New: Manage Compliance and Risk in One Location with Drata. Learn More.

Subscription Agreement

Last update: May 1, 2022

This Subscription Agreement (the “Agreement“) governs Customer’s acquisition and use of Services offered by Drata, Inc. (“Drata”).

By accepting this Agreement by: (a) clicking a box indicating acceptance; (b) executing an Order Form that references this Agreement; or (c) using the Services on a free trial basis, Customer agrees to the terms of this Agreement.  

If the individual accepting this Agreement is accepting on behalf of a company or other legal entity, such individual represents that they have the authority to bind such entity and its Affiliates to this Agreement, and the term “Customer” shall refer to such entity and its Affiliates. If the individual accepting this Agreement does not have such authority or does not agree with the terms and conditions of this Agreement, such individual must not accept this Agreement and may not use the Services.

If Customer is provided with access to the Services on a free trial basis, the section of this Agreement entitled “Free Trial Services” will govern such access.

The Services may not be accessed for the purposes of monitoring their availability, performance or functionality, or for any other benchmarking or competitive purposes. Drata’s competitors are prohibited from accessing the Services, except with Drata’s prior written consent.

This Agreement is effective as of the date Customer accepts this Agreement.

1. Definitions
In addition to capitalized terms defined elsewhere in this Agreement, the following terms shall have the meanings set forth below:

1.1 “Affiliate” means an entity that controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership of control of more than 50% of the voting. Interests of the subject entity.

1.2. “Customer” means, in the case of an individual accepting this Agreement on his or her own behalf, such individual, or in the case of an individual accepting this Agreement on behalf of a company or other legal entity, the company or other legal entity for which such individual is accepting this Agreement, and Affiliates of that company or entity (while they remain Affiliates) which have entered into Order Forms.

1.3. “Customer Data” means electronic data and information submitted by or for Customer to the Services.

1.4. “Customer Marks” means Customer’s trademarks, tradenames, service marks, and logos.

1.5.“Documentation” means all specifications, user manuals, and other materials relating to the Services and provided or made available by Drata to Customer, as may be modified by Drata from time to time.

1.6. “Free Trial Services” means Services that Drata makes available to Customer on a free trial basis, including as part of an evaluation or proof of concept. Free Trial Services exclude Purchased Services.

1.7. “Order Form” means each written order or online order specifying the Services to be provided under this Agreement and applicable Fees, that is entered into between Customer and Drata. By entering into an Order Form, a Customer Affiliate agrees to be bound by the terms of this Agreement as if it were an original party hereto.

1.8. “Purchased Services” means Services that Customer or Customer’s Affiliate purchases under an Order Form, as distinguished from Free Trial Services.

1.9.  “Reports” means analyses and recommendations for Customer designed to improve its compliance with the applicable standards specified in the Services as may be provided by Drata via the Services from time to time.

1.10. “Services” means the products and services that are ordered by Customer under an Order Form or provided to Customer under a free trial and made available online by Drata on a subscription basis, including any associated offline components.

1.11. “User” means, in the case of an individual accepting this Agreement on their own behalf, such individual, or, in the case of an individual accepting this Agreement on behalf of a company or other legal entity, an individual who Customer authorizes to use the Services pursuant to Customer’s rights under this Agreement, for whom Customer has purchased a subscription (or, for Free Trial Services, for whom Services have been provisioned by Drata), and to whom Customer (or, when applicable, Drata at Customer’s request) has supplied a user name and password. Users may include, for example, employees, consultants, contractors and agents of Customer.

2. Drata Responsibilities

2.1. Purchased Services. Drata will: (a) make the Purchased Services available to Customer under the terms of this Agreement, applicable Order Form(s) and the Documentation; (b) provide support for the Purchased Services in accordance with Drata’s then-current standard support policy; and (c) comply with laws and government regulations applicable to Drata’s provision of the Purchased Services to its customers, subject to Customer’s and Users’ use of the Purchased Services in accordance with this Agreement, applicable Order Form(s) and the Documentation.

2.2. Security and Protection of Customer Data. During the term of this Agreement, Drata will implement and maintain appropriate administrative, physical, and technical security measures designed to protect the security, confidentiality, and integrity of, and prevent the unauthorized disclosure of, Customer Data. Solely if and to the extent that Drata processes any personal data of which you are the data controller, the Data Processing Addendum available at https://drata.com/dpa (“DPA”) forms part of this Agreement.

2.3. Reports. As part of the Services, Drata may from time to time provide Reports to Customer via the Services.   Customer may access and use such Reports for its own internal business purposes in accordance with the terms and conditions of this Agreement.

2.4. Implementation Services.  Where the parties have agreed to Drata’s provision of certain implementation services (“Implementation Services”), the details of such Implementation Services will be set out in an Order Form or a mutually executed statement of work (“SOW”).  The Order Form or SOW, as applicable, will include: (a) a description of the Implementation Services; (b) the schedule for the performance of the Implementation Services; and (c) the Fees applicable for the performance of the Implementation Services. Each Order Form or SOW, as applicable, will incorporate the terms and conditions of this Agreement

.2.5. Free Trial Services. If Customer is approved by Drata for Free Trial Services, Drata will make the applicable Free Trial Services available to Customer free of charge until the earlier of: (a) the end of the free trial period communicated by Drata to Customer; or (b) the start date of any Purchased Services subscriptions ordered by Customer for such Service(s); or (c) termination by Drata in its sole discretion.

ANY CUSTOMER DATA CUSTOMER ENTERS INTO THE FREE TRIAL SERVICES WILL BE PERMANENTLY LOST UNLESS CUSTOMER PURCHASES A SUBSCRIPTION TO THE SAME SERVICES AS THOSE COVERED BY THE FREE TRIAL SERVICES OR EXPORTS SUCH CUSTOMER DATA BEFORE THE END OF THE TRIAL PERIOD.

NOTWITHSTANDING  THE  “REPRESENTATIONS,  WARRANTIES  AND  DISCLAIMERS”  SECTION  AND  “INDEMNIFICATION  BY  DRATA”  SECTIONS  BELOW,  FREE  TRIAL  SERVICES  ARE  PROVIDED  “AS-IS”  WITHOUT  ANY  WARRANTY  AND  DRATA  SHALL  HAVE  NO  INDEMNIFICATION  OBLIGATIONS  NOR  LIABILITY  OF  ANY  TYPE  WITH  RESPECT  TO  THE  FREE TRIAL SERVICES  UNLESS  SUCH  EXCLUSION  OF  LIABILITY  IS  NOT  ENFORCEABLE  UNDER  APPLICABLE  LAW  IN  WHICH  CASE  DRATA’S  LIABILITY  WITH  RESPECT  TO  THE  FREE TRIAL SERVICES  SHALL  NOT  EXCEED  $1,000.00.  WITHOUT LIMITING THE FOREGOING, DRATA AND ITS AFFILIATES AND ITS LICENSORS DO NOT REPRESENT OR WARRANT TO CUSTOMER THAT: (A) CUSTOMER’S USE OF THE FREE TRIAL SERVICES WILL MEET CUSTOMER’S REQUIREMENTS; (B) CUSTOMER’S USE OF THE FREE TRIAL SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE OR FREE FROM ERROR; AND (C) USAGE DATA RELATED TO FREE TRIAL SERVICES WILL BE ACCURATE. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THE “LIMITATION OF LIABILITY” SECTION BELOW, CUSTOMER SHALL BE FULLY LIABLE UNDER THIS AGREEMENT TO DRATA AND ITS AFFILIATES FOR ANY DAMAGES ARISING OUT OF CUSTOMER’S USE OF THE FREE TRIAL SERVICES, ANY BREACH BY CUSTOMER OF THIS AGREEMENT AND ANY OF CUSTOMER’S INDEMNIFICATION OBLIGATIONS HEREUNDER.

3. Use of Services

3.1.  User Access. Each User will use a unique username and password to access the Services. Users may only access the Services during one (1) concurrent login session.  The unique usernames and passwords cannot be shared or used by more than one individual User to access the Services. Customer agrees to provide to Drata information and other assistance as necessary to enable Drata to establish Users’ access to the Services and will verify all User requests for access to the Services. Customer is solely responsible for all activities that occur under User accounts.

3.2. Customer Responsibilities.  Customer will: (a) use the Services only in accordance with this Agreement, Order Forms, Documentation and applicable laws and government regulations; (b) be responsible for Users’ compliance with this Agreement, Order Forms and Documentation; (c) be responsible for the accuracy, quality and legality of  Customer Data, including the means by which Customer acquired Customer Data, and Customer’s use of Customer Data with the Services; and (d) use commercially reasonable efforts to prevent unauthorized access to or use of the Services, and notify Drata promptly of any such unauthorized access or use. Any use of the Services in breach of the foregoing by Customer or Users that in Drata’s judgment threatens the security, integrity or availability of Drata’s services, may result in Drata’s immediate suspension of the Services, however Drata will use commercially reasonable efforts to provide notice and an opportunity to remedy such violation or threat prior to any such suspension.

3.3 Use Restrictions
. Customer will not, and will ensure its Users will not: (a) make the Services available to anyone other than Customer or its Users, or use the Services for the benefit of anyone other than Customer or its Affiliates, except as expressly allowed in an Order Form; (b) modify, adapt, alter or translate the Services; (c) sublicense, lease, sell, resell, rent, loan, or distribute the Services, or any part thereof, or include the Services in a service bureau or outsourcing offering; (d) reverse engineer, decompile, disassemble, or otherwise derive or determine or attempt to derive or determine the source code (or the underlying ideas, algorithms, structure or organization) of the Services or any part thereof, except as permitted by law; (e) interfere in any manner with the operation of the the Services or the hardware and network used to operate the same, or attempt to probe, scan or test vulnerability of the Services without prior authorization of Drata; (f) use  the Services  to  store  or  transmit  infringing,  libelous,  or  otherwise  unlawful  or  tortious  material,  or  to  store  or  transmit  material  in  violation  of  third-party  privacy  rights; (g) modify, copy, disclose (except as expressly authorized in this Agreement) or make derivative works based on any part of the Services; (h) access or use the Services, or any feature, information or functionality thereof, to build a similar or competitive product or service or otherwise engage in competitive analysis or benchmarking; (i) attempt to access the Services through any unapproved interface; (j) use the Services in connection with any of Customer’s time-critical or mission-critical functions; (k) remove, alter, or obscure any proprietary notices (including copyright and trademark notices) of Drata or its licensors on the Services or any copies thereof; (l) upload to the Services any Customer Data that contains any sensitive personal information (such as financial, medical or other sensitive personal information such as government IDs, passport numbers, protected health information, credit card data, or social security numbers); or (m) otherwise use the Services in any manner that exceeds the scope of use permitted under applicable Order Forms.

3.4. Third-Party Integrations. The Services may integrate with certain third-party websites and applications. Third-Party Services shall be governed solely by the terms and conditions applicable to such Third-Party Services, as agreed to between Customer and the Third-Party Services providers. Drata does not endorse or support and is not responsible for Third-Party Services, including without limitation, the privacy and data security policies and practices related to Third-Party Services. Customer may enable integrations between the Services and Third-Party Services, and by doing so: (a) instructs Drata to share Customer Data (including, to the extent necessary, any Personal Data) with the providers of such Third-Party Services in order to facilitate the integration; and (b) grants Drata  permission  to  allow  Third-Party Services  and  its  providers  to  access  Customer  Data  and  information  about  Customer’s  usage  of  the  Third-Party Services as  appropriate  for  the  interoperation  of  Third-Party Services with  the  Services. Customer is responsible for providing all instructions to the Third-Party Services providers about the use and protection of Customer Data. Drata and Third-Party Services providers are not processors or sub-processors of Personal Data with respect to each other.

4. Fees and Payments.

4.1. Fees. Customer will pay to Drata all fees set forth in Order Forms (the “Fees”). Except as otherwise set forth in this Agreement or an Order Form, payment obligations are non-cancelable, and Fees paid are non-refundable. Except as otherwise set forth in an Order Form, Drata may increase the Fees upon renewal of each Order Form subscription term by providing written notice to Customer at least forty-five (45) days prior to the commencement of the applicable renewal subscription term.

4.2. Invoices and Payments. Except as otherwise set forth in the relevant Order Form, Drata will invoice Customer, or, where Customer has provided valid credit card information to Drata, Drata will charge Customer, for all Fees annually in advance. Unless otherwise stated in the Order Form, full payment for invoiced Fees is due within 30 days after the invoice date.

4.3. Late Payments. Customer will be responsible for reasonable costs and expenses incurred by Drata in the collection of any overdue Fees. If any Fees are 15 days or more overdue, Drata may, without limiting its other rights and remedies, immediately suspend Services until such amounts are paid in full, provided that Drata will use commercially reasonable efforts to give Customer at least 5 days’ prior written notice that its account is overdue before suspending Services.

4.4.Payment Disputes. Drata will not exercise its rights under the “Late Payments” section above if Customer is disputing the applicable charges reasonably and in good faith and is cooperating diligently to resolve the dispute.

4.5. Taxes. The Fees do not include taxes, duties, levies or similar government assessments of any kind, including value-added, sales, use or withholding taxes assessable by any jurisdiction (collectively, “Taxes”). Customer is responsible for paying all Taxes associated with its purchases hereunder. Customer will not withhold any taxes from any amounts due to Drata. If Drata has a legal obligation to pay or collect any Taxes for which Customer is responsible, Drata will invoice Customer and Customer will pay that amount unless Customer provides Drata with a valid tax exemption certificate authorized by the appropriate taxing authority. For clarity, Drata is solely responsible for taxes assessable against it based on its income, property and employees.

5. Term and Termination

5.1. Term. This Agreement will begin on the effective date of the first Order Form between the Parties and will continue for as long as any Order Form remains in effect, unless earlier terminated in accordance with this Agreement (the “Term”).

5.2. Term of Order Forms. The initial term of each Order Form will begin on effective date of such Order Form and continue for the subscription term set forth therein. Except as set forth in such Order Form, each Order Form will automatically renew for successive renewal terms equal in length to the initial term of such Order Form, unless either party provides the other party with written notice of non-renewal at least thirty (30) days prior to the end of the then-current subscription term.

5.3. Termination for Cause. Either party may terminate this Agreement immediately upon notice to the other party if: (a) the other party materially breaches this Agreement, and such breach remains uncured more than thirty (30) days after receipt of written notice of such breach; or (b) the other party: (i) becomes insolvent; (ii) files a petition in bankruptcy that is not dismissed within sixty (60) days of commencement; or (c) makes an assignment for the benefit of its creditors.

5.4. Effect of Termination. Upon the earlier of expiration or termination of this Agreement, the rights and licenses granted to Customer hereunder will immediately terminate, Customer will cease use of the Services and Documentation, and Customer will return or destroy all copies of the Documentation in its possession or control. Termination or expiration will not relieve Customer of its obligation to pay all Fees that accrued prior to such expiration or termination.

5.5. Return of Customer Data. Upon request by Customer made within 30 days after the effective date of termination or expiration of this Agreement, Drata will make Customer Data available to Customer.  After such 30-day period, Drata will have  no  obligation  to  maintain  any  Customer  Data,  and  will  thereafter  delete  or  destroy  all  copies  of  Customer  Data in its systems or otherwise in its possession or control, unless legally prohibited.

5.6.
Survival. The sections titled “Services Fees and Payments,” “Effect of Termination,” “Survival,” “Proprietary Rights and Licenses,” “Confidentiality,” “Disclaimers,” “Mutual Indemnification,” “Limitation of Liability,” and “Miscellaneous” will survive and termination or expiration of this Agreement, and the section titled “Security and Protection of Customer Data” will survive any termination or expiration of this Agreement for so long as Drata retains  possession of Customer Data.    

6. Proprietary Rights and Licenses
 

6.1. The Services. 
Drata, its Affiliates and licensors reserve all right, title and interest in and to the Services and Documentation, including all of their related intellectual property rights, and any and all related and underlying technology and documentation, and any derivative works, modifications, or improvements of any of the foregoing. No rights are granted to Customer hereunder other than as expressly set forth herein.

6.2.
Customer Data. The Customer Data are owned exclusively by Customer. Customer grants to Drata, its Affiliates and applicable contractors a non-exclusive, worldwide, royalty-free license to host, copy, use, display and transmit Customer Data as appropriate for Drata to provide and ensure proper operation of the Services to Customer.

6.3.
Feedback. Customer hereby grants Drata a perpetual, irrevocable, royalty-free and fully paid right to use and otherwise exploit in any manner any suggestions, ideas, enhancement requests, feedback, recommendations or other information provided by Customer related to the Services or other Drata products or services, including for the purpose of improving and enhancing the Services, provided that Customer is not referenced in such use.

6.4.
Aggregated Information. Drata may aggregate, collect and analyze information relating to the provision, use and performance of the Services and may use (during and after the Term) such information to develop and improve the Services and other Drata offerings, including disclosure of such information to third parties in an aggregated and anonymized format such that no Customer nor any individual or household can be identified.

6.5.
Customer Marks. The Customer Marks are the exclusive property of Customer. Drata may use Customer’s name and Customer Marks in its Customer list (including on Drata’s website, social media and in sales and marketing materials) in the same way it uses the names of its other customers. Drata shall use Customer Marks in accordance with Customer’s applicable branding guidelines if provided to Drata and Drata may not use Customer’s name or Customer Marks in any other way without Customer’s prior written consent (with email consent deemed sufficient).

7. Confidentiality

7.1. 
Definition of Confidential Information. “Confidential Information” shall mean any information disclosed by either party (the “Disclosing Party”) to the other party (the “Receiving Party”), either directly or indirectly in writing, orally, or by inspection of tangible objects (a) that the disclosing party identifies as confidential or proprietary; or (b) that reasonably appears to be confidential or proprietary because of legends or other markings, the circumstances of disclosure, or the nature of the information itself.  Confidential Information of Customer includes Customer Data; Confidential Information of Drata includes the Services, all technical information relating thereto, and the terms and conditions of this Agreement and all Order Forms (including pricing). Confidential Information does not include information that the Receiving Party can document: (i) is or becomes generally available to the public other than through a wrongful act of the Receiving Party; or (ii) was lawfully in its possession or known by it prior to receipt from the Disclosing Party; or (iii) was rightfully disclosed to it without restriction by a third party who is not bound by any confidentiality obligations with respect thereto; or (iv) is independently developed by the Receiving Party, its employees or third-party contractors without use of or reference to the Confidential Information. For clarity, the non-disclosure obligations  set  forth  in  this  “Confidentiality”  section  apply  to  Confidential  Information  exchanged  between  the  parties  in  connection  with  the  evaluation  of  additional Drata services and offerings.

7.2.
Protection of Confidential Information. All Confidential Information disclosed by Disclosing Party shall remain the property of the Disclosing Party.  The Disclosing Party reserves all rights in its Confidential Information.  The  Receiving  Party  will  use  the  same  degree  of  care  that  it  uses  to  protect  the  confidentiality  of  its  own  confidential  information  of  like  kind  (but  not  less  than  reasonable  care)  to:  (a)  not  use  any  Confidential  Information  of  the  Disclosing  Party  for  any  purpose  outside  the  scope  of  this  Agreement; and  (b)  except  as  otherwise  authorized  by  the  Disclosing  Party  in  writing,  limit  access  to  Confidential  Information  of  the  Disclosing  Party  to  those  of  its  and  its  Affiliates’  employees  and  contractors  who  need  that  access  for  purposes  consistent  with  this  Agreement  and  who  have  signed  confidentiality  agreements  with  the  Receiving  Party  containing  protections  not  materially  less  protective  of  the  Confidential  Information  than  those  herein.  Neither party  will  disclose  the  terms  of  this  Agreement  or  any  Order  Form  to  any  third  party  other  than  its  Affiliates,  legal  counsel  and  accountants  without  the  other  party’s  prior  written  consent,  provided  that  a  party  that  makes  any  such  disclosure  to  its  Affiliate,  legal  counsel  or  accountants  will  remain  responsible  for  such  Affiliate’s,  legal  counsel’s  or  accountant’s  compliance  with  this  “Confidentiality”  section.  Notwithstanding the  foregoing,  Drata  may  disclose  the  terms  of  this  Agreement  and  any  applicable  Order  Form  to  a  contractor  to  the  extent  necessary to  perform Drata’s obligations under this Agreement, under terms of confidentiality materially as protective as set forth herein.

7.3. 
Compelled Disclosure. Either party may disclose Confidential Information to the extent required by law, provided that the Receiving Party gives the Disclosing Party reasonable advance notice of such required disclosure and cooperates with the Disclosing Party so that the Disclosing Party may obtain appropriate confidential treatment for such Confidential Information.

8. Representations, Warranties and Disclaimers

8.1. 
Representations. Each party represents that it has validly entered into this Agreement and has the legal power to do so.

8.2.
Drata Warranties. Drata warrants that during the applicable subscription term Drata will not: (a) materially decrease the overall functionality of the Services; or (b) materially decrease the overall security of the Services.

8.3.
Warranty Remedies. Customer will notify Drata of any non-conformance of the Services under a warranty above within 30 days. Provided that Customer notifies Drata within such time, Drata will use commercially reasonable efforts to correct the non-conformance at no additional charge. If Drata is unable to correct such non-conforming Services as warranted within a reasonable time, Customer will be entitled to terminate the applicable Order Form and receive a prorated refund of any prepaid, unused Fees covering the remainder of the subscription term. The foregoing remedy is Customer’s sole remedy in case of a breach of the limited warranties above.

8.4 
Disclaimers.
(a)  EXCEPT AS EXPRESSLY PROVIDED  HEREIN,  THE SERVICES AND REPORTS ARE  PROVIDED  “AS IS,” NEITHER  PARTY  MAKES  ANY  WARRANTY  OF  ANY  KIND,  WHETHER  EXPRESS,  IMPLIED,  STATUTORY  OR  OTHERWISE,  AND  EACH  PARTY  SPECIFICALLY  DISCLAIMS  ALL  IMPLIED  WARRANTIES,  INCLUDING  ANY  IMPLIED  WARRANTY  OF  MERCHANTABILITY,  FITNESS  FOR  A  PARTICULAR  PURPOSE  OR  NON-INFRINGEMENT,  TO  THE  MAXIMUM  EXTENT  PERMITTED  BY  APPLICABLE  LAW.  WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, DRATA DOES NOT WARRANT THAT THE SERVICES ARE ERROR-FREE OR THAT THE SERVICES WILL OPERATE WITHOUT INTERRUPTION, THAT THE REPORTS WILL BE ACCURATE AND DRATA GRANTS NO WARRANTY REGARDING THE USE BY CUSTOMER OF THE SERVICES.  THE SERVICES MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS.  DRATA IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES OR OTHER DAMAGES RESULTING FROM SUCH PROBLEMS.

(b) CUSTOMER ACKNOWLEDGES AND AGREES THAT DRATA IS NOT LIABLE, AND CUSTOMER AGREES NOT TO SEEK TO HOLD DRATA LIABLE, FOR THE CONDUCT OF THIRD PARTIES, INCLUDING PROVIDERS OF THE THIRD-PARTY SERVICES, AND THAT THE RISK OF INJURY FROM SUCH THIRD-PARTY SERVICES RESTS ENTIRELY WITH CUSTOMER.

(c) FROM TIME TO TIME, DRATA MAY OFFER NEW “BETA” FEATURES OR TOOLS WITH WHICH CUSTOMER MAY EXPERIMENT.  SUCH FEATURES OR TOOLS ARE OFFERED SOLELY FOR EXPERIMENTAL PURPOSES AND WITHOUT ANY WARRANTY OF ANY KIND, AND MAY BE MODIFIED OR DISCONTINUED AT DRATA’S SOLE DISCRETION.


(d) CUSTOMER ACKNOWLEDGES AND AGREES THAT THE SERVICES AND THE REPORTS PROVIDED BY DRATA TO CUSTOMER ARE INTENDED AS RECOMMENDATIONS ONLY AND DO NOT CONSTITUTE ANY WARRANTY OR GUARANTY THAT CUSTOMER, BY FOLLOWING SUCH RECOMMENDATIONS, WILL BE FULLY COMPLIANT WITH ANY APPLICABLE STANDARDS CONTEMPLATED BY THE SERVICES.  CUSTOMER ACKNOWLEDGES AND AGREES THAT IT IS SOLELY CUSTOMER’S RESPONSIBILITY TO ENSURE THAT IT COMPLIES WITH ALL SUCH APPLICABLE STANDARDS.


9. Mutual Indemnification
9.1. Indemnification by Drata. Drata  will  defend  Customer  against  any  claim,  demand,  suit  or  proceeding  made  or  brought  against  Customer  by  a  third  party  alleging  that  the Purchased Services  infringe  or  misappropriate  such  third  party’s  intellectual  property  rights in the United States of America  (each, a  “Claim  Against  Customer”),  and  will  indemnify  Customer  from  any  damages,  attorney  fees  and  costs  finally  awarded  against  Customer  as  a  result  of,  or  for  amounts  paid  by  Customer  under  a  settlement  approved  by  Drata  in  writing  of,  a  Claim  Against  Customer,  provided  Customer:  (a)  promptly  gives  Drata  written  notice  of  the  Claim  Against  Customer;  (b)  gives  Drata  sole  control  of  the  defense  and  settlement  of  the  Claim  Against  Customer; and  (c)  gives  Drata  all  reasonable  assistance,  at  Drata’s  expense.  If  Drata  receives  information  about  an  infringement  or  misappropriation  claim  related  to the Services,  Drata  may  in  its  discretion  and  at  no  cost  to  Customer:  (i)  modify  the  Services  so  that  they  are  no  longer  claimed  to  infringe  or  misappropriate; (ii)  obtain  a  license  for  Customer’s  continued  use  of  the Services  in  accordance  with  this  Agreement; or  (iii)  terminate  Customer’s  subscriptions  for  the Services  upon  30  days’  written  notice  and  refund  Customer  any  prepaid  fees  covering  the  remainder  of  the  subscription term  of  the  terminated  Services.  The  above  defense  and  indemnification  obligations  do  not  apply  if  a  Claim  Against  Customer  arises  from:  (I) the  use  or  combination  of  the  Services  or  any  part  thereof  with  software,  hardware,  data,  or  processes  not  provided  by  Drata,  if  the  Services  or  use  thereof  would  not  infringe  without  such  combination;  (II) modifications to the Services not made by Drata; or  (III)  Customer’s breach of this Agreement, applicable Order Forms or the Documentation.

9.2.
Indemnification by Customer. Customer  will  defend  Drata  and  its  Affiliates  against  any  claim,  demand,  suit  or  proceeding  made  or  brought  against  Drata  by  a  third  party  arising  from:  (a)  Customer’s  use  of  the  Services  in  an  unlawful  manner  or  in  violation  of  this  Agreement,  an Order  Form or the Documentation;  or (b)  any  Customer  Data  or  Customer’s  use  of  Customer  Data  with  the  Services (each,  a  “Claim  Against  Drata”),  and  will  indemnify  Drata  from  any  damages,  attorney  fees  and  costs  finally  awarded  against  Drata  as  a  result  of,  or  for  any  amounts  paid  by  Drata  under  a  settlement  approved  by  Customer  in  writing  of,  a  Claim  Against  Drata,  provided  Drata:  (i)  promptly  gives  Customer  written  notice  of  the  Claim  Against  Drata;  (ii)  gives  Customer  sole  control  of  the  defense  and  settlement  of  the  Claim  Against  Drata;  and  (iii)  gives  Customer  all  reasonable  assistance,  at  Customer’s  expense.  The above defense and indemnification obligations do not apply if a Claim Against Drata arises from Drata’s breach of this Agreement, applicable Order Forms or the Documentation.

9.3.
Sole and Exclusive Remedy. This Section 9 sets forth the indemnifying party’s sole liability to, and the indemnified party’s exclusive remedy against, the other party for the third-party claims described herein.

10. 
Limitation of Liability
10.1. Exclusion of Certain Types of Damages
. EXCEPT TO THE EXTENT PROHIBITED BY LAW, NEITHER PARTY OR ITS AFFILIATES WILL HAVE ANY LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT FOR ANY INDIRECT, EXEMPLARY, INCIDENTAL, SPECIAL, PUNITIVE, COVER, BUSINESS INTERRUPTION, LOST PROFIT, OR CONSEQUENTIAL DAMAGES, WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY, EVEN IF A PARTY OR ITS AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR IF A PARTY’S OR ITS AFFILIATES’ REMEDY OTHERWISE FAILS OF ITS ESSENTIAL PURPOSE.

10.2. Liability Cap. EXCEPT FOR AMOUNTS PAYABLE UNDER A PARTY’S INDEMNIFICATION OBLIGATIONS UNDER SECTION 9 OR CUSTOMER’S BREACH OF SECTION 3.3, IN NO EVENT SHALL THE AGGREGATE TOTAL LIABILITY OF EITHER PARTY TOGETHER WITH ITS AFFILIATES ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE TOTAL AMOUNTS PAID BY OR DUE FROM BUT NOT YET PAID BY CUSTOMER UNDER THE ORDER FORM(S) GIVING RISE TO SUCH LIABILITY IN THE 12 MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO THE LIABILITY. THE FOREGOING LIMITATION WILL APPLY WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY BUT WILL NOT LIMIT CUSTOMER’S AND ITS AFFILIATES’ PAYMENT OBLIGATIONS UNDER THE “FEES AND PAYMENTS” SECTION ABOVE.

11.
Miscellaneous
11.1. 
Relationship Between the Parties. Drata is an independent contractor; nothing in this Agreement will be construed to create a partnership, joint venture, or agency relationship between the parties.

11.2. Export Compliance
.  The Services may be subject to the export laws of the United States and other jurisdictions Each party represents that it is not on any U.S. government denied-party list. Customer will not permit any User to access or use the Services in Russia or a U.S.-embargoed country or region (currently Cuba, Iran, North Korea, Syria or Crimea) or in violation of any U.S. export law or regulation.

11.3. Anti-Bribery
.  Neither party has received or been offered any illegal or improper bribe, rebate, payoff, influence payment, kickback, or other thing of value from an employee or agent of the other party in connection with this Agreement.

11.4. Assignment
.  Neither party may assign or transfer its rights or obligations under this Agreement without the prior written consent of the other party, and any assignment or transfer in derogation of the foregoing shall be null and void, provided, however that either party shall have the right to assign the Agreement, without the prior written consent of the other party, to the successor entity in the event of merger, corporate reorganization or a sale of all or substantially all of such party’s assets. This Agreement shall be binding upon the parties and their respective successors and permitted assigns.

11.5. Notices
.  All notices required or permitted under this Agreement must be delivered in writing, if to Drata, by emailing [email protected] and if to Customer by emailing the Customer Point of Contact email address listed on the Order Form, provided, however, that with respect to any notices relating to breaches of this Agreement or termination, a copy of such notice will also be sent in writing to the other party at the party’s address as listed on the Order Form by courier, by certified or registered mail (postage prepaid and return receipt requested), or by a nationally-recognized express mail service. Each party may change its email address and/or address for receipt of notice by giving notice of such change to the other party.

11.6. Governing Law and Jurisdiction
.  The Agreement is governed by the laws of the State of California, without regard to its conflicts of laws or provisions.  All disputes arising out of this Agreement will be subject to the exclusive jurisdiction and venue of the state and federal courts in San Francisco, California and the Parties hereby consent to the personal jurisdiction of these courts. In the event of actual or threatened breach of confidentiality obligations or the “Use Restrictions” in this Agreement, the non-breaching party may seek specific performance, immediate injunctive and other equitable relief in any competent court without prejudice to any other rights or remedies.

11.7. Waivers; Severability
.  Any waivers shall be effective only if made by a writing signed by representatives authorized to bind the parties.  Any waiver or failure to enforce any provision of this Agreement on one occasion will not be deemed a waiver of any other provision or of such provision on any other occasion.  If any provision of this Agreement is unenforceable, such provision will be changed and interpreted to accomplish the objectives of such provision to the greatest extent possible under applicable law and the remaining provisions will continue in full force and effect.

11.8. Construction
.  The headings of Sections of this Agreement are for convenience and are not to be used in interpreting this Agreement.  As used in this Agreement, the word “including” means “including but not limited to.”

11.9. Force Majeure
.  Any delay in the performance of any duties or obligations of either Party (except for the obligation to pay Fees owed) will not be considered a breach of this Agreement if such delay is caused by a labor dispute, shortage of materials, war, fire, earthquake, typhoon, flood, natural disasters, governmental action, pandemic/epidemic, cloud-service provider outages any other event beyond the control of such Party, provided that such Party uses reasonable efforts, under the circumstances, to notify the other Party of the circumstances causing the delay and to resume performance as soon as possible.

11.10. Entire Agreement; Amendment
. This Agreement and any applicable Order Form constitutes the complete agreement between the Parties and supersedes all previous and contemporaneous agreements, proposals, or representations, written or oral, concerning the subject matter of this Agreement.  To the extent that a conflict arises between the terms and conditions of an Order Form or SOW and the terms of this Agreement, the terms and conditions of the Order Form or SOW will govern.  It is expressly agreed that the terms and conditions of this Agreement and any Order Form supersede the terms any of Customer’s purchase order.

11.11. U.S. Government Restricted Rights
. If Customer is a government end user, then this provision also applies to Customer. The software contained within the Platform and the Services and provided in connection with this Agreement has been developed entirely at private expense, as defined in FAR section 2.101, DFARS section 252.227-7014(a)(1) and DFARS section 252.227- 7015 (or any equivalent or subsequent agency regulation thereof), and is provided as “commercial items,” “commercial computer software” and/or “commercial computer software documentation.” Consistent with DFARS section 227.7202 and FAR section 12.212, and to the extent required under U.S. federal law, the minimum restricted rights as set forth in FAR section 52.227-19 (or any equivalent or subsequent agency regulation thereof), any use, modification, reproduction, release, performance, display, disclosure or distribution thereof by or for the U.S. Government shall be governed solely by this Agreement and shall be prohibited except to the extent expressly permitted by this Agreement

joe-reeve2
Case Study:

Learn how Iteratively used Drata to get their SOC 2 report faster than most thought possible, and now monitor their security & compliance posture…