Adaptive Master Subscription Agreement

THIS MASTER SUBSCRIPTION AGREEMENT (“Agreement”) IS BETWEEN TEAMGUARD AI INC., DOING BUSINESS AS ADAPTIVE, (“Adaptive”), AND THE ENTITY IDENTIFIED AS THE CUSTOMER (“Customer”) IN THE ADAPTIVE ORDER FORM (“Order Form”). THIS AGREEMENT GOVERNS CUSTOMER’S USE OF THE SERVICE (DEFINED BELOW).

IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF CUSTOMER, THEN YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THIS AGREEMENT.  IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THIS AGREEMENT, THEN YOU MUST NOT ACCEPT THIS AGREEMENT.

1.   Scope of Agreement; Certain Definitions.  This Agreement governs Adaptive’s provision of access to its software-as-a-service product known as Adaptive (“Platform” or "Service") and to Customer and its Authorized Users (defined below).  For the purposes of this Agreement, the terms "Platform" and "Service" shall be used interchangeably. As used herein, the term “Authorized User” means any person or affiliate of Customer for whom Customer has created an account to access and use the Platform through the functionality available on Adaptive’s website located at https://www.adapativesecurity.com (which may include employees, contractors, or third-party service providers). Customer grants Adaptive permission for Adaptive to make modifications on its and its Authorized Users’ accounts on their behalf in accordance with any specific instructions by Customer or its Authorized Users. The Service that Adaptive is to provide to Customer is described in one or more Order Forms.  This Agreement hereby incorporates by reference any such Order Form.  In the event of any conflict or inconsistency between the terms of any Order Form and the body of this Agreement, the Order Form will control solely to the extent of the conflict or inconsistency.

2.   Proprietary Rights.

a. License to Service.  Subject to the terms and conditions of this Agreement, Adaptive hereby grants to Customer during the Term (defined below) a non-exclusive, non-transferable (except pursuant to Section 11(c) (Assignment) below) and non-sublicensable license to allow the Authorized Users to access and use the Service solely for providing the Service to their employees and contractors. In the course of using the Platform, Customer and Authorized Users may upload content to be processed by the Platform in accordance with Customer’s instructions (“Input”), and receive output generated and returned by the Platform using that Input (“Output”).  Customer is solely responsible for its Inputs, its Outputs, and its use thereof, and should review any Output prior to its use and exercise its own business and legal judgment as to its suitability for use.  

b. Restrictions.  Customer and Authorized Users may not: (i) copy, modify, translate, or create derivative works of the Platform; (ii) reverse engineer, decompile, disassemble or otherwise attempt to reconstruct, identify or discover any source code, underlying ideas, underlying user interface techniques, or algorithms of the Platform; (iii) lend, lease, offer for sale, sell or otherwise use the Service for the benefit of any third party or provide any third party except for Authorized Users with access to the Service; (iv) attempt to disrupt the integrity or performance of the Platform; (v) attempt to gain unauthorized access to the Platform or its related systems or networks; (vi) use the Service in a manner that violates this Agreement, any third-party rights or any applicable laws, or rules or regulations; or (vii) access the Service to build a competitive product or services or copy any ideas, features, functions, or graphics of the Service.  Customer acknowledges and agrees that it is responsible for the use or misuse of the Service by Authorized Users. Any action taken or breach of this Agreement by an Authorized User will be deemed an action taken or a breach of this Agreement by Customer.  Without limiting the foregoing, Customer is responsible for the proper care and use of Customer’s and Authorized Users’ access credentials and responsible for any actions resulting from the use of Customer’s or its Authorized Users’ access credentials.
‍
c. Adaptive Ownership of Service.  Except for the rights granted to Customer in Section 2(a) (License to Service) above, as between the parties, Adaptive retains all right, title and interest, including all intellectual property rights, in and to the Service, the Adaptive Works (defined below) and data regarding use of the Service and the Platform’s performance that is aggregated and de-identified such that it cannot identify Customer, any third-party entity, or any natural persons (“Diagnostic Data”).  All rights that Adaptive does not expressly grant to Customer in this Agreement are hereby reserved.  Adaptive does not grant any implied licenses under this Agreement.

d. Employee Data.  As between the parties, Customer owns all Employee Data (defined below).  Customer hereby grants to Adaptive a non-exclusive and non-transferable (except pursuant to Section 11(c) (Assignment) below) license to host, copy, process and transmit the data, information and other materials transmitted to or through the Platform by Customer or Authorized Users (except for Diagnostic Data and Feedback (defined below)) (collectively, “Employee Data”) solely to provide and improve the Service.  For the sake of clarity Employee Data may include but is not limited to the following data: Employee (as defined below) telephone numbers, Employee email addresses, Employee legal name, and Employee role in the Customer organization.  

e. Feedback.  From time to time, Customer may make available to Adaptive, directly or indirectly, feedback, analysis, suggestions and/or comments related to the Service (collectively, “Feedback”). Customer hereby grants to Adaptive a perpetual and irrevocable right to use such Feedback to provide and improve the Service without any compensation or credit to Customer.

f. Suspension.  Adaptive reserves the right to suspend, terminate or limit Customer’s and/or Authorized Users’ access to the Service and restrict, disable or quarantine any of employee data if Adaptive determines, in its reasonable discretion, that (i) the Service is being used by Customer, or its Authorized Users, in violation of this Agreement  (ii) the Service is being used by Customer in an unauthorized or fraudulent manner; (iii) Adaptive has not received any amount due under this Agreement within fifteen (15) days after it was due.

g. Training and Support.  Adaptive may provide commercially reasonable training and support in connection with the Service, in its sole discretion.  Any such training or support may be available via email to support@adaptivesecurity.com. Adaptive will respond to requests for training or support only from the Authorized Users.

3.   Professional Services.  Subject to the terms and conditions of this Agreement, Adaptive will provide any Professional Services as directed by Customer and identified in any Order Form.  Adaptive may develop software or other works of authorship, trade secrets, inventions or other intellectual property in performing the Professional Services (collectively, “Adaptive Works”).  Subject to timely payment of the applicable Fees (defined in Section 5 (Fees) below), Adaptive hereby grants to Customer a non-exclusive, non-transferable (except under Section 11(c) (Assignment) below), non-sublicensable, royalty-free and worldwide right and license during the Term only to use any portion of the Adaptive Works that is incorporated into the Service solely as necessary to use the Service in accordance with this Agreement.  No part of the Platform or Professional Services shall be considered work-for-hire, and any work-for-hire shall be explicitly designated using the term “work-for-hire” within the applicable Order Form specific to such work-for-hire.  Customer will reasonably cooperate with Adaptive in the provision of Professional Services.  Customer shall remain solely responsible for its use of the Service.  

4.   Free Trial.
a. In General.  Adaptive may make the Service available to Customer for evaluation purposes free of charge until the earlier of (i) the end of the free trial period as stated on the Order Form; (ii) the start of any purchased access to the Service through an Order Form; or (iii) termination by Adaptive in Adaptive’s sole discretion (the “Trial Period”).

b. No Warranty During Trial Period.  Notwithstanding Section 8 (Representations and Warranties), during the Trial Period the Service is offered “as is,” AND Adaptive MAKES NO PROMISES, REPRESENTATIONS OR WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, WITH RESPECT TO THE SERVICE, AND Adaptive HEREBY DISCLAIMS ALL IMPLIED WARRANTIES WITH RESPECT TO THE SERVICE, INCLUDING, WITHOUT LIMITATION, THE WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE, AS WELL AS ANY LOCAL JURISDICTIONAL ANALOGUES TO THE FOREGOING.

c. No Indemnification During Trial Period.  Notwithstanding Section 10 (Indemnification), during the Trial Period, Section 10(b) (Indemnification by Adaptive) shall not apply.
‍
5.   Fees.

a. Fees.  Customer will pay Adaptive the fees set forth in the Order Form (“Fees”).  All Fees will be due and payable upon receipt of the applicable invoice issued by Adaptive.  All Fees are non-cancellable and non-refundable.  Late Fee payments will accrue interest at the rate of one and a half percent (1.5%) of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower, from the date such payment was due until the date paid.  If Customer’s unpaid invoices are referred to an attorney or collections agency, Customer shall pay all reasonable costs of collections, including attorney’s fees or collections agency fees actually incurred by Adaptive. All Fees shall be payable in USD unless agreed separately in an Order Form.

b. Taxes.  The Fees do not include any taxes, levies, duties or similar governmental assessments of any nature, including, for example, value-added, sales, use or withholding taxes, assessable by any applicable taxing authorities (collectively, “Taxes”).  Customer is responsible for paying all Taxes associated with the rights and benefits it receives under this Agreement.  If Customer is compelled to make any deduction of Taxes, it will pay to Adaptive such additional amounts as are necessary to ensure receipt by Adaptive of the full amount that Adaptive would have received but for the deduction.  If Adaptive has the legal obligation to pay or collect Taxes for which Customer is responsible under this Section 5(b), then Adaptive will invoice Customer and Customer will pay that amount unless Customer provides Adaptive with a valid tax exemption certificate authorized by the appropriate taxing authority.  For clarity, Adaptive is solely responsible for Taxes assessable against Adaptive based on its net income, property and employees.
‍
6.   Confidential Information.

a. Definition of Confidential Information.  As used herein, “Confidential Information” means all confidential information disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”) that is marked in writing as “confidential” or by a similar designation or that otherwise should be considered confidential information based on the nature of the information and circumstances of disclosure.  For clarity, Adaptive’s Confidential Information also includes pricing, the non-public parts of the Service, its user interface, design and layout, and any related non-public specifications, documentation or technical information that Adaptive provides to Customer and/or Authorized Users.  Confidential Information will not include any information that (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party; (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party; (iii) is received from a third party without breach of any obligation owed to the Disclosing Party; or (iv) was independently developed by the Receiving Party.

b. Protection of Confidential Information.  The Receiving Party will use the same degree of care to protect the Disclosing Party’s Confidential Information that it uses to protect the confidentiality of its own confidential information of like kind (but in no event less than reasonable care). The Receiving Party may use Confidential Information of the Disclosing Party only to perform its obligations or exercise its rights under this Agreement.  Except as expressly authorized by the Disclosing Party in writing, the Receiving Party will limit access to Confidential Information of the Disclosing Party to those of its and its affiliates’ employees, contractors or agents who need such access to perform obligations under this Agreement and who are bound to terms as least as restrictive as those in this Agreement. Neither party will disclose the terms of this Agreement to any third party (other than its affiliates, legal counsel or accountants) without the other party’s prior written consent.
c. Compelled Disclosure.  The Receiving Party may disclose Confidential Information of the Disclosing Party if it is compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party’s cost, if the Disclosing Party wishes to contest the disclosure.

7.   Term and Termination.
a. Term.  This Agreement will commence on the date that Customer first enters into an Order Form and continue until all Order Forms have expired or are terminated according to their terms (the “Term”).

b. Termination.  Either party may terminate this Agreement upon thirty (30) days’ prior written notice if the other party is in material breach of this Agreement and the breaching party fails to remedy the breach within such thirty (30) day notice period.

c. Effect of Termination.  Upon expiration or termination of this Agreement for any reason, the licenses granted to Customer in Section 2(a) (License to Service) and Section 3 (Professional Services) will automatically terminate and all Fees owed pursuant to Section 5 (Fees) will become immediately due and payable. Any usage by Customer of the Service specified in an Order Form beyond the expiration or termination of such Order Form shall be (i) paid for by Customer at Adaptive’s standard monthly fees for such Service and (ii) subject to the terms of this Agreement. Any such continued Service after expiration of an Order Form shall not affect Adaptive’s right to discontinue or terminate the Service at any time post-expiration.
‍
d. Survival.  The provisions of Sections 2(b) (Restrictions), 2(c) (Adaptive Ownership of Service), 2(d) (employee data), 2(e) (Feedback), 2(f) (Suspension), 4(b) (No Warranty During Trial Period), 4(c) (No Indemnification During Trial Period), 5 (Fees), 6 (Confidential Information), 7(c) (Effect of Termination), 7(d) (Survival), 8 (Representations and Warranties), 9 (Limitations on Liability), 10 (Indemnification), 11 (Miscellaneous) and all defined terms used in those Sections will survive any expiration or termination of this Agreement.

8.   Representations and Warranties.

a. Mutual.  Each party represents and warrants that: (i) it is duly organized, validly existing and in good standing under the laws and regulations of its jurisdiction of incorporation, organization or chartering; (ii) it has the right, power and authority to enter into this Agreement and to grant the rights and licenses granted hereunder and to perform all of its obligations hereunder; (iii) the execution of this Agreement has been duly authorized by all necessary corporate or organizational action of the party; and (iv) when executed and delivered by both parties, this Agreement will constitute the legal, valid and binding obligation of such party, enforceable against such party in accordance with its terms.

b. Adaptive.  Adaptive represents and warrants that it will use commercially reasonable efforts to make the Service available at all times during the Term, except for planned downtime and any unavailability caused by force majeure circumstances (e.g., fires, floods, acts of God, acts of government, civil unrest, service provider failures or delays, denial of service attacks, cellular network provider problems or failures, or similar events).
c. Customer.  Customer represents and warrants that it owns or otherwise has sufficient rights to the employee data to grant the license set forth in Section 2(d) (employee data).

d. EXCEPT FOR THE REPRESENTATIONS AND WARRANTIES SET FORTH UNDER THIS SECTION 8, Adaptive MAKES NO PROMISES, REPRESENTATIONS OR WARRANTIES WHATSOEVER, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE AND Adaptive HEREBY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE, AS WELL AS ANY LOCAL JURISDICTIONAL ANALOGUES TO THE FOREGOING.  

9.   Limitations on Liability.  TO THE FULLEST EXTENT PERMITTED UNDER APPLICABLE LAW, EXCEPT FOR INDEMNITY OBLIGATIONS ARISING UNDER SECTION 10 (INDEMNIFICATION) AND CUSTOMER’S PAYMENT OBLIGATIONS UNDER SECTION 5 (FEES), (I) IN NO EVENT WILL EITHER PARTY’S TOTAL LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE FEES THAT CUSTOMER HAS PAID TO Adaptive DURING THE TERM; AND (II) IN NO EVENT WILL EITHER PARTY HAVE ANY LIABILITY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT (INCLUDING, WITHOUT LIMITATION, FOR LOST PROFITS, DATA OR OTHER BUSINESS OPPORTUNITIES), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER FOR BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE.  THESE LIMITATIONS WILL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.  THE PARTIES AGREE THAT THE FOREGOING LIMITATIONS REPRESENT A REASONABLE ALLOCATION OF RISK UNDER THIS AGREEMENT.  This Section 9 will not apply to any actual or alleged infringement by Customer or any Authorized User of Adaptive’s intellectual property or other proprietary rights.

10.   Indemnification.

a. Customer.  If a third party asserts a claim or any proceeding, investigation or inquiry is initiated by a regulator (each, a “Third-Party Claim”) against Adaptive, its affiliates or any of their respective affiliates, officers, employees or contractors (each, a “Adaptive Released Party”) arising out of or in connection with any (ii) breach by Customer of Customer’s representations or warranties contained herein, including Section 8(c) (Representations and Warranties of Customer); (iii) employee data uploaded or transmitted to or through the Service or generated by the Service by Customer or an Authorized User, Customer will indemnify and defend each Adaptive Released Party from the Third-Party Claim and hold such parties harmless from all penalties, losses, liabilities, costs and expenses, including, but not limited to, reasonable attorneys’ fees, consultants’ fees, court costs, and damages finally awarded or costs of settlements entered into with respect to the Third-Party Claim.  This Section 10(a) states Customer’s entire and sole liability for Third-Party Claims.

b.     Adaptive.  If a Third-Party Claim is asserted against Customer or any of its affiliates, officers, employees or contractors (each, a “Customer Released Party”) alleging that the Platform infringes such third party’s patent rights, then Adaptive will indemnify and defend the Customer Released Party from the Third-Party Claim and hold such party harmless from any damages finally awarded or costs of settlements entered into with respect to the Third-Party Claim.  Notwithstanding the foregoing sentences of this Section 10(b), Adaptive will have no liability for a Third-Party Claim to the extent it arises out of or results from (A) any breach of this Agreement by Customer or any Authorized User; (B) any modification, alteration or addition made to the Platform by Customer or any Authorized User, including any combination of the Platform with software not provided by Adaptive; or (C) any employee data. This Section 10(b) states Adaptive’s entire and sole liability with respect to Third-Party Claims.

c. Procedures.  The party seeking indemnity under this Section 10 (“Indemnified Party”) will provide the other party (“Indemnifying Party”) with prompt written notice of any claim for which the Indemnified Party seeks an indemnity, provided that failure to provide such notice will not relieve Indemnifying Party of its obligations hereunder, except to the extent that Indemnifying Party was materially prejudiced by such failure. The Indemnifying Party shall, at its own expense, defend the Indemnified Party using legal counsel reasonably acceptable to the Indemnified Party. The Indemnified Party will reasonably cooperate in the defense of any such claim, at the Indemnifying Party’s sole expense.  The Indemnifying Party will have the sole authority to settle a claim, provided that it may not settle any claim against the Indemnified Party without the Indemnified Party’s prior express written consent, which may not be unreasonably withheld, conditioned or delayed, unless such settlement consists solely of monetary damages for which the Indemnifying Party is responsible hereunder. The Indemnified Party may participate in the defense of a claim through counsel of its own choice at its own expense; provided, however, that if the Indemnified Party reasonably determines that the Indemnifying Party is unwilling or unable to defend the Indemnified Party’s interests, then the Indemnified Party may assume the defense against any claims at the Indemnifying Party’s sole expense.  

11.   Miscellaneous.

a.      Third-Party Interactions.  Customer’s use of any third-party products, packages or services that are not provided by Adaptive which link to the Service, or which are enabled in conjunction with the Service (“Third-Party Interactions”) shall be at Customer’s choice and sole discretion.  To the extent Customer decides to use Third-Party Interactions, Customer’s access and use of such Third-Party Interactions shall be governed solely by the terms and conditions of such Third-Party Interactions as between Customer and the third party.  In the event Customer enables, installs, connects, or provides access to any Third-Party Interactions for use with the Service, Customer (i) permits the transmission of employee data to such Third-Party Interactions at Customer’s direction; (ii) permits such Third-Party Interactions to access the employee data at Customer’s direction; and (iii) will provide notice to Adaptive of any transmission of employee data and provide notice to Adaptive of the identity of such third party (unless notice is provided in connection with an API call). Adaptive does not license, support, control, endorse or otherwise make any representations or warranties regarding any Third-Party Interactions, notwithstanding that Adaptive may have identified such Third-Party Interaction that Customer subsequently decided to use, and notwithstanding that Customer has directed Adaptive to implement or configure such Third-Party Interactions on Customer’s behalf.

b.     Injunctive Relief.  Customer agrees that any violation or threatened violation of this Agreement may cause irreparable injury to Adaptive, entitling Adaptive to seek injunctive relief in addition to all legal remedies.
‍
c.     Assignment.  This Agreement binds and is for the benefit of the successors and permitted assigns of each party. Neither party may assign this Agreement or any rights under it, in whole or in part, without the other party’s prior written consent; provided that either party may assign this Agreement or any rights under it without prior written consent to a successor in connection with a merger, acquisition, reorganization, consolidation, or sale of all or substantially all of its assets or the business to which this Agreement relates.  Any attempt to assign this Agreement other than as permitted above will be void.

d.     Export Regulations.  Without limiting Section 2(b)(vi) (Restrictions), Customer agrees to comply with all applicable export and re-export control laws and regulations, including trade and economic sanctions maintained by the Treasury Department’s Office of Foreign Assets Control. Specifically, Customer covenants that it will not directly or indirectly sell, export, re-export, transfer, divert, or otherwise dispose of any products, service, or technology (including products derived from or based on such technology) received from Adaptive under this Agreement to any destination, entity, or person prohibited by the laws or regulations of the United States, without obtaining prior authorization from the competent government authorities as required by those laws and regulations.

e.     Severability.  If any provision of this Agreement is held by a court of competent jurisdiction to be unenforceable, then the remaining provisions of this Agreement will remain in full force and effect.

f.     Governing Law; Jurisdiction.  This Agreement will be governed by and construed under the laws of the State of New York without reference to its conflict of laws principles. All disputes arising out of or related to this Agreement will be subject to the exclusive jurisdiction of the state and federal courts located in New York, New York, and the parties agree to waive all rights to challenge the foregoing.  

g.     Entire Agreement; Amendments; Waivers.  This Agreement, including any related Order Form(s), embodies the entire agreement between the parties with respect to the subject matter set forth herein and supersedes any previous, or contemporaneous communications, whether oral or written, express or implied. The terms of any Customer-generated purchase order or any terms presented in connection with any vendor management tool (e.g., vendor payment portal) will be void and shall have no legal effect. Adaptive may amend this Agreement from time to time by posting an amended version at its website and sending Customer written notice thereof. Such amendment will be deemed accepted by Customer and become effective 30 days after such notice (the “Proposed Amendment Date”), unless Customer first gives Adaptive written notice of objection to the amendment. In case of such objection, this Agreement will continue under the provisions in effect prior to the amendment, and the amendment will become effective at the start of Customer’s next renewal following the Proposed Amendment Date (unless Customer provides notice of non-renewal). Customer’s continued use of the Service following the effective date of an amendment will confirm Customer’s consent thereto. This Agreement may not be modified or amended in any other way except by a writing signed by both parties. All waivers made under this Agreement must be made in writing by the party making the waiver.

h.     Notices.  Any notice required or permitted to be given under this Agreement will be effective if it is (i) in writing and sent by certified or registered mail, or insured courier, return receipt requested, to the appropriate party at the address set forth in the Order Form and with the appropriate postage affixed; or (ii) sent via electronic mail to legal@adaptivesecurity.com in the case of Adaptive and to the address or email provided in the Order Form, in the case of Customer.  Either party may change its address for receipt of notice by notice to the other party in accordance with this section.  Notices are deemed given two (2) business days following the date of mailing, one (1) business day following delivery to a courier, or on the same day an electronic mail is sent to the recipient.

i.     Marketing.  Adaptive may use Customer’s name and logo in both print and electronic media to identify Customer as an Adaptive customer.  If Customer in its reasonable discretion determines that Adaptive’s use under this section is derogatory, defamatory or detrimental to Customer’s business or reputation, then Customer may revoke the rights granted to Adaptive in this section upon providing written notice to Adaptive.

j. Adaptive Simulated Cybersecurity Incident Authorization: Customer grants Adaptive the right to use Adaptive's software and services to conduct simulated cybersecurity incidents targeting Customer's employees as part of the subscription services. These simulations may include impersonations of company personnel, external individuals, or other strategic methods designed to test and improve the Customer’s cybersecurity readiness.

k. Customer Responsibilities and Compliance

Customer acknowledges and agrees that it is solely responsible for managing and administering the Service, including ensuring compliance with all applicable laws, regulations, and industry standards. This responsibility extends to all features and functionality provided by the Service, including but not limited to simulated cybersecurity attack campaigns or other training activities conducted through the Service.

Adaptive disclaims any liability for Customer’s failure to comply with such obligations, and Customer agrees to indemnify, defend, and hold harmless Adaptive, its affiliates, and their respective officers, employees, and agents from any claims, damages, or expenses (including reasonable attorneys’ fees) arising out of or related to Customer’s non-compliance.

12.   Data Protection.

a.     Personal Information.  To the extent employee data includes Personal Information (defined below), and unless otherwise agreed to, Adaptive shall retain, use, and disclose such Personal Information for the sole purposes specified in this Agreement.  As used herein, “Personal Information” means “personal information,” “personally identifiable information,” “personal data,” or other such similar terms as used by laws and regulations that are applicable to the processing of Personal Information by Adaptive on Customer’s behalf under the Agreement (“Data Protection Laws”), including but not limited to the California Consumer Privacy Act of 2018 (Cal. Civ. Code § 1798.100 – 1798.199, 2018) (“CCPA”).  For the avoidance of doubt, Adaptive is a “service provider” as that term is defined in the CCPA.  Adaptive will not “sell” or “share” (as defined in the CCPA) any Personal Information, use or disclose Customer’s Personal Information outside the business relationship with Customer, or combine Customer’s Personal Information with any personal information Adaptive receives from any other source, except as permitted by applicable Data Protection Laws.  Customer has the right to take reasonable and appropriate steps to ensure that Adaptive uses Personal Information in a manner consistent with the Customer’s obligations under applicable law, and to stop and remediate Adaptive’s unauthorized use of Personal Information. Adaptive will notify Customer if it makes a determination that it can no longer meet its obligations under applicable laws.  Adaptive hereby certifies that it understands and shall comply with the restrictions set forth in this Agreement.  

b.     Security.  Adaptive shall maintain commercially reasonable administrative, technical and physical safeguards that are (i) appropriate to the nature of Personal Information that it processes on behalf of Customer and (ii) designed to protect the security, confidentiality and integrity of employee data. In the event of any unauthorized acquisition, alteration, or disclosure of Customer’s Personal Information that requires notification to an individual, government or regulatory body, or law enforcement authority under Data Protection Laws, Adaptive shall notify Customer promptly and without undue delay.
c.     Sub-Processors.  Customer hereby authorizes Adaptive to engage third-party entities to process (as that term is defined by Data Protection Laws) Personal Information on behalf of and as specifically directed by Adaptive pursuant to a written contract that includes obligations that are at least as protective as those set out in this Section 12 and as required by Data Protection Laws.