General TermsLast Modified: 8/3/2017
Welcome to Gremlin Social, a product of Gremln, Inc. Gremlin Social is a complete social media management solution to help you use social media in a secure and compliant way.
THIS MASTER SOFTWARE LICENSE AGREEMENT is a legally binding contract that you are accepting and agreeing to be bound by as of the date of your signed Proposal, Work Order, License Agreement, or your first use Gremlin Social services ("Effective Date"). This agreement is made and entered into by and between Gremln, Inc., a Delaware corporation, doing business as Gremlin Social (“Gremlin Social”), located at 911 Washington Avenue, Suite 660, St. Louis, MO 63101 and the YOU, the Client (“Client”) for its benefit and the benefit of its parent, and their respective direct and indirect subsidiaries and affiliates (each individually, a “Party,” and collectively, the “Parties”) and includes the General Terms and all Schedules, Attachments and Exhibits (collectively, the “Agreement”). PLEASE READ THIS MASTER SOFTWARE LICENSE AGREEMENT ("AGREEMENT" OR "TERMS") CAREFULLY BEFORE USING THE GREMLIN SOCIAL SITE. These Terms are a legally binding contract between Gremln, Inc. (“Gremlin Social”) and "Client". Gremln, Inc. provides the Services (as defined below) to you subject to and conditioned upon your acceptance of these Terms. BY ACCESSING AND USING THE SERVICES IN ANY WAY YOU ARE "ACCEPTING" AND AGREEING TO BE BOUND BY THESE TERMS, INCLUDING BUT NOT LIMITED TO THE WARRANTY DISCLAIMERS, LIMITATIONS OF LIABILITY, AND TERMINATION PROVISIONS BELOW. By signing the applicable Order Form, you have agreed to be bound by all the terms and conditions of this Agreement and any other terms set forth in the Order Form, which is hereby made a part of this Agreement. This Agreement replaces and supersedes any prior terms and conditions or agreements between Client and Gremlin Social with respect to Client and Client’s Authorized Users' use of the Services. Gremlin Social may update and change any or all of these Terms, including but not limited to the fees and charges associated with the use of the Services. If Gremlin Social updates or changes these Terms, Gremlin Social will post the updated Terms at GremlinSocial.com/Terms. The updated Terms will become effective and binding on the fourteenth (14th) business day after they are posted. When we change these Terms, we will modify the "Last Modified" date on the web address stated above. We encourage you to review these Terms periodically.
1. SaaS (Software as a Service) Terms
1.1 Definitions:“Authorized User” means a representative of the Client that has been given purchased, login credentials to access Gremlin software
“Deliverable” means access to software programs via the Internet. (“Services”).
“Documentation” means the online instruction manuals that accompany the Software as accessed by the Client.
“Intellectual Property Rights” means any U.S. or foreign patent rights, copyrights, trade secrets, trade names, trademarks, service marks, moral rights, and any other similar property rights, including the Software and Documentation.
“Order Form” means the form, document, or web page, potentially filled out by client to request goods or services from Gremlin.
“Software” means Gremlin’s proprietary software product, which is made available solely via the Internet from supported web browser versions. Supported web browser versions may change from time to time.
“Gremlin Confidential Information” means that information (excluding Client’s data, confidential information and customer information) disclosed by Gremlin to Client, or otherwise obtained by Client, in connection with the Software or the services to be provided pursuant to this Agreement, which relates to the Software or Gremlin’s past, present, and future research, development and business activities. Examples of such Confidential Information include, but are not limited to, pricing policies, market analyses or projections, consulting and sales methods and techniques, programs, routines, subroutines, translators, compilers, assemblers, operating software, object or source codes, updates thereto and related items, including but not limited to specifications, layouts, and other like materials and documentation, together with all information, data and know-how, technical or otherwise, included therein manuals, print-outs or masters and duplicates. Confidential Information shall include any information treated or otherwise designated as a trade secret under applicable law, but shall not include any information which is previously known without obligations of confidence, or, without breach of this Agreement, is publicly disclosed in a lawful manner, or that is rightfully received from a third party without obligations of confidence.
“Client Confidential Information” means that information disclosed by Client to Gremlin or otherwise obtained by Gremlin, including Client customer information.
“De-identified activity” is the process by which a collection of data is stripped of information which would allow the identification of the source of the data. Common strategies for de-identifying datasets are deleting or masking personal identifiers.
“SaaS” stands for (“Software-As-A-Service”) Software that is rented rather than purchased. Instead of buying software and paying for periodic upgrades, SaaS is subscription based, and all upgrades are provided during the term of the subscription. When the subscription period expires, the access to the software is no longer valid.
“White Label” a version of the Gremlin software that allows users to customize the appearance and branding of gremlinsocial.com.
“Cascading Style Sheet” a text file that is used in web programming to set the appearance and style of a web page.
“Cascading Style Sheet Class” a block of text inside a Cascading Style Sheet that governs the appearance of an element or elements of a web page.
1.2 Software Usage:Subject to the terms in this Agreement, Gremlin grants to Client a limited, non-exclusive, non-transferable and non-sublicenseable access to use and access the Software for Client’s internal use. For use of the product, Services, Software, Documentation, Service, and platform, Client user pays a fee listed in the Proposal or Order Form. There is no local software installed on Client’s computers. The SaaS user does not possess SaaS intellectual property, but accesses it remotely through a Web browser, it pays for access to, rather than use of, the Intellectual Property (“IP”). Client shall be solely responsible for any authorized or unauthorized access to the Software and/or Deliverables using such usernames and passwords created by Client, assigned to Client by Gremlin, or adopted by Client, and any actions taken thereunder. Client shall comply with any and all local, state, federal or other laws applicable to the use or disclosure of any data input into or output from the Software and/or Deliverables. Client shall limit use of access to the Software and/or Deliverables solely to those of its employees or representatives whose duties require such use and access and shall undertake best efforts to ensure that Gremlin’s Confidential Information and the Gremlin Intellectual Property are kept secure.
1.3 Documentation License Grant:Subject to the terms in this Agreement, Gremlin grants to Client a non-exclusive, non-transferable license to use and make copies of the Documentation for internal use, archival purposes and for training and education, of Client’s employees and representatives.
1.4 Prohibitions:Under no circumstances may Client modify, decompile, reverse compile, disassemble or reverse engineer the Software or Deliverables, or grant any other person or entity the right or access to do so, without the advance written consent of Gremlin. Except as expressly authorized by this Agreement, Client shall not sublicense, assign, transfer, display, distribute, rent, lease or unbundle the Software or Deliverables or any portion thereof to any third party. Client may not use any interface other than that contained within the Software or Deliverables to transfer data into the database portions of the Software or Deliverables without Gremlin’s prior written approval.
1.5 Software Support:In consideration of and subject to payment of the license fee(s) specified in Schedule A, Gremlin agrees to provide Client the Software Support Services and to perform certain maintenance and support obligations according to the terms and conditions set forth herein.
1.6 Title:Title and ownership to the Software, source code and Documentation, and all related Intellectual Property Rights contained therein or related thereto, vest solely and exclusively with Gremlin and are and shall be considered Gremlin Confidential Information. Gremlin shall own any corrections, modifications, programs, enhancements, suggestions, updates, upgrades, information and work product conceived, created or developed by any party under this Agreement related to the Software, Documentation or other Gremlin Property. Client acknowledges that Gremlin has expended a significant amount of time and energy in the creation of the valuable Gremlin Property and shall take no actions that may detrimentally affect such Gremlin Property. Client shall not allow any third party to use or view the Software or Documentation without Gremlin’s prior written authorization. Except as expressly provided herein, Client acquires no right, title or interest therein or thereto to any Gremlin Property. Client acknowledges that Gremlin shall own all copyrights and other intellectual property (whether preexisting or newly developed) in and to the Software and/or Documentation, including without limitation, any deliverables (“Deliverables”), excluding any Client data or Client Confidential Information. Gremlin grants to Client a limited, non-exclusive, non-transferable and non-sublicenseable license to use the Deliverables for its own internal business purposes as long as this Agreement remains in effect. Client shall not sell, transfer, use, reproduce, edit or amend the Deliverables other than as expressly provided in this Agreement.
1.7 Restrictions:Unless otherwise agreed to in this Agreement, Client agrees it will not: (a) sell or lease any or all of the Software, source code, Documentation, Gremlin Confidential Information or Gremlin Intellectual Property Rights (collectively, “Gremlin Property”); (b) provide, transmit, disclose, divulge, or make available to, or permit use of the Gremlin Property by any third party or entity or machine; or (c) install, provide as a service, bundle, disclose, copy, use, or make the Gremlin Property available for use, or otherwise utilize any or all of the Gremlin Property in any manner that is not explicitly authorized in this Agreement.
1.8 Confidential Information:During the course of performance of this Agreement, either party may disclose to the other certain confidential information, including Gremlin Confidential Information and Client Confidential Information (as defined in section 1.1). The receiving party shall maintain the secrecy of all such Confidential Information disclosed to it pursuant to this Agreement. The receiving party shall not use, disclose or otherwise exploit any Confidential Information for any purpose not specifically authorized pursuant to this Agreement. All files, lists, records, documents, drawings, documentation, end-user materials, specifications, equipment and computer programs that incorporate or refer to any Confidential Information shall be returned, deleted or destroyed by the receiving party promptly upon termination or expiration of this Agreement. Confidential Information may be disclosed if produced in compliance with any court or administrative order or other legal process or to a regulator, provided, however, that the receiving party (unless prohibited by law) gives the disclosing party reasonable notice that such Confidential Information is being sought by a third party, so as to afford the disclosing party the opportunity to limit or prevent such disclosure.
1.9 Notification:In the event that Client has knowledge of any misuse or infringement of any Gremlin Property or Gremlin Confidential Information, Client shall promptly notify Gremlin of such determination, discovery or notification. Client shall not take any legal action relating to the protection or defense of any Gremlin Property or Gremlin Confidential Information without the prior written approval of Gremlin.
2.1 General:Upon execution of this Agreement and receipt of access to the Software by Client, all license and maintenance fees are due and payable in full as set forth in Schedule A (the “Fees”). Any amounts due under this Agreement shall be paid immediately following the month receipt of an invoice from Gremlin. If Client does not comply with Gremlin’s payment terms (approved by Client in Section A), Gremlin may declare Client in default, suspend further access to the Software and/or Deliverables or provision of any services and/or terminate this Agreement at Gremlin’s sole option and pursue any or all of the following remedies: (i) collect interest at the lower of the rate of 0.5% per month or the maximum interest rate under applicable law on all invoices past due by more than thirty (30) days; (ii) declare all unpaid balances, including interest, immediately due and/or (iii) any other remedies available at law or in equity. Such Fees do not include any applicable taxes or duties, including without limitation, state and local use, sales and property taxes and duties.
2.2 Reimbursement of Expenses:Unless otherwise noted in a SOW, Client shall reimburse Gremlin for any reasonable out-of-pocket expenses actually incurred by Gremlin and approved in advance by Client relating to Gremlin’s performance of its obligations under this Agreement.
2.3 Taxes:Client shall be responsible for and pay all taxes, duties, levies, tariffs or similar charges of any kind (including withholding or value added taxes) imposed by any authorized federal, state, or other governmental entity for all software or services provided under this Agreement, excluding any taxes or duties on the income of Gremlin. If Gremlin is required to pay any amounts or tax on payments made under this Agreement, Gremlin may increase any fees accordingly. Client shall hold Gremlin harmless from all claims and liability arising from Client’s failure to support or pay any such taxes, including duties, levies, tariffs or other similar charges, except as provided herein.
2.4 Audit:For a period of the Term and three (3) years thereafter, each party shall keep accurate books, records and accounts as are reasonably necessary to verify compliance with this Agreement, and shall, upon reasonable written notice, permit the other party or its representatives to inspect all such books, records and accounts and to make extracts from such books no more than once per calendar year. Any audit conducted pursuant to this Agreement shall be performed during normal business hours, with minimal disruption, and at the auditing party’s expense. Gremln will comply with the privacy laws, regulations and guidances.
3. Alliance Relationship
3.1 Management:The Parties shall each designate an “Alliance Manager” to be responsible for all matters pertaining to this Agreement. Each Party shall pay its own fees, costs and expenses associated with the management of the Agreement and any related activities.
3.2 Additional Services:Any additional services, not otherwise set forth or referenced herein, shall be provided by Gremlin under separate signed Client Consulting Agreement and Work Order and mutually agreed to in advance by the parties.
3.3 Content:During the term, subject to the other Party’s prior written approval, a Party may publish marketing content or links describing the activities described in this Agreement, as well as the other Party’s logo (text and graphics), trademarks, service names or other related graphics (“Marks”).Gremln may use the Party’s logo when displaying existing customer relationships. All uses of Party’s logo (text and graphics), trademarks, service names or other related graphics (“Marks”) are subject to prior written approval by the other Party. Each Party’s Marks shall at all times vest exclusively to such Party. Before a Party can use the other Party’s Marks, they must request and strictly abide by the other Party’s branding requirements, including, but not limited to the location, display, context, size and color of the Mark. Neither Party shall use the other Party’s Marks in any manner reasonably likely to dilute or disparage such Marks.
4. Term and Termination
4.1 Term:This Agreement shall become effective on the Effective Date and shall continue in full force for the time period stated on the Sales Proposal or the Order Page (“The Initial Term”). At the end of the Initial Term, the Agreement shall automatically renew for additional time period equal to that which was stated on the Sales Proposal or the Order Page (each, a “Renewal Term” and together with Initial Term, the “Term”) unless a Party provides 60-day notice of its intent to terminate the Agreement prior to the end of the applicable Initial Term or any Renewal Term. The term of this Agreement commences on the Effective Date and continues until all Subscription terms expire or are otherwise terminated. Notwithstanding the foregoing Client may terminate the Agreement at any time during the initial period or any renewal period, upon sixty (60) days written notice to Gremlin Social.
4.2 Termination for Cause:Either Party may terminate this Agreement if any of the following events occur: (a) failure to pay fees that are not under good faith dispute and is not cured within fifteen (15) days following written notice of the Party’s failure to pay fees; (b) a Party is in material breach of a non-monetary term, condition or provision of this Agreement that is not cured within thirty (30) days following written notice of the breach; or (c) a Party (i) becomes insolvent, admits in writing its inability to pay its debts as they mature, makes an assignment for the benefit of creditors, or is in the process of submitting to the direct control of a trustee, receiver or similar authority, or (ii) becomes subject to any bankruptcy or insolvency related proceedings under federal or state statutes which are not rescinded within sixty (60) days. Notwithstanding anything contained herein to the contrary, Gremlin may terminate this Agreement immediately for Client’s breach or threatened breach or violation of sections 1.2, 1.3, 1.4, 1.6, 1.7, 1.8, and 3.3.
4.3 Effect of Termination:Upon the termination or expiration of this Agreement for any reason, (a) Client’s license(s) and or access to the Software, Gremlin Confidential Information, Documentation and Deliverables shall immediately and automatically terminate, Client shall cease all access to and use of the Software, Documentation and Deliverables, and Client shall not thereafter use, advertise, or display any Gremlin Intellectual Property, (b) Client shall immediately return to Gremlin all Gremlin Intellectual Property and any other property, equipment and materials provided to Client by Gremlin (whether modified or unmodified), or immediately destroy such property at Gremlin’s sole option, (c) each party shall promptly remove from its web site any links or other references to the other party’s site, products or services, and (d) each Party shall certify its compliance with this Section to the other Party in writing. In the event this Agreement is terminated for any reason other than Gremlin’s breach of the Agreement, Gremlin shall be entitled to retain all prepaid amounts and Fees.
4.4 Survival:Notwithstanding any termination of this Agreement, Sections 1.4, 1.6, 1.7, 1.8, 4.3, 4.4, 5.4, 7.1, 7.2, and all of Section 8, shall survive termination of this Agreement indefinitely. All other rights and licenses granted hereunder will cease upon termination.
5. Warranties and Disclaimer
5.1 Warranties:For the period of time that this Agreement remains in force, Gremlin warrants to Client that: (i) the Software and Documentation, as provided to Client, do not infringe upon any United States copyright, patent, trade secret (ii) to the best of Gremlin’s knowledge, the Software will not contain any Trojan horses, works, viruses or other disabling devices, and (iii) the Software, as designed, will not violate any federal, state, or local law or regulation, (iv.) any datacenter hosting the Gremlin Property shall be SSAE16 compliant, (v.) the Software shall have a documented uptime of 99% uptime except for routine maintenance or upgrade outages, and (vi.) Gremlin will perform Services in a commercially reasonable manner in accordance with industry standards.
5.2 Conformity with Specifications:Gremlin does not warrant to Client that use of the Software will be uninterrupted, error free or will meet all of Client’s requirements. To the extent the Software fails to substantially conform to the Documentation, Gremlin shall have one hundred twenty (120) days from Client’s notification to correct any material non-conformities discovered or replace the non-conforming Software. In the event Gremlin is unable to fix or replace the Software, in Client’s sole discretion, Client shall be entitled to a refund of all prepaid license fees paid to Gremlin related to the nonconforming Software. At which time the client indicates the malfunction has been resolved or fixed, any future reports of specified malfunction will result in Gremlin being granted an additional one hundred twenty (120) days from notification to correct the malfunction.
5.3 Warranty Exclusions:The remedies in Sections 5.1 and 5.2 are available only if: (i) Client promptly notifies Gremlin in writing of nonconformities within a seven-day period (7) of the occurrence of the non-conformity; (ii) Gremlin’s examination of the media or Software discloses that such nonconformities exist; and (iii) the Software was only used or modified in accordance with the Documentation and was not subjected to negligence or computer or electrical malfunction.
5.4 Disclaimer of Warranty:WITH THE EXCEPTION OF THE LIMITED WARRANTY SET FORTH IN SECTION 5.1 AND SECTION 5.2, THE SOFTWARE AND DELIVERABLES AND ANY SERVICES PROVIDED UNDER THIS AGREEMENT ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, AND GREMLIN HEREBY DISCLAIMS ANY WARRANTIES, EXPRESS OR IMPLIED, RELATING TO THE SOFTWARE AND DELIVERABLES OR ANY SERVICES PROVIDED PURSUANT TO THIS AGREEMENT, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR ANY WARRANTY, GUARANTEE, OR ANY REPRESENTATIONS REGARDING THE USE, OR THE RESULTS OF THE USE OF THE SOFTWARE AND DELIVERABLES IN TERMS OF CORRECTNESS, ACCURACY, RELIABILITY OR OTHERWISE, INCLUDING COMPLIANCE WITH ANY FEDERAL, STATE OR LOCAL LAWS, RULES OR REGULATIONS GOVERNING CLIENT’S BUSINESS. GREMLIN PROVIDES NO GUARANTEE OR WARRANTY WITH REGARD TO THE SOFTWARE’S ABILITY TO ENFORCE, MAINTAIN, OR ADHERE TO REGULATORY GUIDELINES, REGULATIONS, RULES, OR LAWS. GREMLIN DOES NOT WARRANT THAT THE SOFTWARE AND DELIVERABLES WILL BE ERROR-FREE IN ALL CIRCUMSTANCES. CLIENT ACKNOWLEDGES AND AGREES THAT CERTAIN DATA IS PROVIDED BY CLIENT AND OTHER SOURCES, AND GREMLIN DOES NOT VERIFY, ERROR-CHECK OR WARRANT THE ACCURACY OR FITNESS OF ANY SUCH INFORMATION. THE SOFTWARE AND DELIVERABLES IS NOT A BACKUP SERVICE FOR STORING CONTENT OR OTHER DATA, AND GREMLIN SHALL HAVE NO LIABILITY REGARDING ANY LOSS OF DATA. CLIENT SHALL BE SOLELY RESPONSIBLE FOR CREATING BACKUPS OF ANY DATA PROVIDED. GREMLIN MAKES NO WARRANTY AND ASSUMES NO RESPONSIBILITY OR LIABILITY WITH REGARD TO ANY RELATIONAL DATABASE SOFTWARE OR SERVERS, OR ANY THIRD-PARTY HARDWARE, EQUIPMENT OR SOFTWARE WITH WHICH THE SOFTWARE AND DELIVERABLES MAY BE REQUIRED TO COMMUNICATE OR OPERATE.
5.5 Liquidated Damages:Gremlin disclaims warranty and may have other protections from a claim that are not provided in this Agreement. In the event that a valid claim is brought, the maximum that may be recovered from Gremlin is equivalent to a one-year service credit, or the annual amount of compensation paid to Gremlin.
6. White Label / Private Label Terms
6.1 GeneralGremlin offers the option to certain customers have Gremln, Inc. change the appearance and branding of the Gremlinsocial.com website. If Client is such a customer and expressly permitted to do so in writing, they must adhere to the following rules and regulations.
6.2 Branding and AppearanceGremlin permits client to (i) modify the style and appearance of the Gremlinsocial.com interface by altering the supplied CSS (Cascading Style Sheet) Classes contained within the supplied Style Sheet, whitelabel.css, (ii) change logos and report logos excluding all “powered by Gremlin” wording and imagery unless expressly permitted to do so in writing, (iii) change the destination URL of hyperlinks to the following links; about, home, terms, privacy, contact us, blog, and FAQ.
6.3 RestrictionsGremlin permits Client to White Label Gremlinsocial.com and offer it to their customers as a complement or supplement to Client’s current product and service offerings. Unless otherwise agreed to in this Agreement, Client agrees it will not: (a) compete directly with Gremlinsocial.com, (b) promote or portray the White Labeled version of Gremlinsocial.com as a stand-alone product, (c) create or offer any form of automated sign-up screens for direct use by Client’s customers or potential customers, (d) modify any aspect of the appearance or styles of Gremlinsocial.com outside of the supplied cascading style sheet, whitelabel.css, and the cascading style sheet classes expressly provided to Client.
6.4 ConfidentialityClient shall, during the course of Client’s relationship with Gremlin and at all times subsequent to Client’s relationship with Gremlin, hold in strict confidence all Confidential Information. Client will at no time, without prior written authorization by Gremlin, disclose, assign, transfer, convey, communicate, or use for the benefit of any person or entity other than Gremlin any Confidential Information, nor shall Client permit any other person or entity to use Confidential Information in competition with Gremlin.
6.5 Nonsolicitation of CustomersThroughout Client’s relationship with Gremlin, whether voluntary or involuntary, Client shall not, individually or collectively, as a participant in a partnership, sole proprietorship, corporation, limited liability company, or other entity, or as an operator, investor, shareholder, partner, director, Client, consultant, manager, or advisor of any such entity, or in any other capacity whatsoever, either directly or indirectly (i) request or advise any customer to withdraw, curtail, or cancel any of Customer’s business or other relationships with Gremlin. As used in this Agreement, “Customer” shall mean any person or entity that Gremlin, during the term of Client’s relationship (i) rendered any services or sold anything of value to.
6.6 Terms and PrivacyAny supplied Terms and Conditions and Privacy Statements supplied by Client to Client’s customers must not conflict with or alter the intended meaning of Gremlin’s Terms and Conditions and Privacy Statements.
6.7 Termination:Either party can terminate the relationship with a sixty (60) day notice. Upon termination, all customers of CLIENT who wish to continue to use the software will be transitioned from the white-labeled version of the product to the Gremlin version.
7. Indemnification and Limited Liability
7.1 By Client:Client will indemnify, defend and hold Gremlin and its affiliates, subsidiaries, directors, officers, employees, agents, and representatives harmless for all costs, expenses, damages, and liabilities, including, but not limited to, compensatory damages, enhanced damages, reasonable attorneys’ fees, and other losses (“Losses”), and will pay the costs and damages made in settlement or awarded as a result of, any third party action brought against Gremlin based on an allegation that the Client Confidential Information or Client data infringe on a third-party patent, trademark or copyright or involve misappropriation of any trade secret or other intellectual property, if Client is notified promptly by Gremlin in writing of any such action or allegation of infringement or misappropriation, and if Client shall have had sole control of the defense of any such action and all negotiations for its settlement or compromise; provided, however that Client shall not enter into any settlement or compromise that imposes any obligations on Gremlin or any of its affiliates or authorized users without first obtaining Gremlin’s prior written consent, which shall not be unreasonably withheld. Indemnification required herein shall include reasonable attorneys’ fees unless Gremlin elects to have any of its counsel participate after Client has assumed defense of Gremlin as provided herein, for which Gremlin shall pay its own costs. Client intends, understands and agrees that its sole and exclusive remedy for any intellectual property infringement is contained in this Section 7.2 and Gremlin intends, understands and agrees that Client’s only liability is defined in this Section 7 for any such intellectual property infringement. The covered Losses include any costs or losses caused by the entry of an injunction, including any costs associated with posting a bond during appeal, replacement costs, or business interruption losses. CLIENT SHALL INDEMNIFY AND HOLD GREMLIN HARMLESS FROM AND AGAINST ANY AND ALL CLAIMS, DAMAGES, LIABILITIES, LOSSES AND EXPENSES (INCLUDING REASONABLE ATTORNEYS' FEES, COSTS AND EXPENSES), HOWEVER CAUSED, AND WHICH ARISE FROM THE COMMISSION OF A WILLFUL OR NEGLIGENT ACT, OR THE WILLFUL OR NEGLIGENT FAILURE TO ACT, IN CONNECTION WITH THE PERFORMANCE OF ITS DUTIES HEREUNDER.
7.2 By Gremlin:Gremlin shall defend, indemnify, and hold harmless Client and its affiliates, subsidiaries, directors, officers, employees, agents, and representatives from and against any and all Losses arising out of or connected with any third-party Infringement Claim based on the authorized use of Gremlin’s services, products, programs, systems, and/or materials (“Gremlin’s Product”). “Infringement Claim” means any claim or action asserting that Client infringes, violates, or misappropriates any United States copyright, patent, trademark, or trade secret. The covered Losses include any costs or losses caused by the entry of an injunction, including any costs associated with posting a bond during appeal, replacement costs, or business interruption losses. GREMLIN SHALL INDEMNIFY AND HOLD CLIENT HARMLESS FROM AND AGAINST ANY AND ALL CLAIMS, DAMAGES, LIABILITIES, LOSSES AND EXPENSES (INCLUDING REASONABLE ATTORNEYS' FEES, COSTS AND EXPENSES), HOWEVER CAUSED, AND WHICH ARISE FROM THE COMMISSION OF A WILLFUL OR NEGLIGENT ACT, OR THE WILLFUL OR NEGLIGENT FAILURE TO ACT, IN CONNECTION WITH THE PERFORMANCE OF ITS DUTIES HEREUNDER.
7.3 Limitation on Liabilities:EXCLUDING GREMLIN’S INDEMNITY OBLIGATIONS UNDER SECTION 7.2, UNDER NO CIRCUMSTANCES SHALL GREMLIN BE LIABLE TO CLIENT OR TO ANY THIRD PARTIES FOR ANY DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL OR PUNITIVE DAMAGES FOR ANY MATTER ARISING FROM OR RELATING TO THIS AGREEMENT, ANY SERVICES PROVIDED HEREUNDER, THE SOFTWARE AND DELIVERABLES OR THE INTERNET GENERALLY, INCLUDING, WITHOUT LIMITATION, CLIENT’S USE OR INABILITY TO ACCESS AND USE THE SOFTWARE AND DELIVERABLES, ANY LOSSES ARISING OUT OF OR RELATED TO CLIENT’S FAILURE TO COMPLY WITH ANY APPLICABLE FEDERAL, STATE, OR LOCAL LAWS, RULES OR REGULATIONS, CLIENT’S WILLFUL OR NEGLIGENT ACT, OR THE WILLFUL OR NEGLIGENT FAILURE TO ACT, IN CONNECTION WITH THE PERFORMANCE OF ITS DUTIES HEREUNDER, ANY CHANGES TO OR INACCESSIBILITY OF THE SOFTWARE AND DELIVERABLES, DELAY, FAILURE, UNAUTHORIZED ACCESS TO OR ALTERATION OF ANY TRANSMISSION OR DATA, ANY MATERIAL OR DATA SENT OR RECEIVED OR NOT SENT OR RECEIVED, OR THE ACCURACY OF ANY DATA OR INFORMATION PROVIDED BY OR THROUGH THE SOFTWARE AND DELIVERABLES, WHETHER SUCH LIABILITY IS ASSERTED ON THE BASIS OF CONTRACT, TORT OR OTHERWISE AND EVEN IF GREMLIN WAS INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. IN THE EVENT THAT, DESPITE THE LIMITED REMEDY PROVIDED HEREIN, GREMLIN IS FOUND LIABLE FOR DIRECT DAMAGES, IN NO EVENT SHALL GREMLIN’S TOTAL LIABILITY FOR DIRECT DAMAGES EXCEED AN AMOUNT EQUAL TO THE TOTAL FEES PAID BY CLIENT WITHIN THE IMMEDIATELY PRECEDING TWELVE (12) MONTH PERIOD. THE DISCLAIMER OF WARRANTIES AND THE LIMITATION OF LIABILITY AND REMEDY ARE A REFLECTION OF THE RISKS ASSUMED BY THE PARTIES IN ORDER FOR GREMLIN TO PROVIDE AND FOR CLIENT TO OBTAIN ACCESS TO THE SOFTWARE AND DELIVERABLES FOR THE SPECIFIED FEES.
7.4 Accessibility:NOTWITHSTANDING THE FOREGOING, CLIENT UNDERSTANDS AND AGREES THAT, BY ITS VERY NATURE, A WEBSITE BASED SERVICE CANNOT BE ABSOLUTELY PROTECTED AGAINST INTENTIONAL OR MALICIOUS INTRUSION ATTEMPTS. FURTHERMORE, GREMLIN DOES NOT CONTROL THIRD PARTY OR CLIENT DEVICES, SYSTEMS AND COMPUTERS, OR THE INTERNET OVER WHICH CLIENT MAY CHOOSE TO SEND CONFIDENTIAL INFORMATION AND CANNOT, THEREFORE, ABSOLUTELY PREVENT SUCH INTERCEPTIONS OF COMPROMISES TO SUCH INFORMATION WHILE IN TRANSIT TO AND FROM GREMLIN. THEREFORE, GREMLIN HEREBY MAKES NO ABSOLUTE GUARANTEE AS TO SECURITY, INTEGRITY OR CONFIDENTIALITY OF ANY INFORMATION TRANSMITTED TO GREMLIN. GREMLIN CANNOT AND DOES NOT GUARANTEE THE ABSOLUTE SECURITY OF ELECTRONIC COMMUNICATIONS OR TRANSMISSIONS SINCE ANY TRANSMISSION MADE OVER THE INTERNET BY ANY ORGANIZATION OR ANY INDIVIDUAL RUNS THE RISK OF INTERCEPTION.
7.5 Application Security:Gremlin shall at all times employ all commercially reasonable efforts, consistent with technology, physical protection measures, processes and standards of practice that are in accordance with industry accepted standards used or observed by comparable suppliers of similar services/applications, which standards shall in no event be less than reasonable standards of care in all the circumstances to protect the security and integrity of the Software or SaaS (“referred to within this Section 7.5 as the “Application”). At a minimum, Gremlin agrees to the following as it relates to the Application:
7.5.1 Gremlin shall immediately and fully inform Client of all high or critical security-related issues discovered or brought to Gremlin’s attention. Gremlin will track all security issues uncovered during the entire lifecycle, whether a requirements, design, implementation, testing, deployment, or operational issue. The risk associated with each security issue will be evaluated, documented, and reported to Client as soon as possible after discovery. Remediation of security issues will be provided in a timely manner appropriate to the risk. Gremlin will appropriately protect information relating to security issues and its associated documentation, to help limit the likelihood that vulnerabilities in operational Application are exposed. Gremlin shall use all commercially reasonable efforts consistent with sound software development practices, taking into account the severity of the risk, to resolve all high or critical security-related issues as quickly as possible. Gremlin will be responsible for verifying that all members of the development team have been trained in secure programming techniques.
7.5.2 Gremlin must present Client with a certification package that consists of the security documentation created throughout the development process. The package should establish that the security requirements, design, implementation, and test results were properly completed and all security issues were resolved appropriately. Gremlin ensures they follow secure development practices which are periodically tested.
7.5.3 Gremlin ensures that the Application can operate on and is tested against the latest patches for the supporting operating systems required by Gremlin and stated in the applicable order. Gremlin guarantees that all critical and high exploit patches, released by supporting operating system vendors will be tested and certified within 30 days of patch notification, and all medium exploit patches will be tested and certified within 45 days of patch notification. Gremlin also ensures that their application will continue to be certified with future operating system upgrades of the then-current supported operating systems.
7.5.4 Gremlin shall disclose all third-party software used in the Application, including all libraries, frameworks, components, and other products, whether commercial, free, open-source, or closed-source. Gremlin shall make reasonable efforts to ensure that third party software meets all the security-related terms of this Agreement and is as secure as Gremlin’s proprietary code contained within the Application.
7.5.5 Gremlin agrees to have a third-party application assessment and penetration test completed annually. The review shall include, but not be limited to, validation and encoding, authentication and session management, access control, error handling, logging, connections to external systems, encryption, availability, and other common vulnerabilities. The review may include a combination of vulnerability scanning, penetration testing, static analysis of the source code, and expert code review. A summary of the review or third-party certification letter, which includes a detailed scope, will be provided to Client upon completion of test.
7.5.6 Gremlin agrees any changes to the Application shall undergo a vulnerability and penetration test prior to going to production.
7.5.7 Gremlin shall perform post production security scans to ensure that the Application or code was not modified from what was tested in test. Documentation of this process will be provided to Client upon request.
7.5.8 Upon request Gremlin, shall disclose security tools utilized within their software development lifecycle.
7.5.9 Any exchange or transmission of Client’s customers’ data, including exchanges or transmissions to and from 3rd parties (which must also be pre-authorized by Client), must use both file and transmission encryption.
7.5.10 Gremlin shall maintain a security architecture that includes at a minimum, but not limited to, network firewalls, intrusion detection and prevention systems, endpoint security, anti-virus, web application firewalls, content filtering applications, database monitoring, data leak prevention solutions, SIEM technology, and day zero malware detection and prevention.
7.5.11 Gremlin warrants that the Application shall not contain any code that weakens the security of the Application, including computer viruses, worms, time bombs, back doors, Trojan horses, Easter eggs, and all other forms of malicious code and that the Application does not contain any flaws described in then-current OWASP Top Ten Most Critical Web Application Vulnerabilities and SANS Top 25 software errors, or most common programming errors.