2021© | Arete Security, Inc. 6671 South Las Vegas Blvd, Bldg. D, Suite 210, Las Vegas, Nevada 89119

MASTER SOFWARE AS A SERVICE AGREEMENT

January 2020

THIS DRUVSTAR (“DRUVSTAR”) MASTER SOFTWARE AS A SERVICE AGREEMENT (THE “MSSA”) APPLIES TO CUSTOMERS THAT PURCHASE SERVICES FROM DRUVSTAR, AS IDENTIFIED ON THE APPLICABLE SERVICE ORDER (DEFINED BELOW).  CUSTOMERS ARE ADVISED TO READ THIS MSSA CAREFULLY BEFORE PURCHASING OR USING DRUVSTAR SERVICES. IF CUSTOMER DOES NOT AGREE TO BE BOUND BY TERMS OF THIS MSSA, THEN THEY MUST NOT PURCHASE OR USE THE DRUVSTAR SERVICES BEING SOLD OR OFFERED BY DRUVSTAR. THIS MSSA IS EFFECTIVE UPON THE CUSTOMER’S ACCEPTANCE OF THIS MSSA (BY EXECUTING AN ORDERING DOCUMENT WITH DRUVSTAR THAT REFERENCES THIS MSSA). IF YOU ARE ACTING ON BEHALF OF A CUSTOMER ENTITY, YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO ENTER INTO THIS MSSA ON BEHALF OF SUCH CUSTOMER ENTITY.

1. DEFINITIONS

1.1 “Claim” means any third-party claim that the Services, when used in accordance with this MSSA, infringe any United States patent, copyright or trademark of a third party.

1.2 “Confidential Information” means any written, machine-reproducible and/or visual materials that are clearly labeled as proprietary, confidential, or with words of similar meaning, and all information that is orally or visually disclosed, if not so marked, if it is identified as proprietary or confidential at the time of its disclosure or in a writing provided to the receiving party within thirty (30) days after disclosure.

1.3 “Customer Indemnitees” means Customer and its directors, officers, employees and agents.

1.4 “Documentation” means any online information, product and service descriptions, technical specifications, manuals and materials made available to the Customer, relating to the use of the Services.

1.5 “Fees” means the fees for Services described on an applicable Service Order.

1.6 “Force Majeure Event” has the meaning set forth in Section 12.7 of this MSSA.

1.7 “MSSA” means this Master Software as a Service Agreement, including any amendments, addenda, attachments, exhibits or schedules hereto entered into by DruvStar and Customer, and all Service Orders by and between DruvStar and the Customer that incorporate this MSSA by reference, which govern all Services provided by DruvStar to Customer.

1.8 “Reports” means data reports that contain the results of the work performed by DruvStar for the Services.

1.9 “Service Order” means any (i) duly executed DruvStar service(s) quote or order, (ii) duly executed statement of work, (iii) duly executed order form or (iv) DruvStar quote with corresponding purchase order incorporating a reference to the DruvStar quote number, provided for the purpose of acquiring the Services and that incorporates this MSSA by reference, and contains a description of the Services ordered by Customer and the applicable Fees and term of the Service Order. 

1.10 “Services” means the cybersecurity testing, training or operational services (including the associated software and access to DruvStar’s or DruvStar partner’s hosted software application, if any) provided on a recurring subscription or one-time basis, as further described on an applicable Service Order.

1.11 “Term” means one (1) year from the Effective Date of this MSSA or longer as described in Section 3.1 and shall include any auto-renewals pursuant to Section 3.1 of this MSSA.

1.12 “Training” means any computer-based training or onsite training provided by DruvStar. 

1.13 “Training Materials” means any training materials and handouts provided to Customer as part of the Training, including, but not limited to, documents, data, drawings, models, code, applications and reports, and associated software and materials, including any modifications or improvements thereof.  Training Materials may include third party materials licensed to DruvStar.

2. LICENSE

During the Term and subject to the terms and conditions of this MSSA, DruvStar shall provide to Customer a limited, non-exclusive, non-transferable license to use and access the (i) Services set forth in a Service Order; and (ii) the associated Documentation and Training Materials, if any; subject to any additional terms and conditions required by any third party providers, as described in a Service Order. Such license grant for the Training Materials is provided solely for Customer’s internal use by one named user, and expressly prohibits use of the Training Materials for production or commercial purposes.  Unless otherwise specified in a Service Order, the terms of this MSSA will govern the Service Order and any Services provided by DruvStar to Customer.  This MSSA shall take precedence over any other agreements, contracts or general terms that Customer may have entered into as it relates to the Services only. A Service Order is an integral part of this MSSA and is fully incorporated herein.

3. TERM AND TERMINATION

3.1 Term.  This MSSA shall commence upon the Effective Date and shall continue for the duration of the Term. Each Service Order shall commence as set forth in such Service Order.  Unless terminated in accordance with this Section 3 prior to the end of the Term, this MSSA shall automatically renew for additional, successive one (1) year terms, unless either party notifies the other party in writing of its intent not to renew at least thirty (30) days prior to the end of the Term.  Notwithstanding any notice of non-renewal provided by a party to this MSSA, or other expiration or termination of this MSSA, the Term of this MSSA will continue in effect until all Service Orders entered into pursuant to this MSSA have expired or been terminated. 

3.2 Termination.  Either party may terminate this MSSA or a Service Order immediately if the other party fails to cure a material breach (which in the case of Customer includes failure to follow the requirements of Section 6 and in the case of DruvStar includes failure to follow the requirements of Section 10) within ninety (90) days after receipt of written notice thereof.   

3.3 Effect of Termination. Following the termination or non-renewal of this MSSA, DruvStar will cease providing the Services. The customer agrees to pay for Services rendered until the date of termination.

4. SUPPORT SERVICES

A description of the support services provided by DruvStar along with the Services are described here in the Service Order.  Customer may procure additional support as set forth in an applicable Service Order.

5. PROPRIETARY RIGHTS

5.1 Infrastructure and Applications Environment.  Customer hereby grants DruvStar the right to access, use, assess and test the Infrastructure, Application(s) and/or API(s) (“Environment”) in connection with providing Services.  Customer acknowledges and agrees that DruvStar’s access and use of such Environment is not subject to any “Terms of Use” or other terms or conditions that may be posted on, linked or otherwise provided.  Customer represents that it is either the owner of or has the authority to permit DruvStar to provide Services in connection with such Environment.  Customer shall provide DruvStar adequate written evidence thereof upon DruvStar’s request. In the event any of the Environment is subject to third-party rights, Customer shall indemnify DruvStar for any claims against DruvStar that arise from DruvStar accessing or using such Environment to provide Services.

5.2 Restrictions.  Customer shall not: (a) copy or otherwise reproduce, whether in whole or in part, the Services (or software associated therewith), Documentation, Training or Training Materials; (b) modify or create any derivative work of the Services (or software associated therewith), Documentation, Training, or Training Materials; (c) sell, rent, loan, license, sublicense, distribute, assign or otherwise transfer the Services (or software associated therewith), Documentation, Training or Training Materials; (d) seek or secure direct relationship with any DruvStar partners whose technology or services have been used to provide Services to the Customer during the Term or within three years after Termination of this Agreement for any reason; (e) cause or permit the disassembly, decompilation or reverse engineering of the Services (or software associated therewith), Documentation, Training or Training Materials, or otherwise attempt to gain access to the source code of the Services or software associated therewith; or (f) cause or permit any third party to do any of the foregoing.

5.3 Reservation of Rights.  Each party reserves all rights not expressly granted in this MSSA and no licenses are granted by either party to the other party under this MSSA except as expressly stated in a Service Order, whether by implication, estoppel or otherwise.  DruvStar or its licensors own and retain all right, title and interest (including all intellectual property rights) in and to the Services, Training, Documentation, Training Materials, and associated software, as applicable, including any modifications or improvements thereof.   Subject to the terms of this MSSA, Customer shall own all right, title and interest to all Reports.

6. CUSTOMER RESPONSIBILITIES

Customer acknowledges and agrees that (i) as between Customer and DruvStar it is Customer’s sole responsibility to update, upgrade, replace and maintain own network, equipment, information technology infrastructure and acquire maintenance contracts for those products and services (collectively called Supported Environment), including without limitation, fixing any security vulnerabilities; (ii) the Reports are not guaranteed to show all vulnerabilities in the Supported Environment; (iii) it is Customer’s sole responsibility to test and confirm that any proposed remedial measures referenced in the Reports or otherwise referenced by DruvStar to Customer are appropriate for Customer’s purposes; and (iv) Customer’s use of the Services does not render or guarantee that the Supported Environment will be invulnerable or free from unauthorized access.

Customer further acknowledges and agrees that Customer’s use of the Services starts on the effective date of the Service Order applicable to such Services and the Customer is responsible for providing to DruvStar all relevant data (hostnames, user accounts, API documentation, network diagram, customer point of contacts, and other requested information.) needed to perform the Services. Failure to provide such data does not release Customer from any responsibility in this MSSA. Customer also agrees to notify DruvStar at least forty-eight (48) hours in advance of any scheduled maintenance, network or system administration activity that would affect DruvStar’s ability to perform Services.

6.1 Internet Services. Customer acknowledges and agrees that Customer’s and its users’ use of the Services may be dependent upon access to Internet services.  Customer shall be solely responsible for acquiring and maintaining all Internet services and other hardware and software required for its access and use of the Services, including, without limitation, any and all costs, fees, expenses, and taxes of any kind related to the foregoing.  DruvStar shall not be responsible for any loss or corruption of data, lost communications, or any other loss or damage of any kind arising from any such telecommunications and Internet services.

6.2 Assumption of Scanning Risks. Security Services involve the use of network scanning technology that has inherent risks, including, but not limited to, the loss, disruption, or performance degradation of Customer’s or a third party’s business processes, telecommunications, computer products, utilities, or data (the “Scanning Risks”). When Customer requests network scanning, or any component utilizing network scanning, Customer authorizes DruvStar to perform the network scanning and assumes all risk for adverse consequences resulting from or associated with such component of Services. DruvStar will take reasonable steps to mitigate Scanning Risks; however, Customer understands that Scanning Risks are inherent in the provision of certain computer security services and cannot be eliminated.

6.3 Travel Expenses. Services shall be provided remotely from DruvStar offices, Las Vegas, Nevada.  If required or requested by Customer, DruvStar shall seek approval of any travel and expenses prior to incurring such expense and the Customer shall be responsible for all pre-approved travel expenses incurred by DruvStar during support of Services.

7. PAYMENT TERMS

Promptly following the Effective Date of a Service Order or otherwise as stated on a Service Order: DruvStar will invoice Customer for the Fees; Customer shall provide a purchase order or communicate that no purchase order is required (email acceptable); and Customer shall pay the Fees as set forth on such Service Order.  

8. LIMITATION OF LIABILITY

IN NO EVENT SHALL EITHER PARTY HAVE ANY LIABILITY TO THE OTHER PARTY OR ANY THIRD PARTY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, EXEMPLARY OR CONSEQUENTIAL DAMAGES OR ANY LOST OPPORTUNITY, DATA OR PROFITS, OR THE COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, ARISING OUT OF THIS MSSA, OR ANY EXHIBIT, SERVICE ORDER, SCHEDULE OR ADDENDUM THERETO, UNDER ANY CAUSE OF ACTION OR THEORY OF LIABILITY (INCLUDING NEGLIGENCE OR OTHER TORT), WHETHER OR NOT A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.  EXCEPT WITH RESPECT TO A PARTY’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL EITHER PARTY’S AGGREGATE LIABILITY HEREUNDER FOR ANY CAUSE OF ACTION OR THEORY OF LIABILITY EXCEED THE AMOUNTS PAID BY CUSTOMER TO DRUVSTAR HEREUNDER DURING THE TWELVE (12) MONTH PERIOD PRECEDING THE DATE THE CAUSE OF ACTION AROSE.  THESE LIMITATIONS ARE AN ESSENTIAL BASIS OF THE BARGAIN AND SHALL APPLY NOTWITHSTANDING ANY FAILURE OF THE ESSENTIAL PURPOSE OF ANY REMEDY.

9. CONFIDENTIALITY

9.1 Definition of Confidential Information.  By virtue of this MSSA, the parties may have access to each other’s Confidential Information.  Confidential Information does not include information that: (a) is now, or hereafter becomes, through no act or failure to act on the part of the receiving party, generally known or available to the public; (b) is hereafter rightfully furnished to the receiving party by a third party, without restriction as to use or disclosure; or (c) is information which the receiving party can document was independently developed by the receiving party without use of the disclosing party’s Confidential Information.

9.2 Use of Confidential Information.  Neither party shall disclose any of the other party’s Confidential Information to any third party or use such Confidential Information for any purpose other than to (i) perform its obligations or exercise its rights under this MSSA; or (ii) as otherwise required by law.   Each party shall use the same measures to protect the Confidential Information of the other party as it uses with respect to its own confidential information of like importance, but in no event shall it use less than reasonable care, including, instructing its employees, vendors, agents, consultants and independent contractors of the foregoing and requiring them to be bound by appropriate confidentiality agreements.  If a party is required to disclose by law the Confidential Information of the other party, such party shall use best efforts to give the other party reasonable advance notice of such required disclosure.  DruvStar reserves the right to disclose the terms and conditions of this MSSA, in confidence, (a) to accountants, banks and financing sources and their advisers for the purpose of securing financing; and (b) in connection with an actual or proposed merger or acquisition or similar transaction.  Upon termination or expiration of this MSSA the receiving party will promptly return to the disclosing party or destroy, at the disclosing party’s option, all tangible items containing or consisting of the disclosing party’s Confidential Information. 

10. LIMITED WARRANTIES

10.1 Conformance with Documentation.  DruvStar warrants that the Services will substantially conform in all material respects in accordance with the Documentation.  Customer will provide prompt written notice of any non-conformity and provide DruvStar a reasonable opportunity, not to exceed thirty (30) days, to remedy such non-conformity.  DruvStar may modify the Documentation in its sole discretion, provided the functionality of the Services is not materially decreased during the Term. 

10.2 Service Availability.  DruvStar warrants that the Services will be available as described in the Service Order.

10.3 No Viruses.  DruvStar warrants that the Services do not contain any computer code that is intended to (i) disrupt, disable, harm, or otherwise impede in any manner, the operation of Customer’s software, firmware, hardware, computer systems or network (sometimes referred to as “viruses” or “worms”), (ii) permit unauthorized access to Customer’s network and computer systems (sometimes referred to as “traps”, “access codes” or “trap door” devices), or any other similar harmful, malicious or hidden procedures, routines or mechanisms which could cause such programs to cease functioning or to damage or corrupt data, storage media, programs, equipment or communications, or otherwise interfere with Customer’s operations.

10.4 Warranty Disclaimer.  EXCEPT AS PROVIDED IN THIS SECTION 10, DRUVSTAR PROVIDES THE SERVICES AND TRAINING “AS IS” AND MAKES NO WARRANTIES, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, WITH RESPECT TO THE SERVICES, TRAINING, REPORTS, DOCUMENTATION, TRAINING MATERIALS OR ANY OTHER RELATED DATA, AND SPECIFICALLY DISCLAIMS ANY WARRANTY OF AVAILABILITY, ACCURACY, RELIABILITY, USEFULNESS, ANY IMPLIED WARRANTY OF MERCHANTABILITY, NONINFRINGEMENT, TITLE OR FITNESS FOR A PARTICULAR PURPOSE AND ANY CONDITION OR WARRANTY ARISING FROM COURSE OF PERFORMANCE, DEALING OR USAGE OF TRADE.  SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN WARRANTIES IN CERTAIN CIRCUMSTANCES. ACCORDINGLY, SOME OF THE LIMITATIONS SET FORTH ABOVE MAY NOT APPLY.  THE FACT THAT AN ORGANIZATION OR WEBSITE IS REFERRED TO IN THE TRAINING OR TRAINING MATERIALS AS A CITATION AND/OR AS A POTENTIAL SOURCE FOR FURTHER INFORMATION DOES NOT MEAN THAT DRUVSTAR ENDORSES THE INFORMATION SUCH ORGANIZATION OR WEBSITE MAY PROVIDE OR THE RECOMMENDATIONS IT MAY MAKE. 

11. INTELLECTUAL PROPERTY INDEMNIFICATION

11.1 Subject to the terms of this Section 11, DruvStar shall, at its sole cost and expense, defend (or at its sole option settle), indemnify and hold harmless Customer and the Customer Indemnitees from and against any Claims. 

11.2 DruvStar’s obligations of indemnification shall be subject to the following: (a) Customer shall notify DruvStar of any such Claim promptly after it obtains knowledge of such Claim, (b) Customer shall provide DruvStar with reasonable assistance, information, and cooperation in defending the lawsuit or proceeding, at DruvStar’s sole cost and expense, (c) Customer shall give DruvStar full control and sole authority over the defense and settlement of such Claim, provided settlement fully releases the Customer Indemnitees and is solely for monetary damages and does not admit any liability on behalf of the Customer.  Notwithstanding the foregoing, Customer may join in defense and settlement discussions directly or through counsel of Customer’s choice at Customer’s own cost and expense.  

11.3 Following notice of a Claim or upon any facts which in DruvStar’s sole opinion are likely to give rise to such Claim, DruvStar shall in its sole discretion and at its sole option elect to (a) procure for Customer the right to continue to use the Services, at no additional cost to Customer or Customer Indemnitees, (b) replace the Services so that it becomes non-infringing but functionally equivalent, (c) modify the Services to avoid the alleged infringement but in a manner so that it remains functionally equivalent, or (d) terminate this MSSA and provide a refund to Customer of all amounts prepaid by Customer to DruvStar for Services that have not yet been provided.

11.4 Notwithstanding anything contrary contained herein, DruvStar shall have no obligation to indemnify, defend or hold harmless the Customer here under to the extent a Claim is caused by or results from: (a) Customer’s combination or use of the Services with software, services or products developed by Customer or other third parties, unless specifically contemplated by this MSSA, (b) modification of the Services by anyone other than DruvStar or its agents without DruvStar’s express approval, (c) Customer’s continued allegedly infringing activity after being notified thereof or after being provided modifications that would have avoided the alleged infringement, (d) Customer’s use of the Services in a manner not contemplated by this MSSA, the Documentation or the Training Materials, or (e) Customer’s negligence, recklessness or intentional misconduct or its failure to abide by all laws, rules, regulations or orders applicable to the Services. 

The foregoing states the sole and exclusive liability and sole remedy of DruvStar for any infringement of intellectual property rights. 

12. GENERAL 

12.1 Entire Agreement.  This MSSA and all Service Orders that incorporate the terms of this MSSA by reference constitute the entire understanding and agreement of the parties hereto with respect to the subject matter hereof and supersede all prior and contemporaneous agreements, representations and understandings between the parties regarding the subject matter hereof.  Any terms contained in a purchase order or invoice issued by either party in connection with a transaction covered by this MSSA are null and void.  Where there is a conflict between a Service Order and this MSSA, the terms contained in a Service Order will take precedence solely relating to the matter for which there was a conflict.  All headings herein are not to be considered in the construction or interpretation of any provision of this MSSA. 

12.2 Amendment and Waiver.  Any term or provision of this MSSA may be amended in writing by both parties to this MSSA.  The observance of any term of this MSSA may be waived only by a writing signed by the party to be bound; provided that DruvStar reserves the right to unilaterally amend the terms of this MSSA from time to time so long as the Customer’s use of the Services is not materially detrimentally impacted.

12.3 Severability. If any provision of this MSSA is found to be invalid or unenforceable, such provision shall be severed from this MSSA and the remainder of this MSSA shall be interpreted so as best to reasonably affect the intent of the parties hereto.  

12.4 Independent Contractors. The parties are independent contractors, and neither party will have the power to bind the other or to incur obligations on the other’s behalf without such other party’s prior written consent. 

12.5 Governing Law.  This MSSA shall be governed by the laws of the State of California, without reference to its conflict of laws principles.  The parties consent to exclusive jurisdiction and venue in state and federal courts sitting in and for Santa Clara County, California. 

12.6 Injunctive Relief.  Each party reserves the right to seek injunctive relief due to the other party’s actual or threatened breach of this MSSA.

12.7 Force Majeure.  Neither party shall be responsible for any non-performance or delay (except for delay in payment) attributable in whole or in part to any cause beyond its reasonable control (a “Force Majeure Event”), including but not limited to acts of God, government actions including changes in applicable law, war, civil disturbance, sabotage, terrorist acts, failure or delay in provision of services by subcontractors or the other party’s fault or negligence.

12.8 Assignment. Neither party may assign this MSSA without the prior written consent of the other party, except that either party may assign this MSSA to any successor to substantially all of its business or assets to which this MSSA relates, upon written notice to the other party. This MSSA shall inure to the benefit of and be binding on the respective successors and assigns of the parties. 

12.9 Notice.  Any notice required under this MSSA shall be in writing and shall be delivered by hand, confirmed email, or by overnight express mail to the contact name and address set forth on a Service Order, or as otherwise described in this MSSA. 

12.10 Disputes. Customer and DruvStar agree to meet and confer in good faith to resolve any disputes that may arise under or in connection with this Agreement. In all events, DruvStar shall be required to comply with the provisions of the Government Claims Act with respect to any dispute or controversy arising out of or in any way relating to this Agreement or the subject matter of this Agreement (whether sounding in contract or tort, and whether or not involving equitable or extraordinary relief) (a “Dispute”). 

12.11 Survival. The following provisions shall survive the termination or expiration of this MSSA:  Sections 5.2, 5.3, 6, 7, 8, 9, 10.4, 11 and 12.

Scroll to Top

Information Request