1. DEFINITIONS. Unless otherwise indicated in this Agreement, the following terms, when capitalized, shall have the following meaning: “Professional Services” means, as applicable, Professional Services and Maintenance and Support Services. “Channel Partner” means, as applicable, the authorized reseller, distributor, or other authorized third party that markets and sells the Products. “Cloud Services” means the Web-based application services made generally available by Blueshift on a subscription basis and identified on the applicable Order. “Customer” means the authorized party executing this Agreement and to the extent specified on any Order hereunder its affiliates (including parents, subsidiaries and other entities controlling or under common control with any of such entities) or its authorized third party service providers; provided however, that, in each case, Customer shall be solely responsible for ensuring compliance with the applicable terms and conditions of the Agreement and Customer shall remain liable for any breach of such terms and conditions by its affiliates and third party service providers. “Customer Data” means all Customer-specific and Customer-identifiable data submitted to or collected by the Products by or on behalf of Customer. “Delivery” means the date Blueshift provides access to the keys to Customer for On-Premise Software, or the date Blueshift provides Customer with log-in access to the Cloud Services. “Documentation” means, as applicable, the functional specifications, user guides, “help” pages, installation instructions, descriptions or technical requirements created and provided by Blueshift generally to its customers, either in documentary form or via Product information websites. “Endpoint” means all Customer device(s) on which the Endpoint Software (defined below) is installed and in accordance with the Documentation, including, but not limited to, laptops, desktops, tablets, point of sale devices and servers. “Feedback” means suggestions, enhancement requests, recommendations or other input provided to Blueshift regarding the Products. “Fees” means amounts payable for the Products to which the Customer subscribes under this Agreement. “Maintenance and Support Services” means the maintenance and support services detailed in the Blueshift Maintenance and Support Policy located on the Policies Page (defined below). “On-Premise Software” means: (i) Blueshift’s proprietary software products as specified on Order(s); and/or (ii) Blueshift’s proprietary endpoint software required for use with certain Products, and which is installed on Customer Endpoints (“Endpoint Software”). “Order” means an order form issued by Customer for the purchase of the applicable Products, or a Customer or Channel Partner purchase order, as applicable. “Policies” means the policies and documents applicable to Blueshift and the Products, that are located at the following URL: https://www.blueshiftcyber.com/policies (“Policies Page”). “Product Addendum” means the product addendum attached hereto as Exhibit 1 and incorporated herein by reference, which contains product-specific terms and conditions. “Product(s)” means, as applicable, the Cloud Services, On-Premise Software, and Professional Services, as applicable, to which Customer subscribes under this Agreement. “Professional Services” means, if applicable, training, implementation or Product-related services specified on the Order(s) or detailed in a Statement of Work. “Subscription Term” means the period of time Customer is authorized to use Products, as identified on an Order. “Statement of Work” means, if applicable, any written, mutually signed work statement that references this Agreement or an Order and which details activities and terms relating to Professional Services.

1. 1. Orders. Customer shall place Orders directly with Blueshift or with a Channel Partner. The terms relating to Fees, taxes and payment terms detailed in this Section 2 apply solely to Orders placed directly with Blueshift. Corresponding terms for Orders placed with a Channel Partner shall be agreed to by and between Customer and such Channel Partner.  
   2. Fees. The Fees for Products shall be set forth in the Order. All Fees paid hereunder are non-refundable, except as may be otherwise expressly provided in this Agreement.
   3. Taxes. The Fees do not include applicable taxes. Customer will reimburse Blueshift for all sales, use, excise, value-added tax (VAT), goods and services tax (GST), or other taxes, levies, duties, or withholdings Blueshift is required to collect or remit to applicable tax authorities (except for any taxes based on Blueshift’s net income). In the event that Customer has to withhold any taxes on payments to Blueshift, Customer shall gross up the amounts payable to Blueshift so that following such payment and tax withholding, Blueshift receives the Fees in full.
   4. Payment Terms. The Fees for each Order are payable net fifteen (15) calendar days from the date the invoice is received by Customer, unless otherwise specified in the applicable Order. Unless otherwise agreed to in writing by Blueshift or the Channel Partner, all payments hereunder shall made in U.S. dollars and are free from all setoffs.

1. 1. Privacy and Security. As further described in Blueshift’s Privacy Policy, which is located on the Policies Page, Blueshift will take commercially reasonable and appropriate technical and organizational measures designed to protect Customer Data against unauthorized access, accidental loss or damage, and unauthorized destruction. The security provided by Blueshift shall be in accordance with Blueshift’s information security policies included on the Policies Page and good industry practices relating to the protection of the type of data typically processed by Blueshift. Blueshift’s European Union General Data Protection Regulation Policy is located on the Policies Page.
   2. Data Processing. The parties acknowledge that Customer Data may contain non-public personal information and personal data (and any other data by which a natural person may be identified, regardless of the term therefor defined under applicable data protection laws) and Blueshift shall process such data in compliance with applicable privacy and security laws, and in accordance with this Agreement. Customer hereby consents to Blueshift’s processing of Customer Data, including personal data, for the purposes of carrying out its obligations under this Agreement, and for other lawful purposes in accordance with applicable laws and regulations. Customer is responsible for obtaining any required consents from individual data subjects relating to the use of the Products.
   3. Disclosure of Personal Data. Blueshift will not disclose Customer Data outside of Blueshift or its controlled subsidiaries except: (i) as Customer directs; (ii) as described in this Agreement; or (iii) as required by law. The Product may include optional functionality provided by third party processors. In the event Customer chooses to utilize such functionality, Customer will be provided advance notification in the Product of the processing details. Following such notification, Customer may choose to: (a) refrain from utilizing the applicable functionality, in which case such processing will not occur; or (b) proceed with the functionality, in which case Blueshift will be authorized to process in accordance with the details provided. Blueshift is responsible for its third party processor compliance with Blueshift’s obligations in the Agreement and shall ensure that such third parties are bound by written agreements that require them to provide at least the level of data protection required of Blueshift by the Agreement.
   4. Threat Intelligence Data Collection. Certain Blueshift Products may collect data relating to malicious or potentially malicious code, attacks, and activities on Customer Endpoints (“Threat Intelligence Data”). Threat Intelligence Data is collected by Blueshift for analysis and possible inclusion in a threat intelligence feed utilized by certain Products. Prior to inclusion in any threat intelligence feed, Threat Intelligence Data will be: (i) reduced to a unique file hash or to queries or general behavioral descriptions that can be used to identify the same or similar malicious or potentially malicious code in Customer’s systems and other Blueshift customer systems; and/or (ii) be anonymized and made un-attributable to any particular Customer or individual. Blueshift may distribute Threat Intelligence Data to its customers at its discretion as part of its threat intelligence data feed. Customer agrees that Threat Intelligence Data is not Customer Data, and Blueshift may retain, use, copy, modify, distribute, and display the Threat Intelligence Data for its business purposes, including without limitation for developing, enhancing, and supporting products and services, and for use in its threat intelligence feed.

1. 1. Rights in Blueshift Products. Blueshift reserves all rights to the Products and all intellectual property relating thereto not specifically granted in this Agreement. All Products under this Agreement are provided under subscription and not sold and shall remain the sole and exclusive property of Blueshift.
   2. Feedback. If Customer or any users provide Blueshift with any Feedback, Blueshift may use and benefit from such Feedback at its discretion without attribution of any kind. All Feedback is provided by Customer without warranties. Customer shall have no obligation to provide Feedback.  
   3. Rights in Customer Data. As between Customer and Blueshift, except as otherwise set forth in this Agreement, all right, title and interest in and to the Customer Data is owned exclusively by Customer.     
   4. Customer Restrictions. Except as may otherwise be explicitly provided for in this Agreement, Customer shall not, and shall take reasonable steps to ensure its Administrative Users (defined below) do not: (i) sell, transfer, rent, copy (other than for archival or backup purposes), reverse engineer (except as allowed by and in compliance with applicable law), reverse compile, modify, tamper with, or create derivative works of the Products, (ii) use the Products to operate a service bureau, outsourcing, sublicensing, or similar business for the benefit of third parties; (iii) use the Products other than in connection with Customer’s internal business; (iv) remove any copyright and trademark notices incorporated by Blueshift in the Products; (v) cause or permit others to access or use the Products in order to build or support, and/or assist a third party in building or supporting, software or services competitive to Blueshift; (vi) perform or disclose any of the following security testing on the Products (including any Cloud Services environment or associated infrastructure): network discovery, port and service identification, vulnerability scanning, password cracking, remote access testing or penetration testing; or (vii) use the Products to: (a) perform any activity that is unlawful, or that interferes with any use of the Products or the network, systems and/or facilities of Blueshift or its service providers; (b) store, process, publish or transmit any infringing or unlawful material, or material that constitutes a violation of any party’s privacy, intellectual property or other rights; or (c) perform any activity intended to circumvent the security measures of Blueshift or its service providers. Customer is responsible for all administrative access by its personnel and, if applicable, its service providers (“Administrative Users”) through its login credentials, for controlling against unauthorized access, and for maintaining the confidentiality of usernames and passwords. If Customer becomes aware of any breach of this Section 4.4, Customer will notify Blueshift and remedy the situation immediately, including, if necessary, limiting, suspending, or terminating an Administrative User’s access to the Products.

1. 1. Mutual Representation and Warranties. Each party represents and warrants to the other that: (i) it has the legal right and authority to enter into this Agreement and perform its obligations hereunder; and (ii) it will not introduce into the Products any virus, worm, Trojan horse, time bomb, or other malicious or harmful code (excluding, however, any legitimate mechanism to disable operation of the Products after the expiration of a Subscription Term).
   2. Threat Intelligence Feeds. The  information provided via any threat intelligence feed is provided on an “AS-IS” and “AS-AVAILABLE” basis only.
   3. Endpoint Software. For Products that utilize Endpoint Software, Blueshift warrants that the Endpoint Software will conform in all material respects to the specifications detailed in the Documentation at the time of Delivery and, if Customer is entitled to receive Maintenance and Support Services, any Updates provided for the Endpoint Software will be compatible with the then-current Cloud Services or version of On-Premise Software, as applicable.
   4. Professional Services Limited Warranty. Blueshift warrants that the Professional Services will be performed in a professional and workmanlike manner consistent with industry standards for similar types of services. For any breach of the foregoing limited warranty, Customer’s exclusive remedy shall be to terminate the applicable Professional Services and receive and refund any prepaid but unused Fees applicable to the non-compliant Professional Services.  
   5. Blueshift Products. The warranty for specific Blueshift Products is detailed in the Product Addendum. The limitation on warranties in Section 5.6 below, the exclusion of certain warranties in Section 5.7 below, and the disclaimer of actions set forth in Section 5.8 below, also apply to any warranties set forth in the Product Addendum.

1. 1. Mutual Representation and Warranties. Each party represents and warrants to the other that: (i) it has the legal right and authority to enter into this Agreement and perform its obligations hereunder; and (ii) it will not introduce into the Products any virus, worm, Trojan horse, time bomb, or other malicious or harmful code (excluding, however, any legitimate mechanism to disable operation of the Products after the expiration of a Subscription Term).
   2. Threat Intelligence Feeds. The  information provided via any threat intelligence feed is provided on an “AS-IS” and “AS-AVAILABLE” basis only.
   3. Endpoint Software. For Products that utilize Endpoint Software, Blueshift warrants that the Endpoint Software will conform in all material respects to the specifications detailed in the Documentation at the time of Delivery and, if Customer is entitled to receive Maintenance and Support Services, any Updates provided for the Endpoint Software will be compatible with the then-current Cloud Services or version of On-Premise Software, as applicable.
   4. Professional Services Limited Warranty. Blueshift warrants that the Professional Services will be performed in a professional and workmanlike manner consistent with industry standards for similar types of services. For any breach of the foregoing limited warranty, Customer’s exclusive remedy shall be to terminate the applicable Professional Services and receive and refund any prepaid but unused Fees applicable to the non-compliant Professional Services.  
   5. Blueshift Products. The warranty for specific Blueshift Products is detailed in the Product Addendum. The limitation on warranties in Section 5.6 below, the exclusion of certain warranties in Section 5.7 below, and the disclaimer of actions set forth in Section 5.8 below, also apply to any warranties set forth in the Product Addendum.
   6. LIMITATION ON WARRANTIES. Blueshift warranties are for the benefit of Customer only and are void if: (i) the Products are integrated by Customer with third party products, unless integrated in accordance with the applicable Documentation; (ii) the Products are altered by anyone other than Blueshift or an authorized representative of Blueshift; (iii) the Products are improperly installed, maintained or accessed by anyone other than Blueshift or an authorized representative of Blueshift; (iv) Customer is utilizing a version of the On-Premise Software no longer supported by Blueshift; or (v) the Products are used in violation of the applicable Documentation or Blueshift’s instructions or this Agreement.
   7. EXCLUSION OF CERTAIN WARRANTIES. Except for warranties detailed in the Product Addendum, the foregoing warranties are in lieu of and exclude all other express and implied warranties, including but not limited to, warranties of merchantability, title, fitness for a particular purpose, non-infringement, error free operation or non-intrusion due to hacking or other similar means of unauthorized access. No written or oral representation, made by Blueshift personnel or otherwise, which is not contained in this Agreement, will be deemed to be a warranty by Blueshift or give rise to any liability of Blueshift whatsoever. Customer acknowledges that it is impossible under any available technology for any products to identify and eliminate all malware or potential threats.
   8. DISCLAIMER OF ACTIONS CAUSED BY AND/OR UNDER THE CONTROL OF THIRD PARTIES. Blueshift does not and cannot control the flow of data to or from Blueshift’s network and other portions of the internet, and accordingly Blueshift disclaims any and all warranties and liabilities resulting from or related to a failure in the performance of internet services provided or controlled by a third party other than any contractor or agent of Blueshift hereunder.

1. 1. NO CONSEQUENTIAL DAMAGES. Except for in relation to: (i) a breach of Section 9 (Confidentiality); (ii) a party’s violation of the other party’s intellectual property rights; or (iii) a party’s indemnification obligation in this Agreement; notwithstanding any provision of this Agreement to the contrary, in no event shall either party or its suppliers, officers, directors, employees, agents, shareholders, or contractors (“Related Parties”) be liable to the other party for consequential, incidental, special, punitive or exemplary damages (including but not limited to lost revenues, profits or data, or costs of business interruptions other economic loss) arising from or in connection with any cause including but not limited to breach of warranty, breach of contract, tort, strict liability, failure of essential purpose or any other economic losses, even if the other party is advised of the possibility of such damages.
   2. LIMIT ON LIABILITY. Except for liability arising from: (i) a breach of Section 9 (Confidentiality) below; (ii) a party’s violation of the other party’s intellectual property rights; (iii) a party’s indemnification obligation in this Agreement; or (iv) a party’s fraud, willful misconduct or violation of Section 10.9; the maximum cumulative liability of a party and its related parties for any and all claims in connection with this Agreement or the subject matter hereof, including but not limited to claims for breach of warranty, breach of contract, tort, strict liability, failure of essential purpose or otherwise, shall in no circumstance exceed the fees paid to Blueshift for the applicable Product(s) giving rise to the liability in the twelve (12) month period immediately preceding the applicable claim.

1. 1. Whitelist Management and Blueshift Protect 

      Whitelisting is a cybersecurity technique whereby users can only take actions on their computer authorized by an administrator. Blueshift XDR’s Managed Whitelisting provides an optimal user experience in that functions and access are automatically limited to safe content. Blueshift Protect’s architecture utilizes elements from both architectures but implements an overall default-deny defense. Blueshift XDR’s implementation of managed whitelisting constantly monitors your system processes and blocks them at the endpoint until they’re validated.

      Whitelist Management Related CMMC Domains:

      Access Control (AC)
      Audit and Accountability (AU)
      Configuration Management (CM)
      Media Protection (MP)
      Risk Assessment (RM)
      System and Information Integrity (SI)

1. Blueshift shall: (i) defend and indemnify Customer and its officers, directors, employees and agents from and against all claims and causes of action arising out of an allegation that the Products (hereinafter the “Indemnified Product[s]”) infringe a third party copyright, trademark, patent, or other intellectual property right; and (ii) pay the resulting cost and damages finally awarded against Customer by a court of competent jurisdiction or the amount stated in a written settlement signed by Blueshift, as long as Customer gives Blueshift: (a) prompt written notice of such claim or action; (b) the right to control and direct the investigation, preparation, defense, and settlement of the action; and (c) reasonable assistance and information with respect to the claim or action. If a final injunction is obtained against Customer’s right to continue using the Indemnified Product or, if in Blueshift’s opinion an Indemnified Product is likely to become the subject of a claim, then Blueshift may, at its election, either: (1) obtain the right for Customer to continue to use the Indemnified Product; or (2) replace or modify the Indemnified Product so that it no longer infringes but functions in a materially equivalent manner. If Blueshift determines that neither of these alternatives is reasonably available, then Blueshift may terminate this Agreement and refund any prepaid unused Fees applicable to the infringing Indemnified Product. This section shall not apply to infringement or misappropriation claims arising in whole or in part from: (A) designs, specifications or modifications originated or requested by Customer; (B) the combination of the Indemnified Products or any part thereof with other equipment, software or products not supplied by Blueshift if such infringement or misappropriation would not have occurred but for such combination; or (C) Customer’s failure to install an update or upgrade, where same would have avoided such claim. THE FOREGOING STATES BLUESHIFT’S ENTIRE OBLIGATION AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY FOR ACTUAL OR POTENTIAL THIRD PARTY INFRINGEMENT CLAIMS OR CAUSES OF ACTION.

1. 1. Termination for Cause. Either party may terminate this Agreement or an individual Order if the other party: (i) fails to cure a material breach of this Agreement or the applicable Order within thirty (30) calendar days after its receipt of written notice regarding such breach; or (ii) files or acquiesces to a bankruptcy or similar petition. Termination of the entire Agreement shall be deemed to include termination of any and all active Orders.
   2. Effect of Termination. Upon the effective date of termination of the Agreement or an Order for any reason: (i) Blueshift will immediately cease providing the applicable Cloud Services and/or Professional Services; (ii) Customer will immediately cease use of any On-Premise Software and Blueshift-supplied Hardware and remove such On-Premise Software from its systems; and (iii) any and all of Customer’s current and, in the case of termination for cause by Blueshift, future payment obligations under this Agreement immediately become due. In the event of termination for cause by Customer, Blueshift will refund any prepaid, unused Fees pro rata from the date of termination.  Upon termination of this Agreement or an Order for any reason, Customer agrees to promptly return all hardware supplied by Blueshift or its agents to Customer under this Agreement, including but not limited to all Ingress/Egress, Analysis/Storage Edge Nodes, PCAP Edge Nodes (individually “Node,” collectively “Nodes”), and any other Blueshift supplied hardware, which the Parties agree are the sole property of Blueshift.  Such hardware will be returned to Blueshift at Customer’s expense, to a U.S.-based location specified by Blueshift within fifteen (15) days of such termination, using a nationally or internationally recognized shipping company, as applicable, and will include shipping insurance for the full un-depreciated value of such hardware.  Any taxes, duties, custom fees, or any other costs associated with such return shipment(s) shall be paid for by Customer.  In addition, upon termination for any reason, Blueshift shall, upon request by Customer, promptly destroy or delete all customer data remaining on above mentioned returned Nodes in the possession of Blueshift within thirty (30) days following receipt of said returned Nodes.

1. 1. Confidential Information. As used in this Agreement, “Confidential Information” means all information of either party that is not generally known to the public, whether of a technical, business or other nature, that is disclosed by one party to the other party or that is otherwise learned by the recipient in the course of its activities with the disclosing party, and that has been identified as being proprietary and/or confidential or that the recipient reasonably ought to know should be treated as proprietary and/or confidential under the circumstances of disclosure. Confidential Information of Blueshift also includes the terms, conditions, and pricing of this Agreement, and the results of any benchmarking, testing, or competitive evaluations Customer performs on the Products. Each party shall use reasonable care to hold the other party’s Confidential Information in confidence and not disclose such Confidential Information to anyone other than to its personnel, contractors, attorneys, and accountants with a need to know. A recipient shall not reproduce or use such information for any purpose other than as reasonably required to perform pursuant to this Agreement or as reasonably necessary for use of the Products as contemplated by this Agreement. Either party may disclose the existence and nature of the relationship between the parties established hereby, provided it does not disclose any of the specific terms of such relationship.
   2. Exceptions. The obligations of either party pursuant to this Section 9 shall not extend to any information that: (i) recipient can demonstrate through written documentation was already known to the recipient prior to its disclosure to the recipient; (ii) was or becomes known or generally available to the public (other than by act of the recipient); (iii) is disclosed or made available in writing to the recipient by a third party having a bona fide right to do so; (iv) is independently developed by recipient without the use of any Confidential Information; or (v) is required to be disclosed by process of law, provided that the recipient shall notify the disclosing party promptly upon any request or demand for such disclosure.
   3. Injunctive Relief. The parties acknowledge that any breach of this Section 9 may cause immediate and irreparable injury to the non-breaching party for which monetary damages may be inadequate, and in the event of such breach, the non-breaching party shall be entitled to seek injunctive relief, in addition to all other remedies available to it at law or in equity.

This subsection sets out the terms and conditions between Blueshift and Customer for the use of Blueshift’s Extended Detection and Response (XDR) service with respect to Customer-Initiated Penetration Test services (“PenTest,” “PenTests,” “PenTesting”). This subsection specifically addresses the conditions under which PenTests are to be conducted, monitored, and reported pursuant to the Blueshift provided cybersecurity service.

Notification Requirement:

While Blueshift encourages all customers to undergo annual penetration testing, it’s imperative to outline proper procedures and expectations, as the additional labor allocated by the Blueshift Security Operations Center (“SOC”) during and after a penetration test is burdensome and detrimental to Blueshift’s normal operations. Prior to initiating any PenTest that interacts with Blueshift’s XDR service or infrastructure, Customer agrees to provide written notice to Blueshift’s SOC at least forty-eight (48) hours in advance of the scheduled start time of said PenTest. This notification is intended to allow Blueshift to prepare and monitor the test environment, and to allocate adequate resources to ensure the safety and integrity of its systems, the XDR service, and its entire customer base.

SOC Monitoring and Response:

Upon receiving notice from Customer, Blueshift’s SOC will monitor the PenTest activities for any actions that could potentially impact the stability or security of Blueshift’s XDR service or infrastructure. If the SOC detects a PenTest is being conducted without prior notification as required in Section 1, the SOC will promptly notify Customer of the unauthorized testing activity.

Non-Alerting of PenTest Activities:

Should Customer fail to provide the abovementioned 48-hour notification, Blueshift shall not be responsible for providing further alerts or notifications regarding the PenTest activities. Customer acknowledges and agrees that upon detection of an unauthorized PenTest, the sole responsibility of Blueshift will be to inform Customer of the detection, after which no further communication on this matter will be initiated by Blueshift unless specifically requested by Customer in writing.

Request for Alerts and Reports:

In the event that Customer chooses to be alerted on PenTesting activities or requests reports generated by the SOC during or post-PenTest activities, such services shall be considered outside the scope of Blueshift provided services under this Agreement with Customer.  Customer agrees that it will be billed the rate of $500 USD per hour, or any fraction thereof, for any time spent by Blueshift’s SOC to provide forensic services related to during or post PenTest. These charges will be invoiced separately and are due upon receipt of the service, net fifteen (15) days.

Acknowledgment and Consent:

By initiating a PenTest, Customer acknowledges and consents to the terms outlined in this subsection. Customer agrees that all PenTesting activities are at their own risk and that Blueshift shall not be liable for any disruptions, damages, or other negative consequences without limitation resulting from such activities.

Acceptance:

Customer’s decision to proceed with a PenTest following the requirements set forth in this subsection signifies their acceptance of these terms and conditions. Failure to comply with the notification requirement as outlined above in Customer being responsible for any costs associated with additional services as detailed herein.

This subsection regarding data transfer sets out the terms and conditions for the use of Blueshift’s managed cybersecurity service concerning the transfer of specific data from Customer’s IT environment to external systems, including but not limited to Dashboarding and Artificial Intelligence (“AI”) systems, under Blueshift’s control.

Blueshift Customer Agreement for Data Transfer

• Purpose: This Customer Agreement for Data Transfer (‘Data Transfer Agreement’)  sets forth the terms and conditions under which Customer agrees to have specific data from its environment sent to external systems managed by Blueshift.
  
  This Data Transfer Agreement outlines the agreed-upon procedure by the parties for the secure and efficient handling of the abovementioned Customer-critical data by Blueshift.  The parties agree that the ability to analyze and respond to security incidents in real time is paramount in today’s digital landscape, where cyber threats are increasingly sophisticated. Blueshift provides a robust and proactive approach to safeguarding Customer’s IT environment by leveraging external systems for advanced analytics, AI, and threat intelligence.

• Data Collection & Transfer:  Customer agrees to allow Blueshift to collect and transfer the following types of data from Customer’s IT environment:
  • Alerts
  • Logs
  • Vulnerability data
  • Host data (IP addresses, Names, System information, Software Information)
  • Network data

     

This data will be sent to external systems managed by Blueshift, which the parties agree is critical for comprehensive monitoring and analysis of Customer’s cybersecurity posture. Blueshift will utilize this data to enhance detection capabilities, predict potential threats, and provide actionable insights that can significantly improve the resilience of Customer’s systems against ever-advancing cyber threats.

• Consent & Acknowledgement: By using Blueshift services, Customer acknowledges that they have been informed about the types of data being collected and transferred to external systems and consent to transferring such data for the abovementioned purposes. Customer further agrees to provide any necessary permissions or authorizations required to allow for the collection and transfer of this data.
• Confidentiality & Security: Blueshift is committed to upholding the highest privacy and compliance standards. Blueshift agrees to adhere to all applicable laws and regulations regarding the protection of customer data, ensuring that Customer information is handled in a manner consistent with these legal requirements. 

Blueshift agrees to maintain the confidentiality of the data being transferred to any external systems and will implement appropriate security measures to protect this information. These security measures include, but are not limited to:

• Data Encryption
• 2 Factor Authentication
• System Monitoring
• Network Monitoring
• Identity and Access Management
• Continuous monitoring by our Security Operations Center (SOC)

However, Customer and Blueshift acknowledge that no system is entirely secure and agree that some risk is associated with transmitting sensitive data or information over networks or other communication channels.  Therefore, Customer agrees to hold Blueshift harmless for any such data breaches not directly attributable to provable negligence on behalf of Blueshift.

• Intellectual Property Rights: The data collected and transferred under this agreement remains the Customer’s exclusive property.  Blueshift has no claim to any intellectual property rights in or related to such data.
• Governing Law & Jurisdiction: This Data Transfer Agreement shall be governed by and construed in accordance with the laws of Florida. Any dispute arising out of or relating to this agreement shall be subject to the exclusive jurisdiction of the courts located in Lee County, Florida.

Amendments: Blueshift reserves the right to amend this Data Transfer Agreement at any time by updating the relevant URL on the Blueshift website. Customer’s continued use of the services provided by Blueshift following such update constitutes acceptance of the amended agreement.

1. 1. Notices. Any notice under this Agreement must be in writing and sent by certified letter, receipted commercial courier or e-mail transmission (acknowledged in like manner by the intended recipient) to the respective addresses shown on the Order(s), and shall be deemed given on the date received by the recipient, except that Blueshift may provide notice of changes to Policies, if required, via written announcement on its customer portal, which shall be deemed given on the date of such announcement. Any party may from time to time change such address or individual by giving the other party notice of such change in accordance with this Section.
   2. Export Control. Customer acknowledges that any Products and Confidential Information provided under this Agreement may be subject to U.S. export laws and regulations. Customer agrees that it will not use, distribute, transfer, or transmit the Products or Confidential Information in violation of U.S. export regulations. Without limiting the foregoing: (i) each party warrants and represents that it is not named on any U.S. government list of persons or entities prohibited from receiving exports; and (ii) Customer shall not permit individuals to access or use the Products in violation of any U.S. or United Nations export embargo, prohibition or restriction.
   3. Usage. Upon request, Customer agrees to certify to its compliance with the quantity and usage restrictions set forth in this Agreement and any Order for On-Premise Software, or to allow Blueshift or its approved designee to inspect Customer’s data processing systems and records to verify such compliance, provided that any such persons are bound by agreements to protect the security, privacy and confidentiality of the information contained in Customer’s systems. Blueshift may review Customer’s usage of the Cloud Services to determine Customer’s compliance with the quantity and usage restrictions of this Agreement and any Order. Blueshift will promptly notify Customer if Blueshift (or a Customer certification) determines that Customer’s usage of the Products exceeds purchased quantities, and if so, Customer shall promptly pay to Blueshift additional Fees applicable to such prior over-usage, and either: (i) immediately discontinue any such overuse; or (ii) purchase such additional quantities to cover Customer’s actual usage going forward at Blueshift’s then current charges.
   4. Applicable Law and Venue. This Agreement shall be governed by the law of the State of Florida, U.S.A., excluding: (i) its conflicts of laws principles; (ii) the United Nations Convention on Contracts for the International Sale of Goods; and (iii) the Uniform Computer Information Transactions Act (UCITA) as adopted by any state.  The parties hereto expressly consent and submit themselves to the exclusive jurisdiction of the courts of Florida, and it is stipulated that venue shall be in Lee County for the adjudication or disposition of any claim, action or dispute arising out of this Agreement.  The prevailing Party shall be reimbursed for any and all reasonable attorney’s fees and related costs incurred by the other Party to enforce its rights under this Agreement.   
   5. Assignment. Except in the event of a merger, acquisition or sale of all or substantially all of a party’s assets, neither party may assign any of its rights or delegate any of its obligations under this Agreement without the prior written consent of the other party (not to be unreasonably withheld). Any assignment in contravention of this provision shall be null and void. All the terms and provisions of this Agreement will be binding upon and inure to the benefit of the parties and their respective successors and permitted assigns.
   6. NonWaiver. The waiver of any breach or default of this Agreement will not constitute a waiver of any subsequent breach or default, and will not act to amend or negate the rights of the waiving party.
   7. Relationship of the Parties. Blueshift is an independent contractor. The provisions of this Agreement shall not be construed to establish any form of partnership, agency, or other joint venture of any kind between Customer and Blueshift, nor to constitute either party as the agent, employee, or legal representative of the other.
   8. Force Majeure. Each party will be excused from performance for any period during which, and to the extent that, it is prevented from performing any obligation or service as a result of causes beyond its reasonable control.
   9. Compliance with Laws. Blueshift will comply with all laws and regulations applicable to it and its provision of the Products. Blueshift is not responsible for compliance with any laws or regulations applicable to Customer or Customer’s industry that are not generally applicable to information technology service providers. Blueshift does not determine whether Customer Data includes information subject to any specific law or regulation. Customer must comply with all laws and regulations applicable to it and its use and possession of the Products.
   10. Severability. Any provision of this Agreement that is unenforceable shall not cause any other remaining provision to be ineffective or invalid.
   11. Modification of Agreement. Except as set forth herein, no addition to or modification of this Agreement shall be binding on either of the parties hereto unless reduced to writing and executed by an authorized representatives of each of the parties.
   12. Modification of Cloud Services and Policies. Notwithstanding anything to the contrary in this Agreement, from time to time at its sole reasonable discretion Blueshift may make upgrades, changes and/or improvements to: (i) the Cloud Services, in order to enhance the Cloud Services generally and/or remedy any issues with the Cloud Services; or (ii) the Policies, in order to address changes to Products or applicable laws or regulations. Notwithstanding the foregoing, except as is required as a result of changes to applicable laws or regulations, Blueshift will not modify any Cloud Services or Policies in any way designed to: (a) materially degrade the Cloud Services or Policies; or (b) add additional material obligations for Customer.
   13. Survival. All provisions of this Agreement that reasonably may be interpreted or construed as surviving termination of this Agreement shall survive the termination of this Agreement.
   14. Counterparts; Electronic Signature. This Agreement may be executed in multiple counterparts, each of which shall be deemed an original and all of which taken together shall constitute one and the same instrument. The parties hereby consent to electronic signature as a binding form of execution of this Agreement and related documents.
   15. Evaluation and Beta Use Terms and Conditions. Blueshift may, at its sole discretion and upon mutual written agreement of the parties, grant Customer the right to use the Products for evaluation or beta testing purposes in accordance with the terms of this Agreement. Notwithstanding anything to the contrary anywhere in this Agreement, the following terms and conditions shall also apply to (and supersede any conflicting terms in the event of a conflict) Customer’s evaluation or beta use of the Products: (i) the Products may be used solely for Customer’s internal assessment of the capabilities, performance, and suitability of the Products and in no event for production use; (ii) the Products ARE PROVIDED “AS IS” WITHOUT WARRANTIES OF ANY KIND, and Blueshift disclaims all warranties, support obligations, and other liabilities and obligations for Customer’s evaluation or beta use of the Products; and (iii) Customer agrees to defend, indemnify and hold harmless Blueshift from all claims, damages, and losses, howsoever arising and whether direct, indirect, or consequential, including all legal fees and expenses, arising from Customer’s evaluation or beta use of the Products.
   16. Ultrahazardous Activities.  The Products are not designed or intended for use in any hazardous environment requiring fail-safe performance or operation in which the failure of the Products could lead to death, personal injury, or property damage, including without limitation the design or operation of nuclear facilities, aircraft navigation or communication systems, air traffic control, direct life support machines, or weapons systems (or the on-line control of equipment in any such environment.)  Customer hereby agrees that it will not use the Products in such environments.
   17. Entire Agreement; English Language Controls. This Agreement comprises all the terms, conditions and agreements of the parties hereto with respect to the subject matter hereof and supersedes all other negotiations, proposals, or agreements of any nature whatsoever, unless otherwise specifically provided. Any contradictory or pre-printed terms and conditions that Customer may provide in connection with an Order shall be deemed null and void. This Agreement and all Orders, notices, or other documents given or to be given under this Agreement will be written in the English language only.