Duo Insight Logo

PLEASE READ THESE TERMS AND CONDITIONS (TOGETHER WITH ANY DOCUMENTS REFERENCED HEREIN, THE “AGREEMENT”) CAREFULLY BEFORE USING THE SUBSCRIPTION SERVICES OFFERED BY DUO SECURITY, INC. (“DUO SECURITY”). CUSTOMER UNCONDITIONALLY CONSENTS TO BE BOUND BY AND BECOME A PARTY TO THIS AGREEMENT. PROVISION OF THE SERVICES IS CONDITIONED ON, AND CUSTOMER’S INSTALLATION OR USE OF THE SERVICES SHALL CONSTITUTE, CUSTOMER’S ASSENT TO THE TERMS OF THIS AGREEMENT TO THE EXCLUSION OF ALL OTHER TERMS. IF CUSTOMER DOES NOT UNCONDITIONALLY AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, CUSTOMER HAS NO RIGHT WHATSOEVER TO USE THE SERVICES. IF THESE TERMS ARE CONSIDERED AN OFFER, ACCEPTANCE IS EXPRESSLY LIMITED TO THESE TERMS TO THE EXCLUSION OF ALL OTHER TERMS.

TERMS AND CONDITIONS

1. DEFINITIONS

1.1 “Customer” means the customer that has signed up for the Services.

1.2 “Customer Data” means any information or data about Customer or Users (and its and their staff, customers or suppliers, as applicable), that is supplied to Duo Security by or on behalf of Customer or any User in connection with the Services, or which Duo Security is required to access, generate, process, store or transmit pursuant to this Agreement, including (but without limitation) information about Customer’s and Users’ respective devices, computers and use of the Services.

1.3 “Customer Personal Data” means any Customer Data that is personal data (as defined under the DPA).

1.4 “Data Protection Laws” means all data protection and privacy laws, rules and regulations applicable to a party and binding on the party in the performance of its obligations under this Agreement, including, where applicable, EC Directive 95/46/EEC, EC Directive 2002/58/EC and Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)..

1.5 “Documentation” means guides, instructions, policies and reference materials provided to Customer by Duo Security in connection with the Services, including the documentation located at https://www.duosecurity.com/docs which may be amended from time to time.

1.6 “Intellectual Property Rights” means all patents, registered designs, unregistered designs, design rights, utility models, semiconductor topography rights, database rights, copyright and other similar statutory rights, trade mark, service mark and any know how relating to algorithms, drawings, tests, reports and procedures, models, manuals, formulae, methods, processes and the like (including applications for any of the preceding rights) or any other intellectual or industrial property rights of whatever nature in each case in any part of the world and whether or not registered or registerable, for the full period and all extensions and renewals where applicable.

1.7 “Services” means the Duo Insight service that is made available by Duo Security.

1.8 “User” means any recipient of an electronic message via the Services from Customer.

2. SERVICES FOR CUSTOMER; DUO SECURITY OBLIGATIONS

2.1 Subject to and conditioned on Customer's full compliance with all other terms and conditions of this Agreement, Duo Security grants Customer a non-exclusive, non-sublicensable, non-transferrable license to access and use the Services, along with such Documentation as Duo Security may make available during the Term.

2.2 The Services and this Agreement are subject to modification from time to time at Duo Security’s sole discretion. If the terms of this Agreement change, Duo Security will notify Customer.

2.3 Duo Security reserves the right to suspend Customer’s access to the Services for any or no reason, including Customer’s breach of this Agreement. Duo Security has the sole right to decide whether Customer is in violation of any of the restrictions set forth in this Agreement.

2.4 If the Customer has purchased another service of Duo Security that includes a service level agreement, such service level agreement shall not apply to the Services, and Duo Security is not obligated to provide any support for the Services.

2.5 Duo Security collects certain information about Customer and its Users as well as their respective devices, computers and use of and participation in the Services. Duo Security uses, discloses and protects this information as described in this Agreement and Duo Security’s privacy policy, which is incorporated herein by reference and the current version of which is available at https://www.duo.com/legal/privacy (the “Privacy Policy”).

3. CUSTOMER RESPONSIBILITIES

3.1 Customer may only use the Services in accordance with the Documentation and as explicitly set forth in this Agreement. Customer will cooperate with Duo Security in connection with the performance of this Agreement as may be necessary, which may include making available such personnel and information as may be reasonably required to provide the Services or support. Customer is solely responsible for determining whether the Services are sufficient for its purposes, including but not limited to, whether the Services satisfy Customer’s legal and/or regulatory requirements. Customer is responsible for all of the content it provides in connection with the Services, and Customer represents and warrants that such content will not violate any Intellectual Property Rights of any third party. Duo Security reserves the right to delete or disable any content submitted by Customer that is alleged to be infringing, and to terminate Customer’s account for such alleged infringement; to review our complete Copyright Dispute Policy, which is incorporated by this reference, and learn how to report potentially infringing content please go to: https://duo.com/legal/copyright.

3.2 Customer acknowledges that the Services may allow for, and in some cases may require, Users to share with Duo Security certain information for the purposes of providing the Services, such as first and last names, email addresses, user names, passwords and other login information. This information may include personal information (such as email addresses and passwords) regarding the Users, and Duo Security will use such information for the purposes of providing the Services to Customer. Prior to authorizing an individual to become a User, Customer is fully responsible for obtaining the consent of that individual, in accordance with all applicable laws, to the use of his/her information by Duo Security for purposes of providing the Services, which use shall be governed by the terms of the Services Privacy Notice, located at: https://duo.com/legal/privacy-notice-services. Customer represents and warrants that all such consents have been or will be obtained prior to authorizing any individual to become a User. Customer is solely responsible for all activity of Users in relation to the Services.

3.3 Customer is fully responsible for Users’ compliance with this Agreement, the Privacy Policy and the Documentation. Any breach of this Agreement or such other terms by a User shall be deemed to be a breach by Customer. Customer is solely responsible for determining whether the Services are sufficient for Customer’s purposes.

3.4 There will be no force or effect given to any different or additional terms contained in any purchase order or similar form issued by either party, even if signed by the parties after the date hereof unless such terms are included in an amendment in accordance with the terms of Section 13.3 of this Agreement. Subject to Duo Security’s rights in Section 2.2, each party’s acceptance of this Agreement was and is expressly conditional upon the other’s acceptance of the terms contained in the Agreement to the exclusion of all other terms.

4. RESTRICTIONS

Customer will not, and will not permit any of its Users nor any third party to: reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas or algorithms of the Services or any data related to the Services (except to the extent such prohibition is contrary to applicable law that cannot be excluded by the agreement of the parties); modify, translate, or create derivative works based on the Services; share, rent, lease, loan, resell, sublicense, distribute, use or otherwise transfer the Services for timesharing or service bureau purposes or for any purpose other than its own use; or use the Services other than in accordance with this Agreement and in compliance with all applicable laws and regulations (including but not limited to any European privacy laws and intellectual property laws). For the avoidance of any doubt, the Services shall not be used for any purpose other than the legal assessment of Customer’s internal security practices.

5. FEES

The Services are currently free, but Duo Security reserves the right to charge for certain or all Services in the future. Duo Security will notify Customer before charging Customer a fee for use of the Services, and if Customer wishes to continue using such Services, Customer must pay all applicable fees and taxes for such Services.

6. INTELLECTUAL PROPERTY RIGHTS; OWNERSHIP

Except as expressly set forth herein, Duo Security alone (and its licensors, where applicable) will retain all Intellectual Property Rights relating to the Services or any software used by Duo Security to provide the Services, and any suggestions, ideas, enhancement requests, feedback, recommendations or other information provided by Customer or any third party relating to the Services, which are hereby assigned to Duo Security. Customer will not copy, distribute, reproduce or use any of the foregoing except as expressly permitted under this Agreement. As between the parties, Duo Security will own all forms of aggregated information, and all de-identified data relating to any User and/or the Services. This Agreement is not a sale and does not convey to Customer any rights of ownership in or related to the Services, or any Intellectual Property Rights.

7. DATA PROTECTION

7.1 In this Section 7, the terms “personal data”, “data processor”, “data subject”, “process and processing” and “data controller” shall be as defined in the applicable Data Protection Laws.

7.2 For the purposes of the Data Protection Laws, as between Customer and Duo Security, the parties agree that Customer shall at all times be the data controller and Duo Security shall be the data processor with respect to the processing of Customer Personal Data in connection with this Agreement.

7.3 Customer’s use of the Services. Solely if and to the extent Duo Security is processing personal data, as defined in the General Data Protection Regulation, that is contained in Customer Data on Customer’s behalf, then the terms of the data processing agreement available at https://duo.com/legal/gdpr-data-protection-addendum shall apply to such processing and are incorporated into this Agreement.

7.4 By entering into this Agreement, Customer agrees that Duo Security may collect, retain and use certain Customer Personal Data (which may include, without limitation, names, mobile telephone numbers, IP addresses and email addresses of Users) in connection with the Services. As the data controller of such Customer Personal Data, Customer shall be responsible for ensuring that, and warrants and represents to Duo Security that it shall ensure that any processing of Customer Personal Data in connection with the Services shall comply with the Data Protection Laws.

8. INDEMNIFICATION.

Customer will indemnify, defend and hold harmless Duo Security, its affiliates and their respective officers, directors, employees, contractors, representatives, agents, successors and assigns from and against all damages, costs, settlements, attorneys’ fees and expenses related to any claim arising out of or related to (i) Customer’s use of the Services; (ii) User’s participation in the Service; or (iii) Customer’s or User’s breach of this Agreement.

9. TERM; TERMINATION

Duo Security may terminate this Agreement at any time with or without notice and Duo Security reserves the right to disable Customers’ access to or use of the Services at any time with or without notice for any reason or no reason. Customer may terminate this Agreement at any time upon prior notice to Duo Security. Sections 3.1 through 13 (inclusive) will survive termination or expiration of this Agreement. When this Agreement expires or terminates, Duo Security shall cease providing the Service to Customer.

10. WARRANTIES AND DISCLAIMER OF ADDITIONAL WARRANTIES

10.1 NOTWITHSTANDING ANYTHING ELSE HEREIN, THE SERVICES AND ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT ARE PROVIDED “AS-IS,” WITHOUT ANY WARRANTIES OF ANY KIND. DUO SECURITY HEREBY DISCLAIMS FOR ITSELF AND ITS SUPPLIERS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ALL IMPLIED WARRANTIES, TERMS OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PURPOSE OR A PARTICULAR PURPOSE, SATISFACTORY QUALITY, TITLE, AND NON-INFRINGEMENT.

11. LIMITATION OF LIABILITY

11.1 NOTHING IN THIS AGREEMENT SHALL LIMIT OR EXCLUDE EITHER PARTY'S LIABILITY FOR ANY LIABILITY THAT CANNOT BE EXCLUDED OR LIMITED BY LAW.

11.2 SUBJECT TO SECTION 11.1, IN NO EVENT WILL DUO SECURITY OR ITS SUPPLIERS BE LIABLE TO CUSTOMER (OR ANY PERSON CLAIMING UNDER OR THROUGH CUSTOMER) FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OF THE SERVICES OR ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT, THE DELAY OR INABILITY TO USE THE SERVICES OR ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT OR OTHERWISE ARISING FROM THIS AGREEMENT, INCLUDING WITHOUT LIMITATION, (I) LOSS OF REVENUE OR ANTICIPATED PROFITS (WHETHER DIRECT OR INDIRECT) OR (II) LOST BUSINESS OR (III) LOST SALES, WHETHER BASED IN CONTRACT, TORT (INCLUDING ACTIVE AND PASSIVE NEGLIGENCE AND STRICT LIABILITY) BREACH OF STATUTORY DUTY OR OTHERWISE, EVEN IF DUO SECURITY HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES.

11.3 SUBJECT TO SECTION 11.1, THE TOTAL LIABILITY OF DUO SECURITY FOR ANY CLAIM, WHETHER BASED IN CONTRACT, TORT (INCLUDING ACTIVE AND PASSIVE NEGLIGENCE AND STRICT LIABILITY) OR OTHERWISE, WILL NOT EXCEED, IN THE AGGREGATE, $10. THE FOREGOING LIMITATIONS WILL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.

12. U.S. GOVERNMENT MATTERS

12.1 Notwithstanding anything else, Customer may not provide to any person or export or re-export or allow the export or re-export of the Services or any software or anything related thereto or any direct product thereof, in violation of any restrictions, laws or regulations of the United States Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, or any other United States or foreign agency or authority.

12.2 Commercial Software. The Services are “commercial items” as that term is defined at FAR 2.101. If acquired by or on behalf of any Executive Agency (other than an agency within the Department of Defense (DoD), the Government acquires, in accordance with FAR 12.211 (Technical Data) and FAR 12.212 (Computer Software), only those rights in technical data and software customarily provided to the public as defined in this Agreement. If acquired by or on behalf of any Executive Agency within the DoD, the Government acquires, in accordance with DFARS 227.7202-3 (Rights in commercial computer software or commercial computer software documentation), only those rights in technical data and software customarily provided in this Agreement. In addition, DFARS 252.227-7015 (Technical Data – Commercial Items) applies to technical data acquired by DoD agencies. Any Federal Legislative or Judicial Agency shall obtain only those rights in technical data and software customarily provided to the public as defined in this Agreement. This Section 13.3 is in lieu of, and supersedes, any other FAR, DFARS, DEAR or other clause, provision, or supplemental regulation that addresses Government rights in computer software or technical data under this Agreement. Capitalized terms used in this Section are defined in the applicable FAR or DFARs.

13. MISCELLANEOUS

13.1 Severability. If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable.

13.2 Assignment. This Agreement is not assignable, transferable or sublicensable by Customer except with Duo Security’s prior written consent, which shall not be unreasonably withheld. Duo Security may transfer and assign any of its rights and obligations under this Agreement upon notice to Customer. This Agreement shall be binding upon and shall inure to the benefit of the parties hereto and their respective permitted successors and permitted assigns.

13.3 Entire Agreement; Amendment. Both parties agree that this Agreement is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of this Agreement, and that all waivers, amendments and modifications must be in a writing signed by both parties and specifically reference the provision of this Agreement being waived, amended or modified, except as otherwise provided herein. No agency, partnership, joint venture, or employment is created as a result of this Agreement and Customer does not have any authority of any kind to bind Duo Security in any respect whatsoever.

13.4 Notices. All notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; and upon receipt, if sent by certified or registered mail (return receipt requested), postage prepaid. Duo Security may provide notice using the information provided by Customer in signing up for the Services and Customer may provide notice using the contact information provided on duosecurity.com.

13.5 Force Majeure. Any delay or failure in the performance of any duties or obligations of either party (except the payment of money owed) will not be considered a breach of this Agreement if such delay or failure is due to a labor dispute, fire, earthquake, flood or any other event beyond the reasonable control of a party, provided that such party promptly notifies the other party thereof and uses reasonable efforts to resume performance as soon as possible.

13.6 Governing Law; Arbitration. This Agreement will be governed by the laws of the State of Michigan, U.S.A. without regard to its conflict of laws provisions. Any dispute arising from or relating to the subject matter of this Agreement shall be finally settled by arbitration in Washtenaw County, Michigan, in accordance with the Streamlined Arbitration Rules and Procedures of Judicial Arbitration and Mediation Services, Inc. (“JAMS”) then in effect, by one commercial arbitrator with substantial experience in resolving intellectual property and commercial contract disputes, who shall be selected from the appropriate list of JAMS arbitrators in accordance with the Streamlined Arbitration Rules and Procedures of JAMS. Judgment upon the award so rendered may be entered in a court having jurisdiction, or application may be made to such court for judicial acceptance of any award and an order of enforcement, as the case may be. Notwithstanding the foregoing, each party shall have the right to institute an action in a court of proper jurisdiction for injunctive or other equitable relief pending a final decision by the arbitrator.

13.7 Venue. The federal and state courts sitting in Washtenaw County, Michigan, U.S.A. will have proper and exclusive jurisdiction and venue with respect to any disputes arising from or related to the subject matter of this Agreement. Notwithstanding the foregoing, each party shall have the right to commence and prosecute any action for injunctive relief before any court of competent jurisdiction.