Legal Information

Updated: February 5th, 2025

Master Service Agreement of BMP Security, LLC

Platform Services Agreement

Introduction 

This Platform Services Agreement (together with any Supplemental Terms provided at https://bmpsecurity.com/legal, the “Agreement”) form a binding contract between Us and You; by using the Services, You are agreeing to enter into a legal contract with Us, and to comply with the terms and conditions described here, which govern any use of the Services. 
 
If You do not agree to the terms presented in this Agreement, or if You do not meet the eligibility requirements described in this Agreement, You have no right to use the Services, and should terminate Your access, including use of the BMP Security website, immediately. 
 
BMP Security reserves the right to change this Agreement (and the Services, including any fees), at any time and without giving advance notice. All such changes will be posted on the Site or subject to notice. By continuing to access or use the Site or Services after We have posted such a change, or have provided You with notice of it, You are agreeing to be bound by the Agreement as updated. 

Parties, Authority, and Eligibility 

“You” or “Your” or “Customer” refers to you as an end user of the Services, and, if you are accessing the Services on behalf of a legal organization, that legal organization; You agree that You have the authority to enter into this Agreement and to bind that legal organization to the terms of this Agreement. You further agree that You are 18 years of age or older. 
 
“Us”, “We”, “Our” or “BMP Security” means BMP Security, LLC, a Wyoming Corporation. 

Scope of this Agreement, Other Agreements 

This Agreement makes reference to a number of other supplemental agreements which You may also be agreeing to by agreeing to this Agreement, and which You can find here (the “Policies”): 

• Privacy Policy 

• Professional Services Addendum 

In the event that the terms of this Agreement conflict with the terms of any other supplemental agreement named here, the terms of the supplemental agreement will govern (including with respect to a mutually executed Quote or SOW). 
 
Capitalized terms having the meaning ascribed to the Definitions Section. 

1. Definitions. 

“Affiliate” shall mean any entity controlled by, controlling, or under common control with a party to this Agreement during the period such control exists.  For the purposes hereof “control” means the power to direct the operation, policies and management of an entity through the ownership of more than fifty percent (50%) of the voting securities of such entity, by contract, or otherwise. 
 
“Applicable Laws” shall mean any statute, law, ordinance, regulation, rule, code, order, constitution, treaty, directive, common law, judgment, decree or other requirement or rule of any federal, state, local or foreign government or political subdivision thereof, or any arbitrator, court or tribunal of competent jurisdiction applicable to a party’s performance of its obligations or the exercise of its rights under this Agreement. 
 
“Asset(s)” shall mean Customer’s (or a third party’s) software applications, networks, systems, IP addresses, hardware, and or other assets that are to be tested. 
 
“BMP Security Content” shall mean all Content that BMP Security makes available through the Platform, and includes without limitation any data, documents, screens, templates, and forms of reports.  BMP Security Content expressly excludes Customer Data. 
 
“Content” shall mean text, graphics, images, music, software, audio, video, and other information. 
 
“Credit” shall mean the prepaid unit purchased by Customer which can be exchanged for BMP Security Services on the Platform, Professional Services, or for other offerings as allowed by BMP Security. Each Credit corresponds to a particular level of effort by BMP Security. 
 
“Customer Data” shall mean the Assets, any Content, data, documents, or any other information provided by Customer to BMP Security in connection with Customer’s use of the Platform.  
      
“DAST Target” means a single, unique URL, application or website, owned by the Customer and running in a specified Customer environment, which is assigned to be scanned by BMP Security. 
 
“Intellectual Property Rights” shall mean any and all registered and unregistered rights granted, applied for or otherwise now or hereafter in existence under or related to any patent, copyright, trademark, trade secret, database protection or other intellectual property rights laws, and all similar or equivalent rights or forms of protection, in any part of the world. 
 
“Personal Information” shall mean any information relating to an identified or identifiable natural person or as otherwise defined under Applicable Law, including without limitation, “personal data” as used under the EU’s General Data Protection Regulation and under the UK’s Data Protection Act of 2018, and “personal information” as used under applicable California law.  
      
“Platform” shall mean the platform provided by BMP Security to Customer in connection with the Services, which includes all related software, interfaces, tools, utilities, and other technologies (and any related intellectual property), where Customer is able to request the Services. 
      
“Professional Services” shall mean cybersecurity services provided by BMP Security to Customer pursuant to a separately executed statement of work (“SOW”) or similar document, excluding the Services provided via the Platform and Platform itself. Professional Services are subject to the BMP Security Professional Services Addendum.  
 
“Quote(s)” shall mean a transactional document referencing this Agreement, which has been agreed to by the parties in a mutually signed writing for the purchase of Credits. 
 
“Security Professional” shall mean an individual who provides the Services on behalf of BMP Security through the Platform.                     
 
”Security Program” shall mean the scope of Services listed on the Platform for Customer’s Asset(s) to be completed by Security Professional(s). 
 
“Services” shall mean the cybersecurity services available via the Platform provided by the Security Professionals, as well as connecting Customers with Security Professionals for Asset testing. 
                          
“User” shall mean an employee, contractor, or agent of Customer who is authorized by Customer to use the Platform.      
 
“Vulnerability Reports” shall mean a confidential report submitted and listed by a Security Professional containing security vulnerabilities found during the testing of the Asset(s) in scope for a given Security Program.  

2. Quotes, Invoicing, and Payment.  

1. Quotes. Credits are ordered via Quotes, each of which shall be deemed to be incorporated herein by reference.  Each Quote shall specify, as applicable, the Credits ordered (including a description thereof), the quantity of Credits, the fees and the term of the Quote ("Service Period").  A Customer Affiliate may enter into a Quote pursuant to this Agreement, by which the Affiliate agrees to be bound by the terms and conditions of this Agreement; provided, that the Customer shall be responsible for any of its Affiliates’ compliance with the terms and conditions of this Agreement.
2. Invoicing and Payment.  BMP Security will invoice as set forth in the Quote. Customer will pay all fees within thirty (30) days of the date of the invoice unless otherwise set forth in the Quote. All fees exclude applicable taxes and Customer shall be responsible for the payment of all use, services, withholding or similar taxes on the use or sale of the Services. Any overdue invoices will accrue late interest at the rate of 1.5% of the outstanding balance per month or the greatest amount allowed by applicable laws, whichever is lower, plus all expenses of collection. 
3. Platform Access: BMP Security may enable access to the Platform for the Customer prior to receiving the initial invoice payment receipt. This access is provided to allow the Customer to familiarize themselves with the Platform and its features. 
4. Commencement of Services: Notwithstanding the provision of Platform access, BMP Security will not commence any Services until the initial invoice payment receipt is received. The Customer acknowledges and agrees that the commencement of services is contingent upon the receipt of payment for the initial invoice. 
5. Suspension of Service for Non-Payment. BMP Security may suspend access to the Platform and Services upon thirty (30) days written notice of non-payment of any undisputed invoice. We will not suspend your access to the Services while you are disputing the applicable charges reasonably and in good faith and are cooperating diligently to resolve the dispute.
6. Price Changes. Future renewals of Services purchased under any particular Quote will occur at the then-current Credit price, unless otherwise agreed in the applicable Quote or in the event of an auto renewal in Section 2e where BMP Security does not provide notice of a price change.
7. Autorenewal. Each Quote shall remain in effect for the term as specified in the applicable Quote, and will automatically renew for additional terms of one (1) year on an annual basis, or as otherwise provided for in the Quote, unless notice of non-renewal is provided at least 60 (sixty) days prior to the end of the then-current Service Period of the Quote (“Notice Period”). In the event of any price changes, BMP Security will notify Customer at least thirty (30) days prior to the Notice Period. 

3. Services 

1. BMP Security Personnel. BMP Security shall have sole discretion in staffing the Services or Professional Services.
2. Credits.  BMP Security will scope Services based on projected level of effort as expressed in Credits, to be reflected in your BMP Security Account after purchase. Credits must be used by the end of the applicable Service Period, or annual term within said Service Period. Any unused Credits may roll over to the following year upon renewal. For the purposes of this Section, “used” means the completion of any Services for which the Credits are allocated.
3. Report. BMP Security will produce a Report detailing findings uncovered during performance of the Services. BMP Security acts as a third-party assessor and possesses a degree of independence in formulating its findings (as articulated via a Report) and as such, BMP Security will not remove or minimize findings in a Report at a Customer’s request without a sufficient factual basis for so doing.
4. Security Professionals.   Security Professionals are full time employees of BMP Security as well as independent third parties who are retained by BMP Security to assist in providing Services and Professional Services.  Customer may not enter into contracts directly with Security Professionals. 
   1. Vetting and Selection of Security Professionals.  BMP Security will obtain a background check consisting of identity confirmation and criminal background screening (a “Background Check”) for each Security Professional in advance of engaging such individual to facilitate the provision of Services. The Background Check will cover criminal conduct over a period of time to be determined by BMP Security, in its sole discretion, but in all cases shall be limited to the time periods permissible under Applicable Law. BMP Security will not engage a Security Professional without their first having satisfactorily passed the Background Check as determined by BMP Security in its sole but reasonable discretion. 
   2. Customer Security Professionals Requests. BMP Security will accommodate special requests regarding the Security Professionals performing Services for the Customer for additional cost depending on the particular requirement. This includes requests that BMP Security (a) staff a test with Security Professionals from a specific region or time zone, or (b) ensure that Security Professionals communicate with Customer and/or perform testing at specified times. Other requests may be facilitated on a case-by-case basis. All custom requests are subject to BMP Security availability and capacity. BMP Security may not be able to accommodate more than one such request per engagement. Customers should communicate with their BMP Security-assigned CSM to determine whether a particular request may be accommodated.
   3. Security Professional Eligibility. BMP Security represents and warrants that each Security Professional is not: (a) a resident or national of any country subject to a United States embargo or other similar United States export restrictions; (b) on the United States Treasury Department’s list of Specifically Designated Nationals as defined under Applicable Laws; (c) on the United States Department of Commerce’s Denied Persons List or Entity List as defined under Applicable Laws; or (d) identified by the United States government as a prohibited end user of United States export controlled items or otherwise subject to sanctions or similar laws, regulations, or executive orders.
5. Professional Services. The Services provided via the Platform exclude Professional Services provided pursuant to an SOW. Any provision of Professional Services will be scoped on a per engagement basis via SOW and shall be subject to additional terms set forth in the Professional Services Addendum.
6. Informational Support for BMP Security During the Service Period, BMP Security will provide support to Customer relating to the use and operation of the BMP Security Services.
7. Changes to BMP Security Platform and Services. BMP Security reserves the right, at its sole discretion, to modify, enhance, or remove features of the Platform or Services provided that such modifications do not materially diminish the functionality of the Services. 

4. Customer Obligations. 

1. User Eligibility.  Customer represents and warrants that each User is not: (a) a resident or national of any country subject to a United States embargo or other similar United States export restrictions; (b) on the United States Treasury Department’s list of Specifically Designated Nationals as defined under Applicable Laws; (c) on the United States Department of Commerce Denied Persons List or Entity List as defined under Applicable Laws; or (d) identified by the United States government as a prohibited end user of United States export controlled items or otherwise subject to sanctions or similar laws, regulations, or executive orders. 
2.  Authorization. The Customer permits BMP Security to access the Customer's Assets and Customer Data to enable the Services, which constitutes authorization under the Computer Fraud and Abuse Act,  the Computer Misuse Act 1990, Directive 2013/40/EU and similar laws and regulations as applicable to the Customer and/or the Services, and represents it has authority and will have authority at all times during this Agreement, to give such permission.
   

5. Intellectual Property Rights. 

1. BMP Security Property. Customer acknowledges and agrees that BMP Security and/or its licensors own all right, title and interest to the Platform, Services and BMP Security Content, including without limitation any techniques, ideas, concepts, methods, processes, software, utilities, data, documents, directories, designs, user interfaces, know-how, graphics, video content or other data or information acquired, created, developed or licensed by BMP Security and/or its licensors  and all modifications, improvements and derivative works thereof and all associated Intellectual Property Rights (collectively as “BMP Security Property”). 
2. Customer Property. The parties acknowledge and agree that Customer and/or its licensors own all right, title and interest to the Assets and any Customer Data made available by the Customer through the Site or Services and any findings contained in the Vulnerability Reports created specifically and uniquely for the Customer, but excluding any BMP Security Property or Security Professional Property and any Intellectual Property Rights therein. 
3. Proprietary Rights Notice. All trademarks, service marks, logos, trade names and any other proprietary designations of BMP Security used herein are trademarks or registered trademarks of BMP Security. Any other trademarks, service marks, logos, trade names and any other proprietary designations are the trademarks or registered trademarks of their respective parties. 

6. License Grants. 

1. BMP Security Platform and Services License Grant.  BMP Security grants Customer a limited, world-wide, non-exclusive, non-transferable, non-sublicensable right and license, during the subscription term specified in a Quote, to (i) access and use the Platform and Services in accordance with the terms of this Agreement; and (ii) access and view any BMP Security Content contained on the Platform solely for Customer’s internal use in connection with Customer’s use of the Services. Except as provided herein, Customer shall have no right to make the Platform, Services or BMP Security Content available to, use the Platform, Services or BMP Security Content on behalf of, or for the benefit of any third party without BMP Security’s express written authorization.  Except for the rights expressly licensed to Customer hereunder, BMP Security and its licensors reserve and retain all right, title and interest to the Platform, Services and BMP Security Content.
2. Statistical Data.  BMP Security collects high level, generic, anonymous, statistical and/or benchmarking data derived from Customer’s use of the Platform and the Services that is aggregated with other findings, results and information (the “Statistical Data”). All such Statistical Data is the sole and exclusive intellectual property of BMP Security; provided, that BMP Security shall in all cases refrain from publishing any Statistical Data or any insights or work derived therefrom in a manner that reveals (directly or indirectly) any specific person, Customer, Customer Data, Customer Confidential Information or Asset. 
3. Customer Data License Grant. Customer grants to BMP Security a worldwide, non-exclusive, non-transferable, royalty-free license and right to, during the Service Period, (i) use, access, view, copy, display, transmit and store Customer Data on, through or by means of the Platform and Services solely to the extent necessary to operate, maintain, perform, and provide the Platform and Services; and (ii) create, view, display, transmit and store Vulnerability Reports. Customer acknowledges that this license grant extends, to the extent necessary to facilitate performance of the Services, to BMP Security’s personnel and Security Professionals. Except as expressly licensed herein, Customer shall retain all right, title and/or interest to the Asset(s) and all intellectual property rights therein, and except as expressly licensed herein, BMP Security shall obtain no right or license thereto.

7. Confidentiality

1. Confidential Information.   During the Term the parties may need to exchange or make available confidential and proprietary information to the other party in connection with this Agreement, whether disclosed in written, oral, electronic or visual form, which is identified as confidential at the time of disclosure or should reasonably be understood to be confidential given the nature of the information or the circumstances surrounding the disclosure, including without limitation business, operations, finances, technologies, products and services, pricing, personnel, customers and suppliers (“Confidential Information”). Without limiting the foregoing, (i) BMP Security Confidential Information shall include BMP Security Property; and (ii) Customer Confidential Information shall include Customer Data and the Asset(s), and findings in a Vulnerability Report.
2. Confidentiality. During the Term, and continuing after expiration or termination of the Agreement, each party shall retain in confidence, and not use (except for the purposes described in this Agreement), the Confidential Information of the other party. The receiving party will use the same degree of care and discretion (but not less than reasonable care) to avoid disclosure, publication or dissemination of the disclosing party’s Confidential Information as it uses with its own confidential or proprietary information of a similar nature.  Except as authorized in this Agreement or a Quote, the receiving party will not disclose the Confidential Information of the disclosing party to a third party other than to its or its Affiliates’ employees, contractors, agents or advisors in connection with its performance of this Agreement who are bound by terms no less protective of a disclosing party’s rights as those set forth in this Agreement and the receiving party shall be liable to the disclosing party for any violation of this Agreement by such persons. 
3. Exclusions. Confidential Information shall not include information that (a) is publicly known at the time of disclosure, (b) is lawfully received from a third party not bound in a confidential relationship with the disclosing party, (c) is published or otherwise made known to the public by the disclosing party, or (d) was or is generated independently without use of the disclosing party’s Confidential Information.  The receiving party may disclose Confidential Information as required to comply with orders of governmental entities that have jurisdiction over it or as otherwise required by law, provided that the receiving party (i) gives the disclosing party reasonable advance written notice to allow the disclosing party to seek a protective order or other appropriate remedy (except to the extent that compliance with the foregoing would cause it to violate an order of the governmental entity or other legal requirement), (ii) discloses only that portion of the Confidential Information as is required, and (iii) cooperates with the disclosing party to obtain confidential treatment for any Confidential Information so disclosed.  Notwithstanding anything herein to the contrary, provided that BMP Security does not use or disclose Customer Confidential Information, BMP Security shall be free to use, exploit and disclose its general skills, concepts, ideas, know-how, and expertise gained or learned during the course of this Agreement, and BMP Security shall not be restricted from creating output for other Customers which is similar to that provided to Customer. 
4. Remedies. Due to the unique nature of Confidential Information gained through the Services, the Parties acknowledge that the breach of this Section 7 could cause irreparable harm, which monetary damages would be insufficient to remedy and in the event of such a breach, or threatened breach, the non-breaching party shall be entitled to seek injunctive relief, as well as any other remedy which may be available at law or in equity. 

8. Security. 

1. BMP Security Security Obligations. BMP Security agrees to take commercially reasonable technical and organizational measures designed to secure the BMP Security Site from unauthorized access or use, including maintaining the security standards at https://bmpsecurity.com/legal. 
2. Customer Security Obligations. Customer shall maintain appropriate security for the Customer Data in transit and shall be responsible for backing up Customer Data stored on Customer’s computer systems. 
3. PII. Customer acknowledges that it will endeavor to preclude or limit to the greatest extent possible, the exposure of Security Professionals to any personally identifiable information, except as necessary for Customer’s establishment of its BMP Security Account, any patient, medical or other protected health information regulated by HIPAA or any similar federal or state laws, rules or regulations or any other information subject to regulation or protection under Applicable Laws such as, without limitation, the Gramm-Leach-Bliley Act (or related rules or regulations) (collectively, “PII”), in Asset(s) tested via the Services. Where any PII will be present in Asset(s) tested via the Services, Customer will advise BMP Security and the Security Professionals of that fact through existing communication channels. Where Customer is subject to laws or regulations requiring PII processing activities be addressed via a data processing agreement, service provider agreement or similar (such as, without limitation, GDPR, CCPA, and like legislation and implementing regulations), any processing activities will be subject to the BMP Security Data Processing Agreement, signed separately by the parties and incorporated hereinto in full. 

9. Representations and Warranties; Disclaimer. 

1. Customer Warranty. Customer represents and warrants that: (i) Customer either is the sole and exclusive owner of all Customer Data and Asset(s) made available or accessed through the Platform or Services or Customer has obtained all necessary legal rights, licenses, consents, permissions, approvals and releases to grant to BMP Security and its Security Professionals the rights to such Customer Data and Asset(s), as contemplated under this Agreement; (ii) neither the Customer Data nor Customer’s posting, uploading, publication, sublicensing, submission or transmittal of any Customer Data or BMP Security’s or  Security Professionals’ use of or access to the Customer Data (or any portion thereof) or Asset(s) on, through or by means of the Platform and the Services will infringe, misappropriate or violate any third party Intellectual Property Rights, contractual rights or rights of publicity or privacy, or result in the violation of any Applicable Law; and (iii) Customer shall comply with all applicable laws relating to its performance under this Agreement. 
2. BMP Security Warranty. BMP Security represents and Warrants that: (i) BMP Security either is the sole and exclusive owner of all BMP Security Content and the Site or BMP Security has obtained all necessary legal rights, licenses, consents, permissions, approvals and releases to grant to Customer the right to such BMP Security Content and the Site, as contemplated under this Agreement; (ii) BMP Security shall comply with all applicable laws relating to its performance under this Agreement; (iii) BMP Security shall provide the Services in a professional manner and will provide a standard of care consistent with that used by service providers similar to BMP Security, and that BMP Security shall deliver the Services substantially in conformity with this Agreement; and (iv)  the  Security Professionals have the general skills and expertise necessary to perform the Services.  In order to state a claim for breach of Section 9b (iii) or (iv), Customer must provide notice of such non-compliance within the thirty (30) day period following the delivery of a Vulnerability Report, specifying the details of such noncompliance. If Customer provides BMP Security with the required notice, as Customer’s sole and exclusive remedy and BMP Security’s sole and exclusive liability for breach of this limited warranty under this Section 9b (iii) or (iv), BMP Security shall, at the Customer’s request and option, either extend the period of testing to perform additional testing or reperform the Services using different Security Professionals. Section 9b (iii) and (iv) shall not apply during any trial license period. 
3. Disclaimers. 
   1. EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH ABOVE, THE PLATFORM AND SERVICES ARE PROVIDED "AS IS", WITHOUT ANY REPRESENTATIONS OR WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. WITHOUT LIMITING THE FOREGOING, BMP SECURITY EXPLICITLY DISCLAIMS ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT, AND ANY WARRANTIES ARISING OUT OF COURSE OF DEALING OR USAGE OF TRADE. BMP SECURITY MAKES NO WARRANTY THAT THE SERVICES WILL MEET CUSTOMER’S REQUIREMENTS OR BE AVAILABLE ON AN UNINTERRUPTED, SECURE, OR ERROR-FREE BASIS. BMP SECURITY DOES NOT GUARANTEE THAT THE SERVICES WILL REVEAL ALL SECURITY VULNERABILITIES, OR MALICIOUS CODE. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM BMP SECURITY OR THROUGH THE SITE OR SERVICES, WILL CREATE ANY WARRANTY NOT EXPRESSLY MADE HEREIN. 
   2. ANY AND ALL WARRANTIES PROVIDED BY BMP SECURITY HEREIN ARE VOID TO THE EXTENT THE SERVICES (I) FAILS TO CONFORM TO ANY OR ALL SUCH WARRANTIES AS A RESULT OF THE SERVICES’ USE WITH ANY THIRD-PARTY SOFTWARE OTHER THAN AS EXPRESSLY AUTHORIZED BY BMP SECURITY; OR (II) IS USED OTHER THAN IN ACCORDANCE WITH PUBLISHED DOCUMENTATION OR OTHERWISE IS USED IN BREACH OF THIS AGREEMENT. 

10. Indemnification 

1. Customer Indemnity.  Customer agrees to defend, indemnify, and hold BMP Security and its Affiliates and their  officers, directors, employees, contractors, and agents harmless from and against any claims, liabilities, damages, losses, and expenses, including, without limitation, reasonable legal and accounting fees, arising out of any third party claim arising out of (i) Customer’s collection, processing, or submission of Customer Data; (ii) Customer’s infringement, misappropriation or violation of any third party Intellectual Property Rights, contractual rights or rights of publicity or privacy; or (iii) Customer’s actions resulting in Services being performed on an unauthorized Asset.
2. BMP Security Indemnity.  BMP Security agrees to defend, indemnify, and hold Customer and its Affiliates (only to the extent such Affiliates have entered into Quotes hereunder) and their  officers, directors, employees and agents harmless from and against any claims, liabilities, damages, losses, and expenses, including, without limitation, reasonable legal and accounting fees, arising out of any third party claim arising out of the infringement or violation of the Site of the Intellectual Property Rights of a third party; provided that BMP Security shall not be responsible to provide any such indemnity for any claim to the extent arising out of (i) Customer Data, Third Party Accounts, or Third Party Service Providers; or (ii) use of the Site or Services in an unauthorized manner. 
3. Indemnity Process. The indemnifying party shall conduct and have sole control of the defense and settlement of any claim for which it has agreed to provide indemnification; provided that no settlement shall require the indemnified to admit liability.  The indemnified party shall have the right to provide for its separate defense at its own expense. The indemnified party shall give prompt notice of all claims for which indemnity is sought and shall cooperate in defending against such claims, at the expense of the indemnifying party.  The rights and remedies set forth in this Section 10 state each party’s exclusive liability and exclusive rights and remedies with regard to claims made by a third party for intellectual property infringement or violation of a third party’s intellectual property rights. 

11. Limitations and Exclusions of Liability and Damages.   

1. Limitations of Liability.  EXCEPT AS OTHERWISE EXPRESSLY PROVIDED IN SECTION 11C HEREOF, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER CUSTOMER, BMP SECURITY NOR THEIR AFFILIATES, LICENSORS, OR CONTRACTORS WILL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE, OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS, LOSS OF OR DAMAGE TO SOFTWARE OR DATA OR LOSS OF GOODWILL, SERVICE INTERRUPTION, COMPUTER DAMAGE OR SYSTEM FAILURE, ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR THE SERVICES, FROM ANY COMMUNICATIONS OR INTERACTIONS WITH OTHER USERS OF THE PLATFORM OR SERVICES, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT SUCH PARTY HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE.  CUSTOMER UNDERSTANDS AND AGREES THAT THE NATURE OF THE SERVICES MAY CAUSE HARM OR DISRUPTION TO ASSETS AND THAT NEITHER BMP SECURITY SHALL HAVE ANY LIABILITY OF ANY KIND ARISING OUT OF SUCH ACTIVITIES UNLESS BMP SECURITY HAS COMMITTED GROSS NEGLIGENCE OR COMMITTED WILLFUL MISCONDUCT IN THE PERFORMANCE OF THE SERVICES. 
2. Liability Cap.  EXCEPT AS OTHERWISE EXPRESSLY PROVIDED IN SECTION 11C HEREOF, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, REGARDLESS OF THE FORM OF THE ACTION, IN NO EVENT WILL EITHER PARTY’S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE SERVICES OR ANY OTHER USER, EXCEED THE TOTAL OF THE AMOUNTS  PAID AND/OR PAYABLE UNDER THE ANNUALIZED TERM OF THE QUOTE GIVING RISE TO THE CLAIM AT THE TIME SUCH CLAIM AROSE.   THE LIMITATIONS OF DAMAGES SET FORTH ABOVE ARE FUNDAMENTAL ELEMENTS OF THE BASIS OF THE BARGAIN OF THIS AGREEMENT. 
3. Liability Exclusions.  Notwithstanding anything herein to the contrary, the limitations and exclusions of liability set forth in Sections 11a or 11b hereof shall not apply to either party’s (i) indemnification obligations hereunder, (ii) breach of confidentiality or data security obligations hereunder; (iii) violation or infringement of the other party’s Intellectual Property Rights (the “Excluded Claims”); provided that neither party’s total aggregate liability for the Excluded Claims  shall exceed the amount of three times (3X) the total of the amounts paid and/or payable under the annualized term of the Quote giving rise to the claim at the time such claim arose.  

12. Term and Termination. 

1. Term of Agreement.   This Agreement shall commence on the Effective Date and will continue thereafter until (i)  the furthermost end date of the Service Period in the last to expire Quote or (ii) where applicable, termination for material breach is effectuated under Section 12b.
2. Termination of Agreement for Material Breach. Each party shall have the right to terminate this Agreement, and all Quotes  or SOWs subject to this Agreement, in their entirety upon written notice to the other Party if such Party materially breaches its obligations under this Agreement and, after receiving written notice identifying such material breach in reasonable detail, fails to cure such material breach within thirty (30) days from the date of such notice; provided, that BMP Security may terminate this Agreement immediately upon written notice where a breach or violation that cannot be reasonably be cured.
3. Term and Termination of a Quote or SOW for Breach.  Each Quote and/or SOW shall remain in effect for the Service Period and the Services or Professional Services will be provided by BMP Security only during the Service Period.   An individual Quote or SOW shall not be subject to termination, except that a Quote or SOW may be terminated (in whole but not in part) by a party solely if the other party fails to cure a material breach thereof, or of this Agreement as it relates to such Quote or SOW, within thirty (30) days after receiving written notice of the breach from the non-breaching party or immediately if a material breach is not capable of cure.
4. Effect of Termination.  Upon any termination or expiration of this Agreement, all rights and obligations of the parties shall end, other than their rights and obligations which are intended to survive termination.
5. Destruction of Software and Data.  Upon any expiration or termination of this Agreement, BMP Security shall delete any Customer Data or Customer Confidential Information relating to Customer upon request, unless we are prohibited by law from doing so. Customer will be able to access the Platform for fourteen (14) days in order to export any reports, Customer Data, or Customer Confidential Information using the functionality within the Platform. The fourteen (14) day period may be extended by mutual agreement, on a case by case basis, if a longer time period is needed. 
   

13. Force Majeure.

If the performance of any obligation hereunder is interfered with by reason of any circumstances beyond a party’s reasonable control, including but not limited to acts of God, labor strikes and other labor disturbances, power surges or failures, or the act or omission of any third party, the party shall be excused from such performance to the extent necessary during the term of any force majeure event, provided the party shall use reasonable efforts to remove such causes of nonperformance.  If an event of force majeure prevents either party from performing its responsibilities under this Agreement for a period of more than thirty (30) days, the other party may terminate this Agreement and any outstanding Quote immediately upon written notice.

14. Publicity, Reference, and Use of Trademarks.

BMP Security may (i) list Customer in BMP Security’s list of references and in proposals to potential BMP Security customers; and (ii) identify Customer as a customer of BMP Security (using Customer’s name and logo) and generally describe the nature of the relationship in BMP Security’s promotional materials, presentations, and on BMP Security’s website.

15. Assignment and Related Matters.

Except as otherwise set forth herein, neither party may assign, transfer, delegate or subcontract this Agreement or any rights or obligations under this Agreement, in whole or in part, without the other party’s prior written consent. Any attempt by either party to assign, transfer, delegate or subcontract this Agreement or any rights or obligations hereunder, without such consent, will be null and of no effect. Notwithstanding the foregoing, BMP Security may assign or transfer this Agreement, without Customer’s consent, to an Affiliate or to a successor in interest resulting from a merger, sale of substantially all of its assets, change of control or by operation of law.  Subject to the foregoing, this Agreement will bind and inure to the benefit of the parties, their successors and permitted assigns.

16. Survival.

Except as expressly set in this Agreement, the rights and obligations set in Section 2 (Quotes, Invoicing and Payment), Section 5 (Intellectual Property Rights), Section 6 (License Grants), Section 7 (Confidentiality), Section 9 (Warranties), Section 10 (Indemnification), Section 11 (Limitation of Liability), Section 18 (Governing Law), Section 20 (Independent Party), and Section 21 (Entire Agreement, Amendment, and Waiver) shall survive the expiration or termination of this Agreement.

17. Governing Law.

This Agreement shall be governed by the laws of the State of Wyoming, without regard to its conflict-of-law provisions. The United Nations Convention on Contracts for the International Sale of Goods does not apply to the transactions contemplated by this Agreement.  The Uniform Computer Information Transactions Act (“UCITA”) will not apply to this Agreement regardless of when and howsoever adopted, enacted and further amended under the governing state laws. 

18. Notices.

Notices shall be sent in writing to each party at the address first set forth above or via e-mail.  E-mail notices to BMP Security shall be sent to legal@bmpsecurity.com. Notices shall be deemed to be delivered (i) one day after delivery with a reputable overnight carrier (ii) three days after deposit with US Postal Service sent first class mail, return receipt requested, or (iii) the day an e-mail is transmitted without an error or bounce-back message.

19. Independent Parties.

The relationship of the parties is that of independent contracting parties and BMP Security shall not be construed to be an employee, partner or agent of Customer.

20. Entire Agreement, Amendment and Waiver.

The terms and conditions of this Agreement (including any applicable schedules, referenced documents, Quotes, or SOWs entered into pursuant hereto) provide the complete understanding of the parties with regard to the subject matter hereof and supersede all previous communications, agreements, proposals or representations related to the subject matter hereof. Except as otherwise expressly provided for herein, any waiver, amendment, or modification of any right or remedy, in whole or in part under this Agreement, or any additional or different terms in, acknowledgments or other documents, will not be effective unless expressly agreed to in writing and signed by the authorized representatives the parties. In the event of any conflicting terms in a Quote, SOW, or supplemental agreement terms (‘Other Terms’), the Other Terms shall govern. It is expressly agreed that no additional terms and conditions contained in Customer’s purchase order, internet procurement portal or other non-BMP Security document shall apply to the Services ordered.

21. Miscellaneous.

This Agreement may be executed in counterparts, which, taken together, will constitute one and the same instrument. The exchange of a fully executed Agreement (in counterparts or otherwise) by electronic means or in writing shall be sufficient to bind the parties to the terms and conditions of this Agreement and to any Quote or SOW.

22. Subject Headings.

The subject headings of this Agreement are included for purposes of convenience only and shall not affect the construction or interpretation of any of its provision.