Service Terms and Conditions

EFFECTIVE AS OF DECEMBER 10, 2013

These Service Terms and Conditions (“Agreement”) constitute a contract between Duo Security, Inc. with offices at 617 Detroit Street, Ann Arbor, MI 48104 (“Duo Security”), and you. This Agreement includes and incorporates the webpage Order Form with which Customer purchased the Services and any subsequent Order Forms (submitted in written or electronic form), as well as the accompanying Terms and Conditions. By accessing or using the Services, you agree to be bound by this Agreement. If you are entering into this Agreement on behalf of a company, organization or other entity, you represent that you have such authority to bind such entity to this Agreement and are agreeing to these Terms and Conditions on behalf of such entity. If you do not have such authority to enter into this Agreement or do not agree with these Terms and Conditions, you may not use the Services.

  1. DEFINITIONS

    1.1 “Customer” means the individual or legal entity that has signed up for the Services and agreed to the terms of this Agreement.

    1.2 “Documentation” means guides, instructions, policies and reference materials provided to Customer by Duo Security in connection with the Services, including the Documentation located at https://www.duosecurity.com/docs, which may be amended from time to time.

    1.3 “Duo Mobile Software” means all Duo Security proprietary mobile applications (available on iPhone, Android, Palm, Blackberry, Windows Mobile and other supported mobile devices) used in providing the Services.

    1.4 “Hardware Tokens” mean hardware security tokens purchased by Customer under an Order Form.

    1.5 “Integration Software” means (a) Duo Security proprietary software and (b) open source software used in providing the Services which integrates with Customer’s network or application, including SSL or other VPN, Unix operating system, Microsoft application, and/or web application, as provided in the Documentation.

    1.6 “Order Form(s)” means the invoice or other forms from Duo Security for the initial order for the Service, and any subsequent invoice or other forms from Duo Security (submitted in written form or online), specifying, among other things, the maximum number of authorized users, the initial subscription term, the purchase of any Hardware Tokens, the applicable fees, telephone credits (if any), and such other charges and terms as agreed between the parties.

    1.7 “Payment Schedule” means the schedule selected by Customer for payment of Fees (on either an order webpage or an attached Order Form), which may be either monthly by credit card or annually or multi-year and invoiced in advance, with payment due within thirty days of receipt of invoice.

    1.8 “Services” means the products and services that are ordered by and/or made available to Customer under a free trial or an Order Form (including services using only the Duo Mobile Software) and made available online by Duo Security, including associated offline components, as described in the Documentation.

    1.9 “Software” means the Integration Software and Duo Mobile Software.

    1.10 “Telephone Credits” mean credits for Customer’s users to provide authentication by telephone or SMS.

    1.11 “Term” means the subscription term indicated on the Order Form and any subsequent renewal terms.

    1.12 “User” means any user of the Services who Customer may authorize to enroll to use the Services under the terms of this Agreement.

    1.13 The terms “you” or “your” refer to the individual using the Services, if an individual is using the Services, or the individual entering into this Agreement on behalf of a legal entity for such legal entity to use the Services.

  2. SERVICES FOR CUSTOMER

    2.1 Subject to full compliance with the terms and conditions of this Agreement, Duo Security will provide the Services to Customer. The Services are subject to modification from time to time at Duo Security’s sole discretion, for any purpose deemed appropriate by Duo Security. Duo Security will use reasonable efforts to give Customer prior written notice of any such modification.

    2.2 Duo Security will make the Services available and the Services will perform substantially in accordance with the description of the services found at http://www.duosecurity.com/editions. Notwithstanding the foregoing, Duo Security reserves the right to suspend Customer’s (or any of its users’) access to the Services: (i) for scheduled or emergency maintenance, or (ii) in the event Customer is in breach of this Agreement, including failure to pay any amounts due to Duo Security.

  3. CUSTOMER RESPONSIBILITIES

    3.1 Use of the Services may require Customer’s users of the Services to install Duo Mobile Software on their mobile devices. The terms found at Exhibit B, and as updated from time to time at store.apple.com, apply to Customer’s and Customer’s users’ use of the Services on any platform, including iPhone and iPad applications, available via the Apple, Inc. (“Apple”) App Store.

    3.2 Customer will cooperate with Duo Security in connection with the performance of this Agreement as may be necessary, which may include available such personnel and information as may be reasonably required to provide the Services or support.

    3.3 Customer may designate employee(s) on Customer’s administrative interface on the Services who will be primary contact(s) for Duo Security.

    3.4 For Customers that have purchased Hardware Tokens as part of the Services, Customer shall use such Hardware Tokens in accordance with the Documentation.

  4. RESTRICTIONS

    Customer will not, and will not permit any of its users nor any third party to: reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas or algorithms of the Services, Software, Hardware Tokens or any data related to the Services (provided that reverse engineering is prohibited only to the extent such prohibition is not contrary to applicable law); modify, translate, or create derivative works based on the Services or Software; share, rent, lease, loan, resell, sublicense, distribute, use or otherwise transfer the Services or Software for timesharing or service bureau purposes or for any purpose other than its own use; or use the Services or Software other than in accordance with this Agreement and in compliance with all applicable laws and regulations (including but not limited to any European privacy laws and intellectual property laws).

  5. PAID SERVICES

    5.1 For Customers enrolled in one of the editions of Services requiring purchase, subject to full compliance with the terms and conditions of this Agreement, Duo Security will use commercially reasonable efforts to provide support to Customer as described at https://www.duosecurity.com/support and at https://www.duosecurity.com/sla, which includes links to documentation and whitepapers, support hours of coverage, response times, support contact information and other support specifics. Only Customers who have enrolled in one of the editions of Services requiring purchase will receive support from Duo Security. Certain parts of the Services or types of Services provided by Duo Security are free to use and do not require payment (“Free Services”). Customers who use only Free Services will not receive any support from Duo Security.

    5.2 For Customers enrolled in one of the editions of Services requiring purchase, Duo Security shall indemnify and hold Customer harmless from liability to third parties resulting from infringement by the Services of any United States patent or any copyright or misappropriation of any trade secret, provided Duo Security is promptly notified of any and all threats, claims and proceedings related thereto and given reasonable assistance and the opportunity to assume sole control over defense and settlement; Duo Security will not be responsible for any settlement it does not approve. The foregoing obligations do not apply with respect to portions or components of the Services (i) not created by Duo Security, (ii) resulting in whole or in part in accordance from Customer specifications, (iii) that are modified after delivery by Duo Security, (iv) combined with other products, processes or materials where the alleged infringement relates to such combination, (v) where Customer continues allegedly infringing activity after being notified thereof or after being informed of modifications that would have avoided the alleged infringement, or (vi) where Customer’s use of is not strictly in accordance with this Agreement and all related the Documentation. Customer will indemnify Duo Security from all damages, costs, settlements, attorneys’ fees and expenses related to any claim of infringement or misappropriation excluded from Duo Security’s indemnity obligation by the preceding sentence. This provision does not apply to Customers who use only Free Services.

    5.3 For Customers enrolled in one of the editions of Services requiring purchase, Duo Security represents and warrants that it will not knowingly include, in any Duo Security software released to the public and provided to Customer hereunder, any computer code or other computer instructions, devices or techniques, including without limitation those known as disabling devices, trojans, or time bombs, that intentionally disrupt, disable, harm, infect, defraud, damage, or otherwise impede in any manner, the operation of a network, computer program or computer system or any component thereof, including its security or user data. If, at any time, Duo Security fails to comply with the warranty in this Section, Customer may promptly notify Duo Security in writing of any such noncompliance. Duo Security will, within thirty (30) days of receipt of such written notification, either correct the noncompliance or provide Customer with a plan for correcting the noncompliance. If the noncompliance is not corrected or if a reasonably acceptable plan for correcting them is not established during such period, Customer may terminate this Agreement as its sole and exclusive remedy for such noncompliance. This provision does not apply to Customers who use only Free Services.

    5.4 For Customers that have purchased Hardware Tokens as part of the Services, Duo Security warrants to Customer only that Hardware Tokens will be free of defects in material and workmanship at the time of sale and for a period of six (6) months thereafter. This limited warranty is limited to replacement of defective Hardware Tokens. This limited Hardware Token warranty is Customer’s exclusive remedy for defective Hardware Tokens. This provision does not apply to Customers who use only Free Services.

  6. CONFIDENTIALITY 6.1 Each party (the “Receiving Party”) understands that the other party (the “Disclosing Party”) has disclosed or may disclose information relating to the Disclosing Party’s technology or business (hereinafter referred to as “Confidential Information” of the Disclosing Party).

    6.2 The Receiving Party agrees: (i) not to divulge to any third person any such Proprietary Information, (i) to give access to such Proprietary information solely to those employees with a need to have access thereto for purposes of this Agreement, and (iii) to take the same security precautions to protect against disclosure or unauthorized use of such Proprietary information that the party takes with its own proprietary information, but in no event will a party apply less than reasonable precautions to protect such Proprietary Information. The Disclosing Party agrees that the foregoing will not apply with respect to any information that the Receiving Party can document (a) is or becomes generally available to the public without any action by, or involvement of, the Receiving Party, or (b) was in its possession or known by it prior to receipt from the Disclosing Party, or (c) was rightfully disclosed to it without restriction by a third party, or (d) was independently developed without use of any Proprietary Information of the Disclosing Party. Nothing in this Agreement will prevent the Receiving Party from disclosing the Proprietary Information pursuant to any judicial or governmental order, provided that the Receiving Party gives the Disclosing Party reasonable prior notice of such disclosure to contest such order. In any event, Duo may collect data with respect to and report on usage and other aggregate measures of the Services’ performance.

    6.3 Customer acknowledges that Duo does not wish to receive any Proprietary Information from Customer that is not necessary for Duo to perform its obligations under this Agreement, and, unless the parties specifically agree otherwise, Duo may reasonably presume that any unrelated information received from Customer is not confidential or Proprietary Information.

    6.4 Both Parties will have the right to disclose the existence but not the terms and conditions of this Agreement, unless such disclosure is approved in writing by both Parties prior to such disclosure, or is included in a filing required to be made by a Party with a governmental authority (provided such party will use reasonable efforts to obtain confidential treatment or a protective order) or is made on a confidential basis as reasonably necessary to potential investors or acquirors.

  7. INTELLECTUAL PROPERTY RIGHTS

    7.1 Except as expressly set forth herein, Duo Security alone (and its licensors, where applicable) will retain all intellectual property rights relating to the Services or the Software or any suggestions, ideas, enhancement requests, feedback, recommendations or other information provided by Customer or any third party relating to the Services and/or the Software, which are hereby assigned to Duo Security. Customer will not copy, distribute, reproduce or use any of the foregoing except as expressly permitted under this Agreement. This Agreement is not a sale and does not convey to Customer any rights of ownership in or related to the Services or Software, or any intellectual property rights.

  8. PAYMENT OF FEES

    8.1 Customer will pay Duo Security the applicable fees as set forth on the Order Form (the “Fees”) plus all applicable sales, use and other purchase related taxes. If the method of payment is by credit card, Customer agrees to (a) keep Customer’s credit card information updated and (b) authorize Duo Security to charge Customer’s credit card the Fees as and when due. Duo Security will not charge users any fees for their use of the Services or Duo Mobile Software without Customer’s authorization. Customer’s users’ carriers or service providers may charge fees for data usage, messaging, phone calls or other services that are required for them to use the Services. All payments will be made in accordance with the Payment Schedule.

    8.2 Customer’s Order Form will indicate an initial allotment of Telephone Credits, if applicable. Customer may purchase additional Telephony Credits separately via the billing section of Customer’s administrative interface or by contacting a sales representative. U.S. and international rates for telephony can be found at https://www.duosecurity.com/docs/telephony_credits.

    8.3 If a Customer uses only Free Services, Duo Security will not charge such Customer any Fees for use of such Free Services or download, installation or use of the Software associated with Free Services. Such Customer may discontinue using the Free Services at any time, but must immediately remove any Software from its devices.

    8.4 Unpaid Fees are subject to a finance charge of one percent (1.0%) per month, or the maximum permitted by law, whichever is lower, plus all expenses of collection, including reasonable attorneys’ fees. Fees under this Agreement are exclusive of all taxes, including national, state or provincial and local use, sales, value-added, property and similar taxes, if any. Customer agrees to pay such taxes (excluding US taxes based on Duo Security’s net income) unless Customer has provided Duo Security with a valid exemption certificate. In the case of any withholding requirements, Customer will pay any required withholding itself and will not reduce the amount paid to Customer on account thereof.

  9. TERMINATION

    9.1 Subject to earlier termination as provided below, this Agreement is for the Term as specified in the Order Form.

    9.2 In the event of any material breach of this Agreement, the non-breaching party may terminate this Agreement prior to the end of the Term by giving thirty (30) days prior written notice to the breaching party; provided, however, that this Agreement will not terminate if the breaching party has cured the breach prior to the expiration of such thirty-day period. Either party may terminate this Agreement, without notice, (i) upon the institution by or against the other party of insolvency, receivership or bankruptcy proceedings, (ii) upon the other party’s making an assignment for the benefit of creditors, or (iii) upon the other party’s dissolution or ceasing to do business. For Customers using Free Services, Duo Security may terminate this Agreement at any time with or without notice and Duo Security reserves the right to disable such Customers’ access to or use of the Services at any time with or without notice for any reason or no reason.

    9.3 For Customer’s enrolled in one of the editions of Services requiring purchase, Customer may terminate this Agreement upon thirty (30) days prior written notice and Duo Security may terminate this Agreement upon ninety (90) days written notice to Customer.

    9.4 Sections 3.3, 3.4, 4, and 6 through 15 (inclusive) will survive termination, including, without limitation, restrictions, accrued rights to payment, confidentiality obligations, intellectual property rights, warranty disclaimers, and limitations of liability. No refund of Fees shall be due in any amount on account of termination by Duo Security pursuant to Section 9.2 or by Customer pursuant to Section 9.3. When this Agreement expires or terminates, Duo Security shall cease providing the Service to Customer.

  10. WARRANTY DISCLAIMER

    THE SERVICES AND DUO SECURITY CONFIDENTIAL INFORMATION AND ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT ARE PROVIDED “AS-IS,” WITHOUT ANY WARRANTIES OF ANY KIND. DUO SECURITY HEREBY DISCLAIMS FOR ITSELF AND ITS SUPPLIERS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.

  11. LIMITATION OF LIABILITY

    IN NO EVENT WILL DUO SECURITY OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OF THE SERVICES OR ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT, THE DELAY OR INABILITY TO USE THE SERVICES OR ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT OR OTHERWISE ARISING FROM THIS AGREEMENT, INCLUDING WITHOUT LIMITATION, LOSS OF REVENUE OR ANTICIPATED PROFITS OR LOST BUSINESS OR LOST SALES, WHETHER BASED IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR OTHERWISE, EVEN IF DUO SECURITY HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES.

    THE TOTAL LIABILITY OF DUO SECURITY, WHETHER BASED IN CONTRACT, TORT (INCLUDING NEGLIGENCE OR STRICT LIABILITY), OR OTHERWISE, WILL NOT EXCEED, IN THE AGGREGATE THE FEES PAID TO DUO SECURITY HEREUNDER IN THE TWELVE MONTH PERIOD ENDING ON THE DATE THAT A CLAIM OR DEMAND IS FIRST ASSERTED. THE FOREGOING LIMITATIONS WILL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.

  12. U.S. GOVERNMENT MATTERS

    Notwithstanding anything else, Customer may not provide to any person or export or re-export or allow the export or re-export of the Services or any software or anything related thereto or any direct product thereof, in violation of any restrictions, laws or regulations of the United States Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, or any other United States or foreign agency or authority.

  13. MISCELLANEOUS

    If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable. This Agreement is not assignable, transferable or sublicensable by Customer except with Duo Security’s prior written consent. Duo Security may transfer and assign any of its rights and obligations under this Agreement with written notice to Customer. Both parties agree that this Agreement is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of this Agreement, and that all waivers and modifications must be in a writing signed by both parties, except as otherwise provided herein. No agency, partnership, joint venture, or employment is created as a result of this Agreement and Customer does not have any authority of any kind to bind Duo Security in any respect whatsoever. In any action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover costs and attorneys’ fees. All notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; and upon receipt, if sent by certified or registered mail (return receipt requested), postage prepaid. Duo Security may provide notice using the information provided in the most recent Order Form and Customer may provide notice using the contact information provided on duosecurity.com. Duo Security will not be liable for any loss resulting from a cause over which it does not have direct control. This Agreement will be governed by the laws of the State of Michigan, U.S.A. without regard to its conflict of laws provisions. Any dispute arising from or relating to the subject matter of this Agreement shall be finally settled by arbitration in Washtenaw County, Michigan, in accordance with the Streamlined Arbitration Rules and Procedures of Judicial Arbitration and Mediation Services, Inc. (“JAMS”) then in effect, by one commercial arbitrator with substantial experience in resolving intellectual property and commercial contract disputes, who shall be selected from the appropriate list of JAMS arbitrators in accordance with the Streamlined Arbitration Rules and Procedures of JAMS. Judgment upon the award so rendered may be entered in a court having jurisdiction, or application may be made to such court for judicial acceptance of any award and an order of enforcement, as the case may be. Notwithstanding the foregoing, each party shall have the right to institute an action in a court of proper jurisdiction for injunctive or other equitable relief pending a final decision by the arbitrator. The federal and state courts sitting in Washtenaw County, Michigan, U.S.A. will have proper and exclusive jurisdiction and venue with respect to any disputes arising from or related to the subject matter of this Agreement. If Customer is not an individual, Customer agrees to participate in press announcements, case studies, trade shows, or other forms reasonably requested by Duo Security. If Customer is not an individual, so long as Customer is using the Service and for thirty (30) days thereafter, Customer grants Duo Security the right to identify Customer as such on Duo Security’s website or other marketing or advertising materials. If Customer is not an individual, Customer grants Duo Security the right to use Customer’s name and/or logo for this limited purpose.

EXHIBIT B

APPLE DEVICE AND APPLICATION TERMS.

In the event you are using the Services in connection with a device provided by Apple, Inc. (“Apple”) or a Duo Security application obtained through the Apple App Store (collectively, such uses are henceforth the “Application”), the following shall apply:

  1. Both you and Duo Security acknowledge that this Agreement is concluded between you and Duo Security only, and not with Apple, and that Apple is not responsible for the Application or the Content;

  2. The Application is licensed to you on a limited, non-exclusive, non-transferrable, non-sublicensable basis, solely to be used in connection with the Service for your private, personal, non-commercial use, subject to all the terms and conditions of this Agreement as they are applicable to the Service;

  3. You will only use the Application in connection with an Apple device that you own or control;

  4. You acknowledge and agree that Apple has no obligation whatsoever to furnish any maintenance and support services with respect to the Application;

  5. In the event of any failure of the Application to conform to any applicable warranty, including those implied by law, you may notify Apple of such failure; upon notification, Apple’s sole warranty obligation to you will be to refund to you the purchase price, if any, of the Application;

  6. You acknowledge and agree that Duo Security, and not Apple, is responsible for addressing any claims you or any third party may have in relation to the Application;

  7. You acknowledge and agree that, in the event of any third party claim that the Application or your possession and use of the Application infringes that third party’s intellectual property rights, Duo Security, and not Apple, will be responsible for the investigation, defense, settlement and discharge of any such infringement claim;

  8. You represent and warrant that you are not located in a country subject to a U.S. Government embargo, or that has been designated by the U.S. Government as a “terrorist supporting” country, and that you are not listed on any U.S. Government list of prohibited or restricted parties;

  9. Both you and Duo Security acknowledge and agree that, in your use of the Application, you will comply with any applicable third party terms of agreement which may affect or be affected by such use; and

  10. Both you and Duo Security acknowledge and agree that Apple and Apple’s subsidiaries are third party beneficiaries of this Agreement, and that upon your acceptance of this Agreement, Apple will have the right (and will be deemed to have accepted the right) to enforce this Agreement against you as the third party beneficiary hereof.