These Customer Terms of Service (the “Customer Terms”
) describe your rights and responsibilities when using our technologies to identify and mitigate security breaches (the “Services”
). Please read them carefully. If you are a Customer (defined below), these Customer Terms govern your access and use of our Services. If you are being invited or have access to a company’s Lumu portal, the User Terms of Service (the “User Terms”
) govern your access and use of the Services. We are grateful you’re here.
First Things First
These “Customer Terms” Form a Part of a Binding “Contract”
These Customer Terms (or, if applicable, your written agreement with us) and any Order Form(s) (defined below) together form a binding “Contract”
between Customer and us. “We,” “our” and “us” refers to LUMU TECHNOLOGIES.
Your Agreement On Behalf of “Customer”
If you purchase subscription(s), invite users to your company’s Lumu portal, or use or allow the use of the company’s Lumu portal after being notified of a change to these Customer Terms, you acknowledge your understanding of the then-current Contract and agree to the Contract on behalf of Customer. Please make sure you have the necessary authority to enter into a Contract on behalf of Customer before proceeding.
Customer Choices and Instructions
Who is “Customer”?
“Customer” is the organization that you represent in agreeing to the Contract. If your subscription is being set up by someone who is not formally affiliated with an organization, Customer is the individual creating the subscription.
Signing Up Using a Corporate Email Domain
If you signed up for a plan using your corporate email domain, your organization is Customer, and Customer can modify and re-assign roles on your subscription (including your role) and otherwise exercise its rights under the Contract. If Customer elects to replace you as the representative with ultimate authority for the subscription, we will provide you with notice following such election and you agree to take any actions reasonably requested by us or Customer to facilitate the transfer of authority to a new representative of Customer.
What is an “Asset”
Assets are entities of value on a network that can be compromised and hence represent an exposure for Customer. This includes laptops, desktops, servers, routers, tablets, mobile phones, virtual machines, mainframe computers, mini-computers, point of sale (POS) devices and/or terminals, software containers, cloud instances, IP televisions or any IOTs, or any other device capable of exchanging data over a network. They generally have associated one or many IP addresses within the network.
What This Means for Customer—and for Us
Individuals authorized by Customer to access the Services (an “Authorized User”) may submit network metadata to the Services, such as DNS queries, netflows, proxy and firewall access logs and spambox (“Customer Data”), and Customer may exclusively provide us with instructions on what to do with it. For example, Customer may provision or deprovision access to the Services, enable or disable third party integrations, manage permissions, retention and export settings. Since these choices and instructions may result in the access, use, disclosure, modification or deletion of certain or all Customer Data, please review the product documentation for more information about these choices and instructions.
Customer will (a) inform Authorized Users of all Customer policies and practices that are relevant to their use of the Services and of any settings that may impact the processing of Customer Data; and (b) ensure the transfer and processing of Customer Data under the Contract is lawful.
A subscription allows an Authorized User to access the Services in order to assess the compromise level of an Asset within the network of a Customer.. A subscription may be procured through the Services interface, or in some cases, via an order form entered into between the Customer and us (each, an “Order Form”
). Please see the product documentation for more information on procuring subscriptions and inviting new Authorized Users. Each Authorized User must agree to the User Terms to activate their access to the Customer portal. Subscriptions commence when we make them available to Customer and continue for the term specified in the Services “check-out” interface or in the Order Form, as applicable. Each subscription is for a single Asset for a specified term.
We sometimes enter into other kinds of ordering arrangements, but that would need to be spelled out and agreed to in an Order Form. During an active subscription term, adding more subscriptions is fairly easy. Unless the Order Form says otherwise, Customer may purchase more subscriptions at the same price stated in the Order Form and all will terminate on the same date. Check out our product documentation for additional information on setting up your subscription and assigning roles.
We may share information about our future product plans because we like transparency. Our public statements about those product plans are an expression of intent, but do not rely on them when making a purchase. If Customer decides to buy our Services, that decision should be based on the functionality or features we have made available today and not on the delivery of any future functionality or features.
Choosing to be a Beta Tester
Occasionally, we look for beta testers to help us test our new features. These features will be identified as “beta” or “pre-release,” or words or phrases with similar meanings (each, a “Beta Product”
). Beta Products may not be ready for prime time so they are made available “as is,” and any warranties or contractual commitments we make for other Services do not apply. Should Customer encounter any faults with our Beta Products, we would love to hear about them; our primary reason for running any beta programs is to iron out issues before making a new feature widely available.
Feedback is Welcome
The more suggestions our customers make, the better the Services become. If Customer sends us any feedback or suggestions regarding the Services, there is a chance we will use it, so Customer grants us (for itself and all of its Authorized Users and other Customer personnel) an unlimited, irrevocable, perpetual, sublicensable, transferable, royalty-free license to use any such feedback or suggestions for any purpose without any obligation or compensation to Customer, any Authorized User or other Customer personnel. If we choose not to implement the suggestion, please don’t take it personally. We appreciate it nonetheless.
Our Services include a platform that third parties may use to complement their own services and Customer’s use of the Services (each, a “Non-LUMU Product”
). We also maintain a directory called the LUMU App Directory where some Non-LUMU Products are available for installation. THESE ARE NOT OUR SERVICES, SO WE DO NOT WARRANT OR SUPPORT NON-LUMU PRODUCTS, AND, ULTIMATELY, CUSTOMER (AND NOT US) WILL DECIDE WHETHER OR NOT TO ENABLE THEM. ANY USE OF A NON-LUMU PRODUCT IS SOLELY BETWEEN CUSTOMER AND THE APPLICABLE THIRD PARTY PROVIDER AND LUMU DOES NOT ASSUME ANY KIND OF LIABILITY FOR OR BECAUSE OF THE INSTALLATION OF Non-LUMU Products.
If Customer enables integration with a Non-LUMU Product, please be mindful of any Customer Data that will be shared with the third party provider and the purposes for which the provider requires access. We will not be responsible for any use, disclosure, modification or deletion of Customer Data that is transmitted to, or accessed by, a Non-LUMU Product. Check out our product documentation for more information.
Customer and Authorized Users
Use of the Services
Customer must comply with the Contract and ensure that its Authorized Users comply with the Contract and the User Terms. We may review conduct for compliance purposes, but we have no obligation to do so. We aren’t responsible for the content of any Customer Data or the way Customer or its Authorized Users choose to use the Services to store or process any Customer Data. Our Removal Rights
If we believe that there is a violation of the Contract that can simply be remedied by Customer’s removal of certain Customer Data or Customer’s disabling of a Non-LUMU Product, we will, in most cases, ask Customer to take direct action rather than intervene. However, we may directly step in and take what we determine to be appropriate action, if Customer does not take appropriate action, or if we believe there is a credible risk of harm to us, the Services, Authorized Users, or any third parties.
For Customers that purchase our Services, fees are specified at the Services interface “check-out” and in the Order Form(s) — and must be paid in advance. Payment obligations are non-cancelable and, except as expressly stated in the Contract, fees paid are non-refundable. For clarity, in the event Customer downgrades any subscriptions from a paid plan to a free plan, Customer will remain responsible for any unpaid fees under the paid plan, and Services under the paid plan will be deemed fully performed and delivered upon expiration of the initial paid plan subscription term. Check out our product documentation for more information about payment options. If we agree to invoice Customer by email, full payment must be received within thirty (30) days from the invoice date. Fees are stated exclusive of any taxes, levies, duties, or similar governmental assessments of any nature, including, for example, value-added, sales, use or withholding taxes, assessable by any jurisdiction (collectively, “Taxes”
). Customer will be responsible for paying all Taxes associated with its purchases, except for those taxes based on our net income. Should any payment for the Services be subject to withholding tax by any government, Customer will reimburse us for such withholding tax.
Downgrade for Non-Payment
If any fees owed to us by Customer (excluding amounts disputed reasonably and in good faith) are thirty (30) days or more overdue, we may, without limiting our other rights and remedies, downgrade any fee-based Services to free plans until those amounts are paid in full, so long as we have given Customer ten (10) or more days’ prior notice that its account is overdue. Notwithstanding the second paragraph of the “Providing the Services” section below, Customer acknowledges and agrees that a downgrade will result in a decrease in certain features and functionality and potential loss of access to Customer Data, as illustrated by comparing the plans in the Pricing Guide.
Providing the Services
Customer isn’t the only one with responsibilities; we have some, too. We will (a) make the Services available to Customer and its Authorized Users as described in the Contract; and (b) not use or process Customer Data for any purpose without Customer’s prior written instructions; provided, however, that “prior written instructions” will be deemed to include use of the Services by Authorized Users and any processing related to such use or otherwise necessary for the performance of the Contract.
Be assured that (a) the Services will perform materially in accordance with our then-current product documentation; and (b) subject to the “Non-LUMU Products” section, we will not materially decrease the functionality of a Service during the subscription term. For any breach of a warranty in this section, Customer’s exclusive remedies are those described in the sections titled “Termination for Cause” and “Effect of Termination”.
Keeping the Services Available
As further described in our product documentation, for some of our Services, we also offer specific uptime commitments paired with credits, if we fall short. In those cases, the credits will serve as what the lawyers call liquidated damages and will be Customer’s sole remedy for the downtime and related inconvenience. For all Service plans, we will use commercially reasonable efforts to make the Services available 24 hours a day, 7 days a week, excluding planned downtime. We expect planned downtime to be infrequent but will endeavor to provide Customer with advance notice (e.g., through the Services), if we think it may exceed fifteen (15) continuous minutes.
Protecting Customer Data
The LUMU Extended Family
We may leverage our employees, those of our corporate affiliates and third party contractors (the “LUMU Extended Family”
) in exercising our rights and performing our obligations under the Contract. We will be responsible for the LUMU Extended Family’s compliance with our obligations under the Contract.
Ownership and Proprietary Rights
What’s Yours is Yours…
And What’s Ours is Ours
We own and will continue to own our Services, including all related intellectual property rights. We may make software components available, via mobile apps, end-point agents, virtual appliances or other channels, as part of the Services. We grant to Customer a non-sublicensable, non-transferable, non-exclusive, limited license for Customer and its Authorized Users to use the object code version of these components, but solely as necessary to use the Services and in accordance with the Contract and the User Terms. All of our rights not expressly granted by this license are hereby retained.
Term and Termination
As further described below, a free subscription continues until terminated, while a paid subscription has a term that may expire or be terminated. The Contract remains effective until all subscriptions ordered under the Contract have expired or been terminated or the Contract itself terminates. Termination of the Contract will terminate all subscriptions and all Order Forms.
Unless an Order Form says something different, (a) all subscriptions automatically renew (without the need to go through the Services-interface “check-out” or execute a renewal Order Form) for additional periods equal to one (1) year or the preceding term, whichever is longer; and (b) the per-unit pricing during any automatic renewal term will remain the same as it was during the immediately prior term. Either party can give the other notice of non-renewal at least sixty (60) days before the end of a subscription term to stop the subscriptions from automatically renewing.
Termination for Cause
We or Customer may terminate the Contract on notice to the other party if the other party materially breaches the Contract and such breach is not cured within thirty (30) days after the non-breaching party provides notice of the breach. Customer is responsible for its Authorized Users, including for any breaches of this Contract caused by its Authorized Users. We may terminate the Contract immediately on notice to Customer if we reasonably believe that the Services are being used by Customer or its Authorized Users in violation of applicable law.
Termination Without Cause
Customer may terminate its free subscriptions immediately without cause. We may also terminate Customer’s free subscriptions without cause, but we will provide Customer with thirty (30) days prior written notice.
Effect of Termination
Upon any termination for cause by Customer, we will refund Customer any prepaid fees covering the remainder of the term of all subscriptions after the effective date of termination. Upon any termination for cause by us, Customer will pay any unpaid fees covering the remainder of the term of those subscriptions after the effective date of termination. In no event will any termination relieve Customer of the obligation to pay any fees payable to us for the period prior to the effective date of termination.
Data Portability and Deletion
Representations Disclaimer of Warranties
Customer represents and warrants that it has validly entered into the Contract and has the legal power to do so. Customer further represents and warrants that it is responsible for the conduct of its Authorized Users and their compliance with the terms of this Contract and the User Terms.
EXCEPT AS EXPRESSLY PROVIDED FOR HEREIN, THE SERVICES AND ALL RELATED COMPONENTS AND INFORMATION ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS WITHOUT ANY WARRANTIES OF ANY KIND, AND WE EXPRESSLY DISCLAIM ANY AND ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. CUSTOMER ACKNOWLEDGES THAT WE DO NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE.
Limitation of Liability
OTHER THAN IN CONNECTION WITH A PARTY’S INDEMNIFICATION OBLIGATIONS HEREUNDER, IN NO EVENT WILL EITHER CUSTOMER’S OR THE LUMU EXTENDED FAMILY’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THE CONTRACT OR THE USER TERMS (WHETHER IN CONTRACT OR TORT OR UNDER ANY OTHER THEORY OF LIABILITY) EXCEED THE TOTAL AMOUNT PAID BY CUSTOMER HEREUNDER IN THE SIX (6) MONTHS PRECEDING THE LAST EVENT GIVING RISE TO LIABILITY. THE FOREGOING WILL NOT LIMIT CUSTOMER’S PAYMENT OBLIGATIONS UNDER THE “PAYMENT TERMS” SECTION ABOVE.
IN NO EVENT WILL EITHER CUSTOMER OR ANY MEMBER OF THE LUMU EXTENDED FAMILY HAVE ANY LIABILITY TO THE OTHER PARTY OR TO ANY THIRD PARTY FOR ANY LOST PROFITS OR REVENUES OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER OR PUNITIVE DAMAGES HOWEVER CAUSED, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, AND WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING DISCLAIMER WILL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.
The Services support logins using username and password. We will not be responsible for any damages, losses or liability to Customer, Authorized Users, or anyone else if any event leading to such damages, losses or liability is associated with the lost of username and password. Customer is responsible for all login credentials, including usernames and passwords, for administrator accounts as well the accounts of your Authorized Users. We will not be responsible for any damages, losses or liability to Customer, Authorized Users, or anyone else, if such information is not kept confidential by Customer or its Authorized Users, or if such information is correctly provided by an unauthorized third party logging into and accessing the Services.
The limitations under this “Limitation of Liability” section apply with respect to all legal theories, whether in contract, tort or otherwise, and to the extent permitted by law. The provisions of this “Limitation of Liability” section allocate the risks under this Contract between the parties, and the parties have relied on these limitations in determining whether to enter into this Contract and the pricing for the Services.
Our Indemnification of Customer
We will defend Customer from and against any and all third party claims, actions, suits, proceedings, and demands alleging that the use of the Services as permitted under the Contract infringes or misappropriates a third party’s intellectual property rights (a “Claim Against Customer”
), and will indemnify Customer for all reasonable attorney’s fees incurred and damages and other costs finally awarded against Customer in connection with or as a result of, and for amounts paid by Customer under a settlement we approve of in connection with, a Claim Against Customer; provided, however, that we will have no liability if a Claim Against Customer arises from (a) Customer Data or Non-LUMU Products; and (b) any modification, combination or development of the Services that is not performed by us, including in the use of any application programming interface (API). Customer must provide us with prompt written notice of any Claim Against Customer and allow us the right to assume the exclusive defense and control, and cooperate with any reasonable requests assisting our defense and settlement of such matter. This section states our sole liability with respect to, and Customer’s exclusive remedy against us and the LUMU Extended Family for, any Claim Against Customer.
Customer’s Indemnification of Us
Customer will defend LUMU and the members of the LUMU Extended Family (collectively, the “LUMU Indemnified Parties”
) from and against any and all third party claims, actions, suits, proceedings, and demands arising from or related to Customer’s or any of its Authorized Users’ violation of the Contract or the User Terms (a “Claim Against Us”
), and will indemnify the LUMU Indemnified Parties for all reasonable attorney’s fees incurred and damages and other costs finally awarded against a LUMU Indemnified Party in connection with or as a result of, and for amounts paid by a LUMU Indemnified Party under a settlement Customer approves of in connection with, a Claim Against Us. We must provide Customer with prompt written notice of any Claim Against Us and allow Customer the right to assume the exclusive defense and control, and cooperate with any reasonable requests assisting Customer’s defense and settlement of such matter. This section states your sole liability with respect to, and the LUMU Indemnified Parties’ exclusive remedy against Customer for, any Claim Against Us.
Limitations on Indemnifications
Notwithstanding anything contained in the two preceding sections, (a) an indemnified party will always be free to choose its own counsel if it pays for the cost of such counsel; and (b) no settlement may be entered into by an indemnifying party, without the express written consent of the indemnified parties (such consent not to be unreasonably withheld), if (i) the third party asserting the claim is a government agency, (ii) the settlement arguably involves the making of admissions by the indemnified parties, (iii) the settlement does not include a full release of liability for the indemnified parties, or (iv) the settlement includes terms other than a full release of liability for the indemnified parties and the payment of money.
Each party (“Disclosing Party”
) may disclose “Confidential Information”
to the other party (“Receiving Party”
) in connection with the Contract, which is anything that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure including all Order Forms, as well as non-public business, product, technology and marketing information. Confidential Information of Customer includes Customer Data. If something is labeled “Confidential,” that’s a clear indicator to the Receiving Party that the material is confidential. Notwithstanding the above, Confidential Information does not include information that (a) is or becomes generally available to the public without breach of any obligation owed to the Disclosing Party; (b) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party; (c) is received from a third party without breach of any obligation owed to the Disclosing Party; or (d) was independently developed by the Receiving Party.
Protection and Use of Confidential Information
The Receiving Party will (a) take at least reasonable measures to prevent the unauthorized disclosure or use of Confidential Information, and limit access to those employees, affiliates and contractors who need to know such information in connection with the Contract; and (b) not use or disclose any Confidential Information of the Disclosing Party for any purpose outside the scope of this Contract. Nothing above will prevent either party from sharing Confidential Information with financial and legal advisors; provided, however, that the advisors are bound to confidentiality obligations at least as restrictive as those in the Contract.
Compelled Access or Disclosure
The sections titled “Feedback is Welcome,” “Non-LUMU Products,” “Our Removal Rights,” “A Condition of Use,” “Payment Terms,” “Credits,” “The LUMU Extended Family,” “What’s Yours is Yours…,” “And What’s Ours is Ours,” “Effect of Termination,” “Data Portability and Deletion,” “Representations; Disclaimer of Warranties,” “Limitation of Liability,” “Our Indemnification of Customer,” “Customer’s Indemnification of Us,” “Limitations on Indemnifications,” “Confidentiality” and “Survival,” as well as all of the provisions under the general heading “General Provisions,” will survive any termination or expiration of the Contract.
Customer grants us the right to use Customer’s company name and logo as a reference for marketing or promotional purposes on our website and in other public or private communications with our existing or potential customers, subject to Customer’s standard trademark usage guidelines as provided to us from time-to-time. We don’t want to list customers who don’t want to be listed, so Customer may send us an email to [email protected]
stating that it does not wish to be used as a reference.
Neither us nor Customer will be liable by reason of any failure or delay in the performance of its obligations on account of events beyond the reasonable control of a party, which may include denial-of-service attacks, a failure by a third party hosting provider or utility provider, strikes, shortages, riots, fires, acts of God, war, terrorism, and governmental action.
Relationship of the Parties; No Third Party Beneficiaries
The parties are independent contractors. The Contract does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties. There are no third party beneficiaries to the Contract.
Email and LUMU Messages
Except as otherwise set forth herein, all notices under the Contract will be by email, although we may instead choose to provide notice to Customer through the Services. Notices to LUMU will be sent to [email protected]
, except for legal notices, such as notices of termination or an indemnifiable claim, which must be sent to [email protected]
. Notices will be deemed to have been duly given (a) the day after it is sent, in the case of notices through email; and (b) the same day, in the case of notices through the Services.
As our business evolves, we may change these Customer Terms and the other components of the Contract (except any Order Forms). If we make a material change to the Contract, we will provide Customer with reasonable notice prior to the change taking effect, either by emailing the email address associated with Customer’s account or by messaging Customer through the Services. Customer can review the most current version of the Customer Terms at any time by visiting this page and by visiting the most current versions of the other pages that are referenced in the Contract. The materially revised Contract will become effective on the date set forth in our notice, and all other changes will become effective upon posting of the change. If Customer (or any Authorized User) accesses or uses the Services after the effective date, that use will constitute Customer’s acceptance of any revised terms and conditions.
No failure or delay by either party in exercising any right under the Contract will constitute a waiver of that right. No waiver under the Contract will be effective unless made in writing and signed by an authorized representative of the party being deemed to have granted the waiver.
The Contract will be enforced to the fullest extent permitted under applicable law. If any provision of the Contract is held by a court of competent jurisdiction to be contrary to law, the provision will be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of the Contract will remain in effect.
Except with respect to the LUMU Extended Family, neither party may assign or delegate any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other party (not to be unreasonably withheld). Notwithstanding the foregoing, either party may assign the Contract in its entirety (including all Order Forms), without the consent of the other party, to a corporate affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets. Customer will keep its billing and contact information current at all times by notifying LUMU of any changes. Any purported assignment in violation of this section is void. A party’s sole remedy for any purported assignment by the other party in breach of this section will be, at the non-assigning party’s election, termination of the Contract upon written notice to the assigning party. In the event of such a termination by Customer, we will refund Customer any prepaid fees covering the remainder of the term of all subscriptions after the effective date of termination. Subject to the foregoing, the Contract will bind and inure to the benefit of the parties, their respective successors and permitted assigns.
All references to ‘LUMU,’ ‘we,’ or ‘us’ under the Contract, what law will apply in any dispute or lawsuit arising out of or in connection with the Contract, would be solved by an arbitral tribunal in Florida, under the laws of the State of Florida.
The Contract, and any disputes arising out of or related hereto, will be governed exclusively by the State of Florida law, without regard to conflicts of laws rules or the United Nations Convention on the International Sale of Goods.
The Contract, including these Customer Terms and all referenced pages and Order Forms, if applicable, constitutes the entire agreement between the parties and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. Without limiting the foregoing, the Contract supersedes the terms of any online agreement electronically accepted by Customer or any Authorized Users. However, to the extent of any conflict or inconsistency between the provisions in these Customer Terms and any other documents or pages referenced in these Customer Terms, the following order of precedence will apply: (1) the terms of any Order Form (if any), (2) the Customer Terms and (3) finally any other documents or pages referenced in the Terms. Notwithstanding any language to the contrary therein, no terms or conditions stated in a Customer purchase order, vendor onboarding process or web portal, or any other Customer order documentation (excluding Order Forms) will be incorporated into or form any part of the Contract, and all such terms or conditions will be null and void.