THESE SOPHOS API & PLUGIN TERMS OF USE (“AGREEMENT”) BETWEEN YOU (“LICENSEE”) AND SOPHOS LIMITED (“SOPHOS”) GOVERN LICENSEE’S ACCESS AND USE OF THE APIS AND/OR PLUGINS AND ARE A LEGALLY BINDING AND ENFORCEABLE CONTRACT.
BY CLICKING A BOX INDICATING ACCEPTANCE OR AGREEMENT, OR BY ACCESSING OR USING THE API AND/OR PLUGIN, LICENSEE AGREES TO THE TERMS AND CONDITIONS OF THIS AGREEMENT. IF THE INDIVIDUAL ACCEPTING THE TERMS AND CONDITIONS OF THIS AGREEMENT IS ACCEPTING ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, SUCH INDIVIDUAL REPRESENTS THAT S/HE HAS THE AUTHORITY TO BIND SUCH ENTITY TO THIS AGREEMENT.
1. DEFINITIONS
“Application Programming Interface” or “API” means all software, including routines, data structures, object classes, protocols, programs, templates, libraries and interfaces, application programming interfaces, software development kits, developer tools, technical documentation, updates and other related materials, whether tangible or intangible, in whatever form or medium that are made available by Sophos, including, without limitation, through its Developer Website.
“Confidential Information” means any non-public, confidential, or proprietary information of the disclosing party that is clearly marked confidential or reasonably should be assumed to be confidential given the nature of the information and the circumstances of disclosure.
“Licensee Solution” means Licensee’s technology that accesses or otherwise interoperates with one or more Sophos Offering(s) via an API and/or Plugin.
“Plugin” is a software provided by Sophos that adds a specific feature to Licensee Solution, including any upgrades to such software that Sophos may provide from time to time.
“Sanctions and Export Control Laws” means any law, regulation, statute, prohibition, or similar measure applicable to the Sophos Offerings, the APIs and/or Plugins and/or to either party relating to the adoption, application, implementation and enforcement of economic sanctions, export controls, trade embargoes or any other restrictive measures, including, but not limited to, those administered and enforced by the European Union, the United Kingdom, and the United States, each of which shall be considered applicable to the Sophos Offerings and the APIs/Plugins.
“Sophos Offering” means any product, service, or offering that is made available or licensed by Sophos.
“User” means Licensee’s employees, contractors, and similar personnel authorized by Licensee to access and use the APIs/Plugins on Licensee’s behalf.
2. LICENSE GRANT
2.1 Grant. Subject to the terms and conditions of this Agreement, Sophos hereby grants Licensee a worldwide, non-exclusive, non-transferable, non-sublicensable, revocable, royalty-free license to use and make calls to the Sophos APIs or to download, install, and use the Plugin for the sole purpose of: (a) facilitating the interoperability of the Sophos Offering(s) and the Licensee Solution; (b) developing, implementing, and distributing the Licensee Solution that interoperates, communicates, or interacts with the Sophos Offerings; and (c) transmitting and displaying data received from the APIs within the Licensee Solution. The underlying Sophos Offering is licensed or made available under its own separate terms available at either https://www.sophos.com/en-us/legal or Licensee’s manually or digitally signed agreement with Sophos, and Licensee may not access or use the APIs and/or Plugins in any way that violates or is inconsistent with those terms.
2.2 Limitations. In order to use and access the APIs and/or Plugins, Licensee must obtain API credentials (“Credential”) from Sophos. Licensee may not share or disclose its Credential with any third party, must keep such Credential and all login information secure, and must use the Credential as Licensee’s sole means of accessing the APIs or Licensee data from Sophos Offering. Licensee is responsible for maintaining the secrecy and security of the Credential. Licensee is solely responsible for all activities that occur using Licensee’s Credential, regardless of whether such activities are undertaken by Licensee or a third party.
3. LICENSE RESTRICTIONS
3.1 Restrictions. Except as specifically permitted in this Agreement or the separate terms governing access and use of the underlying Sophos Offering(s), Licensee and Users will not (and will not allow anyone else or a third party to), directly or indirectly: (a) sublicense, resell, rent, lease, distribute, market, commercialize, or otherwise transfer rights to, or usage of, all or any portion of the APIs and/or Plugins, or provide the APIs and/or Plugins on a timesharing, service bureau, or other similar basis; (b) modify, adapt, translate, create derivative works of, reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of, any part of the APIs and/or Plugins; (c) remove, alter, or obscure any proprietary rights notices contained in or affixed to the APIs and/or Plugins; (d) attempt to gain unauthorized access to the APIs and/or Plugin; (e) attempt to disrupt, degrade, impair, or violate the integrity, security, or performance of the APIs and/or Plugins, including, without limitation, by executing any form of network monitoring; (f) use the APIs and/or Plugins to store, transmit, or propagate any viruses, software routines, or other code designed to permit unauthorized access, to disable, erase or otherwise harm software, hardware or data, or to perform any other harmful actions; (g) take any action that imposes or may impose an unreasonable or disproportionately large load on Sophos’s infrastructure, as determined by Sophos in its sole discretion; (h) disable or circumvent any monitoring mechanism related to the APIs and/or Plugins; or (i) access or use the APIs and/or Plugins in a manner that violates applicable law or regulation, infringes third party rights, or violates the terms and conditions of this Agreement.
3.2 Limitations. Sophos may limit: (a) the number and/or frequency of API and/or Plugin requests to the Sophos Offering; or (b) any use of the APIs and/or Plugins that could damage, disable, overburden, impair or otherwise interfere with the Sophos Offering. Licensee may not attempt to circumvent such limitations.
4. MODIFICATIONS
Sophos may modify or update the APIs and/or Plugins from time to time.
Sophos may modify the terms of this Agreement from time to time by posting a modified version on https://www.sophos.com/en-us/legal, and all modifications to the Agreement will become effective upon Licensee’s subsequent access and use of the APIs and/or Plugins.
5. OWNERSHIP
5.1 Sophos Ownership. As between Sophos and Licensee, Sophos retains all right, title, and interest, including all intellectual property rights, in and to the APIs and/or Plugins, including all improvements, enhancements, modifications, derivative works, logos, and trademarks.
5.2 Feedback. Licensee or Users may provide suggestions, enhancement or feature requests, or other feedback to Sophos with respect to the APIs and/or Plugins (“Feedback”). If Licensee or a User provides Feedback, Sophos may use the Feedback without restriction and without paying any compensation to Licensee, and Licensee hereby irrevocably assigns to Sophos all intellectual property rights in and to such Feedback.
6.CONFIDENTIALITY; DATA PROTECTION
6.1 Confidentiality. Each party acknowledges that it and its affiliates (“Disclosing Party”) may have access to Confidential Information of the other party and its affiliates (“Receiving Party”) in connection with this Agreement. The Receiving Party will use the same degree of care that it uses to protect the confidentiality of its own Confidential Information of like kind (but not less than reasonable care). The Receiving Party agrees to (a) not use any Confidential Information for any purpose other than to perform its obligations and exercise its rights under this Agreement, and (b) restrict dissemination of Confidential Information only to individuals or third parties with a “need to know” such information and who are under a substantially similar duty of confidentiality. A Receiving Party may disclose the Disclosing Party’s Confidential Information in any legal proceeding or as required as a matter of applicable law or regulation (such as in response to a subpoena, warrant, court order, governmental request, or other legal process); provided, however, that to the extent permitted by applicable law, the Receiving Party will (1) promptly notify the Disclosing Party before disclosing the Disclosing Party’s Confidential Information; (2) reasonably cooperate with and assist the Disclosing Party, at the Disclosing Party’s expense, in any efforts by the Disclosing Party to contest the disclosure; and (3) disclose only that portion of the Disclosing Party’s Confidential Information that is legally required to be disclosed.
Notwithstanding the above, a Disclosing Party’s Confidential Information will not include information that: (a) is or becomes a part of the public domain through no act or omission of the Receiving Party; (b) was in the Receiving Party’s lawful possession prior to the disclosure by the Disclosing Party and had not been obtained by the Receiving Party either directly or indirectly from the Disclosing Party; (c) is lawfully disclosed to the Receiving Party by a third party without restriction on the disclosure; or (d) is independently developed by the Receiving Party without use of or reference to the Disclosing Party’s Confidential Information.
6.2 Data Protection. The Data Processing Addendum (“DPA”) located at https://www.sophos.com/en-us/legal/data-processing-addendum is incorporated by reference into this Agreement if Licensee’s use and access of API and/or Plugins constitutes any "processing" by Sophos of any "personal data", but only to the extent such processing falls within the scope of "Applicable Data Protection Laws" (each term as defined in the DPA). In the event of any conflict between the terms of the DPA and this Agreement, the terms of the DPA will take precedence.
7. WARRANTY DISCLAIMERS; LIMITATIONS OF LIABILITY
7.1 Warranty Disclaimer. APIs AND/OR PLUGINS ARE PROVIDED “AS IS” WITHOUT ANY SUPPORT, INDEMNITY, LIABILITY OR REMEDY OF ANY KIND. TO THE EXTENT ALLOWED BY APPLICABLE LAW, SOPHOS EXPRESSLY DISCLAIMS ALL WARRANTIES AND CONDITIONS OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY WARRANTY, CONDITION, OR OTHER IMPLIED TERM AS TO MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF USE OF APIS AND/OR PLUGINS. Further, Sophos makes no representations or warranties regarding the integrity of data that Licensee transmits, transfers, stores, obtains or receives through use of the APIs and/or Plugins. Licensee assumes all risk arising from, and is solely liable for, any access or use of the APIs and/or Plugins, including, without limitation, the risk of damage to Licensee’s computer system, network and the Licensee Solution; the loss or corruption of data; and compliance with all applicable laws and regulations (including laws and regulations related to privacy and data protection).
7.2. Limitation of Liability. SOPHOS SHALL HAVE NO LIABILITY IN CONNECTION WITH OR RELATING TO THIS AGREEMENT OR ACCESS OR USE OF THE SOPHOS APIS AND/OR PLUGINS, FOR DAMAGES OF ANY KIND, INCLUDING BUT NOT LIMITED TO DIRECT, INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, EXEMPLARY, AND CONSEQUENTIAL DAMAGES, OR FOR ANY LOSS OF USE, DATA, INFORMATION, PROFITS, REVENUE, BUSINESS, OR GOODWILL (IN EACH CASE WHETHER DIRECT OR INDIRECT), HOWEVER CAUSED, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE LIMITATONS AND EXCLUSIONS OF LIABILITY IN THIS SECTION APPLY (A) WHETHER SUCH CLAIMS ARISE UNDER CONTRACT, TORT (INCLUDING NEGLIGENCE), EQUITY, STATUTE, OR OTHERWISE, AND (B) NOTWITHSTANDING THE FAILURE OF THE ESSENTIAL PURPOSE OF ANY REMEDY.
8. INDEMNIFICATION
Licensee will indemnify, defend, and hold Sophos, its affiliates, and their officers, directors, employees, contractors, and agents harmless against any claims, liabilities, and expenses (including court costs and reasonable attorneys' fees) that are incurred as a result of or in connection with Licensee’s access and use of the APIs and/or Plugins.
9. TERM AND TERMINATION
9.1 Term. This Agreement will commence on the date Licensee initially accesses or uses the APIs and/or Plugins and will continue unless terminated in accordance with Section 9.2 or Section 9.3.
9.2 Termination. Sophos may terminate this Agreement and/or Licensee’s access and/or use of the APIs and/or Plugins at any time for any reason with thirty (30) days’ prior written notice to Licensee. Licensee may terminate the Agreement at any time by ceasing to access or use the APIs/Plugins and disabling all of Licensee Solutions’ ability to access and use the APIs and/or Plugins. Notwithstanding the foregoing, Sophos may terminate this Agreement immediately upon written notice if Licensee breaches this Agreement.
9.3 Suspension. Sophos may immediately suspend or terminate Licensee’s access or use of APIs and/or Plugins if Sophos believes that Licensee’s use of the APIs and/or Plugins may: (a) cause significant threat to the functionality, security, integrity, or availability of the APIs and/or Plugins to Licensee or to other customers; or (b) violate Section 3 and/or Section 10.1 of this Agreement. Sophos may, in its sole discretion, reinstate Licensee’s use of the APIs and/or Plugnins after Sophos determines that the issue causing the suspension has been resolved.
10. EXPORT CONTROL; COMPLIANCE WITH LAWS
10.1 Export Compliance. Licensee is solely responsible for ensuring that the APIs and/or Plugins are used, accessed, and disclosed in compliance with Sanctions and Export Control Laws. Licensee certifies that Licensee, or any party that owns or controls Licensee, are not (a) ordinarily resident in, located in, or organized under the laws of any country or region subject to economic or financial trade sanctions or trade embargoes imposed, administered, or enforced by the European Union, the United Kingdom, or the United States; (b) an individual or entity on the Consolidated List of Persons, Groups, and Entities Subject to European Union Financial Sanctions; the U.S. Department of the Treasury's List of Specially Designated Nationals and Blocked Persons or Foreign Sanctions Evaders List; the U.S. Department of Commerce's Denied Persons List or Entity List; or any other sanctions or restricted persons lists maintained by the European Union, the United Kingdom, or the United States; or (c) the target or subject of any Sanctions and Export Laws. Licensee further certifies that it will not, directly or indirectly, export, re-export, transfer, or otherwise make available (i) the APIs and/or Plugins, or (ii) any data, information, software programs, and/or materials resulting from the APIs and/or Plugins (or direct product thereof) to any person described in (a) through (c) or in violation of, or for any purpose prohibited by, Sanctions and Export Control Laws, including for proliferation-related end uses. Licensee agrees that Sophos has no obligation to provide the APIs and/or Plugins where Sophos believes the provision of the APIs and/or Plugins could violate Sanctions and Export Control Laws. Further details are available at https://www.sophos.com/en-us/legal/export.
10.2 Compliance with Laws. Each party agrees to comply with all laws applicable to the actions and obligations contemplated by this Agreement. Each party warrants that, during the term of this Agreement, neither party nor any of its officers, employees, agents, representatives, contractors, intermediaries, or any other person or entity acting on its behalf has taken or will take any action, directly or indirectly, that contravenes (a) the United Kingdom Bribery Act 2010, (b) the United States Foreign Corrupt Practices Act 1977, or (c) any other applicable anti-bribery laws or regulations anywhere in the world.
11. GENERAL
11.1 Assignment. Licensee may not sublicense, assign, or transfer its rights or obligations under this Agreement.
11.2 Support. Sophos has no obligation to provide any support or maintenance for the APIs and/or Plugins.
11.3 Waiver. Failure by either party to enforce any term or condition of this Agreement will not be construed as a waiver of any of its rights under it.
11.4 Severability. If any provision of the Agreement is held to be invalid or unenforceable, the remaining provisions of the Agreement will remain in force to the fullest extent permitted by law.
11.5 United States Government Users; Non-Waiver of Government Immunity. The APIs and/or Plugins and any related documentation are considered “commercial computer software” and “commercial computer software documentation” for the purposes of FAR 12.212 and DFARS 227.7202, as amended, or equivalent provisions of agencies that are exempt from the FAR or that are U.S. state or local government agencies. Any use, modification, reproduction, release, performance, display, or disclosure of the APIs and/or Plugins by the U.S. Government and U.S. state and local government agencies will be governed solely by this Agreement, and except as otherwise explicitly stated in this Agreement, all provisions of this Agreement shall apply to the U.S. Government and U.S. state and local government agencies. If Licensee is a federal, state, or other governmental instrumentality, organization, agency, institution, or subdivision, the limitations of liability and Licensee’s indemnity obligations herein shall apply only in the manner and to the extent permitted by applicable law, and without waiver of Licensee’s constitutional, statutory, or other immunities, if any.
11.6 Governing Law and Jurisdiction. This Agreement shall be governed by and construed in accordance with the laws set forth in the underlying agreement governing Licensee’s use of the Sophos Offering(s). All disputes arising from or relating to this Agreement shall be resolved in the jurisdiction set forth in the underlying agreement governing Licensee’s use of the Sophos Offering(s).
11.7 Survival. The following sections, together with any other terms necessary for the interpretation or enforcement of this Agreement will survive termination or expiration of this Agreement: 1 (Definitions), 5 (Ownership), 6.1 (Confidentiality) for five (5) years, 7 (Warranty Disclaimer; Limitations of Liability), 8 (Indemnification), and 11 (General).
11.8 Entire Agreement. If Sophos and Licensee have signed a separate written agreement covering access and use of the APIs and/or Plugins, the terms of such signed agreement will take precedence over any conflicting terms of this Agreement. Otherwise, this Agreement constitutes the entire agreement between the parties with respect to the APIs and/or Plugins and supersedes all prior or contemporaneous oral or written communications, agreements or representations with respect to the APIs and/or Plugins. If there are any inconsistencies between the English language version of this Agreement and any translated version, the English language version shall prevail.
Revision Date: April 23, 2020