Last updated August 2023
Rapid7 LLC or Rapid7 International Limited (as applicable, “Rapid7”) is willing to provide certain services to you as the individual, the company, or the legal entity (referenced below as “You” or “Your” or “Customer”) that enters into a written quotation, work order, statement of work or similar document with Rapid7 that references these terms and conditions (hereinafter, this “Agreement”) only on the condition that you accept all of the terms of this Agreement. Read the terms and conditions of this Agreement carefully before purchasing any services from Rapid7. This is a legal and enforceable contract between You and Rapid7. By entering into a written quotation, statement of work or similar document with Rapid7 that references the agreement below, you agree to the terms and conditions of this Agreement. If you enter into a separate written agreement with Rapid7 for the services, then the terms of that separate written agreement, including attached Schedules, shall apply and this Agreement shall have no effect.
1.1 Content means any of Customer’s data gathered through the provision of the Offering or made available by Customer to Rapid7 for use in connection with the Offering. Depending on the Offering, this data may be stored within the Customer’s environment, within the Rapid7 environment, or a combination of both.
1.2 Distributed Software means those Rapid7 products listed on the applicable Ordering Document to be deployed in Customer’s on-premise environment.
1.3 Documentation means the documentation for the Offering generally supplied by Rapid7 to assist its customers in their use of the Offering, including user and system administrator guides, manuals, and the software functionality specifications.
1.4 Cloud-Hosted Software means the software-as-a-subscription identified on an Ordering Document.
1.5 Offering means the Software, Cloud-Hosted Software, Managed Services, Professional Services and any other products and/or services indicated on the applicable Ordering Document.
1.6 Ordering Document means Rapid7’s order form or other ordering document signed or referenced by Customer and Rapid7 or its authorized partner which identifies, as applicable, the specific Offering ordered, the Volume Limitations, the billable cloud resources, overage options, the Term, tiers and the price agreed upon by the parties.
1.7 Schedule means the specific terms and conditions related to the Offering that supplement this Agreement.
1.8 Software means Cloud-Hosted Software and Distributed Software.
1.9 Service(s) means the consulting, testing, managed, or other services described in an SOW or other Ordering Document that Rapid7 provides.
1.10 Term means the period of time set forth in the applicable Ordering Document during which (i) Customer is allowed to use the Software, or (ii) Services may be performed.
1.11 Volume Limitations means the capacity indicated on the Ordering Document, including unique assets, applications, number of scans, number of billable cloud resources, gigabytes, or workflows, as applicable.
2.1. Rapid7 Offering. Rapid7 retains ownership of all right, title, and interest in and to all intellectual property in and about the Offering including the Documentation, modifications and derivative works thereto including all rights to patent, copyright, trade secret, trademark, and other proprietary or intellectual property rights.
2.2. Customer Systems. Customer represents and warrants that (a) it has the appropriate authorizations from the owner of the networks, systems, IP addresses, assets, and/or hardware on which it deploys the Offering(s), or which it targets, scans, monitors, or tests with the Offering(s), and (b) Customer has obtained all necessary rights to permit Rapid7 to collect and process Content from Customer, including, without limitation, data from endpoints, servers, cloud applications, and logs.
2.3. Use by Affiliates. Customer may make the Offering(s) available to its Affiliates under these terms, provided that Customer is liable for any breach of this Agreement by any of its Affiliates. “Affiliate(s)” means any entity now existing that is directly or indirectly controlled by Customer. For purposes of this definition, “control” means the direct possession of a majority of the outstanding voting securities of an entity.
3.1 If Customer purchases the Offering through a Rapid7 authorized partner, then terms regarding invoicing, fees, and taxes shall be as set forth between Customer and partner and the applicable fees shall be paid directly to such partner and section 3.2 shall not apply.
3.2 Customer agrees to pay the fees, charges and other amounts in accordance with the applicable Ordering Document. Rapid7 will invoice Customer upon execution of an Ordering Document or the reference to an Ordering Document in a Customer’s purchase order, unless otherwise agreed by the parties. Customer shall be responsible for remitting all taxes levied on any transaction under this Agreement, including, without limitation, all federal, state, and local sales taxes, levies and assessments, and local withholding taxes in Customer’s jurisdiction, if any, excluding, however, any taxes based on Rapid7's income. In the event Customer is required to withhold taxes from its payment or withholding taxes are subsequently required to be paid to a local taxing jurisdiction, Customer is obligated to pay such tax, and Rapid7, as applicable, will receive the Ordering Document payment amount as agreed to net of any such taxes. Customer shall provide to Rapid7 written evidence that such withholding tax payment was made.
3.3 All fees are non-refundable and non-cancellable unless otherwise stated herein or in the applicable Ordering Document. In the event an Ordering Document requires travel by Rapid7 to a Customer designated site, Customer shall also reimburse Rapid7 for all reasonable out-of-pocket expenses incurred by Rapid7 in connection with delivery of the Offering.
4.1 Confidential Information. “Confidential Information” means information provided by one party to the other party which is designated in writing as confidential or proprietary, as well as information which a reasonable person familiar with the disclosing party’s business and the industry in which it operates would know is of a confidential or proprietary nature. A party will not disclose the other party’s Confidential Information to any third party without the prior written consent of the other party, nor make use of any of the other party’s Confidential Information except in its performance under this Agreement. Each party accepts responsibility for the actions of its agents or employees and shall protect the other party’s Confidential Information in the same manner as it protects its own Confidential Information, but in no event with less than reasonable care. The parties expressly agree that the terms and pricing of this Agreement are Confidential Information. A receiving party shall promptly notify the disclosing party upon becoming aware of a breach or threatened breach hereunder and shall cooperate with any reasonable request of the disclosing party in enforcing its rights.
4.2 Exclusions. Information will not be deemed Confidential Information if such information: (i) is known prior to receipt from the disclosing party, without any obligation of confidentiality; (ii) becomes known to the receiving party directly or indirectly from a source other than one having an obligation of confidentiality to the disclosing party; (iii) becomes publicly known or otherwise publicly available, except through a breach of this Agreement; or (iv) is independently developed by the receiving party without use of the disclosing party’s Confidential Information. The receiving party may disclose Confidential Information pursuant to the requirements of applicable law, legal process, or government regulation, provided that, unless prohibited from doing so by law enforcement or court order, the receiving party gives the disclosing party reasonable prior written notice, and such disclosure is otherwise limited to the required disclosure.
4.3 Content. To the extent that Rapid7 processes personal data about any individual in the course of providing the Offering, Customer agrees to Rapid7’s Data Processing Agreement, located at https://www.rapid7.com/legal/dpa/. Customer retains ownership of all rights, title, and interest in and to all Content, and Customer is solely responsible for all Content. Rapid7 does not guarantee the accuracy, integrity, or quality of such Content. Except as provided in this Agreement, Customer shall be solely responsible for providing, updating, uploading, and maintaining all Content, as applicable. Rapid7 may use Content solely as necessary to: (i) provide the Offering to Customer; (ii) generate statistics and produce reports in anonymized and aggregated form that does not or cannot be used to identify Customer or any Content; and (iii) collect data and analytics about use of the Offering in order to continue to improve the development and delivery of the Offering.
4.4 Data Security. Rapid7 shall implement appropriate technical and organizational measures to protect Content from accidental or unlawful destruction, loss, or alteration, unauthorized disclosure of, or access to Content. Such measures may include, as appropriate (a) the encryption of Content; (b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of systems and services; (c) a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of Content.
EXCEPT FOR THE WARRANTIES IN THIS AGREEMENT OR AS SET FORTH IN THE SCHEDULE(S), RAPID7 MAKES NO OTHER WARRANTIES OR REPRESENTATIONS, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF THIRD PARTY RIGHTS. RAPID7 MAKES NO WARRANTY THAT ALL SECURITY RISKS, INCIDENTS, OR THREATS WILL BE DETECTED OR REMEDIATED BY USE OF THE OFFERINGS OR THAT THERE WILL NOT BE FALSE POSITIVES.
6.1 By Rapid7. Rapid7 will indemnify Customer from and against all costs, liabilities, losses, and expenses (including, but not limited to, reasonable attorneys’ fees) (collectively, “Losses”) arising out of a third party claim alleging that the Offering infringes or misappropriates any intellectual property rights of such third party. Notwithstanding the foregoing, in no event shall Rapid7 have any obligations or liability under this Section arising from: (i) use of any Offering in combination with materials not furnished by Rapid7, and (ii) any content, information, or data provided by Customer or other third parties. If the Offering is or is likely to become subject to a claim of infringement or misappropriation, then Rapid7 will, at its sole option and expense, either: (i) obtain for the Customer the right to continue using the Offering; (ii) replace or modify the Offering to be non-infringing and substantially equivalent to the infringing Offering; or (iii) if options (i) and (ii) above cannot be accomplished despite the reasonable efforts of Rapid7, then Rapid7 may terminate Customer’s rights to use the infringing Offering and will refund pro-rata any prepaid fees for the infringing portion of the Offering. THE RIGHTS GRANTED TO CUSTOMER UNDER THIS SECTION SHALL BE CUSTOMER’S SOLE AND EXCLUSIVE REMEDY FOR ANY ALLEGED INFRINGEMENT BY THE OFFERING OF ANY PATENT, COPYRIGHT, OR OTHER PROPRIETARY RIGHT.
6.2 By Customer. Customer will indemnify, defend, and hold harmless Rapid7 from and against all Losses arising out of a third party claim regarding: (i) Customer’s violation of any representations and warranties made in Section 2.2 of this Agreement; or (ii) Customer’s violation of applicable law.
7.1 Exclusion of Certain Damages.NEITHER PARTY WILL BE LIABLE UNDER THIS AGREEMENT FOR LOST REVENUES OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, EVEN IF THE PARTY KNEW OR SHOULD HAVE KNOWN THAT SUCH DAMAGES WERE POSSIBLE.
7.2 Limitation on Amount of Liability. NEITHER PARTY WILL BE LIABLE UNDER THIS AGREEMENT FOR MORE THAN THE TOTAL AMOUNT PAID OR PAYABLE BY CUSTOMER FOR THE RELEVANT OFFERING DURING THE TWELVE MONTHS IMMEDIATELY PRIOR TO THE EVENT GIVING RISE TO LIABILITY, EXCEPT THAT THE LIMITATION IN THIS SECTION 7.2 SHALL NOT APPLY TO: (I) VIOLATIONS OF A PARTY’S INTELLECTUAL PROPERTY RIGHTS BY THE OTHER PARTY; OR (II) A PARTY’S EXPRESS INDEMNIFICATION OBLIGATIONS UNDER THIS AGREEMENT.
8.1 Term. The Term of each Offering will be as set forth on the Ordering Document. The Term will automatically renew for the same period of time as the initial Term at the rate listed on the applicable Ordering Document unless (i) otherwise indicated on the Ordering Document or (ii) either party provides the other with written notice of its election not to renew at least 30 days prior to the end of the applicable Term. Any renewal will be invoiced at the rate indicated on the applicable Ordering Document. In connection with any renewal term, Rapid7 reserves the right to change the rates, applicable charges and usage policies and to introduce new charges for any subsequent Term, upon providing Customer written notice thereof (which may be provided by e-mail) at least 60 days prior to the end of the applicable Term.
8.2 Termination.Either party may terminate this Agreement or any Ordering Document (i) in the event of a material breach of this Agreement or any such Ordering Document by the other party that is not cured within thirty days of written notice thereof from the other party, (ii) immediately in the event of an incurable, material breach, or (iii) immediately if the other party ceases doing business, or is the subject of a voluntary or involuntary bankruptcy, insolvency or similar proceeding that is not dismissed within sixty days of filing. All provisions of this Agreement which by their nature are intended to survive the termination of this Agreement shall survive such termination.
8.3 Effect of Termination. Upon any termination or expiration of this Agreement or any applicable Ordering Document, Rapid7 shall no longer provide the applicable Offering to Customer and Customer must cease using the Offering and send no further Content to Rapid7. Termination of this Agreement or an Ordering Document shall not relieve Customer of its obligation to pay all fees that have accrued or have become payable by Customer hereunder. Customer agrees that following termination of Customer’s account and/or use of the Offering, Rapid7 may immediately deactivate Customer’s account and that following a reasonable period not to exceed 90 days, shall be entitled to delete Customer’s account and all Content.
9.1 Offering-Related Professional Services. To the extent Customer purchases Professional Services, or Professional Services are included in the Offering, Customer may reschedule the Professional Services up to ten business days prior to the start of the Professional Services at no cost. If Customer reschedules the Professional Services with less than ten business days’ notice, Customer will forfeit the portion of the Professional Services equal to the number of days that were rescheduled without the required notice. If Customer reschedules the Professional Services after they have begun, Customer will forfeit five days of Professional Services, or the number of days remaining on the Professional Services, whichever is fewer. Customer will also be responsible for any out-of-pocket expenses incurred by Rapid7 due to such rescheduling. If performance of the Professional Services is delayed by Customer’s acts or omissions, including Customer’s failure to meet the requirements set forth in an SOW, Customer will forfeit the duration of such delay from its Professional Services time. Customer will have twelve months from the date of order to use or schedule any Professional Services, after which time any remaining, unscheduled Professional Services time will be forfeited.
9.2 Rapid7 Personnel. Rapid7 shall have sole discretion in staffing the Services and may assign the performance of any portion of the Services to any subcontractor, except that Customer may request the use of Rapid7 personnel in any Ordering Document or at the time Customer schedules the Services. In the event that Rapid7 subcontracts any portion of the Services, Rapid7 shall be fully responsible for the acts and omissions of any such subcontractor.
9.3 Miscellaneous. (a) This Agreement shall be construed in accordance with and governed for all purposes by the laws of the State of Delaware (for customers located in North America), or England & Wales (for customers located outside of North America), each excluding its respective choice of law provisions and each party consents and submits to the jurisdiction and forum of the state and federal courts in the State of Delaware (for customers located in North America) or London, England (for customers located outside of North America) all questions and controversies arising out of this Agreement and waives all objections to venue and personal jurisdiction in these forums for such disputes; (b) this Agreement, along with the accompanying Schedules, Addenda, and Ordering Document(s) constitute the entire agreement and understanding of the parties hereto with respect to the subject matter hereof and supersedes all prior agreements and undertakings, both written and oral; (c) this Agreement and each Ordering Document may not be modified except by a writing signed by each of the parties; (d) in case any one or more of the provisions contained in this Agreement shall for any reason be held to be invalid, illegal, or unenforceable in any respect, such invalidity, illegality, or unenforceability shall not affect any other provisions of this Agreement but rather this Agreement shall be construed as if such invalid, illegal, or other unenforceable provision had never been contained herein; (e) Customer shall not assign its rights or obligations hereunder without Rapid7's advance written consent; (f) subject to the foregoing subsection (e), this Agreement shall be binding upon and shall enure to the benefit of the parties hereto and their successors and permitted assigns; (g) no waiver of any right or remedy hereunder with respect to any occurrence or event on one occasion shall be deemed a waiver of such right or remedy with respect to such occurrence or event on any other occasion; (h) nothing in this Agreement, express or implied, is intended to or shall confer upon any other person any right, benefit or remedy of any nature whatsoever under or by reason of this Agreement, including but not limited to any of Customer’s own clients, customers, or employees; (i) the headings to the sections of this Agreement are for ease of reference only and shall not affect the interpretation or construction of this Agreement; (j) terms in an Ordering Document have precedence over conflicting terms in this Agreement or Schedules, but have applicability only to that particular Ordering Document; (k) the terms in a Schedule have precedence over conflicting terms in this Agreement, but have applicability only to that particular Schedule; and (l) this Agreement may be executed in two or more counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument.
9.4 Injunctive Relief. Notwithstanding any other provision of this Agreement, both parties acknowledge that any breach of this Agreement may cause the other party irreparable and immediate damage for which remedies other than injunctive relief may be inadequate. Therefore, the parties agree that, in addition to any other remedy to which a party may be entitled hereunder, at law or equity, each party shall be entitled to seek an injunction to restrain such use in addition to other appropriate remedies available under applicable law.
9.5 Relationship of the Parties. Rapid7 and Customer are independent contractors, and nothing in this Agreement shall be construed as making them partners or creating the relationships of principal and agent between them, for any purpose whatsoever. Neither party shall make any contracts, warranties, or representations or assume or create any obligations, express or implied, in the other party’s name or on its behalf.
9.6 US Government Restricted Rights. This Section applies to all acquisitions of the Offering by or for the U.S. Federal Government, or by any prime contractor or subcontractor (at any tier) under any contract, grant, cooperative agreement, or other activity with the Federal Government for the Government’s end use. The Offerings are “commercial items” as that term is defined at FAR 2.101. If Customer is an Executive Agency (as defined in FAR 2.101) of the U.S. Federal Government (“Government”), Rapid7 provides the Offering, including any related technical data and/or professional services in accordance with the following: If a right to access the Offering is procured by or on behalf of any Executive Agency (other than an Executive Agency within the Department of Defense (DoD)), the Government is granted, in accordance with FAR 12.211 (Technical Data) and FAR 12.212 (Computer Software), only those rights in technical data and software customarily provided to Rapid7’s customers as such rights are described in this Agreement. If a right to access the Offering is procured by or on behalf of any Executive Agency within the DoD, the Government is granted, in accordance with DFARS 227.7202-3 (Rights in commercial computer software or commercial computer software documentation), only those rights in technical data and software that are customarily provided to Rapid7’s customers as such rights are described in this Agreement. In addition, DFARS 252.227-7015 (Technical Data – Commercial Items) applies to technical data provided by Rapid7 to an Executive Agency within the DoD. Note, however, that Subpart 227.72 does not apply to computer software or computer Offering documentation acquired under GSA schedule contracts. Except as expressly permitted under this Agreement, no other rights or licenses are granted to the Government. Any rights requested by the Government and not granted under this Agreement must be separately agreed in writing with Rapid7. This Section 9.6 of the Agreement is in lieu of, and supersedes, any other FAR, DFARS, or other clause, provision, or supplemental regulation that addresses Government rights in the Offering.
9.7 Force Majeure. Other than payment obligations hereunder, neither party will be liable for any inadequate performance to the extent caused by a condition that was beyond the party's reasonable control (including, but not limited to, natural disaster, act of war or terrorism, riot, global health crisis, acts of God, or government intervention), except for mere economic hardship, so long as the party continues to use commercially reasonable efforts to resume performance.
9.8 No Reliance. Customer represents that it has not relied on the availability of any future feature or version of the Offering or any future product or service in executing this Agreement or purchasing any Offering hereunder.
9.9 Publicity. Customer acknowledges that Rapid7 may use Customer’s name and logo for the purpose of identifying Customer as a customer of Rapid7 Offerings. Rapid7 will cease using Customer’s name and logo upon written request.
9.10 Notices. Unless specified otherwise herein, (i) all notices must be in writing and addressed to the attention of the other party's legal department and primary point of contact and (ii) notice will be deemed given: (a) when verified by written receipt if sent by personal courier, overnight courier, or when received if sent by mail without verification of receipt; or (b) when verified by automated receipt or electronic logs if sent by email. When sent by email, notices to Rapid7 must be sent to notices@rapid7.com.
9.11 Compliance with Law. Each party agrees to comply with all applicable federal, state, and local laws and regulations including but not limited to export law, and those governing the use of network scanners, vulnerability assessment software products, encryption devices, user monitoring, and related software in all jurisdictions in which systems are scanned, scanning is controlled, or users are monitored.
This Professional and Managed Services Schedule (the “Services Schedule”) governs the terms and conditions in connection with the subscription to and use of Rapid7 Professional and Managed Services as defined herein. In the event of a conflict between this Services Schedule and the Agreement, this Services Schedule will prevail with respect to the Professional and Managed Services only.
1. SERVICES DEFINITIONS
1.1 Deliverables means the draft or final reports that are created for Customer as a result of the Services provided hereunder, unless otherwise defined in the individual SOW.
1.2 Managed Services means Services where Rapid7 manages an aspect of Customer’s business for the term and scope indicated in an SOW. Managed Services may include Rapid7 operating or subscribing to software on Customer’s behalf.
1.3 Professional Services means Services where Customer engages Rapid7 to perform specific, identified tasks, either at specific dates and times, or retained for a period of time in order to perform them as needed.
1.4 SOW means: (i) mutually agreed upon statement of work, or scope of work, scope of service, or service brief that sets forth and describes the Services to be provided hereunder, the applicable fees to be paid, and as applicable, any delivery schedules, timelines, specifications, and any other terms agreed upon by the parties; or (ii) Rapid7 Ordering Document which identifies the Services ordered; in each case as signed or referenced by Customer or its authorized partner.
2. SERVICES
2.1 Services. Customer may order Services from Rapid7 through an SOW. Rapid7 shall provide Customer the Services as specified in such SOW. All changes to an SOW must be approved by both parties in writing. Rapid7 will not invoice Customer for any Services beyond those contained in the SOW without the prior written consent of Customer.
2.2 Deliverables. Customer retains all right, title, and interest in and to Content and Customer Confidential Information. In addition, Customer shall own all right, title and interest to the Results obtained by Customer through Customer’s use of the Services. For purposes of this Services Schedule, “Results” shall mean the data based on Content resulting from Customer’s use of the Service, but does not include any dashboards for displaying results, report templates or other components of the Service used by Rapid7. Rapid7 owns all right, title, and interest in and to Rapid7’s trade secrets, its Confidential Information, or other proprietary rights in any material used by Rapid7 or presented to Customer, whether such was developed prior to the Services, independent of this Agreement, or in performance of the Services (each, “Rapid7 IP”), including but not limited to, documentation, software, designs, inventions, discoveries, specifications, improvements, tools, models, know-how, methodologies, analysis frameworks, and report formats. Customer will have a perpetual, royalty-free, worldwide, non-exclusive, non-transferable license to use any Rapid7 IP incorporated into any Deliverable, for Customer’s internal business purposes only, upon Customer's payment in full of all undisputed amounts due hereunder. Rapid7 may incorporate the Rapid7 IP in future releases of any of its products or services, provided Content or Customer Confidential Information is not included in any Rapid7 IP.
2.3 Managed Services. To the extent Managed Services include any Rapid7 software, Customer is granted a license to such Software subject to the applicable license terms. Such license will be for the Term of the Managed Services only.
2.4 Services Warranty. Rapid7 warrants that the Services will be provided with reasonable skill and care conforming to generally accepted industry standards, and in conformance in all material respects with the requirements set forth in the SOW. Customer must report any deficiency in the Services to Rapid7 in writing within fifteen business days of delivery or performance of the portion of the Services containing the deficiency. For any breach of the above warranty, Rapid7 will, at its option and expense, either (a) use commercially reasonable efforts to provide remedial services necessary to enable the Services to conform to the warranty, or (b) refund pro-rata amounts paid for the non-conforming Services. Customer will provide reasonable assistance in remedying any defects. The remedies set out in this subsection are Customer’s sole remedies for breach of the above warranty. Termination of an SOW will not terminate the Agreement.
This Cloud-Hosted Software Schedule (the “Cloud-Hosted Software Schedule”) governs the terms and conditions in connection with the subscription to and use of Rapid7 Cloud-Hosted Software as defined herein. In the event of a conflict between this Cloud-Hosted Software Schedule and the Agreement, this Cloud-Hosted Software Schedule will prevail with respect to the Cloud-Hosted Software only.
1. License. Rapid7 hereby grants to Customer, during the Term, a non-exclusive, non-transferable, non-sublicensable right to use and access the Cloud-Hosted Software (in object code only): (i) solely for Customer’s internal business purposes; (ii) within the Volume Limitations; and (iii) as described in this Agreement. The parties also agree to be bound by any further license restrictions set forth on the Ordering Document. Access to the Cloud-Hosted Software may require software to be downloaded or installed locally on Customer systems. If applicable, Customer must allow the downloaded and locally deployed software to integrate with such programs and devices necessary to provide data to the Cloud-Hosted Software. In the event Customer elects to transmit its data to Rapid7 without encryption, Customer assumes all risks for failure to encrypt.
2. Restrictions. Except as may be expressly permitted by applicable law, Customer will not, and will not permit or authorize third parties to: (i) reproduce, modify, translate, enhance, decompile, disassemble, reverse engineer, create derivative works of the Cloud-Hosted Software, or merge the Cloud-Hosted Software into another program; (ii) resell, rent, lease, or sublicense the Cloud-Hosted Software or access to it including use of the Cloud-Hosted Software for timesharing or service bureau purposes; (iii) circumvent or disable any security or technological features or measures in the Cloud-Hosted Software; nor (iv) access the Cloud-Hosted Software in order to build a competitive product or service, for competitive analysis, or to copy any ideas, features, functions, or graphics of the Cloud-Hosted Software. Customer is responsible for its employees’ compliance with this Agreement. If Customer identifies a vulnerability in the Cloud-Hosted Software, all information and analysis regarding the vulnerability must be disclosed through the Rapid7 contact form, found at here. Customer shall not: (i) upload or otherwise transmit, display, or distribute any Content to the Cloud-Hosted Software that infringes any trademark, trade secret, copyright, or other proprietary or intellectual property rights of any person; (ii) upload or otherwise transmit to the Cloud-Hosted Software any material that contains software viruses or any other computer code, files, or programs designed to interrupt, destroy or limit the functionality of any computer software or hardware or telecommunications equipment; or (iii) interfere with or disrupt the Cloud-Hosted Software.
3. Volume Limitations. In the event that the Cloud-Hosted Software is used in excess of the Volume Limitations, following a reasonable notification period by Rapid7 (“Notice Period”), Rapid7 reserves the right to invoice for the fees for such excess usage at Rapid7’s then current list rates, or as otherwise set forth on the Ordering Document (“True-Up”), notwithstanding the limitation on liability in Section 7 of the Agreement. To the extent applicable, Customer may select to move up to the next Volume Limitations tier set forth in the applicable Ordering Document for the remainder of the Term and Customer shall be liable for the incremental fees set forth in the applicable Ordering Document which shall be prorated for the remainder of the Term (“True-Forward”). In the event that Customer does not select to True-Forward following thirty days from the Notice Period, the True-Up option shall apply and become due.
4. Evaluation Licenses. If Customer’s access to the Cloud-Hosted Software is for a trial or evaluation only, then the Term shall be thirty days, or the Term specified on the Ordering Document. Customer may not utilize the same Cloud-Hosted Software for more than one trial or evaluation term in any twelve month period, unless otherwise agreed to by Rapid7. Rapid7 may revoke Customer’s trial or evaluation access at any time and for any reason. Sections 5 of this Cloud-Hosted Software Schedule (Warranty) and 6.1 of the Agreement (Indemnification) shall not be applicable to any evaluation or trial license.
5. Warranty. Rapid7 warrants that, during the Term: (i) the Cloud-Hosted Software will conform, in all material respects, with the applicable Documentation; and (ii) it will not materially decrease the overall functionality of the Cloud-Hosted Software. For any breach of the above warranty, Rapid7 will, at no additional cost to Customer, use commercially reasonable efforts to provide remedial services necessary to enable the Cloud-Hosted Software to conform to the warranty. Customer will provide Rapid7 with a reasonable opportunity to remedy any breach and reasonable assistance in remedying any defects. If Rapid7 is unable to restore such functionality, Customer may terminate the applicable Ordering Document and receive a pro rata refund of the fees paid for the terminated portion of the then-current Term. Rapid7 makes no warranty regarding third party features or services. The remedies set out in this subsection are Customer’s sole remedies for breach of the above warranties.
5.1. Automation Disclaimer. Customer is responsible for implementing appropriate internal procedures and oversight to the extent it utilizes the configuration of workflows and processes, including but not limited to containment actions, quarantine actions, kill processes, and similar functionalities (“Orchestration and Automation Functionality”). EXCEPT FOR THE WARRANTY IN SECTION 5, THE ORCHESTRATION AND AUTOMATION FUNCTIONALITY IS MADE AVAILABLE BY RAPID7 ON AN “AS-IS” BASIS TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW. Rapid7’s Orchestration and Automation Functionality is not designed, intended, or licensed for use in hazardous environments or other applications where a malfunction could cause property damage or personal injury, and Rapid7 specifically disclaims any liability in connection with any such use. Customer assumes all risks in using third-party products or services in connection with the Orchestration and Automation Functionality.
6. Suspension of Service. Rapid7 reserves the right to suspend Customer’s access to the Cloud-Hosted Software upon notification, if Customer is more than thirty days late with respect to any payments due hereunder. Upon such suspension, Customer shall still be liable for all payments that have accrued prior to the date of suspension and that will accrue throughout the remainder of the Term. Rapid7 will not be obligated to restore access to the Cloud-Hosted Software until Customer has paid all fees owed to Rapid7.
7. Availability. Subject to this Agreement and the Service Level Agreement located at https://www.rapid7.com/legal/sla/, Rapid7 shall use commercially reasonable efforts to provide the Cloud-Hosted Software twenty-four hours a day, seven days a week throughout the Term. Customer agrees that from time to time the Cloud-Hosted Software may be inaccessible or inoperable for various reasons, including: (i) equipment malfunctions; (ii) periodic maintenance procedures or repairs which Rapid7 may undertake from time to time; or (iii) causes beyond the control of Rapid7 or which are not reasonably foreseeable by Rapid7, including interruption or failure of telecommunication or digital transmission links, hostile network attacks or network congestion, or other failures (collectively “Downtime”). Rapid7 shall use commercially reasonable efforts to provide twenty-four hour advance notice to Customer in the event of any scheduled Downtime. Rapid7 shall have no obligation during performance of such operations to mirror Content or to transfer Content. Rapid7 shall use commercially reasonable efforts to minimize any disruption, inaccessibility, and/or inoperability of the Cloud-Hosted Software in connection with Downtime, whether scheduled or not.
8. Support Services. Rapid7 shall provide support during any Term, or else as otherwise set forth on the applicable Ordering Document subject to Rapid7’s support policy, located at https://www.rapid7.com/globalassets/_pdfs/whitepaperguide/rapid7-customer-support-guidebook.pdf.
This Distributed Software Schedule (the “Distributed Software Schedule”) governs the terms and conditions in connection with the subscription to and use of Rapid7 Distributed Software as defined herein. In the event of a conflict between this Distributed Software Schedule and the Agreement, this Distributed Software Schedule will prevail with respect to the Distributed Software only.
This Threat Intelligence Solution Schedule (the “TI Schedule”) governs the terms and conditions in connection with the subscription to and use of Rapid7 TI Solution as defined herein. In the event of a conflict between this TI Schedule and the Agreement, this TI Schedule will prevail with respect to the TI Solution only.
1. Definitions. TI Solution means the subscription service and associated remediations identified on an Ordering Document and further described herein.
2. Access to Service. During the Term, Rapid7 grants Customer a non-exclusive, non-transferable, non-sublicensable right to use and access the TI Solution (in object code only): (i) for lawfully detecting and analyzing cyber intelligence threats concerning Customer’s digital assets; (ii) for Customer’s internal business purposes; (iii) within the Volume Limitations; and (iv) as described in this Agreement. The parties also agree to be bound by any further license restrictions set forth on Ordering Document.
3. Restrictions. Except as may be expressly permitted by applicable law, Customer will not, and will not permit or authorize third parties to: (i) reproduce, modify, translate, enhance, decompile, disassemble, reverse engineer, create derivative works of the TI Solution, or merge the TI Solution into another program; (ii) resell, rent, lease, or sublicense the TI Solution or access to it including use of the TI Solution for timesharing or service bureau purposes; (iii) circumvent or disable any security or technological features or measures in the TI Solution; nor (iv) access the TI Solution in order to build a competitive product or service, for competitive analysis, or to copy any ideas, features, functions, or graphics of the TI Solution. Customer is responsible for its employees’ compliance with this Agreement. If Customer identifies a vulnerability in the TI Solution, all information and analysis regarding the vulnerability must be disclosed through the Rapid7 contact form, found here. Customer shall not: (i) upload or otherwise transmit, display, or distribute any Content to the TI Solution that infringes any trademark, trade secret, copyright, or other proprietary or intellectual property rights of any person; (ii) upload or otherwise transmit to the TI Solution any material that contains software viruses or any other computer code, files, or programs designed to interrupt, destroy or limit the functionality of any computer software or hardware or telecommunications equipment; or (iii) interfere with or disrupt the TI Solution.
4. Service Warranty. Rapid7 warrants that, during the Term: (i) the TI Solution will conform, in all material respects, with the applicable Documentation; and (ii) it will not materially decrease the overall functionality of the TI Solution. For any breach of the above warranty, Rapid7 will, at no additional cost to Customer, use commercially reasonable efforts to provide remedial services necessary to enable the TI Solution to conform to the warranty. Customer will provide Rapid7 with a reasonable opportunity to remedy any breach and reasonable assistance in remedying any defects. If Rapid7 is unable to restore such functionality, Customer may terminate the applicable Ordering Document and receive a pro rata refund of the fees paid for the terminated portion of the then-current Term. Rapid7 makes no warranty regarding third party features or services. The remedies set out in this subsection are Customer’s sole remedies for breach of the above warranty.
4.1. Disclaimer. THE CUSTOMER ACKNOWLEDGES THAT THE TI SOLUTION DOES NOT AND CANNOT GUARANTEE TO DETECT ALL POSSIBLE CYBER ATTACKS NOR FIND ALL OTHER INTELLIGENCE FINDINGS THAT MAY APPLY TO THE CUSTOMER. RAPID7 DOES NOT PROVIDE ANY REPRESENTATION, WARRANTY OR GUARANTEE WHATSOEVER WITH RESPECT TO THE SUCCESS OF THE USE OF THE TI SOLUTION, THE DETECTION OF ALL POTENTIAL “CYBER” EVENTS OR THE SUCCESSFULNESS OF REMEDIATIONS. BY USE OF THE TI SOLUTIONCUSTOMER EXPRESSLY WAIVES ANY CLAIM ARISING THEREFROM OR RELATED THERETO, TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW. RAPID7 MAKES NO WARRANTY THAT REMEDIATIONS WILL BE SUCCESSFUL OR COMPLETED WITHIN A CERTAIN TIMEFRAME.
5. Keywords. In order to use the TI Solution, the Customer will need to designate certain search words in the TI Solution (“Keyword”). The Customer shall ensure that the Keywords remain current and that any updates or changes to the Keywords are promptly provided to Rapid7. Keywords will be considered Content as defined in the Agreement.
5.1. Suspension of Keywords. If Rapid7, in good faith, determines that Customer does not have the right to use a Keyword, Rapid7 may suspend use of that Keyword in the TI Solution, without any liability to Customer. Customer shall reasonably cooperate with Rapid7 to address the concern, which may include providing information to support the Customer’s right to use the Keyword.
6. Other Information. Customer agrees to refrain from accessing or otherwise utilizing or benefitting from any information gained through use of the TI Solution that could constitute a third party’s confidential information, trade secret, or personal data.
7. Downtime. Subject to this Agreement and the TI Solution Service Level Agreement referenced in section 8 below, Rapid7 shall use commercially reasonable efforts to provide the TI Solution twenty-four hours a day, seven days a week throughout the Term. Customer agrees that from time to time the TI Solution may be inaccessible or inoperable for various reasons, including: (i) equipment malfunctions; (ii) periodic maintenance procedures or repairs which Rapid7 may undertake from time to time; or (iii) causes beyond the control of Rapid7 or which are not reasonably foreseeable by Rapid7, including interruption or failure of telecommunication or digital transmission links, hostile network attacks or network congestion, or other failures (collectively “Downtime”). Rapid7 shall use commercially reasonable efforts to provide twenty-four hour advance notice to Customer in the event of any scheduled Downtime. Rapid7 shall have no obligation during performance of such operations to mirror Content or to transfer Content. Rapid7 shall use commercially reasonable efforts to minimize any disruption, inaccessibility, and/or inoperability of the TI Solution in connection with Downtime, whether scheduled or not.
8. Support Services. Rapid7 shall provide support during any Term, or else as otherwise set forth on the applicable Ordering Document, as stated in https://www.rapid7.com/legal/ti-sla/.