Terms & Conditions

Effective Date: January 1, 2026

Last updated: March 19, 2026

1.1 Authorized User Means Customer’s employees, consultants, contractors, and agents: (i) who are authorized by Customer to access and use the Service under this Agreement; and (ii) for whom access to the Service has been purchased hereunder.

1.2 Company Account Data Means Personal Information that relates to Company’s relationship with Customer, including the names and contact information of Authorized Users and any other data Company collects for the purpose of managing its relationship with Customer, identity verification, or as otherwise required by applicable laws, rules, or regulations.

1.3 “Company IP” means the Service, the Documentation, and any and all intellectual property provided to Customer or any Authorized User in connection with the foregoing. For the avoidance of doubt, Company IP includes Company Usage Data, and any information, data, or other content derived from Company’s provision of the Service, but does not include Customer Data.

1.4 Customer Data Means information, data, and other content, in any form or medium, that is submitted, posted, or otherwise transmitted by or on behalf of Customer or an Authorized User through the Service; provided that Customer Data does not include Company Account Data or Company Usage Data.

1.5 Documentation Means Company’s end-user documentation relating to the Service, as updated from time to time.

1.6 Harmful Code Means any software, hardware, or other technology, device, or means, including any virus, worm, malware, or other malicious computer code, the purpose or effect of which is to permit unauthorized access to, or to destroy, disrupt, disable, distort, or otherwise harm or impede in any manner any (i) computer, software, firmware, hardware, system, or network; or (ii) any application or function of any of the foregoing or the security, integrity, confidentiality, or use of any data processed thereby.

1.7 Order Form Means a written order form for Service(s) executed by both parties that incorporates this Agreement by reference.

1.8 Personal Information Means any information that, individually or in combination, does or can identify a specific individual, including without limitation all data considered “personal data,” “personally identifiable information,” or something similar under applicable data privacy laws, rules, or regulations.

1.9 Sensitive Data Means: (i) special categories of data enumerated in EU Regulation 2016/679, Article 9(1) or any successor legislation; (ii) protected health information as defined under HIPAA; (iii) payment cardholder information or financial account information, including bank account numbers; (iv) social security numbers, national ID numbers, passport numbers, driver’s license numbers, or other government-issued identification numbers; (v) other information subject to regulation under laws such as COPPA or GLBA; or (vi) any data similarly protected under applicable laws, including the Saudi Arabian Personal Data Protection Law (“PDPL”) or UAE Federal Decree-Law No. 45 of 2021.

1.10 Service Means Company’s AI-powered autonomous penetration testing platform and any related products and/or services specified in applicable Order Form(s), as made available to Authorized Users from time to time.

1.11 Subscription Period Means the time period identified on the applicable Order Form during which Customer’s Authorized Users may access and use the Service.

1.12 Third Party Integrations Means any third-party products provided with, integrated with, or incorporated into the Service.

1.13 Company Usage Data Means usage data collected and processed by Company in connection with Customer’s use of the Service, including without limitation data used to identify the source and destination of a communication, activity logs, and data used to optimize and maintain performance of the Service, and to investigate and prevent system abuse.

1.14 Usage Limitations Means the usage limitations set forth in this Agreement and the applicable Order Form, including without limitation any limitations on the number of Authorized Users and the applicable product, pricing, and support tiers agreed upon by the parties.

2.1 Order Forms; Access to the Service Upon mutual execution, each Order Form shall be incorporated into and form a part of the Agreement. Subject to Customer’s compliance with the terms and conditions of this Agreement (including any Usage Limitations and restrictions set forth on the applicable Order Form), Company grants Customer a nonexclusive, limited, personal, nonsublicensable, nontransferable (except in compliance with Section 14) right and license to internally access and use the Service during the applicable Subscription Period for Customer’s internal business purposes only, as provided herein and in accordance with the Documentation. Use of the Service is limited to the features and functionalities specified in the Order Form. Each Authorized User must have its own unique account, and Authorized Users may not share account credentials with one another or any third party. Customer will be responsible for all acts and omissions of its Authorized Users in connection with this Agreement and for all use of Authorized Users’ accounts.

2.2 Use Restrictions Except as expressly set forth in this Agreement, Customer shall not (and shall not permit any third party to), directly or indirectly: (i) reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code, object code, or underlying structure, ideas, or algorithms of the Service (except to the extent applicable laws specifically prohibit such restriction); (ii) modify, translate, or create derivative works based on the Service; (iii) copy, rent, lease, distribute, pledge, assign, sublicense, publish, or otherwise transfer or encumber rights to the Service; (iv) use the Service for the benefit of a third party or make the Service available to any third party; (v) remove or otherwise alter any proprietary notices or labels from the Service or any portion thereof; (vi) use the Service to build an application or product that is competitive with any Company product or service; (vii) interfere or attempt to interfere with the proper working of the Service or any activities conducted on the Service; (viii) bypass any measures Company may use to prevent or restrict access to the Service; (ix) use the Service to conduct penetration testing, vulnerability assessments, or security operations against any systems, networks, or infrastructure for which Customer does not hold explicit written authorization from the relevant system owner; or (x) use the Service for any activity where use or failure of the Service could lead to death, personal injury, or environmental damage, including life support systems, emergency services, nuclear facilities, autonomous vehicles, or air traffic control. Customer is responsible for all of Customer’s activity in connection with the Service and shall use the Service in compliance with all applicable local, state, national, and foreign laws, treaties, and regulations, including those related to data privacy, cybersecurity, export controls, and the transmission of technical or personal data.

2.3 Suspension Notwithstanding anything to the contrary in this Agreement, Company may temporarily suspend Customer’s and any Authorized User’s access to any portion or all of the Service if Company reasonably determines that: (a) there is a threat or attack on any Company Service; (b) Customer’s or any Authorized User’s use of the Service disrupts or poses a security risk to the Service or to any other customer or vendor of Company; (c) Customer or any Authorized User is using the Service for fraudulent, illegal, or unauthorized activities, including unauthorized penetration testing of third-party systems; (d) subject to applicable law, Customer has ceased to continue its business in the ordinary course, made an assignment for the benefit of creditors, or become the subject of any bankruptcy, reorganization, liquidation, dissolution, or similar proceeding; (e) Company’s provision of the Service to Customer or any Authorized User is prohibited by applicable law; (f) any Customer Data submitted through the Service may infringe or otherwise violate any third party’s intellectual property or other rights; or (g) Customer’s account is more than ten (10) days past due (collectively, a “Service Suspension”). Company shall use commercially reasonable efforts to provide written notice of any Service Suspension to Customer and to provide updates regarding resumption of access following any Service Suspension. Company shall use commercially reasonable efforts to resume providing access to the Service as soon as reasonably possible after the event giving rise to the Service Suspension is cured. Company will have no liability for any damage, liabilities, losses (including any loss of data or profits), or any other consequences that Customer or any Authorized User may incur as a result of a Service Suspension.

3.1 Authorized Users; Customer Systems Customer is responsible and liable for all uses of the Service and Documentation resulting from access provided by Customer, directly or indirectly, whether such access or use is permitted by or in violation of this Agreement. Without limiting the generality of the foregoing, Customer is responsible for all acts and omissions of Authorized Users, and any act or omission by an Authorized User that would constitute a breach of this Agreement if taken by Customer will be deemed a breach of this Agreement by Customer. Customer shall use reasonable efforts to make all Authorized Users aware of this Agreement’s provisions as applicable to such Authorized User’s use of the Service and shall cause Authorized Users to comply with such provisions. Further, Customer has and will retain sole responsibility for: (i) all information, instructions, and materials provided by or on behalf of Customer or any Authorized User in connection with the Service; (ii) Customer’s information technology infrastructure, including computers, software, databases, electronic systems, and networks, whether operated directly by Customer or through the use of third-party platforms or service providers (“Customer Systems”); (iii) the security and use of Customer’s and its Authorized Users’ access credentials; and (iv) all access to and use of the Service directly or indirectly by or through the Customer Systems or its Authorized Users’ access credentials, with or without Customer’s knowledge or consent, including all results obtained from, and all conclusions, decisions, and actions based on, such access or use.

3.2 License and Control of Customer Data Customer shall retain all right, title, and interest in and to the Customer Data, including all intellectual property rights therein. Customer, not Company, shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness, and intellectual property ownership or right to use of all Customer Data. Customer represents and warrants that it has all rights necessary to provide the Customer Data to Company as contemplated hereunder without any infringement, violation, or misappropriation of any third-party rights (including intellectual property rights and rights of privacy). Customer hereby grants to Company a non-exclusive, royalty-free, worldwide license to reproduce, distribute, and otherwise use and display the Customer Data and perform all acts with respect to the Customer Data as may be necessary for Company to provide the Service, and a non-exclusive, perpetual, irrevocable, royalty-free, worldwide license to reproduce, distribute, modify, and otherwise use and display Customer Data incorporated within the Company Account Data and Company Usage Data.

3.3 Third Party Integrations Customer acknowledges and agrees that (i) the Service may operate on, with, or using Third Party Integrations; (ii) the availability and operation of the Service or certain portions thereof may be dependent on Company’s ability to access such Third Party Integrations; and (iii) Customer’s failure to provide adequate access or any retraction of permissions relating to such Third Party Integrations may result in a suspension or interruption of the Service.

3.4 Open Source Components Certain aspects of the Service may contain or be distributed with open source software code or libraries (“Open Source Components”). To the extent required by the license applicable to such Open Source Components: (i) Company will use reasonable efforts to deliver to Customer any notices or other materials (such as source code); and (ii) the terms of such licenses will apply to such Open Source Components in lieu of the terms of this Agreement. To the extent the terms of such licenses prohibit any of the restrictions in this Agreement with respect to any particular Open Source Component, such restrictions will not apply to such Open Source Component. For purposes of clarity, Open Source Components are Third Party Integrations as defined in this Agreement.

4.1 Implementation Upon payment of any applicable fees set forth in each Order Form, Company agrees to use reasonable commercial efforts to provide standard implementation assistance for the Service only if and to the extent such assistance is set forth on such Order Form (“Implementation Assistance”). If Company provides Implementation Assistance in excess of any agreed-upon hours estimate, or if Company otherwise provides additional services beyond those agreed in an Order Form, Customer will pay Company at its then-current hourly rates for consultation.

4.2 Support; Service Levels During the Subscription Period, subject to Customer’s payment of all applicable fees, Company will use commercially reasonable efforts to provide support, maintenance, and uptime for each Service in accordance with the support package selected by Customer on the applicable Order Form (if any).

4.3 Service Updates From time to time, Company may provide upgrades, patches, enhancements, or fixes for the Services to its customers generally without additional charge (“Updates”), and such Updates will become part of the Services and subject to this Agreement; provided that Company shall have no obligation under this Agreement or otherwise to provide any such Updates. Customer understands that Company may make improvements and modifications to the Services at any time in its sole discretion; provided that Company shall use commercially reasonable efforts to give Customer reasonable prior notice of any major changes.

5.1 Fees Customer shall pay Company fees as set forth in each Order Form (“Fees”) at the cadence identified in the Order Form. Unless otherwise specified in an Order Form, all Fees shall be invoiced annually in advance and all invoices issued under this Agreement are payable in U.S. dollars within thirty (30) days from date of invoice. All Fees and other amounts payable by Customer under this Agreement are exclusive of taxes and similar assessments. Customer is responsible for all sales, use, and excise taxes, and any other similar taxes, duties, and charges of any kind imposed by any federal, state, or local governmental or regulatory authority on any amounts payable by Customer hereunder, other than any taxes imposed on Company’s income. All Fees paid are non-refundable and are not subject to set-off or deduction. If Customer fails to make any payment when due, and Customer has not notified Company in writing within ten (10) days of the payment becoming due that the payment is subject to a good faith dispute, without limiting Company’s other rights and remedies: (i) Company may charge interest on the undisputed past-due amount at the rate of 1.5% per month, calculated daily and compounded monthly, or if lower, the highest rate permitted under applicable law; (ii) Customer shall reimburse Company for all reasonable costs incurred by Company in collecting any late payments or interest, including attorneys’ fees, court costs, and collection agency fees; and (iii) if such failure continues for ten (10) days or more, Customer may be subject to a Service Suspension in accordance with Section 2.3 until such past-due amounts are paid in full.

5.2 Overages If Customer exceeds any Authorized User or usage limitations set forth on an Order Form, then (i) Company shall invoice Customer for such additional users or usage at the overage rates set forth on the Order Form (or if no overage rates are set forth on the Order Form, at Company’s then-current standard overage rates), in each case on a pro-rata basis from the first date of such excess usage through the end of the applicable Subscription Period, and (ii) if the Subscription Period renews, such renewal shall include the additional fees for such excess Authorized Users and usage.

6.1 Definition From time to time during the Term, either party may disclose or make available to the other party information about its business affairs, products, confidential intellectual property, trade secrets, third-party confidential information, and other sensitive or proprietary information, whether orally or in written, electronic, or other form or media that: (i) is marked, designated, or otherwise identified as “confidential” or something similar at the time of disclosure or within a reasonable period of time thereafter; or (ii) would be considered confidential by a reasonable person given the nature of the information or the circumstances of its disclosure (collectively, “Confidential Information”). Except for Personal Information, Confidential Information does not include information that, at the time of disclosure, is: (a) in the public domain; (b) known to the receiving party at the time of disclosure; (c) rightfully obtained by the receiving party on a non-confidential basis from a third party; or (d) independently developed by the receiving party without use of, reference to, or reliance upon the disclosing party’s Confidential Information.

6.2 Duty of Confidentiality The receiving party shall not use the disclosing party’s Confidential Information except to perform its obligations and exercise its rights hereunder, nor shall it disclose the disclosing party’s Confidential Information to any person or entity, except to the receiving party’s employees, contractors, and agents who have a need to know the Confidential Information (“Representatives”). The receiving party will be responsible for all acts and omissions of its Representatives as they relate to Confidential Information hereunder. Notwithstanding the foregoing, each party may disclose Confidential Information to the limited extent required (A) in order to comply with the order of a court or other governmental body, or as otherwise necessary to comply with applicable law, provided that the party making the disclosure shall, if legally permitted, first have given written notice to the other party and made a reasonable effort to obtain a protective order; or (B) to establish a party’s rights under this Agreement, including to make required court filings. Further, each party may disclose the terms and existence of this Agreement to its actual or potential investors, debtholders, acquirers, or merger partners under customary confidentiality terms.

6.3 Equitable Relief Each party acknowledges and agrees that a breach or threatened breach by such party of any of its obligations under Section 6 would cause the other party irreparable harm for which monetary damages would not be an adequate remedy and agrees that, in the event of such breach or threatened breach, the other party will be entitled to equitable relief, including a restraining order, an injunction, specific performance, and any other relief that may be available from any court, without any requirement to post a bond or other security, or to prove actual damages or that monetary damages are not an adequate remedy. Such remedies are not exclusive and are in addition to all other remedies that may be available at law, in equity, or otherwise.

6.4 Effect of Termination or Expiration Upon expiration or termination of the Agreement, the receiving party shall promptly return to the disclosing party all copies, whether in written, electronic, or other form or media, of the disclosing party’s Confidential Information, or destroy all such copies and, upon the disclosing party’s request, certify in writing that such Confidential Information has been destroyed. Each party’s obligations of non-use and non-disclosure with regard to Confidential Information are effective as of the Effective Date and will expire three (3) years from the date of termination or expiration of this Agreement; provided, however, with respect to any Confidential Information that constitutes a trade secret (as determined under applicable law), such obligations of non-disclosure will survive the termination or expiration of this Agreement until such Confidential Information is no longer considered a trade secret under applicable law through no wrongful act or omission of the receiving party.

7.1 Security Measures Company shall use commercially reasonable efforts to maintain the security and integrity of the Service and the Customer Data, including implementing appropriate technical and organizational safeguards consistent with industry standards for cybersecurity services. Customer is responsible for the use of the Service by any person to whom Customer has given access to the Service, even if Customer did not authorize such use.

7.2 Processing of Personal Information Company’s rights and obligations with respect to Personal Information that it collects directly from individuals are set forth in Company’s Privacy Policy available at www.nuasecurity.com/privacy-policy. In the event and to the extent that Customer is a controller or processor of Personal Data that is subject to applicable Data Protection Laws, the Data Processing Addendum available at www.nuasecurity.com/dpa (the “DPA”) is hereby included and incorporated into this Agreement. To the extent that the Customer Data includes any Personal Information, (i) Company will process, retain, use, and disclose such Personal Information only as necessary to provide the Services hereunder and as otherwise permitted under this Agreement; (ii) Company agrees not to sell such Personal Information or to retain, use, or disclose such Personal Information for any commercial purpose other than providing the Services; and (iii) Company understands its obligations under applicable data protection laws and will comply with them. In the event of a confirmed personal data breach affecting Customer Data, Company shall notify Customer without undue delay and in any event within seventy-two (72) hours of becoming aware of such breach, and shall cooperate with Customer to investigate and remediate such breach.

7.3 No Sensitive Data Notwithstanding the foregoing, Customer acknowledges and agrees that: (i) the Service is not designed to store Sensitive Data; and (ii) Customer will not use the Service to store Sensitive Data and will not submit, post, or otherwise transmit any Customer Data that includes or constitutes Sensitive Data through the Services.

7.4 Company Account Data and Company Usage Data Notwithstanding anything to the contrary in this Agreement, Company may process Company Account Data and Company Usage Data: (i) to manage the relationship with Customer; (ii) to carry out Company’s core business operations, such as accounting, audits, tax preparation, and compliance purposes; (iii) to monitor, investigate, prevent, and detect fraud, security incidents, and other misuse of the Service, and to prevent harm to Company, Customer, and Company’s other customers; (iv) for identity verification purposes; and (v) to comply with applicable laws, rules, and regulations relating to the processing and retention of Personal Information. Company may also process Company Usage Data to monitor, maintain, and optimize the Service. As between Company and Customer, all right, title, and interest in and to such Company Usage Data is owned solely and exclusively by Company.

7.5 GCC Data Protection To the extent that Customer Data includes Personal Information of individuals located in the Kingdom of Saudi Arabia, the United Arab Emirates, or other Gulf Cooperation Council (“GCC”) member states, the following additional terms apply:

(a) Saudi Arabia: Company shall process Personal Information of Saudi residents in compliance with the Saudi Arabian Personal Data Protection Law (PDPL) and its Implementing Regulations. Customer acknowledges that the PDPL grants Saudi residents rights including the right to access, correct, and request deletion of their Personal Information. Company shall cooperate with Customer to fulfill such requests within the timeframes required under applicable Saudi law. Where required by Saudi law or the relevant regulatory authority (SDAIA), Personal Information of Saudi residents shall be stored within the Kingdom of Saudi Arabia or in jurisdictions that provide an adequate level of data protection as recognized by SDAIA.

(b) United Arab Emirates: Company shall process Personal Information of UAE residents in compliance with UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection and its implementing regulations. Customer acknowledges that UAE residents have rights including the right to access, rectify, and erase their Personal Information. Company shall cooperate with Customer to fulfill such requests within the timeframes required under applicable UAE law.

(c) Cross-Border Transfers: Any transfer of Personal Information from GCC member states to other jurisdictions shall be conducted in accordance with the applicable data transfer requirements of the relevant GCC data protection laws, including through the use of appropriate contractual safeguards or other approved transfer mechanisms.

As between the parties, Company reserves all rights in Company IP not expressly granted to Customer in this Agreement, and retains all right, title, and interest in and to the Services, and all software, products, works, and other intellectual property and moral rights related thereto or created, used, or provided by Company for the purposes of this Agreement, including any copies and derivative works of the foregoing. Any software which is distributed or otherwise provided to Customer hereunder shall be deemed a part of the Services and subject to all of the terms and conditions of this Agreement. No rights or licenses are granted, including by implication, waiver, estoppel, or otherwise, except as expressly and unambiguously set forth in this Agreement. Customer or any of its employees or contractors may (but is not obligated to) provide suggestions, comments, or other feedback to Company with respect to the Service (“Feedback”). Company acknowledges and agrees that all Feedback is provided “AS IS” and without warranty of any kind. Customer shall, and hereby does, grant to Company a nonexclusive, worldwide, perpetual, irrevocable, transferable, sublicensable, royalty-free, fully paid-up license to use and exploit the Feedback for any purpose.

This Agreement shall commence upon the Effective Date of the first Order Form and, unless earlier terminated in accordance herewith, shall last until the expiration of all Order Form Subscription Periods (the “Term”). For each Order Form, unless otherwise specified therein, the Subscription Period shall begin as of the effective date set forth on such Order Form and shall continue for the initial Subscription Period. Any renewal of such Order Form shall be mutually agreed to by the parties pursuant to a new Order Form. In the event of a material breach of this Agreement by either party, the non-breaching party may terminate this Agreement by providing written notice to the breaching party, provided that the breaching party does not materially cure such breach within thirty (30) days of receipt of such notice. Company may terminate this Agreement, effective on written notice to Customer, if Customer: (i) fails to pay any amount when due hereunder, and such failure continues more than ten (10) calendar days after Company’s delivery of written notice thereof; or (ii) breaches any of its obligations under Sections 2.2 or 6. All provisions of this Agreement which by their nature should survive termination shall survive termination, including, without limitation, accrued payment obligations, ownership provisions, warranty disclaimers, indemnity, and limitations of liability. For clarity, any services provided by Company to Customer in connection with the termination of this Agreement, including any assistance in exporting Customer Data, shall be billable at Company’s standard rates then in effect.

10.1 Company Indemnification Company shall indemnify, defend, and hold harmless Customer from and against any and all losses, damages, liabilities, costs (including reasonable attorneys’ fees) (“Losses”) incurred by Customer resulting from any claim, suit, action, or proceeding brought by an unaffiliated third party (“Third Party Claim”) against Customer alleging that the Service, or any use of the Service in accordance with this Agreement, infringes or misappropriates such third party’s intellectual property rights; provided that Customer promptly notifies Company in writing of the claim, cooperates with Company, and allows Company sole authority to control the defense and settlement of such claim; provided however, that Company may not settle any Third Party Claim against Customer that imposes any financial or other obligation on Customer or includes any admission of wrongdoing or liability by the Customer unless Customer consents to such settlement in writing. If such a claim is made or appears possible, Customer agrees to permit Company, at Company’s sole discretion: to (i) modify or replace the Service, or component or part thereof, to make it non-infringing; or (ii) obtain the right for Customer to continue use. If Company determines that neither alternative is reasonably commercially available, Company may terminate this Agreement, effective immediately on written notice to Customer, and shall provide Customer a prorated refund of any prepaid Fees applicable to the terminated Subscription Period. This Section 10.1 will not apply to the extent that the alleged infringement arises from: (a) use of the Service in combination with data, software, hardware, equipment, or technology not provided or authorized by Company in writing; (b) modifications to the Service not made by Company; (c) Customer Data; or (d) Third Party Integrations.

10.2 Customer Indemnification Customer shall indemnify, hold harmless, and, at Company’s option, defend Company from and against any Losses resulting from any Third Party Claim alleging that the Customer Data, or any use of the Customer Data in accordance with this Agreement, infringes or misappropriates such third party’s intellectual property or other rights, and any Third Party Claims based on Customer’s or any Authorized User’s: (i) use of the Service in a manner not authorized by this Agreement; (ii) use of the Service in combination with data, software, hardware, equipment, or technology not provided or authorized by Company in writing; or (iii) use of the Service to conduct security assessments or penetration testing against any systems or networks without explicit written authorization from the relevant system owner. Customer may not settle any Third Party Claim against Company that imposes any financial or other obligation on Company or includes any admission of wrongdoing or liability by the Company unless Company consents to such settlement in writing. Company will have the right, at its option, to defend itself against any such Third Party Claim or to participate in the defense thereof at its own expense by counsel of its own choice.

10.3 Sole Remedy THIS SECTION 10 SETS FORTH CUSTOMER’S SOLE REMEDIES AND COMPANY’S SOLE LIABILITY AND OBLIGATION FOR ANY ACTUAL, THREATENED, OR ALLEGED CLAIMS THAT THE SERVICES INFRINGE, MISAPPROPRIATE, OR OTHERWISE VIOLATE ANY INTELLECTUAL PROPERTY RIGHTS OF ANY THIRD PARTY.

Company warrants that the Service will be performed in a professional and workmanlike manner and will substantially comply in all material respects with the Documentation. Any warranty claim under this Section 11 must be made in writing within thirty (30) days after performance of the nonconforming Service. Company’s sole obligation and Customer’s exclusive remedy in respect thereof is to reperform the nonconforming Service or, at Company’s sole discretion, to terminate this Agreement in respect of the nonconforming Service and refund to Customer a prorated portion of the Fees paid therefor.

EXCEPT AS EXPRESSLY SET FORTH HEREIN, THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES IMPLIED BY ANY COURSE OF PERFORMANCE, USAGE OF TRADE, OR COURSE OF DEALING, ALL OF WHICH ARE EXPRESSLY DISCLAIMED. COMPANY MAKES NO WARRANTY OF ANY KIND THAT THE SERVICE, OR ANY PRODUCTS OR RESULTS OF THE USE THEREOF, WILL MEET CUSTOMER’S OR ANY OTHER PERSON’S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM, OR OTHER PLATFORM, OR BE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE, OR ERROR FREE. THE RESULTS OF PENETRATION TESTING AND SECURITY ASSESSMENTS PROVIDED THROUGH THE SERVICE ARE FOR INFORMATIONAL PURPOSES ONLY; COMPANY MAKES NO WARRANTY THAT SUCH RESULTS ARE EXHAUSTIVE OR THAT ALL VULNERABILITIES HAVE BEEN IDENTIFIED.

EXCEPT FOR THE PARTIES’ INDEMNIFICATION OBLIGATIONS, FOR CUSTOMER’S BREACH OF SECTION 2 HEREOF, OR A PARTY’S BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREUNDER, IN NO EVENT SHALL EITHER PARTY, NOR ITS DIRECTORS, EMPLOYEES, AGENTS, PARTNERS, SUPPLIERS, OR CONTENT PROVIDERS, BE LIABLE UNDER CONTRACT, TORT, STRICT LIABILITY, NEGLIGENCE, OR ANY OTHER LEGAL OR EQUITABLE THEORY WITH RESPECT TO THE SUBJECT MATTER OF THIS AGREEMENT (I) FOR ANY LOST PROFITS, DATA LOSS, COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR SPECIAL, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES OF ANY KIND WHATSOEVER, REGARDLESS OF WHETHER CUSTOMER WAS ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE; OR (II) FOR ANY DIRECT DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEEDING, IN THE AGGREGATE, THE FEES PAID OR PAYABLE BY CUSTOMER TO COMPANY IN THE TWELVE (12) MONTHS PRIOR TO THE EVENT GIVING RISE TO A CLAIM HEREUNDER.

Nuasecurity, Inc. values the contributions of the security research community. If you believe you have discovered a security vulnerability in any Company product, platform, or system, please report it to our Security Team at: security@nuasecurity.com. Please include as much detail as possible, including steps to reproduce the issue, its potential impact, and any supporting evidence. Company commits to reviewing every submission thoughtfully and working in good faith with the reporting party to understand and address any confirmed vulnerabilities. Company does not currently operate a formal bug bounty program and does not offer monetary compensation for vulnerability disclosures; however, Company will acknowledge collaborators where appropriate and with their consent. Company requests that security researchers act responsibly and refrain from accessing, modifying, or disclosing data beyond what is strictly necessary to demonstrate the reported vulnerability, and from taking any action that could cause harm to Company’s systems, customers, or data.

This Agreement (including all Order Forms) represents the entire agreement between Customer and Company with respect to the subject matter hereof, and supersedes all prior or contemporaneous communications and proposals (whether oral, written, or electronic) between Customer and Company with respect thereto. In the event of any conflict between these Terms and an Order Form, the Order Form shall control. The Agreement shall be governed by and construed in accordance with the laws of the State of Delaware, excluding its conflicts of law rules, and the parties consent to exclusive jurisdiction and venue in the state and federal courts located in Wilmington, Delaware. All notices under this Agreement shall be in writing and shall be deemed to have been duly given when received, if personally delivered or sent by certified or registered mail, return receipt requested; when receipt is electronically confirmed, if transmitted by e-mail; or the day after it is sent, if sent for next day delivery by recognized overnight delivery service. Notices must be sent to the contacts for each party set forth on the applicable Order Form. Either party may update its notice address by giving notice in accordance with this section. Except as otherwise provided herein, any provision of this Agreement may be amended or waived only by a writing executed by an authorized representative of both parties. Except for payment obligations, neither party shall be liable for any failure to perform its obligations hereunder where such failure results from any cause beyond such party’s reasonable control, including, without limitation, fire, flood, severe weather, earthquake, vandalism, accidents, sabotage, power failure, denial of service attacks or similar attacks, Internet failure, acts of God, acts of war, acts of terrorism, riots, civil or public disturbances, strikes, lock-outs, or labor disruptions, or any laws, orders, rules, regulations, acts, or restraints of any government or governmental body or authority, civil or military, including the orders and judgments of courts. Neither party may assign any of its rights or obligations hereunder without the other party’s prior written consent; provided that (i) either party may assign all of its rights and obligations hereunder without such consent to a successor-in-interest in connection with a sale of substantially all of such party’s business relating to this Agreement, and (ii) Company may utilize subcontractors in the performance of its obligations hereunder. Customer agrees that Company may use Customer’s name and logo to refer to Customer as a customer of Company on its website and in marketing materials; Company shall use such name and logo in accordance with any reasonable brand guidelines provided in writing by Customer. No agency, partnership, joint venture, or employment relationship is created as a result of this Agreement, and neither party has any authority of any kind to bind the other in any respect. In any action or proceeding to enforce rights under this Agreement, the prevailing party shall be entitled to recover costs and reasonable attorneys’ fees. If any provision of this Agreement is held to be unenforceable for any reason, such provision shall be reformed only to the extent necessary to make it enforceable. The failure of either party to act with respect to a breach of this Agreement by the other party shall not constitute a waiver and shall not limit such party’s rights with respect to such breach or any subsequent breaches.