BY CLICKING TO SIGN IN ON-LINE TO USE THE COBALT SITE AND SERVICES AND BY USING THE SITE AND SERVICES FOR PROFESSIONAL SERVICES, YOU (OR “CUSTOMER”) AGREE TO COMPLY WITH AND BE LEGALLY BOUND BY THESE SUPPLEMENTAL TERMS (“SUPPLEMENTAL TERMS”). THESE SUPPLEMENTAL TERMS ARE INCORPORATED INTO AND FORM A PART OF THE GENERAL TERMS FOUND AT COBALT.IO/TERMS (“AGREEMENT” or “GENERAL TERMS”) AND GOVERN YOUR ACCESS TO AND USE OF THE SITE, SERVICES, AND PROFESSIONAL SERVICES AND CONSTITUTE A BINDING LEGAL AGREEMENT BETWEEN YOU, COBALT AND THE SECURITY PENTESTER. IF YOU DO NOT AGREE TO THESE SUPPLEMENTAL TERMS, YOU HAVE NO RIGHT TO USE THE SITE, SERVICES, OR PROFESSIONAL SERVICES.
1. PROFESSIONAL SERVICES
“Professional Services” shall include certain security testing, consulting, training, and other similar services, inclusive of any deliverable associated therewith, performed by Cobalt as identified with specificity under the terms of a Cobalt Sales Order or SOW, with such services to be undertaken by Cobalt personnel or contractors. “Professional Services” excludes the offering of penetration testing Services delivered via the Cobalt Site (app.cobalt.io)
2. SCOPE
a. Scope. Cobalt will perform the Professional Services and deliver the software and/or documents specified as deliverables in the applicable Sales Order or SOW for Professional Services (the “Deliverables”) in accordance with the requirements in the Sales Order or SOW. Any specific scope or limits to the provision of Professional Services shall be set forth in the Sales Order or SOW, in the absence of which Cobalt shall have the discretion to establish the scope and limits of any such Professional Services. Where specific networks, code, systems, devices or objects are the subject of Professional Services, the such networks, code, systems, devices or objects will be identified by Customer in the Sales Order or SOW with specificity. Cobalt shall have the discretion to select applicable methodologies for conducting Professional Services.
b. Changes. At any time prior to completion of the Professional Services under a Sales Order or SOW, Customer may request or Cobalt may recommend modifications to the Sales Order or SOW. Cobalt will advise Customer of the likely impact of any such change, including any effect on the fees and time for completion of the Professional Services. The parties will respond in writing or will meet to discuss any such proposed changes as soon as practicable, but (subject to Section 2.4) neither party will be obligated to agree to any such change, and until such time as any change is agreed to in a writing specifying, inter alia, any change to the fees, time for completion or completion criteria, Cobalt will continue to provide the Professional Services as if such change had not been requested or recommended.
c. Resources. Cobalt will provide appropriately qualified personnel to perform the Professional Services and will use commercially reasonable efforts to minimize changes in such personnel. Cobalt reserves the right to engage independent contractors to perform some or all of the Professional Services, provided that Cobalt remains responsible for the performance of the Professional Services in accordance with this Professional Services Addendum.
d. Schedule. Cobalt and Customer shall mutually agree to a schedule for provision of Professional Services, which shall be identified in the Sales Order or SOW. In the absence of a particular schedule, Cobalt shall have discretion to determine the time and place of any Professional Services hereunder. Any delay in meeting the applicable Professional Services schedule caused by Customer may require execution of a change order or revision and payment of additional fees at Cobalt's sole discretion.
3. CUSTOMER’S OBLIGATIONS
a. Access. For any Professional Services where access to Customer’s systems, office sites, devices or other objects, or third party systems is necessary, Customer will take all steps necessary to ensure that Cobalt obtains all required credentials or permissions.Where Professional Services concern a particular device or object, such device or object will be delivered to Cobalt at a location to be determined by the parties via courier or similar delivery service, with Customer to retain liability over the condition of such device or object until its delivery to Cobalt.
b. On-Site. Where Professional Services provided hereunder require Cobalt to be physically present at Customer’s location, Customer shall be responsible for ensuring Cobalt is provided with sufficient space and resources to perform the Professional Services. Customer will be responsible for providing a safe environment where Cobalt personnel and/or contractors are present, and shall obtain adequate insurance to protect Cobalt and its personnel against any physical injury occurring on Customer’s premises.
c. Customer Personnel. Where Professional Services require engagement of Customer’s personnel, Customer will take all necessary steps to provide Cobalt with reasonable access to such personnel, whether in person or via standard communications tools (i.e. email, Zoom, teleconference, etc.).
d. Failure to Fulfill Obligations. Failure of Customer to timely fulfill the obligations set forth in this Section 3 may preclude timely provision of Professional Services and may require an adjustment of the Professional Services schedule under Section 2.4 and/or suspension of performance by Cobalt.
4. PAYMENT
a. Fees In consideration for the Professional Services and Deliverables, Customer will pay Cobalt the fees specified in the applicable Sales Order or SOW.
b. Expenses. Customer will reimburse Cobalt for all reasonable expenses incurred by Cobalt in performing the Professional Services, including travel, lodging, per-diem and out of pocket expenses, subject to Customer’s pre-approval. In general, expenses will only be incurred for provision of the Professional Services at locations other than Cobalt’s offices, unless otherwise specified in the appliCable Sales Order or SOW.
c. Invoices. Cobalt shall submit invoices on a monthly basis for all fees, charges and expenses relating to the performance of the Professional Services under the applicable Sales Order or SOW. Payments shall be made in U.S. Dollars, or, if different, the applicable currency as set forth in the Sales Order or SOW, within thirty (30) days of receipt of invoice. Unless otherwise specified in the applicable Sales Order or SOW, the payment terms and conditions shall be as set forth in the payment terms provision of the Agreement.
5. SECURITY AND PRIVACY.
The parties agree that Cobalt will not be provided access to any production data processed by the Customer through the provision of Professional Services (“PS Customer Data”), whether by way of transfer of PS Customer Data to Cobalt’s systems, access to Customer’s systems or exposure to PS Customer Data through shared screens, screen shots, etc., other than sample, hashed or anonymized data used for development and testing purposes. If and to the extent it is agreed by the parties that Customer will grant Cobalt access to PS Customer Data, Cobalt shall employ and maintain commercially reasonable safeguards to protect the security and confidentiality of PS Customer Data. Those safeguards will include, but will not be limited to, measures for preventing unauthorized access to or disclosure of PS Customer Data. Cobalt will not use or disclose PS Customer Data except (a) as required to provide Professional Services, (b) as required by law, or (c) as Customer expressly permits Cobalt in writing. Customer shall be solely responsible for ensuring that granting Cobalt access to PS Customer Data as set forth in this Section 5 does not violate applicable laws governing the use of PS Customer Data, including but not limited to the rights of data subjects whose information is included in the PS Customer Data. If required, Customer shall be responsible for removing or redacting data subject to security restrictions or anonymizing personally identifiable information.
6. OWNERSHIP
a. Deliverables. All Deliverables and all intellectual property rights in the Deliverables will be the sole and exclusive property of Cobalt, whether or not specifically recognized or perfected under the laws of the jurisdiction in which the Professional Services are used or licensed. No work product of Cobalt shall be construed as or deemed to be a “work made for hire”. Accordingly, Customer acknowledges that Cobalt retains sole and exclusive ownership of all right, title and interest to all Deliverables. Cobalt shall own all rights in any copy, translation, modification, adaptation or derivation of the Deliverables, including any improvement or development thereof. At no time will Customer dispute or contest Cobalt’s exclusive ownership rights in any Deliverables. Notwithstanding the above, Cobalt grants to Customer a perpetual, worldwide, non-exclusive license in the Deliverables for Customer’s internal use only. Cobalt shall have no obligation to provide support services or otherwise maintain any Deliverables delivered hereunder.
b. Materials. Cobalt may furnish Customer with reports, analyses or other such materials (the "Materials"). Customer understands and agrees that any such Materials will be furnished solely for its internal use and may not be furnished in whole or in part to any other person other than its directors, officers, employees or advisors without the prior written consent of Cobalt. Cobalt grants to Customer a perpetual, irrevocable, nontransferable, paid-up right and license to use and copy such Materials and prepare derivative works based on such Materials for its internal use, subject to the terms of this Section. All other rights in such Materials, excluding any Confidential Information of Customer, remain in and/or are assigned to Cobalt.
c. Cooperation. The parties will cooperate with each other and execute such other documents as may be appropriate to achieve the objectives of this Section.
7. WARRANTY
a. Warranty. Cobalt warrants that it shall use commercially reasonable efforts in performing the Professional Services. Cobalt further warrants that any Deliverable provided through the Professional Services shall substantially conform to the specification for such Deliverable as set out in the applicable Sales Order or SOW. If Customer notifies Cobalt that Professional Services or any Deliverable fails to conform to the aforestated warranties within thirty (30) days of the acceptance of the Deliverable, Cobalt shall (as Customer’s sole and exclusive remedy), re-perform the Professional Services and/or correct any defects with the Deliverable in question.
b. Disclaimer. COBALT’S OBLIGATION UNDER THE ABOVE WARRANTY SHALL BE ITS SOLE LIABILITY AND IT SHALL HAVE NO OTHER LIABILITY WHATSOEVER WITH RESPECT TO THE QUALITY, FITNESS FOR A PARTICULAR PURPOSE OR MERCHANTABILITY OF THE PROFESSIONAL SERVICES OR ANY DELIVERABLES AND ALL OTHER REPRESENTATIONS, STATUTORY OR OTHERWISE ARE EXCLUDED.
