Legal Information

DEFINITIONS

1. "Affiliate" means (i) any entity controlled, directly or indirectly, by any Party; (ii) any entity that controls, directly or indirectly, such Party, or (iii) any entity directly or indirectly under common control with any Party. For these purposes "control" means ownership of a majority of the voting rights of that entity or Party or the power to direct the management and policies of that entity or Party, whether through the ownership of voting capital, by contract or otherwise.
2. “Aggregate Data” means information or data derived from Customer’s use of the Cloud Service; provided that it: (a) is not identifiable to any person or entity, (b) is compiled with data from other Fortanix customers such that Customer’s identity cannot be inferred, (c) does not contain Customer’s Confidential Information, and (d) is not distributed or otherwise conveyed in a context that identifies Customer’s identity.
3. “Authorized Users” means individuals for whom Customer has purchased a subscription to the Cloud Service and who are authorized by Customer to use the Cloud Service. Authorized Users may include but are not limited to Customer’s employees, affiliates, contractors and agents. Each Authorized User will be associated with a single, unique email address for the purposes of accessing (and being identified within) the Cloud Service.
4. “Business Contact Information” or “BCI” means business contact data containing personal information (e.g. first and last name, business phone numbers, emails and addresses) of Customer’s (including its affiliates, sublicensees’, agents’ and/or third-party consultants’, and contractors’ ) employees, or of any Authorized User (collectively, “Customer Representatives”), and whose use, processing or transfer is regulated by applicable data protection and privacy laws or regulations as ‘personal data’. Business Contact Information does not include Customer Data.
5. “Cloud Service(s)” means the Fortanix cloud service offering in which Customer is provided access to or specified in the Purchase Order. 
6. “Customer Data” means Customer’s data or information that transits or operated upon in any manner by Customer as part of its use of the Cloud Service (if any), including any computational results that Customer or any Authorized User obtains through its use of the Cloud Service (such as Keys), but explicitly excluding any Business Contact Information.
7. “Documentation” means Fortanix’ then-current documentation for the Cloud Service that is published online at https://support.fortanix.com/.  
8. “Fees” means the fee specified in a Purchase Order, which fee is required to be paid by Customer in Purchase Order for Customer to use the Cloud Service as permitted herein. 
9. “Intellectual Property Rights” means any intellectual property in any jurisdiction throughout the world, including any (i) trademarks, service marks, Internet domain names, logos, trade dress, trade names, and any other indicia of source, and all goodwill associated therewith and symbolized thereby; (ii) patents, patent applications and patent disclosures, and inventions and discoveries (whether patentable or not); (iii) processes, technologies, trade secrets, and “know-how”; (iv) copyrights and copyrightable works, moral rights, and mask works; (v) software and software systems (including data, source code, object code, databases and related items such as documentation); and (vi) registrations and applications for any of the foregoing. 
10. “Key” means a cryptographic key created and/or managed by the Key management Cloud Service. 
11. “Purchase Order” means a Purchase Ordering document which specifies details about the Cloud Service, Fees and any other details relating to the purchase of an entitlement to a Cloud Service.
12. “Security Credentials” means any and all information created or provided by Customer or any Authorized User to access the Cloud Service, including but not limited to usernames or other credentials. Security Credentials that comprise personal information (e.g., first and last name, phone numbers, emails and addresses) are considered Business Contact Information. 
13. “Service Level Agreement” means the service level agreement for the particular Cloud Service as set forth as part of the product description for such Cloud Service or which can be found at: www.fortanix.com/legal/fortanix-cloud-tos/sla. 
14. “Term” has the meaning ascribed to the term in Section 10.1 (Term). 

1. Cloud Service. Subject to the Customer’s compliance with this Agreement, Fortanix will provide Customer access to the Cloud Service as described herein, in the Service Level Agreement and on the applicable Purchase Order. Customer may access and use the Cloud Service solely for its internal business purposes and in accordance with the Documentation. Only Authorized Users may access or use the Cloud Service under Customer’s account. Authorized User subscriptions cannot be shared or used by more than one individual but may be permanently reassigned to new Authorized Users. Customer agrees that Customer’s purchase of subscriptions for the Cloud Service hereunder is neither contingent on the delivery of any future functionality or features nor dependent on any oral or written comments made by Fortanix regarding future functionality or features.
2. Cloud Service Restrictions. Customer shall not (and shall not allow or enable anyone else to): (a) make the Cloud Service available to anyone other than Authorized Users; (b) copy, modify or distribute any portion of the Cloud Service or create derivative works therefrom; (c) rent, lease, assign, or provide access to the Cloud Service on a time-share or service bureau basis; (d) reverse engineer, decompile or disassemble any part of the Cloud Service; (e) sell, resell, assign, rent or lease the Cloud Service; (f) use the Cloud Service to store or transmit viruses, worms, time bombs, Trojan horses and other harmful or malicious code, files, scripts, agents or programs; (g) interfere with or disrupt the integrity or performance of the Cloud Service or impair any other party’s use of the Cloud Service; (h) attempt to gain unauthorized access to the Cloud Service or any related systems or networks; (i) export the Cloud Service or the underlying technology in contravention of applicable U.S. and other applicable foreign export laws and regulations; (j) repackage, redistribute, or sell the Cloud Service as its own product under its own name and branding or under any other name or branding; (k) access the Cloud Service in order to build a competitive product or service or to copy any features, functions or graphics thereof; (l) use the Cloud Service to violate the rights of others; or (m) transfer any of its rights hereunder.
3. Acceptable Use Policies. Customer will not use the Cloud Service to store or transmit any content or material that: (a) is or may be infringing, libelous, or otherwise unlawful or tortious material, (b) may create a risk of harm or loss or constitute or contribute to a crime or a tort, (c) may create a risk of harm to any person or property, (d) may be illegal, unlawful, harmful, defamatory, infringing or invasive of any privacy or publicity rights, (e) is or may be infringing of any other party’s Intellectual Property Rights, or (f) is otherwise prohibited as specified in this Agreement. Notwithstanding the above, Customer acknowledges and agrees that Fortanix does not have access to any Customer Data or any other data transmitted through the Cloud Service, and that Fortanix will not be responsible for the content of any such communications or transmissions. Customer and its Authorized Users will use the Cloud Service exclusively for authorized and legal purposes, consistent with all applicable laws and regulations. Customer will keep confidential and not disclose to any third parties and will ensure that Authorized Users keep confidential and do not disclose to any third parties, any user identifications, account numbers and account profiles.
4. Limited Rights. The Customer’s rights to use the Cloud Service will be limited to those expressly granted in this Agreement. Fortanix reserves all rights and licenses in and to the Cloud Service not expressly granted to Customer under this Agreement.
5. Customer’s Responsibilities. The Customer will: (a) be responsible for meeting Fortanix’ applicable minimum system requirements for access to or use of the Cloud Service, as set forth in the Documentation, (b) be responsible for Authorized Users’ compliance with this Agreement and for any other activity (whether or not authorized by Customer) occurring under Customer’s account, (c) be responsible for ensuring that the Cloud Service is appropriate Customer’s intended use, (d) be solely responsible for the accuracy, quality, integrity and legality of Customer Data, (e) prevent unauthorized access to or use of the Cloud Service under its account, and notify Fortanix promptly of any such unauthorized access or use, and (f) use the Cloud Service only in accordance with the applicable Documentation, applicable laws and government regulations, and any written instructions provided by Fortanix to Customer from time to time.
6. Enforcement. Fortanix may, without limitation to any other rights or remedies, suspend Customer’s or any Authorized User’s access to or use of the Cloud Service in the event that Fortanix reasonably determines that Customer or such Authorized User’s use poses a security or legal risk to the Cloud Service or to other users of the Cloud Service, or if we suspect fraud or abuse. If permitted by applicable law, Fortanix will give Customer notice before any suspension unless Fortanix reasonably determines that providing notice would present a risk of harm to the Cloud Service or other users of the Cloud Service in which case Fortanix will provide notice as soon as practical or permitted. Fortanix will promptly reinstate Customer’s access to the Cloud Service once the issue causing the suspension has been resolved. Customer will be liable for any violation of this Agreement by any Authorized User.
7. Security Credentials. The Customer understands that failure to protect Security Credentials may allow an unauthorized person or entity to access the Cloud Service. In addition, Customer acknowledges that Fortanix does not have access to and cannot retrieve lost Security Credentials. Customer acknowledges and agrees that: (a) Customer is solely responsible for collecting, inputting and updating all Security Credentials; (b) Fortanix assumes no responsibility for the supervision, management or control of Customer’s or Authorized User’s Security Credentials; (c) Fortanix assumes no responsibility for any fraudulent or unauthorized use of any portion of the Cloud Service through Customer’s account; and (d) Fortanix disclaims all liability arising out of any use of or failure to protect the Security Credentials or any fraudulent or unauthorized access to or use of any portion of the Cloud Service through Customer’s account.
8. Data Security. The Customer acknowledges that no product, hardware, software or service can provide a completely secure mechanism of electronic transmission or communication and that there are persons and entities, including enterprises, governments and quasi-governmental actors, as well as technologies, that may attempt to breach any electronic security measure. Fortanix will have no liability on account of any security breach caused by any such persons, entities, or technologies. Fortanix will implement and maintain appropriate technical and organizational measures to ensure the security of the Cloud Service, details of which can be found at: https://www.fortanix.com/legal/fortanix-cloud-tos/toms.
9. Trial Service. If the Customer is provided access to a Cloud Service or to features or functionality of a Cloud Service free of charge, for evaluation, trial, proof of concept, or similar purposes, including any early access program (each, a “Trial Service”), the Customer must use the Trial Service appropriately in good faith for its intended purpose and Customer will not use any production data in connection with its use of the Trial Service. If Customer uses any production data in connection with the Trial Service, it does so at its own risk. The Customer’s use of the Trial Service is only permitted for thirty (30) days (unless Fortanix and Customer agree otherwise). Unless Fortanix agrees or unless Customer enters into a Purchase Order for the Cloud Service, Customer will not have access to the Trial Service or to any data in the Trial Service after Customer’s authorized use period ends. The Trial Service is provided “AS IS” without indemnification, support, service level commitment (SLA), or warranty of any kind, express or implied. Fortanix’s aggregate liability (excluding indirect damages, for which Fortanix expressly disclaims all liability) for any claim arising from Customer’s use of the Trial Service will not exceed $500 USD.

1. Purchase Ordering of Cloud Services. The Customer and Fortanix will enter into a Purchase Order describing the Cloud Service, Fees, and other details relating to the Customer’s access to and use of the Cloud Service. Such Purchase Orders may be in written or electronic form. All Purchase Orders will reference this Agreement, and upon acceptance by Fortanix, will become part of this Agreement. In the event of a conflict, the terms and conditions of each Purchase Order will take precedence over the terms and conditions of this Agreement, solely with respect to such Purchase Order.
2. Fees. The Customer will pay Fortanix the Fees for the Customer’s Usage of the Cloud Service in accordance with the pricing and terms set forth in the Purchase Order and this Section 3.
3. Payment Terms. Unless otherwise specified in a Purchase Order, all Fees and expenses will be due and payable in advance within thirty (30) days of the date of Fortanix’ invoice. The Customer will pay all invoices in full, without reduction or setoff of any kind. Any payment due under this Agreement not received by Fortanix within ten (10) days of the due date will incur interest at a rate of 1.5% per month, or the maximum rate allowed by law, whichever is lower. The Customer may, in good faith, dispute any invoice or any part thereof (a “Disputed Amount”) by submitting a written notice of such dispute along with reasonable supporting documentation within sixty (60) days of the date of the initial invoice on which the Disputed Amount appears, failing which the Customer waives all rights to dispute such Disputed Amount and to file any claim. The Parties will work together in good faith to resolve the Disputed Amount within thirty (30) days after receipt of the Customer’s notice.
4. Taxes. All Fees payable under this Agreement are net amounts and are payable in full, in the currency specified in the Purchase Order, without deduction for taxes or duties of any kind. The Customer will be responsible for, and will promptly pay, all taxes and duties of any kind (including but not limited to sales, use and withholding taxes) associated with this Agreement or the Customer’s receipt or use of the Cloud Service, except for taxes based on Fortanix’ net income. In the event that Fortanix is required to collect any tax for which the Customer is responsible, the Customer will pay such tax directly to Fortanix. If the Customer pays any withholding taxes that are required to be paid under applicable law, the Customer will furnish Fortanix with written documentation of all such tax payments, including receipts.
5. Indirect Purchases. If the Customer purchases an entitlement to the Cloud Service through a third-party Fortanix channel partner (such as an authorized reseller), different terms regarding invoicing, payment and taxes may apply. The Customer must pay for all charges incurred for their use of such Cloud Service.

1. Ownership of Cloud Service. As between Fortanix and the Customer, the Cloud Service and all Intellectual Property Rights therein or relating thereto are and will remain the exclusive property of Fortanix or its licensors. Subject to the limited rights expressly granted hereunder, Fortanix reserves all rights, title and interest in and to the Cloud Service and any associated software and Documentation, including all related Intellectual Property Rights. No other rights are implied with respect to the Cloud Service, or any related Intellectual Property Rights.
2. Ownership of Customer Data. Customer reserves all of its rights, title and interest in and to the Customer Data and all Intellectual Property Rights in the Customer Data.
3. Aggregate Data. Notwithstanding anything to the contrary herein, the Customer acknowledges and agrees that Fortanix may collect anonymized or aggregated data regarding the usage and performance of the Cloud Service and create Aggregate Data. Aggregate Data is, and will remain, the exclusive property of Fortanix and Fortanix may use Aggregate Data without restriction for any purpose, including, but not limited to, research and development, improvement of Cloud Service and other Fortanix service and product offerings, sales, licensing, advertising, marketing and promotional purposes.
4. Feedback. Any suggestions, enhancement requests, recommendations or other feedback provided by Customer at its sole discretion, including Authorized Users, relating to the operation or features of the Cloud Service are referred to as “Feedback”. Customer acknowledges and agrees that all Feedback will be the sole and exclusive property of Fortanix, and Customer hereby irrevocably transfers and assigns to Fortanix and agrees to irrevocably assign and transfer to Fortanix all of Customer’s right, title, and interest in and to all Feedback, including all Intellectual Property Rights therein. At Fortanix’ request and expense, Customer will execute documents and take such further acts as Fortanix may reasonably request to assist Fortanix to acquire, perfect and maintain its Intellectual Property Rights and other legal protections for the Feedback.
5. Required Disclosures. If Fortanix is required by a subpoena, court order, agency action, or any other legal or regulatory requirement (a “demand”) to disclose any Customer BCI or Customer Data (collectively, “Customer Information”), unless legally prohibited from doing so, Fortanix will (i) provide Customer with notice and a copy of the demand as soon as practicable, (ii) inform the relevant government authority that Fortanix is a service provider acting on Customer’s behalf and all requests for access to Customer Information should be directed in writing to the contact person Customer identifies to Fortanix (or if no contact is timely provided, Fortanix will direct the relevant governmental authority generally to Customer’s legal department), and (iii) only provide access to Customer Information with Customer’s authorization. If Customer requests, Fortanix will, at Customer’s expense, take reasonable steps to contest any demand. In the event Fortanix is legally prohibited from notifying Customer, Fortanix will evaluate the demand for disclosure to determine whether it is legally valid and binding, and will challenge the demand unless Fortanix reasonably believes the demand complies with applicable law. Fortanix will limit the scope of any disclosure to only information Fortanix is required to disclose (to the extent it has such access) and will disclose the information in accordance with applicable law.

1. Representations and Warranties. Each Party represents and warrants to the other Party that: (a) it is duly organized, validly existing and in good standing under its jurisdiction of organization and has the right to enter into this Agreement and (b) the execution, delivery and performance of this Agreement and the consummation of the transactions contemplated hereby are within the corporate powers of such Party and have been duly authorized by all necessary corporate action on the part of such Party and constitute a valid and binding agreement of such Party.
2. Limited Warranty. Fortanix warrants that, during the Term, the Cloud Service will perform in accordance with the applicable Service Level Agreement, if any, provided that the Cloud Service has been in accordance with the terms of this Agreement and any documentation applicable to the Cloud Service.
3. Warranty Disclaimer. EXCEPT AS OTHERWISE SET FORTH IN THIS AGREEMENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EACH CLOUD SERVICE IS PROVIDED “AS IS,” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS, IMPLIED OR STATUTORY. NEITHER FORTANIX NOR ANY OF ITS LICENSORS MAKES ANY REPRESENTATIONS OR WARRANTIES OF ANY KIND WHATSOEVER, IN CONNECTION WITH THE CLOUD SERVICES. WITHOUT LIMITING THE FOREGOING, FORTANIX DISCLAIMS ANY WARRANTY THAT THE CLOUD SERVICES WILL BE ERROR FREE, THAT CUSTOMER’S ACCESS TO OR USE OF THE CLOUD SERVICES WILL BE UNINTERRUPTED OR THAT THE CLOUD SERVICE WILL MEET CUSTOMER’S NEEDS OR BUSINESS REQUIREMENTS. EXCEPT AS EXPRESSLY PROVIDED HEREIN AND TO THE FULLEST EXTENT PERMITTED BY LAW, FORTANIX FURTHER DISCLAIMS ANY AND ALL WARRANTIES WITH RESPECT TO THE CLOUD SERVICES, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR SATISFACTORY QUALITY. FORTANIX FURTHER DISCLAIMS ANY AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, COURSE OF PERFORMANCE OR USAGE OF TRADE. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM FORTANIX OR ELSEWHERE SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THIS AGREEMENT.

1. Indemnification by Customer. Customer will defend Fortanix against any claim by a third party that: (i) such third party has suffered injury, damage or loss resulting from Customer’s or any Authorized User’s access to or use of the Cloud Service; or (ii) Customer or any Authorized User has used the Cloud Service in a manner that violates this Agreement, and indemnify Fortanix from all fines, damages, and costs finally awarded against Fortanix by a court of competent jurisdiction or a government agency, or agreed to in settlement
2. Indemnification by Fortanix. Fortanix will defend Customer against any claim by a third party that the Cloud Service directly infringes any patent, trademark, or copyright of that third party, or misappropriates a trade secret of that third party (but only to the extent that the misappropriation is not a result of Customer’s actions) , under the laws of: (a) the United States, (b) Canada, (c) European Economic Area member states, (d) the United Kingdom, (e) Australia, (f) New Zealand, or (g) Japan, and indemnify Customer from all fines, damages, and costs finally awarded against Customer by a court of competent jurisdiction or a government agency, or agreed to in settlement, provided that the foregoing shall not apply to the extent: (i) there is a combination, operation or use of the Cloud Service with any product, system, device, method or data not recommended or provided by Fortanix, if such infringement would have been avoided but for such combination, operation or use; (ii) there is a modification of the Cloud Service by anyone other than Fortanix, if such infringement would have been avoided but for such modification; or (iii) Customer’s access to or use of the Cloud Service is not compliant with this Agreement.
3. Injunction. If Customer’s access to or use of the Cloud Service is, or in Fortanix’ opinion is likely to be, affected by a claim by a third party alleging infringement of such third party’s Intellectual Property Rights, then Fortanix will at its sole option and expense: (i) replace or modify the Cloud Service to make it non-infringing and of equivalent functionality; (ii) procure for Customer the right to continue using the Cloud Service under the terms of this Agreement; or (iii) if Fortanix is unable to accomplish either (i) or (ii) despite using its reasonable efforts, then Fortanix may terminate Customer’s rights and Fortanix’ obligation under this Agreement with respect to such Cloud Service and refund to Customer a pro-rata portion of the pre-paid Fees (if any) for such Cloud Service for the remaining duration of the Term.
4. Procedure. The indemnified Party will: (a) promptly notify the indemnifying Party in writing of any such claim;(b) grant the indemnifying Party sole control of the defense and settlement of the claim, provided that indemnifying Party may not settle any claim or take any other action to the extent such settlement or other action would materially adversely impact the indemnified Party’s rights, obligations or business operations without the indemnified Party’s prior written consent (not to be unreasonably withheld, conditioned or delayed); and (c) provide the indemnifying Party, at the indemnifying Party’s expense, with all assistance, information and authority reasonably required for the defense and settlement of the claim.
5. Sole Remedy. THE FOREGOING SECTIONS IN THIS SECTION 6 SET FORTH FORTANIX’S SOLE AND EXCLUSIVE OBLIGATIONS, AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDIES, WITH RESPECT TO INFRINGEMENT OR MISAPPROPRIATION OF INTELLECTUAL PROPERTY RIGHTS OF ANY KIND BY THE CLOUD SERVICE OR ANY ACCESS TO OR USE THEREOF.

1. Definition. “Confidential Information” means any business or technical information disclosed by one Party to the other Party in connection with the Parties’ performance under this Agreement that: (i) if disclosed in writing, is marked “confidential” or “proprietary” at the time of disclosure; (ii) if disclosed orally, is identified as “confidential” or “proprietary” at the time of disclosure, and is summarized in a writing sent by the disclosing Party to the receiving Party within thirty (30) days after any such disclosure; or(iii) under the circumstances, a person exercising reasonable business judgment would understand to be confidential or proprietary. For clarity, the Cloud Service, Aggregate Data, and related Documentation, are Fortanix’ Confidential Information, Customer Data is Customer’s Confidential Information, and the terms of this Agreement constitute Confidential Information of both Parties.
2. Exclusions. The obligations and restrictions set forth in Section 7.3 will not apply to any information that the receiving Party demonstrates, by written evidence: (i) is or becomes generally known to the public through no fault of or breach of this Agreement by the receiving Party; (ii) is rightfully known by the receiving Party at the time of disclosure; (iii) is independently developed by the receiving Party without use of the disclosing Party’s Confidential Information; or (iv) the receiving Party rightfully obtains from a third party who has the right to disclose such information without breach of any confidentiality obligation to the disclosing Party.
3. Use and Disclosure Restrictions. A receiving Party will not use the disclosing Party’s Confidential Information except as necessary for the performance or enforcement of this Agreement and will not disclose such Confidential Information to any third party except to those of its employees and subcontractors who have a bona fide need to know such Confidential Information for the performance or enforcement of this Agreement; provided that each such employee and subcontractor is bound by a written agreement that contains use and disclosure restrictions consistent with the terms set forth in this Section. Notwithstanding the foregoing, Fortanix may disclose Confidential Information to a Fortanix Affiliates as required to perform or enforce this Agreement, subject to the terms and conditions of this Agreement. Each receiving Party will protect the disclosing Party’s Confidential Information from unauthorized use and disclosure using efforts equivalent to the efforts that the receiving Party ordinarily uses with respect to its own confidential information and in no event less than a reasonable standard of care. The provisions of this Section 7.3 will remain in effect during the Term and for a period of three (3) years after the expiration or termination of this Agreement; provided that, to the extent any Confidential Information constitutes a trade secret, the receiving Party’s obligations under Section 7 will continue until such Confidential Information ceases to be a trade secret.
4. Permitted Disclosures. The provisions of this Section 7 will not restrict either Party from disclosing Confidential Information pursuant to an order or requirement of a court, administrative agency, or other governmental body; provided that the Party required to make such a disclosure gives reasonable notice to the other Party to enable it to contest such order or requirement or limit the scope of such request. The Party responding to such order or requirement will only disclose that information that is expressly required.

1. Exclusion of Damages. IN NO EVENT WILL FORTANIX BE LIABLE FOR ANY SPECIAL, INCIDENTAL, EXEMPLARY, PUNITIVE OR CONSEQUENTIAL DAMAGES, OR FOR LOSS OR DISRUPTION OF USE, DATA, BUSINESS OR PROFITS, OR FOR THE COST OF PROCURING SUBSTITUTE PRODUCTS OR SERVICES ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR THE ACCESS, USE, OPERATION OR PERFORMANCE OF THE CLOUD SERVICE, WHETHER SUCH LIABILITY ARISES FROM ANY CLAIM BASED UPON CONTRACT, WARRANTY, TORT (INCLUDING WITHOUT LIMITATION, NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, AND WHETHER OR NOT FORTANIX HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE.
2. Total Liability. SUBJECT TO SECTION 8.1, FORTANIX’S TOTAL AGGREGATE LIABILITY ARISING UNDER THIS AGREEMENT, FROM ALL CAUSES OF ACTION AND ALL THEORIES OF LIABILITY, SHALL NOT EXCEED THE AMOUNTS PAID TO FORTANIX BY CUSTOMER UNDER THE APPLICABLE PURCHASE ORDER FOR THE SPECIFIC CLOUD SERVICE GIVING RISE TO A CLAIM FOR LIABILITY HEREUNDER, DURING THE TWELVE MONTHS PRECEDING THE CLAIM.

1. Applicability. To the extent Fortanix received BCI regarding residents of the European Economic Area (“EEA”), the United Kingdom, and Switzerland, the terms of this Sections 9 apply.
2. Processing. Fortanix will process BCI as Data Controller (as defined under European, United Kingdom, and Switzerland data protection and privacy laws or regulations, respectively) for the following purposes:
   •the provision of the Cloud Service;
   •account administration, billing and accounting reconciliation;
   •operational maintenance and support activities;
   •fraud detection and prevention; and,
   •subject to BCI having been previously anonymized, customer and market analysis and reporting.
3. Communications. On the basis of Fortanix’ legitimate interest, Fortanix will communicate to Customer by voice, letter or e-mail for the purposes of keeping it informed of products and services that may be of interest, and Fortanix will do so appropriately in compliance with applicable data protection and privacy laws or regulations.
4. Contact. Enquiries concerning the use, processing and/or transfer of BCI, in particular access, rectification and deletion requests, by Customer Representatives, should be submitted to privacy@fortanix.com and for EU based Customer to eu.privacy@fortanix.com.
5. Retention. Fortanix will retain BCI for no longer than necessary to fulfill the above-listed purposes for which BCI are processed.
6. Safeguards. Fortanix will implement and maintain the Security Measures to protect BCI against accidental or unlawful destruction, alteration or any unauthorized disclosure or access and against other unlawful forms of processing.
7. Transfers. Transfers of BCI for the purposes set out above under Section 9.2 to the United States or to any other country located outside the EEA, the United Kingdom, and Switzerland that is not deemed a country of adequate protection, are legitimized as and where required in accordance with applicable data protection and privacy laws or regulations in order to afford such transfer of BCI an adequate level of protection. These measures include (i) the entry into appropriate inter-company data transfer agreements based on the European Standard Contractual Clauses (adjusted to address transfers from the United Kingdom); and/or (ii) the implementation of Binding Corporate Rules as defined under applicable European, United Kingdom, and Switzerland regulations; and/or (iii) equivalent means of compliance.
8. Notification. If and where relevant under applicable law, Customer undertakes to inform Customer Representatives (i) that their BCI may be collected, used, processed and transferred by virtue of the performance of, and in accordance with, the Agreement; and (ii) of their rights regarding the processing of their BCI in accordance with this clause.
9. Customer Data. With regard to all Customer Data that is personal data (as defined under European, United Kingdom, and Switzerland data protection and privacy laws or regulations) (such Customer Data, “Customer Personal Data”), the Parties acknowledge and agree that (i) Fortanix does not, will not, and has no right to, access, store, monitor or otherwise perform any operation or control of, or on, any Customer Personal Data in connection with the provision of and the Cloud Service, and does not, and will not, and has no right to, perform any processing of Customer Personal Data for, on behalf, or under the instructions of, Customer; and (ii) as a result, Fortanix does not act as Data Processor or Data Controller (as defined under EEA, United Kingdom, and Switzerland data protection and privacy laws and regulations, respectively) with respect to such Customer Personal Data.

1. Term.  Subject to earlier termination by either Party in accordance with the terms of this Agreement, the Agreement will commence on the Effective Date and, will remain in force and effect for as long as Customer has an outstanding Purchase Order (the “Term”). This Agreement will automatically terminate when the last remaining Purchase Order expires or terminates.
2. Termination for Cause. Either Party may terminate this Agreement or any Purchase Order upon written notice if the other Party materially breaches this Agreement and fails to correct the breach within thirty (30) days following written notice specifying the breach; provided that the cure period for any default with respect to payment will be five (5) business days.
3. Termination for Insolvency. If Customer becomes, as applicable under local law, unable to pay its debts as they become due, ceases to do business, enters into a deed of arrangement, undergoes judicial management, commences the process of liquidation, has a receiver appointed or begins winding up or similar arrangements, then Fortanix may terminate this Agreement upon thirty (30) days’ written notice.
4. Rights and Obligations Upon Expiration or Termination. Upon expiration or termination of this Agreement, Customer’s and Authorized Users’ right to access and use the Cloud Service will immediately terminate, Customer and its Authorized Users will immediately cease all access and use of the Cloud Service, all Fees payable up to termination will become immediately due and payable, and each Party will return or destroy and make no further use of any Confidential Information, materials, or other items (and all copies thereof) belonging to the other Party.
5. Payment Upon Termination. If this Agreement is terminated by Fortanix in accordance with Sections 10.2 (Termination for Cause) or 10.3 (Termination for Insolvency), Customer will pay any unpaid Fees covering the remainder of the Term of all Purchase Orders. In no event will termination relieve the Customer of its obligation to pay any Fees payable to Fortanix for the period prior to the effective date of termination.
6. Survival. Any provision that, by its nature and context is intended to survive termination or expiration of this Agreement, shall survive, including the rights and obligations of the Parties under Sections 1, 2.5, 3.2, 3.3, 3.4, 4, 5.2, 6, 7, 8, 9, 10.4, 10.5, 10.6, and 11 will survive the expiration or any termination of this Agreement.

1. Subcontracting and Transfer. Fortanix may permit any of its Affiliates, independent contractor or other third party, to perform any of Fortanix’ obligations hereunder, provided that Fortanix remains primarily liable for the performance of its obligations. Fortanix may transfer this Agreement or any of its rights and obligations hereunder to an Affiliate or to an entity which is acquiring all or substantially all of Fortanix’s business or assets with prior notice to Customer, and in all such events the person or entity to whom this Agreement is assigned by Fortanix must agree in writing to be bound by all of the terms of this Agreement. This Agreement will be binding upon and inure to the benefit of all successors and permitted transferees of the Parties, who will be bound by all of the obligations of their predecessors or transferors.
2. Governing Law. This Agreement and any disputes arising under, in connection with, or relating to this Agreement will be governed by the laws of the State of California, excluding its conflicts of law rules. Any litigation pertaining to the interpretation or enforcement of this Agreement shall be filed in and heard by the state or Federal courts located in Santa Clara, California, and the Parties hereby submit to the jurisdiction of and waive any venue objections against such courts. If any legal action is brought by either Party arising from, or related to, the subject matter of this Agreement, the prevailing Party will be entitled to an award of its reasonable attorneys' fees and costs. English language shall be the applicable language and translation of the Agreement and the Purchase Order.
3. Severability. If for any reason a court of competent jurisdiction finds any provision of this Agreement invalid or unenforceable, that provision of the Agreement will be enforced to the maximum extent permissible, and the other provisions of this Agreement will remain in full force and effect.
4. Waiver. A failure by either Party to enforce any provision of this Agreement will not constitute a waiver of future enforcement of that or any other provision. Other than as expressly stated herein, the remedies provided herein are in addition to, and not exclusive of, any other remedies of a Party at law or in equity.
5. Relationship of Parties. The Parties to this Agreement are independent contractors and this Agreement will not establish any relationship of partnership, joint venture, employment, franchise, or agency between the Parties. Neither Party will have the power to bind the other or incur obligations on the other’s behalf without the other’s prior written consent.
6. Notice. All notices required or permitted under this Agreement will be in writing and will be deemed given: (a) when delivered personally; (b) two (2) business days after deposit with an internationally recognized express courier, with written confirmation of receipt; or (c) five (5) business days after having been sent by registered or certified mail, return receipt requested, postage prepaid. All such notices, approvals, consents and other communications will be sent to the address as may be specified by either Party to the other Party in this Agreement or on the Purchase Order.
7. Force Majeure. Neither Party will be responsible or liable to the other Party for any failure or delay in its performance under this Agreement (except for Customer’s payment obligations) due to causes beyond its reasonable control, including, but not limited to, labor disputes, strikes, lockouts, shortage of or inability to obtain energy, or supplies, war, terrorism, riot or acts of God (each a “Force Majeure”). In the event of a Force Majeure, the Party that is unable to perform or whose performance is delayed will promptly notify the other Party of the Force Majeure and will use its commercially reasonable efforts to resume performance, provided that if either Party is prevented or delayed from performing its obligations under this Agreement due to a Force Majeure for a period of sixty (60) consecutive days or more, either Party may terminate this Agreement or any impacted Purchase Order upon written notice to the other Party.
8. Export Control. Each Party will comply with (and Customer will ensure that any Authorized Users comply with) applicable export/re-export, sanctions, import and customs laws and regulations (including U.S. sanctions and export regulations) (“Sanctions Laws”). In addition, Customer will not be listed on, nor owned or controlled by an entity or person which is subject to, nor located in or organized under the laws of a country subject to, U.S. or E.U. embargo. Notwithstanding any other provision in this Agreement, Fortanix reserves the right to terminate this Agreement immediately upon written notice to the Customer if Fortanix reasonably determines that Customer is not in compliance with this Section or is causing Fortanix to be exposed to violations under Sanction Laws.
9. Entire Agreement. This Agreement, including all exhibits (and any attachments or schedules thereto) and Purchase Orders, constitutes the complete and exclusive understanding and agreement between the Parties regarding its subject matter and supersedes all prior or contemporaneous agreements or understandings, written or oral, relating to its subject matter. The provisions of the Purchase Order will supersede the provisions of this Agreement to the extent of any express inconsistency. Except as set forth in Section 11.11, this Agreement may be modified or any rights under it waived only by a written document executed by both Parties.
10. Modification. The Parties hereby agree that this Agreement contains the entire agreement between the Parties and this Agreement shall not be modified, changed or amended in any way except through a written amendment signed by all the Parties hereto.
11. Third Parties.There are no third-party beneficiaries to this Agreement.
12. Affiliate Adoption. A Customer Affiliate and/or a Fortanix Affiliate may adopt the terms of this Agreement by entering into a Purchase Order which references this Agreement. The Parties agree that the entities identified in a Purchase Order adopt the terms of this Agreement as if they were the original contracting parties thereto. For clarity, the contracting parties may be Customer, Fortanix, Customer Affiliate, and/or Fortanix Affiliate.v.1 April 2024