Duo Insight Logo

PLEASE READ THESE TERMS AND CONDITIONS (TOGETHER WITH ANY DOCUMENTS REFERENCED HEREIN, THE “AGREEMENT”) CAREFULLY BEFORE USING THE SERVICES OFFERED BY DUO SECURITY, INC. (“DUO SECURITY”). CUSTOMER UNCONDITIONALLY CONSENTS TO BE BOUND BY AND BECOME A PARTY TO THIS AGREEMENT. PROVISION OF THE SERVICES IS CONDITIONED ON, AND CUSTOMER’S INSTALLATION OR USE OF THE SERVICES SHALL CONSTITUTE, CUSTOMER’S ASSENT TO THE TERMS OF THIS AGREEMENT TO THE EXCLUSION OF ALL OTHER TERMS. IF CUSTOMER DOES NOT UNCONDITIONALLY AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, CUSTOMER HAS NO RIGHT WHATSOEVER TO USE THE SERVICES. IF THESE TERMS ARE CONSIDERED AN OFFER, ACCEPTANCE IS EXPRESSLY LIMITED TO THESE TERMS TO THE EXCLUSION OF ALL OTHER TERMS.

TERMS AND CONDITIONS

1. DEFINITIONS

1.1 “Customer” means the customer that has signed up for the Services.

1.2 “Customer Data” means any information or data about Customer or Users (and its and their staff, customers or suppliers, as applicable), that is supplied to Duo Security by or on behalf of Customer or any User in connection with the Services, or which Duo Security is required to access, generate, process, store or transmit pursuant to this Agreement, including (but without limitation) information about Customer’s and Users’ respective devices, computers and use of the Services.

1.3 “Customer Personal Data” means any Customer Data that is personal data (as defined under the DPA).

1.4 “Data Protection Laws” means the DPA, EC Directive 95/46/EEC, EC Directive 2002/58/EC, the UK Privacy and Electronic Communications (EC Directive) Regulations 2003 and any other applicable data protection laws, regulations and legally binding codes of practice from time to time in force applicable to the performance of a party's obligations under this Agreement.

1.5 “Documentation” means guides, instructions, policies and reference materials provided to Customer by Duo Security in connection with the Services, including the documentation located at https://www.duosecurity.com/docs which may be amended from time to time.

1.6 “DPA” means the UK Data Protection Act of 1998.

1.7 “Intellectual Property Rights” means all patents, registered designs, unregistered designs, design rights, utility models, semiconductor topography rights, database rights, copyright and other similar statutory rights, trade mark, service mark and any know how relating to algorithms, drawings, tests, reports and procedures, models, manuals, formulae, methods, processes and the like (including applications for any of the preceding rights) or any other intellectual or industrial property rights of whatever nature in each case in any part of the world and whether or not registered or registerable, for the full period and all extensions and renewals where applicable.

1.8 “Services” means the Duo Insight service that is made available by Duo Security.

1.9 “User” means any recipient of an electronic message via the Services from Customer.

2. SERVICES FOR CUSTOMER; DUO SECURITY OBLIGATIONS

2.1 Subject to and conditioned on Customer's full compliance with all other terms and conditions of this Agreement, Duo Security grants Customer a non-exclusive, non-sublicensable, non-transferrable license to access and use the Services, along with such Documentation as Duo Security may make available during the Term.

2.2 The Services and this Agreement are subject to modification from time to time at Duo Security’s sole discretion. If the terms of this Agreement change, Duo Security will notify Customer.

2.3 Duo Security reserves the right to suspend Customer’s access to the Services for any or no reason, including Customer’s breach of this Agreement. Duo Security has the sole right to decide whether Customer is in violation of any of the restrictions set forth in this Agreement.

2.4 If the Customer has purchased another service of Duo Security that includes a service level agreement, such service level agreement shall not apply to the Services, and Duo Security is not obligated to provide any support for the Services.

2.5 Duo Security collects certain information about Customer and its Users as well as their respective devices, computers and use of and participation in the Services. Duo Security uses, discloses and protects this information as described in this Agreement and Duo Security’s privacy policy, which is incorporated herein by reference and the current version of which is available at https://www.duo.com/legal/privacy (the “Privacy Policy”).

3. CUSTOMER RESPONSIBILITIES

3.1 Customer may only use the Services in accordance with the Documentation and as explicitly set forth in this Agreement. Customer will cooperate with Duo Security in connection with the performance of this Agreement as may be necessary, which may include making available such personnel and information as may be reasonably required to provide the Services or support. Customer is solely responsible for determining whether the Services are sufficient for its purposes, including but not limited to, whether the Services satisfy Customer’s legal and/or regulatory requirements. Customer is responsible for all of the content it provides in connection with the Services, and Customer represents and warrants that such content will not violate any Intellectual Property Rights of any third party. Duo Security reserves the right to delete or disable any content submitted by Customer that is alleged to be infringing, and to terminate Customer’s account for such alleged infringement; to review our complete Copyright Dispute Policy, which is incorporated by this reference, and learn how to report potentially infringing content please go to: insight.duo.com/legal/copyright.

3.2 Customer acknowledges that the Services may allow for, and in some cases may require, Users to share with Duo Security certain information for the purposes of providing the Services, such as first and last names, email addresses, user names, passwords and other login information. This information may include personal information (such as email addresses and passwords) regarding the Users, and Duo Security will use such information for the purposes of providing the Services to Customer. Prior to authorizing an individual to become a User, Customer is fully responsible for obtaining the consent of that individual, in accordance with all applicable laws, to the use of his/her information by Duo Security for purposes of providing the Services, which use shall be governed by the terms of the Privacy Policy. Customer represents and warrants that all such consents have been or will be obtained prior to authorizing any individual to become a User. Customer is solely responsible for all activity of Users in relation to the Services.

3.3 Customer is fully responsible for Users’ compliance with this Agreement, the Privacy Policy and the Documentation. Any breach of this Agreement or such other terms by a User shall be deemed to be a breach by Customer. Customer is solely responsible for determining whether the Services are sufficient for Customer’s purposes.

3.4 There will be no force or effect given to any different or additional terms contained in any purchase order or similar form issued by either party, even if signed by the parties after the date hereof unless such terms are included in an amendment in accordance with the terms of Section 13.3 of this Agreement. Subject to Duo Security’s rights in Section 2.2, each party’s acceptance of this Agreement was and is expressly conditional upon the other’s acceptance of the terms contained in the Agreement to the exclusion of all other terms.

4. RESTRICTIONS

Customer will not, and will not permit any of its Users nor any third party to: reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas or algorithms of the Services or any data related to the Services (except to the extent such prohibition is contrary to applicable law that cannot be excluded by the agreement of the parties); modify, translate, or create derivative works based on the Services; share, rent, lease, loan, resell, sublicense, distribute, use or otherwise transfer the Services for timesharing or service bureau purposes or for any purpose other than its own use; or use the Services other than in accordance with this Agreement and in compliance with all applicable laws and regulations (including but not limited to any European privacy laws and intellectual property laws). For the avoidance of any doubt, the Services shall not be used for any purpose other than the legal assessment of Customer’s internal security practices.

5. FEES

The Services are currently free, but Duo Security reserves the right to charge for certain or all Services in the future. Duo Security will notify Customer before charging Customer a fee for use of the Services, and if Customer wishes to continue using such Services, Customer must pay all applicable fees and taxes for such Services.

6. INTELLECTUAL PROPERTY RIGHTS; OWNERSHIP

Except as expressly set forth herein, Duo Security alone (and its licensors, where applicable) will retain all Intellectual Property Rights relating to the Services or any software used by Duo Security to provide the Services, and any suggestions, ideas, enhancement requests, feedback, recommendations or other information provided by Customer or any third party relating to the Services, which are hereby assigned to Duo Security. Customer will not copy, distribute, reproduce or use any of the foregoing except as expressly permitted under this Agreement. As between the parties, Duo Security will own all forms of aggregated information, and all de-identified data relating to any User and/or the Services. This Agreement is not a sale and does not convey to Customer any rights of ownership in or related to the Services, or any Intellectual Property Rights.

7. DATA PROTECTION

7.1 In this Section 7, the terms “personal data”, “data processor”, “data subject”, “process and processing” and “data controller” shall be as defined in the DPA.

7.2 For the purposes of the Data Protection Laws, as between Customer and Duo Security, the parties agree that Customer shall at all times be the data controller and Duo Security shall be the data processor with respect to the processing of Customer Personal Data in connection with this Agreement.

7.3 By entering into this Agreement, Customer agrees that Duo Security may collect, retain and use certain Customer Personal Data (which may include, without limitation, names, mobile telephone numbers, IP addresses and email addresses of Users) in connection with the Services. As the data controller of such Customer Personal Data, Customer shall be responsible for ensuring that, and warrants and represents to Duo Security that it shall ensure that any processing of Customer Personal Data in connection with the Services shall comply with the Data Protection Laws. This shall include (without limitation) ensuring that Customer: (a) has given adequate notice and made all appropriate disclosures to the data subjects regarding Customer's and/or Duo Security's use and disclosure of Customer Personal Data, including (but without limitation) for the provision of the Services; and (b) has and/or obtains all necessary rights, and where applicable, all appropriate and valid consents from the data subjects to share such personal data with Duo Security and to permit use of Customer Personal Data by Duo Security for the purposes of the provision of the Services and performing its obligations under this Agreement or as may be required by applicable law (“Purpose”), including (but without limitation) notifying the data subject of the transfer of Customer Data outside of the European Economic Area to countries whose laws they have acknowledged may provide a lower standard of data protection than exists in the European Economic Area (“EEA").

7.4 Customer acknowledges that Duo Security is reliant on Customer for direction as to the extent to which Duo Security is entitled to use and process Customer Data. Consequently, Duo Security will not be liable for any claim brought by a data subject to the extent that such action or omission resulted directly from Customer's instructions. Customer undertakes to comply in all respects with any applicable laws, regulations, standards and guidelines applicable to personal data and shall use all reasonable endeavors to where possible de-identify personal data sent to Duo Security.

8. INDEMNIFICATION.

Customer will indemnify, defend and hold harmless Duo Security, its affiliates and their respective officers, directors, employees, contractors, representatives, agents, successors and assigns from and against all damages, costs, settlements, attorneys’ fees and expenses related to any claim arising out of or related to (i) Customer’s use of the Services; (ii) User’s participation in the Service; or (iii) Customer’s or User’s breach of this Agreement.

9. TERM; TERMINATION

Duo Security may terminate this Agreement at any time with or without notice and Duo Security reserves the right to disable Customers’ access to or use of the Services at any time with or without notice for any reason or no reason. Customer may terminate this Agreement at any time upon prior notice to Duo Security. Sections 3.1 through 13 (inclusive) will survive termination or expiration of this Agreement. When this Agreement expires or terminates, Duo Security shall cease providing the Service to Customer.

10. WARRANTIES AND DISCLAIMER OF ADDITIONAL WARRANTIES

10.1 NOTWITHSTANDING ANYTHING ELSE HEREIN, THE SERVICES AND ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT ARE PROVIDED “AS-IS,” WITHOUT ANY WARRANTIES OF ANY KIND. DUO SECURITY HEREBY DISCLAIMS FOR ITSELF AND ITS SUPPLIERS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ALL IMPLIED WARRANTIES, TERMS OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PURPOSE OR A PARTICULAR PURPOSE, SATISFACTORY QUALITY, TITLE, AND NON-INFRINGEMENT.

11. LIMITATION OF LIABILITY

11.1 NOTHING IN THIS AGREEMENT SHALL LIMIT OR EXCLUDE EITHER PARTY'S LIABILITY FOR ANY LIABILITY THAT CANNOT BE EXCLUDED OR LIMITED BY LAW.

11.2 SUBJECT TO SECTION 11.1, IN NO EVENT WILL DUO SECURITY OR ITS SUPPLIERS BE LIABLE TO CUSTOMER (OR ANY PERSON CLAIMING UNDER OR THROUGH CUSTOMER) FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OF THE SERVICES OR ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT, THE DELAY OR INABILITY TO USE THE SERVICES OR ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT OR OTHERWISE ARISING FROM THIS AGREEMENT, INCLUDING WITHOUT LIMITATION, (I) LOSS OF REVENUE OR ANTICIPATED PROFITS (WHETHER DIRECT OR INDIRECT) OR (II) LOST BUSINESS OR (III) LOST SALES, WHETHER BASED IN CONTRACT, TORT (INCLUDING ACTIVE AND PASSIVE NEGLIGENCE AND STRICT LIABILITY) BREACH OF STATUTORY DUTY OR OTHERWISE, EVEN IF DUO SECURITY HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES.

11.3 SUBJECT TO SECTION 11.1, THE TOTAL LIABILITY OF DUO SECURITY FOR ANY CLAIM, WHETHER BASED IN CONTRACT, TORT (INCLUDING ACTIVE AND PASSIVE NEGLIGENCE AND STRICT LIABILITY) OR OTHERWISE, WILL NOT EXCEED, IN THE AGGREGATE, $10. THE FOREGOING LIMITATIONS WILL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.

12. U.S. GOVERNMENT MATTERS

Notwithstanding anything else, Customer may not provide to any person or export or re-export or allow the export or re-export of the Services or any software or anything related thereto or any direct product thereof, in violation of any restrictions, laws or regulations of the United States Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, or any other United States or foreign agency or authority.

13. MISCELLANEOUS

13.1 Severability. If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable.

13.2 Assignment. This Agreement is not assignable, transferable or sublicensable by Customer except with Duo Security’s prior written consent, which shall not be unreasonably withheld. Duo Security may transfer and assign any of its rights and obligations under this Agreement upon notice to Customer. This Agreement shall be binding upon and shall inure to the benefit of the parties hereto and their respective permitted successors and permitted assigns.

13.3 Entire Agreement; Amendment. Both parties agree that this Agreement is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of this Agreement, and that all waivers, amendments and modifications must be in a writing signed by both parties and specifically reference the provision of this Agreement being waived, amended or modified, except as otherwise provided herein. No agency, partnership, joint venture, or employment is created as a result of this Agreement and Customer does not have any authority of any kind to bind Duo Security in any respect whatsoever.

13.4 Notices. All notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; and upon receipt, if sent by certified or registered mail (return receipt requested), postage prepaid. Duo Security may provide notice using the information provided by Customer in signing up for the Services and Customer may provide notice using the contact information provided on duosecurity.com.

13.5 Force Majeure. Any delay or failure in the performance of any duties or obligations of either party (except the payment of money owed) will not be considered a breach of this Agreement if such delay or failure is due to a labor dispute, fire, earthquake, flood or any other event beyond the reasonable control of a party, provided that such party promptly notifies the other party thereof and uses reasonable efforts to resume performance as soon as possible.

13.6 Governing Law; Arbitration. This Agreement will be governed by the laws of the State of Michigan, U.S.A. without regard to its conflict of laws provisions. Any dispute arising from or relating to the subject matter of this Agreement shall be finally settled by arbitration in Washtenaw County, Michigan, in accordance with the Streamlined Arbitration Rules and Procedures of Judicial Arbitration and Mediation Services, Inc. (“JAMS”) then in effect, by one commercial arbitrator with substantial experience in resolving intellectual property and commercial contract disputes, who shall be selected from the appropriate list of JAMS arbitrators in accordance with the Streamlined Arbitration Rules and Procedures of JAMS. Judgment upon the award so rendered may be entered in a court having jurisdiction, or application may be made to such court for judicial acceptance of any award and an order of enforcement, as the case may be. Notwithstanding the foregoing, each party shall have the right to institute an action in a court of proper jurisdiction for injunctive or other equitable relief pending a final decision by the arbitrator.

13.7 Venue. The federal and state courts sitting in Washtenaw County, Michigan, U.S.A. will have proper and exclusive jurisdiction and venue with respect to any disputes arising from or related to the subject matter of this Agreement. Notwithstanding the foregoing, each party shall have the right to commence and prosecute any action for injunctive relief before any court of competent jurisdiction.