Last updated October 2021
Rapid7 LLC or Rapid International Limited (as applicable, “Rapid7”) is willing to provide certain services to you as the individual, the company, or the legal entity (referenced below as “You” or “Your” or “Customer”) that enters into a written quotation, work order, statement of work or similar document with Rapid7 that references these terms and conditions (hereinafter, this “Agreement”) only on the condition that you accept all of the terms of this Agreement. Read the terms and conditions of this Agreement carefully before purchasing any services from Rapid7. This is a legal and enforceable contract between You and Rapid7. By entering into a written quotation, statement of work or similar document with Rapid7 that references the agreement below, you agree to the terms and conditions of this Agreement. If you enter into a separate written agreement with Rapid7 for the services, then the terms of that separate written agreement shall apply and this Agreement shall have no effect.
1.1 “Add-Ons” means “Plug-ins”, “bots” and applications created by Customer for use with the Software.
1.2 Documentation means the documentation for the Software generally supplied by Rapid7 to assist its customers in their use of the Software, including user and system administrator guides, manuals, and the functionality specifications.
1.3 Maintenance and Support Term means the period in which Customer is entitled to receive support services from Rapid7, including all updates, bug fixes and new releases thereto that Rapid7 makes generally available to its customers at no additional cost. The length of the Maintenance and Support Term shall be listed on the applicable Order Form and shall commence on the date of delivery of the Software. Application Extensions or new functional modules are not included in maintenance and support and may be subject to additional fees.
1.4 Order Form means Rapid7’s order form or other ordering document signed or referenced by Customer or its authorized reseller which identifies the specific Software and/or Services ordered, the Volume Limitations, and the price agreed upon by the parties.
1.5 Services means Rapid7’s professional services (as described in Section 10.2) herein.
1.6 Software means those InsightCloudSec products listed on the applicable Order Form.
1.7 Software Term means the period in which Customer is authorized to utilize the Software. Each Software Term shall be listed on the applicable Order Form.
1.8 Volume Limitations means the capacity indicated on the Order Form, including, as applicable, number of billable cloud resources, assets, applications, data, plugins, and named individual users of the Software.
2. SOFTWARE LICENSES
2.1 License to Products.
2.1.1 On Premises Deployment. If Customer deploys the Software in its environment (also referred to as “self-hosted”), during the applicable Software Term, Rapid7 hereby grants to Customer a non-exclusive, non-transferable license to use the Software (in object code only) listed on the Order Form within the Volume Limitations, for Customer’s internal business purposes only, and solely in accordance with the applicable Documentation. The Software shall not be used on or for any third party unless otherwise stated below.
2.1.2 SaaS Deployment. If Customer accesses the Software via the SaaS offering, Rapid7 hereby grants to Customer, during the Software Term, Rapid7 grants Customer a non-exclusive, non-transferable, non-sublicensable right to use and access the Software (in object code only): (i) solely for Customer’s internal business purposes; (ii) within the Volume Limitations; and (iii) as described in this Agreement. The parties also agree to be bound by any further license restrictions set forth on the Order Form.
2.2 Evaluation Licenses. If Customer’s license is for a trial or evaluation only, then the Software Term shall be thirty days, or the trial or evaluation term specified on the Order Form. Customer may not utilize the same software for more than one trial or evaluation term in any twelve month period, unless otherwise agreed to by Rapid7. Rapid7 may revoke Customer’s evaluation or trial license at any time and for any reason. Sections 4 (Limited Warranty) and 9.1 (Indemnification) shall not be applicable to any evaluation or trial license.
2.3 Use by Affiliates. Subject to the Volume Limitations, Customer may make the Software available to its Affiliates under these terms, provided that Customer is liable for any breach of this Agreement by any of its Affiliates. “Affiliate(s)” means any entity now existing that is directly or indirectly controlled by Customer. For purposes of this definition “control” means the direct possession of a majority of the outstanding voting securities of an entity.
2.4 Delivery and Copies. Delivery shall be deemed to have been made upon Rapid7 providing instructions to download or activate the Software, as applicable. Notwithstanding anything to the contrary herein, Customer may make a reasonable number of copies of the Software for the sole purpose of staging, testing, backing-up and archiving the Software. Each copy of the Software is subject to this Agreement and must contain the same titles, trademarks, and copyright notices as the original.
2.5 Open Source Libraries. Customer understands that its ability to use the Software may require use of open source code libraries, (“OSS Libraries”). Current open source components made available by Rapid7 can be found at: https://docs.divvycloud.com/docs/oss), however Customer may elect to use such OSS Libraries or procure alternatives. Customer acknowledges that its use of the third party software in connection with the Software and access to and use of OSS Libraries (whether or not access to such OSS Library is provided by Rapid7) may be subject to separate third party license terms and conditions (“Third Party Terms”). Notwithstanding anything set forth in this Agreement, Customer agrees that (a) all such third party software and access to and use of OSS Libraries is governed exclusively by the applicable Third Party Terms, and Customer shall comply with all Third Party Terms, and (b) Licensor shall have no obligation to provide any OSS Libraries (or rights to use the same).
2.6 Restrictions. The Services may only be used for the purposes of good-faith testing, detection, assessment, prioritization, investigation, and/or correction of misconfigurations, policy violations, threats, security flaws, exposures, or vulnerabilities in order to advance the security or safety of cloud and container environments, devices, machines, or networks of those who use such cloud and container environments, devices, machines, or networks. Except as may be expressly permitted by applicable law, Customer will not, and will not permit or authorize third parties to: (i) reproduce, modify, translate, enhance, decompile, disassemble, reverse engineer, create derivative works of the Software, or merge the Software into another program; (ii) resell, rent, lease, or sublicense the Software or access to it, including use of the Software for timesharing or service bureau purposes; (iii) circumvent or disable any security or technological features or measures in the Software; nor (iv) use the Software in order to build a competitive product or service, for competitive analysis, or to copy any ideas, features, functions, or graphics of the Software. Customer is responsible for its employees’ compliance with this Agreement. If Customer identifies a vulnerability in the Software, all information and analysis regarding the vulnerability must be disclosed through the Rapid7 contact form, found at rapid7.com/disclosure/.
2.7 Ownership of Software. Rapid7 retains all right, title, and interest in and to the Documentation, Software, Content Updates and in all copies, modifications and derivative works thereto including, without limitation, all rights to patent, copyright, trade secret, trademark, and other proprietary or intellectual property rights.
2.8 Add-Ons. Customer may elect to develop Add-Ons to the Software. In such cases, Customer shall own the code base for such Add-Ons but does not own any exclusive right to the business ideas embodied thereby. Nothing herein restricts or limits Rapid7’s right to develop the same or similar applications, including without limitation as Application Extensions or Updates to the Software, which shall be owned by Rapid7 with no obligations to Customer for use thereof.
2.9 Customer Systems. Customer represents and warrants that it has the appropriate authorizations from the owner of the networks, systems, IP addresses, assets, and/or hardware on which it deploys the Software, or which it targets, scans, monitors, or tests with the Software.
3. FEES AND PAYMENT TERMS
3.1 If Customer is purchasing the Software through a Rapid7 authorized reseller, then the fees shall be as set forth between Customer and reseller and the applicable fees shall be paid directly to the reseller and Section 3.2 shall not apply.
3.2 Customer agrees to pay the fees, charges, and other amounts in accordance with the Order Form from the date of invoice. All fees are nonrefundable, unless otherwise stated herein. Customer shall be responsible for remitting all taxes levied on any transaction under this Agreement, including, without limitation, all federal, state, and local sales taxes, levies and assessments, and local withholding taxes in Customer’s jurisdiction, if any, excluding, however, any taxes based on Rapid7's income. In the event Customer is required to withhold taxes from its payment or withholding taxes are subsequently required to be paid to a local taxing jurisdiction, Customer is obligated to pay such tax, and Rapid7 as applicable, will receive the Order Form payment amount as agreed to net of any such taxes. Customer shall provide to Rapid7 written evidence that such withholding tax payment was made.
4. LIMITED WARRANTY
4.1 Software Warranty. Rapid7 warrants that for a period of ninety days following the initial delivery of any Software to Customer the Software will conform, in all material respects, with the applicable Documentation. For a breach of the above warranty, Rapid7 will, at no additional cost to Customer, use commercially reasonable efforts to provide remedial services necessary to enable the Software to conform to the warranty. Customer will provide Rapid7 with a reasonable opportunity to remedy any breach and reasonable assistance in remedying any defects. If Rapid7 is unable to restore such functionality, Customer shall be entitled to terminate the applicable Order Form and receive a pro rata refund of the fees paid. The remedies set out in this subsection are Customer’s sole remedies for breach of the above warranty. Headings or titles in the Documentation are for information only and do not imply any warranties. For example, and without limitation, any products or services called “compliance packs” or similar nomenclature shall not imply any representation that use thereof guarantees compliance with all applicable laws.
4.2 Disclaimer. RAPID7 DOES NOT REPRESENT THAT THE SOFTWARE WILL BE UNINTERRUPTED, ERROR-FREE, OR WILL MEET CUSTOMER’S REQUIREMENTS. EXCEPT FOR THE WARRANTY ABOVE, RAPID7 MAKES NO OTHER WARRANTIES OR REPRESENTATIONS, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT OF THIRD PARTY RIGHTS. RAPID7 MAKES NO WARRANTY THAT ALL SECURITY RISKS OR THREATS WILL BE DETECTED BY USE OF THE SOFTWARE OR THAT FALSE POSITIVES WILL NOT BE FOUND. Rapid7 disclaims all warranties and liability as to Add-Ons and third party hardware, networks, and software, including OSS Libraries, whether or not provided by or accessed through Rapid7.
4.3 Orchestration Disclaimer. Customer is responsible for implementing appropriate internal procedures and oversight to the extent it utilizes the configuration of workflows and processes, including but not limited to containment actions, quarantine actions, kill processes and similar functionalities (“Orchestration and Automation Functionality”). EXCEPT FOR THE WARRANTY IN SECTION 5.1, THE ORCHESTRATION AND AUTOMATION FUNCTIONALITY IS MADE AVAILABLE BY RAPID7 ON AN “AS-IS” BASIS TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW. Rapid7’s Orchestration and Automation Functionality is not designed, intended or licensed for use in hazardous environments or other applications where a malfunction could cause property damage or personal injury, and Rapid7 specifically disclaims any liability in connection with any such use. Customer assumes all risks in using third-party products or services in connection with the Orchestration and Automation Functionality.
5. LIMITATION OF LIABILITY
5.1 Exclusion of Certain Damages. NEITHER PARTY WILL BE LIABLE UNDER THIS AGREEMENT FOR LOST REVENUES OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, EVEN IF THE PARTY KNEW OR SHOULD HAVE KNOWN THAT SUCH DAMAGES WERE POSSIBLE.
5.2 Limitation on Amount of Liability. NEITHER PARTY WILL BE LIABLE UNDER THIS AGREEMENT FOR MORE THAN THE TOTAL AMOUNT PAID OR PAYABLE BY CUSTOMER TO RAPID7 HEREUNDER DURING THE TWELVE MONTHS IMMEDIATELY PRIOR TO THE EVENT GIVING RISE TO LIABILITY, EXCEPT THAT THE LIMITATION IN THIS SECTION 5.2 SHALL NOT APPLY TO: (I) VIOLATIONS OF A PARTY’S INTELLECTUAL PROPERTY RIGHTS BY THE OTHER PARTY; OR (II) A PARTY’S EXPRESS INDEMNIFICATION OBLIGATIONS UNDER THIS AGREEMENT.
6. USAGE LIMITATIONS
6.1 Volume Limitations. Customer understands and acknowledges that the Software may track its Volume Limitations. Customer will be responsible for any overages in accordance with the agreed upon true-up method listed in the Order Form.
6.2 Compliance with Terms. At Rapid7’s written request, Customer will permit Rapid7 to review and verify Customer’s records, deployment, and use of the Software for compliance with the terms and conditions of this Agreement, at Rapid7’s expense. Any such review shall be scheduled at least ten days in advance, shall be conducted during normal business hours at Customer’s facilities, and shall not unreasonably interfere with Customer’s business activities.
7.1 Confidential Information. “Confidential Information” means information provided by one party to the other party which is designated in writing as confidential or proprietary, as well as information which a reasonable person familiar with the disclosing party’s business and the industry in which it operates would know is of a confidential or proprietary nature. A party will not disclose the other party’s Confidential Information to any third party without the prior written consent of the other party, nor make use of any of the other party’s Confidential Information except in its performance under this Agreement. Each party accepts responsibility for the actions of its agents or employees and shall protect the other party’s Confidential Information in the same manner as it protects its own Confidential Information, but in no event with less than reasonable care. The parties expressly agree that the terms and pricing of this Agreement are Confidential Information. A receiving party shall promptly notify the disclosing party upon becoming aware of a breach or threatened breach hereunder and shall cooperate with any reasonable request of the disclosing party in enforcing its rights.
7.2 Exclusions. Information will not be deemed Confidential Information if such information: (i) is known prior to receipt from the disclosing party, without any obligation of confidentiality; (ii) becomes known to the receiving party directly or indirectly from a source other than one having an obligation of confidentiality to the disclosing party; (iii) becomes publicly known or otherwise publicly available, except through a breach of this Agreement; or (iv) is independently developed by the receiving party without use of the disclosing party’s Confidential Information. The receiving party may disclose Confidential Information pursuant to the requirements of applicable law, legal process or government regulation, provided that, unless prohibited from doing so by law enforcement or court order, the receiving party gives the disclosing party reasonable prior written notice, and such disclosure is otherwise limited to the required disclosure.
8. TERM & TERMINATION
8.1 The Software Term will automatically renew for an additional one year term unless (i) otherwise indicated on the Order Form or (ii) either party provides the other with written notice of its election not to renew at least 30 days prior to the anniversary date. Any renewal will be invoiced at the prevailing list price rate for the tier applicable at the time of renewal unless otherwise indicated on the Order Form. In connection with any renewal term, Rapid7 reserves the right to change the rates, applicable charges and usage policies and to introduce new charges, for any subsequent Subscription Term upon providing Customer written notice thereof (which may be provided by e-mail) at least 60 days prior to the end of the applicable term.
8.2 This Agreement or an Order Form may be terminated: (i) by either party if the other party is adjudicated as bankrupt, or if a petition in bankruptcy is filed against the other party and such petition is not discharged within sixty days of such filing; or (ii) by either party if the other party materially breaches this Agreement or the Order Form and fails to cure such breach to such party’s reasonable satisfaction within thirty days following receipt of written notice thereof. Customer’s license to use the Software shall terminate upon the expiration of the applicable Software Term. Upon any termination of this Agreement or an Order Form by Rapid7, all applicable licenses are revoked and Customer shall immediately cease use of the applicable Software and certify in writing to Rapid7 within thirty days that Customer has destroyed or returned to Rapid7 such Software and all copies thereof. Termination of this Agreement or a license granted hereunder shall not relieve Customer of its obligation to pay all fees that have accrued, have been paid, or have become payable by Customer hereunder. All provisions of this Agreement which by their nature are intended to survive the termination of this Agreement shall survive such termination.
9.1 By Rapid7. Rapid7 will indemnify, defend, and hold harmless Customer from and against all liabilities, damages, and costs (including settlement costs and reasonable attorneys' fees) arising out of a third party claim that the Software infringes or misappropriates any intellectual property right of such third party. Notwithstanding the foregoing, in no event shall Rapid7 have any obligations or liability under this Section arising from: (i) use of any Software in a manner not anticipated by this Agreement or in combination with materials not furnished by Rapid7; or (ii) any content, information or data provided by Customer or other third parties. If the Software is or is likely to become subject to a claim of infringement or misappropriation, then Rapid7 will, at its sole option and expense, either: (i) obtain for the Customer the right to continue using the Software; (ii) replace or modify the Software to be non-infringing and substantially equivalent to the infringing Software; or (iii) if options (i) and (ii) above cannot be accomplished despite the reasonable efforts of Rapid7, then Rapid7 may terminate Customer’s rights to use the infringing Software and will refund pro-rata any prepaid fees for the infringing portion of the Software. THE RIGHTS GRANTED TO CUSTOMER UNDER THIS SECTION 9.1 SHALL BE CUSTOMER’S SOLE AND EXCLUSIVE REMEDY FOR ANY ALLEGED INFRINGEMENT BY THE SOFTWARE OF ANY PATENT, COPYRIGHT, OR OTHER PROPRIETARY RIGHT.
9.1 By Customer. Customer will indemnify, defend, and hold harmless Rapid7 from and against all liabilities, damages, and costs (including settlement costs and reasonable attorneys' fees) arising out of a third party claim regarding Customer's: (i) use of the Software in violation of applicable law; or (ii) breach of the representation and warranty made in Section 2.9 and 11.4 of this Agreement.
10. TECHNICAL SUPPORT AND PROFESSIONAL SERVICES
10.1 Maintenance and Support Services. Support is provided in accordance with Exhibit A. Support Services are provided for only the current major release and the prior two major releases. Notwithstanding the provisions of Exhibit A, Rapid7 shall not be obligated to provide any Support Services to the extent resulting from: (i) failure by Customer or its Users to use the Software in accordance with this Agreement, including the Documentation; (ii) Customer’s failure to use corrections or Updates previously provided to Customer by Rapid7; (iii) malfunction, defect or failure of hardware, software or any other item not developed, provided by or approved by Rapid7 under this Agreement; (iv) incorrect data or incorrect procedures used or provided by Customer, any User, or a third party; or (v) any cause (including any accident, abuse, misapplication, abnormal use or a virus) that is outside the reasonable control of Rapid7.
10.2 Product-Related Professional Services. Unless otherwise provided on an Order Form or statement of work (“SOW”), Customer is responsible for installing and configuring all Software. Rapid7 may provide Customer certain professional services, such as installation, configuration, consulting, training, and external scanning, if and as specified on an Order Form or a separate SOW executed by the parties. Such Services will be invoiced upon execution of the Order Form or SOW. All changes to an SOW must be approved by both parties in writing. Rapid7 shall have sole discretion in staffing the Services and may assign the performance of any portion of the Services to any subcontractor, provided that Rapid7 shall be responsible for the performance of any such subcontractor. Customer will have a non-exclusive, non-transferable license to use any deliverables or other work product developed by Rapid7 in the performance of the Services which are delivered to Customer, upon Customer's payment in full of all amounts due for such deliverables or work product. Rapid7 retains ownership of all information, software, and other property owned by it prior to this Agreement or which it develops independently of this Agreement and all deliverables and work product compiled or developed by Rapid7 in the performance of the Services.
10.3 Professional Services Rescheduling. To the extent Customer purchases Services, Customer may reschedule the Services up to ten business days’ prior to the start of the Services at no cost. If Customer reschedules the Services with less than ten business days notice, Customer will forfeit the portion of the Services equal to the number of days that were rescheduled without the required notice. If Customer reschedules the Services after they have begun, Customer will forfeit five days of Services, or the number of days remaining on the Services, whichever is fewer. Customer will also be responsible for any out-of-pocket expenses incurred by Rapid7 due to such rescheduling. If performance of the Services is delayed by Customer’s acts or omissions, including Customer’s failure to meet the requirements set forth in an SOW, Customer will forfeit the duration of such delay from its Services time.
11. SAAS DEPLOYMENT
The following provisions are applicable to SaaS deployments only, as indicated on the Order Form:
11.1 Data Security. Rapid7 shall implement appropriate technical and organizational measures to protect Customer Data from accidental or unlawful destruction, loss, or alteration, unauthorized disclosure of or access to Customer Data. Such measures may include, as appropriate (a) the encryption of Customer Data; (b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of systems and services; (c) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of Customer Data.
11.2 Uptime. Rapid7 shall use commercially reasonable efforts to provide access to the Software twenty-four hours a day, seven days a week throughout the Subscription Term. Customer agrees that from time to time the Software may be inaccessible or inoperable for various reasons, including: (i) equipment malfunctions; (ii) periodic maintenance procedures or repairs which Rapid7 may undertake from time to time; or (iii) causes beyond the control of Rapid7 or which are not reasonably foreseeable by Rapid7, including interruption or failure of telecommunication or digital transmission links, hostile network attacks or network congestion, or other failures (collectively “Downtime”). Customer’s failure to follow configuration requirements as documented on https://docs.divvycloud.com, or abusive behavior, or faulty input is excluded from Downtime. Rapid7 shall use commercially reasonable efforts to provide twenty-four hour advance notice to Customer in the event of any scheduled Downtime. Rapid7 shall have no obligation during performance of such operations to mirror Customer Data or to transfer Customer Data. Rapid7 shall use commercially reasonable efforts to minimize any disruption, inaccessibility, and/or inoperability of the hosted software in connection with Downtime, whether scheduled or not.
12. GENERAL PROVISIONS
12.1 Miscellaneous. (a) This Agreement shall be construed in accordance with and governed for all purposes by the laws of the State of Delaware (for customers located in North America), or England & Wales (for customers located outside of North America), each excluding its respective choice of law provisions and each party consents and submits to the jurisdiction and forum of the state and federal courts in the State of Delaware (for customers located in North America) or London, England (for customers located outside of North America) for all questions and controversies arising out of this Agreement and waives all objections to venue and personal jurisdiction in these forums for such disputes; (b) this Agreement, along with the accompanying Order Form(s) constitute the entire agreement and understanding of the parties hereto with respect to the subject matter hereof and supersedes all prior agreements and undertakings, both written and oral; (c) this Agreement and each Order Form may not be modified except by a writing signed by each of the parties; (d) in case any one or more of the provisions contained in this Agreement shall for any reason be held to be invalid, illegal, or unenforceable in any respect, such invalidity, illegality, or unenforceability shall not affect any other provisions of this Agreement, but rather this Agreement shall be construed as if such invalid, illegal, or other unenforceable provision had never been contained herein; (e) Customer shall not assign its rights or obligations hereunder without Rapid7's advance written consent; (f) subject to the foregoing subsection (e), this Agreement shall be binding upon and shall enure to the benefit of the parties hereto and their successors and permitted assigns; (g) no waiver of any right or remedy hereunder with respect to any occurrence or event on one occasion shall be deemed a waiver of such right or remedy with respect to such occurrence or event on any other occasion; (h) nothing in this Agreement, express or implied, is intended to or shall confer upon any other person any right, benefit, or remedy of any nature whatsoever under or by reason of this Agreement, including but not limited to any of Customer’s own clients, customers, or employees; (i) the headings to the sections of this Agreement are for ease of reference only and shall not affect the interpretation or construction of this Agreement; and (j) terms in an Order Form have precedence over conflicting terms in this Agreement, but have applicability only to that particular Order Form; and (k) this Agreement may be executed in two or more counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument.
12.2 Export. Each party acknowledges that the export, re-export, deemed export, and import of the Software and Documentation by Customer and Rapid7 is subject to certain laws, rules, executive orders, directives, arrangements, and regulations of the United States and of other countries. Each party agrees to comply with all applicable laws with respect to the exportation, importation, and use of the Software and Documentation.
12.3 Personal Data. To the extent that Rapid7 processes personal data about any individual in the course of providing the Software or Service, Customer agrees to Rapid7’s Data Processing Addendum, located at rapid7.com/legal/dpa.
12.4 Data Privacy. Customer represents and warrants that Customer has obtained all necessary rights to permit Rapid7 to collect and process data fromCustomer, including, without limitation, data from endpoints, servers, cloud applications, metrics, events, and logs.
12.5 Injunctive Relief. Notwithstanding any other provision of this Agreement, both parties acknowledge that any breach of this Agreement may cause the other party irreparable and immediate damage for which remedies other than injunctive relief may be inadequate. Therefore, the parties agree that, in addition to any other remedy to which a party may be entitled hereunder, at law or equity, each party shall be entitled to seek an injunction to restrain such use in addition to other appropriate remedies available under applicable law.
12.6 Relationship of the Parties. Rapid7 and Customer are independent contractors, and nothing in this Agreement shall be construed as making them partners or creating the relationships of principal and agent between them, for any purpose whatsoever. Neither party shall make any contracts, warranties or representations or assume or create any obligations, express or implied, in the other party’s name or on its behalf.
12.7 US Government Restricted Rights. This Section applies to all acquisitions of the Service by or for the US federal government, or by any prime contractor or subcontractor (at any tier) under any contract, grant, cooperative agreement, or other activity with the federal government for the Government’s end use. The Software and Services are “commercial items” as that term is defined at FAR 2.101. If Customer is an Executive Agency (as defined in FAR 2.101) of the U.S. Federal Government (“Government”), Rapid7 provides the Software and Services, including any related technical data and/or professional services in accordance with the following: If a right to access the Software and Services is procured by or on behalf of any Executive Agency (other than an Executive Agency within the Department of Defense (DoD)), the Government is granted, in accordance with FAR 12.211 (Technical Data) and FAR 12.212 (Computer Software), only those rights in technical data and software customarily provided to Rapid7’s customers as such rights are described in this Agreement. If a right to access the Software and Services is procured by or on behalf of any Executive Agency within the DoD, the Government is granted, in accordance with DFARS 227.7202-3 (Rights in commercial computer software or commercial computer software documentation), only those rights in technical data and software that are customarily provided to Rapid7’s customers as such rights are described in this Agreement. In addition, DFARS 252.227-7015 (Technical Data – Commercial Items) applies to technical data provided by Rapid7 to an Executive Agency within the DoD. Note, however, that Subpart 227.72 does not apply to computer software or computer Service documentation acquired under GSA schedule contracts. Except as expressly permitted under this Agreement, no other rights or licenses are granted to the Government. Any rights requested by the Government and not granted under this Agreement must be separately agreed in writing with Rapid7. This Section 11.6 of the Agreement is in lieu of, and supersedes, any other FAR, DFARS, or other clause, provision, or supplemental regulation that addresses Government rights in the Software and Services.
12.8 Force Majeure. Other than payment obligations hereunder, neither party will be liable for any inadequate performance to the extent caused by a condition that was beyond the party's reasonable control (including, but not limited to, natural disaster, act of war or terrorism, riot, global health crisis, acts of God, or government intervention), except for mere economic hardship, so long as the party continues to use commercially reasonable efforts to resume performance.
12.9 No Reliance. Customer represents that it has not relied on the availability of any future version of the Software or any future product or service in executing this Agreement or purchasing any Software hereunder.
12.10 Notices. Unless specified otherwise herein, (i) all notices must be in writing and addressed to the attention of the other party's legal department and primary point of contact, and (ii) notice will be deemed given: (a) when verified by written receipt if sent by personal courier, overnight courier, or when received if sent by mail without verification of receipt; or (b) when verified by automated receipt or electronic logs if sent by email. When sent by email, notices to Rapid7 must be sent to firstname.lastname@example.org.
12.11 Publicity. Customer acknowledges that Rapid7 may use Customer’s name and logo for the purpose of identifying Customer as a customer of Rapid7 products and/or services. Rapid7 will cease using Customer’s name and logo upon written request.
12.12 Compliance with Law. Each party agrees to comply with all applicable federal, state and local laws and regulations including but not limited to export law, and those governing the use of network scanners, vulnerability assessment software products, encryption devices, user monitoring, and related software in all jurisdictions in which systems are scanned, scanning is controlled, or users are monitored.
EXHIBIT A - SUPPORT
Product Support provides technical guidance and assistance with installation, setup, general technical usage, administration, software update management, and bug resolution for the InsightCloudSec software and any licensed InsightCloudSec modules. Product Support does not include troubleshooting third-party services or add-ins. Support can be accessed using self-service online documentation, phone, email (email@example.com), and an online service request process.
Ticket Priority Levels and Targets
Rapid7 assigns a severity level to a case when it is opened, based on an assessment of the issue type and customer impact. Descriptions of the severity levels are shown in the following table.
Production use of the InsightCloudSec platform is completely inaccessible or unusable, or the majority of its services aren't accessible or are unusable.
One or more services aren't accessible or are unusable. Multiple users or services are affected.
The service is usable but in an impaired fashion. A single user, customer, or service is partially affected. A feature is not operating as documented.
The situation has minimal business impact. The issue does not have a significant current service or productivity impact for the customer.
Initial response time is based on the severity levels described above. The response time objectives are described in the following table.
Initial response time
P1 (Available 24/7)
P2 (Available Business Hours)
Next business day
P3 (Available Business Hours)
Next business day
P4 (Available Business Hours)
Next business day
Authorized Support Point of Contacts (“Support Contacts”)
Support will be provided solely to the authorized individual(s) specified by the Customer. Rapid7 will communicate with those individual(s) when providing support. Rapid7 strongly recommends that Customer’s Support Contact(s) be trained on the Software. Customer agrees to designate Customer’s authorized support contacts, including their primary email address and phone numbers.
End User Support Responsibilities
Rapid7 understands that receiving timely technical support from qualified professionals is a key aspect of our customers’ success in using InsightCloudSec. Equally important is the critical role that the Customer's administrator(s) play in the support of its users. Customer administrator(s) are expected to provide initial assistance for the customer's users. However, if the Customer administrator is unable to resolve issues with the help of self-service support resources, one of the Support Contacts should contact Rapid7 support. End users should not directly contact Rapid7 support.
Product Support Limited to Specific Major Versions
Rapid7 provides Product Support, including, when available, bug fixes, only on the current major release and the prior two (2) major releases (the “Supported Version”). Software comes with a three number version identifier. The first number represents the year of the release, the second number identifies the sequential major release and the third number identifies the maintenance release.
Should Rapid7 in its sole judgment determine that there is a defect in the Software, it will, at its option, repair that defect in the Supported Version of the Software that Customer is currently using or instruct Customer to install a newer version of the Software with that defect repaired. Rapid7 reserves the right to provide Customer with a workaround in lieu of fixing a defect should it in its judgment determine that it is more effective to do so.
Monday through Friday from 8:00 am to 6:00 pm ET excluding Rapid7 holidays.
Technical Support Language
Product support is provided in English.
Customer’s Obligation to Assist
Should Customer open a case, Customer agrees to assist Rapid7 in the resolution of the case, including direct assistance and information. For example, Rapid7 may require Customer to provide information: (a) a general description of the operating environment, (b) a list of all supporting components, operating systems and networks, (c) a reproducible test case, and (d) any log files, trace and systems files. Customer’s failure to provide assistance may prevent Rapid7 from resolving a case.