Last Modified January 2016 Rapid7 End User License and Services Terms and Conditions Customer agrees to be bound by the following terms and conditions (this "Agreement") in connection with its purchase and use of certain Rapid7 LLC's ("Rapid7") Software and Services (each as defined below). Before installing and using any Software and/or obtaining and using any Services you should read this Agreement carefully. Clicking "accept" or otherwise installing and/or using the Software and/or obtaining and/or using any Services establishes a binding agreement between Rapid7 and you as the person licensing the Software and/or obtaining the Services; provided that if you are entering into this Agreement on behalf of a company or other legal entity, you represent that you have the authority to bind such entity to this Agreement, in which case the term "Customer" shall refer to such entity. If you do not have such authority or if you do not accept all of the terms of this Agreement, you shall have no right to install and/or use the Software and/or obtain and/or use any Services. 1. DEFINITIONS 1.1 "Content Updates" means content used by certain Rapid7 Software which is updated from time to time, including but not limited to updated vulnerability signatures for vulnerability assessment products and exploits for penetration testing products. 1.2 "Documentation" means the published and generally available user manuals and written materials Rapid7 delivers or makes available with the Software. 1.3 "License Term" shall mean the period in which Customer is authorized to utilize the Software. Each License Term shall be listed on the applicable Product Order Form and shall commence on the date Customer is delivered the Software. If the Product Order Form fails to specify a specific License Term for the use of the Software then it shall be deemed a perpetual License Term. 1.4 "Metasploit(r) Products" shall mean Rapid7's proprietary penetration testing products currently marketed under the names Metasploit(r) Express, Metasploit(r) Pro and Metasploit(r) Community Edition. 1.5 "Nexpose(r) Products" shall mean Rapid7's proprietary network scanning and vulnerability products currently marketed under the names Nexpose(r) Express Edition, Nexpose(r) Consultant, Nexpose(r) Enterprise, Nexpose(r) MSSP, and Nexpose(r) Community Edition. 1.6 "Product Order Form" means either Rapid7's online registration form or other ordering document entered into by Customer and Rapid7 which identifies the Software, services, or any hardware ordered by Customer from Rapid7, sets forth the price to be paid for such Software, services, or hardware and sets forth the number of Users who may access and use the Software (for Metasploit Products and Nexpose Products); the number of IP addresses that may be scanned by the Software (for Nexpose Products); or the number of installs or scans of the Software (for AppSpiderTM Products.). 1.7 "AppSpiderTMProducts" shall mean Rapid7's proprietary web application scanning products currently marketed under the names AppSpiderTM Pro and AppSpiderTM Enterprise. 1.8 "Services" means Rapid7's maintenance and support services (as described in Section 11.1) and professional services (as described in Section 11.2) herein. 1.9 "Software" means those Rapid7 Metasploit Products, Nexpose Products, or AppSpiderTM Products listed on the applicable Product Order Form and all updates, enhancements, bug fixes and new releases thereto that Rapid7 elects in its discretion to make available to Customer. 1.10 "User" means those specific individual named users who are granted access to the Software by Customer. For the sake of clarity, Users shall include full and part-time employees, contractors, agents, or other workers of Customer; provided, however each individual person shall count as only one User. Once a User has been deactivated by the Software's administrator (even if as a result of employee turnover) such User license may be transferred to another person. 2. SOFTWARE LICENSES 2.1. License to Metasploit Products. To the extent that Customer has licensed any of Rapid7's proprietary Metasploit Products then the following license terms, as applicable, shall apply: (a) For Metasploit Express: Subject to the terms and conditions of this Agreement, Rapid7 hereby grants to Customer, during the applicable License Term only, a non-exclusive, non-transferable license to allow the number of Users set forth on the Product Order Form to use such Software (in object code form only) solely for network penetration testing purposes, solely in accordance with any restrictions on use set forth on the Product Order Form and only in accordance with the applicable Documentation. Customer shall ensure that its use of the Software does not exceed the number of Users set forth on the Product Order Form. (b) For Metasploit Pro: Subject to the terms and conditions of this Agreement, Rapid7 hereby grants to Customer, during the applicable License Term only, a non-exclusive, non-transferable license to use such Software (in object code form only) solely for network penetration testing purposes, solely in accordance with any restrictions on use set forth on the Product Order Form and only in accordance with the applicable Documentation. Customer shall ensure that its use of the Software does not exceed the number of Users, machines, seats and/or other restrictions set forth on the Product Order Form (all as more fully described on such Product Order Form). (c) For Metasploit Community Edition. Subject to the terms and conditions of this Agreement, Rapid7 hereby grants to Customer, during the applicable License Term only, a non-exclusive, non-transferable license to allow one (1) User only to use such Software (in object code form only) solely for network penetration testing purposes, solely in accordance with any restrictions on use set forth on the Product Order Form and only in accordance with the applicable Documentation. Customer shall ensure that its use of the Software does not exceed one (1) User. Metasploit Community Edition is a no-cost, entry-level license and as such, contains the following disclaimers: NOTWITHSTANDING ANYTHING TO THE CONTRARY HEREIN, THE SOFTWARE IS PROVIDED "AS IS" AND ALL WARRANTIES, EXPRESS OR IMPLIED, ARE EXCLUDED AND DISCLAIMED, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND ANY WARRANTIES ARISING BY STATUTE OR OTHERWISE IN LAW OR FROM COURSE OF DEALING, COURSE OF PERFORMANCE, OR USE OF TRADE. Sections 5.1, 5.2 and 10 shall not be applicable to the Software. (d) For Evaluation or Trial Licenses to any Metasploit Products. If Customer's Product Order Form specifies that its license to the applicable Metasploit Product is for a trial or evaluation only then Customer shall have a non-exclusive, non-transferable, revocable license to use the applicable Metasploit Product (in object code form only) solely for Customer's internal evaluation purposes and solely for the trial or evaluation term specified on the Product Order Form. Customer may not utilize the same Metasploit Product for more than one (1) trial or evaluation term in any twelve (12) month period. Rapid7 may revoke Customer's license at any time and for any reason. Sections 5.1, 5.2 and 10 shall not be applicable to any evaluation or trial license of the Metasploit Product. 2.2. License to Nexpose Products. To the extent that Customer has licensed any of Rapid7's proprietary Nexpose Products then the following license terms, as applicable, shall apply: (a) For Nexpose Express Edition. Subject to the terms and conditions of this Agreement, Rapid7 hereby grants to Customer, during the applicable License Term only, a non-exclusive, non-transferable license to allow one User to use such Software (in object code form only) solely for purposes of scanning IP addresses owned by Customer for Customer's own internal business purposes only. The Nexpose Express license does not include the ability to scan any IP addresses belonging to third parties without the prior written consent of both Rapid7 and such third party. Customer shall ensure that when using the Software it does not scan more IP addresses than those set forth on the Product Order Form and shall comply with any other restrictions on use set forth on the Product Order Form. (b) For Nexpose Consultant. Subject to the terms and conditions of this Agreement, Rapid7 hereby grants to Customer, during the applicable License Term only, a non-exclusive, non-transferable license to allow one User to install the Software (in object code form only) solely on one (1) laptop computer and to use such Software for purposes of scanning authorized IP addresses. The Nexpose Consultant license allows Customer to also scan IP addresses of third parties provided that such third party has authorized Customer to perform such scan. Customer may not scan more IP addresses than those set forth on the Product Order Form and shall comply with any other restrictions on use set forth on the Product Order Form. (c) For Nexpose Enterprise or Nexpose Ultimate. Subject to the terms and conditions of this Agreement, Rapid7 hereby grants to Customer, during the applicable License Term only, a non-exclusive, non-transferable license to allow an unlimited number of Users to use such Software (in object code form only) for purposes of scanning IP addresses owned by Customer for Customer's internal business purposes only. This license does not include the ability to scan any IP addresses belonging to third parties without the prior written consent of both Rapid7 and such third party. Customer shall ensure that when using the Software it does not scan more IP addresses than those set forth on the Product Order Form and shall comply with any other restrictions on use set forth on the Product Order Form. (d) For Nexpose Managed Security Service Provider (MSSP) Edition. Subject to the terms and conditions of this Agreement, Rapid7 hereby grants to Customer, during the applicable License Term only, a non-exclusive, non-transferable license to allow an unlimited number of Users to use such Software for purposes of scanning authorized IP addresses. The Nexpose MSSP license allows Customer to scan IP addresses of third parties provided that such third party has authorized Customer to perform such scan, and further provided that Customer shall be solely responsible to any third party for any breach by Customer of the foregoing provision. Customer may not scan more IP addresses than those set forth on the Product Order Form and shall comply with any other restrictions on use set forth on the Product Order Form. (e) For Nexpose Community Edition. Subject to the terms and conditions of this Agreement, Rapid7 hereby grants to Customer, during the applicable License Term only, a non-exclusive, non-transferable license to allow one (1) User only to use such Software (in object code form only) solely for purposes of scanning up to thirty-two (32) authorized IP addresses, solely in accordance with any restrictions on use set forth on the Product Order Form and only in accordance with the applicable Documentation. Customer shall ensure that its use of the Software does not exceed one (1) User and that it does not use the Software to perform vulnerability scans for more than 32 IP addresses (each an "IP Address License"). Customer may, however, deactivate such IP Address Licenses, in total, and re-allocate such IP Address Licenses to replacement IP Addresses no more than one time per six (6) month period. Nexpose Community Edition is a no-cost, entry-level license and as such, contains the following disclaimers: NOTWITHSTANDING ANYTHING TO THE CONTRARY HEREIN, THE SOFTWARE IS PROVIDED "AS IS" AND ALL WARRANTIES, EXPRESS OR IMPLIED, ARE EXCLUDED AND DISCLAIMED, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND ANY WARRANTIES ARISING BY STATUTE OR OTHERWISE IN LAW OR FROM COURSE OF DEALING, COURSE OF PERFORMANCE, OR USE OF TRADE. Sections 5.1, 5.2 and 10 shall not be applicable to the Software. (f) For Evaluation or Trial Licenses to any Nexpose Products. If Customer's Product Order Form specifies that its license to the applicable Nexpose Product is for a trial or evaluation only then Customer shall have a non-exclusive, non-transferable, revocable license to use the applicable Nexpose Product (in object code form only) solely for Customer's internal evaluation purposes and solely for the term specified on the Product Order Form. Customer may not utilize the same Nexpose Product for more than one (1) trial or evaluation term in any twelve (12) month period. Rapid7 may revoke Customer's license at any time and for any reason. Sections 5.1, 5.2 and 10 shall not be applicable to any evaluation or trial license of the Nexpose Product. 2.3. License to AppSpider Products. To the extent that Customer has licensed any of Rapid7's proprietary AppSpider Products then the following license terms, as applicable, shall apply: (a) For AppSpider Pro: Subject to the terms and conditions of this Agreement, Rapid7 hereby grants to Customer, during the applicable License Term only, a non-exclusive, non-transferable license to use such Software (in object code form only) for purposes of scanning web applications and web services owned by Customer for Customer's internal business purposes only. Customer shall ensure that its use of the Software does not exceed the number of installations or other restrictions set forth on the Product Order Form (all as more fully described on such Product Order Form). This license does not include the ability to scan any web applications and web services belonging to third parties without the prior written consent of both Rapid7 and such third party. (b) For AppSpider Enterprise. Subject to the terms and conditions of this Agreement, Rapid7 hereby grants to Customer, during the applicable License Term only, a non-exclusive, non-transferable license to allow, in object code only, up to twenty (20) Users (or such limit as expressly included on the applicable Product Order Form) to use such Software at any given time for purposes of scanning web applications and web services owned by Customer for Customer's internal business purposes only. This license does not include the ability to scan any applications or services belonging to third parties without the prior written consent of both Rapid7 and such third party. Customer shall ensure that when using the Software it does not exceed the capacity set forth on the Product Order Form or herein and shall comply with any other restrictions on use set forth on the Product Order Form. (c) For Evaluation or Trial Licenses to any AppSpider Products. If Customer's Product Order Form specifies that its license to the applicable AppSpider Product is for a trial or evaluation only then Customer shall have a non-exclusive, non-transferable, revocable license to use the applicable AppSpider Product (in object code form only) solely for Customer's internal evaluation purposes and solely for the trial or evaluation term specified on the Product Order Form. Customer may not utilize the same AppSpider Product for more than one (1) trial or evaluation term in any twelve (12) month period. Rapid7 may revoke Customer's license at any time and for any reason. Sections 5.1, 5.2 and 10 shall not be applicable to any evaluation or trial license of the AppSpider Product. 2.4 Delivery and Copies. Delivery shall be deemed to have been made upon Rapid7 providing Customer with instructions to download the Software from a Rapid7 designated download site. Notwithstanding anything to the contrary herein, Customer may make a reasonable number of copies of the Software for the sole purpose of backing-up and archiving the Software. Each copy of the Software is subject to all of the terms and conditions of this Agreement and must contain the same titles, trademarks, and copyright notices as the original. To the extent that Rapid7 provides any hardware to Customer (either sold or provided as part of an evaluation), then all shipments are FOB Rapid7's designated shipping facility. 2.5 Restrictions. All Software provided is licensed, not sold. The restrictions contained in this Agreement represent conditions of Customer's license. Customer may not use the Software for the purposes of (i) creating any anti-virus signatures, (ii) performing any malware analysis on the Software in order to create any anti-virus heuristic or (iii) conducting any comparative analysis, evaluations or product benchmarks with respect to the Software without Rapid7's prior written approval. Customer recognizes and agrees that there is no adequate remedy at law for a breach of this Section 2.5 and that such breach would irreparably harm Rapid7 for which monetary damages would not be an adequate remedy and that Rapid7 is entitled to equitable relief in addition to any other remedies. 3. FEES AND PAYMENT TERMS Customer shall pay Rapid7 the fees, charges and other amounts specified on the Product Order Form in accordance with the payment terms set forth on the Product Order Form. Overdue balances are subject to a service charge equal to the lesser of 1.5% per month or the maximum legal interest rate allowed by law. Customer shall be responsible for all shipping costs, including any applicable duties, and taxes levied on any transaction under this Agreement, including, without limitation, all federal, state, and local sales taxes, levies and assessments and local withholding taxes in Customer's jurisdiction, if any, excluding, however, any taxes based on Rapid7's income. In the event Customer is required to withhold taxes from its payment to Rapid7 or withholding taxes are subsequently required to be paid to a local taxing jurisdiction, Customer is obligated to pay such tax, and Rapid7 will receive the full payment, net of any such taxes, as agreed on the applicable Product Order Form. Customer shall also pay all reasonable travel and out-of-pocket expenses incurred by Rapid7 in connection with any Services rendered provided such expenses have been pre-approved in advance by Customer. 4. CONTENT UPDATES For so long as Customer subscribes to Rapid7's maintenance and support services for the Software, Customer is granted the right to use, as part of the Software, such Content Updates as and when they are made generally available to Rapid7's end user customers who are covered by Rapid7's maintenance and support services for such Software. This Agreement does not otherwise permit Customer to obtain and use Content Updates. 5. LIMITED WARRANTY 5.1. Warranty. Rapid7 warrants that for a period of ninety (90) days following the initial delivery of any perpetual license of Software to Customer, or otherwise for the License Term of the Software, the Software will perform in conformity with its Documentation in all material respects. Rapid7 will pass on all manufacturers' warranties for any hardware product purchased from Rapid7. The foregoing warranties do not apply to hardware or Software that has been damaged, mishandled, mistreated, altered or used or maintained or stored other than in conformity with this Agreement and the Documentation. Rapid7 further represents and warrants all Services will be provided with reasonable skill and care conforming to generally accepted industry standards. 5.2. Remedy. If the above warranties are breached, Rapid7 will, at its option and at no cost to Customer, (a) provide remedial services necessary to enable the hardware, Software or Services to conform to the warranty, or (b) replace any defective hardware or Software, or (c) refund amounts paid by Customer and received by Rapid7 in respect of the defective hardware, Software or Services. Customer will provide Rapid7 with a reasonable opportunity to remedy any breach and reasonable assistance in remedying any defects. Customer will notify Rapid7 in writing of any breach of warranty promptly after becoming aware of the same, but in any event, within the warranty periods set forth in Section 5.1. The remedies set out in this subsection are Customer's sole and exclusive remedies for breach of the above warranties. 5.3. No Third Party Beneficiaries. Nothing in this Agreement, express or implied, is intended to or shall confer upon any other person any right, benefit or remedy of any nature whatsoever under or by reason of this Agreement, including but not limited to any of Customer's own clients or customers. RAPID7 DISCLAIMS ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, TO ANY SUCH THIRD PARTY AND SHALL HAVE NO LIABILITY TO SUCH THIRD PARTIES FOR CUSTOMER'S USE OF THE SOFTWARE OR SERVICES. 5.4. No Other Warranty. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE WARRANTIES SET FORTH IN THIS SECTION 5 ARE CUSTOMER'S EXCLUSIVE WARRANTIES AND ARE IN LIEU OF ALL OTHER WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS. RAPID7 MAKES NO WARRANTIES OR REPRESENTATIONS THAT THE SOFTWARE, ANY HARDWARE, ANY SERVICES OR ANY CONTENT UPDATES WILL MEET CUSTOMERS REQUIREMENTS OR THAT OPERATION OR USE OF THE SOFTWARE, HARDWARE OR CONTENT UPDATES WILL BE UNINTERRUPTED OR ERROR-FREE. RAPID7 MAKES NO WARRANTY THAT ALL SECURITY RISKS OR THREATS WILL BE DETECTED BY USE OF THE SOFTWARE OR THAT FALSE POSITIVES WILL NOT BE FOUND. CUSTOMER MAY HAVE OTHER WARRANTY RIGHTS, WHICH MAY VARY FROM STATE TO STATE AND COUNTRY TO COUNTRY. 6. LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW AND REGARDLESS OF WHETHER ANY REMEDY SET FORTH HEREIN FAILS OF ITS ESSENTIAL PURPOSE, IN NO EVENT WILL RAPID7 OR ANY OF RAPID7'S LICENSORS, RESELLERS, SUPPLIERS OR AGENTS BE LIABLE TO CUSTOMER FOR (i) ANY COSTS OF PROCUREMENT OF SUBSTITUTE OR REPLACEMENT GOODS AND SERVICES, LOSS OF PROFITS, LOSS OF USE, LOSS OF OR CORRUPTION TO DATA, BUSINESS INTERRUPTION, LOSS OF PRODUCTION, LOSS OF REVENUES, LOSS OF CONTRACTS, LOSS OF GOODWILL, OR ANTICIPATED SAVINGS OR WASTED MANAGEMENT AND STAFF TIME; (ii) ANY SPECIAL, CONSEQUENTIAL, INCIDENTAL OR INDIRECT DAMAGES WHETHER ARISING DIRECTLY OR INDIRECTLY OUT OF THIS AGREEMENT, EVEN IF RAPID7 OR RAPID7'S LICENSORS, RESELLERS, SUPPLIERS OR AGENTS HAVE BEEN ADVISED SUCH DAMAGES MIGHT OCCUR OR (iii) ANY CLAIMS OR DAMAGES IN EXCESS OF THE FEES CUSTOMER PAID RAPID7 FOR THE HARDWARE, SOFTWARE OR SERVICES GIVING RISE TO THE CLAIM. NOTHING IN THIS AGREEMENT SHALL OPERATE SO AS TO EXCLUDE OR LIMIT A PARTY'S LIABILITY FOR DEATH OR PERSONAL INJURY ARISING OUT OF NEGLIGENCE OR FOR ANY OTHER LIABILITY WHICH CANNOT BE EXCLUDED OR LIMITED BY LAW. THE LIMITATIONS CONTAINED IN THIS SECTION 6 SHALL ALSO NOT APPLY TO (A) A BREACH BY A PARTY OF ITS OBLIGATIONS SET FORTH IN SECTION 8 BELOW (CONFIDENTIALITY), (B) A VIOLATION BY CUSTOMER OF ANY OF RAPID7'S INTELLECTUAL PROPERTY RIGHTS IN AND TO THE SOFTWARE OR USE OF THE SOFTWARE BY CUSTOMER EXCEPT AS EXPRESSLY PERMITTED HEREIN, OR (C) ANY AMOUNTS DUE RAPID7 UNDER THIS AGREEMENT. 7. USAGE VERIFICATION Customer understands and acknowledges that the Software may track and/or enforce its usage limits, including but not limited to license keys, user counts, and other technical enforcements of license limitations. Additionally, Rapid7 may make a written request, such request not to exceed once every six (6) months, upon which request Customer shall provide Rapid7 with a signed certification verifying that the Software is being used pursuant to the provisions of this Agreement. In addition to the foregoing, at Rapid7's written request, Customer will permit Rapid7 to review and verify Customer's records, deployment and use of the Software for compliance with the terms and conditions of this Agreement, at Rapid7's expense. Any such review shall be scheduled at least ten (10) days in advance, shall be conducted during normal business hours at Customer's facilities, and shall not unreasonably interfere with Customer's business activities. 8. CONFIDENTIALITY 8.1 Confidential Information. During the term of this Agreement, each party will regard any information provided to it by the other party and designated in writing as proprietary or confidential to be confidential ("Confidential Information"). Confidential Information shall also include information which, to a reasonable person familiar with the disclosing party's business and the industry in which it operates, is of a confidential or proprietary nature. A party will not disclose the other party's Confidential Information to any third party without the prior written consent of the other party, nor make use of any of the other party's Confidential Information except in its performance under this Agreement. Each party accepts responsibility for the actions of its agents or employees and shall protect the other party's Confidential Information in the same manner as it protects its own valuable confidential information, but in no event shall less than reasonable care be used. The parties expressly agree that the Software and the terms and pricing of this Agreement are the Confidential Information of Rapid7. The receiving party shall promptly notify the disclosing party upon becoming aware of a breach or threatened breach hereunder, and shall cooperate with any reasonable request of the disclosing party in enforcing its rights. The provisions of this Section 8.1 will continue for a period of three (3) years after termination or expiration of this Agreement. 8.2 Confidentiality of Software. Rapid7 retains all right, title and interest in and to the Documentation, Software, Content Updates and in all copies, modifications and derivative works thereto including, without limitation, all rights to patent, copyright, trade secret, trademark and other proprietary or intellectual property rights. Customer will not and will not allow a third party to: (i) decompile, reverse engineer, disassemble or otherwise attempt to derive, analyze or use any source code or underlying ideas or algorithms related to the Software by any means whatsoever, except and only to the minimal extent the provisions of this Section are expressly prohibited by applicable statutory law, (ii) except as expressly set forth herein, provide, lease, lend, use for timesharing or service bureau purposes or otherwise use or allow others to use the Software to or for the benefit of third parties or (iii) remove any product identification, copyright or other notices or on any Software. Customer agrees to hold in confidence, not disclose, and not use the Software or the Content Updates except as expressly permitted herein. The provisions of this Section 8.2 will survive termination or expiration of this Agreement for any reason. 8.3 Exclusions. Information will not be deemed Confidential Information hereunder if such information: (i) is known prior to receipt from the disclosing party, without any obligation of confidentiality; (ii) becomes known to the receiving party directly or indirectly from a source other than one having an obligation of confidentiality to the disclosing party; (iii) becomes publicly known or otherwise publicly available, except through a breach of this Agreement; or (iv) is independently developed by the receiving party. The receiving party may disclose Confidential Information pursuant to the requirements of applicable law, legal process or government regulation, provided that it gives the disclosing party reasonable prior written notice to permit the disclosing party to contest such disclosure, and such disclosure is otherwise limited to the required disclosure. 9. TERMINATION This Agreement or a Product Order Form may be terminated (a) by either party if the other party is adjudicated as bankrupt, or if a petition in bankruptcy is filed against the other party and such petition is not discharged within sixty (60) days of such filing, or (b) by either party if the other party materially breaches this Agreement or the Product Order Form and fails to cure such breach to such party's reasonable satisfaction within thirty (30) days following receipt of written notice thereof. Customer's license to use the Software shall also terminate upon the expiration of the applicable License Term. Upon any termination of this Agreement or a Product Order Form by Rapid7, all applicable licenses are revoked and Customer shall immediately cease use of the applicable Software and certify in writing to Rapid7 within thirty (30) days after termination that Customer has destroyed or returned to Rapid7 such Software and all copies thereof. Termination of this Agreement or a license granted hereunder shall not limit either party from pursuing any remedies available to it, including injunctive relief, or relieve Customer of its obligation to pay all fees that have accrued, have been paid, or have become payable by Customer hereunder. All provisions of this Agreement which by their nature are intended to survive the termination of this Agreement shall survive such termination. 10. INDEMNIFICATION 10.1 Indemnification. Rapid7 will defend and indemnify, at its own expense, any third party claim against Customer that arises due to a claim that the Software infringes any valid United States copyright or involves the misappropriation of a trade secret. Rapid7 will pay such damages or costs as are finally awarded against Customer or agreed to in settlement for such claim provided that Customer gives Rapid7: (a) written notice of any such claim or threatened claim within ten (10) days of Customer being made aware of the claim or threat; (b) sole control of the defense, negotiations and settlement of such claim; and (c) full cooperation in any defense or settlement of the claim (at Rapid7's cost). Rapid7 will not be liable for the settlement of a claim made without Rapid7's prior written consent. If Customer's use of the Software results in, or in Rapid7's opinion is likely to become subject to a claim of infringement or misappropriation, then Rapid7 will, at its sole option and expense, either: (i) obtain for the Customer the right to continue using the Software; (ii) replace or modify the Software so that it is non-infringing and substantially equivalent in function to, and interchangeable with, the infringing Software; or (iii) if options (i) and (ii) above cannot be accomplished despite the reasonable efforts of Rapid7, then Rapid7 may terminate Customer's rights to use the infringing Software. When option (iii) is elected, Rapid7 will refund all collected license fees under this Agreement for the infringing Software on a monthly declining straight-line basis over a forty-eight (48) month period from delivery. THE RIGHTS GRANTED TO CUSTOMER UNDER THIS SECTION 10 SHALL BE CUSTOMER'S SOLE AND EXCLUSIVE REMEDY FOR ANY ALLEGED INFRINGEMENT BY THE SOFTWARE OF ANY PATENT, COPYRIGHT OR OTHER PROPRIETARY RIGHT. 10.2 Exclusions. Rapid7 shall have no obligation under this Section 10 with respect to any claim of infringement or misappropriation based upon: (i) combination of the Software with products, programs or data not furnished by Rapid7 where, but for the combination, the claim would have been avoided; (ii) any modification of the Software not performed by Rapid7, if such claim would have been avoided by use of the unmodified Software; (iii) compliance by Rapid7 with Customer's custom requirements or specifications if and to the extent such compliance with Customer's custom requirements or specifications resulted in the infringement; or (iv) failure of Customer to use a replacement Software provided by Rapid7 to Customer in a timely manner to avoid such claim of infringement or misappropriation. 11. TECHNICAL SUPPORT AND PROFESSIONAL SERVICES 11.1 Maintenance and Support Services. Rapid7 offers multiple maintenance and support programs for the Software. The maintenance and support program selected by Customer shall be as set forth on the applicable Product Order Form and shall be further subject to Rapid7's maintenance and support policies, copies of which are located at http://www.rapid7.com/docs/customers-support-guidebook.pdf 11.2 Product-Related Professional Services. Rapid7 may provide Customer certain professional services, such as installation, configuration, consulting, training, and external scanning, if and as specified on a Product Order Form or a separate statement of work (SOW) executed by the parties. All changes to an SOW must be approved by both parties in writing. Unless otherwise provided on a Product Order Form or SOW, Customer is responsible for installing and configuring all Software. Rapid7 shall have sole discretion in staffing the professional services and may assign the performance of any portion of the professional services to any subcontractor; provided that Rapid7 shall be responsible for the performance of any such subcontractor. Customer shall designate at least one employee with knowledge of Customer's business and Rapid7's technology and services as its primary contact to be available for communication with Rapid7 in providing the professional services. Customer will cooperate with Rapid7, will provide Rapid7 with accurate and complete information, will provide Rapid7 with such assistance and access as Rapid7 may reasonably request, and will fulfill its responsibilities as set forth in this Agreement and the SOW or Product Order Form, as the case may be. Customer will have a non-exclusive, non-transferable license to use any deliverables or other work product developed by Rapid7 in the performance of the professional services and which is delivered to Customer, upon Customer's payment in full of all amounts due for such deliverables or work product. Rapid7 retains ownership of all information, software and other property owned by it prior to this Agreement or which it develops independently of this Agreement and all deliverables and work product compiled or developed by Rapid7 in the performance of the professional services. 12. GENERAL PROVISIONS 12.1. Miscellaneous. (a) This Agreement shall be construed in accordance with and governed for all purposes by the laws of the Commonwealth of Massachusetts, excluding its choice of law provisions; (b) this Agreement, along with the accompanying Product Order Forms constitutes the entire agreement and understanding of the parties hereto with respect to the subject matter hereof and supersedes all prior agreements and undertakings, both written and oral; (c) this Agreement and each Product Order Form may not be modified except by a writing signed by each of the parties; (d) in case any one or more of the provisions contained in this Agreement shall for any reason be held to be invalid, illegal or unenforceable in any respect, such invalidity, illegality or unenforceability shall not affect any other provisions of this Agreement but this Agreement shall be construed as if such invalid, illegal or other unenforceable provision had never been contained herein; (e) Customer shall not assign its rights or obligations hereunder without Rapid7's advance written consent; (f) subject to the foregoing subsection (e), this Agreement shall be binding upon the and shall inure to the benefit of the parties hereto and their successors and permitted assigns; (g) no waiver of any right or remedy hereunder with respect to any occurrence or event on one occasion shall be deemed a waiver of such right or remedy with respect to such occurrence or event on any other occasion; and (h) the headings to the sections of this Agreement are for ease of reference only and shall not affect the interpretation or construction of this Agreement.. 12.2. Export. Customer acknowledges that the export, re-export, deemed export, and import of the Software and Documentation is subject to certain laws, rules, Executive Orders, directives, arrangements, and regulations ("laws") of the United States and of other countries. These laws apply to Customer. Customer will not violate these laws. Without limitation, Customer agrees that the Software, Documentation, or any direct or indirect product thereof, must not be exported, re-exported, transferred by download or otherwise, directly or indirectly into (i) Cuba, Iran, Northern Sudan, North Korea, Syria, or into any other country embargoed by the United States, or to (ii) anyone on the United States Treasury Department's list of Specially Designated Nationals or the United States Commerce Department's Table of Denial Orders, or to (iii) any end user or for any end use in violation of any United States Executive Order, policy, embargo, or laws, without first obtaining the required licenses or authorizations from the United States Government. Customer will not allow the Software, related Documentation, or the underlying technology to be used for any purpose prohibited by United States laws, including, without limitation, for the development, design, manufacture, proliferation, or production of nuclear, chemical, biological or any weapons of mass destruction. Further, Customer represents that it is not a national, resident, or under the control of the government of Cuba, Iran, Northern Sudan, North Korea, Syria, or any country to which the United States has prohibited export of the Software or Documentation and that it is not listed on the United States Department of Treasury lists of Specially Designated Nationals, Specially Designated Terrorists, Specially Designated Narcotic Traffickers, or on the United States Department of Commerce Table of Denial Orders. Customer acknowledges that, with regard to Metasploit, an export license from the Bureau of Industry and Security is required to provide the Software or Documentation to any "government end-user" in any country that is not listed as a Supplement No. 3, Favorable Treatment Country, in accordance with 740.17(b)(2) of the Export Administration Regulations which identifies certain categories of encryption products that are "restricted" for purposes of License Exception ENC. Customer shall indemnify, hold harmless, and defend Rapid7, including the payment of all reasonable attorney's fees and court costs, against any claims or losses related to Customer's failure to conform to any and all of these requirements and obligations contained in Section 12.2. 12.3. Data Privacy. To the extent that Rapid7 processes personal data about any living individual ("Data") in the course of providing the Services, it will do so only as a data processor acting on behalf of Customer (as data controller) and in accordance with the requirements of this Agreement. Rapid7 will process the Data in accordance with Customer's lawful instructions and will not (i) assume any responsibility for determining the purposes for which and the manner in which the Data is processed or (ii) process the Data for its own purposes (other than for aggregated, analytical purposes which the Customer hereby authorizes). Rapid7 will have in place and maintain throughout the term of this Agreement appropriate technical and organizational measures to protect the Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and against all other unlawful forms of processing. In this Section, the terms "controller", "processor" and "personal data" will bear the meanings given to them in European Union Data Protection Directive 95/46/EC. 12.4. Compliance with Law. Customer acknowledges that the Software can be configured by the user to obtain access to information using penetration techniques that may cause disruption in systems or services and may cause data corruption. Denial of Service attacks may be run on command that will attempt to render systems and services unavailable to authorized users. Customer specifically agrees that the Software will only be used to target devices under the authorized control of the Customer and in a way in which damage to systems or loss of access or loss of data will create no liability for Rapid7 or any third party. Customer further agrees to strictly comply with all federal, state and local laws and regulations governing the use of network scanners, vulnerability assessment software products, hacking tools, encryption devices, and related software in all jurisdictions in which systems are scanned or scanning is controlled. 12.5. Government Restricted Rights. This Section 12.5 applies to all acquisitions of the Software by or for the federal government, or by any prime contractor or subcontractor (at any tier) under any contract, grant, cooperative agreement or other activity with the federal government. The Software was developed at private expense and is Commercial Computer Software, as defined in Section 12.212 of the Federal Acquisition Regulation (48 CFR 12.212 (October 1995)) and Sections 227.7202-1 and 227.7202-3 of the Defense Federal Acquisition Regulation Supplement (48 CFR 227.7202-1, 227.7202-3 (June 1995)). Accordingly, any use, duplication or disclosure by the Government or any of its authorized users is subject to restrictions as set forth in this standard license agreement for the Software. If for any reason, Sections 12.212, 227.7202-1 or 227.7202-3 are deemed not applicable, then the Government's rights to use, duplicate or disclose the Software are limited to "Restricted Rights" as defined in 48 CFR Section 52.227-19(c)(1) and (2) (June 1987), or DFARS 252.227-7014(a)(14) (June 1995), as applicable. If this Agreement fails to meet the government's needs or is inconsistent in any respect with Federal law, the government agrees to return the Software, unused, to Rapid7. Manufacturer is Rapid7 LLC, 100 Summer Street, Boston, MA 02110. 12.6. Relationship of the Parties. Rapid7 and Customer are independent contractors, and nothing in this Agreement shall be construed as making them partners or creating the relationships of employer and employee, master and servant, or principal and agent between them, for any purpose whatsoever. Neither party shall make any contracts, warranties or representations or assume or create any obligations, express or implied, in the other party's name or on its behalf. 12.7. Force Majeure. Except for the obligation to make payments, nonperformance of either party shall be excused to the extent that performance is rendered impossible by strike, fire, flood, governmental acts or orders or restrictions, failure of suppliers, or any other reason where failure to perform is beyond the reasonable control of the non-performing party. 12.8. No reliance. Customer represents that it has not relied on the availability of any future version of the purchased product or any future product in executing this Agreement or placing any orders hereunder. 12.9. Third Party Software. Customer acknowledges that the Software may contain or be accompanied by certain third party hardware and software products or components ("Third-Party Products"). Additional information about Third-Party Products may be set forth in a text file, installation file or similar file or folder accompanying the Software, and/or in the Product Order Form, as applicable ("Third-Party Notices"). The Third-Party Notices may include important licensing and warranty information and disclaimers. Customer acknowledges that Section 10 of this Agreement shall not be applicable to the Third-Party Products. 12.10. Publicity. Customer acknowledges that Rapid7 may use Customer's name and logo for the purposes of identifying Customer as a customer of Rapid7 products and/or services, including in Rapid7's quarterly press releases highlighting new customer engagements. 12.11. Notices. Any demand, notice, consent, or other communication required by this Agreement must be given in writing and shall be deemed delivered upon receipt when delivered personally or upon confirmation of receipt following delivery by a nationally recognized overnight courier service, in each case addressed to the receiving party at its address set forth on the applicable Product Order Form. Either party may change its address by giving written notice of such change to the other party.