Cogent Security Master Services Agreement

This Master Services Agreement (“Agreement”) is entered into as of the date last executed below by and between Cogent Security, Inc., a Delaware corporation (“Company” or “Cogent”), and ____________,  a [state of formation] corporation having its principal place of business at ____________ (“Customer”).

1. ACCESS OF THE SERVICE

1.1. The Service. Subject to the terms of this Agreement, Company grants Customer a royalty-free, nonexclusive, nontransferable, worldwide right during each Subscription Term the right for Customer to access and use the Service for its own internal business purposes during each Subscription Term (“Permitted Use”). This includes the right to copy and use the Documentation as part of Customer’s Permitted Use.

1.2. Users. Customer is responsible for provisioning and managing User accounts, for Users’ actions through the Service and for Users' compliance with this Agreement. Customer will require that Users keep their login credentials confidential and will promptly notify Cogent upon learning of any compromise of User accounts or credentials.

1.3. Affiliates. Customer’s Affiliates may serve as Users. Customer shall be responsible for its Affiliates’ use of the Service. Alternatively, Customer’s Affiliates may enter into their own Orders as mutually agreed with Cogent, which creates a separate agreement between each such Affiliate and Cogent incorporating this Agreement with the Affiliate treated as “Customer”. Neither Customer nor any Customer Affiliate has any rights under each other’s separate agreement with Cogent, and breach or termination of any such separate agreement affects only that agreement.2. DATA

2.1. Customer Data. Customer grants Cogent a license during each Subscription Term to use Customer Data to provide the Service, Support, and Technical Services to Customer. Use of Customer Data includes sharing Customer Data if Customer directs through an integration of the Service with a Third-Party Product, but Cogent will not otherwise disclose Customer Data to third parties except as permitted in this Agreement.

2.2. Security. Cogent maintains industry-standard physical, technical, and administrative safeguards that are designed to prevent unauthorized access, use, alteration or disclosure of Customer Data.

2.3. Service Operations Data. Cogent may collect Service Operations Data and use it to operate, improve and support the Service and for other lawful business purposes, including benchmarking and reports. However, Cogent will not disclose Service Operations Data externally unless it is: (a) de-identified so that it does not identify Customer, its Users or any other person; and (b) aggregated with data across other customers.

2.4. Use of GenAI Features. Customer may use GenAI Features as part of the Service. Customer may submit Inputs to the GenAI Features and receive Outputs. Customer acknowledges that Outputs provided to Customer may be similar or identical to Outputs independently provided by Cogent to other customers. Each Party will continue to own any component element contained within a respective Output that such Party previously owned prior to its curation. The Parties agree that: (1) Customer may reproduce, distribute, and prepare derivative works of Outputs in connection with its use of the Service and solely for its internal business purposes; and (2) Cogent may use Outputs in performance of its obligations under the Agreement.

2.5. Artificial Intelligence Model Training.

(a) Customer-Specific Models. Cogent may use Customer Data in training the Service for the purpose of identifying critical assets and vulnerabilities solely for the benefit of Customer. Cogent shall not use Customer Data to train or otherwise improve the LLMs of any third-party resource providers or to train any shared model. For purposes of this section, a shared model means a model federated across the Cogent customer base. For clarity, all Customer Data processed through the use of artificial intelligence and/or machine learning is subject to the protections described in Section 2.2 (Security).

(b) Shared Models. Cogent may incorporate any learnings from data, including any Customer action or inaction taken, into training its Service for the purpose of further benefiting customers. Any such learnings will be de-identified, so as to not identify Customer or its Users, and to the extent practicable with respect to any threat actor. To the extent practicable, such learnings will be aggregated with data across other customers.

(c) GenAI Features. Cogent may use Inputs and Outputs to train or otherwise improve the GenAI Features for the Service, but only if such Inputs and Outputs have been (i) de-identified so that they do not identify Customer or its Users, and (ii) to the extent practicable, aggregated with data across other customers. Cogent shall not use Inputs to train or otherwise improve the LLMs of any third-party resource providers underlying such GenAI Features. For these purposes (and without limiting Customer’s other obligations with respect to Customer Data generally), such Input is provided by Customer to Cogent strictly "AS IS”.

2.8. Third-Party Products. Customer may choose to enable integrations or exchange Customer Data with Third-Party Products. Customer’s use of a Third-Party Product is governed by its agreement with the relevant provider, not this Agreement. Cogent is not responsible for Third-Party Products or for the manner in which Customer Data may be managed by such products.

3. USE OF THE SERVICE

3.1. Compliance. Customer will only use the Service in accordance with the Documentation. Customer represents and warrants that it has secured all necessary rights, consents, and permissions to use Customer Data with the Service and grant Cogent the rights to Customer Data specified in this Agreement, without violating third-party intellectual property, privacy or other rights. Between the Parties, Customer is responsible for the content and accuracy of Customer Data.

3.2. Restrictions. Customer will not and will not allow any third party to: (a) access or use the Service (in whole or part) or Outputs for any competitive purposes, including to develop a similar or competing product or service (e.g., benchmarking); (b) conduct penetration testing on the Service, interfere with its operation or circumvent its access restrictions; (c) market, sublicense, distribute, resell, lease, loan, transfer, or otherwise commercially exploit or make the Service available (in whole or part) to any third party, except to a third party that manages Customer’s computing environment, grant non-Users access to the Service or use the Service to provide a hosted or managed service to others; (d) obtain or attempt to obtain the Service by any means or device with intent to avoid paying the fees that would otherwise be payable for such access or use; or (e) modify, create derivative works of, decompile, reverse engineer, attempt to gain access to the source code of, or copy the Service, or any of its components including any underlying artificial intelligence models and model data, except to the extent these restrictions are prohibited by Laws and then only upon advance notice to Cogent.

4. MUTUAL COMPLIANCE WITH LAW. Each Party will comply with all laws, regulations, court orders or other binding requirements of a government authority (“Laws”) that apply to its performance under this Agreement.

5. REPRESENTATIONS AND WARRANTIES

5.1. Mutual Representations and Warranties. Each Party represents and warrants that:

(a) it has validly entered into this Agreement and has the legal power to do so; and

(b) it will use industry-standard measures to avoid introducing viruses, malicious code or similar harmful materials into the Service.

6. TECHNICAL SERVICES. Cogent may perform Technical Services as described in an Order, which may identify additional terms or milestones for the Technical Services. Customer will give Cogent timely access to Customer Materials reasonably needed for Cogent’s provision of the Technical Services, and if Customer fails to do so, Cogent’s obligation to provide Technical Services will be excused until access is provided. Cogent will use the Customer Materials only for purposes of providing Technical Services. Cogent may make use of service partners to provide the Technical Services. Customer may use the product of any Technical Services that Cogent furnishes as part of Technical Services only in connection with Customer’s authorized use of the Service under this Agreement.

7. FEES AND PAYMENT

7.1. Payment. Customer will pay the fees described in the applicable Order. Unless the Order states otherwise, all undisputed amounts are payable in U.S. dollars and due within 30 days from the date of an invoice (“Due Date”). All fees and expenses are non-refundable and non-cancellable except as expressly set out in the Agreement and any applicable Order.

7.2. Taxes. Customer is responsible for any sales, use, GST, value-added, withholding or similar taxes or levies that apply to its Orders, whether domestic or foreign (“Taxes”), other than Cogent’s income tax. Fees and expenses are exclusive of Taxes. Unless Customer provides Cogent with a valid exemption certificate, Customer is solely responsible for paying all Taxes associated with or arising from this Agreement. In the event Customer is subject to withholding taxes, Customer shall gross up its payment to Cogent such that Cogent receives the full amount listed in the applicable invoice.

7.3. Payment Disputes. If Customer disputes an invoice in good faith, it shall notify Cogent within (10) days from date of receipt of invoice and the Parties will seek to resolve the dispute over a 15-day discussion period. Customer is not required to pay disputed amounts during the discussion period, but will timely pay all undisputed amounts. If the Parties are unable to reach resolution after the discussion period, either Party may pursue any available remedies.

7.4. Records and Validation. Customer is responsible for providing complete and accurate billing and contact information to Cogent and notifying Cogent of any changes to such information. Cogent may conduct verification checks on the usage of the Service during the Subscription Term. If it is determined that the usage of the Service exceeds the baseline quantity stated in an applicable Order, the Parties (Channel Partner and Cogent or Customer and Cogent, as applicable) will address any over-usage in a separate Order. If Customer fails to pay for the over-usage, Cogent may terminate access to the Service within thirty (30) days of Cogent’s notice of non-compliance.

8. SUSPENSION. Cogent shall be entitled to suspend Customer’s access to the Service and related services due to a Suspension Event, but where practicable will give Customer prior notice so that Customer may seek to resolve the issue and avoid suspension. Cogent is not required to give prior notice in exigent circumstances or for a suspension made to avoid material harm or violation of Law. Once the Suspension Event is resolved, Cogent will promptly restore Customer’s access to the Service in accordance with this Agreement. “Suspension Event” means: (a) Customer’s account is 30 days or more overdue; (b) Customer is in breach of Section 3 (Use of the Service); or (c) Customer’s use of the Service risks material harm to the Service or others.

9. TERM AND TERMINATION

9.1. Subscription Terms. Each Subscription Term will last for an initial 12-month period unless the Order states otherwise. Each Subscription Term will renew for successive periods unless: (a) the Parties agree on a different renewal Order; or (b) either Party notifies the other (or Channel Partner notifies Cogent, if applicable) of non-renewal at least 30 days prior to the end of the then current Subscription Term.

9.2. Term. The term of this Agreement will commence on the date you accept this Agreement ("Effective Date") and continues until expiration or termination of all Subscription Terms, unless otherwise terminated as permitted by this Agreement (the “Term”). If no Subscription Term is in effect, either Party may terminate this Agreement for any or no reason with notice to the other Party.

9.3. Termination. Either Party may terminate this Agreement, including all Subscription Terms, if the other Party (a) fails to cure a material breach of this Agreement (including a failure to pay fees) within 30 days after notice. Customer shall receive a refund of any pre-paid, unused fees for the terminated portion of an applicable Subscription Term for such Customer-initiated terminations, and Customer will promptly pay Cogent any and all outstanding fees and expenses due both as of the date of termination and for the terminated portion of the Subscription Term for any such Cogent-initiated termination.

9.4. Data Export & Deletion. During a Subscription Term, Customer may export Customer Data from the Service (or Cogent will otherwise make the Customer Data available to Customer). After termination or expiration of this Agreement, Cogent will delete Customer Data and each Party will delete any Confidential Information of the other in its possession or control. Nonetheless, Cogent may retain Customer Data and each Party may retain Confidential Information in accordance with its standard backup or record retention policies or as required by Law, subject to Section 2.2 (Security) and Section 10 (Confidentiality)

9.5. Effect of Termination.

(a) Customer’s right to use the Service, Support and Technical Services will immediately cease upon any termination or expiration of this Agreement, subject to this Section 9 (Term and Termination).

(b) In no event will any termination or expiration relieve Customer of the obligation to pay any expenses and fees payable to Cogent for the period prior to the effective date of termination or expiration.

(c) The following Sections will survive expiration or termination of this Agreement: Section 2.4 (Service Operations Data), 2.5 (Anomaly Determinations), 2.6 (GenAI Features), 2.7 (Artificial Intelligence Model Training), 3 (Use of the Service), 7.1 (Payment) (for amounts then due), 7.2 (Taxes), 9.4 (Data Export & Deletion), 9.5 (Effect of Termination), 10 (Confidentiality), 11 (Proprietary Rights), 12 (Limitations of Liability), 13 (Indemnification), 17 (General Terms), and 18 (Glossary).

10. CONFIDENTIALITY

10.1. Use and Protection. As recipient, each Party will: (a) use Confidential Information only to fulfill its obligations and exercise its rights under this Agreement; (b) not disclose Confidential Information to third parties without discloser’s prior approval, except as permitted in this Agreement; and (c) protect Confidential Information using at least the same precautions recipient uses for its own similar information and no less than a reasonable standard of care.

10.2. Permitted Disclosures. The recipient may disclose Confidential Information to its employees, agents, contractors, Affiliates, subcontractors and other representatives having a legitimate need to know (each, a “Representative”), provided recipient remains responsible for their compliance and they are bound to confidentiality obligations no less protective than this Section 10.

10.3. Exclusions. These confidentiality obligations do not apply to information that the recipient can document: (a) is or becomes public knowledge through no fault of the recipient, (b) it rightfully knew or possessed, without confidentiality restrictions, prior to receipt from the discloser, (c) it rightfully received from a third party without confidentiality restrictions, or (d) it independently developed without access to the Confidential Information.

10.4. Remedies. Breach of this Section 10 (Confidentiality) may cause substantial harm for which monetary damages are an insufficient remedy. Upon a breach of this Section 10, the discloser is entitled to seek appropriate equitable relief, including an injunction, in addition to other remedies.

10.5. Required Disclosures. The recipient may disclose Confidential Information (including Customer Data) to the extent required by Laws. If permitted by Law, the recipient will give the discloser reasonable advance written notice of the required disclosure and reasonably cooperate, at the discloser’s expense, to contest or seek to limit the disclosure or obtain confidential treatment for the Confidential Information. If no protective order or other remedy is obtained, the recipient will disclose only that portion of the Confidential Information that is legally required, and agrees to exercise reasonable efforts to ensure that confidential treatment will be accorded to such Confidential Information.

11. PROPRIETARY RIGHTS

11.1. Cogent Property. Cogent owns and retains all right, title, and interest in and to the Service, Threat Intelligence, Service Operations Data, Technical Services, and any feedback or suggestions Customer provides to Cogent with respect to the Service or Technical Services. All feedback is provided “AS IS” and Cogent will not publicly identify Customer as the source of feedback without Customer’s permission. Except for Customer’s express rights in this Agreement, as between the Parties, Cogent and its licensors retain all intellectual property rights in the Service, and product of any Technical Services and related Cogent technology.

11.2. Customer Property. Except for Cogent’s express rights in this Agreement, as between the Parties, Customer owns and retains all right, title, and interest in and to the Customer Data and Customer Materials provided to Cogent.

12. LIMITATIONS OF LIABILITY

12.1. Consequential Damages Waiver. NEITHER PARTY, NOR ITS AFFILIATES, NOR THE OFFICERS, DIRECTORS, EMPLOYEES, SHAREHOLDERS, OR REPRESENTATIVES OF ANY OF THEM, WILL BE LIABILE  TO THE OTHER PARTY FOR ANY INDIRECT, SPECIAL, INCIDENTAL, RELIANCE, EXEMPLARY OR CONSEQUENTIAL DAMAGES OR DAMAGES FOR LOSS OF USE, LOST PROFITS OR INTERRUPTION OF BUSINESS THAT MAY ARISE OUT OF THIS AGREEMENT, EVEN IFTHE OTHER PARTY HAS BEEN NOTIFIED OF THE POSSIBILITY OR LIKELIHOOD AND WHETHER BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY, SERVICES LIABILITY OR OTHERWISE.

12.2 General Cap. EXCEPT WITH RESPECT TO ENHANCED CLAIMS AND UNCAPPED CLAIMS (EACH AS DEFINED BELOW), IN NO EVENT WILL THE COLLECTIVE LIABILITY OF EITHER PARTY, OR THEIR RESPECTIVE AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, SHAREHOLDERS, AGENTS AND REPRESENTATIVES, TO THE OTHER PARTY FOR ANY AND ALL DAMAGES, INJURIES, AND LOSSES ARISING FROM ANY AND ALL CLAIMS AND CAUSES OF ACTION ARISING OUT OF, BASED ON, RESULTING FROM, OR IN ANY WAY RELATED TO THIS AGREEMENT, EXCEED THE TOTAL AMOUNT OF FEES PAID OR PAYABLE BY CUSTOMER TO COGENT FOR USE OF THE SERVICE DURING THE PRIOR 12 MONTHS UNDER THIS AGREEMENT (THE “THE GENERAL CAP”).

12.3 “Enhanced Claims” means Cogent’s breach of Section 2.2 (Security). Cogent’s total, cumulative liability for all Enhanced Claims will not exceed two (2) times the Fees Paid.

12.4 “Uncapped Claims” means: (a) the indemnifying Party’s obligations under Section 13 (Indemnification); (b) either Party’s infringement or misappropriation of the other Party’s intellectual property rights; (c) Customer’s breach of Section 3.2 (Restrictions); (d) any breach of Section 10 (Confidentiality) (excluding breaches of Section 2.2 (Security) related to Customer Data which shall be subject to the Enhanced Claims cap); (e) Customer’s payment obligations; and (f) liabilities that cannot be limited by Law.

13. INDEMNIFICATION

13.1. By Cogent. Cogent, at its own cost, will defend Customer from and against any Cogent-Covered Claims and will indemnify Customer from and against any damages or costs finally awarded against Customer by a court of competent jurisdiction (including reasonable external attorneys’ fees) or agreed in settlement by Cogent resulting from the Cogent-Covered Claims.

13.2. By Customer. Customer, at its own cost, will defend Cogent from and against any Customer-Covered Claims and will indemnify Cogent from and against any damages or costs finally awarded against Cogent by a court of competent jurisdiction (including reasonable external attorneys’ fees) or agreed in settlement by Customer resulting from the Customer-Covered Claims.

13.3. Indemnification Definitions.

“Cogent-Covered Claim” means a third-party claim that the Service, when used by Customer as authorized in this Agreement, infringes or misappropriates a third party’s United States, United Kingdom, or European Union intellectual property rights.

“Customer-Covered Claim” means a third-party claim arising from Customer Materials or Customer’s breach or alleged breach of Section 3 (Use of the Service).

13.4. Procedures. The indemnifying Party’s obligations in this Section 13 (Indemnification) are subject to receiving from the indemnified Party: (a) prompt notice of the claim (but delayed notice will only reduce the indemnifying Party’s obligations to the extent it is prejudiced by the delay); (b) the exclusive right to control the claim’s investigation, defense and settlement; and (c) reasonable cooperation at the indemnifying Party’s expense. The indemnifying Party may not settle a claim without the indemnified Party’s prior approval if settlement would require the indemnified Party to admit fault or take or refrain from taking any action (except regarding use of the Service when Cogent is the indemnifying Party). The indemnified Party may participate in a claim with its own counsel at its own expense.

13.5. Mitigation & Exceptions. In response to an infringement or misappropriation claim, if required by settlement or injunction or as Cogent determines necessary to avoid material liability, Cogent may, in its sole discretion: (a) procure rights for Customer’s continued use of the Service; (b) replace or modify the allegedly infringing portion of the Service to avoid infringement, without reducing the Service’s overall functionality; or (c) terminate the affected Order or the Agreement and refund to Customer any pre-paid, unused fees for the terminated portion of the Subscription Term. Cogent’s obligations in this Section 13 (Indemnification) do not apply to claims resulting from (1) modification or unauthorized use of the Service or (2) use of the Service in combination with items not provided by Cogent, including Third-Party Products. This Section 13 (Indemnification) sets out the indemnified Party’s exclusive remedy and the indemnifying Party’s sole liability regarding third-party claims of intellectual property infringement or misappropriation.

14. INSURANCE

14.1. Cogent will maintain in full force and effect during the Subscription Term:

(a) Technology Errors & Omissions and Cyber-risk insurance on a claims-made form, for limits of not less than US$5,000,000 annual aggregate covering liabilities for financial loss resulting or arising from acts, errors or omissions in the rendering of the Service, or from data damage, destruction, or corruption, including without limitation, unauthorized access, unauthorized use, virus transmission, denial of service, and violation of privacy from network security failures in connection with the Service.

15. TRIALS AND BETAS. Cogent may offer optional Trials and Betas. Use of Trials and Betas is permitted only for Customer’s internal evaluation during the period designated on the Order (or if not designated in an Order or otherwise, 30 days). Either Party may terminate Customer’s use of Trials and Betas at any time for any reason. Trials and Betas may be inoperable, incomplete or include features never released. NOTWITHSTANDING ANYTHING ELSE IN THIS AGREEMENT, Cogent OFFERS NO WARRANTY, INDEMNITY, SLA OR SUPPORT FOR TRIALS AND BETAS AND ITS LIABILITY FOR TRIALS AND BETAS WILL NOT EXCEED US$10,000.

16. PUBLICITY. Neither Party may publicly announce this Agreement without the other Party’s prior approval, except as required by Laws.

17. GENERAL TERMS

17.1. Assignment. Neither Party may assign this Agreement without the prior consent of the other Party, except that either Party may assign this Agreement, with notice to the other Party, to an Affiliate or in connection with the assigning Party’s merger, reorganization, acquisition or other transfer of all or substantially all of its assets or voting securities. Any non-permitted assignment is void. This Agreement will bind and inure to the benefit of each Party’s permitted successors and assigns.

17.2. Governing Law and Courts. This Agreement is governed by the laws of the State of California without reference to conflicts of law rules. For any dispute relating to this Agreement, the Parties consent to personal jurisdiction and the exclusive venue of the state and federal courts in San Francisco County, California.

17.3. Notices.

(a) Except as set out in this Agreement, notices, requests and approvals under this Agreement will be in writing to the addresses on the Order or in this Agreement and will be deemed given: (1) upon receipt if by personal delivery, (2) upon receipt if by certified or registered U.S. mail (return receipt requested), (3) one day after dispatch if by a commercial overnight delivery or (4) upon delivery if by email. Either Party may update its address with notice to the other.

17.4. Entire Agreement. This Agreement is the entire agreement between Customer and Cogent and supersedes all prior agreements and understandings concerning the subject matter hereof and may not be amended or modified except by a writing signed by both parties. To the extent there is an inconsistency between the terms of the Agreement, an Order Form and/or the DPA, such documents and their terms will be controlled in the following order of precedence: (i) Order Form; (ii) Agreement; and (iii) DPA.

17.5. Waivers and Severability. Waivers must be signed by the waiving Party’s authorized representative and cannot be implied from conduct. If any provision of this Agreement is held invalid, illegal or unenforceable, it will be limited to the minimum extent necessary so the rest of this Agreement remains in effect.

17.6 Force Majeure. Neither Party is liable for a delay or failure to perform this Agreement due to a Force Majeure Event. If a Force Majeure Event materially adversely affects the Service for 30 or more consecutive days, either Party may terminate the affected Order upon notice to the other and Cogent will refund to Customer any pre-paid, unused fees for the terminated portion of the Subscription Term. However, this Section does not limit Customer’s obligations to pay fees owed.

17.7. Service Support Providers. Cogent may use Service support providers (e.g., third-party hosting and other service providers) in provision of the Service and Support and permit them to exercise Cogent's rights and fulfill Cogent's obligations, but Cogent remains responsible for their compliance with this Agreement. This provision does not limit any additional terms for subprocessors under a DPA.

17.8. Independent Contractors. The Parties are independent contractors, not agents, partners or joint venturers.

17.9. No Third-Party Beneficiaries. There are no third-party beneficiaries to this Agreement.

17.10. Anti-Corruption and Export. Each Party will, and will cause its employees, consultants, and agents to, comply with the US Foreign Corrupt Practices Act of 1977 and the UK Bribery Act 2010. Customer agrees to comply with all applicable laws administered by the U.S. Commerce Bureau of Industry and Security, U.S. Treasury Office of Foreign Assets Control, or other governmental entity imposing export controls and trade sanctions (“Export Laws”), including designated countries, entities, and persons (“Sanctions Targets”); and agrees not to directly or indirectly export, re-export, or otherwise deliver the Service to a Sanctions Target, or broker, finance, or otherwise facilitate any transaction in violation of any Export Laws. Customer represents that Customer is not a Sanctions Target or prohibited from receiving the Service. The Service will be used for non-prohibited, commercial purposes by non-prohibited Users and will not be exported or transferred to China or any Sanctions Target.

18. GLOSSARY. The definitions of certain capitalized terms used in this Agreement are set forth below. Others are defined in the body of this Agreement.

“Confidential Information” means information disclosed by or on behalf of one Party (as discloser) to the other Party (as recipient) under this Agreement, in any form, which: (a) the discloser identifies to recipient as “confidential” or “proprietary”; or (b) should be reasonably understood as confidential or proprietary due to its nature and the circumstances of its disclosure. Without limiting the foregoing: (a) Cogent’s Confidential Information includes the Service, any technical, pricing or performance information about the Service, the terms and conditions of this Agreement, and any information conveyed to Customer in connection with Support; (b) Customer’s Confidential Information includes Customer Data, Inputs, and Customer Materials; and (c) Output is considered Confidential Information of both Parties.

“Customer Data” means information processed by Cogent via the Service and while providing Support.

“Customer Materials” means materials and resources that Customer makes available to Cogent in connection with Technical Services.

“Documentation” means the Cogent standard technical guides, policies, and documentation for the Service, including all additions and modifications made by Cogent from time to time, that are made available from the dedicated ‘Documentation’ pages within the Service or on the dedicated ‘Customer Support’ pages of the Cogent managed website.

“Force Majeure Event” means an unforeseen event beyond a Party’s reasonable control, such as a strike, blockade, war, pandemic, act of terrorism, riot, third-party Internet, telecommunications or utility failure, acts or orders of government, refusal of government license or natural disaster, where the affected Party takes reasonable and customary measures to avoid or mitigate such event’s effects.

“GenAI Feature(s)” means the Service features used by Customer that utilize large language models (LLMs) to curate Outputs for Customer in response to Inputs.

“Input(s)” means Customer Data in the form of prompts, queries, or pre-configured context, conditions, or triggers that are provided, input, or otherwise processed with any GenAI Features.

“Order” means an order for Customer’s access to the Service, Support, or Technical Services or related services that is: (a) either executed by the Parties and references this Agreement or entered into by Customer via self-service; or (b) entered into by Cogent and a Channel Partner on behalf of Customer.

“Output(s)” means content that is curated by the GenAI Features, which may incorporate Customer data, Threat Intelligence, or other general security information.

“Service” means Cogent’s proprietary software-as-a-service products, including its artificial intelligence and machine learning based reasoning engine, GenAI Features, and, as identified in the relevant Order, including any modifications, updates, upgrades, and enhancements thereto that Cogent makes generally available to its customer base. The Service includes the Documentation but not Technical Services or Third-Party Products.

“Service Operations Data” means Cogent’s technical logs, analytics or other data and learnings related to Customer’s use of the Service, but excluding Customer Data.

“Service Level Agreement” or “SLA” means the Support Services and Service Level Agreement attached hereto as Exhibits A and B.

“Subscription Term” means the term for Customer’s use of the Service as set forth on the applicable Order.

“Support” means the customer support services delivered by Cogent

“Technical Services” means training, migration, enablement or other technical services that Cogent furnishes to Customer related to the Service.

“Threat Intelligence” means information collected, generated, derived, and/or analyzed by the Service that is related to malicious activities identified by the Service such as a third-party malicious actor’s IP address, or exploitation patterns of vulnerabilities.

“Third-Party Product” means any product, add-on or platform not provided by Cogent that Customer uses with the Service.

“Trials and Betas” mean access to the Service (or Service features) on a free, trial, beta or early access basis.

“Users” means individuals or entities that are authorized by Customer to use the Service under its account and on its behalf.

IN WITNESS WHEREOF, the parties hereto have caused this Agreement to be executed by their duly authorized representatives.

CUSTOMER

By:                                                                                    

Name:                                                                               

Title:                                                                                  

Date:                                                                                 

COGENT SECURITY, INC.

By:                                                                                    

Name:                                                                               

Title:                                                                                  

Date:                                                                                 

EXHIBIT A

SUPPORT SERVICES

This Support Services Exhibit is made a part of and incorporated by reference into the MSA between Merge and Customer and sets forth the terms on which Cogent provides technical support (“Support”) to Customer (“Support Terms”) for the Service.

I. Support

1. General Support Offering. Cogent shall provide English-speaking remote assistance to Customer Contacts (as defined below) for questions or issues arising from any Error, as further described in this Policy, including troubleshooting, diagnosis, and recommendations for potential workarounds for the duration of Customer’s subscription to the applicable Service.

2. Customer Contacts. Customer shall inform Cogent as to its approved contacts for Support, one of which must be designated as an account administrator (each, a “Customer Contact”). Customer is solely responsible for maintaining an accurate list of Customer Contacts with Cogent, including names and contact information. Cogent assumes no responsibility for Support Cases that cannot be addressed due to a lack of updated Customer Contact information.

3. Submitting Support Cases. Customer Contacts must use reasonable diligence to ensure a perceived Error is not an issue with Customer’s own equipment, software, or internet connectivity prior to requesting Support. Customer Contacts may contact Support by submitting a Support request (each, a “Support Case”) to: support@cogentsecurity.com. Customer Contacts will assist Cogent to resolve Support Cases by complying with the Customer obligations set forth in Table 1.

4. Support Cases. Each Support Case shall: (a) designate the Severity Level of the Error in accordance with the definitions in Table 1 and as designated by Cogent in Section 6 below; (b) identify the Customer account that experienced the error; (c) include information sufficiently detailed to allow Cogent to attempt to duplicate the Error (including any relevant error messages, but not export-controlled data, personal data (other than as required herein), sensitive data, other regulated data, or Customer Data); and (d) identify the Customer Contact most familiar with the issue. The Customer Contact shall also give Cogent any other important Support Case information requested by Cogent in a timely manner. Unless Customer expressly designates the Severity Level, the Support Case will default to Severity Level 4. If Customer Contacts submit Support Cases related to enhancement or feature requests, Cogent shall treat those tickets as closed once the request has been forwarded internally.

Table 1: Error Severity Level Definitions and Initial Response Times

Error Severity Level

Description

Initial Response Time Target

Severity Level 1

(Urgent)

An Error that causes a (a) service disruption or (b) degraded condition that renders the Service inoperable.

One (1) Hour

Severity Level 2

(High)

An Error that (a) causes the Service to operate in a degraded condition with a high impact to key portions of the Service or (b) seriously impairs Customer’s use of material function(s) of the Service and Customer cannot reasonably circumvent or avoid the Error without the expenditure of significant time or effort.

Two (2) Business Hours

Severity Level 3

(Normal)

An Error that has a medium-to-low impact on the Service. The Service is (a) running with limited functionality in one or more areas or (b) experiencing intermittent issues. Customer can access and use the material functionality of the Service.

Eight (8) Business Hours

Severity Level 4

(Low)

How-to questions and Service issues with no Service degradation.

One (1) Business Day

RFE

Requests for enhancements to the Service.

Two (2) Business Days

6. Error Response. Cogent Support will investigate Errors and assign the applicable Severity Level listed in Table 1. If Cogent’s Severity Level designation is different from that assigned by Customer, Cogent will promptly notify Customer of such designation. If Customer notifies Cogent of a reasonable basis for disagreeing with Cogent’s designated Severity Level, the parties each will make a good faith effort to discuss, escalate internally, and mutually agree on the appropriate Severity Level. Cogent shall use commercially reasonable efforts to meet the Initial Response Time Target for the applicable Severity Level, as measured during the Support hours set forth in Table 2 below (with the total Business Hours in an in-region support day each a “Business Day”).

Table 2: Support Hours

Region

Americas

Severity 1

24 x 7 x 365

Severity 2-4

6AM-6PM PT Mon-Fri

Exclusions

(Severity 2-4)

U.S. Federal Holidays

Exclusions. Cogent will not be obligated to provide Support in the following situations: (i) the problem is caused by Customer’s negligence, hardware malfunction, or other causes beyond the reasonable control of Cogent; (ii) the problem is with third party software not licensed through Cogent; or (iii) Customer fails to pay any amount that is payable to Cogent within the timeframe for payment specified in the Agreement.

EXHIBIT B

Service Level Agreement

This Exhibit A “Service Level Agreement” is made a part of and incorporated by reference into the Order Form and MSA between Cogent and Customer.

During the Term, the Service will be available to you ninety-nine and nine-tenths percent (99.9%) (“Service Level”). If the Monthly Availability Percentage does not meet the Service Level in a given month (“Service Level Failure”), and Customer meets its obligations under the Agreement, then as Customer’s sole and exclusive remedy, Customer shall be eligible to receive the applicable number of Service level credits set forth in Table 3 below (“Service Level Credits”), credited towards extending Customer’s Subscription Term at no charge, provided that Customer requests Service Level Credits within thirty (30) days from the time Customer becomes eligible to receive Service Level Credits under this Policy by filing a Support Case. Failure to comply with this notification requirement will forfeit Customer’s right to receive Service Level Credits. The aggregate maximum amount of Service Level Credits for a Service Level Failure will not exceed 15 days per month. Service Level Credits may not be exchanged for, or converted to, monetary amounts. Customer may request the Service Level attainment for the previous month by filing a Support Case.

Table 3: Service Level Credits

Monthly Availability Percentage

Service Level Credit

< 99.9% - ≥ 98.0%

3 Days

< 98.0% - ≥ 95.0%

7 Days

< 95.0%

15 Days

Exclusions

Cogent will have no liability for any failure to meet the Service Level to the extent arising from: (a) Planned Maintenance or Emergency Maintenance; (b) third-party platforms and networks, Customer or User application, equipment, software or other third-party technology; (c) Customer or its User's use of the Service in violation of the Agreement or not in accordance with the Documentation; (d) force majeure events — i.e., any cause beyond such party’s reasonable control, including but not limited to acts of God, labor disputes or other industrial disturbances, systemic electrical, telecommunications, or other utility failures, earthquake, storms or other elements of nature, blockages, embargoes, riots, public health emergencies (including pandemics and epidemics), acts or orders of government, acts of terrorism,  war, or any other reason beyond Cogent’s reasonable control; or (e) any access to the Service (or Service features) on a free, trial, beta or early access basis, or due to suspension, limitation, and/or termination of Customer’s access or use of the Service in accordance with its Agreement.

Definitions:

“Calendar Minutes” is defined as the total number of minutes in a given calendar month.

“Emergency Maintenance” means circumstances where maintenance is necessary to prevent imminent harm to the Service, including critical security patching.

“Monthly Availability Percentage” is defined as the difference between Calendar Minutes and the Unavailable Minutes, divided by Calendar Minutes, and multiplied by one hundred (100).

“Planned Maintenance” means routine maintenance periods that continue for no more than four hours in any one instance, so long as Cogent provides at least 48 hours prior notice (including by email) to Customer.

“Unavailable” means if Customer is unable to access the Service by means of a web browser and/or API as a result of failure(s) in the Service, as confirmed by Cogent.

“Unavailable Minutes” is defined as the total accumulated minutes when the Service is Unavailable.