Terms and Conditions


APIsec Master Subscription Agreement

This APIsec Master Subscription Agreement (“MSA”) is effective as of the effective date of an applicable signed order form (such form an “Order Form” and such date the “Effective Date”) and is by and between APIsec Inc., a Delaware corporation with a place of business at 845 Market St Suite 450, San Francisco, CA 94103 (“APIsec”), and the customer set forth on the Order Form (“Customer”) (each a “Party” and together the “Parties”). In the event of any inconsistency or conflict between the terms of the MSA and the terms of any Order Form, the terms of the Order Form control.

Section 1. Services.

1.1 Provision of Purchased Services. “Services” means the product(s) and service(s) that are ordered by Customer from APIsec online or through an Order Form referencing this MSA, whether on a trial or paid basis, and to which APIsec thereby provides access to Customer. Services exclude any products or services provided by third parties, even if Customer has connected those products or services to the Services. Subject to the terms and conditions of this MSA, APIsec will make the Services available to Customer for its internal business purposes during the Term, and for the number of API, as set forth in an Order Form.

1.2 Pre-release and Trial Services. Customer may be invited to participate in review and testing of pre-release versions of new and beneficial tools and Service enhancements which may be identified to Customer as “alpha,” “beta,” “preview,” “pre-release,” “early access,” or “evaluation” product or services or to trial use of generally available Services in advance of a long-term purchase (collectively, the “Trial Use”). Customer acknowledges and understands that its participation in Trial Use is not required and is at Customer’s own risk, and that Trial Use is made available on an “as is” basis without warranties (express or implied) of any kind and may be discontinued or modified at any time. Trail Use is for evaluation and testing purposes only, not for production use, not supported, not subject to availability or security obligations, and may be subject to additional terms. Notwithstanding anything to the contrary stated in this Agreement, any Order Form or documentation, APIsec shall have no liability in connection with Trial Use including without limitation for any harm or damage arising in connection therewith. APIsec shall have no liability for any harm or damage arising out of or in connection with Trial Use. Services used during Trial use, including without limitation its assessment of any such Services, are Confidential Information of APIsec. FOR CLARITY, AND WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, NOTWITHSTANDING ANYTHING TO THE CONTRARY STATED ELSEWHERE IN THIS AGREEMENT OR IN ANY SERVICE ORDER, APISEC WILL HAVE NO WARRANTY, INDEMNITY, SUPPORT, OR SERVICE OBLIGATIONS WITH RESPECT TO ANY TRIAL USE OR OTHER NO-CHARGE SOFTWARE OR SERVICE (INCLUDING TOOLS AND UTILITIES).

Section 2. Fees and Payment.

2.1. Fees. Customer will pay the fees specified in the Order Form (the “Fees”). Except as otherwise specified herein or in an Order Form, (i) fees are based on Services subscriptions purchased and not actual usage, (ii) payment obligations are non-cancelable and fees paid are non-refundable, and (iii) quantities purchased cannot be decreased during the relevant subscription term.

2.2. Invoicing and Payment. Charges shall be made in advance, either annually or in accordance with any different billing frequency stated in the applicable Order Form. Customer will pay all invoiced Fees net thirty (30) days from the date of the invoice. Any late payments are subject to a service charge equal to 1.5% per month of the amount due or the maximum amount allowed by law, whichever is less.

2.3 Suspension of Service and Acceleration. If any charge owing by Customer under this or any other agreement for services is 30 days or more overdue, APIsec may, without limiting its other rights and remedies, accelerate Customer’s unpaid fee obligations under such agreements so that all such obligations become immediately due and payable, and suspend Services until such amounts are paid in full, provided that, other than for customers paying by credit card or direct debit whose payment has been declined, APIsec will give Customer at least 10 days’ prior notice that its account is overdue before suspending services to Customer.

2.4 Payment Disputes. APIsec will not exercise its rights to charge late payment interest or suspend Customer’s account as set forth above if Customer is disputing the applicable charges reasonably and in good faith and is cooperating diligently to resolve the dispute.

2.4 Taxes. Fees do not include local, state, or federal taxes or duties of any kind and any such taxes will be assumed and paid by Customer, except for taxes on APIsec based on APIsec’s income, employees and property.

Section 3. Term and Termination.

3.1. Term. This MSA commences on the Effective Date and will remain in effect through the Initial Term and all Renewal Terms, as specified in the Order Form, unless otherwise terminated in accordance with this Section (the Initial Term and all Renewal Terms collectively the “Term”). If the Order Form does not specify, the Initial Term will be one year and will automatically renew for successive one-year periods unless Customer provides APIsec with notice of termination at sixty (60) days prior to the end of the Term.

3.2. Termination for Cause. A Party may terminate this MSA for cause (a) upon notice to the other Party of a material breach if such breach remains uncured after thirty (30) days from the date of the breaching Party’s receipt of such notice; or (b) if the other Party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors.

3.3. Effect of Termination and Survival. Upon termination or cancellation of an Order Form or this MSA (a) with respect to termination of the entire MSA, all Order Forms will concurrently terminate, (b) Customer will have no further right to use the Services under the terminated or cancelled Order Forms and APIsec will remove Customer’s access to same, and (c) unless otherwise specified in writing, Customer will not be entitled to any refund of fees paid. The following Sections will survive termination: Section 2 (Fees and Payment), Section 5 (Confidentiality), Section 6.2 (Data Practices-Ownership), Section 8 (Intellectual Property Rights), Section 9.3 (Disclaimers), Section 10 (Indemnification), Section 11 (Limitation of Liability), and Section 12 (Miscellaneous). Termination of this MSA will not limit a Party’s liability for obligations accrued as of or prior to such termination or for any breach of this MSA.

Section 4. Use of the Services.

4.1. Authorized Users. Customer may designate and provide access to its (or its corporate affiliates’) employees, independent contractors, or other agents to an account on the Services as authorized users (each an “Authorized User”). Customer is responsible for all use and misuse of the Services by Authorized User accounts and for adherence to this MSA and the applicable user guides by any Authorized Users, and references to Customer herein will be deemed to apply to Authorized Users as necessary and applicable. Customer agrees to promptly notify APIsec of any unauthorized access or use of which Customer becomes aware.

4.2. Prohibited Uses. Customer and Authorized Users will not: (a) “frame,” distribute, resell, or permit access to the Services by any third party other than for its intended purposes; (b) use the Services other than in compliance with applicable federal, state, and local laws; (c) interfere with the Services or disrupt any other user’s access to the Subscription Service; (d) reverse engineer, attempt to gain unauthorized access to the Service, attempt to discover the underlying source code or structure of, or otherwise copy or attempt to copy the Services; (e) knowingly transfer to the Services any content or data that is defamatory, harassing, discriminatory, infringing of third party intellectual property rights, or unlawful; (f) transfer to the Services or otherwise use on the Services any routine, device, code, exploit, or other undisclosed feature that is designed to delete, disable, deactivate, interfere with or otherwise harm any software, program, data, device, system or service, or which is intended to provide unauthorized access or to produce unauthorized modifications; or (g) use any robot, spider, data scraping, or extraction tool or similar mechanism with respect to the Services.

Section 5. Confidentiality.

As used herein, the “Confidential Information” of a Party (the “Disclosing Party”) means all financial, technical, or business information of the Disclosing Party that the Disclosing Party designates as confidential at the time of disclosure to the other Party (the “Receiving Party”) or that the Receiving Party reasonably should understand to be confidential based on the nature of the information or the circumstances surrounding its disclosure. For the sake of clarity, the Parties acknowledge that Confidential Information includes the terms and conditions of this MSA. Except as expressly permitted in this MSA, the Receiving Party will not disclose, duplicate, publish, transfer or otherwise make available Confidential Information of the Disclosing Party in any form to any person or entity without the Disclosing Party’s prior written consent. The Receiving Party will not use the Disclosing Party’s Confidential Information except as permitted under this MSA, including, in the case of APIsec, to provide the Services. Notwithstanding the foregoing, the Receiving Party may disclose Confidential Information to the extent required by law, provided that the Receiving Party: (a) gives the Disclosing Party prior written notice of such disclosure so as to afford the Disclosing Party a reasonable opportunity to appear, object, and obtain a protective order or other appropriate relief regarding such disclosure (if such notice is not prohibited by applicable law); (b) uses diligent efforts to limit disclosure and to obtain confidential treatment or a protective order; and (c) allows the Disclosing Party to participate in the proceeding. Further, Confidential Information does not include any information that: (i) is or becomes generally known to the public without the Receiving Party's breach of any obligation owed to the Disclosing Party; (ii) was independently developed by the Receiving Party without the Receiving Party's breach of any obligation owed to the Disclosing Party; or (iii) is received from a third party who obtained such Confidential Information without any third party's breach of any obligation owed to the Disclosing Party.

Section 6. Data Practices.

6.1. Definitions. “Service Data” means a subset of Confidential Information comprised of electronic data, text, messages, communications, or other materials submitted to and stored within the Services by Customer in connection with use of the Services. Service Data may include, without limitation, any information relating to an identified or identifiable natural person (‘data subject’) where an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to their physical, physiological, mental, economic, cultural or social identity of that natural person (such information, “Personal Data”). Service Data does not include metrics and information regarding Customer’s use of the Services, including information about how Authorized Users use the Services (such information, “Usage Data”).

6.2. Ownership. Customer will continue to retain its ownership rights to all Service Data processed under the terms of this MSA and APIsec will own all Usage Data.

6.3. APIsec’s Use of Data. APIsec will use Service Data, Personal Data, and Usage Data as follows and, to the extent necessary, Customer provides APIsec a license to use, modify, reproduce, distribute, display and disclose same during the Term in accordance with this MSA:

6.3.1. Operating the Services. APIsec may receive, collect, store and/or process Service Data based on APIsec’s legitimate interest in operating the Services. For example, APIsec may collect Personal Data (such as name, phone number, or credit card information) through the account activation process. APIsec may also use Service Data in an anonymized manner, such as conversion to numerical value, for the training of the machine learning models to support certain features and functionality within the Services.

6.3.2. Communications. APIsec may communicate with Customer or Authorized Users (i) to send product information and promotional offers or (i) about the Services generally. If Customer or an Authorized User does not want to receive such communications, Customer may email privacy@APIsec.ai. Customer and necessary Authorized Users will always receive transactional messages that are required for APIsec to provide the Services (such as billing notices and product usage notifications).

6.3.3. Improving the Services. APIsec may collect, and may engage third-party analytics providers to collect, Usage Data to develop new features, improve existing features, or inform sales and marketing strategies based on APIsec’s legitimate interest in improving the Services. When APIsec uses Usage Data, any Personal Data that was included in Service Data shall be anonymized and/or aggregated in such a manner that it no longer constitutes Service Data or Personal Data under applicable data protection laws. Any such third-party analytics providers will not share or otherwise disclose Usage Data, although APIsec may make Usage Data publicly available from time to time.

6.3.4. Connecting to Third-Party Services. Customer may wish to connect third-party services to the Services (e.g., connecting APIsec to Customer’s single-sign-on service to verify 2FA status of Customer’s employees). When Customer uses a third-party service to connect with APIsec, logs into the Services through a third-party authentication service, or otherwise provides APIsec with access to information from a third-party service, APIsec may obtain other information, including Personal Data, from those third parties and combine that Service or Usage Data based on APIsec’s legitimate interest in providing Customer with functionality that supports the Services. Any access that APIsec may receive to such information from a third-party service is always in accordance with the features and functionality, particularly as to authorization, of that service. By authorizing APIsec to connect with a third-party service, Customer authorizes APIsec to access and store any information provided to APIsec by that third-party service, and to use and disclose that information in accordance with this MSA.

6.3.5. Third-Party Service Providers. Customer agrees that APIsec may provide Service Data and Personal Data to authorized third-party service providers, only to the extent necessary to provide, secure, or improve the Services. Any such third-party service providers will only be given access to Service Data and Personal Data as is reasonably necessary to provide the Services and will be subject to (a) confidentiality obligations which are commercially reasonable and substantially consistent with the standards described in this MSA; and (b) their agreement to comply with the data transfer restrictions applicable to Personal Data as set forth below.

6.4. Service Data Safeguards. (i) APIsec will not sell, rent, or lease Service Data to any third party, and will not share Service Data with third parties, except as permitted by this MSA and to provide, secure, and support the Services. (ii) APIsec will maintain commercially reasonable (particularly for a company of APIsec’s size and revenue) appropriate administrative, physical, and technical safeguards for protection of the security, confidentiality, and integrity of Service Data, as set forth in the applicable documentation.

Section 7. Privacy Practices.

7.1. Privacy Policy. APIsec operates the Services and, as applicable, handles Personal Data, pursuant to the privacy policy available at https://APIsec.ai/privacy-policy (the “Privacy Policy”).

7.1. Customer as Controller. To the extent Service Data constitutes Personal Data, the Parties agree that Customer determines the purpose and means of processing such Personal Data, and APIsec processes such information on behalf of Customer.

7.2. Hosting and Processing. Unless otherwise specifically agreed to by APIsec, Service Data may be hosted by the APIsec, or its respective authorized third-party service providers, in the United States or other locations around the world. In providing the Services, APIsec will engage entities to process Service Data, including and without limitation, any Personal Data within Service Data pursuant to this MSA, within the United States and in other countries and territories.

7.3. Sub-Processors. Customer acknowledges and agrees that APIsec may use third-party data processors engaged by APIsec who receive Service Data from APIsec for processing on behalf of Customer and in accordance with Customer’s instructions (as communicated by APIsec) and the terms of its written subcontract (the “Sub-Processors”). Such Sub-Processors may access Service Data to provide, secure, and improve the Services. APIsec will be responsible for the acts and omissions of Sub-Processors to the same extent that APIsec would be responsible if APIsec was performing the services directly under the terms of this MSA. The names and locations of all current Sub-Processors used for the processing of Personal Data under this MSA, if any, are set forth in the Privacy Policy.

Section 8. Intellectual Property Rights.

Subject to the limited rights expressly granted hereunder, APIsec and its affiliates and licensors reserve all of their right, title and interest in and to the Services, including all of their related intellectual property rights. No rights are granted to Customer hereunder other than as expressly set forth herein. Customer hereby provides APIsec a fully paid-up, royalty-free, worldwide, transferable, sub-licensable (through multiple layers), assignable, irrevocable and perpetual license to implement, use, modify, commercially exploit, incorporate into the Services or otherwise use any suggestions, enhancement requests, recommendations or other feedback APIsec receives from Customer, Customer’s agents or representatives, Authorized Users, or other third parties acting on Customer’s behalf relating to the operation of the Services.

Section 9. Representations, Warranties, and Disclaimers.

9.1. Authority. Each Party represents that it has validly entered into this MSA and has the legal power to do so.

9.2. Warranties. APIsec warrants that during an applicable Term (a) this MSA will accurately describe the applicable administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Service Data; and (b) the Services will perform materially in accordance with the applicable documentation provided within the Services. For any breach of a warranty in this section, Customer’s exclusive remedies are those described in Section 3 (Term and Termination) herein.

9.3. Disclaimers. EXCEPT AS SPECIFICALLY SET FORTH IN THIS SECTION AND ANY APPLICABLE SERVICE LEVEL AGREEMENT, THE SERVICES, INCLUDING ALL SERVER AND NETWORK COMPONENTS, ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS, WITHOUT ANY WARRANTIES OF ANY KIND TO THE FULLEST EXTENT PERMITTED BY LAW, AND APIsec EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. CUSTOMER ACKNOWLEDGES THAT APIsec DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE, ERROR-FREE, OR FREE FROM VIRUSES OR OTHER MALICIOUS SOFTWARE, AND NO INFORMATION OR ADVICE OBTAINED BY CUSTOMER FROM APIsec OR THROUGH THE SERVICES SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THIS MSA. THE PARTIES ADDITIONALLY AGREE THAT APIsec WILL HAVE NO LIABILITY OR RESPONSIBILITY FOR CLIENT’S VARIOUS COMPLIANCE PROGRAMS, AND THAT THE SERVICES, TO THE EXTENT APPLICABLE, ARE ONLY TOOLS FOR ASSISTING CLIENT IN MEETING THE VARIOUS COMPLIANCE OBLIGATIONS FOR WHICH IT SOLELY IS RESPONSIBLE.

Section 10. Indemnification.

10.1. Indemnification by APIsec. APIsec will (i) defend Customer from and against any third party claim against Customer by reason of Customer’s use of a Service as permitted hereunder, alleging that such Service infringes or misappropriates a third party’s valid patent, copyright, trademark, or trade secret (an “IP Claim”) and (ii) will indemnify Customer from any damages, attorney fees and costs finally awarded against Customer as a result of, or for amounts paid by Customer under a settlement approved by APIsec in writing of such an IP Claim, provided that (a) Customer promptly notifies APIsec of the threat or notice of such IP Claim; (b) APIsec will have the sole and exclusive control and authority to select defense attorneys, and defend and/or settle any such IP Claim (however, APIsec will not settle or compromise any claim that results in liability or admission of any liability by Customer without prior written consent); and (c) Customer fully cooperates with APIsec in connection therewith. If use of a Service by Customer has become, or, in APIsec’s opinion, is likely to become, the subject of any such IP Claim, APIsec may, at its option and expense, (i) procure for Customer the right to continue using the Service(s) as set forth hereunder; (ii) replace or modify a Service to make it non-infringing; or (iii) if options (i) or (ii) are not commercially reasonable or practicable as determined by APIsec, terminate Customer’s subscription to the Service(s) and repay, on a pro-rata basis, any Fees previously paid to APIsec for the corresponding unused portion of the Term for such Service(s). APIsec will have no liability or obligation under this Section with respect to any IP Claim if such claim is caused in whole or in part by (x) compliance with designs, data, instructions or specifications provided by Customer; (y) modification of the Service(s) by anyone other than APIsec; or (z) the combination, operation or use of the Service(s) with other hardware or software where a Service would not by itself be infringing. The provisions of this Section state the sole, exclusive, and entire liability of APIsec to Customer and constitute Customer’s sole remedy with respect to an IP Claim brought by reason of access to or use of a Service by Customer, Customer’s agents, or Authorized Users.

10.2. Indemnification by Customer. Customer will defend APIsec against any third party claim (a) that any Service Data or Customer’s use of Service Data with the Services, (b) an application provided by Customer, or (c) the combination of an application provided by Customer and used with the Services, infringes or misappropriates such third party’s intellectual property rights, or arising from Customer’s use of the Services or Content in an unlawful manner or in violation of the Agreement, the applicable documentation, or Order Form; provided (i) APIsec promptly notifies Customer of the threat or notice of such claim; (ii) Customer will have the sole and exclusive control and authority to select defense attorneys, and defend and/or settle any such claim (however, Customer will not settle or compromise any claim that results in liability or admission of any liability by APIsec without prior written consent); and (iii) APIsec fully cooperates in connection therewith.

SECTION 11. LIMITATION OF LIABILITY.

UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY (WHETHER IN CONTRACT, TORT, NEGLIGENCE OR OTHERWISE) WILL EITHER PARTY TO THIS MSA, OR THEIR AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SERVICE PROVIDERS, SUPPLIERS OR LICENSORS BE LIABLE TO THE OTHER PARTY OR ANY AFFILIATE FOR ANY LOST PROFITS, LOST SALES OR BUSINESS, LOST DATA (BEING DATA LOST IN THE COURSE OF TRANSMISSION VIA CUSTOMER’S SYSTEMS OR OVER THE INTERNET THROUGH NO FAULT OF APISEC), BUSINESS INTERRUPTION, LOSS OF GOODWILL, COSTS OF COVER OR REPLACEMENT, OR FOR ANY TYPE OF INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, CONSEQUENTIAL OR PUNITIVE LOSS OR DAMAGES, OR ANY OTHER INDIRECT LOSS OR DAMAGES INCURRED BY THE OTHER PARTY OR ANY AFFILIATE IN CONNECTION WITH THIS MSA OR THE SERVICES REGARDLESS OF WHETHER SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF OR COULD HAVE FORESEEN SUCH DAMAGES. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS MSA, IN NO EVENT SHALL THE AGGREGATE LIABILITY OF EACH PARTY TOGETHER WITH ALL OF ITS AFFILIATES ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE TOTAL AMOUNT PAID BY CUSTOMER AND ITS AFFILIATES HEREUNDER FOR THE SERVICES GIVING RISE TO THE LIABILITY IN THE TWELVE MONTHS PRECEDING THE FIRST INCIDENT OUT OF WHICH THE LIABILITY AROSE. THE FOREGOING LIMITATION WILL APPLY WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY, BUT WILL NOT LIMIT CUSTOMER'S AND ITS AFFILIATES’ PAYMENT OBLIGATIONS UNDER THE “FEES AND PAYMENT” SECTION ABOVE.

CUSTOMER ACKNOWLEDGES AND AGREES THAT THE ESSENTIAL PURPOSE OF THIS SECTION IS TO ALLOCATE THE RISKS UNDER THIS MSA BETWEEN THE PARTIES AND LIMIT POTENTIAL LIABILITY GIVEN THE FEES, WHICH WOULD HAVE BEEN SUBSTANTIALLY HIGHER IF APISEC WERE TO ASSUME ANY FURTHER LIABILITY OTHER THAN AS SET FORTH HEREIN. APISEC HAS RELIED ON THESE LIMITATIONS IN DETERMINING WHETHER TO PROVIDE CUSTOMER WITH THE RIGHTS TO ACCESS AND USE THE SERVICES PROVIDED FOR IN THIS MSA. THE LIMITATION OF LIABILITY PROVIDED FOR HEREIN WILL APPLY IN AGGREGATE TO CUSTOMER AND ITS AFFILIATES AND SHALL NOT BE CUMULATIVE. Some jurisdictions do not allow the exclusion of implied warranties or limitation of liability for incidental or consequential damages or for personal injury or death, which means that some of the above limitations may not apply to Customer. IN THESE JURISDICTIONS, THE PARTIES’ LIABILITY WILL BE LIMITED TO THE GREATEST EXTENT PERMITTED BY LAW. Any claims or damages that Customer may have against APIsec will only be enforceable against APIsec and not any other entity or its officers, directors, representatives, or agents.

Section 12. Miscellaneous.

12.1. Entire Agreement. This MSA and the applicable Order Form(s) constitute the entire agreement, and supersedes all prior agreements, between APIsec and Customer regarding the subject matter hereof.

12.2. Assignment. Either Party may, without the consent of the other Party, assign this MSA to any affiliate or in connection with any merger, change of control, or the sale of all or substantially all of such Party’s assets provided that (1) the other Party is provided prior notice of such assignment and (2) any such successor agrees to fulfill its obligations pursuant to this MSA. Subject to the foregoing restrictions, this MSA will be fully binding upon, inure to the benefit of and be enforceable by the Parties and their respective successors and assigns.

12.3. Severability. If any provision in this MSA is held by a court of competent jurisdiction to be unenforceable, such provision will be modified by the court and interpreted so as to best accomplish the original provision to the fullest extent permitted by law, and the remaining provisions of this MSA will remain in effect.

12.4. Relationship of the Parties. The Parties are independent contractors. This MSA does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the Parties.

12.5. Notices. All notices provided by APIsec to Customer under this MSA may be delivered in writing (a) by nationally recognized overnight delivery service (“Courier”) or U.S. mail to the contact mailing address provided by Customer on the Order Form; or (b) electronic mail to the electronic mail address provided for Customer’s account owner. Customer must give notice to APIsec in writing by Courier or U.S. mail to 57 Post St., Suite 904, San Francisco, CA 94104 Attn: Legal Department. All notices shall be deemed to have been given immediately upon delivery by electronic mail; or, if otherwise delivered upon the earlier of receipt or two (2) business days after being deposited in the mail or with a Courier as permitted above.

12.6. Governing Law, Jurisdiction, Venue. This MSA will be governed by the laws of the State of California, without reference to conflict of laws principles. Any disputes under this MSA shall be resolved in a court of general jurisdiction in San Francisco County, California. Customer hereby expressly agrees to submit to the exclusive personal jurisdiction and venue of such courts for the purpose of resolving any dispute relating to this MSA or access to or use of the Services by Customer, its agents, or Authorized Users.

12.7. Export Compliance. The Services and other software or components of the Services that APIsec may provide or make available to Customer are subject to U.S. export control and economic sanctions laws as administered and enforced by the Office of Foreign Assets and Control of the United States Department of Treasury. Customer agrees to comply with all such laws and regulations as they relate to access to and use of the Services. Customer will not access or use the Services if Customer or any Authorized Users are located in any jurisdiction in which the provision of the Services, software, or other components is prohibited under U.S. or other applicable laws or regulations (a “Prohibited Jurisdiction”) and Customer will not provide access to the Services to any government, entity, or individual located in any Prohibited Jurisdiction. Customer represents and warrants that (a) it is not named on any U.S. government list of persons or entities prohibited from receiving U.S. exports, or transacting with any U.S. person; (b) it is not a national of, or a company registered in, any Prohibited Jurisdiction; (c) it will not permit any individuals under its control to access or use the Services in violation of any U.S. or other applicable export embargoes, prohibitions or restrictions; and (d) it will comply with all applicable laws regarding the transmission of technical data exported from the United States and the countries in which it and Authorized Users are located.

12.8. Anti-Corruption. Customer agrees that it has not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from any of APIsec’s employees or agents in connection with this MSA. Reasonable gifts and entertainment provided in the ordinary course of business do not violate the above restriction. If Customer learns of any violation of the above restriction, Customer will use reasonable efforts to promptly give notice to APIsec.

12.9. Publicity and Marketing. APIsec may use Customer’s name, logo, and trademarks solely to identify Customer as a client of APIsec on APIsec’s website and other marketing materials and in accordance with Customer’s trademark usage guidelines, if Customer provides same to APIsec. APIsec may share aggregated and/or anonymized information regarding use of the Services with third parties for marketing purposes to develop and promote the Services. APIsec will not disclose aggregated and/or anonymized information to a third party in a manner that would identify Customer as the source of the information or Authorized Users or others personally.