CyberArk SaaS Terms of Service (Global) Rev. 17 May 2024 Page 1 of 11
SAAS TERMS OF SERVICE
CYBERARK SOFTWARE LTD. AND/OR ITS AFFILIATES (“CYBERARK”) IS WILLING TO GRANT ACCESS TO
THE SAAS PRODUCTS TO YOU AS THE COMPANY OR THE LEGAL ENTITY THAT WILL BE UTILIZING THE
SAAS PRODUCTS (REFERENCED BELOW AS “CUSTOMER”) ON THE CONDITION THAT YOU ACCEPT ALL
OF THE TERMS OF THIS AGREEMENT (AS DEFINED BELOW). BY ENTERING INTO THIS AGREEMENT ON
BEHALF OF THE CUSTOMER, YOU REPRESENT THAT YOU HAVE THE LEGAL AUTHORITY TO BIND THE
CUSTOMER TO THIS AGREEMENT. CUSTOMER AND CYBERARK MAY EACH ALSO BE REFERRED TO AS
A “PARTY” AND TOGETHER, THE “PARTIES”.
PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE SAAS PRODUCTS. THIS SAAS TERMS
OF SERVICE (“AGREEMENT”) CONSTITUTES A LEGAL AND ENFORCEABLE CONTRACT BETWEEN
CUSTOMER AND CYBERARK. BY INDICATING CONSENT ELECTRONICALLY, OR ACCESSING OR
OTHERWISE USING THE SAAS PRODUCTS, CUSTOMER AGREES TO THE TERMS AND CONDITIONS OF
THIS AGREEMENT. IF CUSTOMER DOES NOT AGREE TO THIS AGREEMENT, DO NOT INDICATE CONSENT
ELECTRONICALLY AND MAKE NO FURTHER USE OF THE SAAS PRODUCTS.
1. Access and Use
1.1. Access and Use. CyberArk grants Customer, during the Subscription Term, a non-exclusive, non-
transferable right to access and use (and permit Authorized Users of Customer and its Affiliates’ to access and use)
the SaaS Products and applicable Documentation solely for Customer’s and its Affiliates’ internal business purposes
in accordance with the Documentation and in the quantity specified in the applicable Order. Such license grant is
subject to payment of all applicable fees set forth in the Order or payment in accordance with an Indirect Order
through a Channel Partner (as appropriate) and the terms and conditions of this Agreement. CyberArk may update
or upgrade the SaaS Products from time-to-time.
1.2. Access and Use Restrictions. Customer shall not (directly or indirectly): (a) copy or reproduce the SaaS
Products or the Documentation except as permitted under this Agreement; (b) exceed the subscribed quantities,
Authorized users or other entitlement measures of the SaaS Products as set forth in the applicable Order; (c)
remove or destroy any copyright, trademark or other proprietary marking or legends placed on or contained in the
SaaS Products, Documentation or CyberArk Intellectual Property; (d) assign, sell, sublicense, distribute or
otherwise transfer or make available the rights granted to Customer under this Agreement to any third party except
as expressly set forth herein; (e) modify, reverse engineer or disassemble the SaaS Products; (f) except to the
limited extent applicable laws specifically prohibit such restriction, decompile, attempt to derive the source code or
underlying ideas or algorithms of any part of the SaaS Products, attempt to recreate the SaaS Products or use the
SaaS Products for any competitive or benchmark purposes; (g) create, translate or otherwise prepare derivative
works based upon the SaaS Products, Documentation or CyberArk Intellectual Property; (h) interfere with or disrupt
the integrity or performance of the SaaS Products; (i) attempt to gain unauthorized access to the SaaS Products or
its related systems or networks, or perform unauthorized penetrating testing on the SaaS Products; (j) use the SaaS
Products in a manner that infringes on the Intellectual Property rights, publicity rights, or privacy rights of any third
party, or to store or transfer defamatory, trade libelous or otherwise unlawful data; or (k) except as otherwise agreed
by the Parties in the applicable BAA, store in or process with the SaaS Products any personal health data, credit
card data, personal financial data or other such sensitive regulated data not required by the Documentation, or any
Customer Data that is subject to the International Traffic in Arms Regulations maintained by the United States
Department of State. Fees for the SaaS Products are based on use of the SaaS Products in a manner consistent
with the Documentation. If Customer uses, or is reasonably suspected of using, the SaaS Products in violation of
the Documentation or exceeding the licensed quantities or other entitlement measures as set forth in an applicable
Order, Customer shall cooperate with CyberArk to resolve any non-compliance, which may include payment for any
such overages at then-current applicable rates.
1.3. Login Access to the SaaS Products. Customer is solely responsible for ensuring: (i) that only appropriate
Authorized Users have access to the SaaS Products, (ii) that such Authorized Users have been trained in proper
use of the SaaS Products, and (iii) proper usage of passwords, tokens and access procedures with respect to
logging into the SaaS Products. CyberArk may refuse registration of or suspend Customer's or a specific user’s
access and use of the SaaS Products if CyberArk knows or reasonably suspects that Customer’s access or use is
CyberArk SaaS Terms of Service (Global) Rev. 17 May 2024 Page 2 of 11
malicious or otherwise harmful to the Customer itself, the SaaS Products or CyberArk’s other customers. CyberArk
will provide notice prior to such suspension if permitted by applicable law and unless CyberArk reasonably believes
that providing such notice poses a risk to the security of the SaaS Products. CyberArk will promptly reinstate
Customer’s access and use once the issue has been resolved.
1.4. Trial Services. If Customer is using a free trial, a proof of concept version of the SaaS Products, a beta
version of the SaaS Products, or using the SaaS Products on any other free-of-charge basis as specified in an
Order including any related support services to the extent provided by CyberArk in its sole discretion (collectively,
“Trial Services”), CyberArk makes such Trial Services available to Customer until the earlier of: (i) the end of the
free trial or proof of concept period or beta testing period as communicated by CyberArk or specified in an Order;
(ii) the start date of any purchased version of such SaaS Products; or (iii) written notice of termination from CyberArk
(“Trial Services Period”). CyberArk grants Customer, during the Trial Services Period, a non-exclusive, non-
transferable right to access and use the Trial Services for Customer’s internal evaluation purposes in accordance
with the Documentation and subject to the access and use restrictions set forth in this Agreement. Customer is
authorized to use Trial Services only for evaluation and not for any business or productive purposes, unless
otherwise authorized by CyberArk in writing. Any data Customer enters into the Trial Services and any
configurations made to the Trial Services by or for Customer during the term of such Trial Services will be
permanently lost unless Customer: (a) has purchased a subscription to the same SaaS Products as covered by the
Trial Services; or (b) exports such data or configurations before the end of such free period. There is no guarantee
that features or functions of the Trial Services will be available, or if available will be the same, in the general release
version of the SaaS Products, and Customer should review the SaaS Products features and functions before
making a purchase. CyberArk will be under no obligation to provide Customer any support services with respect to
the Trial Services. Notwithstanding anything to the contrary, CyberArk provides the Trial Services “as is” and “as
available” without any warranties or representations of any kind. To the extent permitted by law, CyberArk disclaims
all implied warranties and representations, including, without limitation, any implied warranty of merchantability,
fitness for a particular purpose and non-infringement. Customer assumes all risks and all costs associated with its
use of the Trial Services. Customer’s sole and exclusive remedy in case of any dissatisfaction or CyberArk’s breach
of the Agreement with respect to such Trial Services is termination of the Trial Services. Any obligations on behalf
of CyberArk to indemnify, defend, or hold harmless under this Agreement are not applicable to Customers using
Trial Services.
1.5. Third Party Materials. The SaaS Products include Third-Party Materials, use of which is subject to their
respective OSS Licenses as indicated in the Documentation. CyberArk warrants that the inclusion of such Third-
Party Materials in the SaaS Products will not prevent Customer from exercising the license rights provided to
Customer herein in respect of the SaaS Products or limit Customer’s ability to use the SaaS Products in accordance
with the Documentation. Nothing herein shall derogate from mandatory rights Customer may have under any OSS
Licenses, if any. Customer may obtain a copy of the source code for certain Third-Party Materials by following the
instructions set forth in the Documentation.
1.6. Support. As part of its provision of the SaaS Products, CyberArk shall make available technical support to
Customer in accordance with the Support Services terms applicable to the SaaS Products. Upon notification from
CyberArk, Customer shall promptly; update any Agents on Customer systems that interact with the SaaS Products;
and/or as applicable ensure that all Authorized Users download and install all available updates for locally installed
components without undue delay. Customer acknowledges and agrees that its failure to timely install such updates
may result in disruptions to or failures of the SaaS Products, security risks or suspension of Customer’s access to
the SaaS Products, without any liability on the part of CyberArk to Customer.
1.7. SaaS Product Usage Analytics. CyberArk and its Affiliates shall be permitted to collect and use Usage
Analytics for its reasonable business purposes and for Customer’s benefit (including research and development
statistical analyses, monitoring and management of CyberArk’s Products). Other than for the purpose of providing
the SaaS Products to Customer, in the event CyberArk discloses Usage Analytics or any part thereof to third parties
(either during the Subscription Term of thereafter), such data shall be deidentified so that it will not identify Customer
CyberArk SaaS Terms of Service (Global) Rev. 17 May 2024 Page 3 of 11
or its Authorized Users. The foregoing shall not limit in any way CyberArk’s confidentiality obligations pursuant to
Section 4 below.
2. Payment and Taxes
2.1. Payment Terms. Without prejudice to Customer’s rights set out elsewhere in this Agreement, all SaaS
Products fees are non-refundable and payable in advance. CyberArk may invoice for purchases of SaaS Products
upon delivery. Where:
(A) Customer is paying CyberArk directly, Customer shall pay all invoices within thirty (30) days of date of invoice,
without any deduction or set-off (except for any amount disputed promptly and in writing by Customer in good faith),
and payment will be sent to the address specified by CyberArk. Any amounts arising in relation to this Agreement
not paid when due will be subject to a late charge of one and one-half percent (1 ½ %) per month on the unpaid
balance or the maximum rate allowed by law, whichever is less; or
(B) Customer places an Indirect Order, CyberArk grants the rights described in this Agreement in consideration for
and subject to: (a) Customer’s agreement to comply with the pricing and payment terms of the Indirect Order, to be
separately agreed between Customer and the applicable Channel Partner; and (b) Customer’s agreement to comply
with its obligations set forth in this Agreement (including the restrictions on use of the SaaS Products).
Notwithstanding the foregoing, the final sales price or rate shall be freely and independently determined between
the applicable Channel Partner and Customer. For the avoidance of doubt, in the case of such an Indirect Order,
any indication in this Agreement of an agreement between Customer and CyberArk for the price payable by
Customer for such Indirect Order shall be null and void and not form a binding part of this Agreement and the
provisions of this Agreement related to payment terms, pricing and/or order procedures shall not apply.
2.2. Taxes. The fees and charges covered by this Agreement are exclusive of any Indirect Taxes imposed or
levied, currently or in the future based on applicable legislation, on the SaaS Products. Unless otherwise agreed
between the Parties, Customer will be liable for compliance with reporting and payment of such Indirect Taxes in
its tax jurisdiction. CyberArk shall include the Indirect Taxes on its invoice to Customer and remit such Indirect
Taxes collected to the relevant authority if required by applicable law. CyberArk will be responsible for direct taxes
imposed on CyberArk’s net income or gross receipts in its tax jurisdiction. Notwithstanding the forgoing, all
payments made under this Agreement shall be in cleared funds, without any deduction or set-off, and free and clear
of and without deduction from any Indirect Taxes or other withholdings of any nature.
3. Rights in Intellectual Property
3.1. Intellectual Property. Except for the rights granted in this Agreement, all rights, title, and interest in and to
the SaaS Products, Documentation, and CyberArk Intellectual Property are hereby reserved by CyberArk, its
Affiliates or licensors. Except as provided for herein, all rights, title, and interest in and to Customer Intellectual
Property are hereby reserved by Customer, its Affiliates or licensors. Nothing in this Agreement shall transfer
ownership of any Intellectual Property rights from one Party to the other.
3.2. Customer Data. Customer owns all right, title and interest in all Customer Data. Nothing in this Agreement
shall be construed to grant CyberArk any rights in Customer Data beyond those expressly provided herein.
Customer grants CyberArk and its Affiliates the limited, non-exclusive, worldwide license to view and use the
Customer Data solely for the purpose of providing and improving the SaaS Products.
3.3. Suggestions. To the extent that Customer provides CyberArk with Suggestions, such Suggestions shall be free
from any confidentiality restrictions that might otherwise be imposed upon CyberArk pursuant to this Agreement, and may
be implemented by CyberArk in its sole discretion. Customer acknowledges that any CyberArk products or materials
incorporating any such Suggestions shall be the sole and exclusive property of CyberArk.
3.4. AI Features. Certain features within the SaaS products use algorithmic analysis, artificial intelligence
and/or machine learning technologies (“AI Features”). Use of the AI Features is subject to the Documentation and
CyberArk SaaS Terms of Service (Global) Rev. 17 May 2024 Page 4 of 11
CyberArk’s Responsible AI Policy found at https://www.cyberark.com/trust/responsible-ai/ Information regarding
opting-out of AI Features is located in the Documentation.
4. Confidentiality
4.1. Confidential Information. The Parties acknowledge that each may disclose certain valuable confidential
and proprietary information to the other Party. The receiving Party may only use the disclosing Party’s Confidential
Information to fulfil the purposes of this Agreement and in accordance with the terms of this Agreement. The
receiving Party will protect the disclosing Party’s Confidential Information by using at least the same degree of care
as the receiving Party uses to protect its own Confidential Information of a like nature (but no less than a reasonable
degree of care) to prevent the unauthorized use, dissemination, disclosure or publication of such Confidential
Information. Notwithstanding the foregoing, the receiving Party may disclose Confidential Information to its (and its
Affiliates) employees, advisors, consultants, and agents on a need-to-know basis and provided that such party is
bound by obligations of confidentiality substantially similar to those contained herein. This section 4 supersedes
any and all prior or contemporaneous understandings and agreements, whether written or oral, between the Parties
with respect to Confidential Information and is a complete and exclusive statement thereof. Additionally, the
obligations set forth in section 5.4 and not this section 4 herein apply to Customer Data.
4.2. Exceptions. Information will not be deemed Confidential Information if it: (i) is known to the receiving Party
prior to receipt from the disclosing Party directly or indirectly from a source other than one having an obligation of
confidentiality to the disclosing Party; (ii) becomes known (independently of disclosure by the disclosing Party) to
the receiving Party directly or indirectly from a source other than one having an obligation of confidentiality to the
disclosing Party; (iii) becomes publicly known or otherwise ceases to be secret or confidential, except through a
breach of this Agreement by the receiving Party; or (iv) is independently developed by the receiving Party without
use of or reliance upon the disclosing Party’s Confidential Information, and the receiving Party can provide evidence
to that effect. The receiving Party may disclose Confidential Information pursuant to the requirements of a court,
governmental agency or by operation of law but shall (to the extent permissible by law) limit such disclosure to only
the information requested and give the disclosing Party prior written notice sufficient to permit the disclosing Party
to contest such disclosure.
4.3. Advertising and Publicity. Neither Party shall make or permit to be made any public announcement
concerning the existence, subject matter or terms of this Agreement or relationship between the Parties without the
prior written consent of the other Party except as expressly permitted in this section. Customer grants CyberArk
and its Affiliates during the term of the Agreement the right to use Customer's trade names, logos, and symbols
(“Customer Marks”) in its public promotional materials and communications for the sole purpose of identifying
Customer as a CyberArk customer. CyberArk shall not modify the Customer Marks, or display the Customer Marks
any larger or more prominent on its promotional materials than the names, logos, or symbols of other CyberArk
customers. The foregoing promotional materials and communications may be created, displayed, and reproduced
without Customer’s review, provided that they are in compliance with this section and any Customer Marks usage
guidelines provided by Customer to CyberArk in writing.
5. Security and Processing of Personal Data
5.1. Customer Data Content. As between CyberArk and Customer, Customer is solely responsible for: (i) the
content, quality and accuracy of Customer Data as made available by Customer and by Authorized Users; (ii)
providing notice to Authorized Users with regards to how Customer Data will be collected and used for the purpose
of the SaaS Products; (iii) ensuring Customer has a valid legal basis for processing Customer Data and for sharing
Customer Data with CyberArk (to the extent applicable); and (iv) ensuring that the Customer Data as made available
by Customer complies with applicable laws and regulations including Applicable Data Protection Laws.
5.2. Data Protection Laws. The Parties shall comply with their respective obligations under the Applicable Data
Protection Laws. In particular, if Customer is established in the European Economic Area (“EEA”), in Switzerland,
in the United Kingdom (“UK”) or in California, or will, in connection with the SaaS Products, provide CyberArk with
personal data relating to an individual located within the EEA, Switzerland, the UK or California, the Parties shall
comply with the Data Processing Addendum found at https://www.cyberark.com/CyberArk-Data-Processing-
Addendum.pdf (“DPA”) which in such case is hereby incorporated into this Agreement.
CyberArk SaaS Terms of Service (Global) Rev. 17 May 2024 Page 5 of 11
5.3. HIPAA. (Health Insurance Portability and Accountability Act) To the extent that (a) Customer is
established in the United States; and (b) is a “covered entity” or a “business associate” and includes "Protected
Health Information" (as these terms are defined in the Business Associate Agreement (“BAA”)) in Customer Data,
the Parties shall comply with the BAA found at https://www.cyberark.com/lgl/CyberArk-BAA.pdf. In such case, the
terms of the BAA are hereby incorporated into this Agreement by reference.
5.4. Security of Customer Data. CyberArk shall: (i) ensure that is has in place appropriate administrative,
physical and technical measures designed to protect the security and confidentiality of Customer Data against any
accidental or illicit destruction, alteration or unauthorized access or disclosure to third parties; and (ii) access and
use the Customer Data solely to perform its obligations in accordance with the terms of this Agreement, and as
otherwise expressly permitted in this Agreement. CyberArk shall not materially diminish its security controls with
respect to Customer Data during a particular SaaS Products term. The obligations set forth in this Section 5.4 are
in addition to any confidentiality, privacy, security or other requirements contained in the BAA or DPA, as applicable.
5.5. Bring Your Own Key. If Customer chooses to enable the “Bring Your Own Key” functionality for data
encryption made available by CyberArk for certain SaaS Products (“BYOK”), Customer acknowledges that (i)
Customer shall bear sole responsibility for the hosting, use, protection, rotation and management of such encryption
key and any loss, damage, unavailability or non-performance resulting therefrom; (ii) Customer shall provide
CyberArk with access to the encryption key at all times in order to encrypt Customer Data and proper performance
of the SaaS Products; and (iii) CyberArk has no control over the encryption key and specifically is unable to de-
encrypt, restore, recover or otherwise retrieve Customer Data in the event the encryption key is lost, damaged or
otherwise not made available to CyberArk. If BYOK functionality is enabled by Customer, CyberArk disclaims any
and all responsibility and liability for unavailability or non-performance of the SaaS Products caused by loss,
damage or any unavailability of the encryption key.
6. Warranties
6.1. Limited SaaS Products Warranty. During the applicable Subscription Term, CyberArk warrants that: (a)
the SaaS Products will perform in substantial conformity with the Documentation; and (b) CyberArk will use industry
standard measures designed to detect viruses, worms, Trojan horses or other unintended malicious or destructive
code in the SaaS Products. The foregoing warranties are void if the failure of the SaaS Products has resulted from
negligence, error, or misuse of the SaaS Products (including use not in accordance with the Documentation) by
Customer, the Authorized User or by anyone other than CyberArk. Customer shall be required to report any breach
of warranty to CyberArk within a period of thirty (30) days of the date on which the incident giving rise to the claim
occurred. CyberArk’s sole and exclusive liability, and Customer’s sole and exclusive remedy, for breach of these
warranties will be for CyberArk, at its expense, to use reasonable commercial efforts to correct such nonconformity
within thirty (30) days of the date that notice of the breach was provided; and, if CyberArk fails to correct the breach
within such cure period, Customer may terminate the affected Order and, in such event, CyberArk shall provide
Customer with a pro-rata refund of any unused pre-paid fees paid for the period following termination as calculated
on a monthly basis for the affected SaaS Products. Without derogating from CyberArk’s obligations under this
Agreement, Customer warrants that it shall take and maintain appropriate steps within its control to protect the
confidentiality, integrity, and security of its Confidential Information and Customer Data, including: (i) operating the
SaaS Products in accordance with the Documentation and applicable law and; and (ii) dedicating reasonably
adequate personnel and resources to implement and maintain the security controls set forth in the Documentation.
Customer will be responsible for the acts and omissions of its Authorized Users.
6.2. Compliance with Law. Each Party shall comply with all applicable, laws and regulations in connection with
the performance of its obligations and the exercise of its rights under this Agreement.
6.3. Disclaimer. Any and all warranties, expressed, incorporated or implied, are limited to the extent and period
mentioned in this Agreement. To the maximum extent allowed by applicable law, CyberArk disclaims (and disclaims
on behalf of its licensors and/or contributors to any Third-Party Materials) all other warranties, conditions and other
terms, whether express or implied or incorporated into this Agreement by statute, common law or otherwise,
including the implied conditions and warranties of merchantability and fitness for a particular purpose. CyberArk will
have no responsibility or liability for delays, failures or losses (i) attributable or related in any way to the use or
CyberArk SaaS Terms of Service (Global) Rev. 17 May 2024 Page 6 of 11
implementation of third-party hardware, software or services not provided by CyberArk; or (ii) use of the SaaS
Products not in accordance with the Documentation.
7. Indemnification
7.1. Infringement Indemnity. CyberArk shall defend and indemnify Customer and/or its Affiliates and their
officers, directors and employees against all third-party claims, suits and proceedings and all directly related losses,
liabilities, damages, costs and expenses (including reasonable attorneys’ fees) resulting from the violation,
misappropriation, or infringement of such third party’s patent, copyright, trademark or trade secret caused by
Customer’s use of the SaaS Products in accordance with this Agreement and the Documentation.
7.2. Customer Data and Use Indemnity. Customer shall defend and indemnify CyberArk and/or its Affiliates
and their officers, directors and employees against any third-party claims, suits and proceedings (including those
brought by a government entity), and all directly related losses, liabilities, damages, costs and expenses (including
reasonable attorneys’ fees) resulting from: (i) an alleged infringement or violation by the Customer Data of such
third-party’s patent, copyright, trademark, trade secret; or (ii) CyberArk’s use of the Customer Data violating
applicable law, provided that such use is in accordance with the terms of this Agreement and (where applicable)
with the terms of the DPA and/ or the BAA.
7.3. Process. Each Party’s defense and indemnification obligations herein will become effective upon, and are
subject to: (a) the indemnified Party’s prompt notification to the indemnifying Party of any claims in writing; and (b)
the indemnified Party providing the indemnifying Party with full and complete control, authority and information for
the defense of the claim, provided that the indemnifying Party will have no authority to enter into any settlement or
admission of the indemnified Party’s wrongdoing on behalf of the indemnified Party without the indemnified Party’s
prior written consent (not to be unreasonably withheld). At the indemnifying Party’s request, the indemnified Party
shall reasonably cooperate with the indemnifying Party in defending or settling any claim.
7.4. Exclusions. The above CyberArk obligations to defend and indemnify will not apply in the event that a
claim arises from or relates to: (a) use of the SaaS Products not in accordance with the Documentation and this
Agreement; (b) Customer’s use of the SaaS Products in violation of applicable laws; (c) any modification, alteration
or conversion of the SaaS Products not created or approved in writing by CyberArk; (d) any combination of the
SaaS Products with any computer, hardware, software, data or service not provided by CyberArk; (e) CyberArk’s
compliance with specifications, requirements or requests of Customer; or (f) Customer’s gross negligence or willful
misconduct.
7.5. Remedies. If a SaaS Product becomes, or CyberArk reasonably determines that a SaaS Product is likely
to become, subject to a claim of infringement for which CyberArk must indemnify Customer as described above,
CyberArk may at its option and expense: (a) procure for Customer the right to continue to access and use that SaaS
Product, (b) replace or modify that SaaS Product so that it becomes non-infringing without causing a material
adverse effect on the functionality provided by that SaaS Product, or (c) if neither of the foregoing options are
available in a timely manner on commercially reasonable terms, terminate the affected Order and provide Customer
with a pro-rata refund of any unused pre-paid fees paid for the period following termination as calculated on a
monthly basis for that SaaS Product. This section titled “Indemnification” states the sole liability of CyberArk and
the exclusive remedy of Customer with respect to any indemnification claims arising out of or related to this
Agreement.
8. Limitation of Liability
8.1. Maximum Liability. Except for liability caused by CyberArk’s intellectual property infringement
indemnification obligations in section 7.1, Customer’s data infringement indemnity in section 7.2, or Customer’s
payment obligations herein, in no event will either Party’s maximum aggregate liability arising out of or related to
this Agreement, regardless of the cause of action and whether in contract, tort (including negligence), warranty,
indemnity or any other legal theory, exceed the total amount paid or payable to CyberArk under this Agreement
during the twelve (12) month period preceding the date of initial claim.
8.2. No Consequential Damages. Neither Party will have any liability to the other Party for any loss of profits
or revenues, loss of goodwill, or for any indirect, special, incidental, consequential or punitive damages arising out
of, or in connection with this Agreement, however caused, whether in contract, tort (including negligence), warranty,
CyberArk SaaS Terms of Service (Global) Rev. 17 May 2024 Page 7 of 11
indemnity or any other legal theory, and whether or not the Party has been advised of the possibility of such
damages.
8.3. Construction. This Agreement is not intended to and will not be construed as excluding or limiting any
liability which cannot be limited or excluded by applicable law, including liability for (a) death or bodily injury caused
by a Party’s negligence; or (b) gross negligence, willful misconduct, or fraud.
9. Assignment. Neither Party may assign any of its rights or obligations under this Agreement without the
other Party’s prior written consent, which will not be unreasonably withheld. Notwithstanding the foregoing, either
Party may assign any and all of its rights and obligations under this Agreement to a successor in interest in the
event of a merger or acquisition or to an Affiliate, upon written notice to the other Party.
10. Restricted Rights and Export Control
10.1. Export Control. The exportation of the SaaS Products and Documentation, and all related technology and
information thereof are subject to U.S. laws and regulations pertaining to export controls and trade and economic
sanctions, including the U.S. Export Administration Act, Export Administration Regulations, the Export Control
Reform Act, and the Office of Foreign Assets Control’s sanctions programs, the laws of the State of Israel, and the
laws of any country or organization of nations within whose jurisdiction Customer (or its Authorized Users who may
use or otherwise receive the SaaS Products as expressly authorized by this Agreement) operates or does business,
as amended, and the rules and regulations promulgated from time to time thereunder. Specifically, Customer hereby
undertakes not to export, re-export, access or grant access to the SaaS Products and all related technology,
information, materials and any upgrades thereto to: (a) any Prohibited Persons; (b) any country to which such
export, re-export or access from is restricted or prohibited per the foregoing applicable laws; or (c) otherwise in
violation of any applicable export or import restrictions, laws or regulations. Customer also certifies that it is not a
Prohibited Person nor owned, controlled by, or acting on behalf of a Prohibited Person.
10.2. Commercial Computer Software and FedRAMP Products. If Customer is an agency or contractor of the
United States Government, Customer acknowledges and agrees that: (i) the SaaS Products (including any software
forming a part thereof) were developed entirely at private expense; (ii) the SaaS Products (including any software
forming a part thereof) in all respects constitute proprietary data belonging solely to CyberArk; (iii) the SaaS
Products (including any software forming a part thereof) are not in the public domain; and (iv) the software forming
a part of the SaaS Products is “Commercial Computer Software” as defined in sub-paragraph (a)(1) of DFARS
section 252.227-7014 or FAR Part 12.212. Customer shall provide no rights in the Software (including any software
forming a part thereof) to any U.S. Government agency or any other party except as expressly provided in this
Agreement. If Customer places an Order for SaaS Products which are designated as “FedRAMP Authorized,” the
CyberArk Rider to SaaS Terms of Service for FedRAMP Products found at https://www.cyberark.com/contract-
terms/ is incorporated herein and will apply to CyberArk’s provision of such SaaS Products.
11. Professional Services. Customer may separately purchase from CyberArk professional services in
relation to the SaaS Products as may be generally available by CyberArk to its customers, pursuant to CyberArk’s
then applicable professional services terms.
12. Term and Termination
12.1. Term. This Agreement will be effective upon Customer’s first access of a SaaS Product and shall remain
in force during the applicable Subscription Term of the SaaS Product or throughout Customer’s continued use of
the SaaS Product, as applicable.
12.2. Termination. Either Party may terminate this Agreement immediately upon notice to the other Party if the
other Party: (i) materially breaches this Agreement and fails to remedy such breach within thirty (30) days after
receiving written notice of the breach from the other Party; or (ii) commences bankruptcy or dissolution proceedings,
has a receiver appointed for a substantial part of its assets or ceases to operate in the ordinary course of business.
In addition, a Party may terminate this Agreement, a SOW, or an Order , in whole or in part, or cease provision of
the SaaS Products if required to comply with applicable law or regulation, and such termination will not constitute a
CyberArk SaaS Terms of Service (Global) Rev. 17 May 2024 Page 8 of 11
breach of this Agreement by the terminating Party. CyberArk reserves the right to suspend Customer’s access to
the applicable SaaS Products upon written notice to Customer if: (a) an invoice is more than thirty (30) days past
due; or (b) a material breach of this Agreement fails to be cured within thirty (30) days. CyberArk will promptly
reinstate Customer’s access and use of the SaaS Products/provision of the Professional Services once the issue
has been resolved. Upon termination or expiration of the Agreement or an Order, (x) any accrued rights and
obligations will survive; (y) all outstanding fees and other charges under the Agreement or Order (as applicable) will
become immediately due and payable, and (z) Customer will have no further right to access or use the applicable
SaaS Products or professional services. If Customer is converting its perpetual self-hosted software licenses to a
SaaS Product, the applicable previously licensed perpetual self-hosted software licenses will be terminated, along
with any associated support services, in accordance with the terms of the applicable Order.
12.3. Effects of Termination/Expiration. Upon termination or expiration of an applicable Subscription Term,
CyberArk may immediately deactivate Customer’s account, and: (i) Customer will have no further right to access or
use the SaaS Products, except for the limited right to access or use the SaaS Products for purposes of exporting
Customer Data in accordance with the applicable Documentation; and (ii) each Party shall return or destroy any
tangible Confidential Information of the other Party within its possession or control that is not contained on the SaaS
Products promptly upon receiving written request from the other Party. Customer acknowledges that it is responsible
for exporting any Customer Data to which Customer desires continued access after termination/expiration, and
CyberArk shall have no liability for any failure of Customer to retrieve such Customer Data and no obligation to
store or retain any such Customer Data beyond 40 days following termination or expiration of the Customer’s
Subscription Term. Any Customer Data contained on the SaaS Products will be deleted within 60 days of
termination or expiration of Customer’s Subscription Term.
13. Miscellaneous
13.1. Independent Contractors. Nothing in this Agreement will be construed to imply a joint venture, partnership
or principal-agent relationship between CyberArk and Customer, and neither Party will have the right, power or
authority to obligate or bind the other in any manner whatsoever.
13.2. Notices. All Notices will be in writing and will be deemed to have been duly given: (a) when delivered by
hand; (b) three (3) days after being sent by registered or certified mail, return receipt requested and postage prepaid;
(c) one (1) day after deposit with a nationally recognized overnight delivery or express courier service; or (d) when
provided via email when the sender has received a delivery/read receipt. Notices for CyberArk should be sent to
the following addresses: (i) for physical Notices the address specified for CyberArk in section 13.4 “Governing Law
and Jurisdiction” and; (ii) for electronic Notices to: contract-notices@cyberark.com. In the event that Customer has
any technical support-related queries, the contact information for support can be found at:
https://www.cyberark.com/customer-support/.
13.3. Force Majeure. With the exception of Customer’s payment obligations herein, neither Party will be liable
to the other Party for any delay or failure to perform which is due to fire, pandemic, virus, epidemic, travel advisories
as to health, security and/or terrorism, flood, lockout, transportation delay, war, acts of God, governmental rule or
order, strikes or other labor difficulties, or other causes beyond its reasonable control. However, in such event, both
Parties will resume performance promptly after the cause of such delay or failure has been removed.
13.4. Governing Law and Jurisdiction. Each Party agrees to the applicable governing law below without regard
to choice or conflicts of law rules, and to the exclusive jurisdiction of the applicable courts below with respect to any
dispute, claim, action, suit or proceeding (including non-contractual disputes or claims) arising out of or in
connection with this Agreement, or its subject matter or formation. To the extent not prohibited by applicable law,
each of the Parties hereby irrevocably waives any and all right to trial by jury in any legal proceeding arising out of
or related to this Agreement.
CyberArk SaaS Terms of Service (Global) Rev. 17 May 2024 Page 9 of 11
CyberArk entity entering
into Agreement: With Principal Office at: Choice of Law:
Exclusive
Jurisdiction:
CyberArk Software, Inc. 60 Wells Avenue,
Newton, MA 02459, U.S.A.
Laws of
Commonwealth
of
Massachusetts,
U.S.A.
Courts of Boston,
Massachusetts,
U.S.A.
Cyber-Ark Software (UK) Ltd.
One Pear Place, 152-158
Waterloo Road, London, SE1
8BT, U.K.
Laws of
England and
Wales
Courts of London,
England
CyberArk Software Ltd.
9 Hapsagot St. Park Ofer 2, P.O.
Box 3143, Petach-Tikva
4951040, Israel
Laws of Israel Courts of Tel Aviv
Jaffa, Israel
CyberArk Software Canada
Inc.
TD Canada Trust Tower, 161
Bay Street, 27th Floor, PO Box
508 Toronto, Ontario, M5J 2S1,
Canada
Laws of Ontario
and the federal
laws of Canada
applicable
therein
Courts of Toronto,
Ontario, Canada
CyberArk Software
(Singapore) Pte. Ltd.
250 North Bridge Road, #14-01,
Raffles City Tower, Singapore
179101
Laws of
Singapore Courts of Singapore
CyberArk Software (Japan)
K.K.
Otemachi One Tower 6F, 1-2-1,
Otemachi, Chiyoda-ku, Tokyo Laws of Japan Courts of Japan
CyberArk Software (India)
Private Limited
My Home Twitza, 4th Floor, Plot
Nos.30/A, Survey No.83/1,
Beside Skyview, APIIC -
Hyderabad Knowledge City,
Hyderabad Telangana 500081
Laws of India Courts of
Hyderabad, India
CyberArk Software (Australia)
Pty Ltd
Level 26, Suite 1, 259 George
Street, Sydney NSW 2000
Laws of
Victoria,
Australia
Courts of
Melbourne, Australia
CyberArk Turkey Siber
Güvenlik Yazılımı A.Ş.
Plaza Cubes, Barbaros
Mahallesi, Kardelen Sokak
Palladium Tower 2/1 34746
Atasehir, Istanbul
Laws of Israel Courts of Tel Aviv
Jaffa, Israel
13.5. Entire Agreement, Execution, and Modification. This Agreement supersedes all prior agreements and
representations between the Parties regarding the subject matter of this Agreement. The terms and conditions
contained in any Order issued by Customer will be of no force or effect, even if the Order is accepted by CyberArk.
CyberArk may make changes to these Terms of Service from time to time. If CyberArk makes a material change to
any of the foregoing, CyberArk will inform Customer by e-mail to the e-mail address(es) noted on the Order (or
subsequently designated by Customer in writing as a contact for notifications from CyberArk), or through a banner
or other prominent notice within the SaaS Products, or through the CyberArk support platform. If Customer does
not agree to the change, Customer must so notify CyberArk by e-mail to contract-notices@cyberark.com within
thirty (30) days after CyberArk’s notice. If Customer so notifies CyberArk, then Customer will remain governed by
the most recent terms of service applicable to Customer until the end of the then-current year of the Subscription
Term and the updated terms shall apply upon the commencement of the subsequent Subscription Term.
13.6. Severability and Waiver. This Agreement shall be deemed severable, and the invalidity or unenforceability
of any term or provision hereof shall not affect the validity or enforceability of this Agreement or of any other term
or provision hereof. Should any term or provision of this Agreement be declared void or unenforceable by any court
of competent jurisdiction, the Parties intend that a substitute provision will be added to this Agreement that, to the
greatest extent possible, achieves the intended commercial result of the original provision. The failure of either Party
CyberArk SaaS Terms of Service (Global) Rev. 17 May 2024 Page 10 of 11
to enforce any rights granted to it hereunder or to take action against the other Party in the event of any breach
hereunder will not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions
in the event of future breaches.
13.7. Definitions and Interpretation. The following definitions and rules of interpretation apply in this
Agreement:
“Affiliate” means a company controlling, controlled by, or under common control with a Party (an entity will be
deemed to have control if it owns over 50% of another entity or the ability to direct the management of the entity by
contract or otherwise).
“Agents” means CyberArk’s proprietary software, systems and locally-installed software agents and connectors
including mobile applications that interact with the SaaS Products as may be provided by CyberArk in connection
with the SaaS Products.
“Applicable Data Protection Laws” means all applicable privacy and data protection laws, their implementing
regulations, regulatory guidance and secondary legislations, each as updated or replaced from time to time,
including: (a) the General Data Protection Regulation (EU 2016/679) (the “GDPR”) and any applicable national
implementing laws; (b) the UK General Data Protection Regulation (“UK GDPR”) and the UK Data Protection Act
2018; (c) the Privacy and Electronic Communications Directive (2002/ 58/ EC) and any applicable implementing
laws, including the Privacy and Electronic Communications Regulations 2003 (SI 2003/ 2426) (“EC Directive”); (d)
the Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”); (e) U.S. legislation (e.g.
the California Consumer Privacy Act (“CCPA”) and the California Privacy Rights Act (“CPRA”); and (f) any other
laws that may be applicable.
“Authorized Users” means employees, agents, consultants, contractors, or vendors authorized by Customer to
use the SaaS Products solely for the internal use of Customer and its Affiliates, subject to the terms and conditions
of this Agreement. For the avoidance of doubt, licenses associated with SaaS Products purchased as a bundle
(under a single product code) cannot be separated between different Authorized Users.
“Channel Partner” means a third-party business entity that CyberArk has appointed as an approved partner to as
applicable, distribute, re-sell and support the SaaS Products.
“Confidential Information” means all information provided by the disclosing Party to the receiving Party concerning
the disclosing Party or its Affiliates’ business, products or services that is not generally known to the public, including
information relating to customers, vendors, trade secrets, prices, products, services, computer programs and other
intellectual property and any other information which a Party should reasonably understand to be considered
Confidential Information whether or not such information is marked “Confidential” or contains such similar legend
by the disclosing Party at the time of disclosure.
“Customer Data” means all data and/or content uploaded to the SaaS Products by Customer (including where
applicable Authorized Users), and in all data derived from it (other than Usage Analytics).
“CyberArk” means the CyberArk legal entity providing the SaaS Product to Customer pursuant to this Agreement,
at the address specified in section 13.4 “Governing Law and Jurisdiction.
“Documentation” means the user guides, installation documents, and specifications for the SaaS Products that
are made available from time to time by CyberArk in electronic or tangible form and found at docs.cyberark.com,
including the documentation located therein under the ‘Security’ section for the relevant SaaS Products, but
excluding any sales or marketing materials.
“Indirect Order” means an Order for the Software or Services from a Channel Partner of Customer’s choosing
pursuant to an independent commercial agreement.
CyberArk SaaS Terms of Service (Global) Rev. 17 May 2024 Page 11 of 11
“Indirect Taxes” means excise, sales, use, gross-turnover, value added, goods and services tax or other similar
types of indirect taxes on turnover and/or revenues, duties, customs or tariffs (however designated, levied or based
and whether foreign or domestic, federal, state or province).
“Intellectual Property” means a Party’s proprietary material, technology, or processes (excluding the SaaS
Products and Documentation), including services, software tools, proprietary framework and methodology,
hardware designs, algorithms, objects and documentation (both printed and electronic), network designs, know-
how, trade secrets and any related intellectual property rights throughout the world (whether owned or licensed by
a third party) and any derivatives, improvements, enhancements or extensions of such Intellectual Property
conceived, reduced to practice, or developed.
“Notice” means any formal legal notice or equivalent communication required or permitted under this Agreement.
“Order” means CyberArk’s quote accepted by Customer via Customer’s purchase order or other ordering document
received by CyberArk (directly or indirectly through a Channel Partner) to order CyberArk’s SaaS Products, which
references the SaaS Products, pricing, payment terms, quantities, expiration date and other applicable terms set
forth in an applicable CyberArk quote or ordering document.
“OSS Licenses” means the respective open source licenses that the Third-Party Materials are subject to.
“Prohibited Persons” means anyone on the U.S. Commerce Department’s Denied Persons, Entity, or Unverified
Lists or the U.S. Treasury Department’s list of Specially Designated Nationals and Consolidated Sanctions list.
“SaaS Products” means the software-as-a-service products specified in the Order as further described in the
Documentation (including any updates and upgrades to the SaaS Products provided by CyberArk in its sole
discretion, and any software, systems and locally-installed software agents and connectors that interact with the
SaaS Products as may be provided by CyberArk in connection with the SaaS Products), provided that any free trial
SaaS software, proof of concept of the SaaS Products, beta version of the SaaS Products, or any other free-of-
charge software product will be subject to Section 1.4 of this Agreement.
“Subscription Term” means the period of time during which Customer is subscribed to the SaaS Products, as
specified in an Order and which shall begin upon delivery of the SaaS Products.
“Suggestions” means, any feedback, ideas or suggestions for improvements, new features, customer experience,
functionalities, corrections, enhancements or changes to the SaaS Products suggested by Customer to CyberArk,
excluding any Customer Data and Customer Intellectual Property.
“Support Services” means the maintenance and technical support services for the SaaS Products provided by
CyberArk to Customer as part of an active SaaS Products subscription, set out at
https://www.cyberark.com/maintenance-support-terms.pdf.
“Third-Party Materials” means open source software programs that are made available by third parties under their
respective OSS Licenses.
“Usage Analytics” means data generated or collected in connection with Customer’s access, use and configuration
of the SaaS Products and data derived from it (e.g. metadata, types of applications or accounts utilized or interacting
with the SaaS Products).
Any words following the terms including or include shall be regarded as examples only and not construed as an
exhaustive list.