SOFTWARE LICENSE AGREEMENT

CYBERARK SOFTWARE LTD. AND/OR ITS AFFILIATES AS INDICATED IN THE APPLICABLE ORDER (“CYBERARK”) IS WILLING TO LICENSE THE SOFTWARE TO YOU AS THE COMPANY OR THE LEGAL ENTITY THAT WILL BE UTILIZING THE SOFTWARE (REFERENCED BELOW AS “CUSTOMER”) ON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS OF THIS SOFTWARE LICENSE AGREEMENT (“AGREEMENT”). BY ENTERING INTO THIS AGREEMENT ON BEHALF OF AN ENTITY OR ORGANIZATION, YOU REPRESENT THAT YOU HAVE THE LEGAL AUTHORITY TO BIND THAT ENTITY OR ORGANIZATION TO THIS AGREEMENT. CUSTOMER AND CYBERARK MAY EACH ALSO BE REFERRED TO AS A “PARTY” AND TOGETHER, THE “PARTIES”.

PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE. THIS AGREEMENT CONSTITUTES A LEGAL AND ENFORCEABLE CONTRACT BETWEEN CUSTOMER AND CYBERARK. BY INDICATING CONSENT ELECTRONICALLY, OR INSTALLING OR OTHERWISE USING THE SOFTWARE, CUSTOMER AGREES TO THE TERMS AND CONDITIONS OF THIS AGREEMENT. IF CUSTOMER DOES NOT AGREE TO THIS AGREEMENT, DO NOT INDICATE CONSENT ELECTRONICALLY AND MAKE NO FURTHER USE OF THE SOFTWARE.

1. Grant of License

1.1. Software License. In consideration of the license fees stated in an Order or payment in accordance with section 2.3 “Indirect Orders” (as appropriate), and the terms and conditions of this Agreement, CyberArk grants Customer a world-wide, non-exclusive, non-transferable license to use (and to permit the Authorized Users to use) the Software and the Documentation during the license term set forth in the Order solely for Customer’s and its Affiliates’ internal business purposes in accordance with the Documentation and in the quantity specified in the Order. Customer may make a reasonable number of copies of any Documentation and one archival copy of the Software. Except for the licenses granted under this Agreement, all rights, title, and interest in and to the Software and Documentation are hereby reserved by CyberArk, its Affiliates or licensors.

1.2. Restrictions on Use. Customer shall not (directly or indirectly): (a) copy or reproduce the Software or the Documentation except as permitted under this Agreement; (b) exceed the licensed quantities, users or other entitlement measures of the Software as set forth in the applicable Order; (c) remove or destroy any copyright, trademark or other proprietary marking or legends placed on or contained in the Software or Documentation; (d) assign, sell, resell, sublicense, rent, lease, time-share, distribute or otherwise transfer the rights granted to Customer under this Agreement to any third party except as expressly set forth herein; (e) modify, reverse engineer or disassemble the Software; (f) except to the limited extent applicable laws specifically prohibit such restriction, decompile, attempt to derive the source code or underlying ideas or algorithms of any part of the Software, attempt to recreate the Software or use the Software for any competitive or benchmark purposes; (g) create, translate or otherwise prepare derivative works based upon the Software or Documentation; (h) use the Software in a manner that infringes on the Intellectual Property rights, publicity rights, or privacy rights of any third party, or to store or transfer defamatory, trade libelous or otherwise unlawful data; or (i) store in or process with the Software any personal health data, credit card data, personal financial data or other such sensitive regulated data not required by the Documentation.

2. Payment and Taxes

2.1. Payment Terms. Customer shall pay all invoices within thirty (30) days of date of invoice, without any deduction or set- off (except for any amount disputed promptly and in writing by Customer in good faith), and payment will be sent to the address specified by CyberArk. Any amounts arising in relation to this Agreement not paid when due will be subject to a late charge of one and one-half percent (1 ½ %) per month on the unpaid balance or the maximum rate allowed by law, whichever is less. Without prejudice to Customer’s rights set out elsewhere in this Agreement, all license and support fees are non-refundable and payable in advance. CyberArk may invoice for purchases of Software upon delivery.

2.2. Taxes. The fees and charges covered by this Agreement are exclusive of any Indirect Taxes imposed or levied, currently or in the future based on applicable legislation, on the Software. Unless otherwise agreed between the Parties, Customer will be liable for compliance with reporting and payment of such Indirect Taxes in its tax jurisdiction. CyberArk shall include the Indirect Taxes on its invoice to Customer and remit such Indirect Taxes collected to the relevant authority if required by applicable law. For the avoidance of doubt, CyberArk will be responsible for direct taxes imposed on CyberArk’s net income or gross receipts in its tax jurisdiction.

2.3. Indirect Orders. If Customer places an Indirect Order, then CyberArk grants the rights described in this Agreement in consideration for and subject to: (a) Customer’s agreement to comply with the pricing and payment terms of the Indirect Order, to be separately agreed between Customer and the applicable Channel Partner; and (b) Customer’s agreement to comply with its obligations set forth in this Agreement (including the restrictions on use of the Software). Notwithstanding the foregoing, the final sales price or rate shall be freely and independently determined between the applicable Channel Partner and Customer. For the avoidance of doubt, in the case of such an Indirect Order, any indication in this Agreement of an agreement between Customer and CyberArk for the price payable by Customer for such Indirect Order shall be null and void and not form a binding part of this Agreement and the provisions of this Agreement related to payment terms, pricing and/or order procedures shall not apply.

3. Confidentiality

3.1. Confidential Information. The Parties acknowledge that each may disclose certain valuable confidential and proprietary information to the other. The receiving Party may only use the disclosing Party’s Confidential Information to fulfil the purposes of this Agreement. The receiving Party will protect the disclosing Party’s Confidential Information by using at least the same degree of care as the receiving Party uses to protect its own Confidential Information of a like nature (but no less than a reasonable degree of care) to prevent the unauthorized use, dissemination, disclosure or publication of such Confidential Information. Notwithstanding the foregoing, the receiving Party may disclose Confidential Information to its (and its Affiliates’) employees, advisors, consultants, and agents on a need-to-know basis and provided that such party is bound by obligations of confidentiality substantially similar to those contained herein.

3.2. Exclusions. Information will not be deemed Confidential Information if it: (i) is known to the receiving Party prior to receipt from the disclosing Party directly or indirectly from a source other than one having an obligation of confidentiality to the disclosing Party; (ii) becomes known (independently of disclosure by the disclosing Party) to the receiving Party directly or indirectly from a source other than one having an obligation of confidentiality to the disclosing Party; (iii) becomes publicly known or otherwise ceases to be secret or confidential, except through a breach of this Agreement by the receiving Party; or (iv) is independently developed by the receiving Party without use of or reliance upon the disclosing Party’s Confidential Information, and the receiving Party can provide evidence to that effect. The receiving Party may disclose Confidential Information pursuant to the requirements of a court, governmental agency or by operation of law but shall (to the extent permissible by law) limit such disclosure to only the information requested and give the disclosing Party prior written notice sufficient to permit the disclosing Party to contest such disclosure. This section supersedes any and all prior or contemporaneous understandings and agreements, whether written or oral, between the Parties with respect to Confidential Information and is a complete and exclusive statement thereof.

4. Limited Warranty

4.1. Software Warranty. CyberArk warrants that the Software delivered under the initial Order will perform substantially as described in the Documentation for a period of ninety (90) days from the date of initial delivery of the Software. CyberArk’s sole liability and Customer’s exclusive remedy for breach of these warranties will be, at CyberArk’s option and expense, either: (a) repair or replacement of the Software that does not meet the limited warranty set forth above; or (b) termination of the applicable license and the return of the license fee paid to CyberArk for the applicable Software. This limited warranty is void if the failure of the Software has resulted from negligence, error, or misuse of the Software (including use not in accordance with the Documentation) by Customer, the Authorized User or by anyone other than CyberArk or its authorized agents. Without derogating from CyberArk’s obligations under this Agreement, Customer warrants that it shall take and maintain appropriate steps within its control to protect the confidentiality, integrity, and security of its Confidential Information, including: (i) operating the Software in accordance with the Documentation and appliable law; and (ii) dedicating reasonably adequate personnel and resources to implement and maintain the security controls set forth in the Documentation. Customer will be responsible for the acts and omissions of its Authorized Users.

4.2. Disclaimer. Any and all warranties, expressed, incorporated or implied, are limited to the extent and period mentioned in this Agreement. To the maximum extent allowed by applicable law, CyberArk disclaims (and disclaims on behalf of its licensors and/or contributors to any Third-Party Materials) all other warranties, conditions and other terms, whether implied or incorporated into this Agreement by statute, common law or otherwise, including the implied conditions and warranties of merchantability and fitness for a particular purpose. CyberArk will have no liability for delays, failures or losses attributable or related in any way to the use or implementation of third-party software or services not provided by CyberArk.

5. Infringement Indemnity

5.1. Infringement Indemnity. CyberArk shall defend and indemnify Customer and/or its Affiliates and their officers, directors and employees against all third-party claims, suits and proceedings resulting from the violation, misappropriation, or infringement of such third party’s patent, copyright, trademark or trade secret caused by Customer’s use of the Software in accordance with this Agreement and Documentation (each, a “Claim”), and all directly related losses, liabilities, damages, costs and expenses (including reasonable attorneys’ fees).

5.2. Process. CyberArk’s defense and indemnification obligations herein will become effective upon, and are subject to: (a) Customer’s prompt notification to CyberArk of any Claims in writing; and (b) Customer providing CyberArk with full and complete control, authority and information for the defense of the Claim, provided that CyberArk will have no authority to enter into any settlement or admission of Customer’s wrongdoing on Customer behalf without Customer’s prior written consent (not to be unreasonably withheld). At CyberArk’s request, Customer shall reasonably cooperate with CyberArk in defending or settling any Claim.

5.3. Exclusions. The above CyberArk obligations to defend and indemnify will not apply in the event that a Claim arises from or relates to: (a) use of the Software not in accordance with the Documentation and this Agreement; (b) use of the Software in violation of any applicable laws; (c) any modification, alteration or conversion of the Software not created or approved in writing by CyberArk; (d) any combination or use of the Software with any computer, hardware, software or service not required by the Documentation; (e) CyberArk’s compliance with Customer’s specifications, requirements or requests; (f) Customer’s gross negligence or willful misconduct; or (g) Customer’s refusal to use a non-infringing version of Software or any part thereof offered by CyberArk at no cost to Customer, so long as such non-infringing version does not cause a material adverse effect on the functionality provided by the infringing version.

5.4. Remedies. If the Software becomes, or CyberArk reasonably determines that the Software is likely to become, subject to a claim of intellectual property infringement for which CyberArk must indemnify Customer as described above, CyberArk may at its option and expense: (a) procure for Customer the right to continue to access and use the Software; (b) replace or modify the Software so that it becomes non-infringing without causing a material adverse effect on the functionality provided by the infringing Software; or (c) if neither of the foregoing options are available in a timely manner on commercially reasonable terms, remove the infringing part of the Software, and refund to Customer (either directly or through a Channel Partner, as applicable): (i) for perpetual Software, the license fee paid for the infringing part of the Software, less an amount equal to one sixtieth (1/60) of the license fee for each full month of the license term prior to the date of removal; or (ii) for subscription based Software, the pro-rated unused portion of any prepaid license subscription fees for the infringing part of the applicable Software, calculated from the date of removal termination of the applicable Order through the remaining subscription term as calculated on a monthly basis. This section states the sole liability of CyberArk and Customer’s exclusive remedy with respect to any Claims arising out of or related to this Agreement.

6. Third Party Materials

The Software includes Third-Party Materials, use of which is subject to their respective OSS Licenses as indicated in the Documentation. CyberArk warrants that the inclusion of such Third-Party Materials in the Software will not prevent Customer from exercising the license rights provided to Customer herein in respect of the Software or limit Customer’s ability to use the Software in accordance with the Documentation. Nothing herein shall derogate from mandatory rights Customer may have under any OSS Licenses, if any. Customer may obtain a copy of the source code for certain Third-Party Materials by following the instructions set forth in the Documentation.

7. Limitation of Liability

7.1. Maximum Liability. Except for liability caused by CyberArk’s intellectual property infringement indemnification obligations herein and Customer’s payment obligations, in no event will either Party’s maximum aggregate liability arising out of or related to this Agreement, regardless of the cause of action and whether in contract, tort (including negligence), warranty, indemnity or any other legal theory, exceed the total amount paid or payable to CyberArk under this Agreement during the twelve (12) month period preceding the date of initial claim.

7.2. No Consequential Damages. Neither Party will have any liability to the other Party for any loss of profits or revenues, loss of goodwill, or for any indirect, special, incidental, consequential or punitive damages arising out of, or in connection with this agreement, however caused, whether in contract, tort (including negligence), warranty, indemnity or any other legal theory, and whether or not the Party has been advised of the possibility of such damages.

7.3. Construction. This Agreement is not intended to and will not be construed as excluding or limiting any liability which cannot be limited or excluded by applicable law, including liability for: (a) death or bodily injury caused by a Party’s negligence; or (b) gross negligence, willful misconduct or fraud.

8. Support Services; Professional Services

Customer may separately purchase from CyberArk support services, professional services and hardware in relation to the Software as generally made available by CyberArk to its customers, pursuant to CyberArk’s then applicable service terms (available for review upon request). Support services for subscription Software licenses are included with the license subscription unless stated otherwise in the applicable Order.

9. Term and Termination of the Agreement

This Agreement shall remain in force during the applicable license term of the Software until terminated by either Party pursuant to this section. Either Party may terminate this Agreement immediately upon notice to the other Party if the other Party: (i) materially breaches this Agreement and fails to remedy such breach within thirty (30) days after receiving written notice of the breach from the other Party; or (ii) commences bankruptcy or dissolution proceedings, has a receiver appointed for a substantial part of its assets, or ceases to operate in the ordinary course of business. In addition, a Party may terminate this Agreement, in whole or in part, or cease provision of support services and professional services or Customer’s access to the applicable Software if required to comply with applicable law or regulation, and such termination will not constitute a breach of this Agreement by the terminating Party. CyberArk reserves the right to suspend any applicable support services and professional services or Customer’s access to the applicable Software upon 30 days’ written notice to Customer if: (a) an invoice is more than sixty (60) days past due; or (b) if there is an uncured material breach of this Agreement. CyberArk will promptly reinstate Customer’s access and use of the Software/provision of the applicable services once the issue has been resolved. Upon termination or expiration of the Agreement, (x) any accrued rights and obligations will survive; (y) all outstanding fees and other charges under the Agreement or Order (as applicable) will become immediately due and payable, and (z) Customer will have no further right to access or use the applicable Software. If Customer is converting its perpetual self-hosted Software licenses to a subscription- based Software license, the applicable previously licensed perpetual self-hosted Software licenses will be terminated, along with any associated support services, in accordance with the terms of the applicable Order.

10. Free Trial or Beta Versions of the Software

If Customer is using a Trial Version, CyberArk makes such Trial Version available to Customer for a period ending on the earlier of: (i) the end of the free trial or proof of concept period or beta testing period as communicated by CyberArk or specified in an Order; (ii) the start date of any purchased version of such Software; or (iii) written notice of termination from CyberArk (“Trial Version Period”) and the following terms apply to use of the Trial Version notwithstanding anything to the contrary elsewhere in this Agreement. CyberArk grants Customer, during the Trial Version Period, a non-exclusive, non-transferable license (without the right to sub-license) to access and use the Trial Version for Customer’s internal evaluation purposes in accordance with the Documentation and subject to the restrictions on use set forth in this Agreement. Customer shall use the Trial Version only for evaluation and not for any business or productive purposes, unless otherwise authorized by CyberArk in writing. CyberArk provides the Trial Version "as is" without any warranties or representations of any kind. To the extent permitted by law, CyberArk disclaims all implied warranties and representations, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose and non-infringement. Customer assumes all risks and all costs associated with its use of the Trial Version. Customer’s sole and exclusive remedy in case of any dissatisfaction or CyberArk’s breach of the Agreement with respect to such Trial Version is termination of the license for the Trial Version. Any obligations on behalf of CyberArk to indemnify, defend, or hold harmless under this Agreement are not applicable to Customer’s use of a Trial Version. There is no guarantee that features or functions of the Trial Version will be available, or if available will be the same, in the general release version of the Software, and Customer should review the Software’s features and functions before making a purchase. CyberArk will be under no obligation to provide Customer any support services with respect to the Trial Version.

11. Restricted Rights and Export Control

11.1. Export Control. The exportation of the Software and Documentation, and all related technology and information thereof are subject to U.S. laws and regulations pertaining to export controls and trade and economic sanctions, including the U.S. Export Administration Act, Export Administration Regulations, the Export Control Reform Act, and the Office of Foreign Assets Control’s sanctions programs, the laws of the State of Israel, and the laws of any country or organization of nations within whose jurisdiction Customer (or its Authorized Users who may use or otherwise receive the Software as expressly authorized by this Agreement) operates or does business, as amended, and the rules and regulations promulgated from time to time thereunder. Specifically, Customer hereby undertakes not to export, re-export or grant access to the Software and all related technology, information, materials and any upgrades thereto to: (a) any Prohibited Persons; (b) any country to which such export, re-export or grant of access is restricted or prohibited per the foregoing applicable laws; or (c) otherwise in violation of any applicable export or import restrictions, laws or regulations. Customer also certifies that it is not a Prohibited Person nor owned, controlled by, or acting on behalf of a Prohibited Person.

11.2. Commercial Computer Software. If Customer is an agency or contractor of the United States Government, the Parties acknowledge and agree that: (i) the Software (including any software forming a part thereof) was developed entirely at private expense; (ii) the Software (including any software forming a part thereof) in all respects constitute proprietary data belonging solely to CyberArk and its licensors; (iii) the Software (including any software forming a part thereof) is not in the public domain; and (iv) the software forming a part of the Software is “Commercial Computer Software” as defined in sub-paragraph (a)(1) of DFAR section 252.227-7014 or FAR Part 12.212. Customer shall provide no rights in the Software (including any software forming a part thereof) to any U.S. Government agency or any other party except as expressly provided in this Agreement.

12. Assignment

Neither Party may assign any of its rights or obligations under this Agreement without the other Party’s prior written consent, which will not be unreasonably withheld. Notwithstanding the foregoing, either Party may assign any and all of its rights and obligations under this Agreement to a successor in interest in the event of a merger or acquisition or to an Affiliate, upon prior written notice to the other Party.

13. Severability and Waiver

This Agreement shall be deemed severable, and the invalidity or unenforceability of any term or provision hereof shall not affect the validity or enforceability of this Agreement or of any other term or provision hereof. Should any term or provision of this Agreement be declared void or unenforceable by any court of competent jurisdiction, the Parties intend that a substitute provision will be added to this Agreement that, to the greatest extent possible, achieves the intended commercial result of the original provision. The failure of either Party to enforce any rights granted to it hereunder or to take action against the other Party in the event of any breach hereunder will not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches.

14. Choice of Law and Exclusive Jurisdiction

Each Party agrees to the applicable governing law below without regard to choice or conflicts of law rules, and to the exclusive jurisdiction of the applicable courts below with respect to any dispute, claim, action, suit or proceeding (including non-contractual disputes or claims) arising out of or in connection with this Agreement, or its subject matter or formation. To the extent not prohibited by applicable law, each of the Parties hereby irrevocably waives any and all right to trial by jury in any legal proceeding arising out of or related to this Agreement.

CyberArk entity entering into Agreement:	With Principal Office at:	Choice of Law:	Exclusive Jurisdiction:
CyberArk Software, Inc.	60 Wells Avenue, Newton, MA 02459, U.S.A.	Laws of Commonwealth of Massachusetts, U.S.A.	Courts of Boston, Massachusetts, U.S.A.
Cyber-Ark Software (UK) Ltd.	One Pear Place, 152-158 Waterloo Road, London, SE1 8BT, U.K.	Laws of England and Wales	Courts of London, England
CyberArk Software Ltd.	9 Hapsagot St. Park Ofer 2, P.O. Box 3143, Petach-Tikva 4951040, Israel	Laws of Israel	Courts of Tel Aviv Jaffa, Israel
CyberArk Software Canada Inc.	TD Canada Trust Tower, 161 Bay Street, 27th Floor, PO Box 508 Toronto, Ontario, M5J 2S1, Canada	Laws of Ontario and the federal laws of Canada applicable therein	Courts of Toronto, Ontario, Canada
CyberArk Software (Singapore) Pte. Ltd.	250 North Bridge Road, #14-01, Raffles City Tower, Singapore 179101	Laws of Singapore	Courts of Singapore
CyberArk Software (Japan) K.K.	Pacific Century Place 13F, 1-11-1, Marunouchi, Chiyoda-ku, Tokyo, Japan	Laws of Japan	Courts of Tokyo, Japan
CyberArk Software (India) Private Limited	My Home Twitza, 4th Floor, Plot Nos.30/A, Survey No.83/1, Beside Skyview, APIIC - Hyderabad Knowledge City, Hyderabad Telangana 500081	Laws of India	Courts of Hyderabad, India
CyberArk Software (Australia) Pty Ltd	Level 26, Suite 1, 259 George Street, Sydney NSW 2000	Laws of Victoria, Australia	Courts of Melbourne, Australia
CyberArk Turkey Siber Güvenlik Yazılımı A.Ş.	Plaza Cubes, Barbaros Mahallesi, Kardelen Sokak Palladium Tower 2/1 34746 Atasehir, Istanbul	Laws of Israel	Courts of Tel Aviv Jaffa, Israel
Venafi, Inc.	175 E. 400 South, Suite 300, Salt Lake City, Utah 84111	Laws of Commonwealth of Massachusetts, U.S.A.	Courts of Boston, Massachusetts, U.S.A.

15. Force Majeure

With the exception of Customer’s payment obligations herein, neither Party will be liable to the other Party for any delay or failure to perform which is due to fire, pandemic, virus, epidemic, travel advisories as to health, security and/or terrorism, flood, lockout, transportation delay, war, acts of God, governmental rule or order, strikes or other labor difficulties, or other causes beyond its reasonable control. However, in such event, both Parties will resume performance promptly after the cause of such delay or failure has been removed.

16. Telemetry End-User License Agreement

In the event that Customer downloads CyberArk’s Telemetry self-hosted software product from the CyberArk Marketplace, the terms of the CyberArk Software Telemetry EULA found at https://www.cyberark.com/contract-terms/ shall apply.

17. Entire Agreement

This Agreement, along with any additional terms incorporated herein by reference, including in the Order, represents the complete and exclusive terms and conditions under which this Software is licensed to Customer by CyberArk, and it supersedes all prior agreements and representations between the Parties, unless specifically stated otherwise. The terms and conditions contained in any purchase order issued to CyberArk in connection with this Agreement will be of no force or effect, even if the Order is accepted by CyberArk. This Agreement may only be amended by a written instrument specifically intended for this sole purpose and signed by the authorized representatives of both Parties. All Notices will be in writing and will be deemed to have been duly given: (a) when delivered by hand; (b) three (3) days after being sent by registered or certified mail, return receipt requested and postage prepaid; (c) one (1) day after deposit with a nationally recognized overnight delivery or express courier service; or (d) when provided via email, when the sender has received a delivery/read receipt. Notices for CyberArk should be sent to the following addresses: (i) for physical Notices the address specified for CyberArk in section 14 “Choice of Law and Exclusive Jurisdiction” and; (ii) for electronic Notices to: contract-notices@cyberark.com. In the event that Customer has any technical support-related queries, the contact information for support can be found at: https://www.cyberark.com/customer-support/.

18. Definitions. Capitalized terms shall have the meanings set forth below. Defined terms stated in the singular may be used in the plural, and vice versa.

“Affiliate” means a company controlling, controlled by, or under common control with a Party (an entity will be deemed to have control if it owns over 50% of another entity).

“Authorized Users” means employees, agents, consultants, contractors, or vendors authorized by Customer to use the Software solely for the internal use of Customer and its Affiliates, subject to the terms and conditions of this Agreement.

“Channel Partner” means a third-party business entity that CyberArk has appointed as an approved partner to as applicable, distribute, re-sell and support the Software.

“Claim” is defined in section 5.1 of the Agreement.

“Confidential Information” means all information provided by the disclosing Party to the receiving Party concerning the disclosing Party or its Affiliates’ business, products or services that is not generally known to the public, including information relating to customers, vendors, trade secrets, prices, products, services, computer programs and other intellectual property and any other information which a Party should reasonably understand to be considered Confidential Information whether or not such information is marked “Confidential” or contains such similar legend by the disclosing Party at the time of disclosure.

“Documentation” means the user guides, installation documents and specifications for the Software that are generally made available from time to time by CyberArk in electronic or tangible form and found at docs.cyberark.com, including the documentation located therein under the ‘Security’ section for the relevant Software, but excluding any sales or marketing materials.

“Indirect Order” means an Order for the Software from a Channel Partner of Customer’s choosing pursuant to an independent commercial agreement.

“Indirect Taxes” means excise, sales, use, gross-turnover, value added, goods and services tax or other similar types of indirect taxes on turnover and/or revenues, duties, customs or tariffs (however designated, levied or based and whether foreign or domestic, federal, state or province).

“Notice” means any notice or other communication required or permitted under this Agreement.

“Order” means CyberArk’s quote accepted by Customer via Customer’s purchase order or other ordering document submitted to CyberArk (directly or indirectly through a Channel Partner) to order CyberArk’s products or services, which references the Software, services, pricing, payment terms, quantities, expiration date and other applicable terms set forth in an applicable CyberArk quote or ordering document.

“OSS Licenses” means the respective open source licenses that the Third-Party Materials are subject to.

“Prohibited Persons” means anyone on the U.S. Commerce Department’s Denied Persons, Entity, or Unverified Lists or theU.S. Treasury Department’s list of Specially Designated Nationals and Consolidated Sanctions list.

“Software” means CyberArk’s proprietary self-hosted software specified in the Order as further described in the Documentation.

“Third-Party Materials” means open source software programs that are made available by third parties under their respective OSS Licenses.

“Trial Version” means a where Customer is using a free trial, a proof of concept of the Software, a beta version of the Software, or is using the Software on any other free-of-charge basis.

“Trial Version Period” is defined in section 10 of the Agreement

Any words following the terms including or include shall be regarded as examples only and not construed as an exhaustive list.

VENAFI ADDENDUM TO CYBERARK’S SOFTWARE LICENSE AGREEMENT

This Venafi Addendum (“Addendum”) amends and forms part of the Software License Agreement (“Agreement”). This Addendum sets forth additional terms and conditions under which the Customer is entitled to access and use the Venafi Software, as defined below. This Addendum only applies to Venafi self-hosted software and not to any other CyberArk software product, software-as-a-service product or other services. To the extent that any of the terms or conditions contained in this Addendum contradict or conflict with any of the terms or conditions of the Agreement, the terms of this Addendum shall supersede the Agreement. Capitalized terms used but not defined herein shall have the meaning set forth in the Agreement except as otherwise stated. Customer and CyberArk are each referred to as a “Party” and collectively, the “Parties.” PLEASE READ THIS ADDENDUM CAREFULLY BEFORE USING THE VENAFI SOFTWARE. THIS ADDENDUM CONSTITUTES A LEGAL AND ENFORCEABLE CONTRACT BETWEEN CUSTOMER AND CYBERARK. BY INDICATING CONSENT ELECTRONICALLY, OR ACCESSING OR OTHERWISE USING THE VENAFI SOFTWARE, CUSTOMER AGREES TO THE TERMS AND CONDITIONS OF THIS ADDENDUM. IF CUSTOMER DOES NOT AGREE TO THIS ADDENDUM, DO NOT INDICATE CONSENT ELECTRONICALLY AND MAKE NO FURTHER USE OF THE VENAFI SOFTWARE.

1. Grant of License

1.1. License Review. CyberArk is entitled to review Customer’s use of the Venafi Software to determine compliance with any applicable fee requirements, product licensing parameters, or licensing metrics and may, with reasonable advance notice not more than once per year, request reports on license usage from Customer if such reports are reasonably accessible to Customer. If CyberArk reasonably determines that Customer has used the Venafi Software outside the scope of the license granted under the Agreement, including using more than the purchased number and/or type of licenses, then CyberArk or CyberArk’s Channel Partner (as applicable) shall invoice Customer for such additional use.

1.2. Third-Party Services. The Venafi Software may enable access to third-party services and websites (collectively, “External Service”) including, without limitation, those of any Certificate Authority. Customer agrees to use any External Service at Customer’s sole risk and expense. CyberArk is not liable for any External Service and is not responsible for its content or accuracy. Customer will not use the External Service in any manner that is inconsistent with the terms of this Addendum, the Agreement and the agreements governing the uses of such External Service, or that infringes intellectual property rights. CyberArk reserves the right to change, suspend, remove, disable or impose access restrictions or limits on any External Service at any time without notice or liability to Customer.

1.3. Analytics. Customer agrees that CyberArk and its Affiliates and authorized service providers may process non- personally identifying technical, telemetry or other data that either (a) enables the provision of product analytics and improvements; or (b) enables CyberArk and its Affiliates to confirm license compliance by Customer.

2. Support

2.1. Support. As part of its provision of the Venafi Software, CyberArk shall make available technical support to Customer in accordance with the Venafi Support Services terms applicable to the Venafi Software. Customer agrees to submit support and maintenance requests pursuant to instructions provided by CyberArk in the Venafi support portal or by emailing support@venafi.com. CyberArk will make commercially reasonable efforts to address requests in accordance with the service levels and response times provided at https://support.venafi.com and included in Customer’s license certificate

3. Definitions. As it relates to the Venafi Software, the Definitions Section of the Agreement shall be amended to add the following definitions. Any conflicting definitions already included in the Agreement are replaced with the following definitions:

“Certificate Authority” means an organization that is responsible for the authorization, issuance, revocation, and management of digital certificates that record information used to authenticate identities of users, devices, servers or websites.

“Documentation” means the user guides, installation documents, and specifications for the Software that are made available from time to time by CyberArk in electronic or tangible form and found at https://docs.venafi.com/ but excluding any sales or marketing materials.

“Venafi Software” means the Venafi self-hosted software specified in the Order as further described in the Documentation (including any locally-installed software agents and connectors that interact with the Software as may be provided by CyberArk in connection with the Software).

“Venafi Support Services” means the maintenance and technical support services for the Venafi Software provided by CyberArk to Customer as part of an active Venafi Software subscription, set out at https://support.venafi.com/.

Last Updated: 27 Aug 2024