The URL can be used to link to this page

23-219.01PhishFirewallSecurityAwarenessTraining phishfirewall Proposal Autonomous Security Awareness Training And Phishing Simulation Prepared for: City of Spokane Valley Washington (Company) Prepared for: Chad Knodel (Individual) Prepared by: Crystal Fontaine Proposal Date: November 15, 2024 Quote ID: Q-00335-1 Expiry Date: Nov 30, 2024 The Worlds Most Effective Security Awareness Training! phishfirewall Proposal Chad, On behalf of PhishFirewall, I would like to extend our sincere appreciation for your commitment to building a more secure future for your organization and trusting us as a partner. Your decision to prioritize security reflects your deep understanding of the growing challenges and threats that accompany our increasing reliance on digital infrastructure. By focusing on security awareness training,you are addressing one of the most critical aspects of cybersecurity—the human element. Investing in education and fostering a culture of security not only strengthens your organization's first line of defense but also showcases your proactive approach to protecting your data,your employees, and your clients. We are honored to be your partner on this journey and look forward to helping you cultivate a robust cybersecurity culture. Thank you for your continued trust in us. Sincerely, Crystal Fontaine phishfirewall phishfirewall Proposal #Of Product DESCRIPTION Average DISC (%) Yearly Cost Seats Description Seat Price 115 PFW-EP 12 Month Contract PF Enterprise 12 Month 1211/24-11130- $10.01 62 $1,151.15 2025 TOTAL: $1,151.15 V phishfirewall phishfirewall Proposal Signature Page 1. Please read the proposal carefully to understand all details of our potential collaboration.We value transparency and mutual understanding from the start. 2. This agreement shall come into effect on the date it is signed by both Parties.The date of signature by each Party may be different, but the Agreement will only be binding and become effective when both Parties have signed it. 3. If anything is unclear or if you have questions,don't hesitate to ask.We're ready to discuss any points and find the best ways to work together. 4. Addendum added to the to contact that isolates requested revisions to terms and conditions dated Nov13,2024. Date: wfJ � �� + Date:November 15,2024 ilfil'�.�"� Company: Ci. oe Sp i<4fte y Company:Phishfirewall Inc. Customer Name: in �M4 n Executive Sponsor:Mark Palmer Title: C44-/ Ma nLl5 e Title:VP of Sales Operations Sib nature/f/ ' _ Signature: phishfirewall phishfirewall Proposal TERMS AND CONDITIONS THESE TERMS AND CONDITIONS (THE "AGREEMENT") GOVERN CUSTOMER'S ACCESS AND USE OF PHISHFIREWALL'S PRODUCTS AND SERVICES, UNLESS CUSTOMER HAS FULLY EXECUTED A MASTER AGREEMENT WITH PHISHFIREWALL IN WHICH CASE SUCH MASTER AGREEMENT GOVERNS. CAPITALIZED TERMS HAVE THE DEFINITIONS SET FORTH HEREIN. BY ACCEPTING THIS AGREEMENT,EITHER BY: (1) CLICKING A BOX INDICATING ACCEPTANCE; (2) EXECUTING A QUOTE THAT REFERENCES THIS AGREEMENT; OR (3) USING PHISHFIREWALL'S PRODUCTS AND SERVICES, CUSTOMER AGREES TO THE TERMS OF THIS AGREEMENT. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT IS ACCEPTING ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY,SUCH INDIVIDUAL REPRESENTS THAT THEY HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS, IN WHICH CASE THE TERM "CUSTOMER"SHALL REFER TO SUCH ENTITY AND ITS AFFILIATES. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT DOES NOT HAVE SUCH AUTHORITY OR DOES NOT AGREE WITH THESE TERMS AND CONDITIONS,SUCH INDIVIDUAL MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE PRODUCTS SERVICES. Customer and PhishFirewall may be referred to in this Agreement individually as a"party"or jointly as the"parties."This Agreement governs all purchased Products and Services,as defined in this agreement,provided by PhishFirewall to Customer. 1. Software 1.1 Software License.This Section applies in the event Customer licenses Software from PhishFirewall. Subject to Customer's commitment to payment in accordance with this Agreement, PhishFirewall hereby grants to Customer, for use with Customer's authorized Users, and solely for internal business purposes and not for resale or publication, a limited; non-exclusive; non-sublicensable; non-transferable; royalty-free license to install, use, execute, display, and access the Software. The Term,as defined below,of the foregoing license will be as set forth in the applicable Quote.Apart from the foregoing limited licenses,Customer is not being granted any right,title,or interest in or to the Software,or otherwise the Products.All such rights are expressly reserved by PhishFirewall. 2. Product Usage&Rights. 2.1 Acceptance.Customer is deemed to have committed to a purchase in full for the Products and Services (regardless of any split payment terms) once a Quote is sent to PhishFirewall for processing or once payment has been tendered through check,credit card,or other form of payment. Payment via check, credit card,or other form of tendering payment will be deemed acceptance of the corresponding Quote or invoice sent to Customer by PhishFirewall. If Customer is an organization subject to certain fiscal period restrictions or appropriations, Customer hereby represents and warrants that Customer has the ability to pay all fees, regardless of any split payment terms,in full,out of Customer's current fiscal period's allocated budget or that Customer has the authority to legally commit to a purchase outside of the current fiscal period. Except as otherwise specified herein,all sales are final, non-refundable,and non-returnable except with respect to Products and Services that do not meet applicable specifications in the relevant Documentation or that are not identified in the Quote. ph1Shfirewall phIshfirewall Proposal ▪ 2.2 Customer Users.The Products and Services are provided on a per-seat, subscription basis. Customers are responsible for managing the creation, modification, and revoking of access of their users.The Customer is solely responsible for the management of access to the Products and Services of their users.The concurrent number of Active Users receiving access may not exceed the purchased number of Seats. If the number of Active Users exceed the purchased number of Seats, Customer is obligated to either pay for any Seats that surpass the purchased amount or immediately reduce its number of Active Users. Customer is not permitted to freely re-assign Seats to Users. PhishFirewall prohibits cycling of Seats amongst Customer's personnel. If an Active User's account is terminated or removed,that User's Seat license is no longer considered in use and may be allocated to another User upon written approval by PhishFirewall. Notwithstanding the foregoing, PhishFirewall's approval is not required in the instance an Active User's account is terminated or removed due to Customer's termination of that Active User's employment,or otherwise for termination of contract with that Active User,to account for Customer's normal attrition in workforce. Upon request by PhishFirewall, Customer agrees to provide PhishFirewall with a certification of such compliance. PhishFirewall reserves the right to audit Customer's compliance with this Section. Additional Seats may be added mid-subscription term and such additional Seats will be co-pending with the then-current subscription term and will terminate on the same date.Add-ons for more Seats mid-term will be priced at the same volume/level discount purchased under the applicable co-pending Quote and will be valid only until the end of such co-pending subscription term.Upon renewal,new rates may apply. ▪ 2.3 Professional Services.If Customer purchases Services to be performed by PhishFirewall, Customer may be required to sign an SOW detailing the project specifications for the Services. Services may include, but are not limited to, the request for PhishFirewall to implement and operate the Products on behalf of Customer("Managed Services"),additional maintenance and support(as opposed to any standard maintenance and support already included), and any additional consultancy or professional services. The completion time for any Services to be performed under an SOW, and any milestones, will be dependent on PhishFirewall's receipt of all Customer assets and specifications necessary for the project, in addition to PhishFirewall receiving a validly signed SOW for processing, as requested by PhishFirewall. The completion deadline will start from the date of delivery of all such assets and specifications,not the date of PhishFirewall's receipt of the signed SOW. Customer acknowledges that delays in providing assets or specifications at the request of PhishFirewall for such Services may delay the completion of the Services. PhishFirewall will not be faulted for delays caused by Customer's failure to reasonably cooperate. Service hours purchased pursuant to an SOW or a Quote will expire upon the expiration or termination of Customer's subscription term and will not carry over to any subsequent renewal term. • 2.4 Intellectual Property.This is not a work made-for-hire agreement,as defined by U.S.or other applicable law. PhishFirewall and its licensors own and reserve all right, title, and interest, including intellectual property rights, in the Products and all enhancements, modifications, and updates thereto. Except for express licenses granted in this Agreement, PhishFirewall is not granting or assigning to Customer any right, title, or interest, express or implied, in or to PhishFirewall's intellectual property.PhishFirewall reserves all rights in such property. 3. Data. • 3.1 Customer Data.Customer grants PhishFirewall a non-exclusive, world-wide, royalty-free license to use the data and other information input by Customer into the Products ("Customer Data"): (a)to perform PhishFirewall's obligations under this Agreement;(b)in compliance with the Product Privacy Notice; (c) in order to provide, maintain and(c)improve the Products and/or(d)as may be required by law. Customer will be responsible for obtaining all rights, permissions, and authorizations to provide the Customer Data to PhishFirewall for use as contemplated under this Agreement. Except for the limited license granted in this Section,nothing contained in this Agreement will be construed as granting PhishFirewall any right, title, or interest in the Customer Data. Customer Data will be deemed Customer Confidential Information. phIshfirewall phishfirewall Proposal • 3.2 Aggregated Data.PhishFirewall may also use Customer Data in an aggregate, de-identified, and generic manner for marketing; survey; and benchmarking purposes, in the review and, development and improvement of current and future Products, Product usage,and other similar purposes ("Aggregated Data"). Aggregated Data: (a) is used only for internal administrative purposes and general usage statistics;(b)does not identify Customer or any individual;and(c)to the extent such Aggregated Data is disclosed,is it will only disclosed in a generic or aggregated manner that does not identify the Customer or any individual and will be for the purposes of sharing Product usage and statistical or benchmarking purposes.Aggregated Data will not be considered Customer Confidential Information. • 3.3 Data Security.Customer Data is maintained in accordance with the Information Security Requirements in this Agreement using industry standard administrative, physical, and technical safeguards that are designed to provide for the protection of the security, confidentiality, and integrity of Customer Data. PhishFirewall's security safeguards include means for preventing access, use, modification, and disclosure of Customer Data by unauthorized individuals. Notwithstanding the foregoing, Customer Data access may be provided: (a)to PhishFirewall and other personnel to the extent necessary to provide the Products,Services,and support;(b)as compelled by law; (c) as set forth in the Product Privacy Notice; or(d) as expressly permitted by Customer. PhishFirewall's Products currently operate in third party datacenters located in the US or EU and have been built with high availability,business continuity,and disaster recovery in mind. PhishFirewall's cloud architecture follows industry standard security practices and is regularly assessed for vulnerabilities and risks.Information about PhishFirewall's information security practices may be found at PhishFirewall's Security Page. • 3.4 Data Protection.The collection,use,and disclosure of Customer Data in connection with Customer's use of the Products is subject to the Product Privacy Notice. By using the Products, Customer and each User acknowledge that the Customer Data will be processed in accordance with both the Product Privacy Notice and this Agreement and may be processed in a country where it was collected,as well as in countries where privacy laws may be different or less stringent, provided PhishFirewall ensures compliance with applicable data protection laws. By using the Products, or submitting Customer Data via the Products, Customer expressly consents to such processing.To the extent Customer or User provides personal data or other information belonging to a third party, Customer represents and warrants that it has that person's, organization's, or other such third parry's proper consent,or otherwise proper authorization,to do so.In the event Customer enters into a Data Processing Agreement with PhishFirewall, such Data Processing Agreement will govern the data handling practices between the parties and will supersede the language contained in this Section in the event of a conflict. • 3.4.1 Protected Health Information, Payment Card Information,and other Sensitive Information.PhishFirewall does not need, nor does PhishFirewall request, any protected health information ("PHI") governed by the Health Insurance Portability and Accountability Act and its implementing regulations("HIPAA"). PhishFirewall does not need, nor does PhishFirewall request,any non-public consumer personally identifiable information or financial information governed by the Gramm-Leach-Bliley Act ("GLBA") or payment card information covered by the Payment Card Industry Data Security Standards ("PCI DSS") in order to provide PhishFirewall's products and services. Customer should never disclose, nor allow to be disclosed, PHI, information protected by PCI DSS or GLBA, or other sensitive information to PhishFirewall. Customer acknowledges that PhishFirewall does not take steps to ensure PhishFirewall's products are GLBA, HIPAA, or PCI DSS compliant. All obligations of the aforementioned regulations remain solely with Customer. PhishFirewall's Products and Services are not intended for use with minors (as defined by applicable law). Customer is prohibited from authorizing minors,as defined by applicable law,to use or access the Products and Services,except as otherwise provided in a signed writing by an authorized representative of PhishFirewall. 4. Customer Obligations. 444›. phiShfirewall phishfirewall Proposal • 4.1 Connectivity.Customer is solely responsible for all telecommunication or Internet connections, and associated fees, required to access and use the Products, as well as all hardware and software. PhishFirewall is not responsible for: (a)Customer's access to the Internet; (b)interception or interruptions of communications through the Internet;or(c)changes or losses of data through the Internet. • 4.2 User Credentials.Customer will ensure User credentials (e.g., usernames and passwords) remain confidential,and Customer and Users will not disclose any such credentials to any third party.In addition,Customer will notify PhishFirewall immediately upon discovery of an unauthorized disclosure of any such credentials or upon any unauthorized access.Upon any termination of the engagement or deactivation of any User with knowledge of any such credentials,Customer will immediately change such credentials and remove access for that User. ▪ 4.3 Affiliates.Customer, if purchasing Seats on behalf of an Affiliate,will ensure its Affiliates comply with the terms of this Agreement. The use of the Products by the Affiliate and its Users represents acceptance of the terms of this Agreement by such Affiliate and its Users for which Customer will be jointly and severally liable with its Affiliate for any breach by the Affiliate of this Agreement. No Affiliate may directly enforce any provision of this Agreement.All actions to enforce this Agreement must be brought by Customer. • 4.4 Restrictions. • 4.4.1 Customer may not: (a) reverse engineer, disassemble, decompile, or otherwise attempt to reveal the trade secrets or know-how underlying the Products, except to the extent expressly permitted under applicable law; (b) use PhishFirewall's intellectual property or Confidential Information to develop a product that is similar to the Products;(c)use any PhishFirewall Confidential Information to contest the validity of any PhishFirewall intellectual property; (d) remove or destroy any copyright notices, other proprietary markings,or confidentiality legends placed on or made available through the Products; or(e) use the Products in any manner or for any purpose inconsistent with the terms of this Agreement or the Documentation. Software will only be used by the licensed number of Active Users for whom Customer paid the applicable fees. • 4.4.2 Access and use of PhishFirewall Products, Services, or other related materials(which the parties acknowledge are proprietary and Confidential Information of PhishFirewall) is solely authorized for the internal business purposes of the Customer and Active Users,and only for the duration of the subscription term or evaluation period,as applicable.Use of PhishFirewall Products,Services,or other related materials for analytical or research purposes, to be used or disclosed outside of Customer's organization, is strictly prohibited. Sharing screenshots, downloads,or other forms of copying,duplicating,or replicating the Products,Services,or other related materials, publicly or outside of Active Users, is strictly prohibited. Customer acknowledges that some of PhishFirewall's Products and Services are designed to assist Customer in training Users and may include developing,customizing,and sending fake cyber security attack campaigns for purposes of employee training, but that Customer,and not PhishFirewall or any PhishFirewall channel partners,will be responsible for Customer's compliance with all laws and governmental regulations, and any results in connection with the Customer's use of the Products (including any reports or information produced in connection therewith). • 4.4.3 Customer acknowledges and understands that if Customer is a direct competitor of PhishFirewall (or a third party acting on behalf of such direct competitor), Customer is not permitted to, and will not, access or use any PhishFirewall Products, Services, or other related materials,all of which are considered confidential and proprietary to PhishFirewall. 5. Compliance. • 5.1 Anti-Bribery& Corruption.Customer will not: (a)make any unlawful payments to any government official or employee;(b)make any unlawful payment to any person, or unlawfully provide anything of value (whether as property, services, or in any other form) to any 4i>1 phishfirewall phishfirewall Proposal person, for the purpose of obtaining an improper business advantage; or (c) agree, commit, or otherwise offer to undertake any of the foregoing actions in connection with this Agreement or any related activities. • 5.2 International Trade Compliance.The sale, resale, or other disposition of Products and any related technology or documentation are subject to various economic sanctions, export control laws, and other restrictive trade measures administered by the U.S. and other applicable governments. Because these laws may have extraterritorial effect,Customer will comply with all such measures,where applicable, including, without limitation: (a) the Export Administration Act of 1979, as amended (50 U.S.C.§2401-2420)and the Export Administration Regulations, 15 C.F.R. §§ 730-774 ("EAR"); (b) the Arms Export Control Act,22 U.S.C. §2778,and the corresponding International Traffic in Arms Regulations ("ITAR"); (c) the economic sanctions laws and regulations enforced by the U.S. Department of the Treasury's Office of Foreign Assets Control ("OFAC"),31 C.F.R.§§500,et seq.,and the U.S. Department of State;and(d)the anti-boycott regulations,guidelines, and reporting requirements under the Export Administration Regulations and Section 999 of the Internal Revenue Service Code. Customer understands and acknowledges that it is solely responsible for complying with such laws whenever applicable.Customer further understands and acknowledges that it will not directly or indirectly export,import,sell,disclose,or otherwise transfer any Products to any country or party subject to such restrictions, and that it is solely responsible for obtaining any license(s)to export,re-export,or import the Products that may be required. • 5.3 FOIA and Public Disclosure Requests.The purpose of the relationship between PhishFirewall and Customer is for Customer to purchase a subscription to the Products and Services that contain software, content, and information related to internet security awareness training, IT risk management, regulatory compliance, simulation of security attacks,vulnerability assessments,and other product and service offerings. The Products,Services,and any Confidential Information disclosed is proprietary to PhishFirewall and is an important business asset of PhishFirewall (the "Proprietary Information"). The Proprietary Information consists of protected financial data, trade secrets, and commercially valuable information that, if disclosed, would harm the competitive position of PhishFirewall. In the event of a request for disclosure of PhishFirewall's information, including any training materials,Customer will affirmatively respond denying the request pursuant to the terms of this paragraph and will promptly, but no later than five(5)business days after receiving such request,forward the request on to PhishFirewall. Customer will not release any such information except pursuant to written instructions by PhishFirewall,or a final un-appealable court order, provided that any such disclosure will be limited to the minimum necessary to be in compliance with the request,based upon the opinion of counsel. If Customer cannot agree to the foregoing,then Customer is not permitted access to the Proprietary Information. 6. Payment Terms. • 6.1 Prices.Prices will be specified by PhishFirewall and will be applicable for the period specified in the PhishFirewall Quote (as applicable). If no period is specified, prices will be applicable for thirty (30) calendar days. Notwithstanding the foregoing, prices may be subject to increase upon a renewal of a Quote,or in the event Customer adds-on or upgrades Products during the subscription term specified in the Quote. Prices are exclusive of taxes,including sales,use,excise,value added,and similar taxes or charges imposed by any government authority,and domestic and international shipping charges. ▪ 6.2 Due Date;Late Payments.Amounts due for Products and Services may be invoiced by PhishFirewall in full at the earlier of the start of the subscription term, thirty days from Customer's delivery of a Quote to PhishFirewall for processing, or as otherwise expressly provided in the Quote. Customer agrees to pay the net amount of each invoice without offset or deduction within thirty(30)days after the date of PhishFirewall's invoice (unless otherwise noted on the invoice). If any undisputed amount is not paid by Customer within fifteen(15) days'notice of late payment, PhishFirewall will be entitled to receive the amount due plus interest thereon at a rate of 1.5%per month(or the 47A7t phishfirewall phishfirewall Proposal highest rate permitted by applicable law) on all undisputed amounts that are not paid on or before the date due.Customer will also pay all of PhishFirewall's reasonable costs of collection including,but not limited to,reasonable attorneys'fees. • 6.3 Disputed Payments. Customer has the right, in good faith, to dispute all or a portion of an invoice prior to its due date. PhishFirewall will not collect interest on disputed amounts in the event Customer provides PhishFirewall with written notice, prior to the due date,that Customer disputes such charges,pays all undisputed charges on time,and cooperates diligently to resolve the dispute. 7. Confidentiality. • 7.1 Confidential Information.During the Term, each party may disclose to the other certain Confidential Information to the other party. Notwithstanding the foregoing, Confidential Information does not include information that: (a)is or becomes publicly available through no breach by the Receiving Party of this Agreement; (b) was previously known to the Receiving Party prior to the date of disclosure, as evidenced by contemporaneous written records;(c)was acquired from a third party without any breach of any obligation of confidentiality; (d) was independently developed by a party hereto without reference to Confidential Information of the other party; or (e) is required to be disclosed pursuant to a subpoena or other similar order of any court or government agency,provided, however,that the party receiving such subpoena or order will promptly inform the other party in writing and provide a copy thereof(unless notice is precluded by the applicable process),and will only disclose that Confidential Information necessary to comply with such subpoena or order. • 7.2 Protection of Confidential Information.Except as expressly provided in this Agreement, the Receiving Party will not use or disclose any Confidential Information of the Disclosing Party without the Disclosing Party's prior written consent, except disclosure to, and subsequent uses by, the Receiving Party's employees or consultants on a need-to-know basis, provided that such employees or consultants have executed written agreements restricting use or disclosure of such Confidential Information that are at least as restrictive as the Receiving Party's obligations under this Section.Subject to the foregoing nondisclosure and non-use obligations,the Receiving Party will use at least the same degree of care and precaution that it uses to protect the confidentiality of its own Confidential Information and trade secrets of similar nature, but in no event less than reasonable care. Each party acknowledges that due to the unique nature of the other party's Confidential Information, the Disclosing Party will not have an adequate remedy in money or damages in the event of any unauthorized use or disclosure of its Confidential Information. In addition to any other remedies that may be available in law, in equity, or otherwise, the Disclosing Party shall be entitled to seek injunctive relief to prevent such unauthorized use or disclosure. • 7.3 Return and Destruction of Materials.All documents and other tangible objects containing or representing Confidential Information that have been disclosed by either party to the other party,and all summaries,copies,descriptions,excerpts,or extracts thereof that are in the possession of the other party will be, and remain, the property of the Disclosing Party and will be promptly returned to the Disclosing Party. The Receiving Party will use reasonable efforts to promptly delete or destroy all summaries,copies,descriptions,excerpts,or extracts thereof in their possession upon the Disclosing Party's written request.The Receiving Party will have no obligation to delete or destroy copies that: (a) are contained in an archived computer system backup that were made in accordance with such party's security, e-mail retention, and/or disaster recovery procedures; or (b) are kept by a party for record-keeping,archival,or governance purposes in compliance with such party's document retention policies. Any such retained Confidential Information will remain subject to the terms and conditions of this Agreement for so long as it is retained. Notwithstanding the return or destruction of the Confidential Information,the Receiving Party will continue to be bound by its confidentiality and other obligations hereunder in accordance with the terms of this Agreement.At the Disclosing Party's option,the Receiving Party will provide written certification of its compliance with this Section. 8. Warranties and Disclaimers. phishfirewall phishfirewall Proposal • 8.1 Product Warranties,All purchased Products will materially conform to their then-current Documentation and during the applicable subscription term,PhishFirewall will not materially decrease the overall functionality of the Products.Customer must notify PhishFirewall of any breach of this warranty within thirty (30) days of discovery of the breach.Customer's sole and exclusive remedy,and PhishFirewall's sole and exclusive liability, for a breach of the foregoing warranty, will be for PhishFirewall to provide Product Support to repair or replace the relevant Product within thirty (30) days of such notice of non-conformity.If PhishFirewall is unable to remedy such non-conformity within the period to cure,Customer will be entitled to terminate the relevant Quote and be issued a refund for any pre-paid,unearned fees for the affected portion of the Products. PhishFirewall will not be responsible for any breach of the foregoing warranty resulting from Customer's abuse or misuse of the Product or failure to use the Product as described in this Agreement,including failure to use the Product in accordance with its operational requirements. Customer is required to sufficiently detail the non-conformity in a manner that allows PhishFirewall to properly assist with the remediation. PhishFirewall will not be responsible for delays in remediation caused by Customer's failure to respond to requests by PhishFirewall. Customer understands that the Products will only operate in accordance with PhishFirewall's Documentation, and it is Customer's responsibility to ensure that the Products will be fit for its purposes and to ensure that the Products will be supported by Customer's technology and business environment. ▪ 8.2 Service Warranties.PhishFirewall warrants that PhishFirewall will provide the Services in a professional, workmanlike manner consistent with this Agreement. Customer must notify PhishFirewall of any breach of this warranty within thirty(30)days of discovery of the breach. Customer's sole and exclusive remedy,and PhishFirewall's sole and exclusive liability,for a breach of the foregoing warranty will be for PhishFirewall, in its sole discretion,to use reasonable efforts to re-perform the Services or terminate the relevant Quote and issue a refund for the portion of pre-paid fees for the non-conforming Services. • 8.3 Compliance Warranties. Each party warrants that it will comply with all laws and regulations applicable to its provision or use of the Products and Services,as applicable(including applicable security breach notification laws). ▪ 8.4 Disclaimers.EXCEPT FOR THE LIMITED WARRANTIES IN THIS SECTION: (A)THE PRODUCTS AND SERVICES ARE PROVIDED"AS IS," WITH ALL FAULTS, AND WITHOUT WARRANTIES OF ANY KIND; AND (B) PHISHFIREWALL EXPRESSLY DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, QUIET ENJOYMENT, QUALITY OF INFORMATION, TITLE, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE. PHISHFIREWALL DOES NOT WARRANT THAT THE OPERATION OF THE PRODUCTS WILL BE UNINTERRUPTED OR ERROR-FREE OR THAT DEFECTS IN THE PRODUCTS WILL BE CORRECTED. NO ORAL OR WRITTEN INFORMATION, MARKETING, OR PROMOTIONAL MATERIALS,OR ADVICE GIVEN BY PHISHFIREWALL OR PHISHFIREWALL'S AUTHORIZED REPRESENTATIVES WILL CREATE A WARRANTY OR IN ANY WAY INCREASE THE SCOPE OF THE EXPRESS WARRANTIES PROVIDED HEREIN. THE INFORMATION PRESENTED IS NOT LEGAL ADVICE AND IS NOT TO BE ACTED ON AS SUCH.THE PRODUCTS MAY CONTAIN THE TRADE NAMES OR TRADEMARKS OF VARIOUS THIRD PARTIES AND,IF SO,ANY SUCH USE IS FOR ILLUSTRATIVE AND EDUCATIONAL PURPOSES ONLY. ALL PRODUCT AND COMPANY NAMES ARE PROPERTY OF THEIR RESPECTIVE OWNERS. USE OR DISPLAY OF THE MARKS DOES NOT IMPLY ANY AFFILIATION WITH, ENDORSEMENT BY,OR ASSOCIATION OF ANY KIND BETWEEN SUCH THIRD PARTIES AND PHISHFIREWALL. • 8.5THE PRODUCTS AND SERVICES MAY BE USED TO ACCESS AND TRANSFER INFORMATION OVER THE INTERNET. CUSTOMER ACKNOWLEDGES AND AGREES THAT PHISHFIREWALL AND ITS VENDORS AND LICENSORS DO NOT OPERATE OR CONTROL THE INTERNET AND THAT: (A) VIRUSES, WORMS,TROJAN HORSES, OR OTHER UNDESIRABLE DATA OR SOFTWARE;OR(B)UNAUTHORIZED USERS(E.G., HACKERS) MAY ATTEMPT TO OBTAIN ACCESS TO, AND DAMAGE, CUSTOMER DATA, WEB-SITES, COMPUTERS, OR NETWORKS. PHISHFIREWALL WILL NOT BE RESPONSIBLE FOR THOSE ACTIVITIES. FURTHER, EACH PARTY DISCLAIMS ALL LIABILITY AND INDEMNIFICATION OBLIGATIONS FOR ANY HARM OR DAMAGES CAUSED BY ANY THIRD-PARTY HOSTING PROVIDERS. phishfirewall phishfirewall Proposal 9. Indemnification. • 9.1 PhishFirewall Indemnity Obligations.PhishFirewall will defend and indemnify Customer from any and all claims, losses, deficiencies, damages, liabilities, costs, and expenses (including, but not limited to, reasonable attorneys' fees) finally awarded against Customer, as approved via a court-approved settlement, or via binding mediation or arbitration arising from a claim by a third party that Customer's authorized use of a Product infringes that third party's United States patent, copyright, or trade secret rights. The foregoing indemnification obligation of PhishFirewall is contingent upon Customer promptly notifying PhishFirewall in writing of such claim(provided the failure or delay in doing so will not relieve PhishFirewall from any obligations to indemnify Customer except to the extent that such delay or failure materially prejudices the defense of such claim), permitting PhishFirewall sole authority to control the defense or settlement of such claim and providing PhishFirewall reasonable assistance (at PhishFirewall's sole expense) in connection therewith. If a claim of infringement under this Section occurs, or if PhishFirewall determines a claim is likely to occur, PhishFirewall will have the right, in its sole discretion, to either (a) procure for Customer the right or license to continue to use the Products free of the infringement claim;or(b)modify the Products to make them non-infringing, without loss of material functionality. If neither of these remedies is reasonably available to PhishFirewall, PhishFirewall may, in its sole discretion, immediately terminate this Agreement and related Quote and, upon return of the infringing Products from Customer, provide a prorated refund for any prepaid, unused fees for such Products for the remainder of the applicable subscription Term. Notwithstanding the foregoing, PhishFirewall will have no obligation with respect to any claim of infringement that is based upon or arises out of: (a)the use or combination of the Products with any third-party software,process, products,data,service,or other materials not provided by PhishFirewall; (b) modification or alteration of the Products by anyone other than PhishFirewall; (c)use of the Products in excess of the rights granted in this Agreement; or (d) any specifications or other intellectual property provided by Customer (collectively, the "Excluded Claims"). The provisions of this Section state the sole and exclusive obligations and liability of PhishFirewall and its licensors and suppliers for any claim of intellectual property infringement arising out of or relating to the Products or this Agreement,and are in lieu of any implied warranties of non-infringement,all of which are expressly disclaimed. • 9.2 Customer Indemnity Obligations.Customer will defend and indemnify PhishFirewall and hold it harmless from any and all claims, losses, deficiencies, damages, liabilities, costs, and expenses (including, but not limited to, reasonable attorneys'fees) incurred by PhishFirewall as a result of any claim by a third party arising from: (a) Customer's use of the Products in breach of this Agreement, (b) PhishFirewall's authorized use of the Customer Data; or (c) the Excluded Claims. The foregoing indemnification obligation of Customer is contingent upon PhishFirewall promptly notifying Customer in writing of such claim (provided the failure or delay in doing so will not relieve Customer from any obligations to indemnify PhishFirewall except to the extent that such delay or failure materially prejudices the defense of such claim), permitting Customer sole authority to control the defense or settlement of such claim,provided that Customer may not settle any such claim unless it unconditionally releases PhishFirewall of all liability, and providing Customer reasonable assistance (at Customer's sole expense)in connection therewith. 10. Limitations of Liability. • 10.1 NEITHER PHISHFIREWALL NOR ITS VENDORS OR LICENSORS WILL HAVE ANY LIABILITY TO CUSTOMER OR ANY THIRD PARTY FOR ANY LOSS OF PROFITS, SALES, BUSINESS, DATA, OR OTHER INCIDENTAL, CONSEQUENTIAL, OR SPECIAL LOSS OR DAMAGE, INCLUDING EXEMPLARY AND PUNITIVE DAMAGES, OF ANY KIND OR NATURE RESULTING FROM, OR ARISING OUT OF,THIS AGREEMENT, THE PRODUCTS, AND ANY SERVICES RENDERED HEREUNDER. THE TOTAL LIABILITY OF PHISHFIREWALL AND ITS VENDORS AND LICENSORS TO CUSTOMER OR ANY THIRD PARTY ARISING OUT OF THIS AGREEMENT, THE PRODUCTS, AND ANY SERVICES RENDERED HEREUNDER FOR ANY AND ALL CLAIMS OR TYPES OF DAMAGES WILL NOT EXCEED THE TOTAL FEES PAID OR PAYABLE HEREUNDER BY t) phishfirewall phishfirewall Proposal CUSTOMER FOR THE PRODUCT OR SERVICE AS TO WHICH THE LIABILITY RELATES, IN THE TWELVE (12)MONTHS PRIOR TO THE FIRST EVENT GIVING RISE TO LIABILITY. The allocations of liability in this Section represent the agreed,bargained-for understanding of the parties and PhishFirewall's compensation hereunder reflects such allocations.The limitation of liability and types of damages stated in this Agreement are intended by the parties to apply, regardless of the form of lawsuit or claim a party may bring,whether in tort,contract,or otherwise,and regardless of whether any limited remedy provided for in this Agreement fails of its essential purpose. 11. Term and Termination. • 11.1 This Agreement will be effective as of the Effective Date and will remain in full force and effect until all Quote terms have expired or otherwise have been terminated("Term"). • 11.2 Suspension.In the event PhishFirewall, in good faith, believes or otherwise becomes aware of a User's violation of this Agreement, then PhishFirewall may specifically request that Customer suspend such User's access to, and use of,the Products.In the event Customer fails to suspend such non-compliant User, Customer hereby authorizes PhishFirewall to suspend such User. The duration of such suspension is at the sole determination of PhishFirewall and will continue until such time as PhishFirewall determines that the applicable User has cured the breach resulting in such suspension. PhishFirewall may also suspend access to, and use of, the Products with respect to any individual User or the Customer account to: (a) prevent damages to, or degradation of, the Products or PhishFirewall's systems;(b)comply with any law, regulation, court order, or other governmental request; or (c) otherwise protect PhishFirewall from potential legal liability.Any such suspension will be to the minimum extent and of the minimum duration required to prevent or terminate the cause of the suspension. • 11.3 Termination. • 11.3.1 If Customer fails to pay any invoice when due and does not make such payment within fifteen(15)days after receipt of notice from PhishFirewall of such failure, PhishFirewall may, in its sole discretion, either: (a) suspend delivery or performance of any Quote,or any remaining balance thereof,until such payment is made;or(b)terminate any Quote.In either event,Customer will remain liable to pay for the Products and Services. • 11.3.2 Either party may terminate the Agreement or a Quote upon a material breach of the Agreement or Quote by the other, if the breaching party does not cure the breach within thirty(30)days after receipt of written notice from the other party specifying the breach. • 11.3.3 Customer may terminate this Agreement or any applicable Quote at any time and for any reason upon providing thirty(30)days' written notice to PhishFirewall,provided Customer will not be entitled to reimbursement or relief of its future payment obligations. • 11.4 Effects of Termination. • 11.4.1 In the event of any termination of the Agreement or Quote without cause by Customer,or for cause by PhishFirewall,Customer will pay for all Products and Services ordered as of the effective date of termination of the particular Quote.In addition,if a Quote specifies a term for which PhishFirewall will provide Products or Services to Customer(e.g., thirty-six (36) months), and that Quote is terminated by PhishFirewall for cause (including nonpayment) or by Customer without cause, then all future, recurring fees associated with the remaining term of such Quote will become immediately due and payable, and will be paid by Customer to PhishFirewall upon the effective date of such termination. phIShfirewall phushfirewall Proposal • 11.4.2 Upon any termination, Customer's right to use and access the Products and Services will immediately cease. Customer must return or destroy all copies (original and duplicates) of such Products and Services, in accordance with this Agreement. Upon request by PhishFirewall,Customer must provide to PhishFirewall a certification of destruction. • 11.4.3 During the applicable subscription term, Customer will have the ability to download a copy of its Customer Data contained in the Products in the form and format as such Customer Data exists in the Products. Upon termination of this Agreement or applicable subscription term, PhishFirewall will have the right to delete or destroy all Customer Data in PhishFirewall, or in PhishFirewall's agents' possession. Notwithstanding the forgoing, PhishFirewall will be permitted to retain copies of data contained in an archived computer system backup that: (a) was made in accordance with its security, e-mail retention, and/or disaster recovery procedures; or (b) are kept by PhishFirewall for record-keeping, archival, or governance purposes in compliance with PhishFirewall's document retention policies. Any such retained data will remain subject to the provisions of this Agreement for so long as it is retained. • 11.4.4 The exercise of the right to terminate this Agreement and any Quote will be in addition to any other rights or remedies provided in this Agreement,or existing at law or equity,that are not otherwise excluded or limited under this Agreement. 12. Miscellaneous Provisions. • 12.1 US. Governmental Rights.The software Products and Services consist of commercial items and are commercial computer software as described in DFARS 252.227-7014(a)(1) and FAR 2.101. If acquired by or on behalf of any the Department of Defense or any component thereof, the U.S. Government acquires this commercial computer software and/or commercial computer software documentation subject to the terms of this Agreement as specified in DFARS 227.7202-3,Rights in Commercial Computer Software or Commercial Computer Software Documentation. If acquired by or on behalf of any civilian agency,the U.S.Government acquires this commercial computer software and/or commercial computer software documentation subject to the terms of this Agreement as specified in FAR 12.212,Computer Software. • 12.2 Independent Contractor.PhishFirewall, its personnel,agents,subcontractors and independent contractors are not employees or agents of Customer and are acting as independent contractors with respect to Customer. Neither party is, nor will be, considered to be an agent; distributor; partner;joint venture; or representative of the other party for any purpose,and neither party will have the authority to act on behalf of,or in the name of,or to bind,the other party in any manner whatsoever. • 12.3 Force Majeure.Neither party to this Agreement will be liable for delays or failures in performance under this Agreement(other than the payment obligations or breach of confidentiality requirements) resulting from acts or events beyond the reasonable control of such party, including acts of war, terrorism, acts of God, natural disasters (fires, explosions, earthquakes, hurricane, flooding,storms,explosions, infestations), embargos, riots, sabotage, governmental acts, failure of the Internet, power failures, energy interruptions or shortages, other utility interruptions, or telecommunications interruptions, provided that the delayed party: (a) gives the other party notice of such cause without undue delay;and(b)uses its reasonable commercial efforts to promptly correct such failure or delay in performance. • 12.4 Entire Agreement;Construction; Modifications.This Agreement, including any and all Quotes, constitutes the entire understanding between the parties related to this Agreement which understanding supersedes and merges all prior understandings and all other proposals, letters, agreements, whether oral or written. The parties further agree that there are no other inducements, warranties, representations, or agreements regarding the matters herein between the parties except as expressly set forth in this Agreement.In the event of any conflict between the body of this Agreement and any Quote, or additional agreements entered into by the parties, the body of this Agreement will control, unless otherwise expressly stated in a signed writing by authorized representatives of the parties.In the event that the phlShfirewall phishfirewall Proposal Customer or Users are presented with PhishFirewall click-wrap, the contents of this Agreement will supersede any conflicting terms.As used herein, the term "including" will mean "including, without limitation'; the term "includes" as used herein will mean "includes, without limitation"; and terms appearing in the singular will include the plural, and terms appearing in the plural will include the singular. This Agreement may not be modified, amended, or altered in any manner except by a written agreement signed by authorized representatives of the parties,and any attempt at oral modification will be void and of no effect. • 12.5 Assignment.This Agreement may not be assigned or transferred by either party without the prior written consent of the other party, which consent will not be unreasonably withheld, conditioned, or delayed. Notwithstanding the foregoing, either party may assign its rights and obligations under this Agreement,in whole but not in part,without the other party's permission,to an Affiliate(provided previously purchased licenses, access rights, and Seats for the Products and Services will not be assignable or transferable without written consent from PhishFirewall) or in connection with any merger, consolidation, sale of all or substantially all of such assigning party's assets, or any other similar transaction, provided, that the assignee: (a)is not a direct competitor of the non-assigning party;(b)is capable of fully performing the obligations of the assignor under this Agreement;and(c)agrees to be bound by the provisions of this Agreement. • 12.6 No Waiver.The waiver or failure of either party to exercise any right in any respect provided for herein will not be deemed to be a waiver of any further right. • 12.7 Purchase Order. PHISHFIREWALL SPECIFICALLY OBJECTS TO ANY ADDITIONAL TERMS BEING ADDED THROUGH A CUSTOMER PROVIDED PURCHASE ORDER OR SIMILAR DOCUMENT. IF A PURCHASE ORDER IS REQUIRED BY CUSTOMER, THE PARTIES AGREE THAT ANY ADDITIONAL TERMS CONTAINED THEREIN WILL NOT BECOME PART OF THE AGREEMENT BETWEEN THE PARTIES AND,SPECIFICALLY, THAT THE TERMS OF THIS AGREEMENT WILL SUPERSEDE AND REPLACE ANY AND ALL TERMS IN ANY PURCHASE ORDER. • 12.8 Survivability.All provisions of this Agreement relating to confidentiality, non-disclosure, intellectual property, disclaimers, limitation of liability, indemnification, payment, and any other provisions which must survive in order to give effect to their meaning will survive the termination of this Agreement. • 12.9 Severability.If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law,the provision will be deemed null and void,and the remaining provisions of this Agreement will remain in effect. o 12.10 Notices.Except as otherwise specified in this Agreement, all notices related to this Agreement will be in writing and will be effective upon (a) personal delivery, (b)the third business day after mailing, or (c) the day of sending by email. All notices from Customer pertaining to contractual or legal matters (i.e. breach of contract, termination, indemnifiable claims, etc.) must clearly be identified and marked as Legal Notices to the address listed below. Billing-related notices to Customer will be addressed to the relevant billing contact designated by Customer.All other notices to Customer will be addressed to the relevant account administrator designated by Customer. o 12.11 Headings; Counterparts; Electronic Signatures.The headings contained in this Agreement are for purposes of convenience only and shall not affect the meaning or interpretation of this Agreement. This Agreement may be executed in two or more original or facsimile counterparts, each of which will be deemed an original,but all of which together shall constitute one and the same instrument.The parties agree that the electronic signature of a party to this Agreement shall be as valid as an original signature of such party and shall be effective to bind such party to this Agreement. The parties agree that any electronically signed document(including this Agreement)shall be deemed (i) to be"written"or"in writing,"(ii) to have been signed and (iii) to constitute a record established and maintained in the ordinary course of business and an original written record when printed from electronic files.Such paper copies or"printouts,"if introduced as evidence in any judicial, arbitral, mediation or administrative proceeding, will be admissible as between the parties to the same extent and under the phishfirewall phiShfirewall Proposal same conditions as other original business records created and maintained in documentary form. For purposes hereof,"electronic signature" means a manually-signed original signature that is then transmitted by electronic means;"transmitted by electronic means"means sent in the form of a facsimile or sent via the internet as a "pdf"(portable document format)or other replicating image attached to an e-mail message; and, "electronically signed document" means a document transmitted by electronic means and containing, or to which there is affixed, an electronic signature. Definitions: • "Active User(s)"means Customer's Users with active assigned Seats. • "Confidential Information"means all information or material disclosed by a party (the"Disclosing Party") to the other party (the"Receiving Party"), whether orally or in writing, which: (a) gives either party some competitive business advantage or opportunity of obtaining some competitive business advantage,or the disclosure of which may be detrimental to the interests of the Disclosing Party;and(b) is either(i) marked"Confidential,""Restricted,"""Proprietary,"or includes other similar markings, (ii) known by the parties to be confidential and proprietary,or(iii)from all the relevant circumstances should reasonably be assumed to be confidential and proprietary.The Products and Services are deemed Confidential Information of PhishFirewall. • "PhishFirewall"means PhishFirewall,Inc. • "Products" means any Software, Services, and/or Web Hosted Services that PhishFirewall offers to Customer, including any Documentation. • "Product Support"means any maintenance and support of any Products provided by PhishFirewall. • "Quote" means a purchasing document or other similar document, such as a purchase order or statement of work("SOW"), in connection with a purchase under this Agreement. • "Seat(s)"refers to the number of Users permitted access to the Products and/or Services pursuant to the user count purchased via a Quote. • "Services"means any professional services, including implementation and installation services, managed services,or consultancy services, agreed upon by the parties,and set forth in a Quote or any additional Product Support purchased pursuant to a Quote.PhishFirewall may require Customer to enter into a statement of work('SOW")detailing the Services to be performed. • "Software" means the object code version of any software that may be licensed by Customer under this Agreement for installation on Customer's systems. To the extent PhishFirewall delivers any updates or enhancements to Customer as part of Product Support, such updates and enhancements will be deemed included in the definition of"Software." • "User(s)" means any of Customer's employees or its other third parties to whom Customer gives access to the Products and Services. • "Web Hosted Services"means an application and/or database product hosted by PhishFirewall or its agents and made available for remote access and use by Customer under this Agreement. phishfirewall Addendum Requested Revisions to Contract with PhishFirewall Nov 13, 2024 Kelly Konkright Tony Beattie 5.3 FOIA and Public Disclosure Requests. The purpose of the relationship between PhishFirewall and Customer is for Customer to purchase a subscription to the Products and Services that contain software, content, and information related to internet security awareness training, IT risk management, regulatory compliance,simulation of security attacks, vulnerability assessments, and other product and service offerings.The Products, Services, and any Confidential Information disclosed is proprietary to PhishFirewall and is an important business asset of PhishFirewall (the "Proprietary Information").The Proprietary Information consists of protected financial data,trade secrets, and commercially valuable information that, if disclosed, would harm the competitive position of PhishFirewall. In the event of a request for disclosure of PhishFirewall's information, including any training materials, Customer will affirmatively respond to the requestor that the information may be exempt from public disclosure under the Washington Public Records Act("PRA") and will be disclosed only if agreed to by PhishFirewall, or PhishFirewall does not, within thirty(30) days after receiving notice of the request, obtain an order preventing disclosure of the subject Proprietary Information. Customer shall notify PhishFirewall of any request encompassing PhishFirewall's Proprietary Information within five(5) business days after receiving such request. Such notice shall include a copy of the request. If,within thirty(30) calendar days of receiving notice from Customer, PhishFirewall does not obtain a lawful court order which prevents disclosure of the subject Proprietary Information,then Customer may release the information provided that any such disclosure will be limited to the minimum necessary to be in compliance with the request as determined by Customer's legal counsel. Customer will not release any such information except pursuant to written instructions by PhishFirewall, pursuant to a court order, or U f;,,el u„ epp,..eleLL ca., in the event PhishFirewall does not obtain a court order preventing disclosure within the above timeframe., prewel'ed L.„J ..p„„ ll,. s,p;.,;„,„.,f i-If Customer cannot agree to the foregoing, then Customer is not permitted access to the Proprietary Information. 7.2 Protection of Confidential Information.The provisions and procedures identified in paragraph 5.3 relating to disclosure of Proprietary Information in response to public records request apply to public records requests which, either partially or in total, seek disclosure of Confidential Information. Except as expressly provided in this Agreement, the Receiving Party will not use or disclose any Confidential Information of the Disclosing Party without the Disclosing Party's prior written consent, except disclosure to, and subsequent uses by,the Receiving Party's employees or consultants on a need-to-know basis, provided that such employees or consultants have executed written agreements restricting use or disclosure of such Confidential Information that are at least as restrictive as the Receiving Party's obligations under this Section. Subject to the foregoing nondisclosure and non-use obligations,the Receiving Party will use at least the same degree of care and precaution that it uses to protect the confidentiality of its own Confidential Information and trade secrets of similar nature, but in no event less than reasonable care. Each party acknowledges that due to the unique nature of the other party's Confidential Information,the Disclosing Party will not have an adequate remedy in money or damages in the event of any unauthorized use or disclosure of its Confidential Information. In addition to any other remedies that may be available in law, in equity, or otherwise,the Disclosing Party shall be entitled to seek injunctive relief to prevent such unauthorized use or disclosure. 9. Indemnification. 9.1 PhishFirewall Indemnity Obligations. PhishFirewall will defend and indemnify Customer from any and all claims, losses, deficiencies, damages, liabilities, costs, and expenses (including, but not limited to, reasonable attorneys'fees)finally awarded against Customer by any tribunal exercising lawful jurisdiction, as approved via a court-approved settlement, or via binding mediation or arbitration arising from a claim by a third party that Customer's authorized use of a Product infringes that third party's United States patent, copyright, or trade secret rights.The foregoing indemnification obligation of PhishFirewall is contingent upon Customer promptly notifying PhishFirewall in writing of such claim (provided the failure or delay DocuSign Envelope ID: 7011FECA-7B32-4AFB-8FEC-57EE71EAC55F in doing so will not relieve PhishFirewall from any obligations to indemnify Customer except to the extent that such delay or failure materially prejudices the defense of such claim), permitting PhishFirewall sole authority to control the defense or settlement of such claim provided that PhishFirewall may not settle any such claim unless it unconditionally releases Customer of all liability, and providing PhishFirewall reasonable assistance (at PhishFirewall's sole expense) in connection therewith. If a claim of infringement under this Section occurs, or if PhishFirewall determines a claim is likely to occur, PhishFirewall will have the right, in its sole discretion,to either(a) procure for Customer the right or license to continue to use the Products free of the infringement claim; or(b) modify the Products to make them noninfringing, without loss of material functionality. If neither of these remedies is reasonably available to PhishFirewall, PhishFirewall may, in its sole discretion, immediately terminate this Agreement and related Quote and, upon return of the infringing Products from Customer, provide a prorated refund for any prepaid, unused fees for such Products for the remainder of the applicable subscription Term. Notwithstanding the foregoing, PhishFirewall will have no obligation with respect to any claim of infringement that is based upon or arises out of: (a) the use or combination of the Products with any third-party software, process, products, data, service, or other materials not provided by PhishFirewall; (b) modification or alteration of the Products by anyone other than PhishFirewall; (c) use of the Products in excess of the rights granted in this Agreement; or(d) any specifications or other intellectual property provided by Customer(collectively,the "Excluded Claims").The provisions of this Section state the sole and exclusive obligations and liability of PhishFirewall and its licensors and suppliers for any claim of intellectual property infringement arising out of or relating to the Products or this Agreement, and are in lieu of any implied warranties of non-infringement, all of which are expressly disclaimed. 9.2 Customer Indemnity Obligations. Customer will defend and indemnify PhishFirewall and hold it harmless from any and all claims, losses, deficiencies, damages, liabilities, costs, and expenses (including, but not limited to, reasonable attorneys' fees) incurred by PhishFirewall as a result of any claim by a third party arising from: (a) Customer's use of the Products in breach of this Agreement, (b) PhishFirewall's authorized use of the Customer Data; or(c)the Excluded Claims.The foregoing indemnification obligation of Customer is contingent upon PhishFirewall promptly notifying Customer in writing of such claim (provided the failure or delay in doing so will not relieve Customer from any obligations to indemnify PhishFirewall except to the extent that such delay or failure materially prejudices the defense of such claim), permitting Customer sole authority to control the defense or settlement of such claim, provided that Customer may not settle any such claim unless it unconditionally releases PhishFirewall of all liability, and providing Customer reasonable assistance (at Customer's sole expense) in connection therewith. 11.1 This Agreement will be effective as of the Effective Date and will remain in full force and effect during the term as set forth in the Quote (the "Initial Term"). This Agreement will automatically renew at the end of the Initial Term and annually thereafter(each, a "Renewal Term",together with the Initial Term,the "Term"), unless Customer elects to terminate this Agreement as set forth herein. -('The prices for any Renewal Term shall be PhishFirewall's then current price for such Products and Services. Such prices shall be sent to Customer on September 1 of each year for Customer consideration. In the event that PhishFirewall does not send Customer the proposed prices for the Renewal Term by September 1, Customer may, in its sole discretion, elect to renew the Agreement for a Renewal Term at the price set for in the Quote for the Initial Term. 12.10 Notices. Except as otherwise specified in this Agreement, all notices related to this Agreement will be in writing and will be effective upon (a) personal delivery, (b)the third business day after mailing, or(c)the day of sending by email (unless sent on a non-business day, in which case it will be deemed effective on the first following business day).All notices f.„,,, pertaining to contractual or legal matters (i.e. breach of contract,termination, indemnifiable claims, etc.) must clearly be identified and marked as Legal Notices.Customer shall send such eerotrnct reicontractual/legal notices to PhishFirewall at 120 Holms Ave NE,Suite 305, Huntsville,AL 35801. Billing-related notices to Customer will be addressed to the relevant billing contact designated by Customer. All other notices to Customer will be addressed to the relevant account administrator designated by Customer.