Service Terms and Conditions

These Service Terms and Conditions (“Agreement”) constitute a contract between Duo Security LLC with offices at 123 North Ashley Street, Suite #200, Ann Arbor, MI 48104 (“Duo Security”), and you. Duo Security wishes to provide and you wish to have the right to access pursuant to the terms of this Agreement, a subscription service. This Agreement includes and incorporates the webpage Order Form with which you purchased the Services and any subsequent Order Forms (submitted in written or electronic form). By accessing or using the Services, you agree to be bound by this Agreement. If you are entering into this Agreement on behalf of a company, organization or other entity, you represent that you have such authority to bind such entity and are agreeing to this Agreement on behalf of such entity. If you do not have such authority to enter into this Agreement or do not agree with these terms and conditions, you may not use the Services.

1. DEFINITIONS

   1.1 “Applicable Law” means the Data Protection Laws and any other applicable laws, rules and regulations.

   1.2 “Customer” means the customer that has signed up for the Services and agreed to the terms of this Agreement.

   1.3 “Customer Data” means any information or data about Customer or Users (and its and their staff, customers or suppliers, as applicable) that is supplied to Duo Security by or on behalf of Customer or any User in connection with the Services, or which Duo Security is required to access, generate, process, store or transmit pursuant to this Agreement, including (without limitation) information about Customer’s and Users’ respective devices, computers and use of the Services. Customer Data shall not be deemed to include any Performance Data.

   1.4 “Customer Personal Data” means any Customer Data that is personal data (as defined under the applicable Data Protection Laws).

   1.5 “Data Protection Laws” means all data protection and privacy laws, rules and regulations applicable to a party and binding on that party in the performance of its obligations under this Agreement, including, where applicable, EC Directive 2002/58/EC and Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).

   1.6 “Documentation” means guides, instructions, policies and reference materials provided to Customer by Duo Security in connection with the Services, including the documentation located at https://duo.com/docs, which Duo Security may amend from time to time.

   1.7 “Duo Admin Panel” means the web portal currently accessible at https://admin.duosecurity.com, which allows Customer’s internally appointed administrator(s) of the Services to, among other options, enroll and activate Users, issue and manage SMS passcodes and bypass codes, and manage mobile devices (as applicable to the Services set forth on the applicable Order Form).

   1.8 “Duo Mobile Software” means all Duo Security proprietary mobile applications used in providing the Services, and any updates, fixes or patches developed from time to time.

   1.9 “Fees” means the applicable fees as set forth on the Order Form.

   1.10 “Free Services” means those aspects of the Services that are free and do not require payment, such as beta features or functionality or, in the case of a free trial, the Services themselves.

   1.11 “Hardware Tokens” means hardware security tokens purchased by Customer under an Order Form.

   1.12 “Intellectual Property Rights” means all patents, registered designs, unregistered designs, design rights, utility models, semiconductor topography rights, database rights, copyright and other similar statutory rights, trade mark, service mark and any know how relating to algorithms, drawings, tests, reports and procedures, models, manuals, formulae, methods, processes and the like (including applications for any of the preceding rights) or any other intellectual or industrial property rights of whatever nature in each case in any part of the world and whether or not registered or registerable, for the full period and all extensions and renewals where applicable.

   1.13 “Order Form(s)” means the invoice or other forms from Duo Security for the initial order for the Service, and any subsequent invoice or other forms from Duo Security (submitted in written form or online), specifying, among other things, the maximum number of Users, initial Term, purchase of any Hardware Tokens, Fees, Telephony Credits (if any), and such other charges and terms as agreed between the parties.

   1.14 “Payment Schedule” means the schedule selected by Customer for payment of Fees (on either an order webpage or an attached Order Form), which may be either monthly by credit card or annually or multi-year and invoiced in advance, with payment due within thirty (30) days of receipt of invoice.

   1.15 “Performance Data” means any and all aggregate, de-identified data relating to the access or use of the Services by or on behalf of Customer or any User, including any performance, analytics or statistical data, that Duo Security may collect from time to time.

   1.16 “Service Level Agreement” or “SLA” means the description of the availability of the Services located at: https://duo.com/legal/sla.

   1.17 “Services” means the products and services that are ordered by or made available to Customer under a free trial or an Order Form, including, where applicable, the Software, Hardware Tokens and services using only the Duo Mobile Software, and made available online by Duo Security, including associated offline components, as described in the Documentation.

   1.18 “Software” means (i) Duo Security proprietary software (including the Duo Mobile Software), and (ii) open source software used by Duo Security in providing the Services which integrates with Customer’s network or application, including SSL or other VPN, Unix operating system, Microsoft application, or web application, as provided in the Documentation and any updates, fixes or patches developed from time to time.

   1.19 “Telephony Credits” mean credits for Customer’s Users to provide authentication by telephone or SMS.

   1.20 “Term” means the subscription term indicated on the Order Form and any subsequent renewal terms.

   1.21 “User” means any user of the Services whom Customer may authorize to enroll to use the Services under the terms of this Agreement.

2. SERVICES FOR CUSTOMER; DUO SECURITY OBLIGATIONS

   2.1 Subject to and conditioned on Customer’s payment of Fees and full compliance with all other terms and conditions of this Agreement, Duo Security grants Customer and Users a non-exclusive, non-sublicensable, non-transferable license to access and use the Services, along with such Documentation as Duo Security may make available during the Term. Duo Security Services are provided for commercial use only, not for private use.

   2.2 The Services and SLA are subject to modification from time to time at Duo Security’s sole discretion, provided the modifications do not materially diminish the functionality of the Services provided by Duo Security and the Services continue to perform according to the description of the Services specified in Section 2.3 in all material aspects. Customer shall have the right to terminate the Agreement pursuant to Section 10.2 without any penalty if (i) a material modification to the Services or the SLA is made which materially diminishes the functionality of the Services or materially diminishes the SLA, (ii) Duo Security has not obtained Customer’s consent for such modifications and (iii) Duo Security does not provide a remedy in the cure period stated in Section 10.2.

   2.3 Duo Security will make the Services available and the Services will perform substantially in accordance with the description of the services found at https://duo.com/editions-and-pricing. Notwithstanding the foregoing, Duo Security reserves the right to suspend Customer’s (or any User’s) access to the Services immediately (i) in the event that Customer breaches Section 4 or Section 7 of this Agreement, or breaches any other provision of this Agreement and fails to correct that breach within the applicable cure period; or (ii) as it deems reasonably necessary to respond to any actual or potential security or availability concern that may affect customers or Users.

   2.4 Subject to full compliance with the terms and conditions of this Agreement, in the event that Customer earns 15 days of service credits, determined in accordance with the terms of the Service Level Agreement, in each of three consecutive months, Customer may terminate this Agreement and, as its sole and exclusive remedy, receive a refund of any pre-paid subscription Fees paid by Customer to Duo Security for Services not rendered as of the termination date. The SLA shall not apply with respect to Free Services and Duo Security is not obligated to provide support with respect to any Free Services.

3. CUSTOMER RESPONSIBILITIES

   3.1 Customer may only use the Services in accordance with the Documentation and as explicitly set forth in this Agreement. Customer will cooperate with Duo Security in connection with the performance of this Agreement as may be necessary, which may include making available such personnel and information as may be reasonably required to provide the Services or support. Customer is solely responsible for determining whether the Services are sufficient for its purposes, including but not limited to, whether the Services satisfy Customer’s legal and/or regulatory requirements.

   3.2 Customer shall not provide any infringing, offensive, fraudulent or illegal content in connection with the Services, and Customer represents and warrants that any content it provides will not violate any Intellectual Property Rights of any third party. Duo Security reserves the right, in its sole discretion, to delete or disable any content submitted by Customer that may be infringing, offensive, fraudulent or illegal. To view Duo Security's complete copyright dispute policy and learn how to report potentially infringing content, please visit: https://www.cisco.com/c/en/us/about/legal/terms-conditions.html.

   3.3 Use of the Services may require Users to install Duo Mobile Software on their mobile devices, which use shall be subject to this Agreement. Customer’s use of third party products or services that are not licensed to Customer directly by Duo Security (“Third Party Services”) shall be governed solely by the terms and conditions applicable to such Third Party Services, as agreed to between Customer and the third party. Duo Security does not endorse or support, is not responsible for, and disclaims all liability with respect to Third Party Services, including without limitation, the privacy practices, data security processes or other policies related to Third Party Services. Customer agrees to waive any claim against Duo Security with respect to any Third Party Services.

   3.4 Customer acknowledges that the Services will require Users to share with Duo Security certain information which may include personal information regarding Users (such as usernames, Duo Admin Panel passwords, email address and/or phone number) solely for the purposes of providing and improving the Services. Prior to authorizing an individual to become a User, Customer is fully responsible for obtaining the consent of that individual, in accordance with Applicable Law, to the use of his/her information by Duo Security, which use is described in Duo Security’s Services Privacy Notice, located at https://duo.com/legal/privacy-notice-services. Customer represents and warrants that all such consents have been or will be obtained prior to authorizing any individual to become a User.

   3.5 Customer will be fully responsible for Users’ compliance with this Agreement and any breach of this Agreement by a User shall be deemed to be a breach by Customer. Duo Security’s relationship is with Customer and not individual Users or third parties using the Services through Customer, and Customer will address all claims raised by its Users, and third parties using the Services through Customer, directly with Duo Security. Customer must ensure that all third parties that utilize the Services through Customer agree (a) to use the Services in full compliance with this Agreement, and (b) to the extent permitted by Applicable Law, to waive any and all claims directly against Duo Security related to the Services.

4. RESTRICTIONS

   Customer will not, and will not permit any Users nor any third party to: reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas or algorithms of the Services, Software, Hardware Tokens or any data related to the Services (except to the extent such prohibition is contrary to Applicable Law that cannot be excluded by the agreement of the parties); modify, translate, or create derivative works based on the Services or Software; share, rent, lease, loan, resell, sublicense, distribute, use or otherwise transfer the Services or Software for timesharing or service bureau purposes or for any purpose other than its own use, except as expressly provided in an applicable Order Form; or use the Services or Software other than in accordance with this Agreement and in compliance with Applicable Law.

5. PAYMENT OF FEES

   5.1 Customer will pay Duo Security the Fees plus all applicable sales, use and other purchase related taxes (or provide Duo Security with a valid certificate of exemption from the requirement of paying sales, use or other purchase related taxes) in accordance with the Payment Schedule and payment terms set forth on the Order Form. Customer shall be responsible for all taxes related to the Services and this Agreement, exclusive of taxes on Duo Security’s income. Except as otherwise indicated in the applicable Order Form, all fees and expenses shall be in U.S. dollars. Unpaid and due Fees are subject to a finance charge of one percent (1.0%) per month, or the maximum permitted by law, whichever is lower, plus all expenses of collection, including reasonable attorneys’ fees, except to the extent Applicable Law requires a different interest or finance charge calculation for unpaid and due Fees and expenses. In the case of any withholding requirements, Customer will pay any required withholding itself and will not reduce the amount paid to Duo Security on account thereof. If the method of payment is by credit card, Customer agrees to (i) keep Customer’s credit card information updated and (ii) authorize charging Customer’s credit card the Fees when due. Duo Security will not charge Users any fees for their use of the Services or Duo Mobile Software without Customer’s authorization and the Duo Mobile Software can be downloaded by Users free of charge. Users’ carriers or service providers may charge fees for data usage, messaging, phone calls or other services that are required for them to use the Services.

   5.2 Customer’s Order Form will indicate an initial allotment of Telephony Credits, if applicable. Customer may purchase additional Telephony Credits separately via the billing section of the Duo Admin Panel or by contacting a sales representative. U.S. and international rates for telephony can be found at https://duo.com/docs/telephony-credits.

   5.3 If a Customer uses only Free Services, Duo Security will not charge such Customer any Fees for use of such Free Services or download, installation or use of the Software associated with Free Services. Such Customer may discontinue using the Free Services at any time, but must immediately remove any Software from its devices.

   5.4 At any time during the Term, and unless otherwise agreed to in writing by the parties, any increase or overage in the maximum number of Users specified in the Order Form will be treated in accordance with this Section 5.4 (a “Subscription Upgrade”). The maximum number of Users shall be increased as follows:

   For Subscription Upgrades (i) for Customers where the maximum number of Users on the Order Form is fewer than 500 Users, the maximum number of Users will be increased automatically in increments equal to 50 Users, (ii) for Customers where the maximum number of Users on the Order Form is 500 - 1000 Users, the maximum number of Users will be increased automatically in increments equal to 100 Users, and (iii) for Customers where the maximum number of Users on the Order Form is 1001 or greater, the maximum number of Users will be increased automatically in increments equal to 250 Users.

   Duo Security shall invoice Customer for the increase in the maximum number of Users at the subscription rate and payment terms specified in the most recent Order Form, prorated for the remainder of the then applicable subscription Term. For any future subscription Term, the number of Users and applicable Fees will reflect any Subscription Upgrades.

6. CONFIDENTIALITY

   6.1 The term “Confidential Information” means any information disclosed by one party (“Disclosing Party”) to the other party (“Receiving Party”) in any form (written, oral, etc.) that is marked as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of the disclosure, including, without limitation: trade secrets; technology and technical information (intellectual property, inventions, know-how ideas and methods); business, financial and customer information (including Customer Data and Customer Personal Data); pricing, forecasts, strategies and product development plans; and/or the terms of this Agreement. Each party understands that the Disclosing Party has or may disclose Confidential Information in connection with this Agreement, but that Receiving Party shall receive no rights in, or licenses to, such Confidential Information.

   6.2 The Receiving Party agrees: (i) not to disclose Confidential Information to any third person other than those of its employees, contractors, advisors, investors and potential acquirers (“Representatives”) with a need to have access thereto and who have entered into non-disclosure and non-use agreements applicable to the Disclosing Party’s Confidential Information, and (ii) to use such Confidential Information solely as reasonably required in connection with the Services and/or this Agreement. Each party agrees to be responsible for any breach of this Agreement caused by any of its Representatives. The Receiving Party further agrees to take the same security precautions to protect against unauthorized disclosure or unauthorized use of such Confidential Information of the Disclosing Party that the party takes with its own confidential or proprietary information, but in no event will a party apply less than reasonable precautions to protect such Confidential Information. Each party acknowledges that the use of such precautions is not a guarantee against unauthorized disclosure or use. The Disclosing Party agrees that the foregoing will not apply with respect to any information that the Receiving Party can document: (a) is or becomes generally available to the public without any action by, or involvement of, the Receiving Party; or (b) was in its possession or known by it prior to receipt from the Disclosing Party; or (c) was rightfully disclosed to it without restriction by a third party; or (d) was independently developed without use of any Confidential Information of the Disclosing Party. Nothing in this Agreement will prevent the Receiving Party from disclosing Confidential Information as required in response to a request under applicable open records laws or pursuant to any judicial or governmental order, provided that, to the extent permitted by law, the Receiving Party gives the Disclosing Party reasonable prior notice to contest such disclosure. For the avoidance of doubt, Customer acknowledges that Duo Security utilizes the services of, and Customer may request additional services from, certain third parties in connection with Duo Security’s provision of the Services (such as data hosting and telephony service providers and Customer’s Third Party Services providers) and such third parties will have access to Customer’s Confidential Information, including Customer Data in accordance with this Agreement. The parties agree that Performance Data is not Confidential Information and will not be subject to any confidentiality restrictions or obligations.

   6.3 Each party agrees that, upon the written request of the Disclosing Party, the Receiving Party will promptly return to the Disclosing Party, or provide written certification of the destruction of, all Confidential Information of the Disclosing Party, including all Confidential Information contained in internal documents, without retaining any copy, extract or summary of any part thereof. Notwithstanding the foregoing, a Receiving Party may retain copies of Confidential Information solely to the extent necessary for purposes of such party’s ordinary course internal document retention and backup requirements and procedures, provided that such Confidential Information shall remain subject to the terms and conditions of this Agreement for so long as it is retained.

   6.4 Customer acknowledges that Duo Security does not wish to receive any Confidential Information from Customer that is not necessary for Duo Security to perform its obligations under this Agreement, and, unless the parties specifically agree otherwise, Duo Security may reasonably presume that any unrelated information received from Customer is not confidential or Confidential Information, unless such information is marked as “Confidential.”

7. INTELLECTUAL PROPERTY RIGHTS; OWNERSHIP

   Except as expressly set forth herein, Duo Security alone (and its licensors, where applicable) will retain all Intellectual Property Rights relating to the Services or the Software or any suggestions, ideas, enhancement requests, feedback, recommendations or other information provided by Customer or any third party relating to the Services and/or the Software, which are hereby assigned to Duo Security. Customer will not copy, distribute, reproduce or use any of the foregoing except as expressly permitted under this Agreement. As between the parties, Duo Security owns all Performance Data. This Agreement is not a sale and does not convey to Customer any rights of ownership in or related to the Services or Software, or any Intellectual Property Rights.

8. DATA PROTECTION

   8.1 In this Section 8, the terms “personal data,” “data processor,” “data subject,” “process and processing” and “data controller” shall be as defined in the applicable Data Protection Laws. For the purposes of the Data Protection Laws, as between Customer and Duo Security, the parties agree that Customer shall at all times be the data controller and Duo Security shall be the data processor with respect to the processing of Customer Personal Data in connection with Customer’s use of the Services. Solely if and to the extent Duo Security is processing personal data, as defined in the General Data Protection Regulation, that is contained in Customer Data on Customer’s behalf, then the terms of the data processing agreement available at https://duo.com/legal/gdpr-data-protection-addendum shall apply to such processing and are incorporated into this Agreement.

   8.2 Customer may enable integrations between the Services and certain of its Third Party Services (each, an “Integration”). By enabling an Integration between the Services and its Third Party Services, Customer is expressly instructing Duo Security to share the Customer Data necessary to facilitate the Integration. Customer is responsible for providing any and all instructions to the Third Party Service provider about the use and protection of Customer Data. Duo Security and Third Party Service providers are not subprocessors of each other.

   8.3 As the data controller of Customer Personal Data, Customer represents and warrants to Duo Security that its provision of personal data to Duo Security and instructions for processing such personal data in connection with the Services shall comply with all Data Protection Laws.

   8.4 In accordance with applicable Data Protection Laws, Duo Security shall take all commercially reasonable measures to protect the security and confidentiality of Customer Personal Data against any accidental or illicit destruction, alteration or unauthorized access or disclosure to third parties. Duo Security will provide Customer with its security policy, upon request, that sets forth the technical specifications and the detailed measures taken to protect the security and confidentiality of Customer Personal Data.

   8.5 Customer may, upon at least thirty (30) days prior notice, and no more than once per 12 month period, appoint an independent third party auditor to physically inspect and audit, at Customer’s sole cost and expense, any facilities owned or controlled by Duo Security in which Customer Personal Data is processed or stored, provided that such inspection: (i) shall occur on a mutually agreed upon date during Duo Security’s regular business hours; (ii) does not interfere with any of Duo Security’s business operations; and, (iii) does not, in Duo Security’s reasonable discretion, create any risk to the confidentiality, integrity, or availability of any data stored or processed by Duo Security. Prior to any audit, Customer, and any appointed auditor, must enter into a nondisclosure and confidentiality agreement as may be required by Duo Security.

9. INDEMNIFICATION

   For Customers enrolled in one of the editions of Services requiring purchase, Duo Security shall indemnify and hold Customer harmless from liability to third parties resulting from infringement by the Services of any patent or any copyright or misappropriation of any trade secret, provided Duo Security is promptly notified of any and all threats, claims and proceedings related thereto and given reasonable assistance and the opportunity to assume sole control over defense and settlement; Duo Security will not be responsible for any settlement it does not approve. The foregoing obligations do not apply with respect to portions or components of the Services (i) not created by Duo Security, (ii) resulting in whole or in part from Customer specifications, (iii) that are modified after delivery by Duo Security, (iv) combined with other products, processes or materials where the alleged infringement relates to such combination, (v) where Customer continues allegedly infringing activity after being notified thereof or after being informed of modifications that would have avoided the alleged infringement, or (vi) where Customer’s use of Services is not strictly in accordance with this Agreement and all related Documentation. If Duo Security receives information about an actual or alleged infringement or misappropriation claim that would be subject to indemnification rights set forth in this Section 9, Duo Security shall have the option, at its expense, to: (a) modify the Software to be non-infringing; or (b) obtain for Customer a license to continue using the Software. If Duo Security determines it is not commercially reasonable to perform either of the above options, then Duo Security may at its option elect to terminate the license for the Services and refund the unearned portion of any pre-paid subscription Fees, prorated on a monthly basis. THIS SECTION STATES CUSTOMER’S SOLE AND EXCLUSIVE REMEDY FOR INFRINGEMENT, MISAPPROPRIATION AND/OR CLAIMS ALLEGING INFRINGEMENT OR MISAPPROPRIATION. Customer will indemnify Duo Security from all damages, costs, settlements, attorneys’ fees and expenses related to any claim related to Customer’s breach of Section 3 “Customer Responsibilities,” Section 4 “Restrictions,” Section 7 “Intellectual Property Rights; Ownership” or Section 8 “Data Protection.” Duo Security’s obligations under this Section 9 do not apply to Customer’s use of Free Services.

10. TERM; TERMINATION

    10.1 Subject to earlier termination as expressly provided for in this Agreement, the initial Term of this Agreement shall be for the Term specified in the Order Form, or in the event of multiple Order Forms, until the Term of all Order Forms has expired. Each Order Form and this Agreement shall automatically renew after the initial Term and any renewal Term for a renewal Term equal to the expiring subscription Term, unless either party provides to the other at least forty-five (45) days prior written notice that it will not renew. The Fees per User for each renewal Term will be equal to the Fees per User for the immediately prior Term, plus a price increase. Any pricing increase will not exceed seven percent (7%) per year, unless the pricing was designated in the applicable Order Form as promotional or one-time; provided, however, the Fees for each renewal Term shall not exceed the list price as of the start date of such renewal Term.

    10.2 In the event of any material breach of this Agreement by either party (other than Customer’s payment obligations), the non-breaching party may terminate this Agreement prior to the end of the Term by giving thirty (30) days prior written notice to the breaching party; provided, however, that this Agreement will not terminate if the breaching party has cured the breach prior to the expiration of such thirty-day period. If Customer fails to pay any Fees or other amounts in the applicable Order Form in accordance with the Payment Schedule, Duo Security may terminate this Agreement prior to the end of the Term by giving five (5) business days prior written notice to Customer; provided, however, that this Agreement will not terminate if Customer has paid all Fees and other amounts in the applicable Order Form prior to the expiration of such five business-day period.

    10.3 Either party may terminate this Agreement, without notice, (i) upon the institution or if a petition is filed, notice is given, a resolution is passed or an order is made, in each case by or against the other party under Applicable Law relating to insolvency, administration, liquidation, receivership, bankruptcy or any other winding up proceedings, (ii) upon the other party’s making an assignment for the benefit of creditors or making a voluntary arrangement with its creditors, (iii) upon the other party’s dissolution or ceasing, or threatening to cease to do business or (iv) if any event occurs, or proceeding is instituted, with respect to the other party that has the equivalent or similar effect to any of the events mentioned in Section 10.3(i) through (iii). Notwithstanding anything in this Agreement to the contrary, Duo Security may, without penalty or liability and with or without notice, modify or discontinue its provision of Free Services at any time and to the extent Customer is only using Free Services immediately terminate this Agreement.

    10.4 The Sections of this Agreement which by their nature should survive termination or expiration of this Agreement, including but not limited to Sections 3 through 14, will survive termination or expiration of this Agreement. No refund of Fees shall be due in any amount on account of termination by Duo Security pursuant to this Section 10. In the event of termination by Customer pursuant to this Section 10, Customer shall be entitled as its sole and exclusive remedy, to receive a refund of any pre-paid subscription Fees paid by Customer to Duo Security for Services not rendered as of the termination date. When this Agreement expires or terminates, Duo Security shall cease providing the Services to Customer.

11. WARRANTIES AND DISCLAIMER OF ADDITIONAL WARRANTIES

    11.1 For Customers enrolled in one of the editions of Services requiring purchase, Duo Security represents and warrants that it will not knowingly include, in the Services released to Users and provided to Customer hereunder, any computer code or other computer instructions, devices or techniques, including without limitation those known as viruses, disabling devices, trojans, or time bombs, that intentionally disrupt, disable, harm, infect, defraud, damage, or otherwise impede in any manner, the operation of a network, computer program or computer system or any component thereof, including its security or User data. If, at any time, Duo Security fails to comply with the warranty in this Section 11.1, Customer may promptly notify Duo Security in writing of any such noncompliance. Duo Security will, within thirty (30) days of receipt of such written notification, either correct the noncompliance or provide Customer with a plan for correcting the noncompliance. If the noncompliance is not corrected or if a reasonably acceptable correction plan is not established during such period, Customer may terminate this Agreement and receive a refund of any pre-paid but unearned subscription Fees, prorated on a monthly basis, as its sole and exclusive remedy for such noncompliance. This provision does not apply to Customer’s use of Free Services.

    11.2 For Customers that have purchased Hardware Tokens as part of the Services, Duo Security warrants to Customer only that Hardware Tokens will be free of hidden defects in material and workmanship at the time of sale and for a period of six (6) months thereafter. This warranty is limited to replacement of defective Hardware Tokens. This Hardware Token warranty is Customer’s exclusive remedy for defective Hardware Tokens. This provision does not apply to Customers who use only Free Services.

    11.3 EXCEPT AS EXPLICITLY PROVIDED IN THIS SECTION 11, THE SERVICES AND DUO SECURITY CONFIDENTIAL INFORMATION AND ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT ARE PROVIDED “AS-IS,” WITHOUT ANY WARRANTIES OF ANY KIND. DUO SECURITY HEREBY DISCLAIMS FOR ITSELF AND ITS SUPPLIERS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ALL IMPLIED WARRANTIES, TERMS OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SATISFACTORY QUALITY, TITLE, AND NON-INFRINGEMENT.

12. LIMITATION OF LIABILITY

    12.1 NOTHING IN THIS AGREEMENT (OR ANY ORDER FORM) SHALL LIMIT OR EXCLUDE EITHER PARTY’S LIABILITY FOR (I) DEATH OR PERSONAL INJURY CAUSED BY ITS NEGLIGENCE, OR THE NEGLIGENCE OF ITS EMPLOYEES, AGENTS OR SUBCONTRACTORS; (II) FRAUD OR FRAUDULENT MISREPRESENTATION; (III) ITS INDEMNIFICATION OBLIGATIONS; (IV) BREACH OF SECTION 4 “RESTRICTIONS,” SECTION 5 “PAYMENT OF FEES,” OR SECTION 7 “INTELLECTUAL PROPERTY RIGHTS; OWNERSHIP” OR (V) ANY OTHER LIABILITY THAT CANNOT BE EXCLUDED OR LIMITED BY LAW.

    12.2 SUBJECT TO SECTION 12.1, IN NO EVENT WILL EITHER PARTY OR THEIR SUPPLIERS BE LIABLE TO THE OTHER PARTY (OR ANY PERSON CLAIMING THROUGH SUCH PARTY) FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OF THE SERVICES OR ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT, THE DELAY OR INABILITY TO USE THE SERVICES OR ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT OR OTHERWISE ARISING FROM THIS AGREEMENT, INCLUDING WITHOUT LIMITATION, (I) LOSS OF REVENUE OR ANTICIPATED PROFITS (WHETHER DIRECT OR INDIRECT) OR (II) LOST BUSINESS OR (III) LOST SALES, WHETHER BASED IN CONTRACT, TORT (INCLUDING ACTIVE AND PASSIVE NEGLIGENCE AND STRICT LIABILITY) BREACH OF STATUTORY DUTY OR OTHERWISE, EVEN IF THE OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES.

    12.3 SUBJECT TO SECTION 12.1, THE MAXIMUM LIABILITY OF EITHER PARTY OR THEIR SUPPLIERS FOR ANY AND ALL CLAIMS UNDER AN APPLICABLE ORDER FORM, WHETHER BASED IN CONTRACT, TORT (INCLUDING ACTIVE AND PASSIVE NEGLIGENCE AND STRICT LIABILITY) OR OTHERWISE, WILL NOT EXCEED, IN THE AGGREGATE, THE FEES PAID OR TO BE PAID TO DUO SECURITY UNDER SUCH ORDER FORM DURING THE TWELVE MONTH PERIOD ENDING ON THE DATE THAT SUCH CLAIM IS FIRST ASSERTED. THE FOREGOING LIMITATION WILL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.

13. GOVERNMENT MATTERS

    13.1 Export. Notwithstanding anything else in this Agreement, Customer may not use, or provide to any person or export or re-export or allow the export or re-export of, the Services or anything related thereto or any direct product thereof, in violation of any restrictions, laws or regulations of the United States Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, or any other United States or foreign agency or authority. Each party represents that it is not named on any U.S. government denied-party list. Customer and Users shall not access or use the Services in a U.S. embargoed country.

    13.2 Anti-Corruption. Customer agrees that it has not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from any Duo Security employee or agent in connection with this Agreement. If Customer learns of any violation of the above restriction, Customer will promptly notify Duo Security.

    13.3 Commercial Software. The Services (including the Software) are “commercial items” as that term is defined at FAR 2.101. If acquired by or on behalf of any Executive Agency (other than an agency within the Department of Defense (DoD), the Government acquires, in accordance with FAR 12.211 (Technical Data) and FAR 12.212 (Computer Software), only those rights in technical data and software customarily provided to the public as defined in this Agreement. If acquired by or on behalf of any Executive Agency within the DoD, the Government acquires, in accordance with DFARS 227.7202-3 (Rights in commercial computer software or commercial computer software documentation), only those rights in technical data and software customarily provided in this Agreement. In addition, DFARS 252.227-7015 (Technical Data – Commercial Items) applies to technical data acquired by DoD agencies. Any Federal Legislative or Judicial Agency shall obtain only those rights in technical data and software customarily provided to the public as defined in this Agreement. This Section 13.3 is in lieu of, and supersedes, any other FAR, DFARS, DEAR or other clause, provision, or supplemental regulation that addresses Government rights in computer software or technical data under this Agreement. Capitalized terms used in this Section are defined in the applicable FAR or DFARs.

14. MISCELLANEOUS

    14.1 Severability. If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable.

    14.2 Assignment. This Agreement is not assignable, transferable or sublicensable by Customer except with Duo Security’s prior written consent, which shall not be unreasonably withheld. Duo Security may transfer and assign any of its rights and obligations under this Agreement. This Agreement shall be binding upon and shall inure to the benefit of the parties hereto and their respective permitted successors and permitted assigns.

    14.3 No Third Party Beneficiaries. Nothing in this Agreement shall confer, or is intended to confer, on any third party any benefit or the right to enforce any term of this Agreement. No entities other than Duo Security and Customer may terminate, rescind or agree to any modification, waiver or settlement with respect to this Agreement.

    14.4 Entire Agreement; Amendment. Both parties agree that this Agreement is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of this Agreement. All waivers, amendments and modifications must be in writing signed by the party against whom the waiver, amendment or modification is to be enforced; however, there will be no force or effect given to any different or additional terms contained in any purchase order or other vendor form issued by Customer, even if signed by Duo Security after the date hereof. No agency, partnership, joint venture, or employment is created as a result of this Agreement and Customer does not have any authority of any kind to bind Duo Security in any respect whatsoever.

    14.5 Notices. All notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by e-mail; and upon receipt, if sent by certified or registered mail (return receipt requested), postage prepaid. Duo Security may provide notice using the information provided in the most recent Order Form and Customer may provide notice using the contact information provided on https://www.duo.com.

    14.6 Force Majeure. Any delay or failure in the performance of any duties or obligations of either party (except the payment of money owed) will not be considered a breach of this Agreement if such delay or failure is due to a labor dispute, fire, earthquake, flood or any other event beyond the reasonable control of a party, provided that such party promptly notifies the other party thereof and uses reasonable efforts to resume performance as soon as possible.

    14.7 Governing Law; Arbitration. This Agreement will be governed by the laws of the State of Michigan, U.S.A. without regard to its conflict of laws provisions. Any dispute arising from or relating to the subject matter of this Agreement shall be finally settled by arbitration in Washtenaw County, Michigan, in accordance with the Streamlined Arbitration Rules and Procedures of Judicial Arbitration and Mediation Services, Inc. (“JAMS”) then in effect, by one commercial arbitrator with substantial experience in resolving intellectual property and commercial contract disputes, who shall be selected from the appropriate list of JAMS arbitrators in accordance with the Streamlined Arbitration Rules and Procedures of JAMS. Judgment upon the award so rendered may be entered in a court having jurisdiction, or application may be made to such court for judicial acceptance of any award and an order of enforcement, as the case may be. Notwithstanding the foregoing, each party shall have the right to institute an action in a court of proper jurisdiction for injunctive or other equitable relief pending a final decision by the arbitrator.

    14.8 Venue; Prevailing Party. The federal and state courts sitting in Washtenaw County, Michigan, U.S.A. will have proper and exclusive jurisdiction and venue with respect to any disputes arising from or related to the subject matter of this Agreement. Notwithstanding the foregoing, each party shall have the right to commence and prosecute any action for injunctive relief before any court of competent jurisdiction. In any arbitration, action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover costs and attorneys’ fees.

    14.9 Publicity. Customer agrees to participate in press announcements, customer stories, trade shows, or other marketing reasonably requested by Duo Security. During the Term and for thirty (30) days thereafter, Customer grants Duo Security the right, free of charge, to use Customer’s name and/or logo, worldwide, to identify Customer as such on Duo Security’s website or other marketing or advertising materials.