Qevlar AI | Legal Agreements - Other

This Evaluation Agreement (this "Agreement"), effective as of the date of last signature below (the "Effective Date"), is entered into by and between QEVLAR AI INC., a Delaware corporation, whose registered office is located at 8 The Green, Suite A, Dover, DE 19901, United States of America ("Provider"), and the customer identified in the Order Form ("Customer"). Provider and Customer may be referred to herein collectively as the "Parties" or individually as a "Party."

‍

WHEREAS, Provider develops and markets an AI-based cybersecurity software-as-a-service that automatically analyzes, investigates, and reports on threats to its customers' information systems generated by third-party security tools (the "Services");

‍

WHEREAS, Customer wishes to evaluate the Services on a limited, time-bound, no-charge basis for Customer's internal testing purposes, and Provider is willing to make the Services available to Customer on those terms;

‍

NOW, THEREFORE, in consideration of the mutual covenants set forth herein, and for other good and valuable consideration, the receipt and sufficiency of which are acknowledged, the Parties agree as follows:

1. Definitions

"Authorized User" means any individual employee, contractor, or agent of Customer who is authorized by Customer to access and use the Services on Customer's behalf for the Evaluation Purpose, and for whom Customer has obtained credentials from Provider.

"Customer Data" means any data or information, including any Personal Data, that Customer or an Authorized User submits to, or that is generated by Customer's or an Authorized User's use of, the Services during the Evaluation Term.

"Documentation" means Provider's user documentation, online help, and other materials describing the operation and functionality of the Services, in each case made generally available by Provider.

"Evaluation Purpose" means Customer's internal testing and evaluation of the Services, in accordance with this Agreement, solely to determine whether to license the Services on a paid basis.

"Evaluation Term" means the period set forth in Section 3.

"Feedback" means any suggestions, comments, ideas, improvements, recommendations, error reports, or other input provided by Customer or any Authorized User to Provider relating to the Services, the Documentation, or any other Provider IP.

"Personal Data" means any information that relates to an identified or identifiable natural person and that is protected as "personal data," "personal information," or "personally identifiable information" under applicable law.

"Provider IP" means the Services, the Documentation, and any and all intellectual property rights of Provider therein, together with any deliverables, outputs, models, algorithms, signatures, and other materials made available by Provider to Customer in connection with this Agreement, and all derivatives and modifications thereof.

"Security Tool" means any third-party security, monitoring, detection, logging, or alerting tool used by Customer that generates alerts for processing by the Services.

2. Grant of Evaluation License; Scope

Subject to the terms and conditions of this Agreement, Provider hereby grants Customer, during the Evaluation Term, a limited, non-exclusive, non-transferable, non-sublicensable, royalty-free right to access and use the Services and the Documentation, solely by Authorized Users and solely for the Evaluation Purpose. Provider will provide Customer with the credentials, network links, and other access information reasonably necessary to access the Services. This Agreement does not grant Customer any right to use the Services in production, to provide services to third parties, to resell or distribute the Services, or to use the Services on behalf of any third party. Any use of the Services beyond the Evaluation Purpose requires a separate, paid agreement between the Parties.

3. Evaluation Term.

The Evaluation Term begins on the Effective Date and continues for three (3) weeks thereafter, unless extended by the Parties in writing or terminated earlier in accordance with Section 13. Upon expiration of the Evaluation Term, Customer's right to access and use the Services automatically terminates.

4. No Fees.

Provider grants the Evaluation rights set forth in Section 2 to Customer free of charge. Customer is responsible for its own internet connectivity, hardware, and other costs incurred in connection with accessing and using the Services.

5. Customer Responsibilities

5.1 Account Security.

Customer is responsible for safeguarding all credentials issued to it by Provider, including all account and user-level logins and passwords, and for all activity occurring under those credentials. Customer shall not permit any third party (other than Authorized Users) to access or use the Services. Customer shall notify Provider promptly of any actual or suspected unauthorized access to or use of the Services.

5.2 Compliance by Authorized Users.

Customer is responsible and liable for all acts and omissions of its Authorized Users, and any act or omission by an Authorized User that would constitute a breach of this Agreement if taken by Customer will be deemed a breach by Customer. Customer shall ensure that each Authorized User is bound by terms protecting Provider's rights and Confidential Information at least as protective as those set forth in this Agreement.

5.3 Customer Equipment; Security Tools.

Customer is solely responsible, at its own cost, for obtaining, configuring, and maintaining all hardware, software, network connectivity, and Security Tools necessary to access and use the Services, and for ensuring that any data, alerts, or other information transmitted to the Services complies with the Documentation.

6. Use Restrictions.

Customer shall not, and shall not permit any Authorized User or third party to, directly or indirectly: (a) copy, modify, adapt, translate, or create derivative works of the Services or Documentation; (b) reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code, object code, underlying ideas, algorithms, structure, or organization of the Services, except to the limited extent that such activity cannot be lawfully restricted under applicable law; (c) rent, lease, lend, sell, sublicense, assign, distribute, host, outsource, publish, transfer, or otherwise make the Services available to any third party (including any affiliate of Customer); (d) use the Services to provide services to any third party, or in any service-bureau, managed-service, or similar arrangement; (e) remove, obscure, or alter any proprietary notices, labels, or marks on or in the Services or Documentation; (f) bypass or attempt to bypass any security, access-control, or usage-metering mechanism of the Services; (g) use the Services for benchmarking, competitive analysis, or to develop a competing product or service, or publish or disclose to any third party the results of any benchmark, performance, or evaluation test; (h) use the Services in violation of any applicable law or third-party right; (i) make the Services, or any output of the Services, available in production, or otherwise rely on any output of the Services to make decisions affecting third parties; or (j) submit to the Services any data, file, or content that contains malicious code or that violates applicable law.

7. Customer Data; Feedback; Intellectual Property

7.1 Customer Data.

As between the Parties, Customer retains all right, title, and interest, including all intellectual property rights, in and to Customer Data. Customer hereby grants Provider a non-exclusive, royalty-free, worldwide license, for the Evaluation Term, to access, host, process, and use Customer Data solely as necessary to (a) provide the Services to Customer in accordance with this Agreement, (b) maintain, monitor, support, and improve the Services, and (c) generate aggregated, de-identified statistical information about use of the Services that does not identify Customer or any individual. To the extent Customer Data includes Personal Data, the Parties shall process such Personal Data in accordance with Section 8.

7.2 Feedback.

Customer (on behalf of itself and its Authorized Users) hereby assigns to Provider all right, title, and interest in and to all Feedback, and agrees that Provider is free to use, exploit, disclose, and incorporate the Feedback in any product or service, in any form and for any purpose, without any obligation of attribution, accounting, or compensation to Customer. Customer represents and warrants that it has the right to make this assignment.

7.3 Provider IP.

Provider retains all right, title, and interest, including all intellectual property rights, in and to the Provider IP. Except for the limited rights expressly granted in Section 2, this Agreement does not grant Customer, by implication, estoppel, or otherwise, any right or license to the Provider IP. All rights not expressly granted to Customer are reserved by Provider.

7.4 Customer Materials Warranty.

Customer represents and warrants that Customer Data does not (i) violate applicable law, (ii) infringe, misappropriate, or otherwise violate the rights of any third party, (iii) contain any virus, worm, or other malicious code, or (iv) constitute the unlawful processing or transfer of any Personal Data. Customer shall defend, indemnify, and hold harmless Provider from and against any and all claims, damages, costs, and expenses (including reasonable attorneys' fees) arising out of or related to a breach by Customer of the foregoing warranty.

8. Data Protection

Customer acknowledges that the Services are not intended to be used to process Personal Data during a free evaluation. Customer shall not submit to, or process through, the Services any Personal Data unless expressly authorized in writing by Provider (which authorization Provider may grant or withhold in its sole discretion and may condition on the execution of a separate data-processing agreement).

To the extent that, notwithstanding the foregoing, Provider processes any Personal Data on Customer's behalf in connection with the Services, Provider will act as a processor (or service provider) of Customer and will process such Personal Data solely as necessary to provide the Services in accordance with this Agreement and Customer's documented, lawful instructions. If applicable, Provider will process such Personal Data in accordance with applicable U.S. federal and state privacy laws, including the California Consumer Privacy Act (CCPA) where applicable. The Parties will execute Provider's standard Data Processing Agreement (DPA) before any production-scale processing of Personal Data, and Customer's use of the Services to process Personal Data is contingent on execution of such DPA.

9. Warranties; Disclaimers

9.1 "AS IS."

THE SERVICES, THE DOCUMENTATION, AND ANY OUTPUTS, RECOMMENDATIONS, OR OTHER MATERIALS PROVIDED BY PROVIDER IN CONNECTION WITH THIS AGREEMENT ARE PROVIDED "AS IS" AND "AS AVAILABLE," WITHOUT WARRANTY OF ANY KIND, AND PROVIDER HEREBY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING ALL WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE. PROVIDER DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR SECURE, OR THAT THE OUTPUTS OF THE SERVICES WILL BE COMPLETE, ACCURATE, OR APPROPRIATE FOR ANY PARTICULAR PURPOSE.

9.2 AI Output Acknowledgement.

The Services rely on automated, agentic, and artificial-intelligence-based analysis, and any outputs (including alerts, reports, scores, and suggested remediation actions) are indicative only, generated without prior human review. Customer acknowledges that the Services are provided for evaluation purposes only and may not identify all threats, vulnerabilities, or incidents; may classify the severity of alerts incorrectly; and may produce outputs that are incomplete, inaccurate, or inappropriate for Customer's environment. Customer is solely responsible for reviewing, validating, and determining whether and how to rely on any output, and for implementing any remediation, mitigation, or escalation measures. Customer shall not use the outputs of the Services as the sole basis for any action affecting third parties.

10. Confidentiality

Each Party (the "Receiving Party") acknowledges that it may receive or obtain access to non-public information of the other Party (the "Disclosing Party") that is identified as confidential or that should reasonably be understood to be confidential under the circumstances of disclosure, including the existence and terms of this Agreement, the Services, the Documentation, the Provider IP, the Feedback, all technical, security, and product information of Provider, and Customer Data (collectively, "Confidential Information"). Confidential Information does not include information that the Receiving Party can demonstrate (a) was rightfully in its possession on a non-confidential basis before disclosure, (b) is or becomes publicly available through no breach of this Agreement, (c) is rightfully obtained from a third party without breach of a confidentiality obligation, or (d) was independently developed without use of or reference to the Disclosing Party's Confidential Information.

The Receiving Party shall (i) protect the Disclosing Party's Confidential Information using at least the same degree of care it uses to protect its own confidential information of similar importance (and in no event less than a reasonable standard of care); (ii) use the Confidential Information only as necessary to exercise its rights and perform its obligations under this Agreement; and (iii) disclose the Confidential Information only to its employees, contractors, advisors, and Authorized Users who have a need to know and who are bound by written or professional confidentiality obligations no less protective than those set forth herein. The Receiving Party may disclose Confidential Information to the extent required by law or court order, provided that it (where legally permitted) gives the Disclosing Party prompt written notice and reasonable cooperation in seeking a protective order or other appropriate remedy.

The confidentiality obligations set forth in this Section 10 apply during the Evaluation Term and survive for a period of three (3) years thereafter, except that obligations regarding trade secrets survive for so long as such Confidential Information remains a trade secret under applicable law. Upon expiration or termination of this Agreement, the Receiving Party shall promptly return or destroy all Confidential Information of the Disclosing Party and certify such destruction in writing on request.

11. Limitation of Liability.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, AND EXCEPT FOR (A) CUSTOMER'S BREACH OF SECTIONS 6 (USE RESTRICTIONS), 7.2 (FEEDBACK), 7.3 (PROVIDER IP), OR 10 (CONFIDENTIALITY), OR (B) EITHER PARTY'S INDEMNIFICATION OBLIGATIONS UNDER SECTION 12: (i) IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, OR DAMAGES FOR LOSS OF PROFITS, REVENUE, GOODWILL, DATA, OR BUSINESS INTERRUPTION, ARISING OUT OF OR RELATED TO THIS AGREEMENT, EVEN IF ADVISED IN ADVANCE OF THE POSSIBILITY OF SUCH DAMAGES; AND (ii) EACH PARTY'S AGGREGATE LIABILITY FOR ALL CLAIMS ARISING OUT OF OR RELATED TO THIS AGREEMENT WILL NOT EXCEED the amount of any Fees actually paid by Customer to Provider during the Evaluation Term (which, where the Evaluation is provided free of charge under Section 4, will be zero). The limitations and exclusions in this Section 11 apply regardless of the form of action, whether in contract, tort (including negligence), strict liability, or otherwise, and apply even if any limited remedy fails of its essential purpose.

12. Indemnification.

Customer shall defend, indemnify, and hold harmless Provider and its officers, directors, employees, and agents from and against any and all third-party claims, damages, costs, and expenses (including reasonable attorneys' fees) arising out of or related to (a) any breach by Customer or its Authorized Users of this Agreement, including Sections 5, 6, 7.4, or 10; (b) Customer Data, including any allegation that Customer Data infringes, misappropriates, or violates any third-party right, or that Provider's receipt, use, or processing of Customer Data in accordance with this Agreement violates any applicable law; or (c) the negligence, willful misconduct, or violation of law by Customer or any Authorized User. Provider shall promptly notify Customer in writing of any such claim, provide Customer with reasonable cooperation, and grant Customer sole control of the defense and settlement of the claim (provided that Customer may not enter into any settlement that imposes any liability or admission on Provider without Provider's prior written consent).

13. Termination

13.1 Termination for Convenience.

Either Party may terminate this Agreement at any time, for any reason or no reason, upon written notice to the other Party. Termination is effective immediately upon receipt of such notice.

13.2 Termination for Cause.

Provider may terminate this Agreement immediately upon written notice to Customer if Customer breaches Sections 6 (Use Restrictions), 7 (Customer Data; Feedback; Intellectual Property), 8 (Data Protection), or 10 (Confidentiality). Either Party may terminate this Agreement immediately upon written notice to the other Party if such other Party (a) breaches a material provision of this Agreement and fails to cure such breach within five (5) Business Days following written notice describing the breach in reasonable detail, or (b) becomes insolvent or the subject of a voluntary or involuntary bankruptcy or similar proceeding that is not dismissed within thirty (30) days.

13.3 Effect of Termination.

Upon expiration or termination of this Agreement, (a) Customer's rights under Section 2 terminate immediately, (b) Customer shall immediately cease all use of the Services and the Documentation, and (c) each Party shall comply with its obligations regarding Confidential Information under Section 10. Provider may delete or destroy any Customer Data in its possession or control upon expiration or termination, except as required to retain the data under applicable law or as needed to defend or pursue legal claims. Sections 1, 6, 7.2, 7.3, 7.4, 8, 9, 10, 11, 12, 13.3, and 14 (and any other provision that by its nature should survive) survive expiration or termination of this Agreement.

14. Miscellaneous

14.1 Entire Agreement.

This Agreement constitutes the entire agreement between the Parties with respect to the subject matter hereof and supersedes all prior or contemporaneous understandings, agreements, representations, and warranties, both written and oral. Any pre-printed terms on any Customer purchase order, vendor portal, or similar instrument are void and have no effect.

14.2 Amendment; Waiver.

No amendment to this Agreement is effective unless in writing and signed by an authorized representative of each Party. No waiver of any right or remedy is effective unless in writing and signed by the waiving Party. No failure or delay by either Party in exercising any right under this Agreement operates as a waiver of such right.

14.3 Notices.

All notices under this Agreement shall be in writing and shall be deemed given (a) on personal delivery, (b) one (1) Business Day after deposit with a nationally recognized overnight courier, (c) on confirmed receipt by email, or (d) three (3) Business Days after deposit in certified or registered mail (return receipt requested), in each case addressed to the Party at the address set forth in the signature block (or such other address as a Party may designate by written notice).

14.4 Force Majeure.

Neither Party shall be liable for any failure or delay in performance under this Agreement to the extent caused by circumstances beyond such Party's reasonable control, including acts of God, natural disasters, epidemic or pandemic, war, terrorism, civil unrest, governmental action, embargoes, strikes or other labor disturbances, fire, power or telecommunications failures, or denial-of-service or other cyber attacks not attributable to such Party's negligence.

14.5 Assignment.

Customer may not assign or transfer this Agreement, or any rights or obligations hereunder, in each case whether voluntarily, involuntarily, by operation of law, or otherwise, without Provider's prior written consent. Any purported assignment in violation of this Section is null and void. Provider may freely assign or transfer this Agreement, in whole or in part, to any of its affiliates or to a successor in connection with a merger, reorganization, sale of all or substantially all of its assets, or other change of control. This Agreement is binding on, and inures to the benefit of, the Parties and their respective permitted successors and assigns.

14.6 Subcontractors.

Provider may engage third-party service providers (including affiliates) to assist in performing its obligations under this Agreement, provided that Provider remains responsible for the acts and omissions of such third-party providers.

14.7 Severability.

If any provision of this Agreement is held by a court of competent jurisdiction to be invalid, illegal, or unenforceable, that provision shall be modified to the minimum extent necessary to make it valid and enforceable, or, if it cannot be so modified, severed from this Agreement; the remaining provisions remain in full force and effect.

14.8 Governing Law; Jurisdiction.

This Agreement is governed by and construed in accordance with the internal laws of the State of New York, United States of America, without regard to its conflict-of-laws principles. Any legal suit, action, or proceeding arising out of or related to this Agreement shall be instituted exclusively in the federal or state courts located in the Borough of Manhattan, City and State of New York, and each Party irrevocably submits to the exclusive jurisdiction of such courts.

14.9 No Third-Party Beneficiaries.

This Agreement is for the sole benefit of the Parties and their respective permitted successors and assigns, and nothing in this Agreement, express or implied, is intended to or shall confer any legal or equitable right, benefit, or remedy on any other person.

14.10 Counterparts; Electronic Signature.

This Agreement may be executed in counterparts (including by electronic signature via DocuSign or similar), each of which is deemed an original and all of which together constitute one and the same instrument. Electronic signatures have the same legal effect as original signatures, and the Parties expressly consent to the use of electronic signatures.

14.11 Publicity.

Provider may include Customer's name and logo in its customer lists, website, and sales and marketing materials to identify Customer as an evaluator of the Services, subject to any trademark guidelines Customer reasonably provides to Provider in writing.