Stacklok Platform Terms
Last Updated: April 15, 2026
This Platform Agreement (this “Agreement”) governs access to and use of the Platform provided by Stacklok, Inc., a Delaware corporation (“Stacklok”). By executing an Order Form that references this Agreement, by accessing or using the Platform, or by clicking a button or checking a box indicating acceptance, the entity on whose behalf such actions are taken (“Customer”) agrees to be bound by the terms and conditions of this Agreement. If Customer does not agree to this Agreement, Customer may not access or use the Platform. This Agreement is effective as of the earlier of: (a) the effective date of the first Order Form executed by Customer that references this Agreement; or (b) Customer’s first access to or use of the Platform (the “Effective Date”). If Customer and Stacklok have executed a separate written agreement governing Customer’s use of the Platform, such agreement shall supersede this Agreement to the extent of any conflict. Stacklok and Customer are referred to herein individually as a “party” or collectively as the “parties”.
The parties agree as follows:
Definitions
“Agreement” means this Platform Agreement together with all Order Forms and SOWs incorporated herein by reference, as each may be amended, modified, or supplemented from time to time in accordance with the terms hereof.
“Confidential Information” means non-public information disclosed by one party to the other, including technical data, business information, and proprietary information, that is either (a) marked as confidential or proprietary at the time of disclosure, or (b) reasonably understood to be confidential. Customer Data constitutes Customer’s Confidential Information. Confidential Information does not include information that: (i) was publicly known prior to disclosure; (ii) becomes publicly known after disclosure through no fault of the receiving party; (iii) was already in the receiving party’s possession at the time of disclosure; (iv) is received from a third party without breach of confidentiality obligations; or (v) is independently developed by the receiving party without reference to the disclosing party’s Confidential Information.
“Customer Data” means data and information that Customer uploads, inputs, or otherwise provides directly to the Platform, excluding Usage Data.
“Customer Requirements” means Customer’s business requirements, technical data, network access, documentation, feedback, information, equipment, materials, assistance, and resources in Customer’s possession or control that are necessary for Stacklok to effectively perform the Services.
“Documentation” means user manuals, technical specifications, release notes, and other materials provided by Stacklok relating to the Platform or Services, in any form or medium.
“Fees” means the amounts payable by Customer as set forth in the applicable Order Form.
“Open Source Software” or “OSS” means software that is licensed under open source licenses approved by the Open Source Initiative.
“Order Form” means the ordering document executed by the parties that specifies the Platform subscription, Services, Fees, and Subscription Term. Each Order Form is subject to and governed by this Agreement and does not modify the terms of this Agreement unless expressly stated therein.
“Platform” means the proprietary Stacklok software and technology made available to Customer under this Agreement and the applicable Order Form, including any Updates provided during the Subscription Term, but excluding any Open Source Software, community versions, or publicly available versions of related software.
“Implementation Services” means configuration, deployment, enablement, training, and related services to assist Customer in deploying and optimizing the Platform within Customer’s environment, as described in an Order Form or SOW. Implementation Services are distinct from the Platform license grant and Support Services and do not include custom software development.
“Services” means, collectively, Implementation Services and Support Services, each of which are distinct from and do not include the Platform license grant.
“SOW” or “Statement of Work” means a statement of work for Implementation Services or Sponsored Development executed by the parties, which is subject to and governed by this Agreement.
“Sponsored Development” means development services whereby Stacklok designs, develops, and integrates new features or capabilities to be contributed to open source projects, as described in a SOW.
“Subscription Term” means the period during which Customer is licensed to use the Platform, as specified in the applicable Order Form, including any renewal periods.
“Support Services” means technical support and maintenance services for the Platform provided by Stacklok in accordance with Stacklok’s then-current support terms and the support tier specified in the applicable Order Form.
“Updates” means updates, upgrades, patches, bug fixes, and new versions of the Platform that Stacklok makes generally available to customers at the same subscription tier at no additional charge during the Subscription Term.
“Usage Data” means telemetry data, usage metrics, operational statistics, system performance data, system information, technical data, behavioral data, and any other data or information collected, generated, or derived in connection with Customer’s use of the Platform, regardless of the method of collection.
Platform License
License Grant. Subject to the terms and conditions of this Agreement and the applicable Order Form, Stacklok hereby grants to Customer during the Subscription Term a limited, non-exclusive, non-transferable, non-sublicensable license to install and use the Stacklok Platform software solely for Customer’s internal business purposes and as described in the applicable Order Form (the “Platform”). This Agreement grants Customer a license to use the Platform and does not constitute a sale of the Platform or any portion thereof. Stacklok retains all right, title, and interest in and to the Platform, including all intellectual property rights therein. Any use of the Platform beyond an executed Order Form may result in overage fees.
License Restrictions. Customer shall not, and shall not permit any third party to: (a) reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of the Platform or any portion thereof; (b) modify, adapt, alter, translate, or create derivative works of the Platform; (c) sublicense, distribute, sell, lease, lend, rent, transfer, or assign the Platform or any rights therein; (d) use the Platform to provide service bureau, timesharing, or similar services to third parties, or otherwise provide third parties with access to the Platform; (e) circumvent, disable, or otherwise interfere with any license keys, copy protection, usage limitations, or other technical protection measures of the Platform; (f) use the Platform in any manner that violates applicable laws, regulations, or export control restrictions; (g) remove, alter, or obscure any proprietary notices, labels, or marks on or in the Platform; (h) use the Platform to develop, market, or distribute any product or service that competes with Stacklok or the Platform; (i) conduct or publish any benchmarking, performance testing, or comparative analysis of the Platform without Stacklok’s prior written consent; or (j) use the Platform in any manner not expressly authorized by this Agreement.
Open Source Software Differentiation. The Platform may incorporate or be distributed with open source software components that are subject to separate open source license terms. Customer acknowledges and agrees that certain functionality, features, and capabilities are available only in the commercial Platform and are not available in any open source version of related software. Such commercial-only features are Stacklok’s proprietary technology, licensed to Customer under the terms of this Agreement, and are not subject to any open source license terms. Customer’s rights to use any open source software components are governed solely by the applicable open source license terms for such components, and nothing in this Agreement restricts Customer’s rights under such open source licenses. Stacklok makes no representations or warranties regarding open source software components, and Customer is solely responsible for compliance with applicable open source license obligations.
Updates and Modifications. Stacklok may, in its sole discretion, develop and provide updates, modifications, enhancements, or new versions of the Platform from time to time. Subject to Customer’s payment of applicable fees and compliance with this Agreement, Stacklok will provide such updates to Customer during the Subscription Term in accordance with Stacklok’s then-current release and support policies. Updates do not include new products, modules, add-ons, or features that Stacklok offers as separately priced offerings or at higher subscription tiers. Stacklok reserves the right to deprecate, discontinue, or modify features or functionality of the Platform upon reasonable advance notice to Customer. Customer acknowledges that any updates may require Customer to install new versions of the Platform and that continued use of outdated versions may result in reduced functionality or support. Bug fixes, security patches, and other remedial updates are delivered in new releases; Customer is responsible for installing Updates in Customer’s environment to receive such benefits.
Platform Deployment and Environment. Customer is responsible for providing and maintaining all hardware, operating systems, network infrastructure, storage, and other infrastructure necessary to install and operate the Platform. Customer shall ensure that its environment meets Stacklok’s minimum system requirements as specified in the Documentation. Customer is responsible for installing, configuring, and integrating the Platform in Customer’s environment in accordance with the Documentation and is responsible for maintaining network connectivity necessary for the Platform to operate, receive Updates, and transmit Usage Data to Stacklok. Customer is responsible for maintaining backups of Customer Data and implementing appropriate disaster recovery procedures for its environment. Customer is responsible for obtaining any third-party software, licenses, or services necessary to operate Customer’s environment or that may be required for the Platform to function properly.
Support Services
Support Scope. Stacklok will provide Support Services as specified in the applicable Order Form in accordance with the support tier and Stacklok’s then-current support documentation.
Support Tiers. Support specifications for each tier are as published by Stacklok and may be updated from time to time, provided that any such updates will not materially diminish the support specifications applicable to Customer during the then-current Subscription Term. Stacklok reserves the right to modify support tiers, response times, and service levels upon reasonable advance notice to Customer.
Support Conditions. Stacklok’s Support Services obligations are contingent upon Customer: (a) maintaining an environment that meets Stacklok’s minimum system requirements as set forth in the Documentation; (b) operating a supported version of the Platform in accordance with Section 2.4; and (c) providing Stacklok with reasonable access, information, and cooperation necessary to diagnose and resolve issues. Customer’s failure to satisfy any of these conditions may result in delayed or degraded support response.
Unsupported Configurations. Stacklok may, in its sole discretion, designate certain environments, configurations, third-party software, or customizations as unsupported. For any systems or configurations designated as unsupported, Stacklok’s obligations shall be limited to commercially reasonable efforts without any service level commitments or warranties.
Exclusions. Support Services do not include: (a) support for Open Source Software except as specifically integrated into the Platform; (b) issues caused by Customer’s modifications, customizations, or configurations; (c) issues arising from Customer’s failure to implement Updates or security patches; (d) training or professional services; (e) on-site support unless separately purchased; or (f) support for any software, hardware, or systems not provided by Stacklok. Customer acknowledges that Stacklok has no obligation to provide support for excluded items and may refer Customer to appropriate third-party vendors.
Implementation Services
Scope. Stacklok may provide Implementation Services to Customer as described in one or more mutually executed Statements of Work. Implementation Services are limited to configuration, deployment assistance, integration enablement, and training related to the Platform and do not constitute custom software development. Each SOW will describe the specific services, deliverables, timeline, fees, assumptions, dependencies, and other project-specific terms. All Implementation Services are provided on a time-and-materials or fixed-fee basis as specified in the applicable SOW.
Open Source Contributions. In the course of performing Implementation Services, Stacklok may identify bugs, vulnerabilities, security issues, enhancements, or other improvements related to Open Source Software. Stacklok may contribute fixes, patches, improvements, or other changes directly to the relevant open source project through appropriate contribution mechanisms. Customer acknowledges that all such contributions are made to the open source project and are not delivered as proprietary work product to Customer, and Customer’s rights to use any contributions are governed solely by the applicable open source license.
Ownership of Deliverables. All deliverables created by Stacklok in performing Implementation Services, including configuration files, scripts, playbooks, documentation, and other materials (“Implementation Deliverables”), are the sole property of Stacklok. Implementation Deliverables may incorporate Stacklok’s pre-existing tools, methodologies, templates, and know-how. Subject to Customer’s payment of applicable fees, Stacklok grants Customer a perpetual, non-exclusive, non-transferable license to use the Implementation Deliverables solely in connection with Customer’s authorized use of the Platform.
Sponsored Development. Stacklok may provide Sponsored Development services as described in an SOW, whereby Stacklok designs, develops, and integrates new features or capabilities for contribution to open source projects based on Customer’s specifications and requirements. Customer acknowledges that all Sponsored Development work product is contributed to the applicable open source project under the project’s open source license, and Customer acquires no proprietary rights in such contributions beyond those available to the general public under the applicable open source license.
Subcontractors. Stacklok may engage subcontractors to perform Implementation Services, provided that Stacklok remains responsible for subcontractor performance and compliance with this Agreement and ensures that subcontractors are bound by confidentiality obligations at least as protective as those set forth herein.
Customer Cooperation. Customer shall provide Stacklok with timely access to Customer Requirements, systems, personnel, and facilities reasonably necessary for Stacklok to perform Implementation Services. Customer shall provide accurate and complete information and maintain current backups of its systems and data. Customer’s failure to provide required cooperation or access may result in project delays, additional costs, or suspension of services. Stacklok shall not be liable for delays or issues arising from Customer’s failure to fulfill its cooperation obligations, and Customer remains responsible for all fees and expenses incurred during any delays caused by such failure.
Customer Responsibilities
Open Source License Compliance. Customer acknowledges and agrees that it is solely responsible for compliance with all open source license obligations applicable to Open Source Software used, deployed, modified, or distributed by Customer in Customer’s environment. Customer’s responsibility includes understanding and complying with all applicable license terms, including without limitation attribution requirements, copyright notices, license text inclusion, source code availability obligations, and derivative work restrictions. This responsibility applies regardless of whether Stacklok provides assistance, recommendations, or guidance related to Open Source Software. Customer will not take any action that would impose open source license obligations or restrictions on Stacklok’s proprietary work product or deliverables.
Security and Access. Customer is responsible for implementing reasonable security measures for any Stacklok access to Customer systems and will provide Stacklok personnel with appropriate access credentials and permissions necessary to perform Services. Customer retains the right to revoke or modify such access credentials at any time and is responsible for promptly revoking access when such access is no longer needed for the performance of Services. Customer will notify Stacklok promptly of any security incidents, breaches, or vulnerabilities affecting Stacklok’s access to Customer systems. Customer is responsible for managing and maintaining the security of its own systems and networks. Stacklok will use commercially reasonable security measures when accessing Customer systems and data in connection with performing Services.
Intellectual Property and Data Rights
Stacklok Ownership. Stacklok owns and retains all right, title, and interest in and to the Platform, Documentation, and all intellectual property rights therein, including without limitation all derivatives, modifications, improvements, enhancements, customizations, and extensions thereto, regardless of who suggests, requests, or contributes to such modifications. Except for the limited license rights expressly granted to Customer in Section 2.1, Customer acquires no right, title, or interest in or to the Platform, Documentation, or any intellectual property rights therein.
Customer Data. Customer retains ownership of Customer Data. Customer grants Stacklok a limited, non-exclusive license to access Customer Data solely as necessary to provide the Platform, Support Services, and Implementation Services. Stacklok does not host or store Customer Data on Stacklok’s systems. Customer is solely responsible for the accuracy, quality, integrity, legality, and appropriateness of all Customer Data, and represents and warrants that it has all necessary rights to use Customer Data with the Platform.
Usage Data and Telemetry. The Platform transmits Usage Data from Customer’s environment to Stacklok. Customer shall maintain network connectivity sufficient to permit the transmission of Usage Data to Stacklok. Stacklok owns all right, title, and interest in and to all Usage Data. Stacklok may collect, store, process, analyze, and use Usage Data, including: (a) improving and developing the Platform and other Stacklok products and services; (b) research and development; (c) optimizing Support Services; (d) security analysis and threat detection; and (e) creating aggregated benchmarks and publishing anonymized insights. Stacklok may aggregate, anonymize, de-identify, and create derivative works from Usage Data. Stacklok will not publicly disclose Usage Data in a form that specifically identifies Customer without Customer’s prior written consent, except for aggregated, anonymized, or de-identified data.
Customer Feedback. Any comments, suggestions, ideas, enhancement requests, feature requests, bug reports, recommendations, or other feedback provided by Customer to Stacklok relating to the Platform, Documentation, or Services shall become the sole and exclusive property of Stacklok. Customer hereby assigns to Stacklok all right, title, and interest in and to such feedback, including all intellectual property rights therein. To the extent such assignment is not permitted under applicable law, Customer grants Stacklok a perpetual, irrevocable, worldwide, royalty-free, fully paid-up, transferable, sublicensable license to use, reproduce, modify, create derivative works from, distribute, publicly display, publicly perform, and otherwise exploit such feedback for any purpose without attribution, compensation, or obligation to Customer. Customer waives any moral rights or similar rights Customer may have in such feedback.
Reservation of Rights; No Implied Licenses. Stacklok expressly reserves all rights not specifically granted to Customer in this Agreement. No additional rights or licenses are granted to Customer by implication, estoppel, exhaustion of rights, or otherwise, and nothing in this Agreement shall be construed to grant any implied license to either party. Nothing in this Agreement grants Customer any right, license, or permission to use Stacklok’s trademarks, service marks, trade names, logos, domain names, or other branding elements, except as may be expressly permitted in writing by Stacklok or as necessary for Customer’s authorized use of the Platform in accordance with this Agreement.
Fees and Payment
Payment Terms. Customer shall pay the fees specified in each Order Form. Unless otherwise specified in an Order Form, payment is due net thirty (30) days from the invoice date. All payments are non-refundable except as expressly provided in this Agreement. Customer shall reimburse expenses as set forth in the applicable Order Form. Customer shall not withhold payment of any undisputed amounts due under this Agreement. Stacklok reserves the right to charge interest on any outstanding, undisputed invoice not timely paid at the lesser of one and one-half percent (1.5%) per month or the maximum rate permitted by law.
Taxes and Duties. Customer is responsible for all taxes, duties, and customs fees assessed on amounts payable under this Agreement, excluding taxes based on Stacklok’s income or payroll.
Disputed Amounts and Remedies. Customer may only withhold payment of amounts that are the subject of a bona fide dispute and must pay all undisputed portions of any invoice when due. Any invoice disputes must be made within thirty (30) days of the applicable invoice date. In addition to other remedies available to Stacklok, Stacklok may suspend its performance under this Agreement if Customer fails to pay any undisputed amounts when due. Before suspending, Stacklok shall provide Customer with written notice of the overdue amount and Customer shall have thirty (30) calendar days from receipt of such notice to cure the non-payment. If Customer fails to pay all undisputed, overdue amounts within such cure period, Stacklok may suspend Customer’s rights under this Agreement, including the Platform license, effective immediately upon written notice to Customer. If Customer fails to pay all undisputed amounts within sixty (60) days following suspension, Stacklok may terminate the affected Order Form and/or this Agreement immediately upon written notice to Customer, without prejudice to any other rights or remedies available to Stacklok.
Term and Termination
Term and Renewal. This Agreement commences on the Effective Date and continues until the later of: (a) termination in accordance with Section 8.2; or (b) expiration or termination of all Order Forms executed under this Agreement. Each Order Form shall specify an initial Subscription Term for the Platform. Each Subscription Term shall automatically renew for successive one (1) year periods unless either party provides written notice of non-renewal to the other party at least ninety (90) days prior to the end of the then-current Subscription Term.
Termination for Cause. Either party may terminate this Agreement by written notice to the other party in the event of: (a) a material breach that remains uncured for thirty (30) days after written notice; or (b) either party is party to any bankruptcy or insolvency proceedings.
Obligations upon Termination. Upon termination or expiration of this Agreement or any Order Form: (a) all licenses granted to Customer under the terminated Agreement or Order Form shall immediately terminate, and Customer shall cease all use of the Platform and permanently uninstall and delete all copies of the Platform from Customer’s environment; (b) Customer will promptly pay all amounts owed to Stacklok through the termination date, including any fees accrued but not yet invoiced; (c) each party will return or destroy the other party’s Confidential Information upon request, except that each party may retain one archival copy for legal compliance purposes; and (d) if Customer terminates an Order Form due to Stacklok’s uncured material breach pursuant to Section 8.2(a), Stacklok will refund prepaid fees for the terminated Order Form on a pro-rata basis within thirty (30) days of termination.
Survivability. Any provisions that by their nature should survive termination of this Agreement shall survive, including but not limited to Sections 6 (Intellectual Property and Data Rights), 7 (Fees and Payment), 8.3 (Obligations upon Termination), 9 (Representations and Warranties), 10 (Limitation of Liability), 11 (Indemnification), 12 (Confidentiality), and 13 (General Provisions).
Representations and Warranties
General. Each party warrants that it has the right and power to enter into this Agreement, and that an authorized representative has executed this Agreement.
Stacklok Warranty. Stacklok warrants that: (a) during the Subscription Term, the Platform will perform substantially in accordance with the Documentation; and (b) the Services will be performed in a professional and workmanlike manner consistent with industry standards. Customer must report any warranty non-conformance in writing within thirty (30) days of discovery. For any breach of the warranty in subsection (a), Stacklok’s sole obligation and Customer’s exclusive remedy shall be, at Stacklok’s option, to: (i) repair or replace the non-conforming Platform; or (ii) if Stacklok determines that repair or replacement is not commercially practicable, terminate the applicable Order Form and refund prepaid fees for the remainder of the Subscription Term. Stacklok will comply with all applicable laws in performing the Services.
Customer Represents and Warrants. Customer represents and warrants that: (a) it will comply with all applicable laws, rules and regulations in the course of performing its obligations and exercising its rights under this Agreement; (b) unless explicitly agreed to by Stacklok in the Order Form, Customer will not provide Stacklok with access to any regulated data, including health information (HIPAA), payment card information (PCI), or other sensitive personal information that would impose heightened privacy or security or other obligations on Stacklok; and (c) any Customer Data provided to Stacklok or otherwise used by either party in connection with this Agreement will not infringe, misappropriate or otherwise violate any right of any third party.
Warranty Disclaimer. EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH IN SECTION 9.2, STACKLOK DISCLAIMS ALL WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, WITH RESPECT TO THE SERVICES AND THE PLATFORM, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND THOSE ARISING FROM A COURSE OF DEALING OR USAGE OF TRADE, AND ALL SUCH WARRANTIES ARE HEREBY EXCLUDED TO THE FULLEST EXTENT PERMITTED BY LAW. STACKLOK MAKES NO WARRANTIES REGARDING THE PLATFORM’S PERFORMANCE, FUNCTIONALITY, OR AVAILABILITY WHEN OPERATED IN AN ENVIRONMENT THAT DOES NOT MEET STACKLOK’S MINIMUM SYSTEM REQUIREMENTS, WHEN COMBINED WITH THIRD-PARTY SOFTWARE OR CONFIGURATIONS NOT APPROVED BY STACKLOK, OR WHEN CUSTOMER IS OPERATING AN UNSUPPORTED VERSION OF THE PLATFORM.
Open-Source Software Disclaimer. STACKLOK MAKES NO WARRANTIES OR REPRESENTATIONS OF ANY KIND REGARDING OPEN-SOURCE SOFTWARE, INCLUDING WITHOUT LIMITATION ANY WARRANTIES REGARDING FUNCTIONALITY, SECURITY, COMPATIBILITY, PERFORMANCE, OR CONTINUED AVAILABILITY. OPEN-SOURCE SOFTWARE IS PROVIDED BY THE COMMUNITY “AS IS” WITHOUT WARRANTY OF ANY KIND. Customer acknowledges that Stacklok provides services related to Open Source Software but does not license, distribute, or warrant such software; and Customer’s rights to use Open Source Software are governed solely by the applicable open-source licenses.
MCP Registry Disclaimer. Customer acknowledges that Stacklok operates the MCP Registry as an interface for discovering and accessing third-party software, tools, and integrations developed by the open-source community and other third parties. Stacklok does not develop, maintain, or control any software, tools, or integrations available through the MCP Registry. STACKLOK MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND REGARDING ANY THIRD-PARTY SOFTWARE OR TOOLS AVAILABLE THROUGH THE MCP REGISTRY, INCLUDING WITHOUT LIMITATION ANY WARRANTIES REGARDING FUNCTIONALITY, SECURITY, COMPATIBILITY, OR PERFORMANCE. Customer acknowledges that third-party software or tools, including Open Source Software, may present risks including security vulnerabilities, data collection or transmission, and interactions with Customer’s systems that could affect system performance or data integrity. Customer is solely responsible for evaluating and reviewing third-party software or tools, including their security practices, privacy policies, and data handling, before use. Customer’s use of any third-party software or tools accessed through the MCP Registry is governed solely by the applicable third-party license terms, and Customer assumes all risks associated with the selection, download, installation, and use of such third-party software.
Stacklok Insurance. Stacklok shall procure and maintain, at its own expense, the following minimum insurance coverages with financially sound and reputable insurers: (a) commercial general liability insurance with limits of not less than one million dollars ($1,000,000) per occurrence and two million dollars ($2,000,000) in the aggregate; (b) Cyber E&O liability insurance with limits of not less than two million dollars ($2,000,000) per claim and in the aggregate; and (c) workers’ compensation insurance as required by applicable law. Upon Customer’s request, Stacklok shall provide Customer with certificates of insurance evidencing such coverage. Nothing in this Section shall limit Stacklok’s liability under this Agreement or serve as a waiver of Customer’s rights or remedies.
Stacklok Security Practices. Stacklok maintains commercially reasonable administrative, physical, and technical safeguards designed to protect Customer systems and data accessed in connection with the Services. In the event of a security incident involving unauthorized access to or disclosure of Customer’s Confidential Information, Stacklok will notify Customer without unreasonable delay and will reasonably cooperate with Customer in investigating and remediating such incident. Stacklok will provide Customer with information regarding its security practices and certifications upon reasonable request.
Limitation of Liability
Liability Cap. EACH PARTY’S MAXIMUM LIABILITY FOR ANY ACTION ARISING UNDER THIS AGREEMENT, TO THE EXTENT PERMITTED BY LAW, REGARDLESS OF THE FORM OF ACTION AND WHETHER IN CONTRACT, TORT, STRICT LIABILITY, OR OTHERWISE, SHALL BE LIMITED TO THE FEES PAID OR PAYABLE BY CUSTOMER UNDER THIS AGREEMENT IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE CLAIM. IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY KIND, INCLUDING, WITHOUT LIMITATION, LOST DATA OR LOST PROFITS, WHETHER IN CONTRACT, TORT, STRICT LIABILITY, OR OTHERWISE, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING LIMITATIONS SHALL NOT APPLY TO CUSTOMER’S OBLIGATION TO PAY FEES AND OTHER AMOUNTS DUE UNDER THIS AGREEMENT OR ANY ORDER FORM.
Indemnification
Stacklok Indemnification. Stacklok shall defend, indemnify, and hold harmless Customer from third-party claims, damages, and costs (including attorneys’ fees) arising from the following: (a) infringement of third-party intellectual property rights by the Platform; or (b) Stacklok’s gross negligence or willful misconduct in performing the Services. If the Platform becomes, or in Stacklok’s opinion is likely to become, the subject of an infringement claim, Stacklok may, at its option and expense: (i) obtain the right for Customer to continue using the Platform; (ii) replace or modify the Platform to make it non-infringing while providing substantially similar functionality; or (iii) if options (i) and (ii) are not commercially reasonable, terminate the applicable Order Form and refund any prepaid, unused fees for the remainder of the Subscription Term on a pro-rata basis. This Section 11.1 states Stacklok’s sole and exclusive liability, and Customer’s sole and exclusive remedy, for any actual or alleged infringement of third-party intellectual property rights.
Exclusions. Stacklok’s indemnification obligations under Section 11.1 shall not apply to claims arising from: (i) Open Source Software; (ii) modifications to the Platform made by Customer or third parties; (iii) Customer’s breach of this Agreement; (iv) Customer’s use of the Platform or Services in violation of applicable law; (v) the combination of the Platform with other materials, products, or services where the Platform would not be infringing on a standalone basis; or (vi) Customer-provided materials, specifications, designs, or requirements.
Customer Indemnification. Customer shall defend, indemnify, and hold harmless Stacklok from third-party claims, damages, and costs (including attorneys’ fees) arising from the following: (a) infringement of third-party intellectual property rights by Customer’s data, materials, or Customer Requirements provided to Stacklok; (b) Customer’s material breach of its representations and warranties under this Agreement; (c) Customer’s gross negligence or willful misconduct; or (d) Customer’s use of the Platform or Services in violation of applicable law or this Agreement.
Indemnification Procedures. The indemnified party shall promptly notify the indemnifying party in writing of any claim for which indemnification is sought. The indemnifying party may control the defense and settlement of such claim with counsel of its choosing. No settlement may admit liability on behalf of or impose obligations on the indemnified party without the indemnified party’s prior written consent. The indemnified party shall reasonably cooperate with the indemnifying party in the defense of such claim.
Confidentiality
Nondisclosure. Neither party will, during the Term and for three (3) years thereafter, disclose any Confidential Information of the other party to any third party or use the Confidential Information for any purpose other than in connection with its obligations pursuant to this Agreement; except that trade secrets shall remain confidential for as long as they constitute trade secrets under applicable law. Each party shall protect the other party’s Confidential Information using at least the same degree of care it uses to protect its own confidential information, but no less than reasonable care.
Required and Permissible Disclosures. Neither party will disclose the financial and pricing terms of this Agreement and any Order Forms to any third party without the other party’s consent, except to its financial or legal representatives, or to potential acquirers, merger partners, investors, and their representatives in connection with due diligence, provided such disclosures are made under confidentiality obligations at least as protective as those set forth herein. Either party may disclose Confidential Information if required by applicable law, provided the disclosing party notifies the other party unless prohibited by law. Either party may disclose Confidential Information to its employees, contractors, agents, attorneys, and other representatives who have a need to know and are bound by confidentiality obligations at least as protective as those set forth herein.
Available Remedies. The parties acknowledge that any breach or threatened breach of a receiving party’s obligations in this Section 12 would cause irreparable harm to the disclosing party, and in addition to any other remedies at law or in equity that the disclosing party may have, the disclosing party may seek equitable relief including injunctive relief.
General Provisions
Independent Contractor. Stacklok is an independent contractor and not an employee, agent, partner, or joint venturer of Customer. Neither party has the authority to bind the other party or to incur any obligation on behalf of the other party. Stacklok shall be solely responsible for all compensation, taxes, and benefits for its personnel.
No Solicitation. During the Agreement and for a period of six (6) months following its expiration or earlier termination, each party shall not solicit or hire any employee of the other who had direct contact with the other party in connection with this Agreement. This restriction does not apply to general inquiries to public job postings.
Notice. All notices under this Agreement shall be in writing. Notices to Customer shall be sent to the email address provided by Customer in an Order Form or during registration, as may be updated by Customer in writing from time to time; Customer is responsible for maintaining current contact information with Stacklok. Notices to Stacklok shall be sent to legal@stacklok.com. Notices sent by email shall be deemed given twenty-four (24) hours after sending. Stacklok may also provide notice of modifications to this Agreement by posting updated terms on its website, which shall be deemed effective upon posting or such later date as Stacklok specifies in the updated terms.
Waiver. No waiver of any provision of this Agreement shall be effective unless in writing signed by both parties. No waiver of any breach shall constitute a waiver of any other breach.
Assignment. Neither party shall assign or otherwise transfer this Agreement or any rights or obligations hereunder, in whole or in part, without the other party’s prior written consent; provided, however, that either party may assign this Agreement without consent to a successor in connection with a merger, acquisition, sale of substantially all assets, or change of control. Any assignment in violation of the foregoing will be null and void. This Agreement shall be binding upon and inure to the benefit of the parties and their respective successors and permitted assigns.
Force Majeure. Neither party shall be liable for failure to perform due to events beyond its reasonable control, including acts of God, natural disasters, government actions, or labor disputes (each, a “Force Majeure Event”). The affected party shall promptly notify the other party. During a Force Majeure Event affecting Stacklok’s performance: (a) delivery deadlines for Services extend by the delay duration, and (b) Customer’s payment obligations for Services that cannot be performed are suspended; provided that Platform license fees shall continue to accrue during a Force Majeure Event. If a Force Majeure Event exceeds sixty (60) days, either party may terminate the affected Order Form, and Stacklok shall refund prepaid fees for unperformed Services on a pro-rata basis; provided that no refund shall be due for Platform license fees accrued prior to termination.
Governing Law and Jurisdiction. This Agreement shall be governed by the laws of the State of Washington, without regard to conflict of law principles, and excluding the United Nations Convention on Contracts for the International Sale of Goods. Each party consents to the exclusive jurisdiction of the federal and state courts located in King County, Washington.
Entire Agreement; Amendments. This Agreement, together with all Order Forms and SOWs, constitutes the entire agreement between the parties with respect to the subject matter hereof and supersedes all prior agreements and communications. Stacklok may modify this Agreement at any time by posting updated terms on its website or providing notice to Customer in accordance with Section 13.3. Material modifications shall be effective thirty (30) days after posting or notice, and Customer’s continued use of the Platform after such period constitutes acceptance of the modified terms. If Customer does not agree to any modification, Customer’s sole remedy is to cease using the Platform and terminate the applicable Order Form in accordance with Section 8. Notwithstanding the foregoing, modifications to this Agreement shall not apply to any Order Form executed prior to the effective date of such modification until the next renewal of such Order Form. In the event of any conflict: (a) a separately negotiated written agreement between the parties shall control over this Agreement; (b) an Order Form or SOW shall control over this Agreement; and (c) this Agreement and any Order Form or SOW shall control over any Customer purchase order or similar document, which are for Customer’s internal administrative purposes only and do not modify this Agreement.
Severability. If any provision of this Agreement is held to be invalid, illegal, or unenforceable, the validity, legality, and enforceability of the remaining provisions shall not be affected or impaired thereby.
Export Control. Each party shall comply with all applicable export control laws and regulations. Neither party shall export or provide Services or technical data to any prohibited country, entity, or person under applicable export laws. Each party represents that it is not located in or controlled by persons in any country subject to U.S. trade embargo.