LAB³ Security Insight
Licence Agreement

1      Background

1.1     The LAB3 Group (being LAB3 Pty Ltd and LAB3 NZ Limited) (LAB³, us we) has developed as-code security solutions known as Security Insight and a data feed of indicators of compromise known as Security Threat Intelligence (together Security Insight).

1.2     These Licence Agreement terms (Terms) govern access to and use of Security Insight, including all associated features and functionalities, by individuals or organisations who purchase, or otherwise use, Security Insight (Client, you or your).

1.3     By deploying, accessing, or using Security Insight, or requesting LAB³ or a third party to do so on your behalf, you accept these Terms as a binding contract (whether on behalf of yourself or a legal entity you represent).

1.4     These Terms will continue to apply to, and govern your use of, Security Insight while Security Insight is deployed on your environment. If you do not accept and comply with these Terms, you may not use Security Insight or its features.

1.5     In the case of any conflict or inconsistency between these Terms and the terms of any other agreement between the Parties (including the Statement of Work, any master services agreement, other statement of work or work order or purchase order) then these Terms will take precedence in relation to the subject matter of these Terms.

2      Commencement and Licence Period

2.1     These terms take effect and bind the Parties from the date Security Insight is deployed on your environment (Effective Date). These Terms will continue to apply to, and govern your use of, Security Insight for so long as Security Insight is deployed on your environment, or until these Terms are terminated in accordance with clause 14 (Licence Period).

3      Licence to use Security Insight

3.1     Subject to payment of all applicable Licence Fees, we grant you a non-transferrable, non-exclusive, royalty-free licence to access and use Security Insight strictly in accordance with these Terms.

4      Use of Security Insight

4.1     You must comply with any reasonable directions as notified by us to you from time to time in relation to use of Security Insight.

4.2     You must not (and you must ensure that your Personnel do not):

(a)      sell, sub-licence distribute or transfer any part of your right to access and use Security Insight;

(b)      use Security Insight in any way or for any purpose other than as specifically contemplated by these Terms;

(c)      attempt to modify, adapt, translate, de-compile, disassemble, copy, create or otherwise reverse engineer or reverse compile Security Insight (or any part of it);

(d)      attempt to circumvent or break any encryption, decryption or other security device or technology measure(s) contained in Security Insight or that control access to or use of Security Insight;

(e)      attempt to interfere with or disrupt Security Insight;

(f)       copy, share, distribute, alter, customise, modify or create derivative works of Security Insight;

(g)      tamper with, hinder the operation of or make unauthorised modifications to Security Insight;

(h)      use data mining or similar data gathering tools or attempt to copy any of the data available on Security Insight; or

(i)        use Security Insight for any unlawful purpose.

5      Client obligations

5.1     You are solely responsible (at your own cost) for:

(a)      acquiring your own Microsoft Sentinel licence (and any other required licences or platforms) and complying with any licence or other terms that apply to your use of Microsoft Sentinel or other platform; and

(b)      providing all equipment, software and internet access necessary to access and use Security Insight.

5.2     You must:

(a)      provide us with all reasonable assistance and cooperation as reasonably requested by us from time to time in the provision of Security Insight, including (where applicable) by providing access to relevant platforms and systems upon which Security Insight is deployed;

(b)      monitor and restrict access to Security Insight source artifacts (including code, documentation and configurations) only to your representatives and service providers approved by us;

(c)      immediately report any security violations or misuse of Security Insight to us;

(d)      not alter, change, remove or obscure any notices or other indications (including copyright notices) as to ownership of Security Insight;

(e)      act reasonably and in good faith in exercising any right, remedy, discretion or obligation under these Terms, at law or otherwise; and

(f)       comply at all times with applicable laws, protocols, policies, guidelines and any reasonable directions issued by us from time to time.

5.3     If any delay or failure by us to comply with our obligations under these Terms is caused or contributed to by any failure by you or your Personnel to comply with your obligations under these Terms, then we will not be responsible for the delay or failure.

5.4     We may audit your use of Security Insight at any time (subject to us providing you with reasonable notice) and you agree to comply with our audit requests and audit processes.

5.5     We may suspend your access to Sentinel Insight at any time if required under law or if we reasonably consider that you are in breach of these Terms.

5.6    Notwithstanding anything to the contrary in these Terms, you consent to our collection of diagnostic, technical, usage and related information regarding your use of Security Insight. We may use such information to monitor your compliance with your obligations under these Terms and for internal business purposes.

6      Security

6.1     You acknowledge that any log-in details or licence keys used to access Security Insight are confidential and you must ensure that this information is kept secure from unauthorised access, use or modification.

6.2    You are solely responsible for any use (or misuse) of Security Insight arising from a failure to keep Security Insight secure in accordance with these Terms.

7      Intellectual Property

7.1     We are the owner or authorised licensee of all Intellectual Property Rights subsisting in Security Insight (including in any augmentations, modifications, improvements or enhancements to, or derivatives of, Security Insight) and of any other materials provided by or on behalf of us to you in connection with these Terms (LAB³ IP).

7.2     Nothing in these Terms assigns or transfers ownership of any LAB³ IP.

7.3     We own all Intellectual Property Rights in any modules or materials (including any software, documents, results, information, data and business processes) created or developed by us (whether or not for you, us, or a third party) through use of Security Insight, and otherwise in the performance of these Terms.

7.4     You must not (and ensure that your Personnel and service providers do not) provide any third party with access to, or use of, Security Insight or any Security Insight modules (whether such modules were developed by us, you, or your service provider) for use outside your organisation.

8      Licence Fees

8.1     You must pay us the applicable Licence Fees for Security Insight as specified in, and on the terms of, the Statement of Work.

9      Disputes

9.1     Any disputes regarding these Terms will be resolved in accordance with the dispute resolution procedure in the Statement of Work or the head agreement (if any) which governs the Statement of Work.

10      Warranties and Exclusions

10.1  We warrant that Security Insight will substantially conform to any applicable product and service specifications that we provide to you in writing.

10.2  Your sole and exclusive remedy, and our sole liability, under or in connection with a breach of clause 10.1, will be the re-supply of Security Insight in accordance with the warranty in clause 10.1, or if this is commercially impracticable, termination of these Terms and a refund of any unused pre-paid Licence Fees for the remaining period in the Licence Period as at the date of termination.

10.3  Subject to any non-excludable terms and any express warranties in these Terms, Security Insight is provided by us “as is”.  To the fullest extent permitted by law, we exclude all warranties, representations, implied terms and guarantees not expressly stated in these terms, including any warranty or representation that Security Insight will be fit for any particular purpose or will be error-free or uninterrupted.

10.4  In particular, and without limiting clause 10.3, we do not take any responsibility for, do not support, and are not liable in any way to you for any third party services, products, platforms or add-ins (Third Party Services) (including Microsoft Azure or other Microsoft products) or for any failure of Security Insight caused by such Third Party Services (including any changes to any such Third Party Services).

10.5  We will use commercially reasonable efforts to ensure that Security Insight is free of any code designed or intended to disable or impede the normal operation of, or provide unauthorised access to, your networks, systems, software or environments.

10.6  For the avoidance of doubt, nothing in these Terms is intended to exclude any guarantees which by law cannot be excluded or modified.  If we are liable for breach of any guarantee or warranty that cannot be excluded or modified by law, then to the extent permitted by law, our liability for that breach will be limited to (at our discretion) re-supplying Security Insight or payment of the cost of having Security Insight supplied again in accordance with the respective guarantee.

10.7  You acknowledge and agree that:

(a)      it is your responsibility to test Security Insight in a development environment before it is deployed in a production environment;

(b)      we are not responsible for the outcomes of any customisation by you of Security Insight;

(c)      any use of, or reliance on, information which is made available to you through Security Insight is undertaken entirely at your own risk; and

(d)      we do not control the transfer of data over the internet and that access to Security Insight may be subject to limitations, delays, and other problems inherent in the use of the internet.

11      Release support

11.1  Regardless of which feature release or module of Security Insight was purchased by you, we will only support the current feature release or module of Security Insight, unless we expressly agree otherwise in writing.

11.2 To the extent permitted by law, all other support and warranties relating to previous feature releases or modules of Security Insight end when a new feature release or module is released.

12      Indemnity

12.1  You agree to indemnify us, and our Related Bodies Corporate and their respective directors, officers, agents and employees, from and against any Loss (including Loss arising in connection with third party claims) suffered, paid, or incurred by us arising out of or in connection with:

(a)      any breach by you or your Personnel of these Terms, except to the extent that such Loss is caused or contributed to by us; or

(b)      any claim relating to Loss suffered as a result of your reliance on any information or results provided through Security Insight.

13      Liability

13.1  Each Party’s liability under these Terms is limited to the same extent and on the same terms as under the Statement of Work.

14      Termination

14.1 Where not inconsistent with any other agreement between the Parties relating to Security Insight (including a statement of work, master services agreement, work order or purchase order), you may terminate these Terms for your convenience at any time by providing us at least 30 days’ notice in writing, however you will:
(a) be liable to pay us the Licence Fees that would otherwise have been payable over the Licence Period; or
(b) where you have paid in advance, forfeit any Licence Fees paid to us as at the date of termination.

14.2 We may terminate all or part of these Terms or suspend your access to and use of Security Insight:
(a) if you have not paid a correctly rendered and undisputed invoice within 14 days after the date on which payment is due, and we have provided you with written notice that payment is overdue, and you have not made payment within 14 days of receiving such notice;
(b) immediately if you are in breach of these Terms; or
(c) for convenience by providing you with at least 30 days’ notice in writing.

15      Consequences of termination

15.1 Upon termination or expiry of these Terms:
(a) your licence to access and use Security Insight will immediately cease;
(b) the licence key (if any) provided to you will expire; and
(c) we will be entitled to remove Security Insight from your environments.
15.2 Despite any other provision of these Terms, this clause 15, and clauses 9 (Disputes), 11 (Release Support), 12 (Indemnity), 13 (Liability) and 17 (General Provisions), and any other obligations which are expressed to or, by their nature, survive expiry or termination of these Terms and will continue to the benefit of and be enforceable by us.

16      Microsoft Attributions

16.1 You agree to permit us to associate all relevant Microsoft attributions with LAB³ in your systems. This may include enabling LAB³ as your DPOR (Digital Partner of Record) and/or enabling us to link or associate our Microsoft Partner ID (through PAL (Partner Admin Link) or CPOR (Claiming Partner of Record)) to your Microsoft licences, products and consumption through subscription(s).

17      General Provisions

17.1   Waiver: No waiver of a right or remedy under these Terms is effective unless it is in writing and signed by the Party granting it.

17.2   Rights cumulative: Except as expressly stated otherwise in these Terms, the rights of a Party under these Terms are cumulative and are in addition to any other rights of that Party.

17.3   Consents: Except as expressly stated otherwise in these Terms, a Party may conditionally or unconditionally give or withhold any consent to be given under these Terms and is not obliged to give its reasons for doing so.

17.4   Further steps: Each Party must promptly do whatever the other Party reasonably requires of it to give effect to these Terms and to perform its obligations under it.

17.5   Governing law and jurisdiction: These Terms are governed by and are to be construed in accordance with the laws applicable to the Statement of Work. Each Party irrevocably and unconditionally submits to the non-exclusive jurisdiction of the courts of that jurisdiction and any courts which have jurisdiction to hear appeals from any of those courts and waives any right to object to any proceedings being brought in those courts.

17.6   Assignment: A Party must not assign or deal with any right under these Terms without the prior written consent of the other Party.  Any purported dealing in breach of this clause is of no effect.

17.7   Relationship of Parties: These Terms are not intended to create a partnership, joint venture or agency relationship between the Parties.

18      Definitions

In this document:

• Effective Date is defined in clause 2 of these Terms.
• Intellectual Property Rights means any rights normally covered with this term and includes existing and future copyrights, rights in designs, patents, trademarks all rights in any applications or registrations of those rights whether registered or unregistered (and whether registrable or not) and existing anywhere in the world.
• Licence Fees means the fees payable by you for the provision of Security Insight as described in these Terms and any applicable Statement of Work.
• Licence Period is defined in clause 2 of these Terms.
• Loss means loss, damage, claim, liability, charge, expense, outgoing or cost (including all legal and other professional costs on a full indemnity basis) of any nature or kind.
• Parties means LAB³ and the Client and Party means either LAB³ or the Client , as the context requires.
• Personnel means, in relation to an entity, that entity’s directors, officers, employees, agents, service providers and contractors and includes directors, officers, employees and agents of that Party’s contractors.
• Related Body Corporate has the meaning given in the Corporations Act (Cth) 2001.
• Statement of Work means the statement of work between the Parties relating to Security Insight.

19      Construction

Unless expressed to the contrary, in this document:

(a)    includes means includes without limitation;

(b)    a reference to:

(i)     a person includes a partnership, a joint venture, an unincorporated association, a corporation and a government or statutory body or authority;

(ii)    a person includes the person’s legal personal representatives, successors, assigns and persons substituted by novation;

(iii)   this document includes all schedules and annexures to it; and

(c)    headings do not affect the interpretation of this document.