This is a legal agreement concerning the use of the Tripwire for DevOps Service between the entity acquiring the license (“Customer”), and Tripwire, Inc. (“Tripwire”). If you are using the Service as an employee on behalf of your employer, your employer is the “Customer.” Your employer may have already accepted a version of the terms and conditions in this Agreement by signing an agreement. In all other circumstances, you are binding your employer and yourself personally as an employee, to this Agreement by using the Service. Unless Customer and an authorized representative of Tripwire have signed a separate agreement governing the Service, this Agreement, including the information submitted during the registration process, contains the parties' entire understanding relating to the subject matter and supersede all prior or contemporaneous agreements. IF YOU DO NOT, OR THE CUSTOMER DOES NOT, AGREE TO THESE TERMS AND CONDITIONS, THEN YOU MAY NOT USE THE SERVICE.
1. DEFINITIONS
“Administrative Data” means limited personal contact information, such as name, telephone number and email address, of a Customer’s representatives who are directly involved in the administration and management of the Agreement and the Service provided under the Agreement, including, without limitation, personal contact information of registered users provided as part of the Service registration process.
“Affiliate”means another person or entity that, directly or indirectly, controls, is controlled by or is under common control with a party, where control means owning a beneficial interest (directly or indirectly) in more than 50% of the outstanding shares or securities or other ownership interest entitled to vote for the election of directors or similar managing authority. An entity shall be an Affiliate only as long as such control is maintained. Customer may order and use the Service on behalf of its Affiliates, and may allow Affiliates to use the Service; Customer is responsible for its Affiliates’ use in compliance with the Agreement terms.
“Agreement” means: the terms of this document; the Data Processing Terms; the information provided by Customer during the registration process (“Registration Information”); and, for orders placed directly with Tripwire, the applicable Tripwire quotation.
“Authorized Use” means use of the Service by a User for the internal business purposes of Customer or Affiliates for lawful purposes. Authorized Use does not include using the Service to provide services to third parties (other than Affiliates), unless otherwise mutually agreed by the parties in an executed written agreement.
"Collected Data" means technical data automatically generated from use of the Service regarding use, performance and types of images scanned, which Tripwire may collect and use on an aggregated, anonymized basis only to monitor and improve system performance and to report on industry trends. Collected Data does not include Customer Content.
“Customer Content” means images submitted by Customer for scanning through the Service, and the results of such scans.
“Data Processing Terms” means the Data Processing Agreement applicable to the Service available at www.tripwire.com/terms.
“Documentation” means the online user documentation for the Service made available by Tripwire through the Tripwire Customer Center, as updated from time to time.
“Evaluation Use” means use of the Service on a no-charge basis for up to the number of scans or the time period described in the Registration Information.
“Order” means a purchase order accepted by Tripwire for the Service under this Agreement. Orders are used to identify the Customer, Service, and pricing, and are governed exclusively by the terms of this Agreement. Any additional or conflicting terms in a purchase order are not effective and are expressly declined. Any terms in this Agreement relating to pricing, discounts and payments do not apply to Orders placed through an authorized reseller or distributor, which terms will be negotiated between Customer and the reseller or distributor. Resellers and distributors are not authorized to modify this Agreement or to make additional representations, commitments or warranties binding on Tripwire. For Evaluation Use, the information entered by Customer in the Registration Information will constitute the Order.
“Service” means the Tripwire for DevOps scanning services made available by Tripwire online, including the Documentation.
“Term” means the period described in Section 8.1 below.
"User" means an individual authorized by Customer or an Affiliate to use the Service, who has been supplied user identification and password by Customer or an Affiliate (or by Tripwire at Customer’s request). Individuals who are not employees of Customer or the Affiliate must be under confidentiality obligations to Customer or the Affiliate which extend to the protection of Tripwire’s intellectual property and Confidential Information with terms no less protective than this Agreement.
2. ORDERS; FEES
2.1 Orders. On Tripwire’s acceptance of the Order and subject to Customer's compliance with the terms and conditions of this Agreement, Customer may use the Service during the Term solely for the purpose of scanning Customer Content that Customer is authorized to submit for scanning.
2.2 Fees and Payment.
(a) The Service is priced on a per-use basis, with a minimum prepaid purchase. Prepaid amounts expire (and are forfeited) if not used within one year. The Service provided for Evaluation Use is provided at no charge. For Service ordered by Customer directly from Tripwire, Tripwire will invoice Customer for the Service fees in advance, payable net thirty (30) days subject to credit approval, unless a Tripwire quotation states otherwise. For the Service ordered by Customer through a channel partner, Customer will pay the channel partner in accordance with the terms agreed between them. Customer acknowledges that Tripwire’s performance of Service purchased through a channel partner is contingent upon Tripwire’s receipt and acceptance of an Order from the channel partner, and the channel partner’s payment of the applicable fees to Tripwire.
(b) If any sum payable to Tripwire is not paid by the due date, Tripwire reserves the right, without prejudice to any other remedy, to suspend the provision of the Service on five days prior notice, until paid in full. Except as expressly stated otherwise in the Agreement, all fees paid or payable for the Service are non-cancellable and non-refundable.
3. SERVICES
3.1 Service. The Service will be provided during the Term as described in the Documentation and this Agreement. Other than Service provided for Evaluation Use, the Service includes customer support through the Tripwire Customer Center, as described in the support policies at www.tripwire.com/legal/eula/support-maintenance/. Service provided for Evaluation Use does not include access to support. Unless stated in the Data Processing Terms or Tripwire quotation, the Service will be hosted in the United States and Customer Content will be stored at data centers within the United States. Customer’s access to and use of the Service from certain countries may be restricted by applicable laws and may be subject to technical limitations of the Service.
3.2 Authorized Use.
(a) Customer will only allow Users to use the Service for Authorized Use during the Term. Customer shall use commercially reasonable efforts to prevent unauthorized access to or use of the Service and shall notify Tripwire promptly of any such unauthorized access or use. Customer is responsible for using the Service and information resulting from Service in compliance with applicable laws and regulations, including data privacy laws and regulations.
(b) Customer shall not: (i) allow anyone other than Users to access the Service, (ii) sell, resell, rent, lease or create derivate works based on the Service; (iii) copy, frame or mirror any part or content of the Service, other than copying or framing on Customer’s own intranets or otherwise for Customer’s Authorized Use; (iv) provide, store or transmit material in violation of third party privacy rights or applicable law; (v) use the Service to store or transmit harmful or malicious code, files, scripts, agents or programs; (vi) interfere with or disrupt the integrity or performance of the Service; (vii) attempt to gain unauthorized access to the Service or related systems or networks; or (viii) use the Service for the purpose of developing, enhancing or marketing any service that is competitive with the Service, or disclose to any third party the results of or information pertaining to any performance benchmark relating to the Service.
3.3 Restoring Customer Content. In the event of any inadvertent deletion or corruption of any Customer Content that is stored on the Service, Tripwire will use commercially reasonable efforts to restore the deleted or corrupted Customer Content from the latest backup of such Customer Content that Tripwire maintains in accordance with Tripwire’s standard archival procedures. TRIPWIRE’S EFFORTS TO RESTORE DELETED OR CORRUPTED CUSTOMER CONTENT PURSUANT TO THIS SECTION 4.2 WILL CONSTITUTE CUSTOMER’S SOLE AND EXCLUSIVE REMEDY AND TRIPWIRE’S SOLE LIABILITY FOR ANY DELETION OR CORRUPTION OF CUSTOMER CONTENT.
3.4 U.S. Federal Government End Use Provisions. Tripwire provides the Service, including access to related software and technology, for ultimate federal government end use solely in accordance with the following: Government technical data and software rights related to the Service include only those rights customarily provided to the public as defined in this Agreement. This customary commercial license is provided in accordance with FAR 12.211 (Technical Data) and FAR 12.212 (Software) and, for Department of Defense transactions, DFAR 252.227-7015 (Technical Data – Commercial Items) and DFAR 227.7202-3 (Rights in Commercial Computer Software or Computer Software Documentation). If a government agency has a need for rights not conveyed under these terms, it must negotiate with Tripwire to determine if there are acceptable terms for transferring such rights, and a mutually acceptable written addendum specifically conveying such rights must be included in any applicable contract or agreement.
4. PROPRIETARY RIGHTS; CONFIDENTIALITY
4.1 Ownership. All intellectual property rights that are owned or controlled by a party at the commencement of the Service shall remain under the ownership or control of such party. As between Tripwire and Customer, Customer exclusively owns all rights, title and interest in and to all Customer Content. Subject to the limited rights expressly granted hereunder, Tripwire reserves all rights, title and interest in and to the Service, including all Collected Data and all related intellectual property rights. Tripwire shall not disclose the Collected Data in any manner in which the Collected Data could be attributed to Customer or Customer’s use of the Service. No rights are granted to Customer hereunder other than as expressly set forth herein. Customer may choose, but is not required, to provide suggestions, data or other information to Tripwire regarding possible improvements in the operation, functionality or use of the Service. Any resulting inventions, improvements, modifications or developments, made by Tripwire at its sole discretion, are Tripwire’s exclusive property.
4.2 “Confidential Information" means: (a) Customer Content, Customer’s User names and access credentials; (b) each party’s security or business practices; (c) information regarding each party’s suppliers, employees or customers; (d) non-public information provided by Tripwire regarding the Service, including product and service pricing, trade secrets, road maps and development plans relating thereto; (e) the specific business terms set forth in any quotation, Order or this Agreement; and (f) any other information of a party that is identified as confidential or proprietary at the time of disclosure, or that a reasonable person would recognize to be confidential given the nature of the information and the circumstances of the disclosure. Confidential Information does not include information that: (i) is or becomes generally known or available to the public through no act or omission of the recipient (“Recipient”); (ii) is rightfully known to or received by Recipient prior to receiving such information from the other party (“Disclosing Party”) without restriction as to use or disclosure; or (iii) is independently developed by Recipient without use of Confidential Information and without a breach of this Agreement. The existence of this Agreement and the nature of the business relationship between the parties are not Confidential Information.
4.3 Protection of Confidential Information. Except as otherwise permitted in writing by the Disclosing Party: (a) the Recipient will use Confidential Information received from the other party solely for the purpose of performing activities contemplated under this Agreement; (b) the Recipient will use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but in no event less than reasonable care) not to disclose or use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement; and (c) the Recipient will limit access to Confidential Information of the Disclosing Party to those of its employees, contractors and agents who need such access for purposes consistent with this Agreement and who are under confidentiality obligations to the Recipient containing protections no less stringent than those herein. Customer agrees to keep all access credentials confidential and not to transfer or disclose them to other individuals or third parties. The parties acknowledge that a violation of the Recipient’s obligations with respect to Confidential Information of the Disclosing Party may cause irreparable harm to the Disclosing Party for which a remedy at law would be inadequate. In addition to any and all remedies available at law, the Disclosing Party will be entitled to seek an injunction or other equitable remedies in all legal proceedings in the event of any threatened or actual breach of this Section 4.
4.4 Protection of Customer Content. Images submitted by Customer are destroyed immediately on completion of the scan. The results of the scans are retained during the retention period described in the Data Processing Terms. Tripwire will maintain reasonable administrative, physical, and technical safeguards for the purpose of protecting the security, confidentiality and integrity of Customer Content, as described in Data Processing Terms in effect at the time that the Service is provided. Tripwire does not require access to, and Customer shall not intentionally provide, sensitive data such as protected health information, financial or credit information related to Customer’s employees or customers, or special categories of personal data as defined by applicable data privacy laws (collectively “Protected Data”). If Customer inadvertently discloses any Protected Data in the course of receiving the Service, Tripwire will treat such information as Confidential Information under the terms of this Agreement and, at Customer’s request, promptly destroy Customer Data that includes such information.
4.5 Compelled Disclosure. The Recipient may disclose Confidential Information of the Disclosing Party if it is compelled by law to do so; provided that the Recipient gives the Disclosing Party prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party's cost, if the Disclosing Party wishes to contest the disclosure. If the Recipient is compelled by law to disclose the Disclosing Party's Confidential Information as part of a civil proceeding to which the Disclosing Party is a party, and the Disclosing Party is not contesting the disclosure, the Disclosing Party will reimburse the Recipient for its reasonable cost of compiling and providing secure access to such Confidential Information.
4.6 Administrative Data. Tripwire may store the Administrative Data in databases accessible globally by its personnel responsible for providing or supporting the Service, and to use the Administrative Data for purposes reasonably necessary to the administration of this Agreement, subject to the Data Processing Terms.
5. LIMITED WARRANTIES
5.1 Service Warranty. Tripwire warrants that (a) the Service shall perform materially in accordance with the Documentation, and (b) the functionality of the Service will not be materially decreased during the Term. The foregoing warranty does not apply to Service provided for Evaluation Use, which is provided AS-IS with no warranty. CUSTOMER’S EXCLUSIVE REMEDY FOR A BREACH OF THIS SECTION 5.1 SHALL BE AS PROVIDED IN SECTION 8.2 (TERMINATION) AND 8.4 (EFFECT OF TERMINATION).
5.2 Disclaimer of Other Warranties. THE LIMITED WARRANTIES SET FORTH IN THIS SECTION 5 ARE EXCLUSIVE. NEITHER TRIPWIRE NOR ITS LICENSORS OFFER ANY OTHER WARRANTIES, TERMS OR CONDITIONS, EXPRESS, IMPLIED OR STATUTORY, WITH RESPECT TO THE SERVICES PROVIDED UNDER THIS AGREEMENT. TRIPWIRE OFFERS NO WARRANTY THAT THE SERVICES WILL DETECT OR PROTECT AGAINST ALL THREATS OR BE ERROR-FREE OR FREE FROM INTERRUPTIONS OR OTHER FAILURES. TRIPWIRE AND ITS LICENSORS SPECIFICALLY DISCLAIM ALL IMPLIED WARRANTIES, TERMS, CONDITIONS, AND REPRESENTATIONS: (a) OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT OF INTELLECTUAL PROPERTY, AND (b) ARISING OUT OF COURSE OF DEALING, USAGE OR TRADE. No oral or written information or advice given by Tripwire or Tripwire’s authorized representatives shall create a warranty or other obligations on behalf of Tripwire. Customer assumes full responsibility for selecting the appropriate tools, configurations and policies to achieve Customer’s intended results, and for Customer’s use and application of information provided by Tripwire as a result of the Service.
6. INDEMNIFICATION
6.1 Tripwire will defend or settle any action brought against Customer during the Term and indemnify Customer against all costs, damages and reasonable attorneys’ fees that are finally awarded against Customer or are included in a settlement to which Tripwire is a party, to the extent those amounts are based upon a third party claim that the Service directly infringes any copyright or misappropriates any trade secret or infringes any patent enforceable in the United States. As conditions to Tripwire’s obligations under this Section 6.1, Customer must: (a) notify Tripwire promptly in writing of the action; (b) provide Tripwire all reasonable information and assistance to settle or defend the action at Tripwire’s request and expense; and (c) grant Tripwire sole authority and control of the defense or settlement of the action. Tripwire will not be responsible for any compromise made or expense incurred without its prior written consent. Tripwire is not liable for claims based on: (a) combination of the Service with any product not furnished by Tripwire, if the claim would not have arisen in the absence of such combination; or (b) use of the Service outside the scope of Authorized Use.
6.2 If a claim is made under Section 6.1, Tripwire shall at its expense either: (a) replace or modify the Service so that it becomes non-infringing; (b) procure for Customer the right to continue using the Service; or (c) if neither of the foregoing options is commercially reasonable, require the discontinuation of the infringing Service and refund to Customer any prepaid, unused and unexpired fees received by Tripwire for the Service.
6.3. THIS SECTION 6 SETS FORTH TRIPWIRE’S SOLE AND EXCLUSIVE OBLIGATIONS, AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDIES, WITH RESPECT TO INFRINGEMENT OR MISAPPROPRIATION OF INTELLECTUAL PROPERTY RIGHTS OF ANY KIND RELATING TO THE SERVICE. EXCEPT AS SET FORTH ABOVE, TRIPWIRE AND ITS LICENSORS DISCLAIM ALL IMPLIED OBLIGATIONS WITH RESPECT TO INTELLECTUAL PROPERTY INDEMNIFICATION.
6.4 At Tripwire’s request, Customer shall defend or settle any action brought against Tripwire and indemnify against costs, damages and reasonable attorneys’ fees that are finally awarded against Tripwire or are included in a settlement to which Customer is a party, to the extent those amounts are based on a claim arising from Customer’s unlawful or unauthorized use of the Service, or a third party claim in relation to Customer Content provided by Customer to Tripwire. Customer will not be responsible for any compromise made or expense incurred without its prior written consent.
7. LIMITATION OF LIABILITY
7.1 Tripwire’s liability will not be limited or excluded in relation to death or personal injury caused by its negligence or intentional misconduct (or that of its employees or agents), fraudulent misrepresentation, or any other liability which cannot be excluded by law.
7.2 EXCEPT AS PROVIDED IN SECTION 7.1, IN NO EVENT WILL TRIPWIRE BE LIABLE FOR PUNITIVE, EXEMPLARY, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING WITHOUT LIMITATION, DAMAGES ARISING FROM ANY LOSS OF REVENUE, PROFITS, OR FOR THE COST OF PROCURING SUBSTITUTE SERVICES, OR FOR THE LOSS OF USE OF ANY SERVICES, OR FOR ANY INTERRUPTION OF BUSINESS, WHETHER SUCH LIABILITY ARISES FROM ANY CLAIM BASED UPON CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF TRIPWIRE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
7.3 EXCEPT AS PROVIDED IN SECTION 7.1, IN NO EVENT WILL TRIPWIRE’S TOTAL LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT, FROM ALL CAUSES OF ACTION AND ALL THEORIES OF LIABILITY, EXCEED THE AMOUNT PAID OR PAYABLE BY CUSTOMER FOR THE SERVICE FOR WHICH THE CLAIM AROSE. The fees reflect the allocation of risk set forth in this Agreement.
7.4 The Service was developed for general use in a variety of information management environments. They are not designed for use in a situation in which use or failure of the Service could lead to death or serious bodily injury of any person, or severe physical or environmental damage (“High Risk Activities”). Examples of High Risk Activities include, without limitation, the design or operation of nuclear facilities, aircraft navigation or communication systems, air traffic control, weapons systems, or life-support systems. If Customer uses the Service for High Risk Activities, Customer shall be solely responsible for taking all appropriate fail-safe, backup, redundancy and other measures to ensure the safe use of the Service. Notwithstanding anything to the contrary in this Section 7, TRIPWIRE DISCLAIMS ANY LIABILITY FOR ANY DAMAGES CAUSED BY USE OF THE SERVICES IN HIGH RISK ACTIVITIES.
8. TERM AND TERMINATION
8.1 Term. The Term begins when Tripwire provides access credentials to Customer and expires when Customer has exhausted its prepaid fees for the Service, unless the Tripwire quotation states a different period. For Service provided for Evaluation Use, the Term expires 30 days after Tripwire provides access credentials to Customer. This Agreement will automatically expire at the end of the Term.
8.2 Termination. Except for a breach of Section 4 (Proprietary Rights; Confidentiality) and except for nonpayment of undisputed amounts due, neither party shall be liable for default or delay in performing its obligations for up to 30 days due to unforeseen circumstances or causes beyond its reasonable control, provided that the party continues to use commercially reasonable efforts to resume performance. Either party may terminate the Term for cause: (a) on 30 days’ written notice to the other party of a material breach if such breach remains uncured at the expiration of such period; or (b) if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors. In addition, Customer may terminate the Term for convenience at any time.
8.3. Retention and Return of Customer Data. Tripwire will retain the Customer Content (results of scans only) during the retention period defined in the Data Processing Terms. On Customer’s written request during the retention period, Tripwire will provide Customer with a copy of the Customer Content (results of scans only). After the expiration of the retention period, Tripwire will have no obligation to maintain or provide any Customer Content to Customer, and Tripwire will delete all Customer Content stored in the Service or otherwise in Tripwire’s possession or under Tripwire’s control, except to the extent that the Customer Data is required to be retained for Tripwire’s exercise of legal rights or compliance with legal obligations.
8.4 Effect of Termination. On any termination of the Term by Customer for cause, Tripwire shall refund Customer any prepaid, unused and unexpired fees as of the effective date of termination. In no event shall any termination relieve Customer of the obligation to pay any fees payable to Tripwire for the period prior to the effective date of termination. No refund will be made for termination by Customer for convenience or for termination by Tripwire for Customer’s breach. The terms of this Section 8 and the following sections will survive any termination or expiration of this Agreement: 4 (Proprietary Rights, Confidentiality), 5 (Limited Warranty), 6 (Indemnification), 7 (Limitation of Liability), 9 (General Terms).
9. GENERAL TERMS
9.1 Relationship. The relationship of Customer and Tripwire with respect to the performance of the Service is that of independent contractors. Subject to the protection of Customer’s Confidential Information, nothing in this Agreement prohibits Tripwire from performing similar or identical services for other parties.
9.2. Assignment. Any assignment or transfer of this Agreement by the Customer is prohibited without the prior written consent of Tripwire, and any attempted transfer or assignment without such consent shall be void and without force or effect. The terms of this Agreement shall be binding on permitted successors in interest and assigns.
9.3 Third Party Code. The Service uses certain third party software components (“Third Party Code”) identified at www.tripwire.com/terms (“Third Party Notices”). The Third Party Notices may include important licensing and liability disclaimers from the Third Party Code licensors. Customer’s use of Third Party Code in conjunction with the Service in accordance with this Agreement is permitted under all such Third Party Notices. Customer acknowledges that Section 7.1 of this Agreement does not apply to the Third Party Code.
9.4. Governing Law. This Agreement will be governed by and construed under the laws of the State of Oregon, USA, excluding choice of laws rules. Any action or proceeding arising from or relating to this Agreement, must be brought in a federal court in the District of Oregon or in state court in Multnomah County, Oregon, and each party irrevocably submits to the jurisdiction and venue of any such court in any such action or proceeding. This Section 9.4 does not restrict Tripwire’s right to bring an action against Customer in the jurisdiction where Customer’s place of business is located. The United Nations Convention on Contracts for the International Sale of Goods does not apply to this Agreement.
9.5. Severability; Modification; Notices; Waiver. If a court of competent jurisdiction finds any provision of this Agreement invalid or unenforceable, that provision will be enforced to the maximum extent permissible and the other provisions of this Agreement will remain in full force and effect. This Agreement may only be modified in writing by authorized representatives of the parties. All notices required or authorized under this Agreement must be in writing and will be sent, as applicable, to the party’s address at the beginning of this Agreement. Waiver of terms or excuse of breach must be in writing and will not constitute subsequent consent, waiver or excuse.
9.6. Compliance with Laws. Each party will comply with all applicable laws and regulations with respect to its activities under this Agreement including, but not limited to, the export laws and regulations of the U.S. and other applicable jurisdictions, and economic sanctions regulations administered by the Office of Foreign Assets Control and similar restrictions issued by U.S. and other governments prohibiting the provision of the Service to specified destinations, end-users and end uses. Without limiting the foregoing Customer will not permit Users to access or use the Service in violation of any applicable export, data privacy or data transfer restriction.
9.7. Entire Agreement. This Agreement (including all documents referenced herein) constitutes the entire and exclusive agreement between the parties with respect to its subject matter and supersedes all prior communications, proposals, representations, agreements and understandings, whether written or oral, relating to its subject matter. Purchases under this Agreement are made based solely on the terms of this Agreement, are not contingent on the delivery of additional future functionality or features, and are not dependent on any statements made by Tripwire or its representatives regarding future functionality or features. No modification, amendment, or waiver of any provision of this Agreement will be effective unless in writing and either signed or accepted electronically by a duly authorized representative of each party. To the extent of any conflict or inconsistency between the provisions in the body of this Agreement and any exhibit or addendum hereto, the terms of such exhibit or addendum will prevail.