Customer Agreement

WATCH CLOUD CYBER SECURITY LLC

CUSTOMER AGREEMENT
(“Agreement”)

This Agreement (including all Exhibits, Orders,Statements of Work (SOWs), and Policies incorporated by reference) governsCompany’s provision of the Services to Customer. By executing an Order,clicking to accept, or using the Services, Customer agrees to this Agreement.

1. Definitions

1.1 “Authorized User” means Customer’s employees andcontractors authorized to use the Services solely for Customer’s internalbusiness purposes.
1.2 “Confidential Information” means non‑public information disclosed byone party to the other that is designated confidential or that shouldreasonably be understood as confidential given its nature and thecircumstances.
1.3 “Device” means an endpoint or host (e.g., workstation, laptop,server, mobile, or VM) enrolled in the Services.
1.4 “Fees” means the amounts due for Services as set forth in ExhibitB (Fees), Orders, or SOWs.
1.5 “Order” means an ordering document (including online checkout) thatreferences this Agreement and identifies the Services, subscription term,device counts, and Fees.
1.6 “Services” means collectively Company’s cybersecurity services andany Third‑Party Services provided or resold by Company, as described in ExhibitA (Services & SLA) and applicable Orders/SOWs.
1.7 “Third‑Party Services” means products or services provided by third‑partyvendors (e.g., MDR/SOC platforms, EDR, VPN, training platforms) that may beprovisioned, managed, or resold by Company and are subject to such vendors’ end‑userterms.

2. Scope; Access; Changes to Services

2.1 Provision of Services. Company will provide theServices to Customer in accordance with this Agreement and applicableOrders/SOWs. Customer grants Company the necessary access, credentials, andpermissions to deploy and operate the Services on Customer Devices andnetwork(s).
2.2 Service Modifications. Company may modify, enhance, or discontinue featuresfrom time to time.
2.3 Third‑Party Services. Customer acknowledges that Third‑PartyServices are governed by the relevant vendor’s terms, SLAs, and privacynotices. Company does not control and is not responsible for third‑partyoutages, defects, or changes, and disclaims all liability arising therefrom.Company will reasonably coordinate with vendors on Customer’s behalf.

3. Customer Obligations

3.1 Security Hygiene. Customer is responsible for:(a) timely OS/security patches and updates; (b) enabling MFA; (c) maintainingbackups and verifying restorability; (d) ensuring Devices remain connected tothe internet for monitoring; (e) promptly de‑provisioning departed users; and(f) following Company guidance and policies.
3.2 Environment Changes. Customer must promptly notify Company of newDevices, network changes, or material environment modifications that couldaffect the Services.
3.3 Cooperation. Customer will promptly review and act on alerts,guidance, and tickets; Company is not responsible for Customer’s failure to actor delays.
3.4 Compliance/Insurance. Customer remains solely responsible for itsregulatory compliance and for maintaining appropriate cyber insurancecommensurate with its risk profile.
3.5 Use Restrictions. Customer shall not: (a) resell or provide theServices to third parties; (b) reverse engineer or circumvent technicalcontrols; (c) use the Services in violation of laws; or (d) use the Services tocompete with Company.

4. Fees; Billing; Taxes; Audits

4.1 Fees & Fee Changes. Fees are as set forth in ExhibitB and Orders/SOWs. Company may update Fees for upcoming terms or for usagechanges (e.g., Device counts) with 30 days’ notice.
4.2 Billing & Payment. Unless otherwise stated in an Orde

• Billing: Monthly in advance (or annually in advance if selected).
• Net Terms: Due upon receipt; late balances accrue 1.5% per month (or the maximum allowed by law), plus reasonable collections costs and attorneys’ fees.
• Auto‑Debit:     Customer authorizes Company to charge the designated payment method for     recurring Fees and usage adjustments.

4.3 Device Counts. Feesadjust automatically based on the greater of (i) the device count on theOrder or (ii) the number of Devices actually onboarded or detected usinglicensing telemetry during the billing period. Customer will cooperate withaudits (reasonable notice, not more than twice per year).
4.4 Taxes. Fees are exclusive of taxes; Customer is responsible for allsales, use, VAT, GST, and similar taxes (excluding taxes on Company’s income).
4.5 No Setoff. Customer may not withhold, reduce, or set off Fees.

5. Term; Renewal; Suspension; Termination

5.1 Term. The initial term for each Order starts on purchasedate in that Order and continues for the Initial Term stated (default one(1) year), renewing automatically for successive one‑year Renewal Termsunless either party gives 30 days’ notice before the current term ends.
5.2 Suspension. Company may suspend Services for: (a) non‑payment; (b)security or legal risk; (c) Customer breach. Suspension does not relievepayment obligations.
5.3 Termination for Cause. Either party may terminate an Order or thisAgreement for material breach not cured within 15 days after writtennotice.
5.4 Company Termination for Convenience. Company may terminate any Orderor Service for convenience upon 30 days’ notice; Company will refundprepaid, unused Fees for the terminated Service as Customer’s exclusive remedy.
5.5 Customer Early Termination. If Customer terminates for convenienceor without cause, Customer must pay an Early Termination Charge equal tothe lesser of: (a) the remaining Fees for the then‑current term, or (b) three(3) months of Fees.
5.6 Effect of Termination. Upon termination or expiration: (a) allamounts due become immediately payable; (b) Customer will cease use of anduninstall Service components; (c) each party will return or destroy the other’sConfidential Information (except one archival copy as required by law or forrecord‑keeping). Sections intended to survive (including 3–4, 6–12, andpayment obligations) shall survive.

6. Confidentiality; Publicity

6.1 Confidentiality. Receiving party will usedisclosing party’s Confidential Information only to exercise its rights/performobligations and will protect it using at least reasonable care. Exceptionsapply to information that is public without breach, known before disclosure,independently developed, or rightfully received from a third party.
6.2 Injunctive Relief. Breach of confidentiality may cause irreparableharm; the non‑breaching party may seek equitable relief without posting bond.
6.3 Publicity. Company may use Customer’s name and logo in customerlists, websites, and case studies; Customer may opt out by written notice.

7. Data; Privacy; Security; Templates

7.1 Data Use. Company may process telemetry, logs,indicators of compromise, and other operational data to provide and improve theServices, including aggregated/anonymized analytics.
7.2 Personal Information. Each party will comply with applicable privacylaws, including GLBA where applicable. Neither party will use or disclosepersonal information other than to perform under this Agreement.
7.3 Data Processing; Cross‑Border. Customer authorizes Company and itssubprocessors to process data in locations where they operate, subject toappropriate safeguards.
7.4 No Legal Advice; Templates. Company may provide WISP and IncidentResponse Plan templates and security training content for convenience only.Templates are not legal advice and must be reviewed and customized byCustomer and its counsel.

8. Intellectual Property

8.1 Ownership. Company and its licensors retain allrights, title, and interest in and to the Services, documentation, portals,playbooks, templates, training content, and any deliverables or configurations,including all related IP rights.
8.2 License. During the term, Company grants Customer a limited, non‑exclusive,non‑transferable, revocable right for Authorized Users to access and use theServices for Customer’s internal business purposes.
8.3 Feedback. Feedback is voluntary and may be used by Company withoutrestriction; Customer assigns all rights in Feedback to Company.

9. Warranties; Disclaimers

9.1 Mutual Authority. Each party represents it hasthe authority to enter this Agreement.
9.2 Service Disclaimer. THE SERVICES, TEMPLATES, AND ANY THIRD‑PARTYSERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE,” WITHOUTWARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING MERCHANTABILITY,FITNESS FOR A PARTICULAR PURPOSE, NON‑INFRINGEMENT, OR RESULTS. SECURITY ISPROBABILISTIC; NO SERVICE CAN GUARANTEE PREVENTION OF ALL THREATS ORREGULATORY COMPLIANCE.

10. Indemnification

10.1 By Customer. Customer will defend, indemnify,and hold harmless Company and its affiliates, officers, directors, employees,agents, and vendors from claims, damages, liabilities, costs, and expenses(including reasonable attorneys’ fees) arising out of: (a) Customer data orinstructions; (b) Customer’s breach of this Agreement or laws; or (c) use ofthe Services in violation of Section 3.5.
10.2 By Company (Limited). Company will defend Customer from third‑partyclaims alleging that Customer’s authorized use of the Services (excluding Third‑PartyServices) directly infringes a U.S. patent, copyright, or trademark, and willpay final damages awarded by a court or agreed in settlement. Company may, atits option: (i) procure the right to continue use; (ii) modify or replace theServices; or (iii) terminate the affected Service and refund prepaid, unusedFees for that Service. This Section does not apply to claims arisingfrom Customer data, combinations not provided by Company, or use contrary todocumentation. This Section states Company’s entire liability for IPinfringement.

11. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW:
(a) EXCLUSION OF DAMAGES. NEITHER PARTY WILL BE LIABLE FOR ANY INDIRECT,INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, COVER, OR PUNITIVE DAMAGES,OR FOR LOSS OF PROFITS, REVENUE, GOODWILL, OR DATA, EVEN IF ADVISED OFTHE POSSIBILITY.
(b) CAP. COMPANY’S TOTAL LIABILITY ARISING OUT OF OR RELATING TO THISAGREEMENT **WILL NOT EXCEED THE AMOUNTS PAID OR PAYABLE BY CUSTOMER TO COMPANYFOR THE AFFECTED SERVICES IN THE TWELVE (12) MONTHS IMMEDIATELYPRECEDING THE EVENT GIVING RISE TO LIABILITY.
(c) ALLOCATIONS. THESE LIMITATIONS APPLY REGARDLESS OF THEORY OFLIABILITY AND FORM AN ESSENTIAL BASIS OF THE BARGAIN.

12. Dispute Resolution; Arbitration; Class Action Waiver

12.1 Good‑Faith Resolution. The parties will attemptin good faith to resolve disputes through their executive contacts beforeescalating.
12.2 Arbitration. Any dispute arising out of or relating to thisAgreement shall be resolved by binding arbitration administered by the AmericanArbitration Association (AAA) under its Commercial Arbitration Rules.The seat and venue of arbitration shall be Palm Beach County, Florida. Asingle arbitrator shall preside unless the parties agree otherwise. Judgment onthe award may be entered in any court of competent jurisdiction.
12.3 Injunctive Relief & Small Claims. Either party may seektemporary injunctive relief in court to protect Confidential Information or IP.Either party may bring an individual action in small claims court.
12.4 Class Action Waiver & Jury Trial Waiver. Disputes will beconducted only on an individual basis; class, consolidated, orrepresentative actions are waived. THE PARTIES WAIVE JURY TRIAL tothe extent permitted by law.
12.5 Limitations Period. Any claim must be filed within one (1) yearafter the cause of action accrues, or it is permanently barred.

13. Marketing Communications Consent

By entering this Agreement and providing contact information(including phone, mobile, mailing address, and email), Customer authorizesCompany and its representatives to contact Customer for marketing,informational, and transactional purposes via phone, SMS/MMS, email, andother electronic means. Message/data rates may apply. Customer may opt out ofmarketing at any time (reply “STOP” or use unsubscribe links). Consent isnot a condition of purchase and opting out of marketing does not affectnecessary transactional communications.

14. Electronic Signatures; Records

Customer consents to electronic delivery of disclosures anduse of electronic signatures and records. Paper copies are available on requestand may incur a reasonable fee. Customer agrees to maintain accurate contactdetails and system requirements necessary to receive and retain electronicrecords.

15. Compliance with Laws; Export; Anti‑Circumvention

Each party will comply with applicable laws. Customer willnot export or re‑export the Services in violation of export control/sanctionslaws. Customer shall not bypass Company to procure substantially similarservices from Company’s vendors for the purpose of avoiding Fees during theterm and for 12 months thereafter (non‑circumvention).

16. Assignment; Subcontracting; Independent Contractors

Customer may not assign this Agreement without Company’sprior written consent (not to be unreasonably withheld). Company may assign toan affiliate or in connection with a merger, acquisition, or sale of assets andmay subcontract portions of the Services (including to SOC providers andhosting providers). The parties are independent contractors.

17. Force Majeure

Neither party is liable for delays or failures due to eventsbeyond its reasonable control (including power/internet outages, cyberattackson infrastructure, vendor failures, labor disputes, acts of God, orgovernmental actions). Payment obligations are excluded.

18. Notices

Notices must be in writing and delivered by email withconfirmation, certified mail, courier, or via the Service portal to thecontacts listed above (or updated by notice). Notice is deemed given uponconfirmation/receipt.

19. Entire Agreement; Order of Precedence; Waiver;Severability

This Agreement (with Exhibits, Orders, SOWs, andincorporated policies) is the entire agreement. In case of conflict, thefollowing order of precedence applies: (1) Order (pricing/quantities/termonly), (2) SOW, (3) this Agreement, (4) Exhibits, (5) Policies. No waiver iseffective unless in writing. If any provision is unenforceable, the remainderremains in effect.

20. Governing Law

This Agreement is governed by the laws of the State ofFlorida, without regard to conflicts‑of‑law rules, and subject to Section12 for dispute resolution.

Exhibit A — Services & Service Level Agreement (SLA)

A.1 Services Overview

Company will provide endpoint‑focused cybersecurityservices designed to reduce risk and aid in detection, triage, andresponse, which may include:

1. 24/7     Managed Detection & Response (MDR) / SOC

• Continuous telemetry collection and monitoring for enrolled Devices.
• Triage of alerts, enrichment, and remediation guidance with actionable     steps.
• Ticketing, notifications, and periodic reporting.
• Note: Services are designed to detect and help mitigate threats but do not  guarantee detection or prevention of all attacks.

2. VPN

• Provisioning of a commercial VPN to help encrypt network traffic and obfuscate IP/location.
• Customer remains responsible for acceptable use and endpoint posture.

3. Cybersecurity Awareness & Phishing Training

• Access to an education platform for training modules and phishing simulations.
• Reporting by request on participation and risk trends.

4. Firewall, MFA, & Drive Encryption Enablement Guidance

• Instructions for enabling native OS features (where available).
• Customer is responsible for implementation and verification.

5. Written Information Security Plan (WISP) – Template

• A  customizable template reflecting Services provided.
• Customer  must tailor and adopt with its counsel; Company is not providing legal     advice.

6. Incident Response Plan – Template

• A customizable template and suggested steps; Customer must adapt and adopt internally.
• In an incident, Company provides guidance; Customer remains responsible for executive decisions and execution unless a separate IR SOW     is executed.

7.      CloudBackup

·      Cloud backup on endpoint’s C:

·      Subject to additional storage charges

·      Backup outside of C: is outside of scope of work

Out of Scope (unless covered by an SOW): On‑sitework, digital forensics, legal notifications, regulator reporting, eDiscovery,breach counsel, PR, data restoration, helpdesk, MSP services, and hands‑onkeyboard remediation.

A.2 SLA

• Monitoring Window: 24x7x365 monitoring and triage.
• Incident  Notifications: For confirmed Security Incidents (high‑risk attacks on protected Devices), Company will notify Customer via     ticket/email/phone within one (1) business day of confirmation.
• Availability  Exclusions: Scheduled maintenance; outages or delays caused by third‑party vendors, Customer environment, internet/ISP, or force majeure.
• Customer  Dependencies:
   
  • Maintain endpoint connectivity and supported OS versions.
   
  • Apply patches and updates timely.
   
  • Provide and maintain accurate contacts and escalation paths.
   
  • Act promptly on remediation guidance.

Disclaimer: Deployment of the Services does notguarantee that intrusions, compromises, or other unauthorized activity willnot occur. Customer remains responsible for acting on alerts and guidance.Company is not liable for Customer’s failure to act, delays,misconfigurations, unsupported systems, or changes made without Company’sknowledge.

Exhibit B — Fees

B.1 Program Fee Schedule (Per Device)

• 1     Device: $75/month or $900/year per Device
• Company may modify fees and or/packages at discretion with 30 days notice

Notes (Company‑favorable clarifications):

• Minimum Commitment: One (1) Device minimum per Order.
• True‑Up: Billed based on the highest monthly Device count detected or onboarded     during a billing period.
• Onboarding/Offboarding: Company may charge a reasonable one‑time onboarding or offboarding fee     where significant effort is required (quoted on request).
• Fee Changes: Company may modify Fees for renewals or new Devices with 30     days’ notice.
• Refunds: Refunds are at Company’s discretion, except as expressly stated in     Sections 2.2 and 5.4.

B.2 Payment Terms

• Billing Cycle: Monthly in advance (or annual, if selected).
• Due Date: Upon receipt.
• Late Fees: 1.5% per month (or maximum allowed by law).
• Collections: Customer pays reasonable costs of collection, including attorneys’ fees.
• Taxes: Exclusive of taxes.
• Auto‑Debit  Authorization: Customer authorizes recurring charges and usage true‑ups.

‍