BY ACCEPTING THIS SERVICE SUBSCRIPTION AGREEMENT (“AGREEMENT”) (WHICH INCLUDES ENTERING INTO A SEPARATE AGREEMENT WITH AN AUTHORIZED ONELOGIN RESELLER THAT REFERENCES OR INCLUDES THIS AGREEMENT), OR OTHERWISE USING THE ONELOGIN SERVICES (AS DEFINED BELOW), YOU AGREE TO THE TERMS AND CONDITIONS IN THIS AGREEMENT. IF YOU ARE ENTERING INTO THIS AGREEMENT AS AN INDIVIDUAL, THE TERM “SUBSCRIBER” REFERS TO YOU. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS, IN WHICH CASE THE TERM “SUBSCRIBER” SHALL REFER TO SUCH ENTITY. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, YOU MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE ONELOGIN SERVICES.
1. USE OF THE ONELOGIN SERVICES
1.1 Rights Granted. Subject to the terms and conditions of this Agreement, OneLogin grants to Subscriber, during the Contract Term (as defined in Section 4.1 below), a limited, worldwide, non-exclusive, non-sublicensable, non-transferable (except as permitted in Section 8.2): (a) right to use the OneLogin Services (as defined herein), (b) license to copy, install, and use the software that is provided with the OneLogin Services to communicate between Subscriber’s servers and the OneLogin Services, and (c) license to reproduce, without modification, and internally use a reasonable number of copies of the OneLogin-provided user documentation relating to the OneLogin Services (e.g., user manuals, on-line help files) (“Documentation”) solely in connection with the use of the OneLogin Services; provided that (a) through (c) are all solely in connection with Subscriber’s internal business operations. Any copy or portion of the Documentation will continue to be subject to the terms and conditions of this Agreement. The OneLogin Services will be provided to Subscriber and its designated users that are paid for by Subscriber, which may include its employees, contractors, dealers/distributors and other third parties working for Subscriber. OneLogin reserves the right to modify or discontinue the OneLogin Services, any plan or any feature or functionality thereof at any time, but for discontinuation OneLogin will provide thirty (30) days’ prior notice to Subscriber.
With respect to Subscriber, the “OneLogin Services” only include the OneLogin plan and/or products that Subscriber is purchasing, has purchased, or will purchase directly from Reseller (as defined below).
1.2 Technical Support Services. For so long as Subscriber is current with its payment of the fees to Reseller in accordance with Section 3, OneLogin will use reasonable efforts to provide an administrator designated by Subscriber with technical support services relating to the OneLogin Services by phone, support portal, and email as stated in the Terms of Service for the designated Success Package.
1.3 Professional Services. If set forth in the Quote, Subscriber shall engage OneLogin to perform professional services fee in exchange for OneLogin providing reasonable assistance with initial onboarding and deployment efforts. Details of the professional services shall be defined in an applicable service description or separate Statement of Work (“SOW”). It is understood that OneLogin shall be performing similar services for other clients. In this regard, it is specifically agreed and understood that OneLogin (a) shall have the sole responsibility in assigning which personnel shall perform the services set forth in this SOW; and (b) may engage certified OneLogin services partners or other qualified contractors to perform some or all of the Services and OneLogin acknowledges it is legally responsible for the acts of these partners or contractors related to this SOW. OneLogin shall perform professional services in a professional and workmanlike manner, and with the appropriate care and skill.
1.4 Use Restrictions. Except as otherwise explicitly provided in this Agreement or as may be expressly required by applicable law, Subscriber will not, and will not permit or authorize third parties to: (a) rent, lease, disclose, transfer, or otherwise permit third parties (other than designated users as described in Section 1.1 above and for which Subscriber has paid all applicable fees) to use the OneLogin Services or Documentation; (b) use the OneLogin Services to provide services to third parties (e.g., as a service bureau); (c) breach, circumvent, tamper with or disable any security or other technological features or measures of the OneLogin Services; (d) attempt to probe, scan or test the vulnerability of any systems related to the OneLogin Services, including penetration or load tests, without OneLogin’s prior written approval for each test instance; or (e) reverse engineer, modify, adapt, hack or otherwise attempt to discover the underlying structure, technology or algorithms of the OneLogin Services. Subscriber is responsible for all activity that occurs under its OneLogin Services account(s).
1.5 Compliance with Laws. Subscriber will use the OneLogin Services and Documentation in compliance with all applicable laws and regulations. Without limiting the foregoing, Subscriber may not export from the United States the OneLogin Services or any direct product thereof in violation of any restrictions, laws or regulations of the United States Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, or any other United States or foreign agency or authority. OneLogin will comply with all applicable laws and regulations in its performance of this Agreement.
1.6 California Consumer Privacy Act.
1.6.2 The parties agree that, for purposes of the CCPA, Subscriber is a Business and OneLogin is a Service Provider. Subscriber represents and warrants that it will only provide or make Personal Information available to OneLogin in compliance with the CCPA.
1.6.3 Notwithstanding anything to the contrary in the Agreement, OneLogin shall not (1) retain or use Personal Information other than as needed to perform OneLogin Services or (2) Sell or otherwise disclose such Personal Information except to Service Providers needed to render OneLogin Services.
1.6.4 Notwithstanding anything else in this Agreement, Subscriber agrees that OneLogin, its affiliates, and each of their directors, officers, employees, agents, representatives, successors and assigns will not be liable under the Agreement for any claim arising from any action or omission by OneLogin that resulted from the Subscriber’s instructions or from Subscriber’s failure to comply with its obligations under the CCPA.
1.7 Protection against Unauthorized Use. Safeguarding the security of Subscriber Data (as defined in Section 2.1 below) that resides within the OneLogin Services is a shared responsibility between OneLogin (the “Data Processor”) and the Subscriber (the “Data Controller”) and, consequently: (a) OneLogin is responsible for any unauthorized access to, alteration of, or the deletion, destruction, damage, loss or failure to store and/or process any Subscriber Data that can be traced back to OneLogin’s personnel or OneLogin’s security control failure, and (b) Subscriber is responsible for any unauthorized access to, alteration of, or the deletion, destruction, damage, loss or failure to store and/or process any Subscriber Data that can be traced back to Subscriber’s personnel or Subscriber’s security control failure. Furthermore, OneLogin is responsible for properly configuring and administering the OneLogin Services and taking appropriate measures to maintain the security, protection and backup of Subscriber Data, including using encryption technology to protect Subscriber Data, and to routinely archive Subscriber Data. Subscriber shall be responsible for Subscriber Data that is added, modified, and removed from its OneLogin Services account and for maintaining the security of its systems that interface with the OneLogin Services and any account access passwords relevant to the OneLogin Services, and will use reasonable efforts to prevent any unauthorized use of the OneLogin Services and Documentation and immediately notify OneLogin in writing of any unauthorized use that comes to Subscriber’s attention. If there is unauthorized use by anyone who obtained access to the OneLogin Services directly or indirectly through Subscriber, Subscriber will take all steps reasonably necessary to terminate the unauthorized use. Subscriber will cooperate and assist with any actions taken by OneLogin to prevent or terminate unauthorized use of the OneLogin Services or Documentation.
1.8 Incident Management. In the event that OneLogin or Subscriber becomes aware that the security of the OneLogin Services is adversely impacted, and this event subsequently leads to Subscriber Data in OneLogin’s control being subject to use or disclosure not authorized by this Agreement (a “Security Incident”), the knowledgeable party will promptly (but in any case not later than seventy-two (72) hours after becoming aware of such Security Incident): (a) assess the nature and scope of the Security Incident; (b) identify the Subscriber Data involved, if any; (c) take appropriate steps to contain, control and stop the Security Incident; and (d) collaborate with the other party in providing relevant information that can be used to address and mitigate the impact of the Security Incident, subject to any request by law enforcement or other government agency to withhold such notice pending the completion of an investigation.
1.9 Reservation of Rights. OneLogin reserves to itself all rights in and to the OneLogin Services and Documentation not expressly granted to Subscriber under this Agreement.
2.1 Confidentiality. In connection with this Agreement, each party will have access to certain non-public information provided by and regarding the other party that is marked or otherwise should reasonably be understood to be treated as confidential (“Confidential Information”) including, for Subscriber, its user email addresses, user names and passwords (“Subscriber Data”). Except as otherwise permitted by this Agreement or as reasonably required for OneLogin to provide the OneLogin Services, each party shall keep confidential and not intentionally disclose to any third party (other than its directors, officers, employees, agents and representatives on a need-to-know basis) or use any Confidential Information of the other party; provided, however, that neither party shall be prohibited from disclosing or using Confidential Information that: (i) is publicly available or becomes publicly available through no act or omission of the receiving party, (ii) is or has been disclosed to such party by a third party who is not under an obligation of confidentiality with respect thereto, (iii) is or has been independently developed by such party, without use or reference to the other party’s Confidential Information, or (iv) must be used or disclosed under court order or applicable law, provided such use or disclosure is to the minimum extent required by such court order or applicable law. If legally permissible, the receiving party shall promptly notify the disclosing party of any pending disclosure of the disclosing party’s Confidential Information that may be so required and consult with the disclosing party prior to such disclosure as to the advisability of seeking a protective order or other means of preserving the confidentiality of the Confidential Information. OneLogin will operate the OneLogin Services using reputable third party web service providers, co-location facilities and the like.
2.2 Feedback. If Subscriber provides any feedback to OneLogin concerning the functionality or performance of the OneLogin Services (including identifying potential errors and improvements), Subscriber hereby assigns to OneLogin all right, title, and interest in and to the feedback, and OneLogin is free to use and disclose the feedback without payment or restriction. However, in connection with its use of feedback, OneLogin will not disclose any information that identifies Subscriber or any of its users to any third party, and will not use Subscriber’s trademarks and logos without Subscriber’s prior written consent.
Subscriber acknowledges that Subscriber is purchasing, has purchased, or will purchase the OneLogin Services from one of OneLogin’s authorized resellers (“Reseller”). Accordingly, payment-related terms for the OneLogin Services, including subscription term, price per user, number of users and the like, are determined solely by and between Subscriber and Reseller. Subscriber will pay Reseller for use of the OneLogin Services as agreed with Reseller. As between OneLogin and Subscriber, Subscriber will be responsible for all taxes associated with the OneLogin Services, other than U.S. taxes based on OneLogin’s net income.
4. TERM AND TERMINATION
4.1 Term. Unless otherwise agreed between Subscriber and Reseller, this Agreement will commence upon the effective date of the agreement entered into between Subscriber and Reseller and continue for a period of one (1) year (the “Term”), and will automatically renew for additional, successive one-year periods (each, a “Renewal Term”) unless Subscriber provides Reseller with notice of non-renewal at least thirty (30) days prior to the end of the then-current period or unless terminated earlier in accordance with the terms of this Agreement. The Term together with any and all Renewal Terms is the “Contract Term.”
4.2 Termination. If Subscriber fails to timely pay any fees to Reseller or otherwise breaches any term or condition of this Agreement, OneLogin may, without limitation to any of its other rights or remedies, immediately suspend the OneLogin Services with notice to Subscriber until Subscriber cures the applicable breach. OneLogin may terminate this Agreement effective after fifteen (15) days’ notice if Subscriber breaches any term of this Agreement (including for failure to pay any fees to Reseller) and such breach is not cured within the notice period. Further, this Agreement will automatically terminate upon termination of Subscriber’s agreement with Reseller for the use of the OneLogin Services, unless otherwise agreed by Subscriber and OneLogin in writing.
4.3 Post-Termination Obligations. If this Agreement is terminated for any reason or otherwise expires (a) OneLogin will, within thirty (30) days, delete all information uploaded by Subscriber or its users to the OneLogin Services from its (and its subcontractors’) active and passive instances of the OneLogin Services, which shall include any archived information, backups and log files (it being understood that this information cannot be retrieved by Subscriber after such termination or expiration), (b) each party will remove all of the other party’s Confidential Information from its (and its subcontractors’) systems, (c) Subscriber will discontinue the use of all copies of the software provided with the OneLogin Services and all related Documentation and will destroy, and document in writing such destruction of, any embodiments of these materials stored in or on a reusable electronic or similar medium, including but not limited to memory, disk packs, tapes and other peripheral devices, and (d) upon request by OneLogin, Subscriber will provide OneLogin with a written certification signed by an authorized Subscriber representative certifying that all Subscriber’s use of the OneLogin Services and Documentation has been discontinued. The provisions of Sections 2, 3, 4.3, 5.2, 7 and 8 will survive any termination or expiration of this Agreement.
5. WARRANTIES; DISCLAIMER; THIRD PARTY SERVICES
5.1 Warranties. Each party represents and warrants to the other that this Agreement constitutes a valid and binding agreement enforceable against such party in accordance with its terms.
5.2 Disclaimer. EXCEPT FOR THE EXPRESS REPRESENTATIONS AND WARRANTIES STATED IN THIS AGREEMENT, THE ONELOGIN SERVICES, SOFTWARE, AND DOCUMENTATION ARE PROVIDED AS-IS AND ONELOGIN MAKES NO ADDITIONAL REPRESENTATION OR WARRANTY OF ANY KIND WHETHER EXPRESS, IMPLIED (EITHER IN FACT OR BY OPERATION OF LAW), OR STATUTORY, AS TO ANY MATTER WHATSOEVER. ONELOGIN EXPRESSLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUALITY, NON-INFRINGEMENT, ACCURACY AND TITLE. ONELOGIN DOES NOT WARRANT THAT THE ONELOGIN SERVICES OR SOFTWARE ARE ERROR-FREE OR THAT OPERATION OF THE ONELOGIN SERVICES OR SOFTWARE WILL BE UNINTERRUPTED.
5.3 Third Party Services. OneLogin provides connectors, which are configured by and at the Subscriber’s discretion, for the OneLogin Services that interact with third party applications, and OneLogin may or may not have a commercial or contractual relationship with the providers of those applications. OneLogin monitors the working condition of these connectors and will use commercially reasonable efforts to resolve any issues that may arise from such a provider changing the login procedure of its application. However, Subscriber acknowledges and agrees that OneLogin is not responsible for any changes to or functionality or defect of any third-party applications and that interoperability with the OneLogin Services can be broken temporarily or permanently at any time.
5.3 Government Terms. OneLogin provides the OneLogin Services for ultimate federal government end use solely in accordance with the terms of this Agreement. If Subscriber (or any of its customers) is an agency, department, or other entity of any government, the use, duplication, reproduction, release, modification, disclosure, or transfer of the OneLogin Services, or any related documentation of any kind, including technical data, software, and manuals, is restricted by the terms of this Agreement. All other use is prohibited and no rights other than those provided in this Agreement are conferred. The OneLogin Services were developed fully at private expense.
6. INTELLECTUAL PROPERTY INDEMNIFICATION
6.1 Indemnification. OneLogin will, at its expense, either defend Subscriber from or settle any claim, proceeding, or suit brought by a third party against Subscriber (“Claim”) alleging that Subscriber’s use of the OneLogin Services infringes or misappropriates any third party patent, copyright, trade secret, trademark, or other intellectual property right during the Contract Term, and will indemnify and hold harmless Subscriber from all damages and costs finally awarded against Subscriber in any Claim and all out-of-pocket costs (including reasonable attorneys’ fees) reasonably incurred by Subscriber in connection with the defense of a Claim (other than attorneys’ fees and costs incurred without OneLogin’s consent); provided that: (a) Subscriber gives OneLogin prompt written notice of the Claim; (b) Subscriber grants OneLogin full and complete control over the defense and settlement of the Claim; and (c) Subscriber provides assistance in connection with the defense and settlement of the Claim as OneLogin may reasonably request. Subject to the foregoing, Subscriber will have the right to participate in the defense of the Claim at its own expense and with counsel of its own choosing.
6.2 Exclusions from Obligations. OneLogin will have no obligation under this Section 6 for any infringement or misappropriation to the extent that it arises out of or is based upon (a) use of the OneLogin Services in combination with other products or services; (b) use of the OneLogin Services by Subscriber for purposes outside the scope of the rights and licenses granted to Subscriber; (c) Subscriber’s failure to use the OneLogin Services in accordance with this Agreement and the Documentation; (d) any modification of the OneLogin Services by Subscriber not made or authorized in writing by OneLogin; or (e) any activity after OneLogin has provided Subscriber with a work around or modification that would have avoided such Claim.. This Section 6 sets forth OneLogin’s entire obligation and Subscriber’s exclusive remedy with respect to any infringement, misappropriation or other violation of third party rights.
7. LIMITATIONS OF LIABILITY
7.1 EXCEPT FOR LIABILITY ARISING FROM BREACH OF CONFIDENTIALITY OR A PARTY’S INTELLECTUAL PROPERTY RIGHTS, NEITHER PARTY WILL BE LIABLE TO THE OTHER PARTY FOR INDIRECT, CONSEQUENTIAL, PUNITIVE, INCIDENTAL, SPECIAL, OR EXEMPLARY DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, INCLUDING BUT NOT LIMITED TO LOST PROFITS OR LOSS OF BUSINESS, EVEN IF SUCH PARTY IS APPRISED OF THE LIKELIHOOD OF SUCH DAMAGES OCCURRING.
7.2 EXCEPT FOR LIABILITY ARISING FROM BREACH OF CONFIDENTIALITY OR A PARTY’S INTELLECTUAL PROPERTY RIGHTS, UNDER NO CIRCUMSTANCES WILL EITHER PARTY’S TOTAL LIABILITY OF ALL KINDS ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE TOTAL AMOUNTS RECEIVED BY ONELOGIN FROM RESELLER FOR SUBSCRIBER’S USE OF THE ONELOGIN SERVICES DURING THE 12 MONTHS IMMEDIATELY PRECEDING THE FIRST EVENT GIVING RISE TO SUCH LIABILITY.
7.3 THE LIMITATIONS HEREUNDER APPLY WITH RESPECT TO ALL LEGAL THEORIES, WHETHER IN CONTRACT, TORT, OR OTHERWISE. THE PROVISIONS OF THIS SECTION 7 REASONABLY ALLOCATE THE RISKS UNDER THIS AGREEMENT BETWEEN THE PARTIES, AND THE PARTIES HAVE RELIED ON THESE LIMITATIONS IN DETERMINING WHETHER TO ENTER INTO THIS AGREEMENT.
8.1 Relationship. No agency, partnership, or joint venture is created as a result of this Agreement and neither party has any authority of any kind to bind the other party. OneLogin may use Subscriber’s company name and logo as a reference for marketing or promotional purposes on its website and in other communication with existing or potential customers.
8.2 Assignability. Neither party may assign its right, duties, and obligations under this Agreement without the other party’s prior written consent, except that OneLogin may assign this Agreement to a successor to all or substantially all of OneLogin’s related assets or business.
8.3 Subcontractors. OneLogin may utilize a subcontractor or other third party to perform its duties under this Agreement so long as OneLogin remains responsible for all of its obligations under this Agreement.
8.4 Notices. Any notice required or permitted to be given in accordance with this Agreement will be effective if it is in writing and sent by certified or registered mail, or insured courier, return receipt requested, to the appropriate party at: (a) in the case of OneLogin, the address for its U.S. headquarters listed on its website, and (b) in the case of Subscriber, at the address set forth in Subscriber’s agreement with Reseller, with the appropriate postage prepaid. Either party may change its address for receipt of notice by notice to the other party in accordance with this Section 8.4. Notices are deemed given two (2) business days following the date of mailing or one business day following delivery to a courier.
8.5 Force Majeure. Neither party will be liable for, or be considered to be in breach of or default under this Agreement (other than with respect to payment obligations) on account of, any delay or failure to perform as required by this Agreement as a result of any cause or condition beyond its reasonable control, including denial-of-service attacks, strikes, shortages, widespread security breaches (e.g., heartbleed bug), riots, fires, flood, storm, earthquakes, explosions, acts of God, war, terrorism, and governmental action, (“Force Majeure”) so long as that party uses all commercially reasonable efforts to avoid or remove the causes of non-performance.
8.6 Governing Law. This Agreement will be interpreted, construed, and enforced in all respects in accordance with the local laws of the State of California, U.S.A., without reference to its conflicts of law rules and not including the provisions of the 1980 U.N. Convention on Contracts for the International Sale of Goods. Both parties agree to submit to the exclusive personal jurisdiction of the federal and state courts located in San Francisco, California for the purpose of resolving any dispute relating to this Agreement or the relationship between the parties. In any action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover its reasonable costs and attorneys’ fees.
8.7 Severability. If any part of this Agreement is found to be illegal, unenforceable, or invalid, the remaining portions of this Agreement will remain in full force and effect. If any material limitation or restriction on the use of the OneLogin Services under this Agreement is found to be illegal, unenforceable, or invalid, Subscriber’s right to use the OneLogin Services will immediately terminate.
8.8 Entire Agreement. This Agreement is the complete and exclusive statement of the mutual understanding of the Parties and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of this Agreement. All waivers and modifications to this Agreement must be in a written agreement signed by an authorized agent of both parties. OneLogin will not be bound by, and specifically objects to, any term, condition, or other provision that is different from or in addition to this Agreement (whether or not it would materially alter this Agreement) that is proffered by Subscriber in any receipt, acceptance, confirmation, correspondence, or otherwise, unless OneLogin specifically agrees to such provision in writing and signed by an authorized agent of OneLogin.