MASTER SERVICES AND LICENSE AGREEMENT

This Master Services and License Agreement (this “Agreement” or “MSLA”) sets forth the binding terms and conditions governing all direct licensing and service transactions between Group-IB and its end customers (“Customer”). This Agreement is a standard contract and is incorporated by reference into each quotation (“Quotation”) issued by Group-IB to a Customer. By entering into a Quotation as provided for under this Agreement, whether by signing it or by issuing a confirming purchase order (a “Purchase Order” or “PO”)-, Customer accepts and agrees to be bound by the terms of this Agreement, without any need for a separate signature on this Agreement. All capitalized terms used in this Agreement have the meanings assigned to them in Annexe A hereto.

1.1. Master Agreement. This Agreement establishes the general terms and conditions under which a Customer may order and access Group-IB’s offerings. It is not required to be separately signed by Customer; rather, it is incorporated by reference into each Quotation issued by Group-IB and governs every transaction arising from such Quotation.

1.2. Provision of Software Products. Subject to the terms of this Agreement, Group-IB shall make the licensed Software Products available to Customer during the applicable Order term. Software Products are delivered by remote access to the Web Portal on a software-as-a-service (SaaS) basis. Group-IB will create Customer’s account(s) and provide Customer with the necessary access credentials to allow Customer’s authorized End Users to access the Software Products via the internet (Web Portal, interface, or API, whichever is applicable). Customer is responsible for obtaining and maintaining its own internet connectivity and compatible devices required to access the Software Products. Group-IB may, from time to time, update the content, features, or user interface of the Software Products, but will not materially reduce the core functionality of the subscribed Software Product(s) during the applicable Order term. In the event that any such modification would materially reduce the core functionality of the Software Products, Group-IB shall notify the Customer of such change through the Web Portal, the Software Products themselves, or by other reasonable electronic means. Any material reduction of core functionality shall not apply during the then-current Order term, but may take effect upon renewal of the applicable Order, provided that Group-IB has notified the Customer of such changes via the Web Portal, the Software Products, or other reasonable electronic means prior to renewal. Renewal of an Order shall constitute acceptance of the Software Products and functionality as in effect at the start of the renewal term.

1.3. Provision of Services.  Subject to the terms of this Agreement, Group-IB shall provide the Services to the Customer. The scope, objectives, and conditions of the Services shall be specified in the relevant Technical Proposal.

Services may include:

(a) One-time engagements, in which Group-IB performs a defined set of tasks resulting in a Deliverable, such as a report or technical analysis, provided in accordance with the agreed scope, format, and delivery timeline stated in the applicable Order; and/or

(b) Ongoing support arrangements, in which Group-IB provides continued assistance, monitoring, readiness, or other operational cybersecurity services throughout a defined period specified in the Order.

Services may be performed remotely or on-site, as required by the nature of the engagement and as mutually agreed in the applicable Order. The Customer shall provide all necessary information, access, resources, and cooperation to support the timely and effective delivery of the Services, in accordance with Clause 9 below.

Group-IB may update the tools, personnel, or methodologies used to perform the Services, provided that such changes do not materially degrade the quality or intended outcomes of the Services during the applicable Order term.

1.4. Technical Proposal. The technical specifications of each Software Product and/or Service offered to the Customer shall be set forth in the Technical Proposal provided by Group-IB to the Customer on or before the date of the applicable Quotation.

1.5. Ordering Process. A Quotation is considered accepted and binding when it is signed by the Customer or a PO referencing this Quotation is issued by the Customer. Once a Quotation is accepted and the Order is executed, no further PO or additional agreement is required for the transaction to be valid.

1.6. Affiliates and Contractors. Customer’s Affiliates may purchase Software Products and Services under this Agreement by entering into Orders hereunder. By executing an Order, an Affiliate agrees to be bound by the terms of this Agreement as if it were an original Party. Customer shall be responsible for the performance of its Affiliates and any authorized End Users who access the Software Products and/or Services under any Order. Likewise, the Parties agree that Group-IB may involve its own Affiliates or subcontractors in delivering the Software Products and Services, provided that Group-IB remains responsible for their performance.

1.7. Superseding and Rejection. In the event of any direct conflict between the terms of this Agreement and a Quotation, the Quotation will prevail only with respect to the terms expressly specified in it, and all other terms of this Agreement shall remain in full force and effect.

In all cases, any terms or conditions contained in or incorporated by reference into any Customer PO shall be void and of no effect unless expressly agreed in writing by both Parties, and the terms of this Agreement (together with the applicable Order) shall exclusively govern the transaction.

2.1. License Grant. During the term of each Order, and subject to Customer’s compliance with this Agreement (including timely payment of all fees), Group-IB grants to Customer a limited, non-exclusive, non-transferable, non-sublicensable right and license to access and use the Software Products specified in the Order, solely for Customer’s own internal business purposes. Such use is limited to the quantity, scope, term and territory (if any) stated in the Order (for example, number of accounts, systems, locations, Active Users, Assets, etc.). If no territory is specified, Customer may use the Software Products globally, subject to applicable export laws and regulations. Group-IB (as licensor) will provide Customer with the necessary access credentials or accounts to use the subscribed Software Products via the Web Portal, interface, or API, whichever is applicable. Customers’ use of the Software Products shall be in accordance with the Documentation and all applicable laws and regulations.

2.2. Restrictions. Except as expressly permitted in this Agreement or an Order, Customer shall not (and shall not permit any third party to) do any of the following with respect to the Services, Software Products, Data or Documentation:

(a) reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code or underlying ideas or algorithms of any Software Products or Web Portal;

(b) modify, adapt, or create derivative works of the Software Products, Web Portal or Data;

(c) remove, obscure, or alter any proprietary notices, labels, or marks on the Software Products, Web Portal, Data and Documentation;

(d) use the Software Products, Web Portal or Data in violation of any applicable law, regulation, or rights of others (including data privacy laws and export control laws);

(e) introduce into the Software Products or Web Portal any virus, malware, Trojan horse, or other harmful code;

(f) use the Software Products, Web Portal or Data to attempt unauthorized access to any system or data, or to perform security testing or vulnerability scanning of any system except Customer’s own assets (and then only as intended and permitted by the Software Products);

(g) use the Software Products, Web Portal or Data to gather information or data regarding any third party without such party’s consent (for example, using the Attack Surface Management Service to scan a third party’s assets without authorization);

(h) rent, lease, lend, sell, resell, sublicense, distribute, or otherwise provide any third party with access to the Software Products, Web Portal and Data (or any portion thereof) on a service or time-sharing basis;

(i) use the Software Products, Web Portal or Data for the benefit of any third party;

(j) incorporate any portion of the Software Products, Web Portal or Data into any other product or service to be provided to a third party;

(k) interfere with or circumvent any access control or use-limit mechanisms of the Software Products and Web Portal;

(l) use Software Products, Web Portal or Data to conduct competitive analysis of Group-IB’s products or to develop any competing product or service; or

(m) publicly disclose or publish any performance or benchmark tests or analyses relating to Software Products, Web Portal or Data without Group-IB’s prior written consent.

(n) circumvent, manipulate, or otherwise attempt to avoid any usage limits, license metrics, or technical restrictions applicable to the Software Products (including by sharing accounts, using multiple identities, masking usage, or otherwise obscuring actual usage);

(o) access, retrieve, or extract Data or other content from the Software Products through automated means (including scraping, crawling, bots, or bulk downloading) except as expressly permitted via the API or in the Documentation;

(q)use the Software Products, Services, Web Portal, or Data for any purpose that is prohibited by applicable export control or sanctions laws, or for unlawful offensive operations against third parties.

Group-IB reserves the right to suspend or disable the Software Products and Customer’s access to the Web Portal (after providing notice to Customer, where practicable) if Customer’s use violates any of the foregoing restrictions or materially threatens the security, integrity, or availability of the Software Products, Web Portal or other Group-IB’s systems.

2.3. Ownership. As between the Parties, Group-IB retains all rights, title, and interest in and to the Software Products, Services, Web Portal, Data, Documentation and all intellectual property and proprietary rights embodied therein. Customer acknowledges that, except for the limited rights expressly granted to Customer under this Agreement, no ownership or license rights are granted to Customer by implication or otherwise. Customer is not acquiring any ownership of or title to any part of the Software Products, Web Portal, Data, Documentation or related intellectual property. Group-IB may freely use and incorporate any suggestions, feedback, or ideas provided by Customer regarding the Software Products, Services, Web Portal or Data with no obligation to Customer. All Customer Data, and any pre-existing materials or information that Customer provides to Group-IB, remain the property of Customer (or its licensors). Customer grants Group-IB a non-exclusive, royalty-free license to use, process, and transmit Customer Data solely as necessary to provide the Software Products, Services and support to Customer, and as otherwise permitted in the DPA or this Agreement.

2.4. End User Obligations. Customer is responsible for all use of the Software Products, Web Portal and Data under its account, including all use by its End Users. Customer shall ensure that End Users use the Software Products, Web Portal and Data only on Customer’s behalf and in compliance with this Agreement. If any End User violates the terms of this Agreement, Customer will be responsible and liable for such violation as if it were an act of Customer. Customer will promptly notify Group-IB of any unauthorized access to or use of the Services of which it becomes aware and will cooperate with Group-IB’s reasonable efforts to prevent or mitigate any security incident related to unauthorized access.

2.5. Acceptable Use Policy. Group-IB may maintain an Acceptable Use Policy (“AUP”) that further governs permitted and prohibited uses of the Software Products, Web Portal and Data (e.g., restrictions on spam, fraud, infringement, penetration testing, or other misuse). If Group-IB has provided Customer with an AUP or made it available via Software Products or Web Portal (e.g. in form of EULA, T&C, ToU etc.), Customer agrees to abide by the AUP. Group-IB may update the AUP from time to time by providing notice to Customer (including by email or through the Service). In the event of any conflict between the AUP and this Agreement, the more restrictive provision shall govern. Violation of the AUP constitutes a material breach of this Agreement and may result in suspension or termination of Software Products and Web Portal access pursuant to Clause 13 below.

3.1. Fees. Customer shall pay all fees specified in each Order. Fees may include license fees for time-based access to Software Products and service fees for subscription-based (e.g. Incident Response Retainer), one-time Services and Integration Services (if any), as set forth in the Order (collectively, “Fees”). All Fees are stated and shall be paid in the currency specified in the Order (or in U.S. Dollars if no currency is specified). Fees are exclusive of any applicable Taxes and expenses, which shall be handled as described in Clauses 3.3 and 3.4 below.

3.2. Invoicing and Payment Terms. Unless otherwise specified in an Order, Fees are invoiced in advance before the start of the subscription term or execution of an Order for Services. Payment is due net 30 days from Customer’s receipt of a correct invoice, unless a different payment period is specified in the Order. Group-IB may send invoices electronically (via email, or as otherwise agreed with the Customer). Late payments shall accrue interest from the due date until payment in full at a rate equal to the Reference Rate published by the central bank of the jurisdiction governing this Agreement, plus five per cent (5%) per annum, or the maximum rate permitted by applicable law, if lower. Customer shall provide complete and accurate billing and contact information and promptly notify Group-IB of any changes to such information. Customer must notify Group-IB in writing of any good-faith dispute regarding an invoice within fifteen (15) days of receipt of such invoice, specifying the basis for the dispute in reasonable detail. Any undisputed portion of an invoice must be paid on or before the due date.

3.3. Taxes. All fees are exclusive of any sales, use, value-added, goods and services, withholding, or similar taxes or duties (“Taxes”). Customer shall be responsible for all Taxes arising from the transactions under this Agreement, except for taxes based on Group-IB’s net income.

3.4. Expenses. If Group-IB incurs reasonable travel or out-of-pocket expenses that are necessary for the performance of any on-site Services or on-site integration of Software Products (and expenses have been pre-approved by Customer), Customer shall reimburse Group-IB for those expenses at cost. Group-IB will invoice Customer for any such pre-approved expenses and will provide copies of receipts or supporting documentation upon request. The Customer shall make payment under this Agreement without withholding or deduction of any tax unless required by law. If the Customer is required under the domestic law to deduct or withhold any amount of taxes from any of its payments under this Agreement, the taxes shall be paid and borne by the Customer for the Customer’s own account, therefore, the amount of the payment shall be increased so that Group-IB receives the same net amount that it would have received absent the required withholding.

3.5. No Set-Off. No Refunds. All payments shall be made in full without any right of set-off, deduction, or withholding. Except as expressly provided in this Agreement or an Order, all fees are non-refundable. In particular, if this Agreement or any Order is terminated by Group-IB due to Customer’s breach, Customer shall not be entitled to any refund of Fees paid (including Fees for any unused portion of a license term and/or a service retainer). Customer’s partial use of Software Products or Services, or failure to use them, will not affect Customer’s obligation to pay the full Fees for the entire subscription term of any active Order.

3.6. Fee Increases. Unless otherwise stated in an Order, Fees for any renewal term of a subscription may be subject to increase at Group-IB’s standard rates or by a percentage not to exceed a specified rate (e.g., x% over the prior term’s fees, if such a cap is stated in the Order). Group-IB shall provide notice of any fee increase before the beginning of the renewal term, and Customer may choose not to renew the Order (per Clause 13.2) if it does not agree to the new fees.

3.7. License and Fee Verification. Customer shall maintain complete and accurate records sufficient to verify Customer’s compliance with the scope and fee metrics applicable to the Software Products and Services. Upon reasonable prior notice and not more than once per twelve (12) month period (unless Group-IB reasonably suspects a material breach), Group-IB may verify Customer’s compliance through usage data, reports, or an audit conducted during normal business hours. If such verification reveals underpayment or excess use, Customer shall promptly pay the applicable additional Fees at Group-IB’s then-current rates, plus interest under Clause 3.2.

4.1. Where a Software Product requires installation, configuration, or adaptation within the Customer’s IT environment, Group-IB may provide integration services to support such deployment. The scope and associated fees for any integration services shall be separately defined in the applicable Quotation. Integration services are provided on a one-time, project-specific basis and do not include ongoing maintenance or customization unless expressly agreed in writing.

4.2. Customer acknowledges that integration services depend on Customer’s IT environment, systems, configurations, third-party software, and data, which are outside Group-IB’s control. Group-IB does not warrant or guarantee that the integration services will be compatible with or operate correctly in Customer’s specific environment, except as expressly stated in the applicable Quotation.

4.3. Unless expressly agreed in writing, integration services do not include acceptance testing, certification, or validation of Customer’s systems, and do not constitute a guarantee of fitness for any particular purpose. For clarity, integration services are limited to the specific tasks described in the applicable Quotation and do not create any ongoing support, maintenance, monitoring, or optimization obligations beyond those expressly outlined in such Quotation.

4.4. Integration services are provided on a time-and-materials basis unless otherwise expressly stated in the applicable Quotation.

5.1. Exclusions. Information shall not be deemed Confidential Information to the extent the Receiving Party can demonstrate that such information: (a) is or becomes generally available to the public through no breach of this Agreement or wrongful act of the Receiving Party; (b) was already known to the Receiving Party, free of any confidentiality obligations, at the time of disclosure by the Disclosing Party; (c) is independently developed by the Receiving Party without use of or reference to the Disclosing Party’s Confidential Information; or (d) is lawfully obtained by the Receiving Party from a third party who has the right to disclose it without any confidentiality obligation. If the Receiving Party is required by law, regulation, or a court or governmental order to disclose any of the Disclosing Party’s Confidential Information, the Receiving Party shall (to the extent legally permitted) give prompt written notice to the Disclosing Party and reasonably cooperate (at the Disclosing Party’s request and expense) in any effort to limit or contest the required disclosure. Information disclosed pursuant to such a required disclosure remains Confidential Information despite the disclosure.

5.2. Confidentiality Obligations. The Receiving Party shall use the same degree of care to protect the confidentiality of the Disclosing Party’s Confidential Information as it uses to protect its own confidential information of like nature, but in no event less than a reasonable standard of care. The Receiving Party may use Confidential Information of the Disclosing Party solely for the purpose of fulfilling its obligations or exercising its rights under this Agreement (the “Purpose”). The Receiving Party shall not disclose or permit access to the Disclosing Party’s Confidential Information to any third party, except to its own (and its Affiliates’) employees, officers, agents, consultants, or contractors who need to know such information for the Purpose and who are bound by confidentiality obligations no less protective than those in this Agreement. The Receiving Party shall be responsible for any breach of confidentiality by any person to whom it discloses Confidential Information. The Receiving Party shall not remove or obscure any confidentiality or proprietary notices affixed to Confidential Information.

5.3. Return or Destruction. Upon the termination or expiration of this Agreement (or sooner upon the Disclosing Party’s written request), the Receiving Party shall promptly return or destroy all materials containing the Disclosing Party’s Confidential Information, including all copies (in whatever form) in its possession or control, except that the Receiving Party may retain one archival copy for the sole purpose of compliance with legal, regulatory, or internal record-keeping requirements. Any retained Confidential Information shall remain subject to the confidentiality obligations herein. Upon the Disclosing Party’s request, an officer of the Receiving Party shall certify in writing that it has complied with the foregoing obligations.

5.4. Duration of Obligations. Each Party’s obligations under this Clause 5 (Confidentiality) shall commence on the Effective Date and continue for a period of five (5) years after the termination or expiration of this Agreement, except with respect to any trade secrets (as defined under applicable law) of the Disclosing Party, which shall be kept confidential for so long as they remain trade secrets under applicable law.

5.5. No Implied Rights. Except for the limited rights to use Confidential Information as specifically set forth in this Agreement, all Confidential Information of the Disclosing Party (and all related intellectual property rights therein) shall remain the exclusive property of the Disclosing Party (or its licensors). No license or rights under any trademark, patent, copyright, or other intellectual property right are granted or implied by the disclosure of Confidential Information hereunder, except as expressly provided in this Agreement.

5.6. Remedies. The Parties acknowledge that unauthorized use or disclosure of Confidential Information may cause irreparable harm for which monetary damages would be an insufficient remedy. Therefore, each Party agrees that the Disclosing Party shall be entitled to seek immediate injunctive relief (and other equitable remedies) to enforce its rights under this Clause 5 in addition to any other rights and remedies available at law or in equity, without the requirement of posting a bond. This Clause 5.6 shall not be construed to limit either Party’s right to equitable relief for breach of other provisions of this Agreement.

6.1. General Compliance. Each Party shall perform its obligations and exercise its rights under this Agreement in compliance with all laws and regulations applicable to its business and to the use or provision of the Software Products and Services, including data protection laws, anti-corruption laws, export control and sanctions laws, and any requirements to obtain permits, licenses, or approvals in connection with the provision or use of the Software Products and Services.

6.2. Trade Sanctions. Each Party represents that, as of the Effective Date, neither it nor any of its Affiliates, directors or officers is: (a) designated on any applicable sanctions or restricted-party list of the United Nations, United States, European Union, United Kingdom, Singapore, the Netherlands, Chile, or any other applicable jurisdiction; (b) owned or controlled by, or acting on behalf of, any person or entity so designated; or (c) located or organized in any country or territory that is subject to comprehensive trade sanctions (including, currently, Cuba, North Korea, Iran, Syria and Crimea). Customer further represents that it will not permit any user or third party to access or use the Software Products and Services in violation of any export embargo, prohibition, or limitation imposed by such jurisdictions. Neither Party will engage in any transaction or activity under this Agreement that would cause the other Party to be in violation of applicable trade sanctions. Customer acknowledges that Group-IB’s Software Products, Services, and Data may be subject to export control laws (including the U.S. Export Administration Regulations and similar regimes), and agrees not to export, re-export, or transfer the Services or any portion thereof to any prohibited country or individual without the required licenses or approvals.

6.3. Anti-Bribery and Anti-Corruption. Each Party agrees that it, its Affiliates, and their respective personnel will comply with all applicable anti-bribery and anti-corruption laws (including the U.S. Foreign Corrupt Practices Act and the UK Bribery Act) in connection with this Agreement. Without limiting the foregoing, neither Party shall offer, pay, promise, or authorize any bribe, kickback, or unlawful payment of money or anything of value to any person or entity (including any government official) to obtain or retain business or to secure any improper advantage. Each Party shall maintain its own policies and procedures reasonably designed to ensure compliance with relevant anti-bribery laws. Each Party will promptly report to the other Party any request or demand for any undue financial or other advantage of any kind received by that Party in connection with the performance of this Agreement. Any breach of this Clause 6.3 by a Party shall be deemed a material breach not capable of cure.

6.4. Employee Compliance and Training. Each Party will ensure that any person associated with it who is involved in performing this Agreement (including such Party’s employees, agents, and subcontractors) is made aware of and will comply with the above compliance requirements. If either Party becomes aware of any violation of this Clause 6, it will immediately notify the other Party. In the event of any such violation by Customer, Group-IB may terminate this Agreement for cause as provided in Clause 13.3 below (and similarly, Customer may terminate for an uncured violation by Group-IB).

6.5. Regulatory Changes. If changes in any applicable law or regulation occurring after the Effective Date materially affect either Party’s ability to perform its obligations under this Agreement, the Parties will negotiate in good faith any necessary amendments to this Agreement or to the relevant Order to address the change. If the Parties are unable to reach an agreement, and a governmental or regulatory authority has determined that continuing to perform as currently required would violate the law, then either Party may (upon written notice) terminate the affected Order without penalty. In such event, Group-IB will refund any prepaid fees for the unused portion of the terminated Software Products and/or Services.

7.1. Data Security. Group-IB agrees to maintain commercially reasonable technical and organizational measures for the security and integrity of the Software Products, Services and Customer Data, designed to protect against unauthorized access to or use of Customer Data. While providing the Software Products and Services, Group-IB (and its authorized sub-processors) will implement administrative, physical, and technical safeguards consistent with industry standards for similar services. Such measures will include, as appropriate, measures to encrypt personal data at rest or in transit, to pseudonymize or minimize personal data where feasible, and to regularly test and assess the effectiveness of security measures. Additional information about Group-IB’s security measures may be set forth in Schedule 1 for the DPA. Customers acknowledge that it is responsible for maintaining appropriate security and access controls for its own systems when interfacing with the Software Products (for example, protecting its account credentials).

7.2. Data Privacy and Processing. Each Party agrees to comply with applicable data protection laws with respect to any personal data processed under this Agreement. Group-IB shall process personal data only for the purposes of performing its obligations and in accordance with the documented instructions of Customer as set forth in this Agreement and the Data Processing Agreement (DPA), available at _________________, that constitutes an integral part of this Agreement. In the event of any conflict between the DPA and the main body of this Agreement with respect to the processing of personal data, the terms of the DPA shall prevail.

8.1. Service Availability. Group-IB will use commercially reasonable efforts to make the Software Products and Services available with minimal interruptions, subject to routine maintenance, upgrades, and circumstances beyond Group-IB’s reasonable control. If Group-IB offers a formal Service Level Agreement (SLA) for certain Software Products or Services specifying uptime commitments or performance metrics, such SLA (if referenced in an Order or published by Group-IB for general use) will apply as stated. Group-IB will use reasonable efforts to perform any scheduled maintenance during non-business hours and, when practical, to provide advance notice of significant maintenance. Customer acknowledges that the Software Products and Services may be subject to limitations, delays, and other issues inherent in internet and cloud infrastructure communications, and Group-IB shall not be liable for any delays or downtime resulting from internet or hosting infrastructure problems outside of Group-IB’s direct control. Any service level credits or remedies specified in an applicable SLA shall constitute Customer’s sole and exclusive remedies for any failure to meet the service levels or availability commitments. Service level credits, if any, will be available only if Customer submits a written request in accordance with the applicable SLA within the specified time period and only for the affected subscription period. Service level credits are not refundable and may be applied only as a credit against future fees.

8.2. Support Services. During the subscription term of any Order, Group-IB will provide Customer with technical support for the Software Products and Services (where applicable) in accordance with Group-IB’s standard support policies (or as otherwise specified in the Order). Group-IB’s support generally includes: (i) access to an online helpdesk or email for Customer to report issues or ask questions; (ii) commercially reasonable efforts to respond to support requests within target response times set forth in the support policy (with high-priority issues receiving accelerated handling); and (iii) error resolution or workaround guidance for reproducible errors in the Software Products that are not the result of misuse or external factors. Support is available during Group-IB’s regional business hours (or 24/7 for critical issues, if so indicated in the Order or in the applicable support plan). Customer shall provide adequate information and cooperation to enable Group-IB to diagnose and resolve support issues andshall designate knowledgeable personnel to communicate with Group-IB’s support team.

8.3. Service Level Exclusions. Any service level commitments (and related remedies) will not apply to performance or availability issues that: (a) are caused by factors outside Group-IB’s reasonable control, including any force majeure events or general Internet access problems; (b) result from any actions or inactions of Customer or any third party (other than Group-IB’s own subcontractors); (c) result from Customer’s applications, equipment, or use of the Services in a manner not in accordance with the Documentation; or (d) occur during any trial, beta, or other non-paid use of the Services.

8.4. Changes to Software Products. Group-IB reserves the right to make updates or modifications to the Software Products or the Web Portal from time to time, provided that no such change will materially reduce the core functionality or security of the Software Products during an active license term. Group-IB may also modify an applicable SLA (or support policy) upon notice to Customer; however, any such modification will not materially diminish the service level commitments during any ongoing subscription term without Customer’s consent.  

The Customer shall provide Group-IB with all reasonable cooperation, information, and support necessary for the timely and effective performance of the Services and deployment of any on-premises components of the Software Products. Customer’s cooperation as described in this Clause 9 is an essential condition precedent to Group-IB’s performance of the Services and Software Products deployment.  Without limitation, the Customer shall:

• ​promptly furnish accurate and complete contact details for all relevant technical, administrative, and decision-making personnel.
• provide timely responses to Group-IB’s inquiries and requests for clarification or input;
• disclose and document any relevant technical configurations, network architecture, system constraints, or security requirements that may impact the delivery of the Services or deployment of Software Products;
• make available, as required, all necessary access rights and permissions, including but not limited to secure remote access, administrative credentials, and physical access to facilities, networks, systems, and equipment involved in or affected by the engagement;
• duly fulfil any other obligations expressly imposed on the Customer under this Agreement.

The Customer acknowledges that Group-IB’s ability to perform its obligations under this Agreement may be impaired by the Customer’s failure or delay in fulfilling the foregoing obligations. Group-IB shall not be liable for any failure or delay in the performance of the Services or Software Products deployment to the extent caused by the Customer’s failure to provide such cooperation and access.

If Customer fails to provide the required cooperation, access, or information in a timely manner, Group-IB may suspend the affected Services or Software Products until such failure is cured, without liability to Customer. Any failure by Customer to comply with this Clause 9 shall excuse Group-IB from meeting any applicable service levels or support response times to the extent affected by such failure.

Customer is solely responsible for the accuracy, completeness, and legality of all information, configurations, data, and access provided to Group-IB, and Group-IB shall have no liability arising from errors or issues caused by inaccurate or incomplete information provided by Customer.

TI Coins

“TI Coins” means a prepaid, non-refundable notional unit issued and sold by Group-IB, which may be redeemed by the Customer solely for the purchase of eligible managed services offered by Group-IB, in accordance with Group-IB’s then-current service catalogue and the applicable Quotation. TI Coins have no monetary value, are non-transferable, and are not redeemable for cash or credit. Each package of TI Coins must be fully utilized during the term specified in the applicable PO or Quotation under which they were purchased. Any TI Coins remaining unused upon expiration of such term shall automatically expire and shall not be subject to refund, extension, or carryover. The Customer’s current TI Coin balance may be accessed and monitored through the user interface of the Web Portal.

Data Disclaimer

Dark Web and Illicit Sources. The Customer acknowledges that Group-IB’s Threat Intelligence solution may aggregate raw, unfiltered data from third-party sources (including dark-web forums, underground marketplaces, hacker communities, paste sites, etc.). This content can include exposed or stolen credentials, malware samples, hacked personal data, or other sensitive information. It may also contain offensive, illegal or otherwise inappropriate material. Group-IB does not vet or censor this external data and makes no claims about its legality or property.

Use at Customer’s Risk. The Customer agrees that all such content is provided strictly “as-is” from the underlying sources. Group-IB does not guarantee or control the nature, accuracy, or legality of this data. Accordingly, any access to, use of, or reliance on the raw Threat Intelligence data is undertaken by the Customer at the Customer’s sole risk and discretion.

Disclaimer of Liability. Group-IB hereby expressly disclaims any responsibility or liability for the content or legality of data obtained from dark-web or other unvetted sources. To the fullest extent permitted by law, Group-IB makes no warranties (express or implied) with respect to this content and assumes no liability for any damages, losses or claims arising from it. In particular, Group-IB has no obligation to filter or remove illegal/offensive content before delivery, and the Customer releases Group-IB from any and all liability “as to the nature, accuracy, reliability, availability and/or legality” of the data. The Customer acknowledges that Group-IB’s services are provided on an as-is basis with respect to third-party threat data.

Customer Responsibility and Indemnity. The Customer assumes full responsibility for any use or dissemination of the Threat Intelligence content. The Customer shall comply with all applicable laws and regulations in its handling of the data. The Customer agrees to indemnify, defend and hold harmless Group-IB (its affiliates, officers, employees and agents) from any claims, liabilities, damages or costs (including reasonable attorneys’ fees) arising out of the Customer’s unauthorized, unlawful or improper use of the content. Any unlawful or improper access to, or use of, the data (including redistribution or exploitation of stolen credentials or illicit materials) is the sole liability of the Customer, and Group-IB expressly disclaims all responsibility for such misuse.

In the context of the Fraud Protection solution, “Active Users” means end-clients of the Customer who, during the Term, have (i) accessed the Customer’s platform or application—protected by Group-IB’s Fraud Protection solution—via any digital channel, and (ii) deposited funds through such platform or application.

The Customer shall determine the actual number of Active Users annually and provide this information to Group-IB at the end of the applicable Term. Where technically feasible, Group-IB may also calculate the number of Active Users through automated means, based on usage data accessible to Group-IB.

The number of Active Users determined on each anniversary of the Effective Date shall serve as the baseline for calculating the applicable license volume for the subsequent license year, in the event of renewal or extension of this Agreement.

Group-IB licenses the Attack Surface Management (ASM) Software Product on a per-Asset basis. For the purposes of this Agreement, “Asset” means any of the following digital elements identified or analyzed through the ASM Software Product during the license period: IP addresses, domain names, subnets, SSL/TLS certificates, bucket storage, login forms, typosquatted domains, or publicly facing software.

The number of Assets included in the Customer’s license shall be as set forth in the applicable Order. Exceeding the licensed Asset quantity shall not result in suspension of the ASM Software Product, however, Group-IB shall be entitled to charge an additional license fee at the end of the license term for the excess usage. Such fee shall be calculated on a pro rata basis, taking into account the volume of excess Assets and the unit cost per Asset under the Customer’s original licensed package.

It is the sole responsibility of the Customer to monitor its Asset usage, as reflected in the ASM user interface, and ensure compliance with the licensed Asset volume. Group-IB shall have no obligation to notify the Customer of Asset overages during the license term.

PoA

Power of Attorney. Should the licensed Software Product be Digital Risk Protection, the Customer shall provide Group-IB a signed Power of Attorney (“Poa”) issued in accordance with a form requested by Group-IB for the term of the respective license. If relations continue between the Parties after the expiry date of this PoA, a new PoA shall be immediately provided for the period of renewal.

The PoA is a crucial pre-requisite for initiating takedown activities and communication with third parties (host providers, social media moderators etc.) on behalf of the Customer. Group-IB reserves the right to terminate at its sole discretion any Order for Digital Risk Protection Software Product without any compensation or penalties whatsoever in any of the following cases: a) if the PoA per form requested issued at least for duration of the applicable license period, has not been duly provided by the Customer; b) if the Customer revokes or reduces coverage of the PoA without an express written consent of Group-IB.

Confirmation

Each takedown action initiated by Group-IB during the term of the Digital Risk Protection license shall require the Customer’s prior written confirmation. The Customer shall designate and maintain an authorized representative responsible for managing the Customer’s account within the Digital Risk Protection Software Product, who shall be duly empowered to review and approve takedown requests on the Customer’s behalf. The Customer is solely responsible for ensuring that such representative possesses all necessary internal approvals and legal authority to act on the Customer’s behalf in this capacity.

Group-IB shall not be liable for any consequences arising from the execution of takedown actions duly approved or confirmed by the Customer. The Customer assumes full responsibility and liability for all outcomes resulting from such actions.

Supply of Network Traffic Analysis Tool as Part of On-Premise MXDR Deployment

If a Network Traffic Analysis tool or physical server equipment is provided as part of the MXDR Software Product for on-premise deployment and requires installation on a physical server, the supply of such hardware shall be governed by the Incoterms 2020 basis specified in the applicable Order. If no Incoterms basis is specified in the Order, the supply shall default to EXW (Ex Works). The designated place of delivery shall be as defined in the Order. In all cases, the Customer shall bear sole responsibility for all transportation costs, insurance, taxes, duties, export and import clearances, and any other applicable charges beyond the named delivery point.

Customer Onboarding Process for MXDR Services. In case the Customer has acquired one of the following Service packages: Managed Detection and Response (MDR), Managed Response (MR) and Managed Threat Hunting (MTH) (all together, the “MXDR Services”), Customer acknowledges that such Services shall be delivered in accordance with the SOC MXDR Service Data Collection Form and Onboarding & Response Authority Matrix, which shall be delivered by Group-IB to Customer at the moment of execution of this Agreement. The Customer acknowledges and agrees that the response zones, authority levels, escalation flows, isolation approval rules and other operational parameters defined therein constitute binding operational constraints applicable to the MXDR Services and govern the manner in which such Services are performed within the scope of the telemetry generated by the XDR Solution.

The list of Services for which unused Incident Response (“IRR”) hours may be repurposed (the “Re-Purpose Services”) is set out in Annex B to this Agreement.

The Customer shall notify Group-IB of its intention to repurpose IRR hours by contacting the Group-IB account manager through standard communication channels. Group-IB shall appoint a project manager responsible for the request. The appointed project manager shall provide the Customer with a service questionnaire.

Fees for Re-Purpose Services shall be calculated based on the information provided in the completed questionnaire. The total cost of unused IRR hours shall be deducted from the overall project cost.

The start and completion dates for the Re-Purpose Services shall be agreed upon separately by the Parties.

If the number of pre-paid IRR hours is insufficient to cover the Re-Purpose Services, Group-IB shall issue a quotation specifying the additional hours required for purchase.

The Customer undertakes to request the use of IRR subscription hours for Re-Purpose Services (excluding Investigations) no earlier than six (6) months and no later than three (3) months prior to the expiration of the IRR subscription term.

In the event of subscription renewal, any unused IRR hours may be rolled over to the subsequent subscription term. Rolled-over hours must be utilized within three (3) months from the commencement date of the renewed subscription. Any rolled-over hours not utilized within this period shall be forfeited and shall not be refundable. Customer expressly waives any right to raise claims, disputes, or requests for reimbursement in connection with expired, unused, or forfeited IRR subscription hours, regardless of the reason for non-use.

Customer Acknowledgment of Risk. Customer acknowledges that penetration testing, red teaming, and similar offensive Services are inherently intrusive and carry significant risks. These activities may cause unintended disruption to Customer’s systems, including temporary service degradation or unavailability, unexpected system crashes or failures, data corruption or loss, hardware or network infrastructure damage (e.g. power or connectivity outages), or unintended exposure of security vulnerabilities. Customer further acknowledges that these Services may trigger security alarms or defenses and agrees that Group-IB will not be liable for any consequences of such triggered responses. Customer expressly assumes all such risks and agrees to take reasonable precautions to mitigate them. For example, Customer shall maintain up-to-date backups and redundancies of all systems and data targeted by the Services.

11.1. Mutual Authority Warranty. Each Party represents and warrants that it has the full corporate power and authority to enter into this Agreement and to perform its obligations hereunder, and that this Agreement has been duly authorized and constitutes a binding and enforceable obligation of such Party. Each Party further warrants that its execution, delivery, and performance of this Agreement will not conflict with or violate any other agreement to which it is a party or by which it is bound.ç

11.2. Group-IB Warranties. Group-IB warrants that: (a) it will provide the Software Products and Services in a professional and workmanlike manner, consistent with generally accepted industry standards for similar solutions; (b) the Software Products, when used in accordance with the Documentation, will substantially perform as described in the applicable Documentation during the subscription term; and (c) to Group-IB’s knowledge, Customer’s use of the Software Products and Services as permitted hereunder will not infringe any third-party intellectual property rights. If the Software Products and Services fail to conform to any of the foregoing warranties in a material respect, Group-IB will, as its sole obligation and Customer’s exclusive remedy, use commercially reasonable efforts to correct the non-conformity (for example, by providing an error-fix, patch, or update to the Software Products). If Group-IB is unable to correct the non-conformity within a reasonable time (not to exceed thirty (30) days) after written notice from Customer describing the warranty breach, then Customer may terminate the affected license or service retainer and receive a pro rata refund of any prepaid, unused fees applicable to the remaining term of that license or service period.

11.3. Customer Warranties. Customer warrants that it will use the Software Products and Services in compliance with all applicable laws and regulations, including obtaining any necessary consents or permissions for its use of the Software Products and Services and for Group-IB’s processing of Customer Data as contemplated by this Agreement. Customer further represents and warrants that no Customer Data will (a) infringe or misappropriate the rights of any third party; (b) be knowingly introduced into the Software Products and Services with any viruses or harmful code; or (c) be used in conjunction with the Software Products or Services for any unlawful purpose. Customer is solely responsible for the accuracy, quality, and legality of Customer Data and how it is acquired.

11.4. Disclaimer of Warranties. EXCEPT AS EXPRESSLY PROVIDED IN THIS AGREEMENT, ALL GROUP-IB’S OFFERINGS (INCLUDING, WITHOUT EXCEPTION, SOFTWARE PRODUCTS, SERVICES, WEB PORTAL, DATA AND DOCUMENTATION) ARE PROVIDED “AS IS” AND “AS AVAILABLE”. GROUP-IB MAKES NO OTHER WARRANTIES, EXPRESS OR IMPLIED, AND HEREBY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, and any warranties arising from course of dealing or usage of trade. Group-IB does not warrant that the Software Products and Services will be uninterrupted or error-free, or that all defects can or will be corrected. Customers acknowledge that Group-IB’s ability to provide the Software Products and perform the Services may depend in part on third-party services (such as Internet and cloud infrastructure providers), and Group-IB shall not be responsible for any unavailability or performance issues caused by such third-party services (to the extent legally permitted). Customer has not relied on any representation or warranty regarding the Software Products and Services except as expressly stated in this Agreement.

12.1. Group-IB’s Indemnity. Group-IB shall defend Customer and its Affiliates, and their officers, directors, and employees (collectively, “Customer Indemnitees”) against any third-party claim, demand, suit, or proceeding (“Claim”) alleging that Customer’s use of the Software Products, Deliverables or Data in accordance with this Agreement infringes or misappropriates a third party’s patent, copyright, trademark, or trade secret. Group-IB shall indemnify and hold harmless Customer Indemnitees from any damages, liabilities, costs, and expenses (including reasonable attorneys’ fees) finally awarded by a court of competent jurisdiction (or agreed in settlement by Group-IB) as a result of such Claim. In addition, Group-IB will defend and indemnify Customer Indemnitees against any third-party Claim arising from Group-IB’s breach of Clause 5 (Confidentiality) or Clause 6 (Compliance with Laws). The foregoing obligations are collectively referred to as “Group-IB’s Indemnified Claims”. Group-IB’s indemnification obligations apply solely to third-party Claims and do not apply to any direct claims brought by Customer.

12.2. Exclusions from Group-IB Indemnity. Group-IB’s obligations set forth in Clause 12.1 above will not apply to any Claim to the extent arising from: (a) any modification of the Software Products or Deliverables by anyone other than Group-IB or its authorized contractors; (b) the combination or use of the Software Products and Services with any other product, software, or equipment not provided or authorized by Group-IB, where the Software Products or Services alone would not have given rise to the Claim; (c) Customer Data or any third-party content or materials provided by Customer (including any information, instructions, or data from Customer that are alleged to infringe); or (d) Customer’s use of the Software Products or Services in breach of this Agreement or outside the scope of use defined in the Documentation or Order. If the Software Products or Deliverables become, or in Group-IB’s reasonable opinion are likely to become, the subject of an infringement Claim, Group-IB may, at its option and expense, either: (i) obtain for Customer the right to continue using the affected Software Products and Deliverables; (ii) replace or modify the Software Products and Deliverables so that they are non-infringing (while materially preserving functionality); or (iii) if options (i) and (ii) are not reasonably available, terminate Customer’s right to use the affected Software Products and Deliverables and provide a prorated refund of any pre-paid fees for the unused remainder of the subscription term. This Clause 12.2 states Group-IB’s exclusive liability, and Customer’s sole remedy, for any third-party intellectual property infringement or misappropriation Claim.

12.3. Customer’s Indemnity. Customer shall defend Group-IB and its Affiliates, and their officers, directors, and employees (collectively, “Group-IB Indemnitees”), against any Claim brought by a third party arising from or relating to: (a) Customer’s misuse of the Software Products or Services in breach of this Agreement; (b) any Customer Data or other materials provided by Customer (including any allegation that such data or materials infringe the rights of, or have caused harm to, a third party); (c) Customer’s violation of any law or regulation in its use of the Software Products or Services; or (d) any adverse consequence of an action taken by Group-IB on the Customer’s behalf, where such action was authorized, directed, or necessitated by the Customer, or arose due to the Customer’s negligence, including, without exception, the negligent approval of takedown requests or failure to provide accurate instructions.
Customer shall indemnify and hold harmless Group-IB Indemnitees from any damages, liabilities, costs, and expenses (including reasonable attorneys’ fees) finally awarded by a court of competent jurisdiction (or agreed in settlement by Customer) as a result of such Claim. The foregoing are collectively “Customer’s Indemnified Claims”.

12.4. Indemnification Procedures. A Party seeking indemnification under this Clause 12 shall: (a) promptly give the other Party (the “Indemnitor”) written notice of the Claim (provided that failure to give prompt notice shall only relieve the Indemnitor of its obligations to the extent it is materially prejudiced by the delay); (b) give the Indemnitor sole control of the defense and settlement of the Claim (except that any settlement that admits liability of, or imposes non-monetary obligations on, the indemnified Party will require that Party’s prior written consent, which shall not be unreasonably withheld); and (c) provide to the Indemnitor, at the Indemnitor’s expense, all reasonable cooperation and assistance in the defense or settlement of the Claim. The indemnified Party may participate in the defense at its own expense with counsel of its choosing. The Indemnitor shall not settle any Claim without the indemnified Party’s prior written consent if the settlement fails to unconditionally release the indemnified Party from all liability or includes any admission of fault, liability, or wrongdoing by the indemnified Party.

13.1. Term of Agreement. This Agreement shall commence on the Effective Date and, unless earlier terminated as provided in this Clause 13, will remain in effect until all Orders hereunder have expired or been terminated. The term of each Order shall commence on the start date specified therein and, unless terminated earlier in accordance with this Agreement, shall continue in effect until the later of (a) the expiration of the longest applicable license or service retainer period under the Order, or (b) the delivery of the final Deliverable due under the Order.

13.2. Renewal. Each Order shall renew or expire as set forth in the Order. If an Order provides for automatic renewal, then unless either Party gives written notice of non-renewal at least thirty (30) days prior to the end of the then-current term (or such other period stated in the Order), the subscription (license period or a service retainer) will automatically renew for successive renewal terms equal in length to the expiring term. Any pricing for a renewal term shall be as specified in the Order or, if not specified, at Group-IB’s then-current standard pricing (subject to any fee increase communicated under Clause 3.6 above). If an Order does not provide for auto-renewal, then the subscription will expire at the end of its stated term unless the Parties mutually agree in writing to renew it.

13.3. Termination for Cause. Either Party may terminate this Agreement (and any or all affected Orders) immediately upon written notice to the other Party if the other Party commits a material breach of this Agreement (or an Order) and fails to cure such breach within thirty (30) days after receiving written notice describing the breach in reasonable detail. For clarity, any breach by Customer of Clause 2.2 (Restrictions), Clause 5 (Confidentiality), or Clause 6 (Compliance with Laws), or any breach of Customer’s payment obligations, will be deemed a material breach. In the case of Customer’s failure to pay undisputed Fees, Group-IB may, as an alternative to termination, suspend Customer’s access to the Software Products and Services if Customer fails to cure the payment breach within at least ten (10) business days after written notice of non-payment. If Customer still fails to pay all undisputed amounts within an additional period after such suspension, Group-IB may then terminate this Agreement for material breach. No cure period is required for a breach that is incapable of cure. In addition, either Party may terminate this Agreement immediately upon written notice if the other Party (i) ceases business operations or becomes the subject of any bankruptcy, insolvency, or similar proceeding, or (ii) is found by a court of competent jurisdiction to have engaged in illegal conduct that materially affects its ability to perform under this Agreement (such as involvement in terrorism or bribery), or (iii) becomes the subject of any international sanctions or restrictive measures imposed by a competent authority. The right to terminate under this number iii) shall not require a final court determination if Group-IB reasonably determines that continued performance may violate applicable sanctions.

13.4. Suspension. In addition to Group-IB’s suspension rights for non-payment (Clause 13.3) or for AUP violations (Clause 2.5), Group-IB reserves the right to suspend (temporarily disable) Customer’s access to Software Products and Services immediately if: (i) Customer is in material breach of this Agreement and the breach is not cured, or is incapable of cure (for example, an incurable breach of the license restrictions or confidentiality obligations); (ii) Group-IB detects what it reasonably suspects is fraudulent or unlawful activity by Customer or its End Users; or (iii) Customer’s use of the Software Products or Services poses an imminent security risk or may materially harm Group-IB’s systems or the use thereof by others. In any such case, Group-IB will provide notice to Customer of the suspension (to the extent feasible and lawful) and will work with Customer in good faith to resolve the grounds for suspension as soon as reasonably practicable. Group-IB will reinstate Customer’s access once the issues causing the suspension have been resolved. Suspension of Software Products and Services shall not release Customer from its payment obligations for the subscription term, and Group-IB shall not be liable for any damages or losses incurred by Customer as a result of a proper suspension as described in this Clause. If suspension alone is not sufficient to address the issue (for example, in case of an incurable material breach or a persistent failure to cure), Group-IB may proceed to terminate the applicable Order or this Agreement, as appropriate, in accordance with the terms hereof.

13.5. Termination for Convenience. Unless otherwise specified in an Order, either Party may terminate this Agreement for convenience by providing at least sixty (60) days’ written notice to the other Party, provided that no Order is active at the time of such termination’s effective date. In other words, the Parties agree that during any period in which an Order remains in effect, this Agreement may not be terminated for convenience (any notice of termination for convenience shall take effect only after the last active Order has expired or been terminated, unless the Parties agree otherwise in writing). For clarity, Customer’s obligation to pay for Software Products and Services extends to the full term of each Order. If Customer seeks to terminate an Order before the end of its committed term (other than due to Group-IB’s breach or a force majeure event under Clause 17.2 above), such termination will be considered a termination for convenience by Customer, and Customer will be liable for any early termination fees or for the payment of the remaining fees under the Order.

13.6. Effect of Termination. Upon any termination or expiration of this Agreement (or of an individual Order): (a) all rights and licenses granted to Customer with respect to the affected Software Products and Services shall immediately terminate, and Customer shall cease all use of the Software Products; (b) each Party shall, upon request, return or destroy the other Party’s Confidential Information in its possession as provided in Clause 5.3 above; and (c) any fees or amounts owed to Group-IB up to the effective date of termination shall become immediately due and payable. After any termination of an Order, Group-IB shall have no obligation to maintain or provide any Customer Data related to that Order, and, unless legally prohibited, may thereafter delete all such Customer Data in its systems or otherwise in its possession or control.

13.7. Survival. Any provision of this Agreement that by its nature is intended to survive termination or expiration (including accrued rights to payment, confidentiality obligations, indemnification, limitations of liability, and the provisions of Clauses 5, 11.4, 13.6, 13.7, 14, 16, 17, and Annex A) shall survive the termination or expiration of this Agreement.

14.1. Exclusion of Certain Damages. TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY (OR TO ANY THIRD PARTY) FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES OF ANY KIND, OR FOR ANY LOSS OF PROFITS, REVENUE, BUSINESS, GOODWILL, ANTICIPATED SAVINGS, DATA, OR BUSINESS INTERRUPTION, ARISING OUT OF OR RELATED TO THIS AGREEMENT, THE  SOFTWARE PRODUCTS OR THE  SERVICES, regardless of the theory of liability (whether in contract, tort, or otherwise) and even if advised of the possibility of such damages or if any remedy fails of its essential purpose. The foregoing exclusion includes any damages arising from or related to the use or inability to use the Services, or the failure of any remedy to achieve its essential purpose.

14.2. Limitation of Liability. TO THE MAXIMUM EXTENT PERMITTED BY LAW, EACH PARTY’S TOTAL CUMULATIVE LIABILITY arising out of or related to this Agreement (including all Orders), whether in contract, tort (including negligence), or otherwise, shall not exceed the total amount of Fees paid or payable by Customer under the Order(s) giving rise to the liability in the twelve (12) months immediately preceding the event giving rise to the claim. If no specific Order is identifiable, the liability cap shall be the total fees paid by Customer under this Agreement in the twelve (12) months preceding the claim. The existence of multiple claims shall not enlarge this cap. The Limitation stated herein is cumulative and applies in the aggregate, not per claim or per incident. The limitations and exclusions of liability in this Clause 14 apply to the benefit of Group-IB’s Affiliates and each of their respective officers, directors, employees, agents, and subcontractors.

14.3. Exceptions. Notwithstanding the above limitations, nothing in this Agreement shall limit or exclude: (i) either Party’s liability for death or personal injury caused by its negligence or willful misconduct; (ii) any liability which cannot be limited or excluded by applicable law; (iii) Customer’s obligation to pay all Fees due under any Order; (iv) either Party’s liability for its gross negligence, willful misconduct, or fraud; or (v) Customer’s liability arising from its infringement or misappropriation of Group-IB’s intellectual property or its violation of the license restrictions in Clause 2.2.above.

14.4. Acknowledgement. The Parties agree that the limitations and exclusions of liability in this Clause 14 represent a fair allocation of risk between the Parties, and that Group-IB’s pricing for the Software Products and Services reflects this allocation of risk and the limitations. Each provision of this Agreement that provides for a limitation of liability, exclusion of damages, or disclaimer of warranties is intended to be severable and independent of any other provision. The limitations in this Clause 14 shall apply even if any limited remedy of a Party fails of its essential purpose.

15.1. During the term of this Agreement (and for a period of one (1) year thereafter), Group-IB shall maintain in force, at its own expense, insurance policies providing at least Cyber/Professional Liability (Errors & Omissions) insurance, covering liabilities arising from the Software Products and Services (including data breaches, network security failures, and infringement of intellectual property in the Services), with limits of at least US$3,000,000 in the aggregate.

15.2. Upon Customer’s reasonable request, Group-IB shall provide Customer with current certificates of insurance evidencing the required coverages. Group-IB shall also ensure that any subcontractors it engages to provide Software Products and perform Services maintain insurance coverage at levels appropriate to their activities.

15.3. Group-IB’s insurance coverage shall not limit its liability to Customer under this Agreement. Nothing in this Clause 15 shall be construed to increase or expand Group-IB’s liability beyond the limitations set forth in Clause 14

16.1. Governing Law. The governing law of this Agreement shall be determined on the basis of the Group-IB entity entering into the Order, as follows: (a) if the provider hereunder is Group-IB Europe B.V. (the Netherlands), this Agreement (and any dispute or claim arising out of or relating to it) shall be governed by the laws of the Netherlands; (b) if the provider is Group-IB Global Private Limited (Singapore), this Agreement shall be governed by the laws of the Republic of Singapore; and (c) if the provider is Group-IB Consultoría LATAM Limitada (Chile), this Agreement shall be governed by the laws of the Republic of Chile, (d) if the provider hereunder is Group-IB Europe B.V. (the Netherlands), this Agreement (and any dispute or claim arising out of or relating to it) shall be governed by the laws of the Netherlands, and (e) if the provider is Group-IB MEA FZ LLC, this Agreement shall be governed by the laws of Dubai, United Arab Emirates. In each case, the governing law is applied without regard to conflict of law principles, and the Parties expressly agree to exclude the application of the United Nations Convention on Contracts for the International Sale of Goods (CISG).

16.2. Dispute Resolution and Arbitration. In the event of any dispute, claim, or controversy arising out of or relating to this Agreement or any Order, the Parties shall first attempt in good faith to resolve the matter through discussions between senior management of each Party. If no resolution is reached within thirty (30) days from the start of such discussions, then, except as provided below, the dispute shall be finally resolved by binding arbitration. The arbitration shall be conducted in the English language by a single arbitrator appointed in accordance with the rules of the applicable arbitration institution, and the arbitrator’s award shall be final and binding and may be enforced in any court of competent jurisdiction. The arbitration institution and rules shall be selected based on the Group-IB entity as follows: (a) If the provider hereunder is Group-IB Europe B.V., the arbitration shall be administered by the Netherlands Arbitration Institute (NAI) in Amsterdam, in accordance with the NAI Arbitration Rules. (b) If the provider is Group-IB Global Private Limited (Singapore), the arbitration shall be administered by the Singapore International Arbitration Centre (SIAC) in Singapore, in accordance with the SIAC Rules. (c) If the contracting Group-IB entity is Group-IB Consultoría LATAM Limitada (Chile), any dispute, controversy, or claim arising out of or in connection with this Agreement shall be finally resolved by arbitration administered by the Arbitration and Mediation Center of the Santiago Chamber of Commerce (Centro de Arbitraje y Mediación de la Cámara de Comercio de Santiago – CAM Santiago), in accordance with its rules in effect at the time of the arbitration. The seat of arbitration shall be Santiago, Chile, unless otherwise mutually agreed by the Parties, and (e) If the provider is Group-IB MEA FZ LLC, the arbitration shall be administered by the Dubai International Arbitration Centre (“DIAC”) in accordance with its arbitration rules (“DIAC rules”) for the time being in force, which rules are deemed to be incorporated by reference into this clause. The seat of the arbitration shall be Dubai.  Notwithstanding the foregoing agreement to arbitrate, either Party may at any time seek temporary or preliminary injunctive relief from a court of competent jurisdiction in order to protect its Confidential Information or intellectual property rights, or to enforce an arbitration award.

16.3. Jurisdiction and Venue. Subject to the above arbitration provisions, the Parties agree that any non-arbitral legal action (or any application for injunctive relief not handled through arbitration) shall be brought in the courts of the jurisdiction whose law is applicable under Clause 16.1. above. Each Party hereby consents to the personal jurisdiction of such courts and waives any objection of forum non conveniens.

17.1. Notices. All legal notices or communications required or permitted under this Agreement shall be in writing and shall be delivered to the respective Party by hand, by registered mail or overnight courier (signature required), or by email (with a confirmation of receipt, not an automated reply). Notices shall be sent to the addresses or email contacts set forth in the applicable Order (or to such other address or contact as a Party may designate in writing from time to time). Notices will be deemed given and effective: (i) when received, if delivered by hand; (ii) five (5) business days after being sent by registered mail; (iii) three (3) business day after being sent by reputable express courier; or (iv) on the day sent by email, if sent during normal business hours of the recipient (and on the next business day if sent after business hours). Routine operational communications (such as day-to-day project or support communications) may be conducted by email or through Web Portal and do not constitute legal notices, except expressly set forth otherwise in this Agreement.

17.2. Force Majeure. Neither Party shall be liable for any failure or delay in performing its obligations under this Agreement (except for payment obligations) to the extent such failure or delay is caused by circumstances beyond its reasonable control, including but not limited to: natural disasters, acts of God, epidemic or pandemic, war, terrorism, civil unrest, strikes or labor disputes, internet or telecommunications outages, power failures, governmental actions, or changes in law (“Force Majeure”). The Party affected by a Force Majeure event shall promptly notify the other Party of the event and make reasonable efforts to mitigate its effect and resume performance as soon as possible. If a Force Majeure event continues for more than sixty (60) days, either Party may terminate any affected Order upon written notice without further liability (except that Group-IB shall refund any pre-paid fees for the unused portion of the term of a terminated Order).

17.3. Assignment. Neither Party may assign or transfer this Agreement, in whole or in part, to any third party without the prior written consent of the other Party, except that either Party may assign this Agreement without consent: (a) to any Affiliate (provided that the assigning Party remains liable for the performance of its obligations hereunder); or (b) in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets or business to which this Agreement relates.
The Customer shall notify Group-IB in writing no less than thirty (30) days prior to any proposed assignment or transfer, providing sufficient details about the prospective assignee (including corporate name, jurisdiction, and business activities) to enable Group-IB to assess whether such party is an actual or potential competitor. Group-IB reserves the right, in its sole discretion, to withhold consent to any proposed assignment to an actual or potential competitor of Group-IB. In the case of any permitted assignment by Customer, the assignee must be of equal or greater creditworthiness. Any attempted assignment in violation of this Clause 17.3 shall be void. Subject to the foregoing, this Agreement will bind and inure to the benefit of the Parties, their respective successors, and permitted assigns.

17.4. Entire Agreement; Amendment. This Agreement, including all Annexes, Schedules attached hereto or incorporated herein by reference and executed Orders, constitutes the entire agreement between the Parties with respect to its subject matter, and supersedes all prior or contemporaneous agreements, proposals, negotiations, understandings, and communications, whether written or oral, regarding the same subject matter. Each Party acknowledges that in entering into this Agreement it has not relied on any representations or warranties not expressly set forth herein. No modification or amendment of this Agreement shall be effective unless it is in writing and signed (including electronically signed) by authorized representatives of both Parties.

17.5. Relationship of the Parties. The Parties are independent contractors, and nothing in this Agreement shall be construed to create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between them. Neither Party has the authority to bind or act on behalf of the other Party in any manner unless expressly stated otherwise in this Agreement. Each Party remains solely responsible for its own taxes, withholdings, and other statutory or contractual obligations with respect to its personnel.

17.6. No Third-Party Beneficiaries. This Agreement is intended for the sole and exclusive benefit of the Parties and their permitted assigns. Except as expressly provided in this Agreement (for example, the rights of Customer Indemnitees and Group-IB Indemnitees under Clause 12 above), no third party shall have any rights or remedies under this Agreement.

17.7. Non-Solicitation. During the term of this Agreement and for twelve (12) months thereafter, each Party agrees not to directly solicit for hire, as an employee or independent contractor, any person who is or was an employee of the other Party and who was directly involved in the performance or receipt of Services under this Agreement, without the other Party’s prior written consent. This restriction shall not apply to general solicitations not specifically targeting the other Party’s employees (such as general job postings or advertisements), or to any individual who responds to such a general solicitation.

17.8. Publicity and Use of Name. Customer agrees that Group-IB may identify Customer as a customer and may use Customer’s name and logo in Group-IB’s marketing materials, client lists, press releases, and on Group-IB’s website for the purpose of identifying Customer as a user of the Software Products and the Services. Any description of the Software Products and Services provided to Customer shall not include any of Customer’s confidential information. Group-IB’s use of Customer’s logo or name will be in accordance with any trademark usage guidelines provided by Customer. This reference right is granted as a fully paid-up, non-exclusive, worldwide license to use Customer’s trademarks for the limited purpose described above and shall continue unless and until Customer revokes this permission by providing sixty (60) days’ written notice to Group-IB. Customer agrees that the use described in this Clause 17.8 does not violate any of Customer’s confidentiality obligations to any third party.

17.9. Severability. If any provision of this Agreement is held by a court or arbitral tribunal of competent jurisdiction to be invalid, illegal, or unenforceable, that provision shall be deemed modified to the minimum extent necessary to render it valid and enforceable, and if no such modification is possible, it shall be severed from this Agreement. In either case, the remaining provisions of this Agreement will continue in full force and effect.

17.10. No Waiver. The failure or delay by either Party to enforce any provision of this Agreement or to exercise any right hereunder shall not be construed as a present or future waiver of such provision or right. Likewise, an express waiver by a Party of any provision, condition, or requirement of this Agreement shall not be construed as a waiver of any future obligation to comply with such provision, condition, or requirement.

17.11. Counterparts and Electronic Acceptance. Any Quotation under this Agreement may be executed in counterparts, each of which will be deemed an original and all of which together will constitute one instrument. Signatures or acceptances delivered by facsimile, by PDF copy, or via an electronic signing platform (e.g., DocuSign) shall be deemed effective as original signatures. The Parties agree that this Agreement itself may be entered into and accepted electronically by electronic signature of a Quotation referencing this Agreement, and that a physical signature on this MSLA is not a prerequisite to its enforceability. The Parties hereby waive any objection to the validity or enforceability of this Agreement solely because it was entered into electronically.

17.12. Interpretation. The clause headings in this Agreement are for convenience of reference only and shall not affect the interpretation of the Agreement. As used herein, “including” (and similar terms) shall be construed as inclusive, meaning “including but not limited to.” Any list of examples following “including” or “such as” is illustrative and not exhaustive. The words “shall” and “will” are intended to have the same meaning, denoting an obligation. Any ambiguities in this Agreement shall not be construed against the drafter. Words importing the singular include the plural and words importing the plural include the singular.

“Affiliate” of an entity means any other entity that directly or indirectly controls, is controlled by, or is under common control with that entity (where “control” means ownership of more than 50% of voting interests or the power to direct management).

“Confidential Information” means any non-public information, in any form, that is disclosed by or on behalf of one Party (the “Disclosing Party”) to the other Party (the “Receiving Party”) and that is designated as confidential or proprietary, or that should reasonably be understood to be confidential given the nature of the information and the circumstances of disclosure. Confidential Information includes: business plans, product designs, technical know-how, inventions, software (including the Software Products, Web Portal, and Documentation), customer and supplier data, financial information, marketing strategies, trade secrets, and any other information that is of a confidential nature.. For avoidance of doubt, all Deliverables, reports, analyses, findings, methodologies, workflows, detection logic, signatures, indicators, and other outputs generated by Group-IB in the course of providing the Software Products or Services constitute Group-IB’s Confidential Information, except to the extent expressly designated otherwise in writing by Group-IB.

“Customer” means the legal entity that enters into an Order by accepting a Quotation from Group-IB for the Software Products and/or Services under this Agreement. References to Customer shall include that entity’s Affiliates to the extent any Affiliate enters into an Order under this Agreement as permitted in Clause 1.6. of the Agreement.

“Customer Data” means any data, information, or material that Customer or its End Users input, submit, or transmit to the Services, including any personal data of Customer’s employees, end users, or end clients. Customer Data does not include data or results provided by Group-IB as part of the Services.

“Deliverable” means any report, analysis, assessment, presentation, or other written material created and provided by Group-IB as a direct result of performing the Services. A Deliverable typically includes detailed documentation of the findings, methods, technical results, recommendations, and conclusions generated in the course of such Services. Deliverables are provided for the Customer’s internal use only and are subject to the confidentiality, intellectual property, and use restrictions set forth in the     Agreement.

“Documentation” means Group-IB’s then-current technical and user documentation, manuals, guides, or online help files relating to the use or operation of the Services.

“DPA” means Group-IB’s Data Processing Agreement available at ______________, which governs the processing of personal data (as defined in applicable law) in connection with the Software Products and Services. The DPA (including its appendices and any Standard Contractual Clauses incorporated therein) is incorporated by reference into the Agreement.

“Effective Date” means the date on which Customer first accepts a Quotation (by signing it or by issuing a PO  that references and matches the Quotation) from Group-IB, thereby entering into the Order under this Agreement. All references to the Effective Date in the     Agreement shall be construed accordingly (for example, certain obligations commence on the Effective Date of the relationship and others continue for a period after termination of the Agreement measured from the Effective Date or date of termination).

“End User” means any individual user authorized by Customer to access or use the Services under Customer’s account. End Users may include employees, contractors, agents, or other third parties acting for Customer’s benefit or on its behalf (including those of Customer’s Affiliates). Customer shall ensure that all End Users comply with the terms of this Agreement and any applicable end-user terms or acceptable use policies provided by Group-IB.

“Group-IB” means the Group-IB contracting entity that provides the products or services under this Agreement. The provider for a given transaction will be identified in the applicable Quotation. The following Group-IB affiliates are the only entities authorized to act as the provider under this Agreement: Group-IB Global Private Limited, a company organized under the laws of Singapore; Group-IB Europe B.V., a company organized under the laws of the Netherlands; Group-IB Consultoría LATAM Limitada, a company organized under the laws of Chile; Group-IB MEA FZ-LLC, a company organized under the laws of the United Arab Emirates.    

“Order” means a legally binding contract that is entered into by the Parties through executing a Quotation by the Customer through either signing it or issuing a PO     referencing this Quotation within the applicable effective period. Each Order (once duly executed as set forth herein) shall be deemed to incorporate the terms of the     Agreement.

“Purchase Order” or “PO” means a purchase order or similar ordering document issued by Customer solely for the purpose of accepting a Quotation in accordance with this Agreement. Any such PO shall be deemed a confirmation of acceptance only and shall not modify or supplement the terms of this Agreement or any applicable Order unless expressly agreed in writing by both Parties.

“Quotation” means a written offer document provided by Group-IB to Customer that specifies the Software Products and/or Services, the applicable term, and pricing for a potential Order. Once signed by both Parties or accepted by Customer via issuing a PO     referencing the Quotation, as set forth in Clause 2.4 of the Agreement, such Quotation shall be deemed an executed Order under the Agreement.

“Reference Rate” means the main refinancing rate, base rate, or equivalent benchmark rate published by the central bank applicable under the governing law of this Agreement.

“Services” means cybersecurity services rendered by Group-IB. The specific Services to be provided to Customer will be identified in the applicable Order.

“SLA” means any service level agreement or service level commitments issued by Group-IB for the Software Products and Services (which may be set forth in a Schedule to the     Agreement or in an Order or Documentation) covering availability, support response times, or other performance metrics.

“Software Products” means  one or more Group-IB’s proprietary cloud software products made available to Customer on a subscription license basis under the     Agreement, together with any updates or improvements to such products through the Web Portal.

“Technical Proposal” means a document prepared and issued by Group-IB that details the technical specifications, performance parameters, architecture, and configuration requirements of the Software Products and/or Services offered to the Customer. The Technical Proposal is provided in conjunction with, or prior to, the applicable Quotation and, upon acceptance of the Quotation by the Customer, shall form part of the Order.

“Web Portal” means Group-IB’s cloud user-interface located at the following address https://sso.group-ib.com/.

Below is the list of services for which unused IRR hours may be repurposed. In order to use any of the below services, the cost of unused IRR hours will be calculated and then scope of any of the below services will be created based on equivalent cost. The table below provides a high-level overview of offered services, including the minimum required time to execute the service delivery and produce valuable outcomes.

Detailed information about the processing of Cookies is provided in the Cookie policy.