Welcome to the Dispel Legal Center. Please read the contents of this site carefully, as the terms and policies here govern your relationship with Dispel.

What you will find here

These documents cover how Dispel will provide services to you, our support for those services, and our handling of your information—including personal and confidential data. It also describes your rights when using Dispel, and avenues of recourse if you believe we're not living up to our commitments.

Terms, Policies, and Privacy

The Terms are the promises we make to you and the contracts that legally underpin our work with you.

Policies are made part of the Terms by reference. Acceptable use, privacy, and support are all important components of the relationship, and we've broken them out into their own sections for readability.

As the name suggests, the Privacy section contains privacy-specific information. Not all of these are legally binding; some are informational but of concern to your company's data privacy officer.

Making changes

As our business grows, we may update these terms and policies to reflect changed circumstances. If we make material alterations, we'll notify you and post the changes here.

These Terms represent a binding agreement between you and Dispel, LLC. “We,” “our,” “us,” and "Dispel" refers Dispel LLC.

Description of Services

The Website may make available access to certain products, applications and services, including downloadable, software-as-a-service (SaaS) and privacy-as-a-service (PraaS) software products, applications and services (collectively, the “ Services”). In addition, the Website may make available access to photographs, graphics, images, videos, audio, text, data, content and other materials (“Materials ”), including information about Dispel’s events and initiatives. You may be asked to enter into a separate Customer Terms of Service and User Terms of Service with Dispel as a condition of using the Services (the “Customer Terms” and "User Terms", collectively in these Terms the "End User License Agreement"). If you enter into the EULA, your use of the Services subject to those contracts, as well as all other rights, responsibilities and obligations with respect to such Services, will be governed by the EULA and these Terms. To the extent that there is any irreconcilable conflict between any term or condition of these Terms and those of the EULA, the terms and conditions of the Customer and User Terms will take precedence.

The quality of the Website, including the streaming or download speed of Services or Materials, may be affected by a variety of factors, such as your location, the content being streamed or downloaded and the speed of your Internet connection. Dispel makes no representation or warranty regarding use of the Website.

What You Agree, Acknowledge, Represent and Warrant To

You represent that you are fully able and competent to enter into the obligations and make the representations and warranties in these Terms, and to abide by and comply with these Terms.

You also represent that you are at least 18 years of age, or an emancipated minor, or possess legal parental or guardian consent.

You are responsible for obtaining, maintaining and paying for all hardware and all telecommunications and other services needed to use the Website.

You acknowledge and agree that Dispel may, in its sole discretion and without prior notice (a) revoke or suspend any or all rights granted in these Terms, terminate or suspend your right to use the Website or any portion thereof, and/or block or prevent your future use of the Website or any portion thereof, and (b) modify, suspend or discontinue, temporarily or permanently, the Website or portions thereof. Upon any such suspension or termination, your right to use the Website will immediately cease. You agree that we will not be liable for any such suspension or termination, or any such modification, suspension, or discontinuance of the Website or any portions thereof.

License to Submissions

For purposes of clarity, you retain ownership of your Submissions. For each Submission, you hereby grant to us a worldwide, royalty-free, fully paid-up, non-exclusive, perpetual, irrevocable, transferable and fully sublicensable (through multiple tiers) license, without additional consideration to you or any third party, to reproduce, distribute, perform and display (publicly or otherwise), create derivative works of, adapt, modify and otherwise use, analyze and exploit such Submission, in any format or media now known or hereafter developed, and for any purpose (including promotional purposes, such as testimonials).

We love to hear from our users, especially on ways in which we can improve our offerings. If you provide to us any ideas, proposals, suggestions or other materials (“Feedback”), whether related to the Website or otherwise, such Feedback will be deemed a Submission, and you hereby acknowledge and agree that such Feedback is not confidential, and that your provision of such Feedback is gratuitous, unsolicited and without restriction, and does not place Dispel under any fiduciary or other obligation.

You represent and warrant that you have all rights necessary to grant the licenses granted in this section, and that your Submissions, and your provision thereof through and in connection with the Website, are complete and accurate, and are not fraudulent, tortious or otherwise in violation of any applicable law or any right of any third party. You further irrevocably waive any “moral rights” or other rights with respect to attribution of authorship or integrity of materials regarding each Submission that you may have under any applicable law under any legal theory.

Privacy Policy

Proprietary Rights

We and our licensors, as applicable, own the Website. The Website is protected by proprietary rights and laws.

Trade names, trademarks and service marks on the Website are owned by us or our licensors, as applicable. These trade names, trademarks and service marks, whether registered or unregistered, may not be used in connection with any product or service that is not ours, or in any manner that is likely to cause confusion. Nothing contained on the Website should be construed as granting any right to use any such trade names, trademarks or service marks without the owner’s prior written consent.

Third Party Materials

You acknowledge and agree that the Website may make available links or access to (and that through use of the Website you may be routed to) product, applications, services, photographs, graphics, images, videos, audio, text, data, content and other materials made available by third parties (“Third Party Materials”), including Third Party Materials hosted by third parties or on third-party networks, servers or other resources. Because we do not control Third Party Materials, you agree that Dispel does not endorse and is not responsible or liable for any Third Party Materials, including the accuracy, validity, timeliness, completeness, reliability, integrity, quality, legality, usefulness, safety or security of Third Party Materials. Dispel has no obligation to monitor Third Party Materials, and may block or disable access to any or all Third Party Materials through the Website at any time. Your use of Third Party Materials may be governed by additional terms and conditions that are not set forth in these Terms or in the EULA or our Privacy Policy (for example, terms and conditions and privacy policies that are made available by the providers of such Third Party Materials). You agree that any use of Third Party Materials is at your own risk.

In addition, you acknowledge that your use of the Website may involve public or other third-party hardware, networks, servers or other resources (including your own device), and the transmission of communications through or using such resources. Dispel is not responsible or liable for any such resources, or for any communications transmitted through or using such resources.

Indemnification

You agree to indemnify, defend, and hold harmless Dispel and its affiliates, and its and their members, employees, licensors, and suppliers (collectively called the “Dispel Parties”) from and against all claims, liabilities, damages, judgments, awards, losses, costs and expenses (including attorneys’ fees) arising out of or relating to (a) your use of, or activities in connection with, the Website; (b) any products, applications, services, photographs, graphics, images, videos, audio, text, data, content and other materials that you post, upload, use, receive, send, distribute, store or otherwise transmit through or using the Website, including any Submission; © any violation or alleged violation by you of these Terms or, if applicable, the EULA; (d) any violation or alleged violation by you of the rights of another, including without limitation any intellectual property, publicity, confidentiality, privacy, or propriety right; or (e) any violation or alleged violation by you of any applicable law or regulation, whether in the United States or anywhere else in the world.

Disclaimer

THE WEBSITE IS PROVIDED TO YOU ON AN “AS IS” AND “AS AVAILABLE” BASIS, AND WITHOUT ANY REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED OR STATUTORY. YOU ACKNOWLEDGE THAT NO ADVICE OR INFORMATION MADE AVAILABLE BY DISPEL, WHETHER ORAL OR WRITTEN, WILL CREATE ANY REPRESENTATION OR WARRANTY. THE DISPEL PARTIES DISCLAIM ALL REPRESENTATIONS AND WARRANTIES IN CONNECTION WITH THE WEBSITE, TO THE FULLEST EXTENT PERMISSIBLE UNDER APPLICABLE LAW, INCLUDING ANY WARRANTIES OF DESIGN, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE OR NON-INFRINGEMENT OF THIRD-PARTY RIGHTS, OR WARRANTIES ARISING FROM A COURSE OF DEALING, COURSE OF PERFORMANCE, USAGE OR TRADE PRACTICE.

WITHOUT LIMITING THE FOREGOING, NO DISPEL PARTY REPRESENTS OR WARRANTS THAT THE WEBSITE OR ITS OPERATION WILL MEET YOUR REQUIREMENTS OR BE UNINTERRUPTED, TIMELY, PRIVATE, SECURE, ACCURATE, RELIABLE OR FREE FROM DEFECTS OR ERRORS, THAT ANY DEFECTS OR ERRORS WILL BE CORRECTED, OR THAT YOUR COMMUNICATIONS THROUGH OR USING THE WEBSITE WILL BE DELIVERED TO THEIR INTENDED RECIPIENTS.

Limitation on Liability

TO THE EXTENT ALLOWED BY APPLICABLE LAW, AND NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THESE TERMS OR, IF APPLICABLE, IN THE EULA, OR ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY OR LIMITATION OF LIABILITY, (A) IN NO EVENT SHALL ANY DISPEL PARTY BE LIABLE FOR ANY DAMAGES ARISING FROM OR RELATING TO LOSS OF PROFITS, LOSS OR INTERRUPTION OF BUSINESS, LOSS OF USE, LOSS OR INTERCEPTION OF DATA, INABILITY TO USE THE WEBSITE, OR ANY THIRD PARTY MATERIALS, OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, EXEMPLARY, PUNITIVE OR CONSEQUENTIAL DAMAGES OF ANY KIND ARISING FROM OR RELATING TO YOUR USE OF THE WEBSITE, HOWEVER CAUSED, UNDER ANY CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, INDEMNITY OR OTHER LEGAL THEORY, EVEN IF A DISPEL PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND (B) THE ENTIRE AGGREGATE, COLLECTIVE LIABILITY OF THE DISPEL PARTIES ARISING FROM OR RELATING TO YOUR USE OF THE WEBSITE, UNDER ANY LEGAL THEORY (WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, INDEMNITY OR OTHERWISE), IF ANY, SHALL NOT EXCEED THE GREATER OF ONE U.S. DOLLAR (US$ 1.00) OR THE AMOUNT ACTUALLY PAID BY YOU TO DISPEL, IF ANY, TO USE THE WEBSITE. YOUR SOLE AND EXCLUSIVE REMEDY FOR DISSATISFACTION WITH THE WEBSITE IS TO STOP USING THE WEBSITE.

Applicable law may not allow for limitations on certain implied warranties, or exclusions or limitations of certain damages; solely to the extent that such law applies to you, some or all of the above disclaimers, exclusions or limitations may not apply to you, and you may have certain additional rights.

Governing Law, Jurisdiction, Venue and Related Issues

In choosing to use the Website, you do so on your own initiative and at your own risk. The Website, including the Services, are controlled or operated (or both) from the United States, and are not intended to subject Dispel to any non-U.S. jurisdiction or law. You must comply with all applicable laws, rules and regulations in connection with using the Website, including the Services. We may limit the Website’s availability, in whole or in part, to any person, geographic area or jurisdiction we choose, at any time. Not all products or services described on the Website are available in all states or territories.

Without limiting the foregoing, you are responsible for complying with United States export controls and for any violation of such controls, including any United States embargoes or other federal rules and regulations restricting exports. You represent, warrant and covenant that you are not (a) located in, or a resident or a national of, any country subject to a U.S. government embargo or other restriction, or that has been designated by the U.S. government as a “terrorist supporting” country; or (b) on any of the U.S. government lists of restricted end users.

Copyright Infringement

• Our DMCA phone number is (917) 268-4029.

Filtering

Notice for California Residents

Under California Civil Code Section 1789.3, California users are entitled to the following consumer rights notice: If you have a question or complaint regarding the Website, please contact us by writing to Dispel, 61 Greenpoint Ave, Suite 634 Brooklyn, NY 11222, or by calling us at (917) 268-4029. California residents may reach the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs by mail at 1625 North Market Blvd., Sacramento, CA 95834, or by telephone at (916) 445-1254 or (800) 952-5210.

Entire Agreement; Miscellaneous

These Terms (and, if applicable, the EULA), together with all policies and agreements referred to therein, constitute the entire agreement between you and Dispel concerning their subject matter and supersede all prior or contemporaneous representations, discussions, proposals, negotiations, conditions, agreements and communications, whether oral or written, relating to such subject matter and all past courses of dealing or industry custom. If any provision of these Terms or, if applicable, the EULA, is held to be unlawful, void or for any reason unenforceable, then that provision shall be deemed severable from these Terms or the EULA, as applicable, and shall not affect the validity and enforceability of any remaining provisions. You may not assign, transfer or sublicense any or all of your rights or obligations under these Terms or, if applicable, the EULA, without our express prior written consent, and any such assignment, transfer or sublicense shall be void. We may assign, transfer or sublicense any or all of our rights or obligations under these Terms or the EULA without restriction. Neither these Terms nor, if applicable, the EULA, create or shall be construed to create any partnership, joint venture, employer-employee, agency or franchisor-franchisee relationship between you and Dispel. No waiver by either party of any breach or default under these Terms, or, if applicable, the EULA, will be deemed to be a waiver of any preceding or subsequent breach or default. Without limitation, a printed version of these Terms or the EULA and of any notice given in electronic form shall be admissible in judicial or administrative proceedings based upon or relating to these Terms or the EULA to the same extent and subject to the same conditions as other business documents and records originally generated and maintained in printed form. Dispel will not be responsible for any failure to fulfill any obligation due to any cause beyond its control, including without limitation due to acts of God, natural disasters, shortage of supplies (including but not limited to electronic or digital service suppliers), transportation difficulties, labor disputes, riots, war, fire and epidemics.

Contacting Us

This Enterprise Subscription Agreement (this “Agreement”, "Customer Terms of Service" and "Terms of Service") describes Customer’s and Dispel’s rights and responsibilities in connection with the Software and Services.

1. Definitions

1.1. “Customer“ means the customer identified in the Order Form.

1.2. “Confidential Information” means any information that is disclosed by one party to the other party that the receiving party should know (based on the nature of the information or the circumstances of disclosure) is confidential to the disclosing party, including trade secrets, know-how, inventions (whether or not patentable), techniques, processes, programs, ideas, algorithms, formulas, schematics, testing procedures, software design and architecture, computer code, documentation, design and functional specifications, product requirements, problem reports, performance information, software documents, and other technical, business, product, marketing, and financial information, plans, and data.

1.3. “Dispel” means Dispel, LLC or Dispel Global, Inc per your Order Form.

1.4. “Documentation” means any operating instructions, user manuals, help files and other technical information, documentation and materials, including the documentation available at the Help Center on Dispel’s website, that Dispel makes available to Customer in connection with the Services or Software.

1.5. “Effective Date” means the effective date identified in the Order Form.

1.6. “Enclave” means a group of virtual machines (VMs) leased from public or private cloud providers and networked together over a software-defined network.

1.7. “Order Form” means the ordering documentation, including any online orders, pursuant to which Customer purchases a subscription to the Services or Software.

1.8. "Region" means the same as Enclave.

1.9. “Reseller” means a reseller that Dispel authorizes to resell the Services or Software to Customer.

1.10. “Services” means the provision of access to Dispel’s remote access software platform, including all Updates thereto, as made available by Dispel under a subscription purchased by Customer pursuant to an Order Form.

1.11. “Software” means the remote access application software, including all Updates thereto, made available by Dispel under a subscription purchased by Customer pursuant to an Order Form.

1.12. “Updates” means any patches, revised versions, modifications, upgrades, bug fixes, new releases, enhanced functionality and other updates to the Services or Software that Dispel makes available to Customer under this Agreement.

1.13. “User” means an individual that Customer has authorized to access and use the Services or Software. Users may be Customer’s employees, contractors, or agents.

2. Rights in the Software and Services

2.1. Grant of Rights.

Subject to the terms and conditions of this Agreement, Dispel grants to Customer a limited, non-exclusive, non-transferable (except as pursuant to Section 12.2), non-sublicensable right and license to (a) install and use the Software on Customer’s servers, and (b) access and use the Services, in each case for a period identified in the applicable Order Form (“Order Term”), solely in accordance with the Documentation and for Customer’s internal business purposes.

2.2. Users.

2.2.2. Customer is responsible for all login credentials, including usernames and passwords, for administrator accounts as well as the accounts of its Users. Dispel is not responsible for any damages, losses, or liability to Customer, Users, or any third party arising out of misuse of such login credentials by a third party if such information is not kept confidential by Customer or Users, or if such information is correctly provided by an unauthorized third party logging into and accessing the Services or Software.

2.2.3. Customer will promptly notify Dispel upon becoming aware of any illegal or unauthorized activity or a security breach involving a User’s account(s) or team(s), including any loss, theft, or unauthorized disclosure or use of a username, password, or account.

2.3. Restrictions.

Customer will not, and will cause its Users to not: (a) copy all or any portion of the Services, Software or Documentation; (b) resell or allow third parties to access or use the Services, except for Users accessing or using the Services and Software on Customer’s behalf; (c) use the Services or Software on behalf of a third party; (d) decompile, disassemble, design around, or otherwise reverse engineer the Services or Software or any portion thereof, or determine, or attempt to determine, any source code, algorithms, methods, or techniques embodied in the Services or Software or any portion thereof; (e) modify, translate, or create any derivative works based upon the Services or Software; (f) distribute, disclose, market, rent, lease, assign, sublicense, pledge, or otherwise transfer the Services or Software or the Documentation, in whole or in part, to any third party; (g) remove or alter any copyright, trademark, trade name, or other proprietary notices, legends, symbols, or labels appearing on or in copies of the Services or Software or the Documentation; (h) perform, or release the results of, benchmark tests or other comparisons of the Services or Software with other programs; (i) transfer Software to, or access the Services from, any computer other than a computer owned by Customer and used by Customer in its operations; (j) incorporate the Services or Software or any portion thereof into any other program or product; (k) allow Dispel’s direct competitors to access or use the Services or Software, except with Dispel’s prior written consent; or (l) use the Services or Software for any purpose other than in accordance with this Agreement.

2.4. Contractors.

Dispel may perform under this Agreement through its affiliated entities and contractors (“Personnel”). Dispel is responsible for all actions and omissions of its Personnel in performance of this Agreement.

2.5. Non-Dispel Products.

2.5.1. The Services and Software may allow Customer to provision certain third-party software applications (“Non-Dispel Products”) within Enclaves. Dispel may make Non-Dispel Products available to Customer, including through Dispel’s Build Resource interface accessible through the Services or Software. Dispel is not responsible for Customer’s use of the Non-Dispel Products or any consequences thereof. Dispel has no obligation to provide support for any Non-Dispel Products. Customer’s use of any Non-Dispel Products is solely subject to the terms between Customer and the applicable third-party provider.

2.5.2. If Customer enables a Non-Dispel Product for an Enclave, Customer Data (defined below) may be shared with the Non-Dispel Product’s third-party provider. Dispel is not responsible for any use, disclosure, modification or deletion of Customer Data that is transmitted to, or accessed by, a Non-Dispel Product.

3. Purchases; Payments

3.1. Payment.

Dispel will invoice Customer the fees specified in the applicable Order Form. All amounts invoiced shall be in U.S. dollars, unless otherwise expressly set forth in the Order Form. Customer will make all payments in accordance with such invoice. Payment shall be due thirty (30) days from the invoice date, unless otherwise expressly set forth in an Order Form. Any payment due or portion thereof not received by Dispel as set forth in this Section will bear an additional charge of one and one-half percent (1½%) per month from the date due until actually received, less the sum, if any, in excess of applicable state law.

3.2. Taxes.

Fees are stated exclusive of any taxes, levies, duties, or similar governmental assessments of any nature, including, for example, value-added, sales, use or withholding taxes, assessable by any jurisdiction (collectively, “Taxes”). Customer will be responsible for paying all Taxes associated with its purchases, except for those taxes based on Dispel’s net income. Should any payment for the Services or Software be subject to withholding tax by any government, Customer will reimburse Dispel for such withholding tax.

3.3. Reseller Purchase.

If Customer purchases a subscription for the Services, Software, or support services from a Reseller, purchasing terms applicable to such purchase, including pricing and payment terms and conditions, will be as agreed in ordering documentation between Customer and Reseller and will supersede any conflicting terms in this Section 3.

4. Support.

5. Intellectual Property Rights

5.1. General.

Dispel retains all right, title and interest, including, without limitation, all patent rights, copyrights, trademarks, trade secrets, and all “moral rights” and other rights with respect to the attribution of authorship or integrity, in and to the Services and Software, including all modifications, enhancements, and derivative works made thereto.

5.2. Feedback.

If Customer or any of its personnel, including Users, provides any feedback or suggestions to Dispel regarding the Services or Software or any other Dispel products or services, Customer grants to Dispel an irrevocable, perpetual, sub-licensable, transferable, royalty-free, worldwide license to use and otherwise exploit in any manner such feedback or suggestions for any purpose without any obligation or compensation to Customer or any of its personnel.

5.3. Open Source Software.

Certain Services and Software may incorporate or utilize open source or other source-available software (“Open Source Software”). To the extent required under licenses for this software, Dispel provides any such Open Source Software to Customer under the terms of the applicable Open Source Software license and not this Agreement. The applicable list of Open Source Software can be accessed through the Services and Software, which list may be updated from time to time. Notwithstanding anything to the contrary in this Agreement, with respect to each item of Open Source Software, to the extent there are any irreconcilable conflicts between this Agreement and any terms of the respective open source license, which the Open Source Software does not permit, such conflicting terms of this Agreement will not apply. Any fees that Dispel charges under this Agreement does not apply to any Open Source Software for which fees may not be charged under the applicable Open Source Software license. Where the terms of any Open Source Software entitle Customer to receive a copy of the source code of the Open Source Software, upon Customer’s request Dispel may either direct Customer to where Customer can obtain the source code, or make that source code available to Customer (and Dispel may charge a nominal fee for processing such request).

6. Representations, Warranties, and Disclaimers

6.1. Dispel’s Representations and Warranties.

Dispel represents and warrants that (a) the Services and Software will perform materially in accordance with the Documentation therefor, and (b) Dispel will not materially decrease the functionality of the Services or Software during an Order Term. Except as otherwise provided in the SLA, Customer’s sole and exclusive remedy for Dispel’s breach of the foregoing warranty is for Dispel to use commercially reasonable efforts to promptly correct such failure.

6.2. Other Representations and Warranties.

Each party represents and warrants that it has validly entered into this Agreement and has the legal power to do so, and that each party will comply with applicable laws in connection with this Agreement.

6.3. Provided Hardware.

6.3.1. Users must use access credentials to access and use the Services and Software. Dispel may also provide Customer with certain hardware to assist in accessing and using the Services and Software (“Provided Hardware”). Customer is responsible for guarding the security of such access credentials and/or Provided Hardware, as such access credentials and/or Provided Hardware will enable access to Customer’s Enclaves until such access credentials and/or Provided Hardware are deactivated by either Customer or Dispel (upon Customer’s request to Dispel). Customer must promptly notify Dispel of any disclosure or unauthorized use of Customer’s access credentials or if the Provided Hardware is hacked, misplaced or misappropriated. Customer is solely responsible for all use or misuse that occurs within an Enclave and any claims arising therefrom, including by any User. Dispel will not be held responsible or liable for any such use, misuse, or claims including, but not limited to, any data breaches.

6.3.2. Certain Provided Hardware may consist of standard equipment purchased by Dispel through industry suppliers of such equipment on which equipment Dispel may install its proprietary software to provide a connection to Dispel’s networks in order to provide the Services to Customer. Dispel will not responsible or liable for, nor does Dispel make any representations or warranties as to, the fitness, integrity, or security of, such standard equipment. Support for standard equipment will be limited to the standard support services provided by the manufacturer of such standard equipment.

6.4. VPN.

Certain of Services (i.e., gateways, pangolins, and wickets) operate or connect via virtual private network (VPN), cellular, microwave beam, or satellite uplink which are readily identifiable as VPN, cellular, microwave beam, or satellite uplinks. Customer is solely responsible for its use of such Services in locations where the use of VPN, cellular, microwave beam, or satellite uplinks are prohibited by law or are otherwise sufficient to raise security, location, or other concerns. Dispel will not be responsible or liable for any losses, damages, or claims resulting from the use of such Services.

6.5. 2FA/MFA.

The Services and Software support logins using two-factor authentication (“2FA/MFA”). Dispel will not be responsible for any damages, losses, or liability to Customer, Users, or a third party if any event leading to such damages, losses, or liability would have been prevented by Customer’s or Users’ use of 2FA/MFA.

6.6. Disclaimer.

Except as otherwise expressly set out in this Agreement, the Services and Software are provided “AS IS” and Dispel disclaims all other warranties, conditions, and representations, whether express or implied, relating to the Services, Software, Provided Hardware, and Non-Dispel Products, including, without limitation, any warranties or conditions of design, merchantability, satisfactory quality fitness for a particular purpose, title or non-infringement of third party rights, or warranties arising from a course of dealing, course of performance, usage, or trade practice. Without limiting the foregoing, Dispel does not warrant that the Services or Software will meet Customer’s requirements, operate without interruption, achieve any intended result, be compatible or work with any particular software, hardware, system or services (except as set forth in any Dispel specifications), or be secure, accurate, complete, free of harmful code, or error free.

7. Customer Data

7.1. Rights to Customer Data.

Users may submit content or information to the Services, such as messages or files (collectively, “Customer Data”). To the extent that Dispel has access to Customer Data, Dispel will only transmit, use, and process Customer Data: (a) to provide, maintain, and update the Services; (b) to prevent or address service, security, support or technical issues; (c) as required by law or as permitted by policy; (d) in accordance with Customer’s instructions; or (e) otherwise in order to perform its obligations under this Agreement. If Dispel transmits, uses, or processes any Customer Data in accordance with Customer’s instructions, Customer will be solely responsible for any liability or losses arising out of Dispel performing in accordance with such instruction.

7.2. Ownership of Customer Data.

As between the parties, Customer owns all Customer Data. Customer represents and warrants that it has secured all rights in and to Customer Data as may be necessary to allow Dispel to use, share, and modify Customer Data as permitted in this Agreement and that Dispel’s interaction with Customer Data in accordance with this Agreement will not violate any applicable law.

7.3. Protecting Customer Data.

Dispel will maintain reasonable administrative, physical, and technical safeguards relating to Customer Data, including measures aimed at preventing unauthorized access, use, modification, deletion and disclosure of Customer Data by Dispel’s personnel. Before sharing Customer Data with any of its third-party service providers, Dispel will ensure that the third party maintains, at a minimum, reasonable data practices for maintaining the confidentiality and security of Customer Data and preventing unauthorized access. Customer bears sole responsibility for adequate security, protection and backup of Customer Data when in Customer’s possession or control. Dispel is not responsible for Non-Dispel Products’ interaction with or disclosure of Customer Data.

7.4. Data Portability and Deletion.

Before an Enclave is deprovisioned, Customer may have the ability to export or share certain Customer Data from the Services; provided, however, that the ability to export or share Customer Data may be limited or unavailable depending on the type of Services and the data retention, sharing or invite settings enabled. Following deprovisioning of an Enclave, Dispel will have no obligation to maintain or provide any Customer Data and may thereafter, unless legally prohibited, delete all Customer Data in Dispel’s systems or otherwise in its possession or under its control. When components within an Enclave cycle (which they do by design as a normal function of the Services) all data or other information on those particular components will be deleted. It will be solely Customer’s responsibility to back up or copy any data or information associated with an Enclave prior to termination of the Services. Dispel disclaims any and has no obligation or liability for any loss, alteration, destruction, damage, corruption, or recovery of Customer Data, regardless of whether such data has been backed up by Customer.

8. Confidential Information

8.1. Defined.

Each party (“Disclosing Party”) may disclose Confidential Information to the other party (“Receiving Party”) in connection with this Agreement. Dispel’s Confidential Information includes the Services, Software, Order Forms, as well as all of Dispel’s non-public business, product, technology and marketing information. Customer’s Confidential Information includes Customer Data. In addition, materials labelled ‘Confidential” by the Disclosing Party shall be treated as confidential by the Receiving Party. Notwithstanding the above, except for any personally identifiable data, Confidential Information does not include information that (a) is or becomes generally available to the public without breach of any obligation owed to the Disclosing Party; (b) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party; (c) is received from a third party without breach of any obligation owed to the Disclosing Party; or (d) was independently developed by the Receiving Party.

8.2. Protection and Use of Confidential Information.

The Receiving Party will (a) take at least reasonable measures to prevent the unauthorized disclosure or use of Confidential Information, and limit access to those employees, affiliates and contractors who need to know such information in connection with this Agreement; and (b) not use or disclose any Confidential Information of the Disclosing Party other than to perform its obligations or exercise its rights under this Agreement. Nothing above will prevent either party from sharing Confidential Information with financial and legal advisers; provided, however, that the advisers are bound to confidentiality obligations at least as restrictive as those in this Agreement.

8.3. Compelled Access or Disclosure.

The Receiving Party may disclose Confidential Information of the Disclosing Party if it is required by law; provided, however, that the Receiving Party gives the Disclosing Party prior notice of the compelled access or disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party’s cost, if the Disclosing Party wishes to contest the access or disclosure. If the Receiving Party is compelled by law to access or disclose the Disclosing Party’s Confidential Information, the Disclosing Party will reimburse the Receiving Party for its reasonable cost of compiling and providing access to such Confidential Information as well as the reasonable cost for any support provided in connection with the Disclosing Party seeking a protective order or confidential treatment for the Confidential Information to be produced.

8.4. Equitable Relief.

Customer acknowledges and agrees that, due to the unique nature of Dispel’s Confidential Information, there can be no adequate remedy at law to compensate Dispel for the breach of any provision of this Section 8, any such breach will allow Customer or third parties to compete unfairly with Dispel resulting in irreparable harm to Dispel that would be difficult to measure, and, therefore, upon any such breach or threat thereof, Dispel will be entitled to injunctive and other appropriate equitable relief (without the necessity of proving actual damages), in addition to whatever remedies Dispel may have at law, without the necessity of posting any bond or other security.

9. Term; Termination

9.1. Term.

This Agreement shall commence on the Effective Date and shall remain effective until all subscriptions and licenses ordered hereunder have expired or been terminated or until this Agreement has been terminated in accordance with this Section 9. Termination of this Agreement will terminate all subscriptions and all Order Forms.

9.2. Auto-Renewal.

Unless otherwise provided in an Order Form, subscriptions for the Services and Software purchased will automatically renew for successive one (1) year periods after the conclusion of the preceding term, unless either party notifies the other party that it does not wish to renew the subscription at least thirty (30) days prior to the conclusion of the then-current term. The per-unit pricing during any such renewal term will remain the same as it was during the immediately prior term.

9.3. Termination for Cause.

Either party may terminate this Agreement (a) if the other party fails to cure any material breach of this Agreement within thirty (30) days of receipt of written notice thereof from the non-breaching party (for the avoidance of doubt, failure to pay any amounts due is a material breach of this Agreement), or (b) if the other party becomes insolvent, becomes subject to a petition in bankruptcy that is not dismissed within thirty (30) days, is placed under the control of a receiver, liquidator, or committee of creditors, or ceases to function as a going concern or to conduct business in the normal course. Dispel may terminate this Agreement immediately on notice to Customer if Dispel reasonably believes that the Services or Software are being used or have been used by Customer or Users in violation of applicable law.

9.4. Effect of Termination.

Upon the expiration or termination of this Agreement, the rights granted to Customer hereunder will terminate. Within five (5) days after any termination or expiration of this Agreement, Customer will return to Dispel or destroy (at Dispel’s option) all of Dispel’s Confidential Information in its possession or control, and Dispel will return to Customer or destroy (at Customer’s option) all of Customer’s Confidential Information in its possession or control. If Customer purchased the subscription directly from Dispel (and not from a Reseller), (a) upon any termination of this Agreement by Customer for cause in accordance with Section 9.3, Dispel will refund Customer a pro-rata portion of any prepaid fees covering the remainder of the Order Term after the effective date of termination, and (b) upon any termination of this Agreement by Dispel for cause in accordance with Section 9.3, Customer will pay Dispel any unpaid fees for the Services and Software for the remainder of the Order Term. In no event will any termination relieve Customer of the obligation to pay any fees payable to Dispel for the period prior to the effective date of termination.

9.5. Survival.

The following Sections will survive any termination or expiration of this Agreement: 2.3, 3, 5, 6.6, 8, 9.4, 9.5, 10, and 12.11.

10. Limitation of Liability

10.1. To the extent allowed by applicable law and notwithstanding any failure of essential purpose of any limited remedy or limitation of liability:

10.1.1. In no event will either Customer or Dispel or its Personnel have any liability to the other party for any loss of profits, revenues, business, use, data, or interruption of business or for any indirect, special, incidental, consequential, cover or punitive damages however caused, whether in contract, tort or under any other theory of liability, and whether or not the party has been advised of the possibility of such damages.

10.1.2. Notwithstanding anything in this Agreement to the contrary, in no event will either Customer’s or Dispel’s aggregate liability arising out of or related to this Agreement (whether in contract or tort or under any other theory of liability) exceed the total amount paid or payable by Customer to Dispel or to Reseller (as applicable) in connection with this Agreement in the twelve (12) months preceding the date the claim arose.

10.2. The limitations under this Section 10 apply with respect to all legal theories, whether in contract, tort or otherwise, and to the extent permitted by law. The provisions of this Section allocate the risks under this Agreement between the parties, and the parties have relied on these limitations in determining whether to enter into this Agreement and the pricing for the Services and Software.

11. Indemnification

11.1. Dispel’s Indemnification Obligations.

Dispel shall defend, indemnify, and hold Customer harmless from and against losses, damages, liabilities, deficiencies, judgments, settlements, interest, awards, penalties, fines, costs, or expenses of whatever kind (including attorneys’ fees) (“Losses”) incurred by Customer as a result of any claims or actions that are brought by a third party (“Claims”) as a result of: (a) any breach by Dispel of its representations and warranties under this Agreement; or (b) an allegation that Customer’s access or use of the Services or Software in accordance with this Agreement infringe the U.S. intellectual property rights of any third party.

11.2. Customer’s Indemnification Obligations.

Customer shall defend, indemnify, and hold Dispel and its Personnel harmless from and against all Losses incurred by Dispel and its Personnel as a result of any Claims as a result of: (a) Customer’s or User’s use of, or activities in connection with, the Services or Software (provided that such Claim is not a result of Dispel’s negligence or more culpable conduct); (b) any products, applications, services, photographs, graphics, images, videos, audio, text, data, content, and other materials that Customer or a User posts, uploads, uses, receives, sends, distributes, stores, or otherwise transmits through or using the Services or Software; (c) any breach by Customer or a User of this Agreement; (d) any violation, or alleged violation, by Customer or a User of the rights of another person or entity, including without limitation any intellectual property, publicity, confidentiality, privacy, or propriety right; or (e) any violation or alleged violation by Customer or a User of any applicable law or regulation, whether in the United States or anywhere else in the world.

11.3. Indemnification Procedure.

Each party will notify the other party of any Claim for which such party seeks indemnification or defense under this Agreement (provided that any delay in providing such notice will not relieve the indemnifying party of its indemnification or defense obligations to the extent the indemnifying party is not materially prejudiced thereby) and give the indemnifying party authority, reasonable information, and assistance (at the indemnifying party’s expense) for the defense of such claim or action. The indemnifying party will not, without the indemnified party’s prior written consent, enter into any settlement agreement in connection with a Claim that: (a) admits guilt, fraud, liability, or wrongdoing of the indemnified party; (b) requires the indemnified party to commit to action or to refrain from action; or (c) provides for any damages other than money damages for which the indemnified party is indemnified. The indemnified party reserves the right to participate in the defense of any indemnified claim at such indemnified party’s cost.

11.4. IP Infringement Exceptions.

Notwithstanding anything to the contrary in Section 11.1, Dispel will not be required to indemnify, defend, or hold harmless Customer in the event of a Claim alleging that the Services or Software infringes a third party’s intellectual property rights if the infringement results from: (a) modification of the Services or Software by or on behalf of Customer (other than by Dispel); or (b) use of the Services or Software in a manner inconsistent with the Documentation or this Agreement (collectively, the “IP Infringement Exceptions”). If the Services or Software become (or in Dispel’s reasonable opinion are likely to become) the subject of an infringement claim or action, Dispel will have the right, at Dispel’s sole option and expense, to obtain for Customer the right to continue use of the Services or Software or to replace or modify the Services or Software so that it is no longer infringing. If neither of the foregoing options is reasonably available, Dispel may terminate this Agreement by written notice to Customer and provide a pro-rata refund to Customer of pre-paid fees covering the remainder of the Order Term after termination of this Agreement (excluding any fees for cloud services pre-paid by Dispel in connection with the order).

12. General Provisions

12.1. Export Control.

Customer’s access to and use of the Services and Software is subject to all export laws, regulations, orders, or other restrictions imposed by the U.S. government (including the Export Administration Regulations (“EAR”) maintained by the U.S. Department of Commerce, trade and economic sanctions maintained by the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”), and the International Traffic in Arms Regulations (“ITAR”) maintained by the U.S. Department of State) and by any other relevant governmental entity. Customer represents, warrants, and covenants that it is: (a) not located in Cuba, Iran, North Korea, Sudan, or Syria; and (b) not a denied party as specified in the regulations listed above. Customer will comply with all applicable export and re-export control laws and regulations, including the EAR, trade and economic sanctions maintained by OFAC, and the ITAR. Notwithstanding any other provision of this Agreement to the contrary, Customer will not import, export or re-export, sell, transfer, divert, or otherwise dispose of, directly or indirectly, the Services or Software or any related information to any country, other destination, or person to which such import, export, or re-export is restricted or prohibited, or as to which any such government or any agency thereof requires an export license or other governmental approval at the time of such import, export, or re-export without first obtaining such license or governmental approval.

12.2. Assignment.

Neither party may assign or otherwise transfer this Agreement without the other party’s prior written consent, provided that either party may, without the other party’s prior written consent, assign or transfer this Agreement in the event of a change of control of such party or in the event of the sale of substantially all of such party’s assets or business to a successor (“Change of Control Transaction”), provided that the assignment is not in violation of any export or import laws. Subject to the preceding sentence, the rights and liabilities of the parties hereto shall bind and inure to the benefit of their respective assignees and successors and are binding on the parties and their successors and assigns. If Customer undergoes a Change of Control Transaction, Customer will notify Dispel promptly after such transaction closes (such notice to include the identify of the acquiror) and Dispel will have the right to terminate this Agreement with immediate effect within thirty (30) days of receiving such notice. Any purported assignment, transfer, or delegation in violation of this paragraph will be void and of no effect, and a material breach of this Agreement.

12.3. Legal Compliance; Restricted Rights.

Dispel may be subject to reporting and disclosure requirements with respect to the Services and Software (including, but not limited to, any equipment and/or hardware sold to Customer) under applicable U.S. laws and regulations including, but not limited to, 15 C.F.R. Part 740 and 742. Customer shall cooperate with Dispel in providing any reasonable information requested by Dispel to fulfill its reporting and disclosure requirements under the applicable U.S. laws and regulations. Reporting and disclosure requirements may vary depending on the scope and specification of the Services and Software ordered and Customer should refer to the U.S. Departments of Commerce, Defense, and State websites to provide the most current laws and regulations concerning such reporting and disclosure requirements.

12.4. Attorneys’ Fees.

If any legal action, including, without limitation, an action for arbitration or injunctive relief, is brought relating to this Agreement or the breach hereof, the prevailing party in any final judgment or arbitration award, or the non-dismissing party in the event of a dismissal without prejudice, will be entitled to the full amount of all reasonable expenses, including all court costs, arbitration fees and actual attorneys’ fees paid or incurred in good faith.

12.5. Publicity.

Customer grants Dispel the right to use Customer’s company name, logo, brand names, and brand logos as a reference for marketing or promotional purposes on Dispel’s website and in its other public or private communications with Dispel’s existing or potential customers, subject to Customer’s standard trademark usage guidelines as provided to Dispel from time-to-time or made readily available on Customer’s website.

12.6. Application of Consumer Law.

The Services and Software are enterprise tools intended for use by businesses and organizations and not for consumer purposes. To the maximum extent permitted by law, Customer hereby acknowledges and agrees that consumer laws do not apply. If, however, any consumer laws (e.g., in Australia, the Competition and Consumer Act of 2010 (CCA)) do apply and cannot otherwise be lawfully excluded, nothing in this Agreement will restrict, exclude or modify any statutory warranties, guarantees, rights or remedies that Customer may have, and Dispel’s liability is limited (at Dispel’s option) to the replacement, repair or resupply of the Services and Software or the pro-rata refund to Customer of pre-paid fees covering the remainder of the term after termination of this Agreement.

12.7. Force Majeure.

Neither Dispel nor Customer will be liable for any failure to perform any of its obligations under this Agreement (except for payment obligations) due to unforeseen circumstances or causes beyond the party’s reasonable control, which may include acts of God, riot, pandemics, epidemics, embargoes, acts of governmental authorities, fire, earthquake, flood, acts of terror, computer attacks or malicious acts (such as attacks on or through the Internet, any Internet service provider, telecommunications or hosting facility), a failure by a third party hosting provider or utility provider, and accidents.

12.8. Waiver.

The waiver by either party of a breach of, or a default under, any provision of this Agreement, will be in writing and will not be construed as a waiver of any subsequent breach of or default under the same or any other provision of this Agreement, nor will any delay or omission on the part of either party to exercise or avail itself of any right or remedy that it has or may have hereunder operate as a waiver of any right or remedy.

12.9. Severability.

If the application of any provision of this Agreement to any particular facts or circumstances will be held to be invalid or unenforceable by an arbitration panel or a court of competent jurisdiction, then (a) the validity and enforceability of such provision as applied to any other particular facts or circumstances and the validity of other provisions of this Agreement will not in any way be affected or impaired thereby and (b) such provision will be enforced to the maximum extent possible so as to effect the intent of the parties and reformed without further action by the parties to the extent necessary to make such provision valid and enforceable.

12.10. Relationship of the Parties.

The business relationship of Customer and Dispel is that of an independent contractor and not of a partner, joint venture, employer, employee, or any other kind of relationship. The parties will be solely responsible for expenses and liabilities associated with the employment of its respective employees.

12.11. Governing Law, Jurisdiction and Venue.

This Agreement is to be construed in accordance with, and governed by, the internal laws of the State of New York without giving effect to any choice of law rule that would cause the application of the laws of any jurisdiction other than the internal laws of the State of New York to the rights and duties of the parties. Any legal suit, action, or proceeding arising out of or relating to this Agreement will be commenced in a federal court or in state courts with jurisdiction over New York City, and each party hereto irrevocably submits to the exclusive jurisdiction and venue of any such court in any such suit, action, or proceeding.

12.12. Notices.

Except as otherwise set forth herein, all notices under this Agreement will be by email, although Dispel may instead choose to provide notice to Customer through the Services (e.g., a Support Channel notification). Notices to Dispel will be sent to support@dispel.io, except for legal notices, such as notices of termination or an indemnifiable claim, which must be sent to legal@dispel.io. Notices will be deemed to have been duly given (a) the day after it is sent, in the case of notices through email; and (b) the same day, in the case of notices through the Services.

12.13. Entire Agreement.

This Agreement, including all documents referenced herein, and any proof of concept agreement, constitutes the entire agreement between the parties and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. As our business evolves Dispel may update these terms from time-to-time, provided however that we shall not reduce the quality provided in this document of the Service. You must agree to our updated terms in order to continue using our Products and Services and you agree by your continued use of our Products and Services to updated terms. In the event of any conflict or inconsistency between the provisions in this Agreement and any other documents or pages referenced in this Agreement, the following order of precedence will apply in the following order: (1) the terms of any Order Form (if any), (2) the terms of any Proof of Concept Letter of Engagement (if any), (3) Customer terms if mutually signed, and (4) this Agreement. Notwithstanding any language to the contrary therein, no terms or conditions stated in a Customer purchase order, vendor onboarding process or web portal, or any other Customer order documentation (excluding Order Forms) will be incorporated into or form any part of this Agreement.

Do:

• comply with applicable portions of the Customer Terms of Service, including the terms of this Acceptable Use Policy;

• comply with all applicable laws and governmental regulations, including, but not limited to, all intellectual property, data, privacy, and export control laws, and regulations promulgated by any government agencies;

• comply with all applicable laws and governmental regulations regulating VPN or satellite uplinks;

• upload and disseminate only Customer Data to which Customer owns all required rights under law and under contractual and fiduciary relationships (such as proprietary and confidential information learned or disclosed as part of employment relationships or under nondisclosure agreements) and do so only consistent with applicable law;

• use commercially reasonable efforts to prevent unauthorized access to or use of the Services and Software;

• keep passwords and all other login information confidential;

• monitor and control all activity conducted through your account in connection with the Services and Software;

• promptly notify us if you become aware of or reasonably suspect any illegal or unauthorized activity or a security breach involving your account(s) or team(s), including any loss, theft, or unauthorized disclosure or use of a username, password, or account; and

• comply in all respects with all applicable terms of third party applications, including any that Customer elects to integrate with the Services or Software that you access or subscribe to in connection with the Services or Software.

• obtain, maintain, and pay for all hardware and all telecommunications and other services (i.e., Internet access, telephone) needed to use the Services or Software.

Do not:

• interfere with or disrupt the operation of the servers or networks used to make the Services or Software available, or violate any requirements, procedures, policies, or regulations of such servers or networks or their providers;

• post, transmit, or otherwise make available through, or in connection with, the Services and Software any virus, worm, Trojan horse, Easter egg, time bomb, spyware, or other computer code, file, or program that is, or is potentially, harmful or invasive or intended to damage or hijack the operation of, or to monitor the use of, any hardware, software, or equipment;

• modify, adapt, make derivate works of, translate, reverse engineer, decompile, or disassemble all or any part of the Services or Software;

• frame or mirror all or any part of the Services or Software, or incorporate all or any part of the Services into any product or service, without Dispel’s express prior written consent;

• systematically download or store all, or any part of, Services or Software, or use any robot, spider, site search/retrieval application, or other manual or automatic device to retrieve, index, “scrape,” “data mine”, reproduce, or circumvent the navigational structure or presentation of the Services or Software;

• remove any copyright, trademark, or other proprietary rights notice of Dispel in connection with the Services or Software;

• in connection with the Services or Software (a) defame, threaten, abuse, or harass any person, or otherwise violate the legal rights of any person or entity, including any copyright, trademark, trade secret, right of publicity or privacy, or any other proprietary right; (b) harvest or collect personally identifiable information from or about any person other than in the ordinary course of Customer’s business or otherwise in violation of any applicable law; (c) impersonate any person or entity, or falsely state or otherwise misrepresent Customer’s affiliation with any person or entity; or (d) engage in any fraudulent or otherwise tortious or unlawful conduct.

• use, access, or attempt to use or access, another Dispel customer’s or user’s Enclaves; or

• engage in any other activity prohibited by the Customer Terms.

Without affecting any other remedies available to us, Dispel may permanently or temporarily terminate or suspend a User's account or access to the Services or Software without notice or liability if Dispel (in its sole discretion) determines that User has violated this Acceptable Use Policy.

Definitions

1. “Access Request Forms” means the form user of VDI Health and VDI Management fill out to request access to an environment. This includes notifications to and approval by administrators.

2. “Continuous Monitoring” means notifications will be received by Dispel twenty-four (24) hours per day, seven (7) days per week, three hundred sixty-five (365) days per year for the purpose of Incident reporting by Customer.

3. “Device Operations” means the ability for authorized users to create, read, update, and delete devices.

4. “Downtime” means a period of time (as determined by a combination of Dispel's internal and external monitoring systems) during which a large number of Users are unable to log into the service, view their dashboard, and reach any asset they have permission to reach and valid current access to.

5. “Incident” means any error, defect, failure, or abnormality in the Software or Services.

6. “Region Health” means the remote access network is performing according to the then-current Documentation.

7. “Resource Operations” means the ability for authorized Administrators to create, read, update, and delete Region resources including hubs, and entry and exit points.

8. “Support” means the support services described in Section 2 of this Schedule A.

9. "Support Plan Tier" means the tier of support service the customer has purchased.

10. “Uptime” means the percentage of total possible minutes the applicable Service Feature was available in a given calendar quarter during the applicable Order Term.

11. “VDI Health” means the functionality of a VDI is performing according to the then-current Documentation.

12. "VDI Management" means the ability to create, read, update, and delete VDI stack sizes. This also includes showing VDI usage for authorized users.

13. “Wicket Health” means the Wicket is performing according to the then-current Documentation.

Incidents

2. Customer will provide information and cooperation to Dispel as reasonably required for Dispel to provide Support. This includes, without limitation, providing the following information to Dispel regarding any reported Incidents: (i) aspects of the Services that are unavailable or not functioning correctly; (ii) the Incident’s impact on Users; (iii) start time of the Incident; (iv) list of steps to reproduce the Incident; (v) relevant log files or data; and (vi) wording of any error message.

3. Dispel's support personnel will assign a severity level (“Severity Level”) to each Incident in accordance with the table below and respond within the timeframe set forth:

1. Dispel will have no obligation to provide Support to the extent a reported Incident arises from: (a) use of the Software or Service by Customer in a manner not authorized in this Agreement or the applicable Documentation; (b) general Internet problems, force majeure events or other factors outside of Dispel’s reasonable control; (c) Customer's equipment, software, network connections or other infrastructure; or (d) third party systems, acts or omissions. If Customer purchased the subscription to the Software or Service through a reseller, Dispel may have no obligation to provide Support depending on Customer’s agreement with the reseller and Dispel.

Uptime

1. Service Level. The Uptime calculation for each Service Feature that may be included with the applicable Services is described below (“Uptime Calculation”). If Dispel does not meet a Service Level in any calendar quarter during the applicable Order Term, Customer will be entitled to receive service credit to Customer’s account (“Service Credits”) based on the calculation below (“Service Credits Calculation”).

   1. Premium Plan: Dispel will maintain at least 99.9% Uptime for Online Service hosted by Dispel and at least 99% Uptime for Network Service hosted by Dispel (“Service Levels”).

   2. Mission Critical Plan: Dispel will maintain at least 99.99% Uptime for Online Service hosted by Dispel and at least 99.9% Uptime for Network Service hosted by Dispel (“Service Levels”).

1. Exclusions. Downtime resulting from the following is excluded from the Uptime Calculation:

   1. Weekly scheduled upgrades;

   2. Emergency maintenance to patch a critical vulnerability or resolve a bug;

   3. Any Amazon Web Service or Microsoft Azure downtime or scheduled maintenance;

   4. Failure of internet connectivity, power, or other infrastructure between Customer environment and Dispel;

   5. Factors outside Dispel's reasonable control, including force majeure events;

   6. Customer's equipment, services, or other technology;

   7. Customer's acts, omissions, or misuse of the applicable Services, including any violation of this Agreement; or,

   8. Customer suspension due to customer’s breach of their agreement.

   9. In addition, Dispel shall not be responsible for any Downtime if Customer has specified the location of Region or dashboard deployments, uses their own cloud or on-premises environments, or deploys virtual wickets onto non-Dispel approved hardware.

Section 1 - Purpose

This Data Protection Addendum (“Addendum”) is entered into between Company and Dispel, LLC or Dispel Global, Inc as specified on your Order Form (“Dispel”) (each a “Party” and collectively, the “Parties”). This Addendum supplements and forms part of any existing, current, or future agreement between the Parties (any such agreement being individually or together referred to as the “Agreement”). This Addendum will be in effect as of the effective date of the Agreement (“Effective Date”); provided, however, the relevant obligations apply only to the extent that (i) Personal Data is subject to the Applicable Data Privacy Laws; and (ii) an Applicable Data Privacy Law has taken effect.

Section 2 - Relationship with the Agreement

In the event of a conflict between this Addendum and the Agreement, the Addendum will control to the extent necessary to resolve the conflict. In the event the Parties use an International Data Transfer Mechanism and there is a conflict between the obligations in that International Data Transfer Mechanism and this Addendum, the International Data Transfer Mechanism will control.

Section 3 - Definitions

Capitalized terms used but not defined have the meanings given in the Agreement.

1. “Applicable Data Privacy Laws” means all data protection and privacy laws applicable to the Processing of Personal Data under the Agreement, including the California Consumer Privacy Act (“CCPA”); the Colorado Privacy Act, the Connecticut Act of 2022 Concerning Personal Data Privacy and Online Monitoring, the Utah Consumer Privacy Act of 2022, the Virginia Consumer Data Protection Act, and Regulation 2016/679 (General Data Protection Regulation) (“GDPR”), in each case as amended from time to time and including any regulations promulgated thereunder.

2. “Consent” means a Data Subject’s freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data relating to him or her.

3. “Controller” means the entity that determines the purposes and means of Processing Personal Data. “Controller” includes equivalent terms in other Applicable Data Privacy Laws, such as the CCPA-defined terms “Business” and “Third Party,” as context requires.

4. “Data Breach” means “breach of the security of the system,” “security breach,” “breach of security,” “breach of system security,” and other analogous terms referenced in Applicable Data Privacy Laws.

5. “Data Exporter” means the Party that (1) has a corporate presence or other stable arrangement in a jurisdiction that requires an International Data Transfer Mechanism and (2) transfers Personal Data, or makes Personal Data available to, the Data Importer.

6. “Data Importer” means the Party that (1) is located in a jurisdiction that is not the same as Data Exporter’s jurisdiction and (2) receives Personal Data from the Data Exporter or is able to access Personal Data made available by the Data Exporter.

7. “Data Subject” means an identified or identifiable natural person.

8. “Personal Data” means information that is linked or linkable, directly or indirectly, to an identified or identifiable natural person. “Personal Data” includes equivalent terms in Applicable Data Protection Laws, such as the CCPA-defined term “Personal Information,” as context requires.

9. “Processor” means an entity that Processes Personal Data on behalf of another entity. “Processor” includes equivalent terms in other Applicable Data Privacy Laws, such as the CCPA-defined term “Service Provider,” as context requires.

10. “Sensitive Data” means the following types and categories of data: Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, a mental or physical health condition or diagnosis, sex life or sexual orientation, citizenship or immigration status; genetic data; biometric data; government identification numbers; payment card information; unencrypted identifier or username in combination with a password or other access code that would allow access to an account; precise geolocation information; and information from a known child.

12. “Subprocessor” means a Processor engaged by a Party who is acting as a Processor.

13. The following terms have the meanings assigned to them in Applicable Data Privacy Laws: “Business,” “Business Purpose,” “Cross-Context Behavioral Advertising,” “De-identified Data,” “Process” (and its cognates), “Pseudonymous Data,” “Sale” (and its cognates), “Service Provider,” “Share” (and its cognates), and “Third Party.”

Section 4 - Description of the Parties’ Personal Data Processing Activities and Status of the Parties

1. Schedule 1 describes the purposes of Parties’ Processing, the types or categories of Personal Data involved in the Processing, and the Categories of Data Subjects affected by the Processing.

2. Schedule 1 lists the Parties’ statuses under Applicable Data Privacy Laws.

Section 5 - International Data Transfer

1. Some jurisdictions require that an entity transferring Personal Data to a recipient in another jurisdiction take extra measures to ensure that the Personal Data has special protections if the law of the recipient’s jurisdiction does not protect Personal Data in a manner equivalent to the transferring entity’s jurisdiction (an “International Data Transfer Mechanism”). Parties will comply with an International Data Transfer Mechanism, including the Standard Contractual Clauses, that may be required by Applicable Data Privacy Laws.

2. If the International Data Transfer Mechanism on which Parties rely is invalidated or superseded, Parties will work together in good faith to find a suitable alternative.

3. With respect to Personal Data of Data Subjects located in the EEA, Switzerland, or the United Kingdom that Data Exporter transfers to Data Importer, or permits Data Importer to access, the Parties acknowledge that Dispel has been certified under the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework, and the UK Extension to the EU-U.S. Data Privacy Framework.

4. With respect to Personal Data of Data Subjects located in a jurisdiction that requires an International Data Transfer Mechanism (e.g., the EEA, Switzerland, or the United Kingdom) that Data Exporter transfers to Data Importer, or permits Data Importer to access, the Parties agree that by executing this Addendum they also execute the Standard Contractual Clauses, which will be incorporated by reference and form an integral part of the Agreement. Parties agree that, with respect to the elements of the Standard Contractual Clauses that require Parties’ input, Schedules 1-4 contain information relevant to the Standard Contractual Clauses and their Annexes. Parties agree that, for Personal Data of Data Subjects in the United Kingdom, Switzerland, or another country specified in Schedule 4, they adopt the modifications to the Standard Contractual Clauses listed in Schedule 4 to adapt the Standard Contractual Clauses to local law, as applicable.

Section 6 - General Data Privacy Obligations

1. Compliance. The parties will comply with their respective obligations under Applicable Data Protection Laws, including by providing the level of privacy protection that is required of Businesses under theCCPA.

2. Upon request, Dispel will provide reasonably relevant information to Company to enable Company to fulfill its obligations (if any) to conduct data protection assessments or prior consultations with data protection authorities.

3. Notification. Dispel will notify Company if it determines that it can no longer meet its obligations under Applicable Data Privacy Laws.

Section 7 - Dispel’s Obligations as a Processor or Service Provider

1. Dispel will have the obligations set forth in this Section 7 if it Processes the Personal Data of Data Subjects in its capacity as Company’s Processor or Service Provider.

2. Scope of Processing

   1. Dispel will Process Personal Data solely for the Business Purposes specified in Schedule 1, to carry out its obligations under the Agreement, and to carry out Company’s documented instructions.

   2. Processing any Personal Data outside the scope of the Agreement and this Addendum will require prior written agreement between Dispel and Company.

   3. Dispel is prohibited from retaining, using, or disclosing the Personal Data (1) for any purpose other than the Business Purposes specified in Schedule 1, including retaining, using, or disclosing the Personal Data for a commercial purpose other than carrying out Company’s instructions, (2) outside of the Parties’ direct business relationship, unless permitted by Applicable Data Privacy Laws, or (3) by combining Personal Data that Dispel receives from, or on behalf of, Company with Personal Data that it receives from, or on behalf of, another person or persons, or collects from its own interaction with the Data Subject, provided that Dispel may combine Personal Data to perform any Business Purposes permitted by Applicable Data Privacy Law.

   4. Dispel will not Sell or Share the Personal Data that it collects or obtains pursuant to the Agreement.

3. Confidentiality. Dispel will ensure that each person who Processes Personal Data is subject to a duty of confidentiality with respect to such Personal Data.

4. Compliance.

   1. Dispel will assist Company in complying with Data Subjects’ requests to delete and correct Personal Data under Applicable Data Protection Law when Company forwards such requests that it receives to Dispel and will make available to Company any Personal Data in its possession that Company needs to respond to Data Subjects’ requests to access their Personal Data.

   2. Dispel will make available to Company, upon the Company’s reasonable request, all information in its possession necessary to demonstrate Dispel’s compliance with its obligations under Applicable Data Privacy Laws.

5. Permitted Activities. Notwithstanding the foregoing prohibitions, Parties agree that Dispel may, and Company instructs Dispel to, Process Personal Data for the following activities when necessary to support the Business Purposes specified in Schedule 1; detect data security incidents; protect against fraudulent or illegal activity; effectuate repairs; and maintain and improve the quality of the services provided for the Business Purposes specified in Schedule 1.

6. Subprocessors.

   1. If Dispel discloses Personal Data to a Subprocessor for a Business Purpose, Dispel and Subprocessor will enter into a written contract that prohibits the Subprocessor from (i) Selling or Sharing Personal Data; or (ii) retaining, using, or disclosing Personal Data for any purpose other than for the specific Business Purpose for which the Personal Data was disclosed.

   2. Dispel will require any Subprocessor to comply with applicable obligations under Applicable Data Privacy Laws, including providing the same level of privacy protection required of Businesses by the CCPA.

   3. Company grants Supplier general authorization to engage Subprocessors if Dispel and those Subprocessors enter into an agreement that requires the subprocessor to meet obligations that are no less protective than this DPA. The Subprocessors currently engaged by Dispel are listed in Schedule 2.

   4. Dispel will notify Company of any additions to or replacements of its Subprocessors and make that list available on Company’s request. Dispel will provide Company with 30 days to object to the addition or replacement of Subprocessors in connection with Dispel’s performance under the Agreement, calculated from the date Dispel provides notice to Company. If Company reasonably objects to the addition or replacement of Dispel’s Subprocessor, the parties will enter into good faith negotiations to resolve the matter. If the parties are unable to resolve the matter within 15 days of Company’s reasonable objection (which deadline the parties may extend by written agreement), Company may terminate any statement of work or purchase order that require the continued use of the Subprocessor subject to objection.

   5. Dispel will be liable for the acts or omissions of its Subprocessors to the same extent as Supplier would be liable if performing the services of the Subprocessor directly under the DPA.

7. Duration of Processing, Deletion and Return of Personal Data. Dispel shall retain Personal Data for a period coterminous with the term of the Agreement. At the expiration or termination of the Agreement, or upon request by Company, Dispel will, without undue delay: (1) upon request return all Personal Data to Company; or (2) upon request by Company, destroy all Personal Data, in each case unless applicable laws expressly require otherwise or the Parties agree otherwise expressly in writing. After deleting or returning Personal Data to Company, copies of such data may remain in Dispel data backups for limited periods of time until the backups are overwritten. For any Personal Data that Dispel retains after expiration or termination of the Agreement, Dispel will continue to comply with this Addendum.

8. Assessment and Remediation.

   1. Company may take reasonable and appropriate steps, as provided in Applicable Data Privacy Laws, to ensure Dispel Processes the Personal Data in a manner consistent with Company’s obligations under Applicable Data Privacy Laws, including by conducting reasonable assessments or audits, as provided by Applicable Data Privacy Laws. If Company and Dispel agree to an audit or assessment by a qualified and independent third party, Dispel agrees to provide a report of such audit or assessment to Company upon request.

   2. If Company discovers unauthorized use of Personal Data by Dispel or Dispel’s Subprocessors, Company may, upon notice, take reasonable and appropriate steps to remediate such unauthorized use.

Section 8 - Security

1. Dispel will implement appropriate technical and organizational measures to protect Personal Data from a Data Breach and to preserve the security and confidentiality of Personal Data.

2. Upon becoming aware of a Data Breach, Dispel will:

   1. Notify Company without delay of the Data Breach, but in any case, no later than 72 hours after becoming aware of, or reasonably suspecting, the Data Breach;

   2. Promptly investigate or perform required assistance in the investigation of the Data Breach and provide Company with detailed information about the Data Breach, including a description of the Data Breach, the approximate number of Data Subjects affected, the Data Breach’s current and foreseeable impact, and the measures Dispel is taking to address the Data Breach and mitigate its effects; and

   3. Promptly take all commercially reasonable steps to mitigate the effects of the Data Breach or assist Company in doing so.

3. Dispel will comply with this Section 8 at Dispel’s cost, unless the Data Breach arose from Company’s negligent or willful acts.

4. Dispel must obtain Company’s written approval before notifying any governmental entity, individual, the press, or other third party of a Data Breach that affected or reasonably could affect Personal Data that Dispel obtained from, or Processed on behalf of, Company. Notwithstanding anything to the contrary in this Addendum, Dispel may notify a third party about a Data Breach affecting Personal Data if it is under a legal obligation to do so, provided that Dispel must: (1) make every effort to give Company prior notification, as soon as possible, if it intends to disclose the Data Breach to a third party; and (2) if it is not possible to give Company such prior notification, notify Company immediately once it becomes possible to give notification. For any disclosure of a Data Breach to a third party, Dispel will, as part of its notification to Company, disclose the identity of the third party and a copy of the notification (if the notification to the third party has not been sent, Dispel will provide the draft to Company and permit Company to offer edits or updates).

Section 9 - Miscellaneous

1. Entire agreement. This Addendum is the Parties’ entire agreement on this subject and merges and supersedes all related prior and contemporaneous oral understandings, representations, prior discussions, letters of intent, or preliminary agreements.

2. No further amendment. Except as modified by this Addendum, the Agreement remains unmodified and in full force and effect.

Schedule 1 - Description of Processing

Business Purposes

____ Processing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.

X Processing related to ensuring security and integrity, to the extent that the information is reasonably necessary for these purposes.

X Debugging to identify and repair errors that impair existing intended functionality.

____ Short-term, transient use, including but not limited to non-personalized (i.e., contextual) advertising shown as part of a Data Subject’s current interaction with the Business, in the course of which the Data Subject’s Personal Data is not disclosed to a Third Party and is not used to build a profile about the Data Subject or otherwise alter the consumer’s experience outside of the current interaction.

X Performing services on behalf of the Business, such as maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the Business.

____ Providing advertising and marketing services, not including Cross-Context Behavioral Advertising, to the Data Subject, in the course of which the Service Provider shall not combine the Personal Data of Data Subjects who have opted out of Sales or Sharing of Personal Data that the Service Provider received from or on behalf of the Business with Personal Data that the Service Provider receives from or on behalf of any other person or collects from its own interaction with Data Subjects.

X Undertaking internal research for technological development and demonstration.

X Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured for, or controlled by the Business, and to improve, upgrade, or enhance such a service or device.

Schedule 2 - Dispel Subprocessors

Dispel uses the Subprocessors listed here:

I am hereby consenting that Dispel can process my personal data for the following purposes:‌

• To respond to my questions and fulfill my requests.

• To send helpful information to me, such as notifying me of changes to Dispel's terms of use, end user license agreement or privacy policy.

• To complete and fulfill my purchases and provide me with customer service.

• To send me marketing communications.

• To personalize my experience on Dispel's website and use of Dispel's products and services.

• To allow me to participate in Dispel's promotions, which may have their own rules.

• For Dispel's other internal business purposes, such as data analysis, audits, fraud monitoring and prevention, developing new products, enhancing, improving or modifying Dispel's products and services, identifying usage trends, determining the effectiveness of Dispel's promotional campaigns, and operating and expanding Dispel's business activities.

• As Dispel believes to be necessary or appropriate: (a) under applicable law; (b) to comply with legal process, litigation and/or requests from the U.S. or a state Government; (c) to enforce Dispel's Terms and EULA; (d) to protect Dispel's operations or those of any of Dispel's affiliates; (e) to protect Dispel's rights, privacy, safety or property, and/or that of Dispel's affiliates, me or others; and (f) to allow us to pursue available remedies or limit the damages that we may sustain.

• To comply with Dispel's internal policies or legal proceedings in connection with investigations of any violations or suspected violations of Dispel's Terms and/or EULA; we reserve the right to use, release or otherwise share any usage logs or other records concerning me if me violate the Terms or EULA, or intentionally or unintentionally partake (or are reasonably suspected of partaking) in any illegal activity.

I am aware and I was informed that I have a right to ask Dispel to stop using or limit their use of me personal data in certain circumstances—for example, if Dispel has no lawful basis to keep using me data, or if I think my personal data is inaccurate. I may withdraw my consent by contacting Dispel at legal@dispel.io to do so. I agree that the withdrawal of consent does not affect the lawfulness of the processing activities up to the point it is confirmed by Dispel to have been withdrawn.

Dispel’s privacy policies are designed and enforced to protect client information, strictly control access, safeguard disclosure, and prohibit unauthorized use. Dispel’s controls are designed to give clients control over their information and transparency into where data exists while allowing us to provide our products and services to clients.

Dispel provides an infrastructure and security provisioning, orchestration, and networking platform for zero trust access and industrial operations via the Dispel website (the “Site”), the Dispel application (the “App”), and related virtual machines, hardware, and Internet services (collectively, the “Service(s)”). The Service is operated by Dispel, LLC; Dispel Global, Inc; and its affiliates (the “Company”, “we”, or “us”) for users of the Service (“you” or the “Customer”). This privacy policy describes how we collect, use, and disclose your information when you use our Site, App, Services, and other interactions (e.g., customer service inquiries, user conferences, etc.). Under applicable law, Dispel is the “data controller” of personal data collected through the Services.

At Dispel, we will not:

• Sell any personal information about our users, other than in connection with a disposition of our company or our assets, as described below; or

• Turn over any personal information about our users to third party marketing or advertising firms; or

• Collect any information about your activities for any purpose other than as we have stated in this privacy policy, unless we receive your consent.

What Information We May Collect

When you interact with us through the Services, we may collection information from you, as further described below. We may also receive information about you from other sources, such as public databases, joint marketing partners, social media platforms, and other third parties.

Information You Directly Provide Us

Dispel may collect and receive your data and other information in a variety of ways:

Your Data

You voluntarily provide us with messages, images, files, RDP data, video screen recordings from virtual desktop and application sessions, keystroke recordings, in-session network activity, or other content you send through the Service (“Customer Data”).

Other Information

Account Information: To create or update a Dispel account, we require an email address and password. For customer support and other administrative tasks you may also provide us with full name and phone numbers for communications. If your organization uses single sign on, they may provide us with your email address and create an account on your behalf.

Information Your Browser Automatically Sends Us

Device Information: When you interact with the Services, your browser and devices automatically make information available to us that we may store. This includes your IP address (which may permit us to estimate your general location), device type, your operating system, and your browser type.

Log Data: When you access or use our Services our servers automatically collect information and record it in log files. The log data may include the Internet Protocol (IP) address, the address of the web page visited before using the Services, browser type, settings, date and time the Services were used, language preferences, cookie data, and information about your browser configuration and plugins.

Services Metadata: When you interact with the Services, metadata is generated that provides us with information about your activity and usage. For example, Dispel logs the creation of new resources, bandwidth usage, and the parts of our network that you are using. We keep these logs primarily for our internal business operations such as billing, customer service, data analysis, statistical analysis, fraud or other illegal activities monitoring and prevention, enhancing, improving or modifying our products and services, identifying usage trends, and enforcing our Enterprise Terms of Service and Website Terms of Service (collectively “Terms”) and policies.

Analytics Services Provided by Others

We use certain third party services to help us provide, improve and analyze the use of our website, products and services. These companies may collect information about how you use our website, products and services, including unique device identifiers, device manufacturer and operating system, IP address, browser type, pages viewed on the Dispel website, session start/stop time, links clicked on the Dispel website, and conversion information. This information may be used to analyze and track data (including for our billing purposes), determine the popularity of certain content, better understand your online activity, and resolve problems. This enables us to improve and expand upon the services and products that we make available to our users.

International Data Transfers

Dispel is based in the United States. Therefore, our services and products are not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States. Unless we have entered into an agreement with you to deploy our Services only within a specified geographic region, by using our Services, you consent to the transfer of information to and from the United States and other countries outside of your country of residence, which may have different data protection rules than those of your country. The laws of the U.S. and other countries governing data collection and use may not be as comprehensive or protective as the laws of the country where you live.

We comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. We have certified to the U.S. Department of Commerce that we adhere to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

We comply with the DPF Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.

We commit to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact us using the details provided below.

For complaints regarding DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on in Annex 1 of the DPF Principles.

Our Use of Your Information

We use the information you provide in a manner that is consistent with this Privacy Policy. If you provide information for a certain reason, we may use the information in connection with the reason for which it was provided. For instance, if you contact us by email, we will use the information you provide to answer your question or resolve your problem.

We may use the collected information:

• To respond to your questions and fulfill your requests.

• To send helpful information to you, such as notifying you of changes to our terms of use, acceptable use policy, or privacy policy.

• To complete and fulfill your purchases and provide you with customer service.

• To send you marketing communications (which you can opt out of -- see Choice and Access below).

• To personalize your experience on our website and use of our products and services.

• To allow you to participate in our promotions, which may have their own rules.

• For our other internal business purposes, such as data analysis, audits, fraud monitoring and prevention, developing new products, enhancing, improving or modifying our products and services, identifying usage trends, determining the effectiveness of our promotional campaigns, and operating and expanding our business activities.

• As we believe to be necessary or appropriate: (a) under applicable law; (b) to comply with legal process, litigation and/or requests from the U.S. or a state government entity; (c) to enforce our Terms and Acceptable Use Policy; (d) to protect our operations or those of any of our affiliates; (e) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (f) to allow us to pursue available remedies or limit the damages that we may sustain.

• To comply with our internal policies or legal proceedings in connection with investigations of any violations or suspected violations of our Terms and/or Acceptable Use Policy; we reserve the right to use, release or otherwise share any usage logs or other records concerning you if you violate the Terms or Acceptable Use Policy, or intentionally or unintentionally partake (or are reasonably suspected of partaking) in any illegal activity.

If information is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, Dispel may use it for any business or commercial purpose. To the extent information is associated with an identified or identifiable natural person and is protected as personal data under applicable data protection law, it is referred to in this Privacy Policy as “Personal Information.”

SMS Messaging

Parts of the Dispel may include using text messages. To use these part of our services, you must consent ("opt-in"). You have the right revoke your consent ("opt-out") at any time. We shall identify ourselves in our messages, though as noted below, messages may be spoofed by malicious third-parties. SMS messages are not secure.

By enrolling in SMS services you consent to Dispel using your information, including your phone number, to contact you through an application-to-person ("A2P") system. You represent that you are the owner of the device for which you have authorized enrollment of, or that you have the authority to enroll the device if it is company owned, and you or your company are responsible for the messages sent from the device.

Dispel does not share or sell numbers with third-parties except for the purposes you consent to here.

You acknowledge that text communications are not secure or encrypted, and that such communications may be intercepted. You further acknowledge that you are aware that third-parties may disguise messages sent to your number as though they were sent by us. By enrolling and continuing to use Dispel A2P SMS services, you agree that we will not be liable for any unauthorized access caused or involved with the A2P SMS services, or interception of communications. Message and data rates may apply from your mobile carrier and, by enrolling in the A2P SMS system, you agree to pay any such charges. Message frequency will vary based on your activity and user activity on the system.

When you enroll in SMS services provided by Dispel, you will receive a confirmation of your enrollment. You have the right to opt-out of messages at any time. To stop receiving text messages, text STOP. You consent that following a request to STOP, you may receive one final message confirming that you have been unsubscribed. To re-enroll, reply START and you will receive confirmation of your re-enrollment. If you have any questions or need help, text HELP or email support@dispel.com.

Dispel reserves the right to terminate any of the SMS systems, in whole or in part, at any time without notice. You agree that we will not be liable for any delays or failures in your receipt of any SMS messages as delivery can be unpredictable based on transmission from your mobile network operator ("MNO"), campaign service provider ("CSP"), and processing by your device. SMS message services are provided on an AS IS, AS AVAILABLE basis. We may send Multimedia Messaging Service ("MMS") messages such as, but not limited to, .jpg, .png., .jpeg, .bmp, .txt, .doc, and .docx.

Our Legal Basis for Handling Your Personal Data

The laws in some jurisdictions require companies to tell you about the legal ground they rely on to use or disclose your personal data. To the extent those laws apply, our legal grounds are as follows:

• To honor our contractual commitments to you: Much of our processing of personal data is to meet our contractual obligations to our users, or to take steps at users’ request in anticipation of entering into a contract with them. For example, we handle personal data on this basis to create your account and provide our Services.

• Legitimate interests: In many cases, we handle personal data on the ground that it furthers our legitimate interests in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals. This includes:

  • Providing a safe and enjoyable user experience;

  • Customer service;

  • Marketing, e.g. sending emails or other communications to let you know about new features;

  • Protecting our users, personnel, and property;

  • Analyzing and improving our business, e.g. collecting information about how you use our Services to optimize the design and placement of certain features;

  • Processing job applications;

  • Processing billing; and

  • Managing legal issues.

• Legal compliance: We need to use and disclose personal data in certain ways to comply with our legal obligations.

• To protect the vital interests of the individual or others: For example, we may collect or share personal data to help resolve an urgent medical situation.

• Consent: Where required by law, and in some other cases, we handle personal data on the basis of your implied or express consent.

Our Disclosure of Your Information

Dispel uses Customer Data and Other Information in furtherance of our legitimate interests in operating our Services. Dispel may provide information:

• With your consent.

• To related companies such as subsidiaries, parents, and affiliates for purposes consistent with this Privacy Policy.

• To our third party service providers who provide services such as website hosting, data analysis, payment processing, IT and related infrastructure provision, email delivery, mailing, auditing and other similar services.

• To identify you to anyone to whom you send a message or refer through the use of our website, products or services.

• To a buyer or other acquiring entity in the event of acquisition, reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).

• As we believe to be necessary or appropriate: (a) under applicable law; (b) to comply with legal process, litigation and/or lawful requests made by public authorities, including for national security or law enforcement purposes; (c) to enforce our Terms; (d) to protect our operations or those of any of our affiliates; (e) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (f) to allow us to pursue available remedies or limit the damages that we may sustain.

• To comply with our internal policies or legal proceedings in connection with investigations of any violations or suspected violations of our Terms and/or Acceptable Use Policy; we reserve the right to use, release or otherwise share any usage logs or other records concerning you if you violate the Terms or Acceptable Use Policy, or intentionally or unintentionally partake (or are reasonably suspected of partaking) in any illegal activity.

Third Party Services

This privacy policy does not apply to the privacy, information or other practices of any third parties, including any third party operating any site or service to which there is a link on our website or through our products or services. The inclusion of a link on our website or through our products or services does not imply an endorsement by us or by our affiliates of the linked site or service.

Data Retention

Dispel will retain Customer Data in accordance with a Customer’s instructions. You may be able to customize the retention policies for your Customer Data. The deletion of some Customer Data may cause the deletion of some Other Information.

Dispel may retain Other Information for so long as it may be relevant to the purposes identified herein. This may include keeping your Other Information after you have deactivated your account for the period of time needed for Dispel to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

To dispose of data, we may anonymize it, delete it, or take other appropriate steps. Data may persist in copies made for backup and business continuity purposes for additional time, although we will delete your Personal Information from backups as soon as practically possible.

Security

Dispel takes the security of your data very seriously, and safeguards your information through an ISO 27001 and SOC 2 Type 2 certified information security management system. We take steps to protect Customer Data and Other Information within our organization using reasonable measures. These steps take into account the sensitivity of the Customer Data and Other Information we collect, process and store, and the current state of technology. Given the nature of technology and the Internet, Dispel cannot guarantee that all data transmissions or storage systems are completely secure from intrusions.

If you have any concerns regarding security, please immediately reach out to us at security@dispel.com.

Your Data Rights and Choices

You have choices regarding our use and disclosure of your Personal Information.

Individuals in certain countries, including the European Economic Area, the United Kingdom, and Switzerland, have certain legal rights to request access to Information, as well as to seek to update, delete or correct this Information. They may also object to our uses or disclosures of personal data, to request a restriction on its processing, or withdraw any consent, though such actions typically will not have retroactive effect. They also will not affect our ability to continue processing data in lawful ways.

The rights and options described below are subject to limitations and exceptions under applicable law. In addition to those rights, you have the right to lodge a complaint with the relevant supervisory authority. However, we encourage you to contact us first, and we will do our very best to resolve your concern.

For your protection, when you are exercising your data protection rights we may only implement requests with respect to the personal information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request to ensure we are making the changes to the proper account.

How do I change email marketing settings?

If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails. We will try to comply with your request(s) as soon as reasonably practicable. Please keep in mind that if you opt-out, we will still send you important administrative messages such as billing and legal notices, from which you cannot opt-out.

How can I access the Personal Information you have about me?

If you would like to submit a data access request, you can do so by contact legal@dispel.com with the words “Personal Data Access Request” in the subject or body of the message. We will then start the process and provide you a link to access the personal data that Dispel has on you within 30 days.

How do I correct, update, amend, or delete the personal data you have about me?

If you would like to review, correct, update, suppress, or delete the personal information that you have provided to us, you may contact us at legal@dispel.com with the words “Personal Data Request” in the subject or body of the message.

In your request, please make clear what personal information you would like to have changed, whether you would like to have it suppressed from our database or otherwise let us know what limitations you would like to put on our use of it.

How do I object or restrict the manner in which Dispel processes my personal data?

You have a right to ask us to stop using or limit our use of your personal data in certain circumstances—for example, if we have no lawful basis to keep using your data, or if you think your personal data is inaccurate. Please contact us at legal@dispel.com to do so.

U.S. State-specific Privacy Rights

Your California Privacy Rights

This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act (“CCPA”).

The CCPA provides California residents with rights to receive certain disclosures regarding the collection, use, and disclosure of information about them, as well as rights to know/access, correct, and delete personal information. You have the right to be free from discrimination based on your exercise of your CCPA rights. To the extent that we collect personal information that is subject to the CCPA, that information, our practices, and your rights are described below.

Dispel does not sell or share (as such terms are defined in the CCPA) the personal information we collect (and will not sell it without providing a right to opt out).

Your rights under the CCPA

• Opt out of sale or sharing of personal information: We do not sell or share your personal information. Note that your right to opt out does not apply to our disclosure of personal information to service providers.

• Know and request access to and correction or deletion of personal information: You have the right to request access to personal information collected about you and information regarding the source of that personal information, the purposes for which we collect it, and the third parties and service providers to whom we sell, share, or disclose it. You also have the right to request in certain circumstances that we correct personal information that we have collected about you and to delete personal information that we have collected directly from you.

Your Colorado, Connecticut, Utah, and Virginia Privacy Rights

Residents of the States of Colorado, Connecticut, Utah, and Virginia have the following rights:

• Opt out of “sales” of personal information and use of their personal information for “targeted advertising,” as those terms are defined under applicable law.

• Opt out of “profiling” under certain circumstances, as defined under applicable law. (Residents of Colorado, Connecticut, and Virginia only.)

• Confirm processing of and access to personal information under certain circumstances.

• Correct personal information under certain circumstances. (Residents of Colorado, Connecticut, and Virginia only.)

• Delete personal information under certain circumstances.

Residents of these states can exercise their rights by contacting us at using one of the methods listed below.

Your Nevada Privacy Rights

Residents of the State of Nevada have the right to opt out of the sale of certain pieces of their information to third parties. Currently, we do not engage in such sales. If you are a Nevada resident and would like more information about our data sharing practices, please contact us.

Submission Options

Consumers may make a request pursuant to their rights under the applicable privacy laws by contacting us either at legal@dispel.com or through the support button on the bottom right-hand side of the screen on our website.

We will verify your request using the information associated with your account, including email address. Government identification may be required. Consumers can also designate an authorized agent to exercise these rights on their behalf.

Residents of California, Colorado, Connecticut, and Virginia have the right to appeal a denial of their request by contacting us as described in the notice of denial.

Use of the Service by Minors

To the extent prohibited by applicable law, Dispel does not allow use of our Services and websites by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us and we will takes steps to delete such information.

Changes to this Privacy Policy

We may update this privacy policy from time to time, and we will notify you of any such updates by either updating the “Last Updated” legend on this page; sending you some form of communication; or posting a notice on our website when the privacy policy has been updated. Please review the latest privacy policy periodically, especially before providing us with any information. Your continued use of our website, products and services means that you have accepted our latest privacy policy.

Contacting Us

If you have any questions about this privacy policy, please do not hesitate to contact us at legal@dispel.com. Because email communications are not always secure, please do not include credit card information or other sensitive information in your emails to us. If you would like to send us a secure message, please ask for our public key and contact us at security@dispel.com.

Dispel is committed to making its websites and applications accessible, in accordance with Title III of the U.S. Americans with Disabilities Act of 1990 (42 U.S.C. § 12101) and, for our U.S. Government clients, Section 508 of the Rehabilitation Act of 1973 (29 USC § 794d).

To meet this commitment, our websites and applications have been designed to conform to the W3C Web Content Accessibility Guidelines (WCAG) 2.1, Level AA. Our applications use both native operating system (“OS”) elements and brand designs. By using native elements, Dispel leverages the powerful accessibility features provided by the OS manufacturer. If not otherwise covered by the native OS, our brand designs are intended to conform to the WCAG 2.1, Level AA.

Download a copy of our Accessibility Statement here:

Technical Information About Dispel’s Website and Application Accessibility

Dispel is committed to making its websites and applications accessible, in accordance with the U.S. Americans with Disabilities Act of 1990 (42 U.S.C. § 12101).

Compliance Status

Feedback and Contact Information

Enforcement Procedure

The U.S. Department of Justice (DoJ) is responsible for enforcing the American with Disabilities Act (ADA).

Despite our very best efforts to allow anybody to adjust our websites and applications to their needs, there may still be aspects that are not fully accessible, are in the process of becoming accessible, or are lacking an adequate technological solution to make them accessible. Still, we are continually improving our accessibility; adding, updating, and improving its options, and features; and developing and adopting new technologies. All this is meant to reach the optimal level of accessibility, following technological advancements.

If you’re not happy with how we respond to your complaint, you may contact the DoJ Civil Rights Division to file a complaint.

To file an ADA complaint online:

U.S. Department of Justice Civil Rights Division 950 Pennsylvania Avenue, NW 4CON, 9th Floor Washington, DC 20530

(202) 307-1197

About WCAG and What We’re Doing to Improve Accessibility

Industrial control systems touch everyone’s lives, depending upon contributions from individuals all around the world. Dispel designs and builds our tools with accessibility as a central tenant of our ethos.

Our customers are required by law to comply with regulations governing accessibility, such as the U.S. American with Disabilities Act (ADA), European Accessibility Act (EAA), UK Equality Act 2010, Accessible Canada Act (ACA), and Australian Disability Discrimination Act (DDA).

All told, there are currently 40 web accessibility laws and policies in place across 23 countries and political unions. A preponderance of these regulations do not give strict technical guidance on how to make a site or service accessible; leaving the task up to the discretion and liability of the service provider. Many regulations, however, use the Web Content Accessibility Guidelines (“WCAG”) as a standard or baseline. This is further recognized as an international standard: ISO/IEC 40500:2012.

WCAG 2.1 as Our Standard

Four Tenants of WCAG

While the WCAG provides a technical list of requirements to fulfill, it’s good to start with the four tenants around which W3C builds out their specifications.

These four basic principles are websites must be:

1. Perceivable - Information and user interface components must be presentable to users in ways they can perceive. This means that users must be able to perceive the information being presented (it can't be invisible to all of their senses).

2. Operable - User interface components and navigation must be operable. This means that users must be able to operate the interface (the interface cannot require interaction that a user cannot perform).

3. Understandable - Information and the operation of user interface must be understandable. This means that users must be able to understand the information as well as the operation of the user interface (the content or operation cannot be beyond their understanding).

4. Robust - Content must be robust enough that it can be interpreted reliably by a wide variety of user agents, including assistive technologies. This means that users must be able to access the content as technologies advance (as technologies and user agents evolve, the content should remain accessible).

Understanding Conformance

There are five requirements that must be met for content to be classified as ‘conforming’ to WCAG 2.1.

Requirements

Success Criteria

WCAG 2.1 items contain success criteria, which are written as testable criteria to objectively determine of a certain implementation satisfies the item.

For example, 1.4.1 Use of Color requires that “color is not used as the only visual means of conveying information, indicating an action, prompting a response, or distinguishing a visual element.” In other words, you can’t just have text change from red to green to signify something to a user. There are sufficient techniques that can be used in conjunction with color to convey meaning to those individuals with partial sight, limited color vision, or monochromatic displays. 1.4.1 provides success criteria techniques to meet compliance. Some are: (G14) Ensuring that information conveyed by color differences is also available in text; (G205) Including a text cue for colored form control labels; (G182) Ensuring that additional visual cues are available when text color differences are used to convey information; and (G183) Using a contrast ratio of 3:1 with surrounding text and providing additional visual cues on hover for links or controls where color alone is used to identify them.[1]

Conformance with WCAG means that an implementation of an item satisfies the requirements the Success Criteria. Most items have one level of conformance—in other words, you either meet the Success Criteria, or you do not. There are some circumstances when items have three levels of conformance: Level A, AA, and AAA.

One’s natural instinct is to aspire for Level AAA conformance across the board. Unfortunately the WCAG is written so that complete conformance is not possible. Indeed, the authors at W3C themselves note: “It is not recommended that Level AAA conformance be required as a general policy for entire sites because it is not possible to satisfy all Level AAA Success Criteria for some content.”[2] Our goal then is to maximize accessibility as much as reasonably possible without creating an undue burden.

Application Accessibility Across Device Platforms

Dispel provides its customers with applications on Apple macOS®, iPadOS®, iOS; and on Microsoft Windows®.

These operation systems come with accessibility features of their own. For example, macOS includes a wide variety of features and assistive technologies that include screen and cursor magnification, a full-featured screen reader, visual flash alerts, closed captioning support, and more.[3]

Dispel’s applications use native design elements—referred to as “modern design” for UWP Windows apps and “design style” for Apple macOS—when building our products. These UI elements often come with built-in accessibility, providing an accessible user experience by default.

To learn more about Apple’s accessibility features, please visit:

To learn more about Microsoft’s accessibility features, please visit:

In the context of our Compliance Status, OS-derived accessibility features are the responsibility of Apple and Microsoft.

Preparation of this Accessibility Statement

This statement was prepared on April 8, 2021.

For UK Article 3(1) of Commission Implementing Decision (EU) 2018/1523, this accessibility statement was prepared using Version 2.4 of the ITI Voluntary Product Accessibility Template® (VPAT®) INI edition.

This statement was last reviewed on April 8, 2021.

Dispel is committed to continuing to build a workforce that represents the best of us. Every day we take conscious action to foster an open, performance-based culture that invites full and respected participation from every member of our company. In our recruiting we continue to seek out the best people from every background, ensuring fair and transparent pathways for professional growth.

We believe in rewarding ambition, expertise, and dedication, and we continuously refine our policies and practices to support a thriving work environment where the most capable individuals can excel. Our commitment extends to sharing our experiences and successes with the broader community.

Our Values

We believe in hiring the smartest, nicest people with the most experience in their fields who get stuff done.

Hire the Best and Empower Excellence

We prioritize intelligence, skill, and integrity. We seek out and support individuals who demonstrate exceptional capability and a drive to succeed.

Encourage Innovation and Growth

We embrace an environment where taking calculated risks, learning from mistakes, and fostering innovation are encouraged. We believe that progress comes from pushing boundaries and refining ideas.

Commit to Strong Work Ethic and Collaboration

Success is achieved through teamwork, discipline, and accountability. We create an environment where people support each other, challenge ideas constructively, and work together toward shared goals.

Foster a Culture of Open Dialogue

We encourage all team members to voice their insights and listen actively. At Dispel, everyone has a seat at the table, and diverse perspectives drive the evolution of our company and technology.

Welcoming Talent

Dispel is committed to complying with all federal, state, and local equal employment laws. To that end, the company is dedicated to maintaining a work environment that is free from harassment and discrimination on the basis of age, race, creed, color, national origin (including ancestry), religion, gender or sex, sexual orientation (including transgender status, gender identity or expression), pregnancy (including childbirth, lactation, and related medical conditions), alienage or citizenship status (unless required by law), disability, reproductive health decision making (including, but not limited to, the decision to use or access a particular drug, device, or medical service), marital status, partnership status, caregiver status, domestic violence victim status, familial status, military status, unemployment status, genetic information (including genetic characteristics), or any other protected status under federal, state, or local laws. The company is dedicated to the fulfillment of this policy with respect to all aspects of employment, including, but not limited to, recruiting, hiring, placement, transfer, training, promotion, compensation, termination, and all other terms, conditions, and privileges of employment.

Dispel will conduct a prompt and thorough investigation of all allegations of discrimination, harassment, or retaliation, or any violation of Dispel’s Equal Employment Opportunity Policy (EEO-P) in a confidential manner. The company will take appropriate corrective action, if and where warranted. The company prohibits retaliation against employees who provide information about, complain about, or assist in the investigation of any complaint of discrimination or violation of the EEO-P.

Dispel has a zero-tolerance policy toward discrimination and harassment. For details on how to report discrimination or harassment see the EEO-P in the company handbook.

Community Alignment

Dispel supports the United Nations’ Sustainable Development Goals.

When we think about programs and policies, these include the goals set forth by the UN for (Goal 5) Gender Equality and (Goal 16) Peace, Justice, and Strong Institutions.

Opportunity & Merit in Practice

Fair Hiring and Advancement

Dispel’s hiring philosophy is based on capability, experience, and potential. We implement structured evaluation processes to minimize bias and ensure that decisions are made based on merit. Our hiring pipeline is designed to attract highly skilled individuals from a wide range of sources, ensuring that opportunity is available to all who are qualified.

Commitment to Professional Development

We invest in the growth of our employees by providing access to continued education, mentorship programs, and leadership development opportunities. By nurturing talent from within, we ensure that individuals who demonstrate skill and initiative have clear paths for career advancement.

Objective Performance Metrics

Our performance evaluations are based on clear, measurable criteria. Success at Dispel is determined by contributions, problem-solving abilities, and the impact an individual has on our team and mission.

Maintaining a Respectful and Inclusive Work Environment

Dispel is committed to ensuring a workplace where all employees are treated with dignity and respect. Harassment and discrimination of any kind are not tolerated, and we uphold policies that reinforce a professional and constructive work culture.

Community Engagement and Industry Leadership

Ethical Business Practices and Supplier Standards

Dispel holds itself and its partners to the highest ethical standards. Our supplier relationships reflect our commitment to quality, reliability, and integrity. We evaluate vendors based on their ability to deliver superior products and services while adhering to our standards of professionalism and fairness.

Encouraging Civic Participation

We support our employees in exercising their civic rights, including voting and community involvement. Dispel provides paid time off for employees to participate in elections.

Executive Overview

Dispel embraces a partner-first got-to-market strategy, enabling a more targeted approach to driving value for our customers. To do so, it is important for our partners to be an extension of Dispel to foster a true sense of collaboration and trust with our customers and prospects. This document outlines the policy governing the use of the Dispel logo and other branding assets by our partners. This policy is designed to protect our intellectual property while allowing our partners to represent Dispel in relevant marketing and communications, in alignment with their contractual agreements.

Scope

This policy applies to all Dispel partners who intend to use Dispel’s logo, trademarks, and branding materials. It defines the requirements and conditions under which these assets can be used, as well as the process for obtaining approval when necessary.

Dispel Brand Guidelines

Guidelines for Logo Use

Authorized Use

Partners who have a signed contract with Dispel are authorized to use the Dispel logo and branding in specific contexts, such as:

• On their websites

• In product documentation

• At promotional events, including trade shows, webinars, and conferences

• In marketing and advertising materials directly related to the promotion of Dispel’s products or services

The use of the logo must comply with the following general guidelines:

1. Proper Context: The logo must be used only in connection with the promotion and resale of Dispel products and services.

2. No Modification: The logo should not be altered, resized, or distorted in any manner.

3. Respect for Trademarks: The logo must always be used in a way that respects Dispel’s trademarks, ensuring that our brand is not misrepresented.

Use Without a Signed Contract

Partners who do not have a signed contract with Dispel are not authorized to use the Dispel logo, trademarks, or branding materials. To gain access, one must agree to the Dispel Logo Use Policy in accordance with Dispel’s Brand Guidelines, attached as an appendix to this document.

Dispel reserves the right to approve or deny or revoke approval at its sole discretion, based on brand strategy, market positioning, and other relevant factors.

If approved, Dispel will provide the partner with the official logo file and any usage guidelines to ensure consistency and adherence to branding standards.

Logo Use in Marketing Materials

• Promotional and Marketing Materials: Partners must include a disclaimer where applicable, indicating that they are a partner of Dispel, and that the use of the logo does not imply an endorsement, joint venture, or any other relationship beyond the contractual partnership.

• Event Use: If the logo is being used at an event, such as a trade show, webinar, or conference, partners should ensure that the Dispel logo is displayed in a context where it is clear the partner is representing or showcasing Dispel's products/services.

Restrictions

• Non-Endorsement: Partners are prohibited from using the Dispel logo in any manner that suggests a relationship, endorsement, or affiliation outside the scope of the reseller agreement or contract.

• No Competing Products: Partners are not permitted to use the Dispel logo on materials that feature competing products or services, unless approved prior to use.

• Inappropriate Use: The logo may not be used in any unlawful, misleading, or offensive manner, nor in connection with any materials that conflict with Dispel's ethical standards or reputation.

Enforcement

Dispel reserves the right to take corrective actions if the logo is used improperly or without the required authorization, including:

• Requesting the immediate removal of the logo from unauthorized materials.

• Revoking permission to use the logo in the case of continued misuse.

• Pursuing legal remedies if necessary.

Conclusion

The Dispel logo and branding assets represent the quality and security of our products. We trust our partners to use these assets responsibly and in accordance with this policy. For any questions regarding the logo use or the approval process, please contact your partner account manager.

By following these guidelines, our partners will help maintain the integrity and consistency of the Dispel brand, ensuring that our reputation for providing secure remote access solutions is upheld across all channels.

Dispel is committed to ensuring our business, and our supply chains, are free of acts of slavery and human trafficking. The United Kingdom Modern Slavery Act of 2015 requires businesses to publish a statement specifying the efforts taken to prevent slavery and human trafficking anywhere in their own business or their supply chain for each financial year of the organization. This statement constitutes Dispel’s Modern Slavery Act statement.

What is Modern Slavery?

Modern slavery encompasses all types of slavery, human trafficking, servitude and forced or compulsory labor across a vast number of industries. Modern slavery may affect individuals that are resident within or outside of the UK.

Our Business

Dispel is an enterprise-level secure remote access platform and data streamer for industrial control systems. With Dispel, people work with their operational technology more effectively, control access for third parties and employees efficiently, and manage device access control lists—all within a secure, compliant environment.

Dispel, LLC is a Delaware corporation headquartered in Brooklyn, New York with personnel located in multiple locations including Texas and Virginia. Any reference to “Dispel” is a reference to all Dispel operations, as we uphold the values set out in this statement regardless of geographic location.

Our procurement team is based in the United States, and the suppliers supporting Dispel core products are headquartered in the United States. Our infrastructure and broader supplier ecosystem are comprised of suppliers with presences in other countries including, but not limited to, the United Kingdom, the United States, various EU countries, South Africa, Australia, and Japan.

Based on the nature of our business, which provides enterprise level software-as-a-service and infrastructure-as-a-service to other businesses and organizations, there is a low risk of slavery and human trafficking taking place. However, Dispel vehemently opposes the trafficking of persons or use of any form of slavery and has taken steps to assess and manage that risk.

If Dispel establishes that modern slavery is taking place in our business or supply chains, we will terminate the relevant relationship, report the activity to law enforcement, and co-operate with any resulting investigation.

Policies

Dispel complies with all applicable laws and regulations and is committed to preventing any form of modern slavery in our business. As such, our policies set forth our values and explain how those values impact the way we do business worldwide.

Dispel’s Code of Conduct

Dispel serves customers in many countries around the world with varying laws, regulations, and customers. Dispel’s commitment to conducting business according to the highest standards of ethical conduct applies across national boundaries. Therefore, Dispel’s global Code of Conduct prohibits involuntary labor and human trafficking. Dispel requires its employees, independent contractors, consultants, and others who do business with Dispel to comply with all applicable laws, rules, and regulations when performing work. All employees are trained upon hire and annually thereafter on Dispel’s policies.

Supplier’s Code of Conduct

We operate in many countries and are subject to different laws, customs, and practices. When doing business with our suppliers and other business partners, we require they act in manners no less stringent than our own. Dispel reserves the contractual right to terminate any supplier relationship for cause if a supplier violates applicable laws. Finally, Dispel conducts regular and at least annual review of its standards for suppliers. If Dispel establishes that modern slavery is taking place in our business or supply chains, we will terminate the relevant relationship, report the activity to law enforcement, and co-operate with any resulting investigation.

Dispel’s Due Diligence Actions

• Dispel analyzes and researches all suppliers prior to onboarding and sets clear expectations as to appropriate conduct using its Vendor Policy. Dispel also maps the supply chain and reviews the relevant entities to understand the nature of suppliers and the good and services that are procured and the risk any supplier may pose.

• Dispel reviews the effectiveness of its processes in ensuring that slavery and human trafficking is not taking place, by performing risk assessments to outline and assess any areas of risk in its business or supply chains. Additionally, we have established a reporting and grievance procedure (“Whistleblower Program”) to ensure that where modern slavery is uncovered, it is remediated appropriately. Finally, all procurement related policies and procedures are reviewed annually to ensure an appropriate governance system is in place.

As Dispel advances our technology and addresses an evolving cybersecurity landscape, we issue new versions of our products and services. Dispel advises customers to install the latest product releases to remain as secure as possible and to take advantage of new features.

General Availability (GA) Full Support

For one (1) year or longer per Dispel discretion, Dispel will provide Full Support for the version. Full Support includes incident support, troubleshooting, product fixes, security updates, and request to change product design and features.

Extended Support

After Full Support has ended per the schedule table below, Dispel will provide Extended Support for an additional twelve (12) months. Extended support will be limited to troubleshooting, suggested workarounds, and mitigating critical (CVSS 9+) security vulnerabilities. If the cause of a troubleshooting issue or bug is fixed in a later version, Dispel support will direct customers to upgrade to a Fully Supported version of the product.

End of Life

After a product has reached its End of Life, no new fixes will be made to the product. To resolve an issue with a product that is past end of life, Dispel support will require that the customer first upgrade to a Fully Supported version of the product.

Lifecycle Phases for Products Under the Lifecycle Policy

Self-help support is available through a product's lifecycle and for a minimum of 12 months after the product reaches the end of its full support. Dispel documentation, FAQ, troubleshooting tools, and other resources are provided to help customers resolve common issues. Self-help support may no longer be current or available for versions of the software that are beyond end of life.

Dispel Zero Trust Engine Schedule

The EOL date for the most recent release is only applicable to a fully numbered release if given. As new versions of Dispel Zero Trust Engine are released this table will be updated. All end dates are on the last day of the specified month.

This Vendor Policy for Recruiters is designed to establish a clear framework for collaboration between recruiters and Dispel. The purpose of this policy is to ensure a productive, transparent, and equitable candidate experience while aligning recruitment efforts with Dispel’s hiring needs and standards. By outlining the terms and expectations, this policy supports both recruiters and Dispel in identifying and hiring top talent effectively.

This policy applies to all external recruiting agencies, vendors, and independent recruiters (“Recruiters”) engaged to support Dispel’s hiring efforts. Compliance with this policy is mandatory for all recruitment partnerships.

Key Guidelines

1. Authorized Collaboration

   • Recruiters must have a signed agreement with Dispel before submitting any candidate. Unauthorized submissions will not be considered, and Dispel will not be obligated to compensate the recruiter for such submissions.

2. Candidate Ownership and Submission Process

   • All candidates must be submitted through Dispel’s designated Applicant Tracking System (ATS) for proper documentation and tracking.

   • Dispel retains sole discretion in accepting or rejecting candidates submitted by recruiters. Only candidates expressly accepted by Dispel will be considered for further evaluation and interview.

3. Transparency and Communication

   • Recruiters are required to provide accurate and complete candidate information, including resumes, contact details, and any relevant screening notes.

   • Regular communication and updates about submitted candidates must occur in accordance with Dispel’s defined timelines and protocols.

   • Provide complete and accurate information on candidates' interviewing status at other firms.

4. Avoidance of Duplication

   • To avoid confusion and inefficiencies, recruiters must verify whether a candidate is already in Dispel’s hiring pipeline before submitting them. Any duplicate submissions will be handled according to Dispel’s internal policies.

5. Compliance with Equal Opportunity Standards

   • Recruiters must adhere to Dispel’s commitment to Equal Employment Opportunity (EEO) and ensure that no candidate is discriminated against based on race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or any other protected characteristic.

Candidate Acceptance

For a candidate to be considered “accepted” by Dispel, the following conditions must be met:

• A executed agreement must be in place between the Recruiter and Dispel.

• The candidate must be submitted to Dispel's ATS. Recruiters agree they shall not email candidate resumes.

• The candidate’s submission must be acknowledged and confirmed in writing by Dispel through the ATS.

• Dispel will notify the recruiter if the submitted candidate has been officially moved forward for further stages in the hiring process.

• Any candidates not explicitly accepted will be deemed as not under consideration, and Dispel will not owe a fee for these submissions.

Vendor Performance

Recruiters are expected to provide high-quality candidates who meet the qualifications and cultural fit for Dispel. Regular evaluations of recruiter performance will be conducted, and partnerships may be terminated if expectations are not consistently met.

Enforcement

Failure to comply with this policy may result in the termination of the recruiting partnership and the forfeiture of any fees for unauthorized submissions. Dispel reserves the right to modify this policy at its discretion.

Acknowledgment

All recruiters engaged with Dispel must review and acknowledge this policy before submitting candidates. By submitting any candidate to Dispel, the Recruiter acknowledges and agrees to this policy. Questions or clarifications about the policy should be directed to Dispel’s Talent Acquisition team.

Which entity am I signing with?

1. Products.

Dispel makes available the Remote Access Services (as defined in Exhibit A; the “Products”), and Partner desires to market and resell the Products in the Territory (as defined in your Partner Portal), in accordance with the terms and conditions of this Agreement. In connection with the resale of the Products, Partner may offer to resell to Customers the Support Services (as defined in Exhibit A).

2. Pricing.

Resale prices for the Products and for Support Services will be established by Partner at its sole discretion. For each such resale, Partner will submit a purchase order to Dispel (“Purchase Order”) via the Partner Portal. The submittal of a Purchase Order will act as authorization for Dispel to proceed with the ordering process.

3. Signatures.

Exhibit A: Terms and Conditions

1. Partner’s Rights.

1.1 Marketing and Resale Rights.

Subject to the terms and conditions of this Agreement (including the payment obligations set forth in Section 5.4), Dispel grants to Partner a nonexclusive, nontransferable right and license during the Term within the Territory to:

(a) advertise, market, and promote the Products to Customers in the Territory;

(b) resell directly (i.e., not through distributors or resellers) to Customers in the Territory and to contractors for resale to Customers pursuant to Section 1.6 (i) the right to access and use the Remote Access Services, and (ii) the Support Services; and

(c) access and use the Remote Access Services for the sole purpose of providing the Support Services for Customers in accordance with Section 3.1 and exercising the rights in Section 1.5; provided that Partner shall purchase from Dispel a demo environment to access and use the Remote Access Services.

1.2 Documentation Right.

Dispel grants to Partner a nonexclusive, nontransferable right and license during the Term to reproduce and distribute to Customers in the Territory the Documentation in connection with the resale of the Products pursuant to Section 1.1(b).

1.3 Trademark License.

Dispel grants to Partner a nonexclusive, nontransferable right and license during the Term to use Dispel’s registered or common law trademarks and service marks solely: (a) in connection with Partner’s marketing, resale, advertising, and promotion of the Products in accordance with this Agreement; and (b) in accordance with any usage guidelines that Dispel provides to Partner from time to time. Partner agrees that all goodwill arising out of the use of the Trademarks by Partner will accrue to the sole benefit of Dispel. Partner will not at any time challenge, or assist others in challenging, the Trademarks. Partner will submit all advertising, marketing, branding, and promotional materials related to the Products to Dispel for advance review and approval, such approval not to be unreasonably withheld or delayed. Partner grants to Dispel a nonexclusive, nontransferable, license to use Partner’s registered and/or common law trademarks and service marks (the “Partner Trademarks”) solely in connection with any mutually-agreed upon marketing activities, in accordance with any usage guidelines that Partner provides to Dispel. Dispel agrees that all goodwill arising out of the use of the Partner Trademarks by Dispel will accrue to the sole benefit of Partner.

1.4 Customer Terms of Service.

Prior to or simultaneously with completing the resale of a Product to a Customer, Partner shall ensure that such Customer has expressly agreed to the Customer Terms of Service. If a Customer does not agree to the Customer Terms of Service, that Customer will not be allowed to use the Remote Access Services or receive Support Services, and Dispel shall not be liable to Partner for refunding any Fees paid. For the avoidance of doubt, Dispel shall provide the Products and Support Services to the Customer only in accordance with the Customer Terms of Service.

a) Partner shall obtain Dispel’s prior, written approval (not to be unreasonably withheld) of the manner in which Partner intends to ensure that each Customer expressly agrees to the Customer Terms of Service, and upon Dispel’s request, shall provide documentation evidencing each Customer’s acceptance of the Customer Terms of Service.

b) Partner will immediately advise Dispel if Partner becomes aware of any breach by a Customer of any provision of the Customer Terms of Service.

c) In the event of a conflict between the Customer Terms of Service and any agreement between Partner and Customer, the Customer Terms of Service shall take precedence with respect to Dispel’s obligations and performance.

d) Nothing in this Agreement, the Customer Terms of Service, or any agreement between Partner and Customer obligates or will obligate Dispel to develop or assist in developing any Government-Off-The-Shelf products.

1.5 Partner Internal Use.

Subject to the terms and conditions of this Agreement, Dispel hereby grants to Partner a nonexclusive, nontransferable, royalty-free (except as set forth in Section 5), revocable right to use the Remote Access Services during the Term and in accordance with the Documentation, for the sole purpose of providing demonstrations of the Products to prospective Customers in the Territory and for no other purpose. Partner acknowledges and agrees that it shall purchase from Dispel a demo environment to access and use the Remote Access Services pursuant to this Section 1.5.

1.6 Right of Sublicense.

a) The rights granted pursuant to Sections 1.1, 1.2, 1.3, and 1.5 are nonsublicensable, except to the extent that Partner is engaged in a sales process to Customers involving multiple tiers of sales (i.e., selling to and through multiple tiers of contractors), in which case Partner shall have a limited right to sublicense the rights set forth in Sections 1.1, 1.2, 1.3, and 1.5 to only those third parties directly involved in such resale to Customers.

Any sublicense granted pursuant to this Section 1.6 shall be subject to the following restrictions:

b) such sublicense shall be limited solely to the contractor(s) duly authorized by Partner; provided that Partner shall report its duly authorized contractor(s) to Dispel on a regular basis as designated by Dispel;

c) such sublicense shall be subject to, and subordinate to, this Agreement and, in case of any conflict, the terms of this Agreement shall prevail;

d) Partner shall be responsible for, and shall ensure, any sublicensee’s compliance with this Agreement; and

e) Dispel shall have the right to review any such sublicense agreement upon request.

1.7 Certain Restrictions.

Partner shall not:

a) resell, sublicense or otherwise make available the Products except as permitted by this Agreement;

b) resell, sublicense or otherwise make available the Products to any Dispel Direct Competitor;

c) represent itself as an agent of Dispel for any purpose, nor pledge Dispel's credit or give any condition or warranty or make any representation on Dispel's behalf or commit Dispel to any contracts;

d) copy, decompile, disassemble, design around or otherwise reverse engineer the Products or any portion thereof, or determine or attempt to determine any source code, algorithms, methods, or techniques embodied in the Products or any portion thereof, or extract ideas, algorithms, procedures, workflows, or hierarchies from the Products or otherwise use the Products for the purpose of creating another product or service unless such act is permitted under applicable law (even in the case where such act is permitted under applicable law, Partner shall not use anything learned from such act in a commercial or marketing setting);

e) interfere with, or disrupt the operation of, the servers or networks used to make the Products available, or violate any requirements, procedures, policies, or regulations of such servers or networks or their providers;

f) post, transmit, or otherwise make available through or in connection with the Products any virus, worm, Trojan horse, Easter egg, time bomb, spyware, or other computer code, file, or program that is, or is potentially, harmful or invasive or intended to damage or hijack the operation of, or to monitor the use of, any hardware, software, or equipment;

g) modify, translate, or create any Derivative Works based upon the Products (except to the extent this restriction is expressly prohibited by applicable law);

h) remove or alter any copyright, trademark, trade name, or other proprietary notices, legends, symbols, or labels appearing on or in copies of the Products except as permitted under this Agreement;

i) perform, or release the results of, benchmark tests or other comparisons of the Products with other programs without Dispel’s prior written consent;

j) transfer the Products to any computer other than a computer owned by Partner and used by Partner in Partner’s operations, except as permitted by this Agreement;

k) permit the Products to be used for the benefit of any third party (i.e., in an ASP, outsourcing or service bureau relationship or processing the data of any third party), except as permitted by this Agreement;

l) incorporate the Products or any portion thereof into any other program or product, or use the Products for production purposes;

m) assert, or attempt to assert, any ownership of or other rights to (including, but not limited to, the filing of any applications for patent, trademark, copyright, or any other intellectual property rights), over, or involving the Products;

n) challenge or assist third parties in challenging the ownership, validity, enforceability, or scope of Dispel’s and/or its affiliate’s intellectual property rights or other rights in the Products or Trademarks, or, unless otherwise expressly permitted hereunder, use Dispel’s and/or its affiliate’s intellectual property rights filed and/or registered in the US anywhere in the world as if such intellectual property rights were filed and/or registered worldwide (except to the extent this restriction is prohibited by applicable law);

o) advertise, market, promote, sell, distribute, use, export, or otherwise make available the Products to any entities or person not located in the Territory (including but not limited to any foreign offices, branches, locations, affiliates, or subsidiaries of an Territory entity or person that is located outside of the Territory), without Dispel’s express written prior permission;

p) in connection with the Products and Support Services or in performance of this Agreement (i) defame, threaten, abuse, or harass any person, or otherwise violate the legal rights of any person or entity, including any copyright, trademark, trade secret, right of publicity or privacy, or any other proprietary right; (ii) harvest or collect personally identifiable information from or about any person other than in the ordinary course of business or otherwise in violation of any applicable law; (iii) impersonate any person or entity, or falsely state or otherwise misrepresent Dispel’s affiliation with any person or entity; or (iv) engage in any fraudulent or otherwise tortious or unlawful conductor;

q) violate any laws or regulations, ordinances, and requirements of any governmental authority applicable to Partner’s activities under this Agreement; or

r) engage in any other activity prohibited by this Agreement or that is reasonably deemed by Dispel to be in conflict with the spirit or intent of this Agreement.

1.8 Enablement Training.

Dispel offers training and certifications with respect to the Products and Support Services (“Enablement Training Program”). Through the Enablement Training Program, individuals may be certified by Dispel as Dispel Systems Certified Specialists. Certification information and standards may, at Dispel’s sole discretion, be modified or changed from time to time by Dispel without notice to Partner.

1.9 Tiers.

a) Discounts. Partner will be eligible to receive benefits based upon its achieved tier within the Partner Program, including discounts off the list price for the Products. Tier information is included in the Partner Portal, which Dispel may modify, at its sole discretion, from time to time. Dispel may change eligibility requirements and will notify the Partner of any such updates.

b) No Hardware Discounts. Some implementations of the Dispel Products use hardware to provide integration into the broader system. To the extent that Partner resells any such hardware, Partner does not receive a discount on such connection hardware and any physical asset sold by Dispel (“System Enablement Components” or “Hardware”).

c) Determining Tiers. The tier that a Partner is eligible for is determined by how much revenue Dispel has actually received from Partner under this Agreement in the immediately preceding twelve (12) month period (“Threshold Requirement”). Purchases made for a Partner’s internal consumption count toward the Threshold Requirement for any given tier. Taxes, duties, shipping, and other fees do not count toward Threshold Requirements.

The Threshold Requirement of all prior tiers must be completed in order for the Partner to be eligible for a higher tier. Subject to the preceding sentence, in the event a single sale qualifies a Partner to proceed through more than one tier, the applicable discounts shall be determined on a graduated and sequential basis starting with the discount for the first tier for which the Threshold Requirement is met, followed by the discount for the next tier for which the Threshold Requirement is met, and so forth.

Dispel shall, in its sole discretion, determine the tier a Partner is eligible for provided such determination is consistent with the then-current version of the Tier information available in the Dispel Partner Portal.

1.10 Resale Policy Changes.

From time to time, Dispel may institute new or revised policies and procedures regarding the resale of the Products. Upon Partner’s receipt of notice from Dispel of any such new or revised policies or procedures, Partner will promptly implement such policies and procedures.

2. Ownership.

2.1 Generally.

As between Dispel and Partner, Dispel and its licensors own all right, title, and interest in and to the Products and Trademarks (including all copies, modifications, and Derivative Works thereof and all intellectual property and proprietary rights embodied therein), except for the limited right and licenses expressly granted to Partner in this Agreement. For the avoidance of doubt, any modifications, Derivative Works, intellectual property, or proprietary rights created by Partner in contravention of this Agreement shall belong exclusively to Dispel and Partner hereby assigns to Dispel all right, title, and interest in and to all such modifications, Derivative Works, intellectual property, and proprietary rights in any manner and for any purpose.

2.2 Feedback.

If Partner provides Dispel with any suggestions, ideas, feedback, reports, error identifications, or other information related to the Products or Dispel’s other products or services (“Feedback”), Partner hereby assigns to Dispel all rights, titles, and interests in and to all Feedback, including all patent rights, copyrights, trade secrets, and other intellectual property or proprietary rights therein, and agrees to assist Dispel in perfecting such rights and obtaining assignments of such rights from all individuals involved in generating the Feedback.

3. Channel Management.

3.1 Maintenance and Support Services.

The list price for each Product may include certain labor hours for Support Services. Any Support Services requested by Customer in excess of the labor hours included in the list price shall be as detailed in the Pricing Guidelines and subject to the execution of a Purchase Order. Partner may describe to each Customer each of the tiers of maintenance and support offered by Dispel prior to the Partner and Customer completing the ordering documentation for the purchase of Products from Partner (“Order Documentation”).

3.2 Problem Resolution.

Partner shall keep Dispel informed on a regular basis regarding any problems encountered with the Products by Partner or Customers, and regarding any resolutions developed for those problems. Partner shall communicate promptly to Dispel any and all modifications, design changes, or improvements to the Products suggested by any entity or person to Partner.

3.3 Exclusivity and Sales Support.

Dispel will not knowingly, directly sell the Products to a government office or company division (“Target”) for sixty (60) calendar days (“Exclusivity Period”) after a meeting with a Target that (a) is sourced by a Partner and registered in the Partner Portal, (b) is attended by an authorized Dispel representative, and (c) Dispel knows is for the purpose of reselling the Products to the Target through Partner; provided, however, that this exclusivity provision shall not apply to any Target who Dispel had any discussion relating to the sale of the Products at any time prior to such meeting. At subsequent meetings, if a Dispel representative is present under the above conditions, the Exclusivity Period shall reset to the full number of days. In situations where (a) the Partner decides to not pursue a sale attempt to the Target, Partner will immediately notify Dispel and; or (b) the Target chooses to not work with the Partner, then Dispel may then pursue a direct sale with the Target within the Exclusivity Period.

Nothing in the foregoing paragraph will prohibit Dispel representatives from attending any meeting requested by any partner even if an Exclusivity Period is in effect. Multiple partners may compete for the same business and Dispel does not require partners share their target lists with Dispel or other Partners.

4. Dispel Professional Services.

To the extent that Partner wishes to engage Dispel to provide training, operational, technical, or other professional services to Customer in addition to the Support Services, the terms and conditions governing such professional services will be set forth in a separate professional services agreement entered into between Dispel and Partner. Nothing contained herein shall limit a Customer’s right to directly contact Dispel should such Customer desire to purchase training, operational, technical, or other professional services from Dispel. Partner will assist Customer with any such request for training, operational, technical, or other professional services from Dispel.

5. Pricing; Payment Terms.

5.1 Pricing.

Resale prices for the Products and Support Services will be established by Partner at its sole discretion. Partner will purchase the Products and Support Services from Dispel at prices set forth in the pricing guidelines provided by Dispel to Partner, which may be updated by Dispel from time to time with written notice to Partner (“Pricing Guidelines”), subject to any discounts Partner is eligible to receive under the Partner Program. Partner may bundle Dispel products with other services, and Dispel’s pricing in no way affects a Partner’s pricing of those other services. The Pricing Guidelines are Dispel’s Confidential Information.

5.2 Purchase Order.

Partner will submit to Dispel a Purchase Order for each resale of the Products and any Support Services. Dispel may accept or reject any Purchase Order at its discretion. By placing a Purchase Order, Partner: (a) represents and warrants that the applicable Customer has agreed to the Customer Terms of Service; and (b) agrees to pay Dispel the amounts for the ordered Products and Support Services as set forth in the Pricing Guidelines, subject to any applicable discounts and any applicable cash credits under Section 3.1 (collectively, “Fees”).

5.3 Billing.

All Fees for the Products and Support Services will be billed to the Partner when the Products and Support Services are shipped/provided to the Customer. All Fees for items purchased by Dispel for the Customer will be pre-billed to the Partner and will be paid by the Partner in accordance with Section 5.4, notwithstanding Section 5.2. Any adjustments to subscription-based Fees made mid-billing cycle will be calculated and billed to Partner in arrears on the subsequent invoice. All orders made by Partner to Dispel are non-cancelable and all payments made by Partner to Dispel are non-refundable, including but not limited to, if any Customer fails to pay Partner for an order or fails to agree to the Customer Terms of Service and Dispel has terminated such Customer’s access to Services or Products as a result thereof. Other than any applicable cash credits under Section 3.1, under no circumstances will Dispel be obligated to issue a credit to Partner.

5.4 Payment.

Each invoice issued by Dispel will identify the Fees payable by Partner. All amounts payable under this Agreement will be due within thirty (30) days of the receipt of the invoice therefor; unless the parties have agreed to a specific payment schedule in the Purchase Order, in which case the payment schedule in the Purchase shall control for that order. Payments must be remitted to the account identified by Dispel and are due on the date, and in the currency stated, in the invoice. Partner will pay such amounts regardless of whether it has received any payment from Customers. Any amounts not paid when due shall accrue a late fee at the rate of one and a half percent (1.5%) per month or the maximum rate allowed by law, whichever is lower. In the event Partner fails to pay within sixty (60) days the outstanding Fees set forth in an invoice from Dispel or payment schedule in the Purchase Order, Dispel may, in its sole discretion, (a) suspend or terminate the applicable Customer’s access to the Remote Access Services and/or Support Services, and/or (b) terminate this Agreement, upon written notice to Partner.

5.5 Taxes.

Partner will be responsible, as required under applicable law, for identifying and paying all taxes and other governmental fees and charges (and any penalties, interest, and other additions thereto) that are imposed on Partner upon or with respect to the transactions and payments under this Agreement. All fees payable by Partner are exclusive of applicable taxes and duties, including VAT, GST, excise taxes, sales and transactions taxes, and gross tax receipts (“Indirect Taxes”). Dispel may charge, and Partner will pay, all Indirect Taxes that Dispel is legally obligated or allowed to collect from Partner. Partner will provide all information to Dispel as reasonably required to determine whether Dispel is obligated to collect Indirect Taxes from Partner under any applicable law. Dispel will not collect, and Partner will not pay, any Indirect Tax for which Partner furnishes Dispel a properly completed exemption certificate or a direct payment permit certificate for which Partner may claim an available exemption from such Indirect Tax. All payments made by Partner to Dispel under this Agreement will be made free and clear of any withholding or deduction for taxes. If any taxes (for example, international withholding taxes) are required to be withheld on any payment, Partner will pay additional amounts as necessary so that the net amount received by Dispel is equal to the amount then due and payable under this Agreement.

5.6 Duties and Shipping Fees.

Partner is responsible for any foreign exchange, duty, shipping charges, and additional processing fees incurred, including any BIS license fees. If these fees are incurred after the initial invoice was sent, Dispel will invoice the Partner payable under Section 5.4.

5.7 Records and Audit Rights.

During the Term and for a period of at least two (2) years thereafter, Partner will maintain complete and accurate records and accounts relating to this Agreement, including for each resale of the Products and Support Services resold by Partner: (a) the Customer’s name and address; (b) Product components made available to the Customer; and (c) documentation showing that the Customer agreed to the Customer Terms of Service. Dispel may audit such records and accounts of Partner from time to time to verify Partner’s compliance with the terms and conditions of this Agreement. Any such audit will be at Dispel’s expense; provided, however, that if such audit reveals an underpayment of three percent (3%) or more of fees payable to Dispel with respect to any calendar month, or any other material breach of this Agreement by Partner, Partner will promptly reimburse Dispel for all expenses in connection with such audit. Partner will promptly pay Dispel the amount of any underpayment (and correct any other noncompliance) revealed by any such audit.

6. Warranty Disclaimer.

6.1 Warranty Disclaimer.

EXCEPT FOR THE WARRANTY SET FORTH IN THE THEN-CURRENT VERSION OF THE CUSTOMER TERMS OF SERVICE, DISPEL MAKES NO WARRANTIES WITH RESPECT TO THE PRODUCTS, THE SUPPORT SERVICES, ANY DOCUMENTATION, OR ANY OTHER PRODUCTS OR SERVICES, AND DISCLAIMS ALL STATUTORY OR IMPLIED WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT, AND ALL WARRANTIES ARISING FROM A COURSE OF DEALING, COURSE OF PERFORMANCE, USAGE, OR TRADE PRACTICE. DISPEL SPECIFICALLY DISCLAIMS ANY WARRANTY THAT THE PRODUCTS, THE SUPPORT SERVICES, OR ANY OPEN SOURCE COMPONENT WILL MEET ANY PARTNER OR CUSTOMER REQUIREMENTS OR THAT THE OPERATION OR USE OF THE PRODUCTS OR ANY OPEN SOURCE COMPONENT WILL BE UNINTERRUPTED OR ERROR-FREE. UNDER NO CIRCUMSTANCES SHALL DISPEL HAVE ANY LIABILITY WHATSOEVER FOR ANY HARDWARE PROVIDED BY DISPEL TO CUSTOMER IN CONNECTION WITH THIS AGREEMENT.

6.2 Restrictions.

Partner will not make: (a) any representation or warranty on behalf of Dispel; (b) any representation concerning the quality, performance, or other characteristics of the Products or the Support Services, other than those which are consistent in all respects with the applicable Documentation; or (c) any commitment to modify any part of the Products or the Support Services.

7. Term and Termination.

7.1 Term.

This Agreement will commence on the Effective Date and, unless earlier terminated in accordance with this Agreement, will continue in full force and effect until the end of the Initial Term set forth in the Partner Portal or communicated by Dispel to Partner. Thereafter, this Agreement will automatically renew for successive one (1) year periods (each, a “Renewal Term”), unless either party notifies the other party in writing at least sixty (60) days prior to the end of the then-current term that it does not wish to renew this Agreement, or unless earlier terminated in accordance with this Agreement. The Initial Term and any Renewal Terms are collectively referred to as the “Term.”

7.2 Termination by Dispel.

Dispel may terminate this Agreement immediately upon written notice to Partner if: (a) Partner materially breaches Section 1 (“Partner’s Rights.”), Section 5 (“Pricing; Payment Terms.”) or Section 9 (“Confidentiality.”) and fails to cure such breach within seven (7) days after receipt of written notice of such breach from Dispel; (b) Partner materially breaches any other provision of this Agreement and fails to cure such breach within thirty (30) days after receipt of written notice of such breach from Dispel or (c) Partner challenges or assists third parties in challenging the ownership, validity, enforceability, or scope of Dispel’s and/or its affiliates’ intellectual property rights or other rights in the Products or Trademarks. Dispel may also terminate this Agreement for any reason, with or without cause, at any time upon sixty (60) days’ written notice to Partner.

7.3 Termination by Partner.

Partner may terminate this Agreement immediately upon written notice to Dispel if Dispel materially breaches any provision of this Agreement and fails to cure such breach within thirty (30) days after receipt of written notice of such breach from Partner. Partner may also terminate this Agreement for any reason, with or without cause, at any time upon sixty (60) days’ written notice to Dispel.

7.4 Mutual Termination.

Either party may terminate this Agreement immediately upon written notice to the other party if: (a) any proceeding is commenced by or against the other party seeking relief, reorganization, or arrangement under any laws relating to insolvency or bankruptcy, and such proceeding is not dismissed within sixty (60) days; (b) the other party makes an assignment of its property or assets for the benefit of its creditors; (c) a receiver, liquidator, or trustee is appointed for the other party’s property or assets; or (d) the other party is liquidated, dissolved, or wound up.

7.5 Transition of Existing End Users.

Upon termination or expiration of this Agreement: (a) for each Product component resold by prior to any termination or expiration of this Agreement, each then-current Customer shall continue to have the right to use such Product component for the remainder of its current subscription term (with no right to renew such subscriptions), in accordance with the Customer Terms of Service, governing such subscription, and with the terms of this Agreement, provided that in no event shall such continued right to use the Products extend past twelve (12) months after the termination or expiration of this Agreement (the period that any such rights remain in effect after the termination or expiration of this Agreement, the “Wind-down Period”); (b) the parties shall promptly meet to negotiate in good faith the orderly wind-down of each party’s activities under this Agreement; and (c) each party shall continue to perform its relevant obligations under this Agreement during the Wind-down Period (but only with respect to obligations existing as of the date of termination or expiration and only to the extent that such obligations relate to Customers with active subscriptions to the Remote Access Services).

7.6 Effect of Termination.

Upon termination or expiration of this Agreement: (a) all licenses granted to Partner under this Agreement will terminate immediately; and (b) Partner will immediately: (i) cease use and resale of the Products; (ii) discontinue use of the Trademarks; (iii) discontinue statements from which it might be inferred that any relationship exists between Partner and Dispel; (iv) cease to advertise, market, promote, or solicit or procure orders for, the Products or Support Services; and (v) return the Confidential Information, the Documentation, and all related materials and copies to Dispel.

7.7 Sales to Permitted Government Customers.

If the parties have terminated or are in the process of terminating this Agreement pursuant to this Section 7 and, at such time, Partner is still actively involved in the bidding/sales process to a Permitted Government Customer due to a bid submitted prior to any notice of termination, then this Agreement shall continue to govern and remain in full force and effect only with respect to such outstanding bid/sales to such Permitted Government Customer and any resulting sales by Partner to such Permitted Government Customer. Partner shall be permitted to continue to support any such outstanding bids/sales to such Permitted Government Customer provided Partner is and remains in full compliance with this Agreement. Upon termination or conclusion of the outstanding bids/sales, then this Agreement shall terminate in accordance with this Section 7 unless otherwise agreed to by the parties in writing.

7.8 No Harm upon Termination.

Partner will not be entitled to and, to the fullest extent permitted by law, waives any statutorily prescribed or other compensation, reimbursement, or damages for loss of goodwill, clientele, prospective profits, investments, or anticipated sales, commitments, or business opportunities of any kind arising from the termination of this Agreement.

7.9 Survival of Terms.

The following sections will survive the expiration or termination of this Agreement: (a) Sections 1.7 (“Certain Restrictions.”), 2 (“Ownership.”), 5.7 (“Records and Audit Rights.”), 6 (“Warranty Disclaimer.”), 7 (“Term and Termination.”), 8 (“Relationship of the Parties.”), 9 (“Confidentiality.”), 10 (“Indemnification.”), 11 (“Limitation of Liability.”), 12 (“Miscellaneous.”), and 13 (“Definitions.”); and (b) any payment obligations of either party to the other party arising under this Agreement.

8. Relationship of the Parties.

8.1 Independent Contractors.

The relationship of Dispel and Partner is that of independent contractors. Nothing in this Agreement will create, or be construed to create, any partnership, joint venture, agency, franchise, sales representative, employment, or fiduciary relationship between the parties. Except as otherwise provided in this Agreement, neither party will have any right, power, or authority to act or create any obligation, express or implied, on behalf of the other party. Dispel is in no manner associated with or otherwise connected with the actual performance of this Agreement on the part of Partner, nor with Partner’s employment of other persons or incurring of other expenses.

8.2 Partner’s Employees.

It is understood that Partner is solely responsible for all of its employees and agents, its labor costs and expenses arising in connection therewith, and for any and all claims, liabilities, and damages or debts of any type whatsoever that may arise on account of Partner’s activities, or those of its employees or agents, in the performance of this Agreement.

8.3 Nonexclusive Relationship.

Subject to Section 3.3, nothing in this Agreement will be construed as limiting Dispel’s marketing or distribution activities or its appointment of other original equipment manufacturers, dealers, distributors, resellers, licensees, or agents of any kind in any place.

9. Confidentiality.

Partner will use the Confidential Information only for purposes of exercising its rights or performing its obligations under this Agreement. Partner will hold the Confidential Information in strict confidence and will use the same degree of care that Partner uses to protect its own like information, but in no event less than a reasonable degree of care, to protect the Confidential Information from unauthorized use or dissemination. Partner will not disclose the Confidential Information to third parties without the prior written consent of Dispel and will only disclose Confidential Information to Partner’s employees who require such Confidential Information in connection with the performance of this Agreement and who are bound in writing by confidentiality obligations no less restrictive than those set forth in this Section 9. Partner agrees that any breach of this Section 9 would cause irreparable harm to Dispel for which monetary damages would not be adequate and, therefore, Partner agrees that, if Partner or its employee breaches this Section 9, Dispel will be entitled to equitable relief in addition to any other remedies it may have hereunder or at law or in equity.

10. Indemnification.

Partner will defend (at Dispel’s option), indemnify, and hold harmless Dispel, its licensors, its affiliates, and each of its and their respective members, officers, directors, agents, and employees (collectively, the “Dispel Parties”) against damages, costs, liabilities, expenses (including reasonable attorneys’ fees) and settlement amounts incurred in connection with any suit, claim or action by any third party against a Dispel Party based on: (a) Partner’s modification, use, marketing, resale, or distribution of the Products not in strict accordance with this Agreement; (b) any warranty or representation made by Partner or Partner’s agents which differ from those provided by Dispel; (c) injuries or damage to persons or property caused or claimed to have been caused by the negligent acts, errors, or omissions of Partner or Partner’s agents while in the course of performing under this Agreement; (d) any breach of Section 12.1; or (e) the infringement or misappropriation, or alleged infringement or misappropriation, of any copyright, patent, trade secret, or other intellectual property right by Partner (except to the extent such infringement or misappropriation arises from the distribution or use of the Products in compliance with the terms and conditions of this Agreement and the Customer Terms of Service). For third party claims, Dispel shall have the right to control its defense and select its own legal counsel to represent its interest and that of the Dispel Parties and Partner shall reimburse Dispel for such legal costs and attorneys’ fees promptly upon request for reimbursement. Partner may not settle any such claim without Dispel’s prior, written consent.

11. Limitation of Liability.

11.1 Consequential Damages Waiver.

TO THE FULLEST EXTENT ALLOWED UNDER APPLICABLE LAW AND EXCEPT FOR ANY LIABILITY ARISING OUT OF BREACHES OF SECTIONS 1 OR 9 AND PARTNER’S PERFORMANCE OF ITS INDEMNITY OBLIGATIONS UNDER SECTION Error! Reference source not found., NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY OR ANY THIRD PARTY FOR ANY INDIRECT, SPECIAL, PUNITIVE, INCIDENTAL, CONSEQUENTIAL, OR OTHER INDIRECT DAMAGES, INCLUDING ANY DAMAGES RESULTING FROM LOSS OF USE, LOSS OF DATA, INADVERTENT DISCLOSURE OF DATA, LOSS OF PROFITS, LOSS OF REVENUE, OR LOSS OF BUSINESS, ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR THE PRODUCTS, NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY OF ANY KIND AND WHETHER OR NOT A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

11.2 Limitation of Liability.

TO THE FULLEST EXTENT ALLOWED UNDER APPLICABLE LAW, THE AGGREGATE LIABILITY OF DISPEL ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR THE SUBJECT MATTER HEREOF, UNDER ANY LEGAL THEORY (WHETHER IN CONTRACT, TORT, INDEMNITY, OR OTHERWISE), SHALL BE LIMITED TO THE AMOUNTS RECEIVED BY DISPEL FROM PARTNER UNDER THIS AGREEMENT DURING THE TWELVE (12) MONTH PERIOD PRIOR TO THE DATE THE CLAIM AROSE.

12. Miscellaneous.

12.1 Export Compliance.

Partner will comply with all applicable EU and local foreign trade laws including sanctions laws. The following applies to the extent that it does not violate EU laws, particularly Art. 5 of Council Regulation (EC) No 2271/96. Taking this into account: (i) This Agreement is subject to any export laws, regulations, orders, or other restrictions imposed by the U.S. government (including the Export Administration Regulations (“EAR”) maintained by the U.S. Department of Commerce, trade and economic sanctions maintained by the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”), and the International Traffic in Arms Regulations (“ITAR”) maintained by the U.S. Department of State) or by any other governmental entity on the Products or any related information; (ii) Partner represents, warrants, and covenants that it is: (a) not located in Cuba, Iran, North Korea, Sudan, or Syria; and (b) not a denied party as specified in the regulations listed above; (iii) Partner shall comply with all applicable export and re-export control laws and regulations, including the EAR, trade and economic sanctions maintained by OFAC, and the ITAR; (iv) Notwithstanding any other provision of this Agreement to the contrary, Partner will not import, export or re-export, sell, transfer, divert, or otherwise dispose of, directly or indirectly, the Products or related information to any country, other destination, or person to which such import, export, or re-export is restricted or prohibited, or as to which any such government or any agency thereof requires an export license or other governmental approval at the time of such import, export, or re-export without first obtaining such license or governmental approval.

12.2 Anti-Corruption Compliance.

This Agreement is subject to the U.S. Foreign Corrupt Practices Act (“FCPA”) and all other applicable anti-corruption laws. Prior to and during the term of this Agreement, Partner, on behalf of itself and its directors, officers, employees, reseller representatives, and agents, represents, warrants and covenants that it has complied and will comply with the FCPA and all other applicable anti-corruption laws. Partner will not take any action, or fail to take any action, that would result in Dispel violating any such laws. Partner agrees to execute the Anti-Corruption Certification of Compliance, a copy of which is attached hereto as Exhibit B, at the time of entering into this Agreement.

12.3 Insurance.

Partner will, at its own expense, maintain the following insurance coverage during the Term: (a) worker’s compensation insurance as required by applicable law; (b) employee’s liability insurance with minimum coverage of one million dollars ($1,000,000) per occurrence; (c) commercial general liability insurance covering bodily injury and property damage liability, including contractual liability, with minimum coverage of one million dollars ($1,000,000) per occurrence for bodily injury and property damage combined; and (d) professional liability insurance for errors and omissions with a minimum limit of one million dollars ($1,000,000) per claim. Nothing in this Agreement shall be deemed to preclude Partner from selecting a new insurance carrier or carriers or obtaining new or amended policies at any time, as long as the above insurance coverage is maintained. Partner will provide to Dispel copies of applicable certificates of insurance upon Dispel’s reasonable request.

12.4 Governing Law; Jurisdiction and Venue.

Notwithstanding the observation of non-negotiable rules and regulations, this Agreement is to be construed in accordance with and governed by the internal laws of the State of New York without giving effect to any choice of law rule that would cause the application of the laws of any jurisdiction other than the internal laws of the State of New York to the rights and duties of the parties. Any legal suit, action, or proceeding arising out of or relating to this Agreement shall be commenced exclusively in a federal or state court located in the City of New York, and each party hereto irrevocably submits to the exclusive jurisdiction and venue of any such court in any such suit, action, or proceeding.

12.5 Government Use.

Partner acknowledges that all of the Products were developed entirely at private expense and that no part of the Products was first produced in the performance of a U.S. Government contract. Partner agrees that all of the Products and any derivatives thereof are “commercial items” as defined in 48 C.F.R. § 2.101, and if Partner is a U.S. Government agency or instrumentality or if Partner is providing all or any part of the Products or any derivatives thereof to the U.S. Government, such use, duplication, reproduction, release, modification, disclosure, or transfer of this commercial product and data is restricted in accordance with 48 C.F.R. § 12.211, 48 C.F.R. § 12.212, 48 C.F.R. § 227.7102-2 and 48 C.F.R. § 227.7202, as applicable. Consistent with 48 C.F.R. § 12.211, 48 C.F.R. § 12.212, 48 C.F.R. §§ 227.7102-1 through 227.7102-, and 48 C.F.R. §§ 227.7202-1 through 227.7202-4, as applicable, the Products are licensed to U.S. Government end users (a) only as commercial items and (b) with only those rights as are granted to all other users pursuant to this Agreement and any related agreement(s), as applicable. Accordingly, (x) Partner will have no rights in the Products except as expressly agreed to in writing by Partner and Dispel; (y) the Products may not be sold, sublicensed, or otherwise transferred by Partner to any person, company, or institution whatsoever other than as expressly permitted in this Agreement or as Dispel and Partner may otherwise agree in writing; and (z) Partner shall not remove or alter any proprietary markings on the Products. Because the Products are commercial items, Dispel and Partner agree that (1) only those mandatory Federal Acquisition Regulation (“FAR”) and FAR Supplement clauses made expressly applicable to commercial item agreements by applicable FAR and FAR Supplement prescription clause provisions and that are expressly agreed upon in writing by Dispel shall be flowed-down to Dispel and incorporated into this Agreement or any related purchase order involving shipment of the Products; (2) Dispel shall not be required to comply with the cost accounting standards or contract cost principles; and (3) nothing in this Agreement or any Order or other related purchase order involving shipment of the Products gives Partner any right to audit Dispel’s books and records.

12.6 Assignment.

This Agreement may not be assigned, in whole or part, whether voluntarily, by operation of law, or otherwise, by Partner without the prior written consent of Dispel. Subject to the preceding sentence, the rights and liabilities of the parties hereto shall bind, and inure to the benefit of, their respective assignees and successors. Any attempted assignment other than in accordance with this Section 12.6 shall be null and void.

12.7 Waiver.

The waiver by either party of a breach of or a default under any provision of this Agreement shall be in writing and shall not be construed as a waiver of any subsequent breach of or default under the same or any other provision of this Agreement, nor shall any delay or omission on the part of either party to exercise or avail itself of any right or remedy that it has or may have hereunder operate as a waiver of any right or remedy.

12.8 Attorneys’ Fees.

If any legal action, including an action for injunctive relief, is brought relating to this Agreement or the breach hereof, the prevailing party in any final judgment or arbitration award, or the non-dismissing party in the event of a dismissal without prejudice, shall be entitled to the full amount of all reasonable expenses, including all court costs and actual attorneys’ fees paid or incurred in good faith.

12.9 Severability.

If the application of any provision of this Agreement to any particular facts or circumstances is held invalid or unenforceable by a court of competent jurisdiction, then: (a) the validity and enforceability of such provision as applied to any other particular facts or circumstances and the validity of the other provisions of this Agreement will not in any way be affected or impaired thereby; and (b) such provision will be enforced to the maximum extent possible so as to effect the intent of the parties and reformed without further action by the parties to the extent necessary to make such provision valid and enforceable.

12.10 Force Majeure.

Except for the payment of amounts due under this Agreement, neither party will be liable for any delay or failure to perform to the extent due acts of God, pandemic, earthquake, fire, flood, embargoes, utility or power outages, riots, war, and acts of civil and military authorities and other similar occurrences outside of a party’s reasonable control; provided, however, that such party gives the other party prompt written notice of the delay or failure and the reason for the delay or failure, and uses its reasonable efforts to limit the resulting delay or failure (“Force Majeure Event”). If a party is unable to perform its obligations under this Agreement as a result of a Force Majeure Event for more than thirty (30) consecutive days, the other party may terminate this Agreement upon written notice

12.11 Construction.

The captions and section and paragraph headings used in this Agreement are inserted for convenience only and shall not affect the meaning or interpretation of this Agreement. The words “include” and “including” shall not be construed as terms of limitation and shall therefore mean “including but not limited to” and “including without limitation.”

12.12 Notices.

Any notice, request, demand, or other communication required or permitted hereunder shall be in writing, shall reference this Agreement and shall be deemed to be properly given: (a) when delivered personally; (b) seven (7) days after having been sent by registered or certified mail, return receipt requested, postage prepaid; (c) two (2) business days after deposit with a private industry express courier, with written confirmation of receipt; or (d) when transmitted by email if sent before 5:00 P.M. local time on a business day in the time zone to which it is sent, and otherwise on the next business day. All notices shall be sent to:

If partner: the address set forth in the Partner Portal if to Partner

If Dispel: Dispel, Attn: Legal, 61 Greenpoint Ave, Suite 634, Brooklyn NY 11222 USA

or an email address designated by the receiving party and to the notice of the person executing this Agreement (or to such other (email) address or person as may be designated by a party by giving written notice to the other party pursuant to this Section 12.12).

12.13 Counterparts; Headings.

This Agreement may be executed in two or more counterparts, each of which will be deemed an original and all of which together will constitute one and the same instrument. The headings contained herein are for convenience of reference only and will not be considered as substantive parts of this Agreement.

12.14 Entire Agreement.

This Agreement (including this document and the exhibits to this Agreement, which are incorporated by reference) constitutes the entire agreement between the parties with respect to the subject matter of this Agreement and supersedes all prior agreements, oral or written, regarding such subject matter. This Agreement may be updated from time to time at Dispel's sole discretion, and Partner's continued use of the Partner Portal constitute consent to these changes.

However, to the extent of any conflict or inconsistency between the provisions in this Agreement and any other documents or pages referenced in these Agreements, the following order of precedence will apply: (1) the terms of the separately signed Partner Program Agreement (if any), (2) the terms of this Agreement, and (3) finally, any other documents or pages referenced in the Terms.

In the event a One-Time Agreement ("OTA") is executed between Dispel and the Partner, then the terms of that OTA shall apply and not this Agreement for the deal that OTA covers.

Notwithstanding any language to the contrary therein, no terms or conditions stated in a customer purchase order, vendor onboarding process or web portal, or any other customer order documentation will be incorporated into or form any part of this Agreement, and all such terms or conditions will be null and void.

12.15 Use of Other Party’s Name and Logo.

Subject to Section 8.1, each party shall be entitled to use the other party’s name and logo in its marketing materials and on its website in a manner designated by the other party. A party that intends to use the other party’s name and logo pursuant to this Section 12.15 shall give notice to the other party describing how such name and logo will be used, and the other party shall be given an opportunity to propose alterations before such name and logo are used. Dispel gives notice that it will use the partner logo on our website in a list of other partners.

13. Definitions.

13.1 “Add-Ons”

means separately licensed hardware or software components used in conjunction with the Dispel Remote Access Services

13.2 “Confidential Information”

means the confidential or proprietary information of Dispel or its affiliates (whether or not marked or identified as confidential or proprietary), including the Pricing Guidelines, inventions (whether or not patentable), trade secrets, ideas, know-how, techniques, processes, formulas, algorithms, schematics, research, development, software design and architecture, testing procedures, design and functional specifications, problem reports and performance information, training materials, marketing materials, marketing and financial plans and data, and the terms and conditions of this Agreement. Confidential Information does not include information (other than personal data) that: (a) is or becomes publicly known through no fault of Partner; (b) is known by or in the possession of Partner prior to its receipt from Dispel as evidenced by Partner’s written records; or (c) is lawfully obtained from a third party that has no obligation of confidentiality with respect to the information.

13.3 “Customer”

means an individual or entity that purchases from Partner Remote Access Services. For the avoidance of doubt, Customer does not include any intermediaries or sublicensees pursuant to Section 1.6 involved in the sales process who are not users of the Products.

13.4 “Customer Terms of Service”

13.5 “Derivative Work”

means a new or modified work that is based on or derived from a preexisting work, including, without limitation, a work that, in the absence of a license, would infringe the copyright in such preexisting work or that uses trade secrets or other proprietary information with respect to such preexisting work.

13.6 “Dispel Direct Competitor”

means an individual or entity that sells, produces, or otherwise provides access to software defined networks, communications networks and services in virtual private clouds utilizing virtual private network technology, ‘moving target defense’ networks, or remote access products.

13.7 “Documentation”

means Dispel’s current online help resources, guides, and manuals provided by Dispel for use with the Remote Access Services.

13.8 Remote Access Services”

means (a) the provision of access and use of networked infrastructures set up by Dispel on behalf of Customer for the purposes of secure remote access; (b) any web services provided to the Customer by Dispel for account management; (c) Dispel software applications (including any object code or executable files), including any related materials and documentation therefor; and any modifications, error corrections, bug fixes, new releases, enhanced functionality, or other updates thereto that may be provided hereunder by Dispel; and (d) any Add-Ons, as applicable.

13.9 “Support Services”

means Support Tier One and Support Tier Three, together with any additional support services authorized by Dispel and purchased by Customer pursuant to Order Documentation.

13.10 “Support Tier One”

means initial configuration of the Dispel Remote Access Services, assistance with basic administrative functions, diagnosis, and correction of errors.

13.11 “Support Tier Three”

means the creation of custom deployments and assistance with systems engineering requests.

13.12 “Government Customer”

means a specified agency, department, division, branch, or instrumentality of the national and/or federal Government or other national governments of other countries, international agencies of which the national and/or federal Government or another national government is or becomes a member, and any other national and/or federal Government or national government entity authorized to purchase off of government contracts on behalf of the national and/or federal Government or a national government of another country, in each case who purchases directly or indirectly from the Partner Remote Access Services.

13.13 “Local Government Customer”

means a specified agency, department, division, branch, or instrumentality of a local government of the United States or other countries, national agencies of which such local government is or becomes a member, and any other local entity authorized to purchase off of government contracts on behalf of such local government, in each case who purchases directly or indirectly from Partner Remote Access Services.

Exhibit B Anti-Corruption Certification of Compliance

For the purposes of this Anti-Corruption Certification of Compliance:

1. “Anything of value” is defined broadly to include monetary and non-monetary payments, such as e.g. cash, a loan, gifts, travel, entertainment, or services.

2. “Dispel” means Dispel, LLC or Dispel Global, Inc (as specified in the table in Exhibit A).

3. “Government Official” means any officer, employee, or agent of (i) any government, at any level (national, state, provincial, or local) and any branch (executive, legislative, or judicial), (ii) any state-owned or state-controlled enterprise, (iii) any public international organization, or (iv) any political party, including a candidate for political office or political party official.

4. “Partner” means the authorized reseller of Dispel’s software and services.

Partner, on behalf of itself and each of its directors, officers, employees, reseller representatives, and agents, hereby certifies that:

a) Partner has complied and will comply with the U.S. Foreign Corrupt Practices Act, the UK Bribery Act 2010, and all other applicable anti-corruption laws.

b) Partner has not requested, accepted, offered, or given, and will not request, accept, offer, or give, directly or indirectly, any bribe, kickback, or other improper or illegal payment of anything of value to any person in connection with the Agreement.

c) Partner has not corruptly taken any action in furtherance of an offer, payment, promise to pay, or authorization of the payment of anything of value, directly or indirectly, to a Government Official or any person for the purpose of:

i. Obtaining or retaining business;

ii. Influencing any act or decision of a Government Official or any person in his or her official capacity;

iii. Inducing the Government Official or any person to do or omit to do any act in violation of his or her lawful duty;

iv. Securing any improper advantage; or

v. Inducing any Government Official or any person to use his or her position improperly to affect any act or decision of a government or government agency, department, or instrumentality.

d) Partner is not aware of (i) any request made by any person, including any Government Official, for any payment of money or anything of value prohibited by provision b. or c. of this Certification; or (ii) any other individual or company making, offering, paying, promising, or authorizing any payment of money or anything of value prohibited by provision b. or c. of this Certification in connection with the reseller agreement between Partner and Dispel.

e) Partner will immediately advise Dispel by e-mail at legal@dispel.io or in writing, at 61 Greenpoint Ave, 6th Floor, Brooklyn, NY 11222, if it fails to comply with the provisions of this Certification or otherwise becomes aware of any changes to these representations and covenants.

Dispel prioritizes quality, customer focus, and integrity. We are committed to delivering top-quality products and services to our customers on time and as promised, while adhering to a strong compliance and integrity program. Our goal is to consistently meet or exceed customer expectations.

Achieving this depends on the cooperation of our suppliers and sub-processors. In practice, this requires our vendors to adhere to our standards and demonstrate a commitment to continuous, sustainable improvement with full transparency.

Fundamentals of working with Dispel

Working with best-in-class suppliers is essential for our success. This section outlines our requirements and expectations of doing business with Dispel as well as the many programs we have in place to ensure the development of a sustainable, high-quality supply chain.

This document outlines minimum cyber security requirements applicable to Dispel Suppliers that:

1. process, access, interact with, or store Dispel Information, Personally Identifiable Information (PII), or

2. have access to Dispel Information Systems, or

3. supply Software-Related Products[1] and/or services to Dispel pursuant to the respective contract referencing this document.

The Supplier is responsible to take all the necessary measures and steps to comply with the requirements listed in this document.

Dispel reserves the right to ask for documentation and evidence, as well as to perform or order a compliance audit, to determine whether the listed requirements are fulfilled.

The Supplier shall ensure that all sub-suppliers, sub-processors, or sub-contracting relationships or external dependencies that provide services or supply Software-Related Products that are part of supplied products to Dispel or provide services related to the development of supplied products to Dispel (e.g., code implementation or testing) comply with the requirements listed in this document or with equivalent requirements to the ones listed in this document.

Notwithstanding the foregoing, the Supplier shall be fully responsible for all acts and omissions of its sub-suppliers, sub-processors, or sub-contracting relationships or external dependencies as if they were Supplier's acts or omissions.

Dispel reserves the right to update this document from time to time and any such modification or amendment will be applicable from the date of the respective modification or amendment as indicated in the new release of this document which shall, however, not be earlier than the actual release date.

This document contains the terms “including,” “include,” “in particular,” “such as,” or similar expressions. They shall be construed as illustrative and shall not limit the sense of the words preceding those terms. The term ‘Third-Party’ used in this document refers to any entity that is providing goods, services, products, and/or Software-Related Products to Dispel pursuant to the contract referencing this document or any contractor, agent or third party who provides hardware, software, goods, or services to Dispel or any of its entities.

1. IT Security Requirements

1.1. Cyber security & Privacy Governance

To comply with Dispel’s cyber security and privacy policies and standards, the Supplier shall implement and maintain a comprehensive cyber security and privacy program. The Supplier shall define roles and responsibilities by assigning qualified individuals and resources to manage and coordinate the program. The Supplier shall have measures to monitor and report on the program’s effectiveness and provide ongoing education and training to align with industry best practices in cyber security and privacy.

1.2. Risk Management

The Supplier shall implement and maintain a risk management process to identify, assess, and manage information security risks. This process shall include regular risk assessments and the prioritization of resources to address identified risks. The Supplier shall maintain a risk register to document key risk factors, including organizational risk tolerance. Additionally, the Supplier shall have a program to manage risks associated with third-party software, artificial intelligence, and autonomous technologies.

1.3. Third-Party Management

The Supplier shall implement and maintain a third-party risk management process to effectively oversee and manage risks associated with third-party providers. This process shall ensure the identification, assessment, and mitigation of risks, as well as the regular review and adjustment of third-party relationships to align with organizational security requirements.

1.4. Information Assurance

The Supplier shall implement and maintain processes for assessing cyber security and privacy controls in systems, applications, and services. The Supplier shall conduct regular assessments, including third-party evaluations, to ensure that the controls are implemented effectively. For Suppliers hosting Dispel data, SOC 2 Type II certification or an equivalent attestation is required to demonstrate compliance and security assurance.

1.5. Incident Response

The Supplier shall implement and maintain a documented cyber security incident management program to ensure an organization-wide capability for handling cyber security and privacy related incidents. This program shall cover preparation, automated detection, reporting, analysis, containment, eradication, and recovery. The incident response plan shall be made available to Dispel and shall be regularly reviewed and modified to incorporate lessons learned, business process changes, and industry developments, as necessary. Processes shall exist to monitor and report incidents both internally to the organization and externally to regulatory authorities, Dispel, and affected parties, as necessary. An integrated team of cyber security, IT, & business function representatives capable of addressing incident response shall be established.

Incident Response controls shall cover, but not be limited to, the following areas:

• Training personnel in their incident response roles and responsibilities.

• Evaluate incident response capabilities to determine their operational effectiveness.

• Performing forensics and preserving the integrity of chain of custody in line with applicable laws and regulations.

• Providing incident information to the product/service providers and other supply chain partners.

• Implementing and governing an insider threat response capability.

• Responding to sensitive information spills and formally assigning roles and responsibilities for managing such incidents.

• Incorporating lessons learned by analyzing incidents to reduce future impact.

The Supplier shall notify Dispel (business/engagement manager and Dispel CSIRT at security@dispel.com) promptly, in accordance with any applicable law or regulation and in any event within 72 hours after discovery of any security incidents or threats relating to the Services and/or Dispel material, data, or information. Identified remedial actions following an incident shall be documented in a remediation plan, including action items, ownership, and delivery dates, and shall be shared with Dispel. Remedial action shall be executed in a timely manner.

1.6. Asset Management

The Supplier shall implement and maintain an asset management program to oversee and control organizational assets. This program shall ensure accurate tracking and accountability for assets throughout their lifecycle, maintaining documentation and regular review. It shall also include measures to secure and manage asset information and ensure compliance with organizational standards and audit requirements. Cyber security and privacy controls must be applied to all assets by identifying, assigning, and documenting asset scope, categorization, and control applicability boundaries. Assets shall be securely disposed of, destroyed, or repurposed to prevent information recovery. All organizational assets must be returned upon termination of employment or contract. Regular inspections of critical assets shall be conducted to detect and prevent tampering. Asset inventories must be reviewed regularly and be available for audit by designated officials.

1.7. Data Classification

The Supplier shall implement and maintain a data classification and handling process to ensure that systems, applications, and services are classified according to the highest level of data sensitivity that is stored, transmitted, and/or processed. Physical and logical controls shall be implemented to securely store digital and non-digital data and/or media using Supplier-defined security measures until they are destroyed or sanitized. Data handling requirements shall guide the management, processing, storage, transmission, and protection of data to ensure its confidentiality, integrity, and availability. Data classification controls shall cover, but not be limited to, the following areas:

• Identifying and documenting the location of information and its residing system.

• Protecting and controlling media during transport.

• Securely disposing media when it is no longer required, using formal procedures.

• Sanitizing media according to data sensitivity before disposal.

• Data flow diagrams to capture data flows for applications, infrastructure, and third-party sharing.

• Guidance for securely sharing information between systems.

• Data retention shall comply with regulatory and contractual obligations.

1.8. Human Resources Security

The Supplier shall implement and maintain a comprehensive human resources security program to protect organizational assets and data. This program shall cover cyber security responsibilities, conduct screening (as permitted by regional regulations), and establish clear guidelines for acceptable technology use, including consequences for violations. Employees shall receive role-based training to maintain compliance with security standards, and third-party personnel security shall be managed through regular reviews and monitoring of their cyber security and privacy roles and responsibilities. Internal and third-party users shall sign appropriate access agreements, such as Non-Disclosure Agreements (NDAs), before being granted access.

1.9. Security Awareness & Training

The Supplier shall provide cyber security and privacy awareness training to all employees and contractors relevant to their job functions. This training shall occur before authorizing system access, during system changes, and annually thereafter. All training activities shall be documented, maintained, and regularly updated.

1.10. Change Management

The Supplier shall implement a change management process to oversee and control modifications to organizational assets. This process shall ensure that changes are authorized, reviewed by relevant stakeholders, and communicated to all affected parties, with the aim of minimizing risk and maintaining system integrity.

1.11. Security Operations

The Supplier shall ensure continuous protection of systems, applications, and data to maintain the organization's security posture. A security operations center or an equivalent continuous monitoring shall be established to maintain vigilance over the organization’s networks, systems, and applications thereby ensuring a proactive defense posture against cyber threats.

1.12. Threat Management

The Supplier shall implement and maintain a threat intelligence program with cross-organization information-sharing capability to influence development of security architectures and selection of security solutions. Utilizing threat intelligence feeds to stay aware of evolving threats, the Supplier shall leverage attacker tactics and procedures for implementation of preventative controls. An insider threat program shall be established to report potential threats and promote awareness. Cyber threat hunting using indicators of compromise shall be conducted to detect and disrupt advanced threats. The Supplier shall implement measures to detect and trace data exfiltration activities, ensuring the identification of unauthorized access or individuals involved.

1.13. Vulnerability & Patch Management

The Supplier shall implement and maintain a vulnerability management program to identify, analyze, prioritize, and address security vulnerabilities. This program shall ensure continuous detection, monitoring, timely response to identified vulnerabilities, and effective mitigation strategies. Vulnerability management controls shall cover, but not be limited to, the following areas:

• Patching for all operating systems, applications, end-user software, middleware, network devices, firmware etc.

• Centrally manage and track remediation of vulnerabilities based on defined timelines.

• Compare the results of vulnerability assessment reports over time to determine trends in system vulnerabilities.

1.14. Network Security

The Supplier shall implement measures to ensure the integrity and confidentiality of network communications or information transmitted across network interfaces by monitoring and controlling communications at boundaries, restricting untrusted connections, and protecting data flows.

Measures shall exist to uniquely identify and authenticate source and destination points for information transfer. Data protection measures shall be implemented to protect sensitive Dispel information.

Techniques such as network segmentation, intrusion/detection systems, and secure transmission channels shall be employed to minimize risks. The Supplier shall protect data over open networks, define secure remote access methods, and control third-party access. Secure wireless access and continuous monitoring shall be implemented to prevent unauthorized connections.

1.15. Continuous Monitoring

The Supplier shall ensure continuous oversight of security events and effective incident response through comprehensive enterprise-wide monitoring. Enhanced activity monitoring shall be implemented for high-risk individuals. The Supplier shall utilize tools to support the centralized collection and correlation of security-related event logs across the enterprise. Measures shall exist to integrate the analysis of event logs with other sources to enhance the ability to identify inappropriate or unusual activity. Measures shall provide event log report generation capabilities to aid in detecting and assessing anomalous activities. Trend analysis and reporting shall aid in refining security controls. The Supplier shall utilize non-repudiation measures to ensure the origin, authenticity, and integrity of information. Cross-organizational log sharing and monitoring third-party activities shall be established to help identify and mitigate potential security incidents effectively.

1.16. Configuration Management

The Supplier shall implement and maintain secure baseline configurations for technology platforms, aligned with industry standards. This process shall require that systems be configured to minimize security risks, provide only essential functionality, and are regularly reviewed and updated to prevent unauthorized modifications. Governance and reporting measures for baseline configuration management shall exist including a method to determine deviations from defined baselines. Controls shall be implemented to prevent information leakage, prevent unauthorized software installations, and enforce software restrictions to comply with applicable contracts, copyright laws, and the secure use of open-source software.

1.17. Security Engineering & Architecture

The Supplier shall develop an enterprise architecture, aligned with industry standards or leading practices, with consideration for cyber security and privacy principles that addresses risk to organizational operations, assets, individuals, other organizations. Industry recognized cyber security and privacy practices shall be implemented in the specification, design, development, implementation, and modification of systems and services. Safeguards shall be in place to prevent unauthorized and unintended information transfer via shared system resources. A diverse set of technologies shall be utilized to mitigate the impact of vulnerabilities from the same original equipment manufacturer (OEM). The Supplier shall consider the adoption of deception security controls. Time synchronization technology shall be utilized to synchronize time across all systems. Additionally, the Supplier shall develop and maintain a network architecture diagram to illustrate the network architecture, including configuration, interconnections, and security controls, ensuring it is kept up-to-date and reflective of the current state.

1.18. Endpoint Security

The Supplier shall protect the confidentiality, integrity, and availability of endpoint devices by ensuring they are secure from unauthorized access and potential threats. Controls shall prohibit software installations without explicitly assigned privileges. The Supplier shall maintain system stability and consistently apply security measures across all endpoint devices. Anti-malware technologies shall be used and regularly updated, with central management to combat evolving threats. Protections against phishing and spam shall also be centrally managed to detect and minimize risks from malicious code.

1.19. Cryptographic Protections

The Supplier shall implement and maintain cryptographic measures to protect data at rest and during transmission to ensure confidentiality and integrity. Secure authentication and encryption techniques shall be used for wireless access.

1.20. Identification & Authentication

The Supplier shall implement and maintain identification and access management controls to uniquely identify, authenticate, and audit users, devices, and services. Access rights shall be reviewed based on defined frequency and revoked promptly upon termination of employment. Measures shall be in place to proactively govern account management of individual, group, system, service, application, guest, and temporary accounts. Multi-factor authentication shall be required for critical systems and remote access. Vendor supplied default credentials shall be changed during installation. Measures shall exist to federate credentials to allow cross-organization authentication of individuals and devices.

1.21. Mobile Device Management

The Supplier shall implement and maintain mobile device management (MDM) controls. Measures shall be implemented to protect mobile devices from tampering and capability to remotely wipe devices shall be enabled to prevent unauthorized access to organizational data.

1.22. Physical and Environmental Security

The Supplier shall implement and maintain physical access controls to authorize access to facilities based on individual roles and responsibilities. The Supplier shall identify, authorize, and monitor visitors before allowing access to the facility. Asset location and movement within organization defined controlled areas shall be tracked and monitored. Additionally, the Supplier shall designate secure areas to safeguard sensitive information and assets and implement measures to detect and respond to physical security incidents. Power and telecommunications cabling carrying data or supporting information services shall remain protected always from interception, interference, or damage. Technical, operational, and management controls shall be implemented at alternate work sites (e.g., disaster recovery sites, business continuity locations etc.).

1.23. Privacy

The Supplier shall implement and maintain a comprehensive privacy program to protect personal data (PD). A Privacy Officer (PO) or similar position being responsible for privacy compliance shall be appointed to oversee privacy practices. Information about privacy-related activities shall be accessible to the public and privacy notices shall be clear and readily available. The scope of personal data processing activities, including geographic locations and third-party recipients that process personal data, shall be defined. Personal data shall be retained only as long as necessary (or for the duration of the agreement with Dispel, whichever is earlier) and securely disposed. The use of personal data for internal purposes shall be minimized and authorized. Individuals shall have access to a defined process for appealing adverse decisions and correcting incorrect information to ensure fairness and accuracy. Personal data shall be shared with third parties only for specified purposes and with the general written authorization of the customer consent. Privacy testing, training, and monitoring activities shall be conducted regularly. The quality and integrity of personal data shall be ensured, and records of data disclosures shall be maintained and made available upon request to Dispel.

1.24. Artificial & Autonomous Technologies

The Supplier shall maintain an inventory of all artificial intelligence (AI) and autonomous technologies (AAT) including third-party components. The Supplier shall assess and map the risks and benefits of these technologies to manage potential impacts. Additionally, the Supplier shall identify data sources for AI and AAT to prevent third-party intellectual property (IP) rights infringement and ensure compliance. Supplier shall not use any Dispel data with AI without Dispel’s express written consent.

1.25. Business Continuity & Disaster Recovery

The Supplier shall implement and maintain a business continuity and disaster recovery program to ensure service resilience through coordination with internal and external parties. Critical systems and applications supporting essential missions and business functions shall be clearly identified. Measures shall be in place to adequately train contingency personnel and stakeholders in their roles and responsibilities. Contingency plans shall be regularly evaluated, updated, and informed by root cause analysis and lessons learned. Procedures shall ensure the availability and integrity of data to meet recovery time and point objectives (RTO/RPO). Recovery operations at alternate sites shall align with these objectives. Telecommunication service providers shall be required to have contingency plans to avoid single points of failure.

1.26. Maintenance

The Supplier shall implement and maintain processes to perform controlled maintenance activities throughout the lifecycle of a system, application, or service. Processes shall be defined to ensure maintenance support for systems meet the defined recovery time objective. Checks shall be in place to validate if media containing diagnostic and test programs are verified for malicious content before usage. Measures exist to review remote maintenance/diagnostic sessions and to validate if systems performing remote maintenance/diagnostics have a security capability like the system being serviced. A current list of authorized maintenance personnel shall be maintained and reviewed as per defined timelines. Physical security of technology assets awaiting service or repair shall be maintained.

1.27. Compliance

The Supplier shall ensure compliance with relevant statutory, regulatory, and contractual requirements. Instances of non-compliance with relevant statutory, regulatory, or contractual requirements incidents shall be documented and addressed. Oversight of cyber security and privacy controls shall be reported to executive leadership. An internal audit function shall exist to provide insights around the effectiveness of the organization's technology and information governance processes. Audits shall be planned with minimal impact on business operations. Legal assessments shall determine the validity of government data requests and notify the Customer of investigation requests when permissible. Access for investigations shall be restricted to the least privileges necessary.

1.27. Capacity & Performance Planning

The Supplier shall implement measures to manage resource utilization of systems and to ensure sufficient capacity for information processing and support during contingency operations.

1.28. Technology Development & Acquisition

The Supplier shall integrate security into all phases of software development, aligning with industry standards. Development, testing, and production environments shall be kept separate to reduce risks of unauthorized access or changes or impact to production environments. Unsupported or end-of-life systems shall be replaced, or their continued use shall be justified and documented.

2. Product Security Requirements

This section states additional minimum cyber security requirements that shall be fulfilled for any Software-Related Product that is supplied to Dispel pursuant to the respective contract referencing this document (hereinafter referred to as “Product”).

2.1. Secure Development Lifecycle

The Supplier shall establish, document, and implement initiatives in line with commonly accepted industry standards and practices to build security into the software development process of the Product. Such initiatives shall build security within all phases of the development lifecycle, e.g., training, requirement, design, implementation, verification, release, and response.

2.2. Security Quality

The Supplier shall take measures to improve the security quality of the Product. These measures shall follow commonly accepted industry standards and practices and shall include, where technically feasible:

• Robustness testing, including fuzzing and flooding.

• Vulnerability scanning for known vulnerabilities and exploits.

• Security testing, including static code analysis or binary code analysis.

2.3. Backdoor Accounts and Hardcoded Credentials

The Product shall not have any accounts, passwords, or private/secret keys that cannot be changed, disabled, or removed by the authorized end user of the Product. The Product shall not have any accounts (individual, shared, debug, etc.,) that are not documented (this does not imply that the associated access credentials must be disclosed).

2.4. Cryptographic Tools and Security Functionalities

Any cryptographic tool and security functionality implemented or used in the Product shall follow commonly accepted security industry recommendations and guidelines (e.g., as recommended by NIST or defined in international standards). This includes, for example:

• Cryptographic algorithms to hash, encrypt, or sign data for storage or transmission.

• Protocols and procedures to support cryptographic algorithms (e.g., to exchange certificates, to establish keys, or to generate random numbers).

• Functionality to authenticate end users or for access control.

Any cryptographic tool or security functionality implemented or used in the Product that does not follow commonly accepted security industry recommendations and guidelines shall be documented and communicated to Dispel. Such documentation shall include, at least, its origin (e.g., proprietary tool), its reference documentation (e.g., academic publication), its functionality (e.g., encryption), its main security-related features, characteristics, and parameters (e.g., used ECC curve), as well as in which context or part of the Product it is used (e.g., user authentication).

2.5. Protection from Malware Propagation

The Supplier shall proactively take measures to prevent malware from being propagated. These measures shall follow commonly accepted industry standards and practices and shall include successfully scanning software deliverables (including their storage media, e.g., CDs, hard disks, or flash cards) with different suitable and up-to-date antivirus solutions before delivery.

2.6. Handling of Digital Certificates

If digital certificates are used in the development of the Product (e.g., to sign code or as a root to derive product-specific certificates), they shall be protected and handled according to commonly accepted industry standards and practices.

2.7. Product Documentation

The documentation provided with the Product shall include:

• All user and system accounts in the Product with a recommendation to change at least the access credentials.

• Description of all ports, services, and software needed to support any functionality in the Product, as well as how these ports, services, and software can be configured and, when applicable, how these can be disabled, blocked, or uninstalled.

• Information on proper configuration and usage of cyber security related functionalities in the Product.

• Specific instructions on how to configure the security controls provided by the Product (e.g., RBAC, security logging, or secure communication), as well as security controls provided in addition to the Product (e.g., antivirus, whitelisting, or security monitoring).

• A recommendation for at least one malware prevention solution to be used during the operation of the Product, if such a solution exists. The recommendation shall include the specific version of the malware prevention solution, as well as a description of the performed testing and validation by the Supplier.

2.8. Vulnerability Handling

The Supplier shall establish, document, and implement a process to react to vulnerabilities and security issues associated with the Product. The process shall follow commonly accepted industry standards and practices and shall include procedures and interfaces to:

1. Enable Dispel to submit vulnerability reports.

   1. The Supplier shall provide Dispel with all necessary information on how Dispel can report found vulnerabilities.

2. Acknowledge the receipt of a vulnerability report submitted by Dispel within two business days or such shorter term as reasonably requested by Dispel from the report submission.

3. For vulnerabilities where Dispel is the original finder, submit information to Dispel on the result of the vulnerability verification within seven business days or such shorter term as reasonably requested by Dispel from the acknowledgment of a vulnerability submission by Dispel.

   1. The Supplier shall provide information on the vulnerability validity and severity, the list of potentially affected Products and their versions, as available at that time, and whenever possible, information on how to verify the existence of the vulnerability in its Products.

   2. The Supplier shall also provide an estimate regarding the timeframe for the remediation release, as well as possible workarounds while the remediation solution is defined and implemented.

4. Share vulnerability remediation and advisory reports.

   1. The Supplier shall provide Dispel with information on how vulnerability remediation and advisory reports related to any submitted vulnerability by Dispel or any other entity are shared with Dispel.

   2. The advisory report shall include the description of the vulnerability, information about the remediation and workarounds, the list of affected systems and products, the vulnerability impact (threats, exploits, and severity rating), and related references (e.g., to related vulnerabilities).

   3. If the Product is included in the build or installation package of any Dispel product (e.g., such as libraries or an embedded OS), the Supplier shall have a means to release the vulnerability remediation and the advisory report to Dispel prior to public disclosure.

In addition, the Supplier shall take all actions as reasonably requested by Dispel in case of a vulnerability or other security issue associated with the Product.

2.9. Patch Management

The Supplier shall establish, document, and implement a strategy and process to deal with third-party software security updates and patches relevant to the Product.

Relevant third-party software shall at least include:

1. Type A: Any third-party software that is included in the build or installation package of the Product (e.g., third-party libraries or embedded OS).

2. Type B: Any third-party software on which the Product depends or that is typically used in the deployment of the Product without being an integrated part of it (e.g., MS Windows, MS Office, Java Runtime Environment, or Acrobat Reader).

The strategy and process for third-party software of type A (as specified above) shall at least include:

• Monitoring for security updates and patches to all relevant third-party software.

The strategy and process for third-party software of type B (as specified above) shall at least include:

• Maintaining a list of all relevant third-party software dependencies.

• Recommended general approach for application of security updates and patches for each of the listed third-party software dependencies.

• As reasonably requested by Dispel, for security updates and patches deemed applicable:

  • Validation of third-party software updates and patches.

  • Communication to Dispel of the validation results and the taken/planned actions to resolve validation issues.

  • At Dispel’s discretion, Dispel can perform the validation of the Product’s third-party software updates and patches. In such circumstances, the Supplier shall first inform Dispel of any Product’s third-party software update or patch and then support Dispel during the validation and to resolve validation issues.

2.10. Software Integrity and Authenticity

The Supplier shall provide Dispel with the capability to verify the integrity and authenticity, e.g., through digital signatures, of software deliverables associated with the Product, at least, by packaging any software delivered to Dispel in a way to allow Dispel to verify the integrity and authenticity of such package. Where technically feasible, all relevant files of the software deliverable shall be digitally signed.

2.11. Data Collection

While the Supplier’s rights, if any, with regard to collection, processing, and use of data are covered in separate documents, the Supplier shall in any case document, and make available to Dispel such documentation, any data collection activity performed by the Product, detailing which data are collected and the related functionality and/or purpose, as well as if, where, and how these data are stored, used, processed, and transmitted.

2.12. Vulnerability Assessment

Dispel reserves the right to perform an assessment on the security of the Product to identify potential vulnerabilities.

[1] A “Software-Related Product” is defined as a product or system, including all versions and updates, that (i) uses any type of software, (ii) is partly based on any type of software, or (iii) is in itself a type of software. Here, software shall be considered in its broadest sense and includes for instance firmware, drivers, applications, etc.

This document defines the support structure and relationship between Dispel, our partners, and partner customers using the Dispel Zero Trust Engine and our other products (for brevity we use the term "Dispel Zero Trust Engine" and "Dispel Engine" in this document to encompass all technology Dispel makes available to partners). It establishes who is responsible for what, how to categorize the severity of customer issues, standard resolution process flows for common customer FAQs and issues, and when to escalate cases to Dispel.

When does Partner Support Enablement apply?

Resellers and distributors—e.g. Dispel partners who are sales channels for Dispel, but not service providers on the contract or whitelabeling Dispel as an OEM product—do not typically provide customer service or technical support for Dispel to their customers. Those services are contracted through the reseller/distributor by the customer to Dispel.

This contrasts with OEMs and service providers ("MSP") who wish to retain ownership of customer relationships and support interactions, while Dispel provides technical assistance where needed. This framework ensures efficient issue resolution while maintaining OEM control over customer service and platform management.

Supporting our Partners

Once a sale has been made, all Dispel partners receive as part of the resale agreement Basic Plan Technical Support for the platform that Dispel deployed for the partner under our Support Policy - Service Level Agreement.

Technical Support Add-Ons

Partners seeking further support may opt to purchase service hours from Dispel or retain a dedicated Technical Account Manager to support the Dispel Zero Trust Engine platform.

Implementation, Customer Success, & Maintenance Add-Ons

Dispel offers both service hours and dedicated Customer Success Managers for partners who wish to augment their customer services with Dispel personnel. Dispel CSMs interface directly with partner customers providing implementations, customer support, and performing maintenance. CSMs can also provide training and enablement to partner teams.

Support for End Customers

End customers are responsible for managing Dispel Zero Trust Engine deployments and components within their own environments. Their role includes user account and access management, which encompasses configuring security settings, inviting users, onboarding and managing devices, approving access requests, and defining user roles and device access policies.

The OEM/MSP's primary responsibility is to provide customer service and success for its customers, ensuring a seamless experience on the Dispel Engine. Unless the OEM/MSP has contracted with Dispel to perform this work, OEM/MSPs serve as the sole point of contact for customer support, handling Wicket installations, Tier 1 troubleshooting, general support inquiries, and overseeing customer onboarding and training. OEM/MSPs remain responsible for direct communication with their customers, while Dispel operates as a secondary support resource for OEM/MSP personnel.

Dispel’s primary responsibility is to provide technical support and act as an escalation point for all Severity Levels issues that OEM/MSPs are unable to resolve. Dispel’s role is limited to maintaining the overall health, security, and functionality of the platform, ensuring infrastructure stability, and providing advanced troubleshooting when necessary. In addition to technical support, Dispel is responsible for providing training resources and documentation for OEM/MSPs to carry out their customer service and success roles. Dispel will be responsible for providing initial materials for training, as well as additional materials as new features, FAQs, and processes are implemented.

This structure ensures that our OEM/MSP partners retain full ownership of customer interactions while leveraging Dispel’s expertise for technical escalations. By maintaining a clear division of responsibilities, OEM/MSPs can efficiently support its customers while ensuring that Dispel remains focused on platform stability and high-level issue resolution.

Definitions

Below are definitions of terms referenced in the RACI Matrix.

Service Types Descriptions

• Implementation: Tasks related to setting up, configuring, and deploying the Dispel Zero Trust Engine and associated infrastructure. This includes prepping and installing Dispel Wicket ESIs at customer sites.

• Customer Success: Tasks focused on end-user onboarding, training, troubleshooting, and customer communication to ensure a smooth user experience.

• Maintenance: Provide ongoing upkeep and functionality of the Dispel Zero Trust Engine platform, including making bug fixes and routine update packages available.

• Technical Support: Advanced troubleshooting and issue resolution for technical escalations, as well as maintaining infrastructure health and stability.

Task Category Descriptions

• User Account Management: This category involves managing user accounts on the Dispel Zero Trust Engine. It includes creating, modifying, and deleting user accounts, ensuring proper authentication methods, and managing role-levels for individual users.

• User Access Management: Focuses on controlling and configuring user access permissions. This includes granting or revoking access to specific devices or resources, setting user roles, and enforcing security protocols to ensure proper authorization.

• Partner Customer Communication: Encompasses direct communication with partner customers regarding inquiries, updates, and troubleshooting. This includes ensuring partner customers are informed and supported during their use of the Dispel Zero Trust Engine.

• Wicket Deployment and Installation: Covers the information collection and installation of Wickets, ensuring installations result in successful Wicket connections to Dispel Regions as well as to downstream devices.

• End-User Support: Addresses assistance provided to partner customers for operational or usage-related questions about the Dispel Zero Trust Engine. This includes guiding them through platform functionalities, providing troubleshooting steps, and resolving non-technical queries. If a user issue cannot be categorized under the defined Severity Levels because there is no performance impact of the software, such as a user requesting an MFA reset because they have changed their authenticator, the issue would be categorized under this task.

• Training and Onboarding: Includes guiding partner customers through the initial setup and familiarization process for the Dispel Zero Trust Engine. This involves user training, walkthroughs, and ensuring a smooth onboarding experience for end-users.

• Virtual Desktop Stack Management: Involves overseeing the Virtual Desktop Infrastructure (VDI) stack for accessing partner customer networks. Partner's role includes identifying when additional VDIs are needed, ensuring the appropriate stakeholders are informed to adjust contract and stack sizes, and updating stack Golden Images as necessary to maintain operational efficiency and end-user accessibility.

• Network Connectivity: Covers the establishment and maintenance of network connections between Wickets, customer devices, and Dispel Regions. This includes troubleshooting connectivity issues and ensuring data transmission is secure and uninterrupted.

• Dispel Zero Trust Engine Bugs: Refers to identifying, reporting, and resolving software bugs or glitches within the Dispel Zero Trust Engine. This ensures continued usability, reliability, and security of the platform for partner customers.

• Infrastructure Maintenance: Encompasses the ongoing upkeep of the Dispel Zero Trust Engine’s infrastructure. This includes applying updates, monitoring system health, and ensuring optimal performance for Wickets and Cloud infrastructure across all environments.

• Critical Infrastructure Outages: Involves addressing major disruptions to the Dispel Zero Trust Engine’s functionality or infrastructure. These incidents require immediate resolution to restore platform availability and maintain critical services.

Role Descriptions

• Primary: The party with primary responsibility is accountable for completing the task or addressing the issue. This includes performing the required actions, ensuring resolution, and communicating outcomes to relevant stakeholders. A primary responsibility indicates ownership of the process from start to finish.

• Secondary: The party with secondary responsibility provides support or escalation assistance when the issue cannot be resolved by the primary party. This may involve advanced troubleshooting, offering guidance, or taking over specific tasks beyond the primary party’s capabilities. Secondary responsibility does not involve direct ownership but ensures availability for support when needed.

• Documentation and Training: The party with documentation and training responsibility will provide materials necessary for Primary parties to efficiently fulfill their role. These materials may include training webinars, diagrams, white papers, and certification programs. Documentation and Training responsibility does not involve direct ownership or intervention, but rather ensures availability of training resources for knowledge to be shared at-scale.

RACI Matrix

The matrix below outlines responsibilities across common support scenarios, ensuring partners and Dispel can collaborate effectively. Escalation to Dispel is based on the communicated severity and partner’s ability to resolve the issue internally. Severity Levels 1 and 2 are prioritized for Dispel’s intervention.

Section 1 - Purpose

This Data Protection Addendum (“Addendum”) is entered into between Dispel, LLC & Dispel Global, Inc (“Dispel”) and Vendor (each a “Party” and collectively, the “Parties”). This Addendum supplements and forms part of any existing, current, or future agreement between the Parties (any such agreement being individually or together referred to as the “Agreement”). This Addendum will be in effect as of the effective date of the Agreement (“Effective Date”); provided, however, the relevant obligations apply only to the extent that (i) Personal Data is subject to the Applicable Data Privacy Laws; and (ii) an Applicable Data Privacy Law has taken effect.

Section 2 - Relationship with the Agreement

In the event of a conflict between this Addendum and the Agreement, the Addendum will control to the extent necessary to resolve the conflict. In the event the Parties use an International Data Transfer Mechanism and there is a conflict between the obligations in that International Data Transfer Mechanism and this Addendum, the International Data Transfer Mechanism will control.

Section 3 - Definitions

Capitalized terms used but not defined have the meanings given in the Agreement.

1. “Applicable Data Privacy Laws” means all data protection and privacy laws applicable to the Processing of Personal Data under the Agreement, including, but not limited to, the California Consumer Privacy Act (“CCPA”), as amended from time to time and including any regulations promulgated thereunder.

2. “Consent” means a Data Subject’s freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data relating to him or her.

3. “Controller” means the entity that determines the purposes and means of Processing Personal Data. “Controller” includes equivalent terms in other Applicable Data Privacy Laws, such as the CCPA-defined terms “Business” and “Third Party,” as context requires.

4. “Data Breach” means “breach of the security of the system,” “security breach,” “breach of security,” “breach of system security,” and other analogous terms referenced in Applicable Data Privacy Laws.

5. “Data Exporter” means the Party that (1) has a corporate presence or other stable arrangement in a jurisdiction that requires an International Data Transfer Mechanism and (2) transfers Personal Data, or makes Personal Data available to, the Data Importer.

6. “Data Importer” means the Party that (1) is located in a jurisdiction that is not the same as Data Exporter’s jurisdiction and (2) receives Personal Data from the Data Exporter or is able to access Personal Data made available by the Data Exporter.

7. “Data Subject” means an identified or identifiable natural person.

8. “Personal Data” means information that is linked or linkable, directly or indirectly, to an identified or identifiable natural person. “Personal Data” includes equivalent terms in Applicable Data Protection Laws, such as the CCPA-defined term “Personal Information,” as context requires.

9. “Processor” means an entity that Processes Personal Data on behalf of another entity. “Processor” includes equivalent terms in other Applicable Data Privacy Laws, such as the CCPA-defined term “Service Provider,” as context requires.

10. “Sensitive Data” means the following types and categories of data: Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, a mental or physical health condition or diagnosis, sex life or sexual orientation, citizenship or immigration status; genetic data; biometric data; neural data; government identification numbers; payment card information; unencrypted identifier or username in combination with a password or other access code that would allow access to an account; precise geolocation information; and information from a known child.

12. “Subprocessor” means a Processor engaged by a Party who is acting as a Processor.

13. The following terms have the meanings assigned to them in Applicable Data Privacy Laws: “Business,” “Business Purpose,” “Cross-Context Behavioral Advertising,” “Process” (and its cognates), “Sale” (and its cognates), “Service Provider,” “Share” (and its cognates), and “Third Party.”

Section 4 - Description of the Parties’ Personal Data Processing Activities and Status of the Parties

1. The Description of Processing Form describes the purposes of Parties’ Processing, the types or categories of Personal Data involved in the Processing, and the categories of Data Subjects affected by the Processing.

2. The Description of Processing Form lists the Parties’ statuses under Applicable Data Privacy Laws.

Section 5 - International Data Transfer

1. Some jurisdictions require that an entity transferring Personal Data to a recipient in another jurisdiction take extra measures to ensure that the Personal Data has special protections if the law of the recipient’s jurisdiction does not protect Personal Data in a manner equivalent to the transferring entity’s jurisdiction (an “International Data Transfer Mechanism”). Parties will comply with an International Data Transfer Mechanism, including the Standard Contractual Clauses, that may be required by Applicable Data Privacy Laws.

2. If the International Data Transfer Mechanism on which Parties rely is invalidated or superseded, Parties will work together in good faith to find a suitable alternative.

3. With respect to Personal Data of Data Subjects located in a jurisdiction that requires an International Data Transfer Mechanism (e.g., the EEA, Switzerland, or the United Kingdom) that Data Exporter transfers to Data Importer, or permits Data Importer to access, the Parties agree that by executing this Addendum they also execute the Standard Contractual Clauses, which will be incorporated by reference and form an integral part of the Agreement. Parties agree that, with respect to the elements of the Standard Contractual Clauses that require Parties’ input, Schedules 1-2 and the Description of Processing Form contain information relevant to the Standard Contractual Clauses and their Annexes. The Parties agree that, for Personal Data of Data Subjects in the United Kingdom, Switzerland, or another country specified in Schedule 2, they adopt the modifications to the Standard Contractual Clauses listed in Schedule 2 to adapt the Standard Contractual Clauses to local law, as applicable.

Section 6 - General Data Privacy Obligations

1. Compliance. The parties will comply with their respective obligations under Applicable Data Protection Laws, including by providing the same level of privacy protection that is required of Businesses under the CCPA.

2. Upon request, Vendor will provide reasonably relevant information to Dispel to enable Dispel to fulfill its obligations (if any) to conduct data protection assessments or prior consultations with data protection authorities.

3. Notification. Vendor will notify Dispel if it determines that it can no longer meet its obligations under Applicable Data Privacy Laws.

Section 7 - Vendor’s Obligations as a Third Party (if applicable)

If Vendor is a Third Party with regard to Personal Data that is collected, exchanged, or otherwise Processed in connection with the Vendor’s performance of the agreement (see Description of Processing Form), then:

1. Vendor acknowledges that Dispel is making Personal Data available to Vendor for the limited and specific purposes described in Description of Processing Form and Vendor agrees to use such Personal Data only for such purposes and for no other purpose.

2. Vendor will not Sell or Share Personal Data made available to it by Dispel unless Vendor provides data subjects with notice and the opportunity to opt out of such Sharing or Selling.

3. Vendor will allow Dispel to take reasonable and appropriate steps to ensure that Vendor is using the Personal Data provided or made available to Vendor by or on behalf of Dispel, or obtained or collected by Vendor in connection with the purposes described in Description of Processing Form, in a manner consistent with Dispel’s obligations under Applicable Data Privacy Laws.

4. Vendor will assist Dispel in complying with Data Subjects’ request to opt out of Processing, in no event later than 15 business days after receiving the request, if Dispel notifies Vendor that it is required to do so under Applicable Data Privacy Laws. Vendor will forward the opt-out request to any other person to whom it has made the Personal Data available.

5. If Dispel discovers unauthorized use of Personal Data by Vendor, Dispel may, upon notice, take reasonable and appropriate steps to stop and remediate such unauthorized use.

Section 8 - Vendor’s Obligations as Independent Controller (if applicable)

If Vendor is a Controller of Personal Data that is collected, exchanged, or otherwise Processed in connection with the Vendor’s performance of the Agreement (see Description of Processing Form), then:

1. Vendor acknowledges and agrees that Vendor is independently responsible for compliance and will comply with Applicable Data Privacy Laws (e.g., obligations of Controllers).

2. Vendor agrees to be responsible for providing notice to Data Subjects as may be required by Applicable Data Privacy Laws and responding to Data Subjects’ requests to exercise their rights under Applicable Data Privacy Laws.

3. If Vendor receives any type of request or inquiry from a governmental, legislative, judicial, law enforcement, or regulatory authority, or faces an actual or potential claim, inquiry, or complaint in connection with Parties’ Processing of Personal Data provided to Vendor by or on behalf of Dispel, its affiliates, or their respective end users, or obtained or collected by Vendor in connection with the purposes described in Description of Processing Form (collectively, an “Inquiry”), then Vendor will notify Dispel without undue delay, but in no event later than ten (10) business days, unless such notification is prohibited by applicable law. Vendor will promptly provide Dispel with information relevant to the Inquiry, including any information relevant to the defense of a claim, to enable Dispel to respond to the Inquiry.

Section 9 - Vendor’s Obligations as a Processor, Subprocessor, or Service Provider (if applicable)

1. Vendor will have the obligations set forth in this SECTION 9 if it Processes the Personal Data of Data Subjects in its capacity as Dispel’s Processor or Service Provider; for clarity, these obligations do not apply to Vendor in its capacity as an Independent Controller or Third Party.

2. Scope of Processing

   1. Vendor will Process Personal Data solely for the Business Purposes specified in the Description of Processing Form, to carry out its obligations under the Agreement, and to carry out Dispel’s documented instructions.

   2. Processing any Personal Data outside the scope of the Agreement and this Addendum will require prior written agreement between Vendor and Dispel.

   3. Vendor is prohibited from retaining, using, or disclosing the Personal Data (1) for any purpose other than the Business Purposes specified in the Description of Processing Form, including retaining, using, or disclosing the Personal Data for a commercial purpose other than carrying out Dispel’s instructions, (2) outside of the Parties’ direct business relationship, unless permitted by Applicable Data Privacy Laws, or (3) by combining Personal Data that Vendor receives from, or on behalf of, Dispel with Personal Data that it receives from, or on behalf of, another person or persons, or collects from its own interaction with the Data Subject, provided that Vendor may combine Personal Data to perform any Business Purposes permitted by Applicable Data Privacy Law.

3. Vendor will not Sell or Share the Personal Data that it collects or obtains pursuant to the Agreement.

4. Confidentiality. Vendor will ensure that each person who Processes Personal Data is subject to a duty of confidentiality with respect to such Personal Data.

5. Compliance.

   1. Vendor will assist Dispel in complying with Data Subjects’ requests to delete and correct Personal Data under Applicable Data Protection Law when Dispel forwards such requests that it receives to Vendor and will make available to Dispel any Personal Data in its possession that Dispel needs to respond to Data Subjects’ requests to access their Personal Data.

   2. Vendor will make available to Dispel, upon the Dispel’s reasonable request, all information in its possession necessary to demonstrate Vendor’s compliance with its obligations under Applicable Data Privacy Laws.

6. Permitted Activities. Notwithstanding the foregoing prohibitions, Parties agree that Vendor may, and Dispel instructs Vendor to, Process Personal Data for the following activities when necessary to support the Business Purposes specified in the Description of Processing Form; detect data security incidents; protect against fraudulent or illegal activity; effectuate repairs; and maintain and improve the quality of the services provided for the Business Purposes specified in the Description of Processing Form.

7. Subprocessors. If Vendor discloses Personal Data to a Subprocessor for a Business Purpose, Vendor and Subprocessor will enter into a written contract that prohibits the Subprocessor from (i) Selling or Sharing Personal Data; or (ii) retaining, using, or disclosing Personal Data for any purpose other than for the specific Business Purpose for which the Personal Data was disclosed. Vendor will require any Subprocessor to comply with applicable obligations under Applicable Data Privacy Laws, including to provide the same level of privacy protection required of Businesses by the CCPA. Vendor must notify Dispel before engaging a new Subprocessor and give Dispel an opportunity to object to the engagement.

8. Duration of Processing, Deletion and Return of Personal Data. Vendor shall retain Personal Data for a period coterminous with the term of the Agreement. At the expiration or termination of the Agreement, or upon request by Dispel, Vendor will, without undue delay: (1) return all Personal Data to Dispel; or (2) upon request by Dispel, destroy all Personal Data, in each case unless applicable laws expressly require otherwise or the Parties agree otherwise expressly in writing. For any Personal Data that Vendor retains after expiration or termination of the Agreement, Vendor will continue to comply with this Addendum.

9. Assessment and Remediation.

   1. Dispel may take reasonable and appropriate steps, as provided in Applicable Data Privacy Laws, to ensure Vendor Processes the Personal Data in a manner consistent with Dispel’s obligations under Applicable Data Privacy Laws, including by conducting reasonable assessments or audits, as provided by Applicable Data Privacy Laws. If Dispel and Vendor agree to an assessment by a qualified and independent third party, Vendor agrees to provide a report of such assessment to Dispel upon request.

   2. If Dispel discovers unauthorized use of Personal Data by Vendor or Vendor’s Subprocessors, Dispel may, upon notice, take reasonable and appropriate steps to remediate such unauthorized use.

Section 10 - Security

1. Vendor will implement appropriate technical and organizational measures to protect Personal Data from a Data Breach and to preserve the security and confidentiality of Personal Data, as set out in Schedule 1.

2. Upon becoming aware of a Data Breach, Vendor will:

   1. Notify Dispel without delay of the Data Breach, but in any case, no later than 48 hours after becoming aware of or reasonably suspecting the Data Breach;

   2. Promptly investigate or perform required assistance in the investigation of the Data Breach and provide Dispel with detailed information about the Data Breach, including a description of the Data Breach, the approximate number of Data Subjects affected, the Data Breach’s current and foreseeable impact, and the measures Vendor is taking to address the Data Breach and mitigate its effects; and

   3. Promptly take all commercially reasonable steps to mitigate the effects of the Data Breach or assist Dispel in doing so.

3. Vendor will comply with this SECTION 10 at Vendor’s cost, unless the Data Breach arose from Dispel’s negligent or willful acts.

4. Vendor must obtain Dispel’s written approval before notifying any governmental entity, individual, the press, or other third party of a Data Breach that affected or reasonably could affect Personal Data that Vendor obtained from, or Processed on behalf of, Dispel. Notwithstanding anything to the contrary in this Addendum, Vendor may notify a third party about a Data Breach affecting Personal Data if it is under a legal obligation to do so, provided that Vendor must: (1) make every effort to give Dispel prior notification, as soon as possible, if it intends to disclose the Data Breach to a third party; and (2) if it is not possible to give Dispel such prior notification, notify Dispel immediately once it becomes possible to give notification. For any disclosure of a Data Breach to a third party, Vendor will, as part of its notification to Dispel, disclose the identity of the third party and a copy of the notification (if the notification to the third party has not been sent, Vendor will provide the draft to Dispel and permit Dispel to offer edits or updates).

Section 11 - Miscellaneous

1. Entire agreement. This Addendum is the Parties’ entire agreement on this subject and merges and supersedes all related prior and contemporaneous oral understandings, representations, prior discussions, letters of intent, or preliminary agreements.

2. No further amendment. Except as modified by this Addendum, the Agreement remains unmodified and in full force and effect.

Schedule 1: Technical and Organizational Security Measures

Schedule 2: Jurisdiction-Specific Clauses

1. Jurisdiction-specific Obligations and Information for International Transfers

   1. Generally. The parties agree that, for any jurisdiction not listed below that requires an International Data Transfer Mechanism, they hereby enter into and agree to be bound by the EEA Standard Contractual Clauses for transfers of personal data from that jurisdiction unless (1) the parties otherwise agree in writing or (2) a jurisdiction promulgates its own International Data Transfer Mechanism, in which case the parties hereby agree to negotiate an update to this DPA to incorporate such International Data Transfer Mechanism.

   2. European Economic Area.

      1. “EEA Standard Contractual Clauses” means the European Union standard contractual clauses for international transfers from the European Economic Area to third countries, Commission Implementing Decision (EU) 2021/914 of 4 June 2021.

      2. For transfers from the EEA that are not subject to an adequacy decision or exception, the parties hereby incorporate the EEA Standard Contractual Clauses by reference and, by signing this DPA, also enter into and agree to be bound by the EEA Standard Contractual Clauses. The parties agree to select the following options made available by the EEA Standard Contractual Clauses.

         1. Clause 9, Module 2(a): The parties select Option 2. The time period is 30 days.

         2. Clause 9, Module 3(a): The parties select Option 2. The time period is 30 days.

         3. Clause 11(a): The parties do not select the independent dispute resolution option.

         4. Clause 17: The parties select Option 1. The parties agree that the governing jurisdiction is the Republic of Ireland.

         5. Clause 18: The parties agree that the forum is the Republic of Ireland.

         6. Annex I(A): The statuses of the parties as Controllers or Processors and Data Exporters or Data Importers is described in Schedule 1.

         7. Annex I(B): The parties agree that Schedule 1 describes the transfer.

         8. Annex I(C): The competent supervisory authority is the Data Protection Commission.

         9. Annex II: The parties agree that Schedule 1 describes the technical and organizational measures applicable to the transfer.

         10. Annex III: The parties agree that the Description of Processing Form describes the relevant subprocessors and their roles in processing personal data.

   3. Switzerland. The parties agree to the following modifications to the EEA Standard Contractual Clauses to make them applicable to transfers of personal data from Switzerland.

      1. The parties adopt the GDPR standard for all data transfers from Switzerland.

      2. Clause 13 and Annex I(C): The competent authorities under Clause 13, and in Annex I(C), are the Federal Data Protection and Information Commissioner and, concurrently, the EEA member state authority identified above.

      3. Clause 17: The parties agree that the governing jurisdiction is the Republic of Ireland.

      4. Clause 18: The parties agree that the forum is the Republic of Ireland. The parties agree to interpret the EEA Standard Contractual Clauses so that data subjects in Switzerland are able to sue for their rights in Switzerland in accordance with Clause 18(c).

   4. United Kingdom.

      1. “IDTA” means the International Data Transfer Agreement issued by the ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as modified by the UK Information Commissioner’s Office from time to time.

      2. For transfers from the United Kingdom that are not subject to an adequacy decision or exception, the parties hereby incorporate the IDTA by reference and, by signing this DPA, also enter into and agree to be bound by the Mandatory Clauses of the IDTA.

      3. Pursuant to Sections 5.2 and 5.3 of the IDTA, the parties agree that the following information is relevant to Tables 1 – 4 of the IDTA and that by changing the format and content of the Tables neither party intends to reduce the Appropriate Safeguards (as defined in the IDTA).

         1. Table 1: The parties’ details, key contacts, data subject contacts, and signatures are in the signature block of the DPA.

         2. Table 2:

            1. The UK country’s law that governs the IDTA is: England and Wales

            2. The primary place for legal claims to be made by the parties is: England and Wales

            3. The statuses of the Data Exporter and Data Importer are described in Schedule 1.

            4. The Data Importer represents and warrants that the UK GDPR does apply to its processing of personal data under the Agreement.

            5. The relationship among the agreements setting forth data protection terms among the parties, including this Section, the DPA, and the Agreement, is described in Section 1 of the DPA.

            6. The duration that the parties may process personal data is set forth in the DPA.

            7. The IDTA is coterminous with the DPA. Neither party may terminate the IDTA before the DPA ends unless one of the parties breaches the IDTA or the parties agree in writing.

            8. The Data Importer may transfer personal data to another organization or person (who is a different legal entity) if such transfer complies with the IDTA’s applicable Mandatory Clauses.

            9. The parties will review the Security Requirements listed in Table 4, and the supplementary measures described in Schedule 1, to this DPA annually.

         3. Table 3:

            1. The categories of personal data, Sensitive Data, data subjects, and purposes of processing are described in Schedule 1. Such description may only be updated by written agreement of the parties.

         4. Table 4:

            1. The security measures adopted by the parties are described in Schedule 1 of this DPA. Such security measures may only be updated by written agreement of the parties.

   5. The parties agree to adopt the additional technical, organizational, and/or contractual protections that may be required by their transfer impact assessment described in Schedule 1 of this DPA.

Dispel performs regular maintenance to keep our platforms working smoothly.

In the event a planned maintenance window will be accompanied by downtime more than 10 minutes, we will give you at least 48 hours advanced notice. If you are on a private deployment, we will additionally coordinate with you in advance to find a mutually suitable time. In a year, scheduled downtime won’t exceed 10 hours.

Maintenance Windows

Customer Impact Scores

When deploying updates to the Dispel platform, the time and effect on users can vary. We score our deployments to help customers understand how the update window will impact their workflow, to what degree, and what they may see during this time.

Vulnerabilities and Critical Bug Fixes

In the event of a vulnerability or critical bug fix, Dispel may enter maintenance mode at any time. We will actively communicate with you with as much reasonable notice as possible.

To support Dispel in delivering its Services, Dispel may engage third party service providers to assist Dispel with its data processing activities. When we work with these service providers in our capacity as a data processor, the third-party service provider is a sub-processor of Dispel (“Sub-processor”).

This page identifies our Sub-processors, describes where they are located, and what services they provide to us. Before engaging any Sub-processor, we perform extensive due diligence, including detailed security and legal analysis. We do not engage a Sub-processor unless our quality standards are met.

Dispel currently uses the following Sub-processors:

External Service Providers

Infrastructure

When you deploy infrastructure through Dispel, you may also choose to build your network from the following providers:

Business Systems (generally out of scope)

Our business needs may change from time to time. For example, we may deprecate a Sub-processor to consolidate and minimize our use of Sub-processors. Similarly, we may add a Sub-processor if we believe that doing so will enhance our ability to deliver our Services. We will periodically update this page to reflect additions and removals to our list of Sub-processors.

Dispel serves clients globally, protecting critical infrastructure and manufacturing around the world. Part of our supply-chain security includes considerations for where our suppliers and service providers are based, and the extent to which foreign ownership, control, or influence ("FOCI") may impact our supply chain.

FOCI does not disqualify a company from serving or supplying Dispel. After completing the questionnaire, a review will be conducted considering the following factors:

• Record of economic and government espionage against U.S. targets

• Record of enforcement and/or engagement in unauthorized technology transfer

• The type and sensitivity of the information that shall be accessed

• The source, nature, and extent of FOCI

• Record of compliance with pertinent U.S. laws, regulations and contracts

• The nature of any applicable bilateral and multilateral security and information exchange agreements

• Ownership or control, in whole or in part, by a foreign government

• Any other indications of a foreign interests’ capability to control or influence the company’s operations or management

In addition to these specific factors, Dispel also assesses companies for any other factors that may indicate or demonstrate a capability on the part of foreign interests to control or influence the company’s operations or management in a manner that would be detremental to our end customers.

Questionnaire

Dispel's FOCI form is modeled after Standard Form (SF) 328, the Certificate Pertaining to Foreign Interest, which is a 10-question document designed to help identify the presence of FOCI in an organization. Each of the 10 questions requires a yes or no answer, and any yes answer requires that additional information or documentation be included with the form.

Climate change presents an existential threat to the continued health and wellbeing of our planet and its inhabitants. As an organization, we recognize our responsibility in helping to protect the earth through our business practices and products. We are committed to minimizing our impact on the environment, creating a sustainable business, and helping others reduce their carbon footprint.

Sustainability at Dispel begins with our behavior, suppliers, and technology. We recognize the need for science-based targets to reduce our greenhouse gas (GHG) emissions, while using carbon capture to offset those emissions we cannot yet stop.

Our goal is to avoid the most catastrophic effects of climate change by limiting the increase in global average temperature to at most 1.5°C above preindustrial levels.

Download a copy of our Environment & Sustainability Statement here:

At Dispel, we only work with suppliers that share our commitment to integrity, sustainability and human rights and have agreed to meet the requirements set out in this Supplier Code of Conduct.

Dispel's purpose is to enable a more secure, efficient future for operations, manufacturing, and industrial systems. In keeping with our purpose, Dispel is committed to maintaining the highest standards of integrity and transparency, and complying with all applicable laws and regulations across its global business operations. Given that the conduct of Dispel's suppliers and sub-processors can have a substantial impact on both Dispel and its stakeholders, we require all suppliers to adhere to similar legal standards and values as Dispel.

“Suppliers” refers to third parties—including individual contractors, vendors and sub-processors—that Dispel engages to purchase goods and/or services and/or works. The Supplier Code of Conduct does not apply to end-use customers.

As a Dispel supplier, you comply with all applicable laws and regulations wherever you operate, observe the principles reflected in Dispel’s Code of Conduct, and meet the requirements set out in this Dispel Supplier Code of Conduct, as well as your contractual obligations to Dispel.

We cannot cover every situation that may arise in this Code of Conduct, so we ask that you, as our supplier, be thoughtful and ethical. The Supplier Code should be viewed as the minimum standards that we expect from our supplier community. Dispel will assess a Supplier’s commitment to compliance with these requirements when making procurement and sourcing decisions.

Human Rights and Decent Work

We require our suppliers to respect the same international human rights principles and standards as Dispel. You shall respect the personal dignity, privacy and rights of each individual and refrain from making anyone work against his or her will. You will also prohibit behaviors, practices and threats that are intended to cause or are likely to result in physical, psychological, sexual or economic harm, including gender-based violence and harassment. In particular, you will:

• Refrain from discrimination, harassment and retaliation based on gender, age, ethnicity, nationality, religion, disability, union membership, political affiliation, sexual orientation or other characteristics protected under local law and ensure equal and fair treatment of all workers;

• Not hire individuals under 15 years of age, or 14 years of age where local law allows, consistent with ILO Convention number 138, or under the legal minimum age for employment in the country, whichever is greatest;

• Ensure that any young workers (under the age of 18) in your employ are protected from performing any work that may harm their physical or mental development, interfere with their education, or compromise their potential or dignity;

• Conduct human rights due diligence to identify, assess, eliminate or mitigate the risks of potential adverse effects related to forced and/or child labor in your supply chain. Adopt a traceability system that records information on product origins, suppliers and processing steps regarding forced labor and child labor. Develop a risk management plan to monitor and identify risks in the supply chain relating to forced labor and child labor;

• Not use any form of modern slavery and/ or forced labor and allow all workers the freedom to leave their employment upon reasonable notice;

• Unless stipulated by applicable law, not require workers to surrender their original personal certificates and identifications, such as government-issued identification, passports or work permits, as a condition of employment;

• Compensate workers fairly and in a timely manner. Follow local wage and overtime payment regulations and / or collective agreements. Where these do not exist, compensate employees so at the minimum they can meet their basic needs;

Business Ethics

You shall conduct your business in an ethical manner. In particular, you will:

• Not commit or become involved in, and seek to prevent, any form of bribery, corruption, fraud, theft, money laundering, unlawful tax evasion or any other violation of applicable laws;

• Ensure that no payments (including facilitation payments), gifts or any other commitments are made to Dispel customers or employees, public officials or any other party in order to obtain or retain business, secure an improper advantage or influence someone to improperly perform their duties;

• Adhere to antitrust and other competition laws and have in place effective processes and procedures to prevent anti-competitive behavior, and conduct your business in line with fair competition;

• Disclose to Dispel information regarding any actual, potential or perceived conflicts of interest relating to your activities as an Dispel supplier, including disclosure of any financial interest that an Dispel employee, customer or their relatives or other proxy may hold in your business;

• Respect the intellectual property rights of Dispel and others. Secure and protect all confidential information provided by Dispel and our respective business partners;

• Comply with all applicable international trade and export control regulations and, in particular, properly classify and obtain all applicable approvals, licenses and certificates prior to export or transfer of products, technology or software.

Do not give gifts to influence Dispel Do not offer, provide, or solicit gifts or entertainment that might compromise a Dispel employee’s judgment or independence. This includes, but is not limited to:

• Cash, cash equivalents, such as gift cards, gifts or charitable contributions individually or cumulatively valued at more than $150 in any one year; and

• Entertainment that is lavish or that takes place in a location inconsistent with Dispel’s values

Business and Information Security

We use our assets responsibly and only for legitimate business purposes that are consistent with Dispel’s interests and rights and in accordance with our rules and governance.

You shall conduct your business in a secure manner, taking care of the safety and security of people as well as physical assets and information or data assets. In particular, you will:

• Implement reasonable measures for minimizing exposure of Dispel to security threats such as cyberattacks, theft, and crime;

• When visiting or working at Dispel locations, follow Dispel’s security procedures and report any security concerns through the appropriate Dispel channels;

• Implement and maintain appropriate physical, technical and organizational measures to protect Dispel information and assets from destruction or unauthorized disclosure;

• Adhere to applicable information security and cybersecurity regulations and standards, and immediately report to us any suspected or actual incidents that may impact Dispel information or systems;

• Observe all applicable data-privacy regulations and laws on the collection, processing and transfer of personal data and cooperate in good faith with Dispel to ensure compliance with the aforementioned requirements.

Procurement by Suppliers

We are committed to a transparent and competitive sourcing process and to dealing fairly and responsibly with our suppliers.

You shall procure goods and services in a responsible manner. In particular, you will:

• Require your suppliers (including but not limited to labor agents or agencies, material suppliers and subcontractors) to respect standards consistent with the Dispel Supplier Code of Conduct and include your requirements in agreements with your suppliers;

• Effectively communicate these principles along your supply chain and implement a process to verify supplier performance;

• Inform Dispel immediately if you suspect a violation of these principles has taken place in your supply chain and work with your suppliers to mitigate and prevent further violations and remediate negative events that have occurred in the past;

• When working at Dispel locations, only subcontract work with prior consent from Dispel.

We expect you to create a comprehensive overview of your supply chain, also known as supply chain mapping, so you can quickly identify and mitigate risks in terms of all topics covered in this Supplier Code of Conduct.

Documentation, Inspections, Reporting and Corrective Actions

We comply with all regulations and laws on reporting or disclosure of human rights and environmental due diligence and take appropriate actions in a timely manner to address non-compliances or implement improvements.

To ensure and demonstrate compliance with the Dispel Supplier Code of Conduct, you will:

• Comply with all regulations and laws regarding public reporting or disclosure on human rights and environmental due diligence, including laws requiring public disclosures on due diligence on modern slavery and child labor across the supplier’s value chain;

• Create and maintain relevant documentation and provide supporting documentation to Dispel upon request;

• Report to Dispel without undue delay in writing any identified risks to and violations of the principles outlined in this Supplier Code of Conduct and take appropriate corrective actions to prevent, end or mitigate the risk or violation.

To verify your compliance, we reserve the right to audit and inspect your operations, upon reasonable notice, with your consent. Such consent shall not be unreasonably withheld. If the results of such an audit or inspection show that you do not comply with this Dispel Supplier Code of Conduct, you shall take necessary corrective actions in a timely manner as directed by us.

If you fail to comply with this Dispel Supplier Code of Conduct, or fail to take necessary corrective actions to remedy violations of the Dispel Supplier Code of Conduct within a reasonable timeframe, Dispel reserves the right to take action against you, including suspending or terminating your activities as one of our suppliers.

Glossary

This glossary explains important terms used in the Dispel Supplier Code of Conduct and implementation guide. It is based on universally accepted definitions, which have been edited for clarity and ease of understanding.

Child labor is often defined as work that deprives children of their childhood, their potential or their dignity. It refers to work that is mentally, physically, socially or morally dangerous and harmful to children and/or interferes with their schooling. Child labor also refers to employment of children who are underage or who do excessively long and heavy or hazardous work as determined by the laws of a state.

Employees include any staff or personnel engaged or employed by a supplier, including temporary labor engaged via labor agents or agencies.

Facilitation payments are payments made to a public official to facilitate or expedite the performance of routine governmental action (e.g., processing papers, issuing permits) that the person or company making the payment is legally entitled to receive.

Grievance mechanisms are formal, legal or non-legal (or “judicial/non-judicial”) complaint processes that can be used by individuals, workers, communities and/or civil society organizations that are negatively affected by certain business activities and operations.

Human rights refer to the basic rights and freedoms that belong to every person in the world, simply because they are human beings. They define the minimum standards necessary for people to live with dignity, freedom, equality, justice and peace. They are inherent to everyone, irrespective of race, gender, language, religion, political or other opinion, national or social origin, property, birth or status. The Universal Declaration of Human Rights, adopted by the United Nations General Assembly in 1948, establishes the fundamental rights and freedoms of all human beings.

Modern slavery is an umbrella term covering practices such as forced labor, debt bondage, child labor, forced marriage, involuntary prison labor, victims of slavery and human trafficking.

Suppliers refers to a third parties, including individual contractors, that Dispel engages to purchase goods and/or services and/or works.

1. Products.

Dispel makes available the Remote Access Services (as defined in Exhibit A; the “Products”), and Partner desires to market and resell the Products in the Territory (as defined in your Partner Portal), in accordance with the terms and conditions of this Agreement. In connection with the resale of the Products, Partner may offer to resell to Customers the Support Services (as defined in Exhibit A).

2. Pricing.

Resale prices for the Products and for Support Services will be established by Partner at its sole discretion. For each such resale, Partner will submit a purchase order to Dispel (“Purchase Order”) via the Partner Portal. The submittal of a Purchase Order will act as authorization for Dispel to proceed with the ordering process.

3. Signatures.

Exhibit A: Terms and Conditions

1. Partner’s Rights.

1.1 Marketing and Resale Rights.

Subject to the terms and conditions of this Agreement (including the payment obligations set forth in Section 5.4), Dispel grants to Partner a nonexclusive, nontransferable right and license during the Term within the Territory to:

(a) advertise, market, and promote the Products to Customers in the Territory;

(b) resell directly (i.e., not through distributors or resellers) to Customers in the Territory and to contractors for resale to Customers pursuant to Section 1.6 (i) the right to access and use the Remote Access Services, and (ii) the Support Services; and

(c) access and use the Remote Access Services for the sole purpose of providing the Support Services for Customers in accordance with Section 3.1 and exercising the rights in Section 1.5; provided that Partner shall purchase from Dispel a demo environment to access and use the Remote Access Services.

1.2 Documentation Right.

Dispel grants to Partner a nonexclusive, nontransferable right and license during the Term to reproduce and distribute to Customers in the Territory the Documentation in connection with the resale of the Products pursuant to Section 1.1(b).

1.3 Trademark License.

Dispel grants to Partner a nonexclusive, nontransferable right and license during the Term to use Dispel’s registered or common law trademarks and service marks solely: (a) in connection with Partner’s marketing, resale, advertising, and promotion of the Products in accordance with this Agreement; and (b) in accordance with any usage guidelines that Dispel provides to Partner from time to time. Partner agrees that all goodwill arising out of the use of the Trademarks by Partner will accrue to the sole benefit of Dispel. Partner will not at any time challenge, or assist others in challenging, the Trademarks. Partner will submit all advertising, marketing, branding, and promotional materials related to the Products to Dispel for advance review and approval, such approval not to be unreasonably withheld or delayed. Partner grants to Dispel a nonexclusive, nontransferable, license to use Partner’s registered and/or common law trademarks and service marks (the “Partner Trademarks”) solely in connection with any mutually-agreed upon marketing activities, in accordance with any usage guidelines that Partner provides to Dispel. Dispel agrees that all goodwill arising out of the use of the Partner Trademarks by Dispel will accrue to the sole benefit of Partner.

1.4 Customer Terms of Service.

Prior to or simultaneously with completing the resale of a Product to a Customer, Partner shall ensure that such Customer has expressly agreed to the Customer Terms of Service. If a Customer does not agree to the Customer Terms of Service, that Customer will not be allowed to use the Remote Access Services or receive Support Services, and Dispel shall not be liable to Partner for refunding any Fees paid. For the avoidance of doubt, Dispel shall provide the Products and Support Services to the Customer only in accordance with the Customer Terms of Service.

a) Partner shall obtain Dispel’s prior, written approval (not to be unreasonably withheld) of the manner in which Partner intends to ensure that each Customer expressly agrees to the Customer Terms of Service, and upon Dispel’s request, shall provide documentation evidencing each Customer’s acceptance of the Customer Terms of Service.

b) Partner will immediately advise Dispel if Partner becomes aware of any breach by a Customer of any provision of the Customer Terms of Service.

c) In the event of a conflict between the Customer Terms of Service and any agreement between Partner and Customer, the Customer Terms of Service shall take precedence with respect to Dispel’s obligations and performance.

d) Nothing in this Agreement, the Customer Terms of Service, or any agreement between Partner and Customer obligates or will obligate Dispel to develop or assist in developing any Government-Off-The-Shelf products.

1.5 Partner Internal Use.

Subject to the terms and conditions of this Agreement, Dispel hereby grants to Partner a nonexclusive, nontransferable, royalty-free (except as set forth in Section 5), revocable right to use the Remote Access Services during the Term and in accordance with the Documentation, for the sole purpose of providing demonstrations of the Products to prospective Customers in the Territory and for no other purpose. Partner acknowledges and agrees that it shall purchase from Dispel a demo environment to access and use the Remote Access Services pursuant to this Section 1.5.

1.6 Right of Sublicense.

The rights granted pursuant to Sections 1.1, 1.2, 1.3, and 1.5 are nonsublicensable, except to the extent that Partner is engaged in a sales process to Customers involving multiple tiers of sales (i.e., selling to and through multiple tiers of contractors), in which case Partner shall have a limited right to sublicense the rights set forth in Sections 1.1, 1.2, 1.3, and 1.5 to only those third parties directly involved in such resale to Customers.

Any sublicense granted pursuant to this Section 1.6 shall be subject to the following restrictions:

a) such sublicense shall be limited solely to the contractor(s) duly authorized by Partner; provided that Partner shall report its duly authorized contractor(s) to Dispel on a regular basis as designated by Dispel;

b) such sublicense shall be subject to, and subordinate to, this Agreement and, in case of any conflict, the terms of this Agreement shall prevail;

c) Partner shall be responsible for, and shall ensure, any sublicensee’s compliance with this Agreement; and

d) Dispel shall have the right to review any such sublicense agreement upon request.

1.7 Certain Restrictions.

Partner shall not:

a) resell, sublicense or otherwise make available the Products except as permitted by this Agreement;

b) resell, sublicense or otherwise make available the Products to any Dispel Direct Competitor;

c) represent itself as an agent of Dispel for any purpose, nor pledge Dispel's credit or give any condition or warranty or make any representation on Dispel's behalf or commit Dispel to any contracts;

d) copy, decompile, disassemble, design around or otherwise reverse engineer the Products or any portion thereof, or determine or attempt to determine any source code, algorithms, methods, or techniques embodied in the Products or any portion thereof, or extract ideas, algorithms, procedures, workflows, or hierarchies from the Products or otherwise use the Products for the purpose of creating another product or service unless such act is permitted under applicable law (even in the case where such act is permitted under applicable law, Partner shall not use anything learned from such act in a commercial or marketing setting);

e) interfere with, or disrupt the operation of, the servers or networks used to make the Products available, or violate any requirements, procedures, policies, or regulations of such servers or networks or their providers;

f) post, transmit, or otherwise make available through or in connection with the Products any virus, worm, Trojan horse, Easter egg, time bomb, spyware, or other computer code, file, or program that is, or is potentially, harmful or invasive or intended to damage or hijack the operation of, or to monitor the use of, any hardware, software, or equipment;

g) modify, translate, or create any Derivative Works based upon the Products (except to the extent this restriction is expressly prohibited by applicable law);

h) remove or alter any copyright, trademark, trade name, or other proprietary notices, legends, symbols, or labels appearing on or in copies of the Products except as permitted under this Agreement;

i) perform, or release the results of, benchmark tests or other comparisons of the Products with other programs without Dispel’s prior written consent;

j) transfer the Products to any computer other than a computer owned by Partner and used by Partner in Partner’s operations, except as permitted by this Agreement;

k) permit the Products to be used for the benefit of any third party (i.e., in an ASP, outsourcing or service bureau relationship or processing the data of any third party), except as permitted by this Agreement;

l) incorporate the Products or any portion thereof into any other program or product, or use the Products for production purposes;

m) assert, or attempt to assert, any ownership of or other rights to (including, but not limited to, the filing of any applications for patent, trademark, copyright, or any other intellectual property rights), over, or involving the Products;

n) challenge or assist third parties in challenging the ownership, validity, enforceability, or scope of Dispel’s and/or its affiliate’s intellectual property rights or other rights in the Products or Trademarks, or, unless otherwise expressly permitted hereunder, use Dispel’s and/or its affiliate’s intellectual property rights filed and/or registered in the US anywhere in the world as if such intellectual property rights were filed and/or registered worldwide (except to the extent this restriction is prohibited by applicable law);

o) advertise, market, promote, sell, distribute, use, export, or otherwise make available the Products to any entities or person not located in the Territory (including but not limited to any foreign offices, branches, locations, affiliates, or subsidiaries of a Territory entity or person that is located outside of the Territory), without Dispel’s express written prior permission;

p) in connection with the Products and Support Services or in performance of this Agreement (i) defame, threaten, abuse, or harass any person, or otherwise violate the legal rights of any person or entity, including any copyright, trademark, trade secret, right of publicity or privacy, or any other proprietary right; (ii) harvest or collect personally identifiable information from or about any person other than in the ordinary course of business or otherwise in violation of any applicable law; (iii) impersonate any person or entity, or falsely state or otherwise misrepresent Dispel’s affiliation with any person or entity; or (iv) engage in any fraudulent or otherwise tortious or unlawful conductor;

q) violate any laws or regulations, ordinances, and requirements of any governmental authority applicable to Partner’s activities under this Agreement; or

r) engage in any other activity prohibited by this Agreement or that is reasonably deemed by Dispel to be in conflict with the spirit or intent of this Agreement.

1.8 Enablement Training.

Dispel offers training and certifications with respect to the Products and Support Services (“Enablement Training Program”). Through the Enablement Training Program, individuals may be certified by Dispel as Dispel Systems Certified Specialists. Certification information and standards may, at Dispel’s sole discretion, be modified or changed from time to time by Dispel without notice to Partner.

1.9 Tiers.

a) Discounts. Partner will be eligible to receive benefits based upon its achieved tier within the Partner Program, including discounts off the list price for the Products. Tier information is included in the Partner Portal, which Dispel may modify, at its sole discretion, from time to time. Dispel may change eligibility requirements and will notify the Partner of any such updates. Tiers may be specific to a deal depending on how the deal was sourced, client renewal decisions, or other factors set at Dispel’s sole discretion.

b) No Hardware Discounts. Some implementations of the Dispel Products use hardware to provide integration into the broader system. To the extent that Partner resells any such hardware, Partner does not receive a discount on such connection hardware and any physical asset sold by Dispel (“System Enablement Components” or “Hardware”).

c) Determining Tiers. Dispel shall, in its sole discretion, determine the tier a Partner is eligible for provided such determination is consistent with the then-current version of the Tier information available in the Dispel Partner Portal (which may be updated from time to time with written notice from Dispel).

1.10 Resale Policy Changes.

From time to time, Dispel may institute new or revised policies and procedures regarding the resale of the Products. Upon Partner’s receipt of notice from Dispel of any such new or revised policies or procedures, Partner will promptly implement such policies and procedures.

2. Ownership.

2.1 Generally.

As between Dispel and Partner, Dispel and its licensors own all right, title, and interest in and to the Products and Trademarks (including all copies, modifications, and Derivative Works thereof and all intellectual property and proprietary rights embodied therein), except for the limited right and licenses expressly granted to Partner in this Agreement. For the avoidance of doubt, any modifications, Derivative Works, intellectual property, or proprietary rights created by Partner in contravention of this Agreement shall belong exclusively to Dispel and Partner hereby assigns to Dispel all right, title, and interest in and to all such modifications, Derivative Works, intellectual property, and proprietary rights in any manner and for any purpose.

2.2 Feedback.

If Partner provides Dispel with any suggestions, ideas, feedback, reports, error identifications, or other information related to the Products or Dispel’s other products or services (“Feedback”), Partner hereby assigns to Dispel all rights, titles, and interests in and to all Feedback, including all patent rights, copyrights (including the rights stipulated under Articles 27 and 28 of the Copyright Act of Japan), trade secrets, and other intellectual property or proprietary rights therein, and agrees to assist Dispel in perfecting such rights and obtaining assignments of such rights from all individuals involved in generating the Feedback. Further, Partner shall not, and cause such individuals not to, exercise its/their moral rights in regard to the Feedback to Dispel and those designated by Dispel.

3. Channel Management.

3.1 Maintenance and Support Services.

The list price for each Product may include certain labor hours for Support Services. Any Support Services requested by Customer in excess of the labor hours included in the list price shall be as detailed in the Pricing Guidelines and subject to the execution of a Purchase Order. Partner may describe to each Customer each of the tiers of maintenance and support offered by Dispel prior to the Partner and Customer completing the ordering documentation for the purchase of Products from Partner (“Order Documentation”).

3.2 Problem Resolution.

Partner shall keep Dispel informed on a regular basis regarding any problems encountered with the Products by Partner or Customers, and regarding any resolutions developed for those problems. Partner shall communicate promptly to Dispel any and all modifications, design changes, or improvements to the Products suggested by any entity or person to Partner.

4. Dispel Professional Services.

To the extent that Partner wishes to engage Dispel to provide training, operational, technical, or other professional services to Customer in addition to the Support Services, the terms and conditions governing such professional services will be set forth in a separate professional services agreement entered into between Dispel and Partner. Nothing contained herein shall limit a Customer’s right to directly contact Dispel should such Customer desire to purchase training, operational, technical, or other professional services from Dispel. Partner will assist Customer with any such request for training, operational, technical, or other professional services from Dispel.

5. Pricing; Payment Terms.

5.1 Pricing.

Resale prices for the Products and Support Services will be established by Partner at its sole discretion. Partner will purchase the Products and Support Services from Dispel at prices set forth in the pricing guidelines provided by Dispel to Partner, which may be updated by Dispel from time to time with written notice to Partner (“Pricing Guidelines”), subject to any discounts Partner is eligible to receive under the Partner Program. Partner may bundle Dispel products with other services, and Dispel’s pricing in no way affects a Partner’s pricing of those other services. The Pricing Guidelines are Dispel’s Confidential Information.

5.2 Purchase Order.

Partner will submit to Dispel a Purchase Order for each resale of the Products and any Support Services. Dispel may accept or reject any Purchase Order at its discretion. By placing a Purchase Order, Partner: (a) represents and warrants that the applicable Customer has agreed to the Customer Terms of Service; and (b) agrees to pay Dispel the amounts for the ordered Products and Support Services as set forth in the Pricing Guidelines, subject to any applicable discounts and any applicable cash credits under Section 3.1 (collectively, “Fees”).

5.3 Billing.

All Fees for the Products and Support Services will be billed to the Partner when the Products and Support Services are shipped/provided to the Customer. All Fees for items purchased by Dispel for the Customer will be pre-billed to the Partner and will be paid by the Partner in accordance with Section 5.4, notwithstanding Section 5.2. Any adjustments to subscription-based Fees made mid-billing cycle will be calculated and billed to Partner in arrears on the subsequent invoice. All orders made by Partner to Dispel are non-cancelable and all payments made by Partner to Dispel are non-refundable, including but not limited to, if any Customer fails to pay Partner for an order or fails to agree to the Customer Terms of Service and Dispel has terminated such Customer’s access to Services or Products as a result thereof. Other than any applicable cash credits under Section 3.1, under no circumstances will Dispel be obligated to issue a credit to Partner.

5.4 Payment.

Each invoice issued by Dispel will identify the Fees payable by Partner. All amounts payable under this Agreement will be due within thirty (30) days of the receipt of the invoice therefor; unless the parties have agreed to a specific payment schedule in the Purchase Order, in which case the payment schedule in the Purchase shall control for that order. Payments must be remitted to the account identified by Dispel and are due on the date, and in the currency stated, in the invoice. Partner will pay such amounts regardless of whether it has received any payment from Customers. Any amounts not paid when due shall accrue a late fee at the rate of one and a half percent (1.5%) per month or the maximum rate allowed by law, whichever is lower. In the event Partner fails to pay within sixty (60) days the outstanding Fees set forth in an invoice from Dispel or payment schedule in the Purchase Order, Dispel may, in its sole discretion, (a) suspend or terminate the applicable Customer’s access to the Remote Access Services and/or Support Services, and/or (b) terminate this Agreement, upon written notice to Partner.

5.5 Taxes.

Partner will be responsible, as required under applicable law, for identifying and paying all taxes and other governmental fees and charges (and any penalties, interest, and other additions thereto) that are imposed on Partner upon or with respect to the transactions and payments under this Agreement. All fees payable by Partner are exclusive of applicable taxes and duties, including VAT, GST, excise taxes, sales and transactions taxes, and gross tax receipts (“Indirect Taxes”). Dispel may charge, and Partner will pay, all Indirect Taxes that Dispel is legally obligated or allowed to collect from Partner. Partner will provide all information to Dispel as reasonably required to determine whether Dispel is obligated to collect Indirect Taxes from Partner under any applicable law. Dispel will not collect, and Partner will not pay, any Indirect Tax for which Partner furnishes Dispel a properly completed exemption certificate or a direct payment permit certificate for which Partner may claim an available exemption from such Indirect Tax. All payments made by Partner to Dispel under this Agreement will be made free and clear of any withholding or deduction for taxes. If any taxes (for example, international withholding taxes) are required to be withheld on any payment, Partner will pay additional amounts as necessary so that the net amount received by Dispel is equal to the amount then due and payable under this Agreement.

5.6 Duties and Shipping Fees.

Partner is responsible for any foreign exchange, duty, shipping charges, and additional processing fees incurred, including any BIS license fees. If these fees are incurred after the initial invoice was sent, Dispel will invoice the Partner payable under Section 5.4.

5.7 Records and Audit Rights.

During the Term and for a period of at least two (2) years thereafter, Partner will maintain complete and accurate records and accounts relating to this Agreement, including for each resale of the Products and Support Services resold by Partner: (a) the Customer’s name and address; (b) Product components made available to the Customer; and (c) documentation showing that the Customer agreed to the Customer Terms of Service. Dispel may audit such records and accounts of Partner from time to time to verify Partner’s compliance with the terms and conditions of this Agreement. Any such audit will be at Dispel’s expense; provided, however, that if such audit reveals an underpayment of three percent (3%) or more of fees payable to Dispel with respect to any calendar month, or any other material breach of this Agreement by Partner, Partner will promptly reimburse Dispel for all expenses in connection with such audit. Partner will promptly pay Dispel the amount of any underpayment (and correct any other noncompliance) revealed by any such audit.

6. Warranty Disclaimer.

6.1 Warranty Disclaimer.

EXCEPT FOR THE WARRANTY SET FORTH IN THE THEN-CURRENT VERSION OF THE CUSTOMER TERMS OF SERVICE, DISPEL MAKES NO WARRANTIES WITH RESPECT TO THE PRODUCTS, THE SUPPORT SERVICES, ANY DOCUMENTATION, OR ANY OTHER PRODUCTS OR SERVICES, AND DISCLAIMS ALL STATUTORY OR IMPLIED WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT, AND ALL WARRANTIES ARISING FROM A COURSE OF DEALING, COURSE OF PERFORMANCE, USAGE, OR TRADE PRACTICE. DISPEL SPECIFICALLY DISCLAIMS ANY WARRANTY THAT THE PRODUCTS, THE SUPPORT SERVICES, OR ANY OPEN SOURCE COMPONENT WILL MEET ANY PARTNER OR CUSTOMER REQUIREMENTS OR THAT THE OPERATION OR USE OF THE PRODUCTS OR ANY OPEN SOURCE COMPONENT WILL BE UNINTERRUPTED OR ERROR-FREE. UNDER NO CIRCUMSTANCES SHALL DISPEL HAVE ANY LIABILITY WHATSOEVER FOR ANY HARDWARE PROVIDED BY DISPEL TO CUSTOMER IN CONNECTION WITH THIS AGREEMENT.

6.2 Restrictions.

Partner will not make: (a) any representation or warranty on behalf of Dispel; (b) any representation concerning the quality, performance, or other characteristics of the Products or the Support Services, other than those which are consistent in all respects with the applicable Documentation; or (c) any commitment to modify any part of the Products or the Support Services.

7. Term and Termination.

7.1 Term.

This Agreement will commence on the Effective Date and, unless earlier terminated in accordance with this Agreement, will continue in full force and effect until the end of the Initial Term set forth on the Cover Page. Thereafter, this Agreement will automatically renew for successive one (1) year periods (each, a “Renewal Term”), unless either party notifies the other party in writing at least sixty (60) days prior to the end of the then-current term that it does not wish to renew this Agreement, or unless earlier terminated in accordance with this Agreement. The Initial Term and any Renewal Terms are collectively referred to as the “Term.”

7.2 Termination by Dispel.

Dispel may terminate this Agreement immediately upon written notice to Partner if: (a) Partner materially breaches Section 1 (“Partner’s Rights.”), Section 5 (“Pricing; Payment Terms.”) or Section 9 (“Confidentiality.”) and fails to cure such breach within seven (7) days after receipt of written notice of such breach from Dispel; (b) Partner materially breaches any other provision of this Agreement and fails to cure such breach within thirty (30) days after receipt of written notice of such breach from Dispel or (c) Partner challenges or assists third parties in challenging the ownership, validity, enforceability, or scope of Dispel’s and/or its affiliates’ intellectual property rights or other rights in the Products or Trademarks. Dispel may also terminate this Agreement for any reason, with or without cause, at any time upon sixty (60) days’ written notice to Partner.

7.3 Termination by Partner.

Partner may terminate this Agreement immediately upon written notice to Dispel if Dispel materially breaches any provision of this Agreement and fails to cure such breach within thirty (30) days after receipt of written notice of such breach from Partner. Partner may also terminate this Agreement for any reason, with or without cause, at any time upon sixty (60) days’ written notice to Dispel.

7.4 Mutual Termination.

Either party may terminate this Agreement immediately upon written notice to the other party if: (a) any proceeding is commenced by or against the other party seeking relief, reorganization, or arrangement under any laws relating to insolvency or bankruptcy, and such proceeding is not dismissed within sixty (60) days; (b) the other party makes an assignment of its property or assets for the benefit of its creditors; (c) a receiver, liquidator, or trustee is appointed for the other party’s property or assets; or (d) the other party is liquidated, dissolved, or wound up.

7.5 Transition of Existing End Users.

Upon termination or expiration of this Agreement: (a) for each Product component resold by prior to any termination or expiration of this Agreement, each then-current Customer shall continue to have the right to use such Product component for the remainder of its current subscription term (with no right to renew such subscriptions), in accordance with the Customer Terms of Service, governing such subscription, and with the terms of this Agreement, provided that in no event shall such continued right to use the Products extend past twelve (12) months after the termination or expiration of this Agreement (the period that any such rights remain in effect after the termination or expiration of this Agreement, the “Wind-down Period”); (b) the parties shall promptly meet to negotiate in good faith the orderly wind-down of each party’s activities under this Agreement; and (c) each party shall continue to perform its relevant obligations under this Agreement during the Wind-down Period (but only with respect to obligations existing as of the date of termination or expiration and only to the extent that such obligations relate to Customers with active subscriptions to the Remote Access Services).

7.6 Effect of Termination.

Upon termination or expiration of this Agreement: (a) all licenses granted to Partner under this Agreement will terminate immediately; and (b) Partner will immediately: (i) cease use and resale of the Products; (ii) discontinue use of the Trademarks; (iii) discontinue statements from which it might be inferred that any relationship exists between Partner and Dispel; (iv) cease to advertise, market, promote, or solicit or procure orders for, the Products or Support Services; and (v) return the Confidential Information, the Documentation, and all related materials and copies to Dispel.

7.7 Sales to Permitted Government Customers.

If the parties have terminated or are in the process of terminating this Agreement pursuant to this Section 7 and, at such time, Partner is still actively involved in the bidding/sales process to a Permitted Government Customer due to a bid submitted prior to any notice of termination, then this Agreement shall continue to govern and remain in full force and effect only with respect to such outstanding bid/sales to such Permitted Government Customer and any resulting sales by Partner to such Permitted Government Customer. Partner shall be permitted to continue to support any such outstanding bids/sales to such Permitted Government Customer provided Partner is and remains in full compliance with this Agreement. Upon termination or conclusion of the outstanding bids/sales, then this Agreement shall terminate in accordance with this Section 7 unless otherwise agreed to by the parties in writing.

7.8 No Harm upon Termination.

Partner will not be entitled to and, to the fullest extent permitted by law, waives any statutorily prescribed or other compensation, reimbursement, or damages for loss of goodwill, clientele, prospective profits, investments, or anticipated sales, commitments, or business opportunities of any kind arising from the termination of this Agreement.

7.9 Survival of Terms.

The following sections will survive the expiration or termination of this Agreement: (a) Sections 1.7 (“Certain Restrictions.”), 2 (“Ownership.”), 5.7 (“Records and Audit Rights.”), 6 (“Warranty Disclaimer.”), 7 (“Term and Termination.”), 8 (“Relationship of the Parties.”), 9 (“Confidentiality.”), 10 (“Indemnification.”), 11 (“Limitation of Liability.”), 12 (“Miscellaneous.”), and 13 (“Definitions.”); and (b) any payment obligations of either party to the other party arising under this Agreement.

8. Relationship of the Parties.

8.1 Independent Contractors.

The relationship of Dispel and Partner is that of independent contractors. Nothing in this Agreement will create, or be construed to create, any partnership, joint venture, agency, franchise, sales representative, employment, or fiduciary relationship between the parties. Except as otherwise provided in this Agreement, neither party will have any right, power, or authority to act or create any obligation, express or implied, on behalf of the other party. Dispel is in no manner associated with or otherwise connected with the actual performance of this Agreement on the part of Partner, nor with Partner’s employment of other persons or incurring of other expenses.

8.2 Partner’s Employees.

It is understood that Partner is solely responsible for all of its employees and agents, its labor costs and expenses arising in connection therewith, and for any and all claims, liabilities, and damages or debts of any type whatsoever that may arise on account of Partner’s activities, or those of its employees or agents, in the performance of this Agreement.

8.3 Nonexclusive Relationship.

Nothing in this Agreement will be construed as limiting Dispel’s marketing or distribution activities or its appointment of other original equipment manufacturers, dealers, distributors, resellers, licensees, or agents of any kind in any place.

9. Confidentiality.

Partner will use the Confidential Information only for purposes of exercising its rights or performing its obligations under this Agreement. Partner will hold the Confidential Information in strict confidence and will use the same degree of care that Partner uses to protect its own like information, but in no event less than a reasonable degree of care, to protect the Confidential Information from unauthorized use or dissemination. Partner will not disclose the Confidential Information to third parties without the prior written consent of Dispel and will only disclose Confidential Information to Partner’s employees who require such Confidential Information in connection with the performance of this Agreement and who are bound in writing by confidentiality obligations no less restrictive than those set forth in this Section 9. Partner agrees that any breach of this Section 9 would cause irreparable harm to Dispel for which monetary damages would not be adequate and, therefore, Partner agrees that, if Partner or its employee breaches this Section 9, Dispel will be entitled to equitable relief in addition to any other remedies it may have hereunder or at law or in equity.

10. Indemnification.

Partner will defend (at Dispel’s option), indemnify, and hold harmless Dispel, its licensors, its affiliates, and each of its and their respective members, officers, directors, agents, and employees (collectively, the “Dispel Parties”) against damages, costs, liabilities, expenses (including reasonable attorneys’ fees) and settlement amounts incurred in connection with any suit, claim or action by any third party against a Dispel Party based on: (a) Partner’s modification, use, marketing, resale, or distribution of the Products not in strict accordance with this Agreement; (b) any warranty or representation made by Partner or Partner’s agents which differ from those provided by Dispel; (c) injuries or damage to persons or property caused or claimed to have been caused by the negligent acts, errors, or omissions of Partner or Partner’s agents while in the course of performing under this Agreement; (d) any breach of Section 12.1; or (e) the infringement or misappropriation, or alleged infringement or misappropriation, of any copyright, patent, trade secret, or other intellectual property right by Partner (except to the extent such infringement or misappropriation arises from the distribution or use of the Products in compliance with the terms and conditions of this Agreement and the Customer Terms of Service). For third party claims, Dispel shall have the right to control its defense and select its own legal counsel to represent its interest and that of the Dispel Parties and Partner shall reimburse Dispel for such legal costs and attorneys’ fees promptly upon request for reimbursement. Partner may not settle any such claim without Dispel’s prior, written consent.

11. Limitation of Liability.

11.1 Consequential Damages Waiver.

TO THE FULLEST EXTENT ALLOWED UNDER APPLICABLE LAW AND EXCEPT FOR ANY LIABILITY ARISING OUT OF BREACHES OF SECTIONS 1 OR 9 AND PARTNER’S PERFORMANCE OF ITS INDEMNITY OBLIGATIONS UNDER SECTION 1, NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY OR ANY THIRD PARTY FOR ANY INDIRECT, SPECIAL, PUNITIVE, INCIDENTAL, CONSEQUENTIAL, OR OTHER INDIRECT DAMAGES, INCLUDING ANY DAMAGES RESULTING FROM LOSS OF USE, LOSS OF DATA, INADVERTENT DISCLOSURE OF DATA, LOSS OF PROFITS, LOSS OF REVENUE, OR LOSS OF BUSINESS, ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR THE PRODUCTS, NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY OF ANY KIND AND WHETHER OR NOT A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

11.2 Limitation of Liability.

TO THE FULLEST EXTENT ALLOWED UNDER APPLICABLE LAW, THE AGGREGATE LIABILITY OF DISPEL ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR THE SUBJECT MATTER HEREOF, UNDER ANY LEGAL THEORY (WHETHER IN CONTRACT, TORT, INDEMNITY, OR OTHERWISE), SHALL BE LIMITED TO THE AMOUNTS RECEIVED BY DISPEL FROM PARTNER UNDER THIS AGREEMENT DURING THE TWELVE (12) MONTH PERIOD PRIOR TO THE DATE THE CLAIM AROSE.

12. Miscellaneous.

12.1 Export Compliance.

Partner will comply with all applicable US, EU, and local foreign trade laws including sanctions laws. The following applies to the extent that it does not violate EU laws, particularly Art. 5 of Council Regulation (EC) No 2271/96. Taking this into account: (i) This Agreement is subject to any export laws, regulations, orders, or other restrictions imposed by the U.S. government (including the Export Administration Regulations (“EAR”) maintained by the U.S. Department of Commerce, trade and economic sanctions maintained by the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”), and the International Traffic in Arms Regulations (“ITAR”) maintained by the U.S. Department of State) or by any other governmental entity on the Products or any related information; (ii) Partner represents, warrants, and covenants that it is: (a) not located in Cuba, Iran, North Korea, Sudan, or Syria; and (b) not a denied party as specified in the regulations listed above; (iii) Partner shall comply with all applicable export and re-export control laws and regulations, including the EAR, trade and economic sanctions maintained by OFAC, and the ITAR; (iv) Notwithstanding any other provision of this Agreement to the contrary, Partner will not import, export or re-export, sell, transfer, divert, or otherwise dispose of, directly or indirectly, the Products or related information to any country, other destination, or person to which such import, export, or re-export is restricted or prohibited, or as to which any such government or any agency thereof requires an export license or other governmental approval at the time of such import, export, or re-export without first obtaining such license or governmental approval.

12.2 Anti-Corruption Compliance.

This Agreement is subject to the U.S. Foreign Corrupt Practices Act (“FCPA”) and all other applicable anti-corruption laws. Prior to and during the term of this Agreement, Partner, on behalf of itself and its directors, officers, employees, reseller representatives, and agents, represents, warrants and covenants that it has complied and will comply with the FCPA and all other applicable anti-corruption laws. Partner will not take any action, or fail to take any action, that would result in Dispel violating any such laws. Partner agrees to execute the Anti-Corruption Certification of Compliance, a copy of which is attached hereto as Exhibit B, at the time of entering into this Agreement.

12.3 Insurance.

Partner will, at its own expense, maintain the following insurance coverage during the Term: (a) worker’s compensation insurance as required by applicable law; (b) employee’s liability insurance with minimum coverage of one million dollars ($1,000,000) per occurrence; (c) commercial general liability insurance covering bodily injury and property damage liability, including contractual liability, with minimum coverage of one million dollars ($1,000,000) per occurrence for bodily injury and property damage combined; and (d) professional liability insurance for errors and omissions with a minimum limit of one million dollars ($1,000,000) per claim. Nothing in this Agreement shall be deemed to preclude Partner from selecting a new insurance carrier or carriers or obtaining new or amended policies at any time, as long as the above insurance coverage is maintained. Partner will provide to Dispel copies of applicable certificates of insurance upon Dispel’s reasonable request.

12.4 Governing Law; Jurisdiction and Venue.

Notwithstanding the observation of non-negotiable rules and regulations, this Agreement is to be construed in accordance with and governed by the internal laws of the State of New York without giving effect to any choice of law rule that would cause the application of the laws of any jurisdiction other than the internal laws of the State of New York to the rights and duties of the parties. Any legal suit, action, or proceeding arising out of or relating to this Agreement shall be commenced exclusively in a federal or state court located in the City of New York, and each party hereto irrevocably submits to the exclusive jurisdiction and venue of any such court in any such suit, action, or proceeding.

12.5 Government Use.

Partner acknowledges that all of the Products were developed entirely at private expense and that no part of the Products was first produced in the performance of a U.S. Government contract. Partner agrees that all of the Products and any derivatives thereof are “commercial items” as defined in 48 C.F.R. § 2.101, and if Partner is a U.S. Government agency or instrumentality or if Partner is providing all or any part of the Products or any derivatives thereof to the U.S. Government, such use, duplication, reproduction, release, modification, disclosure, or transfer of this commercial product and data is restricted in accordance with 48 C.F.R. § 12.211, 48 C.F.R. § 12.212, 48 C.F.R. § 227.7102-2 and 48 C.F.R. § 227.7202, as applicable. Consistent with 48 C.F.R. § 12.211, 48 C.F.R. § 12.212, 48 C.F.R. §§ 227.7102-1 through 227.7102-, and 48 C.F.R. §§ 227.7202-1 through 227.7202-4, as applicable, the Products are licensed to U.S. Government end users (a) only as commercial items and (b) with only those rights as are granted to all other users pursuant to this Agreement and any related agreement(s), as applicable. Accordingly, (x) Partner will have no rights in the Products except as expressly agreed to in writing by Partner and Dispel; (y) the Products may not be sold, sublicensed, or otherwise transferred by Partner to any person, company, or institution whatsoever other than as expressly permitted in this Agreement or as Dispel and Partner may otherwise agree in writing; and (z) Partner shall not remove or alter any proprietary markings on the Products. Because the Products are commercial items, Dispel and Partner agree that (1) only those mandatory Federal Acquisition Regulation (“FAR”) and FAR Supplement clauses made expressly applicable to commercial item agreements by applicable FAR and FAR Supplement prescription clause provisions and that are expressly agreed upon in writing by Dispel shall be flowed-down to Dispel and incorporated into this Agreement or any related purchase order involving shipment of the Products; (2) Dispel shall not be required to comply with the cost accounting standards or contract cost principles; and (3) nothing in this Agreement or any Order or other related purchase order involving shipment of the Products gives Partner any right to audit Dispel’s books and records.

12.6 Assignment.

This Agreement may not be assigned, in whole or part, whether voluntarily, by operation of law, or otherwise, by Partner without the prior written consent of Dispel. Subject to the preceding sentence, the rights and liabilities of the parties hereto shall bind, and inure to the benefit of, their respective assignees and successors. Any attempted assignment other than in accordance with this Section 12.6 shall be null and void.

12.7 Waiver.

The waiver by either party of a breach of or a default under any provision of this Agreement shall be in writing and shall not be construed as a waiver of any subsequent breach of or default under the same or any other provision of this Agreement, nor shall any delay or omission on the part of either party to exercise or avail itself of any right or remedy that it has or may have hereunder operate as a waiver of any right or remedy.

12.8 Attorneys’ Fees.

If any legal action, including an action for injunctive relief, is brought relating to this Agreement or the breach hereof, the prevailing party in any final judgment or arbitration award, or the non-dismissing party in the event of a dismissal without prejudice, shall be entitled to the full amount of all reasonable expenses, including all court costs and actual attorneys’ fees paid or incurred in good faith.

12.9 Severability.

If the application of any provision of this Agreement to any particular facts or circumstances is held invalid or unenforceable by a court of competent jurisdiction, then: (a) the validity and enforceability of such provision as applied to any other particular facts or circumstances and the validity of the other provisions of this Agreement will not in any way be affected or impaired thereby; and (b) such provision will be enforced to the maximum extent possible so as to effect the intent of the parties and reformed without further action by the parties to the extent necessary to make such provision valid and enforceable.

12.10 Force Majeure.

Except for the payment of amounts due under this Agreement, neither party will be liable for any delay or failure to perform to the extent due acts of God, pandemic, earthquake, fire, flood, embargoes, utility or power outages, riots, war, and acts of civil and military authorities and other similar occurrences outside of a party’s reasonable control; provided, however, that such party gives the other party prompt written notice of the delay or failure and the reason for the delay or failure, and uses its reasonable efforts to limit the resulting delay or failure (“Force Majeure Event”). If a party is unable to perform its obligations under this Agreement as a result of a Force Majeure Event for more than thirty (30) consecutive days, the other party may terminate this Agreement upon written notice.

12.11 Construction.

The captions and section and paragraph headings used in this Agreement are inserted for convenience only and shall not affect the meaning or interpretation of this Agreement. The words “include” and “including” shall not be construed as terms of limitation and shall therefore mean “including but not limited to” and “including without limitation.”

12.12 Notices.

Any notice, request, demand, or other communication required or permitted hereunder shall be in writing, shall reference this Agreement and shall be deemed to be properly given: (a) when delivered personally; (b) seven (7) days after having been sent by registered or certified mail, return receipt requested, postage prepaid; (c) two (2) business days after deposit with a private industry express courier, with written confirmation of receipt; or (d) when transmitted by email if sent before 5:00 P.M. local time on a business day in the time zone to which it is sent, and otherwise on the next business day. All notices shall be sent to:

If partner: the address set forth in the Partner Portal if to Partner

If Dispel: Dispel, Attn: Legal, 61 Greenpoint Ave, Suite 634, Brooklyn NY 11222 USA; if by email: legal@dispel.com

or an email address designated by the receiving party and to the notice of the person executing this Agreement (or to such other (email) address or person as may be designated by a party by giving written notice to the other party pursuant to this Section 12.12).

12.13 Counterparts; Headings.

This Agreement may be executed in two or more counterparts including by digital acceptance, each of which will be deemed an original and all of which together will constitute one and the same instrument. The headings contained herein are for convenience of reference only and will not be considered as substantive parts of this Agreement.

12.14 Entire Agreement.

This Agreement (including the Cover Page and the exhibits to this Agreement, which are incorporated by reference) constitutes the entire agreement between the parties with respect to the subject matter of this Agreement and supersedes all prior agreements, oral or written, regarding such subject matter. This Agreement may be updated from time to time at Dispel’s sole discretion, and Partner’s continued use of the Partner Portal constitutes consent to these changes.

However, to the extent of any conflict or inconsistency between the provisions in this Agreement and any other documents or pages referenced in these Agreements, the following order of precedence will apply: (1) the terms of a seperately agreed Partner Program Agreement, (2) the terms of this Agreement, and (3) finally, any other documents or pages referenced in the Terms. Notwithstanding any language to the contrary therein, no terms or conditions stated in a customer purchase order, vendor onboarding process or web portal, or any other customer order documentation will be incorporated into or form any part of this Agreement, and all such terms or conditions will be null and void.

12.15 Use of Other Party’s Name and Logo.

Subject to 8.1, each party shall be entitled to use the other party’s name and logo in its marketing materials and on its website in a manner designated by the other party. A party that intends to use the other party’s name and logo pursuant to this Section 12.15 shall give notice to the other party describing how such name and logo will be used, and the other party shall be given an opportunity to propose alterations before such name and logo are used. Dispel gives notice that it will use the partner logo on our website in a list of other partners.

13. Definitions.

13.1 “Add-Ons”

means separately licensed hardware or software components used in conjunction with the Dispel Remote Access Services

13.2 “Confidential Information”

means the confidential or proprietary information of Dispel or its affiliates (whether or not marked or identified as confidential or proprietary), including the Pricing Guidelines, inventions (whether or not patentable), trade secrets, ideas, know-how, techniques, processes, formulas, algorithms, schematics, research, development, software design and architecture, testing procedures, design and functional specifications, problem reports and performance information, training materials, marketing materials, marketing and financial plans and data, and the terms and conditions of this Agreement. Confidential Information does not include information (other than personal data) that: (a) is or becomes publicly known through no fault of Partner; (b) is known by or in the possession of Partner prior to its receipt from Dispel as evidenced by Partner’s written records; or (c) is lawfully obtained from a third party that has no obligation of confidentiality with respect to the information.

13.3 “Customer”

means an individual or entity that purchases from Partner Remote Access Services. For the avoidance of doubt, Customer does not include any intermediaries or sublicensees pursuant to Section 1.6 involved in the sales process who are not users of the Products.

13.4 “Customer Terms of Service”

13.5 “Derivative Work”

means a new or modified work that is based on or derived from a preexisting work, including, without limitation, a work that, in the absence of a license, would infringe the copyright in such preexisting work or that uses trade secrets or other proprietary information with respect to such preexisting work.

13.6 “Dispel Direct Competitor”

means an individual or entity that sells, produces, or otherwise provides access to software defined networks, communications networks and services in virtual private clouds utilizing virtual private network technology, ‘moving target defense’ networks, or remote access products.

13.7 “Documentation”

means Dispel’s current online help resources, guides, and manuals provided by Dispel for use with the Remote Access Services.

13.8 Remote Access Services”

means (a) the provision of access and use of networked infrastructures set up by Dispel on behalf of Customer for the purposes of secure remote access; (b) any web services provided to the Customer by Dispel for account management; (c) Dispel software applications (including any object code or executable files), including any related materials and documentation therefor; and any modifications, error corrections, bug fixes, new releases, enhanced functionality, or other updates thereto that may be provided hereunder by Dispel; and (d) any Add-Ons, as applicable.

13.9 “Support Services”

means Support Tier One and Support Tier Three, together with any additional support services authorized by Dispel and purchased by Customer pursuant to Order Documentation.

13.10 “Support Tier One”

means initial configuration of the Dispel Remote Access Services, assistance with basic administrative functions, diagnosis, and correction of errors.

13.11 “Support Tier Three”

means the creation of custom deployments and assistance with systems engineering requests.

13.12 “Government Customer”

means a specified agency, department, division, branch, or instrumentality of the national and/or federal Government or other national governments of other countries, international agencies of which the national and/or federal Government or another national government is or becomes a member, and any other national and/or federal Government or national government entity authorized to purchase off of government contracts on behalf of the national and/or federal Government or a national government of another country, in each case who purchases directly or indirectly from the Partner Remote Access Services.

13.13 “Local Government Customer”

means a specified agency, department, division, branch, or instrumentality of a local government of the United States or other countries, national agencies of which such local government is or becomes a member, and any other local entity authorized to purchase off of government contracts on behalf of such local government, in each case who purchases directly or indirectly from Partner Remote Access Services.

Exhibit B Anti-Corruption Certification of Compliance

For the purposes of this Anti-Corruption Certification of Compliance:

1. “Anything of value” is defined broadly to include monetary and non-monetary payments, such as e.g. cash, a loan, gifts, travel, entertainment, or services.

2. “Dispel” means Dispel Global, Inc, a Delaware corporation.

3. “Government Official” means any officer, employee, or agent of (i) any government, at any level (national, state, provincial, or local) and any branch (executive, legislative, or judicial), (ii) any state-owned or state-controlled enterprise, (iii) any public international organization, or (iv) any political party, including a candidate for political office or political party official.

4. “Partner” means the authorized reseller of Dispel’s software and services.

Partner, on behalf of itself and each of its directors, officers, employees, reseller representatives, and agents, hereby certifies that:

a) Partner has complied and will comply with the U.S. Foreign Corrupt Practices Act, the UK Bribery Act 2010, and all other applicable anti-corruption laws.

b) Partner has not requested, accepted, offered, or given, and will not request, accept, offer, or give, directly or indirectly, any bribe, kickback, or other improper or illegal payment of anything of value to any person in connection with the Agreement.

c) Partner has not corruptly taken any action in furtherance of an offer, payment, promise to pay, or authorization of the payment of anything of value, directly or indirectly, to a Government Official or any person for the purpose of:

i. Obtaining or retaining business;

ii. Influencing any act or decision of a Government Official or any person in his or her official capacity;

iii. Inducing the Government Official or any person to do or omit to do any act in violation of his or her lawful duty;

iv. Securing any improper advantage; or

v. Inducing any Government Official or any person to use his or her position improperly to affect any act or decision of a government or government agency, department, or instrumentality.

d) Partner is not aware of (i) any request made by any person, including any Government Official, for any payment of money or anything of value prohibited by provision b. or c. of this Certification; or (ii) any other individual or company making, offering, paying, promising, or authorizing any payment of money or anything of value prohibited by provision b. or c. of this Certification in connection with the reseller agreement between Partner and Dispel.

e) Partner will immediately advise Dispel by e-mail at legal@dispel.io or in writing, at 61 Greenpoint Ave, 6th Floor, Brooklyn, NY 11222, if it fails to comply with the provisions of this Certification or otherwise becomes aware of any changes to these representations and covenants.