The URL can be used to link to this page

2023/02/23 Cellebrite, Inc. SAAS AgreementSaaS SLA for Cellebrite Inc. https://legal.cellebrite.com/Cellebrite-SaaS-Terms-of-Service-October-18-2021.htm[2/9/2023 4:49:05 PM] SAAS TERMS OF SERVICE THESE SAAS TERMS OF SERVICE (THE “TERMS” OR THIS “AGREEMENT”) ARE A LEGAL AGREEMENT BETWEEN THE ENTITY ON WHOSE BEHALF YOU ARE AGREEING TO THIS AGREEMENT (“CUSTOMER”) AND CELLEBRITE. BY CLICKING THE "I ACCEPT" BUTTON, EXECUTING AN ORDER FORM THAT INCLUDES THESE TERMS BY REFERENCE, ACCESSING OR USING THE CELLEBRITE SERVICES, CUSTOMER ACKNOWLEDGES THAT CUSTOMER HAS REVIEWED AND ACCEPTS THESE TERMS. YOU ARE AGREEING TO THESE TERMS AS A REPRESENTATIVE OF AN ENTITY, AS A REPRESENTATIVE OF CUSTOMER, AND YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND CUSTOMER. IF CUSTOMER DOES NOT AGREE WITH ALL OF THESE TERMS, DO NOT ACCESS OR OTHERWISE USE THE CELLEBRITE SERVICE REFERENCED IN THE ORDER FORM. CELLEBRITE MAY MAKE CHANGES TO THE CELLEBRITE SERVICES AND TO THESE TERMS AT ANY TIME. 1. DEFINITIONS. “Activation Date” means the date, set forth in the applicable Order Form, on which the Cellebrite Service is scheduled to be made available to Customer. “Affiliate” means any entity, now or hereafter existing (so long as such entity does not have its own agreement with Cellebrite for use of the Software or access and use of the Cellebrite Services) that directly or indirectly, through one or more intermediaries, controls, is controlled by, or is under common control with the subject entity. For purposes of this definiti on, “control” means direct or indirect possession of the power to direct or cause the direction of the management and policies of an entity, whether through the ownership of voting securities, by contract or otherwise. An entity shall be considered an “Affiliate” only so long as that entity meets the foregoing definition. “Ancillary Services” means implementation, training or consulting services that Cellebrite may perform as described in an Order Form. “Authorized Purposes” means Customer’s internal business purposes. “Authorized Users” means the number of Users that Customer is licensed to have access to the Services, all as set forth in the Order Form. “Cellebrite” means Cellebrite DI Ltd. or its Affiliate that has an agreement with Customer and/or issues invoices to Customer with respect to the Services. “Cellebrite Service” means the Cellebrite Software as a Service (“SaaS”) to be provided by Cellebrite to Customer pursuant to these Terms and any applicable Order Form, and for all purposes of these Terms, such services exclude any Open Source Software that may be used to provide the Cellebrite Service and all Third Party Offerings. “Customer Data” means all data, including Personal Information, submitted, stored, posted, displayed, or otherwise transmitted to the Cellebrite Service by or on behalf of Customer, including without limitation by any User. “Customer System” means Customer’s internal website(s), servers and other equipment and software used in the conduct of Customer’s business. “Documentation” means the printed, paper, electronic or online user instructions and help files made available by Cellebrite for use with the Cellebrite Service, as may be updated from time to time by Cellebrite. “Intellectual Property Rights” means all intellectual property rights or similar proprietary rights, including (a) patent rights and utility models, (b) copyrights and database rights, (c) trademarks, trade names, domain names and trade dress and the goodwill associated therewith, (d) trade secrets, (e) mask works, and (f) industrial design rights; in each case, including any registrations of, applications to register, and renewals and extensions of, any of the foregoing in any jurisdiction in the world. “Malicious Code” means viruses, worms, time bombs, Trojan horses and other harmful or malicious code, files, scripts, agents or programs. “Named Users” means a User authorized by Customer to access or use the Services through the assignment of a single user ID, regardless of whether such User is using the Services at any given time. A non-human device capable of accessing or access the Services is counted as a Named User. “Open Source Software” means all software that is available under the GNU Affero General Public License (AGPL), GNU General Public License (GPL), GNU Lesser General Public License (LGPL), Mozilla Public License (MPL), Apache License, BSD licenses, or any other license that is approved by the Open Source Initiative (www.opensource.org). “Order Form” means a purchase order submitted by Customer to Cellebrite. Affiliates of Customer may purchase licenses to access and use the Cellebrite Service, or receive Support Services or Ancillary Services, subject to these Terms by executing DocuSign Envelope ID: 00A8AD36-8143-44B9-B31C-1E7A4033DE6EDocuSign Envelope ID: D9702894-85E5-4448-BE35-951E57FB4727 SaaS SLA for Cellebrite Inc. https://legal.cellebrite.com/Cellebrite-SaaS-Terms-of-Service-October-18-2021.htm[2/9/2023 4:49:05 PM] separate Order Forms hereunder, and by executing an Order Form, that Affiliate of Customer shall be bound by these Terms as if it were an original party hereto. “Personal Information” means (i) all data that identifies an individual or, in combination with any other information or data available to a relevant entity, is capable of identifying an individual, and (ii) such other data that is defined as “personal information” or “personal data” under applicable law. “Services” means the Cellebrite Service, Support Services and any Ancillary Services. “Statement of Work” means a written statement of work entered into and signed by the parties describing the Ancillary Services to be provided by Cellebrite to Customer. “Subscription Term” means the subscription period for Customer’s use of the Cellebrite Service set forth in an Order Form. “Support Services” means the support and maintenance services offered by Cellebrite and purchased by Customer pursuant to an Order Form. “Third Party Offerings” means certain software or services delivered or performed by third parties that are required for the operation of the Cellebrite Service, or other online, web-based CRM, ERP, or other business application subscription services, and any associated offline products provided by third parties, that interoperate with the Cellebrite Service. “User” means a person for whom access to the Cellebrite Services during the Subscription Term have been purchased pursuant to an Order Form, (b) who are authorized by Customer to access and use the Cellebrite Service, and (c) where applicable, who have been supplied user identifications and passwords for such purpose by Customer. 2. ORDERS; LICENSES; AND RESTRICTIONS. 2.1 Orders. Subject to the terms and conditions contained in these Terms, Customer may purchase subscriptions to access and use the Cellebrite Services pursuant to Order Forms. Unless otherwise specified in the applicable Order Form, Cellebrite Services are purchased as User and storage space subscriptions and may be accessed by no more than the number of Users specified in the applicable Order Form. Additional User and/or storage space subscriptions may be added at any time during the applicable Subscription Term, prorated for the remainder of the Subscription Term in effect at the time the additional User and/or storage space subscriptions are added and invoiced separately from the then-existing User and/or storage space subscriptions, as applicable, for the remainder of such Subscription Term. The added User and/or storage space subscriptions, shall terminate on the same date as the pre-existing subscriptions. Unless otherwise specified in the applicable Order Form, User subscriptions are for designated Users only and cannot be shared or used by more than one User, but may be reassigned to new Users replacing former Users who no longer require ongoing use of the Cellebrite Services. Customer agrees that its purchases hereunder are neither contingent on the delivery of any future functionality or features nor dependent on any oral or written public comments made by Cellebrite regarding any future functionality or features. If there is any inconsistency between an Order Form and these Terms, the Order Form controls. 2.2 Access and Use License. Subject to Customer’s compliance with the terms and conditions contained in these Terms, Cellebrite hereby grants to Customer, during the relevant Subscription Term, a limited, non-exclusive, non-transferable (a) right for its Users to access and use the Cellebrite Service in accordance with the Documentation, and (b) license to download any software if software is offered by Cellebrite and required for access and use of the Cellebrite Service (the “Downloadable Software”), in each case solely for Customer’s Authorized Purposes and not for the benefit of any other person or entity. Customer’s use of the Cellebrite Service may be subject to certain limitations, such as, for example, limits on storage capacity for Customer Data. Any such limitations will be specified either in the Order Form or in the Documentation. All references to Cellebrite Services shall include Downloadable Software. 2.3 Restrictions. Customer shall not, directly or indirectly, and Customer shall not permit any User or third party to: (a) reverse engineer, decompile, disassemble or otherwise attempt to discover the object code, source code or underlying ideas or algorithms of the Cellebrite Service; (b) modify, translate, or create derivative works based on any element of the Cellebrite Service or any related Documentation; (c) rent, lease, distribute, sell, resell, assign, or otherwise transfer its rights to use the Cellebrite Service; (d) use the Cellebrite Service for timesharing purposes or otherwise for the benefit of any person or entity other than for the benefit of Customer and Users; (e) remove any proprietary notices from the Documentation; (f) publish or disclose to third parties any evaluation of the Cellebrite Service without Cellebrite’s prior written consent; (g) use the Cellebrite Service for any training purposes, other than for training Customer’s employees, where Customer charges fees or receives other consideration for such training, except as authorized by Cellebrite in writing; (g) deactivate, modify or impair the functioning of any disabling code in any Software; (h) use the Cellebrite Service for any purpose other than its intended purpose; (i) interfere with or disrupt the integrity or performance of the Cellebrite Service; (j) introduce any Open Source Software into the Cellebrite Service; (k) attempt to gain unauthorized access to the Cellebrite Service or their related systems or networks; (l) use the Cellebrite Service in violation of any applicable law (including but DocuSign Envelope ID: 00A8AD36-8143-44B9-B31C-1E7A4033DE6EDocuSign Envelope ID: D9702894-85E5-4448-BE35-951E57FB4727 SaaS SLA for Cellebrite Inc. https://legal.cellebrite.com/Cellebrite-SaaS-Terms-of-Service-October-18-2021.htm[2/9/2023 4:49:05 PM] not limited to any law with respect to human rights or the rights of individuals) or to support any illegal activity or to support any illegal activity; or (n) use the Cellebrite Service to violate any rights of any third party. 2.4 Reservation of Rights. Except as expressly granted in these Terms, there are no other licenses granted to Customer, express, implied or by way of estoppel. All rights not granted in these Terms are reserved by Cellebrite. 3. THIRD PARTY OFFERINGS. 3.1 Customer acknowledges and agrees that the access and use of any Service (or certain features thereof) may involve access and/or use of Third Party Software. In addition to the Agreement, Customer shall comply with the terms and conditions applicable to any such Third Party Software, including without limitation the following terms and conditions: i. BingMaps - https://www.microsoft.com/en-us/maps/product/terms-april- 2011; http://aka.ms/BingMapsMicrosoftPrivacy; ii. OpenStreetMap – http://www.openstreetmap.org/copyright. 3.2 No Implied Licenses. Except for the express licenses set forth herein, Cellebrite does not grant any license to Customer, whether by implication or otherwise. 3.3 Open Source Software. I. Services may use and/or be provided with third party open source software, libraries or other components (“Open Source Component”). To the extent so stipulated by the license that governs each Open Source Component (“Open Source License”), each such Open Source Component is licensed directly to Customer from its respective licensors and not sublicensed to Customer by Cellebrite, and such Open Source Component is subject to its respective Open Source License, and not to this Agreement. If, and to the extent, an Open Source Component requires that this Agreement effectively impose, or incorporate by reference, certain disclaimers, permissions, provisions, prohibitions or restrictions, then such disclaimers, permissions, provisions, prohibitions or restrictions shall be deemed to be imposed, or incorporated by reference into this Agreement, as required, and shall supersede any conflicting provision of this Agreement, solely with respect to the corresponding Open Source Component which is governed by such Open Source License. II. If an Open Source License requires that the source code of its corresponding Open Source Component be made available to Customer, and such source code was not delivered to Customer with the Software, then Cellebrite hereby extends a written offer, valid for the period prescribed in such Open Source License, to obtain a copy of the source code of the corresponding Open Source Component, from Cellebrite. To accept this offer, Customer shall contact Cellebrite at support@cellebrite.com. 4. PASSWORDS; SECURITY. 4.1 Passwords. Customer shall be, and shall ensure that each of their Affiliates and their respective Users are, responsible for maintaining the confidentiality of all user logins and passwords and for ensuring that each user login and password is used only by the User. Customer is solely responsible for any and all access and use of the Cellebrite Services. Customer shall, and shall ensure that Customer’s Affiliates, restrict its Users from sharing passwords. Customer agrees to immediately notify Cellebrite of any unauthorized use of or access to any account, or any other breach of security known to Customer. Cellebrite shall have no liability for any loss or damage arising from Customer’s failure to comply with the terms set forth in this Section. 4.2 No Circumvention of Security. Neither Customer nor any of Customer’s Affiliates nor any User may circumvent or otherwise interfere with any user authentication or security of the Cellebrite Service. Customer will immediately notify Cellebrite of any breach, or attempted breach, of security known to Customer. 4.3 Security. Each of Cellebrite and Customer represents and warrants that it complies, and at all times during the term of this Agreement, will comply with all data protection, privacy and security laws applicable to each in its performance under this Agreement. Cellebrite will use commercially reasonable efforts to maintain appropriate administrative, physical and technical safeguards designed to protect the security, confidentiality and integrity of Personal Information in a manner consistent with what Cellebrite supplies generally to its other customers and in compliance with applicable law. Notwithstanding the foregoing, Customer acknowledges that, notwithstanding any security precautions deployed by Cellebrite, the use of, or connection to, the Internet provides the opportunity for unauthorized third parties to circumvent such precautions and illegally gain access to the Cellebrite Services and Customer Data. Cellebrite does not guaranty the privacy, security, integrity or authenticity of any information transmitted over or stored in any system connected to or accessible via the Internet. 4.4 Data Processing Addendum. The data processing addendum attached hereto as Exhibit A shall apply to the parties’ processing of Personal Information. DocuSign Envelope ID: 00A8AD36-8143-44B9-B31C-1E7A4033DE6EDocuSign Envelope ID: D9702894-85E5-4448-BE35-951E57FB4727 SaaS SLA for Cellebrite Inc. https://legal.cellebrite.com/Cellebrite-SaaS-Terms-of-Service-October-18-2021.htm[2/9/2023 4:49:05 PM] 5. CUSTOMER OBLIGATIONS. 5.1 Customer System. Customer is responsible for (a) obtaining, deploying and maintaining the Customer System, and all computer hardware, software, modems, routers and other communications equipment necessary for Customer, its Affiliates and their respective Users to access and use the Cellebrite Services via the Internet; (b) contracting with third party ISP, telecommunications and other service providers to access and use the Cellebrite Services via the Internet; and (c) paying all third party fees and access charges incurred in connection with the foregoing. Except as specifically set forth in these Terms, an Order Form or a Statement of Work, Cellebrite shall not be responsible for supplying any hardware, software or other equipment to Customer under these Terms. 5.2 Acceptable Use Policy. Customer shall be solely responsible for its actions and the actions of its Users while using the Cellebrite Service. Customer represents, warrants and agrees that it does and will: (a) abide by all local, state, national, and international laws and regulations applicable to Customer’s use of the Cellebrite Service, including without limitation the provision and storage of Customer Data; (b) not send or store data on or to the Cellebrite Service which violates the rights of any individual or entity established in any jurisdiction; (c) not to upload in any way any information or content that contain Malicious Code or data that may damage the operation of the Cellebrite Services or another's computer or mobile device; (d) not to use the Cellebrite Service for illegal, fraudulent, unethical or inappropriate purposes; (e) not to interfere or disrupt networks connected to the Cellebrite Service or interfere with other ability to access or use the Cellebrite Service; (f) not to interfere with another customer’s use of the Cellebrite Service or another person or entity's use of similar services; (g) not to use the Cellebrite Service in any manner that impairs the Cellebrite Service, including without limitation the servers and networks on which the Cellebrite Service is provided; (h) to comply wi th all regulations, policies and procedures of networks connected to the Cellebrite Service and Cellebrite’s service providers; and (i) to use the Cellebrite Services only in accordance with the Documentation. Customer acknowledges and agrees that Cellebri te neither endorses the contents of any Customer communications, Customer Data or other information nor assumes any responsibility for any offensive material contained therein, any infringement of third party Intellectual Property Rights arising therefrom or any crime facilitated thereby. Cellebrite may remove any violating content posted or stored using the Cellebrite Service or transmitted through the Cellebrite Service, without notice to Customer. Notwithstanding the foregoing, Cellebrite does not guarantee, and does not and is not obligated to verify, authenticate, monitor or edit the Customer Data, Other Information, or any other information or data input into or stored in the Cellebrite Service for completeness, integrity, quality, accuracy or otherwise. Customer shall be responsible and liable for the completeness, integrity, quality and accuracy of Customer Data and Other Information input into the Cellebrite Services. Cellebrite reserves the right to amend, alter, or modify Customer’s conduct requirements as set forth in these Terms at any time. In the event that Cellebrite wants to amend, alter or modify Customer's conduct requirements as set forth in these Terms both Parties may amend, alter or modify this Agreement by written amendment signed by all the Parties. 5.3 Permissions and Responsibilities for Customer Data. Customer represents, warrants and agrees that: (i) it has provided and will provide all notices, and has obtained and will obtain, all approvals, permits, licenses, consents, authoriz ations, registrations, permissions, certifications, rulings, orders, judgements and other authorizations from any applicable person, employee representative body, regulatory authority, or third party entity or person necessary for Customer’s or its Users’ use of the Cellebrite Services and for Cellebrite to perform or provide any services related to the Cellebrite Services, including, but not limited to, Cellebrite’s processing the Customer Data for the such purposes (“Permissions”). Permissions include rights for Cellebrite to use, access, intercept, analyze, transmit, copy, modify, and store all of the intellectual property rights, Customer Data, Personal Information, confidential information, or other data or information that may be used, accessed, intercepted, transmitted, cop ied, modified or stored by Cellebrite to perform or provide any Cellebrite Services to Customer; (ii) it has the right to be in possession of, access, interact with and otherwise use, all devices, equipment, programs, data (including Customer Data) and media (including any telecommunications systems) that are being used in connection with the Cellebrite Services and that the use of the Cellebrite Services, including any instructions given to Cellebrite in connection with the same, is made in compliance with all applicable laws; and (iii) all information provided by or on behalf of Cellebrite during the term of the Agreement shall be complete and accurate in all material respects, and that Customer is entitled to provide the information to Cellebrite for its use as contemplated under the Agreement. Customer acknowledges that: (i) Customer is exclusively responsible to determine what Customer Data it feeds into the Services and is solely responsible to determine the nature, content, characteristics of the Customer Data that it feeds into the Services; and (ii) Cellebrite assumes no responsibility for the nature, content, characteristics or consequences of the Customer Data (whether in their form inbound to the Services, or in their form outbound back to the Customer), and that Customer shall have no plea, claim or demand, and waives any such claims, pleas or demands, of whatever nature, for any of the foregoing. 5.4 Accuracy of Customer’s Contact Information; Email Notices. Customer agrees to provide accurate, current and complete information as necessary for Cellebrite to communicate with Customer from time to time regarding the Services, issue invoices or accept payment, or contact Customer for other account-related purposes. Customer agrees to keep any online account information current and inform Cellebrite of any changes in Customer’s legal business name, address, email address and phone number. Customer agrees to accept emails from Cellebrite at the e-mail addresses specified by its Users for login purposes. In addition, Customer agrees that Cellebrite may rely and act on all information and instructions provided to Cellebrite by Users from the above-specified e-mail address. DocuSign Envelope ID: 00A8AD36-8143-44B9-B31C-1E7A4033DE6EDocuSign Envelope ID: D9702894-85E5-4448-BE35-951E57FB4727 SaaS SLA for Cellebrite Inc. https://legal.cellebrite.com/Cellebrite-SaaS-Terms-of-Service-October-18-2021.htm[2/9/2023 4:49:05 PM] 5.5 Temporary Suspension. Cellebrite may temporarily suspend Customer’s, its Affiliates’ or their respective Users’ access to the Cellebrite Services in the event: (i) that either Customer, its Affiliates or any of their Users is engaged in, or Cellebrite in good faith suspects Customer, its Affiliates’ or any of their Users is engaged in, any unauthorized or unlawful conduct (including, but not limited to any violation of these Terms), or (ii) Cellebrite is required to do so under the orders of a court or other governmental body having jurisdiction over Customer or Cellebrite. Cellebrite will attempt to contact Customer prior to or contemporaneously with such suspension; provided, however, that Cellebrite’s exercise of the suspension rights herein shall not be conditioned upon Customer’s receipt of any notification. A suspension may take effect for Customer’s entire account and Customer understands that such suspension would therefore include its Affiliates and User sub-accounts. Customer agrees that Cellebrite shall not be liable to Customer, any of its Affiliates or Users, or any other third party if Cellebrite exercises its suspension rights as permitted by this Section. Upon determining that Customer has ceased the unauthorized conduct leading to the temporary suspension to Cellebrite’s reasonable satisfaction, Cellebrite shall reinstate Customer’s, its Affiliates and their respective Users’ access and use of the Cellebrite Services. Notwithstanding anything in this Section to the contrary, Cellebrite’s suspension of Cellebrite Services is in addition to any other remedies that Cellebrite may have under these Terms or otherwise, including but not limited to termination of these Terms for cause. Additionally, if there are repeated incidences of suspension, regardless of the same or different cause and even if the cause or conduct is ultimately cured or corrected, Cellebrite may, in its reasonable discretion, determine that such circumstances, ta ken together, constitute a material breach. 6. AVAILABILITY; SUPPORT 6.1 Availability. Subject to the terms and conditions of these Terms, Cellebrite will use commercially reasonable efforts to make the Cellebrite Service available with minimal downtime 24 hours a day, 7 days a week; provided, however, that the following are excepted from availability commitments: (a) planned downtime (with regard to which Cellebrite will use commercially reasonable efforts to provide advance notice, and (b) routine maintenance times , and (c) any unavailability caused by circumstances of Force Majeure. Certain enhancements to the Cellebrite Services made generally available at no cost to all subscribing customers during the applicable Subscription Term will be made available to Customer at no additional charge. However, the availability of some new enhancements to the Cellebrite Services may require the payment of additional fees, and Cellebrite will determine at its sole discretion whether access to any other such new enhancements will require an additional fee. These Terms will apply to, and the Cellebrite Service includes, any bug fixes, error corrections, new builds, enhancements, updates, upgrades and new modules to the Cellebrite Service subsequently provided by Supplier to Customer hereunder. 6.2 Support. Cellebrite makes a variety of Support Services offerings available to its customers and will provide Customer with the level of support to which Customer is entitled based on Customer’s purchase as set forth in an Order Form. 6.3 Included Services for Guardian’s Customers: (a) “Included Guardian Annual Services” shall mean services to be provided to Customers using Cellebrite’s Guardian solution (respectively, “Guardian” and “Guardian Customers”) with respect to new (other than renewals) Guardian subscriptions issued under Quotes dated February 15, 2022 onwards; Such services may include first installation assistance and/or web-based guidance and/or implementation, all as defined and/or as shall be defined from time to time by Cellebrite at its sole and absolute distraction. (b) During the Guardian’s Subscription Term, Guardian Customers shall be entitled to up to 2 (two) sessions (maximum 4 hours per each session) of Included Guardian Annual Services per year, on a non-accumulative basis. The Included Guardian Annual Services shall be provided to Guardian Customers remotely or on-site - at Cellebrite’s sole and absolute discretion. Upon Guardian Customer’s written request to receive the annual Included Guardian Annual Services, Cellebrite and the Guardian Customer shall mutually determine regarding the dates of executions of the annual Included Guardian Annual Services. Non-consumption of any Included Guardian Annual Services by the Guardian Customer during the Subscription Term, for any reason, shall not entitle the Guardian Customer to any refund and/or reduction of the Quoted Price and/or any other rights deriving from the non-consumption of the Included Guardian Annual Services. 7. FEES AND PAYMENT. 7.1 Price List. Cellebrite may, at its sole discretion, change its price lists or add or remove services and/or products from the price lists. Changes in price lists shall take effect within thirty (30) days from the date of notification to Customer. It is hereby clarified that changes in price lists shall not apply to services and/or products underlying an executed Order Form, however, price list changes will apply to any executed Order Form if Customer has requested an amendment to the executed Order Form and the amendment has not been accepted by Cellebrite at the time of the price list change. 7.2 Total Purchase Price. Customer shall pay Cellebrite the total price as set forth in the Order Form (“Total Purchase Price”). Cellebrite may charge Customer for any modifications to an accepted Order Form. DocuSign Envelope ID: 00A8AD36-8143-44B9-B31C-1E7A4033DE6EDocuSign Envelope ID: D9702894-85E5-4448-BE35-951E57FB4727 SaaS SLA for Cellebrite Inc. https://legal.cellebrite.com/Cellebrite-SaaS-Terms-of-Service-October-18-2021.htm[2/9/2023 4:49:05 PM] 7.3 Quoted Price. Unless otherwise agreed in writing, all prices quoted in the Order Form (“Quoted Price”) shall be paid by Customer to the account(s) indicated by Cellebrite. All payments shall be made in US currency or other currency mutually agreed by the Parties. The payment is considered made at the date when the amounts effectively reach Cellebrite’s bank account. The Quoted Price does not include transportation, insurance, federal, state, local, excise, value-added, use, sales, property (ad valorem), and similar taxes or duties. In addition to the Quoted Price, Customer shall pay all taxes, fees, or charges imposed by any governmental authority. If Cellebrite is required to collect the foregoing, Customer will pay such amounts promptly unless it has provided Cellebrite with a satisfactory valid tax exemption certificate authorized by the appropriate taxing authority. 7.4 Terms of Payment and Default Interest. Payment for the Services under any confirmed Order Form shall be in accordance with the payment terms set forth in the Cellebrite Quote, issued by Cellebrite pursuant to this Agreement (the “Quote”). Failure to make due payment in accordance with the terms of the Quote may cause Cellebrite to apply an interest charge of up to one and one-half percent (1.5%) per month (but not to exceed the maximum lawful rate) on all amounts which are not timely and duly paid, accruing daily and compounding monthly from the date such amounts were due. Customer shall reimburse Cellebrite for all costs and expenses incurred by Cellebrite in connection with the collection of overdue amounts, including attorneys’ fees. Customer shall not be permitted to set off any deductions against any amounts due to Cellebrite. 7.5 Suspension of Service. If any amounts owed by Customer for the Services are thirty (30) or more days overdue, Cellebrite may, without limiting Cellebrite’s other rights and remedies, suspend Customer’s and its Users’ access to the Services until such amounts are paid in full. 7.6 Payment Disputes. Cellebrite agrees that it will not exercise its rights under this Section 7 if the applicable charges are under reasonable and good-faith dispute and Customer is cooperating diligently to resolve the dispute. 7.7 Taxes. “Taxes” means all taxes, levies, imposts, duties, fines or similar governmental assessments imposed by any jurisdiction, country or any subdivision or authority thereof including, but not limited to federal, state or local sales, use, property, excise, service, transaction, privilege, occupation, gross receipts or similar taxes, in any way connected with these Terms o r any instrument, order form or agreement required hereunder, and all interest, penalties or similar liabilities with respect thereto, except such taxes imposed on or measured by a party’s net income. Notwithstanding the foregoing, Taxes shall not include payroll taxes attributable to the compensation paid to workers or employees and each party shall be responsible for its own federal and state payroll tax collection, remittance, reporting and filing obligations. Fees and charges imposed under these Terms or under any order form or similar document ancillary to or referenced by these Terms shall not include Taxes except as otherwise provided herein. Customer shall be responsible for all of such Taxes. If, however, Cellebrite has the legal obligation to pay Taxes and is required or permitted to collect such Taxes for which Customer is responsible under this section, Customer shall promptly pay the Taxes invoiced by Cellebrite unless Customer has furnished Cellebrite with valid tax exemption documentation regarding such Taxes at the execution of these Terms or at the execution of any subsequent instrument, order form or agreement ancillary to or referenced by these Terms. Customer shall comply with all applicable tax laws and regulations. Customer hereby agrees to indemnify Cellebrite for any Ta xes and related costs paid or payable by Cellebrite attributable to Taxes that would have been Customer’s responsibility under this Section 8.6 if invoiced to Customer. Customer shall promptly pay or reimburse Cellebrite for all costs and damages related to any liability incurred by Cellebrite as a result of Customer’s non-compliance or delay with its responsibilities herein. Customer’s obligation under this Section 8.6 shall survive the termination or expiration of these Terms. 8. REPRESENTATIONS AND WARRANTIES; DISCLAIMER. 8.1 Mutual Representations and Warranties. Each party represents, warrants and covenants that: (a) it has the full power and authority to enter into these Terms and to perform its obligations hereunder, without the need for any consents, approvals or immunities not yet obtained; and (b) its acceptance of and performance under these Terms shall not breach any oral or writ ten agreement with any third party or any obligation owed by it to any third party to keep any information or materials in confidence or in trust. 8.2 Customer Representations and Warranties. Customer represents, warrants and covenants that during the term of these Terms that (a) only Users who have obtained any necessary consents and approvals pursuant to applicable laws shall be permitted to use the Cellebrite Service; (b) Customer will obtain any necessary approval, consent, authorization, release, clearance or license of any third party and any release related to any rights of privacy or publicity required in connection with Customer’s or its Users’ use of the Cellebrite Service and Customer Data, and (c) Customer and its Users shall use the Cellebrite Service in compliance all applicable federal, state and local laws, rules and regulations including without limitation those related to data privacy, protection and security. 8.3 Cellebrite Service Warranty. Cellebrite warrants that during the relevant Subscription Term, the Cellebrite Service will conform, in all material respects, with the Documentation, PROVIDED, HOWEVER, THAT CELLEBRITE DOES NOT MAKE, AND HEREBY DISCLAIMS ANY REPRESENTATIONS OR WARRANTIES CONCERNING THE PROPER STORAGE OF THE DocuSign Envelope ID: 00A8AD36-8143-44B9-B31C-1E7A4033DE6EDocuSign Envelope ID: D9702894-85E5-4448-BE35-951E57FB4727 SaaS SLA for Cellebrite Inc. https://legal.cellebrite.com/Cellebrite-SaaS-Terms-of-Service-October-18-2021.htm[2/9/2023 4:49:05 PM] CUSTOMER DATA (WHETHER IN ITS INBOUND OUTBOUND FORM), OR ITS DATA-INTEGRITY, AVAILABILITY OR ABSENCE OF MODIFICATIONS THERETO. For a breach of the foregoing warranty, Cellebrite will, at no additional cost to Customer, provide remedial services necessary to enable the Cellebrite Service to conform to the warranty. The Customer will provide Cellebrite with a reasonable opportunity to remedy any breach and reasonable assistance in remedying any defects. Such warranty shall only apply if the Cellebrite Service has been utilized by the Customer in accordance with the Order Form and this Agreement. 8.4 Ancillary and Support Services Warranty. Cellebrite warrants that any Ancillary Services and the Support Services provided hereunder shall be provided in a competent and professional manner and in accordance with any specifications set forth in the Order Form in all material respects. If the Ancillary Services or the Support Services are not performed in conformity with the foregoing warranty, then, upon the Customer’s written request, Cellebrite shall promptly re-perform, or cause to be re-performed, such Ancillary Services or Support Services, at no additional charge to the Customer. Such warranties and other obligations shall survive for thirty (30) days following the completion of the Ancillary Services or the Support Services. 8.5 Disclaimer. EXCEPT FOR THE WARRANTIES SET FORTH IN THIS SECTION 9, THE CELLEBRITE SERVICES, SUPPORT SERVICES, ANCILLARY SERVICES, THIRD PARTY OFFERINGS AND ANY NON-GA SERVICES ARE PROVIDED ON AN AS-IS BASIS. CUSTOMER’S USE OF THE CELLEBRITE SERVICE, SUPPORT SERVICES, ANCILLARY SERVICES, THIRD- PARTY OFFERINGS AND NON-GA SERVICES IS AT ITS OWN RISK. CELLEBRITE DOES NOT MAKE, AND HEREBY DISCLAIMS, ANY AND ALL OTHER EXPRESS, STATUTORY AND IMPLIED REPRESENTATIONS AND WARRANTIES, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT AND TITLE, QUALITY, SUITABILITY, OPERABILITY, CONDITION, SYSTEM INTEGRATION, NON - INTERFERENCE, WORKMANSHIP, TRUTH, ACCURACY (OF DATA OR ANY OTHER INFORMATION OR CONTENT), THE PROPER STORAGE OF THE CUSTOMER DATA (WHETHER IN ITS INBOUND OUTBOUND FORM), OR ITS DATA-INTEGRITY, AVAILABILITY OR ABSENCE OF MODIFICATIONS THERETO, ABSENCE OF DEFECTS, WHETHER LATENT OR PATENT, AND ANY WARRANTIES ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. THE EXPRESS WARRANTIES MADE BY CELLEBRITE IN SECTION 10 ARE FOR THE BENEFIT OF THE CUSTOMER ONLY AND NOT FOR THE BENEFIT OF ANY THIRD PARTY. ANY SOFTWARE PROVIDED THROUGH THE CELLEBRITE SERVICES IS LICENSED AND NOT SOLD. 8.6 NO AGENT OF CELLEBRITE IS AUTHORIZED TO ALTER OR EXPAND THE WARRANTIES OF CELLEBRITE AS SET FORTH HEREIN. CELLEBRITE DOES NOT WARRANT THAT: (A) THE USE OF THE SERVICES OR NON-GA SERVICES WILL BE SECURE, TIMELY, UNINTERRUPTED OR ERROR-FREE OR OPERATE IN COMBINATION WITH ANY OTHER HARDWARE, SOFTWARE, SYSTEM OR DATA; (B) THE SERVICES WILL MEET CUSTOMER’S REQUIREMENTS OR EXPECTATIONS; (C) ANY STORED CUSTOMER DATA WILL BE ACCURATE OR RELIABLE; (D) THE QUALITY OF ANY INFORMATION OR OTHER MATERIAL OBTAINED BY CUSTOMER THROUGH THE SERVICES OR NON-GA SERVICES WILL MEET CUSTOMER’S REQUIREMENTS OR EXPECTATIONS; (E) THE SERVICES AND NON-GA SERVICES WILL BE ERROR- FREE OR THAT ERRORS OR DEFECTS IN THE SERVICES AND NON-GA SERVICES WILL BE CORRECTED; OR (F) THE SERVER(S) THAT MAKE THE SERVICES AND NON-GA SERVICES AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. THE SERVICES AND NON-GA SERVICES MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS. CELLEBRITE IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, OR OTHER DAMAGES RESULTING FROM SUCH PROBLEMS. 9. Trial 9.1 General. From time to time, Cellebrite may invite Customer to try at no charge services that are or are not generally available to Cellebrite customers (accordingly, a “Trial”, “GA” and “Non-GA”). Customer may accept or decline any such Trial in its sole discretion. If Customer accepts such Trial, the Trial shall be subject to the terms of this Agreement. Any Trial license granted by Cellebrite to Customer shall be non-exclusive, non-transferable, limited and non-assignable, and with or without charge as shall be determined by Cellebrite. Cellebrite has the right to immediately revoke a Trial license at any time in its sole discretion. 9.2 Feedback. During the Trial, the Customer agrees to provide reasonable reports as requested by Cellebrite, which may disclose, inter alia, (1) which portions of the services have been used, (2) errors or difficulties discovered in sufficient detail to allow Cellebrite to recreate the errors and difficulties, and (3) other data which is reasonably requested by Cellebrite. The Customer agrees to notify Cellebrite by telephone as promptly as practicable of the discovery of a material error or difficulty in the Trial. All and any reports and feedback provided by the Customer to Cellebrite shall be considered the Proprietary Information of Cellebrite alone. 9.3 ProFound Trial. Notwithstanding the terms of this Agreement, ProFound Trials are provided for evaluation purposes only, with or without charge, and for a time period determined by Cellebrite. At the end of a ProFound Trial, the Customer shall be granted 24 hours access to remove any of its data from the ProFound service platform. Customer shall immediately return any and all documents, notes and other materials assessing the functionality of the Trial Services to Cellebrite including all Proprietary Information and all copies made thereof. DocuSign Envelope ID: 00A8AD36-8143-44B9-B31C-1E7A4033DE6EDocuSign Envelope ID: D9702894-85E5-4448-BE35-951E57FB4727 SaaS SLA for Cellebrite Inc. https://legal.cellebrite.com/Cellebrite-SaaS-Terms-of-Service-October-18-2021.htm[2/9/2023 4:49:05 PM] 9.4 Non-GA. Non-GA Services are provided for evaluation purposes and not for commercial/production use, are not supported, may contain bugs or errors (but shall not knowingly contain any undisclosed Malicious Code), and may be subject to additional terms that shall be provided by Cellebrite to Customer prior to or concurrent with Cellebrite’s invitation to the applicable Non-GA Services. Non-GA Services are not considered “Services” hereunder. Cellebrite has the right to discontinue Non-GA Services at any time in its sole discretion and may never make them generally available. 9.5 Warranty. Customer acknowledge that Trial Services are provided free of charge, and that Non-GA Services are a prerelease code and not at the level of performance or compatibility of a final generally available product offering. Any Trial Services are provided “AS IS” and “as available” basis. Cellebrite disclaims any warranty relating to Trial Services, express or implied, or statutory, including, but not limited to implied warranties, duties or conditions of merchantability, fitness for a particular purpose, accuracy or completeness with regard to the Trial Services. Therefore, the entire risk arising out of the use or performance of Trial Services remains with Customer and the Customer is advised to safeguard important data, to use caution and not to rely in any way on the correct functioning or performance of the Trial Services and/or accompanying materials. 9.6 Trial Term. A Trial shall be in effect for a period of thirty (30) days as of the date of its acceptance by Customer, unless indicated otherwise by Cellebrite. A Trail may be terminated by either party for any reason by providing a written notice to the other party. Upon termination or expiration of a Trial, for any reason, Customer may purchase a subscription to the Services, in accordance with Cellebrite’s terms. Otherwise, the right of use and access to the Services hereunder shall terminate. Customer shall be granted access to remove any of its data within 30 days hereafter. Customer shall immediately return any and all documents, notes and other materials assessing the functionality of the Trial Services to Cellebrite including all Proprietary Information and all copies made thereof. 10. INDEMNIFICATION. 10.1 Cellebrite Indemnity. I. General. During the Subscription Term, Cellebrite, at its expense, shall defend Customer and its Affiliates and their respective officers, directors and employees (the “Customer Indemnified Parties”) from and against all actions, proceedings, claims and demands in each case by a third party (a “Third-Party Claim”) alleging that the Cellebrite Services infringes any patent, copyright or trademark, or misappropriates any trade secret and shall pay all damages, costs and expenses, including attorneys’ fees and costs (whether by settlement or award of by a final judicial judgment) paid to the Third Party bringing any such Third-Party Claim. Cellebrite’s obligations under this Section are conditioned upon (i) Cellebrite being promptly notified in writing of any claim under this Section, (ii) Cellebrite having the sole and exclusive right to control the defense and settlement of the claim, and (iii) Customer providing all reasonable assistance (at Cellebrite’s expense and reasonable request) in the defense of such claim. In no event shall Customer settle any claim without Cellebrite’s prior written approval. Customer may, at its own expense, engage separate counsel to advise Customer regarding a Claim and to participate in the defense of the claim, subject to Cellebrite’s right to control the defense and settlement. II. Mitigation. If any claim which Cellebrite is obligated to defend has occurred, or in Cellebrite’s determination is likely to occur, Cellebrite may, in its sole discretion and at its option and expense (a) obtain for Customer the right to use the Cellebrite Services, (b) substitute a functionality equivalent, non-infringing replacement for such the Cellebrite Services, (a) modify the Cellebrite Services to make it non-infringing and functionally equivalent, or (d) terminate these Terms and refund to Customer any prepaid amounts attributable the period of time between the date Customer was unable to use the Cellebrite Services due to such claim and the remaining days in the then-current Subscription Term. III. Exclusions. Notwithstanding anything to the contrary in these Terms, the foregoing obligations shall not apply with respect to a claim of infringement if such claim arises out of (i) Customer’s use of infringing Customer Data; (ii) use of the Cellebrite Service in combination with any software, hardware, network or system not supplied by Cellebrite where the alleged infringement relates to such combination, (iii) any modification or alteration of the Cellebrite Service other than by Cellebrite, (iv) Customer’s continued use of the Cellebrite Service after Cellebrite notifies Customer to discontinue use because of an infringement claim, (v) Customer’s violation of applicable law; (vi) Third Party Offerings; and (vii) Customer System. IV. Sole Remedy. THE FOREGOING STATES THE ENTIRE LIABILITY OF CELLEBRITE WITH RESPECT TO THE INFRINGEMENT OF ANY INTELLECTUAL PROPERTY OR PROPRIETARY RIGHTS BY THE CELLEBRITE SERVICE OR OTHERWISE, AND CUSTOMER HEREBY EXPRESSLY WAIVES ANY OTHER LIABILITIES OR OBLIGATIONS OF CELLEBRITE WITH RESPECT THERETO. 10.2 Customer Indemnity. Customer shall defend Cellebrite and its Affiliates, licensors and their respective officers, directors and employees (“Cellebrite Indemnified Parties”) from and against any and all Third-Party Claims which arise out of or relate to: (a) a claim or threat that the Customer Data or Customer System (and the exercise by Cellebrite of the rights granted herein with respect thereto) infringes, misappropriates or violates any third party’s Intellectual Property Rights; (b) Customer’s use or alleged use of the Cellebrite Service other than as permitted under or in breach of these Terms, including without limitation using the Cellebrite DocuSign Envelope ID: 00A8AD36-8143-44B9-B31C-1E7A4033DE6EDocuSign Envelope ID: D9702894-85E5-4448-BE35-951E57FB4727 SaaS SLA for Cellebrite Inc. https://legal.cellebrite.com/Cellebrite-SaaS-Terms-of-Service-October-18-2021.htm[2/9/2023 4:49:05 PM] Service in a manner that violates applicable law including without limitation a person’s Fourth Amendment rights under the United States Constitution or Customer’s failure to provide any notice, or obtain any consent, approval or release with respect to the use of Customer Data in connection with the Cellebrite Service as required by applicable law; (c) Customer’s failure to comply with applicable law; or (d) an allegation that the Cellebrite System infringes, misappropriates or violates any third party’s Intellectual Property Rights that results from (i) Customer’s use of the Cellebrite Service in combination with any software, hardware, network or system not supplied by Cellebrite where the alleged infringement relates to such combination, (ii) any modification or alteration of the Cellebrite Service other than by Cellebrite, (iii) Customer’s continued use of the Cellebrite Service after Cellebrite notifies Customer to discontinue use because of an infringement claim, (iv) Customer’s violation of applicable law; or (v) Third Party Offerings. Customer shall pay all damages, costs and expenses, including attorneys’ fees and costs (whether by settlement or award of by a final judicial judgment) paid to the Third Party bringing any such Third-Party Claim. Customer’s obligations under this Section are conditioned upon (x) Customer being promptly notified in writing of any claim under this Section, (y) Customer having the sole and exclusive right to control the defense and settlement of the claim, and (z) Cellebrite providing all reasonable assistance (at Customer’s expense and reasonable request) in the defense of such claim. In no event shall Cellebrite settle any claim without Customer’s prior written approval. Cellebrite may, at its own expense, engage separate counsel to advise Cellebrite regarding a Third-Party Claim and to participate in the defense of the claim, subject to Customer’s right to control the defense and settlement. 11. CONFIDENTIALITY. 11.1 Confidential Information. “Confidential Information” means any and all non-public technical and non-technical information disclosed by one party (the “Disclosing Party”) to the other party (the “Receiving Party”) in any form or medium, whether oral, written, graphical or electronic, pursuant to these Terms, that is marked confidential and proprietary, or that the Disclosing Party identifies as confidential and proprietary, or that by the nature of the circumstances surrounding the disclosure or receipt ought to be treated as confidential and proprietary information, including but not limited to: (a) techniques, sketches, drawings, models, inventions (whether or not patented or patentable), know-how, processes, apparatus, formulae, equipment, algorithms, software programs, software source documents, APIs, and other creative works (whether or not copyrighted or copyrightable); (b) information concerning research, experimental work, development, design details and specifications, engineering, financial information, procurement requirements, purchasing, manufacturing, customer lists, business forecasts, sales and merchandising and marketing plans and information; (c) proprietary or confidential information of any third party who may disclose such information to Disclosing Party or Receiving Party in the course of Disclosing Party’s business; and (d) the terms of these Terms and any Order Form or Statement of Work. Confidential Information of Cellebrite shall include the Cellebrite Service, the documentation, the pricing, and the terms and conditions of this agreement. Confidential Information also includes all summaries and abstracts of Confidential Information. 11.2 Non-Disclosure. Each party acknowledges that in the course of the performance of these Terms, it may obtain the Confidential Information of the other party. The Receiving Party shall, at all times, both during the Term and thereafter, keep in confidence and trust all of the Disclosing Party’s Confidential Information received by it. The Receiving Party shall not use the Confidential Information of the Disclosing Party other than as necessary to fulfill the Receiving Party’s obligations or to exercise the Receiving Party’s rights under these Terms. Each party agrees to secure and protect the other party’s Confidential Information with the same degree of care and in a manner consistent with the maintenance of such party’s own Confidential Information (but in no event less than reasonable care), and to take appropriate action by instruction or agreement with its employees, Affiliates or other agents who are permitted access to the other party’s Confidential Information to satisfy its obligations under this Section. The Receiving Party shall not disclose Confidential Information of the Disclosing Party to any person or entity other than its officers, employees, affiliates and agents who need access to such Confidential Information in order to effect the intent of these Terms and who are subject to confidentiality obligations at least as stringent as the obligations set forth in these Terms. 11.3 Exceptions to Confidential Information. The obligations set forth in Section 11.2 (Non-Disclosure) shall not apply to the extent that Confidential Information includes information which: (a) was known by the Receiving Party prior to receipt from the Disclosing Party either itself or through receipt directly or indirectly from a source other than one having an obligation of confidentiality to the Disclosing Party; (b) was developed by the Receiving Party without use of the Disclosing Party’s Confidential Information; or (c) becomes publicly known or otherwise ceases to be secret or confidential, except as a result of a breach of these Terms or any obligation of confidentiality by the Receiving Party. Nothing in these Terms shall prevent the Receiving Party from disclosing Confidential Information to the extent the Receiving Party is legally compelled to do so by any governmental investigative or judicial agency pursuant to proceedings over which such agency has jurisdiction; provided, however, that prior to any such disclosure, the Receiving Party shall (x) assert the confidential nature of the Confidential Information to the agency; (y) to the extent permitted by applicable law, immediately notify the Disclosing Party in writing of the agency’s order or request to disclose; and (z) cooperate fully with the Disclosing Party in protecting against any such disclosure and in obtaining a protective order narrowing the scope of the compelled disclosure and protecting its confidentiality. 11.4 Injunctive Relief. The Parties agree that any unauthorized disclosure of Confidential Information may cause immediate and irreparable injury to the Disclosing Party and that, in the event of such breach, the Disclosing Party will be entitled, in DocuSign Envelope ID: 00A8AD36-8143-44B9-B31C-1E7A4033DE6EDocuSign Envelope ID: D9702894-85E5-4448-BE35-951E57FB4727 SaaS SLA for Cellebrite Inc. https://legal.cellebrite.com/Cellebrite-SaaS-Terms-of-Service-October-18-2021.htm[2/9/2023 4:49:05 PM] addition to any other available remedies, to seek immediate injunctive and other equitable relief, without bond and without the necessity of showing actual monetary damages. 12. PROPRIETARY RIGHTS. 12.1 Cellebrite Services. As between Cellebrite and Customer, all right, title and interest in the Cellebrite Services and any other Cellebrite materials furnished or made available hereunder, and all modifications and enhancements thereof, and all suggestions, ideas and feedback proposed by Customer regarding the Cellebrite Services, including all copyright rights, patent rights and other Intellectual Property Rights in each of the foregoing, belong to and are retained solely by Cellebrite or Cellebrite’s licensors and providers, as applicable. Customer hereby does and will irrevocably assign to Cellebrite all evaluations, ideas, feedback and suggestions made by Customer to Cellebrite regarding the Cellebrite Service (collectively, “Feedback”) and all Intellectual Property Rights in the Feedback. 12.2 Customer Data. As between Cellebrite and Customer, all right, title and interest in the Customer Data, and all Intellectual Property Rights therein, belong to and are retained solely by Customer. Customer hereby grants to Cellebrite a limited, non-exclusive, royalty-free, worldwide license to use the Customer Data and perform all acts with respect to the Customer Data as may be necessary for Cellebrite to provide the Services to Customer. To the extent that receipt of the Customer Data requires Cellebrite to utilize any account information from a third party service provider, Customer shall be responsible for obtaining and providing relevant account information and passwords, and Cellebrite hereby agrees to access and use the Customer Data solely for Customer’s benefit and as set forth in these Terms. As between Cellebrite and Customer, Customer is solely responsible for the accuracy, quality, integrity, legality, reliability, and appropriateness of all Customer Data. 12.3 Aggregated Statistics. Notwithstanding anything else in these Terms or otherwise, Cellebrite may monitor Customer’s use of the Services and use Customer Data, and Other Information in an aggregate and anonymous manner, including to compile statistical and performance information related to the provision and operation of the Cellebrite Services (“Aggregated Statistics”). As between Cellebrite and Customer, all right, title and interest in the Aggregated Statistics and all Intellectual Property Rights therein, belong to and are retained solely by Cellebrite. Customer acknowledges that Cellebrite will be compiling Aggregated Statistics based on Customer Data, Other Information, and information input by other customers into the Cellebrite Service and Customer agrees that Cellebrite may (a) make such Aggregated Statistics publicly available, and (b) use such information to the extent and in the manner permitted by applicable law or regulation and for any purpose of data gathering, analysis, service enhancement and marketing, provided that such data and information does not identify Customer or its Confidential Information. 12.4 Cellebrite Developments. All inventions, works of authorship and developments conceived, created, written, or generated by or on behalf of Cellebrite, whether solely or jointly, including without limitation, in connection with Cellebrite’s performance of the Ancillary Services hereunder, including (unless otherwise expressly set forth in an applicable Statement of Work) all Deliverables (“Cellebrite Developments”) and all Intellectual Property Rights therein, shall be the sole and exclusive property of Cellebrite. Customer agrees that, except for Customer Confidential Information, to the extent that the ownership of any contribution by Customer or its employees to the creation of the Cellebrite Developments is not, by operation of law or otherwise, vested in Cellebrite, Customer hereby assigns and agrees to assign to Cellebrite all right, title and interest in and to such Cellebrite Developments, including without limitation all the Intellectual Property Rights therein, without the necessity of any further consideration. 12.5 Further Assurances. To the extent any of the rights, title and interest in and to Feedback or Cellebrite Developments or Intellectual Property Rights therein cannot be assigned by Customer to Cellebrite, Customer hereby grants to Cellebrite an exclusive, royalty-free, transferable, irrevocable, worldwide, fully paid-up license (with rights to sublicense through multiple tiers of sublicensees) to fully use, practice and exploit those non-assignable rights, title and interest. If the foregoing assignment and license are not enforceable, Customer agrees to waive and never assert against Cellebrite those non-assignable and non-licensable rights, title and interest. Customer agrees to execute any documents or take any actions as may reasonably be necessary, or as Cellebrite may reasonably request, to perfect ownership of the Feedback and Cellebrite Developments. If Customer is unable or unwilling to execute any such document or take any such action, Cellebrite may execute such document and take such action on Customer’s behalf as Customer’s agent and attorney-in-fact. The foregoing appointment is deemed a power coupled with an interest and is irrevocable. 12.6 License to Deliverables. Subject to Customer’s compliance with these Terms, Cellebrite hereby grants Customer a limited, non-exclusive, non-transferable license during the Subscription Term to use the Deliverables solely in connection with Customer’s authorized use of the Cellebrite Service. Notwithstanding any other provision of these Terms: (i) nothing herein shall be construed to assign or transfer any Intellectual Property Rights in the proprietary tools, source code samples, templates, libraries, know-how, techniques and expertise (“Tools”) used by Cellebrite to develop the Deliverables, and to the extent such Tools are delivered with or as part of the Deliverables, they are licensed, not assigned, to Customer, on the same terms as the Deliverables; and (ii) the term “Deliverables” shall not include the Tools. 13. LIMITATION OF LIABILITY. DocuSign Envelope ID: 00A8AD36-8143-44B9-B31C-1E7A4033DE6EDocuSign Envelope ID: D9702894-85E5-4448-BE35-951E57FB4727 SaaS SLA for Cellebrite Inc. https://legal.cellebrite.com/Cellebrite-SaaS-Terms-of-Service-October-18-2021.htm[2/9/2023 4:49:05 PM] 13.1 No Consequential Damages. NEITHER CELLEBRITE NOR ITS LICENSORS OR AFFILIATES SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, OR ANY DAMAGES FOR LOST DATA, BUSINESS INTERRUPTION, LOST PROFITS, LOST REVENUE OR LOST BUSINESS, ARISING OUT OF OR IN CONNECTION WITH THESE TERMS, EVEN IF CELLEBRITE OR ITS LICENSORS OR AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, INCLUDING WITHOUT LIMITATION, ANY SUCH DAMAGES ARISING OUT OF THE LICENSING, PROVISION OR USE OF THE CELLEBRITE SERVICE, ANCILLARY SERVICES, SUPPORT SERVICES OR THE RESULTS THEREOF. 13.2 Limits on Liability. NEITHER CELLEBRITE NOR ITS LICENSORS OR AFFILIATES SHALL BE LIABLE FOR CUMULATIVE, AGGREGATE DAMAGES GREATER THAN AN AMOUNT EQUAL TO THE AMOUNTS PAID BY CUSTOMER TO CELLEBRITE UNDER THESE TERMS DURING THE PERIOD OF TWELVE (12) MONTHS PRECEDING THE DATE ON WHICH THE CLAIM FIRST ACCRUED, LESS THE AMOUNTS PREVIOUSLY PAID BY CELLEBRITE TO SATISFY LIABILITY UNDER THIS AGREEMENT. 13.3 Essential Purpose. CUSTOMER ACKNOWLEDGES THAT THE TERMS IN THIS SECTION 13 (LIMITATION OF LIABILITY) SHALL APPLY TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW AND SHALL APPLY EVEN IF AN EXCLUSIVE OR LIMITED REMEDY STATED HEREIN FAILS OF ITS ESSENTIAL PURPOSE, AND WITHOUT REGARD TO WHETHER SUCH CLAIM IS BASED IN CONTRACT, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE. 14. TERM AND TERMINATION. 14.1 Term. The term of these Terms commences on the Effective Date and continues until the expiration or termination of all Subscription Term(s), unless earlier terminated as provided in these Terms 14.2 Termination for Cause. Termination for Convenience or Cause. Either Party may terminate this Agreement: (i) for its convenience by giving the other Party (30) days’ prior written notice; (ii) by giving the other Party a written notice to be immediately effective in case the other Party causes a material or continuous breach hereof (“continuous” meaning two or more occurrences of the same breach). Either Party may terminate the Agreement by giving the other Party a written notice to be immediately effective in case the terminating Party reasonably determines that the other Party can no longer comply with the terms of the Agreement in accordance with the requirement of any applicable law, rule and/or regulations. Termination of the Agreement in accordance with this Section shall not impose on either Party liability of any kind. In the event this Agreement terminates, and Customer has not breached this Agreement, Cellebrite shall return to Customer a prorated portion of fees already paid for any services terminated early hereunder. 14.3 Effects of Termination. Upon expiration or termination of these Terms, not including expiration or termination of a Trial, (a) Customer’s use of and access to the Cellebrite Service and Cellebrite's performance of all Support Services and An cillary Services shall cease; (b) all Order Forms shall terminate; and (c) all fees and other amounts owed to Cellebrite shall be immediately due and payable by Customer, including without limitation. Upon Customer’s request made within ten (10) days after the effective date of applicable termination or expiration, Cellebrite shall make any Customer Data stored on the Cellebrite Service available, for a period of 30 days, for download by Customer in the format in which it is stored in the Cellebrite Service. After such 30-day period, Cellebrite shall have no obligation to maintain or provide any Customer Data and may thereafter, unless legally prohibited, delete all Customer Data in its systems or otherwise in its possession or under its control. In addition, within thirty (30) days of the effective date of termination, Customer shall: (a) return to Cellebrite, or at Cellebrite’s option, Customer shall destroy all items of Confidential Information (other than the Customer Data) in Customer’s possession or control, including any copies, extracts or portions thereof, and (b) upon request shall certify in writing to Cellebrite that it has complied with the foregoing. 14.4 Survival. This Section and Sections 1, 2.3, 2.4, 7, 8, 10, 12, 13, 15.4, 16 and any other Section or Appendix which should reasonably survive termination of this Agreement, shall continue to be in force and effect after termination or expiry of thi s Agreement. 15. MISCELLANEOUS. 15.1 Notices. All notices which any party to these Terms may be required or may wish to give may be given by addressing them to the other party at the addresses set forth below (or at such other addresses as may be designated by writt en notices given in the manner designated herein) by (a) personal delivery, (b) sending such notices by commercial overnight courier with written verification of actual receipt, (c) by email, effective (A) when the sender receives an automated message from the recipient confirming delivery or (B) one hour after the time sent (as recorded on the device from which the sender sent the email) unless the DocuSign Envelope ID: 00A8AD36-8143-44B9-B31C-1E7A4033DE6EDocuSign Envelope ID: D9702894-85E5-4448-BE35-951E57FB4727 SaaS SLA for Cellebrite Inc. https://legal.cellebrite.com/Cellebrite-SaaS-Terms-of-Service-October-18-2021.htm[2/9/2023 4:49:05 PM] sender receives an automated message that the email has not been delivered, whichever happens first, but if the delivery or receipt is on a day which is not a business day or is after 5:00 pm (addressee’s time) it is deemed to be received at 9:00 am on the following business day, or (d) sending them by registered or certified mail. If so mailed or otherwise delivered, such notices shall be deemed and presumed to have been given on the earlier of the date of actual receipt or three (3) days after mailing or authorized fo rm of delivery. All communications and notices to be made or given pursuant to these Terms shall be in the English language. 15.2 Governing Law. This Agreement and any disputes or claims arising hereunder are governed by the laws of, and subject to the exclusive jurisdiction of, the country of incorporation of the Cellebrite entity that sold the Services to Customer, without giving effect to any choice of law rules or principles. In case of sales or licenses in the United States of America, this Agreement and any disputes or claims arising hereunder are governed by the laws of the State of Delaware and subject to the exclusive jurisdiction of the federal or state courts in Delaware, without giving effect to any conflict of Law rules or principles. Notwithstanding anything to the contrary, in the event that the entity that sold the Services to the Customer is Cellebrite GmbH, this Agreement shall be governed by and construed in accordance with the law of England and Wales and the Parties hereby submit to the exclusive jurisdiction of the London courts and, without giving effect to any conflict of law rules or principles. The United Nations Convention on Contracts for the International Sale of Goods (except that sales or licenses in the United States of America shall not exclude the application of General Obligations Law 5-1401), and the Uniform Computer Information Transactions Act do not apply to this Agreement. Cellebrite may, at its sole discretion, initiate any dispute or claim against Customer, including for injunctive relief, in any jurisdiction permitted by applicable law. 15.3 U.S. Government Customers. I. If Customer is a U.S. Federal Government entity, Cellebrite provides the Cellebrite Service, including related software and technology, for ultimate Federal Government end use solely in accordance with the following: Government technical data rights include only those rights customarily provided to the public with a commercial item or process and Government software rights related to the Cellebrite Service include only those rights customarily provided to the public, as defined in these Terms. The technical data rights and customary commercial software license is provided in accordance with FAR 12.211 (Technical Data) and FAR 12.212 (Software) and, for Department of Defense transactions, DFAR 252.227-7015 (Technical Data – Commercial Items) and DFAR 227.7202-3 (Rights in Commercial Computer Software or Computer Software Documentation). If greater rights are needed, a mutually acceptable written addendum specifically conveying such rights must be included in these Terms. In addition, if the Customer is a U.S. Federal Government entity (or agency thereof), these Terms incorporate the following FAR provisions by reference: 52.222-50, 52.233-3, 52.222-54, 52.222-21, 52.222-26, 52.203-6, 52.204-10, 52.209-9, 52.212-4, 52.222-40, 52.222-41, 52.203-13, 52.222-36, 52.222-37, 52.233-4, 52.212-5, 52.209-10, 52.222-35, 52.222-53. II. Inapplicable Terms and Provisions – VOID AB INITIO. This Section only applies to U.S. local, county, state, governmental agencies and other U.S. law enforcement agencies that are state or federally funded by the United States Government. Subject to the foregoing statements, to the extent that any term or provision of the Agreement, is considered void ab initio, or is otherwise unenforceable against Customer pursuant to applicable U.S. Law that expressly prohibits Customer from agreeing to such term or condition, then such conflicting term or provision in this Agreement shall be struck to the extent to make such term or provision enforceable, and the remaining language, if any, shall remain in full force and effect. 15.4 Regulation. The Cellebrite Service utilizes software and technology that may be subject to certain export, re-export, customs or import controls, applicable in Israel, the European Union, the United States and/or other countries. Said regulations include but are not limited to the provisions of the US Export Administration Regulations (EAR) and the provisions of the regulations of the European Union. Customer expressly warrants, represents and covenants that it shall comply fully with all applicable export laws and regulations any relevant jurisdictions to ensure that the Services are not exported or re-exported in violation of such laws and regulations, or used for any purposes prohibited by such laws and regulations. As the Services are subject to export control laws and regulations, Customer shall not export or "re-export" (transfer) the Services unless the Customer has complied with all applicable controls. Customer acknowledges and agrees that the Services shall not be used, and none of the underlying information, software, or technology may be transferred or otherwise exported or re-exported to countries as to which the United States maintains an embargo (collectively, “Embargoed Countries”), or to or by a national or resident thereof, or any person or entity on the U.S. Department of Treasury’s List of Specially Designated Nationals or the U.S. Department of Commerce’s Table of Denial Orders (collectively, “Designated Nationals”). The lists of Embargoed Countries and Designated Nationals are subject to change without notice. By using the Cellebrite Services, Customer represents and warrants that it is not located in, under the control of, or a national or resident of an Embargoed Country or Designated National. The Cellebrite Service may use encryption technology that is subject to licensing requirements under the U.S. Export Administration Regulations, 15 C.F.R. Parts 730-774 and Council Regulation (EC) No. 1334/2000. Customer agrees to comply strictly with all applicable export laws and assume sole responsibility for obtaining licenses to export or re-export as may be required. Cellebrite and its licensors make no representation that the Cellebrite Service is appropriate or available for use in other locations. Any diversion of the Customer Data contrary to law is prohibited. None of the Customer Data, nor any information acquired through the use of the Cellebrite Service, is or will be used for nuclear activities, chemical or biological weapons, or missile projects. DocuSign Envelope ID: 00A8AD36-8143-44B9-B31C-1E7A4033DE6EDocuSign Envelope ID: D9702894-85E5-4448-BE35-951E57FB4727 SaaS SLA for Cellebrite Inc. https://legal.cellebrite.com/Cellebrite-SaaS-Terms-of-Service-October-18-2021.htm[2/9/2023 4:49:05 PM] 15.5 Compliance. Customer is obligated to comply with the law applicable in connection with the business relationship with Cellebrite. Customer will comply with Cellebrite’s Business Conduct Policy. Customer represents, warrants and covenants that it shall not engage in any deceptive, misleading, illegal or unethical practices that may be detrimental to Cellebrite or to any of Cellebrite’s services and/or products, including but not limited to the Services and shall only use the Services in compliance with all applicable laws and regulations (including, without limitation, data protection, privacy, computer misuse, telecommunications interception, intellectual property, and import and export compliance laws and regulations or the applicab le foreign equivalents). Customer, its subsidiaries and Affiliates will not (i) offer, promise or grant any benefit to a public official for that person or a third party for the discharge of a duty; (ii) offer, promise or grant an employee or an agent of a business for c ompetitive purposes a benefit for itself or a third party in a business transaction as consideration for an unfair preference in the purchase of goods or commercial services; (iii) demand, allow itself to be promised or to accept a benefit for itself or another in a business transaction as consideration for an unfair preference to another in the competitive purchase of goods or commercial services, and; (iv) violate any applicable anticorruption regulations and, if applicable, not to violate the US Foreign Corrupt Practices Act (FCPA), the UK Bribery Act or any other applicable antibribery or anti-corruption law. Customer further represents, covenants and warrants that it has, and shall cause each of its subsidiaries and/or Affiliates to, maintain systems of internal controls (including, but not limited to, accounting systems, purchasing systems and billing systems) to ensure compliance with the FCPA, the U.K. Bribery Act or any other applicable anti-bribery or anti-corruption law. Upon Cellebrite's request, Customer will confirm in writing that it complies with this Section and is not aware of any breaches of the obligations under this Section. If Cellebrite reasonably suspects that Customer is not complying with this Section then, after notifying Customer regarding the reasonable suspicion, Cellebrite may demand that Customer, in accordance with applicable law, permit and participate in - at its own expense - auditing, inspection, certification or screening to verify Customer’s compliance with this Section. Any such inspection can be executed by Cellebrite or its third party representative. In the event Customer is in contact with a Government Official concerning Cellebrite, discussing or negotiating, or Customer engages a third party to do so, Customer is obligated (i) to inform Cellebrite in advance and in writing, clearly defining the scope of the interaction, (ii) upon request, to provide Cellebrite with a written record of each conversation or meeting with a Government Official and (iii) to provide Cellebrite monthly a detailed expense report, with all original supporting documentation. A “Government Official” is any person performing duties on behalf of a public authority, government agency or department, public corporation or international organization. Cellebrite may immediately terminate this Agreement and any applicable Order Form if Customer violates its obligations under this Section. Nothing contained in this Section shall limit any additional rights or remedies available to Cellebrite. Customer shall indemnify Cellebrite and Cellebrite's employees from any liability claims, demands, damages, losses, costs and expenses that result from a culpable violation of this Section by Customer. Customer will pass on the provision of this Section to its affiliates and bind its affiliates accordingly and verify the compliance of its subsidiaries or affiliates with the provisions of this Section. 15.6 Assignment. Customer shall not assign its rights hereunder or delegate the performance of any of its duties or obligations hereunder, whether by merger, acquisition, sale of assets, operation of law, or otherwise, without the prior written consent of Cellebrite. Any purported assignment in violation of the preceding sentence is null and void. Subject to the foregoing, these Terms shall be binding upon, and inure to the benefit of, the successors and assigns of the parties thereto. With the exception of Affiliates of Customer who have executed Order Forms under these Terms, there are no third-party beneficiaries to these Terms. 15.7 Amendment. The Parties may amend this Agreement only by a writing signed by all the Parties 15.8 Interpretation; Severability. If any of these Terms is found invalid or unenforceable that term will be enforced to the maximum extent permitted by law and the remainder of the Terms will remain in full force. 15.9 Independent Contractors. The parties are independent contractors, and nothing contained herein shall be construed as creating an agency, partnership, or other form of joint enterprise between the parties. 15.10 Entire Agreement. These Terms, including all applicable Order Forms, and Statements of Work, constitute the entire agreement between the parties relating to this subject matter and supersedes all prior or simultaneous understandings, representations, discussions, negotiations, and agreements, whether written or oral. 15.11 Force Majeure. Except for your payment obligations hereunder, neither party shall be liable to the other party or any third party for failure or delay in performing its obligations under these Terms when such failure or delay is due to any cause beyond the control of the party concerned, including, without limitation, acts of God, governmental orders or restrictions, fire, or flood, provided that upon cessation of such events such party shall thereupon promptly perform or complete the performance of its obligations hereunder. Exhibit A Data Processing Addendum DocuSign Envelope ID: 00A8AD36-8143-44B9-B31C-1E7A4033DE6EDocuSign Envelope ID: D9702894-85E5-4448-BE35-951E57FB4727 SaaS SLA for Cellebrite Inc. https://legal.cellebrite.com/Cellebrite-SaaS-Terms-of-Service-October-18-2021.htm[2/9/2023 4:49:05 PM] This Data Processing Addendum (“Addendum”) is entered into by and between Cellebrite and Customer. WHEREAS, the Services involves processing certain personal data and the parties wish to regulate Cellebrite’s processing of such personal data, through this Addendum, which become an integral part of the Agreement. THEREFORE, the parties have agreed to this Addendum, consisting of four parts: ■ Part One applies with general provision. ■ Party Two applies with respect to the GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and supplementary GDPR legislations in EU member states), but only if Cellebrite Services to the Customer operate or Process Personal Data to any extent, in countries that are not member states of the European Economic Area, and are not territories or territorial sectors recognized by an adequacy decision of the European Commission, as providing an adequate level of protection for Personal Data pursuant to Article 45 of the GDPR. ■ Part Three applies with respect to the GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and supplementary GDPR legislations in EU member states), but only if Cellebrite Services to the Customer operate and Process Personal Data exclusively in member states of the European Economic Area, or in territories or territorial sectors recognized by an adequacy decision of the European Commission, as providing an adequate level of protection for Personal Data pursuant to Article 45 of the GDPR. ■ Part Four applies with respect to the California Consumer Privacy Act of 2018 (CCPA). Part 1 1. In the event of any conflicting stipulations between this Addendum and the Agreement or any other agreement in place between the parties, the stipulations of this Addendum shall prevail. 2. Any limitation of liability pursuant the Agreement shall apply to liability arising from or in connection with breach of this Addendum. 3. Cellebrite has appointed the person listed below as a contact person for data protection purposes: Mr. Ilan Tzoler, Compliance Officer, Ilan.Tzoler@cellebrite.com. Part 2 1. Capitalized terms used in this Part 2 of the Addendum but not defined in the Addendum or in the Agreement have the meaning ascribed to them in Regulation (EU) 2016/679 (GDPR) and in Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data. 2. This Part 2 applies only where Cellebrite is Processing Personal Data as a Data Processor on behalf of the Customer and under the Customer’s instructions, where the Customer is a Data Controller subject to the GDPR with respect to the Personal Data that Cellebrite Processes. It does not apply to Cellebrite’s Processing Personal Data of Customer’s representatives to market or promote its products, to administer the business or contractual relationship between Cellebrite and the Customer or in other instances where Cellebrite operates as the Data Controller. 3. Customer and Cellebrite hereby assent to the Annex to Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, as follows: 3.1. In Section II (Obligations of the Parties), Clause 9(a) for MODULE TWO: Transfer controller to processor: The data importer shall specifically inform the data exporter in writing of any intended changes to that list through the addition or replacement of sub-processors at least 10 days in advance, thereby giving the data exporter sufficient time to be able to object to such changes prior to the engagement of the sub-processor(s). 3.2. In Section IV (Final Provisions), Clause 17 for MODULE TWO: Transfer controller to processor: The Parties agree that this shall be the law of Ireland. 3.3. In Section IV (Final Provisions), Clause 18(b) for MODULE TWO: Transfer controller to processor: The Parties agree that those shall be the courts of Ireland. 3.4. In Annex I, for MODULE TWO: Transfer controller to processor: 3.4.1. Data Exporter: Customer. 3.4.1.1. Activities relevant to the data transferred under these Clauses: A business with a need to extract, review and analyze intelligence from digital devices and online platforms. 3.4.1.2. Role: controller 3.4.2. Data Importer: Cellebrite. 3.4.2.1. Activities relevant to the data transferred under these Clauses: Develops and operates a software-as-a- DocuSign Envelope ID: 00A8AD36-8143-44B9-B31C-1E7A4033DE6EDocuSign Envelope ID: D9702894-85E5-4448-BE35-951E57FB4727 SaaS SLA for Cellebrite Inc. https://legal.cellebrite.com/Cellebrite-SaaS-Terms-of-Service-October-18-2021.htm[2/9/2023 4:49:05 PM] service solution for extracting, obtaining, reviewing and analyzing intelligence from digital devices and online platforms. 3.4.2.2. Role: processor. 3.5. Description of Transfer: 3.5.1. Categories of data subjects whose personal data is transferred: Individuals using the digital devices from which the intelligence is gathered, and their contacts. 3.5.2. Categories of data transferred: contact information, messages and emails, correspondence, location information, photos, data related to use of online platform, and other information extracted from digital devices. 3.5.3. Sensitive data transferred: to the extent present on the digital device and extracted at the instruction of the Customer: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. 3.5.4. The frequency of the transfer: On a continuous basis, as needed in the use of the Services. 3.5.5. Nature of the processing: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, disclosure by transmission, alignment or combination, restriction, erasure and destruction. 3.5.6. Purpose(s) of the data transfer and further processing: extraction, review and analysis of intelligence from digital devices and online platforms. 3.5.7. The period for which the personal data will be retained: For the duration of the Services. 3.5.8. Transfers to the following main (sub-) processors: Name of sub-processor Subject matter and nature of sub-processor processing Duration of sub-processing Amazon AWS Cloud infrastructure provider Duration of the engagement 3.5.9. Competent Supervisory Authority: the supervisory authority in the EU member state where the data exporter’s EU representative under Article 27 of the GDPR is located. 3.6. In Annex II, for MODULE TWO: Transfer controller to processor: 3.6.1. Information Security Policies & Standards: Cellebrite’s Information Security Policy sets forth general information security policy statements applicable to Cellebrite’s computer and network systems and all information contained on those systems or relating to Cellebrite’s business activities: • Information must be consistently protected in a manner commensurate with its sensitivity, value, and criticality. • Cellebrite’s information and computer resources must be used only for the business purposes authorized by management. 3.6.2. Acceptable Use Policy: Cellebrite’s Acceptable Use Policy defines the activities that are permissible when using any of the company’s computer, device, or communication system and states the minimum compliance requirements for users of Cellebrite’s systems, including but not limited to computer equipment, software, operating systems, network accounts and e-mail 3.6.3. Key Information Security Controls: Below are some of the key information security controls that the Information Security group has implemented across the organization: Access Control: Cellebrite has implemented security standards, which are designed to restrict access to Cellebrite’s information and data assets including: defines general access control requirements (e.g., access to information resources granted only on a “need-to-know” basis, access terminated at termination of employment, periodic review of access rights, role-based access rights and segregation of duties, etc.) Authentication and encryption: strong authentication with 2FA are required for every remote access to the company’s assets 3.6.4. System and Communications Protection: Cellebrite operates a comprehensive, multi-layered information security program, leveraging a defensive, in-depth architecture. Tiered perimeter defenses include firewalls between zones and key application servers, as well as segmentation between various network elements and network segments. Web Application Firewalls are employed to protect applications. Detective controls are also layered, with proactive enterprise- wide scans for Advanced Persistent Threat (“APT”) using top notch commercial malware detection. Network Intrusion Detection technology is in place, as well as endpoint controls such as Host-Based IDS and advanced malware protection. The Cellebrite’s network infrastructure is protected with the following mechanisms, as a standard: • Network Firewalls – designed to protect against network-based, malicious attacks and provide an additional layer of access control. • Network Access Controls – Cellebrite has controls around network access and remote access, including 2- factor DocuSign Envelope ID: 00A8AD36-8143-44B9-B31C-1E7A4033DE6EDocuSign Envelope ID: D9702894-85E5-4448-BE35-951E57FB4727 SaaS SLA for Cellebrite Inc. https://legal.cellebrite.com/Cellebrite-SaaS-Terms-of-Service-October-18-2021.htm[2/9/2023 4:49:05 PM] authentication and forced disconnection after a period of inactivity. • Network Segmentation – VLAN and physical segmentation. Additional controls may be in place at the application layer which, are detailed below in the product specifications section of this packet. 3.6.5. Vulnerability Management: Cellebrite maintains a systematic process to detect categorize, and handle vulnerabilities found in its infrastructure, application and systems. 3.6.6. Change Management: Cellebrite maintain a change management process for changes in production, which helps protect the integrity and availability of the services by controlling all changes to minimize risk to approve all applicable changes. 3.6.7. SaaS Network Security: Cellebrite deploys multiple layers of network security across our SaaS infrastructure and application stack. At the perimeter Cellebrite relies on cloud front to provide distributed denial of service (“DDoS”) attack mitigation and a web application firewall (“WAF”) for traffic over HTTP and HTTPS. Cellebrite relies on IP whitelisting to ensure that the network origin for clients is not accessible publicly. All traffic within Cellebrite’s SaaS platform operates on independent virtual private clouds (“VPCs”) which is in a physically isolated from all other accounts. In the IPS layer, advanced threat protection, intrusion prevention, firewall capabilities, web filtering, network visibility, anti-virus, and anti- spyware services provide a broad range of enhanced protection. 3.6.8. Content Encryption: All traffic to and from clients to the platform uses HTTPS to encrypt data in transit. 3.6.9. Incident Response Plan: Cellebrite’s have a detailed incident response plan that addresses how Cellebrite handles security incidents including notifying regulators, affected individuals, law enforcement, and/or data owners/controllers of security breaches of Scoped Data. Cellebrite’s threat operation center is in charge of monitoring detecting handling and notifying the relevant stockholders in case of a cyber incident occurs. Part 3 1. Customer commissions, authorizes and requests that Cellebrite provide Customer the Services, which involves Processing Personal Data (as these capitalized terms are defined and used in: (a) the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) applicable as of 25 May 2018 and any national law supplementing the GDPR; and (b) Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data. Legislations (a) and (b) above shall collectively be referred to as “Data Protection Law”. 2. This Part 3 applies only where Cellebrite is Processing Personal Data as a Data Processor on behalf of the Customer and under the Customer’s instructions, where the Customer is a Data Controller subject to the GDPR with respect to the Personal Data that Cellebrite Processes. It does not apply to Cellebrite’s Processing Personal Data of Customer’s representatives to market or promote its products, to administer the business or contractual relationship between Cellebrite and the Customer or in other instances where Cellebrite operates as the Data Controller. 3. Cellebrite will Process the Personal Data only on Customer’s behalf and for as long as Customer instructs Cellebrite to do so. Cellebrite shall not Process the Personal Data for any purpose other than the purpose set forth in this Addendum. 4. The nature and purposes of the Processing activities are as set out in the Agreement. The Personal Data Processed may include, without limitation: contact information, messages and emails, correspondence, location information, photos, data related to use of online platform, and other information extracted from digital devices. 5. The Data Subjects, as defined in the Data Protection Law, about whom Personal Data is Processed are: Individuals using the digital devices from which the intelligence is gathered, and their contacts. 6. Customer is and will always remain the ‘Data Controller’, and Cellebrite is and will remain at all times the ‘Data Processor’ (as these capitalized terms are defined and used in Data Protection Law). As a Data Processor, Cellebrite will Process the Personal Data only as set forth in this Addendum. Cellebrite and Customer are each responsible for complying with the Data Protection Law applicable to them in their roles as Data Controller and Data Processor. 7. Cellebrite will Process the Personal Data only on instructions from Customer documented in this Addendum or otherwise provided either in writing or through the options of the Services configurable by Customer. The foregoing applies unless Cellebrite is otherwise required by law to which it is subject (and in such a case, Cellebrite shall inform Customer of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest). Cellebrite shall immediately inform Customer if, in Cellebrite's opinion, an instruction is in violation of Data Protection Law. 8. Cellebrite will make available to Customer all information in its disposal necessary to demonstrate compliance with the obligations under Data Protection Law. 9. Cellebrite will follow Customer’s instructions to accommodate Data Subjects’ requests to exercise their rights in relation to their Personal Data, including accessing their data, correcting it, restricting its processing or deleting it. Cellebrite will pass on to Customer requests that it receives (if any) from Data Subjects regarding their Personal Data Processed by Cellebrite. Cellebrite shall notify Customer of the receipt of such request as soon as possible, and no later than five (5) business days from the receipt of such request, together with the relevant details. DocuSign Envelope ID: 00A8AD36-8143-44B9-B31C-1E7A4033DE6EDocuSign Envelope ID: D9702894-85E5-4448-BE35-951E57FB4727 SaaS SLA for Cellebrite Inc. https://legal.cellebrite.com/Cellebrite-SaaS-Terms-of-Service-October-18-2021.htm[2/9/2023 4:49:05 PM] 10. Customer authorizes Cellebrite to engage another processor for carrying out specific processing activities of the Services, provided that Cellebrite informs Customer at least 10 business days in advance of any new or substitute processor (including in respect of any material changes in the other processor’s ownership or control), in which case Customer shall have the right to object, on reasoned grounds, to that new or replaced processor. If Customer so objects, Cellebrite may not engage that new or substitute processor for the purpose of Processing Personal Data in the provision of the Services. Customer hereby authorizes Cellebrite to engage the processors identified in Section 3.5.8 of Part 2 of the Addendum. 11. Without limiting the foregoing, in any event where Cellebrite engages another processor, Cellebrite will ensure that the same data protection obligations as set out in this Addendum are likewise imposed on that other processor by way of a contract, in particular providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of Data Protection Legislation. Where the other processor fails to fulfil its data protection obligations, Cellebrite shall remain fully liable to Customer for the performance of that other processor's obligations. 12. Cellebrite and its other processors will only Process the Personal Data in member states of the European Economic Area, in territories or territorial sectors recognized by an adequacy decision of the European Commission, as providing an adequate level of protection for Personal Data pursuant to Article 45 of the GDPR, or using adequate safeguards as required under Data Protection Law governing cross-border data transfers (e.g., Model Clauses). Cellebrite must inform Customer at least 10 business days in advance of any new envisioned cross-border data transfer scenario, in which case Customer shall have the right to object, on reasoned grounds, to that new envisioned cross-border data transfer. If Customer so objects, Cellebrite may not engage in that envisioned cross-border data transfer for the purpose of Processing Personal Data in the provision of the Services. 13. In the event that the foregoing mechanism for cross-border data transfers is invalidated by a regulatory authority under applicable law or any decision of a competent authority under Data Protection Law, the parties shall discuss in good faith and agree such variations (such agreement not to be unreasonably withheld or delayed) to this Addendum as are required to enable a valid cross- border data transfers. Further, in the event that the European Commission establishes processor to processor standard contractual clauses, the parties will enter into those clauses as promptly as reasonably practicable. 14. Cellebrite will ensure that its staff authorized to Process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. 15. Within 10 business days of Customer’s written request, Cellebrite shall allow for and contribute to audits, including carrying out inspections conducted by Customer, or another auditor mandated by Customer in order to establish Cellebrite's compliance with this Addendum and the provisions of the applicable Data Protection Law as regards the Personal Data that Cellebrite processes on behalf of Customer. Such audits shall be limited to one business day per annum (unless Data Protection Law requires otherwise), shall be conducted during ordinary business hours and without interruption to Cellebrite’s ordinary course of business. Under no circumstances shall the audits or inspections extend to trade secrets of Cellebrite or to data regarding other customers of Cellebrite. All audits are conditioned on the Customer or its auditors first executing appropriate confidentiality undertakings satisfactory to Cellebrite. 16. Cellebrite shall without undue delay, and in any event within 72 hours, notify Customer of any Personal Data Breach (as this term is defined and used in Data Protection Law and applicable regulatory guidelines) that it becomes aware of regarding Personal Data of Data Subjects that Cellebrite Processes. Cellebrite will thoroughly investigate the breach and take all available measures to mitigate the breach and prevent its reoccurrence. Cellebrite will cooperate in good faith with Customer on issuing any statements or notices regarding such breaches, to authorities and Data Subjects. 17. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Cellebrite shall implement in the Services appropriate technical and organizational measures to ensure a level of security appropriate to the risk, as detailed in Section of 3.6 Part 2. 18. Cellebrite will assist Customer with the eventual preparation of data privacy impact assessments and prior consultation as appropriate (and if needed). 19. Cellebrite will provide Customer prompt notice of any request it receives from authorities to produce or disclose Personal Data it has Processed on Customer’s behalf, so that Customer may contest or attempt to limit the scope of production or disclosure request. 20. Upon Customer’s request, Cellebrite will delete the Personal Data it has Processed on Customer’s behalf under this Addendum from its own and its processor’s systems, or, at Customer’s choice, return such Personal Data and delete existing copies, within 10 business day of receiving a request to do so, and 21. Upon Customer’s request, will furnish written confirmation that the Personal Data has been deleted or returned pursuant to this section. 22. The duration of Processing that Cellebrite performs on the Personal Data is for the period set out in the Agreement. Part 4 1. Scope. This Part applies to the processing of ‘personal information’ (as defined in Cal. Civ. Code §1798.140(o)) by Cellebrite for Customer. 2. Service Provider Obligations. The Parties acknowledge and agree that Cellebrite is a ‘service provider’ as defined in Cal. Civ. Code §1798.140(v). To that end, and unless otherwise requires by law: 2.1. Cellebrite is prohibited from retaining, using or disclosing Customer ‘personal information’ (as defined in Cal. Civ. Code DocuSign Envelope ID: 00A8AD36-8143-44B9-B31C-1E7A4033DE6EDocuSign Envelope ID: D9702894-85E5-4448-BE35-951E57FB4727 SaaS SLA for Cellebrite Inc. https://legal.cellebrite.com/Cellebrite-SaaS-Terms-of-Service-October-18-2021.htm[2/9/2023 4:49:05 PM] §1798.140(o)) for: (a) any purpose other than the purpose of properly performing, or for any commercial purpose other than as reasonably necessary to perform Customer’s processing instructions; (b) ‘selling’ (as defined in Cal. Civ. Code §1798.140(t)) Customer personal information; and (c) retaining, using or disclosing Customer personal information outside of the direct business relationship between the parties. Cellebrite certifies that it understands the restriction specified in this subsection and will comply with it. 2.2. If Cellebrite receives a request from a California consumer about his or her is ‘personal information’ (as defined in Cal. Civ. Code §1798.140(o)), Cellebrite shall not comply with the request itself, promptly inform the consumer that Cellebrite’s basis for denying the request is that Cellebrite is merely a service provider that follows Customer’s instruction, and promptly inform the consumer that they should submit the request directly to Customer and provide the consumer with Customer’s contact information. 3. Subcontracting to suppliers. Customer authorizes Cellebrite to subcontract any of its Services-related activities consisting (partly) of the processing of the personal information or requiring personal information to be processed by any third party supplier without the prior written authorization of Customer provided that: (a) Cellebrite shall ensure that the third party is bound by the same obligations of the Cellebrite under this Part and shall supervise compliance thereof; and (b) Cellebrite shall remain fully liable vis-à-vis Customer for the performance of any such third party that fails to fulfil its obligations. 4. Return or deletion of information. Upon termination of this Part, upon Customer’s written request, or upon fulfillment of all purposes agreed in the context of Customer’s instructions, whereby no further processing is required, the Cellebrite shall, at the discretion of Customer, either delete, destroy or return to Customer, some or all (however instructed) of the of the personal information that it and its third-party suppliers process for Customer. 5. Assistance in responding to consumer requests. Cellebrite shall assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Customer’s obligation to respond to requests for exercising the consumer rights under the California Consumer Privacy Act of 2018. 6. Data security. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Cellebrite’s processing of personal information for Customer, as well as the nature of personal information processed for Customer, Cellebrite shall implement and maintain reasonable security procedures and practices appropriate to the nature of the information, designed to protect the personal information from unauthorized access, destruction, use, modification, or disclosure (including data breaches). *** DocuSign Envelope ID: 00A8AD36-8143-44B9-B31C-1E7A4033DE6EDocuSign Envelope ID: D9702894-85E5-4448-BE35-951E57FB4727 Cellebrite Inc.7 Campus DriveSuite 210Parsippany New Jersey 07054United States Tel. +1 800 942 3415Fax. +1 201 848 9982Tax ID#: 22-3770059DUNS: 033095568CAGE: 4C9Q7Company Website:http://www.cellebrite.com Proforma Invoice ProformaInvoice#Q-286839-2Date:Feb 07, 2023 Billing Information Menifee Police Department 29714 HAUN RD Menifee, California 92586 United States \i1\ Delivery Information Menifee PD 29714 Haun Rd Menifee, CA 92586 United States \i1\ Contact: LAURA BARNES Phone: 19517231548 Contact: LAURA BARNES Phone: 19517231548 End Customer: Menifee Police Department Click here to process with Credit Card paymentBy clicking the link above and accepting this quote,You are expressing your agreement and compliance to and with the terms contained on this quote. Customer ID Good Through Payment Terms Currency Sales Rep SF-00170510 Feb 23, 2023 Net 30 USD Jennifer Leros Product Code Product Name Qty Start Date End Date Serial Number Net Price\Unit Net Price B-UFD-10-001 UFED 4PC Ultimate Subscription 1 Jan 24, 2023 Jan 23, 2024 4,270.00 4,270.00 F-KAS-00-001 UFED Dongle Kit 1 52.50 52.50 F-UFD-05-003 UFED 4PC HW Kit 1 420.00 420.00 U-TRN-03-037 OLT-OD Reader 1 209.30 209.30 B-TRN-03-004 OLT-OD CCO + CCPA - Cellebrite Certified Operator + Physical Analyst 1 0.00 0.00 U-TRN-03-006 OLT-OD CCPA - Cellebrite Certified Physical Analyst 1 1,396.50 1,396.50 U-TRN-03-026 OLT-OD - Cellebrite Certified Operator 1 906.50 906.50 B-PAAS-02-004 Premium as a Service Core package 1 Jan 24, 2023 Jan 23, 2024 0.00 0.00 U-AIS-02-134 Premium SaaS 35 Unlocks and Unlimited Extraction Annual Subscription 1 Jan 24, 2023 Jan 23, 2024 6,930.00 6,930.00 U-AIS-02-139 Premium SAAS End Point 1 Jan 24, 2023 Jan 23, 2024 0.00 0.00 U-AIS-02-105 Cellebrite Premium Adapter 1 700.00 700.00 Quote Number: Q-286839-2Prepared by Jennifer Leros Page 1 of 2 DocuSign Envelope ID: 00A8AD36-8143-44B9-B31C-1E7A4033DE6EDocuSign Envelope ID: D9702894-85E5-4448-BE35-951E57FB4727 SubTotal USD 14,884.80 Shipping & Handling USD 85.00 Sales Tax USD 1,090.05 Total USD 16,059.85 Comments: Terms and Conditions:- Freight Terms: FCA (NJ)- Limited Warranty: Hardware: 12 Months; Software: 60 days; Touch Screen: 30 days- Quote is subjected to regulation approval.- General: Purchases of any products sold by Cellebrite are governed by http://legal.cellebrite.com/us/index.html- EULA: Software is licensed by Cellebrite in accordance with an end user license agreement available at https://legal.cellebrite.com/End-User-License-Agreement.html- Advanced Services (CAS): Purchases of Cellebrite Advanced Services are governed by https://legal.cellebrite.com/CB-us-us/index.html- Premium: The following terms apply only to the following products: Cellebrite Premium http://legal.cellebrite.com/intl/PremiumUS.htm- Pathfind er: https://legal.cellebrite.com/PF-Addendum.htm- Training Services: Subject to the terms and conditions at http://legal.cellebrite.com/intl/Training.htm- SaaS: https://legal.cellebrite.com/Cellebrite-SaaS-Terms-of-Service-October-18-2021.htm In the event of any dispute as to which terms apply, Cellebrite shall have the right to reasonably determine which terms apply to a givenpurchase order. *SALES TAX DISCLAIMER: Cellebrite Inc. is required to collect Sales and Use Tax for purchases made from the following certain U.S.States. Orders are accepted with the understanding that such taxes and charges shall be added, as required by law. Where applicable,Cellebrite Inc. will charge sales tax unless you have a valid sales tax exemption certificate on file with Cellebrite Inc. Cellebrite Inc. will notrefund tax amounts collected in the event a valid sales tax certificate is not provided. If you are exempt from sales tax, you must provide uswith your sales tax exempt number and fax a copy of your sales tax exempt certificate to Cellebrite Inc. Please include the following information on your PO for Cellebrite UFED purchase:- Please include the ORGINAL QUOTE NUMBER (For example - Q-XXXXX) on your PO- CONTACT NAME & NUMBER of individual purchasing and bill to address- E-MAIL ADDRESS of END USER for monthly software update as this is critical for future functionality I, the undersigned, hereby confirm that I am authorized to sign this Order on behalf the engaging company ("Company"), and I hereby approve that my signature is legally binding upon the Company. By signing this Order I hereby confirm and approve that the terms and conditions with respect to the services described in this Order are the only terms and conditions that apply in this regard, and no other documents and/or forms and/or other terms and conditions shall apply. Signature & Stamp: \s1\ Effective Date: \d1\ Name (Print): \n1\ Title: \t1\ Please sign and email to Jennifer Leros at jennifer.leros@cellebrite.com Quote Number: Q-286839-2Prepared by Jennifer Leros Page 2 of 2 DocuSign Envelope ID: 00A8AD36-8143-44B9-B31C-1E7A4033DE6EDocuSign Envelope ID: D9702894-85E5-4448-BE35-951E57FB4727 CITY OF MENIFEE CELLEBRITE Armando G. Villa, City Manager Attest: Kay Vinson, Acting City Clerk Approved as to Form: Jeffrey T. Melching, City Attorney DocuSign Envelope ID: 00A8AD36-8143-44B9-B31C-1E7A4033DE6EDocuSign Envelope ID: D9702894-85E5-4448-BE35-951E57FB4727