logo
Legal Hub

Abnormal Security Cloud Terms of Service

Effective November 18th, 2024

 

ABNORMAL SECURITY

CLOUD TERMS OF SERVICE

 
If you have a separate written agreement with Abnormal Security Corporation with respect to use of the Service or any related services, these Cloud Terms of Service will not apply to you.

These Cloud Terms of Service (“Agreement”) govern your ("Customer") use of the Service and allow you to receive Support. By clicking a box indicating your acceptance of this Agreement, (e.g., “I Agree,” “Accept Terms,” “I Understand and Agree”) or similar button on the Service registration page, or executing an Order, as further described below, or by otherwise accessing the Service, you represent that (1) you have read, understand, and agree to be bound by this Agreement, (2) you are of legal age to form a binding contract with Abnormal Security Corporation, having its principal place of business at 185 Clara Street, Suite 100, San Francisco, CA 94107, (“Abnormal,” “we,” “our,” or “us”, Abnormal and Customer may each be referred to separately as, a “Party,” or together as, the “Parties”), and (3) you have the authority to enter into this Agreement personally or on behalf of the company or other organization you represent, and to bind that entity to this Agreement. In the event you are agreeing to this Agreement on behalf of a company or organization, “Customer,” will refer to the entity you are representing. We may update this Agreement from time to time in accordance with Section 17.5 (Updates).

Capitalized terms are defined in the Section 18 (Glossary) or in context below.
 
1. ACCESS OF THE SERVICE

1.1. The Service. Subject to this Agreement, Customer may access and use the Service for its own internal business purposes during each Subscription Term (“Permitted Use”). This includes the right to copy and use the Documentation as part of Customer’s Permitted Use.

1.2. Users. Customer is responsible for provisioning and managing User accounts, for Users’ actions through the Service and for Users' compliance with this Agreement. Customer will require that Users keep their login credentials confidential and will promptly notify Abnormal upon learning of any compromise of User accounts or credentials.

1.3. Affiliates. Customer’s Affiliates may serve as Users. Customer shall be responsible for its Affiliates’ use of the Service. Alternatively, Customer’s Affiliates may enter into their own Orders as mutually agreed with Abnormal, which creates a separate agreement between each such Affiliate and Abnormal incorporating this Agreement with the Affiliate treated as “Customer”. Neither Customer nor any Customer Affiliate has any rights under each other’s separate agreement with Abnormal, and breach or termination of any such separate agreement affects only that agreement.

1.4. Support and Availability. Abnormal will provide Support and adhere to the Service Level Agreement set out in the SLA.
 
2. DATA

2.1. Customer Data. Customer grants Abnormal a license during each Subscription Term to use Customer Data to provide the Service, Support, and Technical Services to Customer, and to generate Threat Intelligence. Use of Customer Data includes sharing Customer Data if Customer directs through an integration of the Service with a Third-Party Product, but Abnormal will not otherwise disclose Customer Data to third parties except as permitted in this Agreement.

2.2. Security. Abnormal maintains industry-standard physical, technical, and administrative safeguards as described in the Information Security Policy that are designed to prevent unauthorized access, use, alteration or disclosure of Customer Data.

2.3. Data Processing Addendum. Abnormal will process Customer Data in accordance with, and each Party will comply with, the Data Processing Addendum.

2.4. Service Operations Data. Abnormal may collect Service Operations Data and use it to operate, improve and support the Service and for other lawful business purposes, including benchmarking and reports. However, Abnormal will not disclose Service Operations Data externally unless it is: (a) de-identified so that it does not identify Customer, its Users or any other person; and (b) aggregated with data across other customers.

2.5. Anomaly Determinations. The Service may provide Customer with ADs which indicate a possibility or likelihood of fraudulent, harmful or malicious activity occurring in Customer’s environment. Customer acknowledges and agrees that the Service provides ADs for Customer’s consideration, but that Customer is ultimately responsible for any actions taken or not taken in relation to such ADs, including any auto-remediation configuration which Customer may choose to set within the Service. Abnormal may incorporate any subsequent action or inaction taken by Customer into its models, for the purpose of identifying future potential fraud, loss, or other harms to customers. Customer may export ADs from the Service, as described in the Documentation, during the Subscription Term. If Customer exports ADs, Abnormal grants to Customer a non-exclusive, non-sublicensable, non-transferable (except as permitted by the Agreement) license to reproduce, distribute and prepare derivative works of ADs solely for its internal business purposes, including with Customer’s use of Third-Party Products.
 
2.6. Use of GenAI Features. Customer may use GenAI Features as part of the Service. Customer may submit Inputs to the GenAI Features and receive Outputs. Customer acknowledges that Outputs provided to Customer may be similar or identical to Outputs independently provided by Abnormal to other customers. Each Party will continue to own any component element contained within Output that such Party previously owned prior to its curation (e.g. Customer Data, ADs, Threat Intelligence). The Parties agree that: (1) Customer may reproduce, distribute, and prepare derivative works of Outputs in connection with its use of the Service and solely for its internal business purposes; and (2) Abnormal may use Outputs in performance of its obligations under the Agreement.
 
2.7. Artificial Intelligence Model Training.

(a) Customer-Specific Models. Abnormal may use Customer Data in training the Service for the purpose of identifying future potential fraud, loss, or other harms solely for the benefit of Customer. Abnormal shall not use Customer Data to train or otherwise improve the LLMs of any third-party resource providers or to train any shared model. For purposes of this section, a shared model means a model federated across the Abnormal customer base. For clarity, all Customer Data processed through the use of artificial intelligence and/or machine learning is subject to the protections described in Section 2.2 (Security).

(b) Shared Models. Abnormal may incorporate any learnings from ADs, including any Customer subsequent action or inaction taken in response to ADs, into training its Service and Threat Intelligence for the purpose of identifying future potential fraud, loss, or other harms to customers. Any such ADs learnings will be de-identified, so as to not identify Customer or its Users, and to the extent practicable with respect to any threat actor. To the extent practicable, such learnings will be aggregated with data across other customers. 

(c) GenAI Features. Abnormal may use Inputs and Outputs to train or otherwise improve the GenAI Features for the Service, but only if such Inputs and Outputs have been (i) de-identified so that they do not identify Customer or its Users, and (ii) to the extent practicable, aggregated with data across other customers. Abnormal shall not use Inputs to train or otherwise improve the LLMs of any third-party resource providers underlying such GenAI Features. For these purposes (and without limiting Customer’s other obligations with respect to Customer Data generally), such Input is provided by Customer to Abnormal strictly "AS IS”.

2.8. Third-Party Products. Customer may choose to enable integrations or exchange Customer Data with Third-Party Products. Customer’s use of a Third-Party Product is governed by its agreement with the relevant provider, not this Agreement. Abnormal is not responsible for Third-Party Products or for the manner in which Customer Data may be managed by such products.
 
3. USE OF THE SERVICE

3.1. Compliance. Customer will: (a) only use the Service in accordance with the Documentation; and (b) comply with the Acceptable Use Policy and any applicable Product Specific Terms. Customer represents and warrants that it has secured all necessary rights, consents, and permissions to use Customer Data with the Service and grant Abnormal the rights to Customer Data specified in this Agreement, without violating third-party intellectual property, privacy or other rights. Between the Parties, Customer is responsible for the content and accuracy of Customer Data.

3.2. Restrictions. Customer will not and will not allow any third party to: (a) access or use the Service (in whole or part) or Outputs for any competitive purposes, including to develop a similar or competing product or service (e.g., benchmarking); (b) conduct penetration testing on the Service, interfere with its operation or circumvent its access restrictions; (c) market, sublicense, distribute, resell, lease, loan, transfer, or otherwise commercially exploit or make the Service available (in whole or part) to any third party, except to a third party that manages Customer’s computing environment, grant non-Users access to the Service or use the Service to provide a hosted or managed service to others; (d) obtain or attempt to obtain the Service by any means or device with intent to avoid paying the fees that would otherwise be payable for such access or use; or (e) modify, create derivative works of, decompile, reverse engineer, attempt to gain access to the source code of, or copy the Service, or any of its components including any underlying artificial intelligence models and model data, except to the extent these restrictions are prohibited by Laws and then only upon advance notice to Abnormal.
 
4. MUTUAL COMPLIANCE WITH LAW. Each Party will comply with all laws, regulations, court orders or other binding requirements of a government authority (“Laws”) that apply to its performance under this Agreement.
 
5. REPRESENTATIONS AND WARRANTIES

5.1. Mutual Representations and Warranties. Each Party represents and warrants that:

(a) it has validly entered into this Agreement and has the legal power to do so; and

(b) it will use industry-standard measures to avoid introducing viruses, malicious code or similar harmful materials into the Service.

5.2. Abnormal Warranties. Abnormal warrants that:

(a) the Service will perform as materially described in the Documentation and Abnormal will not materially decrease the overall functionality of the Service during a Subscription Term (the “Performance Warranty”); and

(b) any Technical Services will be provided in a professional and workmanlike manner (the “Technical Services Warranty”).

5.3. Abnormal Warranty Remedies. Abnormal will use reasonable efforts to correct a verified breach of the Performance Warranty or Technical Services Warranty reported by Customer. If Abnormal fails to do so within 30 days after Customer’s warranty report, then either Party may terminate the affected Order as relates to the non-conforming Service or Technical Services, in which case Abnormal will refund to Customer any pre-paid, unused fees for the terminated portion of the Subscription Term (for the Performance Warranty) or for the non-conforming Technical Services (for the Technical Services Warranty). To receive these remedies, Customer must report a breach of warranty in reasonable detail within 30 days after discovering the issue in the Service or 30 days after delivery of the relevant Technical Services. This Section 5.3 sets forth Customer’s exclusive remedies and Abnormal’s sole liability for breach of the Performance Warranty or Technical Services Warranty.

5.4. Disclaimer. WITH THE EXCEPTION OF THE EXPRESS WARRANTIES SET FORTH IN THIS AGREEMENT, THE SERVICE, SUPPORT, AND TECHNICAL SERVICES ARE PROVIDED “AS IS” TO THE FULLEST EXTENT PERMITTED BY LAW. ABNORMAL AND ITS LICENSORS EXPRESSLY DISCLAIM ALL OTHER WARRANTIES AND CONDITIONS, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF PERFORMANCE, MERCHANTABILITY, FITNESS FOR ANY PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. WITHOUT LIMITING ITS EXPRESS OBLIGATIONS IN THE SERVICE LEVEL AVAILABILITY COMMITMENT, ABNORMAL DOES NOT WARRANT THE OUTPUTS, OR RESULTS TO BE ACHIEVED, FROM THE SERVICE OR THAT THE SERVICE IS ERROR-FREE, WILL PERFORM UNINTERRUPTED OR WILL MEET CUSTOMER’S REQUIREMENTS. THE WARRANTIES IN SECTION 5.2 (ABNORMAL WARRANTIES) DO NOT APPLY TO ISSUES ARISING FROM THIRD PARTY PRODUCTS OR MISUSE OR UNAUTHORIZED MODIFICATIONS OF THE SERVICE. THESE DISCLAIMERS APPLY TO THE FULL EXTENT PERMITTED BY LAW.
 
6. TECHNICAL SERVICES. Abnormal may perform Technical Services as described in an Order, which may identify additional terms or milestones for the Technical Services. Customer will give Abnormal timely access to Customer Materials reasonably needed for Abnormal’s provision of the Technical Services, and if Customer fails to do so, Abnormal’s obligation to provide Technical Services will be excused until access is provided. Abnormal will use the Customer Materials only for purposes of providing Technical Services. Abnormal may make use of service partners to provide the Technical Services. Subject to any limits in an Order, Customer will reimburse reasonable travel and lodging expenses incurred by Abnormal in providing Technical Services. Customer may use the product of any Technical Services that Abnormal furnishes as part of Technical Services only in connection with Customer’s authorized use of the Service under this Agreement. 
 
7. FEES AND PAYMENT

7.1. Payment. Customer will pay the fees described in the applicable Order. Unless the Order states otherwise, all undisputed amounts are payable in U.S. dollars and due within 30 days from the date of an invoice (“Due Date”). All fees and expenses are non-refundable and non-cancellable except as expressly set out in the Agreement and any applicable Order. In addition to any other remedies set forth in this Agreement, if any undisputed, invoiced amount is not received by Abnormal by the Due Date, then those charges may accrue late interest at the rate of 1.5% of the outstanding balance per month, or the maximum rate permitted by Law, whichever is lower.

7.2. Taxes. Customer is responsible for any sales, use, GST, value-added, withholding or similar taxes or levies that apply to its Orders, whether domestic or foreign (“Taxes”), other than Abnormal’s income tax. Fees and expenses are exclusive of Taxes. Unless Customer provides Abnormal with a valid exemption certificate, Customer is solely responsible for paying all Taxes associated with or arising from this Agreement.

7.3. Payment Disputes. If Customer disputes an invoice in good faith, it will notify Abnormal prior to the Due Date and the Parties will seek to resolve the dispute over a 15-day discussion period. Customer is not required to pay disputed amounts during the discussion period, but will timely pay all undisputed amounts. After the discussion period, either Party may pursue any available remedies.

7.4. Records and Validation. Customer is responsible for providing complete and accurate billing and contact information to Abnormal and notifying Abnormal of any changes to such information. Abnormal may conduct verification checks on the usage of the Service during the Subscription Term. If it is determined that the usage of the Service exceeds the baseline quantity stated in an applicable Order, the Parties (Channel Partner and Abnormal or Customer and Abnormal, as applicable) will address any over-usage in a separate Order. If Customer fails to pay for the over-usage, Abnormal may terminate access to the Service within thirty (30) days of Abnormal’s notice of non-compliance.
 
8. SUSPENSION. Abnormal shall be entitled to suspend Customer’s access to the Service and related services due to a Suspension Event, but where practicable will give Customer prior notice so that Customer may seek to resolve the issue and avoid suspension. Abnormal is not required to give prior notice in exigent circumstances or for a suspension made to avoid material harm or violation of Law. Once the Suspension Event is resolved, Abnormal will promptly restore Customer’s access to the Service in accordance with this Agreement. “Suspension Event” means: (a) Customer’s account is 30 days or more overdue; (b) Customer is in breach of Section 3 (Use of the Service); or (c) Customer’s use of the Service risks material harm to the Service or others.
 
9. TERM AND TERMINATION
9.1. Subscription Terms. Each Subscription Term will last for an initial 12-month period unless the Order states otherwise. Each Subscription Term will renew for successive periods unless: (a) the Parties agree on a different renewal Order; or (b) either Party notifies the other (or Channel Partner notifies Abnormal, if applicable) of non-renewal at least 30 days prior to the end of the then current Subscription Term.

9.2. Term. The term of this Agreement will commence on the date you accept this Agreement ("Effective Date") and continues until expiration or termination of all Subscription Terms, unless otherwise terminated as permitted by this Agreement (the “Term”). If no Subscription Term is in effect, either Party may terminate this Agreement for any or no reason with notice to the other Party.

9.3. Termination. Either Party may terminate this Agreement, including all Subscription Terms, if the other Party (a) fails to cure a material breach of this Agreement (including a failure to pay fees) within 30 days after notice, (b) ceases operation without a successor, or (c) seeks protection under a bankruptcy, receivership, trust deed, creditors’ arrangement, composition or comparable proceeding, or if such a proceeding is instituted against that Party and not dismissed within 60 days. Customer shall receive a refund of any pre-paid, unused fees for the terminated portion of an applicable Subscription Term for such Customer-initiated terminations, and Customer will promptly pay Abnormal any and all outstanding fees and expenses due both as of the date of termination and for the terminated portion of the Subscription Term for any such Abnormal-initiated termination.

9.4. Data Export & Deletion. During a Subscription Term, Customer may export Customer Data from the Service (or Abnormal will otherwise make the Customer Data available to Customer) as described in the Documentation. After termination or expiration of this Agreement, Abnormal will delete Customer Data and each Party will delete any Confidential Information of the other in its possession or control. Nonetheless, Abnormal may retain Customer Data and each Party may retain Confidential Information in accordance with its standard backup or record retention policies or as required by Law, subject to Section 2.2 (Security), Section 10 (Confidentiality) and the DPA.

9.5. Effect of Termination.

(a) Customer’s right to use the Service, Support and Technical Services will immediately cease upon any termination or expiration of this Agreement, subject to this Section 9 (Term and Termination).

(b) In no event will any termination or expiration relieve Customer of the obligation to pay any expenses and fees payable to Abnormal for the period prior to the effective date of termination or expiration.

(c) The following Sections will survive expiration or termination of this Agreement: Section 2.4 (Service Operations Data), 2.5 (Anomaly Determinations), 2.6 (GenAI Features), 2.7 (Artificial Intelligence Model Training), 3 (Use of the Service), 5.4 (Disclaimers), 7.1 (Payment) (for amounts then due), 7.2 (Taxes), 9.4 (Data Export & Deletion), 9.5 (Effect of Termination), 10 (Confidentiality), 11 (Proprietary Rights), 12 (Limitations of Liability), 13 (Indemnification), 17 (General Terms), and 18 (Glossary).
 
10. CONFIDENTIALITY

10.1. Use and Protection. As recipient, each Party will: (a) use Confidential Information only to fulfill its obligations and exercise its rights under this Agreement; (b) not disclose Confidential Information to third parties without discloser’s prior approval, except as permitted in this Agreement; and (c) protect Confidential Information using at least the same precautions recipient uses for its own similar information and no less than a reasonable standard of care.

10.2. Permitted Disclosures. The recipient may disclose Confidential Information to its employees, agents, contractors, Affiliates, subcontractors and other representatives having a legitimate need to know (including, for Abnormal, any subprocessors referenced in the DPA or Service support providers as referenced in Section 17.8) (each, a “Representative”), provided recipient remains responsible for their compliance and they are bound to confidentiality obligations no less protective than this Section 10.

10.3. Exclusions. These confidentiality obligations do not apply to information that the recipient can document: (a) is or becomes public knowledge through no fault of the recipient, (b) it rightfully knew or possessed, without confidentiality restrictions, prior to receipt from the discloser, (c) it rightfully received from a third party without confidentiality restrictions, or (d) it independently developed without access to the Confidential Information.

10.4. Remedies. Breach of this Section 10 (Confidentiality) may cause substantial harm for which monetary damages are an insufficient remedy. Upon a breach of this Section 10, the discloser is entitled to seek appropriate equitable relief, including an injunction, in addition to other remedies.

10.5. Required Disclosures. The recipient may disclose Confidential Information (including Customer Data) to the extent required by Laws. If permitted by Law, the recipient will give the discloser reasonable advance written notice of the required disclosure and reasonably cooperate, at the discloser’s expense, to contest or seek to limit the disclosure or obtain confidential treatment for the Confidential Information. If no protective order or other remedy is obtained, the recipient will disclose only that portion of the Confidential Information that is legally required, and agrees to exercise reasonable efforts to ensure that confidential treatment will be accorded to such Confidential Information.
 
11. PROPRIETARY RIGHTS

11.1. Abnormal Property. Abnormal owns and retains all right, title, and interest in and to the Service, Threat Intelligence, Service Operations Data, Technical Services, and any feedback or suggestions Customer provides to Abnormal with respect to the Service or Technical Services. All feedback is provided “AS IS” and Abnormal will not publicly identify Customer as the source of feedback without Customer’s permission. Except for Customer’s express rights in this Agreement, as between the Parties, Abnormal and its licensors retain all intellectual property rights in the Service, and product of any Technical Services and related Abnormal technology.

11.2. Customer Property. Except for Abnormal’s express rights in this Agreement, as between the Parties, Customer owns and retains all right, title, and interest in and to the Customer Data and Customer Materials provided to Abnormal.
 
12. LIMITATIONS OF LIABILITY

12.1. General Cap. EACH PARTY’S ENTIRE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT WILL NOT EXCEED THE GENERAL CAP.

12.2. Consequential Damages Waiver. NEITHER PARTY WILL HAVE ANY LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT FOR INDIRECT, SPECIAL, INCIDENTAL, RELIANCE, EXEMPLARY OR CONSEQUENTIAL DAMAGES OR DAMAGES FOR LOSS OF USE, LOST PROFITS OR INTERRUPTION OF BUSINESS, EVEN IF INFORMED OF THEIR POSSIBILITY IN ADVANCE.

12.3. Exceptions and Enhanced Cap. SECTIONS 12.1 (GENERAL CAP) AND 12.2 (CONSEQUENTIAL DAMAGES WAIVER) WILL NOT APPLY TO ENHANCED CLAIMS OR UNCAPPED CLAIMS. FOR ALL ENHANCED CLAIMS, EACH PARTY’S ENTIRE LIABILITY WILL NOT EXCEED THE ENHANCED CAP.

12.4. Nature of Claims. The waivers and limitations in this Section 12 (Limitations of Liability) apply regardless of the form of action, whether in contract, tort (including negligence), strict liability or otherwise and will survive and apply even if any limited remedy in this Agreement fails of its essential purpose.

12.5. Liability Definitions. The following definitions apply to this Section 12 (Limitations of Liability).

“Enhanced Cap” means three times (3x) the General Cap.
“Enhanced Claims” means Abnormal’s breach of Section 2.2 (Security) or either Party’s obligations in or breach of Section 2.3 (DPA).
“General Cap” means the total amounts paid and payable by Customer for: (a) use of the Service or (b) performance of the Technical Services, as applicable, to Abnormal under this Agreement in the 12 months immediately preceding the first incident giving rise to a claim of liability. Any Technical Services that are provided on a no-charge basis will be valued at ten thousand dollars for purposes of this definition.
“Uncapped Claims” means: (a) the indemnifying Party’s obligations under Section 13 (Indemnification); (b) either Party’s infringement or misappropriation of the other Party’s intellectual property rights; (c) Customer’s breach of Section 3.2 (Restrictions); (d) any breach of Section 10 (Confidentiality), excluding breaches related to Customer Data; (e) Customer’s payment obligations; and (f) liabilities that cannot be limited by Law.
 
13. INDEMNIFICATION

13.1. By Abnormal. Abnormal, at its own cost, will defend Customer from and against any Abnormal-Covered Claims and will indemnify Customer from and against any damages or costs finally awarded against Customer by a court of competent jurisdiction (including reasonable attorneys’ fees) or agreed in settlement by Abnormal resulting from the Abnormal-Covered Claims.

13.2. By Customer. Customer, at its own cost, will defend Abnormal from and against any Customer-Covered Claims and will indemnify Abnormal from and against any damages or costs finally awarded against Abnormal by a court of competent jurisdiction (including reasonable attorneys’ fees) or agreed in settlement by Customer resulting from the Customer-Covered Claims.

13.3. Indemnification Definitions.

Abnormal-Covered Claim” means a third-party claim that the Service, when used by Customer as authorized in this Agreement, infringes or misappropriates a third party’s United States, United Kingdom, or European Union intellectual property rights.
Customer-Covered Claim” means a third-party claim arising from Customer Materials or Customer’s breach or alleged breach of Section 3 (Use of the Service).

13.4. Procedures. The indemnifying Party’s obligations in this Section 13 (Indemnification) are subject to receiving from the indemnified Party: (a) prompt notice of the claim (but delayed notice will only reduce the indemnifying Party’s obligations to the extent it is prejudiced by the delay); (b) the exclusive right to control the claim’s investigation, defense and settlement; and (c) reasonable cooperation at the indemnifying Party’s expense. The indemnifying Party may not settle a claim without the indemnified Party’s prior approval if settlement would require the indemnified Party to admit fault or take or refrain from taking any action (except regarding use of the Service when Abnormal is the indemnifying Party). The indemnified Party may participate in a claim with its own counsel at its own expense.

13.5. Mitigation & Exceptions. In response to an infringement or misappropriation claim, if required by settlement or injunction or as Abnormal determines necessary to avoid material liability, Abnormal may, in its sole discretion: (a) procure rights for Customer’s continued use of the Service; (b) replace or modify the allegedly infringing portion of the Service to avoid infringement, without reducing the Service’s overall functionality; or (c) terminate the affected Order or the Agreement and refund to Customer any pre-paid, unused fees for the terminated portion of the Subscription Term. Abnormal’s obligations in this Section 13 (Indemnification) do not apply to claims resulting from (1) modification or unauthorized use of the Service or (2) use of the Service in combination with items not provided by Abnormal, including Third-Party Products. This Section 13 (Indemnification) sets out the indemnified Party’s exclusive remedy and the indemnifying Party’s sole liability regarding third-party claims of intellectual property infringement or misappropriation.
 
14. INSURANCE

14.1. Abnormal will maintain in full force and effect during the term of this Agreement:

(a) Commercial general liability insurance on an occurrence basis for bodily injury, death, property damage, and personal injury, with coverage limits of not less than US$1,000,000 per occurrence and US$2,000,000 general aggregate for bodily injury and property damage;

(b) Worker’s compensation insurance as required by applicable law, including employer’s liability coverage for injury, disease and death, with coverage limits of not less than US$1,000,000 per accident and employee;

(c) Umbrella liability insurance on an occurrence form, for limits of not less than US$3,000,000 per occurrence and in the aggregate; and

(d) Technology Errors & Omissions and Cyber-risk insurance on a claims-made form, for limits of not less than US$10,000,000 annual aggregate covering liabilities for financial loss resulting or arising from acts, errors or omissions in the rendering of the Service, or from data damage, destruction, or corruption, including without limitation, unauthorized access, unauthorized use, virus transmission, denial of service, and violation of privacy from network security failures in connection with the Service.

14.2. Insurance carriers will be rated A-VII or better by A.M. Best Provider. In no event will the foregoing coverage limits affect or limit Abnormal’s contractual liability, including for indemnification obligations, under this Agreement.  
 
15. TRIALS AND BETAS. Abnormal may offer optional Trials and Betas. Use of Trials and Betas is permitted only for Customer’s internal evaluation during the period designated on the Order (or if not designated in an Order or otherwise, 30 days). Either Party may terminate Customer’s use of Trials and Betas at any time for any reason. Trials and Betas may be inoperable, incomplete or include features never released. NOTWITHSTANDING ANYTHING ELSE IN THIS AGREEMENT, ABNORMAL OFFERS NO WARRANTY, INDEMNITY, SLA OR SUPPORT FOR TRIALS AND BETAS AND ITS LIABILITY FOR TRIALS AND BETAS WILL NOT EXCEED US$50,000.
 
16. PUBLICITY. Neither Party may publicly announce this Agreement without the other Party’s prior approval, except as required by Laws.
 
17. GENERAL TERMS

17.1. Assignment. Neither Party may assign this Agreement without the prior consent of the other Party, except that either Party may assign this Agreement, with notice to the other Party, to an Affiliate or in connection with the assigning Party’s merger, reorganization, acquisition or other transfer of all or substantially all of its assets or voting securities. Any non-permitted assignment is void. This Agreement will bind and inure to the benefit of each Party’s permitted successors and assigns.

17.2. Governing Law and Courts. This Agreement is governed by the laws of the State of California without reference to conflicts of law rules. For any dispute relating to this Agreement, the Parties consent to personal jurisdiction and the exclusive venue of the courts in San Francisco County, California.

17.3. Notices.

(a) Except as set out in this Agreement, notices, requests and approvals under this Agreement will be in writing to the addresses on the Order or in this Agreement and will be deemed given: (1) upon receipt if by personal delivery, (2) upon receipt if by certified or registered U.S. mail (return receipt requested), (3) one day after dispatch if by a commercial overnight delivery or (4) upon delivery if by email. Either Party may update its address with notice to the other.

(b) Abnormal may also send operational notices through the Service, including to update the AUP, DPA, ISP, SLA, or other policies to reflect new features or changing practices ("Referenced Policies").

17.4. Entire Agreement. This Agreement, inclusive of any Product Specific Terms, the Referenced Policies, and all applicable Orders, is the Parties’ entire agreement regarding its subject matter and supersedes any prior or contemporaneous agreements regarding its subject matter. In this Agreement, headings are for convenience only and “including” and similar terms are to be construed without limitation. Excluding Orders, terms in business forms, purchase orders or quotes, online terms, or invoicing portal used by Customer will not amend or modify this Agreement; any such documents are for administrative purposes only. In the event of any conflict or inconsistency between the Order and this Agreement, the Order will prevail.

17.5. Updates. Abnormal may modify this Agreement from time to time. If a modification materially impacts this Agreement, Abnormal will use reasonable efforts to notify Customer through the Service, the website and/or in accordance with this Section 17 (General Terms). Any changes to this Agreement posted on the website will be effective if Customer assents to such changes or upon Customer’s renewal Subscription Term, except changes required by law or as necessary for new features will immediately become effective to the extent necessary to comply with such law or as required to use such new features. If Customer objects to the updated Agreement, as Customer’s exclusive remedy and without penalty, Customer may choose not to renew by canceling any Subscription Term set to auto-renew in accordance with Section 9.1 (Subscription Terms).

17.6. Waivers and Severability. Waivers must be signed by the waiving Party’s authorized representative and cannot be implied from conduct. If any provision of this Agreement is held invalid, illegal or unenforceable, it will be limited to the minimum extent necessary so the rest of this Agreement remains in effect.

17.7. Force Majeure. Neither Party is liable for a delay or failure to perform this Agreement due to a Force Majeure. If a Force Majeure materially adversely affects the Service for 30 or more consecutive days, either Party may terminate the affected Order upon notice to the other and Abnormal will refund to Customer any pre-paid, unused fees for the terminated portion of the Subscription Term. However, this Section does not limit Customer’s obligations to pay fees owed.

17.8. Service Support Providers. Abnormal may use Service support providers (e.g., third-party hosting and other service providers) in provision of the Service and Support and permit them to exercise Abnormal's rights and fulfill Abnormal's obligations, but Abnormal remains responsible for their compliance with this Agreement. This provision does not limit any additional terms for subprocessors under a DPA.

17.9. Independent Contractors. The Parties are independent contractors, not agents, partners or joint venturers.

17.10. No Third-Party Beneficiaries. There are no third-party beneficiaries to this Agreement.

17.11. Anti-Corruption and Export. Each Party will, and will cause its employees, consultants, and agents to, comply with the US Foreign Corrupt Practices Act of 1977 and the UK Bribery Act 2010. Customer agrees to comply with all applicable laws administered by the U.S. Commerce Bureau of Industry and Security, U.S. Treasury Office of Foreign Assets Control, or other governmental entity imposing export controls and trade sanctions (“Export Laws”), including designated countries, entities, and persons (“Sanctions Targets”); and agrees not to directly or indirectly export, re-export, or otherwise deliver the Service to a Sanctions Target, or broker, finance, or otherwise facilitate any transaction in violation of any Export Laws. Customer represents that Customer is not a Sanctions Target or prohibited from receiving the Service. The Service will be used for non-prohibited, commercial purposes by non-prohibited Users and will not be exported or transferred to China or any Sanctions Target.

17.12. Government Rights. For purposes of this Agreement and to the extent applicable, the Service is "commercial computer software" and a "commercially available off-the-shelf (COTS) item" as defined at FAR 2.101 developed at the private expense of Abnormal. If acquired by or on behalf of a civilian agency, the U.S. Government acquires this commercial computer software and/or commercial computer software documentation and other technical data subject to the terms of the Agreement as specified in 48 C.F.R. 12.212 (Computer Software) and 12.211 (Technical Data) of the Federal Acquisition Regulation ("FAR") and its successors. If acquired by or on behalf of any agency within the Department of Defense ("DOD"), the U.S. Government acquires this commercial computer software and/or commercial computer software documentation subject to the terms of the Agreement as specified in 48 C.F.R. 227.7202 of the DOD FAR Supplement ("DFARS") and its successors. This Section is in lieu of and supersedes any other FAR, DFARS, or other clause or provision that addresses government rights in computer software or technical data.

17.13. Channel Partner Service Subscriptions. This Section applies to any Customer access of the Service obtained through an authorized Abnormal channel partner (“Channel Partner”).

(a) Commercial Terms. Instead of paying Abnormal directly, Customer will pay applicable amounts to the Channel Partner as agreed between Customer and the Channel Partner. Customer’s order details (e.g., scope of use, Subscription Term, and fees) will be as stated in the Order placed by Channel Partner with Abnormal on Customer’s behalf. Customer’s Order will renew with Channel Partner in accordance with Section 9.1 (Subscription Terms), unless Channel Partner notifies Abnormal that it is opting-out of auto-renewal on Customer’s behalf as described in this Agreement or in the manner specified in the agreement between Channel Partner and Abnormal. Channel Partner is responsible for the accuracy of such Order. Abnormal may suspend or terminate Customer’s rights to use the Service if it does not receive the corresponding payment from the Channel Partner. If Customer is entitled to a refund under this Agreement, Abnormal will refund any applicable fees to the Channel Partner and the Channel Partner will be solely responsible for refunding the appropriate amounts to Customer, unless otherwise specified. 

(b) Relationship with Abnormal. This Agreement is directly between Abnormal and Customer and governs all use of the Service by Customer. Channel Partners are not authorized to modify this Agreement or make any promises or commitments on Abnormal’s behalf, and Abnormal is not bound by any obligations to Customer other than as set forth in this Agreement. Abnormal is not party to (or responsible under) any separate agreement between Customer and Channel Partner. The amount paid or payable by the Channel Partner to Abnormal for Customer’s use of the applicable Service under this Agreement will be deemed the amount paid or payable by Customer to Abnormal under this Agreement for purposes of Section 12 (Limitations of Liability). Abnormal is not responsible for any acts, omissions, products or services provided by Channel Partner.
 

18. GLOSSARY. The definitions of certain capitalized terms used in this Agreement are set forth below. Others are defined in the body of this Agreement.

“Acceptable Use Policy” or “AUP” means the Acceptable Use Policy available at legal.abnormalsecurity.com.
“Affiliate” means an entity that directly or indirectly controls, is controlled by, or is under common control with a Party, provided such entity will be considered an Affiliate for only such time as such control interest is maintained; where “control” means the ownership of greater than fifty percent (50%) of (a) the voting power to elect directors of the company, or (b) the ownership interests in the company.

“Anomaly Determinations” or “AD(s)” means the analysis, context, or determinations made by the Service as a result of processing Customer Data, which may incorporate Threat Intelligence and other proprietary Abnormal information.

“Confidential Information” means information disclosed by or on behalf of one Party (as discloser) to the other Party (as recipient) under this Agreement, in any form, which: (a) the discloser identifies to recipient as “confidential” or “proprietary”; or (b) should be reasonably understood as confidential or proprietary due to its nature and the circumstances of its disclosure. Without limiting the foregoing: (a) Abnormal’s Confidential Information includes the Service, ADs, any technical, pricing or performance information about the Service, the terms and conditions of this Agreement, and any information conveyed to Customer in connection with Support; (b) Customer’s Confidential Information includes Customer Data, Inputs, and Customer Materials; and (c) Output is considered Confidential Information of both Parties.

“Customer Data” means information, including Personal Data (as defined in the DPA), processed by Abnormal via the Service and while providing Support.

“Customer Materials” means materials and resources that Customer makes available to Abnormal in connection with Technical Services.

“Data Processing Addendum” or “DPA” means the Data Processing Addendum available at legal.abnormalsecurity.com.

“Documentation” means the Abnormal standard technical guides, policies, and documentation for the Service, including all additions and modifications made by Abnormal from time to time, that are made available from the dedicated ‘Documentation’ pages within the Service or on the dedicated ‘Customer Support’ pages of the Abnormal managed website.

“Force Majeure” means an unforeseen event beyond a Party’s reasonable control, such as a strike, blockade, war, pandemic, act of terrorism, riot, third-party Internet, telecommunications or utility failure, acts or orders of government, refusal of government license or natural disaster, where the affected Party takes reasonable and customary measures to avoid or mitigate such event’s effects.

“GenAI Feature(s)” means the Service features used by Customer that utilize large language models (LLMs) to curate Outputs for Customer in response to Inputs.

“Information Security Policy” or “ISP” means the Information Security Policy available at legal.abnormalsecurity.com.

“Input(s)” means Customer Data in the form of prompts, queries, or pre-configured context, conditions, or triggers that are provided, input, or otherwise processed with any GenAI Features.

“Order” means an order for Customer’s access to the Service, Support, or Technical Services or related services that is: (a) either executed by the Parties and references this Agreement or entered into by Customer via self-service; or (b) entered into by Abnormal and a Channel Partner on behalf of Customer.

“Output(s)” means content that is curated by the GenAI Features, which may incorporate ADs, Threat Intelligence, or other general security information.

“Product Specific Terms” means any terms and conditions specific to an applicable Service that supplement, but do not replace, this Agreement and are available at legal.abnormalsecurity.com.

“Service” means Abnormal’s proprietary software-as-a-service products, including its artificial intelligence and machine learning based detection and operational engine, GenAI Features, ADs, and, as identified in the relevant Order, including any modifications, updates, upgrades, and enhancements thereto that Abnormal makes generally available to its customer base. The Service includes the Documentation but not Technical Services or Third-Party Products.

“Service Operations Data” means Abnormal’s technical logs, analytics or other data and learnings related to Customer’s use of the Service, but excluding Customer Data.

“Service Level Agreement” or “SLA” means the Support and Service Level Policy available at legal.abnormalsecurity.com.

“Subscription Term” means the term for Customer’s use of the Service as set forth on the applicable Order. 

“Support” means the customer support services set out on: (a) the dedicated ‘Customer Support’ page of the Abnormal website, and (b) the SLA; but excluding any Technical Services.

“Technical Services” means training, migration, enablement or other technical services that Abnormal furnishes to Customer related to the Service.

“Threat Intelligence” means information collected, generated, derived, and/or analyzed by the Service that is related to malicious activities, fraud, loss, threat or other harm detection and analysis identified by the Service such as a third-party malicious actor’s IP address, email address, name, and hashes of malware. 

“Third-Party Product” means any product, add-on or platform not provided by Abnormal that Customer uses with the Service.

“Trials and Betas” mean access to the Service (or Service features) on a free, trial, beta or early access basis.

“Users” means individuals or entities that are authorized by Customer to use the Service under its account and on its behalf.