These Service Terms and Conditions (“Agreement”) constitute a contract between Duo Security, Inc. with offices at 123 North Ashley Street, Suite #200, Ann Arbor, MI 48104 (“Duo Security”), and you. This Agreement includes and incorporates the webpage Order Form with which Customer purchased the Services and any subsequent Order Forms (submitted in written or electronic form). By accessing or using the Services, you agree to be bound by this Agreement. If you are entering into this Agreement on behalf of a company, organization or other entity, you represent that you have such authority to bind such entity and are agreeing to this Agreement on behalf of such entity. If you do not have such authority to enter into this Agreement or do not agree with these terms and conditions, you may not use the Services.
1.1 “Customer” means the customer that has signed up for the Services and agreed to the terms of this Agreement.
1.2 “Customer Data” means any information or data about Customer or Users (and its and their staff, customers or suppliers, as applicable), that is supplied to Duo Security by or on behalf of Customer or any User in connection with the Services, or which Duo Security is required to access, generate, process, store or transmit pursuant to this Agreement, including (without limitation) information about Customer’s and Users’ respective devices, computers and use of the Services. Customer Data shall not be deemed to include any Performance Data.
1.3 “Customer Personal Data” means any Customer Data that is personal data (as defined under the applicable Data Protection Laws).
1.4 “Data Protection Laws” means any applicable data protection laws, regulations and legally binding codes of practice from time to time in force applicable to the performance of a party’s obligations under this Agreement, including (without limitation) in the EU, EC Directive 95/46/EEC, EC Directive 2002/58/EC, and any implementing legislation in the jurisdiction in which the Customer is located (for example the Data Protection Act 1998 and Privacy and Electronic Communications (EC Directive) Regulations 2003 in England and Wales, the German Federal Data Protection Act in Germany, and the “Computer and Liberties” Act dated 6 January 1978, as amended, in France) and any legislation which is analogous to and has the same object as the foregoing, namely the control and protection of data which are personal to individuals.
1.5 “Documentation” means guides, instructions, policies and reference materials provided to Customer by Duo Security in connection with the Services, including the documentation located at https://www.duo.com/docs, which may be amended from time to time.
1.6 “Duo Mobile Software” means all Duo Security proprietary mobile applications used in providing the Services, and any updates, fixes or patches developed from time to time.
1.7 “Fees” means the applicable fees as set forth on the Order Form.
1.8 “Hardware Tokens” mean hardware security tokens purchased by Customer under an Order Form.
1.9 “Integration Software” means (i) Duo Security proprietary software and (ii) open source software used in providing the Services which integrates with Customer’s network or application, including SSL or other VPN, Unix operating system, Microsoft application, or web application, as provided in the Documentation and any updates, fixes or patches developed from time to time.
1.10 “Intellectual Property Rights” means all patents, registered designs, unregistered designs, design rights, utility models, semiconductor topography rights, database rights, copyright and other similar statutory rights, trade mark, service mark and any know how relating to algorithms, drawings, tests, reports and procedures, models, manuals, formulae, methods, processes and the like (including applications for any of the preceding rights) or any other intellectual or industrial property rights of whatever nature in each case in any part of the world and whether or not registered or registerable, for the full period and all extensions and renewals where applicable.
1.11 “Order Form(s)” means the invoice or other forms from Duo Security for the initial order for the Service, and any subsequent invoice or other forms from Duo Security (submitted in written form or online), specifying, among other things, the maximum number of Users, initial Term, purchase of any Hardware Tokens, Fees, Telephony Credits (if any), and such other charges and terms as agreed between the parties.
1.12 “Payment Schedule” means the schedule selected by Customer for payment of Fees (on either an order webpage or an attached Order Form), which may be either monthly by credit card or annually or multi-year and invoiced in advance, with payment due within thirty (30) days of receipt of invoice.
1.13 “Performance Data” means any and all aggregate, de-identified data relating to the access or use of the Services by or on behalf of Customer or any User, including any performance, analytics or statistical data, that Duo Security may collect from time to time.
1.14 “Services” means the products and services that are ordered by or made available to Customer under a free trial or an Order Form (including, where applicable, the Software, Hardware Tokens and services using only the Duo Mobile Software) and made available online by Duo Security, including associated offline components, as described in the Documentation.
1.15 “Service Level Agreement” or “SLA” means the description of support provided to Customers and its Users and of the availability of the Services, which descriptions may be found at: https://www.duo.com/sla.
1.16 “Software” means the Integration Software and Duo Mobile Software.
1.17 “Telephony Credits” mean credits for Customer’s Users to provide authentication by telephone or SMS.
1.18 “Term” means the subscription term indicated on the Order Form and any subsequent renewal terms.
1.19 “User” means any user of the Services whom Customer may authorize to enroll to use the Services under the terms of this Agreement.
SERVICES FOR CUSTOMER; DUO SECURITY OBLIGATIONS
2.1 Subject to and conditioned on Customer’s payment of Fees and full compliance with all other terms and conditions of this Agreement, Duo Security grants Customer and Users a non-exclusive, non-sublicensable, non-transferrable license to access and use the Services, along with such Documentation as Duo Security may make available during the Term. Duo Security Services are provided for commercial use only, not for private use.
2.2 The Services and SLA are subject to modification from time to time at Duo Security’s sole discretion, provided the modifications do not materially diminish the functionality of the Services provided by Duo Security and the Services continue to perform according to the description of the Services specified in Section 2.3 in all material aspects. Customer shall have the right to terminate the Agreement pursuant to Section 10.2 without any penalty if (i) a material modification to the Services or the SLA is made which materially diminishes the functionality of the Services or materially diminishes the SLA, (ii) Duo Security has not obtained Customer’s consent for such modifications and (iii) Duo Security does not provide a remedy in the cure period stated in Section 10.2.
2.3 Duo Security will make the Services available and the Services will perform substantially in accordance with the description of the services found at https://www.duo.com/pricing. Notwithstanding the foregoing, Duo Security reserves the right to suspend Customer’s (or any User’s) access to the Services: (i) for scheduled or emergency maintenance, (ii) in the event Customer is in breach of this Agreement, including failure to pay any amounts due to Duo Security, and fails to correct that breach within the applicable cure period, (iii) in the event that Customer breaches Section 4 or Section 7 of this Agreement, (iv) as it deems reasonably necessary to respond to any actual or potential security concerns, or (v) based on Duo Security’s reasonable belief that Customer’s or its Users’ use of the Services is excessive, interfering with use by other customers and users or violating applicable laws, rules or regulations.
2.4 For Customers enrolled in one of the editions of Services requiring purchase, subject to full compliance with the terms and conditions of this Agreement, Duo Security will use commercially reasonable efforts to provide support to Customer as described in the Service Level Agreement. The SLA shall apply only with respect to Customers who have enrolled in one of the editions of Services requiring purchase. In the event that Customer earns 15 days of service credits, determined in accordance with the terms of the Service Level Agreement, in each of three consecutive months, Customer may terminate this Agreement and, as its sole and exclusive remedy, receive a refund of any pre-paid subscription Fees paid by Customer to Duo Security for Services not rendered as of the termination date. Certain parts of the Services or types of Services provided by Duo Security are free to use and do not require payment (“Free Services”). The SLA shall not apply with respect to Customers who use only Free Services and, without limitation, such Customers will not receive any support from Duo Security.
3.1 Customer may only use the Services in accordance with the Documentation and as explicitly set forth in this Agreement. Customer will cooperate with Duo Security in connection with the performance of this Agreement as may be necessary, which may include making available such personnel and information as may be reasonably required to provide the Services or support. Customer is solely responsible for determining whether the Services are sufficient for its purposes, including but not limited to, whether the Services satisfy Customer’s legal and/or regulatory requirements.
3.2 Use of the Services may require Users to install Duo Mobile Software on their mobile devices, which use shall be subject to this Agreement. Third party terms may apply with respect to third party products and software accessible via the Services and devices using third party operating systems or software or in the event that Duo Mobile Software is downloaded from third party sites (collectively, “Third Party Services”). Customer’s access and use of Third Party Services is governed solely by the terms and conditions of such Third Party Services. Duo Security does not endorse, is not responsible or liable for, makes no representations or warranties and provides no indemnification with respect to any aspect of the Third Party Services. Customer agrees to waive any claim against Duo Security with respect to the Third Party Services. Duo Security is not liable for any damage or loss caused or alleged to be caused by or in connection with enablement, access or use of any such Third Party Services, or Customer’s reliance on the privacy practices, data security processes or other policies of such Third Party Services. Duo Security does not provide customer support or assistance with respect to the Third Party Services. Users may be required to register for or log into such Third Party Services on their respective websites or apps.
3.4 Customer will be fully responsible for Users’ compliance with this Agreement and any breach of this Agreement or such other terms by a User shall be deemed to be a breach by Customer.
3.5 There will be no force or effect given to any different or additional terms contained in any purchase order or similar form issued by either party, even if signed by the parties after the date hereof unless such terms are included in an amendment in accordance with the terms of Section 14.3 of this Agreement. Each party’s acceptance of this Agreement was and is expressly conditional upon the other’s acceptance of the terms contained in the Agreement to the exclusion of all other terms.
Customer will not, and will not permit any Users nor any third party to: reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas or algorithms of the Services, Software, Hardware Tokens or any data related to the Services (except to the extent such prohibition is contrary to applicable law that cannot be excluded by the agreement of the parties); modify, translate, or create derivative works based on the Services or Software; share, rent, lease, loan, resell, sublicense, distribute, use or otherwise transfer the Services or Software for timesharing or service bureau purposes or for any purpose other than its own use; or use the Services or Software other than in accordance with this Agreement and in compliance with all applicable laws and regulations (including but not limited to any European privacy laws and intellectual property laws).
PAYMENT OF FEES
5.1 Customer will pay Duo Security the Fees plus all applicable sales, use and other purchase related taxes (or provide Duo Security with a valid certificate of exemption from the requirement of paying sales, use or other purchase related taxes) in accordance with the payment terms set forth on the Order Form. Except as otherwise indicated in the applicable Order Form, all fees and expenses shall be in U.S. dollars. Unpaid and due Fees are subject to a finance charge of one percent (1.0%) per month, or the maximum permitted by law, whichever is lower, plus all expenses of collection, including reasonable attorneys’ fees, except to the extent applicable law requires a different interest or finance charge calculation for unpaid and due Fees and expenses. In the case of any withholding requirements, Customer will pay any required withholding itself and will not reduce the amount paid to Duo Security on account thereof. If the method of payment is by credit card, Customer agrees to (i) keep Customer’s credit card information updated and (ii) authorize Duo Security to charge Customer’s credit card the Fees when due. Duo Security will not charge users any fees for their use of the Services or Duo Mobile Software without Customer’s authorization. Users’ carriers or service providers may charge fees for data usage, messaging, phone calls or other services that are required for them to use the Services. All payments will be made in accordance with the Payment Schedule.
5.2 Customer’s Order Form will indicate an initial allotment of Telephony Credits, if applicable. Customer may purchase additional Telephony Credits separately via the billing section of Customer’s administrative interface or by contacting a sales representative. U.S. and international rates for telephony can be found at https://www.duo.com/docs/telephony_credits.
5.3 If a Customer uses only Free Services, Duo Security will not charge such Customer any Fees for use of such Free Services or download, installation or use of the Software associated with Free Services. Such Customer may discontinue using the Free Services at any time, but must immediately remove any Software from its devices.
5.4 At any time during the Term, and unless otherwise agreed to in writing by the parties, any increase or overage in the maximum number of Users specified in the Order Form will be treated in accordance with this Section 5.4 (a “Subscription Upgrade”). The maximum number of Users shall be increased as follows:
For Subscription Upgrades (i) for Customers where the maximum number of Users on the Order Form is fewer than 500 Users, the maximum number of Users will be increased automatically in increments equal to 50 Users, (ii) for Customers where the maximum number of Users on the Order Form is 500 - 1000 Users, the maximum number of Users will be increased automatically in increments equal to 100 Users, and (iii) for Customers where the maximum number of Users on the Order Form is 1001 or greater, the maximum number of Users will be increased automatically in increments equal to 250 Users.
Duo Security shall invoice Customer for the increase in the maximum number of Users at the subscription rate and payment terms specified in the most recent Order Form, which will be prorated for the remainder of the then applicable subscription Term. For any future subscription Term, the number of Users and applicable Fees will reflect any Subscription Upgrades.
6.1 The term “Confidential Information” means any information disclosed by one party (“Disclosing Party”) to the other party (“Receiving Party”) in any form (written, oral, etc.) that is marked as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of the disclosure, including, without limitation: trade secrets; information relating to the Services; technology and technical information (intellectual property, inventions, know-how ideas and methods); business, financial and customer information (including Customer Data and Customer Personal Data); pricing, forecasts, strategies and product development plans; and/or the terms of this Agreement. Each party understands that the Disclosing Party has or may disclose Confidential Information in connection with this Agreement, but that Receiving Party shall receive no rights in, or licenses to, such Confidential Information.
6.2 The Receiving Party agrees: (i) not to disclose Confidential Information to any third person other than those of its employees, contractors, advisors, investors and potential acquirers (“Representatives”) with a need to have access thereto and who have entered into non-disclosure and non-use agreements applicable to the Disclosing Party’s Confidential Information, and (ii) to use such Confidential Information solely as reasonably required in connection with the Services and/or this Agreement. Each party agrees to be responsible for any breach of this Agreement caused by any of its Representatives. The Receiving Party further agrees to take the same security precautions to protect against unauthorized disclosure or unauthorized use of such Confidential Information of the Disclosing Party that the party takes with its own confidential or proprietary information, but in no event will a party apply less than reasonable precautions to protect such Confidential Information. Each party acknowledges that the use of such precautions is not a guarantee against unauthorized disclosure or use. The Disclosing Party agrees that the foregoing will not apply with respect to any information that the Receiving Party can document: (a) is or becomes generally available to the public without any action by, or involvement of, the Receiving Party; or (b) was in its possession or known by it prior to receipt from the Disclosing Party; or (c) was rightfully disclosed to it without restriction by a third party; or (d) was independently developed without use of any Confidential Information of the Disclosing Party. Nothing in this Agreement will prevent the Receiving Party from disclosing Confidential Information as required in response to a request under applicable open records laws or pursuant to any judicial or governmental order, provided that, to the extent permitted by law, the Receiving Party gives the Disclosing Party reasonable prior notice to contest such disclosure. For the avoidance of doubt, Customer acknowledges that Duo Security utilizes the services of certain third parties in connection with the provision of the Services (such as data hosting and telephony service providers) and such third parties will have access to Customer’s Confidential Information, subject to compliance with this Section 6. The parties agree that Performance Data is not Confidential Information and will not be subject to any confidentiality restrictions or obligations.
6.3 Each party agrees that, upon the written request of the Disclosing Party, the Receiving Party will promptly return to the Disclosing Party, or provide written certification of the destruction of, all Confidential Information of the Disclosing Party, including all Confidential Information contained in internal documents, without retaining any copy, extract or summary of any part thereof. Notwithstanding the foregoing, a Receiving Party may retain copies of Confidential Information solely to the extent necessary for purposes of such party’s ordinary course internal document retention and backup requirements and procedures, provided that such Confidential Information shall remain subject to the terms and conditions of this Agreement for so long as it is retained.
6.4 Customer acknowledges that Duo Security does not wish to receive any Confidential Information from Customer that is not necessary for Duo Security to perform its obligations under this Agreement, and, unless the parties specifically agree otherwise, Duo Security may reasonably presume that any unrelated information received from Customer is not confidential or Confidential Information, unless such information is marked as “Confidential.”
INTELLECTUAL PROPERTY RIGHTS; OWNERSHIP
Except as expressly set forth herein, Duo Security alone (and its licensors, where applicable) will retain all Intellectual Property Rights relating to the Services or the Software or any suggestions, ideas, enhancement requests, feedback, recommendations or other information provided by Customer or any third party relating to the Services and/or the Software, which are hereby assigned to Duo Security. Customer will not copy, distribute, reproduce or use any of the foregoing except as expressly permitted under this Agreement. As between the parties, Duo Security owns all Performance Data. This Agreement is not a sale and does not convey to Customer any rights of ownership in or related to the Services or Software, or any Intellectual Property Rights.
8.1 In this Section 8, the terms “personal data,” “data processor,” “data subject,” “process and processing” and “data controller” shall be as defined in the applicable Data Protection Laws.
8.2 For the purposes of the Data Protection Laws, as between Customer and Duo Security, the parties agree that Customer shall at all times be the data controller and Duo Security shall be the data processor with respect to the processing of Customer Personal Data in connection with this Agreement.
8.3 By entering into this Agreement, Customer agrees that Duo Security may collect, retain and use certain Customer Personal Data (which may include, without limitation, names, mobile telephone numbers, IP addresses and email addresses of Users) in connection with the Services. As the data controller of such Customer Personal Data, Customer shall be responsible for ensuring that, and represents and warrants to Duo Security that it shall ensure that any processing of Customer Personal Data in connection with the Services shall comply with the Data Protection Laws. This shall include (without limitation) ensuring that Customer: (i) has given adequate notice and made all appropriate disclosures to the data subjects regarding Customer’s and Duo Security’s use and disclosure of Customer Personal Data, including (without limitation) for the provision of the Services; and (ii) has or obtains all necessary rights, and where applicable, all appropriate and valid consents from the data subjects to share such personal data with Duo Security and to permit use of Customer Personal Data by Duo Security for the purposes of the provision of the Services and performing its obligations under this Agreement or as may be required by applicable law, including (without limitation) notifying the data subject of the transfer of Customer Data outside of the European Economic Area to countries whose laws they have acknowledged may provide a lower standard of data protection than exists in the European Economic Area.
8.4 At the request of Customer, Duo Security and Customer shall negotiate a separate data processing agreement and/or model contract clauses setting forth each party’s obligations in respect of any processing of Customer Personal Data, which agreement and/or model contract clauses will be incorporated herein by reference once executed by the parties.
8.5 Customer acknowledges that Duo Security is reliant on Customer for direction as to the extent to which Duo Security is entitled to use and process Customer Data. Consequently, Duo Security will not be liable for any claim brought by a data subject to the extent that such action or omission resulted directly from Customer’s instructions. Customer undertakes to comply in all respects with any applicable laws, regulations, standards and guidelines applicable to personal data and shall use all reasonable endeavors to where possible anonymize personal data sent to Duo Security.
8.6. In accordance with applicable Data Protection Laws, Duo Security shall take all commercially reasonable measures to protect the security and confidentiality of Customer Personal Data against any accidental or illicit destruction, alteration or unauthorized access or disclosure to third parties. Duo Security will provide Customer with its security policy, upon request, that sets forth the technical specifications and the detailed measures taken to protect the security and confidentiality of Customer Personal Data.
8.7 Customer may, upon at least thirty (30) days prior notice, and no more than once per 12 month period, appoint an independent third party auditor to physically inspect and audit, at Customer’s sole cost and expense, any facilities owned or controlled by Duo Security in which Customer Personal Data is processed or stored, provided that such inspection: (i) shall occur on a mutually agreed upon date during Duo Security’s regular business hours; (ii) does not interfere with any of Duo Security’s business operations; and, (iii) does not, in Duo Security’s reasonable discretion, create any risk to the confidentiality, integrity, or availability of any data stored or processed by Duo Security. Prior to any audit, Customer, and any appointed auditor, must enter into a nondisclosure and confidentiality agreement as may be required by Duo Security.
For Customers enrolled in one of the editions of Services requiring purchase, Duo Security shall indemnify and hold Customer harmless from liability to third parties resulting from infringement by the Services of any patent or any copyright or misappropriation of any trade secret, provided Duo Security is promptly notified of any and all threats, claims and proceedings related thereto and given reasonable assistance and the opportunity to assume sole control over defense and settlement; Duo Security will not be responsible for any settlement it does not approve. The foregoing obligations do not apply with respect to portions or components of the Services (i) not created by Duo Security, (ii) resulting in whole or in part from Customer specifications, (iii) that are modified after delivery by Duo Security, (iv) combined with other products, processes or materials where the alleged infringement relates to such combination, (v) where Customer continues allegedly infringing activity after being notified thereof or after being informed of modifications that would have avoided the alleged infringement, or (vi) where Customer’s use of Services is not strictly in accordance with this Agreement and all related Documentation. If Duo Security receives information about an actual or alleged infringement or misappropriation claim that would be subject to indemnification rights set forth in this Section 9, Duo Security shall have the option, at its expense, to: (a) modify the Software to be non-infringing; or (b) obtain for Customer a license to continue using the Software. If Duo Security determines it is not commercially reasonable to perform either of the above options, then Duo Security may at its option elect to terminate the license for the Services and refund the unearned portion of any pre-paid subscription Fees, prorated on a monthly basis. THIS SECTION STATES CUSTOMER’S SOLE AND EXCLUSIVE REMEDY FOR INFRINGEMENT, MISAPPROPRIATION AND/OR CLAIMS ALLEGING INFRINGEMENT OR MISAPPROPRIATION. Customer will indemnify Duo Security from all damages, costs, settlements, attorneys’ fees and expenses related to any claim related to (I) infringement or misappropriation not otherwise subject to Duo Security’s indemnification obligation set forth in this Section 9 and (II) Customer’s breach of Section 3.3 relating to obtaining User consent, Section 4 “Restrictions,” Section 7 “Intellectual Property Rights; Ownership” or Section 8 “Data Protection.” Duo Security shall not provide any indemnification or other protections under this Section 9 to Customers who use only Free Services.
10.1 Subject to earlier termination as expressly provided for in this Agreement, the initial Term of this Agreement shall be for the Term specified in the Order Form, or in the event of multiple Order Forms, until the Term of all Order Forms has expired. Each Order Form and this Agreement shall automatically renew after the initial Term and any renewal Term for a renewal Term equal to the expiring subscription Term, unless either party provides to the other at least forty-five (45) days prior written notice that it will not renew. The Fees per User for each renewal Term will be equal to the Fees per User for the immediately prior Term plus a price increase. Any pricing increase will not exceed seven percent (7%) per year, unless the pricing was designated in the applicable Order Form as promotional or one-time; provided, however, the Fees for each renewal Term shall not exceed the list price as of the start date of such renewal Term.
10.2 In the event of any material breach of this Agreement by either party (other than Customer’s payment obligations), the nonbreaching party may terminate this Agreement prior to the end of the Term by giving thirty (30) days prior written notice to the breaching party; provided, however, that this Agreement will not terminate if the breaching party has cured the breach prior to the expiration of such thirty-day period. If Customer fails to pay any Fees or other amounts in the applicable Order Form, Duo Security may terminate this Agreement prior to the end of the Term by giving five (5) business days prior written notice to Customer; provided, however, that this Agreement will not terminate if Customer has paid all Fees and other amounts in the applicable Order Form prior to the expiration of such five business-day period.
10.3 Either party may terminate this Agreement, without notice, (i) upon the institution or if a petition is filed, notice is given, a resolution is passed or an order is made, in each case by or against the other party under any applicable laws relating to insolvency, administration, liquidation, receivership, bankruptcy or any other winding up proceedings, (ii) upon the other party’s making an assignment for the benefit of creditors or making a voluntary arrangement with its creditors, (iii) upon the other party’s dissolution or ceasing, or threatening to cease to do business or (iv) if any event occurs, or proceeding is instituted, with respect to the other party that has the equivalent or similar effect to any of the events mentioned in Section 10.3(i) through (iii). For Customers using Free Services, Duo Security may terminate this Agreement at any time with or without notice and Duo Security reserves the right to disable such Customers’ access to or use of the Services at any time with or without notice for any reason or no reason.
10.4 The Sections of this Agreement which by their nature should survive termination or expiration of this Agreement, including but not limited to Sections 3 through 14, will survive termination or expiration of this Agreement. No refund of Fees shall be due in any amount on account of termination by Duo Security pursuant to this Section 10. In the event of termination by Customer pursuant to this Section 10, Customer shall be entitled as its sole and exclusive remedy, to receive a refund of any pre-paid subscription Fees paid by Customer to Duo Security for Services not rendered as of the termination date. When this Agreement expires or terminates, Duo Security shall cease providing the Services to Customer.
WARRANTIES AND DISCLAIMER OF ADDITIONAL WARRANTIES
11.1 For Customers enrolled in one of the editions of Services requiring purchase, Duo Security represents and warrants that it will not knowingly include, in any Duo Security software released to Users and provided to Customer hereunder, any computer code or other computer instructions, devices or techniques, including without limitation those known as viruses, disabling devices, trojans, or time bombs, that intentionally disrupt, disable, harm, infect, defraud, damage, or otherwise impede in any manner, the operation of a network, computer program or computer system or any component thereof, including its security or User data. If, at any time, Duo Security fails to comply with the warranty in this Section 11.1, Customer may promptly notify Duo Security in writing of any such noncompliance. Duo Security will, within thirty (30) days of receipt of such written notification, either correct the noncompliance or provide Customer with a plan for correcting the noncompliance. If the noncompliance is not corrected or if a reasonably acceptable correction plan is not established during such period, Customer may terminate this Agreement and receive a refund of any pre-paid but unearned subscription Fees, prorated on a monthly basis, as its sole and exclusive remedy for such noncompliance. This provision does not apply to Customers who use only Free Services.
11.2 For Customers that have purchased Hardware Tokens as part of the Services, Duo Security warrants to Customer only that Hardware Tokens will be free of hidden defects in material and workmanship at the time of sale and for a period of six (6) months thereafter. This warranty is limited to replacement of defective Hardware Tokens. This Hardware Token warranty is Customer’s exclusive remedy for defective Hardware Tokens. This provision does not apply to Customers who use only Free Services.
11.3 EXCEPT AS EXPLICITLY PROVIDED IN THIS SECTION 11, THE SERVICES AND DUO SECURITY CONFIDENTIAL INFORMATION AND ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT ARE PROVIDED “AS-IS,” WITHOUT ANY WARRANTIES OF ANY KIND. DUO SECURITY HEREBY DISCLAIMS FOR ITSELF AND ITS SUPPLIERS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ALL IMPLIED WARRANTIES, TERMS OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PURPOSE OR A PARTICULAR PURPOSE, SATISFACTORY QUALITY, TITLE, AND NON-INFRINGEMENT.
LIMITATION OF LIABILITY
12.1 NOTHING IN THIS AGREEMENT (OR ANY ORDER FORM) SHALL LIMIT OR EXCLUDE EITHER PARTY’S LIABILITY FOR (I) DEATH OR PERSONAL INJURY CAUSED BY ITS NEGLIGENCE, OR THE NEGLIGENCE OF ITS EMPLOYEES, AGENTS OR SUBCONTRACTORS; (II) FRAUD OR FRAUDULENT MISREPRESENTATION; OR (III) ANY OTHER LIABILITY THAT CANNOT BE EXCLUDED OR LIMITED BY LAW.
12.2 SUBJECT TO SECTION 12.1, IN NO EVENT WILL DUO SECURITY OR ITS SUPPLIERS BE LIABLE TO CUSTOMER (OR ANY PERSON CLAIMING UNDER OR THROUGH CUSTOMER) FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OF THE SERVICES OR ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT, THE DELAY OR INABILITY TO USE THE SERVICES OR ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT OR OTHERWISE ARISING FROM THIS AGREEMENT, INCLUDING WITHOUT LIMITATION, (I) LOSS OF REVENUE OR ANTICIPATED PROFITS (WHETHER DIRECT OR INDIRECT) OR (II) LOST BUSINESS OR (III) LOST SALES, WHETHER BASED IN CONTRACT, TORT (INCLUDING ACTIVE AND PASSIVE NEGLIGENCE AND STRICT LIABILITY) BREACH OF STATUTORY DUTY OR OTHERWISE, EVEN IF DUO SECURITY HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES.
12.3 SUBJECT TO SECTION 12.1, THE MAXIMUM LIABILITY OF DUO SECURITY FOR ALL CLAIMS UNDER AN APPLICABLE ORDER FORM, WHETHER BASED IN CONTRACT, TORT (INCLUDING ACTIVE AND PASSIVE NEGLIGENCE AND STRICT LIABILITY) OR OTHERWISE, WILL NOT EXCEED, IN THE AGGREGATE, THE FEES PAID OR TO BE PAID TO DUO SECURITY UNDER SUCH ORDER FORM DURING THE TWELVE MONTH PERIOD ENDING ON THE DATE THAT SUCH CLAIM IS FIRST ASSERTED. THE FOREGOING LIMITATION WILL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.
13.1 Export. Notwithstanding anything else, Customer may not use, or provide to any person or export or re-export or allow the export or re-export of, the Services or any software or anything related thereto or any direct product thereof, in violation of any restrictions, laws or regulations of the United States Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, or any other United States or foreign agency or authority. Each party represents that it is not named on any U.S. government denied-party list. Customer shall not access or use, or permit its Users to access or use, the Services in a U.S. embargoed country.
13.2 Anti-Corruption. Customer agrees that it has not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from any Duo Security employee or agent in connection with this Agreement. If Customer learns of any violation of the above restriction, Customer will promptly notify Duo Security.
14.1 Severability. If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable.
14.2 Assignment. This Agreement is not assignable, transferable or sublicensable by Customer except with Duo Security’s prior written consent, which shall not be unreasonably withheld. Duo Security may transfer and assign any of its rights and obligations under this Agreement with written notice to Customer. This Agreement shall be binding upon and shall inure to the benefit of the parties hereto and their respective permitted successors and permitted assigns.
14.3 Entire Agreement; Amendment. Both parties agree that this Agreement is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of this Agreement, and that all waivers, amendments and modifications must be in a writing signed by both parties and specifically reference the provision of this Agreement being waived, amended or modified, except as otherwise provided herein. No agency, partnership, joint venture, or employment is created as a result of this Agreement and Customer does not have any authority of any kind to bind Duo Security in any respect whatsoever.
14.4 Notices. All notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by e-mail; and upon receipt, if sent by certified or registered mail (return receipt requested), postage prepaid. Duo Security may provide notice using the information provided in the most recent Order Form and Customer may provide notice using the contact information provided on https://www.duo.com.
14.5 Force Majeure. Any delay or failure in the performance of any duties or obligations of either party (except the payment of money owed) will not be considered a breach of this Agreement if such delay or failure is due to a labor dispute, fire, earthquake, flood or any other event beyond the reasonable control of a party, provided that such party promptly notifies the other party thereof and uses reasonable efforts to resume performance as soon as possible.
14.6 Governing Law; Arbitration. This Agreement will be governed by the laws of the State of Michigan, U.S.A. without regard to its conflict of laws provisions. Any dispute arising from or relating to the subject matter of this Agreement shall be finally settled by arbitration in Washtenaw County, Michigan, in accordance with the Streamlined Arbitration Rules and Procedures of Judicial Arbitration and Mediation Services, Inc. (“JAMS”) then in effect, by one commercial arbitrator with substantial experience in resolving intellectual property and commercial contract disputes, who shall be selected from the appropriate list of JAMS arbitrators in accordance with the Streamlined Arbitration Rules and Procedures of JAMS. Judgment upon the award so rendered may be entered in a court having jurisdiction, or application may be made to such court for judicial acceptance of any award and an order of enforcement, as the case may be. Notwithstanding the foregoing, each party shall have the right to institute an action in a court of proper jurisdiction for injunctive or other equitable relief pending a final decision by the arbitrator.
14.7 Venue; Prevailing Party. The federal and state courts sitting in Washtenaw County, Michigan, U.S.A. will have proper and exclusive jurisdiction and venue with respect to any disputes arising from or related to the subject matter of this Agreement. Notwithstanding the foregoing, each party shall have the right to commence and prosecute any action for injunctive relief before any court of competent jurisdiction. In any arbitration, action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover costs and attorneys’ fees.
14.8. Publicity. Customer agrees to participate in press announcements, case studies, trade shows, or other marketing reasonably requested by Duo Security. During the Term and for thirty (30) days thereafter, Customer grants Duo Security the right, free of charge, to use Customer’s name and/or logo, worldwide, to identify Customer as such on Duo Security’s website or other marketing or advertising materials.