Commvault Master Terms & Conditions Commvault’s industry-leading Intelligent Data Services Platform empowers businesses to store, protect, optimize, and use data, wherever it lives. Delivering the ultimate in simplicity and flexibility, the Intelligent Data Services Platform is available as a license, term-based subscription, integrated appliance, or software-as-a-service. Download PDF 1. Solutions. These Master Terms and Conditions (the “Terms”) apply to Customer’s use of Commvault’s software or software-as-a-service and any related product documentation (together, the “Solutions).” Software. These terms apply to Commvault’s on-premise software (“Software).” Software-as-a-Service. These terms apply to Commvault’s “SaaS Solution.” 2. Customer Use. Customer is responsible for ensuring that it maintains and operates the information technology infrastructure from which the Solutions copy, back up, maintain, and transfer Customer’s data including databases, applications, files, software, computers, servers, network hardware, or any other device (collectively, the “Customer Environment”) and determining whether the Solutions meet Customer’s technical, business or regulatory requirements. Commvault will cooperate with Customer’s efforts to determine whether use of the Solutions is consistent with those requirements. Customer’s shall not: (i) interfere with the proper working of the Solutions or, if applicable, impose an unreasonably large load on Commvault’s infrastructure; (ii) copy, modify, disassemble, decompile or reverse engineer any part of the Solutions or apply any other process or procedure to derive source code or functionality of any software included in the Solutions; (iii) violate or infringe upon any third-party right, including any intellectual property right or right of privacy; (iv) initiate a denial of service attack, software viruses or other harmful or deleterious computer code, files or programs; (v) use the Solutions in order to build a similar or competitive application or service; or (vi) violate any applicable laws. 3. Customer Acknowledgments: Customer Acknowledgments: Customer acknowledges (i) effective security is dependent on multi-layered, multi-faceted combination of solutions, deployed and managed in accordance with appropriate policies and procedures consistently applied, (ii) the quality of data, other output and strength of Customer’s threat detection program are dependent on the configuration and deployment of the deceptive environment by Customer and its Authorized Users, and (iii) no individual element alone is sufficient to detect and prevent all security threats, as a result Commvault does not warrant and disclaims liability that all security threats will be detected and prevented by the Solutions. 4. Intellectual Property. Commvault delivers great value to its Customers through its intellectual property. Customer agrees that Commvault-owned or licensed hardware, software, code, trademarks, trade secrets, proprietary methods and systems used to provide the Solutions (collectively, the “Commvault Technology”) and the content made available or displayed by Commvault through the Solutions, including all text, graphics, images, trade names, service marks, product names, and the look and feel of the Solutions (collectively, the “Commvault Content”) are owned by or licensed to Commvault. Other than the authorizations or licenses expressly granted by Commvault to Customer in these Terms, no assignment or other transfer of ownership or any other rights shall be conferred or vest in and to the Commvault Technology or the Commvault Content to Customer, either by implication, estoppel, or otherwise. 5. Professional Services. Commvault may provide “Professional Services” which may be further described in a separate document. Customer acknowledges that all right, title and interest to any and all work or work products developed or produced during the performance of Professional Services are the sole property of Commvault. “Work or work product” means all ideas, concepts, know-how, techniques, inventions, discoveries, improvements, secret processes, trade secrets, trademarks, patentable, copyrightable subject matter or any other work developed or produced during the performance of the Professional Services, whether individually by Commvault or jointly with Customer. Customer is solely responsible for the protection of its legacy data during any Professional Services engagement. Commvault shall, at its own expense, purchase and maintain insurance for the duration of any Professional Services engagement. To the extent permitted by law and except for general employment solicitation practices, Customer agrees that it will not solicit for employment, or employ directly or indirectly, any employee of Commvault involved in a Professional Services engagement during such engagement, or for a period of twelve (12) months thereafter, without Commvault’s consent. Customer acknowledges that the Professional Services will not customize or alter the value or functionality of any Software and no development activity will be included as part of Professional Services. Acceptance of any Software is not contingent upon the performance of the Professional Services. If Customer purchases Commvault’s remote managed services these terms shall apply. 6. Free Solutions. Commvault may provide Customers with a thirty (30)-day free trial or evaluation of the Solutions for non-production purposes (a “Trial”). Commvault may deactivate the Trial upon written notice. The Trial and related solutions are provided “as is” and without representation, warranty, liability or indemnification obligations. Commvault is under no obligation to retain Customer data during a Trial. Customer will uninstall and destroy or return any solution upon expiration of a Trial. To the extent a Trial includes hardware and hard drives (together, the “Hardware”), Customer agrees to return the entirety of the Hardware in the same working condition upon expiration of the Trial or pay Commvault’s then-current fees for the Hardware or any damage thereto. Additionally, and to the extent a Trial is a “Try and Buy,” Customer shall issue acceptance and a purchase order for the Solution prior to shipment of the Hardware for the Trial. If Customer has good reason to reject the Solution during the Trial, Customer shall arrange for the return of the Solutions within five (5) days of expiration of Trial (the “Return Period”). If Customer has not returned the Solutions during the Trial or Return Period, the Solutions and/or Hardware shall be deemed accepted and purchased. 7. Diagnostics & Feedback. Commvault may collect or receive: (i) technical data, such as logs, reports and error messages, (ii) limited personal data, such as names and business contact details, (iii) reports and surveys regarding Customer’s use of the Solutions which may include geolocation data (“Reporting”), and (iv) network architecture or security threat data (collectively, “Diagnostic Data”) through the Solutions. Reporting may be disabled by Customer at any time via the dashboard. Further, Customer may provide Commvault with reports, comments, suggestions or ideas relating to the Solutions (“Feedback”). Customer agrees Commvault is free to disclose and use any Feedback, and derivatives thereto, and Customer does not obtain any intellectual property or any other right, title or interest in or to any aspects of the Solutions. Customer grants Commvault a worldwide, non-exclusive, royalty-free, fully-paid up, transferable and sublicensable right to use, reproduce, and modify Diagnostic Data in an anonymized manner. 8. Confidentiality. By the nature of Commvault’s services, Commvault and its Customers regularly share confidential, proprietary information with each other. “Confidential Information” means any and all information and material disclosed by one party (the “Discloser”) to the other party (the “Recipient”) including but not limited to Customer Data, trade secrets, know-how, inventions, techniques, processes, programs, ideas, algorithms, formulas, schematics, testing procedures, software design and architecture, computer code, internal documentation, product documentation design and functional specifications, product requirements, problem reports, performance information, documents, and other technical, business, product, marketing, customer, financial information, or any other information the Recipient knows or ought to is confidential due to its nature. Recipient shall hold all Confidential Information in strict confidence and take the same degree of care that it uses to protect its own confidential information (but in no event less than reasonable care) to protect the confidentiality thereof. Confidential Information does not include information that (i) is or becomes generally known by the public, (ii) was or becomes available to a party on a non-confidential basis from a person not otherwise bound by the Terms of Service or is not otherwise known to be prohibited from transmitting the information, or (iii) is independently developed by the parties, provided that the party claiming an exception shall have the burden of establishing such exception. 9. Termination. Commvault may, upon reasonably practicable and lawfully permitted notice, suspend or terminate Customer’s access to the Solutions or Professional Services, in whole or in part, for the following reasons: (i) a significant threat to the security or integrity of the Solutions, including if Customer’s registration information is inaccurate or incomplete, or if Customer fails to maintain the security of its access credentials; (ii) Customer has materially breached these Terms; or (iii) any amount due under these Terms is not received by Commvault within fifteen (15) days after it was due. Commvault will use reasonable efforts to reestablish Customer’s access to the Solutions promptly after Commvault determines that the issue causing the suspension has been resolved. Any suspension under this section shall not excuse Customer’s obligation to make payments under these Terms. Either party may terminate these Terms immediately if the other party materially breaches its obligations hereunder, and such breach remains uncured for thirty (30) days following written notice to the breaching party. These Terms shall terminate immediately, where either party is declared insolvent or adjudged bankrupt by a court of competent jurisdiction or a petition for bankruptcy or reorganization or an arrangement with creditors is filed by or against that party and is not dismissed within sixty (60) days. 10. Effect of Termination. Customer is responsible for preserving its data upon termination or expiration of these Terms. In the event of termination or expiration of these Terms: (i) all rights and licenses to the Solutions and related materials shall immediately cease; (ii) Customer shall promptly pay Commvault any fees due and payable through the date of termination; (iii) Customer shall uninstall and destroy or return the applicable Solution, and (iv) Commvault may delete any Customer data Commvault has access to thirty (30) days following such termination or expiration. During such thirty-day time period, Customer will have read-only and restore access to Customer data backed up by the SaaS Solution. 11. Commvault Warranty. Commvault warrants that the Solutions, Professional Services, support and maintenance shall be provisioned and performed in a diligent, prompt and professional manner by personnel with the requisite knowledge, skills expertise and training. Any Professional Services that are not of a professional quality shall be corrected by Commvault without charge, provided Customer gives Commvault written notice within fifteen (15) days upon completion. Commvault shall have a reasonable period of time, based on the severity and complexity of the defect, to correct the Professional Services. Commvault shall not be obligated to correct Professional Services if such defect is the result of Customer’s actions or omissions. If Commvault is unable to correct the defect to Customer’s reasonable satisfaction, Customer shall have no obligation to pay for the defective Professional Services. Commvault further warrants that it will comply with applicable law and the Solutions do not knowingly contain any malicious code or infringe upon any third-party’s except as otherwise stated in any product-specific terms, the Solutions are provided “as is” without representation or warranty, whether express, implied or statutory. Commvault specifically disclaims any implied warranties of merchantability, fitness for a particular purpose, non-infringement, title and quiet enjoyment or from a course of dealing, course of performance or usage in trade. Commvault and its licensors do not warrant that the Solutions will run properly in all IT environments, be uninterrupted or error-free, meet Customer’s needs or requirements, or guarantee compliance with specific law. 12. Limitation of Liability, Indemnification and Remedies 12.1. Commvault Intellectual Property Indemnification. Commvault is proud of the Solutions it builds and takes seriously the protection of our Customers’ intellectual property and data. Commvault will indemnify, defend and hold Customer harmless against third-party claims that Commvault’s proprietary technology or intellectual property within the Solutions infringes any validly issued patent, trademark or copyright, provided Customer shall give Commvault prompt, written notice of any such claim and Commvault shall have the authority to control the defense and settlement of the claim with counsel of its choice. Notwithstanding the foregoing, Commvault shall have no liability for any claim arising from: (i) any modification to the Solutions other than by Commvault; (ii) use of an outdated or discontinued versions of the Solutions; (iii) use of the Solutions in combination with any products or services not provided or authorized by Commvault; (iv) use of the Solutions in violation of these Terms; (v) Commvault’s compliance with Customer’s designs, specifications, or instructions; or (vi) any claim for which Customer is obligated to indemnify Commvault. In the event the Solutions or any portion, becomes, or, in Commvault’s opinion, is likely to become, subject to a claim of infringement of a third-party’s intellectual property rights, Commvault may, in its sole discretion: (i) procure for Customer the right to continue use of the Solutions; (ii) replace or modify the Solutions with a version that does not infringe; or (iii) if Commvault cannot accomplish (i) or (ii) using commercially reasonable efforts, terminate these Terms and the applicable ordering documents. 12.2. Commvault Data Privacy and Security Indemnification. We exist in an ever-evolving data security threat landscape. Just as our Customers work diligently to protect against data security threats, Commvault is continuously advancing its privacy and security program, posture and vigilance to protect Customers’ data. The Solutions may access and transfer information over the internet, and Commvault does not operate or control the internet. Viruses, worms, trojan horses and other undesirable data or components or unauthorized users (e.g., hackers) may attempt to obtain access to and damage Customer data, devices and networks. Commvault is not responsible for any such activities. Commvault will indemnify, defend and hold Customer harmless against third-party claims arising out of, or related to, any unauthorized, third-party access that results in compromise of unencrypted Customer data backed up by the Solutions to the extent such access or compromise was caused by Commvault, provided Customer shall give Commvault prompt written notice of such claim and Commvault shall have the authority to control the defense of the claim by counsel of its choice. In the event Customer seeks indemnification from Commvault pursuant to this provision, Customer’s remedies shall be limited to actual and direct damages, excluding fines. This indemnification is conditioned on Customer partnering with Commvault during any investigation of potential or actual data compromises or breaches, including remediation efforts. 12.3. Customer Indemnification. Customer shall indemnify, defend and hold harmless Commvault, its officers, directors, employees and agents, from and against claims, losses, damages, liabilities, costs, and expenses (including reasonable attorneys’ fees), awards, fines, or settlements arising from or relating to Customer’s: (i) misuse of the Solutions, (ii) failure to meet reasonable privacy and security obligations; (iii) misappropriation or infringement of a third-party’s intellectual property rights; or (iv) violation of applicable law or regulation, including without limitation, data protection laws. Customer’s indemnification obligations include claims arising out of the acts or omissions of its contractors, employees, customers or end users, any person to whom Customer grants access to the Solutions or its data, and any person who gains access to the Solutions or its data other than as a result of Commvault’s actions. 12.4. Limitation. Except as otherwise provided for herein or by applicable law, the aggregate liability of each party for all claims under these Terms is limited to direct damages up to the amount paid for the Solutions or Professional Services during the twelve (12) months before the cause of action arose; provided, that in no event will a party’s aggregate liability exceed the amount paid for the Solutions during the Term. 12.5. No Special or Punitive Damages. Neither party will be liable for loss of revenue or indirect, special, incidental, consequential, punitive, or exemplary damages, or damages for lost profits, revenues, business interruption, or loss of business information, even if the party knew they were possible or reasonably foreseeable. 13. General Provisions 13.1. Export Controls and Trade Sanctions Compliance. Customer’s use of the Solutions is subject to compliance with U.S. and other applicable export control and trade sanctions laws, rules and regulations, including without limitation, the U.S. Export Administration Regulations, administered by the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) and U.S. trade sanctions, administered by the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) (collectively, “Export Control Laws”). Customer acknowledges that the Solutions may not be available in all jurisdictions and that Customer is solely responsible for complying with applicable Export Control Laws related to the manner in which Customer chooses to use the Solutions, including Customer’s transfer and processing of its data (if applicable) and the region in which any of the foregoing occur. 13.2. U.S. Government End User Provisions. Commvault provides the Solutions to federal government end users. Government technical data and software rights related to the Solutions include only those rights customarily provided to the public as defined in these Terms. This customary commercial license is provided in accordance with FAR 12.211 (Technical Data), FAR 12.212 (Software), and FAR 52.227-14 (Rights in Data) and, for Department of Defense transactions, DFAR 252.227‑7013 (Technical Data – Commercial Items) and DFAR 227.7202–3 (Rights in Commercial Computer Software or Computer Software Documentation), as applicable. 13.3. Data Privacy. If Customer is subject to: (i) GDPR, or (ii) other applicable data protection laws requiring that processing be governed by a contract, or (iii) HIPAA, Customer agrees to Commvault’s Data Agreements and Business Associate Agreement, as applicable. 13.4. Third-Party Products & Services. Commvault may use third parties to assist in the provision of the Solutions and such third parties are intended beneficiaries of these Terms. As such, the Solutions may include third-party software, applications, platforms, hosted storage, messaging or communication services or API’s (collectively, the “Third-Party Services”). These Third-Party Services are not offered, controlled or provided by Commvault, and may be changed, modified or discontinued by the third-party without notice. Commvault and its Third-Party Service Providers expressly disclaim any and all liability related to, or arising from, the Third-Party Services, including Customer’s use thereof, or any updates, modifications, outages, delivery failures, corruptions, discontinuance or termination of services by the Third-Party Service. Commvault is not responsible or liable for the manner in which Third-Party Services transmits, accesses, processes, stores, uses or provides data to Commvault. For a list of open source and third party licensing notices, please navigate here. 13.5. Publicity. Customer grants Commvault the limited right to use its company name and logo as a reference for marketing and promotional purposes on Commvault’s website and in other public and private communications. If Customer does not wish to grant these limited rights, Customer may opt-out by emailing customerchampions@commvault.com. 13.6. Modifications. Commvault may, from time to time, upgrade, update, or discontinue the Solutions, or portions or versions thereof, to provide ongoing innovation in the form of new services, features and functionality. Upon Commvault’s notification, Customer may be responsible for installation of certain upgrades or updates. In the event of any material modifications, Commvault will notify Customer of such change by emailing the e-mail address Customer provides to Commvault or sending a message through Commvault’s platforms. 13.7. Assignment. Neither party may assign these Terms, in whole or in part, without the other party’s prior written consent, except in the case of a merger, reorganization, acquisition, consolidation, or sale of all, or substantially all, of its assets, in which case Customer consents to the secure transfer of Customer Data to any Commvault successor, assignee or affiliate or subsidiary of Commvault for the purpose of service continuation. Any attempt to assign these Terms other than as permitted herein will be null and void. Customer’s right to use the Solutions, including any allotment of storage capacity or end users, shall not extend to acquired entities, in whole or in part, or new entities established as a result of an acquisition. In such event, the fees set forth in the order form shall be adjusted. Without limiting the foregoing, these Terms will inure to the benefit of and bind the parties’ respective successors and permitted assigns. 13.8. Audits. Commvault may, upon forty-five (45) days notice and no more than once every twelve (12) months, audit Customer’s installation and use of the Solutions to ensure Customer is in compliance with these Term and the applicable order form. Any such audit shall not unreasonably interfere with Customer’s normal business operations. Customer agrees to cooperate with Commvault’s audit and to provide reasonable assistance and access to information reasonably requested by Commvault. The performance of the audit and any non-public Customer data obtained during the audit (including findings or reports that result from the audit) shall be considered confidential information. If the audit identifies non-compliance, Customer agrees to remedy such non-compliance within thirty (30) days of written notification of that non-compliance (which may include, without limitation, the payment of any fees for additional Solutions). Customer agrees that Commvault shall not be responsible for any of Customer’s costs incurred in cooperating with the audit. 13.9. Force Majeure. Except for Customer’s obligation to pay fees, the parties shall not be liable for any failure or delay in the performance of its obligations hereunder caused by forces beyond its control, including, but not limited to the following, acts of God, nature or war; acts, rules, regulations or orders of or issued by any governmental authority; riots, strikes or lockouts; utility or telecommunication failures; pandemics; or failure or outages of third-party service providers, it being understood that the parties shall use reasonable efforts to resume performance as soon as practical under the circumstances. 13.10. Governing Law and Language. Without regard to conflict of law principles, these Terms will be governed by and construed in accordance with the laws of the jurisdiction of Customer’s principal place of business as follows: (i) the State of Delaware for Customers located in the Americas, (ii) the Province of Ontario for Customers located in Canada, (iii) New South Wales, Australia for Customers located in Australia and New Zealand (iv) Singapore for all other Customers located in Asia Pacific, and (v) the Netherlands for all Customers located in other jurisdictions. Any legal action or proceeding arising under these Terms will be brought exclusively in the venue corresponding with the appropriate governing law. For illustrative purposes, the venue for legal action with a Customer located in North America shall be the State of Delaware. The parties irrevocably consent to the personal jurisdiction and venue therein. Customer and Commvault agree not to participate in, or seek to recover monetary or equitable relief, in any lawsuit filed alleging class, collective or representative claims on a party’s behalf. Customer acknowledges that any translation of the English language version of these Terms or any portion thereof is for convenience only, and the English language version will take precedence over the translation in the event of any conflicts arising from translation. Some jurisdictions restrict limitations of warranties or liabilities. Therefore, certain limitations herein may not apply to Customer. 13.11. Notices. Customer acknowledges that Commvault shall communicate with Customer electronically via its platforms or using the e-mail address provided by Customer. For contractual purposes, Customer consents to receive communications from Commvault in an electronic form and agrees this satisfies any legal requirement of notice delivery. Customer agrees that all notices are considered received by Customer within twenty-four (24) hours of the time posted to Commvault’s website or platform, or the time emailed to Customer. Legal notices to Commvault shall be sent to contracts@commvault.com. 13.12. Other Provisions. These Terms, Commvault’s Privacy Policy, and the applicable order forms are an agreement between Customer on behalf of its affiliates and subsidiaries, as identified in the applicable order forms or as an end user of the Solutions, and Commvault Systems, Inc., including its affiliates and subsidiaries. Each party represents and warrants they have the authority to enter into this agreement and doing so does not conflict with any other agreement to which they are a party. In the event of a conflict between these Terms and the applicable ordering documents, any other document set forth by Customer or any previous agreement, these Terms shall prevail. Any preprinted terms in a purchase order are of no force and effect. The parties are independent contractors and will have no authority to assume or create any obligation or responsibility on behalf of each other. If any provision of these Terms is invalid or unenforceable under applicable law, then such terms will be changed, interpreted or severed, as appropriate to accomplish the objectives of such provision to the greatest extent possible under applicable law in order to protect the drafter, and the remaining provisions continue in full force and effect. No waiver of any term herein shall be deemed a further or continuing waiver. The sections of these Terms that ought to survive due to their nature shall survive any termination or expiration of these Terms and remain in full force and effect. SAAS SOLUTION TERMS & CONDITIONS Commvault’s SaaS Solution is the “easy button” for cost-effective, secure and scalable data management, backup and security, with a single command center, enabling organizations to deliver on data protection strategies. Built with layered, air-gapped cloud security, secure and restrictive account access and data isolation, our SaaS Solution provides ease you can trust. 1. Getting Started. As a Customer you will register a Commvault account and provide Commvault with accurate and complete information (the “Customer Account”). Customers may authorize one or more of its employees, consultants, vendors or agents (collectively, “Authorized Users”) to access and use the SaaS Solution on Customer’s behalf. Each Authorized User will establish or be provided a username and password, and may also establish or be provided other access credentials, such as an encryption key (the “Access Credentials”). Customer acknowledges that its Authorized Users have full access to and management privileges of its Customer Account(s) and Customer Data. The term “Customer” is intended to include its Authorized Users for the purposes of the Terms. 2. SaaS Solution Agent. Customers may be required to download or install a software agent to support the SaaS Solution. Commvault grants Customers a limited, non-exclusive, non sub-licensable, non-transferable and revocable license to install, execute and use the agent solely in binary code form during the SaaS Solution Term, and access the SaaS Solution in accordance with the Privacy Policy, FAQs, website, user manuals and other information provided to assist Customer in its use and operation of the SaaS Solution (the “SaaS Documentation”). During the term of Customer’s subscription, Commvault warrants that the SaaS Solutions shall conform with such SaaS Documentation. Customer’s license to the agent is co-terminus with Customer’s right to access and use the SaaS Solution for which the agent is required. Customer grants Commvault a worldwide, non-exclusive, royalty-free, fully-paid up, transferable and sub-licensable right to use, replicate, deduplicate, and store Customer Data for the purpose of delivering the SaaS Solution pursuant to these Terms, improving the SaaS Solution, and as otherwise provided in Commvault’s Privacy Policy. “Customer Data” means the data transmitted by Customer to Commvault in connection with the provision of the SaaS Solution. 3. Global Availability and Support 3.1. Global Service and Support. Commvault is proud to administer the SaaS Solution from global geographic locations that best suit our Customers’ needs. Where applicable and subject to data center availability, Customer Data will be backed up to a data center located in Customer’s country of origin, or in a geographic location selected by Customer. For additional information, refer to the SaaS Solution configuration portal. Commvault is pleased to provide Customers with the support program for the SaaS Solution as set forth at Commvault Support. The support terms are incorporated by reference and may be modified from time to time in Commvault’s sole discretion. Communications related to support of the SaaS Solution may be sent to support@commvault.com. 3.2. Global Availability. The SaaS Solution is available at least 99.9% of the time measured on a monthly basis (“Uptime”). The Uptime does not apply to any downtime due to: (i) any emergency or planned maintenance, repair, or upgrade; (ii) issues or failures with Customer’s or its service providers’ services, applications, software, hardware or other components not supplied by Commvault; (iii) third-party attacks, intrusions, distributed denial of service attacks or force majeure events, including those at Customer’s site or between Customer’s site and data centers made available through the SaaS Solution; or (iv) Customer’s acts or omissions in violation of these Terms. In the event of Commvault’s Uptime failure, Commvault shall: (i) use commercially reasonable efforts to provide Customer with an error correction or work-around that corrects the Uptime failure; and (ii) provide Customer with a credit as set forth in the table below (a “Service Credit”), provided such Service Credit is approved by Commvault, such approval not to be unreasonably withheld. For the avoidance of doubt, service providers are not eligible for Service Credits. Within thirty (30) days of the downtime incident, Customer must submit a Service Credit claim to Commvault with all information necessary for Commvault to validate such claim, including: (i) a detailed description of the incident; (ii) information regarding the time and duration of the downtime; and (iii) a description of the attempts to resolve the incident. Service Credits will be applied to Customer’s next invoice. Customer is not eligible for any Service Credits if Customer’s use of the SaaS Solution is free of charge. This is Customer’s sole and exclusive remedy for any Uptime failure. SaaS Solution AvailabilityService CreditLess than 99.9%10%Less than 99%25% 4. Data Privacy & Security 4.1 Commvault Privacy and Security Program. Customer data privacy and security is Commvault’s priority. Commvault represents and warrants that it maintains: (i) network security, business continuity and disaster recovery policies and procedures commensurate with industry best practices; and (ii) administrative, physical and technical safeguards designed to secure Customer Data from accidental or unauthorized access, use, alteration or disclosure. Commvault’s collection, use, processing, storage and disclosure of any personal data included in Customer Data shall be in accordance with applicable data protection laws and Commvault’s Privacy Policy. Customer acknowledges that it is Customer’s responsibility to verify that the SaaS Solution’ security and privacy protections are adequate and in compliance with all applicable laws governing the type of data included in Customer Data. Customer agrees to, and will ensure that each Authorized User will, notify Commvault at GRC@commvault.com immediately upon learning of any suspicious access to its Customer Account. Commvault’s comprehensive privacy and security program is set forth in the Security Terms and incorporated herein by reference. 4.2. Access. Customer data privacy and security is Commvault’s priority. At times, Commvault may be required to access or disclose Customer Data: (i) to provision the SaaS Solution to Customer pursuant to these Terms; (ii) to respond to a validly issued subpoena, an investigative demand or warrant; (iii) to investigate or prevent security threats, fraud, or other illegal, malicious, or inappropriate activity; (iv) to enforce or protect Commvault’s rights and properties or those of its affiliates or subsidiaries; or (v) with the informed consent of the data subject. In the event Commvault is required to access Customer Data, Commvault shall not disclose Customer Data to third parties without Customer’s consent or instruction, unless prohibited by law. 5. Term. Commvault initiates activation of the SaaS Solution upon receipt of a valid purchase order, by providing Customer with access to an account (the “Activation Date”). The term of Customer’s subscription to the SaaS Solution shall begin on the Activation Date and continue as set forth on the applicable purchase order (the “SaaS Solution Term”). The SaaS Solution Term shall renew for an equal term unless either party provides written notice of non-renewal sixty (60) days prior to the renewal date. 6. Customer SaaS Acknowledgments. Customer agrees: (i) Customer is solely responsible for data retention policies and any other policy settings, schedules, and configurable parameters applied to Customer Data, including implementing its own specific retention policies, (ii) Customer and its Authorized Users will keep Access Credentials confidential, and Customer remains responsible for the acts and omissions of its Authorized Users and any activity that occurs under its Customer Account(s) using the Access Credentials; (iii) Customer will use the most current version of the SaaS Solution at all times, unless otherwise agreed in writing; (iv) Customer is responsible for the security of its Customer Data if Customer disables any encryption or other security feature within the SaaS Solution; and (v) Customer is responsible for maintaining its own internet and data connections, and components of the SaaS Solution that are accessed or used through internet connections and may be subject to Customers’ internet service providers fees and downtime. Customer acknowledges Customer Data may not be available if: (i) Customer’s initial backup and replication is not properly completed by Customer; (ii) Customer deletes Customer Data and does not restore it after deletion pursuant to Customer’s data retention policies; (iii) Customer selects incorrect or inappropriate retention policies within the SaaS Solution; (iv) Customer’s IT environment is unable to secure a connection with Commvault’s servers or network; or (v) Customer fails to follow Commvault’s technical requirements and the Documentation for utilizing the SaaS Solution, including installing updates, or failing to periodically test Customer’s backups and restores, or ensure that Customer Data is protected and not otherwise corrupted. Commvault Software Terms & Conditions Commvault’s Software delivers a unified solution combining backup and recovery with disaster recovery to deliver enterprise-grade data protection that is powerful and easy to use and provides data availability and business continuity across on-premise and cloud environments using a single extensible platform. 1. Getting Started. Commvault grants Customer a limited, non-exclusive,non sub-licensable, and non-transferable license to install, execute and use the Software (including Software embedded in any hardware, if applicable) solely in binary code form during the Software Term (defined below), in accordance with the applicable ordering documents, Commvault’s Privacy Policy, FAQs, website, user manuals and other information provided to assist Customer in its use and operation of the Software (collectively, the “Software Documentation”). The Software is licensed, not sold and except as set forth herein, all sales of Software are final, non-returnable and non-refundable. Acceptance of the Software occurs upon delivery. Software license key(s) are electronically delivered by Commvault. Any Software license acquired by virtue of Customer’s use or purchase of hardware shall be limited to the hardware upon which the Software was originally installed. Customer may be required to periodically reapply Software license keys during the Software Term which Commvault shall provide. Customer may make a copy of the Software solely for back-up purposes, provided such back-up copy is used only as a replacement for the original copy on the same hardware upon which the Software was originally installed. Customer may use the Software solely for its internal data center operations. 2. Capacity. Customer shall activate and maintain the reporting features of any capacity-based Software and provide usage reports to Commvault upon request. In the event Customer’s use of limited capacity-based Software exceeds capacity, Customer shall be obligated to pay Commvault, directly or through its authorized reseller, for all excess usage. Software purchased on a capacity-basis may cease to operate and perform if Customer exceeds capacity. If Customer purchases unlimited capacity Software for itself and/or its affiliates and subsidiaries: (i) the Software may be used by Customer’s affiliates and subsidiaries in the territory set forth in the order forms only, (ii) Customer assumes all liability for those affiliates and subsidiaries, and (iii) upon acquisition of Customer’s business by another entity, the unlimited capacity Software license shall terminate, and Customer will retain a limited license for the Software then-deployed in Customer’s environment for the remainder of the Software Term. 3. Maintenance & Support. Commvault provides support and maintenance for the Software as set forth here at Commvault’s then-current pricing. Customers who purchase support and maintenance must do so for all Software in Customer’s Environment. Maintenance and support commence upon delivery of the Software, if applicable. 4. Commvault Software Warranty. Commvault warrants that the Software shall substantially perform in accordance with the user documentation for a period of ninety (90) days from the date of delivery (the “Warranty Period”). During the Warranty Period, if the Software is defective, Customer must immediately notify Commvault in writing, and Commvault, in its discretion, will either: (i) repair or replacement the defective Software; or (ii) return prorated fees paid by Customer for the defective Software, in which case Customer shall uninstall and return or destroy the defective Software. 5. Term. The term of Customer’s license to the Software shall begin on the date the Software is delivered and continue as set forth in the applicable order form (the “Software Term”), except where such license is perpetual. Upon expiration of the Software Term, Customer may use a limited recovery version of the Software solely for recovering data backed up by the Software during the Software Term. The Commvault Master Terms & Conditions set forth herein are the current terms and conditions governing the use of Commvault’s software, services and solutions. These terms, as updated, shall replace and consolidate any prior terms under an End User License Agreement or Terms of Service that a customer may have with Commvault. Last Updated: June 6th 2023 Copyright Acknowledgment © 1997-2023 Commvault Systems, Inc. All rights reserved.