SENTINELONE MASTER SUBSCRIPTION AGREEMENT
This SentinelOne Master Subscription Agreement (“Agreement”) is between SentinelOne, Inc. (“SentinelOne”) and the customer (“Customer”) who accepts this Agreement, or accesses and/or uses the Solutions (as defined below). This Agreement governs Customer’s subscription to the Solutions, constitutes a binding contract in connection with any paid or Evaluation use of the Solutions and is effective on the last date of signatures in the signature box of this Agreement (“Effective Date”).
Capitalized terms will have the meaning assigned to such terms where defined throughout this Agreement. Each of SentinelOne or Customer is sometimes described in this Agreement as a “Party” and together, “Parties,” which the Parties agree as follows:
1. DEFINITIONS.
1.1. “Affiliate(s)” means any entity that directly, or indirectly through intermediaries, controls, is controlled by, or is under common control with a Party; provided, however, that Customer’s Affiliates shall not include any entity that directly, or indirectly through intermediaries, competes with SentinelOne. The license granted to Customer herein includes the right to use the Solutions as stated in the applicable Solutions Addendum for Customer’s Affiliates, provided that Customer agrees to remain fully responsible and liable under this Agreement for Customer’s Affiliates’ use of the Solutions.
1.2. “Confidential Information” means all information disclosed (whether in oral, written, or other tangible or intangible form) by one Party (the “Disclosing Party”) to the other Party (the “Receiving Party”) concerning or related to this Agreement or the Disclosing Party that is marked as confidential or proprietary, or that the Receiving Party knows or reasonably should know is confidential information of the Disclosing Party given the facts and circumstances surrounding the disclosure of the information by the Disclosing Party. Confidential Information includes, but is not limited to, proprietary and/or non
public technical, business, commercial, financial and/or legal information, such as, without limitation, any and all Solutions information generally shared with Customer and as specifically related to Customer, Solutions information gained by Customer through use of the Solutions, business plans, product information, pricing, financial plans, know how, Customer information, strategies, and other similar information.
1.3. “Current Release” means the most recent release of the Solutions.
1.4. “Customer Data” means data ingested from Customer endpoints, or otherwise provided, by or on behalf of Customer to SentinelOne via Customer’s use of the Solutions, excluding System Data.
1.5. “Documentation” means SentinelOne’s then–current published documentation such as technical user guides, installation instructions, articles or similar documentation specifying the functionalities of the Solutions and made available by SentinelOne to Customer as specified in the applicable Solutions Addendum.
1.6. “Endpoint(s)” means physical or virtual computing devices and/or computing environments (such as containers) that can process data.
1.7. “Enhancements” means any updates, patches, bug fixes, and versions to the Solutions made by SentinelOne and provided to Customer.
1.8. “Evaluation” means for the limited purpose of accessing and installing the Solutions for internal evaluation by Customer who is considering purchase of Solutions but without any obligation to enter into any further agreement.
1.9. “Intellectual Property Rights” means all patents, copyrights, moral rights, trademarks, trade secrets, and any other form of intellectual property rights recognized in any jurisdiction, including applications and registrations for any of the foregoing.
1.10. “Partner” means an authorized SentinelOne partner, such as a reseller.
1.11. “Personal Data” means any information relating to an identified or identifiable natural person.
1.12. “Purchase Order” means a document agreed to in writing and executed among Customer and a Partner that references a Quote covering Customer’s subscription to the specified Solutions or an Evaluation offering.
1.13. “Quote” means a quote from SentinelOne for the Solutions, SentinelOne Services, and/or other SentinelOne Services.
1.14. “Restrictions” means the restrictions to Customer’s license to use Solutions as stated in the License Restrictions section in the applicable Solutions Addendums.
1.15. “SentinelOne” means SentinelOne, Inc. and its Affiliates.
1.16. “Site” means SentinelOne’s website at www.sentinelone.com or as defined in the relevant Solutions Addendum.
1.17. “Solution(s)” means the products and services offered by SentinelOne.
1.18. “Solutions Addendum” means the addendum specific to the Solutions that Customer subscribes to under a Purchase Order, and, where applicable, the U.S. Public Sector Addendum. All Solutions Addendums are attached hereto and available at: https://www.sentinelone.com/legal/.
1.19. “Special Information” means sensitive Personal Data or other information requiring additional protections under applicable laws.
1.20. “Subscription Term” means the license term of the Solutions as specified in a Purchase Order.
1.21. “System Data” means information compiled by SentinelOne in connection with Customer’s use of a Solution, including but not limited to threat data, contextual data, detections, and indicators of compromise, that SentinelOne may use for security, product, and operations management, and/or for research and development. For the avoidance of doubt, any improvements made to the Solutions will not incorporate Customer Personal Data or reference or mention Customer.
1.22. “Third-Party Products” means third-party products, applications, services, software, networks, or other systems or information sources that link to the Solutions through SentinelOne’s open APIs.
1.23. “Third-Party Service” means a third party that manages the installation, onboarding, or operation of, or access to, the Solutions on Customer’s behalf.
1.24. “U.S. Public Sector Addendum” means the Solutions Addendum that applies to U.S. Public Sector Customers (as defined in the U.S. Public Sector Addendum). The U.S. Public Sector Addendum is attached hereto and available at: https://www.sentinelone.com/legal/public-sector-addendum/.
2. USE OF THE SOLUTIONS.
2.1. License. Customer’s right to use Solutions is limited to the specific Solutions it subscribed to under a Purchase Order and subject to the applicable license section of the applicable Solutions Addendum. Subject to the terms of this Agreement, Customer hereby grants to SentinelOne a non-exclusive, non transferable, worldwide, royalty-free right during an active Subscription Term (as defined below in Section 11.1) to use, copy, store, transmit, modify, create derivative works of, and display the Customer Data solely to the extent necessary to provide the applicable Solutions to Customer.
2.2. Documentation. Customer shall use the Solutions in accordance with the then–current Documentation.
2.3. Third-Party Products. If Customer decides to send any Customer Data to any third party or otherwise enable, access or use Third-Party Products, including Third-Party Products that integrate directly to Customer’s instance of the Solutions, be advised that SentinelOne does not warrant, and this Agreement does not cover, such Third-Party Products even if SentinelOne resells them or designates them as certified, approved, or recommended, or if they are otherwise provided by a third party that is a member of a SentinelOne partner program. Customer’s access to and use of such Third-Party Products is governed by the terms of such Third-Party Products, and SentinelOne does not endorse, is not responsible or liable for, and makes no representations as to any aspect of such Third-Party Products, including, without limitation, their content or the manner in which they handle data or any interaction between Customer and the provider of such Third-Party Products, or any damage or loss caused or alleged to be caused by or in connection with Customer’s enablement, access, or use of any such Third-Party Products. Customer may be required to register for or log into such Third-Party Products on their respective websites. By enabling any Third-Party Products, Customer expressly permits SentinelOne to disclose Customer’s login and Customer Data to such Third-Party Products as necessary to facilitate Customer’s enablement and use of such Third-Party Products.
2.4. Third-Party Service. If Customer enters into an agreement with a third party for a Third-Party Service then Customer may allow such Third-Party Service to use the Solutions provided that (i) as between the Parties, Customer remains responsible for compliance with this Agreement; (ii) such Third-Party Service only uses the Solutions for Customer’s purposes that do not violate the License Restrictions and not for the benefit any third party, and agrees to this Agreement in providing services to Customer; and (iii) Customer remains liable to SentinelOne for the Third-Party Service’s use of and access to the Solutions on Customer’s behalf.
3. EVALUATIONS; EARLY ADOPTION AND BETA USE.
3.1. Evaluation Offering. If Customer receives the Solutions for evaluation purposes, then Customer may use the Solutions for Customer’s own internal evaluation purposes (“Evaluation”) for a period of up to thirty (30) days from the start date of the Evaluation (the “Evaluation Period”), unless otherwise agreed in writing by SentinelOne.
3.2. Evaluation License and Restrictions. In addition to the license scope detailed elsewhere in this Agreement, during Evaluation, Customer: (i) during the Evaluation Period Customer may access, install and use Solutions pursuant to the applicable Documentation, solely as agreed to in writing between Parties (ii) shall comply with the Restrictions); and (iii) shall uninstall any portion of the Solutions residing on Customer’s systems after the Evaluation Period and confirm to SentinelOne in writing (email accepted) of such deletion and uninstallation. If the Evaluation offering is a subscription, Customer understands that SentinelOne may disable access to the subscription automatically at the end of the Evaluation Period, without notice to Customer. During and following the Evaluation Period, the Parties shall discuss Evaluation results in good faith.
3.3. Early Adoption or Beta Use. If Customer is invited to and agrees to participate in SentinelOne’s Early Adoption Program or Beta Program, Customer acknowledges that Early Adoption or Beta versions of the Solutions are prerelease versions of the Solutions and as such may contain errors, bugs, or other defects. Accordingly, Customer’s use and testing of the Early Adoption and/or Beta versions of the Solutions is subject to the disclaimers stated in Section 3.4 (DISCLAIMER OF WARRANTIES AND LIABILITY). Additionally, Customer’s use of Early Adoption and/or Beta versions of the Solutions is subject to SentinelOne’s sole discretion as to length and scope of use, updates and support of such Early Adoption or Beta versions of the Solutions.
3.4. DISCLAIMER OF WARRANTIES AND LIABILITY. DURING EVALUATION, EARLY ADOPTION, OR BETA USE OF THE SOLUTIONS, THE SOLUTIONS ARE OFFERED SOLELY ON AN “AS-IS” AND “AS-AVAILABLE” BASIS, WITHOUT ANY REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, NON
INFRINGEMENT, OR THOSE ARISING BY LAW, STATUTE, USAGE, TRADE, COURSE OF DEALING, COURSE OF PERFORMANCE, OR OTHERWISE. CUSTOMER ASSUMES ALL RISK AS TO THE RESULTS AND PERFORMANCE OF THE SOLUTIONS AND ACKNOWLEDGES THAT THE USE OF THE SOLUTIONS, TO THE EXTENT APPLICABLE, MUST BE MADE IN STRICT CONFORMANCE WITH SENTINELONE’S INSTRUCTIONS. WITHOUT LIMITING THE FOREGOING, IT IS UNDERSTOOD AND AGREED THAT SENTINELONE WILL NOT BE LIABLE FOR ANY NETWORK DOWNTIME, SOLUTIONS DOWNTIME, AND/OR IDENTIFYING AREAS OF WEAKNESS IN THE SOLUTIONS. FOR ALL EVALUATIONS, EARLY ADOPTIONS, OR BETA USE OF THE SOLUTIONS, SENTINELONE SHALL HAVE NO LIABILITY TO CUSTOMER OR ANY OTHER PERSON OR ENTITY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE, OR CONSEQUENTIAL DAMAGES WHATSOEVER, INCLUDING, WITHOUT LIMITATION, LOSS OF REVENUE OR PROFIT, LOST OR DAMAGED DATA, LOSS OF PROGRAMS OR INFORMATION, OR OTHER INTANGIBLE OR TANGIBLE LOSS, ARISING OUT OF THE USE OF OR INABILITY TO USE THE SOLUTIONS OR INFORMATION, OR ANY PERMANENT OR TEMPORARY CESSATION OF THE SOLUTIONS OR ACCESS TO INFORMATION, OR THE DELETION OR CORRUPTION OF ANY CONTENT OR INFORMATION, OR THE FAILURE TO STORE ANY CONTENT OR INFORMATION OR OTHER COMMERCIAL OR ECONOMIC LOSS, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, TORT OR OTHERWISE), EVEN IF SENTINELONE IS AWARE OR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SENTINELONE IS ALSO NOT RESPONSIBLE FOR CLAIMS BY ANY THIRD PARTY. WHILE THE SOLUTIONS ARE PROVIDED FREE OF CHARGE FOR EVALUATION, EARLY ADOPTION, OR BETA PURPOSES ONLY, SENTINELONE’S MAXIMUM AGGREGATE LIABILITY TO CUSTOMER SHALL NOT EXCEED U.S. $100.00. IN JURISDICTIONS WHERE THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES IS NOT ALLOWED, THE LIABILITY OF SENTINELONE SHALL BE LIMITED TO THE GREATEST EXTENT PERMITTED BY LAW. THE FOREGOING LIMITATION OF LIABILITY SHALL NOT APPLY TO THE PARTIES OBLIGATIONS UNDER SECTION 7 (CONFIDENTIALITY) HEREIN.
4. OWNERSHIP AND RESERVATION OF RIGHTS.
4.1. Customer. As between the Parties, Customer reserves all right, title, and interest in and to Customer Data and all Intellectual Property Rights embodied in Customer Data.
4.2. SentinelOne. As between the Parties, SentinelOne reserves all right, title, and interest in and to the Solutions (and any and all modifications to or derivative works of the Solutions), Documentation, System Data, and any and all Intellectual Property Rights embodied in such.
4.3. Reservation of Rights. Each Party reserves all rights not expressly granted in this Agreement, and no licenses are granted by one Party to the other Party under this Agreement, whether by implication, estoppel or otherwise, except as expressly set forth in this Agreement.
5. BILLING, PLAN MODIFICATIONS AND PAYMENTS.
5.1. Fees. The fees for the Solutions shall be set forth in one or more valid Purchase Orders (“Fees”). All Fees are due payable to the applicable Partner as detailed in the applicable valid Purchase Order. If Customer’s payment of Fees is past due or delinquent to the Partner and Customer fails to pay the Fees after receipt of SentinelOne’s notice to Customer of such delinquency, then such nonpayment will be considered a material breach by Customer of this Agreement and, in addition to SentinelOne’s other remedies, SentinelOne may suspend Customer’s access to the Solutions in accordance with the contract Disputes Clause (Contract Disputes Act). No refunds or credits for paid Fees will be issued to Customer, except as stated otherwise in Section 11.3 (Effects of Termination).
5.2. Subscription Increase. Subject to availability, if Customer’s usage of the Solutions exceeds the usage purchased under an Existing Purchase Order (a “True-Up”), SentinelOne has the right to invoice the applicable Partner for the incremental Fees associated with such True-Up on (i) a pro rata basis at the price per unit specified in the Existing Purchase Order for the remaining period of such Subscription Term and/or (ii) the overages for usage for the relevant period at the price per unit specified in the Existing Purchase Order. No refunds or credits for paid Fees will be issued to Customer, except as stated otherwise in Section 11.3 (Effects of Termination). “Existing Purchase Order” means the Purchase Order for the current Subscription Term.
5.3. Taxes. The Parties agree that neither shall have any tax obligations towards the other and all tax matters are handled between each Party and the Partner. The foregoing shall apply with applicable changes to Purchase Orders among Customer and a Partner specifying different terms for late payments, tax liability, or indemnification obligations relating to such tax liability.
6. PRIVACY AND SECURITY.
6.1. Processing and Security Obligation. In providing Customer the Solutions, SentinelOne will (i) store, process and access Customer Data only to the extent reasonably necessary to provide Customer the Solutions and to create System Data to improve the Solutions; and (ii) implement and maintain commercially reasonable technical and organizational measures designed to protect the security, confidentiality and integrity of Customer Data hosted by SentinelOne or SentinelOne’s authorized third party service providers from unauthorized access, use, alteration or disclosure.
6.2. Data Privacy. To the extent Customer Data includes Personal Data, SentinelOne will process Personal Data in accordance with the DPA in compliance with applicable laws. The Parties agree that the terms of the Data Protection Addendum (“DPA”) attached hereto (which can also be found at https://www.sentinelone.com/legal/data-protection-addendum/) shall apply to SentinelOne’s processing of such Personal Data.
7. CONFIDENTIALITY.
7.1. Obligations. The Receiving Party will maintain in confidence, during the term of this Agreement and for three (3) years following the expiration or earlier termination of this Agreement, all Confidential Information, and will not use such Confidential Information except as expressly permitted in this Agreement; provided that trade secrets shall be kept confidential unless and until they no longer qualify as trade secrets under applicable law. The Receiving Party will use the same degree of care in protecting the Confidential Information as the Receiving Party uses to protect its own confidential and proprietary information from unauthorized use or disclosure, but in no event less than reasonable care. Confidential Information will be used by the Receiving Party solely for the purpose of carrying out the Receiving Party’s obligations under this Agreement, and the Receiving Party will only disclose Confidential Information to its directors, officers, employees, Affiliates, and/or contractors who have a need to know such Confidential Information in order to assist the Receiving Party in performing its duties under this Agreement, and if such directors, officers, employees, Affiliates, and/or contractors have executed a non disclosure agreement with the Receiving Party with terms no less restrictive than those contained in this Agreement. However, each Party may disclose the terms and conditions of this Agreement: (i) to legal counsel of such Party; (ii) to such Party’s accountants, banks, financing sources and their advisors; (iii) in connection with the enforcement of its rights under this Agreement; or (iv) in connection with an actual or proposed merger, acquisition, or similar transaction.
7.2. Exceptions. Confidential Information will not include information that: (i) is in or enters the public domain through no fault of the Receiving Party; (ii) the Receiving Party can reasonably demonstrate was in its possession prior to first receiving it from the Disclosing Party; (iii) the Receiving Party can demonstrate was developed by the Receiving Party independently and without use of or reference to the Confidential Information; or (iv) the Receiving Party receives from a third party without restriction on disclosure and without breach of such third party’s nondisclosure obligation. In addition, the Receiving Party may disclose Confidential Information that is required to disclose by law, or by a subpoena or order issued by a court of competent jurisdiction (each, an “Court Order”), provided that the Receiving Party shall: (a) give the Disclosing Party written notice of the Court Order promptly after receiving it; and (b) cooperate fully with the Disclosing Party to provide the Disclosing Party with the opportunity to interpose any objections it may have to disclosure of the information required by the Court Order and to seek a protective order or other appropriate relief. In the event of any dispute between the Parties as to whether specific information is within one or more of the exceptions set forth in this Section 7.2, Receiving Party will bear the burden of proof, by clear and convincing evidence, that such information is within the claimed exception(s). SentinelOne recognizes that Federal agencies are subject to the Freedom of Information Act, 5 U.S.C. 552, which may require that certain information be released, despite being characterized as “confidential” by the vendor.
7.3. Reserved.
8. REPRESENTATIONS, WARRANTIES AND REMEDIES.
8.1. General Representations and Warranties. Each Party represents and warrants that: (i) it is validly existing and in good standing under the laws of the place of its establishment or incorporation; (ii) it has full corporate or organizational power and authority to execute, deliver, and perform its obligations under this Agreement; (iii) the person signing this Agreement on its behalf has been duly authorized and empowered to enter into this Agreement; (iv) this Agreement is valid, binding, and enforceable against it in accordance with its terms; (v) it shall deliver (as to SentinelOne) and operate (as to Customer) the Solutions in material conformity with the Documentation and the terms herein; and (vi) it will perform its obligations under this Agreement in accordance with applicable federal or state laws or regulations.
8.2. Conformity with Documentation. SentinelOne warrants that at any point in time during Customer’s Subscription Term, the Current Release will substantially conform in all material respects with the Documentation. SentinelOne’s sole obligation for material non-conformity with this warranty shall be, in SentinelOne’s sole discretion, to use commercially reasonable efforts: (i) to provide Customer with an error-correction or workaround to the reported non-conformity; (ii) to replace the non-conforming portions of the Solutions with conforming items; or (iii) if SentinelOne reasonably determines it cannot provide such remedies within a reasonable period of time, to terminate this Agreement and refund applicable Fees pursuant to Section 11.3 (Effects of Termination). The above warranty will not apply:
(a) if the Solutions are not used in compliance with the Documentation; (b) if any unauthorized modifications are made to the Solutions by Customer or any third party; (c) to the use of versions of the Solutions that are not the Current Release or the Solutions released immediately preceding the Current Release; (d) to defects due to accident, abuse, or improper use by Customer; or (e) to Evaluation or Early Adoption use of the Solutions.
8.3. Disclaimer. EXCEPT FOR THE REPRESENTATIONS AND WARRANTIES EXPRESSLY SET FORTH IN THIS SECTION 8, EACH PARTY DISCLAIMS AND EXCLUDES ANY AND ALL REPRESENTATIONS AND WARRANTIES (EXPRESS OR IMPLIED, ORAL OR WRITTEN) WITH RESPECT TO THIS AGREEMENT AND THE SOLUTIONS, WHETHER ALLEGED TO ARISE BY OPERATION OF LAW, STATUTE, CUSTOM, USAGE, COURSE OF DEALING, OR OTHERWISE, INCLUDING ALL WARRANTIES OF MERCHANTABILITY, FITNESS OR SUITABILITY FOR ANY PARTICULAR PURPOSE (WHETHER OR NOT SUCH PARTY KNOWS, HAS REASON TO KNOW, HAS BEEN ADVISED, OR IS OTHERWISE AWARE OF ANY SUCH PURPOSE), ACCURACY, NON-INFRINGEMENT, OR CONDITION OF TITLE. THIS DISCLAIMER AND EXCLUSION WILL APPLY EVEN IF ANY EXPRESS WARRANTY HEREIN FAILS OF ITS ESSENTIAL PURPOSE. SENTINELONE DOES NOT GUARANTEE OR WARRANT THAT IT WILL FIND, LOCATE, DETECT, OR IDENTIFY ALL THREATS, CONFIGURATION ERRORS, VULNERABILITIES, MALWARE, OR MALICIOUS SOFTWARE, OR THAT IT WILL RESTORE CONTROL OF SYSTEMS WHERE UNAUTHORIZED ACCESS OR CONTROL HAS OCCURRED, AND CUSTOMER AND ITS AFFILIATES WILL NOT HOLD SENTINELONE RESPONSIBLE FOR ANY OF THE FOREGOING OR ANY CONSEQUENCES THEREOF. REPORTS GENERATED THROUGH CUSTOMER’S USE OF THE SOLUTIONS ARE PROVIDED AS-IS AND AS AVAILABLE WITHOUT ANY REPRESENTATIONS OR WARRANTIES OF ANY KIND.
9. INDEMNIFICATION OBLIGATIONS.
9.1. Infringement Indemnity. SentinelOne will indemnify and have the right to intervene to defend Customer and Customer’s directors, officers, employees, contractors, agents, or other authorized representatives (“Customer Indemnitees”) from and against any and all losses, damages, liabilities, deficiencies, claims, actions, judgments, interest, awards, penalties, fines, costs, or expenses of whatever kind, including reasonable attorneys’ fees, that are awarded against such Customer Indemnitees in a final, non-appealable judgment (collectively, “Losses”), arising out of any third-party claim alleging that Customer’s use of the Solutions infringes or misappropriates a third party’s valid Intellectual Property Right (each, a “Claim”). In the event of a Claim pursuant to this Section 9.1, SentinelOne may, at SentinelOne’s option and at SentinelOne’s expense: (i) obtain for Customer, the right to continue to exercise the license granted to Customer under this Agreement; (ii) substitute the allegedly infringing component for an equivalent non-infringing component; or (iii) modify the Solutions to make them non infringing. Nothing contained herein shall be construed in derogation of the U.S. Department of Justice’s right to defend any claim or action brought against the U.S., pursuant to itsjurisdictional statute 28 U.S.C.
§ 516. If the options set forth in Section 9.1(i), (ii), or (iii) are not obtainable on commercially reasonable terms, SentinelOne may terminate this Agreement after providing Customer a reasonable time (no less than 30 days) to transition to an alternative solution, unless SentinelOne determines in its reasonable discretion that such use of the Solutions will likely result in infringement and in such case may terminate this Agreement effective immediately with concurrent written notice to Customer. In the event of a termination of this Agreement pursuant to this Section 9.1, all rights and licenses with respect to the Solutions will immediately cease and SentinelOne will refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in the applicable Purchase Order) following the termination of this Agreement. SentinelOne’s indemnification obligations do not extend to Claims or Losses arising from or relating to: (a) any act or omission of any Customer Indemnitees in breach of the Agreement; (b) any combination of the Solutions (or any portion thereof) by any Customer Indemnitees or any third party with any equipment, software, data, or any other materials where the infringement would not have occurred but for such combination, unless such combination is the customary, ordinary, and intended use of the Solutions; (c) any modification to the Solutions by any Customer Indemnitees or any third party where the infringement would not have occurred but for such modification; (d) the use of the Solutions by any Customer Indemnitees or any third party in a manner contrary to the terms of this Agreement where the infringement would not have occurred but for such use; or (e) the continued use of the Solutions after SentinelOne has provided a substantially equivalent non-infringing software or service.
9.2. Reserved.
9.3. Procedures. The indemnifying Party’s indemnification obligations under this Section 9 are conditioned upon the indemnified Party: (i) giving prompt written notice of the claim to the indemnifying Party once the indemnified Party becomes aware of the claim (provided that failure to provide prompt written notice to the indemnifying Party will not alleviate an indemnifying Party’s obligations under this Section 9 to the extent any associated delay does not materially prejudice or impair the defense of the related claims);
(ii) granting the indemnifying Party the option to take sole control of the defense (including granting the indemnifying Party the right to select and use counsel of its own choosing) and settlement of the claim (except that the indemnified Party’s prior written approval will be required for any settlement that reasonably can be expected to require an affirmative obligation of the indemnified Party); and (iii) providing reasonable cooperation to the indemnifying Party and, at the indemnifying Party’s request and expense, assistance in the defense or settlement of the claim.
10. LIMITATION OF LIABILITY.
10.1. SUBJECT TO ANY SPECIFIC LIMITATIONS ON LIABILITY STATED IN THIS SECTION 10, IN NO EVENT WILL EITHER PARTY’S TOTAL LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE FEES PAID OR PAYABLE BY CUSTOMER TO SENTINELONE (OR THE APPLICABLE PARTNER) IN THE 12-MONTH PERIOD IMMEDIATELY PRIOR TO THE TIME OF THE EVENT OR EVENTS LEADING TO THE ALLEGED DAMAGES OR GIVING RISE TO THE CLAIM.
10.2. SENTINELONE’S TOTAL AGGREGATE LIABILITY FOR SENTINELONE’S BREACH OF SECTION 6 (PRIVACY AND SECURITY) OR OF ANY OTHER OBLIGATION RELATING TO CUSTOMER DATA SHALL NOT EXCEED THE FEES PAID OR PAYABLE BY CUSTOMER TO SENTINELONE (OR THE APPLICABLE PARTNER) IN THE 12-MONTH PERIOD IMMEDIATELY PRIOR TO THE TIME OF THE EVENT OR EVENTS LEADING TO THE ALLEGED DAMAGES OR GIVING RISE TO THE CLAIM.
10.3. THE LIMITATIONS SET FORTH IN SECTIONS 10.1 AND 10.2 SHALL NOT APPLY TO: (i) ANY BREACHES OF THE RESTRICTIONS; (ii) ANY BREACHES OF SECTION 7 (CONFIDENTIALITY) (EXCLUDING ANY BREACHES OF SENTINELONE’S OBLIGATIONS RELATING TO CUSTOMER DATA); OR (iii) TO EITHER PARTY’S INDEMNIFICATION OBLIGATIONS UNDER SECTION 9.
10.4. IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER PARTY OR ANY THIRD PARTY FOR ANY LOSS OF PROFITS, LOSS OF USE, LOSS OF REVENUE, LOSS OF GOODWILL, INTERRUPTION OF BUSINESS, OR INDIRECT, SPECIAL, INCIDENTAL, EXEMPLARY, PUNITIVE, OR CONSEQUENTIAL DAMAGES OF ANY KIND ARISING OUT OF, OR IN CONNECTION WITH, THIS AGREEMENT, WHETHER IN CONTRACT, TORT, STRICT LIABILITY, OR OTHERWISE, EVEN IF SUCH PARTY HAS BEEN ADVISED OR IS OTHERWISE AWARE OF THE POSSIBILITY OF SUCH DAMAGES. MULTIPLE CLAIMS WILL NOT EXPAND THIS LIMITATION. THE LIMITATIONS SET FORTH IN THIS SECTION 10 WILL BE GIVEN FULL EFFECT EVEN IF ANY REMEDY SPECIFIED IN THIS AGREEMENT IS DEEMED TO HAVE FAILED OF ITS ESSENTIAL PURPOSE. THE FOREGOING LIMITATION OF LIABILITY SHALL NOT APPLY TO (1) PERSONAL INJURY OR DEATH RESULTING FROM LICENSOR’S NEGLIGENCE; (2) FOR FRAUD; OR (3) FOR ANY OTHER MATTER FOR WHICH LIABILITY CANNOT BE EXCLUDED BY LAW.
11. TERM, TERMINATION AND EFFECT OF TERMINATION.
11.1. Term. The term of this Agreement will begin on the Effective Date and continue until all active Subscription Terms have expired or until earlier terminated pursuant to the terms of this Agreement. Customer’s subscription to any Solutions shall be as stated in the first Purchase Order for such Solutions (the “Initial Subscription Term”), and thereafter the Solutions subscription may be renewed for additional successive periods identical in length to the Initial Subscription Term by executing a written order or other document for the renewal (“Renewal Subscription Term” and collectively, “Subscription Term”). This Agreement and all Solutions Addendums or a specific Solutions Addendum and its corresponding Subscription Term may also (i) be terminated in accordance with Section 11.2 below; or
(ii) be terminated by SentinelOne in accordance with Section 9.1 (Infringement Indemnity).
11.2. Termination. When the Customer is an instrumentality of the U.S., recourse against the United States for any alleged breach of this Agreement must be brought as a dispute under the contract Disputes Clause (Contract Disputes Act). During any dispute under the Disputes Clause, SentinelOne shall proceed diligently with performance of this Agreement, pending final resolution of any request for relief, claim, appeal, or action arising under the Agreement, and comply with any decision of the Contracting Officer.
11.3. Effects of Termination. Upon any termination or expiration of this Agreement and/or Solutions Addendum: (i) all rights and licenses granted to Customer under this Agreement and any applicable Solutions Addendum(s) will immediately terminate; (ii) all of SentinelOne’s obligations under this Agreement and any applicable Solutions Addendum(s) (including, SentinelOne’s performance of the Singularity Support) will immediately cease; (iii) there will be no refund for any pre-paid and unused Fees as of the termination date (except where Customer terminates this Agreement under Section 11.2 (Termination) due to SentinelOne’s material breach or where SentinelOne terminates this Agreement under Sections 8.2 (Conformity with Documentation) or 9.1 (Infringement Indemnity) herein, in which case any refunds shall be on a pro-rata basis for any remaining unused portion of a subscription left after such termination), and Customer will immediately pay SentinelOne any Fees due and payable under this Agreement as of the termination date; (iv) upon receiving a written request from the Disclosing Party, the Receiving Party will promptly return to the Disclosing Party all Confidential Information of the Disclosing Party then in its possession or destroy all copies of such Confidential Information, at the Disclosing Party’s sole discretion and direction; (v) Customer will immediately cease all use of the Solutions and destroy and/or permanently delete all copies of any components of the Solutions in Customer’s possession; and (vi) Customer will uninstall the Solutions within thirty (30) days after termination of this Agreement or any applicable Solutions Addendum(s) and, upon SentinelOne’s request, provide written confirmation of such uninstallation. SentinelOne reserves the right to investigate suspected violations of Customer’s obligations under Sections 11.3(v) and 11.3(vi) herein. Customer will immediately confirm, in writing, that it has complied with these Sections 11.3(v) and 11.3(vi) at SentinelOne’s request. Notwithstanding any terms to the contrary in this Agreement, the Restrictions and Sections 4 (Ownership and Reservation of Rights), 6 (Privacy and Security), 7 (Confidentiality), 9 (Indemnification Obligations), 10 (Limitation of Liability), 11.3 (Effects of Termination) and 12 (General Provisions) will survive any termination of this Agreement.
12. GENERAL PROVISIONS.
12.1. Entire Agreement. This Agreement, together with all terms attached or referenced herein (all of which are incorporated herein by reference), set forth the entire agreement and understanding of the Parties relating to Customer’s subscription to the Solutions, and the Parties herein expressly agree that this Agreement supersedes all prior or contemporaneous potentially or actually conflicting terms in agreements, proposals, negotiations, conversations, discussions and/or understandings, whether written or oral, with respect to such subject matter and all past dealing or industry customs (including without limitation any nondisclosure agreement among the Parties relating to any prior use of the Solutions, any Quote or Purchase Order and/or another agreement among the Parties in connection with Customer’s consideration and/or evaluation of the Solutions), excluding only any written agreement executed by SentinelOne, expressly referencing this Agreement and only to the extent expressly superseding specific terms in this Agreement. In the event of conflict, the terms in the applicable Solutions Addendum(s) shall supersede and take precedence over the terms in this Agreement.
12.2. Independent Contractors. Neither Party will, for any purpose, be deemed to be an agent, franchisor, franchise, employee, representative, owner or partner of the other Party, and the relationship between the Parties will only be that of independent contractors. Neither Party will have any right or authority to assume or create any obligations or to make any representations or warranties on behalf of any other Party, whether express or implied, or to bind the other Party in any respect whatsoever.
12.3. Governing Law and Venue. This agreement is governed by and shall be construed in accordance with the Federal laws of the United States.
12.4. Publicity. Customer agrees that SentinelOne may reference and use Customer’s name in SentinelOne marketing and promotional materials, including, but not limited to, the Site, solely for the purpose of identifying Customer as SentinelOne’s customer to the extent permitted by the General Services Acquisition Regulation (GSAR) 552.203-71. Otherwise, neither Party may use the trade names, trademarks, service marks, or logos of the other Party without the express written consent of the other Party.
12.5. Assignment. Neither this Agreement nor any right or duty under this Agreement may be transferred, assigned, or delegated by a Party, by operation of law or otherwise, without the prior written consent of the other Party and such consent shall not be unreasonably delayed or withheld. Any attempted transfer, assignment, or delegation without such consent will be void and without effect. Subject to the foregoing, this Agreement will be binding upon and will inure to the benefit of the Parties and their respective representatives, heirs, administrators, successors, and permitted assigns.
12.6. Export Compliance. The Solutions, Related Services and Products (as defined in the Singularity Terms), and all other components of the Solutions that SentinelOne may provide or make available to Customer for use by Customer’s users are subject to U.S. export control and economic sanctions laws, including the Export Administration Regulations and trade and economic sanctions imposed by Office of Foreign Asset Control (“OFAC”). Customer agrees not to violate such laws and regulations as they relate to Customer’s access to and use of the Solutions. Customer shall not access or use the Solutions if Customer is located in any jurisdiction in which the provision of the Solutions is prohibited under U.S. or other applicable laws or regulations, (each, a “Prohibited Jurisdiction”), and Customer agrees not to permit access to the Solutions to any government, entity, or individual located in any Prohibited Jurisdiction, or to any person or entity currently included on the Specially Designated Nationals and Blocked Persons List or the Consolidated Sanctions List maintained by OFAC (“Prohibited Person”), or to any other person or entity in violation of any U.S. or other applicable export laws, regulations, embargoes, prohibitions, or restrictions. Customer agrees to comply with all applicable laws regarding the export or re-export of technology from the U.S. and the country in which Customer and users are located. Customer represents and warrants that neither Customer nor any of Customer’s Affiliates is an entity that (i) is directly or indirectly owned or controlled by any person or entity currently included on the Specially Designated Nationals and Blocked Persons List or the Consolidated Sanctions List maintained by OFAC, or (ii) is located in, or is directly or indirectly owned or controlled by any entity or individual located in, any Prohibited Jurisdiction.
12.7. Amendments and Waivers. No modification, addition, deletion, or waiver of any rights under this Agreement will be binding on a Party unless made in a written agreement executed by a duly authorized representative of each Party. No failure or delay (in whole or in part) on the part of a Party to exercise any right or remedy hereunder will operate as a waiver thereof or effect any other right or remedy, and no waiver of one breach or default or any delay in exercising any rights will not constitute a waiver of any subsequent breach or default. All rights and remedies hereunder are cumulative and are not exclusive of any other rights or remedies provided hereunder or by law.
12.8. Notices. Any legal notice (whether this Agreement expressly states “written notice” or “notice”) or communication required or permitted to be given hereunder must be in writing, signed or authorized by the Party giving notice, and may be delivered by hand, deposited with an overnight courier, sent by confirmed email or mailed by registered or certified mail, return-receipt requested, postage prepaid, in each case to the address of the receiving Party asidentified in the signature box below, on a valid Purchase Order, in the case of SentinelOne to legal.notices@sentinelone.com, or at such other address as may hereafter be furnished in writing by either Party to the other Party. Such notice will be deemed to have been given as of the date it is delivered. Notice is effective on the earlier of five (5) days from being deposited for delivery or the date on the confirmed email or courier receipt.
12.9. Severability. If any provision of this Agreement is deemed invalid, illegal, or incapable of being enforced by any rule of law or public policy, all other provisions of this Agreement will nonetheless remain in full force and effect so long as the economic and legal substance of the transactions contemplated by this Agreement is not affected in any manner adverse to any Party. Upon such determination that any provision is invalid, illegal, or incapable of being enforced, the Parties will negotiate in good faith to modify this Agreement so as to affect the original intent of the Parties as closely as possible in an acceptable manner to the end that the transactions contemplated hereby are fulfilled.
12.10. Force Majeure. In accordance with GSAR Clause 552.212-4(f), except for payments of Fees due under this Agreement, neither Party will be responsible for any failure to perform or delay attributable in whole or in part to any cause or event beyond its reasonable control, including but not limited to acts of God (e.g., fire, storm, floods, earthquakes, etc.), civil disturbances, disruption of telecommunications, disruption of power or other essential services, interruption or termination of service provided by any service providers used by SentinelOne, labor disturbances, vandalism, cable cuts, or any malicious or unlawful acts of any third party.
12.11. Counterparts. This Agreement may be executed: (i) in two or more counterparts, each of which will be deemed an original and all of which will together constitute the same instrument; and (ii) by the Parties by exchange of signatures pages by mail or e-mail (if e-mail, signatures in Adobe PDF or similar format).
IN WITNESS WHEREOF, the Parties’ authorized representatives have executed this SentinelOne Master Subscription Agreement as of the Effective Date.
SOLUTIONS ADDENDUM:
SINGULARITY PLATFORM TERMS
These Singularity Platform Terms (“Singularity Terms”) is between SentinelOne, Inc. (“SentinelOne”) and the customer (“Customer”) who has an active governing agreement (“Agreement”) in place with SentinelOne and who has purchased a subscription to the Singularity Platform (as defined below) and/or any Other SentinelOne Services and Products (as defined below) in a Purchase Order or is Evaluating the Singularity Platform. Capitalized terms defined in these Singularity Terms shall apply to these Singularity Terms and any terms not defined in these Singularity Terms shall have their meaning as defined in the Agreement.
1. DEFINITIONS.
1.1. “Documentation” means SentinelOne’s then–current published documentation such as technical user guides, installation instructions, articles or similar documentation specifying the functionalities of the Solutions and made available by SentinelOne to Customer through the SentinelOne Knowledge Base on the customer portal (the “Customer Portal”), available at: support.sentinelone.com or https://portal.attivonetworks.com/, as applicable and as updated from time-to-time in the normal course of business.
1.2. “Hardware” means the hardware appliance Customer may purchase that comes preloaded with the software licensed under the applicable Purchase Order.
1.3. “Sample Malware Kit” means an evaluation framework comprising of malware and exploit samples provided by SentinelOne.
1.4. “SentinelOne Services” means Singularity Support, Technical Account Management (“TAM”), SentinelOne’s Vigilance Service, Incident Response service, or other services.
1.5. “Singularity Platform” means SentinelOne’s singularity platform including its malware protection, detection and remediation solutions, endpoint detection and response solutions, device discovery and control solutions, identity and directory management security solutions, and other solutions offered by SentinelOne over time, directly or through a Partner, together with the software underlying such products and services and any Enhancements.
1.6. “Singularity Support” means services related to the Singularity Platform, software tools and/or applications from SentinelOne, including but not limited to support services.
1.7. “Test Environment” means an isolated environment provided by SentinelOne to test the Solution(s) on. 2. LICENSE.
2.1. Scope of Agreement. These Singularity Terms governs Customer’s purchase of a subscription to the Singularity Platform. Customer agrees to accept all Enhancements necessary for the proper function of the Singularity Platform as released by SentinelOne from time to time, and further agrees that SentinelOne shall not be responsible for the proper performance of the Singularity Platform or security issues encountered with the Singularity Platform related to Customer’s failure to accept Enhancements in a timely manner.
2.2. Related Services and Products. As an active Customer subscribing to the Singularity Platform under this Agreement, during the Subscription Term, or during an Evaluation Period, Customer may receive and/or subscribe to Singularity Platform offerings or SentinelOne Services as detailed in a relevant Purchase Order. Customer’s subscription to Singularity Platform offerings or SentinelOne Services is subject in each case to applicable terms and conditions of this Agreement as well as the specific terms for each such SentinelOne Services and Singularity Platform products detailed here: https://www.sentinelone.com/legal/.
2.3. Documentation. All use of the Singularity Platform shall be in accordance with the then–current Documentation.
2.4. License Grant.
2.4.1. Singularity Platform License. Subject to Customer’s compliance with the terms and conditions of this Agreement, SentinelOne hereby grants Customer a worldwide, non-transferable, non exclusive license during the Subscription Term or any Evaluation Period to access, use, execute, install (as provided for by the applicable Purchase Order), store, and display the Singularity Platform (including Enhancements) solely in support of Customer’s (and Customer’s Affiliate(s)) internal business and security and operations, in accordance with the Documentation describing the permissible use of the Singularity Platform (“License”). The License granted herein is limited to the quantity of Endpoints as set forth in a valid Purchase Order. SentinelOne will make the SentinelOne Software and/or SDK available to Customer via download the Site or other means determined by SentinelOne.
2.4.2. Evaluations and Software Malware Kit. Unless otherwise agreed to in writing, Customer may install the Sample Malware Kit in a non-production-controlled environment, which is not connected to a production network, with access to only the SentinelOne’s management server, all in accordance with the Documentation and under the direction of SentinelOne. SentinelOne may also provide a Test Environment for Customer to conduct malware testing. During and following the Evaluation Period, the Parties shall discuss Evaluation results in good faith.
3. LICENSE RESTRICTIONS. Except as expressly authorized by these Singularity Terms, Customer shall not do any of the following: (i) modify, disclose, alter, translate, or create derivative works of the Singularity Platform (or any components thereof) or any accompanying Documentation; (ii) license, sublicense, resell, distribute, lease, rent, lend, transfer, assign, or otherwise dispose of the Singularity Platform (or any components thereof) or any Documentation; (iii) use the Singularity Platform other than as permitted under these Singularity Terms, as directly related to Customer’sinternal business operations and in conformity with the Documentation, and not otherwise use the Singularity Platform for any other commercial or business use, including without limitation by offering any portion of the Singularity Platform as benefits or services to third parties; (iv) use the Singularity Platform or upload Customer Data in violation of any laws or regulations, including without limitation to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or material in violation of third-party privacy rights; (v) use the Singularity Platform to store, transmit, or test for any viruses, software routines, or other code designed to permit unauthorized access, disable, erase, or otherwise harm software, hardware, or data, or to perform any other harmful actions; (vi) probe, scan, or test the efficacy or vulnerability of the Singularity Platform, or take any action in an effort to circumvent or undermine the Singularity Platform, except for the legitimate testing of the Singularity Platform in coordination with SentinelOne, in connection with considering a subscription to the Singularity Platform as licensed herein; (vii) attempt to or actually disassemble, decompile, or reverse engineer, copy, frame, or mirror any part or content of the Singularity Platform, or otherwise derive any of the Singularity Platform’s source code; (viii) access, test, and/or use the Singularity Platform in any way to build a competitive product or service, or copy any features or functions of the Singularity Platform; (ix) interfere with or disrupt the integrity or performance of the Singularity Platform; (x) attempt to gain unauthorized access to the Singularity Platform or their related systems or networks; (xi) disclose to any third party or publish in any media any performance information or analysis relating to the Singularity Platform; (xii) fail to maintain all copyright, trademark, and proprietary notices on the Singularity Platform and any permitted copy thereof; (xiii) upload, manage, or process any Special Information in the Singularity Platform; or (xiv) cause or permit any Singularity Platform user or third party to do any of the foregoing.
4. ADDITIONAL TERMS FOR HARDWARE.
4.1. Applicability. This Section 4 shall only apply to Customer purchases of Hardware.
4.2. Title. Hardware is shipped FOB Destination, and title to and risk of loss of Hardware transfers to Customer when delivered to the carrier. Notwithstanding the aforementioned, SentinelOne retains all right, title, and interest in the Singularity Platform software, and the intellectual property rights therein. No license or other implied rights of any kind are granted except for the limited right to access and use the Solution as described in these Singularity Terms.
4.3. Additional Restrictions. In addition to the Restrictions stated in Section 3 of these Singularity Terms, Customer will not, and will not permit any third party to: (i) rent or lease the Hardware, unless otherwise expressly authorized by SentinelOne in writing; or (ii) transfer or copy the Singularity Platform software within the Hardware to, or use the Singularity Platform software on, any other product or device, including any second-hand or grey market hardware that Customer has not purchased from SentinelOne or a Partner.
4.4. Warranty. In addition to any warranties found in the Agreement, SentinelOne warrants that the Hardware will perform in substantial conformance with the Documentation for a period of three years from the date of shipment from SentinelOne (“Hardware Warranty Term”).
4.5. Limited Warranty Process. Customer may submit a support ticket via the Customer Portal for warranty issues that arise during the Hardware Warranty Term. All support shall be handled in accordance with SentinelOne’s then-current support terms.
4.6. Warranty Exclusions. SentinelOne shall have no liability for defects or damage to the Hardware that result from: (i) use of the Hardware other than in its normal and customary manner in accordance with the Documentation; (ii) modifications, alterations, and repairs to the Hardware not expressly authorized by SentinelOne in writing; (iii) physical, electrical abuse or neglect, misuse, or accidents; and (iv) damage caused during shipping; and (v) flood, fire, or other environmental faults. SentinelOne shall have no liability for loss or inadvertent disclosure of Customer Data stored or remaining on any Hardware returned to SentinelOne.
SOLUTIONS ADDENDUM:
DATASET TERMS
These DataSet Terms (“DataSet Terms”) is between SentinelOne, Inc. (“SentinelOne”) and the customer (“Customer”) who has an active governing agreement (“Agreement”) in place with SentinelOne and who has purchased a subscription to the DataSet (as defined below) in a Purchase Order or is engaged in an Evaluation Period with DataSet. Capitalized terms defined in these DataSet Terms shall apply to these DataSet Terms and any terms not defined in these DataSet Terms shall have their meaning as defined in the Agreement.
1. DEFINITIONS.
1.1. “DataSet” means the specific Solution Customer has purchased and been granted access to via these DataSet Terms.
1.2. “Documentation” means SentinelOne’s then–current published documentation such as technical user guides, installation instructions, articles or similar documentation specifying the functionalities of the Solutions and made available by SentinelOne to Customer found here: https://app.scalyr.com/help.
1.3. “Site” means the website located at www.dataset.com.
2. DATASET ACCESS AND LICENSE.
2.1. During the Subscription Term or Evaluation Period, SentinelOne shall grant Customer access to DataSet for use in accordance with the Agreement and these DataSet Terms.
2.2. To the extent Customer installs software provided as part of DataSet, then subject to these DataSet Terms (and if applicable, any license terms associated with the download, installation and use of such software), SentinelOne grants to Customer a worldwide, non-transferable, non-exclusive license during the Subscription Term or any Evaluation Period to access, use, execute, install (as provided for by the applicable Purchase Order), store, and display the DataSet (including Enhancements) solely in support of Customer’s (and Customer’s Affiliate(s)) internal business operations, in accordance with the Documentation describing the permissible use of DataSet.
3. AVAILABILITY AND SUPPORT.
3.1. During the Subscription Term, SentinelOne will undertake commercially reasonable efforts to make DataSet available. Notwithstanding the foregoing, SentinelOne reserves the right to suspend Customer’s accessto DataSet: (i) for scheduled or emergency maintenance, provided, however, SentinelOne will give Customer prior written notice of any such modification reasonably in advance, or (ii) upon at least seven (7) days prior written notice for scheduled maintenance. SentinelOne will provide reasonable support to Customer for DataSet from Monday through Friday during SentinelOne’s normal business hours.
4. LICENSE RESTRICTIONS.
4.1. Except as expressly authorized by these DataSet Terms, Customer shall not do any of the following: (i) modify, disclose, alter, translate, or create derivative works of DataSet (or any components thereof) or any accompanying Documentation; (ii) license, sublicense, resell, distribute, lease, rent, lend, transfer, assign, or otherwise dispose of DataSet (or any components thereof) or any Documentation; (iii) use DataSet other than as permitted under these DataSet Terms, as directly related to Customer’s internal business operations and in conformity with the Documentation, and not otherwise use DataSet for any other commercial or business use, including without limitation by offering any portion of DataSet as benefits or services to third parties; (iv) use DataSet or upload Customer Data in violation of any laws or regulations, including without limitation to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or material in violation of third-party privacy rights; (v) use DataSet to store, transmit, or test for any viruses, software routines, or other code designed to permit unauthorized access, disable, erase, or otherwise harm software, hardware, or data, or to perform any other harmful actions; (vi) probe, scan, or test the efficacy or vulnerability of DataSet, or take any action in an effort to circumvent or undermine DataSet, except for the legitimate testing of DataSet in coordination with SentinelOne, in connection with considering a subscription to DataSet as licensed herein; (vii) attempt to or actually disassemble, decompile, or reverse engineer, copy, frame, or mirror any part or content of DataSet, or otherwise derive any of DataSet’s source code; (viii) access, test, and/or use the Singularity Platform in any way to build a competitive product or service, or copy any features or functions of DataSet; (ix) interfere with or disrupt the integrity or performance of DataSet; (x) attempt to gain unauthorized access to DataSet or their related systems or networks; (xi) disclose to any third party or publish in any media any performance information or analysis relating to DataSet; (xii) fail to maintain all copyright, trademark, or proprietary notices on DataSet and any permitted copy thereof; (xiii) upload, manage, or process any Special Information in DataSet; or (xiv) cause or permit any DataSet user or third party to do any of the foregoing. Customer will ensure that Customer’s use of DataSet and Customer Data is, at all times, compliant with all applicable local, state, federal, and international laws, regulations, and conventions, including without limitation those related to data privacy and data transfer, international communications, and the exportation of technical or personal data. Customer is solely responsible for the accuracy, content, and legality of all Customer Data.
5. RESPONSIBILITIES.
5.1. Customer will cooperate with SentinelOne in connection with the performance of these DataSet Terms by making available personnel and information as may be reasonably required and taking such other actions, as SentinelOne may reasonably request.
5.2. Customer will designate an employee who will be responsible for all matters relating to these DataSet Terms (“Primary Contact”). Customer may change the individual designated as Primary Contact at any time by providing written notice to SentinelOne.
5.3. SentinelOne has no obligation to monitor Customer Data or any other of the content provided by Customer or Customer’s use of DataSet. SentinelOne reserves the right to remove Customer Data or content or prohibit any use of DataSet it believes may be (or alleged to be) in violation of Restrictions, provided, however, that SentinelOne will use commercially reasonable efforts to give Customer prior written notice of any such removal reasonably in advance to allow the Customer to verify (and remove, as the case may be) such Customer Data or content.
6. RETENTION.
6.1. Customer Data will be deleted periodically within thirty (30) days of the configured retention period or, if specified, within the Customer’s configured retention period.
6.2. Prior to termination of Customer’s use of DataSet, Customer may request to export “Customer Data.” After termination, all Customer Data is subject to deletion at any time, and no later than the configured retention period.
U.S. PUBLIC SECTOR ADDENDUM
This U.S. Public Sector Addendum (“U.S. Public Sector Addendum”) is by and between SentinelOne and the U.S. Public Sector Customer who has an active Master Subscription Agreement (“Agreement”) in place with SentinelOne and who is a (1) federal agency customer Ordering Activity (as defined at FAR 8.401) identified in a Federal agency order under a GSA MAS prime contract (“GSA Customer”), or (2) executive agency or juridical body of the U.S. Government, U.S. state or local government agency, or U.S. publicly funded educational or healthcare institution (together with GSA Customer, each a “U.S. Public Sector Customer”). Capitalized terms used but not defined in this U.S. Public Sector Addendum shall have the meanings ascribed to them in the agreement.
The following terms and conditions supersede or modify the referenced provisions in the Agreement, the Singularity Platform Terms, or the DataSet Terms, as applicable. In the event of any conflict or inconsistency between or among the terms and conditions of this U.S. Public Sector Addendum and those of the Agreement or any other Solutions Addendum, the terms and conditions of this U.S. Public Sector Addendum shall prevail, control, and govern in all respects.
1. The preamble of the Agreement shall be replaced with the following:
“This SentinelOne Master Subscription Agreement (“Agreement”) is between SentinelOne, Inc. (“SentinelOne”) and the U.S. Public Sector Customer (“Customer”) who accepts this Agreement or accesses and/or uses the Solutions (as defined below). This Agreement governs Customer’s subscription to the Solutions, constitutes a binding contract in connection with any paid or Evaluation use of the Solutions, and is effective: (i) as of the date on which a Purchase Order (defined below) is executed between Customer and Partner (defined below), or (ii) upon Customer’s executing this Agreement, clicking the “Log In” button to access the Solutions, or otherwise indicating Customer’s consent to the Agreement electronically or through access to or use of the Solutions.
2. Section 1.2. “Confidential Information” of the Agreement shall be replaced with the following:
1.2. “Confidential Information” means all information disclosed (whether in oral, written, or other tangible or intangible form) by one Party (the “Disclosing Party”) to the other Party (the “Receiving Party”) concerning or related to SentinelOne, the SentinelOne Solutions, or any other information of the Disclosing Party that is marked as confidential or proprietary, or that the Receiving Party knows or reasonably should know is confidential information of the Disclosing Party given the facts and circumstances surrounding the disclosure of the information by the Disclosing Party. Confidential Information includes, but is not limited to, all proprietary and/or non-public technical, business, commercial, financial and/or legal information, such as, without limitation, any and all Solutions information generally shared with Customer and as specifically related to Customer, Solutions Information gained by Customer through use of the Solutions, business plans, product information, pricing, financial plans, know how, Customer information, strategies, and other similar information.
3. Section 1.9. “Purchase Order” of the Agreement shall be replaced with the following:
1.9. “Purchase Order” means a written document such as a purchase order, service order or other similar document agreed to in writing and executed by Customer and a Partner, in each case covering Customer’s subscription to the Solutions or Evaluation offering.
4. Section 2.1.1 below shall be added onto Section 2.1. License of the Agreement:
2.1.1. U.S. Government Rights. The Solutions are commercial computer software. For U.S. Government Customers, the use, duplication, reproduction, release, modification, disclosure, or transfer of the Solutions, or any related documentation of any kind, including technical data and manuals, is restricted by a license agreement or by this Agreement in accordance with FAR 12.212 and DFARS 227.7202. SentinelOne technical data provided to U.S. Government Customers is subject to and governed by the commercial practices set forth in FAR 12.211 and DFARS 252.227-7015. The Solutions were developed fully at private expense. All other use is prohibited.
5. GSA Customers only: Section 5.1. Fees of the Agreement shall be replaced with the following:
5.1. Fees. The fees for the Solutions shall be set forth in one or more valid Purchase Orders between Customer and the Partner (“Fees”). No refunds or credits for paid Fees will be issued to Customer by SentinelOne, except as stated otherwise in Section 11.3 (Effects of Termination).
6. GSA CUSTOMERS ONLY: Section 5.3. Taxes of the Agreement shall be replaced with the following: 5.3. Taxes. Interest and taxes will be agreed to between Partner and Customer.
7. GSA CUSTOMERS ONLY: Section 7.3. Remedies of the Agreement shall include the following: 7.3. The foregoing is subject to GSAR 552.212-4(w)(v).
8. GSA CUSTOMERS ONLY: Section 8.1(iii) of the Agreement shall be replaced with the following:
8.1(iii). the person signing the Purchase Order incorporating this Agreement on Customer’s behalf has been duly authorized and empowered to enter into contracts on behalf of Customer, including authority to enter into this Agreement;
9. Section 8.2(iii) of the Agreement shall be replaced with the following:
8.2(iii). SentinelOne may suspend the provision of the Solutions until SentinelOne can reasonably ensure the quality of the Solutions and its conformity with the Documentation.”
10. Section 9.1. Infringement Indemnity of the Agreement shall be replaced with the following:
9.1. Infringement Indemnity. SentinelOne will indemnify Customer and Customer’s directors, officers, employees, contractors, agents, or other authorized representatives (“Customer Indemnitees”) from and against any and all third-party claims, suits, actions or proceedings (each a “Claim”) alleging that Customer’s use of the Solutions infringes or misappropriates a third party’s valid Intellectual Property Right. SentinelOne’s sole indemnification obligations under this Section 9.1 shall be that SentinelOne will, at its expense, defend any such Claim by reason of Customer’s use of the Solutions as permitted hereunder, subject to the requirements of 28 U.S.C. §516 or, if Customer is a state or local government entity, the applicable state statute governing control of litigation, and pay damages, payments, deficiencies, fines, judgments, settlements, liabilities, losses, costs and expenses (including, but not limited to, reasonable attorneys’ fees, costs, penalties, interest and disbursements) finally awarded by a court of competent jurisdiction or included in a settlement approved by SentinelOne. In the event of a Claim pursuant to this Section 9.1, SentinelOne may, at SentinelOne’s option and at SentinelOne’s expense: (i) obtain for Customer, the right to continue to exercise the license granted to Customer under this Agreement; (ii) substitute the allegedly infringing component for an equivalent non infringing component; or (iii) modify the Solutions to make them non-infringing. If (i), (ii), or (iii) is not obtainable on commercially reasonable terms, SentinelOne may terminate this Agreement, after providing Customer a reasonable time (no less than 30 days) to transition to an alternative solution, unless SentinelOne determines in its reasonable discretion that such use of the Solutions will likely result in infringement and in such case may terminate this Agreement effective immediately with concurrent written notice to Customer. In the event of a termination of this Agreement pursuant to this Section 9.1, all rights and licenses with respect to the Solutions will immediately cease. SentinelOne’s indemnification obligations do not extend to Claims arising from or relating to: (a) any negligent or willful misconduct of any Customer Indemnitees; (b) any combination of the Solutions (or any portion thereof) by any Customer Indemnitees or any third party with any equipment, software, data or any other materials where the infringement would not have occurred but for such combination, unless such combination is the customary, ordinary, and intended use of the Solutions; (c) any modification to the Solutions by any Customer Indemnitees or any third party where the infringement would not have occurred but for such modification; (d) the use of the Solutions by any Customer Indemnitees or any third party in a manner contrary to the terms of this Agreement where the infringement would not have occurred but for such use; or (e) the continued use of the Solutions after SentinelOne has provided a substantially equivalent non-infringing software or service. To the extent permitted by law, this Section 9.1 states Customer’s exclusive remedy for any Claims.”
11. Section 9.2. Customer Indemnity of the Agreement shall include the following pre-requisite at the beginning:
9.2. To the extent permitted by applicable law,…
12. Section 9.2. Customer Indemnity of the Agreement shall include the following:
9.2. Notwithstanding anything to the contrary in this Section 9.2, the maximum amount of all monies paid in connection with Customer indemnification of the SentinelOne Indemnitees shall not exceed the amount of appropriated funds available at the time the payment must be made.
13. Section 9.3. Procedures of the Agreement shall include the following:
9.3. The foregoing is subject to the requirements of 28 U.S.C. § 516.
14. Section 10.3 of the Agreement shall be replaced with the following:
10.3. THE LIMITATIONS ON LIABILITY IN SECTIONS 10.1 AND 10.2 SHALL NOT APPLY TO BREACHES OF THE RESTRICTIONS, SECTION 7 (CONFIDENTIALITY) (EXCLUDING SENTINELONE’S LIABILITY RELATING TO CUSTOMER DATA), OR TO EACH PARTY’S INDEMNIFICATION OBLIGATIONS UNDER SECTIONS 9.1 AND 9.2. HOWEVER, IF CUSTOMER’S LIABILITY IS LIMITED BY APPLICABLE LAW OR FOR ANY OTHER REASON, SENTINELONE’S LIABILITY WILL BE LIMITED TO THE SAME EXTENT. NOTWITHSTANDING THE FOREGOING, NOTHING IN THIS SECTION SHALL BE DEEMED TO IMPAIR THE U.S. GOVERNMENT’S RIGHT TO RECOVER FOR FRAUD OR CRIMES ARISING OUT OF, OR RELATED TO, THIS AGREEMENT UNDER ANY FEDERAL FRAUD STATUTE, INCLUDING THE FALSE CLAIMS ACT, 31. U.S.C. §§ 3729-3733.
15. GSA CUSTOMERS ONLY: Section 11.1. Term of the Agreement shall be replaced with the following:
11.1. Term. Unless otherwise agreed to in writing between the Parties or in a valid Purchase Order between Customer and a Partner, the term of this Agreement will begin on the Effective Date and continue for twelve (12) months (the “Initial Subscription Term”), and thereafter this Agreement and the underlying Solutions subscription(s) will renew for additional successive periods if and to the extent a Solutions subscription is purchased through a new Purchase Order with Partner (each, a “Renewal Subscription Term” and together with the Initial Subscription Term, the “Subscription Term”). The Initial Subscription Term and any Renewal Subscription Term may also (i) be terminated in accordance with Section 11.2 below; or (ii) be terminated by SentinelOne in accordance with Section 9.1.
16. Section 11.3. Effects of Termination of the Agreement shall be replaced with the following:
11.3. Effects of Termination. Upon any termination or expiration of this Agreement and/or Solutions Addendum, or in the event of termination of this Agreement in accordance with 41 U.S.C. § 7101- 7109 (Contract Disputes) and FAR 52.233-1 (Disputes): (i) all rights and licenses granted to Customer will immediately terminate; (ii) all of SentinelOne’s obligations will immediately cease; (iii) there will be no refund for any pre-paid and unused Fees as of the termination date; (iv) upon receiving a written request from the Disclosing Party, the Receiving Party will promptly return to the Disclosing Party all Confidential Information of the Disclosing Party then in its possession or destroy all copies of such Confidential Information, at the Disclosing Party’s sole discretion and direction; and (v) Customer will uninstall the Solutions within thirty (30) days after termination of this Agreement or any applicable Solutions Addendum(s) and, upon SentinelOne’s request, provide written confirmation of such uninstallation. SentinelOne reserves the right to investigate suspected violations of Customer’s obligations under Section 11.3(v). Customer will immediately confirm, in writing, that it has complied with Section 11.3(v) at SentinelOne’s request. Notwithstanding any terms to the contrary in this Agreement, the Restrictions and Sections 4 (Ownership and Reservation of Rights), 6 (Privacy and Security), 7 (Confidentiality), 9 (Indemnification Obligations), 10 (Limitation of Liability), 11.3 (Effects of Termination) and 12 (General Provisions) will survive any termination or expiration of this Agreement.
17. Section 12.1. Entire Agreement of the Agreement shall be replaced with the following:
12.1. Entire Agreement. This Agreement, together with all exhibits attached thereto (all of which are incorporated herein by reference), set forth the entire agreement and understanding of the Parties relating to Customer’s subscription to the Solutions, and the Parties herein expressly agree that this Agreement supersedes all prior or contemporaneous potentially or actually conflicting terms in agreements, proposals, negotiations, conversations, discussions and/or understandings, whether written or oral, with respect to such subject matter, except as required by applicable law. The Parties agree that any term or condition stated in a Purchase Order or any other similar order documentation with Partner is between Customer and the Partner, and nothing in this Agreement modifies Customer’s terms and conditions with such Partner.
18. Section 12.2. Independent Contractors of the Agreement shall include the following:
12.2. Notwithstanding the foregoing, for any Purchase Orders placed by Customer with a Partner, the Partner may, at SentinelOne’s request, bring a claim against Customer on SentinelOne’s behalf to enforce this Agreement.
19. Section 12.3. Governing Law and Venue of the Agreement shall be replaced with the following:
12.3. Governing Law and Venue. If Customer is a federal government entity, this Agreement is governed by the applicable federal laws of the United States of America. If the federal laws of the United States are not dispositive, then to the extent permitted by federal law, this Agreement will be governed by and construed in accordance with the laws of the State of California, without regard to conflict-of law principles. This Agreement does not affect statutory rights that cannot be waived or changed by contract. If Customer is a state or local government entity, the Agreement is governed by the laws of Customer’s state, excluding its conflict-of-laws principles. The state or federal court in Santa Clara County, California will be the jurisdiction in which any suits should be filed if they relate to this Agreement.
20. Section 12.5. Assignment of the Agreement shall be replaced with the following:
12.5. Assignment. Except to the extent transfer may not legally be restricted, Customer may not assign this Agreement nor any right or obligation under this Agreement, nor delegate any performance hereunder without the prior written consent of SentinelOne, and such consent shall not be unreasonably withheld. Any attempted transfer, assignment or delegation without such consent will be void and without effect. SentinelOne may assign its right to receive payment in accordance with the Assignment of Claims Act (31 U.S.C. § 3727) and FAR 52.212-4(b), and SentinelOne may assign its right to receive payment in accordance with the Assignment of Claims Act (31 U.S.C. § 3727) and FAR 52.212-4(b), and SentinelOne may assign this Agreement to the extent not prohibited by the Anti-Assignment Act (41 U.S.C. § 15). Subject to the requirements of FAR 42.12 (Novation and Change-of-Name Agreements), Customer must recognize SentinelOne’s successor in interest following a transfer of our assets or a change of SentinelOne’s name. Any attempted assignment or transfer in violation of the foregoing will be void. Subject to the foregoing, this Agreement will be binding upon and will inure to the benefit of the Parties and their respective successors and assigns.
21. Section 12.10. Force Majeure of the Agreement shall be replaced with the following:
12.10. Force Majeure. Neither Party will be responsible for any failure to perform or delay attributable in whole or in part to any cause beyond its reasonable control, including but not limited to acts of God (fire, storm, floods, earthquakes, etc., civil disturbances, disruption of telecommunications, disruption of power or other essential services, interruption or termination of service provided by any service providers being used by SentinelOne, labor disturbances vandalism, cable cut, computer viruses or other similar occurrences, or any malicious or unlawful acts of any third party. If Customer is a GSA Customer, excusable delays shall be governed by FAR 52.212-4(f).
22. Section 3. License Restrictions of the Singularity Platform Terms shall include the following Section 3.1. U.S. Government Restrictions:
3.1. U.S. Government Restrictions. The Singularity Platform, Singularity Support, and SentinelOne Services are commercial computer software. For U.S. Government Customers, the use, duplication, reproduction, release, modification, disclosure, or transfer of the Singularity Platform, Singularity Support, and SentinelOne Services, or any related documentation of any kind, including technical data and manuals, is restricted by a license agreement or by this Agreement in accordance with FAR 12.212 and DFARS 227.7202. SentinelOne technical data provided to U.S. Government Customers is subject to and governed by the commercial practices set forth in FAR 12.211 and DFARS 252.227- 7015. The Singularity Platform, Singularity Support, and SentinelOne Services were developed fully at private expense. All other use is prohibited.
23. Section 4. License Restrictions of the DataSet Terms shall include the following Section 4.2. U.S. Government Restrictions:
4.2. U.S. Government Restrictions. DataSet is commercial computer software. For U.S. Government Customers, the use, duplication, reproduction, release, modification, disclosure, or transfer of DataSet, or any related documentation of any kind, including technical data and manuals, is restricted by a license agreement or by this Agreement in accordance with FAR 12.212 and DFARS 227.7202. SentinelOne technical data provided to U.S. Government Customers is subject to and governed by the commercial practices set forth in FAR 12.211 and DFARS 252.227-7015. DataSet was developed fully at private expense. All other use is prohibited.
SENTINELONE SERVICES ADDENDUM
This SentinelOne Services Addendum (“Services Addendum”) is made and entered into as of the date indicated in a Purchase Order (the “Effective Date”) for the subscription to the applicable SentinelOne Services (as defined below) by the customer that purchased the SentinelOne Services (“Customer”). SentinelOne, Inc. (“SentinelOne”) and Customer may sometimes be referred to herein as a “Party” and together the “Parties.” The Parties entered into the SentinelOne Master Subscription Agreement available at https://www.sentinelone.com/legal/master-subscription-agreement, or such other written agreement as executed between the Parties, for Customer’s subscription to the Singularity Platform (in each case, the “MSA”).
This SentinelOne Services Addendum is incorporated by reference into the MSA. Capitalized terms not defined in this SentinelOne Services Addendum shall have the meanings ascribed to them in the MSA. In the event of any conflict between this SentinelOne Services Addendum and the MSA, the terms of the Services Addendum shall control, prevail, and govern in all respects.
The Parties hereby agree as follows:
1. SENTINELONE SERVICES.
1.1. By Subscription Only. SentinelOne Services are only applicable and available to the extent Customer purchases and subscribes to: (a) the Singularity Platform; and (b) one or more of the SentinelOne Services under a Purchase Order. “SentinelOne Services” means services other than support services provided by SentinelOne which are subject to SentinelOne’s Support Terms.
1.2. File Fetch Permission. For SentinelOne Services where SentinelOne will use the “File Fetch” feature, which include without limitation Vigilance and WatchTower Pro Services. Customer expressly authorizes SentinelOne to perform remote analyses of Customer Data and to use the “File Fetch” feature (as defined in the Documentation), which downloads full files (that may contain Customer Confidential information or Personal Data) from Customer Endpoints to the SentinelOne management console, as necessary for providing the SentinelOne Services. Customer acknowledges and agrees that SentinelOne may be required to connect its computers and other equipment directly to Customer’s computer network, equipment, systems, hardware, and software, and Customer hereby consents to such activities in connection with SentinelOne providing the SentinelOne Services.
1.3. Incident Response Services. Any incident response services provided by SentinelOne to Customer are also subject to the terms of the SentinelOne Incident Response Retainer Addendum available at https://www.sentinelone.com/legal/incident-response-retainer-addendum/.
2. GENERAL.
2.1. Term. The term(s) of the applicable SentinelOne Services shall be as stated in the Purchase Order. The SentinelOne Services do not automatically renew, and Customer must contact SentinelOne or the applicable Partner to renew the applicable SentinelOne Services before the Subscription Term for the applicable SentinelOne Service expires. SentinelOne Services will be provided as further described in the Documentation. This SentinelOne Services Addendum, including all access and subscriptions to the applicable SentinelOne Services, shall automatically terminate upon expiration or termination of the MSA for any reason.
2.2. Warranty and Remedy.
2.2.1. General Warranty. Subject to warranty disclaimers in the MSA and this Services Addendum, SentinelOne warrants that the applicable SentinelOne Services purchased by Customer will be performed in a professional and workmanlike manner in accordance with this SentinelOne Services Addendum and the applicable Documentation.
2.2.2. Warranty Disclaimer. In addition to the warranty disclaimers in the MSA, SentinelOne does not warrant or guarantee that any advice provided by SentinelOne under the SentinelOne Services, which include without limitation any WatchTower services or Incident Response services, or SentinelOne’s recommendations and plans made by Customer as a result of the SentinelOne Services, will result in the identification, detection, containment, eradication of, a desired outcome, or recovery from all of Customer’s system threats, vulnerabilities, malware, malicious software, or other malicious threats. Customer agrees not to represent to any person or entity that SentinelOne has provided such a guarantee or warranty.
2.2.3. Cure. If SentinelOne breaches this SentinelOne Services Addendum and does not remedy such breach within thirty (30) days after receiving notice from Customer of such breach, then Customer’s sole and exclusive remedy is to terminate the applicable SentinelOne Services and to receive any pro-rated prepaid and unused fees for the reminder of the applicable SentinelOne Services term for such SentinelOne Services.
SENTINELONE SUPPORT TERMS
These SentinelOne Support Terms (the “Support Terms”) detail the customer support provided by SentinelOne, Inc. (“SentinelOne”) with respect to the Singularity Platform subscribed to by the SentinelOne customer (“Customer”) under the SentinelOne Master Subscription Agreement, including the MSA Solutions Addendum: Singularity Platform Terms (collectively, “MSA,” available at https://www.sentinelone.com/legal/master-subscription-agreement/, or another version of the MSA agreed to in writing among such Customer and SentinelOne) (“Support Services” as further detailed below below). Support Services are expressly conditioned on Customer abiding by terms of the MSA, and the MSA are hereby incorporated by reference to these Support Terms. Support Services provided to Customer are coterminous with the Subscription Term stated in a valid Order Form (each capitalized term, as defined in the MSA). Support Services are not cancellable during a given Singularity Platform Subscription Term.
Capitalized terms not defined but used herein have the meaning assigned to such terms in the MSA. In the event of any conflict between these Support Terms and the MSA, the terms of the MSA shall control unless clearly stated otherwise in a version of these Support Terms executed by SentinelOne.
In the event Customer has purchased the Singularity Platform and Support Services from SentinelOne through a SentinelOne authorized partner (“Partner“), Customer will be entitled to all the rights set forth herein as related to the Support Services purchased by Customer if Customer: (a) is the original purchaser of the covered Singularity Platform, and (b) provided with its purchase subscription to the Singularity Platform true, accurate, current and complete information to SentinelOne or the Partner, and has maintains and updates such information to keep it true, accurate, current, and complete during Customer’s Subscription Term, subject to the relevant Partner providing certain support services to Customer under a separate agreement among Partner and Customer.
1. Definitions
1.1. “Action Plan” means a formal verbal or written description of the tasks to be undertaken by SentinelOne and Customer to diagnose, triage, and address a support issue, along with an approximate timeframe for the processing and completion of tasks.
1.2. “Force Majeure Event(s)” means circumstances beyond SentinelOne’s reasonable control, such as, but not limited to, acts of God, acts of government, acts of terror or civil unrest, or technical failures beyond SentinelOne’s control.
1.3. “Initial Support Request” means support request submitted by designated Customer representative support contact or their designated Partner to report a suspected Malfunction.
1.4. “Interoperability” means a Malfunction caused by an interoperation of the Singularity Platform with a software component at Customer’s environment.
1.5. “Maintenance Window” means Sunday between 10AM UTC +3 and 6PM UTC +3.
1.6. “Malfunction” means any error or other condition that preventsthe Singularity Platform from performing substantially in accordance with the operating specifications in the then current Documentation, but excluding Interoperability caused by a Malfunction Exception.
1.7. “Malfunction Exception” means Singularity Platform component Malfunction caused by, related to or arising out of any abuse, misuse or unauthorized use of the Singularity Platform by Customer, or any unauthorized combination of the Singularity Platform with any software or hardware components, or other item not reasonably expected to be combined with and/or interoperate with the Singularity Platform or an interoperability beyond SentinelOne’s reasonable control.
1.8. “Management Console” means the portion of the Singularity Platform hosted by SentinelOne accessible through an internet browser.
1.9. “Planned Downtime” means downtime during a Maintenance Window or planned downtime outside a Maintenance Window which shall not exceed six (6) hours a month.
1.10. “Resolution” means a temporary workaround solution or a configuration that renders the Singularity Platform reasonably functional for their intended purpose or a solution that renders the Singularity Platform substantially in conformity with the Documentation in an upcoming update.
1.11. “Response” means SentinelOne’s personnel response via outbound e-mail, web or phone consultation (based on the Support Plan purchased) to a designated Customer support contact, acknowledging receipt of an Initial Support request.
1.12. “Response Time” means the elapsed time between the Initial Support Request and the target time for a Response during Support Hours.
1.13. “Support Plan(s)” means the different support tiers, Standard Support, Enterprise Support, and Enterprise Pro Support offered by SentinelOne to customers, as further detailed in these Support Terms and related Documentation, and as stated in each case in a relevant Quote or Purchase Order.
1.14. “Support Hours” means 9X5 (business hours) during weekdays for Standard Support and 24X7 for Enterprise and Enterprise Pro Support, in each case 365 days per year.
1.15. “Version” means generally available (GA) release of a SentinelOne Software designated by the number which is immediately to the left or right of the left-most decimal point in a SentinelOne Software version number, as follows: (x).x.x or x.(x).x.
2. Scope of Support Services
2.1. SentinelOne provides Support Services for: (i) its most current Version of the Singularity Platform (including all Resolution thereof), and (ii) the immediately preceding Version of the Singularity Platform. Provided Customer is in compliance with all of the terms of these Support Terms and the MSA, and has paid all applicable Support Fees, SentinelOne will provide to Customer the Support Services set forth herein. In addition, SentinelOne will provide, upon Customer’s request, reports on the status of the Support Services requested by Customer.
2.2. Support Services consist of: (i) reasonable web, e-mail, and phone support for a Standard Support Plan or an Enterprise Support Plan as detailed (all Support Services provided in English), and (ii) reasonable efforts to provide Resolution. Support Services provided via email shall be used solely for ongoing communication between SentinelOne and Customer to address open support tickets and shall not be used to generate new support tickets. Support Services do not include: (x) support with respect to hardware on which the Singularity Platform or any portion thereof may be installed unless such hardware is purchased or leased from SentinelOne or Partner as part of the Solution, in which case Section 4 of these Support Terms shall also apply, (y) support with respect to Malfunction Exception, or (z) any monitoring and/or incident response services. SentinelOne has no obligation to develop any particular Resolutions, and products/solutions marketed by SentinelOne as separate products, or as upgrades for which additional fee is generally charged, are not considered a Resolution.
3. Support Services Process
3.1. Customer Responsibilities: Before contacting SentinelOne with an Initial Support Request or with a suspected Malfunction, Customer undertakes to: (i) analyze the Malfunction to determine if it is the result of Customer’s misuse, the performance of a third party or some other Malfunction Exception or cause beyond SentinelOne’s reasonable control, (ii) ascertain that the Malfunction can be replicated, and (iii) collect and provide to SentinelOne all relevant information relating to the Malfunction. For any Priority 1 Urgent support issues, Customer must submit an Initial Support Request via phone.
3.2. SentinelOne Response: Upon receiving Customer’s Initial Support Request, SentinelOne’s qualified personnel will use commercially reasonable efforts to provide a Response within the Response Time detailed in the Priority levels and communication channels detailed in the table below. For Priority 1 issues, Response Time will be measured from Customer’s phone call. Following the initial Response, SentinelOne support representative will explore the nature of the Malfunction experienced by Customer and its effect on the Singularity Platform, and reasonably assign a priority level to the Malfunction in accordance with definitions in the table below. A Response Time is a guarantee of communication timeframes, and SentinelOne does not guarantee a Resolution within these timeframes. SentinelOne will make commercial reasonable efforts to reach an Action Plan within a reasonable time after the Response.
3.3. Support Services Workflow: SentinelOne will use commercially reasonable efforts to provide Customer with a Resolution within a reasonable time after an Action Plan has been established and also taking into account SentinelOne’s release schedule and severity of Malfunctions.
In providing Support Services, SentinelOne support personnel may interact with the Customer’s Singularity Platform instance, review application data within such instance and otherwise exchange relevant information with Customer as needed to provide such Support Services.
3.4. Remedies: The remedies set forth herein are Customer’s sole and exclusive remedy with respect to any Malfunction. SentinelOne has no obligation to provide Support Services, Resolution with respect to any Malfunction Exception.
4. Additional Terms for Hardware. The terms in this Section 4 shall only apply to Solutions which include hardware.
4.1. Customer Obligations. In connection with SentinelOne’s provision of the Support Services for Solutions which include hardware, Customer shall : (i) maintain the hardware in good working order in accordance with the manufacturers’ specifications and the in accordance with the Documentation; (ii) supply SentinelOne with access to and use of information, networks, facilities and personnel reasonably determined to be necessary by SentinelOne to render the Support Services; (iii) reasonably perform any tests or procedures recommended by SentinelOne for the purpose of identifying and/or resolving any problems; (iv) implement in a reasonably timely manner all Enhancements provided by SentinelOne. Customer’s delay or failure to satisfy the foregoing shall relieve, for the duration of the delay or failure, SentinelOne’s obligations under these Support Terms with respect to the Support Services requested.
4.2. Hardware Return. If SentinelOne determines that hardware return is required under Support Services, Customer must contact SentinelOne to arrange the generation of a return merchandise authorization number. Customer shall return the hardware in secure packaging, freight prepaid, as instructed by SentinelOne. At its sole option, SentinelOne will either repair or replace any defective hardware component of the hardware with products or components of equal or greater functionality as the returned hardware. Should SentinelOne choose to replace the hardware, Customer understands and agrees that Customer is responsible for paying SentinelOne for the replacement parts, units and products if Customer does not return the defective hardware to SentinelOne within twenty-one (21) days after the delivery of a replacement.
5. Priority Levels and Response Times
(Web submission followed by a Phone call)
(Web submission followed by a Phone call)
(Web submission)
(Web submission)
(Web submission)
(Web submission)
(Web submission)
(Web submission)
SENTINELONE DATA PROTECTION ADDENDUM
This Data Protection Addendum, including all appendices (“DPA”) forms a part of the SentinelOne Master Subscription Agreement (“Agreement”) between SentinelOne and the Customer. The parties agree that this DPA sets forth their obligations with respect to the processing and security of Customer Data in connection with Customer’s use of the Solutions. Capitalized terms defined in this DPA shall apply to this DPA and any terms not defined in this DPA shall have their meaning as defined in the Agreement.
If the Customer is an Ordering Activity under GSA Schedule Contracts, it shall only be required to comply with the Federal law of the United States and expressly does not agree to comply with any provision of this Data Processing Agreement, EU Law, or law of an EU Member State that is inconsistent with the Federal law of the United States.
1. DEFINITIONS.
1.1 “Adequate Country” means:
1.1.1. or data processed subject to the EU GDPR: the EEA, or a country or territory that is the subject of an adequacy decision by the Commission under Article 45(1) of the GDPR;
1.1.2. for data processed subject to the UK GDPR: the UK or a country or territory that is the subject of the adequacy regulations under Article 45(1) of the UK GDPR and Section 17A of the Data Protection Act 2018; and/or
1.1.3. or data processed subject to the Swiss FDPA: Switzerland, or a country or territory that (i) is included in the list of the states whose legislation ensures an adequate level of protection as published by the Swiss Federal Protection and Information Commissioner, or (ii) is the subject of an adequacy decision by the Swiss Federal Council under the Swiss FDPA.
1.2 “Alternative Transfer Mechanism” means a mechanism, other than the SCCs, that enables the lawful transfer of personal data to a third country in accordance with European Data Protection Laws;
1.3 “Customer Personal Data” means the personal data contained within the Customer Data; 1.4 “Contracted Processor” means SentinelOne or a SentinelOne Subprocessor;
1.5 “European Data Protection Laws” means, as applicable: (i) the GDPR; (ii) the UK GDPR; and/or (iii) the Swiss FDPA;
1.6 “GDPR” means EU General Data Protection Regulation 2016/679;
1.7 “Non-European Data Protection Laws” means all laws and regulations that apply to SentinelOne processing Customer Personal Data under the Agreement that are in force outside the European Economic Area, the UK, and Switzerland;
1.8 “Security Breach” means a breach of SentinelOne’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data on systems managed or otherwise controlled by SentinelOne;
1.9 “SCCs” means the SCCs (EU Controller-to-Processor), SCCs (EU Processor-to-Processor), and SCCs (UK Controller-to-Processor);
1.10 “SCCs (EU Controller-to-Processor)” means the terms at: www.sentinelone.com/legal/sccs/eu-c2p; 1.11 “SCCs (EU Processor-to-Processor)” means the terms at: www.sentinelone.com/legal/sccs/eu-p2p; 1.12 “SCCs (UK Controller-to-Processor)” means the terms at: www.sentinelone.com/legal/sccs/uk-c2p;
1.13 “Subprocessor” means other processors used by SentinelOne to process Customer Data, as described in Article 28 of the GDPR;
1.14 “Swiss FDPA” means the Federal Data Protection Act of 19 June 1992 (Switzerland); and
1.15 “UK GDPR” means the EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018, and applicable secondary legislation made under the same.
1.16 The terms “personal data”, “data subject”, “processing”, “controller”, and “processor” as used in this DPA have the meanings given in the GDPR irrespective of whether European Data Protection Laws apply.
1.17 The word “include” shall be construed to mean include without limitation, and cognate terms shall be construed accordingly.
2. PROCESSING OF CUSTOMER PERSONAL DATA.
2.1 If European Data Protection Laws apply to the processing of Customer Personal Data: 2.1.1. the subject matter and details of the processing are described in Appendix 1;
2.1.2. SentinelOne is a processor of that Customer Personal Data under European Data Protection Laws;
2.1.3. Customer is a controller or processor of that Customer Personal Data under European Data Protection Laws; and
2.1.4. Each party will comply with the obligations applicable to it under the European Data Protection Laws with respect to the processing of that Customer Personal Data.
2.2 If Non-European Data Protection Laws apply to either party’s processing of Customer Personal Data, the relevant party will comply with any obligations applicable to it under that law with respect to the processing of that Customer Personal Data.
2.3 SentinelOne shall:
2.3.1. not process Customer Personal Data other than to provide the Solutions in accordance with the Agreement (including as set forth in this DPA and as described in Appendix 1 to this DPA), unless processing is required by applicable law to which the relevant Contracted Processor is subject (the “Permitted Purpose”), in which case SentinelOne shall to the extent permitted by applicable law inform the Customer of that legal requirement before the relevant processing of that Customer Personal Data; and
2.3.2. immediately notify Customer if, in SentinelOne’s opinion, European Data Protection Laws prohibit SentinelOne from complying with the Permitted Purpose or SentinelOne is otherwise unable to comply with the Permitted Purpose. This Section does not reduce either party’s rights or obligations elsewhere in the Agreement.
2.4 Customer hereby:
2.4.1. instructs SentinelOne to process Customer Personal Data for the Permitted Purpose; and
2.4.2. warrants and represents that it is and will at all relevant times remain duly and effectively authorized to give the instruction set out herein on behalf of each relevant Customer Affiliate.
3. SECURITY.
3.1 SentinelOne will implement and maintain the technical and organizational measures set forth in Appendix 2 (the “Security Measures”). SentinelOne may update the Security Measures from time to time provided that such updates do not result in a reduction of the security of the Solutions.
3.2 Without prejudice to SentinelOne’s obligations under Section 3.1 above and elsewhere in the Agreement, Customer is responsible for its use of the Solutions and its storage of any copies of Customer Data outside SentinelOne’s or SentinelOne’s Subprocessors’ systems, including: (i) using the Solutions to ensure a level of security appropriate to the risk to the Customer Data; (ii) securing the authentication credentials, systems, and devices Customer uses to access the Solutions; and (iii) backing up its Customer Data as appropriate.
3.3 Customer agrees that the Solutions and Security Measures implemented and maintained by SentinelOne provide a level of security appropriate to the risk to Customer Data.
4. SUBPROCESSING.
4.1 Customer specifically authorizes SentinelOne to engage as Subprocessors those entities listed as of the effective date of this DPA at the URL specified in Section 4.2. In addition, and without prejudice to Section 4.4, Customer generally authorizes the engagement as Subprocessors of any other third parties (“New Subprocessors”).
4.2 Information about Subprocessors, including their functions and locations, is available at: www.sentinelone.com/legal/sentinelone-sub-processors (as may be updated by SentinelOne from time to time in accordance with this DPA).
4.3 When any New Subprocessor is engaged while this DPA is in effect, SentinelOne shall provide Customer at least thirty days’ prior written notice of the engagement of any New Subprocessor, including details of the processing to be undertaken by the New Subprocessor. If, within thirty days of receipt of that notice, Customer notifies SentinelOne in writing of any objections to the proposed appointment, and further provides commercially reasonable justifications to such objections based on that New Subprocessor’s inability to adequately safeguard Customer Data, then (i) SentinelOne shall work with Customer in good faith to address Customer’s objections regarding the New Subprocessor; and (ii) where Customer’s concerns cannot be resolved within thirty days from SentinelOne’s receipt of Customer’s notice, notwithstanding anything in the Agreement, Customer may, by providing SentinelOne with a written notice with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid fees for the Solutions attributable to the subscription term (as outlined in the applicable Purchase Order under the Agreement) following the termination of the Agreement.
4.4 With respect to each Subprocessor, SentinelOne shall:
4.4.1. before the Subprocessor first processes Customer Data, carry out adequate due diligence to ensure that the Subprocessor is capable of performing the obligations subcontracted to it in accordance with the Agreement (including this DPA);
4.4.2. ensure that the processing of Customer Data by the Subprocessor is governed by a written contract including terms no less protective of Customer Data than those set out in this DPA and, if the processing of Customer Personal Data is subject to European Data Protection Laws, ensure that the data protection obligations in this DPA are imposed on the Subprocessor; and
4.4.3. remain fully liable for all obligations subcontracted to, and all acts and omissions of, the Subprocessor.
5. INDIVIDUAL RIGHTS.
5.1 Taking into account the nature of the processing, SentinelOne shall assist Customer by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Customer’s obligations, as reasonably understood by Customer, to respond to requests to exercise Individual rights under the Data Protection Laws.
5.2 SentinelOne shall:
5.2.1. promptly notify Customer if any Contracted Processor receives a request form an Individual under any Data Protection Law with respect to Customer Personal Data to the extent that SentinelOne recognizes the request as relating to Customer; and
5.2.2. ensure that the Contracted Processor does not respond to that request except on the documented instructions of Customer or as required by applicable laws to which the Contracted Processor is subject, in which case SentinelOne shall to the extent permitted by applicable laws inform Customer of that legal requirement before the Contracted Processor responds to the request.
6. SECURITY BREACHES.
6.1 SentinelOne shall notify Customer promptly and without undue delay upon becoming aware of a Security Breach for which notification to a supervisory authority or data subject is required under applicable European or Non-European Data Protection Laws, and promptly take reasonable steps to minimize harm and secure Customer Data.
6.2 SentinelOne’s notification of a Security Breach will describe: the nature of the Security Breach including the Customer resources impacted; the measures SentinelOne has taken, or plans to take, to address the Security Breach and mitigate its potential risk; the measures, if any, SentinelOne recommends that Customer take to address the Security Breach; and details of a contact point where more information can be obtained. If it is not possible to provide all such information at the same time, SentinelOne’s initial notification will contain the information then available and further information will be provided without undue delay as it becomes available.
6.3 As it pertains to any Security Breach, SentinelOne has no obligation to assess Customer Data in order to identify information subject to any specific legal requirements pertaining to notification or otherwise.
6.4 SentinelOne’s notification of or response to a Security Breach under this Section will not be construed as an acknowledgement by SentinelOne of any fault or liability with respect to the Security Breach.
7. IMPACT ASSESSMENTS AND PRIOR CONSULTATION. To the extent SentinelOne is required by Data Protection Laws, SentinelOne shall (taking into account the nature of the processing and the information available to SentinelOne) provide reasonable assistance to Customer with any impact assessments or prior consultations with data protection regulators by providing information in accordance with Section 9.
8. DATA DELETION.
8.1 SentinelOne shall promptly and in any event within sixty days of the date of cessation of providing any Solutions involving the processing of Customer Data (the “Cessation Date”), delete all copies of Customer Data, unless applicable law requires storage.
8.2 SentinelOne shall provide written certification to Customer that it has complied with this Section within ten days of receiving Customer’s written request to receive such certification.
9. AUDITS AND RECORDS.
9.1 SentinelOne shall allow for, and contribute to, audits, including inspections, conducted by the Customer (or an independent auditor appointed by Customer) in accordance with the following procedures:
9.1.1. Upon Customer’s request, SentinelOne will provide Customer or its appointed auditor with the most recent certifications and/or summary audit report(s), which SentinelOne has procured to regularly test, assess, and evaluate the effectiveness of the Security Measures.
9.1.2. SentinelOne will reasonably cooperate with Customer by providing available additional information concerning the Security Measures to help Customer better understand such Security Measures.
9.1.3. If further information is needed by Customer to comply with its own or other controller’s audit obligations or a competent supervisory authority’s request, Customer will inform SentinelOne to enable SentinelOne to provide such information or to grant access to it.
9.2 SentinelOne may object in writing to an auditor appointed by Customer if the auditor is, in SentinelOne’s reasonable opinion, not suitably qualified or independent, a competitor of SentinelOne, or otherwise manifestly unsuitable, and any such objection will require Customer to appoint another auditor or conduct the audit or inspection itself.
9.3 All requests under this Section 9 shall be made in writing to SentinelOne at privacy@sentinelone.com. 10. RESTRICTED TRANSFERS.
10.1 The parties acknowledge that European Data Protection Laws do not require SCCs or an Alternative Transfer Mechanism in order for Customer Personal Data to be processed in or transferred to an Adequate Country (“Permitted Transfers”).
10.2 If the processing of Customer Personal Data involves any transfers that are not Permitted Transfers, and European Data Protection Laws apply to those transfers (“Restricted Transfers”), then:
10.2.1. if SentinelOne announces its adoption of an Alternative Transfer Solution for any Restricted Transfers, SentinelOne will ensure that such Restricted Transfers are made in accordance with that Alternative Transfer Solution; or
10.2.2. if SentinelOne has not adopted an Alternative Transfer Solution for any Restricted Transfers, then:
10.2.2.1. the SCCs (EU Controller-to-Processor) and/or (EU Processor-to-Processor) will apply (according to whether Customer is a controller and/or processor) with respect to
Restricted Transfers between SentinelOne and Customer that are subject to the EU GDPR and/or the Swiss FDPA; and
10.2.2.2. the SCCs (UK Controller-to-Processor) will apply with respect to Restricted Transfers between SentinelOne and Customer that are subject to the UK GDPR.
11. GENERAL TERMS.
11.1 Without prejudice to clause 18 of the Standard Contractual Clauses, (i) the parties to this DPA hereby submit to the choice of jurisdiction stipulated in the Agreement with respect to any disputes or claims howsoever arising under this DPA, including disputes regarding its existence, validity or termination or the consequences of it nullity; and (ii) this DPA and all non-contractual or other obligations arising out of or in connection with it are governed by the laws of the country or territory stipulated for this purpose in the Agreement.
11.2 Nothing in this DPA reduces SentinelOne’s obligations under the Agreement in relation to the protection of Customer Data or permits SentinelOne to process (or permit the processing of) Customer Data in a manner which is prohibited by the Agreement. In the event of any conflict or inconsistency between this DPA and the Standard Contractual Clauses, the Standard Contractual Clauses shall prevail.
11.3 Subject to Section 11.2, with regard to the subject matter of this DPA, in the event of inconsistencies between the provisions of this DPA and any other agreements between the parties, including the Agreement and including (except where explicitly agreed otherwise in writing, signed on behalf of the parties) agreements entered into or purported to be entered into after the date of this DPA, the provisions of this DPA shall prevail.
11.4 Any liability associated with failure to comply with this DPA will be subject to the limitations of liability provisions stated in the Agreement.
11.5 Should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.
IN WITNESS WHEREOF, the parties hereto have caused this SentinelOne Data Protection Addendum to be executed by their duly authorized officers or representatives as of the Effective Date of the Agreement.
APPENDIX 1:
DETAILS OF PROCESSING OF CUSTOMER PERSONAL DATA
Subject matter and duration of processing
SentinelOne will process Customer Personal Data as necessary to provide the Solutions pursuant to the Agreement. The duration of the processing will be until 60 days after the Cessation Date.
Nature and purpose of processing
SentinelOne will process Customer Personal Data only to the extent reasonably necessary to provide Customer the Solutions and associated Support.
Categories of Data
SentinelOne processes the Customer Personal Data described below in relation to the Solution(s) a Customer contracts for:
Singularity. SentinelOne may process the following categories of Customer Personal Data in connection with Singularity:
• user and endpoint data: agent ID, endpoint name, customer active directory user ID, user name, installed applications – installation time,size, publisher and version, SMTP user name, configuration data related to active directory integration;
• full file path: will include personal data only if file name as named by Customer includes data; • in cases of suspected threats, the SentinelOne agent collects for each process (file metadata, hash, file type, certificate, command line arguments, network access metadata (IP address, protocol), registry (created keys, deleted keys, modified key names);
• network data (internal network IP address, public IP address (if running cloud-based Management Console);
• threat information (file path, agent IDs, SMS messages content (which may include user names, IP addresses, file names);
• live network monitoring (URLs, URL headers, time stamps); and
• where Customer utilizes SentinelOne’s File Fetching feature: any Data contained in files fetched by Customer’s administrators.
Dataset and XDR Ingest. SentinelOne may process the following categories of Customer Personal Data in connection with Dataset and/or XDR Ingest:
• data relating to individuals provided to SentinelOne by (or at the direction of) Customer in any data ingested by Customer to Dataset and/or XDR Ingest.
Special categories of data
Customer Personal Data does not include special categories of personal data or data relating to criminal convictions or offenses, except where such data is uploaded by Customer in connection with the Dataset or XDR Ingest Services or accessed by Customer using the File Fetching feature of the SentinelOne Solutions.
Data subjects
Data subjects include the individuals about whom data is provided to SentinelOne via the Solutions by (or at the direction of) Customer.
APPENDIX 2:
SECURITY MEASURES
SentinelOne maintains an information security program that is designed to protect the confidentiality, integrity, and availability of Customer Data (the “SentinelOne Information Security Program”). The SentinelOne Information Security Program will be implemented on an organization-wide basis and will be designed to ensure SentinelOne’s compliance with data protection laws and regulations applicable to SentinelOne’s performance under the Agreement. The SentinelOne Information Security Program shall include the safeguards set forth below which substantially conform to the ISO/IEC 27001 control framework.
Security Roles and Responsibilities. SentinelOne personnel with access to Customer Data are subject to confidentiality obligations.
Risk Management Program. SentinelOne has implemented a security risk management program which is based on the requirements of ISO 27005. The Program defines a systematic and consistent process to ensure that security risks to Customer Data are identified, analyzed, evaluated, and treated. Risk treatment and the risk remaining after treatment (i.e., residual risk) is communicated to risk owners, who decide on acceptable levels of risk, authorize exceptions to this threshold, and drive corrective action when unacceptable risks are discovered.
Security Training. SentinelOne informs its personnel about the SentinelOne Information Security Program and applicable data privacy laws upon hire and annually thereafter. SentinelOne also informs its personnel of possible consequences – up to and including termination – of breaching the SentinelOne Information Security Program.
Return. All employees and external party users are required to return organizational assets in their possession upon termination of their employment, contract, or agreement.
VPN and Zero Trust. Employees must be in a SentinelOne office or connected via VPN or zero trust network (authenticated with user id + password + pin/token), then login to an internal portal via SSO, before connecting to any system storing Customer Data.
Office Access. Access to SentinelOne offices is protected via card access control systems including individually-assigned keycards, access logging, and interior and exterior surveillance and alarm systems.
Network Security. Customer management console servers are isolated to help ensure that no access is possible among servers of different customers. The SentinelOne network is protected by redundant firewalls, commercial-class router technology, and a host intrusion detection system on the firewall that monitors malicious traffic and network attacks.
Vulnerability Assessment and Penetration Testing. SentinelOne conducts annual, comprehensive penetration testing by a third party service. This includes testing of the management console and agents (black and grey box), corporate infrastructure penetration testing and social targeted attack, and public website automatic testing for open vulnerabilities. Quarterly network vulnerability assessments are conducted on all servers in the corporate network as well as the production environment.
Event Logging. SentinelOne logs access and use of information systems containing Customer Data, registering the access ID, time, authorization granted or denied, and relevant activity.
Security Operations Center. SentinelOne has a dedicated SOC function which manages and monitors a Security Information & Event Management (SIEM) solution deployed across the organization.