Last update: May 1, 2022
This Subscription Agreement (the “Agreement“) governs Customer’s acquisition and use of Services offered by Drata, Inc. (“Drata”).
By accepting this Agreement by: (a) clicking a box indicating acceptance; (b) executing an Order Form that references this Agreement; or (c) using the Services on a free trial basis, Customer agrees to the terms of this Agreement.
If the individual accepting this Agreement is accepting on behalf of a company or other legal entity, such individual represents that they have the authority to bind such entity and its Affiliates to this Agreement, and the term “Customer” shall refer to such entity and its Affiliates. If the individual accepting this Agreement does not have such authority or does not agree with the terms and conditions of this Agreement, such individual must not accept this Agreement and may not use the Services.
If Customer is provided with access to the Services on a free trial basis, the section of this Agreement entitled “Free Trial Services” will govern such access.
The Services may not be accessed for the purposes of monitoring their availability, performance or functionality, or for any other benchmarking or competitive purposes. Drata’s competitors are prohibited from accessing the Services, except with Drata’s prior written consent.
This Agreement is effective as of the date Customer accepts this Agreement.
In addition to capitalized terms defined elsewhere in this Agreement, the following terms shall have the meanings set forth below:
1.1 “Affiliate” means an entity that controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership of control of more than 50% of the voting. Interests of the subject entity.
1.2. “Customer” means, in the case of an individual accepting this Agreement on his or her own behalf, such individual, or in the case of an individual accepting this Agreement on behalf of a company or other legal entity, the company or other legal entity for which such individual is accepting this Agreement, and Affiliates of that company or entity (while they remain Affiliates) which have entered into Order Forms.
1.3. “Customer Data” means electronic data and information submitted by or for Customer to the Services.
1.4. “Customer Marks” means Customer’s trademarks, tradenames, service marks, and logos.
1.5.“Documentation” means all specifications, user manuals, and other materials relating to the Services and provided or made available by Drata to Customer, as may be modified by Drata from time to time.
1.6. “Free Trial Services” means Services that Drata makes available to Customer on a free trial basis, including as part of an evaluation or proof of concept. Free Trial Services exclude Purchased Services.
1.7. “Order Form” means each written order or online order specifying the Services to be provided under this Agreement and applicable Fees, that is entered into between Customer and Drata. By entering into an Order Form, a Customer Affiliate agrees to be bound by the terms of this Agreement as if it were an original party hereto.
1.8. “Purchased Services” means Services that Customer or Customer’s Affiliate purchases under an Order Form, as distinguished from Free Trial Services.
1.9. “Reports” means analyses and recommendations for Customer designed to improve its compliance with the applicable standards specified in the Services as may be provided by Drata via the Services from time to time.
1.10. “Services” means the products and services that are ordered by Customer under an Order Form or provided to Customer under a free trial and made available online by Drata on a subscription basis, including any associated offline components.
1.11. “User” means, in the case of an individual accepting this Agreement on their own behalf, such individual, or, in the case of an individual accepting this Agreement on behalf of a company or other legal entity, an individual who Customer authorizes to use the Services pursuant to Customer’s rights under this Agreement, for whom Customer has purchased a subscription (or, for Free Trial Services, for whom Services have been provisioned by Drata), and to whom Customer (or, when applicable, Drata at Customer’s request) has supplied a user name and password. Users may include, for example, employees, consultants, contractors and agents of Customer.
2. Drata Responsibilities
2.1. Purchased Services. Drata will: (a) make the Purchased Services available to Customer under the terms of this Agreement, applicable Order Form(s) and the Documentation; (b) provide support for the Purchased Services in accordance with Drata’s then-current standard support policy; and (c) comply with laws and government regulations applicable to Drata’s provision of the Purchased Services to its customers, subject to Customer’s and Users’ use of the Purchased Services in accordance with this Agreement, applicable Order Form(s) and the Documentation.
2.2. Security and Protection of Customer Data. During the term of this Agreement, Drata will implement and maintain appropriate administrative, physical, and technical security measures designed to protect the security, confidentiality, and integrity of, and prevent the unauthorized disclosure of, Customer Data. Solely if and to the extent that Drata processes any personal data of which you are the data controller, the Data Processing Addendum available at https://drata.com/dpa (“DPA”) forms part of this Agreement.
2.3. Reports. As part of the Services, Drata may from time to time provide Reports to Customer via the Services. Customer may access and use such Reports for its own internal business purposes in accordance with the terms and conditions of this Agreement.
2.4. Implementation Services. Where the parties have agreed to Drata’s provision of certain implementation services (“Implementation Services”), the details of such Implementation Services will be set out in an Order Form or a mutually executed statement of work (“SOW”). The Order Form or SOW, as applicable, will include: (a) a description of the Implementation Services; (b) the schedule for the performance of the Implementation Services; and (c) the Fees applicable for the performance of the Implementation Services. Each Order Form or SOW, as applicable, will incorporate the terms and conditions of this Agreement
.2.5. Free Trial Services. If Customer is approved by Drata for Free Trial Services, Drata will make the applicable Free Trial Services available to Customer free of charge until the earlier of: (a) the end of the free trial period communicated by Drata to Customer; or (b) the start date of any Purchased Services subscriptions ordered by Customer for such Service(s); or (c) termination by Drata in its sole discretion.
ANY CUSTOMER DATA CUSTOMER ENTERS INTO THE FREE TRIAL SERVICES WILL BE PERMANENTLY LOST UNLESS CUSTOMER PURCHASES A SUBSCRIPTION TO THE SAME SERVICES AS THOSE COVERED BY THE FREE TRIAL SERVICES OR EXPORTS SUCH CUSTOMER DATA BEFORE THE END OF THE TRIAL PERIOD.
NOTWITHSTANDING THE “REPRESENTATIONS, WARRANTIES AND DISCLAIMERS” SECTION AND “INDEMNIFICATION BY DRATA” SECTIONS BELOW, FREE TRIAL SERVICES ARE PROVIDED “AS-IS” WITHOUT ANY WARRANTY AND DRATA SHALL HAVE NO INDEMNIFICATION OBLIGATIONS NOR LIABILITY OF ANY TYPE WITH RESPECT TO THE FREE TRIAL SERVICES UNLESS SUCH EXCLUSION OF LIABILITY IS NOT ENFORCEABLE UNDER APPLICABLE LAW IN WHICH CASE DRATA’S LIABILITY WITH RESPECT TO THE FREE TRIAL SERVICES SHALL NOT EXCEED $1,000.00. WITHOUT LIMITING THE FOREGOING, DRATA AND ITS AFFILIATES AND ITS LICENSORS DO NOT REPRESENT OR WARRANT TO CUSTOMER THAT: (A) CUSTOMER’S USE OF THE FREE TRIAL SERVICES WILL MEET CUSTOMER’S REQUIREMENTS; (B) CUSTOMER’S USE OF THE FREE TRIAL SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE OR FREE FROM ERROR; AND (C) USAGE DATA RELATED TO FREE TRIAL SERVICES WILL BE ACCURATE. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THE “LIMITATION OF LIABILITY” SECTION BELOW, CUSTOMER SHALL BE FULLY LIABLE UNDER THIS AGREEMENT TO DRATA AND ITS AFFILIATES FOR ANY DAMAGES ARISING OUT OF CUSTOMER’S USE OF THE FREE TRIAL SERVICES, ANY BREACH BY CUSTOMER OF THIS AGREEMENT AND ANY OF CUSTOMER’S INDEMNIFICATION OBLIGATIONS HEREUNDER.
3. Use of Services
3.1. User Access. Each User will use a unique username and password to access the Services. Users may only access the Services during one (1) concurrent login session. The unique usernames and passwords cannot be shared or used by more than one individual User to access the Services. Customer agrees to provide to Drata information and other assistance as necessary to enable Drata to establish Users’ access to the Services and will verify all User requests for access to the Services. Customer is solely responsible for all activities that occur under User accounts.
3.2. Customer Responsibilities. Customer will: (a) use the Services only in accordance with this Agreement, Order Forms, Documentation and applicable laws and government regulations; (b) be responsible for Users’ compliance with this Agreement, Order Forms and Documentation; (c) be responsible for the accuracy, quality and legality of Customer Data, including the means by which Customer acquired Customer Data, and Customer’s use of Customer Data with the Services; and (d) use commercially reasonable efforts to prevent unauthorized access to or use of the Services, and notify Drata promptly of any such unauthorized access or use. Any use of the Services in breach of the foregoing by Customer or Users that in Drata’s judgment threatens the security, integrity or availability of Drata’s services, may result in Drata’s immediate suspension of the Services, however Drata will use commercially reasonable efforts to provide notice and an opportunity to remedy such violation or threat prior to any such suspension.
3.3 Use Restrictions. Customer will not, and will ensure its Users will not: (a) make the Services available to anyone other than Customer or its Users, or use the Services for the benefit of anyone other than Customer or its Affiliates, except as expressly allowed in an Order Form; (b) modify, adapt, alter or translate the Services; (c) sublicense, lease, sell, resell, rent, loan, or distribute the Services, or any part thereof, or include the Services in a service bureau or outsourcing offering; (d) reverse engineer, decompile, disassemble, or otherwise derive or determine or attempt to derive or determine the source code (or the underlying ideas, algorithms, structure or organization) of the Services or any part thereof, except as permitted by law; (e) interfere in any manner with the operation of the the Services or the hardware and network used to operate the same, or attempt to probe, scan or test vulnerability of the Services without prior authorization of Drata; (f) use the Services to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights; (g) modify, copy, disclose (except as expressly authorized in this Agreement) or make derivative works based on any part of the Services; (h) access or use the Services, or any feature, information or functionality thereof, to build a similar or competitive product or service or otherwise engage in competitive analysis or benchmarking; (i) attempt to access the Services through any unapproved interface; (j) use the Services in connection with any of Customer’s time-critical or mission-critical functions; (k) remove, alter, or obscure any proprietary notices (including copyright and trademark notices) of Drata or its licensors on the Services or any copies thereof; (l) upload to the Services any Customer Data that contains any sensitive personal information (such as financial, medical or other sensitive personal information such as government IDs, passport numbers, protected health information, credit card data, or social security numbers); or (m) otherwise use the Services in any manner that exceeds the scope of use permitted under applicable Order Forms.
3.4. Third-Party Integrations. The Services may integrate with certain third-party websites and applications. Third-Party Services shall be governed solely by the terms and conditions applicable to such Third-Party Services, as agreed to between Customer and the Third-Party Services providers. Drata does not endorse or support and is not responsible for Third-Party Services, including without limitation, the privacy and data security policies and practices related to Third-Party Services. Customer may enable integrations between the Services and Third-Party Services, and by doing so: (a) instructs Drata to share Customer Data (including, to the extent necessary, any Personal Data) with the providers of such Third-Party Services in order to facilitate the integration; and (b) grants Drata permission to allow Third-Party Services and its providers to access Customer Data and information about Customer’s usage of the Third-Party Services as appropriate for the interoperation of Third-Party Services with the Services. Customer is responsible for providing all instructions to the Third-Party Services providers about the use and protection of Customer Data. Drata and Third-Party Services providers are not processors or sub-processors of Personal Data with respect to each other.
4. Fees and Payments.
4.1. Fees. Customer will pay to Drata all fees set forth in Order Forms (the “Fees”). Except as otherwise set forth in this Agreement or an Order Form, payment obligations are non-cancelable, and Fees paid are non-refundable. Except as otherwise set forth in an Order Form, Drata may increase the Fees upon renewal of each Order Form subscription term by providing written notice to Customer at least forty-five (45) days prior to the commencement of the applicable renewal subscription term.
4.2. Invoices and Payments. Except as otherwise set forth in the relevant Order Form, Drata will invoice Customer, or, where Customer has provided valid credit card information to Drata, Drata will charge Customer, for all Fees annually in advance. Unless otherwise stated in the Order Form, full payment for invoiced Fees is due within 30 days after the invoice date.
4.3. Late Payments. Customer will be responsible for reasonable costs and expenses incurred by Drata in the collection of any overdue Fees. If any Fees are 15 days or more overdue, Drata may, without limiting its other rights and remedies, immediately suspend Services until such amounts are paid in full, provided that Drata will use commercially reasonable efforts to give Customer at least 5 days’ prior written notice that its account is overdue before suspending Services.
4.4.Payment Disputes. Drata will not exercise its rights under the “Late Payments” section above if Customer is disputing the applicable charges reasonably and in good faith and is cooperating diligently to resolve the dispute.
4.5. Taxes. The Fees do not include taxes, duties, levies or similar government assessments of any kind, including value-added, sales, use or withholding taxes assessable by any jurisdiction (collectively, “Taxes”). Customer is responsible for paying all Taxes associated with its purchases hereunder. Customer will not withhold any taxes from any amounts due to Drata. If Drata has a legal obligation to pay or collect any Taxes for which Customer is responsible, Drata will invoice Customer and Customer will pay that amount unless Customer provides Drata with a valid tax exemption certificate authorized by the appropriate taxing authority. For clarity, Drata is solely responsible for taxes assessable against it based on its income, property and employees.
5. Term and Termination
5.1. Term. This Agreement will begin on the effective date of the first Order Form between the Parties and will continue for as long as any Order Form remains in effect, unless earlier terminated in accordance with this Agreement (the “Term”).
5.2. Term of Order Forms. The initial term of each Order Form will begin on effective date of such Order Form and continue for the subscription term set forth therein. Except as set forth in such Order Form, each Order Form will automatically renew for successive renewal terms equal in length to the initial term of such Order Form, unless either party provides the other party with written notice of non-renewal at least thirty (30) days prior to the end of the then-current subscription term.
5.3. Termination for Cause. Either party may terminate this Agreement immediately upon notice to the other party if: (a) the other party materially breaches this Agreement, and such breach remains uncured more than thirty (30) days after receipt of written notice of such breach; or (b) the other party: (i) becomes insolvent; (ii) files a petition in bankruptcy that is not dismissed within sixty (60) days of commencement; or (c) makes an assignment for the benefit of its creditors.
5.4. Effect of Termination. Upon the earlier of expiration or termination of this Agreement, the rights and licenses granted to Customer hereunder will immediately terminate, Customer will cease use of the Services and Documentation, and Customer will return or destroy all copies of the Documentation in its possession or control. Termination or expiration will not relieve Customer of its obligation to pay all Fees that accrued prior to such expiration or termination.
5.5. Return of Customer Data. Upon request by Customer made within 30 days after the effective date of termination or expiration of this Agreement, Drata will make Customer Data available to Customer. After such 30-day period, Drata will have no obligation to maintain any Customer Data, and will thereafter delete or destroy all copies of Customer Data in its systems or otherwise in its possession or control, unless legally prohibited.
5.6. Survival. The sections titled “Services Fees and Payments,” “Effect of Termination,” “Survival,” “Proprietary Rights and Licenses,” “Confidentiality,” “Disclaimers,” “Mutual Indemnification,” “Limitation of Liability,” and “Miscellaneous” will survive and termination or expiration of this Agreement, and the section titled “Security and Protection of Customer Data” will survive any termination or expiration of this Agreement for so long as Drata retains possession of Customer Data.
6. Proprietary Rights and Licenses
6.1. The Services. Drata, its Affiliates and licensors reserve all right, title and interest in and to the Services and Documentation, including all of their related intellectual property rights, and any and all related and underlying technology and documentation, and any derivative works, modifications, or improvements of any of the foregoing. No rights are granted to Customer hereunder other than as expressly set forth herein.
6.2. Customer Data. The Customer Data are owned exclusively by Customer. Customer grants to Drata, its Affiliates and applicable contractors a non-exclusive, worldwide, royalty-free license to host, copy, use, display and transmit Customer Data as appropriate for Drata to provide and ensure proper operation of the Services to Customer.
6.3. Feedback. Customer hereby grants Drata a perpetual, irrevocable, royalty-free and fully paid right to use and otherwise exploit in any manner any suggestions, ideas, enhancement requests, feedback, recommendations or other information provided by Customer related to the Services or other Drata products or services, including for the purpose of improving and enhancing the Services, provided that Customer is not referenced in such use.
6.4. Aggregated Information. Drata may aggregate, collect and analyze information relating to the provision, use and performance of the Services and may use (during and after the Term) such information to develop and improve the Services and other Drata offerings, including disclosure of such information to third parties in an aggregated and anonymized format such that no Customer nor any individual or household can be identified.
6.5. Customer Marks. The Customer Marks are the exclusive property of Customer. Drata may use Customer’s name and Customer Marks in its Customer list (including on Drata’s website, social media and in sales and marketing materials) in the same way it uses the names of its other customers. Drata shall use Customer Marks in accordance with Customer’s applicable branding guidelines if provided to Drata and Drata may not use Customer’s name or Customer Marks in any other way without Customer’s prior written consent (with email consent deemed sufficient).
7.1. Definition of Confidential Information. “Confidential Information” shall mean any information disclosed by either party (the “Disclosing Party”) to the other party (the “Receiving Party”), either directly or indirectly in writing, orally, or by inspection of tangible objects (a) that the disclosing party identifies as confidential or proprietary; or (b) that reasonably appears to be confidential or proprietary because of legends or other markings, the circumstances of disclosure, or the nature of the information itself. Confidential Information of Customer includes Customer Data; Confidential Information of Drata includes the Services, all technical information relating thereto, and the terms and conditions of this Agreement and all Order Forms (including pricing). Confidential Information does not include information that the Receiving Party can document: (i) is or becomes generally available to the public other than through a wrongful act of the Receiving Party; or (ii) was lawfully in its possession or known by it prior to receipt from the Disclosing Party; or (iii) was rightfully disclosed to it without restriction by a third party who is not bound by any confidentiality obligations with respect thereto; or (iv) is independently developed by the Receiving Party, its employees or third-party contractors without use of or reference to the Confidential Information. For clarity, the non-disclosure obligations set forth in this “Confidentiality” section apply to Confidential Information exchanged between the parties in connection with the evaluation of additional Drata services and offerings.
7.2. Protection of Confidential Information. All Confidential Information disclosed by Disclosing Party shall remain the property of the Disclosing Party. The Disclosing Party reserves all rights in its Confidential Information. The Receiving Party will use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but not less than reasonable care) to: (a) not use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement; and (b) except as otherwise authorized by the Disclosing Party in writing, limit access to Confidential Information of the Disclosing Party to those of its and its Affiliates’ employees and contractors who need that access for purposes consistent with this Agreement and who have signed confidentiality agreements with the Receiving Party containing protections not materially less protective of the Confidential Information than those herein. Neither party will disclose the terms of this Agreement or any Order Form to any third party other than its Affiliates, legal counsel and accountants without the other party’s prior written consent, provided that a party that makes any such disclosure to its Affiliate, legal counsel or accountants will remain responsible for such Affiliate’s, legal counsel’s or accountant’s compliance with this “Confidentiality” section. Notwithstanding the foregoing, Drata may disclose the terms of this Agreement and any applicable Order Form to a contractor to the extent necessary to perform Drata’s obligations under this Agreement, under terms of confidentiality materially as protective as set forth herein.
7.3. Compelled Disclosure. Either party may disclose Confidential Information to the extent required by law, provided that the Receiving Party gives the Disclosing Party reasonable advance notice of such required disclosure and cooperates with the Disclosing Party so that the Disclosing Party may obtain appropriate confidential treatment for such Confidential Information.
8. Representations, Warranties and Disclaimers
8.1. Representations. Each party represents that it has validly entered into this Agreement and has the legal power to do so.
8.2. Drata Warranties. Drata warrants that during the applicable subscription term Drata will not: (a) materially decrease the overall functionality of the Services; or (b) materially decrease the overall security of the Services.
8.3. Warranty Remedies. Customer will notify Drata of any non-conformance of the Services under a warranty above within 30 days. Provided that Customer notifies Drata within such time, Drata will use commercially reasonable efforts to correct the non-conformance at no additional charge. If Drata is unable to correct such non-conforming Services as warranted within a reasonable time, Customer will be entitled to terminate the applicable Order Form and receive a prorated refund of any prepaid, unused Fees covering the remainder of the subscription term. The foregoing remedy is Customer’s sole remedy in case of a breach of the limited warranties above.
(a) EXCEPT AS EXPRESSLY PROVIDED HEREIN, THE SERVICES AND REPORTS ARE PROVIDED “AS IS,” NEITHER PARTY MAKES ANY WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND EACH PARTY SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, DRATA DOES NOT WARRANT THAT THE SERVICES ARE ERROR-FREE OR THAT THE SERVICES WILL OPERATE WITHOUT INTERRUPTION, THAT THE REPORTS WILL BE ACCURATE AND DRATA GRANTS NO WARRANTY REGARDING THE USE BY CUSTOMER OF THE SERVICES. THE SERVICES MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS. DRATA IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES OR OTHER DAMAGES RESULTING FROM SUCH PROBLEMS.
(b) CUSTOMER ACKNOWLEDGES AND AGREES THAT DRATA IS NOT LIABLE, AND CUSTOMER AGREES NOT TO SEEK TO HOLD DRATA LIABLE, FOR THE CONDUCT OF THIRD PARTIES, INCLUDING PROVIDERS OF THE THIRD-PARTY SERVICES, AND THAT THE RISK OF INJURY FROM SUCH THIRD-PARTY SERVICES RESTS ENTIRELY WITH CUSTOMER.
(c) FROM TIME TO TIME, DRATA MAY OFFER NEW “BETA” FEATURES OR TOOLS WITH WHICH CUSTOMER MAY EXPERIMENT. SUCH FEATURES OR TOOLS ARE OFFERED SOLELY FOR EXPERIMENTAL PURPOSES AND WITHOUT ANY WARRANTY OF ANY KIND, AND MAY BE MODIFIED OR DISCONTINUED AT DRATA’S SOLE DISCRETION.
(d) CUSTOMER ACKNOWLEDGES AND AGREES THAT THE SERVICES AND THE REPORTS PROVIDED BY DRATA TO CUSTOMER ARE INTENDED AS RECOMMENDATIONS ONLY AND DO NOT CONSTITUTE ANY WARRANTY OR GUARANTY THAT CUSTOMER, BY FOLLOWING SUCH RECOMMENDATIONS, WILL BE FULLY COMPLIANT WITH ANY APPLICABLE STANDARDS CONTEMPLATED BY THE SERVICES. CUSTOMER ACKNOWLEDGES AND AGREES THAT IT IS SOLELY CUSTOMER’S RESPONSIBILITY TO ENSURE THAT IT COMPLIES WITH ALL SUCH APPLICABLE STANDARDS.
9. Mutual Indemnification
9.1. Indemnification by Drata. Drata will defend Customer against any claim, demand, suit or proceeding made or brought against Customer by a third party alleging that the Purchased Services infringe or misappropriate such third party’s intellectual property rights in the United States of America (each, a “Claim Against Customer”), and will indemnify Customer from any damages, attorney fees and costs finally awarded against Customer as a result of, or for amounts paid by Customer under a settlement approved by Drata in writing of, a Claim Against Customer, provided Customer: (a) promptly gives Drata written notice of the Claim Against Customer; (b) gives Drata sole control of the defense and settlement of the Claim Against Customer; and (c) gives Drata all reasonable assistance, at Drata’s expense. If Drata receives information about an infringement or misappropriation claim related to the Services, Drata may in its discretion and at no cost to Customer: (i) modify the Services so that they are no longer claimed to infringe or misappropriate; (ii) obtain a license for Customer’s continued use of the Services in accordance with this Agreement; or (iii) terminate Customer’s subscriptions for the Services upon 30 days’ written notice and refund Customer any prepaid fees covering the remainder of the subscription term of the terminated Services. The above defense and indemnification obligations do not apply if a Claim Against Customer arises from: (I) the use or combination of the Services or any part thereof with software, hardware, data, or processes not provided by Drata, if the Services or use thereof would not infringe without such combination; (II) modifications to the Services not made by Drata; or (III) Customer’s breach of this Agreement, applicable Order Forms or the Documentation.
9.2. Indemnification by Customer. Customer will defend Drata and its Affiliates against any claim, demand, suit or proceeding made or brought against Drata by a third party arising from: (a) Customer’s use of the Services in an unlawful manner or in violation of this Agreement, an Order Form or the Documentation; or (b) any Customer Data or Customer’s use of Customer Data with the Services (each, a “Claim Against Drata”), and will indemnify Drata from any damages, attorney fees and costs finally awarded against Drata as a result of, or for any amounts paid by Drata under a settlement approved by Customer in writing of, a Claim Against Drata, provided Drata: (i) promptly gives Customer written notice of the Claim Against Drata; (ii) gives Customer sole control of the defense and settlement of the Claim Against Drata; and (iii) gives Customer all reasonable assistance, at Customer’s expense. The above defense and indemnification obligations do not apply if a Claim Against Drata arises from Drata’s breach of this Agreement, applicable Order Forms or the Documentation.
9.3. Sole and Exclusive Remedy. This Section 9 sets forth the indemnifying party’s sole liability to, and the indemnified party’s exclusive remedy against, the other party for the third-party claims described herein.
10. Limitation of Liability
10.1. Exclusion of Certain Types of Damages. EXCEPT TO THE EXTENT PROHIBITED BY LAW, NEITHER PARTY OR ITS AFFILIATES WILL HAVE ANY LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT FOR ANY INDIRECT, EXEMPLARY, INCIDENTAL, SPECIAL, PUNITIVE, COVER, BUSINESS INTERRUPTION, LOST PROFIT, OR CONSEQUENTIAL DAMAGES, WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY, EVEN IF A PARTY OR ITS AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR IF A PARTY’S OR ITS AFFILIATES’ REMEDY OTHERWISE FAILS OF ITS ESSENTIAL PURPOSE.
10.2. Liability Cap. EXCEPT FOR AMOUNTS PAYABLE UNDER A PARTY’S INDEMNIFICATION OBLIGATIONS UNDER SECTION 9 OR CUSTOMER’S BREACH OF SECTION 3.3, IN NO EVENT SHALL THE AGGREGATE TOTAL LIABILITY OF EITHER PARTY TOGETHER WITH ITS AFFILIATES ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE TOTAL AMOUNTS PAID BY OR DUE FROM BUT NOT YET PAID BY CUSTOMER UNDER THE ORDER FORM(S) GIVING RISE TO SUCH LIABILITY IN THE 12 MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO THE LIABILITY. THE FOREGOING LIMITATION WILL APPLY WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY BUT WILL NOT LIMIT CUSTOMER’S AND ITS AFFILIATES’ PAYMENT OBLIGATIONS UNDER THE “FEES AND PAYMENTS” SECTION ABOVE.
11.1. Relationship Between the Parties. Drata is an independent contractor; nothing in this Agreement will be construed to create a partnership, joint venture, or agency relationship between the parties.
11.2. Export Compliance. The Services may be subject to the export laws of the United States and other jurisdictions Each party represents that it is not on any U.S. government denied-party list. Customer will not permit any User to access or use the Services in Russia or a U.S.-embargoed country or region (currently Cuba, Iran, North Korea, Syria or Crimea) or in violation of any U.S. export law or regulation.
11.3. Anti-Bribery. Neither party has received or been offered any illegal or improper bribe, rebate, payoff, influence payment, kickback, or other thing of value from an employee or agent of the other party in connection with this Agreement.
11.4. Assignment. Neither party may assign or transfer its rights or obligations under this Agreement without the prior written consent of the other party, and any assignment or transfer in derogation of the foregoing shall be null and void, provided, however that either party shall have the right to assign the Agreement, without the prior written consent of the other party, to the successor entity in the event of merger, corporate reorganization or a sale of all or substantially all of such party’s assets. This Agreement shall be binding upon the parties and their respective successors and permitted assigns.
11.5. Notices. All notices required or permitted under this Agreement must be delivered in writing, if to Drata, by emailing [email protected] and if to Customer by emailing the Customer Point of Contact email address listed on the Order Form, provided, however, that with respect to any notices relating to breaches of this Agreement or termination, a copy of such notice will also be sent in writing to the other party at the party’s address as listed on the Order Form by courier, by certified or registered mail (postage prepaid and return receipt requested), or by a nationally-recognized express mail service. Each party may change its email address and/or address for receipt of notice by giving notice of such change to the other party.
11.6. Governing Law and Jurisdiction. The Agreement is governed by the laws of the State of California, without regard to its conflicts of laws or provisions. All disputes arising out of this Agreement will be subject to the exclusive jurisdiction and venue of the state and federal courts in San Francisco, California and the Parties hereby consent to the personal jurisdiction of these courts. In the event of actual or threatened breach of confidentiality obligations or the “Use Restrictions” in this Agreement, the non-breaching party may seek specific performance, immediate injunctive and other equitable relief in any competent court without prejudice to any other rights or remedies.
11.7. Waivers; Severability. Any waivers shall be effective only if made by a writing signed by representatives authorized to bind the parties. Any waiver or failure to enforce any provision of this Agreement on one occasion will not be deemed a waiver of any other provision or of such provision on any other occasion. If any provision of this Agreement is unenforceable, such provision will be changed and interpreted to accomplish the objectives of such provision to the greatest extent possible under applicable law and the remaining provisions will continue in full force and effect.
11.8. Construction. The headings of Sections of this Agreement are for convenience and are not to be used in interpreting this Agreement. As used in this Agreement, the word “including” means “including but not limited to.”
11.9. Force Majeure. Any delay in the performance of any duties or obligations of either Party (except for the obligation to pay Fees owed) will not be considered a breach of this Agreement if such delay is caused by a labor dispute, shortage of materials, war, fire, earthquake, typhoon, flood, natural disasters, governmental action, pandemic/epidemic, cloud-service provider outages any other event beyond the control of such Party, provided that such Party uses reasonable efforts, under the circumstances, to notify the other Party of the circumstances causing the delay and to resume performance as soon as possible.
11.10. Entire Agreement; Amendment. This Agreement and any applicable Order Form constitutes the complete agreement between the Parties and supersedes all previous and contemporaneous agreements, proposals, or representations, written or oral, concerning the subject matter of this Agreement. To the extent that a conflict arises between the terms and conditions of an Order Form or SOW and the terms of this Agreement, the terms and conditions of the Order Form or SOW will govern. It is expressly agreed that the terms and conditions of this Agreement and any Order Form supersede the terms any of Customer’s purchase order.
11.11. U.S. Government Restricted Rights. If Customer is a government end user, then this provision also applies to Customer. The software contained within the Platform and the Services and provided in connection with this Agreement has been developed entirely at private expense, as defined in FAR section 2.101, DFARS section 252.227-7014(a)(1) and DFARS section 252.227- 7015 (or any equivalent or subsequent agency regulation thereof), and is provided as “commercial items,” “commercial computer software” and/or “commercial computer software documentation.” Consistent with DFARS section 227.7202 and FAR section 12.212, and to the extent required under U.S. federal law, the minimum restricted rights as set forth in FAR section 52.227-19 (or any equivalent or subsequent agency regulation thereof), any use, modification, reproduction, release, performance, display, disclosure or distribution thereof by or for the U.S. Government shall be governed solely by this Agreement and shall be prohibited except to the extent expressly permitted by this Agreement