Terms of Use – Previous Version

For the current version of our Terms and Conditions, please click here.

Version 3.1
Last updated: December 1, 2022

1. SERVICES. The Services consist of: Expel’s proprietary, cloud-based software platform, which can be accessed and used on a hosted basis, and related services, for security operations management, as shall be described on the relevant Sales Order.
2. DEFINITIONS. Capitalized terms shall have the meanings set forth in this section, or in the section where they are first used.
   1. “Access Protocols” means the passwords, access codes, technical specifications, connectivity standards or protocols, or other relevant procedures, as may be necessary to allow Customer or any Authorized Users to access the Services.
   2. “Authorized User”means any individual who is an employee of Customer or such other person or entity as may be authorized by Expel to access the Services pursuant to Customer’s rights under this Agreement.
   3. “Customer” means the company, organization or other type of legal entity purchaser of Expel’s Services pursuant to a valid, executed Agreement. If specified in the Agreement, the Customer may include affiliates and subsidiaries of the purchasing entity.
   4. “Integration Partner” means any third party that produces security software that has been licensed by Customer and is used in conjunction with the Expel Services.
   5.  “Intellectual Property Rights” means any and all now known or hereafter existing (a) rights associated with works of authorship, including copyrights, mask work rights, and moral rights; (b) trademark or service mark rights; (c) trade secret rights; (d) patents, patent rights, and industrial property rights; (e) layout design rights, design rights, and other proprietary rights of every kind and nature other than trademarks, service marks, trade dress, and similar rights; and (f) all registrations, applications, renewals, extensions, or reissues of the foregoing, in each case in any jurisdiction throughout the world.
   6. “Customer Content” means any content that is uploaded onto the Services by Customer or otherwise used on or in connection with the Software.
   7. “Sales Order” means any order form or other writing agreed between the parties identifying the Services to be made available by Expel pursuant to this Agreement, the subscription term, and any limitations or restrictions in connection with Customer’s access to and use of such Services.
   8. “Software” means the software programs and any associated user interfaces and related technology that Expel makes available pursuant to this Agreement for access and use through the Services.
3. PROVISION OF SERVICES
   1. Access. Expel will provide the Services via an online user portal or other approved method. On or as soon as reasonably practicable after the execution of the Sales Order and acceptance of this Agreement, Expel shall provide to Customer the necessary passwords, security protocols and policies and network links or connections and Access Protocols to allow Customer and its Authorized Users to access the Services in accordance with the Access Protocols.
   2. Responsibility for Software and Content Hosting. Expel shall use commercially reasonable efforts to host and make available the Software accessible as part of the Services, provided that nothing herein shall be construed to require Expel to provide for, or bear any responsibility with respect to any telecommunications or computer network hardware required by Customer or any Authorized User to provide access from the Internet to the Services. The Software may only be used in conjunction with the Services. Customer shall not modify or distribute the Software and/or related Services in any way without the prior express written consent of Expel.
   3. Support Services. Expel shall use commercially reasonable efforts to provide the support services in accordance with Expel’s then-current service level agreement(s) for the applicable Services.
4. INTELLECTUAL PROPERTY
   1. License Grant. Subject to the terms and conditions of this Agreement, Expel grants to Customer a non-exclusive, non-transferable license during the term set forth on the Sales Order to access and use the Services in accordance with the terms of this Agreement and any restrictions or limitations set forth on the applicable Sales Order(s).
   2. Ownership; Limitations. The Services (excluding the Customer Content and Integration Partners data hosted thereon), Software, and all other materials provided by Expel hereunder, including but not limited to all manuals, reports, records, programs, data and other materials, and all Intellectual Property Rights in each of the foregoing, are the exclusive property of Expel and its suppliers. Customer agrees that it will not, and will not permit any Authorized User or other party to: (a) permit any party to access the Software or use the Services, other than the Authorized Users authorized under this Agreement; (b) modify, adapt, alter or translate the Software, except as expressly allowed herein; (c) sublicense, lease, rent, loan, distribute, or otherwise transfer the Software to any third party; (d) reverse engineer, decompile, disassemble, or otherwise derive or determine or attempt to derive or determine the source code (or the underlying ideas, algorithms, structure or organization) of the Software; (e) use or copy the Software except as expressly allowed under this subsection; or (f) disclose or transmit any data contained in the Software to any individual other than an Authorized User, except as expressly allowed herein. Subject to the Confidentiality requirements of Section 9 of this Agreement, Customer may reasonably share information and access to the Software to its information technology and security auditors for the sole purpose of conducting routine information technology and security audits. Except as expressly set forth herein, no express or implied license or right of any kind is granted to Customer regarding the Services, Software, or any part thereof, including any right to obtain possession of any source code, data or other technical material relating to the Software.
   3. License to Reports. As part of the Services, Expel will create and make available to Customer security incident and other related reports (“Reports”). While the Report template and related Intellectual Property Rights remain the property of Expel, the content of any Reports becomes the property of Customer upon creation. Customer hereby grants to Expel the non-exclusive, non-sublicensable, non-transferable, right to use, reproduce, modify, create derivative works of, and display the Reports solely for Expel’s business purposes. Expel shall not have the right to distribute or otherwise make available the Reports to any third party, except as is required by law or by the order of a court or similar judicial or administrative body.
   4. Reservation of Rights.    All rights in and to the Services and Software not expressly granted to Customer in this Agreement are reserved by Expel and its suppliers. Except as expressly set forth herein, no express or implied license or right of any kind is granted to Customer regarding the Software and Services or any part thereof, including any right to obtain possession of any source code, data or other technical material related to the Software.
   5. Open Source Software. Certain items of software may be provided to Customer with the Software and are subject to “open source” or “free software” licenses (“Open Source Software”). Some of the Open Source Software is owned by third parties. The Open Source Software is not subject to the terms and conditions of the section titled Indemnification or the subsection titled License Grant. Instead, each item of Open Source Software is licensed under the terms of the end-user license that accompanies such Open Source Software. Nothing in this Agreement limits Customer’s rights under, or grants Customer rights that supersede, the terms and conditions of any applicable end user license for the Open Source Software. If required by any license for particular Open Source Software, Expel makes such Open Source Software, and Expel’s modifications to that Open Source Software, available by written request at the notice address specified below.
   6. Feedback. Customer agrees that Expel has the right to use any reporting of errors, problems, or defects, or suggestions for changes and improvements to the Services made by Customer (collectively, “Feedback”) at its sole discretion. Feedback shall be deemed the sole and exclusive property of Expel and, to the extent Customer has any Intellectual Property Rights in the Feedback, Customer hereby assigns such Intellectual Property Rights in the Feedback to Expel.io. Expel may incorporate all or some of the Feedback into the Software and Services or any other version of the Software and Services Expel may make available, or any other software or intellectual property created by Expel, all without notice to, payment of or consent from Customer. Customer agrees and acknowledges that any products and services incorporating such Feedback will be the sole and exclusive property of Expel, and Customer will gain no right, title or interest in or to the Software, Services, or any other products or services by virtue of Customer’s provision of Feedback to Expel or for any other reason.
5. FEES.Customer agrees to pay to Expel the fees for the Services ordered, as set forth on Expel’s then-current pricing list (“Fees”). Except as otherwise set forth on a Sales Order, Fees shall be paid on an annual basis, in advance, net thirty (30) days of receipt of invoice. Except as otherwise specifically stated in an applicable Service Level Agreement, Customer also agrees Expel may send invoices for actual service usage quantities beyond agreed-to amounts (“Overages”), Surge, and other ad hoc Services at any time.The Fees payable by Customer for each renewal Term will be equal to the Fees for the prior Term, plus a price increase. Any pricing increase will not exceed seven percent (7%) per year, unless the pricing was designated in the applicable Order Form as promotional or one-time; provided, however, the Fees for each renewal Term shall not exceed the then-current list price as of the start date of such renewal Term.In addition to the Fees, Customer agrees to pay, and to indemnify and hold Expel harmless from, any sales, use, excise, import or export, value added or similar tax or duty not based on Expel’s net income, including any penalties and interest, as well as any costs associated with the collection or withholding thereof, and all governmental permit fees, license fees and customs and similar fees which Licensor may incur in connection with this Agreement.
6. LICENSEE CONTENT AND RESPONSIBILITIES
   1. License; Ownership. Customer grants Expel a non-exclusive, worldwide, royalty-free and fully paid license (a) to use the Customer Content (incl. any Integration Partners data) as necessary for purposes of providing and improving the Services, and (b) to use the Customer trademarks, service marks, and logos as required to provide the Services. The Customer Content hosted by Expel as part of the Services, and all worldwide Intellectual Property Rights in it, is the exclusive property of Customer. Customer further grants Expel the right to create anonymous profiles and derivative insights based on the Customer Content (the “Insights”) that it may use in connection with its business purposes; provided, however, that such Insights do not disclose any Confidential Information of Customer or otherwise disclose the identity of Customer or any Authorized User. Expel will own all such Insights. All rights in and to the Customer Content not expressly granted to Expel in this Agreement are reserved by Customer.
   2. Authorized Users Access to Services. Customer may permit any Authorized Users to access and use the features and functions of the Services as contemplated by this Agreement and the restrictions in the Sales Order. User IDs cannot be shared or used by more than one Authorized User at a time. Customer shall use commercially reasonable efforts to prevent unauthorized access to, or use of, the Services, and notify Expel promptly of any such unauthorized use known to Customer.
   3. Customer Warranty. Customer represents and warrants that any Customer Content hosted by Expel as part of the Services shall not (a) infringe any copyright, trademark, or patent; (b) misappropriate any trade secret; (c) be deceptive, defamatory, obscene, pornographic or unlawful; (d) contain any viruses, worms or other malicious code intended to damage Expel’s system or data; or (e) otherwise violate the rights, including any applicable privacy rights, of a third party. Expel is not obligated to back up any Customer Content; the Customer is solely responsible for creating backup copies of any Customer Content at Customer’s sole cost and expense. Customer agrees that any use of the Services contrary to or in violation of the representations and warranties of Customer in this section constitutes unauthorized and improper use of the Services.
   4. Customer Responsibility for Data and Security. Customer and its Authorized Users shall have access to the Customer Content and shall be responsible for all changes to and/or deletions of Customer Content and the security of all passwords and other Access Protocols required in order the access the Services. Customer shall have the sole responsibility for the accuracy, quality, integrity, legality, reliability, and appropriateness of all Customer Content.
7. WARRANTIES. Expel represents and warrants from a period of thirty (30) days from the date that Expel makes available the Services to Customer, the Services will operate in material conformance with the functionality described on Expel’s website relating to the applicable Services; provided, however, Customer has complied with all instructions and other requirements necessary to access and use the Services. Except for the foregoing warranty, to the maximum extent permitted by law, the Software, Services, and all other documentation and materials are provided “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. CUSTOMER ACCESS AND USES THE SERVICES AT ITS OWN RISK. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY LICENSOR OR ITS AGENTS OR EMPLOYEES SHALL IN ANY WAY INCREASE THE SCOPE OF THIS WARRANTY. NOTWITHSTANDING ANY PROVISION OF THESE TERMS AND CONDITIONS, ANY SALES ORDER OR OTHERWISE TO THE CONTRARY, IN THE EVENT THERE ARE NO FEES ASSOCIATED WITH ANY SALES ORDER, OR IF EXPEL IS UNABLE AFTER A REASONABLE PERIOD OF TIME TO COLLECT ANY FEES ASSOCIATED WITH ANY SALES ORDER, EXPEL MAKES NO REPRESENTATIONS OR WARRANTY WHATSOEVER AND, TO THE FULLEST EXTENT PERMITTED BY LAW, HEREBY DISCLAIMS ANY AND ALL WARRANTIES, ORAL OR WRITTEN, EXPRESS OR IMPLIED AT LAW.
8. MUTUAL LIMITATION OF LIABILITY
   1. Types of Damages. TO THE EXTENT LEGALLY PERMITTED UNDER APPLICABLE LAW, NEITHER PARTY OR ITS RESPECTIVE SUPPLIERS SHALL BE LIABLE TO THE OTHER PARTY FOR ANY SPECIAL, INDIRECT, EXEMPLARY, PUNITIVE, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY NATURE INCLUDING, BUT NOT LIMITED TO DAMAGES OR COSTS DUE TO LOSS OF PROFITS, DATA, REVENUE, GOODWILL, PRODUCTION OR USE, BUSINESS INTERRUPTION, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR PERSONAL OR PROPERTY DAMAGE ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT , REGARDLESS OF THE CAUSE OF ACTION OR THE THEORY OF LIABILITY, WHETHER IN TORT, CONTRACT, OR OTHERWISE, EVEN IF THE OTHER PARTY HAS BEEN NOTIFIED OF THE LIKELIHOOD OF SUCH DAMAGES.NOTHING IN THIS AGREEMENT SHALL LIMIT OR EXCLUDE EITHER PARTY’S LIABILITY FOR GROSS NEGLIGENCE OR INTENTIONAL MISCONDUCT OF SUCH PARTY OR ITS EMPLOYEES OR AGENTS OR FOR DEATH OR PERSONAL INJURY. SOME STATES AND JURISDICTIONS DO NOT ALLOW FOR THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION AND EXCLUSION MAY NOT APPLY .
   2. Amount of Damages. THE MAXIMUM LIABILITY OF EITHER PARTY ARISING OUT OF OR IN ANY WAY CONNECTED TO THIS AGREEMENT SHALL NOT EXCEED THE FEES PAID OR DUE TO BE PAID BY CUSTOMER TO EXPEL DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT, ACT, OR OMISSION GIVING RISE TO THE LIABILITY. FOR THE AVOIDANCE OF DOUBT, IN THE EVENT THERE ARE NO FEES ASSOCIATED WITH ANY SALES ORDER, OR IF EXPEL IS UNABLE TO COLLECT ANY FEES ASSOCIATED WITH ANY SALES ORDER BY SIXTY (60) DAYS PAST THEIR DUE DATE, EXPEL SHALL HAVE NO LIABILITY WHATSOEVER, NOTWITHSTANDING ANY PROVISION OF THESE TERMS AND CONDITIONS, ANY SALES ORDER OR OTHERWISE TO THE CONTRARY. IN NO EVENT SHALL EXPEL’S SUPPLIERS HAVE ANY LIABILITY ARISING OUT OF OR IN ANY WAY CONNECTED TO THIS AGREEMENT.
   3. Basis of the Bargain. The parties agree that the limitations of liability set forth in this section shall survive and continue in full force and effect despite any failure of consideration or of an exclusive remedy. The parties acknowledge that the prices have been set and the Agreement entered into in reliance upon these limitations of liability and that all such limitations form an essential basis of the bargain between the parties. These Terms and Conditions are entered into by and between, and may be enforced only by, Expel and Customer. These Terms and conditions shall not be deemed to create any rights or liabilities in any third parties, including Integration Partner(s), nor to create any obligations of a party to any such third parties, and any such rights and liabilities are hereby expressly disclaimed.
9. MUTUAL CONFIDENTIALITY
   1. Confidential Information. During the term of this Agreement, each party (the “Disclosing Party”) may provide the other party (the “Receiving Party”) with certain information regarding the Disclosing Party’s business, technology, products, or services or other confidential or proprietary information that is marked as “confidential” or “proprietary” or which the Receiving Party should reasonably know is confidential and/or proprietary, given the nature of information and context of disclosure (collectively, “Confidential Information”). For the avoidance of doubt, the Software, and all enhancements and improvements thereto will be considered Confidential Information of Expel.
   2. Protection of Confidential Information. The Receiving Party agrees that it will not use or disclose to any third party any Confidential Information of the Disclosing Party, except as expressly permitted under this Agreement. The Receiving Party will limit access to the Confidential Information to Authorized Users (with respect to Customer) or to those employees who have a need to know, who have confidentiality obligations no less restrictive than those set forth herein, and who have been informed of the confidential nature of such information (with respect to Expel). In addition, the Receiving Party will protect the Disclosing Party’s Confidential Information from unauthorized use, access, or disclosure in the same manner that it protects its own proprietary information of a similar nature, but in no event with less than reasonable care. At the Disclosing Party’s request or upon termination of this Agreement, the Receiving Party will return to the Disclosing Party or destroy (or permanently erase in the case of electronic files) all copies of the Confidential Information that the Receiving Party does not have a continuing right to use under this Agreement, and the Receiving Party shall provide to the Disclosing Party a written affidavit certifying compliance with this sentence.
   3. Exceptions. The confidentiality obligations set forth in this section will not apply to any information that (a) becomes generally available to the public through no fault of the Receiving Party; (b) is lawfully provided to the Receiving Party by a third party free of any confidentiality duties or obligations; (c) was already known to the Receiving Party at the time of disclosure; (d) the Receiving Party can prove, by clear and convincing evidence, was independently developed by employees and contractors of the Receiving Party who had no access to the Confidential Information; or (e) is necessary to be disclosed to Integration Partner(s) in order for Expel to perform the Services. In addition, the Receiving Party may disclose Confidential Information to the extent that such disclosure is necessary for the Receiving Party to enforce its rights under this Agreement or is required by law or by the order of a court or similar judicial or administrative body, provided that the Receiving Party promptly notifies the Disclosing Party in writing of such required disclosure and cooperates with the Disclosing Party if the Disclosing Party seeks an appropriate protective order.
10. MUTUAL INDEMNIFICATION
    1. Subject to the Limitation of Liability specified in Section 8 of this Agreement, each party will defend at its expense any suit brought against the other party, and will pay any settlement the other party makes or approves, or any damages finally awarded in such suit, insofar as such suit is based on a claim by any third party alleging 1) Infringement or 2) Breach of Warranty. Neither party shall have any obligation under this section or otherwise with respect to any Infringement or Breach of Warranty claim if (a) the Software or Services are not used in accordance with this Agreement; (b) the Software or the Services are used with other products, equipment, software, or data not supplied or approved by Expel; or (c) the Software and Services are modified by anyone other than Expel and its authorized agents.
    2. Procedure. The indemnifying party’s obligations as set forth above are expressly conditioned upon each of the foregoing: (a) the indemnified party shall promptly notify the indemnifying party in writing of any threatened or actual claim or suit; (b) the indemnifying party shall have sole control of the defense or settlement of any claim or suit; and (c) the indemnified party shall cooperate with the indemnifying party to facilitate the settlement or defense of any claim or suit.
11. TERM AND TERMINATION
    1. Term. This Agreement remains in effect so long as any Sales Order is in effect. Each Sales Order remains in effect for the period of time set forth on the Sales Order (“Initial Term”), unless earlier terminated by either party in accordance with the subsection titled Termination. Following the Initial Term, the Sales Order shall automatically renew for additional, successive periods of one (1) year (each, a “Renewal Term”), and such Renewal Term may contain a fee increase consistent with the terms of Section 5 of this Agreement, unless and until either party gives notice to the other party of its intent not to renew the Sales Order at least ninety (90) days prior to the end of the Initial Term or then-current Renewal Term. The Initial Term and any Renewal Term(s) are collectively referred to herein as the “Term”.
    2. Termination. Either party may terminate this Agreement immediately upon notice to the other party if the other party materially breaches this Agreement, and such breach remains uncured more than thirty (30) days after receipt of written notice of such breach. Notwithstanding the foregoing, in the event of Customer breach for non-payment Expel may suspend Services with five (5) days’ written notice, and may terminate Services with ten (10) days’ written notice.
    3. Effect of Termination. Upon termination of this Agreement for any reason: (a) all rights and obligations of both parties, including all licenses granted hereunder, shall immediately terminate; and (b) within ten (10) days after the effective date of termination, each party shall comply with the obligations to return all Confidential Information of the other party, as set forth in the section titled Confidentiality. The sections and subsections titled Definitions, Limitations, Ownership, Feedback, Disclaimer of Warranties, Limitation of Liability, Confidentiality, Indemnification, Effect of Termination, and Miscellaneous will survive expiration or termination of this Agreement for any reason.
       
12. SPECIAL TERMS FOR FREE TRIAL SERVICES. From time to time, Expel may offer a short-term usage of any or all of its Services at no cost to prospective Customers for demonstration or proof of concept purposes. (“Free Trial Services”). The terms and conditions within this Agreement shall generally apply to Free Trial Services, subject to modification by the special terms contained within this Section.
    1. Free Trial Services Term and Termination; Additional Terms and Conditions. Expel will make the Free Trial Services available to Customer until the earliest of: (a) the end of the period specified in the applicable Free Trial email confirmation or Sales Order; (b) the start date of any paid Sales Order for the applicable Services; or (c) termination by Expel, at any time, in its sole discretion. Additional terms and conditions, including Supplemental Terms, may apply to Free Trial Services and Customer agrees any such additional terms and conditions are incorporated into this Agreement by reference and are legally binding.
    2. SPECIAL LIMITATIONS OF LIABILITY FOR FREE TRIAL SERVICES. THE MUTUAL LIMITATION OF LIABILITY IN SECTION 8 OF THIS AGREEMENT SHALL NOT APPLY TO ANY AGREEMENT FOR FREE TRIAL SERVICES. EXPEL PROVIDES NO WARRANTIES FOR ANY FREE TRIAL SERVICES. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW: (a) IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES ARISING OUT OF OR RELATING TO ANY AGREEMENT FOR FREE TRIAL SERVICES; AND (b) IN NO EVENT SHALL EXPEL’S CUMULATIVE AND AGGREGATE LIABILITY EXCEED ONE THOUSAND U.S. DOLLARS FOR ANY AGREEMENT FOR FREE TRIAL SERVICES. THE EXCLUSIONS AND LIMITATIONS IN THIS SECTION (COLLECTIVELY, THE “EXCLUSIONS”) APPLY WHETHER THE ALLEGED LIABILITY IS BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR ANY OTHER BASIS, EVEN IF THE NON-BREACHING PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. THE INDEMNIFICATION OBLIGATIONS UNDER SECTION 10 SHALL NOT APPLY TO EXPEL FOR ANY FREE TRIAL SERVICES AGREEMENT. THE PROVISIONS OF THIS SECTION 12 ALLOCATE THE RISKS OF A FREE TRIAL SERVICES AGREEMENT BETWEEN THE PARTIES, AND THE PARTIES HAVE RELIED ON THE EXCLUSIONS IN DETERMINING TO ENTER INTO THIS FREE TRIAL SERVICES AGREEMENT.
13. MISCELLANEOUS
    1. Compliance with Laws. Each party shall comply with all laws, regulations, rules, ordinances and orders applicable to its access to and use of the Services. Without limiting the foregoing, each party shall comply with the relevant export administration and control laws and regulations, as may be amended from time to time, including, without limitation, the United States Export Administration Act, to ensure that the Services are not transferred or exported (directly or indirectly) in violation of U.S. law.
    2. Assignment. Customer may not assign or delegate, directly or indirectly, by operation of law, change of control or otherwise, this Agreement or any of its rights or obligations under this Agreement to any third party, and any attempt to do so will be void and of no effect.
    3. Governing Law and Venue. This Agreement will be subject to and governed by the laws of the State of Delaware, without regard to conflicts of laws principles.
    4. Government End Users. The Services are a “commercial item” as that term is defined at 48 C.F.R. 2.101, consisting of “commercial computer software” and “commercial computer software documentation” as such terms are used in 48 C.F.R. 12.212. Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4, all U.S. Government end users acquire the Services with only those rights set forth therein.
    5. Export. Customer agrees not to export, reexport, or transfer, directly or indirectly, any U.S. technical data acquired from Expel, or any products utilizing such data, in violation of the United States export laws or regulations.
    6. Severability. If any provision of this Agreement is, for any reason, held to be invalid or unenforceable, the other provisions of this Agreement will remain enforceable and the invalid or unenforceable provision will be deemed modified so that it is valid and enforceable to the maximum extent permitted by law. Without limiting the generality of the foregoing, Customer agrees that the section titled Limitation of Liability will remain in effect notwithstanding the unenforceability of any provision in the subsection titled Limited Warranty.
    7. Waiver. Any waiver or failure to enforce any provision of this Agreement on one occasion will not be deemed a waiver of any other provision or of such provision on any other occasion.
    8. Remedies. Except as provided in the sections titled Limited Warranty and Indemnification, the parties’ rights and remedies under this Agreement are cumulative. Customer acknowledges that the Services and Software contain valuable trade secrets and proprietary information of Expel, that any actual or threatened breach of the sections titled Intellectual Property or Confidentiality or any other breach by Customer of its obligations with respect to Intellectual Property Rights of Expel will constitute immediate, irreparable harm to Expel for which monetary damages would be an inadequate remedy. In such case, Expel will be entitled to immediate injunctive relief without the requirement of posting bond, including an order that any Software, or any portions thereof, that Customer attempts to import into any country or territory be seized, impounded and destroyed by customs officials. If any legal action is brought to enforce this Agreement, the prevailing party will be entitled to receive its attorneys’ fees, court costs, and other collection expenses, in addition to any other relief it may receive.
    9. Force Majeure. Any delay in the performance of any duties or obligations of either party (except the payment of money owed) will not be considered a breach of this Agreement if such delay is caused by a labor dispute, shortage of materials, fire, earthquake, flood, or any other event beyond the control of such party, provided that such party uses reasonable efforts, under the circumstances, to notify the other party of the cause of such delay and to resume performance as soon as possible.
    10. Independent Contractors. Customer’s relationship to Expel is that of an independent contractor, and neither party is an agent or partner of the other. Customer will not have, and will not represent to any third party that it has, any authority to act on behalf of Expel.
    11. Notices. All notices or other communications required or permitted under this Agreement will be made in writing to the other party by electronic mail as follows: If to Expel, notices@expel.io and if to Customer, at the email address provided to Expel upon registration. Notwithstanding the foregoing, all legal notices will be made in writing to the other party as follows: If to Expel, 12950 Worldgate Drive, Suite 200, Herndon, VA 20170, and if to Customer, at the address provided to Expel upon registration. Such notices will be delivered by courier, by certified or registered mail (postage prepaid and return receipt requested), or by a nationally-recognized express mail service. Notice will be effective upon receipt or refusal of delivery. If delivered by electronic mail, any such notice will be considered to have been given on the day such electronic mail was sent. If delivered by certified or registered mail, any such notice will be considered to have been given five (5) business days after it was mailed, as evidenced by the postmark. If delivered by courier or express mail service, any such notice shall be considered to have been given on the delivery date reflected by the courier or express mail service receipt. Each party may change its contact information for receipt of notice by giving notice of such change to the other party.
    12. Counterparts. This Agreement may be executed in one or more counterparts, each of which shall be deemed an original and all of which shall be taken together and deemed to be one instrument.
    13. Entire Agreement. This Agreement is the final, complete and exclusive agreement of the parties with respect to the subject matters hereof and supersedes and merges all prior discussions between the parties with respect to such subject matters. No modification of or amendment to this Agreement, or any waiver of any rights under this Agreement, will be effective unless in writing and signed by an authorized signatory of Customer and the Expel.

Expel Managed Phishing
Service Level Agreement

 

1. Definitions. The following capitalized terms will have the definitions set forth below. All other capitalized terms that are not defined herein shall have those meanings accorded to them in Expel’s Terms of Service agreement.
   1. “Alert” means an alert to be analyzed by Expel that is generated by a Supported Product.
   2. “Email” means each email to be analyzed by Expel that is forwarded by the Customer from their phishing inbox. The same email or very similar emails that are submitted either multiple times by the same Authorized User or by multiple Authorized Users, is counted as a single Email for the purposes of this Service Level Agreement.
   3. “Covered System” means a computing device (to the extent supported by Expel) that Customer specifies as within the scope of the Expel Service whose system information or network traffic is observable to support Expel Service delivery.
   4. “Event” means an Alert cursorily reviewed by Expel and deemed to be a potential compromise of one or more of Customer’s Covered Systems that subsequently results in creation of either an Investigation or an Incident.
   5. “Expel Service” means the SaaS offerings and related services made available by Expel that are designed to help customers manage their security operations, that may include Alert analysis, Investigations, Incident reporting, non-remedial alerts, and access to a customer portal that allows the customer to review such alerts, investigations and incidents, as ordered pursuant to a Sales Order.
   6. “Incident” means a report of confirmed compromise of one or more of Customer’s Covered Systems.
   7. “Investigation” means the process executed by Expel to confirm whether possible compromises are false positives or true compromises.
   8. “Scheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which Customer is not able to access the Service due to planned system maintenance performed by Expel. Expel will provide Customer with reasonable prior notice of such Scheduled Downtime.
   9. “Supported Product” means a Product owned by or leased to Customer and supported by Expel that Expel accesses to investigate Emails.
   10. “Total Monthly Time” means the total minutes in the relevant calendar month less Scheduled Downtime. For any partial calendar month during which Customer subscribes to the Service, availability will be calculated based on the entire calendar month, not just the portion for which Customer subscribed.
   11. “Unscheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which the Customer is not able to access the features and functions of the customer portal, including email notifications of Incidents, other than Scheduled Downtime, as defined above. Unscheduled Downtime shall not include any period during which the Service is unavailable as a result of (i) non-compliance by Customer with any provision of this SLA; (ii) incompatibility of Customer’s equipment or software with the Service; (iii) actions or inactions of Customer or third parties; (iv) Customer’s use of the Service after Expel has advised Customer to modify its use of the Service, if Customer did not modify its use as advised; (v) acts or omissions of Customer or Customer’s employees, agents, contractors, or vendors, or anyone gaining access to the Service by means of Customer’s passwords or equipment; (vi) performance of Customer’s systems or the Internet; (vii) any systemic Internet failures; (viii) network unavailability or Customer’s bandwidth limitations; or (ix) Scheduled Downtime.
   12. “System Availability” means, with respect to any particular calendar month, the difference between Total Monthly Time and Unscheduled Downtime, divided by the Total Monthly Time.
2. Scope of Service. During the Term, Expel will provide Customer with the Expel Service described in this Section 2, as set forth on the Sales Order and in accordance with the terms of the Agreement. All services Customer requests that are not described in this Section 2 will be performed at the On-Demand Services rate defined on the Sales Order. All services requested by Customer that are not described in this Section 2 are subject to Expel’s availability.The Expel Service is available for the number of Users purchased. If the number of Users exceeds the amount reflected on the Sales Order by more than ten percent (10%), Expel will notify Licensee in writing, and will issue an invoice for the difference in number of Users at Expel’s then-current rates pro-rated for the remaining portion of the then-current Term.
   1. Email Analysis and Investigations. If Expel determines that an Email is indicative of potentially malicious activity, Expel will create an Investigation. If the Investigation results in sufficient evidence of malicious activity, Expel will create an Incident.
   2. Event Notifications. Customer may opt-in to receiving Event Notifications from Expel, provided that Customer has the required additional technology to receive such notifications (e.g., Slack and email servers are implemented). Expel will use reasonable efforts to provide Event Notifications within ten (10) minutes of Expel identifying the Event. Event notifications will include information known to Expel at the time the Event is identified, but may not include impact and severity details customarily determined through an Investigation or Incident report.
   3. Incident Reporting. Upon confirmation of malicious activity by Expel, Expel will publish an Incident to the online user portal and notify (which may include e-mail notification) Customer of the new Incident within 10 minutes. At its discretion, Expel may perform an extended Investigation, and/or may aggregate and review multiple Emails to determine the extent of activity related to the Incident. Expel analysts may append results from the extended investigation or subsequent analysis to the initial Incident report if Expel determines that additional or subsequent Alerts are related, and in such cases, Expel will not be required to publish a separate Incident for each such related Alert.
   4. Non-Remediable Alerts. Expel has no obligation to notify Customer or generate new Incidents for new Alerts that are directly related to previously published Incidents for which Expel has already provided recommended remediation steps, when Customer has acknowledged the prior Incident but cannot, or chooses not to, remediate the cause.
   5. Portal Access. Access to Alerts, Investigations and Incidents will be provided by an online user portal.
3.  System Performance
   1. System Availability: Expel will undertake commercially reasonable measures to ensure that System Availability equals or exceeds ninety-nine point nine five percent (99.95%) during each calendar month (the “Service Standard”).
   2. Access to Support; Response Times: Customer may report Unscheduled Downtime at any time (“24x7x365”) by sending Expel an e-mail to outage@expel.io. Expel will exercise commercially reasonable efforts to respond to reports of Unscheduled Downtime within 15 minutes of each such report.
   3. System Monitoring and Measurement: Expel uses a third party service (“Monitoring Service”) to monitor System Availability on an ongoing basis. Measurements of System Availability will be calculated on a monthly basis for each calendar month during the Term based on the records of such Monitoring Service. Customer acknowledges that the Monitoring Service may become unavailable for reasons outside Expel’s control, and in such event, Expel will make commercially reasonable efforts to notify Customer promptly in the event such unavailability materially affects Expel’s ability to monitor System Availability.
4. Customer Networks And Licensee Requirements. The Expel Service may only be provided for computer systems and networks leased to or owned by Customer, and under Customer’s control, up to the number of Nodes allowed, as set forth on the applicable Sales Order. Customer is responsible for maintenance and management of its computer network(s), servers, and software, and any equipment or services related to maintenance and management of the foregoing. Customer is responsible for correctly configuring its systems in accordance with any instructions provided by Expel, as may be necessary for provision of access to the features and functions of the Service
5.  Remedy For Breach Of Section 3:
   1.  Credits Against Fees: In the event Unscheduled Downtime occurs, Customer will be entitled to credits against its subsequent payment obligations (as set forth in the Agreement) (“Service Credits”) according to the following table:
      

      System Availability	Credit as a Percentage of One Month of Service
      99.95% – 100.00%	0%
      99.00% – 99.94%	10%
      95.00% – 98.99%	25%
      Less than 95.0%	50%

       

   2. Notwithstanding the foregoing, System Availability below 94.00% will be deemed a breach by Expel consistent with the terms of Section 11 of the Terms and Conditions. Customer’s rights under this Section 5.1 are Customer’s sole and exclusive remedy with respect to any Unscheduled Downtime or any failure by Expel to meet the Service Standard required by Section 3.1.
   3. Maximum Service Credits: The maximum amount of Service that Expel will issue to Customer for Unscheduled Downtime in a single calendar month will not exceed fifty percent (50%) of the service fees for such month.
   4. Requesting Service Credits: As a condition to Expel’s obligation to provide Service Credits to Customer, Customer must request such Service Credits by sending an e-mail identifying the date and time of the Unscheduled Downtime for which Customer is requesting Service Credits, with sufficient evidence (including description of the incident and duration of the incident) to credit@expel.io within thirty (30) days following such Unscheduled Downtime. If Customer fails to request any Service Credits to which Customer is entitled in accordance with this Section 6.3, Expel will have no obligation to issue such Service Credits to Customer.
6. Surge. Expel classifies on-demand services not expressly outlined in the contract as Surge. Surge can be requested by the customer based on the rates outlined in the contract for those services. Examples of these requests may include, but are not limited to:
   • Manual investigations: A manual investigation is a request for Expel to review and provide feedback on an anomaly identified by the customer that was NOT generated by an alert within the Expel Workbench platform;
   • Custom workflows, such as a request from the customer to design a specific automated response based on a specific use case not developed by Expel for use in the Workbench platform for universal use;
   • Red/Blue Team exercise participation; and
   • Expel support for customer onsite/virtual events or meetings not outlined in the services contract

Expel Workbench for Cloud Infrastructure
Service Level Agreement

1. Definitions. The following capitalized terms will have the definitions set forth below. All other capitalized terms that are not defined herein shall have those meanings accorded to them in Expel’s Terms of Service agreement.

1. “Alert” means an alert to be analyzed by Expel that is generated by Expel or by a Supported Product.
2. “Covered System” means a computing device (to the extent supported by Expel) that Licensee specifies as within the scope of the Expel Service whose system information or network traffic is observable to support Expel Service delivery.
3. “Event” means an Alert cursorily reviewed by Expel and deemed to be a potential compromise of one or more of Customer’s Covered Systems that subsequently results in creation of either an Investigation or an Incident.
4. “Expel Service” means the SaaS offerings and related services made available by Expel that are designed to help customers manage their security operations, that
may include alert analysis, investigations, incident reporting, non-remedial alerts, and access to a customer portal that allows the customer to review such alerts,
investigations and incidents, as ordered pursuant to a Sales Order.
5. “Incident” means a report of confirmed compromise of one or more of Licensee’s Covered Systems.
6. “Investigation” means the process executed by the Licensee to confirm whether possible compromises are false positives or true compromises. Investigations may be performed by Expel at an additional cost.
7. “Nodes” means the number of Covered Systems within Licensee’s environment, which is reflected on the Sales Order.
8. “Normal Business Hours” means 9 a.m. to 5 p.m. U.S. Eastern Time Monday through Friday excluding United States federal holidays.
9. “Scheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which Licensee is not able to access the Service due to planned system maintenance performed by Expel. Expel will provide Licensee with reasonable prior notice of such Scheduled Downtime.
10. “Supported Product” means Amazon Web Services (AWS)
11. “Total Monthly Time” means the total minutes in the relevant calendar month less Scheduled Downtime. For any partial calendar month during which Licensee subscribes to the Service, availability will be calculated based on the entire calendar month, not just the portion for which Licensee subscribed.
12. “Unscheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which the features and functions of the customer portal are not accessible, including e-mail notifications of incidents, other than Scheduled Downtime, as defined above. Unscheduled Downtime shall not include any period during which the Service is unavailable as a result of (i) non-compliance by Licensee with any provision of this SLA; (ii) incompatibility of Licensee’s equipment or software with the Service; (iii) actions or inactions of
Licensee or third parties; (iv) Licensee’s use of the Service after Expel has advised Licensee to modify its use of the Service, if Licensee did not modify its use as advised; (v) acts or omissions of Licensee or Licensee’s employees, agents, contractors, or vendors, or anyone gaining access to the Service by means of Licensee’s passwords or equipment; (vi) performance of Licensee’s systems or the Internet; (vii) any systemic Internet failures; (viii) network unavailability or Licensee’s bandwidth limitations; or (ix) Scheduled Downtime.
13. “System Availability” means, with respect to any particular calendar month, the difference between Total Monthly Time and Unscheduled Downtime, divided by the Total Monthly Time. Represented algebraically, System Availability for any particular calendar month is determined as follows:

2. Scope of Service. During the Term, Expel will provide Licensee with the Expel Service described in this Section 2, as set forth on the Sales Order and in accordance with the terms of the Agreement. All services Licensee requests that are not described in this Section 2 will be performed at the On-Demand Services rate defined on the Sales Order. All services requested by Licensee that are not described in this Section 2 are subject to Expel’s availability. The Expel Service is available for the number of Nodes purchased. If the number of Nodes exceeds the amount reflected on the Sales Order by more than ten percent (10%), Expel will notify Licensee in writing, and will issue an invoice for the difference in number of Nodes at Expel’s then-current rates pro-rated for the remaining portion of the then-current Term.

1. Covered Systems. Expel will ingest data from the Licensee’s Covered Systems, which are in scope as part of the Services to generate Alerts.
2. Alert Analysis. Expel will analyze Alerts on a 24x7x365 basis for signs of malicious activity. If Expel determines that an Alert is indicative of potentially malicious activity, Expel will create an Investigation, which will be made available for Licensee to review and take action.
3. Event Notifications. Customer may opt-in to receiving Event Notifications from Expel, provided that Customer has the required additional technology to receive such notifications (e.g., Slack and email servers are implemented). Expel will use reasonable efforts to provide Event Notifications within ten (10) minutes of Expel identifying the Event. Event notifications will include information known to Expel at the time the Event is identified, but may not include impact and severity details customarily determined through an Investigation or Incident report.
4. Ad-Hoc Investigations. The Licensee is responsible for performing Investigations that are created as a result of Expel’s alert analysis. The Licensee may request that Expel perform an Ad Hoc Investigation for an additional fee. Expel will issue an invoice for the cost of Ad Hoc Investigation at Expel’s then-current rates of the then-current Term.
5. Incident Reporting. In rare cases, Expel’s automation may confirm malicious activity and will publish an Incident to the online user portal and notify the Licensee of the new Incident within 10 minutes (in some cases, notifications will be through email). Expel analysts may append results from subsequent Alert analysis to the initial Incident report if Expel determines that additional or subsequent Alerts are related, and in such cases, Expel will not be required to publish a separate Incident for each such related Alert.
6. Non-Remediable Alerts. Expel has no obligation to notify Licensee or generate new Incidents for new Alerts that are directly related to previously published Incidents for which Expel has already provided recommended remediation steps, when Licensee has acknowledged the prior Incident but cannot, or chooses not to, remediate the cause of these Alerts.
7. Portal Access. Alerts, Investigations and Incidents will be provided by an online user portal.
8. Customer Support. General questions about features and navigation of the Expel Workbench™ interface, device onboarding, and incident analysis.

3. System Performance

1. System Availability: Expel will undertake commercially reasonable measures to ensure that System Availability equals or exceeds ninety-nine point nine five percent (99.95%) during each calendar month (the “Service Standard”).
2. Access to Support; Response and Resolution Times: Licensee may initiate support tickets through the support portal at https://support.expel.io/. Expel will establish the priority levels of corresponding support tickets in its sole discretion and will use its best efforts to adhere to the Response and Resolution times set forth below during the Normal Business Hours.

Priority Level: 1 – Major Impact

Products are inoperable, or the performance of the
products are so severely reduced that licensees
cannot reasonably continue to use the products
because of the error, the error cannot be
circumvented with a workaround, and it affects the
licensee’s ability to perform its business.

Response time: 4 business hours

Priority Level: 2 – Moderate Impact:

Performance is significantly degraded such that
licensee’s use of the products are materially impaired,
but the error can be circumvented with a workaround.

Response time: 8 business hours

Priority Level: 3 – Minor Impact:

Licensee is experiencing a performance, operational,
or functional issue in its use of the products that can
be circumvented with a workaround, and the error
causes only minimal impact to the licensee’s ability to
use the products.

Response time: 16 business hours

Priority Level: 4 – General Questions:

No issue with performance or operation of the
products. These include general questions about
features and navigation of the Expel Workbench™
interface, device onboarding, and incident analysis.
Licensee may report Unscheduled Downtime at any time (“24x7x365”) by sending Expel an e-mail to
outage@expel.io. Expel will exercise commercially
reasonable efforts to respond to reports of Unscheduled

Downtime within 15 minutes of each such report.

4. System Monitoring and Measurement: Expel uses a third party service (“Monitoring Service”) to monitor System Availability on an ongoing basis. Measurements of System Availability will be calculated on a monthly basis for each calendar month during the Term based on the records of such Monitoring Service. Licensee acknowledges that the Monitoring Service may become unavailable for reasons outside Expel’s control, and in such event, Expel will make commercially reasonable efforts to notify Licensee promptly in the event such unavailability materially affects Expel’s ability to monitor System Availability.

5. Customer Networks and Licensee Requirements. The Expel Service may only be provided for computer systems and networks leased to or owned by Licensee, and under Licensee’s control, up to the number of Nodes allowed, as set forth on the applicable Sales Order. Licensee is responsible for maintenance and management of its computer network(s), servers, and software, and any equipment or services related to maintenance and management of the foregoing. Licensee is responsible for correctly configuring its systems in accordance with any instructions provided by Expel, as may be necessary for provision of access to the features and functions of the Service.

6. Remedy for Breach of Section 3:

1. Credits Against Fees: In the event Unscheduled Downtime occurs, Licensee will be entitled to credits against its subsequent payment obligations (as set forth in the Agreement) (“Service Credits”) according to the following table:

System Availability	Credit as a Percentage of One Month of Service
99.95% – 100.00%	0%
99.00% – 99.94%	10%
95.00% – 98.99%	25%
Less than 95.0%	50%

Notwithstanding the foregoing, System Availability below 94.00% will be deemed a breach by Expel consistent with the terms of Section 11 of the Terms and Conditions.

Licensee’s rights under this Section 5.1 are Licensee’s sole and exclusive remedy with respect to any Unscheduled Downtime or any failure by Expel to meet the Service Standard required by Section 3.1.

1. Maximum Service Credits: The maximum amount of Service that Expel will issue to Licensee for Unscheduled Downtime in a single calendar month will not exceed fifty percent (50%) of the service fees for such month.
2. Requesting Service Credits: As a condition to Expel’s obligation to provide Service Credits to Licensee, Licensee must request such Service Credits by sending an e-mail identifying the date and time of the Unscheduled Downtime for which Licensee is requesting Service Credits, with sufficient evidence (including description of the incident and duration of the incident) to credit@expel.io within thirty (30) days following such Unscheduled Downtime. If Licensee fails to request any Service Credits to which Licensee is entitled in accordance with this Section 6.3, Expel will have no obligation to issue such Service Credits to Licensee.
7. Surge. Expel classifies on-demand services not expressly outlined in the contract as Surge. Surge can be requested by the customer based on the hourly rate outlined in the contract for those services. Examples of these requests may include, but are not limited to:

• Manual investigations: A manual investigation is a request for Expel to review and provide feedback on an anomaly identified by the customer that was NOT generated by an alert within the Expel Workbench platform;
• Custom workflows, such as a request from the customer to design a specific automated response based on a specific use case not developed by Expel for use in the Workbench platform for universal use;
• Red/Blue Team exercise participation; and
• Expel support for customer onsite/virtual events or meetings not outlined in the services contract.

SUPPORT EXHIBIT
Expel Managed Detection and Response (MDR)
Service Level Agreement

1. Definitions. The following capitalized terms will have the definitions set forth below. All other capitalized terms that are not defined herein shall have those meanings accorded to them in Expel’s Terms of Service agreement.

1. “Alert” means an alert to be analyzed by Expel that is generated by a Supported Product or by Expel’s own technology.
2. “Covered System” means a Supported Product that is included within the Expel Service furnished under this Agreement.
3. “Event” means an Alert cursorily reviewed by Expel and deemed to be a potential compromise of one or more of Customer’s Covered Systems that subsequently results in creation of either an Investigation or an Incident.
4. “Expel Service” means the SaaS offerings and related services made available by Expel that are designed to help customers manage their security operations, that may include alert analysis, investigations, incident reporting, non-remedial alerts, and access to a customer portal that allows the customer to review such alerts, investigations and incidents, as ordered pursuant to a Sales Order.
5. “Incident” means a report of confirmed compromise of one or more of Licensee’s Covered Systems.
6. “Investigation” means the process executed by Expel to confirm whether possible compromises are false positives or true compromises.
7. “Nodes” means the number of Covered Systems within Licensee’s environment, which is reflected on the Sales Order.
8. “Scheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which Licensee is not able to access the Service due to planned system maintenance performed by Expel. Expel will provide Licensee with reasonable prior notice of such Scheduled Downtime.
9. “Supported Product” means a SaaS application to which Licensee has a subscription and supported by Expel that generates Alerts to be analyzed by Expel. Expel, in its sole discretion, may add, remove and change the Supported Products from time to time.
10. “Threat Hunting” means a combination of automated and manual tasks leveraging and limited to capabilities of Supported Products whose goal is to generate Alerts and/or Investigations, as ordered pursuant to a Sales Order. “Total Monthly Time” means the total minutes in the relevant calendar month less Scheduled Downtime. For any partial calendar month during which Licensee subscribes to the Service, availability will be calculated based on the entire calendar month, not just the portion for which Licensee subscribed.
11. “Unscheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which the Licensee is not able to access the features and functions of the customer portal, including e-mail notifications of incidents, other than Scheduled Downtime, as defined above. Unscheduled Downtime shall not include any period during which the Service is unavailable as a result of (i) non-compliance by Licensee with any provision of this SLA; (ii) incompatibility of Licensee’s equipment or software with the Service; (iii) actions or inactions of Licensee or third parties; (iv) Licensee’s use of the Service after Expel has advised Licensee to modify its use of the Service, if Licensee did not modify its use as advised; (v) acts or omissions of Licensee or Licensee’s employees, agents, contractors, or vendors, or anyone gaining access to the Service by means of Licensee’s passwords or equipment; (vi) performance of Licensee’s systems or the Internet; (vii) any systemic Internet failures; (viii) network unavailability or Licensee’s bandwidth limitations; or (ix) Scheduled Downtime.
12. “System Availability” means, with respect to any particular calendar month, the difference between Total Monthly Time and Unscheduled Downtime, divided by the Total Monthly Time. Represented algebraically, System Availability for any particular calendar month is determined as follows:

2. Scope of Service. During the Term, Expel will provide Licensee with the Expel Service described in this Section 2, as set forth on the Sales Order and in accordance with the terms of the Agreement. All services Licensee requests that are not described in this Section 2 will be performed at the On-Demand Services rate defined on the Sales Order. All services requested by Licensee that are not described in this Section 2 are subject to Expel’s availability. The Expel Service is available for the number of Nodes purchased. If the number of Nodes exceeds the amount reflected on the Sales Order by more than ten percent (10%), Expel will notify Licensee in writing, and will issue an invoice for the difference in number of Nodes at Expel’s then-current rates pro-rated for the remaining portion of the then-current Term.

1. Alert Analysis and Investigations. Expel will analyze Alerts on a 24x7x365 basis for signs of malicious activity. If Expel determines that an Alert is indicative of potentially malicious activity, Expel will create an Investigation. If the Investigation results in sufficient evidence of malicious activity, Expel will create an Incident.

2. Event Notifications. Customer may opt-in to receiving Event Notifications from Expel, provided that Customer has the required additional technology to receive such notifications (e.g., Slack and email servers are implemented). Expel will use reasonable efforts to provide Event Notifications within ten (10) minutes of Expel identifying the Event. Event notifications will include information known to Expel at the time the Event is identified, but may not include impact and severity details customarily determined through an Investigation or Incident report.

3. Incident Reporting. Upon confirmation of malicious activity by Expel, Expel will publish an Incident to the online user portal and notify (which may include e-mail notification) Licensee of the new Incident within 10 minutes. At its discretion, Expel may perform an extended investigation, and/or may aggregate and review multiple Alerts from related Covered systems to determine the extent of activity related to the Incident. Expel analysts may append results from the extended investigation or subsequent Alert analysis to the initial Incident report if Expel determines that additional or subsequent Alerts are related, and in
such cases, Expel will not be required to publish a separate Incident for each such related Alert.

4. Non-Remediable Alerts. Expel has no obligation to notify Licensee or generate new Incidents for new Alerts that are directly related to previously published Incidents for which Expel has already provided recommended remediation steps, when Licensee has acknowledged the prior Incident but cannot, or chooses not to, remediate the cause of these Alerts.

5. Portal Access. Alerts, Investigations andIncidents will be provided by an online user portal.

3. System Performance

1. System Availability: Expel will undertake commercially reasonable measures to ensure that System Availability equals or exceeds ninety-nine point nine five percent (99.95%) during each calendar month (the “Service Standard”).

2. Access to Support; Response Times: Licensee may report Unscheduled Downtime at any time (“24x7x365”) by sending Expel an e-mail to outage@expel.io. Expel will exercise commercially reasonable efforts to respond to reports of Unscheduled Downtime within 15 minutes of each such report.

3. System Monitoring and Measurement: Expel uses a third party service (“Monitoring Service”) to monitor System Availability on an ongoing basis. Measurements of System Availability will be calculated on a monthly basis for each calendar month during the Term based on the records of such Monitoring Service. Licensee acknowledges that the Monitoring Service may become unavailable for reasons outside Expel’s
control, and in such event, Expel will make commercially reasonable efforts to notify Licensee promptly in the event such unavailability materially affects Expel’s ability to monitor System Availability.

4. Customer Networks and Licensee Requirements. The Expel Service may only be provided for computer systems and networks leased to or owned by Licensee, and under Licensee’s control, up to the number of Nodes allowed, as set forth on the applicable Sales Order. Licensee is responsible for maintenance and management of its computer network(s), servers, and software, and any equipment or services related to maintenance and management of the foregoing. Licensee is responsible for correctly configuring its systems in accordance with any instructions provided by Expel, as may be necessary for provision of access to the features and functions of the Service. 5. Remedy for Breach of Section 3:

1. Credits Against Fees: Credits Against Fees: In the event Unscheduled Downtime occurs, Customer will be entitled to credits against its subsequent payment obligations (as set forth in the Agreement) (“Service Credits”) according to the following table:

System Availability	Credit as a Percentage of One Month of Service
99.95% – 100.00%	0%
99.00% – 99.94%	10%
95.00% – 98.99%	25%
Less than 95.0%	50%

Notwithstanding the foregoing, System Availability below 94.00% will be deemed a breach by Expel consistent with the terms of Section 11 of the Terms and Conditions.

Licensee’s rights under this Section 5.1 are Licensee’s sole and exclusive remedy with respect to any Unscheduled Downtime or any failure by Expel to meet the Service Standard required by Section 3.1.

2. Maximum Service Credits: The maximum amount of Service that Expel will issue to Licensee for Unscheduled Downtime in a single calendar month will not exceed fifty percent (50%) of the service fees for such month.

3. Requesting Service Credits: As a condition to Expel’s obligation to provide Service Credits to Licensee, Licensee must request such Service Credits by sending an e-mail identifying the date and time of the Unscheduled Downtime for which Licensee is requesting Service Credits, with sufficient evidence (including description of the incident and duration of the incident) to credit@expel.io within thirty (30) days following such Unscheduled Downtime. If Licensee fails to request any Service Credits to which Licensee is entitled in accordance with this Section 6.3, Expel will have no obligation to issue such Service Credits to Licensee.
6. Surge. Expel classifies on-demand services not expressly outlined in the contract as Surge. Surge can be requested by the customer based on the hourly rate outlined in the contract for those services. Examples of these requests may include, but are not limited to:

• Manual investigations: A manual investigation is a request for Expel to review and provide feedback on an anomaly identified by the customer that was NOT generated by an alert within the Expel Workbench platform;
• Custom workflows, such as a request from the customer to design a specific automated response based on a specific use case not developed by Expel for use in the Workbench platform for universal use;
• Red/Blue Team exercise participation; and
• Expel support for customer onsite/virtual events or meetings not outlined in the services contract.

SUPPORT EXHIBIT
Expel Managed Detection and Response (MDR) for On-Prem Infrastructure
Service Level Agreement

1. Definitions. The following capitalized terms will have the definitions set forth below. All other capitalized terms that are not defined herein shall have those meanings accorded to them in Expel’s Terms of Service agreement. “Alert” means an alert to be analyzed by Expel that is generated by a Supported Product or by Expel’s own technology.

1. “Covered System” means a computing device (to the extent supported by Expel) that Licensee specifies as within the scope of the Expel Service on which a Supported Product is installed.
2. “Event” means an Alert cursorily reviewed by Expel and deemed to be a potential compromise of one or more of Customer’s Covered Systems that subsequently results in creation of either an Investigation or an Incident.
3. “Expel Service” means the SaaS offerings and related services made available by Expel that are designed to help customers manage their security operations, that may include alert analysis, investigations, incident reporting, non-remedial alerts, and access to a customer portal that allows the customer to review such alerts, investigations and incidents, as ordered pursuant to a Sales Order.
4. “Incident” means a report of confirmed compromise of one or more of Licensee’s Covered Systems.
5. “Investigation” means the process executed by Expel to confirm whether possible compromises are false positives or true compromises.
6. “Nodes” means the number of Covered Systems within Licensee’s environment, which is reflected on the Sales Order.
7. “Scheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which Licensee is not able to access the Service due to planned system maintenance performed by Expel. Expel will provide Licensee with reasonable prior notice of such Scheduled Downtime.
8. “Supported Product” means an endpoint protection platform,endpoint and detection and response product, network security product, Security Information and Event Management (SIEM), or User and Entity Behavior Analytics (UEBA) owned by or leased to Licensee and supported by Expel that generates Alerts to be analyzed by Expel. Expel, in its sole discretion, may add, remove and change the Supported Products from time to time.
9. “Threat Hunting” means a combination of automated and manual tasks leveraging and limited to capabilities of Supported Products whose goal is to generate Alerts and/or Investigations, as ordered pursuant to a Sales Order.
10. “Total Monthly Time” means the total minutes in the relevant calendar month less Scheduled Downtime. For any partial calendar month during which Licensee subscribes to the Service, availability will be calculated based on the entire calendar month, not just the portion for which Licensee subscribed.
11. “Unscheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which the Licensee is not able to access the features and functions of the customer portal, including e-mail notifications of incidents, other than Scheduled Downtime, as defined above. Unscheduled Downtime shall not include any period during which the Service is unavailable as a
    result of (i) non-compliance by Licensee with any provision of this SLA; (ii) incompatibility of Licensee’s equipment or software with the Service; (iii) actions or inactions of Licensee or third parties; (iv) Licensee’s use of the Service after Expel has advised Licensee to modify its use of the Service, if Licensee did not modify its use as advised; (v) acts or omissions of Licensee or Licensee’s employees,
    agents, contractors, or vendors, or anyone gaining access to the Service by means of Licensee’s passwords or equipment; (vi) performance of Licensee’s systems or the Internet; (vii) any systemic Internet failures; (viii) network unavailability or Licensee’s bandwidth limitations; or (ix) Scheduled Downtime.
12. “System Availability” means, with respect to any particular calendar month, the difference between Total Monthly Time and Unscheduled Downtime, divided by the Total Monthly Time. Represented algebraically, System Availability for any particular calendar month is determined as follows:

2. Scope of Service. During the Term, Expel will provide Licensee with the Expel Service described in this Section 2, as set forth on the Sales Order and in accordance with the terms of the Agreement. All services Licensee requests that are not described in this Section 2 will be performed at the On-Demand Services rate defined on the Sales Order. All services requested by Licensee that are not described in this Section 2 are subject to Expel’s availability. The Expel Service is available for the number of Nodes purchased. If the number of Nodes exceeds the amount reflected on the Sales Order by more than ten percent (10%), Expel will notify Licensee in writing, and will issue an invoice for the difference in number of Nodes at Expel’s then-current rates pro-rated for the remaining portion of the then-current Term.

1. Alert Analysis and Investigations. Expel will analyze Alerts on a 24x7x365 basis for signs of malicious activity. If Expel determines that an Alert is indicative of potentially malicious activity, Expel
will create an Investigation. If the Investigation results in sufficient evidence of malicious activity, Expel will create an Incident.

2. Event Notifications. Customer may opt-in to receiving Event Notifications from Expel, provided that Customer has the required additional technology to receive such notifications (e.g., Slack and email servers are implemented). Expel will use reasonable efforts to provide Event Notifications within ten (10) minutes of Expel identifying the Event. Event notifications will include information known to Expel at the time the Event is identified, but may not include impact and severity details customarily determined through an Investigation or Incident report.

3. Incident Reporting. Upon confirmation of malicious activity by Expel, Expel will publish an Incident to the online user portal and notify (which may include e-mail notification) Licensee of the new Incident within 10 minutes. At its discretion, Expel may perform an extended investigation, and/or may aggregate and review multiple Alerts from related Covered systems to determine the extent of activity related to the Incident. Expel analysts may append results from the extended investigation or subsequent Alert analysis to the initial Incident report if Expel determines that additional or subsequent Alerts are related, and in such cases, Expel will not be required to publish a separate Incident for each such related Alert.

4. Non-Remediable Alerts. Expel has no obligation to notify Licensee or generate new Incidents for new Alerts that are directly related to previously published Incidents for which Expel has already provided recommended remediation steps, when Licensee has acknowledged the prior Incident but cannot, or chooses not to, remediate the cause of these Alerts.

5. Portal Access. Alerts, Investigations and Incidents will be provided by an online user portal.

6. Custom SIEM rules. If desired, Customer may engage with Expel to request the creation/modification of up to ten (10) custom rules in Customer’s SIEM, provided that Customer’s SIEM is deemed suitable by Expel for custom rules. The list of suitable SIEM presently includes Splunk ES, Exabeam XDR, and Sumo Logic CSE, and is subject to change at any time. Expel will work with Customer to understand its custom requests, determine feasibility, and develop mutually agreed upon custom rules. Expel may, in its sole discretion, determine certain requests to be unfeasible or outside the scope of service delivery. Requests for custom rules beyond the first ten (10) may be handled under Surge pricing.

 

 

3. System Performance

1. System Availability: Expel will undertake commercially reasonable measures to ensure that System Availability equals or exceeds ninety-nine point nine five percent (99.95%) during each calendar month (the “Service Standard”).

2. Access to Support; Response Times: Licensee may report Unscheduled Downtime at any time (“24x7x365”) by sending Expel an e-mail to outage@expel.io. Expel will exercise commercially reasonable efforts to respond to reports of Unscheduled Downtime within 15 minutes of each such report.

3. System Monitoring and Measurement: Expel uses a third party service (“Monitoring Service”) to monitor System Availability on an ongoing basis. Measurements of System Availability will be calculated on a monthly basis for each calendar month during the Term based on the records of such Monitoring Service. Licensee acknowledges that the Monitoring Service may become unavailable for reasons outside Expel’s
control, and in such event, Expel will make commercially reasonable efforts to notify Licensee promptly in the event such unavailability materially affects Expel’s ability to monitor System Availability.

4. Customer Networks and Licensee Requirements. The Expel Service may only be provided for computer systems and networks leased to or owned by Licensee, and under Licensee’s control, up to the number of Nodes allowed, as set forth on the applicable Sales Order. Licensee is responsible for maintenance and management of its computer network(s), servers, and software, and any equipment or services related to maintenance and management of the foregoing. Licensee is responsible for correctly configuring its systems in accordance with any instructions provided by Expel, as may be necessary for provision of access to the features and functions of the Service. 5. Remedy for Breach of Section 3:

1. Credits Against Fees: Credits Against Fees: In the event Unscheduled Downtime occurs, Customer will be entitled to credits against its subsequent payment obligations (as set forth in the Agreement) (“Service Credits”) according to the following table:

System Availability	Credit as a Percentage of One Month of Service
99.95% – 100.00%	0%
99.00% – 99.94%	10%
95.00% – 98.99%	25%
Less than 95.0%	50%

Notwithstanding the foregoing, System Availability below 94.00% will be deemed a breach by Expel consistent with the terms of Section 11 of the Terms and Conditions.

Licensee’s rights under this Section 5.1 are Licensee’s sole and exclusive remedy with respect to any Unscheduled Downtime or any failure by Expel to meet the Service Standard required by Section 3.1.

2. Maximum Service Credits: The maximum amount of Service that Expel will issue to Licensee for Unscheduled Downtime in a single calendar month will not exceed fifty percent (50%) of the service fees for such month.

3. Requesting Service Credits: As a condition to Expel’s obligation to provide Service Credits to Licensee, Licensee must request such Service Credits by sending an e-mail identifying the date and time of the Unscheduled Downtime for which Licensee is requesting Service Credits, with sufficient evidence (including description of the incident and duration of the incident) to credit@expel.io within thirty (30) days following such Unscheduled Downtime. If Licensee fails to request any Service Credits to which Licensee is entitled in accordance with this Section 6.3, Expel will have no obligation to issue such Service Credits to Licensee.
6. Surge. Expel classifies on-demand services not expressly outlined in the contract as Surge. Surge can be requested by the customer based on the hourly rate outlined in the contract for those services. Examples of these requests may include, but are not limited to:

• Manual investigations: A manual investigation is a request for Expel to review and provide feedback on an anomaly identified by the customer that was NOT generated by an alert within the Expel Workbench platform;
• Custom workflows, such as a request from the customer to design a specific automated response based on a specific use case not developed by Expel for use in the Workbench platform for universal use;
• Red/Blue Team exercise participation; and
• Expel support for customer onsite/virtual events or meetings not outlined in the services contract.

SUPPORT EXHIBIT
Expel Managed Detection and Response (MDR) for EDR
Service Level Agreement

1. Definitions. The following capitalized terms will have the definitions set forth below. All other capitalized terms that are not defined herein shall have those meanings accorded to them in Expel’s Terms of Service agreement. “Alert” means an alert to be analyzed by Expel that is generated by a Supported Product or by Expel’s own technology.

1. “Covered System” means a computing device (to the extent supported by Expel) that Licensee specifies as within the scope of the Expel Service on which a Supported Product is installed.
2. “Event” means an Alert cursorily reviewed by Expel and deemed to be a potential compromise of one or more of Customer’s Covered Systems that subsequently results in creation of either an Investigation or an Incident.
3. “Expel Service” means the SaaS offerings and related services made available by Expel that are designed to help customers manage their security operations, that may include alert analysis, investigations, incident reporting, non-remedial alerts, and access to a customer portal that allows the customer to review such alerts, investigations and incidents, as ordered pursuant to a Sales Order.
4. “Incident” means a report of confirmed compromise of one or more of Licensee’s Covered Systems.
5. “Investigation” means the process executed by Expel to confirm whether possible compromises are false positives or true compromises.
6. “Nodes” means the number of Covered Systems within Licensee’s environment, which is reflected on the Sales Order.
7. “Scheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which Licensee is not able to access the Service due to planned system maintenance performed by Expel. Expel will provide Licensee with reasonable prior notice of such Scheduled Downtime.
8. “Supported Product” means an endpoint protection platform,endpoint and detection and response product, network security product, Security Information and Event Management (SIEM), or User and Entity Behavior Analytics (UEBA) owned by or leased to Licensee and supported by Expel that generates Alerts to be analyzed by Expel. Expel, in its sole discretion, may add, remove and change the Supported Products from time to time.
9. “Threat Hunting” means a combination of automated and manual tasks leveraging and limited to capabilities of Supported Products whose goal is to generate Alerts and/or Investigations, as ordered pursuant to a Sales Order.
10. “Total Monthly Time” means the total minutes in the relevant calendar month less Scheduled Downtime. For any partial calendar month during which Licensee subscribes to the Service, availability will be calculated based on the entire calendar month, not just the portion for which Licensee subscribed.
11. “Unscheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which the Licensee is not able to access the features and functions of the customer portal, including e-mail notifications of incidents, other than Scheduled Downtime, as defined above. Unscheduled Downtime shall not include any period during which the Service is unavailable as a
    result of (i) non-compliance by Licensee with any provision of this SLA; (ii) incompatibility of Licensee’s equipment or software with the Service; (iii) actions or inactions of Licensee or third parties; (iv) Licensee’s use of the Service after Expel has advised Licensee to modify its use of the Service, if Licensee did not modify its use as advised; (v) acts or omissions of Licensee or Licensee’s employees,
    agents, contractors, or vendors, or anyone gaining access to the Service by means of Licensee’s passwords or equipment; (vi) performance of Licensee’s systems or the Internet; (vii) any systemic Internet failures; (viii) network unavailability or Licensee’s bandwidth limitations; or (ix) Scheduled Downtime.
12. “System Availability” means, with respect to any particular calendar month, the difference between Total Monthly Time and Unscheduled Downtime, divided by the Total Monthly Time. Represented algebraically, System Availability for any particular calendar month is determined as follows:

2. Scope of Service. During the Term, Expel will provide Licensee with the Expel Service described in this Section 2, as set forth on the Sales Order and in accordance with the terms of the Agreement. All services Licensee requests that are not described in this Section 2 will be performed at the On-Demand Services rate defined on the Sales Order. All services requested by Licensee that are not described in this Section 2 are subject to Expel’s availability. The Expel Service is available for the number of Nodes purchased. If the number of Nodes exceeds the amount reflected on the Sales Order by more than ten percent (10%), Expel will notify Licensee in writing, and will issue an invoice for the difference in number of Nodes at Expel’s then-current rates pro-rated for the remaining portion of the then-current Term.

1. Alert Analysis and Investigations. Expel will analyze Alerts on a 24x7x365 basis for signs of malicious activity. If Expel determines that an Alert is indicative of potentially malicious activity, Expel
will create an Investigation. If the Investigation results in sufficient evidence of malicious activity, Expel will create an Incident.

2. Event Notifications. Customer may opt-in to receiving Event Notifications from Expel, provided that Customer has the required additional technology to receive such notifications (e.g., Slack and email servers are implemented). Expel will use reasonable efforts to provide Event Notifications within ten (10) minutes of Expel identifying the Event. Event notifications will include information known to Expel at the time the Event is identified, but may not include impact and severity details customarily determined through an Investigation or Incident report.

3. Incident Reporting. Upon confirmation of malicious activity by Expel, Expel will publish an Incident to the online user portal and notify (which may include e-mail notification) Licensee of the new Incident within 10 minutes. At its discretion, Expel may perform an extended investigation, and/or may aggregate and review multiple Alerts from related Covered systems to determine the extent of activity related to the Incident. Expel analysts may append results from the extended investigation or subsequent Alert analysis to the initial Incident report if Expel determines that additional or subsequent Alerts are related, and in such cases, Expel will not be required to publish a separate Incident for each such related Alert.

4. Non-Remediable Alerts. Expel has no obligation to notify Licensee or generate new Incidents for new Alerts that are directly related to previously published Incidents for which Expel has already provided recommended remediation steps, when Licensee has acknowledged the prior Incident but cannot, or chooses not to, remediate the cause of these Alerts.

5. Portal Access. Alerts, Investigations and Incidents will be provided by an online user portal.

6. Custom SIEM rules. If desired, Customer may engage with Expel to request the creation/modification of up to ten (10) custom rules in Customer’s SIEM, provided that Customer’s SIEM is deemed suitable by Expel for custom rules. The list of suitable SIEM presently includes Azure Sentinel, and is subject to change at any time. Expel will work with Customer to understand its custom requests, determine feasibility, and develop mutually agreed upon custom rules. Expel may, in its sole discretion, determine certain requests to be unfeasible or outside the scope of service delivery. Requests for custom rules beyond the first ten (10) may be handled under Surge pricing.

 

3. System Performance

1. System Availability: Expel will undertake commercially reasonable measures to ensure that System Availability equals or exceeds ninety-nine point nine five percent (99.95%) during each calendar month (the “Service Standard”).

2. Access to Support; Response Times: Licensee may report Unscheduled Downtime at any time (“24x7x365”) by sending Expel an e-mail to outage@expel.io. Expel will exercise commercially reasonable efforts to respond to reports of Unscheduled Downtime within 15 minutes of each such report.

3. System Monitoring and Measurement: Expel uses a third party service (“Monitoring Service”) to monitor System Availability on an ongoing basis. Measurements of System Availability will be calculated on a monthly basis for each calendar month during the Term based on the records of such Monitoring Service. Licensee acknowledges that the Monitoring Service may become unavailable for reasons outside Expel’s
control, and in such event, Expel will make commercially reasonable efforts to notify Licensee promptly in the event such unavailability materially affects Expel’s ability to monitor System Availability.

4. Customer Networks and Licensee Requirements. The Expel Service may only be provided for computer systems and networks leased to or owned by Licensee, and under Licensee’s control, up to the number of Nodes allowed, as set forth on the applicable Sales Order. Licensee is responsible for maintenance and management of its computer network(s), servers, and software, and any equipment or services related to maintenance and management of the foregoing. Licensee is responsible for correctly configuring its systems in accordance with any instructions provided by Expel, as may be necessary for provision of access to the features and functions of the Service. 5. Remedy for Breach of Section 3:

1. Credits Against Fees: Credits Against Fees: In the event Unscheduled Downtime occurs, Customer will be entitled to credits against its subsequent payment obligations (as set forth in the Agreement) (“Service Credits”) according to the following table:

System Availability	Credit as a Percentage of One Month of Service
99.95% – 100.00%	0%
99.00% – 99.94%	10%
95.00% – 98.99%	25%
Less than 95.0%	50%

Notwithstanding the foregoing, System Availability below 94.00% will be deemed a breach by Expel consistent with the terms of Section 11 of the Terms and Conditions.

Licensee’s rights under this Section 5.1 are Licensee’s sole and exclusive remedy with respect to any Unscheduled Downtime or any failure by Expel to meet the Service Standard required by Section 3.1.

2. Maximum Service Credits: The maximum amount of Service that Expel will issue to Licensee for Unscheduled Downtime in a single calendar month will not exceed fifty percent (50%) of the service fees for such month.

3. Requesting Service Credits: As a condition to Expel’s obligation to provide Service Credits to Licensee, Licensee must request such Service Credits by sending an e-mail identifying the date and time of the Unscheduled Downtime for which Licensee is requesting Service Credits, with sufficient evidence (including description of the incident and duration of the incident) to credit@expel.io within thirty (30) days following such Unscheduled Downtime. If Licensee fails to request any Service Credits to which Licensee is entitled in accordance with this Section 6.3, Expel will have no obligation to issue such Service Credits to Licensee.
6. Surge. Expel classifies on-demand services not expressly outlined in the contract as Surge. Surge can be requested by the customer based on the hourly rate outlined in the contract for those services. Examples of these requests may include, but are not limited to:

• Manual investigations: A manual investigation is a request for Expel to review and provide feedback on an anomaly identified by the customer that was NOT generated by an alert within the Expel Workbench platform;
• Custom workflows, such as a request from the customer to design a specific automated response based on a specific use case not developed by Expel for use in the Workbench platform for universal use;
• Red/Blue Team exercise participation; and
• Expel support for customer onsite/virtual events or meetings not outlined in the services contract.

SUPPORT EXHIBIT
Expel Managed Detection and Response (MDR) for Cloud Infrastructure
Service Level Agreement

1. Definitions. The following capitalized terms will have the definitions set forth below. All other capitalized terms that are not defined herein shall have those meanings accorded to them in Expel’s Terms of Service agreement. “Alert” means an alert to be analyzed by Expel that is generated by a Supported Product or by Expel’s own technology.

1. “Covered System” means a computing device (to the extent supported by Expel) that Licensee specifies as within the scope of the Expel Service on which a Supported Product is installed.
2. “Event” means an Alert cursorily reviewed by Expel and deemed to be a potential compromise of one or more of Customer’s Covered Systems that subsequently results in creation of either an Investigation or an Incident.
3. “Expel Service” means the SaaS offerings and related services made available by Expel that are designed to help customers manage their security operations, that may include alert analysis, investigations, incident reporting, non-remedial alerts, and access to a customer portal that allows the customer to review such alerts, investigations and incidents, as ordered pursuant to a Sales Order.
4. “Incident” means a report of confirmed compromise of one or more of Licensee’s Covered Systems.
5. “Investigation” means the process executed by Expel to confirm whether possible compromises are false positives or true compromises.
6. “Nodes” means the number of Covered Systems within Licensee’s environment, which is reflected on the Sales Order.
7. “Scheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which Licensee is not able to access the Service due to planned system maintenance performed by Expel. Expel will provide Licensee with reasonable prior notice of such Scheduled Downtime.
8. “Supported Product” means an endpoint protection platform,endpoint and detection and response product, network security product, Security Information and Event Management (SIEM), or User and Entity Behavior Analytics (UEBA) owned by or leased to Licensee and supported by Expel that generates Alerts to be analyzed by Expel. Expel, in its sole discretion, may add, remove and change the Supported Products from time to time.
9. “Threat Hunting” means a combination of automated and manual tasks leveraging and limited to capabilities of Supported Products whose goal is to generate Alerts and/or Investigations, as ordered pursuant to a Sales Order.
10. “Total Monthly Time” means the total minutes in the relevant calendar month less Scheduled Downtime. For any partial calendar month during which Licensee subscribes to the Service, availability will be calculated based on the entire calendar month, not just the portion for which Licensee subscribed.
11. “Unscheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which the Licensee is not able to access the features and functions of the customer portal, including e-mail notifications of incidents, other than Scheduled Downtime, as defined above. Unscheduled Downtime shall not include any period during which the Service is unavailable as a
    result of (i) non-compliance by Licensee with any provision of this SLA; (ii) incompatibility of Licensee’s equipment or software with the Service; (iii) actions or inactions of Licensee or third parties; (iv) Licensee’s use of the Service after Expel has advised Licensee to modify its use of the Service, if Licensee did not modify its use as advised; (v) acts or omissions of Licensee or Licensee’s employees,
    agents, contractors, or vendors, or anyone gaining access to the Service by means of Licensee’s passwords or equipment; (vi) performance of Licensee’s systems or the Internet; (vii) any systemic Internet failures; (viii) network unavailability or Licensee’s bandwidth limitations; or (ix) Scheduled Downtime.
12. “System Availability” means, with respect to any particular calendar month, the difference between Total Monthly Time and Unscheduled Downtime, divided by the Total Monthly Time. Represented algebraically, System Availability for any particular calendar month is determined as follows:

2. Scope of Service. During the Term, Expel will provide Licensee with the Expel Service described in this Section 2, as set forth on the Sales Order and in accordance with the terms of the Agreement. All services Licensee requests that are not described in this Section 2 will be performed at the On-Demand Services rate defined on the Sales Order. All services requested by Licensee that are not described in this Section 2 are subject to Expel’s availability. The Expel Service is available for the number of Nodes purchased. If the number of Nodes exceeds the amount reflected on the Sales Order by more than ten percent (10%), Expel will notify Licensee in writing, and will issue an invoice for the difference in number of Nodes at Expel’s then-current rates pro-rated for the remaining portion of the then-current Term.

1. Alert Analysis and Investigations. Expel will analyze Alerts on a 24x7x365 basis for signs of malicious activity. If Expel determines that an Alert is indicative of potentially malicious activity, Expel
will create an Investigation. If the Investigation results in sufficient evidence of malicious activity, Expel will create an Incident.

2. Event Notifications. Customer may opt-in to receiving Event Notifications from Expel, provided that Customer has the required additional technology to receive such notifications (e.g., Slack and email servers are implemented). Expel will use reasonable efforts to provide Event Notifications within ten (10) minutes of Expel identifying the Event. Event notifications will include information known to Expel at the time the Event is identified, but may not include impact and severity details customarily determined through an Investigation or Incident report.

3. Incident Reporting. Upon confirmation of malicious activity by Expel, Expel will publish an Incident to the online user portal and notify (which may include e-mail notification) Licensee of the new Incident within 10 minutes. At its discretion, Expel may perform an extended investigation, and/or may aggregate and review multiple Alerts from related Covered systems to determine the extent of activity related to the Incident. Expel analysts may append results from the extended investigation or subsequent Alert analysis to the initial Incident report if Expel determines that additional or subsequent Alerts are related, and in such cases, Expel will not be required to publish a separate Incident for each such related Alert.

4. Non-Remediable Alerts. Expel has no obligation to notify Licensee or generate new Incidents for new Alerts that are directly related to previously published Incidents for which Expel has already provided recommended remediation steps, when Licensee has acknowledged the prior Incident but cannot, or chooses not to, remediate the cause of these Alerts.

5. Portal Access. Alerts, Investigations and Incidents will be provided by an online user portal.

3. System Performance

1. System Availability: Expel will undertake commercially reasonable measures to ensure that System Availability equals or exceeds ninety-nine point nine five percent (99.95%) during each calendar month (the “Service Standard”).

2. Access to Support; Response Times: Licensee may report Unscheduled Downtime at any time (“24x7x365”) by sending Expel an e-mail to outage@expel.io. Expel will exercise commercially reasonable efforts to respond to reports of Unscheduled Downtime within 15 minutes of each such report.

3. System Monitoring and Measurement: Expel uses a third party service (“Monitoring Service”) to monitor System Availability on an ongoing basis. Measurements of System Availability will be calculated on a monthly basis for each calendar month during the Term based on the records of such Monitoring Service. Licensee acknowledges that the Monitoring Service may become unavailable for reasons outside Expel’s
control, and in such event, Expel will make commercially reasonable efforts to notify Licensee promptly in the event such unavailability materially affects Expel’s ability to monitor System Availability.

4. Customer Networks and Licensee Requirements. The Expel Service may only be provided for computer systems and networks leased to or owned by Licensee, and under Licensee’s control, up to the number of Nodes allowed, as set forth on the applicable Sales Order. Licensee is responsible for maintenance and management of its computer network(s), servers, and software, and any equipment or services related to maintenance and management of the foregoing. Licensee is responsible for correctly configuring its systems in accordance with any instructions provided by Expel, as may be necessary for provision of access to the features and functions of the Service. 5. Remedy for Breach of Section 3:

1. Credits Against Fees: Credits Against Fees: In the event Unscheduled Downtime occurs, Customer will be entitled to credits against its subsequent payment obligations (as set forth in the Agreement) (“Service Credits”) according to the following table:

System Availability	Credit as a Percentage of One Month of Service
99.95% – 100.00%	0%
99.00% – 99.94%	10%
95.00% – 98.99%	25%
Less than 95.0%	50%

Notwithstanding the foregoing, System Availability below 94.00% will be deemed a breach by Expel consistent with the terms of Section 11 of the Terms and Conditions.

Licensee’s rights under this Section 5.1 are Licensee’s sole and exclusive remedy with respect to any Unscheduled Downtime or any failure by Expel to meet the Service Standard required by Section 3.1.

2. Maximum Service Credits: The maximum amount of Service that Expel will issue to Licensee for Unscheduled Downtime in a single calendar month will not exceed fifty percent (50%) of the service fees for such month.

3. Requesting Service Credits: As a condition to Expel’s obligation to provide Service Credits to Licensee, Licensee must request such Service Credits by sending an e-mail identifying the date and time of the Unscheduled Downtime for which Licensee is requesting Service Credits, with sufficient evidence (including description of the incident and duration of the incident) to credit@expel.io within thirty (30) days following such Unscheduled Downtime. If Licensee fails to request any Service Credits to which Licensee is entitled in accordance with this Section 6.3, Expel will have no obligation to issue such Service Credits to Licensee.
6. Surge. Expel classifies on-demand services not expressly outlined in the contract as Surge. Surge can be requested by the customer based on the hourly rate outlined in the contract for those services. Examples of these requests may include, but are not limited to:

• Manual investigations: A manual investigation is a request for Expel to review and provide feedback on an anomaly identified by the customer that was NOT generated by an alert within the Expel Workbench platform;
• Custom workflows, such as a request from the customer to design a specific automated response based on a specific use case not developed by Expel for use in the Workbench platform for universal use;
• Red/Blue Team exercise participation; and
• Expel support for customer onsite/virtual events or meetings not outlined in the services contract.

SUPPORT EXHIBIT
Expel Hunting
Service Level Agreement

1. Definitions. The following capitalized terms will have the definitions set forth below. All other capitalized terms that are not defined herein shall have those meanings accorded to them in Expel’s Terms of Service agreement. “Alert” means an alert to be analyzed by Expel that is generated by a Supported Product or by Expel’s own technology.

1. “Covered System” means a computing device (to the extent supported by Expel) that Licensee specifies as within the scope of the Expel Service on which a Supported Product is installed.
2. “Event” means an Alert cursorily reviewed by Expel and deemed to be a potential compromise of one or more of Customer’s Covered Systems that subsequently results in creation of either an Investigation or an Incident.
3. “Expel Service” means the SaaS offerings and related services made available by Expel that are designed to help customers manage their security operations, that may include alert analysis, investigations, incident reporting, non-remedial alerts, and access to a customer portal that allows the customer to review such alerts, investigations and incidents, as ordered pursuant to a Sales Order.
4. “Incident” means a report of confirmed compromise of one or more of Licensee’s Covered Systems.
5. “Investigation” means the process executed by Expel to confirm whether possible compromises are false positives or true compromises.
6. “Nodes” means the number of Covered Systems within Licensee’s environment, which is reflected on the Sales Order.
7. “Scheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which Licensee is not able to access the Service due to planned system maintenance performed by Expel. Expel will provide Licensee with reasonable prior notice of such Scheduled Downtime.
8. “Supported Product” means an endpoint protection platform,endpoint and detection and response product, network security product, Security Information and Event Management (SIEM), or User and Entity Behavior Analytics (UEBA) owned by or leased to Licensee and supported by Expel that generates Alerts to be analyzed by Expel. Expel, in its sole discretion, may add, remove and change the Supported Products from time to time.
9. “Threat Hunting” means a combination of automated and manual tasks leveraging and limited to capabilities of Supported Products whose goal is to generate Alerts and/or Investigations, as ordered pursuant to a Sales Order.
10. “Total Monthly Time” means the total minutes in the relevant calendar month less Scheduled Downtime. For any partial calendar month during which Licensee subscribes to the Service, availability will be calculated based on the entire calendar month, not just the portion for which Licensee subscribed.
11. “Unscheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which the Licensee is not able to access the features and functions of the customer portal, including e-mail notifications of incidents, other than Scheduled Downtime, as defined above. Unscheduled Downtime shall not include any period during which the Service is unavailable as a
    result of (i) non-compliance by Licensee with any provision of this SLA; (ii) incompatibility of Licensee’s equipment or software with the Service; (iii) actions or inactions of Licensee or third parties; (iv) Licensee’s use of the Service after Expel has advised Licensee to modify its use of the Service, if Licensee did not modify its use as advised; (v) acts or omissions of Licensee or Licensee’s employees,
    agents, contractors, or vendors, or anyone gaining access to the Service by means of Licensee’s passwords or equipment; (vi) performance of Licensee’s systems or the Internet; (vii) any systemic Internet failures; (viii) network unavailability or Licensee’s bandwidth limitations; or (ix) Scheduled Downtime.
12. “System Availability” means, with respect to any particular calendar month, the difference between Total Monthly Time and Unscheduled Downtime, divided by the Total Monthly Time. Represented algebraically, System Availability for any particular calendar month is determined as follows:

2. Scope of Service. During the Term, Expel will provide Licensee with the Expel Service described in this Section 2, as set forth on the Sales Order and in accordance with the terms of the Agreement. All services Licensee requests that are not described in this Section 2 will be performed at the On-Demand Services rate defined on the Sales Order. All services requested by Licensee that are not described in this Section 2 are subject to Expel’s availability. The Expel Service is available for the number of Nodes purchased. If the number of Nodes exceeds the amount reflected on the Sales Order by more than ten percent (10%), Expel will notify Licensee in writing, and will issue an invoice for the difference in number of Nodes at Expel’s then-current rates pro-rated for the remaining portion of the then-current Term.

1. Alert Analysis and Investigations. Expel will analyze Alerts on a 24x7x365 basis for signs of malicious activity. If Expel determines that an Alert is indicative of potentially malicious activity, Expel
will create an Investigation. If the Investigation results in sufficient evidence of malicious activity, Expel will create an Incident.

2. Event Notifications. Customer may opt-in to receiving Event Notifications from Expel, provided that Customer has the required additional technology to receive such notifications (e.g., Slack and email servers are implemented). Expel will use reasonable efforts to provide Event Notifications within ten (10) minutes of Expel identifying the Event. Event notifications will include information known to Expel at the time the Event is identified, but may not include impact and severity details customarily determined through an Investigation or Incident report.

3. Incident Reporting. Upon confirmation of malicious activity by Expel, Expel will publish an Incident to the online user portal and notify (which may include e-mail notification) Licensee of the new Incident within 10 minutes. At its discretion, Expel may perform an extended investigation, and/or may aggregate and review multiple Alerts from related Covered systems to determine the extent of activity related to the Incident. Expel analysts may append results from the extended investigation or subsequent Alert analysis to the initial Incident report if Expel determines that additional or subsequent Alerts are related, and in such cases, Expel will not be required to publish a separate Incident for each such related Alert.

4. Non-Remediable Alerts. Expel has no obligation to notify Licensee or generate new Incidents for new Alerts that are directly related to previously published Incidents for which Expel has already provided recommended remediation steps, when Licensee has acknowledged the prior Incident but cannot, or chooses not to, remediate the cause of these Alerts.

5. Portal Access. Alerts, Investigations and Incidents will be provided by an online user portal.

3. System Performance

1. System Availability: Expel will undertake commercially reasonable measures to ensure that System Availability equals or exceeds ninety-nine point nine five percent (99.95%) during each calendar month (the “Service Standard”).

2. Access to Support; Response Times: Licensee may report Unscheduled Downtime at any time (“24x7x365”) by sending Expel an e-mail to outage@expel.io. Expel will exercise commercially reasonable efforts to respond to reports of Unscheduled Downtime within 15 minutes of each such report.

3. System Monitoring and Measurement: Expel uses a third party service (“Monitoring Service”) to monitor System Availability on an ongoing basis. Measurements of System Availability will be calculated on a monthly basis for each calendar month during the Term based on the records of such Monitoring Service. Licensee acknowledges that the Monitoring Service may become unavailable for reasons outside Expel’s
control, and in such event, Expel will make commercially reasonable efforts to notify Licensee promptly in the event such unavailability materially affects Expel’s ability to monitor System Availability.

4. Customer Networks and Licensee Requirements. The Expel Service may only be provided for computer systems and networks leased to or owned by Licensee, and under Licensee’s control, up to the number of Nodes allowed, as set forth on the applicable Sales Order. Licensee is responsible for maintenance and management of its computer network(s), servers, and software, and any equipment or services related to maintenance and management of the foregoing. Licensee is responsible for correctly configuring its systems in accordance with any instructions provided by Expel, as may be necessary for provision of access to the features and functions of the Service. 5. Remedy for Breach of Section 3:

1. Credits Against Fees: Credits Against Fees: In the event Unscheduled Downtime occurs, Customer will be entitled to credits against its subsequent payment obligations (as set forth in the Agreement) (“Service Credits”) according to the following table:

System Availability	Credit as a Percentage of One Month of Service
99.95% – 100.00%	0%
99.00% – 99.94%	10%
95.00% – 98.99%	25%
Less than 95.0%	50%

Notwithstanding the foregoing, System Availability below 94.00% will be deemed a breach by Expel consistent with the terms of Section 11 of the Terms and Conditions.

Licensee’s rights under this Section 5.1 are Licensee’s sole and exclusive remedy with respect to any Unscheduled Downtime or any failure by Expel to meet the Service Standard required by Section 3.1.

2. Maximum Service Credits: The maximum amount of Service that Expel will issue to Licensee for Unscheduled Downtime in a single calendar month will not exceed fifty percent (50%) of the service fees for such month.

3. Requesting Service Credits: As a condition to Expel’s obligation to provide Service Credits to Licensee, Licensee must request such Service Credits by sending an e-mail identifying the date and time of the Unscheduled Downtime for which Licensee is requesting Service Credits, with sufficient evidence (including description of the incident and duration of the incident) to credit@expel.io within thirty (30) days following such Unscheduled Downtime. If Licensee fails to request any Service Credits to which Licensee is entitled in accordance with this Section 6.3, Expel will have no obligation to issue such Service Credits to Licensee.
6. Surge. Expel classifies on-demand services not expressly outlined in the contract as Surge. Surge can be requested by the customer based on the hourly rate outlined in the contract for those services. Examples of these requests may include, but are not limited to:

• Manual investigations: A manual investigation is a request for Expel to review and provide feedback on an anomaly identified by the customer that was NOT generated by an alert within the Expel Workbench platform;
• Custom workflows, such as a request from the customer to design a specific automated response based on a specific use case not developed by Expel for use in the Workbench platform for universal use;
• Red/Blue Team exercise participation; and
• Expel support for customer onsite/virtual events or meetings not outlined in the services contract.

SUPPORT EXHIBIT
Expel Managed Detection and Response (MDR) for SaaS Apps
Service Level Agreement

1. Definitions. The following capitalized terms will have the definitions set forth below. All other capitalized terms that are not defined herein shall have those meanings accorded to them in Expel’s Terms of Service agreement.
   “Alert” means an alert to be analyzed by Expel that is generated by a Supported Product.
   “Covered System” means a computing device (to the extent supported by Expel) that Licensee specifies as within the scope of the Expel Service on which a Supported Product is installed.
   “Event” means an Alert cursorily reviewed by Expel and deemed to be a potential compromise of one or more of Customer’s Covered Systems that subsequently results in creation of either an Investigation or an Incident.
   “Expel Service” means the SaaS offerings and related services made available by Expel that are designed to help customers manage their security operations, that may include alert analysis, investigations, incident reporting, non-remedial alerts, and access to a customer portal that allows the customer to review such alerts, investigations and incidents, as ordered pursuant to a Sales Order.
   “Incident” means a report of confirmed compromise of one or more of Licensee’s Covered Systems.
   “Investigation” means the process executed by Expel to confirm whether possible compromises are false positives or true compromises.
   “Nodes” means the number of Covered Systems within Licensee’s environment, which is reflected on the Sales Order.
   “Scheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which Licensee is not able to access the Service due to planned system maintenance performed by Expel. Expel will provide Licensee with reasonable prior notice of such Scheduled Downtime.
   “Supported Product” means an endpoint protection platform or endpoint and detection and response product owned by or leased to Licensee and supported by Expel that generates Alerts to be analyzed by Expel. Expel, in its sole discretion, add, remove and change the Supported Products from time to time.
   “Threat Hunting” means a combination of automated and manual tasks leveraging and limited to capabilities of Supported Products whose goal is to generate Alerts and/or Investigations, as ordered pursuant to a Sales Order.
   “Total Monthly Time” means the total minutes in the relevant calendar month less Scheduled Downtime. For any partial calendar month during which Licensee subscribes to the Service, availability will be calculated based on the entire calendar month, not just the portion for which Licensee subscribed.
   “Unscheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which the Licensee is not able to access the features and functions of the customer portal, including e-mail notifications of incidents, other than Scheduled Downtime, as defined above. Unscheduled Downtime shall not include any period during which the Service is unavailable as a result of (i) non-compliance by Licensee with any provision of this SLA; (ii) incompatibility of Licensee’s equipment or software with the Service; (iii) actions or inactions of Licensee or third parties; (iv) Licensee’s use of the Service after Expel has advised Licensee to modify its use of the Service, if Licensee did not modify its use as advised; (v) acts or omissions of Licensee or Licensee’s employees, agents, contractors, or vendors, or anyone gaining access to the Service by means of Licensee’s passwords or equipment; (vi) performance of Licensee’s systems or the Internet; (vii) any systemic Internet failures; (viii) network unavailability or Licensee’s bandwidth limitations; or (ix) Scheduled Downtime.
   “System Availability” means, with respect to any particular calendar month, the difference between Total Monthly Time and Unscheduled Downtime, divided by the Total Monthly Time. Represented algebraically, System Availability for any particular calendar month is determined as follows:
2. Scope of Service. During the Term, Expel will provide Licensee with the Expel Service described in this Section 2, as set forth on the Sales Order and in accordance with the terms of the Agreement. All services Licensee requests that are not described in this Section 2 will be performed at the On-Demand Services rate defined on the Sales Order. All services requested by Licensee that are not described in this Section 2 are subject to Expel’s availability. The Expel Service is available for the number of Nodes purchased. If the number of Nodes exceeds the amount reflected on the Sales Order by more than ten percent (10%), Expel will notify Licensee in writing, and will issue an invoice for the difference in number of Nodes at Expel’s then-current rates pro-rated for the remaining portion of the then-current Term.
   1. Alert Analysis and Investigations. Expel will analyze Alerts on a 24x7x365 basis for signs of malicious activity. If Expel determines that an Alert is indicative of potentially malicious activity, Expel will create an Investigation. If the Investigation results in sufficient evidence of malicious activity, Expel will create an Incident.
   2. Event Notifications. Customer may opt-in to receiving Event Notifications from Expel, provided that Customer has the required additional technology to receive such notifications (e.g., Slack and email servers are implemented). Expel will use reasonable efforts to provide Event Notifications within ten (10) minutes of Expel identifying the Event. Event notifications will include information known to Expel at the time the Event is identified, but may not include impact and severity details customarily determined through an Investigation or Incident report.
   3. Incident Reporting. Upon confirmation of malicious activity by Expel, Expel will publish an Incident to the online user portal and notify (which may include e-mail notification) Licensee of the new Incident within 10 minutes. At its discretion, Expel may perform an extended investigation, and/or may aggregate and review multiple Alerts from related Covered systems to determine the extent of activity related to the Incident. Expel analysts may append results from the extended investigation or subsequent Alert analysis to the initial Incident report if Expel determines that additional or subsequent Alerts are related, and in such cases, Expel will not be required to publish a separate Incident for each such related Alert.
   4. Non-Remediable Alerts. Expel has no obligation to notify Licensee or generate new Incidents for new Alerts that are directly related to previously published Incidents for which Expel has already provided recommended remediation steps, when Licensee has acknowledged the prior Incident but cannot, or chooses not to, remediate the cause of these Alerts.
      Portal Access. Alerts, Investigations and Incidents will be provided by an online user portal.
3. System Performance
   1. System Availability: Expel will undertake commercially reasonable measures to ensure that System Availability equals or exceeds ninety-nine point nine five percent (99.95%) during each calendar month (the “Service Standard”).
   2. Access to Support; Response Times: Licensee may report Unscheduled Downtime at any time (“24x7x365”) by sending Expel an e-mail to outage@expel.io. Expel will exercise commercially reasonable efforts to respond to reports of Unscheduled Downtime within 15 minutes of each such report.
   3. System Monitoring and Measurement: Expel uses a third party service (“Monitoring Service”) to monitor System Availability on an ongoing basis. Measurements of System Availability will be calculated on a monthly basis for each calendar month during the Term based on the records of such Monitoring Service. Licensee acknowledges that the Monitoring Service may become unavailable for reasons outside Expel’s control, and in such event, Expel will make commercially reasonable efforts to notify Licensee promptly in the event such unavailability materially affects Expel’s ability to monitor System Availability.
4. Customer Networks and Licensee Requirements. The Expel Service may only be provided for computer systems and networks leased to or owned by Licensee, and under Licensee’s control, up to the number of Nodes allowed, as set forth on the applicable Sales Order. Licensee is responsible for maintenance and management of its computer network(s), servers, and software, and any equipment or services related to maintenance and management of the foregoing. Licensee is responsible for correctly configuring its systems in accordance with any instructions provided by Expel, as may be necessary for provision of access to the features and functions of the Service.
5. Remedy for Breach of Section 3:
   Credits Against Fees: Credits Against Fees: In the event Unscheduled Downtime occurs, Customer will be entitled to credits against its subsequent payment obligations (as set forth in the Agreement) (“Service Credits”) according to the following table:

   System Availability	Credit as a Percentage of One Month of Service
   99.95% – 100.00%	0%
   99.00% – 99.94%	10%
   95.00% – 98.99%	25%
   Less than 95.0%	50%

    

Notwithstanding the foregoing, System Availability below 94.00% will be deemed a breach by Expel consistent with the terms of Section 11 of the Terms and Conditions.

Licensee’s rights under this Section 5.1 are Licensee’s sole and exclusive remedy with respect to any Unscheduled Downtime or any failure by Expel to meet the Service Standard required by Section 3.1.

2. Maximum Service Credits: The maximum amount of Service that Expel will issue to Licensee for Unscheduled Downtime in a single calendar month will not exceed fifty percent (50%) of the service fees for such month.

3. Requesting Service Credits: As a condition to Expel’s obligation to provide Service Credits to Licensee, Licensee must request such Service Credits by sending an e-mail identifying the date and time of the Unscheduled Downtime for which Licensee is requesting Service Credits, with sufficient evidence (including description of the incident and duration of the incident) to credit@expel.io within thirty (30) days following such Unscheduled Downtime. If Licensee fails to request any Service Credits to which Licensee is entitled in accordance with this Section 6.3, Expel will have no obligation to issue such Service Credits to Licensee.

6. Surge. Expel classifies on-demand services not expressly outlined in the contract as Surge. Surge can be requested by the customer based on the hourly rate outlined in the contract for those services. Examples of these requests may include, but are not limited to:
Manual investigations: A manual investigation is a request for Expel to review and provide feedback on an anomaly identified by the customer that was NOT generated by an alert within the Expel Workbench platform;
Custom workflows, such as a request from the customer to design a specific automated response based on a specific use case not developed by Expel for use in the Workbench platform for universal use;
Red/Blue Team exercise participation; and
Expel support for customer onsite/virtual events or meetings not outlined in the services contract.

SUPPORT EXHIBIT
Expel MDR for Kubernetes
Service Level Agreement

1. Definitions. The following capitalized terms will have the definitions set forth below. All other capitalized terms that are not defined herein shall have those meanings accorded to them in Expel’s Terms of Service agreement.
   1. “Alert” means an alert to be analyzed by Expel that is generated by a Supported Product or by Expel’s own technology.
   2. “Covered System” means a Supported Product that is included within the Expel Service furnished under this Agreement.
   3. “Event” means an Alert cursorily reviewed by Expel and deemed to be a potential compromise of one or more of Customer’s Covered Systems that subsequently results in creation of either an Investigation or an Incident.
   4. “Expel Service” means the SaaS offerings and related services made available by Expel that are designed to help customers manage their security operations, that may include alert analysis, investigations, incident reporting, non-remedial alerts, and access to a customer portal that allows the customer to review such alerts, investigations and incidents, as ordered pursuant to a Sales Order.
   5. “Incident” means a report of confirmed compromise of one or more of Licensee’s Covered Systems.
   6. “Investigation” means the process executed by Expel to confirm whether possible compromises are false positives or true compromises.
   7. “Nodes” means the number of Kubernetes Nodes within Licensee’s environment, which is reflected on the Sales Order.
   8. “Scheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which Licensee is not able to access the Service due to planned system maintenance performed by Expel. Expel will provide Licensee with reasonable prior notice of such Scheduled Downtime.
   9. “Supported Product” means a Kubernetes or container monitoring product to which Licensee has a subscription and supported by Expel that generates Alerts to be analyzed by Expel. Expel, in its sole discretion, may add, remove and change the Supported Products from time to time. These tools will monitor areas that include, but are not limited to, container security, control plane, and configurations.
   10. “Unscheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which the Licensee is not able to access the features and functions of the customer portal, including e-mail notifications of incidents, other than Scheduled Downtime, as defined above. Unscheduled Downtime shall not include any period during which the Service is unavailable as a result of (i) non-compliance by Licensee with any provision of this SLA; (ii) incompatibility of Licensee’s equipment or software with the Service; (iii) actions or inactions of Licensee or third parties; (iv) Licensee’s use of the Service after Expel has advised Licensee to modify its use of the Service, if Licensee did not modify its use as advised; (v) acts or omissions of Licensee or Licensee’s employees, agents, contractors, or vendors, or anyone gaining access to the Service by means of Licensee’s passwords or equipment; (vi) performance of Licensee’s systems or the Internet; (vii) any systemic Internet failures; (viii) network unavailability or Licensee’s bandwidth limitations; (ix) Scheduled Downtime; or (x) outage of Licensee’s Covered Systems or any Supported Products.
   11. “System Availability” means, with respect to any particular calendar month, the difference between Total Monthly Time and Unscheduled Downtime, divided by the Total Monthly Time. Represented algebraically, System Availability for any particular calendar month is determined as follows:
2. Scope of Service. During the Term, Expel will provide Licensee with the Expel Service described in this Section 2, as set forth on the Sales Order and in accordance with the terms of the Agreement. All services Licensee requests that are not described in this Section 2 will be performed at the On-Demand Services rate defined on the Sales Order. All services requested by Licensee that are not described in this Section 2 are subject to Expel’s availability. The Expel Service is available for the number of Nodes purchased. If the number of Nodes exceeds the amount reflected on the Sales Order by more than ten percent (10%), Expel will notify Licensee in writing, and will issue an invoice for the difference in number of Nodes at Expel’s then-current rates pro-rated for the remaining portion of the then-current Term.
   1. Alert Analysis and Investigations. Expel will analyze Alerts on a 24x7x365 basis for signs of malicious activity. If Expel determines that an Alert is indicative of potentially malicious activity, Expel will create an Investigation. If the Investigation results in sufficient evidence of malicious activity, Expel will create an Incident.
   2. Event Notifications. Customer may opt-in to receiving Event Notifications from Expel, provided that Customer has the required additional technology to receive such notifications (e.g., Slack and email servers are implemented). Expel will use reasonable efforts to provide Event Notifications within ten (10) minutes of Expel identifying the Event. Event notifications will include information known to Expel at the time the Event is identified, but may not include impact and severity details customarily determined through an Investigation or Incident report.
   3. Incident Reporting. Upon confirmation of malicious activity by Expel, Expel will publish an Incident to the online user portal and notify (which may include e-mail notification) Licensee of the new Incident within 10 minutes. At its discretion, Expel may perform an extended investigation, and/or may aggregate and review multiple Alerts from related Covered Systems to determine the extent of activity related to the Incident. Expel analysts may append results from the extended investigation or subsequent Alert analysis to the initial Incident report if Expel determines that additional or subsequent Alerts are related, and in such cases, Expel will not be required to publish a separate Incident for each such related Alert.
   4. Non-Remediable Alerts. Expel has no obligation to notify Licensee or generate new Incidents for new Alerts that are directly related to previously published Incidents for which Expel has already provided recommended remediation steps, when Licensee has acknowledged the prior Incident but cannot, or chooses not to, remediate the cause of these Alerts.
   5. Portal Access. Alerts, Investigations andIncidents will be provided by an online user portal.
3. System Performance
   1. System Availability: Expel will undertake commercially reasonable measures to ensure that System Availability equals or exceeds ninety-nine point nine five percent (99.95%) during each calendar month (the “Service Standard”).
   2. Access to Support; Response Times: Licensee may report Unscheduled Downtime at any time (“24x7x365”) by sending Expel an e-mail to outage@expel.io. Expel will exercise commercially reasonable efforts to respond to reports of Unscheduled Downtime within 15 minutes of each such reporSystem Monitoring and Measurement: Expel uses a third party service (“Monitoring Service”) to monitor
4. System Availability on an ongoing basis. Measurements of System Availability will be calculated on a monthly basis for each calendar month during the Term based on the records of such Monitoring Service. Licensee acknowledges that the Monitoring Service may become unavailable for reasons outside Expel’s control, and in such event, Expel will make commercially reasonable efforts to notify Licensee promptly in the event such unavailability materially affects Expel’s ability to monitor System Availability.
5. Customer Networks and Licensee Requirements. The Expel Service may only be provided for computer systems and networks leased to or owned by Licensee, and under Licensee’s control, up to the number of Nodes allowed, as set forth on the applicable Sales Order. Licensee is responsible for maintenance and management of its computer network(s), servers, and software, and any equipment or services related to maintenance and management of the foregoing. Licensee is responsible for correctly configuring its systems in accordance with any instructions provided by Expel, as may be necessary for provision of access to the features and functions of the Service.
6. Remedy for Breach of Section 3:
   1. Credits Against Fees: Credits Against Fees: In the event Unscheduled Downtime occurs, Customer will be entitled to credits against its subsequent payment obligations (as set forth in the Agreement) (“Service Credits”) according to the following table:
      

      System Availability	Credit as a Percentage of One Month of Service
      99.95% – 100.00%	0%
      99.00% – 99.94%	10%
      95.00% – 98.99%	25%
      Less than 95.0%	50%

      Notwithstanding the foregoing, System Availability below 94.00% will be deemed a breach by Expel consistent with the terms of Section 11 of the Terms and Conditions.

      Licensee’s rights under this Section 5.1 are Licensee’s sole and exclusive remedy with respect to any Unscheduled Downtime or any failure by Expel to meet the Service Standard required by Section 3.1.

   2. Maximum Service Credits: The maximum amount of Service that Expel will issue to Licensee for Unscheduled Downtime in a single calendar month will not exceed fifty percent (50%) of the service fees for such month.
   3. Requesting Service Credits: As a condition to Expel’s obligation to provide Service Credits to Licensee, Licensee must request such Service Credits by sending an e-mail identifying the date and time of the Unscheduled Downtime for which Licensee is requesting Service Credits, with sufficient evidence (including description of the incident and duration of the incident) to credit@expel.io within thirty (30) days following such Unscheduled Downtime. If Licensee fails to request any Service Credits to which Licensee is entitled in accordance with this Section 6.3, Expel will have no obligation to issue such Service Credits to Licensee.
7. Surge. Expel classifies on-demand services not expressly outlined in the contract as Surge. Surge can be requested by the customer based on the hourly rate outlined in the contract for those services. Examples of these requests may include, but are not limited to:
   • Manual investigations: A manual investigation is a request for Expel to review and provide feedback on an anomaly identified by the customer that was NOT generated by an alert within the Expel Workbench platform;
   • Custom workflows, such as a request from the customer to design a specific automated response based on a specific use case not developed by Expel for use in the Workbench platform for universal use;
   • Red/Blue Team exercise participation; and
   • Expel support for customer onsite/virtual events or meetings not outlined in the services contract.