Services Subscription Agreement

DEFIANT, INC.
SERVICES SUBSCRIPTION AGREEMENT

Defiant, Inc. (“Defiant”) shall provide services to the customer (the “Customer”) agreeing to this Services Subscription Agreement (“Agreement”) on the terms and conditions as set forth herein. This Agreement is effective as of the date Customer pays for the Services (the “Effective Date”). In consideration of the mutual covenants and agreements hereinafter set forth, the parties agree as follows:

1. Services.

Defiant or its affiliates shall provide services, including specified Work Product, as described in Schedule A – Wordfence Care or Schedule B – Wordfence Response, as requested by the Customer and agreed to by Defiant to assist the Customer (the “Services”). Defiant shall be responsible for the Services and Work Product only to the extent expressly agreed to between the Customer and Defiant.

2. Confidentiality.

In connection with the Services, Defiant and the Customer each shall have access to confidential business information made available by the other. Each party shall protect such confidential business information in the same manner as it protects its own confidential business information of like kind, and shall not disclose or use such confidential business information, except to the extent reasonably required for the performance of the Services; provided, however, that these provisions shall not apply to: (i) information previously known to the receiving party; (ii) information which is or has become available to the public in general through no fault of or breach of an agreement by the receiving party; (iii) information received from a third party not subject to any confidentiality obligations; or (iv) information which is independently developed by the receiving party.

3. Work Product.

Any proprietary information contained in the Work Product that is owned by the Customer shall remain owned solely and exclusively by the Customer. To the extent the Services and Work Product to the Customer contain Defiant’s proprietary information, including report formats and templates used to convey the Work Product, upon payment of all amounts due for the Services, Defiant grants the Customer a non-exclusive, non-assignable license to use such proprietary information within the Customer for such purposes. Any other use or use other than by the Customer of the Work Product shall require Defiant’s express, prior written consent. Use of any other Deliverable is subject to any shelf life restriction stated in the Deliverable.

Subject to the foregoing, the Customer acknowledges that Defiant shall own all right, title and interest to all of Defiant’s business and service methodologies, business methods, concepts, know-how, analytical frameworks, work papers, report formats and templates, databases, analytical approaches and information, whether developed before, during, or after the Term (as defined in Section 12) of these Services, including any copyrights, patents and other intellectual property rights with respect to anything that Defiant may discover, create or develop during Defiant’s provision of the Services to the Customer.

4. Nature of Services.

The Services provided by Defiant and Defiant Consultants are to be provided to and for the benefit of the Customer. Any advice, recommendations or Work Product provided to the Customer by Defiant is for the sole benefit and use of the Customer and may not be relied upon or used by any third party. The Customer acknowledges that any advice or recommendations provided to the Customer by Defiant in connection with this engagement are based upon the information available to Defiant at the time. Decisions based upon such advice or recommendations are matters in the sole discretion of the Customer. The outcome of such decisions is based upon many factors and Defiant does not guarantee any specific result or outcome.

5. Applicable Data Use.

Customer hereby grants to Defiant a non-exclusive, irrevocable, fully paid-up, royalty-free right and license to collect, compile, use, store, transfer, copy, and retain (collectively “Process”) data, such as website admin email address, website visitor IP addresses, website visitor proxy IP addresses, URL’s accessed, complete HTTP header, HTTP request body, website credentials, customer server credentials, customer website files, customer website database, customer server log files, and other such information (“Applicable Data”) for purposes of (i) performing the Services in accordance with this Agreement, and (ii) improving or modifying Defiant’s products or services. Defiant may use the Applicable Data in an aggregated manner, such that the Applicable Data is not identifiable as to any person or entity as the source or origin of such data, for the purpose of providing services to other customers of Defiant.

6. Personal Information and Disclosure of Certain Information.

In connection with the performance of the Services, the parties agree to comply with all applicable laws relating to data privacy, data security, or personal information (“Data Protection Laws”). The parties shall treat as confidential all personal information received in connection with the provision of Services.  The parties shall reasonably cooperate with each other in meeting their respective obligations under the Data Protection Laws, including those set forth in the Data Processing Addendum, which is incorporated herein by reference..

7. Fee and Payment.

The Customer shall pay the fee specified in the attached Schedule (“Fee”) that applies to the Service the Customer has requested Defiant to perform, as well as any applicable sales, use, excise, value added and other taxes associated with the provision or receipt of the Services, excluding taxes on Defiant’s income generally. Payment is due upon receipt of the invoice.

8. Subcontractors.

To the extent Defiant in its discretion engages any subcontractor in connection with the Services, Defiant shall be responsible for the Services provided by and payment due to such subcontractors. Defiant shall require that any subcontractor shall maintain all Customer information confidential on terms no less restrictive than the confidentiality provisions set forth in this Agreement.

9. Terms of Service.

In connection with the provision of Services, Defiant may provide the Customer with access to specific analytic tools and systems (such as the Wordfence Plugin), some of which may be provided by third parties, including proprietary software, databases, tracking systems, and websites, which are governed by separate or additional Terms of Service. The Customer shall comply with any applicable Terms of Service and restrictions. The Wordfence Plugin is subject to the Wordfence Terms of Service, which can be found at https://www.wordfence.com/terms-of-service/.

10. Warranty.

Defiant warrants that the Services shall be performed with reasonable care in a diligent and competent manner. Defiant’s sole obligation shall be to correct any non-conformance with this warranty or, at Defiant’s election, refund the Fee paid for the applicable Services (to the extent Defiant has not already refunded the Fee), provided that the Customer provides notice within sixty (60) days after such Services are performed or, with respect to a Deliverable, within sixty (60) days after the Customer’s receipt of the Deliverable. The notice shall specify and detail the non-conformance. Defiant shall have a reasonable amount of time, based upon its severity and complexity, to correct any non-conformance. In the event the Customer does not provide such notice within the sixty (60) day period, any claim with respect to such non-conformance shall be deemed waived.

TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE UNDERTAKING IN THIS PARAGRAPH IS DEFIANT’S ONLY WARRANTY CONCERNING THE SERVICES AND ANY DELIVERABLES, AND IS EXPRESSLY IN LIEU OF ALL OTHER WARRANTIES AND REPRESENTATIONS, EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

11. Exclusion of Damages and Limitations on Liability.

(a) EXCEPT WITH RESPECT TO THE INDEMNITIES IN THE PRECEDING INDEMNIFICATION PARAGRAPH, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER FOR CONSEQUENTIAL, INDIRECT, SPECIAL, INCIDENTAL OR SIMILAR DAMAGES.

(b) Except with respect to the indemnities in the preceding Indemnification Paragraph, Defiant’s aggregate maximum liability relating to the Services under this Agreement (regardless of form of action, whether in contract, negligence or otherwise) shall be limited to the compensation paid to Defiant for Services in the 12-month period immediately preceding the event giving rise to liability.

(c) The forgoing exclusions and limitations shall be effective to the extent permitted by applicable law.

12. Term and Termination.

(a) This Agreement shall commence on the Effective Date and continue for the Initial Term specified in the attached Schedule that applies to the Service the Customer has requested Defiant to perform, unless otherwise terminated in accordance with this Section 12. Upon expiration of the Initial Term, the Agreement will automatically renew for additional and successive one-year renewal periods (each, a “Renewal Term”). The Initial Term and any Renewal Terms are, collectively, the “Term.”

(b) The Customer may terminate this Agreement at any time without cause. In the event Customer terminates this Agreement without cause prior to Defiant receiving Customer’s access credentials for that website, the Customer may request a full refund of all Fee’s paid for the Services. Defiant will issue no refund if the Customer terminates this Agreement without cause after Defiant receives Customer’s access credentials for that website. To the extent Defiant has refunded the Fee, or a portion of the Fee, prior to the date of termination, the refund available under this Section will be reduced by the amount previously refunded.

(c) Either party may terminate this Agreement: (i) upon written notice if the other party materially breaches this Agreement and fails to cure such breach within thirty (30) days following receipt of written notice specifying the breach in reasonable detail; or (ii) immediately upon written notice if the other party becomes the subject of bankruptcy, insolvency, receivership, liquidation, assignment for the benefit of creditors or similar proceeding. In the event the Agreement is terminated pursuant to this Section 12(c), no refund will be due from Defiant to the Customer.

(d) Defiant may at its option suspend Services or terminate Services immediately upon notice in the event the Customer fails to pay any payments due to Defiant within the prescribed period of time or if Customer violates Section 5.4 (Prohibited Actions) of the Wordfence License Terms and Conditions.

(e) Immediately upon termination of this Agreement, all rights and licenses granted hereunder shall terminate. Termination of this Agreement shall not relieve Customer of its obligation to pay all Fees owed by Customer. In addition to any other provisions which by their terms are intended to survive, the parties’ rights and obligations under Sections 2, 3, 5, 6, 11, and 13 shall survive expiration or termination of this Agreement. Neither party will have liability to the other party for any costs, losses, damages or liabilities arising out of or related to any expiration or termination of this Agreement, including any lost profits. Termination of this Agreement shall not limit either party from pursuing any other remedies available to it. The Customer shall pay Defiant for all Services rendered by Defiant prior to the date of termination, and shall reimburse Defiant for all reasonable costs associated with any termination.

13. General.

(a) All notices, demands, or other communications given or made under this Agreement shall be in writing, in English, to the parties at the addresses set forth below each party’s signature line. If no address is listed for the Customer, notice to the Customer will be effective if sent to any published Customer address that Defiant selects. Notice shall be effective: (a) upon delivery if delivered in person; (b) five (5) days after deposit in the regular mail, addressed to the recipient, postage prepaid and registered with return receipt requested; (c) one (1) day after deposit with an express mail or overnight courier service, provided that confirmation of such delivery is received; or (d) upon transmission if sent via electronic mail or facsimile, provided that a confirmation copy is sent via express mail or overnight courier service and confirmation of such delivery is received. A copy of any notice to Defiant shall be sent to: privacy@defiant.com. Any party may change its address or other notice information by providing the other party with notice in accordance with this Paragraph.

(b) The relationship between the parties is that of independent contractors, and nothing in this Agreement is intended to, or should be construed to, create a partnership, agency, joint venture or employment relationship. Neither party is authorized to make any representations, contracts or commitment on behalf of the other. Defiant assumes full and sole responsibility for the payment of all compensation and expenses (including payment of employment benefits, if any) of Defiant employees and consultants, including where applicable workers’ compensation, disability benefits and unemployment insurance, and for withholding and remitting any local, state or federal payroll-related taxes or assessments related to performance of the Services.

(c) No rights, benefits, or claims are conferred upon any person or entity not a party to this Agreement or any agreement between Defiant and the Customer to provide Services. In the event the Customer chooses to directly engage other contractors, Defiant shall not be responsible for the performance of such contractors, even if Defiant has been involved in recommending or selecting such contractors or in otherwise reviewing such third party’s work.

(d) Defiant’s Services do not include providing testimony or expert witness services. If Defiant is the subject of a subpoena or is requested to testify or otherwise becomes similarly involved (other than as a party) in any legal proceeding that arises out of or relates to Defiant’s performance of Services pursuant to this Agreement, the Customer agrees to reimburse Defiant for all costs incurred by Defiant (including attorneys’ fees and the time of Defiant employees or contractors in connection with such proceeding).

(e) Neither party shall be liable or responsible by reason of any failure or delay in the performance of its obligations (except for the payment of money) on account of strikes, pandemic, shortages, riots, insurrection, fires, flood, storm, explosions, acts of God, war, governmental action, labor conditions, earthquakes, or any other cause which is beyond the reasonable control of such party.

(f) The parties may correspond or convey documentation via electronic mail, which has inherent limitations, including issues of performance, reliability, availability and security. Neither party shall be liable for any loss, damage, expense, harm or inconvenience resulting from the loss, delay, interception, corruption, or alteration of any electronic mail due to any reason beyond that party’s reasonable control.

(g) Each party acknowledges that breach of this Agreement by the other party may result in irreparable harm, the extent of which would be difficult or impracticable to assess, and that money damages would not be an adequate remedy for such breach. Accordingly, either party shall be entitled to seek immediate injunctive and other provisional relief with respect to such breach without prejudice to any such other remedies.

(h) This Agreement and any agreement between Defiant and the Customer to provide Services shall be governed in all respects by the laws of the State of Washington without regard to conflicts of laws rules.

(i) Each party consents to the exclusive jurisdiction of the relevant court of Washington for any legal action, suit, or proceeding arising under or relating to this Agreement or any agreement between Defiant and the Customer to provide Services and agrees that any such action, suit, or proceeding may be brought only in such courts. Each party further waives any objection to the laying of venue for any such suit, action, or proceeding in such courts or for the purpose of enforcing any such decisions or rulings.

(j) The Paragraph headings in this Agreement are provided for convenience only and shall not affect its construction or interpretation. All references to “Paragraph” or “Paragraphs” refer to the corresponding Paragraph or Paragraphs of this Agreement. Whenever the context may require, any pronoun includes the corresponding masculine, feminine and neuter forms. Words in the singular or plural include the plural or the singular, as the case may be. The words “include”, “includes” and “including” shall be deemed to be followed by the phrase “without limitation”. Unless otherwise expressly stated in any written agreement between Defiant and the Customer to provide Services, this Agreement shall be deemed incorporated into and made a part of any agreement between Defiant and the Customer. In the event of any conflict between the terms set forth in any agreement between Defiant and the Customer to provide Services and this Agreement, this Agreement shall control.

(k) If any court of competent jurisdiction shall hold any part of this Agreement or any agreement between Defiant and the Customer to provide Services invalid or unenforceable, the other provisions of this Agreement or any such agreement shall remain in full force and effect. Any provision of this Agreement or any such agreement held invalid or unenforceable only in part or degree shall remain in full force and effect to the extent not held invalid or unenforceable.

(l) The rights and remedies of the parties are cumulative and not alternative. Neither the failure nor delay by any party in exercising any right, power, or privilege, and no single or partial exercise of any such power, right, or privilege shall preclude any other or further exercise of such or any other power, right or privilege. Any waiver or consent shall be in writing signed by the party granting such waiver or consent.

(m) This Agreement or any agreement between Defiant and the Customer to provide Services may not be assigned or transferred (including any transfer by operation of law) by either party without the written consent of the other party.

(n) This Agreement and any agreement between Defiant and the Customer to provide Services shall be binding upon and shall inure to the benefit of the parties, their affiliates, and their respective successors and permitted assigns.

(o) This Agreement supersedes all prior and contemporaneous communications, proposals or agreements between the parties, oral or written. This Agreement contemplates a variety of communications between the parties in connection with the Services, including the possibility of communications made on forms of Defiant or the Customer (e.g., invoices, purchase orders, or other Defiant or Customer). In the event of a conflict, the terms of this Agreement shall control and any terms and conditions contained in those communications that are inconsistent with the terms of this Agreement are null and void. This Agreement may be amended or modified only by a written instrument signed by a duly authorized agent of the Customer and Defiant.

(p) This Agreement may be executed in one or more counterparts, each of which shall be deemed to be an original copy of this Agreement and all of which, when taken together, shall be deemed to constitute one and the same agreement.

Schedule A – Wordfence Care

This Schedule A applies if Customer selected the “Wordfence Care” services offered by Defiant. All capitalized terms not defined in this Schedule A have the respective meanings set forth in the Agreement.

1. Scope of Services and Description of Work Product

Wordfence Care includes a Wordfence Care license, premium support, installation, configuration, one initial security audit and one security audit per year for the duration of the Term, site security monitoring and incident response services available during normal business hours for the duration of the Term (Wordfence Care is further described at https://wordfence.com/products/wordfence-care). Defiant may modify the Services from time to time. In the event of such modification, Defiant will provide notice to you through the Wordfence website or via email. The Defiant incident response and the Defiant customer support team are available weekdays 9:00 a.m. – 8:00 p.m. ET excluding holidays.

Wordfence Care services cannot be used for sites that are in violation of our licensing terms under Section 5.4 (Prohibited Actions) of the Wordfence License Terms and Conditions available at https://www.wordfence.com/license-terms-and-conditions/.

The Wordfence Care services cannot be used in the following environments and scenarios:

  • Load Balanced Servers
  • Sites using plugins or themes containing obfuscated PHP code such as Digital Access Pass, Optimize Press
  • Multiple web applications on the same account unless a Care license is purchased for each individual site.
  • Exclusions to this are test, staging and development sites on the same server. Customer has the option to include these at $199.00 USD each, or to remove and rebuild them from the production site after any audit, or incident response with the clean production copy we provide. These additional sites share a premium license with the Wordfence Care site, and will be provided premium support during normal business hours as stated above.
  • Windows hosted sites
  • Nulled plugins or themes that are detected but not removed
  • Hosting providers with history of service vulnerabilities
  • Non-standard WordPress installations
  • Sites that cannot be managed through Wordfence Central
  • Multisite WordPress installations with 6 or more sites installed
  • Wordfence plugin has been uninstalled or deactivated

2. Pricing

Service Initial Term Fee
Wordfence Care 1 Year Subscription 1 Year $490.00 USD
Wordfence Care 2 Year Subscription 2 Years $882.00 USD
Wordfence Care 3 Year Subscription 3 Years $1176.00 USD

3. Miscellaneous

Wordfence Care applies to a single, isolated WordPress installation; hosted on a Linux server. The license provided for your Wordfence Care plan is non-transferable to another WordPress website once Defiant has received Customer’s access credentials for that website, and only applies to your production website.

  • An initial audit upon purchase of a new subscription is recommended.
  • Sites greater than 100Gigs must reduce their size under 100Gigs or pay an overage fee of $100 USD per each additional 100Gigs for every site audit or incident response performed.
  • Defiant will not update WordPress core, themes or plugins other than the Wordfence plugin.
  • Defiant will test alert email deliverability but the Customer is responsible for fixing any issues found.
  • It is the Customer’s responsibility to setup two factor authentication for a website, Defiant is unable to do so.
  • Sites that have been completely removed from the server with no recent backup may not be restorable.
  • Audit Reports and Incident Response Reports include recommendations that must be implemented, with future audits and incident response possibly declined until the recommendations are completed.

 

Schedule B – Wordfence Response

This Schedule B applies if Customer selected the “Wordfence Response” services offered by Defiant. All capitalized terms not defined in this Schedule B have the respective meanings set forth in the Agreement.

1. Scope of Services and Description of Work Product

Wordfence Response includes a Wordfence Response license, premium support, installation, configuration, two security audits (one initial audit and one to be requested later during the term of this agreement; two year and three year subscriptions also receive an initial audit at the beginning of the subsequent subscription year(s) and one additional audit upon request), site security monitoring and one hour incident response service available 24/7 365 days a year for the duration of the Term (Wordfence Response is further described at https://wordfence.com/products/wordfence-response). Defiant may modify the Services from time to time. In the event of such modification, Defiant will provide notice to you through the Wordfence website or via email. The Defiant incident response team is available 24/7 365 days a year. The Defiant customer support team is available weekdays 9:00 a.m. – 8:00 p.m. ET excluding holidays.

Wordfence Response services cannot be used for sites that are in violation of our licensing terms under Section 5.4 (Prohibited Actions) of the Wordfence License Terms and Conditions available at https://www.wordfence.com/license-terms-and-conditions/.

The Wordfence Response services cannot be used in the following environments and scenarios:

  • Load Balanced Servers
  • Sites using plugins or themes containing obfuscated PHP code such as Digital Access Pass, Optimize Press
  • Multiple web applications on the same account unless a Response license is purchased for each individual site.
  • Exclusions to this are test, staging and development sites on the same server. Customer has the option to include these at $199.00 USD each, or to remove and rebuild them from the production site after any audit, or incident response with the clean production copy we provide. These additional sites share a premium license with the Wordfence Response site, and will be provided premium support during normal business hours as stated above.
  • Windows hosted sites
  • Nulled plugins or themes that are detected but not removed
  • Hosting providers with history of service vulnerabilities
  • Non-standard WordPress installations
  • Sites that cannot be managed through Wordfence Central
  • Multisite WordPress installations with 6 or more sites installed
  • Wordfence plugin has been uninstalled or deactivated

2. Response Time

Defiant will endeavor to: a) respond to your service request within 60 minutes of receipt; b) clean and restore the functionality of your WordPress site in 24 hours after accurate credentials are received and verified; and c) issue you a report within 24 hours of the site restoration.

Exclusions

The Response Time does not apply to the following:

  • Removal of Customer’s domain from third-party blacklists, such as Google AdWords, which is dependent upon third-party party response times
  • Connectivity issues with your hosting provider or server
  • Sites that have been taken offline by hosting provider
  • Sites larger than 100GB
  • Sites that have been completely removed from the server and no recent backup exists
  • Test, staging and development sites
  • During times of extraordinary support volumes such as caused by a WordPress core vulnerability
  • Product issues not related to a security incident

3. Pricing

Service Initial Term Fee
Wordfence Response 1 Year Subscription 1 Year $950.00 USD
Wordfence Response 2 Year Subscription 2 Years $1710.00 USD
Wordfence Response 3 Year Subscription 3 Years $2280.00 USD

4. Miscellaneous

Wordfence Response applies to a single, isolated WordPress installation; hosted on a Linux server. The license provided for your Response plan is non-transferable to another WordPress website once Defiant has received Customer’s access credentials to your website, and only applies to your production website.

  • An initial audit upon purchase of a new subscription is recommended.
  • Sites greater than 100Gigs must reduce their size under 100Gigs or pay an overage fee of $100 USD per each additional 100Gigs for every site audit or incident response performed.
  • Defiant will not update WordPress core, themes or plugins other than the Wordfence plugin.
  • Defiant will test alert email deliverability but the Customer is responsible for fixing any issues found.
  • It is the Customer’s responsibility to setup 2FA for a website, Defiant is unable to do so.
  • Sites that have been completely removed from the server with no recent backup may not be restorable.
  • Audit Reports and Incident Response Reports include recommendations that must be implemented, with future audits and incident response possibly declined until the recommendations are completed.