Sonatype, Inc. ("Sonatype") shall provide Company support services and product maintenance (“Support”) for the Products and Documentation in accordance with this Sonatype Software Support Policy (the "Policy"), provided that such Support is limited to those Products for which Company currently has an active Subscription. 

1. DEFINITIONS

All defined terms that are not defined herein will have the meaning ascribed to them in the Agreement. 

    1.   Agreement: means the end user license agreement or subscription agreement pursuant to which Product Subscriptions are purchased by Company.
    2.   Authorized Support Contact: means an individual designated by Company to be responsible for contacting Sonatype's Support organization. All e-mail addresses associated with Authorized Support Contacts must be (i) tied to an individual (i.e., no shared e-mail or distribution lists) and (ii) a Company e-mail address that matches (or is substantially similar to) the Company name, unless otherwise mutually agreed upon by Sonatype and Company.  Company may change its Authorized Support Contact(s) at any time by utilizing MY.sonatype.com or by contacting Sonatype Support. 
    3.   Company: means the entity licensing Products and/or receiving Services from Sonatype pursuant to the Agreement.
    4.   Sunsetting Announcement: means the written communication published by Sonatype announcing the sunsetting of the Support of a Product, a Software Release, and/or certain functionality within a Product. 
    5.   Extended Maintenance Period: means the time period set forth in the Sunsetting Announcement where Sonatype will provide Extended Maintenance Support for a Product, a Software Release, and/or certain functionality within a Product as described herein.
    6.   Error: means any verifiable and reproducible failure of a Product to substantially conform to the Specifications for such Product. Notwithstanding the foregoing, "Error" shall not include any such failure that is caused by: (i) the use or operation of the Product with any other software or programming languages or in an environment other than that intended or recommended by Sonatype in the Documentation, (ii) modifications to the Product not made by Sonatype, or (iii) any bug, defect, or error in third-party software used with the Product.
    7.   Error Correction(s): means either (i) a modification or addition to or deletion from a Product that substantially conforms such Product to the then-current Specifications, or (ii) a procedure or routine that, when exercised in the regular operation of the Product, eliminates any material adverse effect on Company caused by such Error. An Error Correction may be a correction, workaround, fix, or service pack, and, for the avoidance of doubt, shall not be considered Software Releases under this Policy unless otherwise determined by Sonatype in its sole discretion.
    8.   Software Releases: means the software releases made generally available from time to time by Sonatype. Software Releases do not include (i) Error Corrections (unless otherwise determined by Sonatype in its sole discretion) or (ii) options, new products being added to a product line, or new functionality that is licensed or sold as a separate Product.
    9.   Specifications: means the published technical specifications of the Products, as set forth in each Product's Documentation.
2. SUPPORT LIFECYCLE

Sonatype’s Support obligations with respect to the Products and Preview Services shall be subject to the Product categorization and Support lifecycle set forth below. For additional information regarding Product categorization and sunsetting information, please refer to our help documentation available here.

    1. Preview: Sonatype may, at its discretion, make early access to certain offerings and/or functionality available to Company on a preview, beta, pilot, early access, evaluation or similar basis (“Preview Services”) to try at no additional charge. Sonatype shall have no Support obligations under this Policy and/or the Agreement with respect to the Preview Services. Sonatype may discontinue Preview Services at any time in its sole discretion and may choose to never make them generally available to its customers.

    2. Generally Available: Sonatype's Support obligations set forth in this Policy shall apply only to Sonatype’s commercial Products. For each Product, Sonatype's Support obligations shall apply only to the then-current generally available Software Release; provided that (i) each Software Release shall be supported for a minimum of twelve (12) months from the date such Software Release  is made generally available (“GA Support Period”) and (ii) any Software Release delivered to Company by Sonatype after a Sunsetting Announcement does not serve to extend the GA Support Period. In order to correct Errors in the Products reported by Company, Sonatype may require that Company update the applicable Products to the then-current Software Release. Notwithstanding the foregoing, Sonatype reserves the right, in its discretion, to discontinue Support for any feature and/or functionality within a Software Release (including by removing such feature and/or functionality from any subsequently issued Software Releases) at any time by providing a Sunsetting Announcement in accordance with this Policy; provided, that such modification does not materially degrade the essential functionality of such Software Release in the manner it was initially delivered to Company by Sonatype.

    3. Extended Maintenance: In the event either (i) Sonatype has published a Sunsetting Announcement with respect to a Product and/or certain features or functionality or (ii) the GA Support Period for a Software Release has expired (in each case, such software shall be referred to as “EM Software”), starting on the commencement date of the Extended Maintenance Period set forth in the Sunsetting Announcement (as applicable), Sonatype shall have no Support obligations under this Policy and/or Agreement with respect to such EM Software other than making commercially reasonable efforts to provide Error Corrections for Severity 1 Level Errors (as determined by Sonatype) through the end of Extended Maintenance Period (“Extended Maintenance Support”). At the end of the Extended Maintenance Period, such EM Software shall be considered Sunsetted Software as defined below and Sonatype will have no Support obligations (including any Extended Maintenance Support) under this Policy and/or the Agreement.

    4. Sunsetted: At the conclusion of the Extended Maintenance Period (if any), Support for all such EM Software shall be discontinued and Sonatype’s Support obligations (including Extended Maintenance Support) under this Policy and/or the Agreement shall immediately cease (“Sunsetted Products”). 
3. SUPPORT PLANS FOR PRODUCTS*
  1. Standard Support 

    During the term of this Policy, Sonatype will provide technical consultation and advice related to the Products to Company's Authorized Support Contacts between the hours of 9:00 a.m. and 5:00 p.m. local time, Monday through Friday but excluding Sonatype's and local holidays, regardless of Severity Level. Standard Support is provided in accordance with Section 5 of this Policy. Company will also receive:

    1. Four (4) Authorized Support Contacts.
    2. Twenty-four (24) hour access to Sonatype's online support portal, including access for Authorized Support Contacts to Sonatype's eService for submitting and browsing trouble tickets.
    3. Product Maintenance as more fully described under Section 4 of this Policy.
  2. Extended Support

    In addition to Standard Support, Company has the option to purchase the Extended Support plan for Sonatype’s Product offerings. Extended Support provides Company with support for Severity-1 issues (Production outages) only 24x7x365.

    Except as otherwise agreed between Sonatype and Company, Extended support is included with Sonatype’s hosted Service offerings: Sonatype IQ - Cloud, Sonatype Lifecycle - Cloud and Sonatype Repository Firewall Cloud.

4. PRODUCT MAINTENANCE
  1. Product Releases.
    1. For Products, during the term of the applicable support plan, and provided that Company is not in breach of the Agreement, Sonatype will make available new, generally available, Software Releases to Company. All such Software Releases shall be delivered electronically over the Internet.
    2. For Preview Services, EM Software, and Sunsetted Software, Sonatype shall be under no obligation to make available any new, generally available Software Releases to Company. In the event Sonatype does make a new Software Release available with respect to any EM Software, such new Software Release shall be deemed to be a maintenance release and will not lengthen, delay or otherwise modify the Extended Maintenance Period set forth in the Sunsetting Announcement. Further, in the event Sonatype makes available a new Software Release with respect to any Sunsetted Product, that shall have no impact on Sonatype’s Support obligations set forth herein or otherwise change the designation of such Product as a Sunsetted Product.
  2. Error Corrections.
    1. During the term of the applicable support plan, Sonatype shall use commercially reasonable efforts to provide Error Corrections for Errors in the Products reported by Company to Sonatype. In order to correct Errors in the Products reported by Company, Sonatype may require that Company update the applicable Products to the then-current Software Release.
    2. Sonatype shall have no obligation under this Policy to correct Errors that result from the breach by Company of this Policy or the Agreement, or which cannot be remedied due to any modifications of the Products made by Company or any third party. If Sonatype agrees to remedy any errors or problems not covered by the terms of this Policy, Company shall pay Sonatype for all such work performed at Sonatype's then-current standard professional services rates. Company acknowledges that Sonatype is under no obligation to perform services with respect to any hardware or any software other than the Products.
5. SERVICE EXPECTATIONS
  1. Severity Classifications. The following support severities are used for classifying Company's issues. These classifications ensure consistent treatment of problems handled by Sonatype Support. Sonatype Support will decide on the appropriate severity level after consulting with Company.
    1. Severity 1: The Product is not functioning in accordance with the Specifications, production business operations cannot be performed, and no work-around is available. Sonatype and Company are willing to commit resources around the clock to resolve the situation (provided that Company's support plan includes after-hours coverage).
    2. Severity 2: The Product is not functioning in accordance with the Specifications, (i) affecting significant aspects of production business operations and no workaround is available, or (ii) Sonatype and Company have agreed to escalate an issue that would otherwise be Severity 3, but is delaying a production go-live that is scheduled to commence within seven days.
    3. Severity 3: The Product is not functioning in accordance with the Specifications, (i) affecting development, test, staging, or quality assurance (but not production) environments, or (ii) production business operations are impacted, but a known work-around exists. Company is able to implement the workaround without a severe interruption of production processing.
    4. Severity 4: Company requires information or assistance regarding a Product, Product capabilities, installation, or configuration; Company reports a cosmetic or Documentation issue that has no material impact on current productivity, or Company reports a problem or makes a suggestion that would result in a product enhancement.
  2. Response Expectations. 
      1. For all supported Products, Table 1 below specifies the level of response that will be given to an issue raised by Company based upon the assigned severity of the issue.

    TABLE 1

    Severity Level

    Acknowledgment Time*

    Response Expectation

    Severity 1

    Within 3 hours

    Provide a fix or workaround within 2 business days of trouble ticket submission

    Severity 2

    Within 5 hours

    Provide a fix or workaround within 1 week of trouble ticket submission

    Severity 3

    Within 6 hours

    Address the query in a commercially reasonable and timely manner

    Severity 4

    Within 8 hours

    If Sonatype determines to address the Severity 4 Error, address the query in a commercially reasonable and timely manner

    *All times calculated based on business hours except that Severity 1 issues will be based on 24x7 response times only for customers with an Extended Support Subscription.

    1. If an issue is solvable, depending on the nature of the issue, the resolution may take the form of an explanation, recommendation, usage instructions, workaround instructions, or advising Company of an available software fix.

    6. PROPRIETARY RIGHTS

    Any Error Corrections to the Products, Preview Services, EM Software, Sunsetted Software or Documentation effected or delivered under this Policy and any Error Corrections, or Software Releases delivered under this Policy shall be deemed part of the applicable Product, Preview Services, EM Software, Sunsetted Software, and subject to all of the confidentiality and proprietary provisions set forth in the Agreement along with the terms governing it use.

    _____________________________________________________________________________________________

    * Sonatype Support Plans, including the terms of the Policy, are subject to change at Sonatype's discretion.