Terms of Service

This CodeFortify Software as a Service Agreement (this “Agreement”) is effective as of the 1st day of October, 2024 (the “Effective Date”) by and between CodeFortify Inc. (“CodeFortify”), a Delaware limited liability company, having its principal place of business at 19197 Golden Valley Road, Suite 819, Santa Clarita, CA 91387 and the individual or entity signing or electronically accepting this Agreement, or any Order Form that references this Agreement (“Company”).  CodeFortify and Company may be collectively referred to herein as the “Parties” and each individually as a “Party”.

RECITALS

A.  WHEREAS, CodeFortify has developed and provides to its customers a proprietary software application that enable companies to connect to various code scanning agents to their repositories, enable those repositories to be scanned, and thereby identify vulnerabilities in their code, and provide recommendations on how to remediate those vulnerabilities, on a software as a service basis (collectively, the “Platform”);

B.  WHEREAS, CodeFortify provides consulting services to its customers with respect to the deployment, integration, and use of the Platform, as may be more specifically agreed upon from time to time (collectively, the “Services” and each a “Service”); 

C.  WHEREAS, from time to time the Parties may enter into an Order Form (as defined below) pursuant to which Company may access and use the Platform and/or receive certain of the Services in connection with its business, and CodeFortify is willing to provide such Platform and/or Services on the terms and conditions set forth in this Agreement and as more specifically described in the Order Form.

NOW THEREFORE, in consideration of the mutual promises set forth below, the Parties agree as follows:

1. DEFINITIONS.  In addition to any terms defined throughout this Agreement, when used in this Agreement, the following capitalized terms shall have the meanings indicated below:

1. “Account” means Company’s account through which Company’s Designated Users can access and use the Platform.
2. “Company Content” means content or materials provided by or made available by Company to CodeFortify, including content and materials made available to CodeFortify by Company for use in connection with the provision of the Platform and/or the performance of the Services, including without limitation Company Software, as well as any Intellectual Property Rights therein, excluding any portion of the Platform and/or Services.
3. “Company Software” means any software supplied by Company to CodeFortify in connection with the use of the Platform and/or the performance of the Services by CodeFortify on behalf of the Company.
4. “Confidential Information” means any and all information disclosed by one Party (the “Disclosing Party”) to the other Party (the “Receiving Party”), directly or indirectly, in writing, orally, electronically, or in any other form, that is designated, at or before the time of disclosure, as confidential or proprietary, or that is provided under circumstances reasonably indicating that the information is confidential or proprietary, including, without limitation, trade secrets, business plans, technical data, product ideas, personnel, contract and financial information, and the terms of this Agreement and each Order Form, as well as, specifically in the case of CodeFortify, the Platform, Services and Technology and any Documentation or other proprietary materials describing the foregoing, and specifically in the case of Company, the Company Content.  Notwithstanding the foregoing, Confidential Information does not include information that: (a) is or becomes generally available to the public through no breach of this Agreement or any other agreement by the Receiving Party; (b) is or was known by the Receiving Party at or before the time such information was received from the Disclosing Party, as evidenced by the Receiving Party’s tangible (including written or electronic) records; (c) is received from a third-party that is not under an obligation of confidentiality to the knowledge of the Receiving Party with respect to such information; (d) is independently developed by the Receiving Party of the information without any breach of this Agreement, as evidenced by the Receiving Party’s contemporaneous tangible (including written or electronic) records; or (e) is approved for release in advance in writing by the Disclosing Party, as applicable. 
5. “Deliverables” means the specific deliverables set forth in an Order Form for Services.
6. “Designated Users” means the individual Company users designated by Company to access the Account, each of which will be assigned a unique user login and password.
7. “Documentation” means all operating manuals, user manuals, training materials, guides, product descriptions, product specifications, technical manuals, supporting materials, and other information relating to the Platform and/or Services.
8. “Intellectual Property Rights” means any copyright, trademark, service mark, trade name, patent, patent application, trade secret, moral right, privacy right, right of publicity, or any other intellectual property or proprietary right arising under the laws of any jurisdiction, whether registered or unregistered.
9. “Order Form” means a statement of work or Service order, including online orders, that incorporates this Agreement by reference and is signed by both the Parties or is otherwise consented to by Company (including online acceptance), pursuant to which CodeFortify agrees to provide the Platform, or portion thereof, and/or one or more Services.
10. “Policies” means criteria or specifications, including content limitations, technical specifications, privacy policies, user experience policies, policies regarding consistency with CodeFortify’s public image, and other policies as may be specified by a Party, including in an Order Form, or as otherwise provided by CodeFortify upon written notice to Company, from time to time.
11. “Recommendations” means CodeFortify’s I generated summary of code vulnerabilities and potential remediation path(s) with respect to same.
12. “Service(s)” has the meaning specified in Recital B hereof, as may be more particularly identified in an Order Form. 
13. “Software” means all software code comprising all or a portion of the Platform, made available by CodeFortify for use by Company, including any modified versions, updates or upgrades of the Software that may be provided to Company by CodeFortify, but does not include (i) source code for the Software, or (ii) Third Party Software.
14. “Technology” means any Software or technology incorporated in or made available through the Platform and/or Services by CodeFortify to Company, but excluding any Third Party Software.
15. “Third Party Software” means software available for purchase or license from a third party unaffiliated with CodeFortify for use in connection with the provision of the Platform and/or Services.
16. “Third Party Terms” means any legal agreements, licenses, obligations, and/or undertakings that must be adhered to in connection with the use of any Third Party Software.
17. “Platform” has the meaning specified in Recital A hereof, including all Technology related thereto.
18. “Usage Data” has the meaning set forth in Section 4.5.
19. PLATFORM AND SERVICES
    1. Use of Platform and Services. 
       1. Subject to the terms and conditions of this Agreement and an applicable Order Form, CodeFortify hereby grants Company the right, during the term of this Agreement, to access and use the Platform, or portion thereof, through Company’s Account for itself solely for the purposes set forth herein and in such Order Form.
       2. CodeFortify shall provide Company with such Services as may be set forth in an Order Form from time to time, including, as may be set forth in an Order Form, in furtherance of Company’s use of the Platform.  The Services may be modified upon the mutual written agreement of Company and CodeFortify by amendment of such Order Form, executed by both Parties.
       3. CodeFortify will provide Company with that number of user logins and passwords set forth in an Order Form for its Designated Users to access the Company’s Account, which number may be increased from time to time, subject to the payment of any additional fees with respect to additional Designated Users set forth in the applicable Order Form.  Company may replace a Designated User upon written notice to CodeFortify.  Company and its Designated Users shall not share the user logins and passwords with, or otherwise allow access to the Platform, Services and Account by, any other individuals other than the Designated Users.  Company shall provide to CodeFortify all required information, which must be correct, current and complete, in order to create the Account.  Company is responsible for maintaining the confidentiality of the user logins and passwords Company is given to access the Account, and Company is fully responsible for all activities that occur under the Account, including activities of its Designated Users.  Company shall maintain all reasonable security measures to ensure that access to the Platform and Services is adequately protected, including without limitation as to confidentiality, authenticity and integrity and shall comply with all CodeFortify’s reasonable Policies with respect to same.  Company shall notify CodeFortify immediately of any unauthorized use of Company’s user logins and passwords.  
    2. Company Obligations.  
       1. Company shall provide CodeFortify with all reasonable cooperation and technical support necessary and/or appropriate to fully implement the Platform and/or Services, as applicable.
       2. Company shall ensure that it has all necessary rights and consents necessary to provide CodeFortify with access to and use of the Company Content to the extent necessary for CodeFortify’s provision of the Platform and/or Services.  Company shall be solely responsible for any fees and expenses incurred in connection with same. Each of CodeFortify and Company shall take all steps reasonably necessary to ensure that all data of the other Party is protected against unauthorized disclosure, access, use, modification, or loss or other misuse.
       3. Exclusive of any Technology comprising a part of the Platform and Services, Company shall be solely responsible, at its sole cost and expense, for (i) providing and maintaining all hardware, software, electrical and other physical requirements necessary for Company’s use of the Platform and Services, including, without limitation, telecommunications and Internet access connections and links, web browsers, bandwidth, or other equipment, software and services required to access and use the Platform and Services, (ii) ensuring that all of the foregoing are compatible with the Platform and Services, and (iii) complying with all system requirements provided by CodeFortify, including without limitation the recommended CodeFortify configuration procedures and Documentation.  Company’s failure to abide by the foregoing may result in disruptions to Company’s use of the Platform and/or Services and CodeFortify shall not be liable for any such failure notwithstanding anything to the contrary set forth herein. 
    3. Permitted Use; Limited License.  Subject to Company’s compliance with all the terms and conditions of this Agreement and any additional usage requirements, restrictions, documentation and Policies CodeFortify may provide to Company from time to time upon written notice to Company, CodeFortify hereby grants to Company a limited, revocable, non-transferable, non-sublicensable, non-assignable, non-exclusive license and right to access and use the Platform along with any subsequent updates and upgrades thereto, during the Term, solely for the purposes set forth in the Order Form, subject at all times to Section 10.4 below.
    4. Restrictions. Company agrees that Company will not, nor will Company enable or facilitate a third party to, directly or indirectly (a) reproduce or modify the Platform and/or Services , (b) use any device, software or routine to interfere with the proper working of the Platform and/or Services, (c) unless otherwise approved by CodeFortify in writing, use any automated means, including, without limitation, agents, robots, scripts or spiders, to access, monitor or copy the Platform and/or Services, except as may be set forth in an Order Form, or (d) use the Platform and/or Services in any manner other than as permitted by this Agreement or an Order Form.  Without limiting the foregoing, Company further agrees that it will not take any action that imposes an unreasonable or disproportionately large load on the Platform infrastructure, as reasonably determined by CodeFortify.  CodeFortify reserves all rights not expressly granted under this Agreement.
    5. Third Party Integrators.  Unless otherwise provided as part of the Services, Company shall be solely responsible for all actions of and agreements with third parties engaged by Company or its Company Clients to provide any integrations of the Platform and/or Services with Company’s and/or Company Client’s infrastructure. 
20. FEES AND PAYMENT TERMS.
    1. Fees.  Company shall pay CodeFortify the fees for use of the Platform and/or provision of the Services as set forth in each applicable Order Form (the “Fees”). Unless otherwise stated in an Order Form, all Fees will be due and payable in full within thirty (30) days of the date of CodeFortify’s invoice to Company.  CodeFortify reserves the right to charge a late fee of 1.5% of the invoice’s value per month, or the highest rate allowed by applicable law, whichever is lower, if payment in full is not received by the due date.  In addition, CodeFortify reserves the right to terminate and/or suspend the provision of Platform and/or Services hereunder upon ten (10) days prior written notice to Company of a failure to timely pay an invoice.  Company shall be liable for all costs of collection, including attorneys’ fees and costs after the due date for such Fees. All payments under this Agreement or an applicable Order Form shall be in U.S. Dollars.
    2. Expenses.  Company agrees to pay the reasonable and necessary actual out-of-pocket expenses as reasonably incurred by CodeFortify in furtherance of its performance of an Order Form, as such expenses are outlined therein or subsequently agreed to in writing by the Parties in writing (email sufficing), including, to the extent applicable, any fees and/or expenses related to Third Party Software (collectively, “Expenses”).  To the extent Expenses are later incurred for currently free offerings, such as Third Party Software, Company agrees that it shall be responsible for the payment of such Expenses (notwithstanding any failure of the applicable Order Form to stipulate such Expenses), subject to reasonable notice from CodeFortify as to same.  Upon request, CodeFortify will provide copies of supporting documentation as may be reasonably appropriate for Company or its accountants to confirm the nature and amount of any such Expenses. CodeFortify shall invoice the Company for all Expenses in the same manner as it invoices for its Fees and such invoices shall be subject to the same terms as invoices for Fees set forth in Section 3.1 above.  CodeFortify reserves the right to require payment for Expenses prior to incurring same in its sole discretion.
    3. Taxes. Company shall be responsible for paying all federal, state, local, foreign or other taxes, duties, tariffs or other charges, however designated, arising from or based upon this Agreement or an Order Form, or the transactions contemplated by either of them, except for taxes based on CodeFortify’s income, provided all such taxes, duties, tariffs and other charges are clearly set forth in the invoice issued by CodeFortify.
    4. Dispute Resolution.  In the event Company disputes any Fees or Expenses owed to CodeFortify pursuant to an applicable Order Form, it must provide written notice of such dispute within thirty (30) days of the date a disputed amount was otherwise due and owing to CodeFortify.  Upon timely submission of a notice of dispute pursuant to this Section 3.4, the Parties will work in good faith to resolve this dispute for a period of thirty (30) days and if, at the end of such thirty (30) day period, no resolution has been reached, the applicable Order Form and related Platform and/or Services may be immediately terminated by CodeFortify and the Parties may pursue their respective rights under applicable law.  In the event a notice of dispute is not timely received, Company shall be deemed to have conclusively accepted the accuracy of CodeFortify’s calculation of Fees and Expenses under the applicable invoices and waives any further rights to challenge or dispute such compensation calculation.
21. INTELLECTUAL PROPERTY
    1. Proprietary Rights. As between CodeFortify and Company, CodeFortify owns all right, title and interest, including without limitation all Intellectual Property Rights, in and to the Platform and the Services.  Use of the Platform and the Services for any purpose not set forth in this Agreement or an applicable Order Form is prohibited.  Company acknowledges such ownership and will not take any action to jeopardize, limit or interfere in any manner with CodeFortify’s rights with respect to the Platform and Services. The Platform and Software are protected by copyright and other intellectual property laws and by international treaties.  As between CodeFortify and Company, Company owns all right, title and interest, including without limitation all Intellectual Property Rights, in and to the Deliverables and Company Content.  CodeFortify acknowledges such ownership and will not take any action to jeopardize, limit or interfere in any manner with Company’s rights with respect to the Company Content.  As between the Parties and Third Party Software provider, the applicable Third Party Software provider owns all right, title and interest, including without limitation all Intellectual Property Rights, in and to the Third Party Software.  Use of the Third Party Software for any purpose not set forth in this Agreement or an applicable Order Form is prohibited and/or permitted by any applicable Third Party Terms.  Company acknowledges such ownership and will not take any action to jeopardize, limit or interfere in any manner with such Third Party Software provider’s rights with respect to the Third Party Software.
    2. No Reverse Engineering.  Except as provided in Section 2.3 above, Company has no rights or licenses with respect to the Platform, the Services, and/or any Third Party Software.  Without limiting the generality of the foregoing, except as expressly provided in this Agreement, Company may not (a) sell, resell, copy, distribute, rent, lease, lend, sublicense, transfer, assign or make the Platform, the Services, and/or any Third Party Software available to any third party or use the Platform, the Services, and/or any Third Party Software on a service bureau basis, except as approved by CodeFortify in writing, (b) modify, decompile, reverse engineer, or disassemble the Platform, the Services, and/or any Third Party Software or otherwise attempt to derive any of CodeFortify’s Intellectual Property Rights in the Platform and/or Services or any Third Party Software provider’s Intellectual Property Rights in the Third Party Software, (c) create derivative works based on the Platform, the Services, and/or any Third Party Software (except for use of the Recommendations delivered to Company in connection with such use); (d) modify, alter, delete, remove, or obscure any copyright, trademark, patent or other proprietary notices or legends that appear on or are affixed to the Platform, the Services, and/or any Third Party Software during the use and operation thereof; or (e) copy any of the Documentation.  As between Company and CodeFortify, any changes to, modifications to, or derivative works of the Platform, Technology, and/or Services shall become the exclusive property of CodeFortify. As between Company and a Third Party Software provider, any changes to, modifications to, or derivative works of the Third Party Software shall become the exclusive property of the Third Party Software provider, unless otherwise set forth in the Third Party Terms.
    3. No License.  Nothing in this Agreement shall be deemed to grant Company any license to use the Platform and/or Services other than as expressly stated herein or in an applicable Order Form.  Any use of the Third Party Software is subject to the Third Party Terms, each of which, if and as applicable, shall be set forth in an applicable Order Form.
    4. Feedback.  Company may, but is not obligated to, provide or submit any suggestions, feedback, comments, ideas, or other information relating to the Platform and/or Services or modifications or enhancements thereto (the “Company Input”).  Any Company Input is provided on a non-confidential basis regardless of any suggestion to the contrary in any Company communication, and Company hereby grants CodeFortify a nonexclusive, worldwide, royalty-free, perpetual, irrevocable, sublicensable, transferable right and license to exploit such Company Input (directly or through third parties) in any manner without compensation or liability to Company for any purpose whatsoever, including, but not limited to, developing, manufacturing, enhancing, improving, promoting, and marketing CodeFortify’s products and services.
    5. Usage Data.  CodeFortify shall have the right to collect and analyze data and other information relating to the provision, use and performance of various aspects of the Platform and Services and related Technology (“Usage Data”), and CodeFortify shall have all rights (during and after the Term hereof) to use such Usage Data solely, (a) to improve and enhance the Platform and Services, for internal purposes, and for such other internal development, diagnostic and corrective purposes related to the Platform and Services as CodeFortify may determine in its sole and absolute discretion on a royalty free basis, and (b) in aggregate or other de-identified form in connection with its business, notwithstanding anything to the contrary set forth in this Agreement or any applicable Order Form. In all cases, none of such Usage Data shall include any Company Content.
22. CONFIDENTIALITY
    1. Restrictions on Use and Disclosure.  Each Receiving Party agrees: (a) to protect and safeguard the Disclosing Party’s Confidential Information against unauthorized use, publication or disclosure with the same degree of care that it uses to protect the confidentiality of its own Confidential Information and, in any event, not less than reasonable care; (b) to restrict access to the Disclosing Party’s Confidential Information to those of its officers, directors, employees, agents, attorneys, accountants, investment advisors, and contractors who have confidentiality obligations that afford the Confidential Information a substantially similar level of protection as is afforded by this Agreement; and (c) not to use, or permit others to use, the Disclosing Party’s Confidential Information except as is reasonably necessary to perform its obligations or exercise its rights under this Agreement.  Each Receiving Party shall return or destroy all Confidential Information of the Disclosing Party upon the termination or expiration of this Agreement or upon the request of the Disclosing Party; provided, however, a Receiving Party shall not be required to return or destroy information or materials that it must retain during or after termination or expiration of this Agreement in order to receive the benefits of this Agreement or properly perform in accordance with this Agreement or in order to remain compliant with a valid law, regulation, or court or administrative order.
    2. Exceptions. Notwithstanding any other provision of this Agreement, a Receiving Party may disclose Confidential Information of the Disclosing Party if such disclosure is required by an order of a court or other governmental authority, law or regulation, but only to the extent that any such disclosure is necessary and after notice to the Disclosing Party if practicable and lawful. In such case, the Receiving Party shall, at the Disclosing Party’s expense, assist the Disclosing Party in obtaining an order protecting the Confidential Information from public disclosure, or in otherwise minimizing and limiting the breadth and scope of such disclosure.
    3. Confidentiality of Agreement. Each Party agrees that the terms and conditions, but not the existence and general nature, of this Agreement and each Order Form shall be treated as Confidential Information, provided, however, that each Party may disclose the terms and conditions of this Agreement and an Order Form: (a) as required by any court or other governmental body, subject to the provisions of Section 5.2; (b) in connection with an initial public offering or other securities filing; (c) to legal counsel of the Parties; (d) in confidence, to accountants, banks, and financing sources and their advisors; (e) in confidence, in connection with the enforcement of this Agreement or rights under this Agreement or an Order Form; or (f) in confidence, in connection with an actual or prospective merger, acquisition or similar transaction, provided that the Party seeking to so disclose pursuant to (a), (b), or (f) above must provide advance written notice to the non-disclosing Party of any proposed disclosure, to the fullest extent lawfully allowed, and provide the non-disclosing Party with an opportunity to request appropriate protections of its Confidential Information (e.g., protective order or confidential treatment) and shall assist in such efforts using its reasonable best efforts.
    4. Remedies.  Each Receiving Party understands and acknowledges that any disclosure or misappropriation of any of the Disclosing Party’s Confidential Information in violation of this Agreement may cause the Disclosing Party irreparable harm, the amount of which may be difficult to ascertain and, therefore, agrees that the Disclosing Party shall have the right to apply to a court of competent jurisdiction for an order restraining any such further disclosure or misappropriation and for such other relief as the Disclosing Party shall deem appropriate.  Such right of the Disclosing Party shall be in addition to the remedies otherwise available to the Disclosing Party at law or in equity.
23. TERM AND TERMINATION
    1. Term.  Unless terminated earlier by either Party in accordance with Section 6.2, this Agreement shall commence on the Effective Date and remain in effect for a period of one (1) year or until all Order Forms entered into hereunder have expired or been terminated in accordance with their terms, whichever is longer (the “Initial Term”).  Notwithstanding the foregoing, this Agreement shall be automatically renewed for additional, successive terms of twelve (12) months (each, a “Renewal Term”) unless, at least ninety (90) days prior to the expiration of the Initial Term or any Renewal Term, either Party provides the other Party with written notice of its desire not to renew this Agreement.  Such right of non-renewal may be exercised by either Party, with or without cause.
    2. Termination/Suspension.  This Agreement and the provision of the Platform and/or Services may be terminated immediately upon written notice: 
       1. by either Party if the other Party breaches any material provision of this Agreement and fails to cure such breach within thirty (30) days after receipt of written notice of such breach,
       2. by CodeFortify if Company breaches its payment obligations and fails to cure such breach within ten (10) days after receipt of written notice of such breach, 
       3. by either Party (i) if the other Party becomes insolvent, (ii) makes an assignment for the benefit of creditors, (iii) files or has filed against it a petition in bankruptcy or seeking reorganization, (iv) has a receiver appointed, or (v) institutes any proceedings for the liquidation or winding up; provided, however, that, in the case any of the foregoing is involuntary, such Party shall only be in breach if such petition or proceeding has not been dismissed within ninety (90) days, or
       4. by either Party as may be set forth in an applicable Order Form.
    3. Effect of Termination or Expiration. Upon termination or expiration of this Agreement: (i) CodeFortify shall deauthorize Company’s user logins and passwords and terminate Company’s access to the Platform and/or Services, and Company shall immediately cease all use of the Platform and Services, provided that it shall have perpetual rights to use the Deliverables.  Additionally, (a) both Parties will destroy or return, as requested by the other Party, all Confidential Information of the other Party and copies thereof, and (b) Company will promptly (not to exceed fifteen (15) business days) pay any Fees and Expenses owed or incurred to CodeFortify prior to such termination or expiration. This Section 6.3 is not intended to limit any remedies that may be available to a Party for an improper termination or breach of this Agreement or any applicable Order Form by the other Party. 
    4. Survival of Provisions.  Sections 1, 2.4, 3, 4, 5, 6.3, 6.4, 7.4, 8, 9 and 10, as well as any other terms hereof that by their intent or meaning would reasonably be deemed as intended to so survive, shall survive any termination or expiration of this Agreement.  No termination hereunder shall constitute a waiver of any rights or causes of action that either Party may have based upon events occurring prior to the termination date.
24. Warranties. 
    1. Mutual Warranties.  Each Party hereby represents, warrants, and covenants to the other that:  (a) it has the power to enter into and perform this Agreement and each Order Form; (b) the execution of this Agreement and each Order Form has been duly authorized by all necessary corporate action of the Party; (c) this Agreement and each Order Form constitutes a valid and binding obligation on the Party, enforceable in accordance with its terms; (d) no consent or approval of any other person or governmental authority is necessary for this Agreement or an Order Form to be effective; (e) neither the execution or delivery of this Agreement nor the consummation of the transactions contemplated by it or an applicable Order Form would constitute a default or violation of the Party’s charter documents and/or other agreements; and (f) it will comply with all applicable laws in the performance of its obligations under this Agreement.  
    2. CodeFortify Warranties. CodeFortify hereby represents and warrants that the Platform (but specifically not including the Recommendations) does not and will not violate or infringe upon the Intellectual Property Right of any third party.  CodeFortify further represents and warrants that (a) no portion of the Platform will knowingly contain viruses, trojan horses, worms, time bombs, cancelbots or other similar harmful or deleterious programming routines, (b) it will only use Company Content in connection with the provision of the Platform and/or the performance of the Services on behalf of Company or as otherwise provided in this Agreement or an Order Form, and (c) it shall perform the Services in a good and workmanlike manners consistent with generally accepted industry standards. CodeFortify shall: (a) implement reasonable and appropriate technical and organizational measures designed to protect Company Content from and against any accidental or unlawful destruction or any accidental loss, alteration, unauthorized disclosure, use or access; and (b) process Company Content in accordance with Company’s instructions, except as otherwise permitted in this Agreement.  CodeFortify will provide commercially reasonable levels of security for all Services provided by CodeFortify hereunder and networks being utilized by CodeFortify in connection with the provision of the Platform and/or Services hereunder.
    3. Company Warranties.  Company hereby represents and warrants that (a) it shall comply with the undertakings set forth in Section 2.2 hereof; (b) the Company Content provided to CodeFortify has been collected, stored and processed by Company and has been supplied to CodeFortify in accordance with all applicable laws; (c) the Company Content does not and will not violate or infringe upon the Intellectual Property Right of any third party and the performance by CodeFortify of any Order Form shall not require any further license or authorization with respect to the use of such Company Content; (d) none of the Company Content will contain viruses, trojan horses, worms, time bombs, cancelbots or other similar harmful or deleterious programming routines; and (e) the Company Content does not violate state or federal laws, including privacy or publicity, consumer protection and data protection laws.
    4. Disclaimer. EXCEPT AS EXPRESSLY PROVIDED HEREIN, COMPANY HEREBY ACKNOWLEDGES AND AGREES THAT THE PLATFORM, RECOMMENDATIONS, AND SERVICES PROVIDED BY CODEFORTIFY PURSUANT TO THIS AGREEMENT AND ANY ORDER FORM ARE BEING PROVIDED TO COMPANY “AS IS, WITH ALL FAULTS.”  EXCEPT AS EXPRESSLY STATED IN THIS AGREEMENT, NEITHER PARTY MAKES ANY OTHER REPRESENTATION OR WARRANTY OF ANY KIND, AND EACH PARTY HEREBY DISCLAIMS ALL OTHER WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT, INCLUDING SPECIFICALLY WITH RESPECT TO THE RECOMMENDATIONS.  WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, EXCEPT AS EXPRESSLY PROVIDED HEREIN, CODEFORTIFY DOES NOT WARRANT THAT THE PLATFORM, RECOMMENDATIONS, AND/OR SERVICES WILL (I) BE UNINTERRUPTED; (II) BE FREE FROM INACCURACIES, ERRORS, VIRUSES OR OTHER HARMFUL COMPONENTS; (III) MEET COMPANY’S REQUIREMENTS; OR (IV) OPERATE IN THE CONFIGURATION OR WITH THE HARDWARE OR SOFTWARE COMPANY USES. COMPANY’S USE OF THE PLATFORM AND SERVICES IS SOLELY AT COMPANY’S RISK.  WITHOUT LIMITING THE FOREGOING, COMPANY ACKNOWLEDGES AND AGREES THAT (X) THE PLATFORM, RECOMMENDATIONS, AND SERVICES AND THE USE THEREOF MAY REQUIRE THE USE OF THIRD PARTY SOFTWARE, AND CODEFORTIFY MAKES NO REPRESENTATION OR WARRANTY WITH RESPECT TO THE THIRD PARTY SOFTWARE OR OTHERWISE GUARANTEE THAT SUCH THIRD PARTY SOFTWARE WILL MEET COMPANY’S REQUIREMENTS. COMPANY ACCEPTS SOLE RESPONSIBILITY AND RISK ASSOCIATED WITH THE USE OF THE THIRD PARTY SOFTWARE PROVIDED.  Company’s exclusive remedy (and CodeFortify’s sole obligation) for violation of its warranties set forth in this Agreement shall be for CodeFortify to promptly replace the defective portions of the Platform and/or Services; provided that if CodeFortify is unable to replace the same within ninety (90) days of notification by Company of a breach, Company’s sole remedy is to terminate this Agreement, at which time CodeFortify will refund an equitable portion of any fees paid in advance by Company pursuant to this Agreement or an applicable Order Form. 
25. LIMITATIONS ON LIABILITY AND INDEMNITY
    1. Exclusion of Damages.  EXCEPT TO THE EXTENT ARISING OUT OF CODEFORTIFY’S (i) BREACH OF SECTION 5 (CONFIDENTIALITY), AND/OR (ii) INDEMNITY OBLIGATIONS PURSUANT TO SECTION 9 (INDEMNIFICATION), AND/OR (iii) GROSS NEGLIGENCE AND/OR INTENTIONAL MISCONDUCT, CODEFORTIFY WILL NOT BE LIABLE FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES (INCLUDING DAMAGES RELATING TO LOST PROFITS, LOST DATA OR LOSS OF GOODWILL) ARISING OUT OF OR RELATED TO THE TRANSACTIONS CONTEMPLATED BY THIS AGREEMENT, REGARDLESS OF WHETHER THE ALLEGED LIABILITY IS BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY, OR ANY OTHER BASIS, AND EVEN IF CODEFORTIFY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.  
    2. Limitation on Liability.  EXCEPT TO THE EXTENT ARISING OUT OF CODEFORTIFY’S (i) BREACH OF SECTION 5 (CONFIDENTIALITY), AND/OR (ii) INDEMNITY OBLIGATIONS PURSUANT TO SECTION 9 (INDEMNIFICATION), AND/OR (iii) GROSS NEGLIGENCE AND/OR INTENTIONAL MISCONDUCT, AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY, IN NO EVENT WILL CODEFORTIFY’S LIABILITY UNDER THIS AGREEMENT OR AN APPLICABLE ORDER FORM EXCEED THE FEES PAID BY COMPANY TO CODEFORTIFY IN THE THREE (3) MONTHS IMMEDIATELY PRECEDING THE DATE ON WHICH THE CAUSE OF ACTION RELATING TO SUCH LIABILITY AROSE. TO THE EXTENT ARISING OUT OF CODEFORTIFY’S (i) BREACH OF SECTION 5 (CONFIDENTIALITY), AND/OR (ii) INDEMNITY OBLIGATIONS PURSUANT TO SECTION 9 (INDEMNIFICATION), CODEFORTIFY’S AGGREGATE LIABILITY SHALL NOT EXCEED THE GREATER OF (a) THE AMOUNT OF FEES PAID BY COMPANY TO CODEFORTIFY IN THE SIX (6) MONTHS IMMEDIATELY PRECEDING THE DATE ON WHICH THE CAUSE OF ACTION RELATING TO SUCH LIABILITY AROSE. EACH PARTY ACKNOWLEDGES THAT IT HAS ENTERED INTO THIS AGREEMENT RELYING ON THE LIMITATIONS OF LIABILITY STATED HEREIN AND THAT THOSE LIMITATIONS ARE AN ESSENTIAL BASIS OF THE BARGAIN BETWEEN THE PARTIES. 
26. INDEMNIFICATION.  
    1. Indemnification from Company.  Company shall indemnify and hold CodeFortify, and its employees, representatives, agents, directors, officers, and representatives (the “CodeFortify Indemnified Parties”) harmless, and at CodeFortify’s option defend the CodeFortify Indemnified Parties, from and against any third party claims, suites, proceedings, demands, or actions (collectively “Claims”) and any damages, losses, costs, settlements, judgments, awards, fines, penalties, interest, liabilities, or expenses (including without limitation, reasonable attorneys’ fees and disbursements and court costs) (collectively, “Losses”) brought against any of the CodeFortify Indemnified Parties arising out of (a) Company’s use of the Platform and Services other than in accordance with this Agreement, an Order Form, and applicable law, (b) any breach or alleged breach by Company of any provision of this Agreement, including its representations and warranties set forth herein, (c) any breach or alleged breach of any Third Party Terms, and (d) Company’s gross negligence or willful misconduct.  
    2. Indemnification from CodeFortify.  CodeFortify shall indemnify and hold Company, and its employees, representatives, agents, directors, officers, and representatives (the “Company Indemnified Parties”) harmless, and at CodeFortify’s option defend the Company Indemnified Parties, from and against any Claims and Losses brought against any of the Company Indemnified Parties arising out of any allegation that the Platform, excluding the Recommendations, violates or infringes upon the Intellectual Property Rights of any third party.  If any of the Platform, excluding the Recommendations, becomes, or in CodeFortify’s opinion is likely to become, the subject of an infringement Claim under this Agreement, CodeFortify may, at its sole option and expense, either (x) procure for Company the right to continue using the applicable Platform, excluding the Recommendations, (y) replace or modify the applicable Platform, excluding the Recommendations, so that it becomes non-infringing, or (z) solely if clauses (x) and (y) are not commercially viable, terminate this Agreement. Notwithstanding the foregoing, CodeFortify will have no obligation with respect to any infringement claim based upon (i) any use of the Platform not in accordance with this Agreement, (ii) any use of the Platform in combination with other products, equipment, or software not supplied by CodeFortify, including any Third Party Software, (iii) any modification of the Platform by (a) any person other than CodeFortify or its authorized agents or subcontractors or (b) by CodeFortify or its authorized agents or subcontractors in compliance with the designs, specifications or instructions of Company; and (iv) continued allegedly infringing activity by Company after Company has been notified of the possible infringement and has been provided with an updated, non-infringing version of the Platform.  CodeFortify’s obligations pursuant to this Section 9.2 shall be Company’s sole and exclusive remedy and recourse with respect to any infringement Claim.
    3. Indemnity Process.  Should any Claim subject to indemnity be made against a Party hereto, the Party against whom the Claim is made agrees to provide the other Party with prompt written notice of the Claim (provided that any delay in notification will not relieve the indemnifying Party of its obligations hereunder except to the extent that the delay impairs its ability to defend).  The indemnifying Party will control the defense and settlement of any Claim, unless otherwise determined by CodeFortify.  The indemnified Party agrees to cooperate with the indemnifying Party and provide reasonable assistance in the defense and settlement of such Claim.  The indemnifying Party is not responsible for any costs incurred or compromise made by the indemnified Party unless the indemnifying Party has given prior written consent to the cost or compromise. If a conflict of interest arises between the indemnifying Party and the indemnified Party for the types of Claims set forth herein, and the indemnified Party under the appropriate section sends a written notice of such conflict of interest to the indemnifying Party, then the indemnified Party under that section shall provide for the indemnification of the indemnified Party for (a) the cost to hire and retain separate counsel and (b) the cost of investigation, litigation and/or settlement of such Claims. If a Claim is judicially determined to have been caused by both the indemnifying Party and the indemnified Party, the apportionment of liability shall be shared between the parties based upon the comparative degree of each party’s judicially determined responsibility and to the extent necessary, a refund of all pre-funded indemnity expenses shall be made if necessary in accordance with the foregoing.
27. GENERAL TERMS
    1. Neutral Construction.  The Parties to this Agreement agree that this Agreement was negotiated fairly between them at arm's length and that the final terms of this Agreement are the product of the Parties' negotiations.  Each Party warrants and represents that it has sought and received legal counsel of its own choosing with regard to the contents of this Agreement and the rights and obligations affected hereby.  The Parties agree that this Agreement shall be deemed to have been jointly and equally drafted by them and that the provisions of this Agreement therefore should not be construed against a Party on the grounds that the Party drafted or was more responsible for drafting the provision(s).
    2. Independent Contractors.  The relationship of CodeFortify and Company established by this Agreement is that of independent contractors, and nothing contained in this Agreement will create or be construed to create any partnership, joint venture, agency, franchise, sales representative, employment or fiduciary relationship between the Parties.  
    3. Governing Law; Jurisdiction. This Agreement is to be construed in accordance with and governed by the internal laws of the State of California, without giving effect to any choice of law rule that would cause the application of the laws of any jurisdiction other than the internal laws of the State of California to the rights and duties of the Parties.  Any action or proceeding seeking to enforce any provision of, or based on any right arising out of, this Agreement may be brought against any of the Parties only in the courts of the State of California, located in Los Angeles County, California, or, if it has or can acquire the necessary jurisdiction, in the United States Central District Court of California.  Each of the Parties consents to the exclusive jurisdiction of such courts (and the appropriate appellate courts) in any such action or proceeding and waives any objection to venue laid therein.  THE PARTIES HEREBY WAIVE ANY RIGHT TO A JURY TRIAL IN ANY ACTION BETWEEN THE PARTIES.
    4. Assignment.  Neither this Agreement nor any applicable Order Form may be assigned, in whole or in part, by Company without the prior written consent of CodeFortify.  CodeFortify shall have the right to assign or otherwise transfer this Agreement or any of its rights or obligations hereunder.  Any purported assignment, sale, transfer, delegation or other disposition by Company, except as permitted herein, shall be null and void.  This Agreement and each applicable Order Form shall be binding upon and shall inure to the benefit of the Parties and their respective successors and permitted assigns.  Notwithstanding the foregoing, Company shall have the right to transfer and/or assign this Agreement and an applicable Order Form in connection with a merger of Company with and into a third party and/or a sale of all or substantially all of Company’s assets to a third party.
    5. Recovery of Fees by Prevailing Party.  If any legal action, including, without limitation, an action for arbitration or equitable relief, is brought by one Party against the other Party relating to this Agreement or an Order Form or the breach or alleged breach hereof or thereof, the prevailing Party in any final judgment or arbitration award, or the non-dismissing Party in the event of a voluntary dismissal by the Party instituting the action, will be entitled to reimbursement from the other Party for the full amount of all reasonable expenses, including all court costs, arbitration fees and actual attorneys’ fees paid or incurred in good faith.
    6. Non-Solicitation.  During the Term of this Agreement and for a period of twelve (12) months thereafter, Company shall not, directly or indirectly, in any manner solicit or induce for employment any person who performed any work under this Agreement on behalf of CodeFortify. A general advertisement or notice of a job listing or opening or other similar general publication of a job search or availability to fill employment positions, including on the Internet, shall not be construed as a solicitation or inducement for the purposes of this Section.
    7. Severability.  If the application of any provision of this Agreement or any applicable Order Form to any particular facts or circumstances will be held to be invalid or unenforceable by an arbitration panel or a court of competent jurisdiction, then (a) the validity of other provisions of this Agreement or any applicable Order Form will not in any way be affected thereby, and (b) such provision will be enforced to the maximum extent possible so as to effect the intent of the Parties and reformed without further action by the Parties to the extent necessary to make such provision valid and enforceable.
    8. Waiver.  A waiver of a Party’s breach of any provision of this Agreement or an applicable Order Form will not operate as or be deemed to be a waiver of that Party’s prior, concurrent or subsequent breach of that or any other provision of this Agreement and/or Order Form.
    9. Force Majeure.  Neither Party will be deemed in default of this Agreement or an Order Form to the extent that performance of its obligations (other than payment obligations) or attempts to cure any breach are delayed or prevented by reason of any act of God, fire, natural disaster, accident, riots, acts of government, acts of war or terrorism, shortage of materials or supplies, failure of transportation or communications or of suppliers of goods or services, or any other cause beyond the reasonable control of such Party.  
    10. Notices.  Any notice or approval desired or required to be provided to a Party hereunder will be given to such Party in writing by overnight messenger (notice deemed effective the business day after such messenger’s acceptance (which acceptance must occur before such messenger’s required deadline) for next business day service), mail (notice deemed effective three (3) days after mailing), or e-mail (noticed deemed effective upon receipt of a return e-mail, other than an automatically generated return e-mail, indicating that the e-mail notice has been received), addressed to such Party at the address for such Party specified in the introductory paragraph of this Agreement.  A Party may designate a substitute address by written notice to the other with the effectiveness of such notice governed by the terms of this Section.  If the final day for giving notice is a Saturday, Sunday or nationally recognized holiday then the time for giving such notice will be extended to the next business day.
    11. Counterparts.  This Agreement and any Order Form entered into hereunder may be executed in two or more counterparts, each of which will be deemed an original and all of which together will constitute one and the same instrument.  Electronic, facsimile or scanned signatures shall have the same force as an original signature.
    12. Entire Agreement.  The provisions of this Agreement along with each applicable Order Form constitutes the entire agreement between the Parties with respect to the subject matter hereof, and this Agreement along with each applicable Order Form supersedes all prior agreements or representations, oral or written, regarding such subject matter.  In the event of a conflict between the terms of this Agreement and an Order Form, the terms of the Order Form shall control.
    13. Amendments.   This Agreement and each Order Form may be amended only by a writing signed by both Parties.
    14. Headings.  The headings to the sections of this Agreement are used for convenience only.
    15. Marketing.  Company hereby grants to CodeFortify a non-transferable, non-exclusive, non-sublicensable, royalty-free, right and license to use and display those trade names, trademarks, service marks, and logos (collectively, “Marks”) of the Company in fulfillment of its obligations under this Agreement and in other promotional materials for CodeFortify’s business and services for the purposes of promoting the existence of the relationship between the Parties as set forth in this Agreement.  CodeFortify may issue a press release, subject to the prior review of the Company, relating to this Agreement or the relationship of the Parties without the prior written consent of Company.
    16. Capitalized Terms.  Capitalized terms used in any Order Form shall have the meanings ascribed to them in this Agreement unless otherwise noted in the applicable Order Form.  Capitalized terms used in an Order Form shall not have the defined meanings from any other Order Form, unless explicitly stated otherwise in such Order Form.

‍