BY ACCEPTING THIS SERVICE SUBSCRIPTION AGREEMENT (“AGREEMENT”) (WHICH INCLUDES ENTERING INTO A SEPARATE AGREEMENT WITH AN AUTHORIZED ONELOGIN RESELLER THAT REFERENCES OR INCLUDES THIS AGREEMENT), OR OTHERWISE USING THE ONELOGIN SERVICES (AS DEFINED BELOW), YOU AGREE TO THE TERMS AND CONDITIONS IN THIS AGREEMENT. IF YOU ARE ENTERING INTO THIS AGREEMENT AS AN INDIVIDUAL, THE TERM “SUBSCRIBER” REFERS TO YOU. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS, IN WHICH CASE THE TERM “SUBSCRIBER” SHALL REFER TO SUCH ENTITY. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, YOU MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE ONELOGIN SERVICES.
1. USE OF THE ONELOGIN SERVICES
1.1 “OneLogin Services” are OneLogin’s generally commercially available hosted solutions consisting of single sign-on, multi-factor authentication, directory integration, user provisioning, reporting and a catalog of pre-integrated web applications, provided via the website www.onelogin.com and related mobile applications. With respect to Subscriber, the “OneLogin Services” only include those features and functionality that OneLogin generally provides for the Plan that Subscriber has agreed with Reseller (as defined below) and purchased (e.g., “Starter,” “Enterprise” or “Unlimited”).
1.2 Use of the OneLogin Services. Subject to the terms and conditions of this Agreement, OneLogin grants to Subscriber a limited, worldwide, non-exclusive, non-transferable (except as permitted in Section 8.2) right during the Contract Term (as defined in Section 4.1) to use the OneLogin Services (as defined below) solely in connection with Subscriber’s internal business operations. The OneLogin Services will be provided to Subscriber and its designated users that are paid for by Subscriber, which may include its employees, contractors, dealers/distributors and other third parties working for Subscriber. OneLogin reserves the right to modify or discontinue the OneLogin Services, any plan or any feature or functionality thereof at any time, but for discontinuation OneLogin will provide 30 days prior notice to Subscriber.
1.3 Use of the Documentation. Subject to the terms and conditions of this Agreement, OneLogin grants to Subscriber a limited, worldwide, non-exclusive, non-sublicenseable, non-transferable (except as permitted in Section 8.2) license during the Contract Term to reproduce, without modification, and internally use a reasonable number of copies of the OneLogin-provided user documentation relating to the OneLogin Services (e.g., user manuals, on-line help files) (“Documentation”) solely in connection with use of the OneLogin Services in connection with Subscriber’s internal business operations.
1.4 Technical Support Services. For so long as Subscriber is current with its payment of the fees to Reseller in accordance with Section 3, OneLogin will use reasonable efforts to provide a OneLogin Services administrator designated by Subscriber with technical support services relating to the OneLogin Services by phone and email from (a) 6am-5pm Pacific Standard Time, Monday through Friday, excluding holidays, or (b) if Subscriber’s administrator is located in Europe or the Middle-East, from 8am-5pm GMT Monday through Friday, excluding holidays.
1.5 Use Restrictions. Except as otherwise explicitly provided in this Agreement or as may be expressly required by applicable law, Subscriber will not, and will not permit or authorize third parties to: (a) rent, lease, or otherwise permit third parties (other than designated users for which Subscriber has paid all applicable fees) to use the OneLogin Services or Documentation; (b) use the OneLogin Services to provide services to third parties (e.g., as a service bureau); (c) breach, circumvent, tamper with or disable any security or other technological features or measures of the OneLogin Services; (d) attempt to probe, scan or test the vulnerability of any systems related to the OneLogin Services, including penetration or load tests; or (e) reverse engineer, modify, adapt, hack or otherwise attempt to discover the underlying structure, technology or algorithms of the OneLogin Services. Subscriber is responsible for all activity that occurs under its OneLogin Services account(s).
1.6 Compliance with Laws. Subscriber will use the OneLogin Services and Documentation in compliance with all applicable laws and regulations. OneLogin will comply with all applicable laws and regulations in its performance of this Agreement.
1.7 Protection against Unauthorized Use. Subscriber shall be responsible for maintaining the security of its equipment and OneLogin Services account access passwords, and will use reasonable efforts to prevent any unauthorized use of the OneLogin Services and Documentation and immediately notify OneLogin in writing of any unauthorized use that comes to Subscriber’s attention. If there is unauthorized use by anyone who obtained access to the OneLogin Services directly or indirectly through Subscriber, Subscriber will take all steps reasonably necessary to terminate the unauthorized use. Subscriber shall be responsible for all activity using Subscriber’s users’ accounts. Subscriber will cooperate and assist with any actions taken by OneLogin to prevent or terminate unauthorized use of the OneLogin Services or Documentation.
1.8 Reservation of Rights. OneLogin reserves to itself all rights in and to the OneLogin Services and Documentation not expressly granted to Subscriber under this Agreement.
2.1 Confidentiality. In connection with the provision of the OneLogin Services, each party will have access to certain non-public information provided by and regarding the other party that is marked or otherwise should reasonably be understood to be treated as confidential (“Confidential Information”) including, for Subscriber, its user email addresses, user names and passwords. Except as otherwise permitted by this Agreement or as reasonably required for OneLogin to provide the OneLogin Services, each party shall keep confidential and not intentionally disclose to any third party (other than its directors, officers, employees, agents and representatives on a need-to-know basis) or use any Confidential Information of the other party; provided, however, that neither party shall be prohibited from disclosing or using Confidential Information that: (i) is publicly available or becomes publicly available through no act or omission of the receiving party, (ii) is or has been disclosed to such party by a third party who is not under an obligation of confidentiality with respect thereto, (iii) is or has been independently developed by such party, without use or reference to the other party’s Confidential Information, or (iv) must be used or disclosed under court order or applicable law, provided such use or disclosure is to the minimum extent required by such court order or applicable law. If legally permissible, the receiving party shall promptly notify the disclosing party of any pending disclosure of the disclosing party’s Confidential Information that may be so required and consult with the disclosing party prior to such disclosure as to the advisability of seeking a protective order or other means of preserving the confidentiality of the Confidential Information. OneLogin will operate the OneLogin Services using reputable third party web service providers, co-location facilities and the like.
2.2 Feedback. If Subscriber provides any feedback to OneLogin concerning the functionality or performance of the OneLogin Services (including identifying potential errors and improvements), Subscriber hereby assigns to OneLogin all right, title, and interest in and to the feedback, and OneLogin is free to use the feedback without payment or restriction. However, in connection with its use of feedback, OneLogin will not disclose any information that identifies Subscriber or any of its users to any third party, and will not use Subscriber’s trademarks and logos without Subscriber’s prior written consent.
The parties acknowledge that Subscriber is purchasing, has purchased, or will purchase subscriptions to the OneLogin Service from one of OneLogin’s authorized resellers (“Reseller”). Accordingly, payment-related terms for the OneLogin Services, including subscription term, price per user, number of users and the like, are determined solely by and between Subscriber and Reseller. Subscriber will pay Reseller for use of the OneLogin Services as agreed with Reseller. As between OneLogin and Subscriber, Subscriber will be responsible for all taxes associated with the OneLogin Services, other than U.S. taxes based on OneLogin’s net income.
4. TERM AND TERMINATION
4.1 Term. This Agreement will commence upon the Effective Date and continue for a period of one year (the “Term”), and will automatically renew for additional, successive one-year periods (each, a “Renewal Term”) unless either party provides the other party with notice of non-renewal at least 30 days prior to the end of the then-current period or unless terminated earlier in accordance with the terms of this Agreement. The Term together with any and all Renewal Terms is the “Contract Term.”
4.2 Termination. If Subscriber fails to timely pay any fees to Reseller or otherwise breaches any term or condition of this Agreement, OneLogin may, without limitation to any of its other rights or remedies, immediately suspend the OneLogin Services with notice to Subscriber until Subscriber cures the applicable breach. OneLogin may terminate this Agreement effective after fifteen (15) days notice if Subscriber breaches any term of this Agreement (including for failure to pay any fees to Reseller) and such breach is not cured within the notice period. Further, this Agreement will automatically terminate upon termination of Subscriber’s agreement with Reseller for the use of OneLogin Services, unless otherwise agreed by Subscriber and OneLogin in writing.
4.3 Post-Termination Obligations. If this Agreement is terminated for any reason or otherwise expires (a) OneLogin will, within thirty (30) days, delete all information uploaded by Subscriber or its users to the OneLogin Services from its (and its subcontractors’) active and passive instances of the OneLogin Services, which shall include any archived information, backups and log files (it being understood that this information cannot be retrieved by Subscriber after such termination or expiration), (b) each party will remove all of the other party’s Confidential Information from its (and its subcontractors’) systems, and (c) upon request by OneLogin, Subscriber will provide OneLogin with a written certification signed by an authorized Subscriber representative certifying that all Subscriber’s use of the OneLogin Services and Documentation has been discontinued. The provisions of Sections 2, 3, 4.3, 5.2, 7 and 8 will survive any termination or expiration of this Agreement.
5. WARRANTIES AND DISCLAIMER
5.1 Warranties. Each party represents and warrants to the other that this Agreement has been duly executed and delivered and constitutes a valid and binding agreement enforceable against such party in accordance with its terms.
5.2 Disclaimer. EXCEPT FOR THE EXPRESS REPRESENTATIONS AND WARRANTIES STATED IN THIS AGREEMENT, THE ONELOGIN SERVICES ARE PROVIDED AS-IS AND ONELOGIN MAKES NO ADDITIONAL REPRESENTATION OR WARRANTY OF ANY KIND WHETHER EXPRESS, IMPLIED (EITHER IN FACT OR BY OPERATION OF LAW), OR STATUTORY, AS TO ANY MATTER WHATSOEVER. ONELOGIN EXPRESSLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUALITY, NON-INFRINGEMENT, ACCURACY AND TITLE. ONELOGIN DOES NOT WARRANT THAT THE ONELOGIN SERVICES ARE ERROR-FREE OR THAT OPERATION OF THE ONELOGIN SERVICES WILL BE UNINTERRUPTED.
5.3 Third Party Services. OneLogin provides connectors for the OneLogin Services that interact with third party applications, and OneLogin may or may not have a commercial or contractual relationship with the providers of those applications. OneLogin monitors the working condition of these connectors and will use commercially reasonable efforts to resolve any issues that may arise from such a provider changing the login procedure of its application. However, Subscriber acknowledges and agrees that OneLogin is not responsible for any changes to or functionality or defect of any third party applications and that interoperability with the OneLogin Services can be broken temporarily or permanently at any time.
6. INTELLECTUAL PROPERTY INFRINGEMENT
6.1 Indemnification. OneLogin will, at its expense, either defend Subscriber from or settle any claim, proceeding, or suit brought by a third party against Subscriber (“Claim”) alleging that Subscriber’s use of the OneLogin Services infringes or misappropriates any third party patent, copyright, trade secret, trademark, or other intellectual property right during the Contract Term, and will indemnify and hold harmless Subscriber from all damages and costs finally awarded against Subscriber in any Claim and all out-of-pocket costs (including reasonable attorneys’ fees) reasonably incurred by Subscriber in connection with the defense of a Claim (other than attorneys’ fees and costs incurred without OneLogin’s consent); provided that: (a) Subscriber gives OneLogin prompt written notice of the Claim; (b) Subscriber grants OneLogin full and complete control over the defense and settlement of the Claim; and (c) Subscriber provides assistance in connection with the defense and settlement of the Claim as OneLogin may reasonably request. Subject to the foregoing, Subscriber will have the right to participate in the defense of the Claim at its own expense and with counsel of its own choosing.
6.2 Exclusions from Obligations. OneLogin will have no obligation under this Section 6 for any infringement or misappropriation to the extent that it arises out of or is based upon (a) use of the OneLogin Services in combination with other products or services; (b) use of the OneLogin Services by Subscriber for purposes outside the scope of the license granted to Subscriber; (c) Subscriber’s failure to use the OneLogin Services in accordance with this Agreement and the Documentation; or (d) any modification of the OneLogin Services by Subscriber not made or authorized in writing by OneLogin. This Section 6 sets forth OneLogin’s entire obligation and Subscriber’s exclusive remedy with respect to any infringement, misappropriation or other violation of third party rights.
7. LIMITATIONS OF LIABILITY
7.1 EXCEPT FOR LIABILITY ARISING FROM BREACH OF CONFIDENTIALITY OR A PARTY’S INTELLECTUAL PROPERTY RIGHTS, NEITHER PARTY WILL BE LIABLE TO THE OTHER PARTY FOR INDIRECT, CONSEQUENTIAL, PUNITIVE, INCIDENTAL, SPECIAL, OR EXEMPLARY DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, INCLUDING BUT NOT LIMITED TO LOST PROFITS OR LOSS OF BUSINESS, EVEN IF SUCH PARTY IS APPRISED OF THE LIKELIHOOD OF SUCH DAMAGES OCCURRING.
7.2 EXCEPT FOR LIABILITY ARISING FROM BREACH OF CONFIDENTIALITY OR A PARTY’S INTELLECTUAL PROPERTY RIGHTS, UNDER NO CIRCUMSTANCES WILL EITHER PARTY’S TOTAL LIABILITY OF ALL KINDS ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE TOTAL AMOUNTS RECEIVED BY ONELOGIN FROM RESELLER FOR SUBSCRIBER’S USE OF THE ONELOGIN SERVICE DURING THE 12 MONTHS IMMEDIATELY PRECEDING THE FIRST EVENT GIVING RISE TO SUCH LIABILITY.
7.3 THE LIMITATIONS HEREUNDER APPLY WITH RESPECT TO ALL LEGAL THEORIES, WHETHER IN CONTRACT, TORT, OR OTHERWISE. THE PROVISIONS OF THIS SECTION 7 REASONABLY ALLOCATE THE RISKS UNDER THIS AGREEMENT BETWEEN THE PARTIES, AND THE PARTIES HAVE RELIED ON THESE LIMITATIONS IN DETERMINING WHETHER TO ENTER INTO THIS AGREEMENT.
8.1 Relationship. No agency, partnership, or joint venture is created as a result of this Agreement and neither party has any authority of any kind to bind the other party. OneLogin may use Subscriber’s company name and logo as a reference for marketing or promotional purposes on its website and in other communication with existing or potential customers.
8.2 Assignability. Neither party may assign its right, duties, and obligations under this Agreement without the other party’s prior written consent, except that OneLogin may assign this Agreement to a successor to all or substantially all of OneLogin’s related assets or business.
8.3 Subcontractors. OneLogin may utilize a subcontractor or other third party to perform its duties under this Agreement so long as OneLogin remains responsible for all of its obligations under this Agreement.
8.4 Notices. Any notice required or permitted to be given in accordance with this Agreement will be effective if it is in writing and sent by certified or registered mail, or insured courier, return receipt requested, to the appropriate party at the address set forth on the signature page of this Agreement, with the appropriate postage prepaid. Either party may change its address for receipt of notice by notice to the other party in accordance with this Section 8.4. Notices are deemed given two business days following the date of mailing or one business day following delivery to a courier.
8.5 Force Majeure. Neither party will be liable for, or be considered to be in breach of or default under this Agreement (other than with respect to payment obligations) on account of, any delay or failure to perform as required by this Agreement as a result of any cause or condition beyond its reasonable control, including denial-of-service attacks, strikes, shortages, widespread security breaches (e.g., heartbleed bug), riots, fires, flood, storm, earthquakes, explosions, acts of God, war, terrorism, and governmental action, (“Force Majeure”) so long as that party uses all commercially reasonable efforts to avoid or remove the causes of non-performance.
8.6 Governing Law. This Agreement will be interpreted, construed, and enforced in all respects in accordance with the local laws of the State of California, U.S.A., without reference to its conflicts of law rules and not including the provisions of the 1980 U.N. Convention on Contracts for the International Sale of Goods. Both parties agree to submit to the exclusive personal jurisdiction of the federal and state courts located in San Francisco, California for the purpose of resolving any dispute relating to this Agreement or the relationship between the parties. In any action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover its reasonable costs and attorneys’ fees.
8.7 Severability. If any part of this Agreement is found to be illegal, unenforceable, or invalid, the remaining portions of this Agreement will remain in full force and effect. If any material limitation or restriction on the use of the OneLogin Services under this Agreement is found to be illegal, unenforceable, or invalid, Subscriber’s right to use the OneLogin Services will immediately terminate.
8.8 Counterparts. This Agreement may be executed in two identical counterparts, notwithstanding that the parties have not signed the same counterpart, with the same effect as if the parties had signed the same document. Both counterparts will be construed as and constitute the same agreement. This Agreement may also be executed and delivered by facsimile or PDF and such execution and delivery will have the same force and effect of an original document with original signatures.
8.9 Entire Agreement. This Agreement is the complete and exclusive statement of the mutual understanding of the Parties and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of this Agreement. All waivers and modifications to this Agreement must be in a written agreement signed by an authorized agent of both parties. OneLogin will not be bound by, and specifically objects to, any term, condition, or other provision that is different from or in addition to this Agreement (whether or not it would materially alter this Agreement) that is proffered by Subscriber in any receipt, acceptance, confirmation, correspondence, or otherwise, unless OneLogin specifically agrees to such provision in writing and signed by an authorized agent of OneLogin.