​

BY RECEIVING THE PROVIDER’S SERVICES, THE CLIENT HEREBY AGREES AS FOLLOWS:
 

1. SERVICES

1.1 Subject to the terms and conditions of this Agreement, and in exchange for the applicable Fees and Expenses, the Provider agrees to deliver to the Client the services (the “Services”) and deliverables (the “Deliverables”) expressly set out in the Order Form. The Services may include, among other things, cybersecurity services such as (but not limited to) threat detection and response, monitoring, incident management, compliance consulting, security assessments, and penetration testing (the “Cybersecurity Services”).

Any ancillary technical support or configuration assistance outside of cybersecurity scope shall be provided only where expressly agreed in writing by the parties.

The scope of Services (and, for certainty, subject to Section 2.5, the Fees and Expenses) may be amended, modified, or supplemented at any time by mutual agreement, with email confirmation deemed sufficient, provided it is in a written form acceptable to the Provider (a “Change Order”).

​

1.2 Response Time / SLA

The Provider distinguishes between Security Incidents and Service Changes, each with separate response time commitments and service scope.

​

Security Incidents (24/7 SOC Coverage):

Security incidents refer to events that may indicate a compromise, active threat, or malicious activity affecting the Client’s systems or data. The Provider operates a 24/7/365 Security Operations Center (SOC) and will respond as follows:

• Critical – Response within 30 minutes
  (e.g., confirmed breach, ransomware, malware execution, system compromise)

• High – Response within 1 hour
  (e.g., suspicious activity, attempted intrusion, abuse of privileges)

• Normal – Response within 4 hours
  (e.g., low-risk alerts, anomaly review, false positives)

Although these are the formal maximum response times, the Provider typically initiates response within minutes for most incidents, especially those classified as Critical or High priority.

 

As part of the core incident response service, and subject to appropriate access being granted, the Provider will:

• Isolate affected systems or accounts

• Secure the perimeter to limit lateral movement

• Initiate investigation and threat tracking to assess impact and identify next steps

 

These activities focus on containment and analysis. Any remediation or cleanup efforts—such as malware removal, system recovery, patching, reimaging, or restoring services—are not included in the incident response scope and instead fall under Service Changes, as described below.

 

Service Changes:

Service Changes refer to planned or reactive technical work, including configuration adjustments, access provisioning, infrastructure updates, and any remediation or cleanup activities arising from a security incident.

Service Changes are typically handled during standard business hours: Monday to Friday, 7:00 AM to 5:00 PM EST, excluding statutory holidays. However, certain changes may be scheduled outside business hours, particularly when needed to minimize disruption or when mutually agreed upon.

• Urgent – Response within 1 hour
  (e.g., emergency system recovery, immediate patching, critical access restoration)

• Standard – Response within 4 hours
  (e.g., firewall rule changes, system hardening, account provisioning)

• Low – Response within 8 hours
  (e.g., documentation updates, routine configuration)

 

All Service Changes are subject to additional charges and are only provided under a valid retainer agreement or separate Change Order. Requests made outside of business hours may incur additional fees unless otherwise agreed in writing.

1.2 Subcontractors.

The Provider may from time to time engage third parties (each a “Subcontractor”), such as independent contractors, affiliates, service providers, licensees and agents, to perform any part of the Services or any part of its obligations under this Agreement. The Provider will: (a) remain directly responsible to the Client for the acts or omissions of each Subcontractor; and (b) ensure that each Subcontractor is bound in writing to terms equally as protective of the Client as the terms and conditions of this Agreement.

​

1.3 Changes to Services.

Notwithstanding Section 1.1 above, the Provider reserves the right, in its reasonable discretion, to make changes to the Services, including replacing or updating tools, platforms, or technologies used in delivering the Services, provided that such changes do not result in a material reduction in the overall quality, functionality, or security posture of the Services.

 

Such changes may be made to:

(a) maintain or enhance (i) the quality or delivery of the Services, (ii) the competitive strength or market positioning of the Services, or (iii) the cost efficiency or performance of the Services;
(b) comply with applicable laws or regulatory requirements; or
(c) temporarily suspend access to the Services as required for Scheduled Downtime related to maintenance or updates.

1.4 Suspension of Services.

Without limiting any other remedy available to Provider by law, in equity, or otherwise under this Agreement, in the event of a material breach or a reasonably suspected material breach by the Client of this Agreement, including overdue and outstanding payment obligations, the Provider may, in its sole discretion and without penalty of any kind, immediately suspend its obligations to the Client relating to the Services until such time as: (a) any such actual breach is cured by the Client to the reasonable satisfaction of Provider; (b) Provider is given reasonable assurance that there is no breach or suspected breach by the Client; or (c) the Client’s obligations which were delayed or outstanding have been performed to the reasonable satisfaction of Provider.
 

1.5 Scope of Services.
For clarity, and unless expressly included in the Order Form or a valid Change Order, the Services do not include:

• Support for systems, configurations, or environments that have been materially modified by the Client or a third party without the Provider’s prior knowledge or alignment, where such modifications materially impact the security posture or service effectiveness;

• Investigation or resolution of issues resulting from misconfiguration, misuse, failure to follow agreed security practices, or actions taken by the Client that contradict the Provider’s documented or clearly communicated cybersecurity guidance or expert recommendations;

• Remediation of cybersecurity incidents where the root cause involves unmanaged or undisclosed infrastructure, unauthorized third-party integrations, or client-side administrative actions that fall outside the Provider’s defined responsibilities.

Any work falling outside the defined scope of the Services may be delivered under a separate retainer or Change Order and is subject to additional fees.
 

1.6 Onboarding Process.
Upon execution of the Order Form, the Client agrees to reasonably cooperate with the Provider to complete onboarding as soon as practicable (the “Onboarding Process”). The scope and timeline of onboarding may vary depending on the complexity and accessibility of the Client’s infrastructure.

​

The Client acknowledges that the Provider is not required to commence Services until it has received sufficient access, information, and operational clarity to proceed securely. Any delays caused by the Client’s lack of cooperation, unavailable systems, or incomplete information may delay the provision of Services without penalty to the Provider. Fees and Expenses are non-refundable regardless of onboarding completion, unless otherwise agreed in writing.

​

The Provider may adjust its onboarding approach where necessary to accommodate operational realities, provided the Client is kept reasonably informed.

​

1.7 Threat Outreach.
As part of its cybersecurity services, the Provider may identify cyber threats or indicators of compromise affecting external organizations or systems. The Provider reserves the right to contact third parties (including infrastructure providers or affected entities) to help prevent or mitigate such threats. The Provider will not disclose the Client’s identity or any Confidential Information without the Client’s prior written consent.

2. FEES AND PAYMENT TERMS

 

2.1 Payment.
The Client will pay to the Provider the fees for the services (the “Fees”) and the Expenses in the amounts, at the times, and according to the terms set out in the Order Form. All Fees payable under this Agreement are exclusive of any and all applicable taxes, which will be invoiced together with the Fees. Subject to the Order Form, invoices under this Agreement are payable, without holdback or setoff, within thirty (30) days of delivery, except where such Fees and Expenses invoiced are disputed by the Client in good faith. Invoice disputes will not affect the undisputed portions of the Fees and Expenses payable by the Client.

​

2.2 Expenses.
Additional charges for travel, accommodation, out-of-pocket costs, and all other expenses incurred by the Provider in connection with the Services (the “Expenses”) will be invoiced to the Client together with the Fees. For certainty, unless otherwise expressly provided in the Order Form: (a) all Expenses will be pre-approved by the Client in writing; and (b) any freight and postage costs will be invoiced on a monthly basis to the Client without mark-up.

 

2.3 Failure of Payment.
Without limiting any other remedy available to the Provider under this Agreement or at law, in the event that the Client’s payment obligations are overdue and outstanding for a period of fifteen (15) days, the Provider may, in its sole discretion, suspend Services and/or terminate this Agreement immediately upon notice to the Client.

 

2.4 Assumptions.
The Fees are determined based on, among other things, the Assumptions (if any) defined in the Order Form. The Fees are subject to change by the Provider upon any material change to the Assumptions, or if any of the Assumptions are found to be materially unsustainable, misrepresented, inaccurate, unfulfilled, or untrue. For certainty, the Fees are subject to change upon the Provider’s discovery of requirements or complexities relating to the Services or Deliverables that were unknown as of the Effective Date. In the event of any such change, the Provider will promptly provide a Change Order to the Client for review and execution, and the Provider’s obligations under the Order Form will be suspended, without penalty to the Provider, until a Change Order is mutually executed.

 

2.5 Hourly Rate Changes.
The Provider reserves the right to adjust its hourly rates for any Services that are provided on a time and materials basis. The Provider will provide at least thirty (30) days’ written notice to the Client prior to any such adjustment. Any such adjustments will be made in the Provider’s sole discretion, acting reasonably.

​

2.7 Subscription Fee Adjustments.
The Provider may adjust subscription-based Fees for Services, including any third-party licenses or tools resold to the Client, upon providing as much prior notice as reasonably practical. The Provider will use commercially reasonable efforts to give at least thirty (30) days’ written notice for any such adjustment but may apply changes with shorter notice if they result from upstream vendor pricing changes outside of the Provider’s control. If the Client does not agree to the revised Fees, the Client may terminate the affected Services upon thirty (30) days’ written notice, without further liability beyond amounts already due.

​

2.7 Refunds.
Except as otherwise expressly set out in the Order Form, all Fees and Expenses are non-refundable.

​

3. USE OF SERVICES

3.1 Authorization.

Subject to the Client’s payment of the Fees, the Provider hereby authorizes the Client to access and use, during the Term, the CS Services solely for the Client’s internal business operations in accordance with the terms and conditions set forth in this Agreement. The Client remains directly responsible for the acts and omissions of its personnel, contractors, and authorized users in relation to the Services, as if such acts or omissions were its own. This authorization is non-exclusive and non-transferable.

​

Co-Managed Resale Partnerships.
Clients operating in a co-managed service relationship with the Provider may, with the Provider’s prior written approval, offer the Provider’s Services to their own end-customers as part of an authorized resale partnership. In such arrangements, the Provider will deliver Services directly to the end-customer on behalf of the Client, and the terms of this Agreement will apply, subject to any additional conditions mutually agreed in writing. The Client remains responsible for managing the commercial and contractual relationship with the end-customer, while the Provider retains responsibility for the technical delivery and performance of the Services as scoped.

3.2 Responsible Use.

Except as otherwise expressly permitted by the Provider, the Client will not:

(a) use the Services in violation of any applicable laws or in breach of this Agreement;
(b) use the Services in a manner inconsistent with their intended cybersecurity purpose;
(c) reverse engineer, disassemble, decompile, or otherwise attempt to access the underlying code or data of the Services;
(d) bypass or interfere with any security measures or protocols associated with the Services;
(e) transmit, store, or distribute malicious code, unauthorized scripts, or unlawful content through the Services, except where such content is explicitly collected, transmitted, or analyzed for legitimate security or forensic purposes as part of the Services and with appropriate safeguards in place;
(f) publish, duplicate, or redistribute any portion of the Services without written consent from the Provider;
(g) damage, disrupt, disable, or otherwise impair the operation or performance of the Services;
(h) remove or obscure any proprietary rights notices or disclaimers on the Services or Deliverables.

3.3 Client Obligations.

The Client will ensure safe, authorized, and secure access to any systems, environments, or facilities required for the Provider to perform included services. The Provider’s performance is contingent on the Client’s timely cooperation, approvals, and disclosure of relevant information.

4. PROPRIETARY RIGHTS

 

4.1 Services and Deliverables.
The Provider is and will remain the sole and exclusive owner of all right, title, and interest (including all Intellectual Property Rights) in and to the Services. Except as otherwise expressly set out in the Order Form or a Change Order:
(a) the Provider is and will remain the sole and exclusive owner of all right, title, and interest (including all Intellectual Property Rights) in and to any and all Deliverables; and
(b) the Provider hereby grants to the Client, subject to payment in full for the applicable Services and compliance with this Agreement, a non-exclusive, non-transferable, royalty-free right, during the Term, to use the Deliverables solely in the country(ies) in which the Client does business and solely for the Client’s internal use.

 

4.2 Rights Reserved.
Except for the rights and licenses expressly granted in this Agreement, neither party grants to the other any Intellectual Property Rights, and all such rights, title, and interest are hereby retained and reserved.

5. CONFIDENTIALITY

 

5.1 Obligation.
The Receiving Party acknowledges that the Disclosing Party’s Confidential Information is a valuable and proprietary asset, the unauthorized use or disclosure of which would be damaging. During and after the Term, the Receiving Party shall:
(a) maintain the confidentiality of the Disclosing Party’s Confidential Information and use it solely for purposes of exercising its rights or fulfilling its obligations under this Agreement;
(b) not directly or indirectly disclose any such Confidential Information to third parties without prior written authorization from the Disclosing Party, except as expressly permitted under this Agreement;
(c) apply safeguards consistent with a high degree of care, and in no case less than a reasonable standard, to protect such Confidential Information; and
(d) limit access to such Confidential Information to employees, agents, or contractors who have a legitimate need to know, and who are bound by written confidentiality obligations no less protective than those herein.

If the Receiving Party is required by applicable law, regulation, or court order to disclose any of the Disclosing Party’s Confidential Information, it shall promptly (to the extent legally permissible):
(i) notify the Disclosing Party in writing; and
(ii) cooperate with the Disclosing Party to limit the scope of disclosure to the minimum legally required.

​

5.2 Return or Destruction.
Upon written request of the Disclosing Party, the Receiving Party shall return or irreversibly destroy all Confidential Information within thirty (30) days. If requested, the Receiving Party shall confirm such destruction or return in writing within five (5) days thereafter.

​

5.3 Equitable Relief.
Each party acknowledges that any actual or threatened breach of this Section may cause irreparable harm not compensable by monetary damages alone. In such cases, the non-breaching party is entitled to seek injunctive or other equitable relief, without bond or proof of damages, in addition to any other remedies available in law or equity.

​

6. REPRESENTATIONS & WARRANTIES

6.1 Mutual.

Each party hereby represents and warrants to the other party that: (a) it is a business duly registered or incorporated, validly existing, and in good standing under the laws of its jurisdiction; (b) it has full right and authority to enter into, execute, and perform its obligations under this Agreement; and (c) the execution, delivery, and performance of this Agreement constitutes a legal, valid, and binding agreement of such party.

6.2 Provider.

Provider hereby represents and warrants to the Client that: (a) it will comply with all applicable laws; (b) it will perform the Services in a professional manner; and (c) the Services and Deliverables will conform in all material respects to the Order Form and any Change Order(s).

6.3 Client.

The Client hereby represents and warrants to the Provider that the Client owns or otherwise has the necessary rights and consents in and relating to Client Data so that, to the extent any such data is required to be used by the Provider to deliver the Services and Deliverables in accordance with this Agreement, such use of the Client Data does not and will not infringe, misappropriate or otherwise violate any Intellectual Property Rights or any privacy or other rights of any party or violate any applicable laws.

​

7. TERM & TERMINATION

7.1 Term.

This Agreement will commence on the Effective Date and will remain in effect until terminated pursuant to this Section 7 (the “Term”).

7.2 Termination for Convenience.

Either party may at any time terminate this Agreement for any or no reason with fifteen (15) days’ prior written notice to the other party.

7.3 Termination for Cause.

Either party may terminate this Agreement immediately upon notice if the other party: (a) fails to correct a material breach of its obligations under this Agreement within seven (7) days after receipt by such other party of written notification from the notifying party of such material breach, provided however, that a breach of the confidentiality obligations set forth in Section 5 will be grounds for immediate termination of this Agreement by written notice from the non-breaching party; or (b) files a bankruptcy petition, has a bona fide petition filed involuntarily against it, becomes insolvent, makes an assignment for the benefit of creditors, consents to the appointment of a trustee, or if bankruptcy reorganization or insolvency proceedings are instituted by or against the other party.

7.4 Effect of Termination.

Upon termination of this Agreement for any reason: (a) the Order Form and any Change Orders then in effect will immediately terminate; (b) the Provider will cease providing the Services to the Client; (c) the Provider will deliver to the Client a final statement of account and/or invoice for Fees and Expenses accrued up to and including the date of termination, and the Client will pay all undisputed Fees and Expenses within seven (7) days of termination; and (d) any provision of this Agreement that imposes an obligation after termination of this Agreement will survive the termination of this Agreement, including Sections: 2.1, 2.2, 2.3, 4, 5, 7 – 12 (inclusive) and 15.

​

8. NON-SOLICITATION

During the Term and for a period of one (1) year thereafter, neither party, directly or through an affiliate, will take any action to induce any employees, contractors (which includes Subcontractors) or personnel of the other party (“Personnel”) to discontinue their employment or contract (as applicable) with such other party, nor will either party employ or otherwise engage any Personnel. Notwithstanding, neither party will be prohibited from: (a) making general public solicitations for particular positions or job classifications and employing or otherwise engaging Personnel who respond thereto, provided such party can demonstrate that such Personnel initiated contact and were not specifically targeted or induced by such party; or (b) engaging any Personnel that have not been employed or otherwise contracted with the other party for a period of at least one (1) year.

​

9. INDEMNITY

Each party (the “Indemnitor”) will defend, indemnify and hold harmless the other party and their officers, directors, contractors, and employees (together, the “Indemnitees”) against and from any and all third party claims, demands, actions, causes of action, damage, loss, suits, proceedings, costs, liabilities, expenses and charges incurred or suffered by the Indemnitees as a result of or in connection with any material non-fulfillment or breach of any warranty or covenant, or any material misrepresentation, under this Agreement by the Indemnitor. This Section will survive any termination of this Agreement for a period of three (3) years.

​

10. DISCLAIMERS

10.1 General.

EXCEPT AS OTHERWISE EXPRESSLY PROVIDED HEREIN, THE CLIENT’S USE OF THE SERVICES AND DELIVERABLES IS AT THE CLIENT’S SOLE RISK. EXCEPT FOR THE EXPRESS WARRANTIES AND REPRESENTATIONS PROVIDED IN THIS AGREEMENT, THE PROVIDER HEREBY DISCLAIMS ANY AND ALL GUARANTEES, REPRESENTATIONS, CONDITIONS AND WARRANTIES REGARDING THE SERVICES AND DELIVERABLES, WHETHER IMPLIED OR STATUTORY, ORAL OR OTHERWISE, ARISING UNDER ANY LAW OR OTHERWISE, INCLUDING ANY CONDITIONS AND WARRANTIES WITH RESPECT TO VALIDITY, ACCURACY, NON-INTERRUPTION, NON-INFRINGEMENT, ERROR-FREE OPERATION, MERCHANTABILITY, QUALITY, OR FITNESS FOR A PARTICULAR PURPOSE. EXCEPT AS EXPRESSLY PROVIDED IN THIS AGREEMENT, THE SERVICES AND DELIVERABLES ARE PROVIDED “AS-IS”. ABSOLUTE SECURITY CANNOT BE GUARANTEED. WITHOUT LIMITING ANY OF ITS DISCLAIMERS AND LIABILITY LIMITATIONS HEREIN, THE PROVIDER WILL NOT BE LIABLE FOR ANY DAMAGES ARISING FROM CYBERSECURITY ATTACKS OR BUSINESS INTERRUPTION DUE TO SYSTEM OUTAGES OR HARDWARE FAILURE. THIS SECTION WILL APPLY TO THE FULLEST EXTENT PERMITTED BY LAW.

10.2 High-Risk Application.

WITHOUT LIMITING ANYTHING HEREIN, THE SERVICES ARE NOT DESIGNED OR INTENDED FOR USE IN HAZARDOUS ENVIRONMENTS REQUIRING FAIL-SAFE PERFORMANCE, INCLUDING THE OPERATION OF NUCLEAR FACILITIES, AIRCRAFT NAVIGATION OR COMMUNICATION SYSTEMS, AIR TRAFFIC CONTROL, WEAPONS SYSTEMS, LIFE-SUPPORT MACHINES, OR ANY OTHER APPLICATION IN WHICH THE FAILURE OF THE SERVICES COULD LEAD DIRECTLY TO DEATH, PERSONAL INJURY OR PROPERTY DAMAGE.

​

11. THIRD-PARTY PRODUCTS & WARRANTIES

11.1 Third Party Products.

Some manufacturers’ warranties or terms and conditions for Third Party Products may become void if the Provider or anyone else, other than the manufacturer or its authorized representatives, provides services for or works on their hardware or software (such are providing maintenance and repair services). PROVIDER WILL NOT BE RESPONSIBLE FOR THIRD PARTY WARRANTIES BY VIRTUE OF PROVIDING THE SERVICES. ADDITIONALLY, THE PROVIDER WILL NOT BE LIABLE FOR VOIDING ANY THIRD PARTY WARRANTIES RESULTING FROM THE SERVICES. EXCEPT OTHERWISE EXPRESSLY AGREED IN THE ORDER FORM OR A CHANGE ORDER, ANY AND ALL THIRD PARTY PRODUCTS WILL BE EXCLUSIVELY SUBJECT TO TERMS AND CONDITIONS BETWEEN THE THIRD PARTY AND THE CLIENT. NOTWITHSTANDING ANYTHING HEREIN, PROVIDER WILL HAVE NO LIABILITY FOR THIRD PARTY PRODUCTS AND THE CLIENT WILL LOOK EXCLUSIVELY TO THE THIRD PARTY PROVIDER FOR ANY DAMAGES OR LIABILITY WITH RESPECT TO THE PROVISION OF SUCH THIRD PARTY PRODUCTS.

11.2 License to Third Party Products.

Except as otherwise expressly agreed in the Order Form or a Change Order, the Client authorizes the Provider to copy, install, modify, when necessary and as required by the Order Form or a Change Order, all Third Party Products to be used in the Services or to be copied or stored for subsequent re-installation of a backup system or data. The Client hereby represents and warrants to Provider that it has obtained any licenses, consents, regulatory certifications or approvals required to give the Provider and its Subcontractors or employees such rights or license to access, copy, distribute, use and/or modify (including creating derivative works) or install any Third Party Products to be used in the Services, without infringing the ownership or license rights (including patent and copyright) of the providers or owners of such products.

​

12. LIABILITY LIMITATION

 

NOTWITHSTANDING ANYTHING HEREIN, THE PROVIDER’S MAXIMUM LIABILITY TO THE CLIENT UNDER THIS AGREEMENT WILL NOT EXCEED THE AGGREGATE AMOUNT OF FEES PAID BY THE CLIENT TO THE PROVIDER DURING THE SIX (6) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

​

IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER FOR ANY INCIDENTAL, PUNITIVE, INDIRECT, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING DAMAGES FOR LOSS OF BUSINESS, LOSS OF PROFITS, BUSINESS INTERRUPTION, LOSS OF DATA, LOST SAVINGS, OR LOST OPPORTUNITY COSTS), HOWEVER CAUSED AND UNDER ANY THEORY OF LIABILITY (INCLUDING NEGLIGENCE), EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

 

THE PROVIDER WILL HAVE NO LIABILITY WHATSOEVER ARISING FROM OR RELATING TO THE USE, MISUSE, OR FAILURE TO FOLLOW SECURITY GUIDANCE BY ANY THIRD PARTY TO WHOM THE CLIENT HAS EXTENDED OR PROVIDED ACCESS TO THE SERVICES, INCLUDING AUTHORIZED RESELLERS OR ANY OTHER DOWNSTREAM USERS, WHETHER OR NOT SUCH PARTIES WERE KNOWN TO OR APPROVED BY THE PROVIDER.

​

FOR CLARITY, THE LIMITATIONS IN THIS SECTION WILL NOT APPLY TO EITHER PARTY’S OBLIGATIONS UNDER SECTION 9 (INDEMNITY), OR TO ANY DAMAGES RESULTING FROM A PARTY’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT.

 

THIS SECTION WILL APPLY TO THE FULLEST EXTENT PERMITTED BY LAW.

​

13. EXPORT; REGULATORY REQUIREMENTS

13.1 Export.

The Provider and the Client each acknowledge that the Services provided under this Agreement may be subject to the customs and export control laws and regulations of the United States and Canada, may be rendered and/or performed in countries outside of the United States and Canada, and may also be subject to the customs and export laws and regulations of the country in which the Services are rendered and/or received. To the extent that a license is required for the export of any Client-provided software, the Client is solely responsible for obtaining any such license. The Provider may require export certifications from the Client for Client-provided software. The Provider’s performance of the Services is subject to the issuance of any applicable export licenses required by the United States or Canadian Government, and the Provider is not liable for delays or failure to deliver Services or any Deliverables resulting from the Client’s failure to obtain such license or to provide such certification.

13.2 Regulatory Requirements.

The Provider is not responsible for determining if Third Party Products to be used in the provision of the Services satisfy the local regulatory requirements of the country to which such products are to be shipped, nor will the Provider be obligated to provide any Services where the resulting products or software do not satisfy the local regulatory requirements.

​

14. AMENDMENT

14.1 General.

Except as otherwise expressly provided herein, no modification, amendment or waiver of any provision of this Agreement will be effective unless in writing and signed by the parties hereto. No failure or delay by a party in exercising any right, power, or remedy under this agreement, except as specifically provided herein, will operate as a waiver of any such right, power or remedy.

14.2 By Provider.

The Provider may amend the terms of this Agreement at its discretion by providing the Client with at least thirty (30) days’ prior written notice, which may be delivered by email (the “Notice Period”). Such amendments will become effective at the end of the Notice Period unless otherwise stated in the notice. If the Client does not accept the amended terms, the Client may terminate this Agreement before the end of the Notice Period. Continued use of the Services or Deliverables after the effective date of an amendment will be deemed acceptance of the amended terms.

​

15. GENERAL

​

15.1 Entire Agreement.

This Agreement, together with (a) the Order Form, (b) the Provider’s Privacy Policy located at https://www.ninpo.com/privacy (the “Privacy Policy”), which governs the collection, use, and sharing of data in connection with the Services and may be amended by the Provider from time to time as provided therein, and (c) any Change Order(s), constitutes the final, complete, and exclusive agreement between the parties with respect to the subject matter hereof, and supersedes any prior or contemporaneous agreement. To the extent of any conflict between this Agreement, the Privacy Policy, the Order Form, and/or a Change Order, the following order of precedence will apply: (1) this Agreement; (2) the Privacy Policy; (3) the Change Order; and (4) the Order Form.

 

15.2 Assignment.

This Agreement will not be assigned by either party, whether voluntarily, involuntarily, or by operation of law, in whole or in part, to any other entity without the prior written consent of the other party. Notwithstanding the foregoing, upon written notice to the Client, the Provider may assign this Agreement to a successor in interest in connection with a merger, acquisition, reorganization, change of control, or sale of all or substantially all of the Provider’s assets, without requiring the Client’s consent. Any assignment in violation of this Section will be null and void from the beginning and deemed a material breach of this Agreement.

 

15.3 Choice of Law.

This Agreement will be governed by and construed in accordance with the laws of the Province of Ontario and the federal laws of Canada applicable therein. The provincial and federal courts located in Toronto, Ontario will have exclusive jurisdiction over any dispute arising out of or relating to this Agreement, and each party consents to the exclusive jurisdiction of such courts. Notwithstanding the foregoing, either party may seek injunctive or equitable relief in any jurisdiction with a reasonable connection to the subject matter of this Agreement.

 

15.4 Force Majeure Events and Client Delays.

Without limiting any of the Provider’s rights herein, the Provider will not be responsible for, and disclaims any liability relating to, any failure or delay in performing its obligations under this Agreement to the extent such failure or delay is due to: (a) delays caused by the Client; (b) the Client’s breach of any obligation under this Agreement; or (c) any event beyond the Provider’s reasonable control, including acts of God, war, terrorism, civil unrest, embargoes, acts of civil or military authorities, pandemics, government orders, natural disasters, labor disputes, or failures of power, hardware, software, internet services, or hosting facilities outside the Provider’s reasonable control (each, a “Force Majeure Event”), provided that the Provider gives prompt notice of such event and uses reasonable efforts to minimize the delay.

​

15.5 Notices.

Any notice or communication required or permitted under this Agreement must be in writing and delivered: (a) in person; or (b) by email to the address specified in the Order Form. Notices will be deemed given upon confirmation of delivery.

15.6 Currency. Unless otherwise stated, all monetary amounts in this Agreement are stated and payable in Canadian Dollars (CAD).

​

15.7 Independent Contractors.

The parties are independent contractors, and nothing in this Agreement will be construed to create a relationship of employment, agency, joint venture, or partnership between the parties or between the Provider and any third party to whom the Client extends or resells the Services. Neither party has authority to bind or obligate the other in any way.

​

15.8 Interpretation.

Headings are for reference only and do not affect interpretation. No rule of construction that disfavors the drafter will apply. Words like “herein,” “hereto,” “hereof,” and similar terms refer to the Agreement as a whole. The word “including” is deemed to be followed by “without limitation.”

​

15.9 Independent Legal Advice.

Each party acknowledges that it had the opportunity to seek independent legal advice before executing this Agreement.

​

15.10 Severability.

If any provision of this Agreement is held to be illegal, invalid, or unenforceable, that provision will be deemed severed and the remaining provisions will remain in full force and effect. Where legally permissible, a valid and enforceable provision that most closely reflects the intent of the original will be substituted in its place.

​

16. DEFINITIONS

(a) “Client Data” means information and other content, in any form or medium, that is collected or otherwise received by the Provider directly or indirectly from the Client or Client Personnel in connection with the Provider’s performance of the Services.

​

(b) “Client Personnel” means all employees, agents, independent contractors and any other authorized representatives of the Client.

​

(c) “Confidential Information” means information that is not generally known to the public or that otherwise constitutes a trade secret under applicable law, including technical information, know-how, technology, software applications and code, prototypes, ideas, inventions, methods, improvements, data, files, information relating to client identities and other client information; provided that, Confidential Information does not include any of the foregoing information that the Receiving Party can demonstrate: (i) has entered into the public domain through no wrongful act or breach of any obligation of confidentiality by the Receiving Party; (ii) was in the lawful knowledge and possession of, or was independently developed by, the Receiving Party prior to the time it was disclosed to, or learned by, the Receiving Party hereunder as evidenced by written records; (iii) was rightfully received by the Receiving Party from a third party without a breach of such third party’s obligations of confidentiality; or (iv) was approved in writing for release by the Disclosing Party. Confidential Information includes such information that was disclosed by the Disclosing Party to the Receiving Party prior to the Effective Date.

​

(d) “Disclosing Party” means the party who discloses or otherwise divulges Confidential Information to the other party.

​

(e) “Effective Date” means the date set out in the Order Form as the start date of the Agreement, or if none is specified, the date this Agreement is executed by both parties.

​

(f) “Expenses” has the meaning set out in Section 2.2.

​

(g) “Fees” has the meaning set out in Section 2.1.

​

(h) “Intellectual Property Rights” means (i) copyrights and copyrightable works, whether registered or unregistered; (ii) trademarks, service marks, trade dress, logos, registered designs, trade and business names (including Internet domain names, corporate names and e-mail address names), whether registered or unregistered; (iii) patents, patent applications, patent disclosures and inventions (whether patentable or not); (iv) trade secrets, processes, methods, data privacy rights, know-how and rights in designs; and (v) all other forms of intellectual property or any other proprietary rights in every jurisdiction worldwide.

​

(i) “Order Form” means the document or other written agreement executed by the Client and the Provider, including any schedules, appendices, or statements of work, which sets out the specific Services, Deliverables, Fees, and any applicable assumptions or limitations.

​

(j) “Privacy Policy” has the meaning set out in Section 15.1.

​

(k) “Receiving Party” means the party who receives or otherwise obtains Confidential Information from the Disclosing Party or from the Disclosing Party’s employees, agents, representatives, consultants, clients, contractors or suppliers.

​

(l) “Scheduled Downtime” means the time(s) that the Services are inaccessible or unavailable to the Client in connection with preventative maintenance, scheduled maintenance and repair.

​

(m) “Security Incident” means any actual or suspected unauthorized access to or use of data, systems, or networks that may compromise the confidentiality, integrity, or availability of Client Data or systems under the Provider’s monitoring, as reasonably determined by the Provider.

​

(n) “Service Changes” means any additions, modifications, or reconfigurations to systems, environments, networks, or software that are not part of incident response or standard monitoring and support, and which may incur additional Fees or require a retainer or Change Order.

​

(o) “Services” has the meaning set out in Section 1.1 and includes all cybersecurity services, and any IT services where explicitly included in the Order Form.

​

(p) “Term” has the meaning set out in Section 7.1.

​

(q) “Third Party Products” means any third-party software, hardware or services.

​

(r) “Authorized Reseller” means a Client who is authorized by the Provider in writing to resell the Services to its own end users, subject to the terms of this Agreement and any applicable Order Form. Authorized Resellers may not white-label or obscure the Provider’s identity unless explicitly agreed in writing.

​

(s) “Change Order” means any written amendment or supplement to the Services or Deliverables under this Agreement, mutually agreed to by the parties and signed or confirmed in writing (email to suffice), and which sets out changes to scope, Fees, Expenses, timing, or other terms.

​

(t) “Deliverables” means all work product, documentation, reports, software configurations, or other tangible or intangible items delivered by the Provider to the Client as part of the Services, as expressly set out in the Order Form or a Change Order.

​

​[END OF TERMS OF SERVICE]
Last updated: June 17, 2025.