Sign Up for Our Newsletter
* indicates required

Threatcare Applications Agreement

Threatcare Professional Services Agreement


Threatcare Applications Agreement

Last updated: July 27, 2018

Welcome to Threatcare. vThreat, Inc., dba Threatcare (“Threatcare”, “we” or “our”) offers cybersecurity assessment software and services to its customers (the “Customer” or “you”). As part of our offerings, we offer the Threatcare app, a standalone application that allows you to leverage Breach and Attack Simulations and the Threatcare agent, an addition to the Threatcare app that can be installed on any number of networks and allows you execute “Breach and Attack Simulations” or playbooks simultaneously from the control of the Threatcare app (the Threatcare app and the Threatcare agent, collectively, as modified from time to time, the “Applications”). Threatcare and Customer are sometimes individually referred to as a “Party” and collectively, as the “Parties.” All defined terms used herein shall have the meanings prescribed to these terms in this Agreement.


1. Definitions

Access Protocols” means the necessary passwords, security protocols and policies and network links or connections and downloads by which Customer’s Authorized Users will access and use the Applications.  

Authorized Users means Customer and Customer’s employees and authorized independent contractors (if any) for whom Customer has permitted to access and use the Applications under Customer’s license.

Customer Data” means any data or information contained in any document, template or other similar file submitted by Customer or on Customer’s behalf through (or in connection with) the Applications, and all other data and information automatically collected by Threatcare relating to Customer’s computer networks that are used in conjunction with the Applications.

“Effective Date” means the date that you clicked “I Agree” or took any other action signifying your acceptance of the terms of this Agreement.

“Professional Services” means the integration, development, implementation or testing of network security systems and applications as agreed between the Parties.

Purchase Platform means Threatcare’s electronic platform for the purchase of one or more Licenses to access and use the Applications, as modified from time to time.

Subscription Period” means (a) the contractually authorized initial license term (e.g., month to month, annual, etc.) commencing after the Trial Period (if any) for the applicable Application, as identified in the purchase process through the Purchase Platform or as otherwise agreed by the parties and (b) any Renewal Period.

Trial Period” means any period to evaluate the Applications as approved by Threatcare.

2. Applications

2.1 License – Threatcare app and Threatcare agent

Subject to the terms and conditions of this Agreement, Threatcare hereby grants to Customer a limited, revocable, non-exclusive, royalty-free, non-sublicensable, non-transferable (except as provided in Section 13.15), right and license to access and use the applicable Applications solely during the Subscription Period (a “License”).  CUSTOMER’S USE OF THE APPLICATIONS ARE LIMITED TO USE FOR CUSTOMER’S INTERNAL BUSINESS PURPOSES AND NOT FOR THE BENEFIT OF ANY THIRD PARTY, INCLUDING USE AS PART OF AN APPLICATION SERVICE PROVIDER SERVICE OR SOFTWARE AS A SERVICE OFFERING.

2.2 Subscription Period

The initial Subscription Period will begin on the Effective Date. The initial Subscription Period for any additional License purchased after the Effective Date shall begin on the date of purchase or as otherwise agreed by the parties. Thereafter, each initial Subscription Period will automatically renew for consecutive terms equal to the term of the initial Subscription Period (each, a “Renewal Period”), unless and until either Party delivers to the other Party written notice of its intent not to renew the Agreement no later than thirty (30) days prior to the start of a Renewal Period.  

2.3 Open-Source Software

Certain software code incorporated into or distributed with the Applications may be licensed by third parties under various “open-source” or “public-source” software licenses (such as the GNU General Public License, the GNU Lesser General Public License, the Apache License, the Berkeley Software Distribution License, and the Sun Public License) (collectively, the “Open Source Software”). Notwithstanding anything to the contrary in this Agreement, the Open Source Software is not licensed under Section 2.1, and instead is separately licensed pursuant to the terms and conditions of their respective open-source software licenses. You agree to comply with the terms and conditions of such open-source software license agreements.

2.4 Customer Data

The Applications do not store any user security information or retain any vulnerability information. All user specific security information and user vulnerability information will remain on Customer’s users’ internal security systems that are used to detect activity and retained within the user’s organization on the systems the user uses to store this data. The only information stored by Threatcare is account related information and limited information related to IP addresses that the Applications obtain during simulated events. All such information stored by Threatcare is deleted when an Application user downloads the event results.     

2.5 Professional Services

During the Subscription Period, Customer may engage Threatcare to provide Professional Services including the integration, development, implementation or testing of network security systems and applications as agreed by the Parties. Such Professional Services will be subject to the execution by the Parties of a separate professional services agreement.

2.6 Support Services

Subject to Customer’s compliance with the terms of this Agreement, Threatcare will provide Customer with the following support services:

  1. Email Support. Threatcare will provide Authorized Users with email support ([email protected] for use by Authorized Users Monday through Friday, 9am – 5pm CT, US holidays excluded, for problem resolution assistance.
  2. Training and Activation Support.  In connection with the provision to Customer of Authorized User credentials and any additional Access Protocols, Threatcare will provide reasonable activation, setup and training support during the first thirty (30) days of the initial Subscription Period.
  3. Error Corrections.  Threatcare will use commercially reasonable efforts to correct material Errors (as defined below) in the Applications reported by Customer in writing to Threatcare at [email protected]. Threatcare will use reasonable commercial efforts to diagnose and remediate bug fixes and/or workarounds to correct the Error. Threatcare may not issue Error Corrections for all Errors.  “Error” means a reproducible failure of the Applications to execute enterprise threat simulation exercises in accordance with the documentation provided within the Applications or as published by Threatcare at
  4. Enhancements.  During the Subscription Period, Threatcare will provide Customer with updates and enhancements that Threatcare generally offers to other customers of the Applications.  Major Improvements to the Applications that Threatcare offers for additional fees will not be automatically provided to Customer. “Major Improvements” means material feature changes or improvements that Threatcare offers its customers for additional fees.
  5. Support Exclusions.  Threatcare will have no responsibility or liability of any kind, whether for breach of warranty or otherwise, arising or resulting from: (a) Customer’s or Authorized Users’ use of any version of the Applications other than the then-current unmodified version provided to Customer; (b) any problems which are not Errors; (c) problems caused by failed Internet connections or other hardware, software or equipment which is not owned, controlled or operated by Threatcare; (d) nonconformities resulting from abuse, negligence, or improper or unauthorized use of all or any part of the Applications; (e) problems or Errors caused by Customer’s, or other third parties’ products, services or equipment designated by Threatcare in writing to Customer as not being compatible with the Applications; or (f) material modification, amendment, revision, or change to the Applications by any party other than Threatcare or Threatcare-authorized representatives. Any use of or reliance on data or data output contained in the Applications is Customer’s sole responsibility.

2.7 Trial Period

During any Trial Period, Customer will have the right to access and use the Applications solely for the purpose of evaluating the Applications, subject to, and in accordance with, the terms of this Agreement. There shall no fee for the Trial Period. Customer agrees to provide prompt feedback concerning its experience with the Applications during the Trial Period via a weekly teleconference call, survey or other means as reasonably requested by Threatcare. Threatcare shall own all right, title and interest in any such feedback by Client and Threatcare shall be free to use any such feedback without any payment or restriction.

If Customer has not bought a License for an Application prior to the end of the Trial Period, then Customer’s right to access and use the Applications shall automatically terminate at the end the Trial Period.

3. Confidentiality

3.1 Confidential Information

Ownership of Confidential Information. The Parties acknowledge that during the performance of this Agreement, each Party will have access to certain of the other Party’s Confidential Information that the receiving Party is required to maintain as confidential.  For the purposes of this Agreement, the Party making its Confidential Information available is the (“Disclosing Party”) and the Party receiving such Confidential Information is the (“Receiving Party”). Both Parties agree that as between the Disclosing Party and the Receiving Party, all items of Confidential Information are proprietary to the Disclosing Party and will remain the property of the Disclosing Party.  For the purposes of this Agreement, (“Confidential Information”) means all written or oral information disclosed by the Disclosing Party to the Receiving Party under this Agreement that is identified as confidential at the time of disclosure or that should be reasonably understood by the Receiving Party to be confidential by the nature of the information or the circumstances of its disclosure. Without limiting the foregoing, the Applications will be Confidential Information of Threatcare and the Customer Data shall be deemed Confidential Information of Customer.

Mutual Confidentiality Obligations.  Except as necessary for a Party to perform its obligations or exercise its rights under this Agreement, the Receiving Party agrees: (i) to use Confidential Information only to exercise its rights or fulfill its obligations described herein; (ii) not to reproduce Confidential Information and to protect such Confidential Information in the same manner that it uses to protect its own Confidential Information of a like kind, but in no event less than reasonable care; (iii) to implement safeguards to prevent disclosure of data to individuals or third parties, except those of its employees, agents, and consultants, who have a need to know such information to assist such Party in performing its obligations or exercising its rights under this Agreement, but only to the extent that such employees, agents, and consultants are bound by confidentiality obligations at least as restrictive as those in this Section 3; and (iv) to return or destroy, all Confidential Information that is in its possession within a reasonable time after termination or expiration of this Agreement.

Confidentiality Exceptions. The provisions of this Section 3 will not apply to information that (i) is publicly available or in the public domain through no fault of the Receiving Party, with the understanding that this public domain exception will not apply to any personally identifiable information contained within the Customer Data or the Applications; (ii) is rightfully communicated to the Receiving Party without an obligation of confidentiality by persons not known by the Receiving Party to be bound by confidentiality obligations; (iii) is already in the Receiving Party’s possession free of any confidentiality obligations with respect thereto at the time of disclosure; (iv) is independently developed by the Receiving Party; or (v) is approved for release or disclosure by the Disclosing Party without restriction.

Notwithstanding the foregoing, in the event that the Receiving Party is requested or required (by oral questions, interrogatories, requests for information or documents, subpoenas, civil investigative demand or similar process or otherwise by law) to disclose any Confidential Information, the Receiving Party will provide (to the extent legally permissible and reasonably practicable) the Disclosing Party with prompt written notice so that the Disclosing Party may seek a protective order or other appropriate remedy and/or waive the Receiving Party’s compliance with the provisions of this Agreement.  In the event that such protective order or other remedy is not obtained, or compliance with the provisions of this Agreement is waived, the Receiving Party will disclose only that portion of the Confidential Information that is legally required, based on the advice of Receiving Party’s counsel, and will exercise reasonable efforts, at the Disclosing Party’s sole cost and expense to obtain a protective order or other reliable assurance that confidential treatment will be accorded to the Confidential Information. The Receiving Party shall also be permitted to disclose Confidential Information as reasonably required to establish its rights under this Agreement, including, to make such court filings as it may be required to do. Notwithstanding the foregoing, no such disclosure shall exempt such Confidential Information from being treated as confidential under this Section 3.

Injunctive Relief.  The Parties agree that the Disclosing Party would be irreparably injured by a breach or threatened breach of the terms of this Section 3 by the Receiving Party and that the Disclosing Party would not have an adequate remedy at law.  Therefore, in the event of a breach or threatened breach by the Receiving Party of this Section 3, the Disclosing Party shall be entitled, in addition to any and all other remedies, to seek injunctive relief and specific performance.  The Receiving Party further agrees not to resist such application for relief on the basis that the Disclosing Party has an adequate remedy at law and agrees to waive any requirement for the securing or posting of any bond in connection with such remedy.

4. Access and Security Guidelines

4.1 Customer Credentials

On or as soon as reasonably practicable after the Effective Date, Threatcare will provide Customer the necessary Access Protocols to allow Customer and its Authorized Users to access the Applications. Customer agrees to safeguard, and ensure that all Authorized Users safeguard, any usernames and passwords (“Credentials”) provided to any Authorized User to access the Applications. Customer agrees that it is responsible for all acts and omissions of Authorized Users and any activities conducted using their Credentials.  Customer will notify Threatcare promptly if it learns of any unauthorized use of any Credentials or any other known or suspected breach of security related to the Applications. Customer is responsible for all activities that occur under Customer’s Authorized Users’ accounts, for Authorized Users’ compliance with the terms of this Agreement, and for all acts or omissions of such Authorized Users.

4.2 Customer Responsibility for Data

Customer understands and accepts that the nature of the Applications and any related cloud-based applications necessitate simulation of various security attacks on Customer’s systems. Customer accepts all risks associated with Customer’s and any third-party reactions and/or retaliations for any attack simulations created by the Applications and any related cloud-based applications. Customer’s Authorized Users will be fully and completely responsible for all changes to and/or deletions of Customer Data maintained within the Applications, as well as for the security of all credentials and other access protocols required to access the Applications.  CUSTOMER WARRANTS THAT NO TEST DATA WILL BE UTILIZED IN ANY MANNER IN RELATION TO THE APPLICATIONS THAT WOULD BE PROHIBITED BY ANY REGULATION, STATUTE, OR LAW, OR VIOLATE ANY APPLICABLE AGREEMENT. CUSTOMER SHALL HOLD HARMLESS AND INDEMNIFY THREATCARE FOR ANY THIRD-PARTY CLAIMS OF ANY KIND, DUE TO TEST DATA UTILIZED BY CUSTOMER.

4.3 Restrictions on Usage

Customer shall not, and shall not permit any Authorized User or other party to (a) use the Applications to access, harvest, collect, copy, view, gather, or assemble information or data regarding Threatcare or other Threatcare customers without their explicit consent; (b) interfere with or disrupt the integrity of performance of the Applications or the data contained therein; (c) harass or interfere with another Threatcare customer’s use and enjoyment of the Applications; (d) reverse engineer, disassemble, or decompile any component of the Applications; (e) interfere in any manner with the operation of the Applications; (f) sublicense or attempt to sublicense any Customer rights under this Agreement (except as expressly authorized hereunder) or otherwise use the Applications for or to operate a service bureau, application service provider service, or any software-as-a-service offering in any way related to this Agreement; (g) modify, copy or make derivative works based on any part of the Applications; (h) use the Applications to build a competitive offering; or (i) otherwise use the Applications in any manner that exceeds the scope of use permitted under this Agreement.

5. Fees, Payment, and Suspension

5.1 Fees

Customer shall pay the total applicable subscription fees (as modified from time to time, the “Subscription Fees”) for the initial Subscription Period for each License. Customer shall also pay the Subscription Fees for (a) the purchase of any subsequent License for an Application and (b) any Renewal Term. For the Threatcare App, each computer or other similar device on which the Threatcare App is loaded requires a separate License and Customer shall pay the Subscription Fees for each such License. For the Threatcare Agent, each computer server (whether physical or virtual) or other similar device on which the Threatcare Agent is loaded requires a separate License and Customer shall pay the Subscription Fees for each such License. Customer acknowledges and agrees that Threatcare has the right to increase the Subscription Fees applicable to any Renewal Period upon sixty (60) days’ written notice to Customer prior to the commencement of the next Renewal Period.

5.2 Payments

Unless otherwise approved by Threatcare, the initial Subscription Fees shall be automatically charged on the first (1st) day of the applicable Subscription Period. Thereafter, the Subscription Fees shall be automatically charged on the first (1st) day of each subsequent Renewal Period. All such Subscription Fees shall be paid in accordance with Section 5.3.

Notwithstanding the foregoing, Threatcare and Customer may agree in writing on alternative payment terms for the applicable Subscription Fees (the “Alternative Terms”). In that case, the Subscription Fees shall be paid in accordance with the Alternative Terms.

5.3 Payment Processor

Unless otherwise agreed by Threatcare, all payments shall be made through a third-party payment processor directed by Threatcare (e.g., Stripe, etc.) (any such third-party payment processor, the “Payment Processor”). Payment processing services for the Subscription Fees, are currently being provided by Stripe and are subject to the Stripe Connected Account Agreement, which includes the Stripe Terms of Service (as modified from time to time, collectively, the “Stripe Services Agreement”). By agreeing to the terms of this Agreement or continuing to use any of the Applications, you agree to be bound by the Stripe Services Agreement. As a condition of Threatcare’s enabling payment processing services through a Payment Processor, you agree to provide Threatcare accurate and complete information about you, your business, your credit or debit card and such other information required by the Payment Processor, and you authorize Threatcare to share it and any relevant transaction information related to your use of the payment processing services provided by the Payment Processor.

5.4 Taxes

The Subscription Fees applicable to the Applications are exclusive of any sales, use, excise, and other taxes, as well as applicable export and import fees, customs duties, and similar charges, if any, that Threatcare is obligated to collect, except for employment taxes, and taxes based on Threatcare’s net income.  To the extent Threatcare is not so obligated, all such taxes are the responsibility of Customer.

5.5 Suspension of Service

Threatcare reserves the right (in addition to any other rights and remedies Threatcare may determine applicable) to discontinue access and use of the Applications and suspend all Credentials and Customer’s access to the Applications (a) for any period during which any payment owed to Threatcare has not been made by Customer, or (b) as Threatcare reasonably deems necessary to protect the rights of Threatcare or any of its customers.  Threatcare also reserves the right to charge Customer a reinstatement fee of no more than one (1) month’s Subscription Fees applicable to the suspended access to the Applications in the event of suspension pursuant to this Section 5.5, at Threatcare’s sole discretion.

6. Storage Location and Data Security


Threatcare will implement and maintain reasonable practices, procedures, and systems, including administrative, technical, and physical safeguards designed to (i) protect the security, confidentiality, and integrity of Customer’s Confidential Information; (ii) ensure against reasonably anticipated threats or hazards to the security or integrity of Customer’s Confidential Information; (iii) protect against unauthorized access to or use of Customer’s Confidential Information; and (iv) otherwise comply with its obligations under the terms of this Agreement.  These safeguards include, without limitation, a written data security plan, employee training, information access controls, restricted disclosures, systems protections (e.g., intrusion protection, data storage protection, and data transmission protection), and physical security measures.

7. Breach and Attack Simulations

The breach and attack simulations may communicate with Threatcare’s network of secure servers located in any country worldwide in order to provide the most realistic scenarios. CUSTOMER UNDERSTANDS AND CONSENTS TO BREACH AND ATTACK SIMULATION TRAFFIC FROM ANY AND ALL SUCH COUNTRIES.

8. Ownership

8.1 Applications

Customer acknowledges and agrees that Threatcare retains all right, title and interest in and to the Applications and all associated materials, including (but not limited to) all Threatcare Confidential Information and technology used by Threatcare or provided to Customer in connection with the Applications, the intellectual property rights contained therein (as reduced to practice or otherwise) related thereto (the “Threatcare Technology”), and that the Threatcare Technology is protected by intellectual property rights owned by or licensed to Threatcare.  Other than as expressly set forth in this Agreement, no licenses, subscriptions or other rights in the Threatcare Technology are granted to Customer. Customer hereby grants Threatcare a royalty-free, worldwide, transferable, sublicensable, irrevocable, perpetual license to use or incorporate into the Applications any suggestions, enhancement requests, recommendations or other feedback provided by Customer or Customer’s Authorized Users, relating to the Applications and Threatcare Technology.

8.2 Customer Data

Customer retains all right, title and interest in and to the Customer Data.  Customer will not provide, post or transmit any Customer Data that: (a) infringes, misappropriates or violates any intellectual property rights, publicity/privacy rights, law or regulation; (b) contains any viruses or programming routines intended to damage, surreptitiously intercept or expropriate any system, data or personal or personally identifiable information; or (c) is deceptive, defamatory, obscene, pornographic or otherwise unlawful.

8.3 Sensitive Data

Customer acknowledges and agrees that the Applications are not designed to store personally identifiable information or other sensitive information except personally identifiable information related to Authorized Users.  Accordingly, Customer will not submit or enable the collection of: (i) any personally identifiable information, except as necessary for the establishment of an account for an Authorized User or (ii) any other information subject to regulation or protection under specific laws such as the Gramm-Leach-Bliley Act (or related rules or regulations) ((i) and (ii), collectively, “Sensitive Data”).  In certain circumstances, Customer may use its own test data or sample data (collectively “Sample Data”) in connection with using the Applications.  Customer acknowledges and agrees that any Sample Data shall not include any Sensitive Data and, further, that all such Sample Data will not be deemed Customer’s Confidential Information.  NOTWITHSTANDING THE PROVISIONS OF SECTION 3 ABOVE, THREATCARE HAS NO LIABILITY UNDER THIS AGREEMENT FOR THE PROTECTION OF SENSITIVE DATA OR SAMPLE DATA EXCEPT TO THE EXTENT RESULTING FROM THREATCARE’S BREACH OF THIS AGREEMENT.  

9. Term and Termination  

9.1 Term

This Agreement commences on the Effective Date and continues for the duration of the Subscription Period, unless earlier terminated in accordance with this Section 9.

9.2 Termination for Cause

Except for breach of payment terms as specified in Section 5, for which no notice period shall be necessary, either Party may terminate this Agreement for a material breach of any of its terms and conditions upon a minimum of thirty (30) days’ prior written notice, provided the breach is not remedied during the notice period.  Termination of this Agreement for cause shall result in automatic termination of any License for the Applications and Customer shall immediately discontinue any and all use of the Applications.

9.3 Effect of Termination

Upon any termination of this Agreement, each Party shall (i) immediately discontinue all use of the other Party’s Confidential Information (expressly including the Applications); (ii) delete the other Party’s Confidential Information from its computer storage or any other media, including, without limitation, Customer Data, as applicable; (iii) return to the other Party or destroy (with written certification), all copies of such other Party’s Confidential Information then in its possession; and (iv) promptly pay all amounts due and remaining payable hereunder. At Threatcare’s request, Customer shall delete or return all copies of the Applications.

10. Warranty; Disclaimer

10.1 Limited Warranties

  1. Threatcare represents and warrants that (a) the Applications will work substantially in accordance with the technical and user documentation and (b) it will perform Threatcare’s other obligations in a professional and workmanlike manner substantially consistent with general industry standards. If Customer notifies Threatcare of any breach of the foregoing warranties, Threatcare will, as Customer’s sole and exclusive remedy, where appropriate, use commercially reasonable efforts to correct material Errors in the Applications reported by Customer in writing to Threatcare at [email protected] or re-perform the obligations.
  2. Threatcare represents, warrants and covenants that: (a) the technical documentation for the Applications will be sufficient to allow a reasonably knowledgeable information technology professional to install, execute, load, operate, display, copy and configure and perform the Applications; and (b) the user documentation will describe, in terms understandable by a typical Authorized User, the functions and features of the Applications and the procedures for exercising such functions and features.  In the event of a breach of this Section 10.1.2, as Customer’s sole and exclusive remedy, Threatcare will revise the documentation or provide additional instruction as necessary to cure such breach.
  3. Threatcare represents, warrants and covenants that prior to delivery of any Applications, Threatcare will use generally available commercial virus scanning technology to detect any known viruses contained within the Applications as delivered by Threatcare to Customer.  Threatcare further represents, warrants and covenants that it will use commercially reasonable efforts to not introduce any virus into its products or services. In the event a breach of this Section 10.1.3, as Customer’s sole and exclusive remedy, Threatcare will use commercially reasonable efforts, at no charge to Customer or Customer’s clients, to assist Customer in eradicating and mitigating the effects of the virus; provided, however, Customer acknowledges and agrees that Threatcare makes no warranties with respect to its ability to eradicate or mitigate such effects of the virus.
  4. If Threatcare is unable to correct any breach of this Section 10.1 within thirty (30) days after receipt of Customer’s written notice, Customer may terminate this Agreement with respect to such services and receive a refund of the unearned portion of all amounts paid under this Agreement in respect of the terminated services.  Such refund will be payable within thirty (30) days after the effective date of termination of this Agreement.

10.2 Disclaimer


11. Indemnity

11.1 By Threatcare

If any action is instituted by a third party against Customer based upon a claim that the Applications, as delivered without modification and used as specified in all applicable documentation, infringes any third party’s intellectual property rights, Threatcare will defend such action at its own expense on Customer’s behalf and will pay all damages attributable to such claim which are finally awarded against Customer or paid in settlement, provided that Threatcare agrees in writing to such settlement.

11.2 Exceptions

Section 11.1 will not apply if the alleged claim arises, in whole or in part, from (a) a use or modification of the Applications by Customer in a manner inconsistent with any applicable documentation, and/or outside the scope of any right granted or in breach of this Agreement, (b) a combination, operation or use of the Applications with other software, hardware, or technology not specifically authorized by Threatcare, or (c) the Customer Data provided by Customer or on Customer’s behalf from a third party (the “Customer Indemnity Responsibilities”).

11.3 Infringement or Likely Infringement

If the use of the Applications is enjoined or, in Threatcare’s determination are likely to be enjoined or otherwise infringing, Threatcare may, at its option and expense (a) procure for Customer the right to continue using the Applications, (b) replace or modify the Applications so that it they are no longer infringing but continue to provide comparable functionality, or (c) terminate the License to access and use the Applications and refund any amounts previously paid for the Applications attributable to the remainder of the then-current term.  This Section 11.3 sets forth the entire obligation of Threatcare and Customer’s exclusive remedy against Threatcare for any claim that any Application infringes a third party’s intellectual property rights.

11.4 By Customer

If any action is instituted by a third party against Threatcare relating to (a) Customer’s or Authorized Users’ use of the Applications, (b) Customer’s or Authorized User’s violation of the terms of this Agreement or any applicable law or (c) Customer Indemnity Responsibilities, Customer will defend such action at Customer’s own expense on Threatcare’s behalf and will pay all damages attributable to such claim which are finally awarded against Threatcare or paid in settlement of such claim. This subsection will not apply to the extent that Threatcare has any indemnification obligation with respect to such claim pursuant to Section 11.1. 

11.5 Procedure

Any Party that is seeking to be indemnified under the provision of this Section 11 (an “Indemnified Party”) must (a) promptly notify the other Party (the “Indemnifying Party”) of any third-party claim, suit, or action for which it is seeking an indemnity hereunder (a “Claim”) and (b) give the Indemnifying Party the sole control over the defense of such Claim.  

12. Limitation of Liability





12.3 Exclusions from Limitation on Liability

The limitations on liability in Sections 12.1 and 12.2 will not apply to gross negligence or willful misconduct, any payment obligation under Section 5, misappropriation of the other Party’s intellectual property, a breach of a Party’s confidentiality obligations, liability arising from a Party’s indemnification obligations, or with respect to Customer, liability arising from a breach of Customer’s obligations or warranties with respect to Customer Data hereunder.

12.4 Essential Basis of the Agreement

The limitations of liability set forth in sections 12.1 and 12.2 are intended to apply without regard to whether other provisions of this Agreement have been breached or proven ineffective. The disclaimers, exclusions and limitations of liability set forth in this Agreement form an essential basis of the bargain between the Parties, and, absent any of such disclaimers, exclusions or limitations of liability, the provisions of this Agreement, including, without limitation, the economic terms, would be substantially different.

13. General Provisions

13.1 Publicity

Except with Customer’s prior written consent, Threatcare may not use any name, trademark, logo, or trade name of Customer (or any contraction, abbreviation, adaptation, or other variant thereof), or the name or likeness of any of Customer employees or staff, in any news/press/publicity release, advertising, publication, promotional material, or other commercial communication.  Notwithstanding the foregoing, Threatcare may identify Customer as a customer of Threatcare, provided that Threatcare makes no statement that could reasonably be construed as an endorsement of Threatcare or any of Threatcare’s services, by Customer.  

13.2 Threatcare Right to Subcontract

Customer agrees that Threatcare may subcontract certain aspects of the Applications to qualified third parties; provided that any such subcontracting arrangement will not relieve Threatcare of any of its obligations hereunder.

13.3 Applicable Law and Venue

This Agreement and the rights and obligations of the Parties hereunder shall be construed in accordance with, and governed by, the laws of the state of Texas, without giving effect to such jurisdiction’s rules regarding conflicts of laws. Except for any claim for injunctive relief or related to the ownership of intellectual property (“Excluded Claims”), the Parties agree that any and all causes of action between the Parties arising from or related to this Agreement shall be determined pursuant to the arbitration provision set forth in Section 13.4 below. Excluded Claims will be heard exclusively in the state or federal courts in Travis County, Texas and all Parties submit to the exclusive jurisdiction of such courts.

13.4 Arbitration

All disputes related to or arising out of this Agreement will be resolved exclusively by binding arbitration under Commercial Arbitration Rules of the American Arbitration Association (“AAA”).  Either Party may send a notice to the other Party of its intention to file a case with the AAA under this Section (“Arbitration Notice”).  The arbitration will be conducted in Austin, Texas by a single arbitrator knowledgeable in the commercial aspects of data licensing and related services.  The Parties will mutually appoint an arbitrator within thirty (30) days of the Arbitration Notice.  If the Parties are unable to agree on an arbitrator, then the AAA will appoint an arbitrator who meets the foregoing knowledge requirements. The arbitration hearing will commence within sixty (60) days after the appointment of the arbitrator and the hearing will be completed and an award rendered in writing within sixty (60) days after the commencement of the hearing.  Prior to the hearing, each Party will have the right to take up to four (4) evidentiary depositions, and exchange one (1) set of document production requests and one set of not more than ten (10) interrogatories.  The arbitrator will provide detailed written explanations to the Parties to support their award and will grant to the prevailing Party the costs and fees (including legal, accounting and expert witness fees) incurred by such Party.  The arbitration award will be final and binding and may be enforced in any court of competent jurisdiction.  Notwithstanding the above, this arbitration provision is not exclusive with respect to any claim for injunctive relief or any claim related to ownership of intellectual property.

13.5 Prevailing Party

In the event that either Party institutes any arbitration, legal suit, action or proceeding against the other Party arising out of or relating to this Agreement or the Applications, the prevailing Party in the arbitration, suit, action or proceeding shall be entitled to receive in addition to all other damages to which it may be entitled, the costs incurred by such Party in conducting the arbitration, suit, action or proceeding, including reasonable attorneys’ fees and expenses and arbitration or court costs

13.6 Independent Contractors

Customer and Threatcare acknowledge and agree that the relationship arising from this Agreement does not constitute or create any joint venture, partnership, employment relationship or franchise between them, and the Parties are acting as independent contractors in making and performing this Agreement.

13.7 Counterparts

This Agreement may be executed in any number of counterparts, each of which when so executed will be deemed to be an original, and electronically stored copies of such counterpart(s) will be deemed an original, so long as any such counterpart is in an unalterable format, such as a PDF file; all of which when taken together will constitute one Agreement.

13.8 Headings

The headings in this Agreement are inserted merely for the purpose of convenience and shall not affect the meaning or interpretation of this Agreement.

13.9 Entire Agreement

This Agreement sets forth the entire understanding between the Parties related its subject matter and supersedes all prior oral and written understandings between the Parties related thereto.  Neither of the Parties will be bound by any conditions, inducements or representations other than as expressly provided for in this Agreement. This Agreement will govern the relationship of the Parties. Purchase orders provided by Customer including any additional or conflicting terms and conditions will be for administrative purposes only and will have no force or effect.

13.10 Modifications

This Agreement contains the entire understanding and agreement of the Parties, and supersedes any and all previous and contemporaneous understandings. Only a writing signed by both Parties may modify this Agreement.  

13.11 Severability

In the event that any provision of this Agreement is held to be invalid or unenforceable, the valid or enforceable portion thereof and the remaining provisions will remain in full force and effect.  Any waiver or failure to enforce any provision of this Agreement on one occasion will not be deemed a waiver of any other provision or of such provision on any other occasion. All waivers must be in writing.

13.12 Government End Users

The Applications are “commercial items” as that term is defined at 48 C.F.R. 2.101, consisting of “commercial computer software” and “commercial computer software documentation” as such terms are used in 48 C.F.R. 12.212.  If acquired by or on behalf of a civilian agency, the U.S. Government acquires this commercial computer software and/or commercial computer software documentation and other technical data subject to the terms of the Agreement as specified in 48 C.F.R. 12.212 (Computer Software) and 12.211 (Technical Data) of the Federal Acquisition Regulation (“FAR”) and its successors. Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4, all U.S. Government end users acquire the Applications with only those rights set forth therein.  This U.S. Government End User Section 13.11 is in lieu of, and supersedes, any other FAR, DFARS, or other clause or provision that addresses government rights in computer software or technical data.

13.13 Export Compliance

The Parties represent that, except as allowed under applicable U.S. Government export laws and regulations, no technical data, hardware, software, technology, or other information furnished under this Agreement by either Party shall be disclosed to any foreign person, firm, or country, including foreign persons employed by or associated with Customer.  Furthermore, both Parties shall not allow any re-export of any technical data, hardware, software, technology, or other information furnished, without first complying with all applicable U.S. Government export laws and regulations.  Prior to exporting any technical data, hardware, software, technology, or other information furnished hereunder, and receive the other Party advance written approval.  Each Party shall indemnify, defend, and hold the other Party harmless from and against any and all claims, demands, actions, suits, proceedings, losses, damages, penalties, obligations, liabilities, costs and expenses (including, without limitation, reasonable attorneys’ fees) arising directly or indirectly from breaches of this provision by the other Party.

13.14 Survival

The following Sections shall survive any termination of this Agreement:  Section 3, Section 4.2, Section 5, Section 8, Section 9.5, Section 10.2 and Sections 11 through 13.

13.15 Assignment

Neither Party may assign or transfer this Agreement without the other Party’s prior written approval, except that either Party may, upon written notice, assign this Agreement to an entity that acquires or is merged with the Party or that purchases all or substantially all of the assets of the Party, and with respect to Customer’s successor, such successor entity agrees to be bound by the terms of this Agreement.

13.16 Force Majeure

No failure or omission by either Party in the performance of any obligation of the terms of this Agreement (other than failure to pay) will be deemed a breach of this Agreement or create any liability if the same will arise from any cause or causes beyond the control of such Party, including, but not limited to, the following: acts of god; acts or omissions of any government; any rules, regulations or orders issued by any governmental authority or by any officer, department, agency or instrumentality thereof; fire; storm; flood; earthquake; accident; war; rebellion; insurrection; riot; and invasion; provided that such Party provides notice to the other Party of such an event and such failure or omission resulting from any such event of force majeure is cured as soon as is practicable.

13.17 Notice

All notices required by or relating to this Agreement will be in writing and will be sent by means of certified mail, postage prepaid, to (a) Customer at the address provided during the purchase process through the Purchase Platform or as otherwise provided by Customer and (b) Threatcare at: President, vThreat, Inc., 1309 E. 7th Street, Austin TX 78702., or addressed to such other address as the receiving Party may have given by written notice in accordance with this provision.

Threatcare Professional Services Agreement

Effective Date: March 1, 2018

This Professional Services Agreement (this “PSA” or this “Agreement”) is made by and between vThreat, Inc., dba Threatcare (“Threatcare”) and You (“Customer”) as of the Effective Date indicated above.

1. Engagement

Threatcare and Customer will enter into separate statements of work (each, a “SOW” and collectively, the “SOWs”), in a form to be mutually agreed upon. The SOWs will reference this PSA and will be incorporated into this PSA by such reference. Subject to the terms of this PSA, under each SOW, Threatcare will render the services (the “Services”) and deliver the Work Product (as defined in the applicable SOW) as more fully set forth in the SOW. It is understood, however, that neither party is obligated to retain the services of, or furnish services to, the other until, unless, and only to the extent that a SOW is signed by both parties. Any such Services may be provided by employees or contractors of Threatcare.

2. Compensation

Customer will provide payment to Threatcare according to the terms set forth in each SOW for Services and Work Product delivered and accepted by Customer pursuant to this PSA and the applicable SOW. Threatcare will be reimbursed for reasonable and customary expenses incurred in connection with the delivery of Services and Work Product, provided Threatcare has furnished such documentation for authorized expenses as Customer may reasonably request. Payment of Threatcare’s fees and expenses by Company under undisputed invoices will be due according to the terms set forth in the applicable SOW.

3. Threatcare’s Ownership and License

Threatcare shall own all right, title and interest in and to all Threatcare pre-existing property, Threatcare confidential information and all intellectual property rights therein.

4. Customer’s Ownership and License

Customer shall own all right, title and interest in and to Customer’s pre-existing property, confidential information and all intellectual property rights therein.

5. Confidentiality

Each party acknowledges that each party may develop or learn information that is confidential and proprietary to the other party, its vendors or its customers (“Confidential Information”). Each party agrees not to disclose the other party’s Confidential Information to any third party or otherwise to use such Information, directly or indirectly, except in connection with the performance of the Services and the delivery of the Work Product, without the prior written consent of the other party. Notwithstanding the foregoing, each party may disclose the other party’s Confidential Information to its employees and contractors who have a need to know in connection with the performance of the Services and the delivery of the Work Product and who are subject to terms of confidentiality no less restrictive than set forth in this Section 5 hereof; provided that the party disclosing the other party’s Confidential Information shall be liable for the breach of the terms of this Section 5 hereof by any of its employees, contractors or agents. Each party shall maintain the confidentiality of the Information with at least the same degree of care that it uses to protect its own most highly confidential information, but in any event, shall use at least commercially reasonable measures to protect the confidentiality of and avoid disclosure of the Confidential Information. Each party shall not disclose to the other party any confidential or proprietary information of any third party without the prior written consent of such third party. Each party shall return promptly to the other party the Confidential Information of the other party and all copies thereof upon completion or termination of the applicable SOW.

6. Data Protection

Threatcare will make best efforts to protect any data collected during its performance of Services on or related to Customer data and systems. Sensitive and confidential data will be encrypted at rest at all times, on computers that additionally use full disk encryption. During the course of performing the Services, Threatcare may access the personally identifiable information of Customer’s customers and employees, including but not limited to names, addresses, phone numbers, and email addresses (any such information referred to herein as “Personal Data”). Threatcare agrees: 1) to use any and all Personal Data solely for the purposes of performing the Services; to disclose the Personal Data to its employees and contractors only if they have a need to know in connection with the performance of the Services and the delivery of the Work Product and who are subject to terms of confidentiality no less restrictive than set forth in this Section 6 hereof; 3) to ensure that Threatcare’s transmission, handling, storage, use and eventual elimination of Personal Data will preserve its confidentiality; 4) that any Personal Data provided under this Agreement will not be released to any other party without Customer’s express written consent; 5) to implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, availability, and integrity of any Personal Data it accesses; 6) to comply with the requirements imposed by any applicable laws regarding privacy safeguards or information security laws, including data breach notification laws; and 7) in the event of any unauthorized access or disclosure, to immediately notify Customer and consult and cooperate with Customer concerning the proper response.

7. Warranty; Support

Each party represents and warrants that it has the authority to enter into this Agreement, that this Agreement constitutes its legal, valid, binding and enforceable agreement, that execution and performance of this Agreement does not breach any agreement of such party with any third party, or any duty arising in law or equity, and that execution and performance of this Agreement does not violate any law, rule or regulation applicable to it. Threatcare further represents, warrants, and covenants that all of the services rendered to Customer will be rendered using sound, professional practices and in a competent and professional manner by knowledgeable, trained and qualified personnel, and will conform to generally accepted industry standards and practices. EXCEPT FOR THE LIMITED WARRANTIES SET FORTH IN THIS SECTION 6 HEREOF, THE SERVICES AND WORK PRODUCT ARE PROVIDED “AS IS” AND THREATCARE EXPRESSLY DISCLAIMS ALL OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, WITH RESPECT TO THE SERVICES, WORK PRODUCT AND MATERIALS PROVIDED TO CUSTOMER UNDER THIS AGREEMENT, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY, QUALITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT AND WARRANTIES ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. WITHOUT LIMITATION TO THE FOREGOING, THREATCARE PROVIDES NO WARRANTY OR UNDERTAKING, AND MAKES NO REPRESENTATION OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, THAT THE SERVICES AND WORK PRODUCT WILL MEET CUSTOMER’S REQUIREMENTS, MEET ANY PERFORMANCE OR RELIABILITY STANDARDS OR BE ERROR FREE.

Threatcare agrees to provide the following support to Customer:

  1. For implementation projects, Threatcare will provide up to four (4) hours of follow-on support within ninety (90) days from the completion of the project.
  2. For commercial or open-source software, Customer should contact appropriate support channels for each. After the date which is ninety (90) days from the completion of the project, any additional work or support provided by Threatcare will require a new SOW.
  3. For writing engagements, Threatcare will make spelling, grammar and factual corrections within thirty (30) days of product completion.

8. Limited Liability

8.1 Threatcare’s total liability to Customer for any and all liabilities, claims or damages arising out of or relating to this Agreement, howsoever caused and regardless of the legal theory asserted, including breach of contract or warranty, tort, strict liability, statutory liability or otherwise, shall not, in the aggregate, exceed the amount actually paid to Threatcare, under this Agreement. The foregoing limitation shall not apply to actual damages incurred by Customer as a direct result of the criminal or fraudulent acts, gross negligence or willful misconduct of Threatcare or any of its employees.

8.2 Except for Threatcare’s breach of Section 4 hereof or Customer’s breach of Section 3 hereof, in no event shall either Threatcare or Customer be liable to the other for any special, indirect, incidental or consequential damages (including, but not limited to, lost profits, lost business opportunities, loss of use or equipment downtime, and loss of or corruption to data) arising out of or relating to this Agreement, regardless of the legal theory under which such damages are sought, and even if the parties have been advised of the possibility of such damages or loss.

9. Term and Termination.

9.1 This PSA will commence on the Effective Date and will continue until the one year anniversary thereof (the “Initial Term”). Upon expiration of the Initial Term, this PSA shall automatically renew for additional successive one year terms, unless either party provides written notice of nonrenewal at least thirty (30) days prior to the end of the then current term (together with the Initial Term, the “Term”).

9.2 Notwithstanding Section 9.1 hereof, either party may terminate this PSA, or any SOW, in whole or in part, for convenience upon thirty (30) days written notice to the other party. Immediately upon the effective date of any such termination, Threatcare will cease providing Services and stop the development of all Work Product, and Customer shall pay Threatcare for Services performed and Work Product completed prior to the termination date.

9.3 The rights and obligations contained in Sections 3, 4, 5, 6, 7, 8, 12, 14 and 15 will survive any termination or expiration of this PSA.

10. Key Assumptions

The parties agree that the following list of key assumptions apply to all SOWs completed under this PSA. Additional project-specific assumptions may be agreed upon between the parties in the individual SOWs.

Any changes to the scope of Services under any SOW must be reviewed by both parties to determine the effect of the change on the overall SOW. Changes to the SOW can result in additional time required to complete the implementation and additional costs. Changes to the scope of Services under any SOW shall not be effective unless and until agreed upon in writing by both parties.

The project team assigned by Customer will have the technical expertise and authority to execute all tasks assigned in Section 11 hereof.

A day is defined as eight (8) hours worked contiguously.

Threatcare is not responsible for delays or changes in scope caused by incorrect information provided by Customer, or by systems or network problems.

11. Customer Responsibilities.

11.1 Customer is responsible for promptly obtaining and providing any required consent for Threatcare to provide the Services under the SOWs. A “required consent” is defined as any consents or approvals required to allow Threatcare or its contractors the right or license to access, use and modify (including creating derivative works) the hardware, software, firmware and other products that Threatcare will use for the Services, and to enable Threatcare and its contractors to perform the Services set forth in the SOWs without infringing the ownership or license rights (including patent and copyright) of the providers or owners of such products. Customer will indemnify, defend and hold Threatcare, its affiliates and its contractors (collectively, the “Threatcare Indemnitees”), harmless from and against any and all claims, losses, liabilities and damages (including reasonable attorneys’ fees and costs) arising from or in connection with any claims (including patent and copyright infringement) made against the Threatcare Indemnitees, alleged to have occurred as a result of Customer’s failure to provide any required consents. Threatcare will be relieved of the performance of any obligations that may be affected by Customer’s failure to promptly provide any required consents to Threatcare.

11.2 The appointed Customer contact must have the authority to make project decisions and represent the Customer in all matters related to this Agreement. Customer’s project manager will provide a single consolidated response to any review, approval, change or decision request.

11.3 Customer’s staff will actively participate in the engagement contemplated by this Agreement and the SOWs, and Customer will ensure that individuals with relevant domain, business and technical expertise will be available as required. These Customer participants shall be the acknowledged spokespersons for the areas they represent, and the Threatcare project team will require regular and timely access to them. If these Customer participants are unable to attend a scheduled meeting, then Customer’s project manager must attend the meeting and becomes the final authority on all items of discussion. Customer’s staff will be prepared and available for training, documentation/deliverable handoffs and credential handoff.

11.4 Customer will provide access to facilities and computer systems as required for the Threatcare project team to perform tasks as outlined in the SOWs. For engagement activities that need to occur at Customer’s work locations, Customer shall make reasonable facilities accommodations, similar to those supplied to Customer’s employees, for Threatcare’s project team at such locations. These accommodations will include a private conference room, a projector, physical LAN access and required power.

11.5 Customer is responsible for, and assumes any risk associated with any problems resulting from the content, completeness, accuracy and consistency of any data, materials and information supplied by Customer.

12. Non-Solicitation

For a period of one (1) year following completion of each SOW, neither party shall solicit any then current employee of the other party to leave his or her employment with the other party to join the soliciting party; provided, however, that this Section 12 hereof shall not apply to a general solicitation not directed at the other party’s employees, or if the employee of the other party initiates the contact with the hiring party.

13. Independent Contractor

The parties agree that nothing in this Agreement shall be construed as creating a joint venture, partnership, franchise, agency, employer/employee, or similar relationship between the parties, or as authorizing either party to act as the agent of the other. Threatcare is and will remain an independent contractor in its relationship to Customer. Customer shall not be responsible for withholding taxes with respect to Threatcare’s compensation hereunder. Threatcare shall have no claim against Customer hereunder or otherwise for vacation pay, sick leave, retirement benefits, social security, worker’s compensation, health or disability benefits, unemployment insurance benefits, or employee or other benefits of any kind. Nothing in this Agreement shall create any obligation between either party and a third party.

14. Dispute Resolution

14.1 If any controversy, claim or dispute arising out of or relating to this Agreement, including the breach or interpretation of this Agreement or any SOW (collectively, a “Dispute”) is not resolved within thirty (30) days from the date that either party provides the other party with written notice of the existence thereof, then each party shall designate an executive who is authorized to investigate, negotiate and settle the Dispute. The executives shall exercise good faith efforts to settle the Dispute.  If the executives do not resolve the Dispute within thirty (30) days (or an extended period if they so agree), then the parties shall resolve the Dispute in accordance with this Section 14.2 hereof. No court or other action pertaining to a Dispute shall be pursued unless this dispute resolution procedure has been exhausted. Nonetheless, either party at any time may pursue equitable relief before any court of competent jurisdiction in order to protect its intellectual property rights or Confidential Information.

14.2 Any Dispute that is not resolved in accordance with Section 14.1 shall be determined by, and subject to the exclusive jurisdiction of, the federal and state courts in Texas in the districts that include Austin, Texas, and the parties agree to the personal and exclusive jurisdiction of these courts. The parties hereby agree that any such court shall be a proper forum for the determination of any dispute arising hereunder and waive any defenses based upon inconvenient forum or jurisdiction. EACH PARTY IRREVOCABLY AND UNCONDITIONALLY WAIVES, TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, ANY RIGHT IT MAY HAVE TO A TRIAL BY JURY IN ANY LEGAL ACTION, PROCEEDING, CAUSE OF ACTION OR COUNTERCLAIM ARISING OUT OF OR RELATING TO ANY CLAIM OR OTHERWISE IN CONNECTION WITH THIS AGREEMENT OR ANY SOW.

15. Miscellaneous

The parties agree that the complete agreement between the parties regarding the Services will consist of: 1) this PSA, 2) the applicable SOW and 3) any additional agreement signed by the parties related to this project. If there is a conflict between the agreements, this PSA will take precedence. This Agreement shall be governed and construed in accordance with the laws of the State of Texas without regard its conflict-of-laws rules. The parties disclaim the United Nations Convention on Contracts for the International Sale of Goods, which shall not apply to this Agreement, any SOW or the parties’ performance hereunder. In the event that any provision of this Agreement shall be adjudged illegal or otherwise unenforceable, such provision shall be severed and the balance of this Agreement shall continue in full force and effect. The waiver by a party of any breach of any provision of this Agreement shall not operate or be construed as a waiver of any other breach by such party. The rights and remedies of the parties hereunder shall not be exclusive, and are in addition to any of other rights provided by this Agreement or by law. In the event that either party institutes any legal suit, action or proceeding against the other party arising out of or relating to this Agreement or any SOW, the prevailing party in the suit, action or proceeding shall be entitled to receive in addition to all other damages to which it may be entitled, the costs incurred by such party in conducting the suit, action or proceeding, including reasonable attorneys’ fees and expenses and court costs.