Last updated: May 12, 2026
1. Acceptance of Terms of Service
These Terms of Service ( “Terms”) govern your (“Customer” or “you”) access to websites, platforms, and related services operated by or on behalf of Sprocket Security, Inc. (“Sprocket Security” or “we,” or “us,” or “our”). These Terms are important and affect your legal rights, so please read them carefully. Note that Section 18 of these Terms contains a mandatory arbitration provision that requires the use of arbitration on an individual basis and limits the remedies available to you in the event of certain disputes.
By accessing or using (i) the platform provided by Sprocket Security, including all software, interfaces, tools, utilities, functionality and other technologies and any related intellectual property relating thereto (collectively, the “Sprocket Security Platform”), (ii) the services described in an Order, including, but not limited to, the services available on the Sprocket Security Platform (collectively, the “Sprocket Security Services”), you agree to be bound by these Terms, the applicable Order, and all of the terms incorporated herein by reference (collectively, the “Agreement”). An “Order” means any request, agreement, or arrangement to receive any service from Sprocket Security, whether paid or free, and whether made through a purchase order, order form, online form, email, phone, or any other means of communications.
If there are any terms and conditions in an Order that conflict with the terms and conditions in these Terms of Service, then these Terms control unless we have agreed in writing that the terms in the Order control with respect to such Order. These Terms prevail over any of Customer’s terms and conditions or other legal terms, whether contained or referenced in Customer’s request for proposal, purchase order or other communication and regardless of whether or when Customer has placed an Order. The provision of Sprocket Security Services to Customer does not constitute acceptance of any of Customer’s terms and conditions or other legal terms and does not serve to modify or amend these Terms, and any such terms of Customer not incorporated into these Terms or an Order are hereby expressly rejected.
We may revise these Terms and the Agreement at any time for any reason with or without notice. We will endeavor to provide you notice of any changes to these Terms by any reasonable means, including through posting the changes on the Sprocket Security Platform or making them available through the Sprocket Security Services. You can determine when we last updated these Terms by referring to the “Last Updated” legend at the top of these Terms. Except to the extent that your express consent to any revised Terms is required under applicable law, by continuing to access or use the Sprocket Security Platform or Sprocket Security Services, you agree to the then-current revised Terms. If you do not agree to any revised Terms, you may not and we do not authorize you to access or use the Sprocket Security Platform or Sprocket Security Services. We strongly recommend that you periodically visit this page to review these Terms.
2. Sprocket Security Services
2.1. Free Sprocket Services
You acknowledge that any Sprocket Security Services provided to you without any fee or charge, including without limitation, a trial, demo, newsletter, sample, or our Attack Surface Management platform (“ASM” and all of the foregoing, collectively, the “Free Sprocket Services”) are offered by Sprocket Security free of charge to you subject to these Terms and that Sprocket Security may, in its sole discretion, suspend or terminate your access to any Free Sprocket Services or stop offering any Free Sprocket Services altogether, in either case with or without notice to you.
If you register for a free trial of any Sprocket Security Services or otherwise utilize free capabilities, you understand that these Terms will also govern that free trial.
NOTWITHSTANDING ANYTHING HEREIN TO THE CONTRARY, FREE SPROCKET SERVICES, INCLUDING, BUT NOT LIMITED TO, THE ASM PLATFORM, ARE OFFERED “AS-IS” WITHOUT ANY WARRANTY AND SPROCKET SECURITY SPECIFICALLY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE WITH RESPECT TO ALL FREE SPROCKET SERVICES, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
Customer hereby acknowledges and agrees that Sprocket Security is under no obligation to provide any customer support or maintenance for the Free Sprocket Services. Any updates and improvements to the Free Sprocket Services shall be made, or not made, in the full discretion of Sprocket Security, and Sprocket Security is under no obligation to release or make available any updates or improvements of the Free Sprocket Services to Customer.
2.2. Paid Sprocket Services
If you choose to purchase paid Sprocket Security Services (“Paid Sprocket Services”), then Sprocket Security shall provide such Paid Sprocket Security Services to Customer as described in accordance with these Terms and any additional terms in an Order which have been agreed in writing by Sprocket Security.
3. Grant of Rights
3.1 Grant of Rights
Subject to compliance with these Terms, Sprocket Security hereby grants to Customer a terminable, revocable, nontransferable and nonexclusive right and license, during the term set forth in the applicable Order, or, if no such term is specified, then until either Sprocket Security or Customer terminates this Agreement, to access and use the Sprocket Security Platform, by users designated by Customer (“Authorized Users”), solely in connection with the receipt and use of the Sprocket Security Services covered by Customer’s Order, and solely for Customer’s internal business use.
3.2 Restrictions on Use
Customer shall not, and shall ensure its Authorized Users do not, use the Sprocket Security Platform or the Sprocket Security Services for any purposes beyond the scope of the access granted in this Agreement. Specifically, but not in limitation, Customer shall not, directly or indirectly, and shall not permit Authorized Users or any third party to: (i) copy, modify, or create derivative works of the Sprocket Security Platform or Sprocket Security Services, in whole or in part; (ii) rent, lease, lend, sell, license, sublicense, assign, distribute, publish, transfer, or otherwise make available the Sprocket Security Platform or Sprocket Security Services; (iii) reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas, know-how or algorithms relevant to the Sprocket Security Platform or Sprocket Security Services or any other software, documentation or data related to the Sprocket Security Platform, in whole or in part; (iv) remove any proprietary notices from the Sprocket Security Platform or Sprocket Security Services; (v) use the Sprocket Security Platform or Sprocket Security Services in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right or other right of any person, or that violates any applicable law; or (vi) utilize the Sprocket Security Platform or Sprocket Security Services to create, develop, enhance, or modify any competing product or service. Customer is responsible and liable for all uses of the Sprocket Security Platform resulting from access provided by Customer, including all use of the Sprocket Security Services, directly or indirectly, whether such access or use is permitted by or in violation of this Agreement. Without limiting the generality of the foregoing, Customer is responsible for all acts and omissions of its Authorized Users, and any act or omission by any such Authorized User that would constitute a breach of this Agreement if taken by Customer will be deemed a breach of this Agreement by Customer.
3.3 Suspension
Sprocket Security may suspend Customer’s and/or any Authorized User’s access to any portion or all of the Sprocket Security Platform and/or the Sprocket Security Services if: (i) Sprocket Security reasonably determines that (a) there is a disruption, security risk, threat or attack on the Sprocket Security Platform, Sprocket Security Services or to any other Customer or vendor of Sprocket Security; (b) Customer, or any Authorized User, is using the Sprocket Security Platform or Sprocket Security Services for fraudulent or illegal activities, or in violation of any contractual obligations or covenants between the Customer and a third-party; (c) Customer has ceased to continue its business in the ordinary course, made an assignment for the benefit of creditors or similar disposition of its assets, or become the subject of any bankruptcy, reorganization, liquidation, dissolution, or similar proceeding; or (d) Sprocket Security’s provision of the Sprocket Security Platform and/or the Sprocket Security Services to Customer or any Authorized User is or becomes prohibited by applicable law or regulation; (e) any vendor of Sprocket Security has suspended or terminated Sprocket Security’s access to or use of any third-party services or products required to enable Customer to access the Sprocket Security Platform or use the Sprocket Security Services; or (f) Customer fails to timely pay any undisputed invoices.
3.4 Equipment
Customer is responsible for obtaining and maintaining any equipment and ancillary services needed to connect to, access or otherwise use the Sprocket Security Platform and receive and use the Sprocket Security Services, including, without limitation, modems, hardware, servers, software, operating systems, networking, and web servers.
3.5 Authorized Users Compliance with End User License Agreement
All users of the Sprocket Security Platform are required to accept the End User License Agreement available at https://www.sprocketsecurity.com/EULA and herein incorporated by reference (“EULA”) in order to access and use the Sprocket Security Platform and receive and use the Sprocket Security Services. Customer understands and agrees that it is responsible for its Authorized Users’ compliance with the EULA. Sprocket Security may update the EULA at any time and Customer agrees that its Authorized Users will comply with such updated EULA upon Customer’s notice of the same.
4. Change Orders
With respect to Paid Sprocket Services only, Services shall be performed and billed as set forth in the Order, as applicable. In the event Customer requests any adjustment to the scope of the Order, or in the event Sprocket Security believes that changes are necessary or desirable in order for the satisfactory completion of all or a portion of the Order, Sprocket Security shall prepare and deliver to Customer a written proposal (“Change Order”) setting forth the proposed modifications to the Order. Change Orders shall be effective only if executed by authorized representatives of Sprocket Security and Customer. Upon such approval, the modifications set forth in the Change Order shall become modifications to the budget and scope of the Order.
5. Deliverables and Acceptance
With respect to Paid Sprocket Services only, Customer shall, within ten (10) business days of receipt of any Deliverable, provide Sprocket Security with written notification of any Deliverable that does not comply in all material respects to the specifications established in the “Deliverables” section of the applicable Order. In the absence of such notification, all Deliverables will be deemed satisfactory. Sprocket Security shall correct any such non-compliance with the specifications established in the “Deliverables” section of the applicable Order as soon as practicable following receipt of such notice. THE REMEDY SET FORTH IN THIS SECTION REPRESENTS THE CUSTOMER’S EXCLUSIVE REMEDY FOR ANY NON-COMPLIANCE WITH SPECIFICATIONS OF THE DELIVERABLES. FREE SPROCKET SERVICES ARE PROVIDED “AS IS” AND ALL DELIVERABLES UNDER FREE SPROCKET SERVICES ARE DEEMED ACCEPTED ON DELIVERY.
6. Invoicing and Payment
With respect to Paid Sprocket Services only, Customer shall pay Sprocket Security the fees set forth in the Order (“Fees”) for the Sprocket Security Services provided under the Order. Sprocket Security shall produce an invoice to Customer upon execution of the Order and shall be compensated directly by Customer based on the terms of the Order. Customer shall pay all invoices issued by Sprocket Security within thirty (30) calendar days after receipt of the invoice, or if a different payment schedule is provided in the applicable Order, in accordance with the payment schedule provided in such Order.
Except for invoices that the Customer disputes in good faith, all late payments shall bear interest at the lesser of the rate of 1.5% per month or the highest rate permissible under applicable law, calculated daily and compounded monthly. Customer shall also reimburse Sprocket Security for all costs incurred in collecting any late payments, including, without limitation, attorneys’ fees and expenses.
Customer is responsible for all travel and out-of-pocket expenses incurred by Sprocket Security in connection with each Order, unless the Order explicitly provides otherwise. Sprocket Security will provide reasonable notice to Customer prior to any material expenses.
All Fees required under the Orders are exclusive of all national, state, municipal or other governmental excise, sales, value-added, use, personal property and occupational taxes, excises and obligations, and Customer shall be solely responsible for all of these except for taxes based on Sprocket Security’s net income.
7. Authorization of Services
Customer authorizes Sprocket Security to perform the Sprocket Security Services specified in the Order. Customer acknowledges and accepts that penetration testing, vulnerability scanning, and other security services inherently involve risks, including but not limited to, system outages, data loss, corruption, or other adverse effects on Customer Materials and other Customer systems, data, or operations. Customer assumes all such risks and waives any claims against Sprocket Security arising therefrom, except to the extent caused by Sprocket Security’s gross negligence or willful misconduct. Customer is solely responsible for backing up all data, systems, and configurations prior to the commencement of any Sprocket Security Services. Unless expressly set forth in an Order, Sprocket Security is not responsible for remediating any vulnerabilities, implementing security controls, or providing ongoing monitoring or support services. Customer is solely responsible for implementing any recommendations or remediations identified by Sprocket Security.
CUSTOMER ACKNOWLEDGES THAT THE SPROCKET SECURITY SERVICES ARE NOT WITHOUT RISK, INCLUDING BUSINESS INTERRUPTION, DAMAGE TO PROPERTY, SYSTEMS, OR EQUIPMENT, AND COULD RESULT IN BODILY HARM OR INJURY. THE CUSTOMER EXPRESSLY AGREES THAT SPROCKET SECURITY SHALL NOT BE HELD LIABLE IN ANY MANNER FOR ANY ADVERSE CONSEQUENCES FLOWING FROM THE SPROCKET SECURITY SERVICES, EXCEPT WHERE SUCH CONSEQUENCES ARE ATTRIBUTABLE TO GROSS NEGLIGENCE OR WILLFUL MISCONDUCT ON THE PART OF SPROCKET SECURITY.
Customer understands that Sprocket Security may perform active probes and external penetration testing against Customer Materials (as defined below), in accordance with an applicable Order for Sprocket Security Services, or in the performance of its duties relating to the operations of the Sprocket Security Platform, and that such active probes and external penetration testing may result in disruption of the Customer Materials.
Customer acknowledges and agrees that Sprocket Security may use AI Tools in connection with the Sprocket Security Services and the Sprocket Security Platform, including, without limitation: (i) to assist Sprocket Security personnel in performing manual penetration testing, vulnerability analysis, and related security assessments; (ii) to conduct semi-autonomous or autonomous penetration testing, vulnerability scanning, attack simulation, and related security operations through the Sprocket Security Platform; and (iii) to process, analyze, and evaluate Customer Materials and related data for the purpose of identifying, assessing, and reporting on security vulnerabilities and threats. Customer acknowledges that AI Tools may select, prioritize, and execute testing methodologies, attack vectors, and related operations with varying degrees of human oversight, and that such AI-driven operations carry risks comparable to, and in some cases distinct from, those associated with human-directed penetration testing, including, without limitation, the risk of unexpected or unintended interactions with Customer Materials. Customer's authorization under this Section 7 expressly extends to Sprocket Security's use of AI Tools as described herein, and the risk assumptions, waivers, and limitations of liability set forth in this Section 7 and elsewhere in these Terms apply with equal force to the use of AI Tools in the delivery of the Sprocket Security Services and the operation of the Sprocket Security Platform. "Artificial Intelligence Tools" or "AI Tools" means any artificial intelligence, machine learning, or automated reasoning technologies, models, or systems, including those provided by third-party vendors, that Sprocket Security uses in connection with the delivery of the Sprocket Security Services or the operation of the Sprocket Security Platform. AI Tools may operate in an assistive capacity alongside Sprocket Security personnel or in a semi-autonomous or autonomous capacity within the Sprocket Security Platform.
CUSTOMER HEREBY ACKNOWLEDGES AND AGREES, IN ACCORDANCE WITH THE LANGUAGE ABOVE, THAT SPROCKET SECURITY SHALL NOT BE HELD RESPONSIBLE OR LIABLE FOR ANY ADVERSE EFFECTS RESULTING FROM THE PERFORMANCE OF ACTIVE PROBES OR EXTERNAL PENETRATION TESTING AGAINST CUSTOMER MATERIALS RELATING TO THE SPROCKET SECURITY SERVICES AND/OR THE OPERATION OF THE SPROCKET SECURITY SERVICES, INCLUDING, BUT NOT LIMITED TO, ANY SUCH PROBES OR EXTERNAL PENETRATION TESTING AGAINST CUSTOMER MATERIALS THAT MAY BE CONDUCTED AND IMPLEMENTED USING AI TOOLS, AND THAT CUSTOMER WILL BE RESPONSIBLE FOR ANY SUCH ADVERSE EFFECTS. CUSTOMER ACKNOWLEDGES AND AGREES THAT: (A) AI TOOLS ARE PROBABILISTIC IN NATURE AND MAY NOT IDENTIFY ALL VULNERABILITIES, THREATS, OR SECURITY RISKS AFFECTING CUSTOMER MATERIALS; (B) AI TOOLS MAY INTERACT WITH CUSTOMER MATERIALS IN UNEXPECTED WAYS, INCLUDING BY PURSUING ATTACK PATHS OR ESCALATION STRATEGIES THAT DIFFER FROM THOSE THAT WOULD BE SELECTED BY HUMAN TESTERS; (C) THE USE OF AI TOOLS DOES NOT GUARANTEE ANY PARTICULAR LEVEL OF SECURITY OR ANY SPECIFIC OUTCOME; AND (D) CUSTOMER IS SOLELY RESPONSIBLE FOR EVALUATING, VALIDATING, AND IMPLEMENTING ANY FINDINGS, RECOMMENDATIONS, OR REMEDIATIONS IDENTIFIED THROUGH THE USE OF AI TOOLS. THE LIMITATIONS OF LIABILITY AND DISCLAIMERS SET FORTH IN SECTIONS 10.3, 15, AND 16 OF THESE TERMS APPLY WITH FULL FORCE TO ANY CLAIMS ARISING FROM OR RELATING TO THE USE OF AI TOOLS.
8. Resources and Independent Contractor Relationship
Sprocket Security shall provide all equipment, tools, including AI Tools, materials or supplies necessary for the performance of the Sprocket Security Services to be rendered under an applicable Order. Sprocket Security will determine the method, details, and means of performing the work to be carried out for Customer. With respect to Paid Sprocket Services only, each Customer who has executed an Order shall be entitled to review Deliverables, stop work, and request modifications to such Order. Sprocket Security shall comply at its own expense with all applicable federal, state, local and foreign laws, ordinances, regulations and codes including those relating to the identification and procurement of required permits, certificates, licenses, insurance, approvals and inspections in connection with the Sprocket Security Services, except where the Order explicitly provides otherwise.
Nothing under the Order or these Terms shall be construed to create a joint venture, partnership, agency, or other employment relationship between the Customer and Sprocket Security. Each of the Sprocket Security employees who are assigned to perform the Sprocket Security Services for Customer shall be considered to be an employee of Sprocket Security only and will not be considered an agent or employee of Customer for any purpose. Likewise, each of the Customer employees who from time to time may facilitate or otherwise be involved in Sprocket Security’s performance of the Sprocket Security Services for Customer shall be considered to be an employee of Customer only and will not be considered an agent or employee of Sprocket Security for any purpose.
9. Term and Termination
9.1 Term of Orders
After the initial term indicated on an applicable Order (as applicable, the “Initial Term”), the Agreement and Order will automatically renew for the shorter of (i) successive one (1) year periods; or (ii) successive periods equal to the initial term indicated on an applicable Order, if less than one (1) year (as applicable, each a “Renewal Term” and collectively, with the Initial Term, the “Term”), unless either party provides the other with written notice of its intent not to renew the Agreement at least sixty (60) days prior to the expiration of the then current Term (or, if the Initial Term indicated on an applicable Order is less than one hundred twenty (120) days, then at least thirty (30) days prior to the expiration of the then current Term), unless and until sooner terminated as provided in these Terms. If the Term is renewed for any Renewal Term, the Order will be subject to any change in the pricing payable by Customer for any increases in scope or costs during the applicable Renewal Term.
9.2 Termination
Either party may terminate an Order for a material breach of the Agreement which is not cured within forty-five (45) days after receipt of written notice thereof (or such other period as agreed by the parties in writing). Customer or Sprocket Security may terminate the Agreement upon written notice at such time as no Order(s) are in effect hereunder.
Notwithstanding anything contained in these Terms, if you are using Free Sprocket Services, Sprocket Security reserves the right, without notice and in our sole discretion, to terminate access to or use of such Free Sprocket Services at any time and for any or no reason, and you acknowledge and agree that in such event we shall have no liability or obligation to you.
9.3 Effect of Termination
Upon termination of an Order for Paid Sprocket Services, (i) each party shall promptly return to the other party all copies of any of the other party’s data, records, or materials of whatever nature or kind; and (ii) Sprocket Security shall furnish to Customer all work in progress or portions thereof, including all incomplete work, and upon delivery thereof, shall have no further obligation to make any deliveries or perform any work hereunder. Upon termination of an Order for Free Sprocket Services, (i) Customer shall promptly return to Sprocket Security all copies of any of the Sprocket Security’s data, records, or materials of whatever nature or kind; and (ii) Customer shall have removed from the Sprocket Security Platform any and all Customer data, records, or materials and Sprocket Security shall have no obligation to save, keep or return to Customer any Customer data, records, or materials.
Within ten (10) days after termination of an Order for Paid Sprocket Services for any reason, Sprocket Security shall submit to Customer an invoice for any fees or expenses accrued under such Order. Customer, upon payment of accrued amounts properly invoiced, shall have no further liability or obligation to Sprocket Security whatsoever for any further fees, expenses, or other payments.
10. Representations and Warranties
10.1 Mutual Representations and Warranties.
Each party represents and warrants to the other that; (a) it has the requisite power and authority to execute and deliver this Agreement and perform its obligations herein; and (b) the Agreement has been duly authorized, executed, and delivered by each party, and is a legal, valid, and binding obligation of each party, enforceable against such party in accordance with its terms, subject to applicable bankruptcy, insolvency, reorganization, moratorium, liquidation, fraudulent conveyance and other similar laws and principles of equity affecting creditors’ rights and remedies generally.
10.2 Customer’s Representations and Warranties.
Customer represents and warrants that the Agreement, and Sprocket Security’s performance of the Sprocket Security Services, does not violate, conflict with, result in a breach of applicable federal, state, local, or foreign laws, ordinances, regulations or codes, the intellectual property rights of any third-parties, or the terms, conditions, or provisions of, or constitute a default or an event of default under any other agreement to which Customer is bound. Customer represents that the point of contact designated in the Order has the authority to direct Sprocket Security to commence and cease performance of the Sprocket Security Services, to negotiate and approve any necessary Change Orders, and to accept and approve any Deliverables.
Customer represents and warrants that, to the extent that Customer grants Sprocket Security access to any Customer Materials (as defined below) to perform the Sprocket Security Services, that Customer has the right to do so and has obtained all necessary permissions and consents to do so, and that Sprocket Security has the right to use such Customer Materials in the performance of its duties relating to the operation of the Sprocket Security Services. Customer represents and warrants that the signatory to the applicable Order is authorized to engage Sprocket Security to perform the Sprocket Security Services, to enter into the Agreement, and to agree to be bound by these Terms.
10.3 Sprocket Security warrants that all Paid Sprocket Services will be performed by Sprocket Security in professional and workmanlike manner, and in accordance, in all material respects, with the requirements set forth in the applicable Order. It is expressly understood by the parties that the Sprocket Security does not guarantee any specific results or improvements as a result of Sprocket Security Services, or the Deliverables provided under the Agreement. For the avoidance of doubt, FREE SPROCKET SERVICES, INCLUDING, WITHOUT LIMITATION, SERVICES RELATED TO THE ASM PLATFORM ARE OFFERED “AS-IS” AND THE LIMITED WARRANTY IN THIS SECTION 10.3 SHALL NOT APPLY.
EXCEPT FOR THE LIMITED WARRANTY SET FORTH IN THE ORDER OR IN THIS SECTION 10.3, THE SPROCKET SECURITY SERVICES AND THE SPROCKET SECURITY PLATFORM ARE PROVIDED “AS IS” AND SPROCKET SECURITY SPECIFICALLY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. SPROCKET SECURITY SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE. SPROCKET SECURITY MAKES NO WARRANTY OF ANY KIND THAT THE SPROCKET SECURITY SERVICES AND THE SPROCKET SECURITY PLATFORM, OR ANY PRODUCTS OR RESULTS OF THE USE THEREOF, WILL MEET YOUR OR ANY OTHER PERSON’S OR ENTITY’S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY OF YOUR OR ANY THIRD PARTY’S SOFTWARE, SYSTEM, OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE, OR ERROR-FREE, OR THAT ANY ERRORS OR DEFECTS CAN OR WILL BE CORRECTED. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, SPROCKET SECURITY MAKES NO WARRANTY THAT THE OUTPUTS, RESULTS, OR RECOMMENDATIONS GENERATED IN WHOLE OR IN PART BY AI TOOLS WILL BE COMPLETE, ACCURATE, RELIABLE, OR FREE FROM ERROR. CUSTOMER ACKNOWLEDGES THAT AI TOOLS MAY PRODUCE RESULTS THAT CONTAIN INACCURACIES, FALSE POSITIVES, FALSE NEGATIVES, OR OTHER LIMITATIONS INHERENT TO ARTIFICIAL INTELLIGENCE AND MACHINE LEARNING TECHNOLOGIES, AND THAT CUSTOMER IS SOLELY RESPONSIBLE FOR EVALUATING AND ACTING UPON ANY OUTPUTS OR RECOMMENDATIONS PROVIDED THROUGH THE SPROCKET SECURITY SERVICES. Customer acknowledges and agrees that Sprocket Security Services do not validate Customer security systems or in any way guarantee that Customer’s site(s) and/or server(s) is/are secure. Customer further acknowledges and agrees that (i) Sprocket Security Services can only identify, monitor, or test known public vulnerabilities and only to the extent that Sprocket Security’s testers know of these public vulnerabilities; and (ii) Sprocket Security Services only apply to known vulnerabilities detected at the time such services are conducted and do not apply to unknown vulnerabilities or vulnerabilities discovered in the future; and (iii) regardless of the thoroughness of the Sprocket Security Services, security testing, monitoring or scanning for known vulnerabilities only represents a subset of the potential attacks against Customer and Customer Materials and is not any indication or guarantee of the type of vulnerabilities applicable to Customer or Customer Materials or any assurance of freedom from other vulnerabilities or security incidents or attacks. SPROCKET SECURITY SHALL HAVE NO LIABILITY OR RESPONSIBILITY FOR ANY ACTUAL OR ATTEMPTED SECURITY INCIDENTS, INTRUSIONS, BREACHES, OR UNAUTHORIZED ACCESS TO CUSTOMER MATERIALS OR OTHER CUSTOMER SYSTEMS, DATA, OR INFRASTRUCTURE, WHETHER OCCURRING BEFORE, DURING, OR AFTER THE PROVISION OF SPROCKET SECURITY SERVICES, AND REGARDLESS OF WHETHER SUCH INCIDENTS ARE RELATED TO VULNERABILITIES IDENTIFIED, NOT IDENTIFIED, OR REMEDIATED AS A RESULT OF THE SPROCKET SECURITY SERVICES.
Should any specific Paid Sprocket Services fail to meet the limited warranty set forth in this Section 10.3, then Customer’s sole and exclusive remedy for Sprocket Security’s breach of such warranty and Sprocket Security’s sole liability hereunder shall be for Sprocket Security to reperform the specific Paid Sprocket Services giving rise to such breach of the warranty. THIS SECTION SETS FORTH CUSTOMER’S SOLE REMEDY AND SPROCKET SECURITY’S ENTIRE LIABILITY FOR ANY BREACH OF THE LIMITED WARRANTY SET FORTH HEREIN.
13. Non-Solicitation
Customer agrees that while Sprocket Security provides Sprocket Security Services and for a period of one (1) year after the termination or expiration of the Sprocket Security Services, Customer will not solicit, induce, encourage, or otherwise attempt to persuade any employee, independent contractor, or consultant of Sprocket Security to terminate his or her employment or engagement with Sprocket Security, or hire or engage any such individual. Notwithstanding the foregoing, the restrictions set forth in this Section shall not prohibit Customer from: (i) making general solicitations of employment not specifically directed at employees, independent contractors, or consultants of Sprocket Security; (ii) hiring or engaging any individual who responds to any such general solicitation described in subsection (a), so long as such individual was not otherwise solicited in violation of this Section; (ii) soliciting or hiring any individual whose employment or engagement with Sprocket Security terminated at least twelve (12) months prior to the date of such solicitation or hiring; or (iv) engaging in any solicitation or hiring activity with respect to any individual that is undertaken with the prior written consent of Sprocket Security.
12. Intellectual Property
12.1 Customer Materials
Except as otherwise set forth in this Agreement, as between the parties, Customer owns all right, title and interest in and to all hardware, servers and other systems, data, or other information made available to Sprocket Security by Customer or Authorized Users (collectively, “Customer Materials”).
12.2 Sprocket Security Services and the Sprocket Security Platform
Sprocket Security owns all right, title and interest in and to the Sprocket Security Services and the Sprocket Security Platform, and any copies, updates, and/or derivative works thereof, along with the right to make, have made, practice, employ, exploit, use, develop, reproduce, copy, distribute copies, publish, license, and/or create works derivative of any of the foregoing. Customer acknowledges and agrees that: (i) any existing technology, methods, processes, techniques, templates, report formats, software (including source code, object code and any portions thereof) content, ideas, information and related intellectual property rights (including without limitation all patent, copyright, trademark, trade secret and other intellectual property or proprietary rights therein) of Sprocket Security, any derivatives or improvements to the foregoing created or developed by Sprocket Security (alone or with others) incident to the Sprocket Security Services, or otherwise any of the foregoing created, developed by or on behalf of Sprocket Security outside of this Agreement, that is later used in the performance of Sprocket Security Services or in connection with the Sprocket Security Platform, or (ii) generally applicable tools, concepts, processes, models, techniques, software, and the like developed or created in connection with the Sprocket Security Services and/or the Sprocket Security Platform without reliance on the Confidential Information of Customer (collectively, all of the foregoing, the “Sprocket Security IP” )exclusively belong to and are the property of Sprocket Security. The parties agree that Sprocket Security will own all rights, title and interest in and to the Sprocket Security IP. Except for the limited rights granted to Customer in this Agreement, all other rights, title and interest in the Sprocket Security IP are reserved by Sprocket Security. For the avoidance of doubt, Sprocket Security IP includes all AI Tools, AI models, algorithms, training data (excluding Customer Confidential Information), prompt libraries, workflows, and other components of Sprocket Security's artificial intelligence infrastructure, and all improvements, derivatives, and outputs thereof (other than Deliverables), whether developed before, during, or after the performance of the Sprocket Security Services.
12.3 Aggregated Statistics and Application Monitoring
Notwithstanding anything to the contrary in this Agreement, Sprocket Security may monitor Customer’s and each Authorized User’s access and use of the Sprocket Security Platform and collect and compile meta-data, data and information related to Authorized User’s access and use of the Sprocket Security Platform that is and can be used by Sprocket Security for platform monitoring, pricing, and Sprocket Security’s technology management purposes (“Monitoring Data”). The same data may be aggregated and anonymized to compile statistical and performance information related to the provision and operation of the Sprocket Security Platform (“Aggregated Statistics”). Customer acknowledges that Sprocket Security may compile Aggregated Statistics based on Customer Materials. Customer agrees that Sprocket Security may (a) make Aggregated Statistics publicly available in compliance with applicable law, and (b) use Aggregated Statistics to the extent and in the manner permitted under applicable law, provided that such Aggregated Statistics do not identify Customer, any Authorized User, or Customer’s Confidential Information. Customer, on its own behalf and on behalf of each Authorized User, hereby grants to Sprocket Security a non-exclusive, royalty-free, perpetual, irrevocable, transferrable, worldwide license to access, revise, reproduce, distribute, and otherwise use and display the Customer Materials and perform all acts with respect to the Customer Materials as necessary for Sprocket Security to provide the Sprocket Security Services and the Sprocket Security Platform to Customer, and a non-exclusive, perpetual, irrevocable, transferrable, royalty-free, worldwide license to access, revise, reproduce, distribute, and use and display Customer Materials incorporated within the Aggregated Statistics. Customer acknowledges that, as between Customer and each Authorized User on the one hand, and Sprocket Security on the other hand, Sprocket Security owns all right, title, and interest, including all intellectual property rights therein, in and to the Aggregated Statistics, and Monitoring Data.
12.4 Deliverables
“Deliverable” means any deliverable specified in the applicable Order and which is specifically developed or created by Sprocket Security for Customer using Customer’s Confidential Information, including, but not limited to, any custom design, custom module, custom software, or other custom material or component thereof including underlying any associated documentation, to be developed for and delivered to Customer by or on behalf of Sprocket Security pursuant to the applicable Order, but excluding any Sprocket Security IP that may be incorporated or used therein. Sprocket Security hereby grants to Customer, effective upon payment in full of all amounts due to Sprocket Security for the development or creation of such Deliverable, a royalty-free, perpetual, irrevocable, transferrable, worldwide license (i) to access, revise, reproduce, distribute, and otherwise use and display the Deliverable; and (ii) to use the Sprocket Security IP included within the Deliverable only to the extent necessary to access and otherwise use and display the Deliverable.
12.5 Feedback
Anything in the Agreement notwithstanding, any Customer or Authorized User’s feedback or input received by Sprocket Security regarding the Sprocket Security Services, or the Sprocket Security Platform, ASM, or Sprocket Security IP (“Feedback”) is Sprocket Security IP, and Customer will and hereby irrevocably does, and shall cause Customer employees, contractors, and agents to irrevocably, assign to Sprocket Security all right, title and interest to Feedback.
12.6 Publicity
Customer hereby grants Sprocket Security a non-exclusive, royalty-free, worldwide license to use Customer’s name, logo, and trademarks (collectively “Customer Marks”) in Sprocket Security’s marketing materials, website, client lists, case studies, and other promotional content, including without limitation for the purpose of identifying Customer as a customer of Sprocket Security’s services. Without limiting the foregoing, Customer agrees that Sprocket Security may, without limitation, include Customer’s name and Customer Marks on Sprocket Security’s website, marketing materials, promotional materials, customer lists, and other similar communications to identify Customer as a recipient of Sprocket Security’s services. Such use shall not require the prior consent of Customer. This license shall remain in effect during the term of the Agreement and shall survive termination or expiration of the Agreement. Customer acknowledges that minor variations in the display of Customer Marks in digital or print media shall not constitute a breach of this provision. Notwithstanding the foregoing, Sprocket shall not, without the prior written consent of Customer: (a) issue any press release, public statement, or public announcement that discloses any of Customer’s Confidential Information, including, without limitation, any information regarding Customer’s systems, infrastructure, security posture, vulnerabilities, or the findings, results, or Deliverables derived from the Sprocket Security Services; or (b) make any representation or implication in any public-facing communication regarding the nature, scope, or specifics of the services provided to Customer beyond identifying Customer as a customer of Sprocket Security. For the avoidance of doubt, Sprocket Security’s right to identify Customer as a customer shall survive termination or expiration of the Agreement, but does not constitute authorization to disclose the substance or results of any penetration testing, security assessment, or related engagement performed for Customer at any time.
13. Residuals
Nothing in this Agreement or elsewhere will prohibit or limit Sprocket Security’s ownership and/or use of ideas, concepts, know-how, methods, models, data, techniques, skill, knowledge, and experience that Sprocket Security used, developed, or gained in connection with this Agreement.
14. Confidentiality
14.1 Sprocket Confidential Information
Customer understands and acknowledges that Sprocket Security may, from time to time, disclose Confidential Information to Customer. The term Confidential Information shall include but not be limited to any nonpublic and/or proprietary information or materials relating to the Sprocket Security Platform or the Sprocket Security Services, Sprocket Security’s promotional and/or marketing strategy and activity including service and sales concepts and methods, Sprocket Security’s pricing information (including but not limited to rates, margins, and budgets), Sprocket Security’s financial information, Sprocket Security’s customer lists, information about the education, background, experience, compensation and/or skills possessed by Sprocket Security’s employees, Sprocket Security’s customer satisfaction data or sales information, or any other information which Sprocket Security marks or identifies as “confidential” at the time of disclosure or confirms in writing as confidential within a reasonable time (not to exceed thirty (30) days) after disclosure. Customer will not disclose Sprocket Security’s Confidential Information to any third party at any time without Sprocket Security’s prior written consent and shall take reasonable measures to prevent any unauthorized disclosure by its employees, agents, contractors, or consultants. Customer hereby covenants and agrees that it will not, directly or indirectly, use or reference, or permit the use of or reference to, any of Sprocket Security’s Confidential Information, including but not limited to any of Sprocket Security’s trade secrets, to create, modify, implement, publish, or offer any software platform or service that performs penetration testing, vulnerability scanning, or other similar security services. Further, Sprocket Security’s Confidential Information shall include the terms set forth in the Order, all of which shall remain Sprocket Security’s property and shall in no event be transferred, conveyed, or assigned to Customer as a result of the services provided pursuant to the Order. The foregoing duty shall survive any termination or expiration of the Order or the termination of a free account for five (5) years.
14.2 Customer Confidential Information
Likewise, Sprocket Security understands and acknowledges that Customer may, from time to time, disclose to Sprocket Security proprietary ideas, concepts, expertise, and technologies developed by Customer relating to Customer’s business. Specifically, pursuant to the Order, Customer may provide Sprocket Security documentation, reports, memoranda, notes, drawings, plans, papers, recordings, data, designs, materials, or other forms of records or information relating to Customer’s business operations. Sprocket Security agrees not to use any of Customer’s Confidential Information for its own use or for any purpose other than the specific purpose of completing the Sprocket Security Services; not to voluntarily disclose any of Customer’s Confidential Information to any other person or entity; and to take all reasonable measures to protect the secrecy of, and avoid disclosure or use of, Customer’s Confidential Information in order to prevent it from falling into the public domain or the possession of persons other than those persons authorized hereunder to have such Confidential Information. Customer acknowledges and agrees that, in connection with the use of AI Tools, Sprocket Security may transmit Customer Materials and data derived from Customer Materials to third-party AI service providers (each, a "Third-Party AI Provider") solely for the purpose of performing the Sprocket Security Services. Sprocket Security shall maintain appropriate contractual safeguards with each Third-Party AI Provider to protect the confidentiality of Customer's Confidential Information, including, at a minimum, obligations (a) to use such data solely for the purpose of providing AI processing services to Sprocket Security, (b) not to use Customer data to train, improve, or develop the Third-Party AI Provider's general-purpose models or services, and (c) to delete or return Customer data upon completion of the applicable processing. Customer's authorization under Section 7 and this Section 14.2 constitutes Customer's consent to the transmission of Customer Materials to Third-Party AI Providers as described herein. Sprocket Security shall, upon Customer's reasonable written request, identify the Third-Party AI Providers used in connection with the Sprocket Security Services provided to Customer. For the avoidance of doubt, Sprocket Security shall not be relieved of its confidentiality obligations under this Section 14 by reason of any disclosure to a Third-Party AI Provider, and Sprocket Security shall remain responsible for any breach of confidentiality by a Third-Party AI Provider to the same extent as if Sprocket Security had committed such breach directly. The foregoing duty shall survive any termination or expiration of the Order for five (5) years.
14.3 Exceptions
The following shall not be considered Confidential Information: (a) Information which is or becomes in the public domain through no fault or act of the receiving party; (b) Information which was independently developed by the receiving party without the use of or reliance on the disclosing party’s Confidential Information; (c) Information which was provided to the receiving party by a third party under no duty of confidentiality to the disclosing party.
14.4 Permitted Disclosure
Notwithstanding anything else herein, the receiving party may disclose the Confidential Information of the disclosing party to the extent that it is required pursuant to a duly authorized subpoena, court order or government authority, whereupon, as permitted by applicable law. The receiving party shall provide prompt written notice to the disclosing party, prior to such disclosure, so that the disclosing party may seek a protective order or other appropriate remedy, and, if such remedy is not obtained, the receiving party shall disclose only that portion of the disclosing party’s Confidential Information which is legally required to be disclosed and shall seek confidential treatment thereof.
15. Indemnification
15.1 By Customer
Customer shall indemnify, hold harmless and defend Sprocket Security and its officers, directors, employees, agents, affiliates, successors, and permitted assigns (collectively, “Indemnified Party”) against any and all losses, damages, liabilities, deficiencies, claims, actions, judgments, settlements, interest, awards, penalties, fines, costs, or expenses of whatever kind, including attorneys’ fees, that are incurred by Indemnified Party (collectively, “Losses”), arising out of or related to any third-party claim arising from or related to: (i) adverse consequences to Customer Materials or other systems or networks flowing from the Sprocket Security Services including, but not limited to, active probes and external penetration testing conducted by Sprocket Security; (ii) any breach of any Customer warranties under Section 10.2, including, but not limited to, Customer’s lack of authority and right to give Sprocket Security access to the Customer Materials and/or to permit Sprocket Security to perform the Sprocket Security Services on any Customer Materials; (iii) any negligent or more culpable act or omission of Customer or its personnel (including any reckless or willful misconduct) in connection with the exercise of its rights or the performance of its obligations under this Agreement; (iv) any bodily injury, death of any person, or damage to real or tangible personal property caused by the negligent or more culpable acts or omissions of Customer or its personnel (including any reckless or willful misconduct); (v) any bodily injury, death of any person, or damage to real or tangible personal property caused by Customer’s use of Sprocket Security Services, the Sprocket Security Platform or Deliverables provided under this Agreement or an applicable Order; or (vi) any failure by Customer or its personnel to comply with any applicable federal, state or local laws, regulations, or codes in the performance of its obligations under this Agreement.
15.2 By Sprocket Security
15.2.1 Sprocket Security shall defend, indemnify, and save harmless Customer and its officers, directors, employees, agents and representatives (“Indemnified Customer Parties”) from and against any and all damages, liabilities, losses and other costs (including without limitation reasonable attorneys’ fees) relating to any Claim against any Indemnified Customer Party arising from or relating to any actual or alleged violation or infringement of any proprietary right of any third party, (including, but not limited to, any patent, copyright, trademark, trade secrets or any other intellectual property rights) by the Sprocket Security Services or Sprocket Security Platform. This Section 15.2.1 will not apply to any Claim in the event and to the extent that the Claim (i) arises out of or is related to (a) any modification of the Sprocket Security Services or Sprocket Security Platform other than by Sprocket Security, (b) any combination of the Sprocket Security Services or Sprocket Security Platform with other products, services or materials not authorized by Sprocket Security, or (c) end user’s failure to use the replacement or modification provided by Sprocket Security pursuant to Section 15.2.2, or (ii) is subject to indemnification by an end user pursuant to Section 15.1.
15.2.2 If Sprocket Security believes the Sprocket Security Services and/or Sprocket Security Platform infringe or may be alleged to infringe any third party proprietary right, then Sprocket Security may, in addition to its indemnification obligations set forth above, and at its sole option and expense: (i) procure for Customer the right to use the allegedly infringing Sprocket Security Services or Sprocket Security Platform, as applicable, (ii) replace the Sprocket Security Services or Sprocket Security Platform, as applicable, with other non-infringing services or products, or (iii) modify the Sprocket Security Services or Sprocket Security Platform, as applicable, so that it does not infringe. If none of (i) through (iii) is commercially feasible, Sprocket Security may terminate any and all applicable Orders immediately upon written notice to Customer. This Section 15.2 states the entire liability and obligations of Sprocket Security, and the exclusive remedy of Customer, with respect to any actual or alleged infringement of any third-party proprietary rights in connection with this Agreement.
15.3 Indemnification Procedure
The indemnification obligations above in Sections 15.1 and 15.2.1 are contingent on the indemnified party (a) promptly notifying the indemnifying party of any Claim (provided that the indemnified party’s failure to provide such prompt notice will not release the indemnifying party from its indemnification obligations except to the extent the indemnifying party is materially prejudiced thereby); (b) providing the indemnifying party with any reasonable information and assistance needed to defend or settle the Loss (provided the indemnifying party bears any out of pocket expenses incurred by the indemnified party in providing such assistance or information) and (c) allowing the indemnifying party the right to have sole control of the investigation, defense and settlement of the Loss, provided that the indemnifying party will not enter into any settlement of a Loss that: (i) imposes a monetary obligation on the indemnified party that is not covered by the indemnification; (ii) imposes a material, non-monetary obligation on the indemnified party, (iii) does not include an unconditional release of the indemnified party; or (iv) admits liability on the part of the indemnified party without the indemnified party’s prior written consent, which will not be unreasonably withheld or delayed. The indemnified party shall have the option, at its expense, to participate in the defense or settlement of the Claim with counsel of its own choosing.
16. Limitation of Liability
16.1 Customer agrees and accepts that it is responsible for the proper implementation of all applicable laws, regulations, and rulings affecting its business. The Customer expressly agrees that Sprocket Security shall not be held liable in any manner for any adverse consequences flowing from the Sprocket Security Services provided under this Agreement, except where such consequences are attributable to gross negligence or willful misconduct on the part of Sprocket Security.
16.2 IN NO EVENT SHALL THE CUSTOMER OR SPROCKET SECURITY, BE LIABLE TO THE OTHER FOR PUNITIVE, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING FROM A BREACH OF THIS AGREEMENT. SPROCKET SECURITY’S LIABILITY UNDER THIS AGREEMENT IS LIMITED TO ANY ACTUAL, DIRECT DAMAGES INCURRED BY CUSTOMER AND WILL NOT EXCEED THE TOTAL AMOUNTS PAID BY CUSTOMER TO SPROCKET SECURITY IN THE PRIOR TWELVE (12) MONTH PERIOD UNDER THE ORDER FOR THE CAUSE OF ACTION GIVING RISE TO SUCH DAMAGES. NOTWITHSTANDING THE FOREGOING OR ANYTHING ELSE HEREIN, NOTHING IN THIS AGREEMENT WILL LIMIT CUSTOMER’S LIABILITY FOR PAYMENT OF FEES, INDEMNIFICATION OBLIGATIONS, CONFIDENTIALITY OBLIGATIONS, BREACH OF APPLICABLE LAWS, RULES, OR REGULATIONS, FRAUD, WILLFUL MISCONDUCT, OR NEGLIGENCE.
17. Force Majeure
Neither Customer nor Sprocket Security shall be considered liable for failure to perform its obligations under this Agreement (except for any obligations to make payments to the other party hereunder), if such failure is cause by or results from acts beyond the impacted party’s reasonable control including, without limitation, the following force majeure events, (“Force Majeure Event(s)”): Acts of God (such as fire, flood, earthquake, storm, hurricane or other natural disaster), or other events including, but not limited to, war, invasion, terrorist activities, government sanction, government order, blockage, embargo, labor dispute, strike, or interruption or failure of electricity or telephone service. No party is entitled to terminate an Order under such circumstances.
If either Customer or Sprocket Security asserts Force Majeure as a reason for failure to perform the party’s obligation, then the nonperforming party must prove that the party took reasonable steps to minimize delay or damages caused by foreseeable events, that the party substantially fulfilled all non-excused obligations, and that the other party was timely notified of the likelihood or actual occurrence of the Force Majeure Event(s).
18. Arbitration
Any dispute, disagreement, claim or controversy between Customer and Sprocket Security arising out of or relating to an Order shall be resolved by binding arbitration, according to the Commercial Arbitration Rules of the American Arbitration Association, before a single arbitrator. The arbitrator shall be selected in accordance with the Commercial Arbitration Rules of the American Arbitration Association. Any such arbitration will be held in the Madison, Wisconsin metropolitan area. Customer and Sprocket Security will share the costs of such arbitration equally, subject to final apportionment by the arbitrator. The decision of the arbitrator will be final and conclusive on both Customer and Sprocket Security. Judgment upon an award rendered by the arbitrator may be entered in any court of competent jurisdiction.
19. Notice
All notices or other communications required hereunder shall be in writing and delivered either by U.S. mail, overnight courier, or as otherwise requested by the receiving party, to the addresses set forth on the Order. Notices shall be effective upon their receipt by the party to whom they are addressed.
20. Third Party Beneficiaries
This Agreement is for the sole benefit of the parties hereto and their permitted successors and assigns, and nothing herein, express or implied, is intended to or shall confer upon any other person or entity any legal or equitable right, benefit, or remedy of any nature whatsoever under or by reason of this Agreement.
21. Entire Agreement
The Order, EULA and these Terms constitute the entire agreement between Customer and Sprocket Security with respect to the specific Sprocket Security Services and access and use of the Sprocket Security Platform as set forth in such Order and specifically supersede any prior understandings, including written or oral agreements between the parties regarding such subject matter.
22. Severability
If any provision of these terms is declared or found by a court of competent jurisdiction to be unenforceable, such provision shall not affect the other provisions, but such unenforceable provision shall be deemed modified to the extent necessary to render it enforceable, preserving to the fullest extent permissible the intent of the parties set forth herein.
23. Governing Law
This Agreement shall be governed by and construed in accordance with the laws of the State of Delaware, without regard to the principles of conflicts of law.
