Hypori | End-User License Agreement

CUSTOMER ACKNOWLEDGES AND AGREES THAT THE PRODUCTS MAY COLLECT, PROCESS, MONITOR, AND TRANSMIT TECHNICAL, DIAGNOSTIC, SECURITY, USAGE, AND TELEMETRY DATA AS DESCRIBED IN THIS AGREEMENT, THE PRIVACY POLICY, AND APPLICABLE PRODUCT DOCUMENTATION.

TO THE MAXIMUM EXTENT PERMITTED BY LAW, CUSTOMER CONSENTS TO SUCH COLLECTION, PROCESSING, MONITORING, AND TRANSMISSION, INCLUDING FOR PURPOSES OF SECURITY, PRODUCT FUNCTIONALITY, SUPPORT, ANALYTICS, FRAUD PREVENTION, COMPLIANCE, AND SERVICE IMPROVEMENT.

YOU ACKNOWLEDGE THAT THIS AGREEMENT CONTAINS PROVISIONS RELATING TO YOUR AUTHORIZATION FOR LIMITED USE OF CUSTOMER TRADEMARKS AND LOGOS FOR MARKETING REFERENCE PURPOSES.

Notwithstanding the foregoing, if Customer is a U.S. Government entity, any modification to this Agreement must be made through a bilateral written modification executed by an authorized Contracting Officer. Hypori may not unilaterally modify terms applicable to U.S. Government Customers. This Agreement is subject to applicable federal procurement law, including FAR 12.212, FAR 52.212-4, DFARS 227.7202, and the Contract Disputes Act, solely to the extent Customer is a U.S. Government entity.

Acceptance. By accessing or using the Hypori Products, Customer agrees to be bound by this Agreement without the need for a handwritten or electronic signature.

Updates. Hypori may update this Agreement from time to time by posting a revised version at www.hypori.com/legal. Continued use after the effective date constitutes acceptance.

Electronic Communications. By using the Products, Customer consents to receive communications from Hypori electronically. Electronic communications satisfy any legal requirement that notices be in writing, consistent with the E-SIGN Act (15 U.S.C. § 7001 et seq.) and UETA as adopted in Virginia.

Eligibility and Sanctions. Customer represents that it is not located in, organized under the laws of, or subject to sanctions in any jurisdiction subject to comprehensive U.S. government sanctions, and that it is not identified on any U.S. government restricted party list including the OFAC SDN (Office of Foreign Assets Control, Specially Designated Nationals) List, the BIS (Bureau of Industry and Security) Entity List, or the State Department Debarred Parties List. Hypori reserves the right to terminate access immediately upon discovery that this representation is inaccurate. The Products are available only in jurisdictions where their use is lawful.

Consumer Rights. Nothing in this Agreement limits any rights Customer may have under applicable consumer protection laws that cannot be waived by contract.

Accessibility. If Customer requires this Agreement or the Products in an alternative accessible format, contact [email protected].

1. Definitions

1.1 “Affiliate” means with respect to a party, any entity which directly or indirectly controls, is controlled by, or is under common control with such party, where “control” means the power, directly or indirectly, to direct, or to cause the direction of, the management and policies of an entity, through majority ownership of voting securities or equity interests.

1.2 “Agreement” means this End User License Agreement and any other documents incorporated by reference, including an Order.

1.3 “Authorized Reseller” means Hypori’s authorized resellers and distributors.

1.4 “Authorized User” means Customer’s employees, agents, contractors, consultants, or other third parties permitted under the applicable Product specific terms, and who have agreed in writing to be bound by terms at least as protective of Company as those in this Agreement.

1.5 “Cloud Service Offering” or “CSO” means the Hypori cloud-based secure workspace services provided to customers under this Agreement, excluding corporate websites, marketing platforms, or other non-product services.

1.6 “CMMC” means the Cybersecurity Maturity Model Certification. This is a cybersecurity standard applicable to contractors and subcontractors in the DoD supply chain.

1.7 “Company” or “Hypori” means Hypori, Inc., or its Affiliate, that delivers the Products pursuant to an Order.

1.8 “Confidential Information” means any non-public information disclosed by either party, whether or not marked as confidential, including the Products, Materials, Customer Content, business information, technical information, security information, pricing, product plans, and individual contact information provided by either party. Confidential Information does not include information that: (a) becomes publicly available without breach of this Agreement; (b) was lawfully known to the receiving party without restriction prior to disclosure; (c) is lawfully received from a third party without breach of any confidentiality obligation; or (d) is independently developed without use of the disclosing party’s Confidential Information. Hypori may use aggregated and anonymized operational, telemetry, reliability, and performance data derived from Customer’s use of the Products solely for product improvement, security, analytics, service reliability, and capacity planning purposes, provided such data does not identify Customer, expose Customer Content, or publicly disclose Customer-specific performance results.

1.9 “Consulting Services” means installation, configuration, training or other professional services performed by Company pursuant to or in connection with an Order.

1.10 “CUI” means controlled unclassified information.

1.11 “Customer” means the legal entity or individual that places one or more Orders for Products from Company or an Authorized Reseller.

1.12 “Customer Content” means data, content, or information submitted to, accessed through, or processed within the Hypori Cloud Service Offering by or on behalf of Customer, including enterprise applications and enterprise communications.

1.13 “Deployment Model” means the specific configuration in which the Products are delivered to Customer, as specified in the applicable Order, including: (a) Hypori Commercial Cloud; (b) Hypori Government Cloud; (c) Hypori Private On-Premise, including deployments within on-premise data centers and customer-controlled private cloud environments; (d) Hypori Lyte, including Lyte for Secure Messaging, Lyte for Enterprise Browser, and Lyte for Applications, each as a lightweight SaaS deployment whose applicable compliance certifications may differ from Hypori Mobile and Hypori Government Cloud — Hypori Secure Messaging is also available as an integrated feature within Hypori Mobile under deployment models (a), (b), and (c) above; and (e) such other deployment options as Hypori may make available from time to time.

1.14 “Documentation” means material provided with a Product, as updated by Company from time to time, describing how to use that Product.

1.15 “Error” means a reproducible material failure of the Software, Cloud Service Offering, or Hardware, when used in accordance with the Documentation, to perform substantially in conformity with its applicable functional specifications, as confirmed by Hypori following notice from Customer.

1.16 “Extraordinary Corporate Event” means a corporate transaction which results in Customer divesting business operations and related assets to another or new entity, or acquiring, being acquired by, merged, or otherwise combined with another entity or into another entity’s legal or corporate structure (including an acquisition of all or substantially all of the assets of another entity) which, prior to the corporate transaction, was not part of the Customer or its legal or corporate structure.

1.17 “Fees” means all fees and/or payments stated in an Order applicable to the Products.

1.18 “Hardware” means the Hypori-provided physical appliances or devices, if any, supplied solely as part of the Hypori Private On-Premise Deployment Model or as otherwise expressly specified in an applicable Order, to enable delivery and operation of Hypori Software and services within a Customer-owned or Customer-controlled environment. Hardware does not include Customer-owned infrastructure, general-purpose computing equipment, or Third-Party hardware not expressly provided by Hypori. Title, risk of loss, and return obligations applicable to Hardware are set forth in Section 4.2 (Delivery). Use, security, and configuration requirements applicable to Hardware are set forth in Section 3.6 (Hardware).

1.19 “Hypori Commercial Cloud” means the standard deployment of the Hypori Products designed for commercial use cases and operated in accordance with industry-standard security practices and independent Third-Party assurance, including SOC 2 Type II, and not typically designated as a DoD–specific or federal-authorized deployment.

1.20 “Hypori Government Cloud” means an environment that is explicitly designed to meet the cybersecurity requirements defined under FedRAMP High.

1.21 “Hypori Private On-Premise” means a deployment model in which Hypori provides Hardware and Software as specified in the applicable Order to deliver Hypori services and functionality within infrastructure that is owned or controlled by Customer, including on-premise data centers and customer-controlled private cloud environments. In this model, Hypori services and Customer Content are processed within Customer-controlled infrastructure, except for telemetry, licensing, update, and support communications as described in this Agreement.

1.22 “Licensed Entitlement” means the quantity, scope, or capacity of Products, Subscriptions, Virtual Workspaces, or other usage rights authorized under an Order. Where multiple Orders apply, Entitlements are cumulative unless otherwise specified.

1.23 “Maintenance” means Company’s provision of technical support services and Updates associated with the Products purchased in an Order.

1.24 “Materials” means any tangible or intangible information, design, specification, instruction, project deliverable, or data (and any modifications, adaptations, derivative works, or enhancements thereof) created or developed by Company during the performance of Consulting Services that embodies, reflects, or is derived from Company’s proprietary configuration or implementation methodologies, processes, or know-how, as applied to Customer’s use of the Products. Materials exclude Customer Content and, where an applicable Master Subscription Agreement is in effect between the parties, Deliverables as defined therein.

1.25 “Order” means an ordering document, quote, order form, or similar instrument issued by Hypori or an Authorized Reseller and accepted by Hypori, or, for U.S. Government Customers and enterprise customers with established procurement processes, a purchase order or similar instrument issued by Customer and accepted by Hypori or an Authorized Reseller, provided that any terms in such Customer-issued document that conflict with or add to this Agreement shall not apply unless expressly agreed in writing by authorized representatives of both parties. An Order specifies Customer’s purchase of or Subscription to the applicable Products, Services, Hardware, or Consulting Services, including the applicable Deployment Model, Term, fees, and any associated terms, as expressly agreed. In the event of any inconsistency, the Order governs the commercial details of the transaction, while this Agreement governs the general terms applicable to all Products and Services.

1.26 “Personal Data” means information relating to an identified or identifiable natural person processed by Company on Customer’s behalf in connection with the Products.

1.27 “Products” means the Hypori Secure Workspace Ecosystem, including all software products and services made available to Customer under this Agreement, which includes without limitation: (a) Hypori Mobile, the full virtual mobile infrastructure workspace; (b) Hypori Lyte, including Hypori Lyte for Enterprise Browser and Hypori Lyte for Applications; (c) Hypori Secure Messaging, accessible as a standalone product (Hypori Lyte for Secure Messaging), as an integrated feature within Hypori Mobile, or as otherwise specified in an applicable Order; and (d) any future products, features, or services that Hypori makes available to Customer under an applicable Order.

1.28 “Software” means Hypori’s proprietary software and any third-party software components provided by Hypori and used solely as part of the applicable Deployment Model or Products, whether hosted by Hypori or deployed within a Customer environment. Open-source software components included within the Software are governed by their applicable open-source licenses.

1.29 “Subscription” means the time-limited right, as specified in an Order, to access and use the applicable Hypori Products in accordance with this Agreement, including the right to receive Maintenance during the applicable Term in accordance with Section 3.7 (Support and Maintenance), and Updates if and as made generally available by Hypori. Where the applicable Deployment Model includes Hardware, the Subscription also includes the right to possess and use such Hardware solely for the purpose of accessing and operating the Products during the Term, subject to Section 4.2 (Delivery).

1.30 “Term” means the duration for which the Customer is entitled to use the Products as stated in an Order.

1.31 “Third Party” means any person other than Customer, the Authorized Users, or Hypori, including without limitation, any subcontractor, independent contractor, affiliate, or service provider of Licensee.

1.32 “Updates” means any corrections, bug fixes, features, or functions removed from or added to the Software or Cloud Service Offering (if/when made generally available) by Company under Maintenance.

1.33 “Virtual Workspace” means a dedicated, logically isolated, secure workspace instance provisioned within the applicable Deployment Model—whether cloud-hosted by Hypori or deployed within Customer-controlled on-premises infrastructure—that provides authorized access to enterprise applications, data, and resources. A Virtual Workspace within Hypori Mobile operates using a pixel streaming architecture in which only encrypted screen images are transmitted to the end-user device and no Customer Content or enterprise data is stored on or processed on the physical device. A Virtual Workspace is associated with a single Hypori account and is counted against the Licensed Entitlements specified in the applicable Order. A Virtual Workspace may be accessed by one or more Authorized Users, subject to Customer configuration, authentication requirements, and applicable security controls. A Virtual Workspace may be assigned to an individual user, role, function, or use case, provided that each such assignment counts as one Licensed Entitlement unless otherwise specified in the applicable Order. This definition applies to Hypori Mobile deployments. Hypori Lyte products provide lightweight, mission-focused access that does not constitute a full Virtual Workspace — Licensed Entitlements for Hypori Lyte deployments are governed by the applicable Order. Hypori Secure Messaging, whether deployed as part of Hypori Mobile or as Hypori Lyte for Secure Messaging, also uses pixel streaming to display messages and files on the end-user device without storing message content on the device, while retaining messages and attachments within Hypori’s secure cloud infrastructure on behalf of Customer as described in Section 8.7 (Telemetry, User Interaction Data, and Interception Compliance). The data delivery architecture applicable to Hypori Lyte for Enterprise Browser and Hypori Lyte for Applications is described in the applicable Order and product documentation.

2. Hypori Commercial Cloud vs. Hypori Government Cloud

2.1 Hypori Commercial Cloud. Hypori Commercial Cloud is designed for commercial use cases and is subject to Hypori’s standard security controls and processes, which are independently assessed through Third-Party audits, including SOC 2 Type II.

2.2 Hypori Government Cloud. If Hypori’s Product is accessed or used within a Government Cloud / FedRAMP High environment, Authorized Users acknowledge that:

2.2.1 The Product is hosted, managed, and maintained to meet FedRAMP High security standards for the protection of CUI as required for CUI handling under Customer’s CMMC program.

2.2.2 Unauthorized Use of Hypori Government Cloud resulting in compromise of CUI or Federal Contract Information (FCI) data protections will be reported to Customer’s organization, results in termination of access, and may result in referral to appropriate legal authorities.

Where Customer is a U.S. Government agency or contractor handling CUI, the parties acknowledge that applicable security obligations may include DFARS 252.204-7012, NIST SP 800-171, FedRAMP High baselines, and related federal cybersecurity requirements.

2.3 Differences in Data Handling and Security.

2.3.1 Hypori Commercial Cloud. Hypori Commercial Cloud is designed for commercial use cases and is subject to Hypori’s standard security controls and processes, which are independently assessed through Third-Party audits and certifications. Current certifications include SOC 2 Type II, NIAP Common Criteria, FIPS validation, NSA CSfC, and HIPAA compliance. Current certification status and audit reports are available upon request at [email protected].

2.3.2 Hypori Government Cloud. Hypori Government Cloud is built on AWS GovCloud and operates under Hypori’s FedRAMP High Authorization to Operate, granted March 31, 2025. All security controls have been assessed and tested by a FedRAMP-recognized Third Party Assessment Organization (3PAO) in accordance with FedRAMP High baseline requirements for the protection of CUI and Federal Contract Information (FCI). Hypori Government Cloud additionally holds DOD CC SRG IL4/IL5 Provisional Authorization through 2028, NIAP Common Criteria certification, and NSA CSfC compliance. Current authorization status is verifiable at https://marketplace.fedramp.gov. Hypori will maintain its FedRAMP High Authorization throughout any active Government Cloud Subscription Term.

2.4 Access and Eligibility.

2.4.1 Government Cloud Access Requirements. Accessing Hypori Government Cloud is restricted and available only to Customers that meet the applicable eligibility and compliance requirements for such environment, including the terms of Hypori’s FedRAMP High Authorization to Operate and any applicable agency Authority to Operate issued to Customer. Customer is responsible for ensuring that its Authorized Users satisfy the requirements of Customer’s applicable security programs and policies, including CMMC requirements, where applicable. Access to Hypori Government Cloud may be conditioned on additional validation, attestations, or certifications required by Hypori, including written confirmation from Customer-designated security personnel that Authorized Users are authorized to access systems subject to the applicable compliance requirements. Access to Hypori Government Cloud at DOD CC SRG Impact Level 5 is restricted to DoW Mission Owners and their authorized contractors.

(a) Eligibility Requirements. Where required by applicable federal law, Customer’s security program, or applicable compliance framework, access to the Hypori Government Cloud may be restricted to individuals who satisfy applicable U.S. Person, citizenship, or security clearance requirements imposed by such framework or Customer’s agency or organization. For Hypori Government Cloud environments operating at DOD CC SRG Impact Level 5, access is further restricted to DoW Mission Owners and their authorized contractors and personnel, consistent with the DoW Security Requirements Guide. For FedRAMP High environments, eligibility requirements are determined by Customer’s agency or organization in accordance with applicable federal security policies, including FISMA, NIST SP 800-53, and any agency-specific requirements. Nothing in this provision obligates Hypori to independently assess or enforce the eligibility of Customer’s Authorized Users beyond the attestation requirements set forth in subsection (b) below.

(b) Access Revocation. Customer is responsible for ensuring that access to Hypori Government Cloud is promptly revoked for any Authorized User whose eligibility to access such environment is terminated or suspended for any reason, including loss of security clearance, termination of employment or contractor relationship, or failure to satisfy applicable U.S. Person or citizenship requirements. Customer shall maintain reasonable internal procedures to identify and act on eligibility changes affecting its Authorized Users and shall revoke access within five (5) business days of becoming aware of any such change.

2.4.2 Commercial Cloud Access. Access to Hypori Commercial Cloud is generally available to Authorized Users in jurisdictions where use of the Products is lawful, subject to this Agreement, applicable usage requirements, and any reasonable security or operational measures implemented by Hypori. Customer is responsible for ensuring that its Authorized Users are not subject to U.S. government sanctions or export restrictions that would prohibit their use of the Products.

3. Product Terms

3.1 Software. Unless otherwise stated in this Agreement or in the Order, Company grants Customer a limited, non-transferable, non-sublicensable, non-exclusive, worldwide license to install, run, access, and use the Licensed Entitlements of Software as listed in any Order during the Term solely for internal business purposes in accordance with an Order and any Documentation. For U.S. Government Customers, licenses are granted to the ordering agency and may be used by agency support service contractors acting within the scope of their contractual duties, consistent with FAR 52.227-19 and DFARS 227.7202.

3.2 Private On-Premise Deployments. For Hypori Private On-Premise deployments, including deployments within on-premise data centers and customer-controlled private cloud environments, the foregoing license includes the right to install and operate the Software within Customer-controlled infrastructure solely as part of the applicable Deployment Model specified in the Order and subject to the Hardware and deployment terms in Section 3.6 (Hardware).

3.3 Hypori Cloud Service Offering. Unless otherwise stated in this Agreement or in any Order, Company grants Customer a limited, non-transferable, non-sublicensable, non-exclusive, worldwide license to access and use the Licensed Entitlements of Cloud Service Offerings during the Term solely for internal business purposes in accordance with the Order and any Documentation. For Hypori Private On-Premise deployments, Customer’s right to access and use the applicable Hypori services within Customer-controlled infrastructure is governed by the Software license in Section 3.1 (Software) and the Hardware terms in Section 3.6 (Hardware), in addition to this Section.

3.4 Hypori Lyte Deployments. For Hypori Lyte deployments, Customer acknowledges that Lyte for Secure Messaging, Lyte for Enterprise Browser, and Lyte for Applications are lightweight SaaS deployments that differ from the full Hypori Mobile virtual workspace in feature set, security configuration, data handling characteristics, and compliance certification status. The compliance certifications applicable to each Hypori Lyte product may differ from those applicable to Hypori Mobile and Hypori Government Cloud. Customer is solely responsible for determining whether any Hypori Lyte product meets Customer’s applicable regulatory, security, and compliance requirements before deployment, including any requirements arising under FedRAMP, DOD CC SRG, CMMC, or other applicable federal cybersecurity frameworks.

3.5 Hypori Secure Messaging. Where Customer has enabled Hypori Secure Messaging, whether as a standalone product (Hypori Lyte for Secure Messaging) or as an integrated feature within Hypori Mobile, the foregoing license includes the right to upload, store, transmit, and retrieve messages, files, and attachments through the Hypori Secure Messaging service solely for Customer’s internal business communication purposes. Storage of messages and attachments within Hypori’s secure cloud infrastructure occurs on Customer’s behalf and is subject to Customer’s retention and data governance policies as configured by Customer’s administrator, and to the data handling terms and the copyright compliance obligations in this Agreement.

3.6 Hardware. Hardware may be provided by Hypori as part of a specified Deployment Model, including Hypori Private On-Premise deployments, solely to enable delivery and operation of the applicable Hypori services and Software within Customer-controlled infrastructure. Upon termination or expiration of the applicable Order, Customer’s obligations with respect to return or destruction of Hardware are set forth in Section 4.2 (Hardware).

Any such Hardware is provided subject to this Agreement, applicable Hardware Documentation, and Company-specified use, security, and configuration requirements. Hardware Documentation is provided with the Hardware upon delivery and is available upon request at [email protected]. Hardware may not be used for any purpose other than operation of the applicable Hypori services and may not be transferred, modified, or repurposed except as expressly permitted in writing by Hypori. Customer shall maintain reasonable physical security controls for any Hardware in Customer’s possession consistent with Customer’s obligations under applicable security programs and the requirements specified in the applicable Hardware Documentation.

The applicable Deployment Model for each Subscription shall be specified in the Order.

3.7 Support and Maintenance. Hypori will provide support and maintenance for Hypori Products during the applicable Term and subject to a valid Subscription, in accordance with this Agreement and any applicable support or service descriptions. Support and maintenance may include access to Updates, enhancements, bug fixes, and security patches made generally available by Hypori as part of the applicable Deployment Model. Hypori does not guarantee the availability of any specific Update or release. Updates, enhancements, and features provided in preview, beta, alpha, or pre-release form are not subject to Maintenance obligations and are governed solely by Section 16 (Trials, Evaluations, and Proof Of Concept Use) of this Agreement.

For Hypori Private On-Premise deployments, Customer is responsible for installing Updates, security patches, and bug fixes within Customer-controlled infrastructure in a timely manner consistent with Customer’s applicable security programs and patch management obligations. Hypori’s security obligations under Section 8.1 (Software Security) do not extend to vulnerabilities arising from Customer’s failure to install available Updates in Private On-Premise environments.

For Hypori Government Cloud deployments, Hypori will implement security patches and Updates in accordance with the patch management requirements applicable to Hypori’s FedRAMP High Authorization to Operate, including timelines defined under applicable NIST SP 800-53 controls. Current patch management procedures are described in Hypori’s FedRAMP System Security Plan available to authorized agency customers upon request.

Hypori reserves the right to discontinue Updates and Maintenance for prior versions of the Products upon reasonable notice to Customer.

As part of its security program, Hypori performs vulnerability identification, management, and remediation activities consistent with applicable NIST standards, which may include deployment of security patches and configuration changes to address identified vulnerabilities. Hypori may modify or update features or functionality of the Products, provided such changes do not materially degrade the core functionality of the Products purchased under an active Order. Preview or beta features will not be used for production CUI workloads unless expressly authorized in writing by Hypori.

3.8 Systems. Customer is responsible for the selection, configuration, security, and ongoing management of any enterprise systems, applications, networks, or services that Customer connects to or integrates with the Hypori Products, including ensuring compliance with applicable laws, regulations, and Customer’s security programs (such as CMMC, DFARS, where applicable). Hypori will have no responsibility or liability under this Agreement for issues arising from Customer’s use of any Third-Party hardware, software, systems, or services that are not provided by Hypori under this Agreement.

3.9 Authorized Users.

3.9.1 License Assignment and Use. Only Authorized Users may access and use Hypori Products.

3.9.2 Licensing Metrics. Licensing metrics are based on the quantities specified in the applicable Order, which may include named users, Virtual Workspaces, concurrent sessions, device-based access, or other usage metrics designated by Hypori. Customer may not exceed the Licensed Entitlements specified in the applicable Order.

3.9.3 Hypori Commercial Cloud Deployment Model. Under the Hypori Commercial Cloud Deployment Model, Hypori Products are licensed on a per–account and per-Virtual Workspace basis. Each Subscription is associated with a single Hypori account and a single Virtual Workspace. Subject to Customer configuration and applicable security controls, multiple Authorized Users may be permitted to access the same Virtual Workspace, provided that each such individual is authenticated, authorized, and logged in accordance with this Agreement and Customer policies. A Virtual Workspace may be assigned to a specific function, role, or end use case, rather than to a single individual user.

3.9.4 Hypori Private On-Premise Deployment Model. Under Hypori’s Private On-Premise Deployment Model, each Licensed Entitlement that Customer purchases, Customer may activate and use Hypori within Customer-owned or Customer-controlled infrastructure up to the number of Licensed Entitlements specified in the applicable Order, where each Licensed Entitlement corresponds to one Virtual Workspace or other usage metric designated by Hypori in the Order.

3.9.5 Hypori Government Cloud Deployment Model. Under the Hypori Government Cloud Deployment Model, Hypori Products are licensed on a per-Virtual Workspace basis. Licensed Entitlements for Government Cloud deployments may only be assigned to Authorized Users who satisfy the applicable eligibility requirements, including U.S. Person status and any applicable DoW Mission Owner restrictions for IL5 environments. Customer may not assign Government Cloud Licensed Entitlements to users who do not meet the applicable eligibility requirements.

3.9.6 Hypori Lyte and Hypori Secure Messaging. Licensing metrics for Hypori Lyte deployments and Hypori Secure Messaging may differ from those applicable to Hypori Mobile. Customer may not use Hypori Lyte or Hypori Secure Messaging in excess of the Licensed Entitlements specified in the applicable Order.

3.9.7 Authorized User Compliance. Customer is responsible for ensuring that its Authorized Users comply with this Agreement and applicable Customer policies, including with respect to the access, use, and handling of Customer data. Any actions by such Authorized Users that would constitute a breach of this Agreement if performed by Customer shall be deemed a breach of this Agreement by Customer.

3.9.8 No Dependency on Future Functionality. Customer acknowledges that its decision to enter into this Agreement or any Order is not contingent upon the delivery of any future functionality or features, nor dependent upon any oral or written statements, roadmaps, or public communications by Hypori regarding future functionality or features, other than functionality or features expressly committed to in a signed Order or Statement of Work.

3.9.9 Contractor and Service Provider Access. Customer may permit its contractors, support service providers, system integrators, and managed service providers to access and use the Products solely in support of Customer’s internal business operations, provided such parties access the Products solely through Customer’s Licensed Entitlements and comply with confidentiality, security, and use restrictions no less protective than those set forth in this Agreement. For U.S. Government Customers, such use may include support service contractors acting within the scope of their contractual duties consistent with FAR 52.227-19 and DFARS 227.7202.

3.10 Limitations on Use. Customer’s use of the Products is also subject to Hypori’s Acceptable Use Policy (“AUP”), available at www.hypori.com/legal, which is incorporated into this Agreement by reference. In the event of conflict between this Section and the AUP, this Agreement governs. Except to the extent permitted by applicable law, Customer shall not, directly or indirectly (i) copy, reproduce, modify, translate, adapt, or create derivative works of the Hypori Products or any portion thereof; (ii) access or use any Hypori Products other than those expressly authorized under an applicable Order; (iii) rent, lease, lend, sell, sublicense, assign, distribute, publish, transfer, or otherwise make the Hypori Products or any rights granted under this Agreement available to any Third Party; (iv) reverse engineer, decompile, disassemble, or otherwise attempt to derive source code, underlying ideas, algorithms, file formats, or non-public APIs of the Hypori Products, except to the extent expressly permitted by applicable law; (v) use any embedded or bundled component of the Hypori Products on a standalone basis, where such component is provided solely to enable the functionality of the Products; (vi) use the Hypori Products in combination with any Third-Party software or service except as expressly permitted in the Documentation; (vii) use the Hypori Products in a manner that causes them to become subject to any Third-Party license obligations; (viii) market, offer to sell, resell, or commercially exploit the Hypori Products; (ix) use the Hypori Products for competitive benchmarking, competitive analysis, or for the purpose of developing, offering, or supporting a competing product or service; (x) circumvent or attempt to circumvent any technical, usage, or security restrictions implemented in the Hypori Products; (xi) use the Hypori Products in a manner inconsistent with this Agreement; (xii) encourage or assist any Third Party to engage in any of the foregoing; (xiii) use the Products in violation of applicable electronic communications, surveillance, interception, privacy, or monitoring laws.

Nothing in this Section restricts Customer’s ability to perform security testing, evaluation, or assessment required by applicable federal cybersecurity programs or agency authorization processes.

3.11 Open-Source Software. Products may include Open-Source Software components licensed under applicable open-source licenses. To the extent required by such licenses, the terms of the applicable open-source licenses shall govern Customer’s use of those components. If Customer does not agree to the applicable open-source license terms, Customer may not use the affected components or Products.

3.12 Extraordinary Corporate Event. During the applicable Subscription Term, Customer’s Licensed Entitlements do not automatically extend to any users, entities, or divisions added, acquired, or otherwise brought within Customer’s organization as a result of an Extraordinary Corporate Event. Any such users, entities, or divisions must be expressly added to an applicable Order executed by authorized representatives of both parties before they may access or use the Products. In the event of a divestiture or reduction in Customer’s organization, Customer remains responsible for all fees under active Orders for the remainder of the then-current Term, and no refunds or credits shall be issued.

3.13 Increased Scope. During any Subscription Term, Customer may increase its Licensed Entitlements for the Hypori Products by submitting an additional Order. Any increase in scope, capacity, or usage rights will be subject to additional fees as specified in the applicable Order, and such Licensed Entitlements will be coterminous with the then-current Subscription Term unless otherwise agreed in writing.

4. Orders and Delivery

4.1 Orders. Customer may purchase Subscriptions and related Products by submitting an Order to Hypori or an authorized Hypori reseller, as applicable. The ordering process may require Orders to be submitted through an authorized reseller or directly to Hypori, as specified by Hypori. All Orders are subject to acceptance by Hypori.

4.2 Delivery. Upon acceptance of an applicable Order, Hypori will make the Cloud Service Offering available to Customer electronically in accordance with the applicable Deployment Model. Customer’s access to and use of the Products constitutes acceptance of the Products. If Hardware is provided as part of an Order, title to such Hardware will pass to Customer upon delivery to the designated shipping location, unless otherwise specified in the applicable Order. Notwithstanding the foregoing, in the event of termination or expiration of an Order or this Agreement under which Hardware was provided as part of a Hypori Private On-Premise Deployment Model, Customer shall, within 30 days of the effective date of termination, either (i) return the Hardware to Hypori at Hypori’s expense and in its original or equivalent condition, reasonable wear and tear excepted, or (ii) if return is not practicable, certify in writing that the Hardware has been securely decommissioned and rendered inoperable in accordance with Hypori’s written instructions. Title to Hardware provided under a Hypori Private On-Premise deployment shall remain with Hypori unless otherwise expressly stated in the applicable Order.

4.3 U.S. Government Customers. For U.S. Government Customers, acceptance of Orders shall be subject to applicable federal procurement processes and authorized contracting officer approval.

5. Financial Terms

5.1 Payment Terms. Customer is responsible for all Fees and Taxes on Orders, if any. In the event a purchase is direct with Company, Customer shall pay Company net 30 days from the date of the invoice. All purchases are final, with no right to a refund or set off, except as expressly provided in this Agreement. Company may charge Customer an additional one and a half percent (1.5%) per month (or such lower amount as required by applicable law) for all Fees that are not paid on time. Company reserves the right to suspend or terminate delivery of any Product, or any portion thereof, if Customer fails to cure non-payment within ten (10) days of written notice from Company that payment is overdue. For U.S. Government Customers, payment terms shall be governed by the Prompt Payment Act (31 U.S.C. § 3901 et seq.) and applicable implementing regulations.

5.2 Multiyear Subscriptions. If Customer purchases a multi-year Subscription for any Product the purchase is for the full value stated in the Order and is non-cancellable during the Term stated in the Order. For U.S. Government Customers, financial obligations are subject to availability of appropriated funds and applicable fiscal law requirements, including the Anti-Deficiency Act. Nothing in this Agreement shall be construed to obligate Customer more than available appropriations or to require indemnification inconsistent with the Anti-Deficiency Act.

5.3 Purchases Made Through a Reseller. If Customer purchases Hypori Products through an Authorized Reseller, then the payment terms and associated payment obligations in this Section do not apply. Instead, Customer payment terms and obligations with the Reseller shall apply. Hypori may suspend or terminate Customer’s rights to use Hypori Products if Hypori does not receive the corresponding payment from the Authorized Reseller.

5.4 Refund Policy. Unless otherwise provided by law or expressly set forth in this Agreement, all purchases are final and non-refundable. If Customer believes that Company has charged Customer in error, Customer must notify Company in writing within 90 days of such charge. No refunds will be issued for charges more than 90 days old. Company reserves the right to issue refunds or credits at its sole discretion on a case-by-case basis, and the issuance of any refund or credit shall not obligate Company to issue any future refund or credit in similar circumstances. This refund policy does not affect any statutory rights that may apply. Notwithstanding the foregoing, U.S. Government Customers retain all rights available under FAR Part 49 regarding termination for convenience, including entitlement to equitable adjustment for unused prepaid subscription amounts.

6. Intellectual Property

6.1 Company Proprietary Rights. The Products are licensed and not sold. Subject to Section 6.3 (Open-Source Software), Company and its Affiliates own, or have license rights to, all intellectual property rights in Software, Cloud Service Offerings, Materials, Documentation, and all derivatives thereof (collectively “Protected Materials”) and Company trademarks (“Company Marks”), which are protected by applicable patent, copyright, trademark and trade secret laws. Except as expressly stated in this Agreement, Customer receives no other rights to use any of Company’s Protected Materials or Company Marks. Except for the limited license use rights expressly granted in this Agreement, Customer has no right, title, or interest in or to the Protected Materials, Products, or Company Marks, or any intellectual property rights related thereto. In no event may Customer alter or delete any proprietary notices on Protected Materials. If Customer is the U.S. Government, the Software and Documentation are “commercial computer software” and “commercial computer software documentation” as defined in FAR 2.101 and DFARS 252.227-7014 and are provided with only those rights specified in FAR 52.227-19 and DFARS 227.7202.

6.2 Customer Proprietary Rights. Customer Content and Personal Data is and remains the property of Customer; except for a limited, non-exclusive, worldwide license to Company to provide any services or otherwise fulfill its obligations under this Agreement.

6.3 Open-Source Software. Certain Products include Open-Source Software that is governed by the open-source license(s) indicated as applicable to the code as listed in Documentation or provided via any other source of media. “Open-Source Software” means Third Party software distributed by Company under an open-source licensing model.

6.4 Feedback. Customer grants Company a worldwide, royalty-free, transferable, sublicensable, and perpetual license to use, modify, publish, and distribute any information, comments, suggestions, possible improvements, or other feedback provided by Customer with respect to Products or Company’s business practices (“Feedback”) as well as to make, have made, distribute, sell, offer to sell, display, perform, and otherwise exploit products and services that use such Feedback for any purpose without restriction.

6.5 Customer Trademark and Logo Usage Consent. By entering into this Agreement, you grant Hypori a limited, non-exclusive, non-transferable, and revocable license, for the duration of the Subscription Term, to use and display your company’s name and logo (“Marks”) on Company’s website, marketing materials, investor communications, and other promotional materials solely to identify you as a customer and to illustrate the industries Hypori serves. All goodwill arising from such use will inure exclusively to your benefit. Hypori agrees to (i) comply with any written trademark usage guidelines you provide; (ii) not alter, modify, or use your Marks in a manner that could harm your reputation or brand without your prior written consent; and (iii) cease all use of your Marks within thirty (30) days of your written request to withdraw consent. You may withdraw your authorization at any time by providing written notice to [email protected], and such withdrawal will not affect prior authorized uses.

If you purchase the Hypori Products through an authorized reseller or distributor, the reseller shall provide you with notice of this Agreement and its Customer Trademark and Logo Usage Consent provision before or at the time of provisioning the Products. The reseller is authorized to communicate and flow down Hypori’s applicable terms to you in connection with your access to and use of the Products. Your access to or continued use of the Products after receiving such notice constitutes your acceptance of the applicable terms, to the extent permitted by law.

6.6 U.S. Government Customers. For U.S. Government Customers, the Products, including Software and Documentation, are provided as “commercial computer software” and “commercial computer software documentation” as defined in FAR 2.101 and DFARS 252.227-7014. Consistent with FAR 12.212 and DFARS 227.7202, the Government acquires only those rights expressly granted in this Agreement. If a Government authority determines that the Products do not qualify as commercial computer software, Government rights shall be limited to the minimum rights required under applicable federal law.

6.7 Renewal Terms. Subscriptions may renew for successive renewal terms upon mutual written agreement of the parties or as expressly stated in the applicable Order. Hypori will provide Customer with written notice of any pricing changes applicable to a renewal term at least 30 days prior to the applicable renewal date. Renewal terms and applicable pricing will be governed by the applicable Order or mutually agreed renewal documentation. Cancellation or non-renewal of a Subscription does not entitle Customer to a refund of fees already paid for the then-current Subscription Term.

7. Confidentiality

7.1 Non-Disclosure. Neither party shall disclose Confidential Information to any Third Party (other than an Affiliate or to an Authorized Reseller) without the disclosing party’s prior consent. Confidential Information may only be disclosed to recipients that need to know such information (including but not limited to Customer’s employees, agents, directors, consultants, financial advisors and attorneys, collectively “Representatives”), and on the condition that such recipients are bound by a written agreement to protect information with terms at least as protective as this Agreement. Confidential Information remains the sole property of the disclosing party; except for rights explicitly granted in this Agreement, the receiving party does not acquire any rights to such Confidential Information.

7.2 Representative Compliance. Receiving Party remains responsible for compliance by its Representatives with the terms of this Section.

7.3 Measures. Each party shall take at least those measures that it takes to protect its own highly confidential/proprietary information.

7.4 Exclusions. The duty to protect Confidential Information does not apply to information that is shown to be: (i) available to the public other than by a breach of a confidentiality obligation; (ii) rightfully received from a Third Party not in breach of a confidentiality obligation; (iii) independently developed by one party without use of the Confidential Information of the other; (iv) known to the recipient at the time of disclosure (other than under a separate confidentiality obligation); (v) produced in compliance with applicable law or court order, provided the other party is given reasonable advance notice of the obligation to produce Confidential Information (to the extent legally permitted) and reasonable assistance, at the disclosing party’s cost, if the disclosing party wishes to contest the disclosure. Where a party is required to provide Confidential Information pursuant to any court order, such party shall disclose only that portion of the Confidential Information that it is legally required to disclose.

7.5 Remedies. Except as prohibited by local law, each party shall be responsible for damages to the extent permitted by applicable law. Money damages may not be a sufficient remedy for a breach of confidentiality. If either party breaches the confidentiality obligations, the non-breaching party may seek injunctive or other equitable relief without the necessity of posting a bond even if otherwise normally required. Such injunctive or equitable relief is in addition to all other rights and remedies available at law or in equity. For U.S. Government Customers, liability is limited to the extent authorized under the Contract Disputes Act and applicable federal law.

8. Security and Privacy

8.1 Software Security. Company develops and delivers Products, and provides Cloud Service Offerings, Maintenance, or Consulting Services, in accordance with Hypori’s written information security program, which is aligned to recognized industry standards, including NIST-based controls, appropriate to the deployment model selected by Customer, and is subject to independent third-party assessment, including SOC 2 Type II for commercial deployments and FedRAMP High authorization for Government Cloud deployments. Company’s security obligations apply to systems and components under Company’s control. Customer remains responsible for configuration, access controls, endpoint security, identity management, and data governance within Customer-controlled environments.

8.2 Data Security. For Cloud Service Offerings, Maintenance, or Consulting Services that require Company to process Personal Data, Company shall (i) implement and maintain administrative, physical, and technical security controls consistent with applicable industry security standards, and (ii) process Personal Data on Customer’s behalf in accordance with Company’s Data Processing Addendum (“DPA”). The DPA is a separate document that is incorporated by reference into this Agreement and applies automatically to any processing of Personal Data by Company on Customer’s behalf in connection with the Products. In the event of any conflict between the DPA and this Agreement with respect to the processing of Personal Data, the DPA shall govern. Customer shall provide any notices, obtain any consents, or otherwise establish the legal basis necessary for Company to access and process Personal Data as specified in this Agreement.

8.3 DFARS Flow-Down. Where Customer is subject to DFARS 252.204-7012, Hypori agrees to implement and maintain security controls consistent with NIST SP 800-171 as applicable to the deployment model selected by Customer. Hypori remains responsible for performance of its subcontractors and sub processors supporting delivery of the Products in accordance with this Agreement. Hypori’s Cloud Service Offering is designed to support Customer compliance obligations applicable to Customer environments handling Controlled Unclassified Information (CUI), including DFARS 252.204-7012, where applicable. Customer remains responsible for determining whether the Products meet Customer’s regulatory requirements and for configuring the Products appropriately.

8.4 Incidents. In the event of a confirmed security incident affecting Customer Content in any Hypori deployment environment, including the Hypori Commercial Cloud and the Hypori Government Cloud, Hypori will notify Customer without undue delay, and in any event within 72 hours of Hypori’s confirmation of the incident, consistent with applicable incident reporting requirements, including DFARS 252.204-7012 where applicable to Government Cloud deployments. For purposes of this Section, “security incident” means unauthorized access to or disclosure of Customer Content within systems operated by Hypori. Hypori’s notification obligation is triggered upon confirmation of an incident and does not require Hypori to notify Customer of unconfirmed or potential incidents.

8.5 AI Training Restriction. Hypori will not use Customer Content to train or improve generalized artificial intelligence or machine learning models that are not exclusively dedicated to Customer’s use without Customer’s prior written consent. Nothing in this Section restricts Hypori from using aggregated and de-identified telemetry data solely for purposes of security, service reliability, capacity planning, abuse protection, or product improvement, provided such data does not identify Customer or expose Customer Content.

8.6 Compliance Cooperation. Upon reasonable written request, Hypori will provide information reasonably necessary to support Customer regulatory, authorization, or compliance requirements related to Customer’s use of the Products, including requirements arising under FedRAMP, CMMC, DFARS 252.204-7012, or similar frameworks. Such cooperation may include provision of security documentation, audit summaries, or responses to reasonable security questionnaires, subject to reasonable confidentiality and security controls protecting Hypori systems and other customers.

8.7 Telemetry, User Interaction Data, and Interception Compliance.

8.7.1 No-Pixel Disclosure and Architecture Representation. Hypori collects technical usage data (“Usage Data”) solely to operate, secure, and improve the Products. Usage Data does not include Customer Content or personally identifiable information beyond what is necessary to associate data with a Hypori account. Hypori does not deploy advertising pixels, session replay tools for marketing purposes, keystroke loggers, or cross-site trackers within the Products. Hypori’s Products are architected such that Usage Data flows directly to Hypori and is not simultaneously transmitted in real-time to independent third-party commercial platforms for those platforms’ own purposes. Hypori maintains agreements with any third-party service providers involved in the operation of the Products that prohibit such providers from using data received from the Products for independent commercial profiling, advertising, or behavioral tracking purposes. Hypori does not install or enable third-party pen registers, trap and trace devices, or real-time data interception tools within the Products for advertising, behavioral profiling, or marketing purposes.

8.7.2 Hypori Secure Messaging Carve Out. Notwithstanding the foregoing, Hypori Secure Messaging — whether deployed as part of Hypori Mobile or as Hypori Lyte for Secure Messaging — stores messages, attachments, and associated metadata within Hypori’s secure cloud infrastructure on behalf of Customer for the purpose of delivering the messaging service and supporting Customer’s audit, retention, and compliance requirements. Such storage occurs within Customer’s designated security boundary and is governed by Customer’s retention and data governance policies as configured by Customer’s administrator. Hypori does not use message content or attachments for its own commercial purposes. Files shared through Hypori Secure Messaging remain within the secure virtual workspace and are not downloaded to or stored on end-user devices. Messages and files are displayed to users via Hypori’s pixel streaming architecture and are not stored, cached, or processed on end-user devices.

8.7.3 Customer Responsibility and Indemnification. Customer is solely responsible for ensuring that any monitoring, analytics, or tracking tools Customer deploys within its environment comply with all applicable electronic communications interception laws — including ECPA (18 U.S.C. § 2510 et seq.), CFAA, applicable state wiretapping statutes, California Penal Code § 638.51, CCPA, and GDPR — and for obtaining all required consents from Authorized Users, including any consents specifically required under applicable pen register or trap and trace statutes. Customer warrants compliance and shall indemnify Hypori against third-party claims arising from Customer’s failure to comply, subject to Section 13 (Indemnification). Neither party shall use the Products to intercept the other party’s electronic communications without written authorization and all legally required consents.

8.7.4 Explicit Pen Register Consent. Customer expressly consents, on behalf of itself and its Authorized Users, to Hypori’s installation and use of any device, software, or process used to record or decode routing, addressing, signaling, or other dialing information associated with electronic communications transmitted to or from the Products, including any functionality that may constitute a “pen register” or “trap and trace device” as defined under 18 U.S.C. § 3127 or analogous state law, including California Penal Code § 638.50. This consent is given knowingly and voluntarily and is intended to satisfy the consent exception under 18 U.S.C. § 3121(b)(3) and California Penal Code § 638.51(b).

8.7.5 DMCA / Copyright. Hypori respects the intellectual property rights of others and expects Customer and its Authorized Users to do the same. In accordance with the Digital Millennium Copyright Act (17 U.S.C. § 512), Hypori has designated an agent to receive notifications of claimed copyright infringement occurring in connection with the Products. To submit a notice of claimed infringement, please provide Hypori’s designated copyright agent with a written notice containing: (i) a physical or electronic signature of a person authorized to act on behalf of the copyright owner; (ii) identification of the copyrighted work claimed to have been infringed; (iii) identification of the material claimed to be infringing and information sufficient to permit Hypori to locate it; (iv) your contact information including address, telephone number, and email address; (v) a statement that you have a good-faith belief that the use is not authorized by the copyright owner, its agent, or applicable law; and (vi) a statement made under penalty of perjury that the information in the notice is accurate and that you are authorized to act on behalf of the copyright owner. DMCA notices should be sent to: Hypori, Inc., Attn: DMCA Agent / Legal Department, 1801 Robert Fulton Drive, Ste 340, Reston, VA 20191, or by email to [email protected] with the subject line “DMCA Notice.” Hypori will terminate the access of Authorized Users who are determined to be repeat infringers of third-party intellectual property rights in appropriate circumstances, consistent with 17 U.S.C. § 512(i).

9. Service Availability

The availability of the Products may vary from time to time due to maintenance, Updates, service improvements, or factors outside Hypori’s reasonable control, and may differ by Deployment Model, region, or supported configuration. Hypori uses commercially reasonable efforts to make the Products available in accordance with this Agreement and service descriptions. Customer acknowledges that cloud-based services are subject to occasional interruptions or performance degradation. Except as expressly provided in any applicable Service Level Agreement or Order, Hypori shall not be liable for temporary unavailability or service interruptions. Any service levels applicable to U.S. Government Customers shall be defined in the applicable Order or Service Level Agreement and shall control in the event of conflict with this Agreement.

10. Updates to the Products

Hypori’s obligations and rights with respect to Updates, security patches, and product modifications are set forth in Section 3.7 (Support and Maintenance). As part of its security program, Hypori performs vulnerability identification, management, and remediation activities consistent with applicable NIST standards. Hypori may modify or update features or functionality of the Products, provided such changes do not materially degrade the core functionality of the Products purchased under an active Order. Preview or beta features will not be used for production CUI workloads unless expressly authorized in writing by Hypori. For preview, beta, alpha, and pre-release features, see Section 16 (Trials, Evaluations, and Proof of Concept Use).

11. Term and Termination

11.1 Term. This Agreement remains in effect until terminated. The Term for any Product starts on the start date stated in an Order and continues as indicated in the Order. Either party may terminate an Order for Consulting Services upon 30 days prior written notice to the other party. In the event of termination of a Consulting Services Order by Customer for any reason other than Hypori’s uncured material breach, Customer shall pay Hypori for all work performed and pre-approved expenses incurred through the effective date of termination, including any non-cancellable third-party costs committed by Hypori in connection with the applicable Order.

11.2 Termination for Cause. Either party may terminate this Agreement and/or any applicable Order if the other party breaches any of its material obligations in this Agreement and fails to cure such breach within 30 days of receipt of written notice from the non-breaching party. Either party may immediately terminate this Agreement if the other party becomes insolvent or bankrupt, liquidated or is dissolved, or ceases substantially all its business. Company may immediately terminate this Agreement if the Customer materially breaches Sections 3 (Product Terms), 6 (Intellectual Property), or 15 (Export Restriction and Compliance with Laws).

11.3 Termination for Convenience. Customer may choose to stop using the Hypori Products and terminate this Agreement (including all Orders) at any time for any reason upon 30 days’ written notice to Hypori, but upon any such termination (i) Customer is not entitled to a refund of any pre-paid fees and (ii) if Customer has not already paid all applicable fees for the then-current Term, any such fees that are outstanding will become due and payable within 30 days of the effective date of termination. Notwithstanding the foregoing, Customer may not terminate a multi-year Subscription Order prior to the end of the applicable Term pursuant to this Section without paying all fees remaining under such Order through the end of the Term. If Customer is a U.S. Government entity, termination for convenience shall be governed by FAR Part 49 and FAR 52.212-4(l), and Customer shall be entitled to equitable adjustment for prepaid unused subscription amounts.

11.4 Effect of Termination. Upon termination of an Order or this Agreement: (i) Customer will immediately discontinue all access and use of the Products; (ii) for Hypori Private On-Premise deployments, and subject to Company’s written request, Customer shall provide Company with a certification signed by an authorized Customer representative confirming that Customer has de-installed and destroyed all Software and Products deployed prior to termination; and (iii) Hypori shall provide Customer a reasonable period, not less than 30 days, to retrieve Customer Content in a commercially standard format. Upon written request prior to termination, Hypori will reasonably cooperate to support transition of Customer Content to Customer or a successor provider. Company shall have the right to invoice Customer, and Customer shall pay, for any use of the Products past the date of termination other than Customer’s access to download Customer Content.

Termination shall not relieve either party of liability arising from: breach of confidentiality obligations; intellectual property infringement; violation of applicable law; payment obligations accrued prior to termination; obligations that by nature survive termination; or claims arising under the Contract Disputes Act or other applicable federal procurement law. Termination does not limit either party from pursuing remedies available at law or in equity, including injunctive relief.

12. Warranties and Disclaimers

Except as expressly provided in this Section, the Products are provided subject to the warranties expressly stated herein. Nothing in this Agreement limits any warranty rights that may apply under applicable federal procurement law for U.S. Government Customers.

12.1 Software Warranty. Company warrants that for a period of 90 days from initial delivery of Software, the Software, as updated and used in accordance with the Documentation, will operate in all material respects in conformity with the functional specifications in the Documentation. For U.S. Government Customers, this warranty is provided consistent with FAR 52.212-4(o).

12.2 Virus Warranty. Hypori warrants that it will implement and maintain commercially reasonable technical measures designed to detect and prevent the introduction of viruses, malware, or other harmful code into the infrastructure of the Software as delivered to Customer. Hypori does not warrant that the Software or any component thereof will be entirely free of vulnerabilities or that all malicious code will be detected or prevented. Customer remains solely responsible for antivirus protection, endpoint security, and enterprise IT security controls within Customer’s environment.

12.3 Cloud Service Offerings Warranty. Company warrants that during the Term of a Cloud Service Offering, the Cloud Service Offering, when used in accordance with the Documentation, will operate in all material respects with the Documentation and consistent with commercially reasonable industry standards.

12.4 Hardware Warranty. Company warrants that for a period of one (1) year from delivery of Hardware, Hardware will be free from defects in material and workmanship in normal use, but does not cover any of the following: (i) improper installation, maintenance, adjustment, repair, or modification by Customer or a Third Party; (ii) misuse, neglect, or any other cause other than ordinary use, including without limitation, accidents or acts of God; (iii) improper environment, excessive or inadequate heating or air conditioning, electrical power failures, surges, water damage, or other irregularities; (iv) Third Party software or software drivers; or (v) damage during shipment.

12.5 Other Services Warranties. Company warrants that Maintenance and Consulting Services will be delivered using personnel with reasonable skill and care consistent with generally accepted industry standards but does not guarantee that every question or problem raised will be resolved or resolved in a certain amount of time.

12.6 Customer Content Warranties. Customer warrants that (i) it has the right to transmit Customer Content as part of the Hypori Cloud Service Offering or any other service that Company may provide in connection with delivering Products to Customer and (ii) Customer’s use of Cloud Services will not cause the transmission of spam, unsolicited messages, or infringing, offensive, threatening, or otherwise unlawful content that violates applicable law or the rights of Third Parties.

12.7 Warranty Remedy. If the Software or Cloud Service Offering does not perform as warranted during the applicable warranty period, Company shall use commercially reasonable efforts to correct Errors. Customer shall promptly notify Company in writing of its claim within the applicable warranty period. For U.S. Government Customers, remedies shall be interpreted consistent with FAR 52.212-4 and applicable federal law. Provided that such claim is determined by Company to be Company’s responsibility, as Customer’s exclusive remedy for any Software or Cloud Service Offering warranty claim, Company shall, within 30 days of its receipt of Customer’s written notice, (i) correct such Error; (ii) provide Customer with a plan reasonably acceptable to Customer for correcting the Error, or (iii) if neither (i) nor (ii) can be accomplished with reasonable commercial efforts from Company, then Company may terminate the license for the affected Product and issue Customer a prorated refund of the Fees paid for the affected Product. The preceding warranty cure constitutes Company’s entire liability and Customer’s exclusive remedy for Company’s breach of the warranties stated in this Section. Customer’s exclusive remedy for Company’s breach of the Maintenance and Consulting Services warranty is re-performance of the services. If the Hardware does not perform as warranted during the applicable warranty period, Company’s entire liability and Customer’s exclusive remedy (which is subject to Customer returning the Hardware to Company or its Authorized Reseller and confirming that such return is finalized) will be, at the sole option of Company and subject to applicable law, to replace the Hardware or to refund the purchase price paid for the Hardware and to terminate any Software licenses associated with the Hardware.

12.8 WARRANTY DISCLAIMER. EXCEPT AS EXPRESSLY PROVIDED IN THIS AGREEMENT, THE PRODUCTS, SOFTWARE, SERVICES, DOCUMENTATION, AND RELATED MATERIALS ARE PROVIDED “AS IS” AND “AS AVAILABLE.” TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, HYPORI DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, QUIET ENJOYMENT, ACCURACY OR THAT THE PRODUCTS WILL BE ERROR-FREE, UNINTERRUPTED, OR MEET CUSTOMER’S REQUIREMENTS. HYPORI DOES NOT WARRANT THAT THE PRODUCTS WILL DETECT, PREVENT, OR REMEDY ALL SECURITY INCIDENTS, MALICIOUS ACTIVITY, OR UNAUTHORIZED ACCESS. CUSTOMER ACKNOWLEDGES THAT NO SOFTWARE OR SECURITY TECHNOLOGY IS COMPLETELY SECURE AND THAT CUSTOMER IS RESPONSIBLE FOR IMPLEMENTING APPROPRIATE ADMINISTRATIVE, TECHNICAL, AND OPERATIONAL SAFEGUARDS BASED ON CUSTOMER’S PARTICULAR REQUIREMENTS AND RISK PROFILE. TO THE EXTENT AN IMPLIED WARRANTY CANNOT BE DISCLAIMED UNDER APPLICABLE LAW, SUCH WARRANTY IS LIMITED TO THE MINIMUM DURATION AND SCOPE REQUIRED BY LAW.

12.9 Warranty Exclusions. Company shall not be responsible for any claimed breach of warranty arising out of (i) modifications to Products made by Customer or any party other than Company, (ii) Customer’s failure to use any Updates or other corrected versions of Products made available by Company, (iii) Errors caused by customizations not stated in Documentation, (iv) any use of Products by Customer that is outside the operating procedures stated in the Documentation, (v) Company’s performance pursuant to Customer’s instructions during the delivery of Consulting Services.

12.10 Customer Compliance Warranty. Customer warrants that its deployment and use of the Products, including any monitoring, analytics, or tracking technologies Customer enables within its environment, complies with applicable privacy, communications, employment, and data protection laws, including providing any legally required notices and obtaining any legally required consents.

13. Indemnification

13.1 IP Indemnification. Company shall defend Customer against any Third-Party Infringement Claim. Further, Company will indemnify Customer from and against damages, costs, and fees reasonably incurred (including reasonable attorneys’ fees) that are attributable exclusively to such claim or action and which are assessed against Customer in a final judgment or settlement. Company’s obligation to defend, settle, or indemnify Customer are subject to: (i) Customer promptly notifying Company in writing of an Infringement Claim such that Company is not prejudiced by any delay of such notification; (ii) Company having sole control over the defense and any settlement of any Infringement Claim; and (iii) Customer providing reasonable assistance in the defense of the Infringement Claim. For the purposes of these terms, “Infringement Claim” means any claim, suit, or proceeding brought against Customer based on an allegation that the Product(s), as delivered by Company and excluding any Open-Source Software components whether or not embedded in a Product, infringes any patent or copyright, or violates any trade secret rights, of any Third Party.

13.2 Remedies. If Customer’s use of any of the Products is, or in Company’s opinion is likely to be, enjoined as a result of an Infringement Claim, Company shall, at its sole option and expense, either (i) procure for Customer the right to continue to use the Products as contemplated in an Order, or (ii) replace or modify the Products to make their use non-infringing without degradation in performance or a material reduction in functionality. If options (i) and (ii) are not reasonably available, Company may, in its sole discretion and upon written notice to Customer, terminate the affected Products and refund to Customer any prepaid, but unused, Fees for such affected Products.

13.3 Exclusions. Company shall have no indemnification obligations for (i) any damages based on Customer’s access to and/or use of the Products that occurs after Company provides Customer with notice to cease using a Product due to an Infringement Claim; (ii) an Infringement Claim based on any modification of the Products by Customer or at its direction that are not stated in Documentation; (iii) an Infringement Claim based on Customer’s combination of the Products with Third Party programs, services, data, hardware, or other materials that are not stated in Documentation; or (iv) any trademark or copyright infringement involving any marking or branding not applied by Company or involving any marking or branding applied at Customer’s request. THE FOREGOING STATES COMPANY’S SOLE LIABILITY AND CUSTOMER’S EXCLUSIVE REMEDY WITH RESPECT TO ANY INFRINGEMENT CLAIM HEREUNDER.

14. Limitation of Liability

14.1 LIABILITY LIMITATIONS AND EXCLUSIONS. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EACH PARTY’S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE PRODUCTS SHALL NOT EXCEED THE TOTAL FEES PAID OR PAYABLE BY CUSTOMER UNDER THE APPLICABLE ORDER DURING THE 12 MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM. FOR PRODUCTS PURCHASED THROUGH AN AUTHORIZED RESELLER, THE AMOUNTS PAID OR PAYABLE BY THE AUTHORIZED RESELLER TO HYPORI FOR CUSTOMER’S USE OF THE APPLICABLE PRODUCTS SHALL BE DEEMED AMOUNTS PAID OR PAYABLE BY CUSTOMER FOR PURPOSES OF CALCULATING LIABILITY LIMITATIONS UNDER THIS SECTION.

NOTWITHSTANDING THE FOREGOING, THE LIMITATIONS IN THIS SECTION DO NOT APPLY TO LIABILITY ARISING FROM:

(a) A PARTY’S GROSS NEGLIGENCE, WILLFUL MISCONDUCT, OR FRAUD;
(b) A CUSTOMER’S PAYMENT OBLIGATIONS;
(c) CUSTOMER’S VIOLATION OF THE LICENSE RESTRICTIONS IN SECTION 3 (PRODUCT TERMS); OR
(d) A PARTY’S INFRINGEMENT OR MISAPPROPRIATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER PARTY SHALL BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR FOR ANY LOSS OF PROFITS, REVENUE, BUSINESS, GOODWILL, DATA, OR BUSINESS INTERRUPTION, ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE PRODUCTS, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

FOR CLAIMS ARISING FROM CUSTOMER’S VIOLATION OF THE LICENSE RESTRICTIONS IN SECTION 3 (PRODUCT TERMS) OR CUSTOMER’S MISAPPROPRIATION OF HYPORI’S INTELLECTUAL PROPERTY RIGHTS, HYPORI MAY SEEK EQUITABLE RELIEF IN ADDITION TO ANY OTHER REMEDIES AVAILABLE AT LAW OR IN EQUITY.

THE LIMITATIONS IN THIS SECTION APPLY REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT, STRICT LIABILITY, STATUTE, OR OTHERWISE, AND EVEN IF A LIMITED REMEDY FAILS OF ITS ESSENTIAL PURPOSE.

14.2 EXCEPTIONS AND ENHANCED LIABILITY. THE EXCLUSIONS AND LIMITATIONS IN SECTION 14.1 DO NOT APPLY TO LIABILITY ARISING FROM GROSS NEGLIGENCE, WILLFUL MISCONDUCT, FRAUD, OR VIOLATIONS OF APPLICABLE LAW TO THE EXTENT SUCH LIMITATIONS ARE PROHIBITED BY APPLICABLE LAW. LIABILITY ARISING FROM A PARTY’S BREACH OF ITS CONFIDENTIALITY OBLIGATIONS SHALL NOT EXCEED TWO (2) TIMES THE TOTAL FEES PAID OR PAYABLE UNDER THE APPLICABLE ORDER DURING THE 12 MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM. NOTHING IN THIS AGREEMENT LIMITS CUSTOMER’S PAYMENT OBLIGATIONS FOR FEES OWED UNDER AN APPLICABLE ORDER.

14.3 U.S. Government Limitation. For U.S. Government Customers, all limitations of liability, disclaimers, exclusions of damages, indemnification obligations, and other liability-related provisions in this Agreement apply only to the extent permitted by applicable federal law and procurement regulations.

15. Export Restriction and Compliance with Laws

Customer acknowledges that the Products are subject to U.S., foreign, and international export controls and economic sanctions laws and regulations and shall comply with all such applicable laws and regulations, including, but not limited to, the U.S. Export Administration Regulations (“EAR”) and regulations promulgated by the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”). Customer specifically shall not, directly or indirectly, export, re-export, transfer, import, sell, lease, supply, or allow access to or use of the Products in or for embargoed or sanctioned countries/regions, by sanctioned or restricted persons, or for prohibited end-uses under U.S. law without authorization from the U.S. government. Hypori is responsible for its own export control classifications and licensing obligations, if any, applicable to the Products, and Customer is responsible for its use of the Products in compliance with applicable export control and sanctions laws. Customer may use the Products worldwide subject to applicable export laws.

16. Trials, Evaluations, and Proof Of Concept Use

16.1 Scope and Applicability

This Section governs all non-production, pre-commercial access to the Hypori Products, including trials, demonstrations, evaluations, proofs of concept, pilots, alpha and beta releases, and tech previews (each an “Evaluation Use”). The specific type of Evaluation Use and its applicable terms will be identified in the applicable Order or written agreement between the parties. Where no Order or written agreement specifies the type of Evaluation Use, the provisions of this Section apply in their entirety. In the event of conflict between this Section and a separately executed Evaluation agreement or Order, the Evaluation agreement or Order governs.

16.2 Trial and Demonstration Use

If a Product is made available for trial, demonstration, or self-service evaluation (“Trial”), Customer may use the Product for the Term stated in the applicable Order for internal evaluation purposes only. Trials are not for production use.

COMPANY PROVIDES TRIALS “AS IS” AND WITHOUT WARRANTY, MAINTENANCE, SUPPORT, OR INDEMNITIES. ANY CUSTOMER DATA PROVIDED IN CONNECTION WITH A TRIAL WILL BE PERMANENTLY LOST UNLESS CUSTOMER PURCHASES A SUBSCRIPTION TO THE SAME PRODUCT PRIOR TO EXPIRATION OR EXPORTS SUCH DATA BEFORE THE END OF THE TRIAL PERIOD. Hypori may suspend or terminate Trial access at any time upon notice to Customer.

16.3 Proof of Concept and Pilot Use

16.3.1 Scope. Hypori may make certain Products available on a proof of concept or pilot basis (“POC”) as specified in a written POC agreement or Order executed by both parties. A POC is a collaborative, time-limited engagement in which Hypori and Customer work together to validate the technical and operational fit of the Products for Customer’s specific use case. A POC differs from a Trial in that it typically involves Hypori personnel performing configuration, integration, or demonstration activities and may involve Customer’s actual or representative operational environment.

16.3.2 Governing Terms. POC use is governed by this Agreement and any additional terms in the applicable POC agreement or Order. Consulting Services performed by Hypori personnel during a POC are subject to the Consulting Services provisions of this Agreement and any applicable SOW or Order.

16.3.3 As-Is Provision. Products provided during a POC are provided “AS IS” without warranty, service level commitments, Maintenance, or indemnities, except as expressly stated in the applicable POC agreement or Order. Hypori has no obligation to provide Updates, bug fixes, or support during the POC period beyond commercially reasonable efforts.

16.3.4 Data Handling. Customer is responsible for determining whether the POC environment is appropriate for the data it intends to use, including compliance with all applicable security, regulatory, and data protection requirements. Customer shall not use production data, CUI, PII, or other regulated data during a POC unless expressly authorized in writing by Hypori and appropriate security controls are confirmed to be in place. Customer Content used during a POC remains Customer’s property. Hypori will provide Customer with a reasonable opportunity, not less than 30 days following conclusion of the POC, to retrieve Customer Content in a commercially standard format.

16.3.5 No Commitment. Participation in a POC does not obligate either party to enter into a production Subscription or any further agreement. Hypori makes no representations, warranties, or commitments regarding the availability, features, pricing, or timeline of any production offering during or following a POC.

16.3.6 Termination. Either party may terminate a POC upon 15 days written notice. Hypori may terminate a POC immediately and without notice if Customer uses the POC environment for production workloads, processes regulated data without authorization or otherwise violates this Agreement. Upon termination or expiration, Customer shall immediately cease use of the Products provided under the POC and retrieve Customer Content within 30 days.

16.4 Evaluation and Proof of Concept — General Conditions. The following conditions apply to all Evaluation Use regardless of type:

Evaluation Use is provided solely for Customer’s internal evaluation purposes and not for production use unless otherwise expressly authorized in writing by Hypori.
Evaluation Use is provided without service level commitments and may be modified, suspended, or discontinued by Hypori at any time.
Customer is responsible for determining whether Evaluation Use is appropriate for Customer’s intended purposes, including compliance with Customer’s security and regulatory requirements.
Customer shall not use any Evaluation Use environment to process production data, CUI, PII, or other regulated data unless expressly authorized in writing by Hypori prior to such use.
Customer retains ownership of Customer Content used during Evaluation Use. Hypori will provide a reasonable opportunity to retrieve Customer Content prior to expiration or termination of Evaluation Use access.
Evaluation Use may be subject to additional terms specified in an applicable Order or written agreement.
Hypori has no obligation to provide Maintenance, Updates, or support for Evaluation Use beyond commercially reasonable efforts.
Customer’s decision to enter into Evaluation Use is not contingent upon and does not create any obligation for Hypori to deliver future functionality, features, or a production offering.

16.5 Alpha, Beta, Tech Preview, and Labs. Products provided as “Alpha,” “Beta,” “Tech Preview,” or “Labs” (“Pre-Release Products”) may be used for development and evaluation purposes only and must not be used or deployed in any production environment or in connection with production data. Pre-Release Products are provided “AS IS” without Maintenance, warranties, service level commitments, or indemnities. Pre-Release Products may contain bugs, errors, and other defects. Hypori makes no representations, promises, or guarantees that any Pre-Release Product will be publicly announced, made generally available, or remain available in its current form. Pre-Release Products may be suspended, modified, or terminated by Hypori upon notice to Customer. Pre-Release Products shall not be used for production CUI workloads unless expressly authorized in writing by Hypori.

16.6 Evaluation Use — Limitation of Liability. NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT, HYPORI’S TOTAL AGGREGATE LIABILITY ARISING FROM OR RELATED TO ANY EVALUATION USE, INCLUDING TRIALS, POCS, PILOTS, AND PRE-RELEASE PRODUCTS, SHALL NOT EXCEED THE GREATER OF (I) THE FEES ACTUALLY PAID BY CUSTOMER FOR THE APPLICABLE EVALUATION USE, OR (II) ONE THOUSAND DOLLARS ($1,000). THIS LIMITATION APPLIES REGARDLESS OF THE FORM OF ACTION AND WHETHER HYPORI HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT SHALL HYPORI BE LIABLE FOR LOSS OF DATA, LOSS OF PROFITS, OR ANY INDIRECT, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES ARISING FROM EVALUATION USE.

16.7 U.S. Government Customers. For U.S. Government Customers, Evaluation Use including Trials, POCs, and pilots may be conducted under applicable pilot authority, prototype authority, other transaction authority, or similar evaluation mechanisms consistent with federal procurement regulations, including FAR Part 12 and applicable agency-specific authorities. The terms of any applicable federal authorization or contracting vehicle shall govern in the event of conflict with this Section. Financial obligations for Evaluation Use by U.S. Government Customers are subject to the availability of appropriated funds and applicable fiscal law requirements.

16.8 Superseding Effect. The terms of this Section supersede any conflicting general terms and conditions of this Agreement with respect to Evaluation Use. For the avoidance of doubt, the warranty disclaimer, indemnification, and limitation of liability provisions applicable to production Subscriptions do not apply to Evaluation Use except as expressly stated in this Section.

17. Miscellaneous

17.1 Assignment. Neither party may assign its rights or delegate its duties under this Agreement, in whole or in part, without the other party’s prior written consent, which shall not be unreasonably withheld. Notwithstanding the foregoing, either party may assign this Agreement without consent in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets, provided that (i) the assignee assumes all obligations of the assigning party under this Agreement in writing, (ii) the assigning party provides the other party with written notice of the assignment promptly thereafter, and (iii) in the case of an assignment by Customer, the assignee is not a competitor of Hypori. Any attempted assignment in violation of the foregoing shall be void. This Agreement will bind and inure to the benefit of each party’s permitted successors and assigns.

17.2 Audit. During the term of any Order and for a period of one year following termination of an Order, Company may, no more than once per calendar year, engage an independent third-party auditor, at Company’s expense, upon 30 days’ prior written notice and during normal business hours, to audit Customer’s compliance with this Agreement in a manner that does not unreasonably disrupt Customer’s operations, and report any results to Company and its licensors. Customer shall, at no cost to Company, (i) provide any assistance reasonably requested by Company or its designee in conducting any such audit, and (ii) provide records and information reasonably necessary to verify Customer’s compliance with the applicable Licensed Entitlements to Company or its designee to facilitate the timely completion of such audit. Customer’s failure to comply with the provisions of this Section will constitute a material breach of this Agreement. Customer shall promptly cure any noncompliance, and if the audit reveals Customer’s noncompliance exceeds 5% of its entitlement, Customer shall reimburse Company for the reasonable costs and expenses of the audit (including but not limited to reasonable attorneys’ fees); provided, however, that the obligations under this Section do not constitute a waiver of Company’s termination rights and do not affect Company’s right to payment for Products related to usage in excess of the Licensed Entitlements. Customer audit rights do not include access to Hypori source code, production systems, or environments of other customers.

17.3 Notices. All notices required under this Agreement must be in writing and delivered (i) to the address designated on the account for Customer, and (ii) for Hypori, via email at [email protected] and by overnight courier or certified mail to: Hypori, Inc., Attn: Legal Department, 1801 Robert Fulton Drive, Ste 340, Reston, VA 20191. Notice is deemed given upon personal delivery, upon confirmation of receipt if delivered by email or air courier, or five (5) days after deposit in the mail. Legal notices must be sent both by email and physical mail to be effective. A copy of all legal notices from Customer to Company must also be sent to [email protected].

17.4 Entire Agreement; Order of Precedence. This Agreement states the entire agreement and understanding of the parties relating to its subject matter and supersedes all prior and contemporaneous oral and written agreements. In the event of conflict between the documents comprising this Agreement, the following order of precedence applies: (a) Order (b) Service Level Agreement (c) Data Processing Addendum (d) this Agreement (e) Acceptable Use Policy. Orders govern the commercial details of each Subscription. This Agreement governs everything else. No conflicting or additional terms in any Customer purchase order or procurement document shall apply unless expressly agreed in writing by authorized representatives of both parties. Hypori may update this Agreement from time to time by posting a revised version at hypori.com/legal. Continued use after the effective date constitutes acceptance.

17.5 Headings. Captions and headings used in this Agreement are for convenience only, are not a part of this Agreement, and are not to be used in interpreting or construing this Agreement.

17.6 Validity. If any provision of this Agreement is declared by a court of competent jurisdiction to be invalid, illegal, or unenforceable, such provision shall be severed from this Agreement, and the other provisions remain in full force and effect.

17.7 Relationship Between Parties. The parties are independent contractors, and nothing in this Agreement creates a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between or among the parties. Company may subcontract responsibilities under this Agreement but remains responsible for its breach of this Agreement by the acts or omissions of Company or its subcontractors. Company’s Affiliates may fulfill obligations under an Order, and such activity is not considered to be a subcontracted responsibility.

17.8 Resellers. Company Authorized Resellers and distributors do not have the right to make modifications to this Agreement or to make any additional representations, commitments, or warranties binding on Company.

17.9 Waiver. No waiver or amendment of any term or condition of this Agreement shall be valid or binding on any party unless agreed in writing by such party. Company failure to enforce any term of this Agreement will not be construed as a waiver of the right to enforce any such terms in the future. Unless otherwise specified, remedies are cumulative.

17.10 Force Majeure. Neither party will be responsible or have any liability for any delay or failure to perform obligations hereunder to the extent due to unforeseen circumstances or causes beyond its reasonable control, including acts of God, earthquake, fire, flood, strikes, Government-imposed sanctions or embargoes that arise without prior notice and that could not reasonably have been anticipated by the affected party through compliance with applicable export control and sanctions laws, lockouts or other labor disturbances, civil unrest, pandemics, failure, unavailability or delay of suppliers or licensors, riots, terrorist or other malicious or criminal acts, war, failure or interruption of the internet or Third Party internet connections or infrastructure, power failures, acts of civil and military authorities and severe weather (“Force Majeure”). The affected party will give the other party prompt written notice (when possible) of the failure to perform due to Force Majeure and use its reasonable efforts to limit the resulting delay in its performance.

17.11 Dispute Resolution and Governing Law.

17.11.1 Governing Law. For commercial customers, this Agreement is governed by the laws of the Commonwealth of Virginia, without regard to its conflict of law principles. For U.S. Government customers, applicable federal law governs to the extent required by federal procurement law. The United Nations Convention on Contracts for the International Sale of Goods and the Uniform Computer Information Transactions Act (UCITA) do not apply to this Agreement.

17.11.2 Informal Resolution. Before initiating arbitration or litigation, the parties agree to attempt in good faith to resolve any dispute arising out of or relating to this Agreement through informal discussions. A party initiating a dispute must provide written notice describing the nature of the dispute and the requested relief. The parties will attempt to resolve the dispute informally for at least 60 days following receipt of the notice before commencing arbitration or litigation.

17.11.3 Binding Arbitration. Except as otherwise expressly provided in this Agreement, any dispute, claim, or controversy arising out of or relating to this Agreement or the Products shall be resolved by binding arbitration administered by the American Arbitration Association (“AAA”) under its Commercial Arbitration Rules. The arbitration shall be conducted before a single arbitrator in Fairfax County, Virginia, or remotely by videoconference at either party’s election. The arbitrator shall have authority to determine issues relating to the interpretation and enforceability of this arbitration provision to the extent permitted by applicable law. The arbitrator’s decision shall be final and binding and may be entered in any court of competent jurisdiction.

17.11.4 General Venue. For any claim determined not to be subject to arbitration, each party irrevocably submits to the exclusive jurisdiction of the state and federal courts located in Fairfax County, Virginia.

17.11.5 Jury Trial Waiver. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EACH PARTY WAIVES ANY RIGHT TO A JURY TRIAL IN ANY DISPUTE ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE PRODUCTS. If a claim is determined not to be subject to arbitration, the parties’ consent to exclusive jurisdiction in the state or federal courts located in Fairfax County, Virginia.

17.11.6 Class Action Waiver. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE PARTIES AGREE THAT ANY DISPUTE SHALL BE BROUGHT ONLY IN AN INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, CONSOLIDATED, COLLECTIVE, OR REPRESENTATIVE ACTION. THE ARBITRATOR MAY NOT CONSOLIDATE MORE THAN ONE PERSON’S CLAIMS AND MAY NOT PRESIDE OVER ANY CLASS OR REPRESENTATIVE PROCEEDING. THIS WAIVER APPLIES TO ALL CLAIMS REGARDLESS OF LEGAL THEORY — INCLUDING CLAIMS ARISING UNDER FEDERAL OR STATE ELECTRONIC COMMUNICATIONS, PRIVACY, WIRETAPPING, OR CONSUMER PROTECTION STATUTES. IF THIS WAIVER IS FOUND UNENFORCEABLE WITH RESPECT TO ANY PARTICULAR CLAIM, THAT CLAIM SHALL BE RESOLVED BY BINDING INDIVIDUAL ARBITRATION TO THE MAXIMUM EXTENT PERMITTED BY LAW. IF THIS WAIVER IS FOUND WHOLLY UNENFORCEABLE, THE ARBITRATION AGREEMENT SHALL BE NULL AND VOID IN ITS ENTIRETY.

17.11.7 Injunctive Relief. Nothing in this Section prevents either party from seeking temporary, preliminary, or emergency injunctive relief in a court of competent jurisdiction to prevent unauthorized use, disclosure, or infringement of intellectual property or Confidential Information pending completion of arbitration.

17.11.8 U.S. Government Customers. For U.S. Government customers, disputes subject to the Contract Disputes Act or other mandatory federal procurement dispute procedures shall be resolved in accordance with applicable federal law and shall not be subject to mandatory arbitration to the extent prohibited by law.

17.11.9 Choice of Law for Tort and Statutory Claims. Virginia law governs all claims arising under or related to this Agreement, including claims sounding in contract, tort, statute, or equity, to the extent permitted by applicable law. The parties agree that Virginia law applies exclusively to claims arising under state electronic communications interception, privacy, consumer protection, or pen register statutes — including but not limited to CIPA (Cal. Penal Code § 630 et seq.), California’s pen register statute (Cal. Penal Code § 638.50 et seq.), the Pennsylvania Wiretapping and Electronic Surveillance Control Act, and similar statutes — and that such laws are contractually displaced to the fullest extent permissible. The parties acknowledge that Virginia is a one-party consent state and that Hypori’s consent to technical data collection necessary to operate the Products constitutes sufficient consent under Virginia law.

For the avoidance of doubt, any claim arising under California Penal Code § 638.51, 18 U.S.C. § 3121, or any analogous federal or state pen register or trap and trace statute, is subject to mandatory individual arbitration under this Section and is subject to the Virginia choice of law provision in this Agreement. The parties expressly agree that California Penal Code § 638.51 does not apply to claims between the parties arising from Hypori’s operation of the Products, to the fullest extent that such law may be contractually displaced by Virginia law.

17.12 Third Party Beneficiary. Except as expressly stated herein, this Agreement is for the sole benefit of the parties and their permitted successors and assigns and does not confer any rights or benefits on any Third Party. Notwithstanding the foregoing, Hypori’s Affiliates that fulfill obligations under Orders pursuant to Section 17.7 (Relationship Between the Parties) and 17.8 (Resellers), and Authorized Resellers to the extent of their rights and obligations expressly set forth in this Agreement, are intended third party beneficiaries of the relevant provisions of this Agreement and may enforce such provisions directly.

17.13 Survival. The provisions of Sections 1 (Definitions), 3.10 (Limitations on Use), 6 (Intellectual Property), 8.2 (Data Security) solely with respect to Personal Data processed prior to termination, 8.4 (Incidents) solely with respect to incidents discovered after termination that relate to pre-termination processing, 11.4 (Effect of Termination), 12 (Warranties and Disclaimers), 13 (Indemnification), 14 (Limitation of Liability), 15 (Export Restriction and Compliance with Laws), 17 (Miscellaneous), and any payment obligations accrued prior to termination, survive any termination or expiration of this Agreement. The provisions of Section 7 (Confidentiality) survive any termination or expiration of this Agreement for three (3) years, except for trade secrets, which shall remain confidential for so long as they qualify as trade secrets under applicable law.

17.14 Inconsistencies. To the extent Customer is a U.S. Government entity, any provision inconsistent with applicable federal law shall be deemed modified to conform to such law.

‍

Table of Contents