Software Agreement

This Software As a Service Agreement, (this “Agreement”), is a binding contract between Right-Hand Cyber Security, Inc (“Company/Right-Hand”)  with a place of business at 16192 Coastal Highway Lewes, DE 19958 and the individual/corporation, partnership, joint venture, limited liability company, governmental authority, unincorporated organization, trust, association or other entity intending to access and use the software owned and developed by Right-Hand (hereinafter referred to as “Customer”). For the purpose of clarity, Right-Hand and Customer shall be individually referred to as Party (“Party”) and collectively as Parties (“Parties”). By signing an accompanying agreement or clicking on the “Agree” button, the Customer agrees to the following terms and conditions:

  1. SERVICES

a. Customer shall order services provided by Right-Hand having the core functionality described in the Sales Quotation and/or invoice (“Sales Quote/Invoice”) provided to the Customer (“Service/s”). All services acquired by Customer shall be governed exclusively by this Agreement, Sales Quote/Invoice, and applicable Annexures. In the event of a conflict between the terms of a Sales Quote/Invoice and this Agreement, the terms of the Sales Quote shall take precedence. 

b. Right-Hand shall use reasonable efforts to provide the Services in accordance with the Agreement and applicable law; exercising reasonable care, skill and diligence; updated from time to time; using suitably skilled, experienced and qualified personnel. 

c. Right-Hand’s provision of the Services to the Customer is non-exclusive. Nothing in the Agreement prevents Right-Hand from providing the Services to any other person.

d. Subject to the terms hereof, Company will provide Customer with customer support, for the Services outlined in the Sales Quote/Invoice, including support via both telephone and electronic mail on weekdays during the hours of 9:00am through 5:00pm Eastern time, with the exclusion of Federal Holidays. However, it is possible that on occasion the Services may be unavailable to permit maintenance or other development activity to take place, or due to the occurrence of a Force Majeure Event. Right-Hand will use reasonable efforts to publish on the Website and notify the Customer by electronic mail in advance regarding details of any unavailability. Company will use commercially reasonable efforts to respond to all Customer needs within 24 hours.

e. The Service Level Agreement (“SLA/ Right-Hand Service Description”) for the Services is set forth in Annexure A hereto. The SLA sets forth the onboarding, customer support and maintenance service description provided by Right-Hand and Customer’s remedies for availability or quality of Services.

2. TERMS AND CONDITIONS

a. The Customer and its personnel must use the Services in accordance with the Agreement solely for: the Customer’s own internal business purposes; and lawful purposes and not resell or make available the Services to any third party, or otherwise commercially exploit the Services.

b. Customer will identify an administrative point of contact to interface with the Company, who will create a username and password for the Customer’s company account (“Customer Account”).

c. Only those personnel within the group of companies of the Customer who are authorized to access and use the Services on the Customer’s behalf shall have access to or will be permitted to use the Service (“Administrator/s”). The Customer will provide the Company with the Administrators’ name and other information that the Company reasonably requires.

d. A breach of any term of the Agreement by the Administrator/s or any of the Customer’s affiliates is deemed to be a breach of the Agreement by the Customer.

3. RESTRICTIONS AND RESPONSIBILITIES

When accessing the Services, the Customer and its personnel must:

a. Not impersonate another person or misrepresent authorization to act on behalf of others or Right-Hand;

b. Not attempt to undermine the security or integrity of the software owned by Right-Hand (and its licensors) to provide Services, IT solutions, systems and networks (including software and hardware) used to provide the Services, including any third party solutions, systems and networks (collectively “Underlying Systems”);

c. Not use, or misuse, the Services in any way which may impair the functionality of the Underlying Systems or impair the ability of any other user to access/use the Service;

d. Not attempt to view, access or copy any material or data other than that which the Customer is authorized to access and use according to this Agreement;

e. Access and use the software only through the domain(s) permitted by Right-Hand; Notwithstanding the foregoing, the Software may only be used (i) if the Customer has paid all applicable fees as provided in the Sales Quote/Invoice, and (ii) to the extent permitted by this Agreement with the Company;

f. Obtain and maintain any equipment and ancillary services needed to connect to, access or otherwise use the Services, including, without limitation, modems, hardware, servers, software, operating systems, networking, web servers and the like (collectively, “Equipment”); 

g. Maintaining the security of the Equipment, Customer Account, passwords (including but not limited to administrative and user passwords) and files, and for all uses of Customer Account or the Equipment;

h. Neither use the Service in a manner, nor transmit, input or store any data, that breaches any third party right (including Intellectual Property Rights and privacy rights) or is objectionable, incorrect or misleading;

i. Not, directly or indirectly: reverse engineer, decompile, disassemble distribute, or otherwise attempt to discover the source code, object code or underlying structure, ideas, know-how or algorithms relevant to the Services or any software, documentation or data related to the Company.  .

j. Comply with any terms and conditions on Right-Hand’s website (“Website”), as updated from time to time by Right-Hand.

4. CONFIDENTIALITY AND PROPRIETARY RIGHTS

a. Each Party in this agreement understands that business, technical or financial information relating to the Customer and Company’s organization (hereinafter referred to as “Confidential/Proprietary Information”) may be shared between the two Parties. Confidential/Proprietary Information of Company includes non-public information regarding features, functionality and performance of the Service. Confidential/Proprietary Information of Customer includes non-public data provided by Customer to Company to enable the provision of the Services. The Company agrees: (i) to take reasonable and necessary precautions to protect such Proprietary Information, and (ii) not to use (except in performance of the Services or as otherwise permitted herein) or divulge to any third person any such Proprietary Information.  

b. Each Party must, unless it has the prior written consent of the other Party, keep confidential at all times the Confidential Information of the other Party, effect and maintain adequate security measures to safeguard the other Party’s Confidential Information from unauthorized access or use; and disclose the other Party’s Confidential Information to its personnel or professional advisors on a need to know basis only and, in that case, ensure that any personnel or professional advisor to whom it discloses the other Party’s Confidential Information is bound by confidentiality obligations under this agreement.

c. Company shall own and retain all right, title and interest in and to (a) the Services and Underlying Systems, all improvements, enhancements, developments or modifications thereto, (b) any software, applications, inventions or other technology developed in connection Services or support provided to Customer, and (c) all Intellectual Property Rights related to any of the foregoing.     

d. Company shall have the right to collect and analyze personal data and information about the Customer and the Customer’s use of the Services, and any other data and other information relating to the provision, use and performance of various aspects of the Services and related systems and technologies, including, without limitation, information concerning customer data and data derived therefrom (collectively, “Customer Data”), and Company will be free (during and after the term hereof) to use such information and data to improve and enhance the Services and for other development, diagnostic and corrective purposes in connection with the Services and other Company offerings.

5. PAYMENT OF FEES

a. Customer will pay the applicable fees and taxes in the given terms as stated in the Sales Quote/Invoice.  

6. TERMS OF TERMINATION

a. Subject to early termination as provided below, this Agreement is for the Service term as specified in the Sales Quote/Invoice.

b. In addition to any other remedies it may have, either Party may terminate this Agreement upon thirty (30) days’ notice if the other Party materially breaches any of the terms of this Agreement. In the event Customer notifies Company of termination for causes not relating or pertaining to material breaches of any of the terms or conditions of this Agreement, no refund will be provided.

c. Company reserves the right to immediately terminate the agreement in the event of non-payment of applicable fees provided in the Sales Quote/Invoice.   

d. Termination or expiry of the Agreement does not affect either Party’s rights and obligations that accrued before that termination or expiry. On termination or expiry of the Agreement, the Customer must pay all fees for Services, as stated in the Sales Quote/Invoice, provided prior to that termination or expiry. Except to the extent that a Party has ongoing rights to use Confidential Information, at the other party’s request following termination or expiry of the Agreement, a Party must promptly return to the other Party or destroy all Confidential Information of the other Party that is in the first Party’s possession or control.  

e. Without limiting any other right or remedy available to the Company, the Company may restrict or suspend the Customer’s access to the Services and/or delete, edit or remove the relevant data if the Company considers that the Customer (including any of its personnel) has: undermined, or attempted to undermine the security or integrity of the Service or any Underlying Systems; used, or attempted to use, the Service for improper purposes, or in a manner, other than for normal operational purposes, that materially reduces the operational performance of the Services; transmitted, inputted or stored any data that breaches or may breach the Agreement or any third party right (including Intellectual Property Rights and privacy rights), or that is or may be objectionable, incorrect or misleading, or otherwise materially breached the Agreement  

7. WARRANTIES AND DISCLAIMER

a. Each Party warrants that it has full power and authority to enter into and perform its obligations under the Agreement which, when signed, will constitute binding obligations on the warranting Party.

b. To the maximum extent permitted by law, the Company warranties are limited to those set out in the Agreement, and all other conditions, guarantees or warranties, whether expressed or implied by statute or otherwise.

c. The Company makes no representation concerning the quality of the Services and does not promise that the Services will meet the Customer’s requirements or be suitable for a particular purpose, including that the use of the Services will fulfil or meet any statutory role or responsibility of the Customer; or be secure, free of viruses or other harmful code, be uninterrupted or error free.

d. Company shall use reasonable efforts consistent with prevailing industry standards to maintain the Services in a professional manner which minimizes errors and interruptions in the Services. Services may be temporarily unavailable for scheduled maintenance or for unscheduled emergency maintenance, either by Company or by third-party providers, or because of other causes beyond Company’s reasonable control, but Company shall use reasonable efforts to provide advance notice in writing or by e-mail of any scheduled service disruption to Customer. However, Company does not warrant that the Services will be uninterrupted or error free; nor does it make any warranty as to the results that may be obtained from use of the Services.  

e. Except as expressly set forth in this Clause 7, the Services and implementation of Services are provided “as is” and Company disclaims all warranties, express or implied, including, but not limited to, implied warranties of merchantability and fitness for a particular purpose and non-infringement.

8. LIMITATION OF LIABILITY

a. Company and its suppliers, officers, affiliates, representatives, contractors and employees shall not be responsible or liable with respect to any subject matter of this agreement or terms and conditions related thereto under any contract, negligence, strict liability or other theory: (a) for error or interruption of use or for loss or inaccuracy or corruption of data or cost of procurement of substitute goods, services or technology or loss of business; (b) for any indirect, exemplary, incidental, special or consequential damages; (c) for any matter beyond company’s reasonable control; or (d) for any amounts that, together with amounts associated with all other claims, exceed the fees paid by customer to company for the services under this agreement in the 12 months prior to the act that gave rise to the liability, in each case, whether or not company has been advised of the possibility of such damages.

9. DATA PRIVACY

a. The Customer acknowledged that the Company may require access to the Customer Data to exercise its rights and perform its obligations under the Agreement. The Customer must arrange all consents and approvals that are necessary for the Company to access the Customer Data.

b. The Parties acknowledge that they shall be bound by the terms of Company’s privacy policy available on the Company Website. 

c. Company’s cloud infrastructure is divided into two segments: 1) access to Amazon console; and 2) access to data servers. Access to Amazon console is password protected using 2FA authentication. Access to data servers is only available using an access key with RSA encryption. 

d. The Company acknowledges that in order to protect Customer’s employee credentials, credentials are stored in a Postgres database deployed in AWS RDS infrastructure. All passwords are stored in a hashed format, preventing any unauthorized access from reading or using the credentials.

e. Company will retain the Customer Data as long as they are an active user. Upon termination of this Agreement, Company will delete the Customer Data using the methods provided under Clause 9(f) below and make Customer Data inaccessible. However, in the event the Customer Data is stored using the Soft Delete method provided in Clause 9(f)(i) upon termination of this Agreement, the Company will anonymize such data and shall aggregate such data into statistical and analytical data.  

f. Company has  two modes of data deletion:

    • Data is not accessible, but it exists on the server if Customer wants any data in the future (“Soft Delete”). 
    • All Customer Data is erased from Company’s servers (“Hard Delete”). In this case, Company cannot provide any data if needed in the future.

10. INTELLECTUAL PROPERTY

a. Subject to this Clause 10, title to, and all Intellectual Property Rights in the Services, the Website, and all Underlying Systems is and remains the property of the Company (and its licensors).

b. Title to, and all Intellectual Property Rights in the Customer Data (as between the Parties) remains the property of the Customer. The Customer grants the Company a non-exclusive and non-transferable license to use, store, copy, modify, make available and communicate the Customer Data for any purpose in connection with the exercise of its rights and performance of its obligations in accordance with and solely during the subsistence of this Agreement

c. For clarity, the term Intellectual Property Rights shall mean and include copyright and all rights existing anywhere in the world conferred under statute, common law or equity, now or hereafter in force or recognized, including: (a) copyrights, trade secrets, know-how, trademarks (registered and unregistered) and service marks, patents, inventions, designs, circuit layouts, data, databases, confidential information, logos and trade dress, moral rights, mask works, publicity rights and privacy rights relating to inventions (including patents), registered and unregistered trademarks and designs, circuit layouts, data and databases, confidential information, know-how, and all other rights resulting from intellectual activity and (b) any application or right to apply for any of the rights referred to in the foregoing sub-clause (a), and all renewable, extension and restoration. Intellectual Property has a consistent meaning, and includes any enhancement, modification or derivative work of the Intellectual Property (“Intellectual Property Rights”).

11. INDEMNITY

a. Each Party undertakes to indemnify the other Party against any liability, claim, proceedings, cost, expense (including the actual legal fees charged by the other Party’s solicitors) and loss of any kind arising from any actual or alleged claim by a third party that any data infringes the rights of that third party (including Intellectual Property Rights and privacy rights) subject to proof of breach or negligence of the Party. The indemnity is subject to the indemnified Party promptly notifying the indemnifying Party in writing of the alleged claim; making no admission of liability and not otherwise prejudicing or settling the claim, without the indemnifying Party’s prior written consent; and giving the indemnifying Party complete authority and information required for the indemnifying Party to conduct and/or settle the negotiations and litigation relating to the claims. 

b. Certain information and data made available by the Company, while providing Services, may be the property of third party content providers. The Company has been licensed by the content providers to store, catalog and distribute this information to the Customer. The information and data are protected by copyright and other intellectual property laws and no such right is deemed to have been transmitted by this arrangement to the Customer. The Company hereby undertakes that no intellectual property rights of a third party have been violated in order to provide Services to the Customer.

c. In the event there are any third-party claims against the Customer, the Company shall indemnify the Customer against any claim or proceeding brought against the Customer to the extent that claim or proceeding alleges that the Customer use of the Services in accordance with the Agreement constitutes an infringement of a third party’s Intellectual Property Rights (“IP Claim”). The indemnity is subject to the Customer: promptly notifying the Company in writing of the IP Claim; making no admission of liability and not otherwise prejudicing or settling the IP Claim, without the Company’s prior written consent; and giving the Company complete authority and information required for the Company to conduct and/or settle the negotiations and litigation relating to the IP Claim. The costs incurred or recovered are for the Company’s account.

d. The indemnity in Clause 11(c) does not apply to the extent that an IP Claim arises from or in connection with: the Customer’s breach of the Agreement; use of the Service in a manner or for a purpose not reasonably contemplated by the Agreement or otherwise not authorised in writing by the Company; or any third party data.

e. If at any time an IP Claim is made, or in the Customer’s reasonable opinion is likely to be made, then in defense or settlement of the IP Claim, the Company may (at the Company’s option): obtain for the Customer the right to continue using the items which are the subject of the IP Claim; or modify, re-perform or replace the items which are the subject of the IP Claim so they become non-infringing.

12. FORCE MAJEURE

a. Force Majeure Event shall mean any occurrence, omission or circumstances beyond the reasonable control of the Parties (other than payment obligation), which results in a Party being unable to observe or perform on time an obligation under this Agreement (“Force Majeure Event”). 

b. Neither Party shall be held responsible for delays/non-adherence to the terms of this Agreement, resulting from acts/ reasons recognized as a Force Majeure Event. However, both Parties shall reasonably endeavor to minimize the negative effects caused by such acts/ reasons. 

13. DISPUTE RESOLUTION

In the event of a dispute, the Parties hereby agree that:

a. They will first attempt, in good faith, and prior to any litigious acts (other than seeking an injunction or other equitable relief to prevent or stop a breach of this Agreement or a violation of any rights either Party may have under law), to resolve such dispute through direct negotiation, including executive-level attention if no other means has resolved the dispute, for at least thirty (30) days following the initial disputing Party’s first giving Notice of a dispute; and

b. If a dispute cannot be resolved during that period, each Party hereby agrees and covenants that both shall submit to mediation under a mutually agreeable mediator, in person or through telephone or other simultaneous communications or other period as the Parties may otherwise agree in writing.

c. Each Party shall bear its own costs of mediation, including its own attorney’s fees, travel and communication fees, if any, and an equal share of all mediator fees. The mediator shall consider and have the authority to award only the type and amount of damages contemplated in this Agreement. The Parties and their representatives shall hold the existence, content and result of any mediation as the Confidential Information of the other Party.

14. GOVERNING LAW; VENUE; STATUTE OF LIMITATION; ATTORNEY’S FEES; CUMULATIVE REMEDIES

a. This Agreement shall be governed by, enforced and construed in accordance with the laws of Delaware, without regard to any conflict of laws principles.  No action, regardless of form, may be brought by either Party more than two (2) years after the cause of action accrued. 

b. Except for mediation, in the event of any action at law or in equity, including an action for declaratory relief, the prevailing Party shall be entitled, in addition to other such relief as may be granted, to a reasonable amount for attorney’s fees actually incurred, costs of collection, litigation, or other fees set by the court overseeing such action or as may be enforced in a separate action brought for that purpose. 

c. Except as otherwise expressly provided herein, all remedies provided for in this Agreement shall be cumulative and in addition to and not in lieu of any other remedies available to either Party at law or in equity.

15. NON-SOLICITATION AND NON-COMPETE

a. The Customer and the Company agree that they shall not, during the term of this Agreement and for a period of two (2) years from the date of termination or expiry of this agreement, solicit or in any other manner, induce an employee, agent or affiliate of the other Party to leave his/her employment and pursue an employment with them. Either Party agrees not to start any competing business in the similar or related industry as the Other Party for a period of two (2) years after the termination of this Agreement.

16. WAIVER

a. To waive a right under the Agreement, that waiver must be in writing and signed by the waiving Party.

17. INDEPENDENT CONTRACTOR

a. The Company is an independent contractor of the Customer, and no other relationship (e.g. joint venture, agency, trust or partnership) exists under the Agreement.

18. NOTICES

a. A notice given by a Party under the Agreement must be delivered to the other Party via email or otherwise notified by the other Party for this purpose. 

19. SEVERABILITY AND SURVIVAL:

a. If any provision of the Agreement is, or becomes, illegal, unenforceable or invalid, the relevant provision is deemed to be modified to the extent required to remedy the illegality, unenforceability or invalidity.

b. If modification under Clause 19(a) is not possible, the provision must be treated for all purposes as severed from the Agreement without affecting the legality, enforceability or validity of the remaining provisions of the Agreement.

c. The provisions of this Agreement which by their nature are intended to survive termination shall survive termination. 

20. PUBLICITY: 

a. Company may, with prior consent of the Customer, include the Customer’s name and logo as a reference for Company’s marketing purposes. Company shall coordinate its efforts with appropriate communications personnel in the Customer’s organization to secure approval for any reference, if necessary.

21. RIGHTS OF THIRD PARTIES: 

a. No person other than the Company and the Customer has any right to a benefit under, or to enforce, the Agreement.


ANNEXURE A

Right-Hand Services Description

Right-Hand Cybersecurity (Right-Hand/Us/We/Our) empowers businesses to monitor, measure and mitigate employee induced cyber risks in real-time. We help organizations transform from being Cyber Aware to Cyber Ready, which starts with your employee staff. We provide the following assistance to enable our customers (Customer/You) in becoming Cyber Ready:

1. Onboarding & Implementation

Onboarding & Implementation is the end to end process to educate Our Customer on how to utilize our solutions within Right-Hand’s portfolio.

We will support Our Customer with the help of the following resources:

  • Dedicated point of contact to assist you throughout the onboarding procedure;
  • Recurring meetings throughout the onboarding procedure;
  • Employee Active Directory Integration or CSV import options to onboard employees;
  • Whitelisting Instructions (if applicable);
  • Portal customization;
  • 24 Hour Response Time SLA;
  • 8X5 Availability;


Access to our support portal with full documentation:
https://help.right-hand.ai/ . 

2. Customer Support

Customer support is the end to end process to ensure smooth ongoing delivery of Right-Hand’s solutions throughout your subscription lifecycle.

We will provide you with the following assistance to ensure smooth-functioning of Our Solutions:

  • Dedicated point of contact to address all your concerns; 
  • Recurring meetings throughout the subscription lifecycle;
  • 24 Hour Response Time SLA;
  • 99% product uptime 
  • 8X5 Availability;


3. Managed Service

In order to ensure harmonious operation of Our Solutions, Right-Hand will maintain and manage each of the products outlined in the invoice/quotation provided to Our Customer.

We will provide the following services to Our Customer to ensure efficient management of Our Solutions:

  • Dedicated point of contact to address any maintenance issues found in Our Solutions;
  • Prioritization of key feature requests;
  • Quarterly Phishing Simulations (if applicable);
  • Quarterly Training Modules (if applicable);
  • Quarterly Reports (if applicable);
  • 24 Hour Response Time SLA;
  • 99% product uptime
  • 8X5 Customer Support;
  • Access to our support portal with full documentation: https://help.right-hand.ai/


If Right-Hand does not meet Managed Service expectations with the delivery of a monthly report, Phishing Simulation (if applicable), Training Module (if applicable), and/or Compliance Policy Assessment (if applicable), then Right-Hand will provide an additional report, Phishing Simulation (if applicable), and/or Training Module (if applicable) the following month.

Right-Hand recommends all customers to utilize Onboarding & Implementation and either Customer Support or the Managed Service, along with selected products.