Last updated April 2021
Rapid7 LLC or Rapid7 International Limited (as applicable, “Rapid7”) is willing to provide certain services to you as the individual, the company, or the legal entity (referenced below as “You” or “Your” or “Customer”) that enters into a written quotation, work order, statement of work or similar document with Rapid7 that references these terms and conditions (hereinafter, this “Agreement”) only on the condition that you accept all of the terms of this Agreement. Read the terms and conditions of this Agreement carefully before purchasing any services from Rapid7. This is a legal and enforceable contract between You and Rapid7. By entering into a written quotation, statement of work or similar document with Rapid7 that references the agreement below, you agree to the terms and conditions of this Agreement. If you enter into a separate written agreement with Rapid7 for the services, then the terms of that separate written agreement shall apply and this Agreement shall have no effect.
1.1 Customer Data means any of Customer’s data gathered through the provision of the Services or contained in any Deliverable.
1.2 Deliverables means the draft or final reports that are created for Customer as a result of the Services provided hereunder, unless otherwise defined in the individual SOW.
1.3 Services means the consulting, testing, managed, or other services described in an SOW that Rapid7 provides pursuant to Section 2.1 hereof. Services may be Managed Services or Professional Services:
(i) Managed Services means Services where Rapid7 manages an aspect of Customer’s business for the term and scope indicated in an SOW. Managed Services may include Rapid7 operating or subscribing to software on Customer’s behalf.
(ii) Professional Services means Services where Customer engages Rapid7 to perform specific, identified tasks, either at specific dates and times, or retained for a period of time in order to perform them as needed.
1.4 SOW means: (i) mutually agreed upon statement of work, or scope of work, scope of service, or service brief that sets forth and describes the Services to be provided hereunder, the applicable fees to be paid, and as applicable, any delivery schedules, timelines, specifications, and any other terms agreed upon by the parties; or (ii) Rapid7 ordering document which identifies the Services ordered and references this Agreement; in each case as signed or referenced by Customer or its authorized reseller.
2.1 Services. Customer may order Services from Rapid7 through an SOW. Rapid7 shall provide Customer the Services as specified in such SOW. All changes to an SOW must be approved by both parties in writing. Rapid7 will not invoice Customer for any Services beyond those contained in the SOW without the prior written consent of Customer.
2.2 Deliverables. Customer retains all right, title, and interest in and to Customer Data and Customer Confidential Information. In addition, Customer shall own all right, title and interest to the Results obtained by Customer through Customer’s use of the Services. For purposes of this Agreement, “Results” shall mean the data based on Customer Data resulting from Customer’s use of the Service, but does not include any dashboards for displaying results, report templates or other components of the Service used by Rapid7. Rapid7 owns all right, title, and interest in and to Rapid7’s trade secrets, its Confidential Information, or other proprietary rights in any material used by Rapid7 or presented to Customer, whether such was developed prior to the Services, independent of this Agreement, or in performance of the Services (each, “Rapid7 IP”), including but not limited to, documentation, software, designs, inventions, discoveries, specifications, improvements, tools, models, know-how, methodologies, analysis frameworks, and report formats. Customer will have a perpetual, royalty-free, worldwide, non-exclusive, non-transferable license to use any Rapid7 IP incorporated into any Deliverable, for Customer’s internal business purposes only, upon Customer's payment in full of all undisputed amounts due hereunder. Rapid7 may incorporate the Rapid7 IP in future releases of any of its products or services, provided Customer Data or Customer Confidential Information is not included in any Rapid7 IP.
2.3 Rapid7 Personnel. Rapid7 shall have sole discretion in staffing the Services and may assign the performance of any portion of the Services to any subcontractor, except that Customer may request the use of Rapid7 personnel in any SOW or at the time Customer schedules the Services. In the event that Rapid7 subcontracts any portion of the Services, Rapid7 shall be fully responsible for the acts and omissions of any such subcontractor and shall not be relieved of its obligations under this Agreement.
2.4 Customer Systems. Customer represents and warrants that it has authorization from the owner for Rapid7 to perform the Services on the networks, systems, IP addresses, assets, and/or hardware as instructed by Customer.
2.5 Managed Services. To the extent Managed Services include any Rapid7 software, Customer is granted a license to such software subject to the applicable license terms. Such license will be for the term of the Managed Services only.
2.6 Professional Services. To the extent Customer purchases Professional Services, Customer may reschedule the Services up to ten business days prior to the start of the Services at no cost. If Customer reschedules the Services with less than ten business days’ notice, Customer will forfeit the portion of the Services equal to the number of days that were rescheduled without the required notice. If Customer reschedules the Services after they have begun, Customer will forfeit five days of Services, or the number of days remaining on the Services, whichever is fewer. Customer will also be responsible for any out-of-pocket expenses incurred by Rapid7 due to such rescheduling. If performance of the Professional Services is delayed by Customer’s acts or omissions, including Customer’s failure to meet the requirements set forth in an SOW, Customer will forfeit the duration of such delay from its Professional Services time. Customer will have twelve months from the date of order to use or schedule any Professional Services, after which time any remaining, unscheduled Professional Services time will be forfeited.
3. FEES; PAYMENT TERMS
3.1 If Customer purchases the Services through a Rapid7 authorized reseller, then the fees and payment terms shall be as set forth between Customer and reseller and section 3.2 shall not apply.
3.2 Customer agrees to pay the fees, charges and other amounts in accordance with the applicable SOW. Rapid7 will invoice Customer upon execution of an SOW, unless otherwise agreed by the parties. All fees are non-refundable, unless otherwise stated herein. In the event an SOW requires travel by Rapid7 to a Customer designated site, Customer shall also reimburse Rapid7 for all reasonable out-of-pocket expenses incurred by Rapid7 in connection with delivery of the Services. Customer shall be responsible for remitting all taxes levied on any transaction under this Agreement, including, without limitation, all federal, state, and local sales taxes, levies and assessments, and local withholding taxes in Customer’s jurisdiction, if any, excluding, however, any taxes based on Rapid7's income. In the event Customer is required to withhold taxes from its payment or withholding taxes are subsequently required to be paid to a local taxing jurisdiction, Customer is obligated to pay such tax, and Rapid7, as applicable, will receive the SOW payment amount as agreed to net of any such taxes. Customer shall provide to Rapid7 written evidence that such withholding tax payment was made.
4.1 Confidential Information. “Confidential Information” means information provided by one party to the other party which is designated in writing as confidential or proprietary, as well as information which a reasonable person familiar with the disclosing party’s business and the industry in which it operates would know is of a confidential or proprietary nature. A party will not disclose the other party’s Confidential Information to any third party without the prior written consent of the other party, nor make use of any of the other party’s Confidential Information except in its performance under this Agreement. Each party accepts responsibility for the actions of its agents or employees and shall protect the other party’s Confidential Information in the same manner as it protects its own Confidential Information, but in no event with less than reasonable care. The parties expressly agree that the terms and pricing of this Agreement are Confidential Information. A receiving party shall promptly notify the disclosing party upon becoming aware of a breach or threatened breach hereunder and shall cooperate with any reasonable request of the disclosing party in enforcing its rights.
4.2 Exclusions. Information will not be deemed Confidential Information if such information: (i) is known prior to receipt from the disclosing party, without any obligation of confidentiality; (ii) becomes known to the receiving party directly or indirectly from a source other than one having an obligation of confidentiality to the disclosing party; (iii) becomes publicly known or otherwise publicly available, except through a breach of this Agreement; or (iv) is independently developed by the receiving party without use of the disclosing party’s Confidential Information. The receiving party may disclose Confidential Information pursuant to the requirements of applicable law, legal process or government regulation, provided that, unless prohibited from doing so by law enforcement or court order, the receiving party gives the disclosing party reasonable prior written notice, and such disclosure is otherwise limited to the required disclosure.
5. DATA PRIVACY
5.1 Customer Data. To the extent that Rapid7 processes personal data about any individual in the course of providing the Service, Customer agrees to Rapid7’s Data Processing Agreement, located at https://www.rapid7.com/legal/dpa/. Rapid7 may use Customer Data solely as necessary to: (i) provide the Services to Customer; (ii) in anonymized and aggregated form that does not or cannot be used to identify Customer or any Customer Data, generate statistics and produce reports; and (iii) collect data and analytics about use of the Services in order to continue to improve the development and delivery of the Services.
5.2 Data Privacy. Customer represents and warrants that Customer has obtained all necessary rights to permit Rapid7 to collect and process Customer Data from Customer, including, without limitation, data from endpoints, servers, cloud applications, and logs.
6. LIMITED WARRANTY
6.1 Warranty and Remedy. Rapid7 warrants that the Services will be provided with reasonable skill and care conforming to generally accepted industry standards, and in conformance in all material respects with the requirements set forth in the SOW. Customer must report any deficiency in the Services to Rapid7 in writing within fifteen business days of delivery or performance of the portion of the Services containing the deficiency. For any breach of the above warranty, Rapid7 will, at its option and expense, either (a) use commercially reasonable efforts to provide remedial services necessary to enable the Services to conform to the warranty, or (b) refund pro-rata amounts paid for the non-conforming Services. Customer will provide reasonable assistance in remedying any defects. The remedies set out in this subsection are Customer’s sole remedies for breach of the above warranty.
6.2 No Other Warranty. EXCEPT FOR THE WARRANTY ABOVE, RAPID7 MAKES NO OTHER WARRANTIES OR REPRESENTATIONS, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF THIRD PARTY RIGHTS. RAPID7 MAKES NO WARRANTY THAT ALL SECURITY RISKS, INCIDENTS, OR THREATS WILL BE DETECTED OR REMEDIATED BY USE OF THE SERVICES OR THAT FALSE POSITIVES WILL NOT BE FOUND.
7. LIMITATION OF LIABILITY
7.1 Exclusion of Certain Damages. NEITHER PARTY WILL BE LIABLE UNDER THIS AGREEMENT FOR LOST REVENUES OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, EVEN IF THE PARTY KNEW OR SHOULD HAVE KNOWN THAT SUCH DAMAGES WERE POSSIBLE.
7.2 Limitation on Amount of Liability. NEITHER PARTY WILL BE LIABLE UNDER THIS AGREEMENT FOR MORE THAN THE TOTAL AMOUNT PAID OR PAYABLE BY CUSTOMER TO RAPID7 HEREUNDER DURING THE TWELVE MONTHS IMMEDIATELY PRIOR TO THE EVENT GIVING RISE TO LIABILITY, EXCEPT THAT THE LIMITATION IN THIS SECTION 7.2 SHALL NOT APPLY TO: (I) VIOLATIONS OF A PARTY’S INTELLECTUAL PROPERTY RIGHTS BY THE OTHER PARTY; OR (II) A PARTY’S EXPRESS INDEMNIFICATION OBLIGATIONS UNDER THIS AGREEMENT.
The term of each Services order will be as set forth on the SOW. Termination of an SOW will not terminate this Agreement. Either party may terminate this Agreement or any SOW (i) immediately in the event of a material breach of this Agreement or any such SOW by the other party that is not cured within thirty days of written notice thereof from the other party, or (ii) immediately if the other party ceases doing business, or is the subject of a voluntary or involuntary bankruptcy, insolvency or similar proceeding that is not dismissed within sixty days of filing. Either party may also terminate this Agreement upon no less than thirty days’ prior written notice to the other party for any reason if at such time there are no outstanding SOWs currently in effect. All provisions of this Agreement which by their nature are intended to survive the termination of this Agreement shall survive such termination. Unless either party provides the other with written notice of its election not to renew the term for any Managed Services at least thirty days prior to such renewal date, the term for any Managed Services will renew for a term of one year at the rate listed on the applicable SOW. In connection with any renewal term, Rapid7 reserves the right to change the rates, applicable charges, and usage policies and to introduce new charges for any subsequent term, upon providing Customer written notice thereof (which may be provided by e-mail) at least 60 days prior to the end of the then current term for any Managed Services.
9.1 By Rapid7. Rapid7 will indemnify Customer from and against all costs, liabilities, losses, and expenses (including, but not limited to, reasonable attorneys’ fees) (collectively, “Losses”) arising out of a third party claim alleging that the Services infringe or misappropriate any intellectual property rights of such third party. Notwithstanding the foregoing, in no event shall Rapid7 have any obligations or liability under this Section arising from: (i) use of any Services in a manner not anticipated by this Agreement or in combination with materials not furnished by Rapid7, and (ii) any content, information, or data provided by Customer or other third parties. If the Services are or are likely to become subject to a claim of infringement or misappropriation, then Rapid7 will, at its sole option and expense, either: (i) obtain for the Customer the right to continue using the Services; (ii) replace or modify the Services to be non-infringing and substantially equivalent to the infringing Services; or (iii) if options (i) and (ii) above cannot be accomplished despite the reasonable efforts of Rapid7, then Rapid7 may terminate Customer’s rights to use the infringing Services and will refund pro-rata any prepaid fees for the infringing portion of the Services. THE RIGHTS GRANTED TO CUSTOMER UNDER THIS SECTION 9.1 SHALL BE CUSTOMER’S SOLE AND EXCLUSIVE REMEDY FOR ANY ALLEGED INFRINGEMENT BY THE SERVICES OF ANY PATENT, COPYRIGHT, OR OTHER PROPRIETARY RIGHT.
9.2 By Customer. Customer will indemnify, defend, and hold harmless Rapid7 from and against all Losses arising out of a third party claim regarding: (i) Customer’s violation of any representations and warranties made in Sections 2.4 and 5.2 of this Agreement; or (ii) Customer’s violation of applicable law.
10. GENERAL PROVISIONS
10.1 Miscellaneous. (a) This Agreement shall be construed in accordance with and governed for all purposes by the laws of the State of Delaware (for customers located in North America), or England & Wales (for customers located outside of North America), each excluding its respective choice of law provisions and each party consents and submits to the jurisdiction and forum of the state and federal courts in the State of Delaware (for customers located in North America) or London, England (for customers located outside of North America) all questions and controversies arising out of this Agreement and waives all objections to venue and personal jurisdiction in these forums for such disputes; (b) this Agreement, along with the accompanying SOW(s) constitute the entire agreement and understanding of the parties hereto with respect to the subject matter hereof and supersedes all prior agreements and undertakings, both written and oral; (c) this Agreement and each SOW may not be modified except by a writing signed by each of the parties; (d) in case any one or more of the provisions contained in this Agreement shall for any reason be held to be invalid, illegal, or unenforceable in any respect, such invalidity, illegality, or unenforceability shall not affect any other provisions of this Agreement but rather this Agreement shall be construed as if such invalid, illegal, or other unenforceable provision had never been contained herein; (e) Customer shall not assign its rights or obligations hereunder without Rapid7's advance written consent; (f) subject to the foregoing subsection (e), this Agreement shall be binding upon and shall enure to the benefit of the parties hereto and their successors and permitted assigns; (g) no waiver of any right or remedy hereunder with respect to any occurrence or event on one occasion shall be deemed a waiver of such right or remedy with respect to such occurrence or event on any other occasion; (h) nothing in this Agreement, express or implied, is intended to or shall confer upon any other person any right, benefit or remedy of any nature whatsoever under or by reason of this Agreement, including but not limited to any of Customer’s own clients, customers, or employees; (i) the headings to the sections of this Agreement are for ease of reference only and shall not affect the interpretation or construction of this Agreement; (j) terms in an SOW have precedence over conflicting terms in this Agreement, but have applicability only to that particular SOW; and (k) this Agreement may be executed in two or more counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument.
10.2 Injunctive Relief. Notwithstanding any other provision of this Agreement, both parties acknowledge that any breach of this Agreement may cause the other party irreparable and immediate damage for which remedies other than injunctive relief may be inadequate. Therefore, the parties agree that, in addition to any other remedy to which a party may be entitled hereunder, at law or equity, each party shall be entitled to seek an injunction to restrain such use in addition to other appropriate remedies available under applicable law.
10.3 Relationship of the Parties. Rapid7 and Customer are independent contractors, and nothing in this Agreement shall be construed as making them partners or creating the relationships of principal and agent between them, for any purpose whatsoever. Neither party shall make any contracts, warranties, or representations or assume or create any obligations, express or implied, in the other party’s name or on its behalf.
10.4 Force Majeure. Other than payment obligations hereunder, neither party will be liable for any inadequate performance to the extent caused by a condition that was beyond the party's reasonable control (including, but not limited to, natural disaster, act of war or terrorism, riot, global health crisis, acts of God, or government intervention), except for mere economic hardship, so long as the party continues to use commercially reasonable efforts to resume performance.
10.5 No Reliance. Customer represents that it has not relied on the availability of any future feature or version of the Services or any future product or service in executing this Agreement or purchasing any Services hereunder.
10.6 Notices. Unless specified otherwise herein, (i) all notices must be in writing and addressed to the attention of the other party's legal department and primary point of contact and (ii) notice will be deemed given: (a) when verified by written receipt if sent by personal courier, overnight courier, or when received if sent by mail without verification of receipt; or (b) when verified by automated receipt or electronic logs if sent by email. When sent by email, notices to Rapid7must be sent to firstname.lastname@example.org.
10.7 Publicity. Customer acknowledges that Rapid7 may use Customer’s name and logo for the purpose of identifying Customer as a customer of Rapid7 products and/or services. Rapid7 will cease using Customer’s name and logo upon written request.
10.8 Compliance with Law. Each party agrees to comply with all applicable federal, state, and local laws and regulations including but not limited to export law, and those governing the use of network scanners, vulnerability assessment software products, encryption devices, user monitoring, and related software in all jurisdictions in which systems are scanned, scanning is controlled, or users are monitored.