Master Service Agreement — Bring Your Own Cloud (BYOC)
MASTER SERVICE AGREEMENT — BRING YOUR OWN CLOUD (BYOC)
This Master Service Agreement (the "Agreement"), effective as of the date of execution of the Order Form (the "Effective Date"), is between QEVLAR AI INC., a Delaware corporation with offices at 8 The Green, Suite A,Dover, DE 19901, United States of America ("Provider"), and the Customer identified in the Order Form. Provider and Customer are each a "Party" and together the "Parties".
1. Definitions
"Affiliate" means any entity that controls, is controlled by, or is under common control with aParty, where "control" means ownership of more than 50% of the voting interest.
"Aggregated Statistics" means data and information related to use of the Services that Provider compiles in an aggregated and anonymized form.
"Alert" means data, information, or notifications received from Customer's Security Toolsregarding a potential or actual threat, which the Services process to generate an Investigation Report.
"Authorized User" means Customer's employees, consultants, contractors, and agents authorized by Customer to access the Services and for whom access has been purchased.
"BYOC Cloud" meansthe cloud-provider project, subscription, or account designated in the OrderForm within which the BYOC Software is deployed.
"BYOC Deployment" means a deployment of the Services in which the BYOCSoftware runs inside the BYOC Cloud rather than within Provider's hosted environment, as designated in an Order Form.
"BYOC Software" means the distribution of the Services packaged for deployment within a BYOC Cloud, including all updates and new versions madeavailable by Provider.
"Confidential Information" has the meaning given in Section 6.
"Control Plane" means the management, deployment, configuration, monitoring, and orchestration plane operated by Provider through which Provider provisions, updates, supports, and observes BYOC Software deployments. The Control Plane isProvider IP and is hosted by Provider (not within the BYOC Cloud).
"Customer Data" means other than Aggregated Statistics, information, data, and content submitted to, transmitted through, or generated by the Services, including data residing in the BYOC Cloud as part of a BYOC Deployment.
"Data Processing Agreement" means the Qevlar AI Data Processing Agreement at www.qevlar.com/legal/agreements/dpa.
"Documentation" means Provider's user manuals, deployment guides, and operational requirements for the Services and the BYOC Software.
"End Customer" means a third-party customer of an MSSP Customer to which the MSSP Customer is authorized to deliver Managed Services using the Services.
"Error" means a demonstrable and reproducible substantial failure of the Services to meet the specifications expressly made known by Provider in writing.
"Fees" means the fees set forth in an Order Form, accrued through usage, or otherwise payable under this Agreement.
"Investigation Report" means the report, output, analysis, Score, or suggested remediation generated by the Services in connection with an Alert.
"Managed Services" means the managed security, monitoring, detection, response, or related services that an MSSP Customer is authorized to provide to EndCustomers using the Services.
"Order Form" means an ordering document executed by Customer and Provider that references thisAgreement and specifies the Services, Usage Limit, Fees, Subscription Term, deployment mode, and any other deal-specific commercial terms. In the event of conflict, this Agreement controls except as to commercial terms and the deployment-mode designation expressly set out in the Order Form.
"Personal Data" has the meaning given in the Data Processing Agreement.
"Platform" means the online platform through which Customer and Authorized Users access theServices, including (for BYOC Deployments) the BYOC Software and the ControlPlane.
"Provider IP" means the Services, the BYOC Software, the Control Plane, theDocumentation, Aggregated Statistics, and any other intellectual property ofProvider, but excluding Customer Data.
"Score" means the severity classification assigned by the Services to an Alert.
"Security Tool" means any third-party security, monitoring, detection, logging, or alerting tool used by Customer in connection with the Services.
"Service Level Agreement" means the Qevlar AI Service Availability commitment at www.qevlar.com/legal/agreements/sla.
"Services" meansProvider's proprietary AI-based cybersecurity solution, including the BYOC Software where applicable, and all updates, fixes, and enhancements provided by Provider from time to time.
"Subscription Term" or "Term" means the start and end date of Customer's subscription as set forth in the Order Form.
2. Access and Use
2.1 Provision of Access. Subject to Customer's payment of Fees and compliance with this Agreement, Provider grants Customer a non-exclusive, non-transferable, non-sublicensable right, for the Subscription Term, to access and use the Services solely by Authorized Users for Customer's internal business purposes, in either a Provider-hosted deployment or, where the OrderForm so designates, a BYOC Deployment under Section 2.7. Provider will provideCustomer with the necessary credentials and connections. Provider may use third-party contractors to provide the Services and remains responsible for their acts and omissions. Provider may make changes to the Services from time to time, subject to prior written notice in the event of any change that would have a material adverse impact on Customer's use of the Services. Unless expressly authorized in an Order Form, Customer may not use the Services to provide managed security, outsourced, service-bureau, or similar services to any third party (including any Affiliate).
2.2 MSSP Customer. Where the Order Form designates Customer as an"MSSP Customer", Provider grants MSSP Customer the right, for theSubscription Term, to access and use the Services solely by Authorized Users employed or engaged by MSSP Customer and solely to deliver Managed Services to the End Customers identified in the Order Form, including through a tenant operated by MSSP Customer for that purpose (the "MSSP Tenant"). MSSP Customer shall not (a) permit any End Customer or any other third party to access the Services, the Platform, the MSSP Tenant, or any Authorized User credentials; (b) deliver to any End Customer any raw Investigation Report,Alert, or Score except as incorporated by MSSP Customer into its own deliverable in the ordinary course of providing Managed Services; or (c)resell, distribute, or sublicense the Services to any End Customer or third party, except under a separate Master Partner Agreement executed by theParties. MSSP Customer remains primarily and fully liable to Provider for all access to and use of the Services by Authorized Users and (whether or not permitted) by End Customers, and shall ensure that each End Customer has entered into a written agreement with MSSP Customer that imposes confidentiality, data-protection, and use-restriction obligations no less protective of Provider than those in this Agreement, disclaims any claim of theEnd Customer in or to the Services or Provider IP, and names Provider as an intended third-party beneficiary entitled to enforce those obligations directly. Where the Order Form so designates, an MSSP Customer may operate theMSSP Tenant under a BYOC Deployment, in which case the references to the MSSPTenant in this Section 2.1 include the BYOC Software deployed within the BYOC Cloud.
2.3 Documentation License. Subject to this Agreement, Provider grantsCustomer a non-exclusive, non-sublicensable, non-transferable license to use the Documentation during the Term solely for Customer's internal business purposes in connection with its use of the Services.
2.4 Usage Limit. The Services are licensed on an Alert-based basis. The maximum number of Alerts that may be submitted to the Services during the applicable subscription period (the "Usage Limit") is set forth in the Order Form. An Alert is counted each time it is submitted for processing.Provider may monitor Customer's usage (including through the Control Plane) to verify compliance. If Customer exceeds the Usage Limit, Provider may invoice the excess at Provider's then-current list price; if Customer exceeds the UsageLimit by more than 10%, Provider may, on written notice, suspend access until Customer purchases an upgrade or reduces usage.
2.5 Use Restrictions. Customer shall not, and shall not permit anyAuthorized User to: (a) copy, modify, or create derivative works of theServices, the BYOC Software, or the Documentation; (b) sell, license, sublicense, distribute, or otherwise make the foregoing available to any third party (except as expressly permitted for BYOC Deployments under Section 2.7);(c) reverse engineer, decompile, or attempt to derive source code from any software component; (d) bypass or circumvent any security or metering control;(e) use the Services in a manner that infringes any third-party right or violates applicable law; (f) use the Services for benchmarking, competitive analysis, or publication of performance results without Provider's prior written consent; or (g) transmit to the Services any material that contains malicious code or that Customer is not authorized to transmit.
2.6 Suspension. Provider may temporarily suspend Customer's access(including by disabling Control Plane integration with a BYOC Deployment) ifProvider reasonably determines that: (a) Customer's use of the Provider IP threatens or disrupts the security or integrity of the Provider IP or any other customer; (b) Customer is using the Services for fraudulent or illegal activities; (c) Provider's provision of the Services is prohibited by applicable law; or (d) Customer has failed to pay undisputed amounts when due and has not cured within a reasonable period after written notice. Provider will use commercially reasonable efforts to give written notice and to restore access promptly once the cause is cured. Provider has no liability for losses arising from a Service Suspension.
2.7 BYOC Deployment. This Section 2.7 applies only where an Order Form designates the deployment model as a BYOC Deployment. In the event of conflict between this Section 2.7 and any other provision of this Agreement with respect to a BYOC Deployment, this Section 2.7 controls.
(a) License of the BYOC Software. Subject to this Agreement, Provider grants Customer a non-exclusive, non-transferable, non-sublicensable right, for the Subscription Term, to install, deploy, and operate the BYOC Software within the BYOC Cloud, solely (i) for Customer's internal business purposes, or (ii)where Customer is an MSSP Customer under Section 2.2, to deliver ManagedServices to the End Customers identified in the Order Form. The BYOC Software is licensed, not sold; Provider retains all rights in the BYOC Software and theControl Plane.
(b) Customer Responsibilities for the BYOC Cloud. Customer is solely responsible, at its own cost, for: (i) all charges levied by the BYOC Cloud provider (compute, storage, networking, egress, support); (ii) the BYOC Cloud account credentials, security configuration, identity and access management, network architecture, and key custody; (iii) routine operational maintenance of the BYOC Cloud, including infrastructure uptime, scaling, backups, and log retention; (iv) all data residing in the BYOC Cloud (subject to the DataProcessing Agreement and Section 7.2); and (v) compliance with the terms of service of the BYOC Cloud provider.
(c) Provider Responsibilities. Provider shall (i) deliver the BYOCSoftware (including updates, security patches, and new versions) on the cadence set forth in the Service Level Agreement and Documentation, (ii) operate and secure the Control Plane, (iii) provide technical support under the Service Level Agreement and Support Policy, and (iv) remediate vulnerabilities discovered in Provider's code in the BYOC Software. Provider's obligations do not extend to the BYOC Cloud infrastructure or to data residing in the BYOC Cloud (other than in respect of Provider's processing of Customer Data onCustomer's behalf under the Data Processing Agreement).
(d) Access and Telemetry. Customer grants Provider the right to access the BYOC Cloud and the BYOC Software, through the Control Plane and secure remote-access mechanisms specified by Provider, solely to the extent reasonably necessary to deploy, configure, update, maintain, and support the BYOC Software, monitor its operational health and security, and verify compliance with the Usage Limit and this Agreement. Customer authorizes Provider to transmit operational telemetry, performance metrics, security logs, configuration data, and (subject to the Data Processing Agreement) Customer Data between the BYOC Cloud and the Control Plane. Customer shall not block Provider's access except as permitted by the Documentation.
(e) Shared Responsibility; Cloud-Provider Carve-Out. A BYOC Deployment operates under a shared-responsibility model: Provider is responsible for the BYOC Software and the Control Plane; Customer is responsible for the BYOC Cloud and all matters in clause (b). Provider's Service Level Agreement obligations are measured at the BYOC Software layer only. Any downtime, latency, data loss, or other failure caused by or attributable to the BYOC Cloud, Customer's configuration of the BYOC Cloud, or Customer's non-compliance with the BYOCCloud provider's terms is an Availability Exclusion and does not count against the Monthly Availability Rate. Provider has no liability arising from or relating to the BYOC Cloud, any act or omission of the BYOC Cloud provider, Customer's configuration of the BYOC Cloud, or Customer's failure to comply with the BYOC Cloud provider's terms.
(f) BYOC Deployment Parameters. The deal-specific parameters of eachBYOC Deployment (BYOC Cloud project IDs, regions, BYOC Software version, Control Plane endpoint, operations and incident contacts, permitted ControlPlane access scope, and encryption-key custody) are set forth in the applicable Order Form.
(g) Termination of BYOC Deployment. On expiration or termination of thisAgreement or the relevant Order Form, Customer shall (i) cease use of the BYOCSoftware, (ii) decommission the BYOC Deployment within thirty (30) days (or such longer period agreed in the Order Form for regulated customers), including by removing all BYOC Software instances from the BYOC Cloud and disconnectingControl Plane integrations, (iii) destroy all copies of the BYOC Software inits control, and (iv) certify completion in writing to Provider. Customer's obligations with respect to Customer Data and Personal Data on termination are governed by Section 11.3 and the Data Processing Agreement.
2.8 Aggregated Statistics. Provider may compile Aggregated Statistics from Customer's use of the Services. As between the Parties, all rights in Aggregated Statistics are retained by Provider, provided that Aggregated Statistics do not identify Customer or Customer's Confidential Information.
2.9 Reservation of Rights. Provider reserves all rights not expressly granted in this Agreement. No other rights in the Provider IP are granted by implication, estoppel, or otherwise.
3. Customer Responsibilities
3.1 General. Customer is responsible and liable for all use of theServices resulting from access provided by Customer, directly or indirectly, including all acts and omissions of Authorized Users. Customer shall keep all credentials confidential, ensure that its systems satisfy Provider's published minimum requirements, and maintain appropriate security and antivirus protection. Customer is responsible for obtaining, configuring, and operating its Security Tools and for ensuring that all Alerts and other data transmitted to the Services comply with the Documentation. Provider is not responsible for any failure or inaccurate Investigation Report to the extent caused byCustomer's Security Tools, systems, configurations, or failure to provide accurate Alerts or Customer Data. Customer represents that it has all necessary rights, notices, consents, and authorizations for Provider to process Alerts and Customer Data in accordance with this Agreement and the Data Processing Agreement.
3.2 Customer Materials. Customer shall supply such information asProvider reasonably requests in order to perform the Services ("CustomerMaterials"), and grants Provider a limited license to use the CustomerMaterials solely as necessary to provide the Services. Customer is solely responsible for the accuracy, completeness, legality, and non-infringement of the Customer Materials. To the extent any Customer Materials include Personal Data, the processing of the same is subject to the Data Processing Agreement.
4. Service Levels; Support; Changes
4.1 Service Levels and Support. Provider will provide service availability in accordance with the Service Level Agreement and technical support in accordance with the Qevlar AI Support Policy. Customer acknowledges thatProvider does not guarantee that the Services will operate without interruption, defect, or error.
4.2 Errors and Maintenance. Customer shall report Errors in reasonable detail. Provider shall use reasonable efforts to correct Errors or implement workarounds in accordance with its usual release policy, and may requireCustomer to cooperate with maintenance activities (including deployment of patches through the Control Plane and temporarily ceasing use of the Services where reasonably necessary). Customer is responsible for its own configuration, parameterization, and use of the results.
4.3 New Versions. When a new version of the Services or BYOC Software is released, Provider may cease maintaining prior versions. Provider is not obliged to maintain or add features specifically for Customer, and may requireCustomer to modify its systems or BYOC Cloud configuration to support a new version.
4.4 Additional Services. If Provider performs, at Customer's request, services outside the scope of the Services and support included in this Agreement and the Order Form (including configuration, custom development, training, BYOC migration assistance, and integrations not covered in the Documentation), Customer shall pay Provider at Provider's then-current standard rates. Provider is not obligated to perform any additional services and may require the Parties to enter into a written statement of work.
5. Fees and Payment
5.1 Fees. Customer shall pay the Fees set forth in the Order Form within thirty (30) days after receipt of an invoice, in U.S. dollars, without offset or deduction. Unless otherwise stated in the Order Form, Fees are invoiced annually in advance and are non-refundable except as expressly set out in thisAgreement. Provider's Fees compensate Provider for the Services, the BYOCSoftware, the Control Plane, maintenance, and support, and (for BYOC Deployments) do not include the cost of the BYOC Cloud, which Customer pays directly to the BYOC Cloud provider. Past-due amounts accrue interest at 1.5% per month (or, if lower, the highest rate permitted by applicable law). If a failure to pay undisputed amounts continues for thirty (30) days after written notice, Provider may suspend access to the Services until payment is received.
5.2 Taxes. All Fees are exclusive of taxes (including VAT and similar).Customer is responsible for all such taxes other than taxes on Provider's net income.
6. Confidential Information
Each Party may disclose to the other information about its business, products, intellectual property, trade secrets, and other proprietary or sensitive matters, whether or not marked as confidential ("ConfidentialInformation"). Confidential Information does not include information that(a) is in the public domain other than through breach of this Agreement, (b) is known to the receiving Party before disclosure, (c) is rightfully received from a third party without a duty of confidentiality, or (d) is independently developed by the receiving Party.
The receiving Party shall not disclose the disclosing Party's ConfidentialInformation except to its employees, contractors, and Affiliates with a need to know who are bound by confidentiality obligations no less protective than those set forth herein. The receiving Party may disclose Confidential Information to the extent required by court order or applicable law, provided that it gives prior written notice and a reasonable opportunity for the disclosing Party to seek a protective order. On termination, the receiving Party shall return or destroy all copies of the disclosing Party's Confidential Information and certify destruction in writing.
Confidentiality obligations under this Section 6 expire five (5) years after disclosure, except that trade secrets remain protected for as long as they qualify as such under applicable law. Provider may identify Customer as a customer and use Customer's name and logo in sales, marketing, and investor materials.
7. Intellectual Property; Customer Data; AI
7.1 Provider IP. As between the Parties, Provider owns all rights, title, and interest in and to the Provider IP, including the BYOC Software and the Control Plane.
7.2 Customer Data. As between the Parties, Customer owns all rights, title, and interest in and to the Customer Data. Customer grants Provider anon-exclusive, royalty-free, worldwide license to use the Customer Data as necessary to provide the Services. To the extent the Customer Data includesPersonal Data, the processing of the same is subject to the Data ProcessingAgreement. For BYOC Deployments, Customer Data resides primarily within theBYOC Cloud under Customer's control; Provider's license extends to CustomerData transmitted to the Control Plane and to operational telemetry generated by the BYOC Software as necessary to provide the Services.
7.3 Feedback. If Customer provides Provider with suggestions, comments, or recommendations regarding the Provider IP ("Feedback"), Customer assigns to Provider all right, title, and interest in such Feedback, andProvider may use it without attribution or compensation.
7.4 AI Use of Customer Data. Provider may use aggregated, statistical, or de-identified data derived from Customer's use of the Services to operate, secure, maintain, and improve the Services, the Provider IP, and Provider'sAI/ML models. Provider shall not use Customer Data in identifiable form to train, fine-tune, or evaluate Provider's foundation or large language models.Provider shall not transmit, disclose, license, or otherwise make available anyCustomer Data to any third party for the purpose of training, fine-tuning, or evaluating such third party's AI or machine-learning models for that third party's own benefit, and shall not authorize any sub-processor to do so. The foregoing does not restrict Provider's use of third-party infrastructure (including hosted models accessed via API) to perform inference on Customer Data on Provider's behalf in providing the Services, in each case subject to the sub-processor commitments in the Data Processing Agreement and on terms that contractually prohibit the third party from training its models on CustomerData.
8. Limited Warranty; Disclaimers
8.1 Disclaimer of Warranties. THE SERVICES (INCLUDING THE BYOC SOFTWARE)ARE PROVIDED "AS IS". PROVIDER DISCLAIMS ALL WARRANTIES, EXPRESS,IMPLIED, OR STATUTORY, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. PROVIDER DOES NOT WARRANT THAT THE SERVICES WILL MEET CUSTOMER'S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, BE COMPATIBLE WITH ANY OTHER SOFTWARE OR CLOUD ENVIRONMENT, OR BE SECURE, ACCURATE, OR ERROR-FREE.
8.2 Nature of Outputs; Autonomous Action. Investigation Reports, Scores, and any other outputs generated by the Services are produced through automatedAI analysis and are indicative only. Customer is solely responsible for reviewing such outputs and for deciding whether and how to act on them. Where any feature of the Services performs automated actions on Customer's systems(such as blocking, isolating, or remediating), Customer expressly authorizes those actions, accepts sole responsibility for their consequences, and is responsible for configuring the scope of autonomous action permitted within its environment. Provider does not warrant that the Services will identify all threats, prevent any incident, or remediate any vulnerability.
9. Indemnification
9.1 Provider Indemnification. Provider shall defend, indemnify, and hold harmless Customer against any third-party claim alleging that Customer's use ofthe Services in accordance with this Agreement infringes such third party's intellectual property rights, provided that Customer promptly notifiesProvider, gives Provider sole control of the defense and settlement, and cooperates as reasonably requested. If Provider determines that no non-infringing alternative is reasonably available, Provider may terminate the affected component of the Services on written notice. This Section 9.1 does not apply to claims arising from (a) use of the Services in combination with data, software, or hardware not provided or authorized by Provider (including any unauthorized BYOC Cloud), (b) modifications to the Services or BYOC Software not made by Provider, or (c) Customer Data. This Section 9.1 states Customer's exclusive remedy and Provider's sole liability for any infringement claim.
9.2 Customer Indemnification. Customer shall defend, indemnify, and hold harmless Provider against any third-party claim arising from: (a) CustomerData, including any allegation that Provider's processing of Customer Data in accordance with this Agreement violates applicable law or infringes any third-party right; (b) Customer's or an Authorized User's negligence, willful misconduct, or use of the Services in a manner not authorized by thisAgreement; (c) modifications to the Services or BYOC Software not made byProvider; or (d) the BYOC Cloud, any act or omission of the BYOC Cloud provider, Customer's configuration of the BYOC Cloud, or Customer's failure to comply with the BYOC Cloud provider's terms.
10. Limitation of Liability
TOTHE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, OR FOR LOSS OF PROFITS, LOSS OF DATA, LOSS OF GOODWILL, OR BUSINESS INTERRUPTION ARISING OUT OF OR RELATED TO THIS AGREEMENT.
EACH PARTY'S AGGREGATE LIABILITY TO THE OTHER FOR ALL CLAIMS ARISING OUT OF OR RELATED TO THIS AGREEMENT (EXCEPT FOR FEES OWED) WILL NOT EXCEED THE FEES PAIDOR PAYABLE BY CUSTOMER UNDER THIS AGREEMENT IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO LIABILITY.
The limitations in this Section 10 apply regardless of the form of action and even if the remedies stated in this Agreement fail of their essential purpose.Nothing in this Section 10 limits liability that cannot lawfully be limited under applicable law, including liability arising from gross negligence, willful misconduct, or fraud.
11. Term and Termination
11.1 Term. This Agreement begins on the Effective Date and continues asset forth in the Order Form. It does not automatically renew; any renewal requires the Parties' prior written agreement.
11.2 Termination. Either Party may terminate this Agreement on writtennotice if the other Party materially breaches it and fails to cure within thirty (30) days after written notice (or, where the breach is incapable ofcure, immediately). Provider may also terminate this Agreement on written notice if Customer (a) fails to pay any undisputed amount within thirty (30)days after written notice, or (b) breaches Section 2.5, 2.7(b), or 6. EitherParty may terminate this Agreement immediately on written notice if the otherParty becomes insolvent, makes a general assignment for the benefit of creditors, or is the subject of an unwithdrawn bankruptcy petition for more than thirty (30) days.
11.3 Effect of Termination. On expiration or termination, Customer shall cease use of the Provider IP, return or destroy all copies of the Provider IP, and (for BYOC Deployments) decommission the BYOC Deployment in accordance withSection 2.7(g). Customer is solely responsible for exporting Customer Data,Alerts, and Investigation Reports during the Term; after termination,Customer's access will end and these may no longer be available, except as required under the Data Processing Agreement or applicable law. Provider has no obligation to provide migration or transition services after termination unless separately agreed. Amounts invoiced for Services properly provided before termination remain payable in full.
11.4 Survival. Any provision of this Agreement which by its nature should survive termination shall so survive, including Sections 1, 2.4, 2.5, 2.7(b)(last sentence), 2.7(g), 2.8, 2.9, 3, 4.4, 5, 6, 7, 8, 9, 10, 11.3, and 12.
12. Miscellaneous
12.1 Entire Agreement. This Agreement (together with each Order Form and the policies incorporated by reference) constitutes the entire agreement between the Parties with respect to its subject matter and supersedes all prior or contemporaneous understandings.
12.2 Notices. Notices must be in writing and delivered by personal delivery, overnight courier, certified mail, or email with confirmation of transmission. A notice is effective on receipt.
12.3 Force Majeure. Neither Party will be liable for any failure or delay in performance to the extent caused by an event beyond its reasonable control, including acts of God, war, terrorism, civil unrest, government action, epidemic, embargo, strikes, or shortage of utilities. If such an event persists for more than sixty (60) days, either Party may terminate this Agreement on written notice.
12.4 Amendment; Waiver. No amendment to this Agreement is effective unless in writing and signed by both Parties. Provider may update theDocumentation and standard operational requirements from time to time, provided that no such update will materially reduce Customer's rights during thethen-current Term unless Customer agrees in writing. No waiver is effective unless in writing.
12.5 Severability. If any provision is held invalid or unenforceable, the remainder of this Agreement will remain in effect, and the Parties will negotiate in good faith to replace the invalid provision so as to give effect to its original intent.
12.6 Governing Law; Jurisdiction. This Agreement is governed by the laws of the State of New York, without regard to conflict-of-laws principles. The federal and state courts located in the Borough of Manhattan, City and State of New York have exclusive jurisdiction over any dispute arising out of or related to this Agreement, and each Party irrevocably submits to such jurisdiction.
12.7 Assignment. Customer may not assign this Agreement withoutProvider's prior written consent, except that Customer may assign it (on prior written notice to Provider) to an Affiliate or in connection with a merger, sale of substantially all assets, or change of control, provided that the assignee is not a Provider competitor and assumes all of Customer's obligations. Any assignment in violation of this Section is void.
12.8 Export Regulation. Customer shall comply with all applicable export-control laws, including U.S. and EU laws, and is responsible for anyexport-control consequences of its selection and use of the BYOC Cloud region.
12.9 Equitable Relief. A breach by Customer of Section 2.4, 2.5, 2.7(b),2.7(g), or 6 would cause Provider irreparable harm. Provider is entitled to seek equitable relief (including injunction or specific performance) without the need to post a bond or prove actual damages, in addition to any other remedy available.
12.10 Counterparts. This Agreement may be executed in counterparts, including by electronic signature, each of which is deemed an original and which together constitute one agreement.
12.11 No Third-Party Beneficiaries. Except as expressly stated, no person other than the Parties has any right or remedy under this Agreement.
