Vanta Master Subscription Agreement

‍

‍

‍This Vanta Master Subscription Agreement (“MSA”) entered into by and between Vanta Inc., a Delaware corporation with a place of business at 655 Montgomery Street, San Francisco, CA 94111 (“Vanta”), and the entity or person (i) executing an order form for the Services that expressly references this MSA (“Order Form”), (ii) accepting an Order Form via private offer on a cloud service provider marketplace or (iii) signing up for and accessing the Services on a free trial basis (“Trial Services”) who, in each case, agrees to be bound by this MSA to the exclusion of all other terms (as applicable, “Customer”) (each of Customer and Vanta, a “Party”, and together, the “Parties”). The MSA consists of the terms and conditions set forth below and incorporates by reference any ancillary documents (e.g., attachments, addenda, exhibits) expressly referenced herein.
‍

The “Effective Date” of this MSA is (a) the effective date of the first Order Form executed by the Parties, (b) the date Customer first accepts a private offer containing an Order Form or (c) in the case of Trial Services, the date Customer receives its credentials to access the Services accepting this MSA through Vanta’s free trial sign-up, as applicable.

‍

‍Section 1. Services and Support.
‍

1.1. Services. “Services” means the Vanta products and services that are made available to Customer by Vanta hereunder. Subject to the terms and conditions of this MSA, Vanta will make the Services available to Customer for the service period of Customer’s subscription specified on the applicable Order Form (“Service Period”). Vanta will provide the Services in accordance with the Service Level Agreement available at www.vanta.com/legal/sla.
‍

1.2. Support. Vanta will provide commercially reasonable support during the Service Period in accordance with Vanta’s Support Policy, available at www.vanta.com/legal/support-policy.

‍

‍Section 2. Fees and Payment; Trial Services.
‍

‍2.1. Payment and Taxes.
‍

2.1.1. Fees. “Fees” means the fees payable by Customer to Vanta for the applicable Services, as set forth on the Order Form. Customer is responsible for all Fees set forth in the Order Form. Vanta will invoice Customer for such Fees using the billing information set forth therein. If Customer purchases a subscription to the Services using a credit card or similar online payment method, Vanta will bill that payment method for all Fees due, including renewals and add-on purchases, as applicable, unless another payment method is requested in writing by Customer. Customer shall pay all Fees in accordance with the payment terms set forth in the applicable Order Form. Except as expressly set forth in this MSA, all payment obligations are non-cancelable and Fees are non-refundable and not subject to set off. In the event of non-payment of Fees by Customer for fifteen (15) days after the due date of an invoice, Vanta reserves the right to (i) immediately suspend Customer’s access to the Services until Customer pays the entire remaining balance of Fees and/or (ii) charge interest on past due amounts at the lesser of one and a half percent (1.5%) or the highest interest rate allowed by law. Vanta will promptly restore Customer’s access to the Services once such non-payment is cured.
‍

2.1.2. Fee Disputes. If Customer has a bona fide belief that an invoice is incorrect, Customer must contact Vanta within thirty (30) days of the date of the applicable invoice ("Dispute Period"). Upon receipt of such notice, Vanta and Customer will work together in good faith to resolve the dispute and, if such disputed amount(s) are deemed legitimate, Customer agrees to pay such amounts promptly upon resolution of the dispute (and in any event, within 30 days thereafter). If Customer does not notify Vanta of a dispute within the Dispute Period, all invoiced Fees will be deemed legitimate and owing in accordance with this MSA.
‍

2.1.3. Taxes. Fees do not include taxes, levies, duties or similar governmental assessments of any nature, including, for example, any sales, use, GST, value-added, withholding, or similar taxes, whether domestic or foreign, or assessed by any jurisdiction (“Taxes”). Customer is responsible for paying all Taxes associated with its purchase of the Services, excluding Taxes based on Vanta’s net income or receipts, property or employees.
‍

2.2. Price Changes; Discounts and Promotions. Prices specified in the Order Form may include discounts or promotional pricing. Vanta may change prices for the Services and/or discontinue or change any promotion, sale, or special offer in its sole discretion; provided that any such changes or discontinuations will only be effective upon the commencement of Customer’s next Service Period and will not impact the Fees payable for the then-current Service Period. Vanta will provide Customer with reasonable notice of any Fee increases prior to the expiration of the then-current Service Period.  
‍

2.3. Cloud Marketplace Billing & Payment. Notwithstanding anything to the contrary in this MSA, where Customer has purchased the Services through a marketplace offered by a cloud service provider (e.g., Amazon Web Services, Google Cloud Platform, Microsoft Azure, etc.), Customer agrees to pay the Fees specified on the applicable cloud service pricing page(s) (including any notes included on such page(s)) or in any offer accepted by Customer in the cloud service provider marketplace, as applicable. Customer agrees that all Fees shall be paid through billing of Customer's account with such cloud service provider and that any refund to which Customer may be entitled under this MSA or an Order Form may be provided in the form of a credit back to Customer's account with such cloud service provider.
‍

2.4. Free Trial Services; Beta Services.
‍

2.4.1 Trial Services. If Customer registers for Trial Services, Vanta will make the applicable Trial Services available to Customer pursuant to this Section 2.4.1 once Customer is approved for such Trial Services until the earlier of: (a) the end of the trial period communicated to Customer; (b) the start date of any Order Form entered into by Customer for Service(s) in exchange for payment; or (c) termination by Vanta in its sole discretion (such period, the “Trial Services Period”).

ANY CUSTOMER INFORMATION (AS DEFINED BELOW) THAT CUSTOMER PROVIDES OR MAKES AVAILABLE TO VANTA DURING THE PROVISION OF TRIAL SERVICES WILL BE PERMANENTLY DELETED AT THE END OF THE TRIAL SERVICES PERIOD UNLESS CUSTOMER ENTERS INTO AN ORDER FORM FOR THE SAME SERVICES AS THOSE COVERED BY THE TRIAL SERVICES OR EXPORTS SUCH CUSTOMER INFORMATION BEFORE THE END OF THE TRIAL SERVICES PERIOD.
‍

2.4.2 Beta Offerings. From time to time, Vanta may make Beta Offerings available to Customer at no charge. “Beta Offerings” means pre-release services, features, or functions identified as alpha, beta, preview, early access, or words or phrases with similar meanings. Customer may elect to try such Beta Offering(s) in its sole discretion. Beta Offerings are intended for evaluation purposes, not for production use, and may be subject to additional terms. Beta Offerings are not considered “Services” under this Agreement; however, all prohibited uses, Customer obligations and terms regarding Vanta’s ownership concerning the Services shall apply to Beta Offerings. Unless otherwise stated or communicated to Customer, any Beta Offerings trial period will expire upon the date that a version of the Beta Offerings becomes generally available without a “Beta Offerings” designation. Vanta may discontinue Beta Offerings at any time in its sole discretion and may never make them generally available.
‍

2.4.3 Disclaimers. NOTWITHSTANDING SECTIONS 1.2 (SUPPORT), 7 (REPRESENTATIONS, WARRANTIES AND DISCLAIMERS) AND 8 (INDEMNIFICATION) BELOW, TRIAL SERVICES AND BETA OFFERINGS ARE PROVIDED “AS-IS” AND “AS AVAILABLE” WITHOUT ANY WARRANTY AND VANTA SHALL HAVE NO SUPPORT OR INDEMNIFICATION OBLIGATIONS NOR LIABILITY OF ANY TYPE WITH RESPECT TO THE TRIAL SERVICES OR BETA OFFERINGS UNLESS SUCH EXCLUSION OF LIABILITY IS NOT ENFORCEABLE UNDER APPLICABLE LAW, IN WHICH CASE VANTA’S LIABILITY WITH RESPECT TO THE TRIAL SERVICES AND BETA OFFERINGS SHALL NOT EXCEED ONE THOUSAND DOLLARS ($1,000.00). NOTWITHSTANDING ANYTHING TO THE CONTRARY IN SECTION 9 (LIMITATION OF LIABILITY) BELOW, CUSTOMER SHALL BE FULLY LIABLE UNDER THIS MSA TO VANTA AND ITS AFFILIATES FOR ANY DAMAGES ARISING OUT OF CUSTOMER’S USE OF THE TRIAL SERVICES, ANY BREACH BY CUSTOMER OF THIS MSA AND ANY OF CUSTOMER’S INDEMNIFICATION OBLIGATIONS HEREUNDER.

‍

Section 3. Term and Termination.

‍

3.1. Term and Renewal.
‍

3.1.1. MSA. This MSA commences on the Effective Date and will remain in effect until all Order Forms have expired or been terminated in accordance with this Section 3.
‍

3.1.2. Order Form. The Service Period for each Order Form shall be set forth therein; provided that if the Order Form does not specify a Service Period, the Service Period will be one (1) year. Unless otherwise expressly stated in the applicable Order Form, upon expiration of the Service Period, the Customer’s subscription will automatically renew for successive one- (1) year Service Periods unless Customer provides Vanta with notice of termination at least thirty (30) days prior to the end of the then-current Service Period.

‍

3.2. Termination for Cause. A Party may terminate this MSA or an Order Form for cause (a) upon written notice to the other Party of a material breach if such breach remains uncured after ten (10) days from the date of the breaching Party’s receipt of such notice; (b) if the other Party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors that is not dismissed within sixty (60) days of the commencement thereof; or (c) immediately by Vanta if Customer violates Section 4.5 (Prohibited Uses) of this MSA. Non-payment of Fees by Customer for thirty (30) days after the due date of an invoice and any violation of Section 4.6 (Prohibited Uses) will be considered material breaches of this MSA.

‍

3.3. Effect of Termination and Survival. Termination of this MSA will concurrently terminate all active Order Forms. Upon termination of this MSA and/or an Order Form, (a) Customer will have no further right to use the Services under the terminated or canceled Order Form(s) and Vanta will remove Customer’s access to the same, and (b) unless otherwise specified herein, Customer will not be entitled to a refund of Fees paid; provided that if Customer terminates for Vanta’s uncured material breach in accordance with Section 3.2 (Termination for Cause), Customer shall be entitled to a pro-rata refund of any prepaid, unused Fees paid to Vanta. The following Sections will survive termination: Section 2 (Fees and Payment) for any Fees due and payable at the time of termination, Section 3.3 (Effect of Termination and Survival), Section 4 (Ownership, License, and Use of the Services), Section 5 (Confidentiality), Section 7.3 (Disclaimers), Section 8 (Indemnification), Section 9 (Limitation of Liability), and Section 10 (Miscellaneous). Termination of this MSA will not limit a Party’s liability for obligations accrued as of or prior to such termination or for any breach of this MSA.

‍

Section 4. Ownership, License, and Use of the Services.

‍

4.1. Ownership. Each Party will retain all rights, title and interest in any of its patents, inventions, copyrights, trademarks, domain names, trade secrets, know-how and any other intellectual property and proprietary rights (“Intellectual Property Rights”). Vanta will retain all Intellectual Property Rights in and to the Services and all components of, or used to provide, the Services and any other materials developed by Vanta in its performance hereunder that derive from, improve, enhance or modify the Services or other Vanta pre-existing intellectual property (collectively with the corresponding Intellectual Property Rights, “Services Information”). Customer will retain Intellectual Property Rights in all information uploaded to the Services by or on behalf Customer (other than Feedback as described below), including any outputs or results thereof produced by the Services from such information (excluding any Vanta intellectual property embedded therein) (collectively, “Customer Information”).
‍

4.2. Feedback. Customer may, under this MSA, provide suggestions, enhancement requests, recommendations about the Services, or other feedback to Vanta ( “Feedback”). Customer hereby grants Vanta a fully paid-up, royalty-free, worldwide, transferable, sub-licensable (through multiple layers), assignable, irrevocable and perpetual license to implement, use, modify, commercially exploit, incorporate into the Services, or otherwise use any Feedback; provided that Vanta may not breach its obligations of confidentiality under Section 5 in doing so. Vanta also reserves the right to seek intellectual property protection for any features, functionality or components that may be based on or that were initiated by such Feedback and, as between the Parties, Vanta shall own all right, title and interest in and to such derivatives.
‍

‍4.3. Licenses. Subject to Customer’s compliance with the terms and conditions of this MSA (including any limitations and restrictions set forth on an applicable Order Form), Vanta hereby grants Customer a non-exclusive, non-transferable, non-sublicensable limited right and license to access and use the Services or Trial Services, as applicable, solely during the applicable Service Period or Trial Service Period for Customer’s internal business purposes. Customer hereby grants Vanta a non-exclusive, non-transferable, non-sublicensable right and license to use Customer Information solely to provide the Services to Customer. Notwithstanding anything to the contrary, Vanta may generate, collect, use, and analyze usage data generated or derived from Customer’s use of the Services (“Usage Data”), including log data and metadata, to develop, improve, promote, support, and operate its products and services; provided that such Usage Data may only be shared with third parties in a manner that is aggregated and/or anonymized and does not identify Customer or any Authorized Users.
‍

‍4.4. Authorized Users. Customer may designate and provide access to the Services to its authorized employees, agents, or contractors (each an “Authorized User”). Customer is responsible for all use and misuse of the Services by Authorized Users and for adherence to all terms of this MSA by any Authorized Users as though such Authorized Users were parties hereto, and references to Customer herein will be deemed to apply to Authorized Users as necessary and applicable. Customer agrees to promptly notify Vanta of any unauthorized access or use of which Customer becomes aware. Authorized Users are strictly prohibited from sharing their accounts or account passwords and their doing so is a material breach of this MSA by Customer.
‍

4.5. Prohibited Uses. Customer will not, and will not permit any Authorized Users or third parties to, directly or indirectly: (a) “frame”, distribute, resell, or permit access to the Services by any third party other than as allowed by the features and functionality of the Services; (b) use the Services in violation of applicable laws, rule or regulations; (c) interfere with, disrupt, or gain unauthorized access to the Services; (d) successfully or otherwise, attempt to: decompile, disassemble, reverse engineer, discover the underlying source code or structure of, or copy the Services; (e) provide Vanta any Customer Information or Feedback that is unlawful, defamatory, harassing, discriminatory, or infringing of third party Intellectual Property Rights; (f) transfer to the Services or otherwise use on the Services any code, exploit, or undisclosed feature that is designed to delete, disable, deactivate, interfere with or otherwise harm or provide unauthorized access to the Services; (g) use any robot, spider, data scraping, or extraction tool or similar mechanism with respect to the Services; (h) provide access to the Services to an individual associated with a Vanta Competitor (as defined below); (i) extract information from the Services or otherwise access or use the Services in furtherance of replicating the Services or otherwise competing with Vanta; (j) encumber, sublicense, transfer, rent, lease, time-share or use the Services in any service bureau arrangement or otherwise for the benefit of any third party; (k) copy, distribute, manufacture, adapt, create derivative works of, translate, localize, port or otherwise modify any aspect of the Services; (l) introduce into the Services any software containing a virus, worm, “back door”, Trojan horse or similarly harmful code; (m) remove or otherwise alter any proprietary notices or labels from the Service or any portion thereof; or (n) permit any third party to engage in any of the foregoing proscribed acts (each of (a) through (n), a “Prohibited Use” and, collectively, “Prohibited Uses”). A “Vanta Competitor” is any entity that provides the same or similar goods and services to those provided by Vanta, as would be determined by a reasonable individual. Customer will promptly notify Vanta of any violations of the Prohibited Uses and take all necessary steps to prevent or cease any such use(s). Vanta reserves the right to suspend Customer and/or Authorized User’s access to the Services in the event Vanta reasonably suspects Customer or an Authorized User is in breach of this Section.
‍

4.6. Artificial Intelligence.
‍

4.6.1. AI Features. Customer acknowledges that the Services offer features that leverage the use of artificial intelligence, machine learning, or similar technologies provided by Vanta and/or its licensors (“AI Features”). Use of AI Features by Customer is voluntary and Vanta will inform Customer via the Services before an AI Feature is engaged for the first time for Customer’s use. Customer will have the ability to disable AI Features within the Services at the admin level for all Authorized Users by using the functionality of the Services. Vanta will not, and will not permit any third party to, use any Customer Information to train any artificial intelligence or machine learning models; provided that Vanta may use Feedback (e.g., Customer labeling of suggestions from AI Features with a thumbs up or thumbs down) and Usage Data for the purpose of training and improving its AI Features.
‍

4.6.2. Disclaimer. Vanta makes no covenants, representations or warranties regarding any outputs generated, transmitted or made available in connection with Customer’s or any Authorized User’s use of AI Features (“AI Outputs”), including, without limitation, with respect to the accuracy, quality or truthfulness thereof. AI Outputs should be used at Customer’s own risk. Due to the nature of AI Features generally, Customer acknowledges that it is possible that (a) Customer’s AI Outputs may be similar to outputs generated by other Vanta customers’ use of the Services, (b) the same input may result in different AI Outputs from one use to the next and (c) the AI Outputs may not be accurate, reliable or suitable for Customer’s requirements. Before leveraging any AI Outputs in any manner, Customer and its Authorized Users are responsible for making their own determination that the AI Outputs are suitable, and Customer is solely responsible for any reliance on the accuracy, completeness, or usefulness of any AI Outputs. Neither Customer nor any Authorized User may represent that any AI Outputs were human generated.

‍

Section 5. Confidentiality. As used herein, “Confidential Information” of a Party ( “Disclosing Party”) means all financial, technical, or business information of the Disclosing Party that the Disclosing Party designates as confidential at the time of disclosure to the other Party (“Receiving Party”) or that the Receiving Party reasonably should understand to be confidential based on the nature of the information or the circumstances surrounding its disclosure. Services Information is Vanta’s Confidential Information and Customer Information is Customer’s Confidential Information under this MSA. The Receiving Party agrees to keep Confidential Information in confidence using the same degree of care that the Receiving Party uses to protect its own Confidential Information (but in no event less than reasonable care). Except as expressly permitted in this MSA, the Receiving Party will not disclose, duplicate, publish, transfer or otherwise make available Confidential Information of the Disclosing Party in any form to any person or entity without the Disclosing Party’s prior written consent; provided the Receiving Party may disclose Confidential Information to its and its Affiliates’ employees and contractors who have a legitimate need to know such information and who are bound by obligations of confidentiality and non-use at least as protective of the Confidential Information as those in this Section 5. The Receiving Party will not use the Disclosing Party’s Confidential Information except to perform its obligations or exercise its rights under this MSA, such obligations including, in the case of Vanta, to provide the Services. Notwithstanding the foregoing, the Receiving Party may disclose Confidential Information to the extent required by law, provided that the Receiving Party: (a) gives the Disclosing Party prior written notice of such disclosure so as to afford the Disclosing Party a reasonable opportunity to appear, object, and obtain a protective order or other appropriate relief regarding such disclosure (if such notice is not prohibited by applicable law); (b) uses diligent efforts to limit disclosure and to obtain confidential treatment or a protective order; and (c) allows the Disclosing Party to participate in the proceeding to the extent permissible according to applicable law. Further, Confidential Information does not include any information that: (i) is or becomes generally known to the public without the Receiving Party's breach of any obligation owed to the Disclosing Party; (ii) was independently developed by the Receiving Party without the Receiving Party's breach of any obligation owed to the Disclosing Party; or (iii) is received from a third party who obtained such Confidential Information without any third party's breach of any obligation owed to the Disclosing Party. Due to the unique nature of Confidential Information, the Parties agree that the Disclosing Party shall be entitled to seek an injunction or similar equitable relief against any breach or threatened breach of this Section without the necessity of posting any bond or showing irreparable harm.

‍

‍Section 6. Privacy and Security Practices. Vanta will implement and maintain appropriate administrative, physical and technical safeguards during the Service Period to protect the security, confidentiality and integrity of Customer Information. Vanta’s current security and data protection practices are set forth at https://www.vanta.com/security (“Security Statement”). Customer’s use of the Services is subject to the privacy policy available at https://vanta.com/privacy (“Privacy Policy”).

‍

‍‍Section 7. Representations, Warranties, and Disclaimers.

‍

7.1. Authority. Each Party represents that it has validly entered into this MSA and has the legal power to do so.
‍

7.2. Limited Warranty. Vanta warrants that during an applicable Term the Services will perform materially in accordance with any applicable documentation provided to Customer. This warranty shall not extend to non-conformity with the documentation resulting from Customer’s use of the Services in violation of the MSA or not in accordance with such documentation. For any breach of a warranty in this section, Customer’s exclusive remedies are those described in Section 3.2 (Termination for Cause).
‍

‍7.3. Disclaimers. EXCEPT AS SPECIFICALLY SET FORTH IN THIS SECTION, THE SERVICES, INCLUDING ALL SERVER AND NETWORK COMPONENTS, AI OUTPUTS, SERVICES INFORMATION AND ANY OTHER INFORMATION OR ADVICE OBTAINED BY CUSTOMER THROUGH THE SERVICES, ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS, WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES OF ANY KIND TO THE FULLEST EXTENT PERMITTED BY LAW, AND VANTA EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. THE PARTIES ADDITIONALLY AGREE THAT VANTA WILL HAVE NO LIABILITY OR RESPONSIBILITY FOR CUSTOMER’S VARIOUS COMPLIANCE PROGRAMS, AND THAT THE SERVICES, TO THE EXTENT APPLICABLE, ARE ONLY TOOLS FOR ASSISTING CUSTOMER IN MEETING THE VARIOUS COMPLIANCE OBLIGATIONS FOR WHICH IT SOLELY IS RESPONSIBLE.  

‍

‍Section 8. Indemnification.
‍

8.1. Indemnification by Vanta. Vanta will indemnify and hold Customer harmless from any Losses (defined below) arising out of an unaffiliated third party’s claim (“Claim”) that the Services infringe or misappropriate such third party’s Intellectual Property Rights. Vanta will, at its sole expense, defend such claim and pay liabilities and expenses awarded to such unaffiliated third party by a court of competent jurisdiction or agreed to in a settlement (collectively, “Losses”) in connection with such Claim. If use of a Service by Customer has become, or, in Vanta’s opinion, is likely to become, the subject of any such Claim, Vanta may, at its option and expense, (i) procure for Customer the right to continue using the Service(s) as set forth hereunder; (ii) replace or modify a Service to make it non-infringing; or (iii) if options (i) or (ii) are not commercially reasonable or practicable as determined by Vanta, terminate this MSA and repay, on a pro-rata basis, any Fees previously paid to Vanta for the corresponding unused portion of the then-current Service Period for related Services. Vanta will have no liability or obligation under this Section with respect to any claim if such claim is caused in whole or in part by (a) any use of the Services in non-conformity with the documentation or in violation of this MSA; (b) modification of the Services by anyone other than Vanta; or (c) the combination, operation or use of the Services with other hardware or software where the Services would not otherwise be infringing. The provisions of this Section state the sole, exclusive, and entire liability of Vanta to Customer and constitute Customer’s sole remedy with respect to an infringement claim brought by reason of access to or use of a Service by Customer or Authorized Users.

8.2. Indemnification by Customer. Customer will indemnify and hold Vanta harmless from any Losses arising out of a Claim related to Customer Information. Customer will, at its sole expense, defend Vanta against such Claim and pay any Losses in connection therewith.
‍

8.3. Indemnification Conditions and Procedures. The obligations of the indemnifying Party in this Section 8 are conditioned upon the indemnified Party (i) promptly notifying the indemnifying Party of the threat or notice of such claim (provided that a failure to provide such notice shall only relieve the indemnifying party of its indemnity obligations if the indemnifying party is materially prejudiced by such failure); (ii) giving the indemnifying Party sole and exclusive control and authority to select defense attorneys, and defend and/or settle any such claim (however, the indemnifying Party may not settle or compromise any claim that results in liability or admission of any liability by the indemnified Party without prior written consent provided that such consent shall not be unreasonably conditioned, withheld or delayed); and (iii) cooperating with the indemnifying Party, at the indemnifying Party’s expense, in connection with the defense and/or settlement in connection therewith.

‍

‍SECTION 9. LIMITATION OF LIABILITY.
‍

9.1. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY (WHETHER IN CONTRACT, TORT, NEGLIGENCE OR OTHERWISE) WILL EITHER PARTY OR ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SERVICE PROVIDERS, SUPPLIERS OR LICENSORS BE LIABLE TO THE OTHER PARTY OR ITS AFFILIATE FOR ANY LOST PROFITS, LOST SALES OR BUSINESS, LOST DATA (I.E., DATA LOST IN THE COURSE OF TRANSMISSION VIA CUSTOMER’S SYSTEMS OR OVER THE INTERNET THROUGH NO FAULT OF VANTA), BUSINESS INTERRUPTION, LOSS OF GOODWILL, COSTS OF COVER OR REPLACEMENT, OR FOR ANY TYPE OF INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, CONSEQUENTIAL OR PUNITIVE LOSS OR DAMAGES, REGARDLESS OF WHETHER SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF OR COULD HAVE FORESEEN SUCH DAMAGES.

9.2. NEITHER PARTY’S AGGREGATE LIABILITY ARISING OUT OF THIS MSA WILL EXCEED THE AGGREGATE FEES PAID BY CUSTOMER DURING THE TWELVE (12) MONTHS IMMEDIATELY PRIOR TO THE FIRST EVENT OR OCCURRENCE GIVING RISE TO SUCH CLAIM; PROVIDED THAT LIABILITY (I) FOR BREACHES OF A PARTY’S CONFIDENTIALITY OBLIGATIONS UNDER SECTION 5, (II) FOR THE PARTIES’ INDEMNIFICATION OBLIGATIONS UNDER SECTION 8, OR (III) DUE TO PROHIBITED USES WILL NOT IN THE AGGREGATE EXCEED TEN TIMES (10X) THAT AMOUNT.
‍

9.3. NOTWITHSTANDING SECTIONS 9.1 AND 9.2, NOTHING IN THIS MSA WILL LIMIT OR EXCLUDE EITHER PARTY’S LIABILITY FOR GROSS NEGLIGENCE, FRAUD, INTENTIONAL MISCONDUCT OR ANY OTHER MATTER FOR WHICH LIABILITY CANNOT BE EXCLUDED BY LAW.
‍

9.4. CUSTOMER ACKNOWLEDGES AND AGREES THAT THE ESSENTIAL PURPOSE OF THIS SECTION 9 IS TO ALLOCATE THE RISKS UNDER THIS MSA BETWEEN THE PARTIES AND LIMIT POTENTIAL LIABILITY GIVEN THE FEES, WHICH WOULD HAVE BEEN SUBSTANTIALLY HIGHER IF VANTA WERE TO ASSUME ANY FURTHER LIABILITY OTHER THAN AS SET FORTH HEREIN. VANTA HAS RELIED ON THESE LIMITATIONS IN DETERMINING WHETHER TO PROVIDE CUSTOMER WITH THE RIGHTS TO ACCESS AND USE THE SERVICES PROVIDED FOR IN THIS MSA.

‍‍

‍Section 10. Miscellaneous.
‍

10.1. Entire Agreement; Order of Precedence. This MSA and any active Order Forms constitute the entire agreement, and supersedes all prior agreements, between Vanta and Customer regarding the subject matter hereof. In the event of any inconsistency or conflict between the terms of the MSA and the terms of any Order Form, the terms of the Order Form control. No terms or conditions stated in a Customer purchase order, vendor onboarding process or web portal, or any other Customer order documentation (excluding Order Forms) shall be incorporated into, or considered an amendment to, this MSA or any Order Form and all such terms or conditions are hereby deemed null and void, notwithstanding any language to the contrary therein, whether signed or issued before or after this MSA.
‍

10.2. Assignment. Neither Party may, assign this MSA without the prior written consent of the other Party, except that either Party may, without the need for such consent, assign this MSA to any affiliate or in connection with any merger, change of control, or the sale of all or substantially all of such Party’s assets; provided that (1) the other Party is provided notice of such assignment and (2) any such successor agrees to fulfill its obligations pursuant to this MSA. Subject to the foregoing restrictions, this MSA will be fully binding upon, inure to the benefit of and be enforceable by the Parties and their respective successors and assigns.
‍

10.3. Severability. If any provision in this MSA is held by a court of competent jurisdiction to be unenforceable, such provision will be modified by the court and interpreted so as to best accomplish the original provision to the fullest extent permitted by law, and the remaining provisions of this MSA will remain in effect.

10.4. Relationship of the Parties; Third-Party Beneficiaries. The Parties are independent contractors. This MSA does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the Parties. There are no third-party beneficiaries under this MSA, except to the extent expressly stated herein.
‍

10.5. Notices. All notices provided by Vanta to Customer under this MSA may be delivered in writing (a) by nationally recognized overnight delivery service (“Courier”) or U.S. mail to the contact mailing address provided by Customer on the Order Form; or (b) electronic mail to the electronic mail address provided for Customer’s account owner. Customer must give notice to Vanta in writing by Courier or U.S. mail to 655 Montgomery Street, San Francisco, CA 94111 Attn: Legal Department and by email to legal@vanta.com. All notices shall be deemed to have been given immediately upon delivery by electronic mail; or, if otherwise delivered upon the earlier of receipt or two (2) business days after being deposited in the mail or with a Courier as permitted above.
‍

10.6. Governing Law, Jurisdiction, Venue. This MSA will be governed by the laws of the State of California, without reference to conflict of laws principles. Any disputes under this MSA shall be resolved in a court of general jurisdiction in San Francisco County, California. The Parties hereby expressly agree to submit to the exclusive personal jurisdiction and venue of such courts for the purpose of resolving any dispute relating to this MSA.
‍

10.7. Export Compliance. The Services and other software or components of the Services that Vanta may provide or make available to Customer are subject to U.S. export control and economic sanctions laws as administered and enforced by the Office of Foreign Assets and Control of the United States Department of Treasury. Customer will not access or use the Services if Customer or any Authorized Users are located in any jurisdiction in which the provision of the Services, software, or other components is prohibited under U.S. or other applicable laws or regulations (a “Prohibited Jurisdiction”) and Customer will not provide access to the Services to any government, entity, or individual located in any Prohibited Jurisdiction. Customer represents and warrants that (a) it is not named on any U.S. government list of persons or entities prohibited from receiving U.S. exports, or transacting with any U.S. person; (b) it is not a national of, or a company registered in, any Prohibited Jurisdiction; (c) it will not permit any individuals under its control to access or use the Services in violation of any U.S. or other applicable export embargoes, prohibitions or restrictions; and (d) it will comply with all applicable laws regarding the transmission of technical data exported from the United States and the countries in which it and Authorized Users are located.
‍

‍10.8. Anti-Corruption. Customer represents that it has not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from any of Vanta’s employees or agents in connection with this MSA. Reasonable gifts and entertainment provided in the ordinary course of business do not violate the above restriction. If Customer learns of any violation of the above restriction, Customer will use reasonable efforts to promptly give notice to Vanta.
‍

10.9. Publicity and Marketing. Vanta may use Customer’s name, logo, and trademarks to identify Customer as a client of Vanta on Vanta’s website and other marketing materials.
‍

10.10. Amendments. No modification or amendment of this MSA shall be valid unless made in writing and signed by authorized representatives of both Parties.
‍

10.11. Third Party Products and Services.
‍

10.11.1. Third Party Products. Customer may enable integrations between the Services and third-party products, applications, and services (collectively, “Third Party Products”). Customer’s use of such Third Party Products will be subject to the privacy policies and terms and conditions of such third party providers. Customer acknowledges and agrees that Vanta makes no representations, warranties or covenants regarding such Third Party Products. Customer hereby waives any claim against Vanta with respect to Customer’s enablement of, access to or use of such Third Party Products in connection with the Services.

10.11.2. Third Party Services. If an Order Form contemplates Customer obtaining third party certifications or testing services (e.g., an audit or penetration testing services) (collectively, “Third Party Services”), Customer acknowledges and agrees that such Third Party Services will be performed by an independent third party and not by Vanta. Customer may be required to enter into an engagement letter or separate agreement with such third party in connection with such Third Party Services prior to the provision thereof which shall govern Customer’s receipt of such Third Party Services. Vanta will not be a party to such engagement letter or separate agreement and bears no responsibility for the quality, accuracy, or completeness of the Third Party Services. Customer acknowledges and agrees that Vanta makes no representations, warranties or covenants with respect to such Third Party Services.
‍

10.12. Force Majeure. Except with respect to Customer’s payment obligations, neither Party will be liable for, or considered in breach or default under this MSA or any Order Form as a result of any cause or condition beyond such Party’s reasonable control.
‍

10.13. Waiver. Neither Party’s failure to enforce at any time any provision of this MSA does not constitute a waiver of that provision or of any other provision of this MSA.

‍

‍

‍

‍