Truvantis, Inc (“Truvantis”) and every person or organization receiving products or services from Truvantis (“Client”) (collectively “Party” or “Parties”) agree to the following general terms of service (“Terms”), which supersede all prior terms and shall govern this agreement and any subsequent statements of work that are collectively referred to herein as the “Agreement”:
- Services. Truvantis and client agree that the services specified in this Agreement are complete and exclusive agreement of the Parties with respect to the subject matter hereof and supersedes and merges all prior discussions between the Parties.
- Statements of Work. Client may add additional services under these Terms in one or more Statements of Work (“SOW”), which will be issued in the same form as a Proposal except with the omission of these Terms. Each SOW shall be sequentially numbered and describe the particulars of the additional services.
- Term of Agreement. This Agreement shall be effective upon purchasing a workshop online or by mutual signing of a proposal (“Execution”). Unless specified otherwise in this Agreement, these Terms shall remain in effect for either the length specified in the Agreement or an initial one (1) year term, whichever is later, and shall thereafter automatically renew itself for successive periods of one year each, unless earlier terminated by Thirty (30) day advance notice by either Party or as otherwise permissible under these terms. Termination with advance notice shall be applicable as of the first day of the month following the 30th day of the advance notice period. Termination of this Agreement for any reason shall not discharge obligations incurred hereunder and amounts unpaid at the time of such termination. Client shall pay Truvantis for all services rendered prior to the effective date of termination. Upon the termination, the Customer shall promptly return to Truvantis any equipment, confidential information, materials, or other property of the Truvantis that are in Client’s possession or control. For subscription services, the service may be terminated in accordance with this Section after the initial three (3) months. Subscription service Clients may increase or decrease the level of subscription service at any time. Increases in subscription service take effect as soon as Truvantis is able to increase staffing. Decreases in subscription service will be effective at the beginning of the month following the month in which notice is given.
- Change Orders. No modification of this Agreement, nor any waiver of any rights under this Agreement will be effective unless in a written Change Order signed by both Parties.
- Security Testing. Unless otherwise agreed, any security testing will be performed during regular Truvantis business hours. Client will provide a list of stakeholders that must sign-off on any testing schedule. This may include internal staff along with external service providers. Client takes responsibility for notifying such external service providers and obtaining the necessary permissions for testing and scans, if required.
- Truvantis Equipment and Staff. Should any network security testing equipment be leased or loaned to the Client by Truvantis for the performance of these tests and not be returned within the agreed timeframe, the equipment will be considered leased to the Client at a rate of $1,000 per month until it is returned. Note that such test equipment may be leased by prior arrangement at a fraction of that cost. Truvantis may, from time to time, include locally or remotely initiated scanning and testing. The Client acknowledges that such testing entails inherent known and unknown risks and dangers to Client’s information systems, data and business operations, Client approves and authorizes all such scanning and testing and Client agrees to defend, indemnify and hold harmless Truvantis for any loss or liability that may arise from such scanning and testing. Truvantis may from time to time deploy staff onsite at the agreed Client facility. Two seats/desks/cubes will be made available along with Internet connection for Truvantis' staff use. Truvantis staff will either use Truvantis issued laptops or Client issued devices at Client's choice. Client will provide key and/or badge access to Truvantis staff assigned to the Client. Client acknowledges that Truvantis recruits, trains, employs and/or contracts with security and privacy professionals ("Professionals") in order for Truvantis to provide services for under this Agreement to Client, and that this is a costly and time-consuming endeavor ("Endeavors"). Should Client elect, prior to or within the two (2) years following the later of the termination of this Agreement or any extension to this Agreement, to directly or indirectly employ any Professionals who have provided such services to Client through Truvantis, Client agrees that it will first pay Truvantis the sum of $90,000.00 per Professional, which both Parties hereby agree accurately reflects the reasonable value of Truvantis ' Endeavors. This provision will survive any termination of these Terms.
- Client Equipment. Should any Client equipment be sent to Truvantis for forensic testing or other services, Client will pick up such equipment or provide an address and payment for shipping costs so that equipment can be returned, within thirty (30) days of Truvantis providing notice that services are complete. If Client does not retrieve equipment or arrange for its return, Truvantis may charge $50 per day for secure storage of this device, or may arrange for its disposal, at Truvantis’ sole discretion.
- Invoices. Client agrees to pay all invoices in full as set forth in the applicable invoice, but in any event no later than thirty (30) days from the date the invoice is sent, unless otherwise agreed in writing. Client is responsible for the cost of all Truvantis travel and other Truvantis incurred expenses in performing services. Client agrees, at its own expense, to operate in full compliance with all governmental laws, regulations and requirements applicable to Client and the duties conducted hereunder. Subscription services are invoiced monthly with payment due in advance of each month of service. Prior to Truvantis commencing the first month of a subscription service, the initial invoice sent upon signing the Agreement must be paid in full. Invoices for the second month of subscription service, which is sent along with the initial invoice upon signing the Agreement, must be paid in full prior to Truvantis commencing the second month of subscription services. Thereafter, all subscription service invoices shall be paid in full no later than thirty (30) days from the date the invoice is sent.
- Relationship. Truvantis' relationship with Client will be that of an independent contractor, and nothing should be construed to create a partnership, joint venture, or employer-employee relationship. Truvantis is not legal counsel, and it cannot and does not provide legal advice. Any conversations or communications with Truvantis’ representatives are not to be considered legal opinions. Any documents provided by Truvantis should not be relied on as legal advice or as legally compliant. Truvantis advises Client to consult its own legal counsel regarding Client’s legal obligations.
- Intellectual Property. This is not a work-for-hire Agreement. The copyright in all deliverables created hereunder for Client shall belong to Truvantis. All intellectual property rights in all pre-existing works and derivative works of such pre-existing works and other deliverables and developments made, conceived, created, discovered, invented or reduced to practice in the performance of the Services hereunder are and shall remain the sole and absolute property of
Truvantis, subject to a worldwide, non-exclusive license to Client for its internal use as intended under this Agreement, and Truvantis retains all moral rights therein. This Agreement does not grant Client any license to any of Truvantis’ products, which products must be separately licensed. Truvantis may subcontract its obligations and rights to a third-party.
- Fees and Expenses. Unless otherwise agreed in writing, service fees will be fixed for the first year and will be increased at a rate of 2-6% annually upon automatic renewal of this Agreement as specified in Section 3 (Term of Agreement). Clients will receive 60 days of advance notice of service fee increases. If Truvantis incurs any costs, expenses, or fees, including reasonable attorney’s fees and professional collection services fees, in connection with the collection or payment of any amounts due it, Client agrees to reimburse Truvantis for all such costs, expenses and fees. If Truvantis determines, at its sole discretion, that a Client abandons or does not sufficiently participate in the engagement, Truvantis may immediately terminate this Agreement and provide any deliverables as is. Upon such termination, client agrees to pay all amounts due for the engagement and waive any further performance by Truvantis. If Client requests any delay in performance by Truvantis and Truvantis, at its sole discretion, agrees to such delay, Client agrees to pay a prorated invoice for all work performed up to the point of delay, as well as a 10% surcharge on the total amount for the engagement.
- Governing Law and Venue. This Proposal will be governed and construed in accordance with the laws of the State of California. Both Parties hereby expressly and irrevocably consent to the exclusive personal jurisdiction of the state.
- Dispute Resolution. Any dispute, controversy or claim arising out of or related in any manner to services provided by Truvantis, except controversies involving less than $2,500, which cannot be amicably resolved by the Parties, shall be solely and finally settled by arbitration administered by the American Arbitration Association in accordance with its commercial arbitration rules. Judgment on the award rendered by the arbitrator may be entered in any court having jurisdiction thereof. The arbitration shall take place before an arbitrator sitting in California, Santa Clara County. The language of the arbitration shall be English. The arbitrator will be bound to adjudicate all disputes in
accordance with the laws of the State of California. The decision of the arbitrator shall be in writing with written findings of fact and shall be final and binding on the Parties. The arbitrator shall be empowered to award money damages, but shall not be empowered to award consequential damages, indirect damages, incidental damages, special damages, exemplary, punitive damages or specific performance. Each Party shall bear its own costs relating to the arbitration proceedings irrespective of its outcome. This section provides the sole recourse for the settlement of any disputes arising out of, in connection with, or related to this Agreement, except that either Party may seek a preliminary injunction or other injunctive relief in any court of competent jurisdiction if in its reasonable judgment such action is necessary to avoid irreparable harm.
- WARRANTY. THE WARRANTY SET FORTH IN THIS SECTION IS EXCLUSIVE AND IS IN LIEU OF ALL OTHER WARRANTIES, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE WITH RESPECT TO THE SERVICES, WORK PRODUCT OR DELIVERABLES PROVIDED UNDER THIS PROPOSAL, OR AS TO THE RESULTS WHICH MAY BE OBTAINED THEREFROM. TRUVANTIS DISCLAIMS ALL IMPLIED WARRANTIES INCLUDING, BUT NOT LIMITED TO, THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PURPOSE, OR AGAINST INFRINGEMENT. TRUVANTIS SHALL NOT BE LIABLE FOR ANY SERVICES OR WORK PRODUCT OR DELIVERABLES PROVIDED BY THIRD PARTY VENDORS IDENTIFIED OR REFERRED TO THE CLIENT BY TRUVANTIS DURING THE TERM OF THIS AGREEMENT. CLIENT’S EXCLUSIVE REMEDY FOR BREACH OF THIS WARRANTY IS REPERFORMANCE OF THE SERVICES, OR IF REPERFORMANCE IS NOT POSSIBLE OR CONFORMING, REFUND OF AMOUNTS PAID UNDER THIS AGREEMENT FOR SUCH NON-CONFORMING SERVICES. THE SERVICES, WORK PRODUCT OR DELIVERABLES PROVIDED UNDER THIS AGREENMENT ARE DELIVERED "AS IS", AND TRUVANTIS SHALL NOT BE LIABLE FOR ANY INACCURACY THEREOF. TRUVANTIS DOES NOT WARRANT THAT PERFORMANCE OF ANY SERVICE SHALL BE UNINTERRUPTED OR ERROR-FREE, OR THAT ALL ERRORS IN THE SERVICES OR WORK PRODUCT SHALL BE CORRECTED. ANY TRUVANTIS RECOMMENDATIONS ARE FOR GUIDANCE ONLY AND CLIENT IS RESPONSBILE FOR DETERMINING THE SUFFICIENCY OF ANY PROPOSED RESOLUTION. EXCEPT FOR THE PARTIES INDEMNIFICATION OBLIGATIONS UNDER OF THIS AGREEMENT, IN NO EVENT SHALL EITHER PARTY BE LIABLE UNDER THIS AGREEMENT TO THE OTHER PARTY FOR ANY INCIDENTAL, CONSEQUENTIAL, INDIRECT, STATUTORY, SPECIAL, EXEMPLARY OR PUNITIVE DAMAGES, INCLUDING, BUT NOT LIMITED TO, LOST PROFITS, LOSS OF USE, LOSS OF TIME, INCONVENIENCE, LOST BUSINESS OPPORTUNITIES, DAMAGE TO GOOD WILL OR REPUTATION, AND COSTS OF COVER, REGARDLESS OF WHETHER SUCH LIABILITY IS BASED ON BREACH OF CONTRACT, TORT, STRICT LIABILITY OR OTHERWISE, AND EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR SUCH DAMAGES COULD HAVE BEEN REASONABLY FORESEEN. SUBJECT TO THE CLIENT’S OBLIGATION TO PAY THE FEES TO TRUVANTIS, EACH PARTY’S ENTIRE AGGREGATE LIABILITY FOR ANY CLAIMS RELATING TO THE SERVICES OR THIS PROPOSAL SHALL NOT EXCEED THE FEES PAID OR PAYABLE BY THE CLIENT TO TRUVANTIS UNDER THIS AGREEMENT IN THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENTS GIVING RISE TO SUCH LIABILITY. THIS SECTION SHALL SURVIVE THE TERMINATION OF THE AGREEMENT. NO ACTION SHALL BE BROUGHT FOR ANY CLAIM RELATING TO OR ARISING OUT OF THIS PROPOSAL MORE THAN ONE (1) YEAR AFTER THE ACCRUAL OF SUCH CAUSE OF ACTION, EXCEPT FOR MONEY DUE ON AN OPEN ACCOUNT.
- Waiver. No waiver of any term or right in this Agreement shall be effective unless in writing, signed by an authorized representative of the waiving Party. The failure of either Party to enforce any provision of this Agreement shall not be construed as a waiver or modification of such provision, or impairment of its right to enforce such provision or any other provision of this Agreement thereafter. By accepting services from Truvantis, Client knowingly and voluntarily agrees that it intends to forever waive any right to maintain any lawsuit or action against Truvantis based on any claim of loss or damage arising from or related to any products or Services provided by Truvantis. Client agrees that it has had sufficient opportunity to read and understand this Agreement and consult with legal counsel or has voluntarily waived its right to do so, and knowingly and voluntarily agrees to be bound by all Terms set forth in the Agreement.
- Confidential Information. Should Parties enter into a separate confidentiality agreement prior to or at the time of entering into this Agreement, then the terms of that confidentiality agreement shall
supersede the remaining portions of this Section 16, except for PCI clients subject to the PCI section of this Agreement, which contains PCI specific terms that may override some provisions of this Section 16 and any separate confidentiality agreement. The Parties acknowledge that by reason of their relationship to the other hereunder, each may disclose or provide access (the "Disclosing Party") to the other Party (the "Receiving Party") certain Confidential Information. “Confidential Information” shall include all nonpublic information of any type or character that is either disclosed, directly or indirectly, before or after Execution, to the Receiving Party or with which the Receiving Party comes into contact or is provided access to in connection with the Purpose or which is in any way related to the Disclosing Party. Confidential Information does not include information that is public or becomes public through no fault of the Receiving Party, is independently developed by the Receiving Party without the use of the Disclosing Party’s Confidential Information, is rightfully in the possession of the Receiving Party prior to its receipt from the Disclosing Party, or is disclosed with
prior written consent of the Disclosing Party. All Confidential Information shall remain the property of the Disclosing Party and shall only be used by the Receiving Party to facilitate performance of its obligations under this Agreement. Until Confidential Information becomes publicly known through no action or inaction of the Receiving Party, the Receiving Party shall maintain strict confidence and protect Confidential Information received pursuant to this Agreement using the same standard of care which it uses to protect and safeguard its own Confidential Information of a like nature, but no less than a reasonable degree of care. If the Receiving Party is requested to disclose any Confidential Information and upon the advice of legal counsel such disclosure is deemed required by law, then the Receiving Party shall provide the Disclosing Party with prompt written notice of such request prior to making any disclosure so that the Disclosing Party may seek a protective order or other appropriate relief. The Receiving Party shall fully assist the Disclosing Party in its lawful efforts to resist, narrow, or eliminate the need for the requested disclosure. If disclosure is nonetheless required, the Receiving Party shall use its best efforts to obtain a binding assurance that confidential treatment shall be afforded to any portion of the Confidential Information that it is required to be disclosed and shall only furnish that portion of the Confidential Information which it is advised by its legal counsel must be provided pursuant to such request.
- PCI. Clients engaging Truvantis for QSA services agree that each ROC, Attestation of Compliance, and other related or similar reports or other Confidential Information gathered by Truvantis (PCI Information) in connection with its service as the QSA on behalf of Client may be disclosed to the PCI SSC or Participating Payment Brands as requested by Client or the PCI SSC. Client agrees to grant to Truvantis all appropriate rights, licenses, and permissions to allow disclosure of PCI Information and to make available that PCI Information to facilitate Truvantis’ commitments to the PCI SSC or Participating Payment Brand may reasonably request from time to time. Truvantis, as the QSA, may disclose PCI Information as necessary to comply with its obligations and requirements as a QSA. Payment Brands receiving PCI Information may, on an as needed basis, disclose that information to other Payment Brands’ respective Financial Institutions, issuers, relevant governmental, regulatory, and law enforcement inspectors that the Participating Payment Brand has received a ROC, report, and other related information pertaining to Client specifically and whether such report was satisfactory.
- Force Majeure. Neither Party shall be liable hereunder for any failure or delay in the performance of its obligations under this Agreement, except for the payment of money, if such failure or delay is on account of causes beyond its reasonable control, including civil commotion, war, fires, floods, accident, earthquakes, inclement weather, telecommunications line failures, electrical outages, network failures, governmental regulations or controls, casualty, strikes or labor disputes, terrorism, acts of God, pandemics or other similar or different occurrences beyond the reasonable control of the Party so defaulting or delaying in the performance of this Agreement, for so long as such force majeure event is in effect. Each Party shall use reasonable efforts to notify the other Party in writing of the occurrence of such an event within five (5) business days of its occurrence.
- Severability. If any provision or portion of this Agreement shall be rendered by applicable Law or held by a court of competent jurisdiction to be illegal, invalid, or unenforceable, the remaining provisions or portions shall remain in full force and effect.