Last Updated on February 1, 2021
If You do not agree to the terms presented in this Agreement, or if You do not meet the eligibility requirements described in Section 1 of this Agreement, You have no right to use the Services, and should terminate Your access, including use of the Cobalt website, immediately.
Please also be aware that disputes arising hereunder will be resolved by binding arbitration, and BY ACCEPTING THIS AGREEMENT, YOU AND COBALT ARE EACH WAIVING THE RIGHT TO A TRIAL BY JURY OR TO PARTICIPATE IN A CLASS ACTION. YOU AGREE TO GIVE UP YOUR RIGHT TO GO TO COURT to assert or defend Your rights under this contract (except for matters that may be taken to small claims court). Your rights will be determined by a NEUTRAL ARBITRATOR and NOT a judge or jury and Your claims cannot be brought as a class action. Please review the Arbitration Agreement in Section 9 below for the details regarding Your agreement to arbitrate any disputes with Cobalt.
1. Parties and Scope of Agreement
Parties, Authority, and Eligibility
“You” or “Your” refers to you as an end user of the Services, and, if you are accessing the Services on behalf of a legal organization, that legal organization; You agree that You have the authority to enter into this Agreement and to bind that legal organization to the terms of this Agreement. You further agree that You are 18 years of age or older (if You want to use the Services but You are under 18 years of age, please contact email@example.com).
“Us”, “We”, “Our” or “Cobalt” means Cobalt Labs, Inc., a Delaware Corporation.
Scope of this Agreement, Other Agreements, and Definitions.
This Agreement makes reference to a number of other agreements which You may also be agreeing to by agreeing to this Agreement, and which You can find here (the “Policies”):
In the event that the terms of this Agreement conflict with the terms of any other agreement named here, the terms of this Agreement will govern (except with respect to a mutually executed Sales Order, in which case the terms of that Sales Order will govern in the event of conflict).
Finally, please note that, where not defined throughout this Agreement, capitalized terms having the meaning ascribed to them in Section 10, Definitions.
2. Services, Account & Use
Description of Services
Cobalt provides an online platform that connects Program Owners with Pentesters (such services, as well as related services including the Cobalt Site (as further defined), the “Services”). These Pentesters help Program Owners assess the security of their Program(s) by conducting security testing, and providing such Program Owners a Vulnerability Report outlining their findings, which Vulnerability Report is made pursuant to specifications and parameters described by a Program Owner in a Security Program. The Services are made accessible at Cobalt websites, cobalt.io (collectively, We call this website and related pages the "Site").
We welcome and encourage You to provide feedback, comments and suggestions for improvements to the Services ("Feedback"). You may submit Feedback by emailing Us at firstname.lastname@example.org or through the about section of the Site.
Creating an Account
In order to access certain features of the Services, You must create an account ("Cobalt Account"), thereby becoming a Member. You may do so directly via the Site or as described in this section.
You can also create a Cobalt Account using certain third party social networking sites including, but not limited to, GitHub, Google (together, “SNS”), and “single sign on” services (each such account, including SNS, and single sign on services, a "Third Party Account", and their services, “Third Party Services”), subject to the obligations, rights and restrictions named in this Agreement.
Prohibited Use. In connection with Your use of our Services, You agree that You will not:
- Violate any Applicable Laws, including, without limitation, data privacy laws and tax regulations;
- Use manual or automated software, devices, scripts robots, other means or processes to access, "scrape," "crawl" or "spider" any web pages or other services contained in the Site, Services or Content, unless and to the extent requested in a Security Program
- Use the Services for any commercial or other purposes that are not expressly permitted by this Agreement;
- Copy, store, modify, prepare derivative works based upon, distribute, license, sell, transfer, publicly display, publicly perform, transmit, broadcast or otherwise exploit or otherwise access any information contained on the Site, Services or Collective Content for purposes not expressly permitted by this Agreement;
- Infringe the rights of any person or entity, including without limitation, their intellectual property, privacy, publicity or contractual rights;
- Remove, alter or obscure any copyright, trademark, service mark or other proprietary rights notices incorporated in or accompanying the Site, Services, or Collective Content;
- Interfere with or damage our Site or Services, including, without limitation, through the use of viruses, cancel bots, Trojan horses, harmful code, flood pings, denial-of-service attacks, packet or IP spoofing, forged routing or electronic mail address information, similar methods or technology, or other abusive behavior, unless and to the extent expressly requested by a Program Owner in a Security Program in order to perform the Services;
- Use the Services to transmit, distribute, post or submit any information concerning any other person or entity, including without limitation, photographs of others without their permission, personal contact information or credit, debit, calling card or account numbers or other personal information;
- Use Services in connection with the distribution of unsolicited commercial email ("spam") or advertisements unrelated to Security Programs and Vulnerability Reports;
- Stalk, harass, or commit any other abusive behavior using or in connection with the Site or Services;
- Collect or store any personally identifiable information about any other user other than for purposes of providing the Services, with express permission and subject to the terms of this Agreement;
- Register for more than one Cobalt Account or register for an Cobalt Account on behalf of an individual other than Yourself;
- Contact a Program Owner or any other Member for any purpose other than to engage in and perform the Services;
- Contact a Pentester or any other Member for any purpose other than to engage in and perform in the Services pursuant to this Agreement;
- When acting as a Pentester, recruit or otherwise solicit any Program Owner or other Member to join third party services or websites that are competitive to Cobalt, without Cobalt’s prior written approval;
- Impersonate any person or entity, or falsify or otherwise misrepresent Yourself or Your affiliation with any person or entity;
- Post, upload, publish, submit or transmit any Content that: (i) infringes, misappropriates or violates a third party’s patent, copyright, trademark, trade secret, moral rights or other intellectual property rights, or rights of publicity or privacy; (ii) violates, or encourages any conduct that would violate, any third party’s right, any Applicable Law; (iii) would give rise to civil liability; (iv) is fraudulent, false, misleading or deceptive; (v) is defamatory, obscene, pornographic, vulgar or offensive; (vi) promotes discrimination, bigotry, racism, hatred, harassment or harm against any individual or group; (vi) is violent or threatening or promotes violence or actions that are threatening to any other person; or (viii) promotes illegal or harmful activities or substances;
- Systematically retrieve data or other content from our Services to create or compile, directly or indirectly, in single or multiple downloads, a collection, compilation, database, directory or the like, whether by manual methods, through the use of bots, crawlers, or spiders, or otherwise, unless and to the extent expressly requested in a Security Program in order to perform the Services;
- Use, display, mirror or frame the Site, or any individual element within the Site or Services, Cobalt’s name, logo or other proprietary information, or the layout and design of any page or form contained on a page, without Cobalt’s express written consent;
- Access, tamper with, or use non-public areas of the Site, Cobalt’s computer systems, or the technical delivery systems of Cobalt’s providers;
- Attempt to probe, scan, or test the vulnerability of any Cobalt system or network or breach any security or authentication measures; unless and to the extent expressly requested in a Security Program in order to perform the Services, or as approved in writing by Cobalt.
- Avoid, bypass, remove, deactivate, impair, descramble, or otherwise circumvent any technological measure implemented by Cobalt or any of Cobalt’s providers or any other third party (including another user) to protect the Site, Services or Collective Content; Unless and to the extent expressly requested in a Security Program in order to perform the Services, or as approved in writing by Cobalt;
- Forge any TCP/IP packet header or any part of the header information in any email or newsgroup posting, or in any way use the Site, Services or Collective Content to send altered, deceptive or false source-identifying information;
- Attempt to decipher, decompile, disassemble or reverse engineer any of the software used to provide the Site, Services or Collective Content; attempt to expose the software or use the software used to provide the Site or Services to recreate such software; or advocate, encourage, or assist any third party in doing any of the foregoing.
Affirmative Obligations. In connection with Your use of the Services, You agree that:
- You are solely responsible for compliance with any and all Applicable Laws, rules, regulations, and tax obligations that may apply to Your use of the Site, Services and Content.
- You will provide accurate, current accurate, current and complete information during the registration process and to update such information to keep it accurate, current and complete.
- You are responsible for safeguarding Your password and other sensitive credentials and Content; You also agree that You will not disclose Your password to any third party and that You will take sole responsibility for any activities or actions under Your Cobalt Account, whether or not You have authorized such activities or actions.
- You are responsible for only using those Third Party Accounts that You deem to be secure for usage in connection with the Services, and You assume the risk of any privacy or security violations arising thereto.
- You are responsible for managing security permissions, and for deleting sensitive data in a timely fashion to mitigate the risk of security breaches.
- You will immediately notify Cobalt of any unauthorized use of Your Cobalt Account.
- If You interact with anyone who You feel is acting or has acted inappropriately, including but not limited to, anyone who (i) engages in offensive, violent or sexually inappropriate behavior, (ii) You suspect of stealing from You, or (iii) engages in any other disturbing conduct, You should immediately report such person to the appropriate authorities and then to Cobalt by contacting Us with Your police station and report number at email@example.com; provided that Your report will not obligate Us to take any action beyond that required by law (if any) or cause Us to incur any liability to You.
We may, in Our sole discretion and at any time, with or without cause, and with or without prior notice: (a) terminate or modify this Agreement, (b) terminate, modify or restrict Your access to the Services, (c) deactivate or cancel Your Cobalt Account, and (d) take other actions as We see fit in our sole discretion (collectively, such actions being “Remedial Actions”). In the event of Remedial Actions, You will remain liable for all amounts due hereunder, or under an applicable Sales Order.
Notwithstanding the foregoing, We will not cancel a Program Owner Account if there is an active Sales Order in effect unless such termination is for Cause. Unless otherwise specified in the Sales Order, “Cause” shall mean (a) a material breach by Program Owner of this Agreement, including but not limited to any breach of the restrictions described herein, (b) a material breach of a Sales Order, where such breach is not cured within 30 days following Program Owner’s receipt of e-mail or other notice of such breach, and (c) violation of any third party right or of Applicable Law, as determined in Our sole discretion.
You may cancel Your Cobalt Account at any time via the "Cancel Account" feature of the Services or by sending an email to firstname.lastname@example.org, provided that any such cancellation by a Program Owner shall not affect any obligations of Program Owner under an active Sales Order including any payment obligations unless otherwise expressly agreed by the parties in the Order. Please note that if Your Cobalt Account is cancelled, We do not have an obligation to delete or return to You any Content You have posted to the Services, including, but not limited to, any reviews or Feedback unless explicitly agreed in an Order.
Notwithstanding any other provision of this Agreement, Cobalt shall have the right to collect and create high level, generic, anonymous (i.e. cannot be used to identify any person), statistical and/or benchmarking data derived from the Member Content (“Statistical Data”) for aggregation with other findings, results and information (the “Aggregated Data”) provided that such Aggregated Data does not identify and cannot be used to identify any specific person. Each Member hereby grants Cobalt a worldwide, perpetual, irrevocable, fully paid-up, right to use, copy, modify, create derivative works of, publish, and exploit the Statistical Data as incorporated into the Aggregated Data for the purpose of providing, improving, optimizing, and monitoring the performance of the Services and Content and for data analysis purposes.
Member understands and agrees that Cobalt shall have the right to share Member contact details with third party partners and service providers in connection with the delivery of the Services and enabling such partners to offer other software and/or services as related to the Cobalt Services.
Third Party Accounts
You represent that You are entitled to disclose Your Third Party Account login information to Us and grant Us access to Your Third Party Account (i) without breach by You of any of the terms and conditions that govern Your use of the applicable Third Party Account, or other agreements, (ii) without obligating Cobalt to pay any fees or making Cobalt subject to any usage limitations imposed by such Third Party Account providers. By granting Cobalt access to any Third Party Accounts, You understand that Cobalt will access, make available and store (if applicable) any Content that You have provided to and stored in Your Third Party Account ("Third Party Account Content") so that it is available on and through the Services via Your Cobalt Account and Cobalt Account profile page. Unless otherwise specified in this Agreement, all Third Party Account Content, if any, will be considered to be applicable Member Content for the purposes of this Agreement. Depending on the Third Party Accounts You choose and subject to the privacy settings that You have set within such Third Party Accounts, personally identifiable information that You post to Your Third Party Accounts will be available on and through Your Cobalt Account on the Services. Please note that if a Third Party Account or associated service becomes unavailable or Cobalt’s access to such Third Party Account is terminated by the third party service provider, then Third Party Account Content will no longer be available on and through the Services. You have the ability to disable the connection between Your Cobalt Account and Your Third Party Accounts, at any time, by accessing the "Settings" section of the Site.
PLEASE NOTE THAT YOUR RELATIONSHIP WITH THE THIRD PARTY ACCOUNT PROVIDERS ASSOCIATED WITH YOUR THIRD PARTY ACCOUNTS IS GOVERNED SOLELY BY YOUR AGREEMENT(S) WITH SUCH THIRD PARTY ACCOUNT PROVIDERS: IN THE EVENT OF CONFLICT BETWEEN THE TERMS OF YOUR AGREEMENT(S) WITH SUCH THIRD PARTY ACCOUNT PROVIDERS AND THE TERMS OF THIS AGREEMENT, YOU AGREE THAT THE TERMS OF THIS AGREEMENT WILL GOVERN.
YOU FURTHER AGREE THAT USE OF SUCH THIRD PARTY ACCOUNTS IS SOLELY AT YOUR OWN DISCRETION, AND THAT COBALT HAS NO RESPONSIBILITY FOR PRIVACY OR SECURITY VIOLATIONS OR BREACHES ARISING IN CONNECTION WITH SUCH THIRD PARTY ACCOUNTS.
Cobalt makes no effort to review any Third Party Account Content for any purpose, including but not limited to, for accuracy, security, privacy, legality or non-infringement, and You agree that Cobalt is not responsible or liable for any Third Party Account Content or for the actions or inactions of services provided thereto.
“Confidential Information” means (i) Content or other information that is interfaced through the Services, (ii) any findings arising from or related to use of the Services, (iii) the results contained in the Vulnerability Reports, and (iv) any other information that a person would reasonably understand is proprietary or confidential.
The Parties agree that, for the duration of this Agreement and for a period of the greater of (a) five (5) years thereafter or (b) to the maximum extent permitted under Applicable Law, Confidential Information will be used only for the purposes of providing the Services or enjoying the Services pursuant to this Agreement, and will be treated with the same level of protection, including technical security measures and other business practices, as such party uses to protect its own highly sensitive Confidential Information. The parties further agree to handle any such Confidential Information in compliance with Applicable Law.
The Parties agree to maintain in confidence any Confidential Information made available through the Services, and, except as expressly provided for in this Agreement, not to disclose such Confidential Information to any third party other than to its or its employees, contractors, agents or advisors, where such third parties are obligated under confidentiality provisions at least as protective as this one, and where such disclosure is necessary to carry out its rights and obligations under this Agreement.
Due to the unique nature of Confidential Information gained through the Services, the Parties acknowledge that the breach of this Section 4 would cause irreparable harm, which monetary damages would be insufficient to remedy. Accordingly, the Parties agree and acknowledge that any such violation or threatened violation may cause irreparable injury to Us or to Members, and that, in addition to any other remedies available at law, such other Parties shall be entitled to seek injunctive relief against the threatened or continuing breach of this Agreement.
5. Intellectual Property
Cobalt Rights, Licenses
The Services, and Collective Content are protected by copyright, trademark, and other laws of the United States of America and foreign countries.
Cobalt Property Ownership: You acknowledge and agree that Cobalt and/or its licensors own and reserve all right, title and interest to the Services and Cobalt Content, including without limitation any techniques, ideas, methods, processes, software, utilities, data, documents, directories, designs, user interfaces, know-how, graphics, video content or other data or information acquired, created, developed or licensed by Cobalt forming a part of or made available via the Services or Cobalt Content including all associated intellectual property rights and all modifications, improvements and derivative works thereof (collectively as “Cobalt Property”).
Cobalt License. Subject to Your compliance with the terms and conditions of this Agreement, Cobalt grants You a limited, revocable, non-exclusive, non-transferable, non-sublicensable license, so long as this Agreement remains in effect, to access and view the Services solely for Your internal use in connection with Your use of the Services pursuant to this Agreement. You have no right to sublicense the license rights granted in this section.
No title, licenses, or other rights or interests are granted to You by implication or otherwise under any intellectual property rights owned or controlled by Cobalt or its licensors, except for the licenses and rights expressly granted in this Agreement.
*Cobalt Feedback. *You acknowledge and agree that all Feedback will be the sole and exclusive property of Cobalt and You hereby irrevocably assign to Cobalt and agree to irrevocably assign to Cobalt all of Your right, title, and interest in and to all Feedback, including without limitation all worldwide patent, copyright, trade secret, moral and other proprietary or intellectual property rights therein. At Cobalt’s request and expense, You will execute documents and take such further acts as Cobalt may reasonably request to assist Cobalt to acquire, perfect, and maintain its intellectual property rights and other legal protections for the Feedback.
Program Owner Rights, Licenses
The Parties acknowledge and agree that as between the parties, the Program Owner owns and reserves all right, title and interest to the Program(s), Security Program, and Vulnerability Reports, as well as any techniques, ideas, methods, processes, or technical information contained in any Member Content acquired, created, developed or licensed by the Program Owner whether prior to or following the Pentester’s work and the use of the Services, whether created independently or jointly with Content produced by Pentester.
Pentester Rights, Licenses
The parties acknowledge and agree that as between the parties, the Pentesters and/or their licensors reserve all right, title and interest to any techniques, methods, processes, or technical information contained in any Member Content acquired, created, developed or licensed by the Pentester prior to, independently of, and outside the scope of of a Program Owner’s specific Security Program and Vulnerability Report(s) thereto, and any intellectual property rights therein (“Pentester Property”), except as described in this Agreement.
Each Pentester hereby assigns to Program Owner all right, title and interest throughout the world in and to any and all Vulnerability Report(s) and all patent, copyright, trademark, trade secret and other intellectual property rights therein. Pentester hereby waives and irrevocably quitclaims to the Program Owner or its designee any and all claims, of any nature whatsoever, that Pentester now or may hereafter have for infringement of any and all Vulnerability Report(s). Pentester further acknowledges that all Vulnerability Report(s) that are made by Pentester, solely or jointly with others, within the scope of and during the period of the relationship, including under any applicable Security Program(s) or use of the Services, are “works made for hire” (to the greatest extent permitted by applicable law) and are compensated under this Agreement. Any assignment of intellectual property rights herein includes all rights of attribution, paternity, integrity, modification, disclosure and withdrawal, and any other rights throughout the world that may be known as or referred to as “moral rights,” “artist’s rights,” “droit moral,” or the like (collectively, “Moral Rights”). To the extent that Moral Rights cannot be assigned under applicable law, Pentester hereby waives and agrees not to enforce any and all Moral Rights, including, without limitation, any limitation on subsequent modification, to the extent permitted under applicable law. Pentester hereby unconditionally and irrevocably grants to Program Owner an exclusive (except as described in this Agreement), irrevocable, perpetual, worldwide, fully paid and royalty-free license, with rights to sublicense through multiple levels of sublicensees, to reproduce, distribute, display, perform, prepare derivative works of and otherwise modify, make, have made, sell, offer to sell, import, practice methods, processes and procedures and otherwise use and exploit, Pentester Property.
Pentester further grants (i) Cobalt a worldwide, non-exclusive, royalty-free, perpetual, irrevocable, license to use, access, view, copy, transmit and store the Vulnerability Report and the Pentester Property to the extent made a part of the Vulnerability Report for the purpose of operating, maintaining, performing and providing the Services.
We may, in our sole discretion, permit Members to post, upload, publish, submit or transmit Member Content, including Security Program(s). This License grant section covers the license grant for Member Content.
Except as provided for in this Agreement, Cobalt does not claim any ownership rights in any such Member Content and nothing in this Agreement will be deemed to restrict any rights that You may have to use and exploit any such Member Content that You are otherwise entitled to use and exploit.
Other Third Party Rights, Licenses
Links.The Services may contain links to third-party websites or resources. You acknowledge and agree that Cobalt is not responsible or liable for: (i) the availability or accuracy of such websites or resources; or (ii) the content, products, or services on or available from such websites or resources. Links to such websites or resources do not imply any endorsement by Cobalt of such websites or resources or the content, products, or services available from such websites or resources. You acknowledge sole responsibility for and assume all risk arising from Your use of any such websites or resources or the Content, products or services on or available from such websites or resources.
Proprietary Rights Notice. All trademarks, service marks, logos, trade names and any other proprietary designations of Cobalt used herein are trademarks or registered trademarks of Cobalt. Any other trademarks, service marks, logos, trade names and any other proprietary designations are the trademarks or registered trademarks of their respective parties.
Digital Millennium Copyright Act. If You believe that Your copyrighted work has been copied in a way that constitutes copyright infringement and is accessible via the Services, please notify our copyright agent, as set forth in the Digital Millennium Copyright Act of 1998 ("DMCA"). For Your complaint to be valid under the DMCA, You must provide the following information in writing to email@example.com:
- An electronic or physical signature of a person authorized to act on behalf of the copyright owner;
- Identification of the copyrighted work that You claim has been infringed;
- Identification of the material that is claimed to be infringing and where it is located on the Service;
- Information reasonably sufficient to permit Us to contact You, such as Your address, telephone number, and, e-mail address;
- A statement that You have a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or law; and
- A statement, made under penalty of perjury, that the above information is accurate, and that You are the copyright owner or are authorized to act on behalf of the owner.
6. Representations & Warranties
Your Representations. You acknowledge and agree that You are solely responsible for (a) all activity occurring through Your Cobalt Account, whether authorized or not, and (b) all Member Content that You make available through the Services. Accordingly, You represent and warrant that: (i) You either are the sole and exclusive owner of all Member Content that You make available through the Services or You have all necessary legal rights, licenses, consents and releases to grant to Cobalt and other Members the rights in such Member Content, as contemplated under this Agreement, and that You have a process to manage alleged infringements of third party rights thereto, including processes to ensure compliance with the DMCA; and (ii) neither the Member Content nor Your posting, uploading, publication, sublicensing, submission or transmittal of the Member Content or Cobalt’s or other Members’ use of the Member Content (or any portion thereof) on, through or by means of the Site and the Services will infringe, misappropriate or violate any third party patent, copyright, trademark, trade secret, moral rights or other proprietary or intellectual property rights, or rights of publicity or privacy, or result in the violation of any Applicable Law. As a Pentester, you represent to perform the Services in a professional manner and will provide a standard of care equal to, or superior to, care typically used by pentesters.
Express waivers of warranties
YOU ACKNOWLEDGE AND AGREE THAT EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE SERVICES ARE PROVIDED "AS IS", WITHOUT ANY REPRESENTATIONS OR WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. WITHOUT LIMITING THE FOREGOING, COBALT EXPLICITLY DISCLAIMS ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT, AND ANY WARRANTIES ARISING OUT OF COURSE OF DEALING OR USAGE OF TRADE. COBALT MAKES NO WARRANTY THAT THE SERVICES, INCLUDING, BUT NOT LIMITED TO, THE SECURITY PROGRAMS OR ANY VULNERABILITY REPORTS WILL MEET YOUR REQUIREMENTS, BE EXHAUSTIVE IN DOCUMENTING SECURITY RISKS, OR BE AVAILABLE ON AN UNINTERRUPTED, SECURE, OR ERROR-FREE BASIS. COBALT MAKES NO WARRANTY REGARDING THE QUALITY OF ANY SECURITY PROGRAMS AND VULNERABILITY REPORTS, THE SERVICES, OR THE ACCURACY, TIMELINESS, TRUTHFULNESS, COMPLETENESS OR RELIABILITY OF ANY SECURITY PROGRAMS, VULNERABILITY REPORTS OR OTHER COLLECTIVE CONTENT OBTAINED THROUGH THE SITE OR SERVICES.
NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM COBALT OR THROUGH THE SITE, SERVICES OR COLLECTIVE CONTENT, WILL CREATE ANY WARRANTY NOT EXPRESSLY MADE HEREIN.
YOU ARE SOLELY RESPONSIBLE FOR ALL OF YOUR COMMUNICATIONS AND INTERACTIONS WITH OTHER USERS OF THE SERVICES, WITH OTHER PERSONS WITH WHOM YOU COMMUNICATE OR INTERACT AS A RESULT OF YOUR USE OF THE SITE OR SERVICES, INCLUDING, BUT NOT LIMITED TO, ANY PENTESTERS OR PROGRAM OWNERS, OR THIRD PARTY ACCOUNTS. YOU UNDERSTAND THAT COBALT DOES NOT MAKE ANY ATTEMPT TO VERIFY THE STATEMENTS OF USERS OF THE SITE OR SERVICES OR TO VERIFY ANY SECURITY PROGRAMS OR VULNERABILITY REPORTS, OR THE SECURITY OF ANY THIRD PARTY ACCOUNT USAGE. YOU AGREE TO TAKE REASONABLE PRECAUTIONS IN ALL COMMUNICATIONS AND INTERACTIONS WITH OTHER USERS OF THE SITE OR SERVICES AND WITH OTHER PERSONS WITH WHOM YOU COMMUNICATE OR INTERACT AS A RESULT OF YOUR USE OF THE SITE OR SERVICES, INCLUDING, BUT NOT LIMITED TO, PENTESTERS AND PROGRAM OWNERS.
YOU AS THE PROGRAM OWNER UNDERSTAND AND AGREE THAT THE NATURE OF PENETRATION TESTING MAY CAUSE SIGNIFICANT HARM OR DISRUPTION TO PROGRAM(S) AND YOUR BUSINESS, AND YOU ASSUME SUCH RISK, TOGETHER WITH THE RISK OF AN INCOMPLETE OR UNRELIABLE VULNERABILITY REPORT.
Cobalt represents and warrants that (i) it shall provide the Services and meet its obligations under a Sales Order in a timely and professional manner and will provide a standard of care equal to, or superior to, care used by service providers similar to Cobalt on similar projects; and (ii) that the Pentesters have the general skills and expertise necessary to perform penetration testing. If the Program Owner notifies Cobalt of a breach of the limited Cobalt warranty as set forth in this provision within twenty (20) days of the performance of the task giving rise to the breach, as Program Owner’s sole and exclusive right and remedy and Cobalt’s sole and exclusive liability for breach of this limited warranty, Cobalt shall, at the Program Owner’s request and option, either extend the period of testing to perform additional testing or provide a re-test using a different Pentester.
You agree to release, indemnify, and hold Cobalt and its affiliates and subsidiaries, and their officers, directors, employees and agents, harmless from and against any third party claims, liabilities, damages, losses, and expenses, including, without limitation, reasonable legal and accounting fees, arising out of or in any way connected with (i) Your access to or use of the Site, Services; (ii) Your Content, including without limitation Content that violates third party rights, including intellectual property rights; (iii) Your breach of representations, warranties and/or obligations under this Agreement (iv) Your improper or unlawful interaction with any other Members; and (v) Your violation of Applicable law (collectively the “Indemnified Claims”).
8. Limitation of Liability
Except as otherwise expressly provided in this Agreement, by using the Services, You agree that any legal remedy or liability that You seek to obtain for any acts or omissions of, any Members or other third parties will be limited to a claim against the particular Members or other third parties who caused You harm and You agree not to attempt to impose any liability on, or seek any legal remedy from Cobalt with respect to the acts or omissions of other Members or third parties.
YOU ACKNOWLEDGE AND AGREE THAT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER COBALT NOR ITS LICENSORS, SUPPLIERS, OR CONTRACTORS WILL BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS, LOSS OF DATA OR LOSS OF GOODWILL, SERVICE INTERRUPTION, COMPUTER DAMAGE OR SYSTEM FAILURE OR THE COST OF SUBSTITUTE PRODUCTS OR SERVICES, OR FOR ANY DAMAGES FOR PERSONAL OR BODILY INJURY OR EMOTIONAL DISTRESS ARISING OUT OF OR IN CONNECTION WITH THE TERMS, THE USE OF OR INABILITY TO USE THE SITE, SERVICES OR COLLECTIVE CONTENT, FROM ANY COMMUNICATIONS OR INTERACTIONS WITH OTHER USERS OF THE SITE OR SERVICES, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT COBALT HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE, EVEN IF A LIMITED REMEDY SET FORTH HEREIN IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NO EVENT WILL COBALT’S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO WITH THE TERMS AND YOUR USE OF THE SITE AND SERVICES INCLUDING, BUT NOT LIMITED TO, FROM YOUR LISTING OF YOUR SECURITY PROGRAM OR VULNERABILITY REPORT VIA THE SERVICES EXCEED THE TOTAL OF THE AMOUNTS YOU HAVE PAID IN RELATION TO A SPECIFIC SECURITY PROGRAM VIA THE SERVICES AS A PROGRAM OWNER DURING THE TWELVE (12) MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO THE LIABILITY OCCURRED, OR IF YOU ARE A PENTESTER, THE AMOUNTS PAID BY COBALT TO YOU IN THE TWELVE (12) MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO THE LIABILITY, OR ONE HUNDRED DOLLARS ($100) IF NO SUCH PAYMENTS HAVE BEEN MADE OR ARE OWED, AS APPLICABLE. **THE LIMITATIONS OF DAMAGES SET FORTH ABOVE ARE FUNDAMENTAL ELEMENTS OF THE BASIS OF THE BARGAIN BETWEEN COBALT AND YOU. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE LIMITATION MAY NOT FULLY APPLY TO YOU, IN WHICH CASE YOU AGREE THIS PROVISION SHOULD BE APPLIED TO THE MAXIMUM EXTENT PERMITTED BY LAW.
YOU AS THE PROGRAM OWNER UNDERSTAND AND AGREE THAT THE NATURE OF PENTESTING MAY CAUSE HARM OR DISRUPTION TO PROGRAM(S) AND THAT NEITHER COBALT NOR ANY PENTESTER SHALL HAVE ANY LIABILITY OF ANY KIND ARISING OUT OF SUCH TESTING ACTIVITIES, UNLESS THE PENTESTER HAS COMMITTED GROSS NEGLIGENCE OR COMMITTED WILLFUL MISCONDUCT IN THE PERFORMANCE OF SUCH TESTING.
You may not assign, transfer, delegate or subcontract this Agreement or any of Your rights or obligations under this Agreement, in whole or in part, by sale of assets, merger, operation of law or otherwise, without Cobalt’s prior written consent. Any attempt by You to assign, transfer, delegate or subcontract this Agreement or any of Your rights or obligations under this Agreement, without such consent, will be null and of no effect and in such event, and Cobalt shall have the right to immediately terminate Your rights under this Agreement and seek any remedies available to it at law or in equity. Cobalt may assign or transfer this Agreement, at its sole discretion, without restriction. Cobalt has the right to use subcontractors in connection with providing the Services. Subject to the foregoing, this Agreement will bind and inure to the benefit of the parties, their successors and permitted assigns.
Any notices or other communications permitted or required hereunder, including those regarding modifications to this Agreement, will be in writing and given by Cobalt (i) via email (in each case to the address that You provide) or (ii) by posting to the Site. Notices to Cobalt shall be sent to firstname.lastname@example.org. For notices made by e-mail, the date of receipt will be deemed the date on which such notice is transmitted.
Controlling Law and Jurisdiction
This Agreement will be interpreted in accordance with the laws of the State of California and the United States of America, without regard to its conflict-of-law provisions. You and We agree to submit to the personal jurisdiction of a state court or arbitrator located in San Francisco County, San Francisco, California or a United States District Court, Northern District of California located in San Francisco, California for any actions for which the parties retain the right to seek injunctive or other equitable relief in a court of competent jurisdiction to prevent the actual or threatened infringement, misappropriation or violation of a party’s copyrights, trademarks, trade secrets, patents, or other intellectual property rights, as set forth in the Dispute Resolution provision below.
Arbitration & Dispute Resolution
You and Cobalt agree that any dispute, claim or controversy arising out of or relating to this Agreement or the breach, termination, enforcement, interpretation or validity thereof, or to the use of the Services or use of the Site (collectively, "Disputes") will be settled by binding arbitration, except that each party retains the right to seek injunctive or other equitable relief in a court of competent jurisdiction to prevent the actual or threatened infringement, misappropriation or violation of a party’s copyrights, trademarks, trade secrets, patents, or other intellectual property rights. You acknowledge and agree that You and Cobalt are each waiving the right to a trial by jury or to participate as a plaintiff or class member in any purported class action or representative proceeding. Further, unless both You and Cobalt otherwise agree in writing, the arbitrator may not consolidate more than one person's claims, and may not otherwise preside over any form of any class or representative proceeding. If this specific paragraph is held unenforceable, then the entirety of this "Dispute Resolution" section will be deemed void. Except as provided in the preceding sentence, this "Dispute Resolution" section will survive any termination of this Agreement.
Arbitration Rules and Governing Law. The arbitration will be administered by the American Arbitration Association ("AAA") in accordance with the Commercial Arbitration Rules and the Supplementary Procedures for Consumer Related Disputes (the "AAA Rules") then in effect, except as modified by this "Dispute Resolution" section. (The AAA Rules are available at http://www.adr.org/arb_med or by calling the AAA at 1-800-778-7879.) The Federal Arbitration Act will govern the interpretation and enforcement of this section.
Arbitration Process. A party who desires to initiate arbitration must provide the other party with a written Demand for Arbitration as specified in the AAA Rules. (The AAA provides a form Demand for Arbitration at http://www.adr.org/aaa/ShowPDF?doc=ADRSTG_004175 and a separate form for California residents at http://adr.org/aaa/ShowPDF?doc=ADRSTG_004314.) The arbitrator will be either a retired judge or an attorney licensed to practice law in the state of California and will be selected by the parties from the AAA’s roster of consumer dispute arbitrators. If the parties are unable to agree upon an arbitrator within seven (7) days of delivery of the Demand for Arbitration, then the AAA will appoint the arbitrator in accordance with the AAA Rules.
Arbitration Procedure. If Your claim does not exceed $10,000, then the arbitration will be conducted solely on the basis of documents You and Cobalt submit to the arbitrator, unless You request a hearing or the arbitrator determines that a hearing is necessary. If Your claim exceeds $10,000, Your right to a hearing will be determined by the AAA Rules. Subject to the AAA Rules, the arbitrator will have the discretion to direct a reasonable exchange of information by the parties, consistent with the expedited nature of the arbitration.
Arbitrator’s Decision. The arbitrator will render an award within the time frame specified in the AAA Rules. The arbitrator’s decision will include the essential findings and conclusions upon which the arbitrator based the award. Judgment on the arbitration award may be entered in any court having jurisdiction thereof. The arbitrator’s award damages must be consistent with the terms of the "Limitation of Liability" section above as to the types and the amounts of damages for which a party may be held liable. The arbitrator may award declaratory or injunctive relief only in favor of the claimant and only to the extent necessary to provide relief warranted by the claimant’s individual claim. If You prevail in arbitration You will be entitled to an award of attorneys’ fees and expenses, to the extent provided under Applicable Law. Cobalt will not seek, and hereby waives all rights it may have under Applicable Law to recover, attorneys’ fees and expenses if it prevails in arbitration.
Fees. Your responsibility to pay any AAA filing, administrative and arbitrator fees will be solely as set forth in the AAA Rules. However, if Your claim for damages does not exceed $75,000, Cobalt will pay all such fees unless the arbitrator finds that either the substance of Your claim or the relief sought in Your Demand for Arbitration was frivolous or was brought for an improper purpose (as measured by the standards set forth in Federal Rule of Civil Procedure 11(b)).
Changes. Notwithstanding the provisions of the "Modification" section above, if Cobalt changes this "Dispute Resolution" section after the date You first accepted this Agreement (or accepted any subsequent changes to this Agreement), You may reject any such change by sending Us written notice (including by email to email@example.com) within 30 days of the date such change became effective, as indicated in the "Last Updated Date" above or in the date of Cobalt’s email to You notifying You of such change. By rejecting any change, You are agreeing that You will arbitrate any Dispute between You and Cobalt in accordance with the provisions of this "Dispute Resolution" section as of the date You first accepted this Agreement (or accepted any subsequent changes to this Agreement).
The failure of Cobalt to enforce any right or provision of this Agreement will not constitute a waiver of future enforcement of that right or provision. The waiver of any such right or provision will be effective only if in writing and signed by a duly authorized representative of Cobalt. Except as expressly set forth in this Agreement, the exercise by either party of any of its remedies under this Agreement will be without prejudice to its other remedies under this Agreement or otherwise. If for any reason an arbitrator or a court of competent jurisdiction finds any provision of this Agreement invalid or unenforceable, that provision will be enforced to the maximum extent permissible and the other provisions of this Agreement will remain in full force and effect.
|Applicable Law(s)||Any statute, law, ordinance, regulation, rule, code, order, constitution, treaty, directive, common law, judgment, decree or other requirement or rule of any federal, state, local or foreign government or political subdivision thereof, or any arbitrator, court or tribunal of competent jurisdiction applicable to a party’s performance of its obligations or the exercise of its rights under this Agreement.|
|Sales Order||A transactional document which may take the form of an order, statement of work or other document agreed to in writing by the parties which includes a description of the Services to be provided, quantities, pricing and any other additional terms agreed to by the parties.|
|Personal Information||Any information relating to an identified or identifiable natural person or otherwise defined to be personal information under Applicable Law.|
|Cobalt Content||Means all Content that Cobalt makes available through the Site, or Services, including any Content licensed from a third party, but excluding Member Content and includes without limitation any data, documents, screens, templates, and form of reports.|
|Collective Content||Member Content and Cobalt Content.|
|Content||Text, graphics, images, music, software, audio, video, information or other materials.|
|Member||A person who completes the Cobalt account registration process, including, but not limited to Program Owners and Pentesters, as described under "Account Registration" above.|
|Member Content||All Content that a Member posts, uploads, publishes, causes to interface with the Services.|
|Pentester||A Member who signs up/gets invited as a pentester on the Site or Services in order to potentially engage in a test of a Program set in scope of a Security Program and potentially submit a Vulnerability Report via the Site or Services.|
|Program Owner||A Member who registers through the account registration process as a Program Owner on the Site in order to potentially create a Security Program via the Services.|
|Security Program||A program describing the conditions through which a Program’s owner (the Program Owner) is looking for Pentester feedback through the Cobalt platform, within the defined set of rules, instructions, and scope set out by the Program Owner in such Security Program.|
|Program(s)||The application(s) (typically web, desktop or mobile applications) involved directly or indirectly (through a test system) in a Security Program, and/or the set of IPs involved directly or indirectly (through a test system) in a Security Program.|
|Vulnerability Report||A report of an issue found during the testing of the Program(s) in scope for a given Security Program. Vulnerability Reports are submitted and listed by the Pentester.|