Enterprise Terms of Service

These FOSSA Subscription Terms and Conditions (this “Agreement”) are entered into by and between FOSSA, Inc., a Delaware corporation with principal offices located at 114 Sansome Street, Suite 210, San Francisco, California 94104 (“FOSSA”) and the entity identified on a mutually executed Subscription Order (“Subscriber”), and is effective as of the initial subscription start date set forth on such Subscription Order (the “Effective Date”). This Agreement sets forth the terms and conditions under which Subscriber may access and use FOSSA’s hosted open source service and associated websites and software (collectively, the “Service”). The parties agree as follows:

  1. DEFINITIONS

1.1. “Authorized User” means any Subscriber personnel who uses the Service on Subscriber’s behalf or through Subscriber’s account. For the avoidance of doubt, Subscriber is not authorized to provide direct access to the Service to any third party.

1.2. “Code Base” means the source code of Subscriber’s project or product software that is the subject of a scan using the Service in accordance with this Agreement.

1.3. “Contributor” means any individual who, in the trailing ninety (90) day period at any time during the Subscription Period, has contributed to or has been a developer of the Code Base; but excludes any third-party developer who only contributed to third-party open-source software, outside of Subscriber’s repositories, that is integrated with the Code Base.

1.4. “Intellectual Property Rights” means (i) copyrights and other rights in works of authorship, (ii) patents and other rights in inventions, (iii) trademarks, service marks, and other rights in indicia of origin, (iv) trade secrets and other rights in confidential business information, (v) mask work rights, (vi) moral rights, (vii) database rights, (viii) all similar and analogous rights to each of the foregoing in every jurisdiction in the world, and (ix) registrations of, applications for, and renewals of each of the foregoing.

1.5. “Privacy Policy” means FOSSA’s privacy policy, available at www.fossa.io/privacy/, as FOSSA may update from time to time.

1.6. “Subscription Fees” means the fees charged to Subscriber by FOSSA in exchange for access to the Service as set forth in a Subscription Order or as amended pursuant to Section 11.5.

1.7. “Subscription Order” means a standard FOSSA ordering document executed by the parties and setting forth the Subscription Period, the Subscription Fees, and the features, and levels of usage, that Subscriber is authorized to access through the Service.

1.8. “Subscription Period” means, with respect to any Subscription Order, the period of time during which the Subscription Order is applicable, which begins on the start date set forth on such Subscription Order (or if no such start date is set forth on the Subscription Order, then the Subscription Order date) and ends on the end date expressly set forth on such Subscription Order (or if no such end date is expressly set forth therein, then one year after such start date).

1.9. “Term” has the meaning set forth in Section 6.2.

  1. ACCESS TO SERVICE; LICENSES

2.1. Access to Service. Subject to compliance with all of the terms and conditions of this Agreement and the Subscription Order, Subscriber may access the Service in accordance with this Agreement during the Subscription Period for Subscriber’s internal business purposes.

2.2. Subscription Order. To access the Service, Subscriber must have entered into a Subscription Order with FOSSA. No Subscription Order will be effective until executed by both parties, and each Subscription Order will remain valid only during its Subscription Period and as set forth in Section 6.2. To the extent this Agreement conflicts with the express terms of a Subscription Order, the terms of the Subscription Order will prevail. No different, additional, or contrary provisions set forth on any purchase order or similar document (other than a mutually executed Subscription Order as set forth in this section) will be effective, and all such different, additional, and contrary provisions are hereby expressly rejected.

  1. FEES AND PAYMENT

3.1. Subscription Fees. Subscriber shall pay FOSSA the Subscription Fees set forth on each agreed Subscription Order, including renewals thereof, if any. Subscription Fees are based on the features of the Service that are ordered and not on actual usage. If Subscriber exceeds the number of authorized Contributors included in the subscription licenses as set forth in the Subscription Order, then FOSSA shall invoice Subscriber for the same and Subscriber agrees to and shall pay the Add-On Contributor Fees set forth in the Subscription Order for the same (or in the absence of such terms in the Subscription Order, then an additional fee per Contributor calculated based on multiplying 1.25 by the quotient of the Subscription Fees divided by the authorized number of Contributors included therein) (“Add-On Contributor Fees”). Such fees shall be pro-rated applicable to the remainder of the Subscription Period (amortized on a twelve (12) month straight-line basis) and subscription licenses with respect thereto are co-terminus with the initial subscription licenses. The parties shall meet quarterly to discuss Contributor quantities in good faith and to disclose information relevant thereto to enable calculation of any applicable Add-On Contributor Fees.

3.2. Invoices and Payment. FOSSA will invoice Subscriber in advance for Subscription Fees, including for renewals, if any; and for any Add-On Contributor Fees as and when Code Base scanned using the Services involves software contributed to or developed by such additional Contributors. All fees may be automatically increased by FOSSA annually by the greater of three percent (3%) and the increase in the relevant Consumer Price Index in the prior twelve (12) month period. Subscriber will pay invoices from FOSSA within thirty (30) days following the date of the invoice, unless a different period of time for payment of invoices is set forth on an applicable Subscription Order. All payments pursuant to this Agreement will be made in United States dollars. If Subscriber elects to pay any invoice with a credit or debit account, Subscriber hereby (a) authorizes FOSSA to charge the invoiced amount to such credit or debit account and verify that such account has the necessary funds or credit available to cover Subscriber’s purchase, and (b) agrees to provide FOSSA with updated information regarding Subscriber’s credit or debit account promptly when the information changes.

3.3. Taxes. The Subscription Fees do not include taxes. Subscriber will pay any and all sales taxes, use taxes, goods and services taxes, and other taxes and fees imposed by any government on the amounts payable by Subscriber hereunder, but in no event including taxes imposed on FOSSA’s net U.S. income. If FOSSA is required to pay any such taxes, FOSSA may invoice Subscriber for the amount of such taxes, such invoice to include suitable documentation showing the amount of such taxes, and Subscriber will pay such invoice. If Subscriber is required under any applicable law or regulation to withhold or deduct any portion of the payments due to FOSSA, then the sum payable to FOSSA will be increased by the amount necessary so that FOSSA receives an amount equal to the sum it would have received had Subscriber made no such withholdings or deductions.

  1. SUBSCRIBER RESPONSIBILITIES AND RESTRICTIONS.

4.1. Acceptable Use. Subscriber shall not: (a) use the Service for any illegal purpose or in violation of any applicable law or regulation; (b) permit more Authorized Users to access the Service than are authorized in an applicable Subscription Order; (c) exceed any applicable usage restrictions authorized in an applicable Subscription Order (e.g. quantity of authorized Contributors) unless Subscriber pays for the same in accordance with the terms hereof or otherwise approved in writing by FOSSA; (d) impersonate any person or attempt to access the Service account or data of any other user; (e) rent, lease, resell, sublicense, distribute, or otherwise transfer access to the Service, or use the Service for service bureau purposes or for the benefit of third parties, or in any other way allow third parties to exploit the Service; (f) disable or circumvent any feature of the Service that provides or enhances security, restricts access, monitors use, or enforces limitations on use; (g) interfere with or impair the operation of the Service by any means including introduction of malware or excessive usage or network traffic; (h) provide Service passwords or other log-in information to any third party; (i) share non-public Service features or content with any third party; or (j) use any automated methods (including “robots” or “crawlers”) or excessive numbers of data requests to access the Service.

4.2. Misuse. In the event of any suspected breach of Section 4.1 or any suspected risk to the integrity of the Service or the security of the data of any user, FOSSA may suspend the Service or Subscriber’s access to the Service without advanced notice, in addition to and without prejudice to any other remedies FOSSA may have.

4.3. Unauthorized Access. Subscriber shall take reasonable steps to prevent unauthorized access to the Service, including without limitation by protecting its passwords and other log-in information. Subscriber shall notify FOSSA immediately of any known or suspected unauthorized use of the Service or breach of its security and shall use best efforts to stop such breach.

4.4. Compliance with Laws. In its use of the Service, Subscriber shall comply with all applicable laws and regulations.

  1. CONFIDENTIAL INFORMATION.

5.1. Definition. “Confidential Information” means (a) in the case of Subscriber, the Code Base, and (b) in the case of FOSSA, all non-public features, functions, pricing, and implementations of the Service; except that Confidential Information does not include information that: (i) is or becomes publicly known or publicly available through no fault of the receiving party including, without limitation, all publicly available open source code; (ii) is already in receiving party’s possession at the time of disclosure; (iii) is provided to receiving party by a third party, without breach of any confidentiality obligations by such third party; or (iv) is independently developed without use of or reference to the other party’s Confidential Information.

5.2. Non-Use and Non-Disclosure. Receiving party (i) will not, without disclosing party’s prior written consent, use Confidential Information for any purpose other than to provide, facilitate, access or use the Service as allowed under this Agreement and to perform and enforce this Agreement, and (ii) will use reasonable efforts, and no less than the level of effort set forth in Section 4.3, to prevent the unauthorized disclosure of Confidential Information to any third party, except as set forth in Section 5.4.

5.3. Protective Measures. Receiving party will protect Confidential Information with the same degree of care it uses to protect its own confidential information of similar nature and importance, but in any event, with no less than reasonable care.

5.4. Compelled Disclosure. Receiving party may disclose Confidential Information to the extent such disclosure is required by applicable law, judicial process, or governmental order, provided that receiving party will, to the extent allowed by law, give disclosing party prompt notice of any such required disclosure and reasonably cooperate with disclosing party in any effort to seek a protective order or otherwise to contest such required disclosure by lawful means, at disclosing party’s expense.

5.5. Injunctive Relief. Each party agrees that any breach or threatened breach of Section 5.2 may cause irreparable injury for which monetary relief may not provide adequate compensation, and that in addition to any other remedies available, the injured party is entitled to seek injunctive relief against such breach or threatened breach, without the necessity of proving actual damages or posting a bond or other security.

  1. TERM AND TERMINATION.

6.1. Initial Term. The initial term of this Agreement (the “Initial Term”) is the Subscription Period.

6.2. Renewal. Unless either party provides written notice at least thirty (30) days before the last day of the Initial Term or then-current Renewal Term that such party does not wish to renew this Agreement, this Agreement will automatically renew for successive additional terms of one year (each, a “Renewal Term”, and all Renewal Terms collectively and together with the Initial Term, the “Term”).

6.3. Termination for Breach. Either party may terminate this Agreement immediately upon notice if the other party materially breaches this Agreement and fails to cure such breach within thirty (30) days of receiving written notice describing the manner in which the Agreement has been breached.

6.4. Termination for Bankruptcy. Either party may terminate this Agreement immediately upon notice if the other party files for bankruptcy, makes an assignment for the benefit of creditors, has a bankruptcy trustee, receiver, or similar official appointed to manage such party’s assets or affairs, or has a bankruptcy petition filed against it, which petition is not dismissed in such party’s favor within sixty (60) days of the filing thereof.

6.5. Survival. The following provisions will survive termination or expiration of this Agreement: (a) any obligation of either party, accrued prior to such expiration or termination, to pay money to the other party, and (b) Sections 5, 6.5, 7.1, 7.3, 7.4, 8.2, 9, 10, and 11.

  1. INTELLECTUAL PROPERTY.

7.1. No Transfer or Assignment of Intellectual Property. Nothing in this Agreement transfers any Intellectual Property Right of either party to the other party.

7.2. Code Base. Without limiting the generality of Section 7.1, Subscriber retains all ownership rights and title that Subscriber has in the Code Base.

7.3. FOSSA Service. Without limiting the generality of Section 7.1, FOSSA retains all ownership rights and title that FOSSA has in the Service, and any improvements, modifications or derivatives thereof, and all intellectual property rights related to the foregoing. While performing its obligations under this Agreement, FOSSA may add information and features to the Service (for example, adding code signatures and license information about additional open source software projects, or developing aggregated statistical data about the frequency with which certain licenses or vulnerabilities tend to appear). FOSSA shall be free to use, exercise and exploit before, during, and after the Term, for free and for any purpose, all suggestions, ideas and/or feedback, and all aggregated de-identified data, relating to the Service (collectively, “Feedback”) provided by or obtained from Subscriber and Authorized Users, notwithstanding anything else.

7.4. No Implied Licenses. Except as expressly set forth in this Agreement, nothing in this Agreement grants any license to any Intellectual Property Right or Confidential Information of either party, whether by implication, estoppel, or otherwise.

7.5. Subscriber’s Name and Logo. FOSSA may include Subscriber’s name and logo in listings of FOSSA’s customers on FOSSA’s website.

  1. REPRESENTATIONS; DISCLAIMER OF WARRANTIES.

8.1. Corporate Organization and Authority. Each party represents and warrants that: (a) it is a corporation or other business entity, properly organized and in good standing in its state of incorporation and (b) it has the full corporate right and authority to enter into, execute, and perform its obligations under this Agreement. The individual executing this Agreement on each party’s behalf represents and warrants that he or she has the authority to bind such party to this Agreement.

8.2. Warranty Disclaimers. OTHER THAN AS SET FORTH IN SECTION 8.1, NEITHER PARTY MAKES ANY REPRESENTATIONS OR WARRANTIES TO THE OTHER PARTY. SUBSCRIBER ACCEPTS THE SERVICE “AS IS,” AND FOSSA, FOR ITSELF AND ON BEHALF OF ITS LICENSORS, HEREBY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR ANY IMPLIED WARRANTY ARISING FROM STATUTE, COURSE OF DEALING, COURSE OF PERFORMANCE, OR USAGE OF TRADE, TO THE MAXIMUM EXTENT ALLOWED BY LAW. FOSSA DOES NOT WARRANT THAT THE SERVICE OR THE INFORMATION OBTAINED THROUGH THE SERVICE IS ACCURATE, COMPLETE, CURRENT, FREE OF ERRORS OR OMISSIONS, SECURE, RELIABLE, OR ACCESSIBLE AT ANY PARTICULAR TIME.

  1. INDEMNIFICATION.

9.1. Indemnification by FOSSA. Subject to Section 9.3, FOSSA shall defend, indemnify, and hold harmless Subscriber against any and all costs, losses, liabilities, and expenses arising out of any claim, suit or proceeding brought by a third party (“Claim”) to the extent alleging that the Service infringes or misappropriates such third party’s United States Intellectual Property Rights; provided, however, that FOSSA’s indemnity obligation does not extend to Claims arising out of (i) a combination of the Service with any hardware, software, services, or other materials not provided by FOSSA, if such Claim would not have occurred but for such combination, or (ii) Subscriber’s use of the Service in breach of this Agreement.

9.2. Indemnification by Subscriber. Subject to Section 9.3, Subscriber shall defend, indemnify, and hold harmless FOSSA against any and all costs, losses, liabilities, and expenses arising out of any Claim to the extent arising from: (a) an allegation that Code Base infringes or misappropriates the Intellectual Property Rights or privacy rights of such third party, (b) Subscriber’s violation of applicable law or breach of this Agreement, or (c) Subscriber’s gross negligence or willful misconduct.

9.3. Procedure. Any party seeking indemnification under this section will give the other party (a) prompt notice of any Claim for which indemnification is or may be sought, (b) sole control over the defense and settlement of the Claim, provided that such other party will not, without indemnified party’s consent, settle the Claim on terms that admit any wrongdoing by the indemnified party or impose any obligations upon the indemnified party, and (c) reasonable cooperation in such defense or settlement, at such other party’s expense.

9.4. Sole Remedy. This Section 9 sets forth FOSSA’s sole obligation, and Subscriber’s sole remedy, with respect to any infringement, misappropriation, or alleged infringement or misappropriation of third-party rights arising in connection with the Service.

  1. LIMITATION OF LIABILITY.

10.1. Limit on Indirect Damages. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, AND EXCEPT FOR A PARTY’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, OR OBLIGATIONS ARISING UNDER SECTION 9 (Indemnification), NEITHER PARTY SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, EXEMPLARY, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, INCLUDING WITHOUT LIMITATION, LOSS OF BUSINESS, PROFITS, DATA OR COSTS OF PROCUREMENT OF SUBSTITUTE GOODS, SERVICES, OR RIGHTS.

10.2. Liability Cap. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, AND EXCEPT FOR A PARTY’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT OR OBLIGATIONS ARISING UNDER SECTION 9 (Indemnification), UNDER NO CIRCUMSTANCES WILL EITHER PARTY’S TOTAL LIABILITY FOR ANY MATTERS ARISING OUT OF OR RELATED TO THIS AGREEMENT REGARDLESS OF THE CAUSE OF ACTION (WHETHER IN CONTRACT, TORT, BREACH OF WARRANTY, NEGLIGENCE, OR OTHERWISE), EXCEED THE FEES PAID OR PAYABLE BY SUBSCRIBER TO FOSSA FOR THE SERVICE IN RESPECT OF THE 12-MONTH PERIOD PRECEDING THE EVENTS OR CIRCUMSTANCES GIVING RISE TO THE CLAIM.

10.3. Application. THE LIMITATIONS AND EXCLUSIONS OF THIS ARTICLE 10 APPLY EVEN IF THE RELEVANT PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, EVEN IF SUCH DAMAGES WERE FORESEEABLE, AND EVEN IF A LIMITED REMEDY FAILS OF ITS ESSENTIAL PURPOSE. IF APPLICABLE LAW LIMITS THE APPLICATION OF THE PROVISIONS OF THIS ARTICLE 10, THE LIMITATIONS WILL APPLY TO THE MAXIMUM EXTENT PERMISSIBLE UNDER SUCH LAW.

  1. GENERALPROVISIONS.

11.1. Independent Contractors. The relationship between the parties is that of independent contractors. Neither party is an agent of, or authorized to bind, the other party.

11.2. Governing Law; Venue. This Agreement shall be governed by the laws of the State of California without regard to conflict of law principles. The parties hereby submit to the personal and exclusive jurisdiction of the state courts and federal courts located in San Francisco, California, for the purpose of litigating all claims or disputes arising in connection with this Agreement, and waive any and all objections or motions regarding inconvenient forum or venue in such courts.

11.3. Assignment. Neither party may assign this Agreement without the prior written consent of the other party, except that either party may assign this Agreement in its entirety without consent to such party’s successor in interest by way of a merger, acquisition, consolidation, or reorganization of such party, or the sale of substantially all of such party’s business or assets to which this Agreement pertains. Any assignment or purported assignment in violation of this section is void.

11.4. No Third Party Beneficiaries. Nothing in this Agreement confers or is intended to confer any right or privilege on any person other than FOSSA and the Subscriber.

11.5. Amendment.

11.5.1. Changes to the Service. FOSSA continually strives to improve its products and services, and reserves the right to improve or modify the Service and its features in any manner and at any time, including during the Term, at its sole discretion, provided however that such modifications will not materially reduce the functionality of the Service to Subscriber.

11.5.2. Changes to this Agreement. At the beginning of any Renewal Term as defined in Section 6.2, FOSSA may amend the terms of this Agreement, including without limitation the availability of the Service or any feature thereof (notwithstanding the provisions of Section 11.5.1) and the Subscription Fees due for the Service or for any feature of the Service, provided however that FOSSA notifies Subscriber of any such amendments at least sixty (60) days before the beginning of such Renewal Term in a message sent through the Service or by email to the email address on Subscriber’s account. The Subscriber may reject such amendments by timely exercising the option not to renew the Agreement pursuant to Section 6.2. If the Subscriber does not reject the amendments in the manner set forth in the preceding sentence, the Subscriber will be deemed to have accepted the amendments effective on the first day of the Renewal Term.

11.5.3. Online Policies. FOSSA may modify online policies such as the Privacy Policy from time to time by posting a revised version at its website.

11.5.4. Written Amendments. Except as expressly stated in this Section 11.5, this Agreement may not be amended other than by a written instrument executed by both parties.

11.6. Entire Agreement. This Agreement, together with the Subscription Order and any other agreements expressly incorporated by reference, constitutes the entire understanding between Subscriber and FOSSA regarding Subscriber’s use of and access to the Service, and supersedes all prior or contemporaneous writings, negotiations, and discussions with respect to the subject matter hereof.

11.7. Waiver; Severability. A party’s failure to require performance of any provision shall not affect its right to require performance at any time thereafter, nor shall a waiver of any breach or default constitute a waiver of any subsequent breach or default. In the event that any part of the Agreement is held to be invalid or unenforceable, the unenforceable part shall be given effect to the greatest extent possible and the remaining parts will remain in full force and effect.

11.8. Interpretation. Use of paragraph headers in the Agreement is for convenience only and shall not have any impact on the interpretation of this Agreement.

11.9. Subcontractors. Each party may exercise its rights and perform its obligations through third-party contractors, provided, however, that (i) each party will remain fully responsible for all its performance hereunder, including any performance that may be undertaken by such subcontractors, and (ii) each such subcontractor that will have access to or use of any Confidential Information of the other party will be bound by a written confidentiality agreement no less protective of such Confidential Information than the provisions of this Agreement.

11.10. Notices and Contact Information. Except as otherwise set forth in Section 11.5, notices made pursuant to this Agreement will be made in writing and will be deemed given (i) four days after being sent by postal delivery or (ii) two days after being sent by a reputable next-day courier service such as Federal Express next-day delivery, in either case with all postage and delivery fees pre-paid and a delivery confirmation required, to the address provided for such party on an applicable Subscription Order, or to such updated address as such party provides by notice in accordance with this section. Subscriber questions or communications regarding FOSSA, the Service, or the Agreement may be sent to [email protected] but will not serve as notice under this Agreement.

11.11. Force Majeure. If a party’s performance under this Agreement, other than a failure to pay money when due, is delayed or prevented by hurricane, earthquake, fire, flood, natural disaster, pandemic, acts of terror or war, labor unrest, general failure of the Internet or of communications systems, or other forces beyond the performing party’s reasonable control (collectively, “Force Majeure”), the time allowed for such performance will be extended for a period equal to the duration of the Force Majeure event, and such delay or failure will not constitute a breach of this Agreement. The party suffering a Force Majeure event will
use reasonable efforts to minimize the delays, to notify the other party promptly, and to inform the other party of its plans to resume performance.

11.12. Counterparts. This Agreement may be executed in counterparts, each of which will be deemed an original, but all of which together will constitute one instrument.

11.13. Government End-Users. Both parties acknowledge and agree that the Service (including without limitation, CLI instructions) will not be used or transferred or otherwise exported or re-exported to countries as to which the United States or any other governmental authority relevant to this Agreement maintains an embargo or other applicable sanctions (“Embargoed Countries”), or to or by a national or resident thereof, or any person or entity on the U.S. Department of Treasury’s List of Specially Designated Nationals or the U.S. Department of Commerce’s Table of Denial Orders, or any similar lists maintained by any governmental authority relevant to this Agreement
(“Designated Nationals”). Elements of the Service are commercial computer software and commercial computer software documentation, pursuant to FAR section 2.101 and DFAR Section 252.227-7041. If the user or licensee of the Service is an agency, department, or other entity of the United States Government, the use, duplication, reproduction, release, modification, disclosure, or transfer of the Service, or any related documentation of any kind, including technical data and manuals, is restricted by this license agreement to the exclusion of all other terms, in accordance with Federal Acquisition Regulation 12.212 for civilian purposes and Defense Federal Acquisition Regulation Supplement 227.7202 for military purposes, and all other use is prohibited. The Service was developed fully at private expense. All other use is prohibited.