Last Updated: April 21, 2023

Terms of Service

THESE TERMS OF SERVICE (the “Agreement”) GOVERN CUSTOMER’S RECEIPT, ACCESS, TO AND USE OF THE SERVICE PROVIDED BY ZenGRC, INC. (“ZenGRC”). IN ACCEPTING THIS AGREEMENT BY (A) EXECUTING AN ORDER FORM THAT REFERENCES THIS AGREEMENT, (B) USING THE SERVICE, OR (C) CLICKING A BOX INDICATING ACCEPTANCE OF THIS AGREEMENT OR PERFORMING SOME OTHER ACT OF ACCEPTANCE, CUSTOMER AGREES TO BE BOUND BY ITS TERMS.

THE INDIVIDUAL ACCEPTING THIS AGREEMENT DOES SO ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY (“Customer”); SUCH INDIVIDUAL REPRESENTS AND WARRANTS THAT THEY HAVE THE AUTHORITY TO BIND SUCH ENTITY TO THIS AGREEMENT. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT DOES NOT HAVE SUCH AUTHORITY, OR THE APPLICABLE ENTITY DOES NOT AGREE WITH THESE TERMS AND CONDITIONS, SUCH INDIVIDUAL MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE OR RECEIVE THE SERVICE. CAPITALIZED TERMS HAVE THE DEFINITIONS SET FORTH HEREIN. THE PARTIES AGREE AS FOLLOWS:

  1. The Service

    1. Service Description and Ordering

      ZenGRC is the owner and operator of a governance, risk management, and compliance solution that includes: a platform, applications, API(s), and an online, hosted dashboard (“Service”). Specific business terms associated with Customer’s subscription to the Service will be stated in one or more ordering documents executed by the parties (or Customer and a Reseller) that reference this Agreement (“Order Form”). The Service may be further described on an Order Form. This Agreement governs all Order Forms and Customer’s use of the Service. All Order Forms and are hereby incorporated into this Agreement by reference. The Service may also include questionnaire templates, compliance frameworks, help documents, and other documents or information that can assist Customer in managing its governance, risk management, and compliance (“Seed Data”). For the purposes of this Agreement, a “Reseller” means a resale partner that is authorized by ZenGRC to resell the Service.

    2. Subscriptions and Licenses

      Access to and use of the Service is provided on a subscription basis; the length of Customer’s subscription term will be contained on an Order Form (“Subscription Period”). Subject to Customer’s compliance with the terms of this Agreement, ZenGRC (a) will provide Customer, and its employees and contractors working for the benefit of Customer (“Users”), with access to and use of the Service during the Subscription Period, and (b) grants Customer a worldwide, non-transferrable (except as otherwise permitted herein), non-sublicensable, limited, royalty-free, license to copy and use the Documentation solely during the Agreement Term (as defined below) and for the Customer’s internal business purposes only. For the purposes of this Agreement “Documentation” means ZenGRC’ technical documentation regarding the Service that is generally published to ZenGRC’s customers.

    3. Users

      Customer is responsible for its Users’ use of the Service. The Service contains customizable settings that allow Users to give permission to other Users to perform various tasks within the Service (“Permissions”). It is solely Customer’s responsibility to set and manage all Permissions, including which Users can set such Permissions. ZenGRC will have no responsibility for managing Permissions and no liability for the Permissions set by Customer. Customer may, at its option, provide access to the Service and Documentation to its Affiliates (defined below), in which case all rights granted, and obligations incurred, under this Agreement will also inure to the benefit of such Affiliates. Customer represents and warrants that it is fully responsible for any breach of this Agreement by its Affiliates and that Customer has the power to negotiate this Agreement on behalf of its Affiliates. Customer will also be responsible for all payment obligations under this Agreement regardless of whether the use of the Service is by Customer or its Affiliates. Any claim by an Affiliate against ZenGRC will be brought by Customer and not the Affiliate. For the purposes of this Agreement an “Affiliate” a party will mean an entity directly or indirectly controlling, controlled by or under common control with that party (where “control” means the ownership or control, directly or indirectly, of more than fifty percent (50%) of all the voting power of the shares (or other securities or rights) entitled to vote for the election of directors or other governing authority).

    4. Access Credentials

      Upon execution of an Order Form, ZenGRC will provide a single User (designated by Customer) with access credentials that will allow Customer to log into the Service, manage the administrative functions of Customer’s instance of the Service (e.g., add or remove Users and set Permissions), and access the Service. Customer is responsible for maintaining the security of any access credentials to the Service in its possession. Customer will use reasonable efforts to prevent any unauthorized use of the Service and promptly notify ZenGRC in writing of any unauthorized use that comes to Customer’s attention. Customer is responsible for all use of the Service that occurs through its access credentials, except for access that is caused by a vulnerability in the Service itself.

    5. Service Level Agreement and Support

      ZenGRC will provide basic technical support (“Support Services”) for and make the Service available to Customer in accordance with the performance standards stated in the service level agreement, the current version of which is located at reciprocity.com/servicelevel (“SLA”). The SLA may be updated by ZenGRC from time to time by posting a revised version of the SLA to the forgoing URL, or a successor URL provided by ZenGRC to Customer in writing. Notwithstanding anything else to the contrary, any changes to the SLA will not materially degrade ZenGRC’s obligations under the SLA from those described at the foregoing URL on the Effective Date.

    6. Customer Data and Reports

      As part of its use of the Service, Customer may provide information, data and other content through the Service (“Customer Data”). Customer may use the Service to generate reports that include Customer Data (“Reports”). Customer owns and will continue to own all right, title, and interest in and to any Customer Data that may be contained in the Reports. The templates used for, Seed Data within, and layout of such Reports is and will continue to be part of the Service and are owned or licensed by ZenGRC as further described below. ZenGRC hereby grants Customer a worldwide, non-exclusive, non-transferable (except as otherwise permitted herein), non-sublicensable license to access, use and download copies of the Reports for Customer’s internal business purposes only.

    7. Use Restrictions

      Customer will comply with any limitations on its use of or access to the Service (e.g. User seats) stated on an applicable Order Form. Customer also agrees that it will not and will not allow third parties or Users of the Service to directly or indirectly (a) modify, translate, copy or create derivative works based on the Service, (b) reverse assemble, reverse compile, reverse engineer, decompile or otherwise attempt to discover the object code, source code, non-public APIs or underlying ideas or algorithms of the Service, except as and only to the extent this restriction is prohibited by law, (c) license, sublicense, sell, resell, rent, lease, transfer, assign, distribute, time share or otherwise commercially exploit or make the Service available to any third party, (d) remove or obscure any copyright, trademark or other proprietary notices, legends or ZenGRC-branding contained in or on the Service, (e) attempt to gain unauthorized access to, interfere with, damage or disrupt any parts of the Service, (f) use or access the Service to build or support and/or assist a third party in building or supporting products or Service competitive to the Service, or (g) use the Service in violation of applicable law. If ZenGRC reasonably believes that Customer has breached or is breaching the terms of this Section 1.7 such that Customer has caused or is likely to cause significant harm to ZenGRC, the Service, or ZenGRC’s other customers, then ZenGRC reserves the right to suspend Customer’s use of or access to the Service. ZenGRC will provide Customer with notice of such suspension as soon as reasonably practicable given the circumstances and, unless Customer’s breach was willful or otherwise infringes on the intellectual property rights of ZenGRC, work with Customer to cure the breach and thereafter restore Customer’s access to and use of the Service.

  2. Fees and Payment

    1. Fees

      Customer will pay all fees specified in applicable Order Forms (“Fees”). Except as otherwise stated herein or in an Order Form, (i) Fees are based on the Service or Premium Support Customer’s subscribes to and not actual use, (ii) except as otherwise stated herein, payment obligations are non-cancelable and fees paid are non-refundable, and (iii) quantities purchased cannot be decreased during the relevant Subscription Period. Customer will pay all Fees in United States dollars. As ZenGRC’s business grows and changes, ZenGRC may modify its fees or add new fees provided that any new or revised fees will only become effective upon renewal of the applicable Order Form and provided that ZenGRC gives Customer at least forty-five (45) days’ prior written notice of such new or revised fees. If Customer is purchasing access to the Service or Premium Support through a Reseller, then Fees are determined between Customer and the Reseller.

    2. Invoicing

      Fees will be invoiced in advance and Customer will pay all undisputed invoices in accordance with the relevant payment terms stated on the Order Form. Customer is responsible for providing complete and accurate billing and contact information to ZenGRC and notifying ZenGRC of any changes to such information. If Customer is licensing access to the Service or Premium Support through a Reseller, then the payment terms will be as determined between Customer and Reseller and the applicable Fees will be paid to the Reseller.

    3. Failure to Pay

      If any invoiced amount is not received by ZenGRC by the applicable due date and provided that ZenGRC has given Customer written notice (email acceptable) of the non-payment and ten (10) days from the date of ZenGRC’s notice to cure such non-payment; then, without limiting ZenGRC’s other rights or remedies, ZenGRC may suspend Customer’s access to the Service or cease providing any Support Services or Premium Support, as applicable. ZenGRC will not exercise its rights under this section above if Customer is disputing the applicable charges reasonably and in good faith and is cooperating diligently to resolve the dispute. Customer must notify ZenGRC of any payment disputes in writing within one hundred twenty (120) days of Customer’s receipt of the applicable invoice.

    4. Taxes

      Fees do not include any taxes, levies, duties or similar governmental assessments of any nature, including, for example, value-added, sales, use or withholding taxes, assessable by any jurisdiction whatsoever (collectively, “Taxes”). Customer is responsible for paying all Taxes associated with its purchases hereunder without deduction or offset of Fees. If ZenGRC has the legal obligation to pay or collect Taxes for which Customer is responsible under this section, ZenGRC will invoice Customer and Customer will pay that amount unless Customer provides ZenGRC with a valid tax exemption certificate authorized by the appropriate taxing authority in advance. ZenGRC is solely responsible for taxes assessable against it based on its income, property, and employees.

  3. Term and Termination

    1. Agreement Term

      The term of this Agreement will commence on the earlier of the start date of the first Order Form entered into by Customer and ZenGRC and continue until all Order Forms have expired or been terminated (the “Agreement Term”). The term of each Order Form will be as stated therein.

    2. Termination for Cause

      If a party materially breaches the terms of this Agreement (including any Order Form), the other party may terminate this Agreement (or any applicable Order Form) by providing reasonably detailed written notice of the material breach to the breaching party and thirty (30) days following such notice to cure the breach. If, after such thirty (30) day period, the breach remains uncured, then this Agreement and all Order Forms, or the particular Order Form that is the subject of the breach, will immediately terminate.

    3. Refund or Payment upon Termination

      If this Agreement is terminated by Customer in accordance with Section 3.2 (Termination for Cause) section above, ZenGRC will provide Customer with a refund of any prepaid Fees for the remainder of the Subscription Period following the effective date of termination. If this Agreement is terminated by ZenGRC in accordance with the “Termination for Cause” section above, no refunds will be due, and Customer will pay any unpaid Fees and Taxes. In no event will termination relieve Customer of its obligation to pay any amounts payable to ZenGRC for the period prior to the effective date of termination.

    4. Customer Data Portability and Deletion

      Customer must download or export any Customer Data, including Reports, through the Service prior to the effective date of termination or expiration of this Agreement. ZenGRC will have no obligation to maintain or provide any Customer Data or Reports after the effective date of termination or expiration of this Agreement, and will, unless legally prohibited from doing so, delete or destroy all copies of Customer Data.

    5. Effect of Termination

      Upon termination or expiration of this Agreement, (i) any access rights or licenses granted by ZenGRC hereunder will immediately terminate; and (ii) Customer will stop using or accessing the Service, and (iii) subject to the terms of the “Customer Data Portability and Deletion” clause above, each party will either return or destroy the other party’s Confidential Information. The following sections will survive any expiration or termination of this Agreement: 2 (Fees and Payment), 3 (Term and Termination), 4 (Intellectual Property Rights), 5.4 (Warranty Disclaimer), 6 (Confidentiality), 8 (Indemnification), 9 (Limitation of Liability), and 11 (General Terms).

  4. Intellectual Property Rights

    1. Customer Data

      Customer hereby grants ZenGRC a non-exclusive, worldwide, royalty-free, fully paid-up right and license to use, reproduce, create derivative works of, and display the Customer Data solely for the purpose of providing the Service to Customer. Except as provided for herein, Customer retains all right, title, and interest in and to the Customer Data, including any Customer Data incorporated into Reports. There are no implied licenses under this Agreement.

    2. ZenGRC’s Rights in the Service

      ZenGRC owns or has the necessary right, title, and interest in and to the Service (including Seed Data) and the Documentation, including all updates, upgrades, bug fixes, changes, patches, or other modifications to the foregoing or derivative works of the foregoing including all related intellectual property rights therein. No rights are granted to Customer hereunder other than as expressly stated in this Agreement. For the avoidance of doubt, Customer has no right to receive a copy of the software underlying the Service.

    3. Service Data

      ZenGRC may collect aggregated, anonymized data regarding the performance and operation of the Service that results from ZenGRC’s customers’ use of the Service (“Service Data”). ZenGRC’s use of Service Data will never include disclosure of personal, identifying information of the Customer or its Users. ZenGRC will retain all right, title and interest in and to the Service Data.

    4. Feedback

      Customer may from time to time provide suggestions, comments or other feedback specifically with respect to the Service or Support Services (“Feedback”). For the avoidance of doubt, Feedback will only be suggestions, comments or other feedback provided to ZenGRC regarding the Service or Support Services and will not include Customer Data. ZenGRC may want to incorporate Feedback into its Service, Support Services and this clause provides ZenGRC with the necessary rights to do so. Customer hereby grants ZenGRC and its assigns a royalty-free, worldwide, perpetual, irrevocable, fully transferable and sublicensable right and license to use, disclose, reproduce, modify, create derivative works from, distribute, display and otherwise distribute and exploit any Feedback without obligation or restriction, except that ZenGRC will not identify Customer as the provider of such Feedback.

  5. Warranty & Warranty Disclaimer

    1. ZenGRC’s Warranties

      ZenGRC represents and warrants that (i) it will comply with all applicable federal, state and local laws and regulations of the United States with respect to its business operations under this Agreement and all applicable laws of the United States, United Kingdom, and European Union (if Customer Data will include data from persons domiciled in the United Kingdom or European Union) with respect to its processing and use of Customer Data; (ii) the Service will substantially comply in all material respects with the Documentation, (iii) it will provide the Service and any related services in a professional and workmanlike manner, and (iv) it uses commercially reasonable efforts to prevent the introduction of Harmful Code into the software underlying the Service and the environment used for the Service. For purposes of this warranty, “Harmful Code” includes any malicious code containing viruses, Trojan horses, time bombs, worms or like destructive code or code that self-replicates or computer instructions, circuitry or other technological means designed to permanently disrupt, damage, or interfere with Customer’s use of the Service or Customer’s own computer systems. If the Service or other related services are not provided in accordance with the above warranty, Customer will promptly notify ZenGRC and ZenGRC will rectify such non-compliance; if ZenGRC is not able to rectify the non-compliance, ZenGRC will terminate this Agreement and refund any unused, pre-paid Fees to Customer for the remainder of the Subscription Period. The foregoing remedy is Customer’s sole remedy and ZenGRC’s sole liability if ZenGRC breaches the terms of subsections (ii) or (iii) of this Section 5.1.

    2. Mutual warranties

      Each party represents and warrants that it has validly entered into this Agreement and has the legal power to do so.

    3. Customer Warranties

      Customer represents and warrants that it has obtained all rights and consents as may be required (by law or otherwise) to transfer, post, provide, submit, and use the Customer Data.

    4. Warranty Disclaimer

      EXCEPT AS EXPRESSLY STATED IN SECTIONS 5.1 ABOVE, ZENGRC DISCLAIMS ALL REPRESENTATIONS AND WARRANTIES (EXPRESS, IMPLIED, ARISING BY LAW OR OTHERWISE) REGARDING THE SERVICE AND ANY OTHER SERVICES PROVIDED HEREUNDER AND ITS PERFORMANCE OR SUITABILITY FOR CUSTOMER’S INTENDED USE, INCLUDING ANY REPRESENTATIONS OR WARRANTIES REGARDING MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE. EXCEPT AS SET FORTH ABOVE, THE SERVICE IS PROVIDED “AS IS” AND ON AN “AS AVAILABLE” BASIS. FOR THE AVOIDANCE OF DOUBT, ZENGRC MAKES NO WARRANTY, GUARANTY, COMMITMENT OR OTHER OBLIGATION RELATED TO THE RESULTS OF THE SERVICES (INCLUDING RISK ASSESSMENTS) AND CUSTOMER IS SOLELY RESPONSIBLE FOR ITS USE AND RELIANCE ON ANY REPORTS OR OTHER RESULTS. CUSTOMER UNDERSTANDS THAT RISK IDENTIFICATION AND ANALYSIS VARY ACROSS EVERY ORGANIZATION; IT IS CUSTOMER’S RESPONSIBILITY TO MAKE ITS OWN RISK ASSESSMENTS.

  6. Confidentiality

    1. Definition of Confidential Information

      “Confidential Information” means all information disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Confidential Information of Customer includes Customer Data; Confidential Information of ZenGRC includes the Service; and Confidential Information of each party includes the terms and conditions of this Agreement and all Order Forms (including pricing), as well as business and marketing plans, technology and technical information, product plans and designs, and business processes disclosed by such party. However, Confidential Information does not include any information that (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party, (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party, (iii) is received from a third party without breach of any obligation owed to the Disclosing Party, or (iv) was independently developed by the Receiving Party.

    2. Protection of Confidential Information

      As between the parties, each party retains all ownership rights in and to its Confidential Information. The Receiving Party will use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but not less than reasonable care) to (i) not use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement, (ii) not disclose the Confidential Information to any third-party, and (iii) except as otherwise authorized by the Disclosing Party in writing, limit access to Confidential Information of the Disclosing Party to those of its and its Affiliates’ employees and contractors who need that access for purposes consistent with this Agreement and who have signed confidentiality agreements with the Receiving Party containing protections not materially less protective of the Confidential Information than those herein. Neither party will disclose the terms of this Agreement or any Order Form to any third party other than its Affiliates, legal counsel and accountants without the other party’s prior written consent, provided that a party that makes any such disclosure to its Affiliate, legal counsel or accountants will remain responsible for such Affiliate’s, legal counsel’s or accountant’s compliance with this section. Notwithstanding the foregoing, ZenGRC may disclose the terms of this Agreement and any applicable Order Form to a subcontractor to the extent necessary to perform its obligations under this Agreement, under terms of confidentiality materially as protective as set forth herein.

    3. Compelled Disclosure

      The Receiving Party may disclose Confidential Information of the Disclosing Party to the extent compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of the compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party’s cost, if the Disclosing Party wishes to contest the disclosure. If the Receiving Party is compelled by law to disclose the Disclosing Party’s Confidential Information as part of a civil proceeding to which the Disclosing Party is a party, and the Disclosing Party is not contesting the disclosure, the Disclosing Party will reimburse the Receiving Party for its reasonable cost of compiling and providing secure access to that Confidential Information.

  7. Data Security

    ZenGRC has established and implemented an industry standard information security program regarding the protection of Customer Data, including administrative, technical and physical security processes. Those safeguards will include, but will not be limited to, measures designed to prevent unauthorized access to or disclosure of Customer Data (other than by Customer or its Users). With respect to personally identifiable information contained in the Customer Data or otherwise provided by Customer to ZenGRC, ZenGRC will comply with the terms of its data processing agreement, the current version of which is located at https://reciprocity.com/dpa/ (“DPA”). Provided that ZenGRC will not materially degrade its security practices, ZenGRC may modify or change the DPA upon prior, written notice to Customer. Notwithstanding the foregoing, Customer is responsible for maintaining appropriate security, protection and backup of its hardware, software, systems, information, and Customer Data.

  8. Indemnification

    1. ZenGRC’s Indemnification

      ZenGRC will defend, indemnify, and hold Customer and its officers, directors, and employees harmless against any third party claim or action brought against Customer to the extent based on (a) the allegation that the Service infringes such third party’s intellectual property rights (patents, utility models, design rights, copyrights and trademarks or any other intellectual property right), (b) the gross negligence, fraud, or willful misconduct of ZenGRC, and (c) ZenGRC’ violation of the applicable laws of the United States or, with respect to data privacy laws, the applicable laws of the United States, United Kingdom, or European Union. The foregoing obligations do not apply with respect to the Service or portions or components of either that are (a) not provided by ZenGRC, (b) combined with other products, processes or materials that are not contemplated by the Documentation or reasonably required for proper use of the Service, or (c) where the claim arises from use of the Service is not in accordance with this Agreement or the Documentation.

    2. Customer Indemnification

      Customer will defend, indemnify, and hold ZenGRC and its officers, directors, and employees harmless against any third-party claim or action brought against ZenGRC to the extent based on the allegation that the Customer Data infringes such third party’s rights (including intellectual property rights such as patents, utility models, design rights, copyrights and trademarks or any other intellectual property or privacy right).

    3. Procedures

      The indemnifying party’s obligations under Sections 8.1 and 8.2 above are conditioned on the indemnified party (a) providing the indemnifying party with prompt written notice of any claim (provided that the indemnifying party’s obligation to indemnify shall only be excused by the indemnified party’s failure to provide prompt notice of a claim to the extent that such failure prejudices the indemnifying party in its defense of such claim), (b) granting the indemnifying party sole control of the defense and settlement of the claim (provided that the indemnifying party shall not agree to any settlement, without the indemnified party’s written consent, that would require the indemnified party to make any payments not covered by the indemnifying party or to make any admission of wrongdoing), and (c) providing reasonable information and assistance to the indemnifying party in the defense or settlement of the claim at the indemnifying party’s expense. Notwithstanding anything else to the contrary, the indemnifying party’s obligations to “indemnify,” “defend,” and “hold harmless” under this Section 8 will mean that the indemnifying party is required only to (i) fulfill its obligations under Sections 8.3 and 8.4, pay for the cost of defense of the third party claim, and pay for (x) any settlements agreed to by the indemnifying party in a writing signed by an officer of the indemnifying party, or (y) final judgments awarded to the third party claimant by a court of competent jurisdiction.

    4. Options

      If Customer’s use of the Service has become, or in ZenGRC’s opinion is likely to become, the subject of any claim of infringement, ZenGRC will at its option and expense, (a) procure for Customer the right to continue using and receiving the Service as set forth hereunder, (b) modify the Service to make it non-infringing while remaining materially equivalent, (c) substitute a non-infringing material equivalent for the Service, or (d) if ZenGRC, in its sole discretion, determines that options (a)-(c) are not commercially practicable, terminate this Agreement and refund Customer any pre-paid, unused fees for the remainder of the then-current Subscription Period.

    5. Sole Remedy

      NOTWITHSTANDING ANYTHING ELSE TO THE CONTRARY IN THIS AGREEMENT, THIS SECTION 8 STATES EACH PARTY’S ENTIRE RESPONSIBILITY AND THE OTHER PARTY’S SOLE AND EXCLUSIVE REMEDY WITH RESPECT TO INFRINGEMENT OF THIRD-PARTY INTELLECTUAL PROPERTY RIGHTS UNDER THIS AGREEMENT.

  9. Limitation of Liability

    1. NEITHER PARTY WILL BE LIABLE WITH RESPECT TO ANY CAUSE RELATED TO OR ARISING OUT OF THIS AGREEMENT, WHETHER IN AN ACTION BASED ON A CONTRACT, TORT (INCLUDING NEGLIGENCE AND STRICT LIABILITY), OR ANY OTHER LEGAL THEORY, HOWEVER ARISING, FOR DAMAGES, EXCEPT FOR THE EXCEPTIONS IN SECTION 9.2 BELOW, (A) INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES, (B) DAMAGES BASED ON LOST REVENUES OR PROFITS, LOSS OF BUSINESS, OR GOODWILL, LOSS OR CORRUPTION OF DATA OR BREACHES IN SYSTEM SECURITY, AND (C) ANY DAMAGES THAT, IN THE AGGREGATE, EXCEED THE AMOUNT PAID BY CUSTOMER IN THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT THAT GAVE RISE TO SUCH DAMAGES. THESE LIMITATIONS WILL APPLY WHETHER OR NOT A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.
    2. THE LIMITATIONS ON EACH PARTY’S LIABILITY WILL NOT APPLY TO DAMAGES ARISING FROM (COLLECTIVELY “EXCEPTIONS”) (I) EITHER PARTY’S INFRINGEMENT OR MISAPPROPRIATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, (II) A PARTY’S INDEMNIFICATION OBLIGATIONS UNDER SECTION 8, (III) A PARTY’S GROSS NEGLIGENCE, FRAUD, OR WILLFUL MISCONDUCT, (IV) A PARTY’S BREACH OF THE CONFIDENTIALITY OBLIGATIONS (BUT EXCLUDING OBLIGATIONS AND CLAIMS RELATING TO CUSTOMER DATA) UNDER SECTION 7; OR (V) OR ZENGRC’S FAILURE TO MAINTAIN THE DATA SECURITY MEASURES REQUIRED UNDER THE DPA (PROVIDED THAT ZENGRC’S LIABILITY FOR SUCH BREACH IN EITHER CASE WILL NOT EXCEED THREE (3) TIMES THE FEES PAID OR PAYABLE BY CUSTOMER TO ZENGRC IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT THAT GAVE RISE TO SUCH DAMAGES).
  10. Insurance

    During the Agreement Term, ZenGRC will maintain the insurance policies with the applicable limits described in ZenGRC’s insurance commitments, the current version of which is located at https://reciprocity.com/insurance-commitments/. All such insurance policies will be placed with insurers having an AM Best Rating of A- VIII or better. Provided that ZenGRC will not materially reduce its insurance commitments, ZenGRC may change or modify its insurance policies by posting new commitments at the foregoing URL or a successor site provided to Customer in writing.

  11. General Terms

    1. Publicity

      Provided that, and only if, Customer has given its prior, written consent, Customer grants ZenGRC the right to use Customer’s company name and logo as a reference for marketing or promotional purposes on ZenGRC’s website and in other public or private communications with its existing or potential customers, subject to Customer’s standard trademark usage guidelines as provided to ZenGRC from time to time.

    2. Third Party Products

      The Service may allow Customer to use the Service with third party products, websites, services, materials, or information, or links thereto that are not owned or controlled by ZenGRC (e.g. Slack) (“Third-Party Applications”). As ZenGRC does not own or operate such Third-Party Applications, the providers of such Third-Party Applications may require Customer to enter into separate agreements in order to use their products or services. If Customer or any User accesses any Third-Party Applications, it does so at its own risk, and Customer acknowledges and agrees that this Agreement does not apply to Customer or any User’s use of such Third-Party Applications. ZenGRC does not endorse or assume any responsibility for any such Third-Party Applications and Customer expressly relieves ZenGRC from any and all liability arising from its or its User’s use of any Third Party Applications.

    3. Force Majeure

      Neither ZenGRC nor Customer will be liable by reason of any failure or delay in the performance of its obligations on account of events beyond the reasonable control of a party, which may include denial-of-Service attacks, a failure by a third-party hosting provider or utility provider, strikes, shortages, riots, pandemics, fires, acts of God, war, terrorism, and governmental action.

    4. Relationship of the Parties

      The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the parties.

    5. No Third-Party Beneficiaries

      Except as otherwise expressly stated herein there are no third-party beneficiaries to this Agreement; a person who is not a party to this Agreement may not enforce any of its terms under any applicable law.

    6. Email Communications

      Notices under this Agreement will be provided as follows: (a) all notices regarding the Service will be sent by email, (b) notices to ZenGRC must be sent to [email protected]; and (c) all legal notices to Customer will be sent to the physical address in the applicable Order Form, and/or to the email provided through the Service. Notices will be deemed to have been duly given (a) the business day after it is sent in the case of notices through email; (b) the same day in the case of notices through the Service; and (c) three (3) days after being sent by prepaid certified or registered U.S. mail.

    7. Amendment and Waivers

      No modification or amendment to this Agreement will be effective unless made in writing and signed by an authorized representative of both parties. No failure or delay by either party in exercising any right under this Agreement will constitute a waiver of that right. No waiver under this Agreement will be effective unless made in writing and signed by an authorized representative of the party being deemed to have granted the waiver.

    8. Severability

      If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision will be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law; all other provisions of this Agreement will remain in effect.

    9. Assignment

      Neither party will assign or delegate any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other party (not to be unreasonably withheld). Notwithstanding the foregoing, either party may assign this Agreement in its entirety (including all Order Forms), without the consent of the other party, in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all its assets. Any purported assignment in violation of this section is void. Subject to the foregoing, this Agreement will bind and inure to the benefit of the parties, their respective successors and permitted assigns.

    10. Governing Law and Venue

      This Agreement, and any disputes arising out of or related hereto, will be governed exclusively by the internal laws of the State of Delaware, without regard to its conflicts of laws rules or the United Nations Convention on the International Sale of Goods. The parties acknowledge that this Agreement evidences a transaction involving interstate commerce. The state and federal courts located in New Castle County, Delaware will have exclusive jurisdiction to adjudicate any dispute arising out of or relating to this Agreement or its formation, interpretation or enforcement, including any appeal of an arbitration award or for trial court proceedings if the arbitration provision below is found to be unenforceable. Each party hereby consents and submits to the exclusive jurisdiction of such courts. In any action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover its reasonable costs and attorney’s fees.

    11. Entire Agreement

      This Agreement, including all referenced pages and Order Forms, if applicable, constitutes the entire agreement between the parties and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. However, to the extent of any conflict or inconsistency between the provisions in this Agreement and any other documents or pages referenced in this Agreement, the following order of precedence will apply: (1) this Agreement, (2) the Order Form (except to the extent that the terms of the Order Form specifically override the terms of this Agreement), and (3) except as expressly stated herein, any other documents or pages referenced in this Agreement. No terms or conditions stated in a Customer purchase order, vendor onboarding process or web portal, or any other Customer order documentation (excluding Order Forms) will be incorporated into or form any part of this Agreement even if signed or otherwise accepted by ZenGRC, and all such terms or conditions will be null and void.