Trellix logo
Trellix Xpand Live
Register Now

September 27-29, 2022 ARIA Hotel & Casino Save the date and start planning to align with our leadership teams to learn our vision for a new kind of cybersecurity and learn more about our innovations in cyber intelligence and XDR architecture.

Trellix CEO
Our CEO on Living Security

Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.

Gartner Marketplace Guide (XDR)
Gartner® Report: Market Guide for XDR

As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."

Trellix Launches Advanced Threat Research Center
Trellix Launches Advanced Research Center

Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.

The Threat Report - Summer 2022
Latest Report

Our Summer 2022 threat report details the evolution of Russian cybercrime, research into medical devices and access control systems, and includes analysis of email security trends.

Trellix CEO
Our CEO on Living Security

Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.

Trellix Xpand Live
Register Now

September 27-29, 2022 ARIA Hotel & Casino Save the date and start planning to align with our leadership teams to learn our vision for a new kind of cybersecurity and learn more about our innovations in cyber intelligence and XDR architecture.

Cloud Terms of Service

Cloud Services Agreement

This Cloud Services Agreement (the “Agreement”) is an agreement between the Company (as defined below, or “We,” “Us,” “Our”) and you, whether individually or on behalf of an entity, as applicable and identified in the Grant Letter (“Customer,” “You,” “Your,” or “Yourself”). Company and Customer may each be referred to in this Agreement as a “Party” or together as the “Parties.”

By accessing or using the Cloud Services, You agree to this Agreement on behalf of You and Users and You represent and warrant that You have full authority to bind You and Users to this Agreement. If You do not agree to this Agreement, You may not access or use the Cloud Services, and You must immediately notify Us to cancel the Cloud Services identified in the Grant Letter without accessing or using the Cloud Services. In the event You purchase from an Authorized Partner, the terms of this Agreement apply to Your use of the Cloud Services and prevail over any inconsistent provisions in Your agreement with such Authorized Partner.

If You are accepting this Agreement on behalf of another person or other legal entity, You represent and warrant that You have full authority to bind that person or legal entity to this Agreement. If You have not paid for a subscription to the Cloud Services, such services are deemed an Evaluation Product under Section 12.

Capitalized terms used in this Agreement have the meaning assigned to them in Section 15 or elsewhere in this Agreement. The interpretation clause in Section 16 sets out the rules of interpretation for this Agreement.

Right Of Use And Restrictions

1.1 Right to Access and Use. Subject to the terms of this Agreement, We grant You a limited, revocable, nonexclusive, nontransferable, non-assignable, non-sublicensable worldwide right to access and use the Cloud Services described in the Grant Letter during the applicable Subscription Period solely for Your internal business purposes in accordance with the Agreement and the entitlements set out in the Grant Letter(s). Use of the Cloud Services depend on the types of subscriptions purchased (e.g., Users) and are subject to the Product Entitlement definitions on the applicable date of Your Grant Letter. You must have an active subscription to the Cloud Services in order to continue to receive access to the Cloud Services. User-based subscriptions may not be shared or used by more than one individual User but may be reassigned to new Users who are replacing former Users that have been terminated or otherwise no longer use the Cloud Services.

1.2 Affiliates. You may permit Affiliates to use the Cloud Services in accordance with this Agreement, provided that You are responsible and fully liable for each Affiliate’s compliance with this Agreement.

1.3 Access Software. If We provide Software to You to access the Cloud Services, You must access the Cloud Services with that Software. Such Software is provided to You subject to the EULA, which applies with respect to any Software. Such Software may include, without limitation, APIs, cloud connectors, key agents, integrators, and extensions that may be used to access or integrate with the Cloud Services. Any conflict or inconsistency between the EULA and this Agreement will be resolved in favor of the EULA if it relates to Software, and this Agreement as it relates to Cloud Services or other matters.

1.4 Developer Portal APIs Provided as a Service. You may use any APIs and instructions that We may make available through Our developer portal in accordance with this Agreement for integration of Our Cloud Services with non-Company applications for Your internal, non-commercial, non-production network environment use only, except as otherwise mutually agreed in writing. We have no responsibility, and You are wholly responsible for any API integration by You with non-Company applications or for any third parties processing of data sent via API at Your direction. APIs ARE PROVIDED "AS IS" WITH NO WARRANTY WHATSOEVER, EXPRESS, OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE, WHICH ARE HEREBY EXPRESSLY DISCLAIMED.

1.5 Managing Parties. If You enter into a contract for a third-party to manage Your information technology resources (“Managing Party”), You may authorize the Managing Party to use the Cloud Services on Your behalf, provided that:

  • the Managing Party only uses the Cloud Services for Your internal business operations;
  • the Managing Party agrees in writing to be bound by this Agreement;
  • You provide Us with written notice that a Managing Party will be using the Cloud Services on Your behalf; and
  • You remain responsible for all use of the Cloud Services by the Managing Party.

1.6 Restrictions. You will not, and will not allow Users or any third parties to:

  • (a) license, sublicense, access, use, sell, resell, transfer, assign, distribute, or otherwise commercially exploit or make the Cloud Services available to any third-party;
  • (b) modify, decompile, reverse engineer, or copy the Cloud Services, or any of their components;
  • (c) access or use the Cloud Services to build or support any products or services competitive with the Cloud Services;
  • (d) use the Cloud Services to conduct fraudulent activities;
  • (e) attempt to gain unauthorized access to the Cloud Services, engage in any denial-of-service attacks, or otherwise cause immediate, material, or ongoing harm to Us, the provision of the Cloud Services, or to others;
  • (f) impersonate or misrepresent an affiliation with a person or entity;
  • (g) access or use the Cloud Services for monitoring the availability, security, performance, functionality, or for any other benchmarking or competitive purposes without Our express written permission;
  • (h) falsely identify Yourself or provide any false information to establish any account that will be used to gain access to and/or use of any Company Products;
  • (i) use the Cloud Services to initiate or propagate Malware;
  • (j) use the Cloud Services as an HTTP server that allows third-party relay or proxy of web traffic; or
  • (k) use the Cloud Services in a manner that violates applicable law or regulation, infringes on the rights of any person or entity, or violates this Agreement.
Each of (a) to (k) is a “Prohibited Use”. A Prohibited Use is a material breach of this Agreement, as determined in Our sole discretion.

1.7 Right to Use Customer Data.

  • (a) You grant Us a non-exclusive, royalty-free right and license to access and use the Customer Data as necessary during the Subscription Period:
    • (i) for Us to provide the Cloud Services and Support to You during the Subscription Period; and
    • (ii) for administering this Agreement, including assuring that the right number of subscriptions and/or User accounts have been issued.

Your Obligations

2.1 Access. You are responsible for all activity occurring under Your Cloud Services and Support accounts. You will provide Us with all information and assistance required to supply the Cloud Services or enable Your use of the Cloud Services. You will immediately notify Us of any unauthorized account use or other suspected security breach, or unauthorized use, copying or distribution of Cloud Services, Documentation or Customer Data.

2.2 System Administrator. As needed, You will provide Us contact information for Your system administrator, who is authorized to provide the information required to configure and manage the Cloud Services (“System Administrator”). Depending on the Cloud Services purchased, We may provide You with a confidential access code to the administration tool, which may only be accessed by the System Administrator.

2.3 Updated Information. You must provide current and complete Users’ information as necessary for Us to manage Your account.

Technical Support Service

We will provide Support to You in accordance with the applicable Service Schedule. The Support and/or any Support terms may be updated from time to time; however, provided that the updates do not materially reduce the level of performance, functionality, or availability of the Support during the Subscription Period.

Privacy And Use Of Data

4.1 Each Party must comply with applicable laws governing the collection, use and disclosure

of Personal Data and must obtain consents required with respect to the handling of Personal Data. Unless a separate written agreement has been executed between the Parties, Your use of the Cloud Services shall be deemed to be Your agreement to the Data Processing Agreement (“DPA”) as set out in full on Our website, available at https://www.trellix.com/en-us/assets/docs/legal/customer-data-processing-agreement.pdf. In the event of any conflict between the terms of the DPA and the Agreement, the terms of the DPA will take precedence.

4.2 You grant Us a non-exclusive, irrevocable, worldwide, perpetual right and license to use,

reproduce and disclose Threat Data and deidentified material for improvement of products and services; research to enhance understanding of Malware, threats, and vulnerabilities; and to improve overall security. This includes without limitation compiling statistical and performance information and making such information publicly available. We retain all rights in Threat Data and aggregated and anonymized data.

4.3 You agree that Company Products, Services, Software, hardware, appliances, or Support may

employ applications and tools to collect Customer Data. You agree that such collection of Customer Data may be necessary to provide You and End Users with the relevant functionalities. You may be required to uninstall, disable, or cease use of the above to stop further Customer Data collection, including under the circumstances described in Section 5 below. Your use of Company Products and Services is further subject to our Company Privacy Notice.

4.4 You represent and warrant that You:

  • (a) have the legal rights and applicable consents to provide Customer Data to Us;
  • (b) have provided any required notices and have obtained any consents and/or authorizations (including any required from Users) related to Your use of any Company Products and Our processing of Customer Data (including any Personal Data); and
  • (c) will comply with all applicable laws, rules, and regulations for collecting, processing, and transferring Customer Data to Us.

4.5 You have sole responsibility for the accuracy, quality, integrity, legality, reliability, and appropriateness of all Customer Data. The Cloud Services rely on Customer Data supplied by You, and We are not liable for the content of Customer Data. Except as required under applicable law, We do not assume any duty or obligation to correct or modify Customer Data. Except as provided in this Agreement, You retain all right, title, and interest in and to Customer Data.

4.6 Without prejudice to Sections 4.1 to 4.5 above, You are responsible and liable for: (a) any security vulnerabilities, and the consequences of such vulnerabilities, arising from Customer Data, including any Malware contained in the Customer Data; and (b) You and Users’ use of any Company Product in a manner that is inconsistent with this Agreement.

4.7 To the extent You disclose or transmit Customer Data to a third-party, We are no longer responsible for the security, integrity, or confidentiality of such content outside of Our control.

Term Termination Subscription Periods

5.1 Term. This Agreement will continue until terminated in accordance with this Agreement. If any Subscription is in effect when the Term of this Agreement terminates or expires, this Agreement will remain in effect solely for the purposes of the Subscription until the Subscription expires or terminates.

5.2 Termination for Cause. Either Party may terminate this Agreement immediately for cause if:

  • (a) the other Party breaches this Agreement and has failed to remedy a remediable breach within thirty (30) days of receipt of a notice from the first Party specifying the breach and requiring it to be remedied, or if the breach is incapable of remedy;
  • (b) the other Party or its property is subject to insolvency or receivership procedures;
  • (c) the other Party becomes insolvent or unable to pay its debts as they mature;
  • (d) the other Party makes an assignment for the benefit of creditors; or
  • (e) the other Party becomes the subject of any other proceeding under any bankruptcy, insolvency, or debtor's relief law.

5.3 End-of-Life. Your right to access and use the Cloud Services, and any features of the Cloud Services, are subject to the End-of-Life Policy located at https://trellix.com/en-us/assets/docs/legal/support-policy-product-support-eol.pdf. Upon the End-of-Life date of a Cloud Service or any feature of a Cloud Service (as described in the End- of-Life Policy), Your right to access and use the applicable Cloud Service or feature will terminate.

5.4 Suspension or Termination of Cloud Service by the Company. Notwithstanding any provision to the contrary contained herein, We may suspend or terminate the Cloud Services:

  • (a) immediately if We consider it necessary to prevent or terminate any actual or suspected
  • Prohibited Use; or
  • (b) upon notice to You if:
    • (i) You commit a material breach of this Agreement;
    • (ii) We receive notice from an Authorized Partner that You are in material breach of the Agreement (including Your Agreement with the Authorized Partner);
    • (iii) We reasonably determine that the volume of data being transmitted or processed through the Cloud Services under Your account is significantly greater than the average use or may cause degradation of the Cloud Services for You or other customers; or
    • (iv) there is a threat to the security and integrity of the hosted environment or Customer Data. 

Suspension or Termination of Cloud Services by Us will be without prejudice to any rights or liabilities accruing before or during the suspension, including Your obligation to pay fees.

5.5 Termination Obligations. After termination of a Subscription Period for a particular Cloud Service, You agree that We have no obligation to retain Customer Data for that Cloud Service, which may be permanently deleted as part of Our record and information management practices and in accordance with applicable laws. If any Customer Data is stored by the Cloud Service, You are solely responsible for retrieving that Customer Data.

Payments Taxes Compliance Validation

6.1 Payments. Unless You are purchasing the Cloud Services through an Authorized Partner, in which case payment obligations will be exclusively between the Authorized Partner and You, You will pay Us the fees for the Company Products within thirty (30) days of the invoice date without any deduction, setoff, or withholding, and except as otherwise specified by Us or Our Authorized Partners in writing, all fees are quoted and payable in United States dollars. Late payments are subject to interest of one and one-half percent (1.5%) per month or the highest rate permitted by law, whichever is lower. All payment obligations are non-cancelable, and all fees are non-refundable except to the extent expressly provided for in this Agreement. Any ongoing or recurring fees or rates by reference to which such fees are calculated may be increased on an annual basis upon at least 30 days’ written notice before any periodic renewal of the Cloud Services. If You believe in good faith that an invoice is incorrect, You must contact Us in writing within thirty (30) days of the date of invoice to request an adjustment or credit. Notwithstanding the foregoing, if You fail to notify us of any disputed amounts and/or otherwise fail to satisfy any undisputed payments within thirty (30) days of the due date, then We may, without any prior notice, suspend and/or revoke the rights granted herein and stop providing the Cloud Services to You and Users.

6.2 Transaction Taxes. If You purchase the Cloud Services directly from Us for use or resale, You will pay all applicable transaction taxes, including sales and use taxes, value added taxes, duties, customs, tariffs, and other government-imposed transactional charges however designated (and any related interest or penalty) on amounts payable by You under this Agreement (“Transaction Taxes”). We will separately state on an invoice the Transaction Taxes that We are required to collect from You under applicable law. You will provide proof of any exemption from Transaction Taxes to Us at least fifteen (15) Business Days before the due date for paying an invoice. If We do not collect the required Transaction Taxes from You but we are subsequently required to remit the Transaction Taxes to any taxing authority, You will promptly reimburse Us for the Transaction Taxes, including any accrued penalty or interest charges if the failure to timely collect and remit was not due to Our fault.

6.3 Withholding Taxes. All payments due from You will be made free and clear and without deduction for any present and future taxes imposed by any taxing authority. If You are required by applicable law to deduct or withhold income taxes from amounts payable to Us under this Agreement (“Withholding Taxes”), You will remit, and provide Us with evidence that You have remitted, the Withholding Taxes to the appropriate taxing authority and pay to Us the remaining net amount. You will provide written notice to Us of the intent to withhold (including details of the amounts and legal basis for Withholding Taxes) at least fifteen (15) Business Days before the due date for any payments under this Agreement and will cooperate with Us to reduce any Withholding Taxes. If We provide You with valid and official documentation issued by the relevant taxing authority for a lower rate of Withholding Taxes, then You will apply the lower rate.

6.4 If You purchase the Cloud Services through an Authorized Partner, the obligations regarding Transaction Taxes or Withholding Taxes will be the exclusive responsibility of the Authorized Partner or You, and the rules in Section 6.2 and 6.3 do not apply as between the Parties. 

6.5 Income Taxes. Each Party is responsible for its own income taxes or taxes based on gross revenues or gross receipts.

6.6 Compliance Validation. We may request, and You must provide within thirty (30) days from the request date, a system-generated report verifying Your access to and use of the Cloud Services (“System Report”). You acknowledge that the System Report is based on technological features in the Cloud Services to verify access and use verification (including User counts). If the Cloud Services do not contain technological features that provide system-generated use verification, You will take reasonable steps to maintain complete and accurate records of Your use of the Cloud Services sufficient to verify compliance with this Agreement, and within thirty (30) days of Our request, You will provide to Us an accurate Cloud Services access and use verification report for the Cloud Services. We will only request the System Report (or Your prepared Cloud Services access and use verification report) once per year (or earlier if there is a good faith belief by Us that there may be noncompliance) and will not unreasonably interfere with the conduct of Your business. If a System Report or Your prepared Cloud Services access and use verification report identifies that You are out of compliance with this Agreement, You will be required to purchase the additional subscriptions and pay the reasonable costs of the audit and any fees associated with the subscriptions and/or Support. We may also charge an out-of-compliance fee.

Confidentiality

7.1 Each Party acknowledges that it may have access to Confidential Information of the other Party in connection with this Agreement, and that each party's Confidential Information is of substantial value to the Disclosing Party, which could be impaired if it were improperly disclosed to third parties or used in violation of this Agreement.

7.2 Confidential Information as used in this Agreement means any information (regardless of the form of disclosure or the medium used to store or represent it) of a Party (“Disclosing Party”), including trade secrets and technical, financial, or business information, data, ideas, concepts, or know-how, that:

  • (a) is designated as “confidential” or by similar words by the Disclosing Party at the time of disclosure and, if oral or visual, is confirmed as confidential by the Disclosing Party in writing within fifteen (15) days of disclosure; or
  • (b) the receiving party (“Recipient”) should reasonably have considered to be confidential under the circumstances surrounding disclosure.

However, Confidential Information does not include any information that:

  • (a) written records demonstrate was lawfully acquired by or previously known to the Recipient independent of the Disclosing Party;
  • (b) is received from a third-party without restrictions on its use or disclosure and not by inadvertence or mistake;
  • (c) is or has become disseminated to the public through no fault of the Recipient and without violation of the terms of this Agreement or other obligation to maintain confidentiality; or
  • (d) is created independently by the Recipient without breach of this Agreement, including any obligation of confidentiality owed to the Disclosing Party.

7.3 Each Recipient of Confidential Information under this Agreement must:

  • (a) keep the Disclosing Party's Confidential Information confidential and protect it at least to the same extent it protects its own Confidential Information and to the same extent that a reasonable person would protect such Confidential Information;
  • (b) not use the Disclosing Party's Confidential Information in any way for its own account or the account of any third party except to perform its duties, exercise its rights or is otherwise authorized under this Agreement; and
  • (c) not disclose the Disclosing Party's Confidential Information except to perform its duties or exercise its rights under this Agreement or as otherwise authorized under this Agreement, provided that:
    • (i) any disclosure made to the Recipient's employees, contractors or agents is on a need-to-know basis; and
    • (ii) the Recipient's employees, contractors, or agents in receipt of the Confidential Information are under an obligation of confidentiality no less stringent than that set forth in this section.

7.4 Notwithstanding the restrictions in Section 7.2, if the Recipient is required to disclose any of the Disclosing Party's Confidential Information by law, such as in response to a subpoena or requirement of any court, arbitral, administrative, or legislative body, the Recipient must:

  • (a) where reasonably possible and permitted, immediately provide written notice to the Disclosing Party of the required disclosure to give the Disclosing Party an opportunity to move for a protective order or otherwise prevent the disclosure;
  • (b) disclose only the minimum amount of Confidential Information required to satisfy the legal obligation; and
  • (c) assert and take proper steps with the body requiring disclosure to maintain the confidentiality of the Confidential Information to be disclosed.

7.5 You will immediately notify Us if Confidential Information is used or disclosed in breach of this Agreement. As monetary damages may not be sufficient relief if anyone violates or threaten to violate the terms of this section, We are immediately entitled to enforce Our rights by specific performance or injunction proceedings, in addition to any other rights or remedies it may have.

7.6 Upon the Disclosing Party's request and upon termination of this Agreement (unless agreed otherwise by the Parties at the time), each Party will return, destroy, or delete permanently (at the Disclosing Party's election) the other Party's Confidential Information.

7.7 On termination of this Agreement, the Recipient must continue to keep the Disclosing Party's Confidential Information confidential for five (5) years in accordance with this section.

7.8 Feedback. We welcome any comments, suggestions for improvements, and feedback regarding the Cloud Services and other products and services of Us and our Affiliates (“Feedback”). You hereby agree that We own all right, title, and interest in and to the Feedback, including any and all associated Intellectual Property Rights, and that We may use, copy, modify, create Derivative Works based upon, and otherwise exploit the Feedback for any purpose, without notice or attribution to, payment to or consent from You, and You acknowledge that such Feedback will be the Confidential Information of Us, and not You.

Intellectual Property Rights

Ownership. Our Company Products, Documentation and the software underlying the Cloud Services are considered Confidential Information. We (or Our licensors) own exclusively and reserve all right, title and interest in and to Company Products, Documentation and the software underlying the Cloud Services, including all related Intellectual Property Rights as well as any Derivative Works. You agree, on behalf of Yourself and any Affiliates, that You and Your Affiliates will take no action inconsistent with Our Intellectual Property Rights.

8.2 Reserved Rights. You may not exercise any right, title, and interest in and to any Company Products, Documentation, the software underlying the Cloud Services or any related Intellectual Property Rights, except for the limited access and usage rights granted to You in this Agreement. This Agreement is not an agreement of sale, and this Agreement does not transfer any title, Intellectual Property Rights or ownership rights to any Company Products, Documentation, or the software underlying the Cloud Services. You acknowledge and agree that the Company Products, Documentation, and the software underlying the Cloud Services, and all ideas, methods, algorithms, formulae, processes, and concepts used in developing or incorporated into the foregoing, and all other improvements, revisions, corrections, modifications, enhancements, releases, detection definition files (or DATs, also referred to as signature files, being the code anti-malware software uses to detect and repair viruses, Trojan horses and potentially unwanted programs), signature sets, content, and other updates in, of, or to the Cloud Services or the software underlying the Cloud Services, all Derivative Works based on any of the foregoing, and all copies of the foregoing are trade secrets and reserved to and proprietary property of Us, having great commercial value to Us.

Warranties Exclusions Disclaimers

9.1 Warranty. We warrant that during the Subscription Period, the Cloud Services will perform substantially in accordance with the associated Documentation. Your sole and exclusive remedy for a breach of the foregoing warranty is, at Our option, the repair or replacement of the Cloud Service, or for Us to cause a refund in the form of a credit on a pro-rata basis for the period in which the Cloud Service did not materially comply. This warranty is conditioned upon You providing Us prompt written notice of the Cloud Services’ non-conformance and using the Cloud Service as provided in this Agreement and the Documentation.

9.2 Disclaimer of Warranties. EXCEPT AS EXPRESSLY STATED IN THIS SECTION, TO THE EXTENT ALLOWED BY APPLICABLE LAW, WE EXPRESSLY DISCLAIM ALL WARRANTIES AND CONDITIONS OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY WARRANTY, CONDITION OR OTHER IMPLIED TERM AS TO MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT AND ANY WARRANTY ARISING BY STATUTE, OPERATION OF LAW, COURSE OF DEALING OR PERFORMANCE, OR USAGE OF TRADE. WE MAKE NO, AND SPECIFICALLY DISCLAIM ANY, WARRANTY OR REPRESENTATION THAT THE CLOUD SERVICE: (A) WILL BE UNINTERRUPTED, COMPLETELY SECURE, ERROR-FREE, FAIL SAFE OR FREE OF VIRUSES; (B) WILL MEET YOUR BUSINESS REQUIREMENTS OR OPERATE WITH YOUR CURRENT SYSTEMS; (C) WILL COMPLY WITH ANY PARTICULAR LAW; OR (D) WILL BE FREE OF VULNERABILITY TO INTRUSION OR ATTACK OR OTHERWISE PROVIDE COMPLETE PROTECTION AGAINST ANY SECURITY THREATS VULNERABILITIES. YOU WILL NOT MAKE ANY REPRESENTATION OR OTHER STATEMENT OR UNDERTAKE ANY ACT OR OMISSION INCONSISTENT WITH THIS SECTION. YOU ASSUME TOTAL RESPONSIBILITY FOR THE SELECTION OF THE CLOUD SERVICES TO ACHIEVE YOUR INTENDED RESULTS AND FOR YOUR USE OF THE RESULTS OBTAINED FROM THE CLOUD SERVICES. WE DO NOT WARRANT THAT THE CLOUD SERVICES WILL MEET YOUR REQUIREMENTS. IF APPLICABLE LAW DOES NOT ALLOW THE EXCLUSION OF SOME OR ALL OF THE ABOVE IMPLIED WARRANTIES, THE ABOVE EXCLUSIONS WILL APPLY TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW.

9.3 No Guarantee. NO DATA TRANSMISSION OVER THE INTERNET CAN BE GUARANTEED TO BE SECURE. CUSTOMER ACKNOWLEDGES THAT WE ARE NOT RESPONSIBLE FOR ANY INTERCEPTION OR INTERRUPTION OF ANY COMMUNICATIONS THROUGH THE INTERNET, NETWORKS, OR SYSTEMS OUTSIDE OUR CONTROL AND THAT THE CLOUD SERVICES MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS. YOU AGREE THAT YOU ARE RESPONSIBLE FOR MAINTAINING THE SECURITY OF YOUR NETWORKS, SERVERS, APPLICATIONS AND ACCESS CODES. WE ARE NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, LOSS OF CUSTOMER DATA OR DAMAGES RESULTING FROM THOSE PROBLEMS.

9.4 High-Risk Systems Terms. OUR PRODUCTS MAY FAIL AND ARE NOT DESIGNED, DEVELOPED, TESTED, OR INTENDED TO BE RELIABLE IN THE CONTEXT OF HIGH-RISK SYSTEMS. WE HAVE NO RESPONSIBILITY FOR, AND YOU WILL INDEMNIFY, DEFEND AND HOLD HARMLESS US, OUR AFFILIATES AND REPRESENTATIVES FROM ALL CLAIMS, SUITS, DEMANDS, AND PROCEEDINGS ALLEGING, CLAIMING, SEEKING, OR ASSERTING, ANY LIABILITY, LOSS, OBLIGATION, RISK, COST, DAMAGE, AWARD, PENALTY, SETTLEMENT, JUDGMENT, FINE OR EXPENSES (INCLUDING ATTORNEYS’ FEES) ARISING FROM OR IN CONNECTION WITH YOUR USE OF OUR PRODUCTS ON OR IN A HIGH-RISK SYSTEM, INCLUDING THOSE THAT COULD HAVE BEEN PREVENTED BY DEPLOYMENT OF FAIL-SAFE OR FAULT- TOLERANT FEATURES TO THE HIGH-RISK SYSTEM, OR ARE BASED ON A CLAIM, ALLEGATION, OR ASSERTION THAT THE FUNCTIONING OF THE HIGH-RISK SYSTEM DEPENDS OR DEPENDED ON THE FUNCTIONING OF THE CLOUD SERVICES, OR THAT THE FAILURE OF ANY OF OUR PRODUCTS CAUSED A HIGH-RISK SYSTEM TO FAIL.

9.5 Third Parties. Company Products may contain or otherwise interface with certain third-party products, services or applications and rely on such third-party products, services, or applications to enable or perform certain functionality of the Company Products, including Malware definitions or URL filters and algorithms. We make no warranty as to the operation of any third-party products or the accuracy of any third-party information.

Limitation Of Liability

10.1 NO CONSEQUENTIAL DAMAGES. SUBJECT TO SUBSECTION 10.3 BELOW, UNDER NO CIRCUMSTANCES WILL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, EXEMPLARY, CONSEQUENTIAL, OR EXTRA-CONTRACTUAL DAMAGES OF ANY KIND OR FOR LOSS OF PROFITS, LOSS OF GOODWILL, LOSS OF PERSONNEL SALARIES, COSTS OF OBTAINING SUBSTITUTE PRODUCTS OR SERVICES, BUSINESS OR SYSTEM INTERRUPTION, DENIAL OF ACCESS OR DOWNTIME, ANY LOST OR DAMAGED DATA OR SYSTEMS OR ASSOCIATED RESTORATION COSTS, NOR WILL WE BE LIABLE FOR ANY DAMAGES RELATING TO CLAIMS THAT THE PRODUCTS DID NOT OPERATE INTERRUPTION- OR ERROR-FREE, OR DID NOT PROTECT AGAINST ALL THREATS, IN ALL CASES REGARDLESS OF LEGAL THEORY AND WHETHER OR NOT FORESEEABLE, EVEN IF THE EXCLUSIVE REMEDIES PROVIDED BY THIS AGREEMENT FAIL OF THEIR ESSENTIAL PURPOSE AND EVEN IF EITHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OR PROBABILITY OF SUCH DAMAGES.

10.2 SUBJECT TO SUBSECTION 10.3 BELOW, EACH PARTY'S ENTIRE AGGREGATE LIABILITY TO THE OTHER PARTY FOR CLAIMS UNDER OR RELATED TO THE SUBJECT-MATTER OF THIS AGREEMENT WILL NOT EXCEED THE TOTAL FEES RECEIVED BY COMPANY FOR THE APPLICABLE PRODUCTS PURCHASED UNDER THE TERMS OF THIS AGREEMENT AND ATTRIBUTABLE TO THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE FIRST EVENT GIVING RISE TO SUCH LIABILITY.

10.3 THE LIMITATIONS IN SECTIONS 10.1 AND 10.2 ABOVE DO NOT APPLY TO LIABILITY ARISING FROM (A) YOUR FAILURE TO PAY ALL AMOUNTS DUE, OR (B) YOUR BREACH OF YOUR CLOUD SERVICES ACCESS RIGHTS GRANTED HEREIN, SECTION 13.2 AND 13.3 (EXPORT), OR SECTION 8.1 (INTELLECTUAL PROPERTY RIGHTS). THESE LIMITATIONS OF LIABILITY APPLY WHETHER SUCH CLAIMS ARISE UNDER CONTRACT, TORT (INCLUDING NEGLIGENCE), EQUITY, INFRINGEMENT, STATUTE OR OTHERWISE. NOTHING IN THIS AGREEMENT LIMITS OR EXCLUDES ANY LIABILITY THAT CANNOT BE LIMITED OR EXCLUDED UNDER APPLICABLE LAW. THESE LIMITATIONS OF LIABILTY ARE CUMULATIVE AND NOT PER INCIDENT AND THEY SURVIVE ANY TERMINATION OR EXPIRATION OF THIS AGREEMENT.

Indemnification

11.1 Customer Indemnification Obligations. You will unconditionally indemnify, defend, and hold Us, Our Affiliates, and their officers, directors, employees, contractors, and agents (each an Indemnified Party) harmless against any claims, liabilities, and expenses (including court costs and reasonable attorneys' fees) that an Indemnified Party incurs as a result of or in connection with:

  • (a) any third-party claims arising from:
    • (i) Customer Data, including without limitation Your failure to follow applicable laws or obtain all necessary consents related to Customer Data;
    • (ii) Your use of the Cloud Services in a manner not expressly permitted by this Agreement;
    • (iii) Our compliance with any technology, designs, instructions, or requirements provided by You or a third-party on Your behalf;
    • (iv) any claims, costs, damages, and liabilities whatsoever asserted by any of Your Representatives; or
    • (v) any violation by You of applicable laws or regulations; and
  • (b) any reasonable costs and attorneys’ fees required for Us to respond to a subpoena, court order or other official government inquiry regarding Customer Data or Your use of the Cloud Services.
  • 11.2 Company Indemnification Obligations.
  • (a) We will indemnify and defend You and your Affiliates, and their officers, directors, and employees against any third-party claims asserted in a Covered Country against You in a suit or action if: (i) the claim is for patent infringement or copyright infringement, or for Our trade secret misappropriation; and (ii) the claim is asserted against the Cloud Services alone and not in combination with any non-Company product or service.
  • (b) Exclusions. Notwithstanding anything to the contrary in this Agreement, We will not indemnify or defend You for claims asserted, in whole or in part, against or resulting from: (i) technology, designs, instructions or requirements provided by You or a third-party on Your behalf; (ii) an infringement claim based on third-party content or any material from a third-party portal or other external source that is accessible to You within or from the Cloud Services; (iii) modifications to the Cloud Services or use of the Cloud Services outside the scope of the applicable Documentation or outside of the entitlements granted under this Agreement; (iv) use of non-current or unsupported versions of the Cloud Services; (v) Customer Data; or (vi) Your continued use of Cloud Services or deliverables after being notified of the infringement claim or after being provided a modified version by Us at no additional cost that is intended to address such alleged infringement
  • (c) Remedies. If We are unable to resolve a claim referred to in section (a) above on commercially reasonable terms, We may, at Our sole discretion and at Our expense either: (i) procure for You the right to continue using the Cloud Services; (ii) replace the affected Cloud Services with a non-infringing version; (iii) modify the affected Cloud Services so that they becomes non-infringing; or (iv) if We determine that neither (i – iii) are feasible, then, at Our sole option, We may (a) terminate Your subscription and access to the affected item upon Our receipt of Your written confirmation that You will not use and You have removed all instances of the affected Cloud Services, as applicable; and (b) credit to You the unused pre-paid subscription fees for such products.

THIS SECTION SETS FORTH YOUR SOLE AND EXCLUSIVE REMEDY AND OUR SOLE LIABILITY AND OBLIGATION FOR ANY ACTUAL, THREATENED OR ALLEGED CLAIMS THAT THE CLOUD SERVICES OR ANY SUBJECT MATTER OF THIS AGREEMENT INFRINGES, MISAPPROPRIATES OR OTHERWISE VIOLATES ANY INTELLECTUAL PROPERTY RIGHTS OF ANY THIRD-PARTY.

11.3 Indemnification Procedure. The foregoing indemnification obligations are conditioned upon: (i) the Party entitled to indemnification (“Indemnified Party”) providing the Party required to indemnify (the “Indemnifying Party”), prompt written notice of a claim (an “Indemnified Claim”), (ii) the Indemnified Party must give the indemnifying Party the sole right to control and conduct the defense, and any settlement, of the Indemnified Claim; and (iii) the Indemnified Party provides full and timely cooperation to the Indemnifying Party at the Indemnifying Party’s expense all reasonably requested information and assistance. The Indemnified Party may retain its own counsel to monitor the defense of an Indemnified Claim at its own expense. The indemnifying Party will keep the Indemnified Party reasonably advised of the status of each Indemnified Claim.

11.4 Personal and Exclusive Indemnity. The foregoing indemnities are personal to the parties and may not be transferred to anyone.

Evaluation Products And Free Services

12.1 Generally. If You request or We otherwise provide You with a limited trial or evaluation access to the Cloud Services (“Evaluation Product”) or Free Services, the provisions of this Section will apply and prevail over any other conflicting terms of this Agreement. Your use of an Evaluation Product is limited to thirty (30) days (“Evaluation Period”) unless agreed otherwise in writing by Us. During the Evaluation Period, You may access and use the Evaluation Products solely for Your internal evaluation in accordance with the use guidelines and restrictions set forth in Section 1.6 above to decide whether to purchase the right to use the Evaluation Products. At the end of the Evaluation Period, Your right to use the Evaluation Product automatically expires, and You agree to discontinue all use, and destroy any copies, of the Evaluation Product, as applicable.

12.2 No Support Obligation. We have no obligation to provide any Support for Evaluation Products or Free Services, and We may change or discontinue any Evaluation Products or Free Services at any time without notice. You acknowledge that the Evaluation Products and Free Services may not have been tested or debugged and may contain errors, defects or other problems that could cause system or other failures, security breaches, interruptions, and data loss.

12.3 Disclaimer of Warranties.

  • (a) Notwithstanding any provision to the contrary in this Agreement, our obligations under the following Sections of this Agreement shall not apply to Evaluation Products or Free Services: 3technicalSupportServices (Technical Support Service), 4privacy (Privacy and Use of Data), 9.1 (Warranty) and 11.2 (Company Indemnification Obligations). Evaluation Products and Free Services are provided to You solely on an “as is” and “as-available” basis. To the fullest extent permitted by law, We disclaim any and all liability for Your use of the Evaluation Products and Free Services, and We make no other warranties of any kind, express or implied, with respect to the Evaluation Products and Free Services and disclaim all other obligations and liabilities, or express and implied warranties regarding the Evaluation Products and Free Services, including quality, conformity to any representation or description, performance, merchantability, fitness for a particular purpose, non-infringement; or that the Evaluation Products and Free Services will be free from errors or defects. Evaluation Products and Free Services may be subject to reduced or different security, compliance, and privacy commitments. You assume all risk of use of Evaluation Products and Free Services. If the laws in Your jurisdiction do not allow the exclusion of express or implied warranties, the disclaimer in this section may not apply and the express or implied warranties will be limited in duration to any minimum period required by applicable law, and the aggregate liability of Us and Our licensors will be limited to the sum of fifty (50) United States dollars (or the then-current value in the relevant local currency) in total.
  • (b) You acknowledge that We:
    • (i) have not promised or guaranteed to You that any Evaluation Products or Free Services will be announced or made available to anyone in the future;
    • (ii) have not expressed or implied obligation to You to announce or introduce any Evaluation Products or Free Services; and
    • (iii) are not obligated to introduce a product similar to or compatible with Free Services or any updates to any Evaluation Products and Free Services.

12.4 Free Services.

  • (a) We are not obligated to finally release any version of the Free Services. You will report to Us unusual, unplanned, or out of the ordinary events observed in a Free Services Access or use of a Free Services is restricted to Your internal performance evaluation of the Free Services in accordance with the use guidelines and restrictions set forth in Section 1.6 above.
  • (b) For Free Services that are features or functionality included in a paid subscription for which We no longer charge or which We offer to You at no charge, the Subscription Period for the Free Services continues as long as We make the features or functionality available to You.
  • (c) We may, at Our discretion provide Free Services to You before, during or after Your paid subscription to Cloud Services, and subject to the limitations and exclusions set forth in this Section 12, any use is subject to the terms of this Agreement then in effect as long as the Free Services are made available to You.
  • (d) Notwithstanding any provision to the contrary in this Section 12, any updates or end-user assistance provided for Free Services may be provided at Our sole discretion and may be discontinued at any time.
  • (e) We may elect, at Our sole discretion, to discontinue certain Free Services or particular features of the Free Services at any time (“Free Services Termination”). Free Services are specifically excluded from the End-of-Life-Policy. Instead, We will make commercially reasonable efforts to provide thirty (30) days’ prior notice to You of a Free Services Termination. Upon the effective date of a Free Services Termination, Your right to use the Free Services automatically expires, and You agree to discontinue all use, and destroy any copies, of the Free Services, as applicable
  • (f) We have no obligation to retain any Customer Data or other information submitted or collected through the Evaluation Products or Free Services. We may delete any Customer Data and other information at Our own discretion and without prior notice to You.

Compliance With Laws

13.1 Each Party will comply with all applicable national, state, and local laws and regulations with respect to its rights and obligations under this Agreement, including applicable privacy and export control laws and regulations, the U.S. Foreign Corrupt Practices Act, and any other applicable anti-corruption laws.

13.2 You will not, directly or indirectly, export, re-export, transmit, transfer, permit access to or use any Cloud Services or technical data (or any part of Cloud Services or technical data), any system or service incorporating any Cloud Services, or any other regulated item or information to or in any country to which export, transmission or access is restricted by regulation, statute, or other law, without first complying with all export control laws and regulations that may be imposed by the U.S. government and/or any country or organization of nations within whose jurisdiction You operate or do business and obtaining the authorization, if required, of the Bureau of Industry and Security of the U.S. Department of Commerce or any other governmental entity that may have jurisdiction over export or transmission. In addition to the foregoing, You agree that you will not export, transfer, or import the Cloud Services to any person or entity on any of the U.S. Government’s Lists of Parties of Concern (http://www.bis.doc.gov/index.php/policy-guidance/lists-of-parties-of-concern) or applicable international specially designated parties or economic sanctions programs. You hereby certify that You will not use, transfer, or access any Cloud Services, and that such Cloud Services will not otherwise be purposed, re-exported, or retransferred, for end use relating to any nuclear, chemical, or biological weapons, or missile technology unless authorized by the U.S. Government by regulation or specific license or to Cuba, Iran, North Korea, Sudan, or Syria for any reason whatsoever.

13.3 You acknowledge and agree that certain Company Products containing encryption may require authorization from the U.S. and other applicable authorities including the European Union, prior to export. You also acknowledge and agree that certain Company Products containing encryption may be subject to import or use restrictions in other countries. Additional information regarding exporting and importing Company Products may be found on Company’s “Export Compliance” webpage located at https://www.trellix.com/en-us/about/export-compliance.html, as updated from time to time.

13.4 If We receive notice that You are or become identified as a sanctioned or restricted Party under applicable law, We will not be obligated to perform any of Our obligations under this Agreement if such performance would result in violation of the sanctions or restrictions.

General Provisions

14.1 Relationship. The Parties are independent contractors under this Agreement and expressly disclaim any partnership, franchise, joint venture, agency, employer/employee, fiduciary, or other special relationship. Neither Party intends this Agreement to benefit or create any right or cause of action in or on behalf of, any person or entity other than the Parties and listed Affiliates. The Agreement is not intended to create a third-party beneficiary of any kind. You must not represent to any third-party that You have any right to bind Us in any manner and You will not to make any representations or warranties on Our behalf.

14.2 Severability. If a court holds that any provision of this Agreement is invalid or unenforceable under applicable law, the court will modify the provision to the minimum extent necessary to make it valid and enforceable or, if it cannot be made valid and enforceable, the court will sever and delete the provision from this Agreement. The change will affect neither the validity of the amended provision nor the validity of any other provision of this Agreement, which will continue in full force and effect.

14.3 No Waiver; Remedies Cumulative. A Party’s failure or delay in enforcing any provision of this Agreement will not operate as a waiver of the right to enforce that provision or any other provision of this Agreement at any time. A waiver of any provision of this Agreement must be in writing, specify the provision to be waived and signed by the Party agreeing to the waiver. Notwithstanding any provision of this Agreement to the contrary, We shall have all the rights and remedies provided by law in addition to the rights and remedies set forth in this Agreement and in any other agreement or writing between the Parties. All Our rights and remedies are cumulative and may be exercised from time to time. Our pursuit of one right or remedy shall not constitute an exclusive election or otherwise preclude or limit its pursuit of any other or additional right or remedy.

14.4 Force Majeure; Other Excusable Failures or Delays in Performance.

  • (a) Notwithstanding any other provision of this Agreement, neither Party shall be deemed in default or breach of this Agreement or otherwise liable for delays or failures to perform any of its obligations under this Agreement (excluding any payment obligations) to the extent caused by a Force Majeure Event.
  • (b) Our failure or delays in Our performance are excused to the extent they result from:
    • (i) Your acts or omissions, or those of Your employees, agents, Users, affiliates, or contractors;
    • (ii) notwithstanding the generality of Section 14.4(b)(i), Your failure or delay in the performance of a specific task, obligation, or responsibility under this Agreement or a Schedule, which task, obligation, or responsibility is a condition or requirement for a task, obligation, or responsibility of Us;
    • (iii) reliance on instructions, authorizations, approvals, or other information from You or Your Representative; or
    • (iv) acts or omissions of third parties (unless directed by Us).

14.5 Governing Law. All disputes arising out of or relating to this Agreement, or its subject matter will be governed by the following substantive laws, excluding rules relating to conflict of laws:

  • (a) the laws of the State of California, if You purchase Company Products in the United States, Mexico, Central America, Canada, South America, or the Caribbean;
  • (b) the laws of the Republic of Ireland, if You purchase Company Products in Europe, Middle East, or Africa;
  • (c) the laws of Japan if You purchase Company Products in Japan;
  • (d) the laws of the Republic of Singapore, if You purchase Company Products in Asia Pacific (including New Zealand but excluding Australia);
  • (e) the laws of the State of New South Wales, Australia, if You purchase Company Products in Australia; or
  • (f) the laws of the Republic of Ireland if You purchase Company Products in any other country unless another local law is required to apply.
  • The United Nations Convention on Contracts for the International Sale of Goods and the Uniform Computer Information Transactions Act do not apply to this Agreement.
  • 14.6 Jurisdiction. The following courts will each have exclusive jurisdiction over all disputes arising out of or relating to this Agreement or its subject-matter:

    • (a) the United States District Court for Santa Clara County and state courts located in the state of California, when California law applies;
    • (b) the courts in the Republic of Ireland, when the law of Ireland applies;
    • (c) the courts in Japan when the law of Japan applies;
    • (d) the courts in the Republic of Singapore when the law of Singapore applies; or
    • (e) the courts of New South Wales when the law of New South Wales, Australia applies. 

    14.7 Entire Agreement; Order of Precedence; and Amendments.

    • (a) This Agreement, any Schedules, and the Grant Letter constitute the entire understanding, between the Parties, relating to its subject matter and supersede all oral or written proposals, and all communications between the Parties relating to its subject matter. The terms of this Agreement will prevail, notwithstanding any variance with any purchase order or other written instrument submitted by You, whether or not expressly rejected by Us.
    • (b) If there is any conflict or inconsistency between the terms of any document forming this Agreement, the following order of precedence will apply to the extent of the conflict or inconsistency unless expressly agreed otherwise in any subordinate document:
      • (i) The Agreement will prevail over any Service Schedule and Grant Letter; and
      • (ii) The Service Schedule will prevail over the Grant Letter.
    • (c) We reserve the right to amend any terms of this Agreement at any time. Any amendment will be, effective on the posting of an updated version at https://www.trellix.com/en-us/about/legal/cloud-terms-of-service.html.

    14.8 Notices. Any notice given under or in relation to this Agreement must be in writing, signed by or on behalf of the Party giving it, and addressed to Us, “Attention Legal Department”, to the applicable address listed in Section 15. We will contact You at the contact information You provide when purchasing or registering for the Cloud Services. Notices will be considered delivered when received if delivered by hand with receipt, the next Business Day after sending it by pre-paid, nationally recognized, overnight air courier with tracking capabilities; or five (5) Business Days after being sent by registered or certified airmail, return receipt required, postage prepaid, to the address mentioned above.

    14.9 Additional Documents and References. References to linked terms in this Agreement are references to the terms or content linked (or the replacement link as We may identify from time to time) as amended from time to time. You acknowledge that the terms or content in the link are incorporated in this Agreement by reference and that it is Your responsibility to review the terms or content in the links referenced in this Agreement.

    14.10 Assignment. You may not sublicense, assign, or transfer Your rights under this Agreement without Our prior written consent. Any attempt by You to sublicense, assign or transfer any of Your rights, duties, or obligations under this Agreement, whether directly, or indirectly by merger or acquisition, will be null and void.

    14.11 Notice to U.S. Government Users. The Cloud Services are considered "commercial computer software" and "commercial computer software documentation," under DFAR Section 227.7202 and FAR Section 12.212, as applicable. Any use, modification, reproduction, release, performance, display, or disclosure of the Cloud Services by the United States Government will be governed solely by this Agreement and is prohibited except to the extent expressly permitted by this Agreement.

    14.12 Community Forum. You, Users, and other Customers may exchange ideas and technical insight regarding Company Products on community support pages We may make available from time to time. We do not endorse, warrant, or guarantee any information posted on this site and any use of the information is taken at Your sole risk.

    14.13 Survival. The following sections, together with any other terms necessary for the interpretation or enforcement of this Agreement, will survive termination of this Agreement: 4.2privacy (Privacy and Use of Data), 5.5 (Termination Obligations), 7 (Confidentiality), 8 (Intellectual Property Rights), 9 (Warranties; Exclusions: Disclaimers), 10 (Limitation of Liability), 11 (Indemnification), 14.5 (Governing Law), 14.6 (Jurisdiction), 15 (Definitions and Interpretation) and this Section 14.13 (Survival).

    Definitions And Interpretation

    In this Agreement:

    Affiliate means any entity that Controls, is Controlled by, is under common Control with a Party, or is Controlled by the same parent entity as a Party, where “Control” or “Controlled” means direct or indirect ownership, through one or more intermediaries of more than 50% of an entity’s voting capital or other voting rights.

    Authorized Partner means any of Our Distributors, Resellers, or other business partners. For the avoidance of doubt, Authorized Partners have no authority to modify any of the terms of this Agreement, and any Company Products purchased through Authorized Partners shall remain governed by and subject to the terms of this Agreement.

    Business Day means any day other than a Saturday, Sunday, statutory or public holiday in the place where Company Products are provided, or the Professional Services are performed.

    Cloud Services means the Cloud Services that We provide to You as specified in one or more Grant Letters and that are subject to the applicable Service Schedule. Our Service Schedule 1 references Our Skyhigh Security cloud offerings, and Our Service Schedule 2 references Our Skyhigh Security and Company cloud offerings.

    Company means:

    • (i) Musarubra US, LLC, with offices located at 6220 America Center Drive, San Jose, California 95002, USA, if the Cloud Services are purchased in the United States (except as provided in Subsection (vii) below), Canada, Mexico, Central America, South America, or the Caribbean;
    • (ii) Musarubra Ireland Limited, with its office located at Building 2000, City Gate, Mahon, Cork, Ireland, if the Cloud Services are purchased in Europe, the Middle East or Africa;
    • (iii) Musarubra Singapore Pte Ltd., with a trading address located at 238A Thomson Road, #12-01/05 Novena Square, Tower A, Singapore, 307684, with respect to the provision of all Cloud Services and Support purchased in Asia Pacific, but excluding Japan, China (if the Cloud Services are purchased in RMB) or Australia;
    • (iv) Musarubra Japan KK, with its registered office located at Shibuya Mark City West, 12-1, Dogenzaka 1-chome, Shibuya-ku, Tokyo, 150-0043, Japan, if the Cloud Services are purchased in Japan;
    • (v) McAfee (Beijing) Security Software Co. Ltd., with a trading address located at Room 616, No. 6 North Workers’ Stadium Road, Chaoyang District, Beijing, China, if the Cloud Services are purchased in China (in RMB);
    • (vi) Musarubra Australia Pty Ltd., with offices located at Level 16, 40 Mount Street, North Sydney, NSW 2060, Australia, if the Cloud Services are purchased in Australia; or
    • (vii) Trellix Public Sector LLC., with offices located at 11911 Freedom Drive, Reston, VA, 20190, USA, if the Cloud Services are purchased by the U.S. Government, or by state or local governments, or healthcare or educational institutions in the United States.

    Company Privacy Notice refers to Our Privacy Notice, available at https://www.trellix.com/en-us/about/legal/privacy.html.

    Company Products means any Cloud Services or Support.

    Covered Country means any country that is a member of the Berne Convention where the Company (as defined in Section 15) is incorporated.

    Customer Data means Your Personal Data, sensitive data or other information about You and Users (including Users’ name, address, e-mail address and payment details), their computers, files stored on their computers, or their computers’ interactions with other computers, including information regarding network, licenses used, hardware type, model, hard disk size, CPU type, disk type, RAM size, 32 or 64 bit architecture, operating system types, versions, locale, BIOS version, BIOS model, total scanners deployed, database size, system telemetry, device ID, IP address, location, content, products installed, components, processes and services information, frequency and details of update of Our components, information about third-party products installed, extracts of logs created by Us, usage patterns of Our products and specific features, etc.

    Derivative Work means a work that is based on one or more preexisting works (such as a revision, translation, dramatization, motion picture version, abridgment, condensation, enhancement, modification, or any other form in which preexisting work may be recast, transformed, or adapted) which, if created without the authorization of the copyright owner of the preexisting work, would constitute copyright infringement.

    Documentation means any explanatory materials, such as user manuals, training materials, user guides, product descriptions, regarding the implementation and use of the Cloud Services and that are provided by Us with the Cloud Services or otherwise made generally available by Us in printed, electronic, or online form.

    End User License Agreement or EULA means the standard End User License Agreement available at https://www.trellix.com/en-us/assets/docs/legal/Musarubra-EULA.pdf, which governs Your use of any Software.

    Force Majeure Event means any event that arises after the commencement of this Agreement that is beyond a Party’s reasonable control and that, by its nature, could not have been foreseen or, if it could have been foreseen, was unavoidable, including strikes, lock-outs or other industrial disputes (whether involving its own workforce or a third-party’s), acts of God, war, riot, embargoes, acts of civil or military authorities, acts of terrorism or sabotage, shortage of supply or delay in delivery or other default by Our vendors, fire, flood, earthquake, accident, radiation, inability to secure transportation, failure of communications or energy sources, malicious damage, breakdown of plant or machinery, epidemics, pandemics, any global, national, or local public health emergency or disease outbreak.

    Free Services means any features or functionality included in a paid subscription for which We no longer charge or which We offer to You at no charge, in Our sole discretion, or other features or functionality that We make available to You without charge, that is labeled as “Pre-Release,” “Limited Release,” “Beta” or otherwise identified by Us as experimental, untested, or not fully functional, and which is not a time-limited trial for Your evaluation purposes.

    Grant Letter means any written (electronic or otherwise) confirmation notice that We issue to You confirming the Company Products purchased and applicable Product Entitlement. The Grant Letter identifies the SKU number, quantity, Subscription Period or Support Period, and any other access and use details.

    High-Risk System means a device or system that requires extra safety functionalities such as fail-safe or fault-tolerant performance features to maintain a safe state where it is reasonably foreseeable that failure of the device or system could lead directly to death, personal injury, or catastrophic property damage. A device or system with a fail-safe feature in the event of failure may revert to a safe condition rather than break down, may include a secondary system that comes into operation to prevent a malfunction, or may operate as a backup in the event of a malfunction. A device or system with a fault-tolerant feature in the event of failure may continue its intended operation, possibly at a reduced level, rather than failing completely. Without limitation, High-Risk Systems may be required in critical infrastructure, industrial plants, manufacturing facilities, direct life support devices, aircraft, train, boat or vehicle navigation or communication systems, air traffic control, weapons systems, nuclear facilities, power plants, medical systems and facilities, and transportation facilities.

    Intellectual Property Rights means all intellectual property or other proprietary rights throughout the world, whether existing under statute, at common law or in equity, now existing or created in the future, including:

    • (i) copyright, trademark and patent rights trade secrets, moral rights, right of publicity, authors' rights;
    • (ii) any application or right to apply for any of the rights referred to in paragraph (i); and
    • (iii) all renewals, extensions, continuations, divisions, restorations or reissues of the rights or applications referred to in paragraphs (i) and (ii).

    Malware means applications, executable code, or malicious content that We consider be harmful.

    Personal Data means any information relating directly or indirectly to an identified or identifiable individual.

    Product Entitlement means the license or subscription types set forth in the Grant Letter and defined at https://www.trellix.com/en-us/assets/docs/legal/trellix-product-entitlement-definitions.pdf.

    Representatives means a Party’s Affiliates, permitted resellers, subcontractors, employees, or authorized agents.

    Service Schedules mean the applicable Cloud Services terms and conditions in Service Schedule 1 at https://trellix.com/en-us/assets/docs/legal/cloud-services.pdf (Service Level Agreement), and Service Schedule 2 at https://trellix.com/en-us/assets/docs/legal/cloud-services-skyhigh.pdf, which are incorporated by reference herein, as amended from time to time.

    Software means any software program(s) identified in the Grant Letter or otherwise made available to You and owned or licensed by Us, as the context requires, in object code format, provided by the Parties which may be required for You to access the Cloud Services.

    Skyhigh Security means cloud-native security platform that converges a set of security solutions (SWG, CASB, ZTNA, DLP, RBI), providing visibility and control over Your data from a unified console.

    Standard means a technology specification created by a government sponsored group, an industry sponsored group, or any similar group or entity that creates technology specifications to be used by others. Examples of Standards include GSM, LTE, 5G, Wi-Fi, CDMA, MPEG, and HTML. Examples of groups that create Standards include IEEE, ITU, 3GPP and ETSI.

    Subscription Period means the period for which You have purchased the right to receive the Cloud Services or the time-period for which You have purchased the right to receive Support, as applicable.

    Support means thtechnicalSupportServicese Technical Support services that We provide for the support and maintenance of the Cloud Services, as specified in the applicable Service Schedule.

    Support Period means the period for which You are entitled to Support, as specified in a Grant Letter.

    Technical Support Terms means the technical and support terms and conditions available at https://www.trellix.com/en-us/assets/docs/legal/technical-support-and-maintenance-terms-and-conditions.pdf.

    Threat Data means non-personally identifying and non-Customer identifying information about Malware, threats, actual or attempted security events, including but not limited to their frequency, source, associated code, general identifiers, attacked sectors and geographies.

    Trellix provides an industry-leading device-to-cloud security across multicloud and on-premises environments. Our solutions protect data, defend against threats, and provide actionable insights through an open platform and the largest threat telemetry network.

    User means a unique individual whom You have authorized to use the Cloud Services pursuant to Your access rights under this Agreement, including Your employees, Your Affiliates, subcontractors, authorized agents, and Managed Parties.

    Interpretation

    In this Agreement, unless a contrary intention appears:

    • (a) a reference to a Party includes its executors, administrators, successors and permitted assigns;
    • (b) headings are for ease of reference only and do not affect the interpretation or meaning of this Agreement;
    • (c) the singular includes the plural and vice versa and words importing a gender include other genders;
    • (d) other grammatical forms or parts of speech of defined words or phrases have corresponding meanings;
    • (e) a reference to a clause, paragraph, exhibit, schedule, or other annexure is a reference to a clause or paragraph of or exhibit, schedule, or annexure to this Agreement;
    • (f) the words “include”, "including", “such as” and similar expressions are not used as, nor are intended to be, interpreted as words of limitation; and
    • (g) the meaning of this Agreement will be interpreted based on its entirety and not just on isolated parts.

    Service Level Agreement - Schedule 1

    Overview

    This Service Level Agreement (“SLA”) defines the Company’s (as defined below) (“We,” “Us,” or “Our”) service level commitments to deliver specified Skyhigh Security cloud services (“Cloud Services”) to our Customers. It describes the methods for measuring service level attainment and the Sole Remedies available to Customers if commitments are not met.

    Defintions

    Availability means the percentage of time a Service’s specified functionality is generally available as described in the applicable and current documentation. Services achieving Availability, as calculated, and described in Section 3, have met the prescribed service level.

    Beta Services When a Customer is evaluating a Service for free that is a pilot and/or not yet in production by Company.

    Company means

    • (i) Musarubra US LLC, located at 6000 Headquarters Drive, Suite 600, Plano, TX 75024, USA, (1) if the Cloud Services are purchased in the United States (except as provided in Subsection (vi) below), Canada, Mexico, Central America, South America, or the Caribbean, or (2) solely as the licensor of the Software if the Software is purchased in Japan or in Asia Pacific (but excluding Australia and China (in RMB));
    • (ii) Musarubra Australia Pty Ltd., located at 40 Mount Street, Level 16, North Sydney, NSW 2060, Australia, if the Cloud Services are purchased in Australia.
    • (iii) Musarubra Ireland Limited, located at Building 2000, City Gate, Mahon, Cork, Ireland, if the Cloud Services are purchased in Europe, the Middle East or Africa;
    • (iv) Musarubra Japan KK, located at Shibuya Mark City West, 1-12- 1 Dogenzaka, Shibuya-ku, Tokyo 150-0043, Japan, with respect to the distribution of the Software, and the provision of all Cloud Services and Support, purchased in Japan;
    • (v) Musarubra Singapore Pte Ltd., located at 238A Thomson Road, #12-01/05 Novena Square, Tower A, Singapore, 307684, with respect to the distribution of Software, and provision of all Cloud Services and Support purchased in Asia Pacific (but excluding China (in RMB) or Australia);
    • (vi) McAfee (Beijing) Security Software Co. Ltd., located at Room 608, Unit 610, 6/F Zhongyu Masion, No.6 North Workers’ Stadium Road, Chaoyang District, Beijing, China, if the Cloud Services are purchased in China (in RMB); or
    • (vii) Trellix Public Sector LLC, located at 11911 Freedom Drive, Suite 400, Reston, VA 20190, USA, if the Cloud Services are purchased by the U.S. Government, state or local governments, healthcare organization or educational institutions within the United States.

    Customer means the entity with current and valid contracts for one or more Service.

    End-of-Life (EOL Policy) means Our policy regarding the support lifecycle of Our Cloud Services, Software and Technical Support, available at: https://trellix.com/en-us/assets/docs/legal/support-policy-product-support-eol.pdf

    Force Majeure, please refer to the definition within the Cloud Service Agreement locate at https://www.trellix.com/en-us/about/legal/cloud-terms-of-service.html.

    Inline (block) means the web proxy doing inline block of traffic per policy.

    Inline Traffic Data Path means the duration of filtering in the Service after the last byte received from the server. 

    Management Access means access to the product’s cloud-based UI – ePO Cloud for WGCS and Skyhigh Security Cloud for SSE. Refer to Service Schedule 2 for the Skyhigh Security located at https://trellix.com/en-us/assets/docs/legal/cloud-services-skyhigh.pdf, which ais incorporated by reference herein.

    Service means the Cloud Service offerings as defined in the Cloud Services Agreement, including Skyhigh Security (previously known as UCE or Web Gateway cloud service) that have been assigned specific service levels within this SLA.

    Service Credit means the number of days of the relevant Service that will be added to the end of the Customer’s current contract term following Our approval of a claim that We missed an applicable Service Level.

    SKUs means A Stock Keeping Unit is a unique identifier for each distinct product and service that can be ordered from Us.

    Software means any software program owned or licensed by Us, as the context requires, in object code format, provided by Us to the Customer which may be required for it to access the Cloud Services.

    Sole Remedies means that a Customer’s receipt of a Service Credit is the sole remedy for Our failure to achieve and maintain an applicable Service Level.

    User means a unique individual person within a company, organization, or other entity that is a Customer.

    Skyhigh Security Latency incorporates the following set of terms:

    Average Latency means the average time it takes for the web protection service to scan, process and apply the Customer policy to the web content data, assuming a 100KB web page, as measured by the monthly average among samples taken by Us in a given month using industry standard monitoring tools/software. “Customer policy” means the Customer’s configuration set within the product. Average Latency does not include: (a) traffic not related to streaming applications; (b) traffic not subject to bandwidth management rules (QoS enforcement); or (c) the time required to download the web page from the origin content server (OCS) to the Web Protection Service. The processing of content is measured from when the Web Protection Service proxy receives the content to the point when the Web Protection Service proxy attempts to transmit the content.

    Latency means the web page load time attributable to the Skyhigh Security service.

    Latency Commitment means the commitment We will deliver the web protection service with an Average Latency of 100 milliseconds or less for scanned transactions and 50 milliseconds for unscanned transactions. The Latency Commitment is only applicable to reasonable number of transactions/data packets per User (based on Our cloud-wide average).

    Skyhigh Web Traffic Service Availability

    The Services Availability is defined as follows:

    Service Covered Functionality Availability SLA

    Skyhigh Security

    Inline Traffic Data Path-Availability

    99.999%

    Service Covered Functionality Availability SLA

    Web Gateway Cloud Service

    Inline Traffic Data Path-Availability

    99.999%

    Management Access

    99.900%

    Availability Calculation. Availability will be calculated per calendar month and shall be measured using industry standard monitoring tools/software. Availability will be calculated as follows:

    Total Min. - NonExcused - Excused Outages

    Total Min. – Excused Outages

    x 100 ≥ (99.999% general availability)

    • “Total Min.” means the number of minutes for the calendar month.
    • “NonExcused” means unplanned downtime, in minutes.
    • “Excused Outages”, in minutes, means the service will be unavailable for any downtime or outages relating to: (i) a Customer Outage Event; (ii) equipment, applications, interfaces, integrations, or systems not owned by Us, or service not offered; or (iii) a Force Majeure Event.
    • "Customer Outage Event" means a period of time in which Service is not available due to acts, omissions, or requests of a Customer, including without limitation: (a) configuration changes in, or failures of, the Customer end of the network connection; (b) work performed by Us at Customer’s request; or (c) a Customer’s unavailability or untimely response to incidents that require its participation for source identification and/or resolution
    • Availability Calculation Example:

    August has 31 days, or 44,640 minutes, of potential availability (Total Min.) one hour of scheduled maintenance was performed (Excused Outage).

    44,640 min. – 60 min. = 44,580 min.

    (This is the denominator and represents total potential availability for August).

    One minute of service interruption was experienced (unexcused outage).

    44,580 – 1 = 44,579 min.

    (This is the numerator and represents the total availability for August.)

    Availability = (44,640 – 1 – 60) / (44,640 – 60) * 100 = 99.997%

    Partial Subscription Months. For any partial calendar month during which the Customer subscribes to the Service, Availability will be calculated based on the entire calendar month, not just the portion for which Customer subscribed.

    Availability Restrictions. This Availability SLA does not apply if: (a) Customer fails to correctly configure the Service in accordance with Company policies or instructions; (b) failures in Customer equipment or third-party computer hardware, Software, or network infrastructure not within Our sole control; (c) failure of Customer’s network to forward traffic to the Service; (d) the unavailability of a specific third-party web page or data center outage outside of Our networks or data centers; (e) failure of an intermediate internet service provider (ISP) (other than Our direct ISP(s)) to deliver traffic to Us; (f) unavailability of one or more specific features, functions, or equipment hosting locations within the Service, while other key features remain available; (g) actions or inactions of Customer (unless undertaken at Our express direction) or third parties beyond Our control; or (h) Customer requests for additional configuration or system changes that require downtime to complete.

    Sla Restrictions

    The service levels are based upon a Customer’s use of a configuration that is at least as protective as Service default settings. For clarity, We are not responsible, and this SLA does not apply, if the Customer configuration does not meet or exceed the protections provided by the default settings.

    • (a) We are not responsible, and this SLA does not apply, if the Customer configuration is unsupported.
    • (b) This SLA does not apply to Skyhigh Security Cloud Service Customers who use a proxy IP address rather than the supported Global Routing Manager (GRM) hostname (i.e., c.saasprotection.com).
    • (c) Site to Cloud VPN is restricted to static IP Addresses or valid DNS names, and it is the Customer’s responsibility to configure their own firewall or router and establish at least two separate VPN tunnels to the Cloud to achieve high availability.
    • (d) This SLA does not apply to Beta Services or if Customer is receiving Service under an Evaluation Agreement or if the Customer is otherwise receiving the Service for free (such as free services, as defined in the Cloud Service Agreement).
    • (e) This SLA does not apply if the Customer is using Services in violation of the Cloud Services Agreement, Technical Support and Maintenance Terms and Conditions, Acceptable Usage Policy, or other Company Cloud Service subscription agreements.
    • (f) This SLA does not apply if the Customer was contracted for, but not actively using, the affected Service at the time of an incident covered by the SLA.

    The Service does not include the Customer’s internet access connections or hardware on the Customer’s side to access the internet or the Service. This SLA does not cover any issues arising from the compatibility of the Customer’s hardware or the software used to connect to the Service.

    For hybrid SKUs (include entitlement to both Cloud Services and Software licenses ((including virtual) form factors), this SLA only applies to the Cloud Service component within the hybrid SKU and does not apply to any other product or service.

    SLA, and the services it covers, is subject to the Company EOL Policy process.

    Unless specifically stated herein, this document does not replace, modify, or in any way restrict other terms and conditions that may apply, including the Technical Support and Maintenance Terms and Conditions or the Cloud Service Agreement, both referenced herein.

    Customer Responsibilities

    The Customer is required to use, configure, deploy, and manage the Service in accordance with the Cloud Services Agreement, and according to the documentation, including knowledge-based articles and other online content on public community.

    The Customer is responsible for failures of the equipment or Software used to access the Service.

    The Customer commits to using the Service based on the published individual proxy name per the documented terms and conditions. The customer will use IP addresses in their configuration to access the proxy unless explicitly documented.

    Service Credits

    The number of days which may be awarded as a Service Credit are set forth below. The Service Credits shall be Your Sole Remedies for any performance or availability issues for any Service under this SLA.

    Skyhigh Security Cloud Service Level Credits
    Inline Traffic Data Path-Availability Inline Traffic Data PathPerformance Management Access Rating Service Credit Number of Days

    >= 99.999%

    <t100ms

    >= 99.9%

    Meets Goals

    None

    <t99.999% but >=99.99%

    >100ms but<t= 200ms

    <t99.9% but >= 99%

    Tolerable

    8 days

    <t99.99% but >=99%

    >200ms but <t= 300ms

    <t99% but >= 98%

    Less Tolerable

    16 days

    <t99%

    >300 ms

    <t98%

    Unacceptable

    31 days

    Claims Process

    To initiate a Service Credit claim, the Customer must contact Technical Support through the Service Portal at:

    https://supportm.trellix.com/webcenter/portal/supportportal/pages_home and provide the following information: Grant Number, date and time of the service interruption, and a brief description of the event. Claims must be received within ten (10) business days of an event. If confirmed by Us, the Service Credit will be applied against Your contract term. Service Credits will not be convertible to cash or applied against any current billing charges.

    Skyhigh Casb Data Protection Traffic Service Availability

    System Availability. We shall make commercially reasonable efforts to provide 24 hours, 7 days a week availability and access to the Service and will continuously and proactively monitor the Cloud Services and its related environment. Under exceptional circumstances, We may experience the need for emergency maintenance, during which time, the Cloud Services will be unavailable to Customer (“Service Outage”). We will use reasonable efforts to notify Customer a minimum of fifteen (15) minutes prior to a Service Outage. Customer will notify Us of service interruptions or delays that may be known to Customer. We will provide access to Our designated contacts to assist Us with correcting any Service Outage problems in a timely manner. We will also provide updates to Customer until the Service Outage has been corrected. Upon learning of any Service Outage, We will correct the Service Outage and restore Services availability. We shall make commercially reasonable efforts to provide 99.5 percent (99.5%) availability of the Cloud Services, as measured monthly.

    Service Level Agreement - Schedule 2

    This Service Schedule 2 – Cloud Services Additional Terms applies to the Cloud Services provided by Trellix and Skyhigh Security (respectively) (the “Company,” “We,” “Us,” “Our”) based on the SKU purchased by the Customer (“You” or “Your”). All capitalized terms not defined herein shall have the meaning provided in your underlying cloud services agreement.

    1. Support and Customer Plans for Trellix: We will provide Support to You in accordance with the applicable Trellix Service goals located at Exhibit A.
    2. Support and Customer Plans for Skyhigh Security: We will provide Support to You in accordance with the applicable Skyhigh Security Service Schedule located at Exhibit B.
    3. Definitions:

    Business Day means any day other than a Saturday, Sunday, statutory or public holiday in the place where Company Products are provided, or the Professional Services are performed.

    Cloud Services means the Cloud Services that We provide to You as specified in one or more Grant Letters and that are subject to the applicable Service Schedule.

    Company means:

    • (i) Musarubra US, LLC, with offices located at 6000 Headquarters, Suite 600, Plano, TX 75024 USA, if the Cloud Services are purchased in the United States (except as provided in Subsection (vii) below), Canada, Mexico, Central America, South America, or the Caribbean;
    • (ii) Musarubra Ireland Limited with its office located at Building 2000, City Gate, Mahon, Cork, Ireland, if the Cloud Services are purchased in Europe, the Middle East or Africa;
    • (iii) Musarubra Singapore Pte Ltd., with a trading address located at 238A Thomson Road, #12-01/05 Novena Square, Tower A, Singapore, 307684, with respect to the provision of all Cloud Services and Support purchased in Asia Pacific, but excluding Japan, China (if the Cloud Services are purchased in RMB) or Australia;
    • (iv) Musarubra Japan KK, with its registered office located at Shibuya Mark City West, 12-1, Dogenzaka 1-chome, Shibuya-ku, Tokyo, 150-0043, Japan, if the Cloud Services are purchased in Japan;
    • (v) McAfee (Beijing) Security Software Co. Ltd., with a trading address located at Room 616, No. 6 North Workers’ Stadium Road, Chaoyang District, Beijing, China, if the Cloud Services are purchased in China (in RMB);
    • (vi) Musarubra Australia Pty Ltd., with offices located at Level 16, 40 Mount Street, North Sydney, NSW 2060, Australia, if the Cloud Services are purchased in Australia; or
    • (vii) Trellix Public Sector LLC, with offices located at 11911 Freedom Drive, Suite 400, Reston, VA, 20190, USA, if the Cloud Services are purchased by the U.S. Government, or by state or local governments, or healthcare or educational institutions in the United States.

    Customer means the entity which has purchased Products and to which We provide Support.

    Grant Letter means any written (electronic or otherwise) confirmation notice that We issue to You confirming the Products purchased and applicable Product Entitlement. The Grant Letter identifies the SKU number, quantity, Subscription Period or Support Period, and any other access and use details.

    Product Entitlement means the license or subscription types set forth in the Grant Letter and defined at https://trellix.com/en-us/assets/docs/legal/trellix-product-entitlement-definitions.pdf.

    Data means Your Personal Data, sensitive data or other information about You and Users (including Users’ name, address, e-mail address and payment details), their computers, files stored on their computers, or their computers’ interactions with other computers (including information regarding network, licenses used, hardware type, model, hard disk size, CPU type, disk type, RAM size, 32 or 64 bit architecture, operating system types, versions, locale, BIOS version, BIOS model, total scanners deployed, database size, system telemetry, device ID, IP address, location, content, products installed, components, processes and services information, frequency and details of update of Our components, information about third-party products installed, extracts of logs created by Us, usage patterns of Our products and specific features, etc.

    SKUs means A Stock Keeping Unit is a unique identifier for each distinct product and service that can be ordered from Us.

    Subscription Period means the period for which You have purchased the right to receive the Cloud Services or the time-period for which You have purchased the right to receive Support, as applicable.

    Support means the technical support services that We provide for the support and maintenance of the Cloud Services, as specified in the applicable Service Schedule.

    Support Period means the period for which You are entitled to Support, as specified in a Grant Letter.

    User means a unique individual whom You have authorized to use the Cloud Services pursuant to Your access rights under this Agreement, including Your employees, Your Affiliates, subcontractors, authorized agents, and Managed Parties.

    Exhibit A

    Trellix Support Customer Plans

    The Trellix Response Service Level Goals (SLG) will provide Support for the Cloud Services in accordance with the following:

    Severity Assessment Questions

    Through a series of questions, We will determine the business impact of your issue. The impact assessment questions are simplified to allow you to quickly answer and move towards getting resolution to your issue. Select the answer that most closely aligns with the reported issue.

    What type of issue is this?

    This question will help set the type of Service Request being opened. The options under this question are:

    • Question/Request
    • Installation/Configuration
    • Networking/Performance
    • Product Error
    • Fault/Crash
    • Malware
    How much of the organization is affected?
    • None
    • Isolated
    • Scattered
    • Substantial
    • Widespread
    What is the impact to Your business?
    • None
    • Partial
    • Major
    • Stopped

    Severity Levels

    A severity code is associated with Service Requests to indicate the impact and the urgency of the request.

    Severity 1: Severe Issue or Business Wide Impact

    This would be a very serious issue or business wide impact with the issue. Example: Our ePolicy Orchestrator is down, Web Gateway is blocking all customer traffic. There is no viable workaround.

    Severity 2: Major Issues or Large Impact

    This is a major issue or where a large number of Users are impacted. Example: Regional office not in a secured posture due to Our ePolicy Orchestrator is not functioning, Data Loss Prevention policy is causing the Executive Staff to be not able to use USB drives. There is no viable workaround.

    Severity 3: Minor Issue or Small Impact

    This is a minor issue or small number of Users impacted. Example: Few Users unable to authenticate to Drive Encryption, Data Loss Prevention rule requiring justification for a few Users but not stopping business activities.

    Severity 4: General Questions

    This is a question without impact on business operations. This may be around documentation or Knowledge Base entries. Example: Looking for Best Practices, Reference Configurations, clarification on entries in KB or Product Guide. Product Enhancements Requests

    Customer Plans

    Support Requests (SR) are assigned a SR number to manage the resolution of the issue. We attempt to resolve every issue on the first interaction. Unresolved customer issues are evaluated based on severity and priority of the reported issue. Based on this information, We assign each SR an impact level value.

    The frequency You should be contacted about the status of a Service Request will be agreed between You and the Technical Support Engineer during initial contact and at each communication interval. This will be discussed and agreed based on the individual needs and availability of the Customer, as well as the time it is likely to take to complete the next action.

    Based on the Plan purchased by the Customer, either the Business Plan or Premier Success Plans, Enhanced Success Plans and Essential Success Plans, the following response level targets are provided. The response times are target estimates and are not guaranteed.

    Service Level Goals Charter - Business
    Severity 1 Severity 2 Severity 3 Severity 4

    Initial Response

    30 Minutes

    60 Minutes

    8 Hours

    1 Business Day

    Update Frequency

    At least once per hour unless agreed otherwise with the customer

    At least twice per day unless agreed otherwise with the customer

    Negotiated with the customer

    Negotiated with the customer

    Service Level Goals Charter – Premier Success Plans, Enhanced Success Plans and Essential Success Plans*
    Severity 1 Severity 2 Severity 3 Severity 4

    Initial Response

    15 Minutes

    30 Minutes

    4 Hours

    1 Business Day

    Update Frequency

    At least once per hour unless agreed otherwise with the customer

    At least twice per day unless agreed otherwise with the customer

    Negotiated with the customer

    Negotiated with the customer

    * Also covers Legacy Enterprise Support programs, Advanced Partner Support, OEM/Embedded Partner Support and Trellix Authorized Support Providers

    Business Support Options

    The following chart provides a description of the applicable plans for Trellix.

    Customer Success Plans
    (Add-on Services)

    Features & Offerings

    Business Support (Standard)

    Essential Success Plan

    Enhanced Success Plan

    Premier Success Plan

    Daily product updates (.DATs, engines, etc.)

    Product upgrades

    24/7/365 Support Web and Phone with Remote Desktop Control

    Trellix Labs Malware analysis service and alerts with remediation analysis

    Online Experience - KnowledgeBase, Downloads, Case Mgt, Diagnostic & Remediation Tools

    Best practice videos and guides

    Proactive Notification Service via Support Notification Service (SNS)

    Direct Access to Enterprise Level Technical Experts

    Service Request Prioritization

    Designated Contacts

    15 Designated
    25 Designated
    Unlimited Designated

    Account Management

    Remote SAM

    Designated Customer Success Manager (CSM) for Value Realization (1)

    CSM
    CSM

    Assigned Technical Contact (ATC) for Situation and Escalation Management

    ATC

    Assigned Cloud ATC (C-ATC) for CASB Support

    Add-on Available
    Add-on Available
    C-ATC

    Documented Success Planning with the Customer Success Management (CSM)

    Yes
    Yes

    Quarterly Business Reviews

    Yes
    Yes

    Solution and/or Strategic Advisory Services

    One Week of Professional Services
    Four Weeks of Professional Services

    Professional Services Remote Health Watch Analysis

    One per year
    Two per year
    Four per year

    Educational Services Vouchers for Trellix Product education

    30
    80
    280

    eLearning Subscriptions

    Enterprise Site License

    (1) Resident Customer Success Manager option available.
    * Subject to Terms & Conditions. Regional variations may apply.

    To Contact Us, please reach out using the Quick Reference call provided by your Support Account Manager or Customer Support Manager or through Our Support Service Portal at https://www.trellix.com/en-us/support.html.

    Exhibit B

    Skyhigh Security Support Customer Plans

    We will provide Support for the Cloud Services in accordance with the following:

    Support and Maintenance
    Support Requests

    Phone

    1-866-727-8383

    Phone & Web

    Available 24/7

    Technical Support

    Office hours (critical and non-critical issues)

    Available 24/7

    Availability for critical issues

    Available 24/7

    Response time

    (See below)

    Service Support

    Upgrade notifications

    Yes, SNS notification will be provided

    Remote diagnostics

    Yes, we have the capability to connect to your network

    Online Resources

    The Parties will jointly use the severity levels below to document and respond to errors or deficiencies that may exist. If You believe that an error or deficiency exists in the programs supported by the subscription fees under this Agreement, You will provide written notification to Us of such error or deficiency, along with supporting data and programs that document such error or deficiency. We will respond in accordance with the following severity levels.

    Premium-Care Enterprise-Care Basic-Care

    24x7x365 Support

    Yes

    Yes

    Yes

    Technical Account Manager

    In region

    Remote

    N/A

    Customer Success Manager

    Dedicated In-region

    Dedicated Remote

    Non-Dedicated Remote

    On-Site Visit per Year

    2-4

    1

    N/A

    Consulting Days

    40

    20

    5

    eLearning

    Yes

    Yes

    Yes

    Health checks

    Yes

    Yes

    N/A

    Webinars

    Yes

    Yes

    N/A

    Governance

    Operational Service Review

    Weekly

    Every 2 Weeks

    N/A

    Monthly Operations Review

    Yes

    Yes

    Digital Report

    Executive Business Review

    Quarterly

    Semi-Annual

    N/A

    Priority Support

    Severity 1 Response

    30 min

    1 hour

    2-4 hours

    Severity 2 Response

    1 hour

    2 hours

    4-8 hours

    Skyhigh Plan Severity 1 Severity 2 Severity 3 Severity 4

    Initial Response

    PREMIUM-CARE

    30 mins

    1 hour

    4 hours

    1 business day

    ENTERPRISE-CARE

    1 hour

    2 hours

    4-8 hours

    1 business day

    BASIC-CARE

    2 hours

    4 hours

    1 business day

    2 business days

    Update Frequency

    PREMIUM-CARE

    At least once per hour unless agreed otherwise with the customer

    At least twice per day unless agreed otherwise with the customer

    ENTERPRISE-CARE

    BASIC-CARE

    At least once every two hours unless agreed otherwise with the customer

    At least once per day unless agreed otherwise with the customer

    Negotiated with the customer

    Negotiated with the customer

    Customer Support Plans

    All Customer care Plans provide direct access to Technical Support Engineers for technical issue resolution.

    Skyhigh Security Premier Care Plan –The Premier Care plan will entitle You to elevated support response times, including a maximum 30-minute response for Severity 1 SRs and a 1-hour response for Severity 2 SRs.

    Skyhigh Security Enterprise Care Plan The Enterprise Care plan will entitle you to elevated support response times, including a maximum 1-hour response for Severity 1 SRs and a 2-hour response for Severity 2 SRs.

    Skyhigh Security Basic Care Plan includes five (5) days of professional services to get the product fully deployed and operational. A non-dedicated remote CSM is assigned to work with the customer as part of this offering. This offering also includes e-learning plus access to webinars.

    SKYHIGH PLAN SS-PREMIUM-CARE SS-ENTERPRISE-CARE SS-BASIC-CARE
    SLAs (Levels)

    Severity Level 1

    30 min response

    1-hour response

    Standard

    Severity Level 2

    1-hour response

    2-hour response

    Standard

    Severity Levels

    Critical - Severity 1 Error:

    A “Severity 1 Error” will mean that the Cloud Services is non-operational, and no Users can access the system, or the functionality is significantly decreased, or back-up or other security of data can no longer be performed. The defect affects mission-critical systems or information in the production environment. This may include any defect related to You or personal safety, system availability, overall data integrity or ability to serve You.

    “Severity 1 Error” events will require immediate resolution. We must start the correction of “Severity 1 Errors no later than thirty (30) minutes following notification from You. We will work to correct Severity 1 Errors on a 24x7 basis until resolution. Our Support personnel as well as Your personnel may be required to sustain a twenty-four (24) hour per day effort to determine the root cause of the problem or until circumvention or resolution is provided. We will provide regular updates informing You of the progress to remedy the reported problem. For Severity 1 Errors only, telephone support is available to report irregularities twenty-four (24) hours per day seven (7) days per week.

    High - Severity 2 Error:

    A “Severity 2 Error” will mean that the Cloud Services is operational with functional limitations or restrictions but there is minimal business impact. The error has a large impact on the functionality of the application but does not require immediate release into the production environment.

    We must start the correction of “Severity 2 Error” no later than one (1) hour following notification by You. We will work to correct Severity 2 Errors during normal business hours and will provide regular updates informing You of the progress to remedy the reported problem.

    Medium - Severity 3 Error:

    A “Severity 3 Error” will mean these Cloud Service is operational with functional limitations or restrictions that are not critical to the overall system operation. The error has a moderate impact on the functionality of the application. However, the Service remains usable by all groups.

    We will work to correct Severity 3 Errors during normal business hours. We will use reasonable efforts to correct such errors within thirty (30) business days.

    Low - Severity 4 Error:

    A “Severity 4 Error” will mean the Cloud Service is operational with problems or errors, which have little impact on system operations. Severity 4 Errors will include documentation errors. The error has a minor impact on the functionality of the application.

    “Severity 4 Error” events are normally corrected in the next maintenance release of the Cloud Service.

    To Contact Us, please reach out to Your Customer Support Manager or through the Skyhigh Support Service Portal at https://www.skyhighsecurity.com/en-us/support.html.