OR REPRESENTATIONS AND WILL HAVE NO LIABILITY OR RESPONSIBILITY REGARDING SUCH OPEN SOURCE SOFTWARE AND/OR COMPANY’S ACCESS TO AND/OR USE THEREOF.

9. INDEMNIFICATION.

  1. Sonatype Indemnification. Sonatype shall defend Company against any claim, demand, suit, or proceeding ("Claim") made or brought against Company by a third party alleging that Company’s use of a Service as permitted in accordance with this Agreement infringes or misappropriates the intellectual property rights of a third party, and shall indemnify Company for any damages finally awarded against, and for reasonable attorney’s fees incurred by, Company in connection with any such Claim; provided that Company (i) promptly gives Sonatype written notice of the Claim; (ii) gives Sonatype sole control of the defense and settlement of the Claim; and (iii) provides to Sonatype all reasonable assistance, at Sonatype’s expense.  Sonatype shall have no liability under this Agreement with respect to any Claim based upon: (A) combination or use of a Service with equipment, products, systems, software, materials or processes not furnished by Sonatype if, absent such combination, no infringement would exist; (B) use of a Service in a manner inconsistent with the Documentation; or (C) use of a Service which use breaches this Agreement.  If Company’s use of a Service is, or in Sonatype’s opinion is likely to be, enjoined due to a Claim, then Sonatype may: (x) procure for Company the right to continue using such Service per the terms of this Agreement; (y) replace or modify the applicable Service so that it is non-infringing and substantially equivalent in function to the enjoined Service; or (z) terminate Company’s Subscription to access and use the Service and, provided Company complies with its post-termination obligations hereunder, refund any unused, prepaid fees covering the remainder of the Subscription Term after the effective date of such termination.  This Section 9 states Sonatype’s sole liability to Company, and Company’s exclusive remedy against Sonatype, for any and all Claim(s).
  2. Company Indemnification. Company will defend Sonatype and its Affiliates against any Claim made or brought against Sonatype by a third party alleging that any Company Data or Company’s use of Company Data with a Service infringes or misappropriates such third party’s intellectual property rights, or Claim arising from Company’s use of a Service in an unlawful manner or in violation of the Agreement, Documentation, or Ordering Document (each a “Claim Against Sonatype”), and shall indemnify Sonatype for any damages finally awarded against, and for reasonable attorney’s fees incurred by, Sonatype in connection with any such Claim Against Sonatype provided Sonatype (a) promptly gives Company written notice of the Claim Against Sonatype, (b) gives Company sole control of the defense and settlement of the Claim Against Sonatype (except that Company may not settle any Claim Against Sonatype unless it unconditionally releases Sonatype of all liability), and (c) gives Company all reasonable assistance, at Company’s expense. 

10. LIMITATION OF LIABILITYNEITHER PARTY WILL BE LIABLE (WHETHER IN CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHER THEORY), TO THE OTHER PARTY OR ANY OTHER PERSON OR ENTITY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES (INCLUDING DAMAGES FOR LOSS OF PROFIT, BUSINESS OR DATA) ARISING OUT OF THIS AGREEMENT.  EXCEPT FOR AMOUNTS TO BE PAID PURSUANT TO SECTION 9 OR DAMAGES ARISING FROM A BREACH OF SECTION 7, THE AGGREGATE LIABILITY OF SONATYPE ARISING OUT OF OR RELATING TO THIS AGREEMENT, WHETHER IN CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE, WILL NOT EXCEED THE AGGREGATE AMOUNT PAID AND PAYABLE BY COMPANY TO SONATYPE DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE DATE ON WHICH A CLAIM ARISES.

11. TERM AND TERMINATION.

  1. Term of Agreement. This Agreement commences on the Effective Date and shall govern all Ordering Documents that are agreed by the Parties until this Agreement is terminated pursuant to this Section 11. 
  2. Subscription Term.  Each Subscription purchased by Company commences on the start date specified in the applicable Order Form and continues for the Subscription Term specified therein (the “Initial Term”).  Except as otherwise specified in an Order Form or as terminated pursuant to this Agreement or the applicable Order Form, all Subscriptions shall automatically renew for additional periods equal to twelve (12) months for the same number of Users or Applications, as applicable, as of the end of the prior Subscription (each a “Renewal Term” and, together with the Initial Term, and collectively referred to as the “Subscription Term”), unless either Party gives the other written notice of non-renewal at least 60 days prior to the end of the Subscription Term. The fees charged by Sonatype to Company for any Renewal Term shall be Sonatype’s then-current fees for the Service licensed as part of the Subscription. Notwithstanding anything to the contrary in this Agreement or an Ordering Document, in the event Company elects to decrease the number of Users or Scan IDs (as applicable), licensed Products or length of Subscription Term from the prior Subscription Term, this decrease will result in re-pricing of the Service Subscriptions for such Renewal Term without regard to the prior Subscription Term’s per-unit pricing.
  3. Termination. A Party may terminate any Ordering Document and/or this Agreement for cause: (i) upon 30 days written notice to the other Party of a material breach if such breach remains uncured at the expiration of such period, or (ii) if the other Party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors. 
  4. Effect of Termination and Expiration.  Neither termination nor expiration of this Agreement will release the Parties from any liability that, at the time of termination or expiration, has already accrued or that thereafter may accrue with respect to any act or omission before termination or expiration, or from any obligation that is expressly stated in this Agreement to survive termination and expiration.  Upon any termination or expiration of this Agreement, each Party shall (i) immediately discontinue all access to and use of the other Party’s Confidential Information, including, for purposes of Company, all access to and use of the Services; (ii) delete the other Party’s Confidential Information from its computer storage or any other media, including online and off-line libraries; (iii) return to the other Party or, at the other Party’s option, destroy, all copies of such other Party’s Confidential Information then in its possession; and (iv) promptly pay all amounts due and remaining payable hereunder. Sonatype shall have no obligation to maintain or provide any Company Data and shall, unless legally prohibited, be entitled to delete all Company Data in its systems or otherwise in its possession or under its control. Except as otherwise stated in this Agreement, termination or expiration of this Agreement, regardless of cause or nature, shall be without prejudice to any other rights or remedies of the Parties and shall be without liability for any loss or damage occasioned thereby.
  5. Surviving Provisions. Any provision which by its nature should survive termination or expiration of the Agreement, including Sections 3(e), 3(h), 3(j) and (k),  5, 6, 7, 10, 11(d) and (e), 12, and 13(b), (e), (f), (h), (i) and (l), shall survive any termination or expiration of this Agreement.
12. NOTICES, GOVERNING LAW AND JURISDICTION
  1. Notices. Notices required or permitted by this Agreement shall be in writing and delivered as follows, with notice deemed given as indicated: (a) by personal delivery, when delivered personally; (b) by overnight courier, upon written verification of receipt; or (c) by certified or registered mail, return receipt requested, upon verification of receipt.  Notices shall be sent as follows:  (i) by Sonatype to Company’s last known address on file with Sonatype; and (ii) by Company to: Sonatype, Inc., 8161 Maple Lawn Boulevard, Suite 250, Fulton, MD 20759, Attention: Legal Department.  Either Party may designate a different address by providing written notice to the other Party.
  2. Governing Law; Jurisdiction; Jury Trial. The validity, construction, and performance of this Agreement shall be governed by and construed in accordance with the laws of the State of Maryland without regard to any conflicts of laws or choice of law rules.  Each Party agrees to submit to the exclusive jurisdiction of the State courts located in Howard County, Maryland and Federal courts located in the State of Maryland.  The Parties expressly disclaim the applicability of, and waive any rights based upon, the Uniform Computer Information Transactions Act or the United Nations Convention on Contracts for the International Sale of Goods.  Each Party hereby waives any right to jury trial in connection with any action or litigation in any way arising out of or related to this Agreement. 
13. GENERAL
  1. Export Compliance. Each Party shall comply with the export laws and regulations of the United States and other applicable jurisdictions when performing its obligations and/or exercising its rights hereunder. Without limiting the foregoing, (i) each Party represents that it is not named on any U.S. government list of persons or entities prohibited from receiving exports from the United States, and (ii) Company shall not permit a Service to be accessed or used in violation of any U.S. export embargo, prohibition or restriction. Furthermore, Company will not, directly or indirectly, remove or export from the United States or allow the export or re-export of any part of a Service and/or Documentation: (A) into (or to a national or resident of) any embargoed or terrorist-supporting country; (B) to anyone on the U.S. Commerce Department’s Table of Denial Orders or U.S. Treasury Department’s list of Specially Designated Nationals; (C) to any country to which such export or re-export is restricted or prohibited, or as to which the United States government or any agency thereof requires an export license or other governmental approval at the time of export or re-export without first obtaining such license or approval; or (D) otherwise in violation of any export or import restrictions, laws or regulations of any United States or foreign agency or authority. In the event Company violates the terms of this Section 13(a), Sonatype may upon written notice to Company terminate this Agreement immediately along with any outstanding Ordering Documents.
  2. Anti-Corruption. Company hereby agrees that neither it nor any of its Affiliates (including all of their respective employees, Contractors, agents and representatives) have received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from any Sonatype employee or agent in connection with this Agreement. Reasonable gifts and entertainment provided in the ordinary course of business do not violate the above restriction. If Company learns of any violation of the above restriction, Company will promptly notify Sonatype’s Legal Department at legal@sonatype.com.  
  3. Privacy. If Company’s use of a Service involves processing personal data pursuant to Regulation 2016/679 (the “GDPR”) and/or transferring personal data outside the European Economic Area or Switzerland to any country not deemed by the European Commission as providing an adequate level of protection for personal data or applicable personal data regulations, Sonatype will transfer and/or process such personal data in accordance with its Privacy Policy (https://www.sonatype.com/privacy-policy).  
  4. Relationship of the Parties. The Parties will perform hereunder as independent contractors. Nothing contained in this Agreement shall be deemed to create any association, partnership, joint venture, or relationship of principal and agent between the Parties.
  5. Government End Users.  The Services are comprised of commercial computer software that have been developed fully at private expense.  If Company, a User, or any licensee of a Service is or becomes an agency, department, or other entity of the United States Government, the use, duplication, reproduction, release, modification, disclosure, or transfer of such Service, or any related Documentation of any kind, including technical data and manuals, is restricted by a license agreement or by the terms of this Agreement in accordance with Federal Acquisition Regulation 12.212 for civilian purposes and Defense Federal Acquisition Regulation Supplement 227.7202 for military purposes. All other use is prohibited.
  6. No Third-Party Beneficiaries. There are no third-party beneficiaries to this Agreement and the Parties acknowledge that this Agreement is intended solely for the benefit of the Parties, their successors, and permitted assigns.  Nothing herein, whether express or implied, shall confer upon any person or entity, other than the Parties, their permitted successors and assigns, any legal or equitable right whatsoever to enforce any provision of this Agreement.
  7. Force Majeure. Sonatype shall be excused from performance of its obligations under this Agreement if such a failure to perform results from compliance with any requirement of applicable law or government order, acts of God, fire, strike, embargo, terrorist attack, war, insurrection or riot, pandemic, epidemic, national or regional emergency, Internet service provider failure or delay, denial of service attack or other causes beyond the reasonable control of Sonatype. Any delay resulting from any such cause shall extend performance accordingly or excuse performance, in whole or in part, as may be reasonable under the circumstances.
  8. Waiver and Cumulative Remedies; Severability. No failure or delay by either Party in exercising any right under this Agreement shall constitute a waiver of that right. Other than as expressly stated herein, the remedies provided herein are in addition to, and not exclusive of, any other remedies of a Party at law or in equity. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, such provision shall be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of this Agreement shall remain in effect.
  9. Assignment. Neither Party will have the right to assign this Agreement without the written consent of the other Party; provided, however, that Sonatype will have the right to assign this Agreement to an Affiliate of Sonatype or pursuant to a merger, consolidation, reorganization or sale of all or substantially all of the assets of the business to which this Agreement relates. Any assignment in violation of the foregoing provision shall be void and of no effect. Subject to the foregoing, this Agreement shall bind and inure to the benefit of the Parties, their respective successors and permitted assigns.
  10. Publicity.  Either party may reference the name and logo of the other party in its lists of customers or vendors, as applicable. Upon written notice, the party receiving the request will stop any further use of the requesting party’s name or logo.
  11. Headings; Contract Interpretation. The captions to the Sections of this Agreement are not a part of this Agreement but are merely guides or labels to assist in locating and reading the Sections hereof. The terms “this Agreement,” “herein,” “hereof,” “hereunder” and similar expressions refer to this Agreement and not to any particular section or other portion hereof. Except as expressly provided otherwise, references herein to “days” are to calendar days. Any use of the term “including” in this Agreement shall be construed as if followed by the phrase “without limitation.”
  12. Entire Agreement; Counterparts. This Agreement constitutes the entire agreement between the Parties and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. No modification, amendment, or waiver of any provision of this Agreement shall be effective unless in writing and signed by an authorized representative of each Party; provided that Sonatype reserves the right to modify the terms and conditions of this Agreement or its policies relating to the Services at any time. Company is responsible for regularly reviewing this Agreement, and continued use of a Service after any such changes shall constitute Company’s consent to such changes.  Notwithstanding any language to the contrary therein, no terms or conditions stated in Company’s purchase order or other order documentation shall be incorporated into or form any part of this Agreement, and all such terms or conditions shall be null and void.