Search for blog posts, documentation, or pages

Service Terms and Conditions

EFFECTIVE AS OF AUGUST 17, 2015

These Service Terms and Conditions (“Agreement”) constitute a contract between Duo Security, Inc. with offices at 123 North Ashley Street, Suite #200, Ann Arbor, MI 48104 (“Duo Security”), and you. This Agreement includes and incorporates the webpage Order Form with which Customer purchased the Services and any subsequent Order Forms (submitted in written or electronic form), as well as the accompanying Terms and Conditions. By accessing or using the Services, you agree to be bound by this Agreement. If you are entering into this Agreement on behalf of a company, organization or other entity, you represent that you have such authority to bind such entity to this Agreement and are agreeing to these Terms and Conditions on behalf of such entity. If you do not have such authority to enter into this Agreement or do not agree with these Terms and Conditions, you may not use the Services.

  1. DEFINITIONS

    1.1. “Customer” means the customer that has signed up for the Services and agreed to the terms of this Agreement.

    1.2. “Customer Data” means any information or data about Customer or Users (and its and their staff, customers or suppliers, as applicable), that is supplied to Duo Security by or on behalf of Customer or any User in connection with the Services, or which Duo Security is required to access, generate, process, store or transmit pursuant to this Agreement, including (but without limitation) information about Customer’s and Users’ respective devices, computers and use of the Services.

    1.3. “Customer Personal Data” means any Customer Data that is personal data (as defined under the DPA).

    1.4. “Data Protection Laws” means the DPA, EC Directive 95/46/EEC, EC Directive 2002/58/EC, the UK Privacy and Electronic Communications (EC Directive) Regulations 2003 and any other applicable data protection laws, regulations and legally binding codes of practice from time to time in force applicable to the performance of a party’s obligations under this Agreement.

    1.5. “Documentation” means guides, instructions, policies and reference materials provided to Customer by Duo Security in connection with the Services, including the documentation located at https://www.duosecurity.com/docs, which may be amended from time to time.

    1.6. “DPA” means the UK Data Protection Act of 1998.

    1.7. “Duo Mobile Software” means all Duo Security proprietary mobile applications (available on iPhone, Android, Palm, Blackberry, Windows Mobile and other supported mobile devices) used in providing the Services, and any updates, fixes and/or patches developed from time to time.

    1.8. “Fees” means the applicable fees as set forth on the Order Form.

    1.9. “Hardware Tokens” mean hardware security tokens purchased by Customer under an Order Form.

    1.10. “Integration Software” means (a) Duo Security proprietary software and (b) open source software used in providing the Services which integrates with Customer’s network or application, including SSL or other VPN, Unix operating system, Microsoft application, and/or web application, as provided in the Documentation and any updates, fixes and/or patches developed from time to time.

    1.11. “Intellectual Property Rights” means all patents, registered designs, unregistered designs, design rights, utility models, semiconductor topography rights, database rights, copyright and other similar statutory rights, trade mark, service mark and any know how relating to algorithms, drawings, tests, reports and procedures, models, manuals, formulae, methods, processes and the like (including applications for any of the preceding rights) or any other intellectual or industrial property rights of whatever nature in each case in any part of the world and whether or not registered or registerable, for the full period and all extensions and renewals where applicable.

    1.12. “Order Form(s)” means the invoice or other forms from Duo Security for the initial order for the Service, and any subsequent invoice or other forms from Duo Security (submitted in written form or online), specifying, among other things, the maximum number of Users, the initial Term, the purchase of any Hardware Tokens, the Fees, telephony credits (if any), and such other charges and terms as agreed between the parties.

    1.13. “Payment Schedule” means the schedule selected by Customer for payment of Fees (on either an order webpage or an attached Order Form), which may be either monthly by credit card or annually or multi-year and invoiced in advance, with payment due within thirty days of receipt of invoice.

    1.14. “Performance Data” means data with respect to usage and other aggregate measures of the Services’ performance that Duo Security may collect from time to time.

    1.15. “Services” means the products and services that are ordered by and/or made available to Customer under a free trial or an Order Form (including, where applicable, the Software, Hardware Tokens and services using only the Duo Mobile Software) and made available online by Duo Security, including associated offline components, as described in the Documentation.

    1.16. “Service Level Agreement” or “SLA” means the description of support provided to Customers and its Users and of the availability of the Services, which descriptions may be found at: https://www.duosecurity.com/support.

    1.17. “Software” means the Integration Software and Duo Mobile Software.

    1.18. “Telephony Credits” mean credits for Customer’s Users to provide authentication by telephone or SMS.

    1.19. “Term” means the subscription term indicated on the Order Form and any subsequent renewal terms.

    1.20. “User” means any user of the Services who Customer may authorize to enroll to use the Services under the terms of this Agreement.

  2. SERVICES FOR CUSTOMER; DUO SECURITY OBLIGATIONS

    2.1. Subject to and conditioned on Customer’s payment of the Fees and full compliance with all other terms and conditions of this Agreement, Duo Security grants Customer and Users a non-exclusive, non-sublicensable, non-transferrable license to access and use the Services, along with such Documentation as Duo Security may make available during the Term.

    2.2. The Services and SLA are subject to modification from time to time at Duo Security’s sole discretion, provided the modifications do not materially diminish the functionality of the Services provided by Duo Security and the Services continue to perform according to the description of the Services specified in Section 2.3 in all material aspects. Customer shall have the right to terminate the Agreement pursuant to Section 10.2 without any penalty if (i) a material modification to the Services or the SLA is made which materially diminishes the functionality of the Services or materially diminishes the SLA, (ii) Duo Security has not obtained Customer’s consent for such modifications and (iii) Duo Security does not provide a remedy in the cure period stated in Section 10.2.

    2.3. Duo Security will make the Services available and the Services will perform substantially in accordance with the description of the services found at http://www.duosecurity.com/editions. Notwithstanding the foregoing, Duo Security reserves the right to suspend Customer’s (or any of its Users’) access to the Services: (i) for scheduled or emergency maintenance, (ii) in the event Customer is in breach of this Agreement, including failure to pay any amounts due to Duo Security, and fails to correct that breach within the applicable cure period; (iii) in the event that Customer breaches Section 4 or Section 7 of this Agreement, (iv) as it deems reasonably necessary to respond to any actual or potential security concerns or (v) based on Duo Security’s reasonable belief that Customer and/or the Users use of the Services are excessive, interfering with use by other customers and users or are violating applicable laws, rules or regulations.

    2.4. For Customers enrolled in one of the editions of Services requiring purchase, subject to full compliance with the terms and conditions of this Agreement, Duo Security will use commercially reasonable efforts to provide support to Customer as described in the Service Level Agreement. The SLA shall apply only with respect to Customers who have enrolled in one of the editions of Services requiring purchase. Certain parts of the Services or types of Services provided by Duo Security are free to use and do not require payment (“Free Services”). In the event that Customer earns 15 days of service credits, determined in accordance with the terms of the Service Level Agreement, in each of three consecutive months, Customer may terminate this Agreement and, as its sole and exclusive remedy, receive a refund of any pre-paid subscription Fees paid by Customer to Duo Security for Services not rendered as of the termination date. The SLA shall not apply with respect to Customers who use only Free Services and, without limitation, such Customers will not receive any support from Duo Security.

    2.5. Duo Security collects certain information about Customer and its Users as well as their respective devices, computers and use of the Services. Duo Security uses, discloses and protects this information as described in this Agreement and Duo Security’s privacy policy, which is incorporated herein by reference and the current version of which is available at https://www.duosecurity.com/legal/privacy (the “Privacy Policy”).

    2.6. Use of the Services by Customer and its Users is also governed by Duo Security’s Service Terms and Conditions which is available at https://www.duosecurity.com/legal/terms, which is incorporated herein by reference.

    2.7. Users will be required to review and agree to the terms of an end user license agreement (“EULA”) on their device(s) prior to accessing the Services. With respect to the relationship between Duo Security, Customer and the Users, the EULA will generally provide that the terms of any agreements between Duo Security and its Customers will govern instead of the EULA with respect to use by Users with access to the Services through such Customers.

  3. CUSTOMER RESPONSIBILITIES

    3.1. Customer may only use the Services in accordance with the Documentation and as explicitly set forth in this Agreement. Customer will cooperate with Duo Security in connection with the performance of this Agreement as may be necessary, which may include making available such personnel and information as may be reasonably required to provide the Services or support. Customer is solely responsible for determining whether the Services are sufficient for its purposes, including but not limited to, whether the Services satisfy Customer’s legal and/or regulatory requirements.

    3.2. Use of the Services may require Users to install Duo Mobile Software on their mobile devices. Such use shall be subject to the terms of the EULA. In addition, third party terms may apply with respect to third party products and software accessible via the Services and with respect to devices using third party operating systems or software or in the event that Duo Mobile Software is downloaded from third party sites (collectively, “Third Party Services”). Customer’s access and use of Third Party Services is governed solely by the terms and conditions of such Third Party Services. Duo Security does not endorse, is not responsible or liable for, makes no representations or warranties and provides no indemnification with respect to any aspect of the Third Party Services, notwithstanding anything in this Agreement to the contrary. Customer agrees to waive any claim against Duo Security with respect to the Third Party Services. Duo Security is not liable for any damage or loss caused or alleged to be caused by or in connection with enablement, access or use of any such Third Party Services, or Customer’s reliance on the privacy practices, data security processes or other policies of such Third Party Services.  Duo Security does not provide customer support or assistance with respect to the Third Party Services. Users may be required to register for or log into such Third Party Services on their respective websites or apps. 

    3.3. Customer acknowledges that the Services will require the Users to share with Duo Security certain information for the purposes of providing the Services, such as user names, password and other login information. This information may include personal information (such as email address, and/or phone number) regarding the Users, and Duo Security will use such information for the purposes of providing the Services to Customer and Users. Prior to authorizing an individual to become a User, Customer is fully responsible for obtaining the consent of that individual, in accordance with all applicable laws, to the use of his/her information by Duo Security for purposes of providing the Services, which use shall be governed by the terms of the Privacy Policy. Customer represents and warrants that all such consents have been or will be obtained prior to authorizing any individual to become a User.

    3.4. Users will be required to review and agree to Duo Security’s Privacy Policy, Service Terms and Conditions, and EULA. Notwithstanding the foregoing, Customer will be fully responsible for Users’ compliance with this Agreement, the Privacy Policy, the Service Terms and Conditions, and the EULA. Any breach of this Agreement or such other terms by a User shall be deemed to be a breach by Customer. Customer is solely responsible for determining whether the Services are sufficient for Customer’s purposes.

    3.5. There will be no force or effect given to any different or additional terms contained in any purchase order or similar form issued by either party, even if signed by the parties after the date hereof unless such terms are included in an amendment in accordance with the terms of Section 14.3 of this Agreement. Each party’s acceptance of this Agreement was and is expressly conditional upon the other’s acceptance of the terms contained in the Agreement to the exclusion of all other terms.

  4. RESTRICTIONS

    Customer will not, and will not permit any of its Users nor any third party to: reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas or algorithms of the Services, Software, Hardware Tokens or any data related to the Services (except to the extent such prohibition is contrary to applicable law that cannot be excluded by the agreement of the parties); modify, translate, or create derivative works based on the Services or Software; share, rent, lease, loan, resell, sublicense, distribute, use or otherwise transfer the Services or Software for timesharing or service bureau purposes or for any purpose other than its own use; or use the Services or Software other than in accordance with this Agreement and in compliance with all applicable laws and regulations (including but not limited to any European privacy laws and intellectual property laws).

  5. PAYMENT OF FEES

    5.1. Customer will pay Duo Security the Fees plus all applicable sales, use and other purchase related taxes (or provide Duo Security with a valid certificate of exemption from the requirement of paying sales, use or other purchase related taxes) in accordance with the payment terms set forth on the Order Form. Except as otherwise indicated in the applicable Order Form, all fees and expenses shall be in U.S. dollars. Unpaid Fees are subject to a finance charge of one percent (1.0%) per month, or the maximum permitted by law, whichever is lower, plus all expenses of collection, including reasonable attorneys’ fees. In the case of any withholding requirements, Customer will pay any required withholding itself and will not reduce the amount paid to Duo Security on account thereof. If the method of payment is by credit card, Customer agrees to (a) keep Customer’s credit card information updated and (b) authorize Duo Security to charge Customer’s credit card the Fees as and when due. Duo Security will not charge users any fees for their use of the Services or Duo Mobile Software without Customer’s authorization. Users’ carriers or service providers may charge fees for data usage, messaging, phone calls or other services that are required for them to use the Services. All payments will be made in accordance with the Payment Schedule.

    5.2. Customer’s Order Form will indicate an initial allotment of Telephony Credits, if applicable. Customer may purchase additional Telephony Credits separately via the billing section of Customer’s administrative interface or by contacting a sales representative. U.S. and international rates for telephony can be found at https://www.duosecurity.com/docs/telephony_credits.

    5.3. If a Customer uses only Free Services, Duo Security will not charge such Customer any Fees for use of such Free Services or download, installation or use of the Software associated with Free Services. Such Customer may discontinue using the Free Services at any time, but must immediately remove any Software from its devices.

    5.4. At any time during the Term, and unless otherwise agreed to in writing by the parties, any increase or overage in the maximum number of Users specified in the Order Form will be treated in accordance with this Section 5.4 (a “Subscription Upgrade”). The maximum number of Users shall be increased as follows:

    For Subscription Upgrades (i) for Customers where the maximum number of Users on the Order Form is fewer than 500 Users, the maximum number of Users will be increased automatically in increments equal to 50 Users, (ii) for Customers where the maximum number of Users on the Order Form is 500 - 1000 Users, the maximum number of Users will be increased automatically in increments equal to 100 Users, and (ii) for Customers where the maximum number of Users on the Order Form is 1001 or greater, the maximum number of Users will be increased automatically in increments equal to 250 Users.

    Duo Security shall invoice Customer for the increase in the maximum number of Users at the subscription rate and payment terms specified in the most recent Order Form, which will be prorated for the remainder of the then applicable subscription Term. For any future subscription Term, the number of Users and applicable Fees will reflect any Subscription Upgrades.

  6. CONFIDENTIALITY

    6.1. Each party (the “Receiving Party”) understands that the other party (the “Disclosing Party”) has disclosed or may disclose information relating to the Disclosing Party’s technology, Users or business, including without limitation the pricing and other terms of this Agreement (hereinafter referred to as “Confidential Information” of the Disclosing Party).

    6.2. The Receiving Party agrees: (i) not to disclose the Confidential Information to any third person other than those of its employees, investors and potential acquirers with a need to have access thereto and who have entered into non-disclosure and non-use agreements applicable to the Disclosing Party’s Confidential Information, and (ii) to use such Confidential Information solely as reasonably required in connection with the Services and/or this Agreement. The Receiving Party further agrees to take the same security precautions to protect against unauthorized disclosure or unauthorized use of such Confidential Information of the Disclosing Party that the party takes with its own confidential or proprietary information, but in no event will a party apply less than reasonable precautions to protect such Confidential Information. Each party acknowledges that the use of such precautions is not a guarantee against unauthorized disclosure or use. The Disclosing Party agrees that the foregoing will not apply with respect to any information that the Receiving Party can document (a) is or becomes generally available to the public without any action by, or involvement of, the Receiving Party, or (b) was in its possession or known by it prior to receipt from the Disclosing Party, or (c) was rightfully disclosed to it without restriction by a third party, or (d) was independently developed without use of any Confidential Information of the Disclosing Party. Nothing in this Agreement will prevent the Receiving Party from disclosing the Confidential Information pursuant to any judicial or governmental order, provided that, to the extent permitted by law, the Receiving Party gives the Disclosing Party reasonable prior notice of such disclosure to contest such order. For the avoidance of doubt, Customer acknowledges that Duo Security utilizes the services of certain third parties in connection with the provision of the Services (such as data hosting and telephony service providers) and the provision of the Third Party Services and such third parties will have access to Customer’s Confidential Information, subject to compliance with this Section 6. The parties agree that Performance Data and any other de-identified information in any form or format is not Confidential Information and will not be subject to any confidentiality restrictions or obligations.

    6.3. Customer acknowledges that Duo Security does not wish to receive any Confidential Information from Customer that is not necessary for Duo Security to perform its obligations under this Agreement, and, unless the parties specifically agree otherwise, Duo Security may reasonably presume that any unrelated information received from Customer is not confidential or Confidential Information, unless such information is marked as “Confidential”.

  7. INTELLECTUAL PROPERTY RIGHTS; OWNERSHIP

    Except as expressly set forth herein, Duo Security alone (and its licensors, where applicable) will retain all Intellectual Property Rights relating to the Services or the Software or any suggestions, ideas, enhancement requests, feedback, recommendations or other information provided by Customer or any third party relating to the Services and/or the Software, which are hereby assigned to Duo Security. Customer will not copy, distribute, reproduce or use any of the foregoing except as expressly permitted under this Agreement. As between the parties, Duo Security will own all Performance Data, all other forms of aggregated information, and all de-identified data relating to any User and/or the Services. This Agreement is not a sale and does not convey to Customer any rights of ownership in or related to the Services or Software, or any Intellectual Property Rights.

  8. DATA PROTECTION

    8.1. In this Section 8, the terms “personal data”, “data processor”, “data subject”, “process and processing” and “data controller” shall be as defined in the DPA.

    8.2. For the purposes of the Data Protection Laws, as between Customer and Duo Security, the parties agree that Customer shall at all times be the data controller and Duo Security shall be the data processor with respect to the processing of Customer Personal Data in connection with this Agreement.

    8.3. By entering into this Agreement, Customer agrees that Duo Security may collect, retain and use certain Customer Personal Data (which may include, without limitation, names, mobile telephone numbers, IP addresses and email addresses of Users) in connection with the Services. As the data controller of such Customer Personal Data, Customer shall be responsible for ensuring that, and warrants and represents to Duo Security that it shall ensure that any processing of Customer Personal Data in connection with the Services shall comply with the Data Protection Laws. This shall include (without limitation) ensuring that Customer: (a) has given adequate notice and made all appropriate disclosures to the data subjects regarding Customer’s and/or Duo Security’s use and disclosure of Customer Personal Data, including (but without limitation) for the provision of the Services; and (b) has and/or obtains all necessary rights, and where applicable, all appropriate and valid consents from the data subjects to share such personal data with Duo Security and to permit use of Customer Personal Data by Duo Security for the purposes of the provision of the Services and performing its obligations under this Agreement or as may be required by applicable law (“Purpose”), including (but without limitation) notifying the data subject of the transfer of Customer Data outside of the European Economic Area to countries whose laws they have acknowledged may provide a lower standard of data protection than exists in the European Economic Area (“EEA”).

    8.4. As a data processor in relation to all Customer Personal Data, Duo Security agrees:

    (a) it shall implement appropriate technical and organizational measures to protect against unauthorized or unlawful processing (including disclosure or access) of such Customer Personal Data and against accidental loss or destruction of, or damage to, such data, having regard to the state of technological developments and the cost of implementing those measures and the nature of personal data to be protected;

    (b) it shall only process Customer Personal Data on behalf of Customer to the extent and in such a manner, as is necessary for the Purpose and shall not use Customer Personal Data for any other purpose without the prior written consent of Customer; and

    (c) it shall process Customer Personal Data only on, and in accordance with, Customer’s instructions contained in this Agreement or any other reasonable instructions received from Customer from time to time.

    8.5. Customer acknowledges that Customer Personal Data will be collected, transferred and stored by Duo Security outside the EEA in the United States of America, whose laws may provide a lower standard of data protection than exists in the EEA. For these purposes, Duo Security currently confirms that it currently complies with the US-EU Safe Harbor and the U.S.-Swiss Safe Harbor Framework as set forth by the US Department of Commerce, regarding the collection, use and retention of personal data from the European Union member countries. Duo Security has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access and enforcement. To learn more about the Safe Harbor program generally, and to view the Duo Security certification, please visit http://www.export.gov/safeharbor.

    8.6. Customer acknowledges that Duo Security is reliant on Customer for direction as to the extent to which Duo Security is entitled to use and process Customer Data. Consequently, Duo Security will not be liable for any claim brought by a data subject to the extent that such action or omission resulted directly from Customer’s instructions. Customer undertakes to comply in all respects with any applicable laws, regulations, standards and guidelines applicable to personal data and shall use all reasonable endeavors to where possible anonymise personal data sent to Duo Security.

  9. INDEMNIFICATION.

    For Customers enrolled in one of the editions of Services requiring purchase, Duo Security shall indemnify and hold Customer harmless from liability to third parties resulting from infringement by the Services of any United States or United Kingdom patent or any copyright or misappropriation of any trade secret, provided Duo Security is promptly notified of any and all threats, claims and proceedings related thereto and given reasonable assistance and the opportunity to assume sole control over defense and settlement; Duo Security will not be responsible for any settlement it does not approve. The foregoing obligations do not apply with respect to portions or components of the Services (i) not created by Duo Security, (ii) resulting in whole or in part from Customer specifications, (iii) that are modified after delivery by Duo Security, (iv) combined with other products, processes or materials where the alleged infringement relates to such combination, (v) where Customer continues allegedly infringing activity after being notified thereof or after being informed of modifications that would have avoided the alleged infringement, or (vi) where Customer’s use of Services is not strictly in accordance with this Agreement and all related Documentation. If Duo Security receives information about an actual or alleged infringement or misappropriation claim that would be subject to indemnification rights set forth in this Section 9, Duo Security shall have the option, at its expense, to (i) modify the Software to be non-infringing; or (ii) obtain for Customer a license to continue using the Software. If Duo Security determines it is not commercially reasonable to perform either of the above options, then Duo Security may at its option elect to terminate the license for the Services and refund the unearned portion of any pre-paid subscription Fees, pro-rated on a monthly basis. THIS SECTION STATES CUSTOMER’S SOLE AND EXCLUSIVE REMEDY FOR INFRINGEMENT, MISAPPROPRIATION AND/OR CLAIMS ALLEGING INFRINGEMENT OR MISAPPROPRIATION. Customer will indemnify Duo Security from all damages, costs, settlements, attorneys’ fees and expenses related to any claim related to (i) infringement or misappropriation not otherwise subject to Duo Security’s indemnification obligation set forth in this Section 9 and (ii) Customer’s breach of Section 3.3 relating to obtaining User consent, Section 4 “Restrictions,” Section 7 “Intellectual Property Rights; Ownership” or Section 8 “Data Protection”. Duo Security shall not provide any indemnification or other protections under this Section 9 to Customers who use only Free Services.

  10. TERM; TERMINATION

    10.1. Subject to earlier termination as expressly provided for in this Agreement, the initial Term of this Agreement shall be for the Term specified in the Order Form, or in the event of multiple Order Forms, until the Term of all Order Forms has expired. Each Order Form and this Agreement shall automatically renew after the initial Term and any renewal Term for a renewal Term equal to the expiring subscription Term, unless either party provides to the other at least forty-five (45) days prior written notice that it will not renew. The Fees per User for each renewal Term will be equal to the Fees per User for the immediately prior Term plus a price increase. Any pricing increase will not exceed seven percent (7%) per year, unless the pricing was designated in the applicable Order Form as promotional or one-time; provided, however, the Fees for each renewal Term shall not exceed the list price as of the start date of such renewal Term.

    10.2. In the event of any material breach of this Agreement by either party (other than Customer’s payment obligations), the non-breaching party may terminate this Agreement prior to the end of the Term by giving thirty (30) days prior written notice to the breaching party; provided, however, that this Agreement will not terminate if the breaching party has cured the breach prior to the expiration of such thirty-day period. If Customer fails to pay any Fees or other amounts in the applicable Order Form, Duo Security may terminate this Agreement prior to the end of the Term by giving five (5) business days prior written notice to Customer; provided, however, that this Agreement will not terminate if Customer has paid all Fees and other amounts in the applicable Order Form prior to the expiration of such five business-day period.

    10.3. Either party may terminate this Agreement, without notice, (i) upon the institution or if a petition is filed, notice is given, a resolution is passed or an order is made, in each case by or against the other party under any applicable laws relating to insolvency, administration, liquidation, receivership, bankruptcy or any other winding up proceedings, (ii) upon the other party’s making an assignment for the benefit of creditors or making a voluntary arrangement with its creditors, (iii) upon the other party’s dissolution or ceasing, or threatening to cease to do business or (iv) if any event occurs, or proceeding is instituted, with respect to the other party that has the equivalent or similar effect to any of the events mentioned in Sections 10.3 (i) to (iii) inclusive. For Customers using Free Services, Duo Security may terminate this Agreement at any time with or without notice and Duo Security reserves the right to disable such Customers’ access to or use of the Services at any time with or without notice for any reason or no reason.

    10.4. The Sections of this Agreement which by their nature should survive termination or expiration of this Agreement, including but not limited to Sections 3.1 and 4 through 14 (inclusive), will survive termination or expiration of this Agreement. No refund of Fees shall be due in any amount on account of termination by Duo Security pursuant to this Section 10. In the event of termination by Customer pursuant to this Section 10, Customer shall be entitled as its sole and exclusive remedy, to receive a refund of any pre-paid subscription Fees paid by Customer to Duo Security for Services not rendered as of the termination date. When this Agreement expires or terminates, Duo Security shall cease providing the Service to Customer.

  11. WARRANTIES AND DISCLAIMER OF ADDITIONAL WARRANTIES

    11.1. For Customers enrolled in one of the editions of Services requiring purchase, Duo Security represents and warrants that it will not knowingly include, in any Duo Security software released to Users and provided to Customer hereunder, any computer code or other computer instructions, devices or techniques, including without limitation those known as disabling devices, trojans, or time bombs, that intentionally disrupt, disable, harm, infect, defraud, damage, or otherwise impede in any manner, the operation of a network, computer program or computer system or any component thereof, including its security or User data. If, at any time, Duo Security fails to comply with the warranty in this Section 11.1, Customer may promptly notify Duo Security in writing of any such noncompliance. Duo Security will, within thirty (30) days of receipt of such written notification, either correct the noncompliance or provide Customer with a plan for correcting the noncompliance. If the noncompliance is not corrected or if a reasonably acceptable plan for correcting them is not established during such period, Customer may terminate this Agreement and receive a refund of any pre-paid but unearned subscription Fees, pro-rated on a monthly basis, as its sole and exclusive remedy for such noncompliance. This provision does not apply to Customers who use only Free Services.

    11.2. For Customers that have purchased Hardware Tokens as part of the Services, Duo Security warrants to Customer only that Hardware Tokens will be free of defects in material and workmanship at the time of sale and for a period of six (6) months thereafter. This limited warranty is limited to replacement of defective Hardware Tokens. This limited Hardware Token warranty is Customer’s exclusive remedy for defective Hardware Tokens. This provision does not apply to Customers who use only Free Services.

    11.3. EXCEPT AS EXPLICITLY PROVIDED IN THIS SECTION 11, THE SERVICES AND DUO SECURITY CONFIDENTIAL INFORMATION AND ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT ARE PROVIDED “AS-IS,” WITHOUT ANY WARRANTIES OF ANY KIND. DUO SECURITY HEREBY DISCLAIMS FOR ITSELF AND ITS SUPPLIERS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ALL IMPLIED WARRANTIES, TERMS OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PURPOSE OR A PARTICULAR PURPOSE, SATISFACTORY QUALITY, TITLE, AND NON-INFRINGEMENT.

  12. LIMITATION OF LIABILITY

    12.1. NOTHING IN THIS AGREEMENT (OR ANY ORDER FORM) SHALL LIMIT OR EXCLUDE EITHER PARTY’S LIABILITY FOR (A) DEATH OR PERSONAL INJURY CAUSED BY ITS NEGLIGENCE, OR THE NEGLIGENCE OF ITS EMPLOYEES, AGENTS OR SUBCONTRACTORS; (B) FRAUD OR FRAUDULENT MISREPRESENTATION; OR (C) ANY OTHER LIABILITY THAT CANNOT BE EXCLUDED OR LIMITED BY LAW.

    12.2. SUBJECT TO SECTION 12.1, IN NO EVENT WILL DUO SECURITY OR ITS SUPPLIERS BE LIABLE TO CUSTOMER (OR ANY PERSON CLAIMING UNDER OR THROUGH CUSTOMER) FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OF THE SERVICES OR ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT, THE DELAY OR INABILITY TO USE THE SERVICES OR ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT OR OTHERWISE ARISING FROM THIS AGREEMENT, INCLUDING WITHOUT LIMITATION, (I) LOSS OF REVENUE OR ANTICIPATED PROFITS (WHETHER DIRECT OR INDIRECT) OR (II) LOST BUSINESS OR (III) LOST SALES, WHETHER BASED IN CONTRACT, TORT (INCLUDING ACTIVE AND PASSIVE NEGLIGENCE AND STRICT LIABILITY) BREACH OF STATUTORY DUTY OR OTHERWISE, EVEN IF DUO SECURITY HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES.

    12.3. SUBJECT TO SECTION 12.1, THE TOTAL LIABILITY OF DUO SECURITY FOR ANY CLAIM, WHETHER BASED IN CONTRACT, TORT (INCLUDING ACTIVE AND PASSIVE NEGLIGENCE AND STRICT LIABILITY) OR OTHERWISE, WILL NOT EXCEED, IN THE AGGREGATE, THE FEES PAID OR TO BE PAID TO DUO SECURITY HEREUNDER IN THE TWELVE MONTH PERIOD ENDING ON THE DATE THAT SUCH CLAIM IS FIRST ASSERTED, PROVIDED, HOWEVER THAT THE MAXIMUM LIABILITY OF DUO SECURITY FOR ALL CLAIMS SHALL BE THE THEN CURRENT ANNUALIZED VALUE OF THE APPLICABLE ORDER FORM. THE FOREGOING LIMITATIONS WILL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.

  13. U.S. GOVERNMENT MATTERS

    Notwithstanding anything else, Customer may not provide to any person or export or re-export or allow the export or re-export of the Services or any software or anything related thereto or any direct product thereof, in violation of any restrictions, laws or regulations of the United States Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, or any other United States or foreign agency or authority.

  14. MISCELLANEOUS

    14.1. Severability. If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable.

    14.2. Assignment. This Agreement is not assignable, transferable or sublicensable by Customer except with Duo Security’s prior written consent, which shall not be unreasonably withheld. Duo Security may transfer and assign any of its rights and obligations under this Agreement with written notice to Customer. This Agreement shall be binding upon and shall inure to the benefit of the parties hereto and their respective permitted successors and permitted assigns.

    14.3. Entire Agreement; Amendment. Both parties agree that this Agreement is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of this Agreement, and that all waivers, amendments and modifications must be in a writing signed by both parties and specifically reference the provision of this Agreement being waived, amended or modified, except as otherwise provided herein. No agency, partnership, joint venture, or employment is created as a result of this Agreement and Customer does not have any authority of any kind to bind Duo Security in any respect whatsoever.

    14.4. Notices. All notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; and upon receipt, if sent by certified or registered mail (return receipt requested), postage prepaid. Duo Security may provide notice using the information provided in the most recent Order Form and Customer may provide notice using the contact information provided on duosecurity.com.

    14.5. Force Majeure. Any delay or failure in the performance of any duties or obligations of either party (except the payment of money owed) will not be considered a breach of this Agreement if such delay or failure is due to a labor dispute, fire, earthquake, flood or any other event beyond the reasonable control of a party, provided that such party promptly notifies the other party thereof and uses reasonable efforts to resume performance as soon as possible.

    14.6. Governing Law; Arbitration. This Agreement will be governed by the laws of the State of Michigan, U.S.A. without regard to its conflict of laws provisions. Any dispute arising from or relating to the subject matter of this Agreement shall be finally settled by arbitration in Washtenaw County, Michigan, in accordance with the Streamlined Arbitration Rules and Procedures of Judicial Arbitration and Mediation Services, Inc. (“JAMS”) then in effect, by one commercial arbitrator with substantial experience in resolving intellectual property and commercial contract disputes, who shall be selected from the appropriate list of JAMS arbitrators in accordance with the Streamlined Arbitration Rules and Procedures of JAMS. Judgment upon the award so rendered may be entered in a court having jurisdiction, or application may be made to such court for judicial acceptance of any award and an order of enforcement, as the case may be. Notwithstanding the foregoing, each party shall have the right to institute an action in a court of proper jurisdiction for injunctive or other equitable relief pending a final decision by the arbitrator.

    14.7. Venue; Prevailing Party. The federal and state courts sitting in Washtenaw County, Michigan, U.S.A. will have proper and exclusive jurisdiction and venue with respect to any disputes arising from or related to the subject matter of this Agreement. Notwithstanding the foregoing, each party shall have the right to commence and prosecute any action for injunctive relief before any court of competent jurisdiction. In any arbitration, action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover costs and attorneys’ fees.

    14.8. Publicity. Customer agrees to participate in press announcements, case studies, trade shows, or other marketing reasonably requested by Duo Security. During the Term and for thirty (30) days thereafter, Customer grants Duo Security the right to use Customer’s name and/or logo to identify Customer as such on Duo Security’s website or other marketing or advertising materials.