Bring Your Own Cloud (BYOC) Addendum

This Bring Your Own Cloud Services (BYOC) Addendum (this “BYOC Addendum”) applies exclusively where Customer is using BYOC Services, as defined below.  Subject to the foregoing, this BYOC Addendum forms a part of the Exaforce Terms of Service at [ADD LINK] or other written or electronic agreement that references this Usage Policy (as applicable, the “Agreement”) between Exaforce, Inc., a Delaware (USA) corporation (“Exaforce”), and the customer for Exaforce’s Services under the Agreement (“Customer”).  

1. Definitions.  Capitalized terms not defined in this BYOC Addendum shall have the respective meanings assigned to them in the Agreement, provided that if a capitalized term is not defined in this BYOC Addendum or the Agreement, such term shall have the meaning assigned to it in the MSA.

“BYOC Services” means (i) the Control Plane, and (ii) the Distributed Software, each as further described in the Documentation.  For purposes of this Addendum, the term “Services” as used in the Agreement shall include “BYOC Services” unless otherwise noted below.

“Control Plane” means the proprietary control plane software hosted and managed by Exaforce to monitor and provide support for the Distributed Software.

“Customer Cloud” means a third-party cloud service environment hosted by a Exaforce-approved Cloud Provider that supports the hosting and operation of Distributed Software on behalf of Customer. For the avoidance of doubt, a Customer Cloud is a Customer System for purposes of the Agreement.

“Distributed Software” means the proprietary Exaforce data plane software distributed to Customer as part of the BYOC Services, as further described in the Documentation and as may be updated from time to time. For the avoidance of doubt, Distributed Software excludes any element of the Customer Cloud or Customer Systems.

“Shared Responsibility Model” means the operational model of shared responsibility for BYOC Services attached hereto as Exhibit A, as this may be updated and amended from time to time. Exaforce will not materially degrade Exaforce’s responsibilities or increase Customer’s responsibilities under this model without the prior written consent of Customer.

1.     BYOC Services.  Subject to terms and conditions of this BYOC Addendum, Exaforce will use commercially reasonable efforts to provide to Customer the BYOC Services and related Support services, in each case as further set forth herein and in the applicable Order.

1. Shared Responsibility for Deployment.  Customer acknowledges and agrees that the BYOC Services require shared responsibility between Customer and Exaforce such that each Party must undertake certain technical and organizational measures in order to protect the BYOC Services and Customer Data as further set forth in this BYOC Addendum, the Agreement, and as described in the Shared Responsibility Model.

1. Customer Responsibilities.  Customer acknowledges and agrees that it is solely responsible for:

1. Operating a Customer Cloud. Customer, and not Exaforce, is responsible for obtaining, hosting and operating a Customer Cloud into which the BYOC Services shall be deployed and the Customer Data stored. Exaforce is not responsible for any aspect of Customer Cloud operations.

1. Provisioning the Distributed Software. Customer shall provision the Distributed Software in the Customer Cloud and provide sufficient access and credentials to Exaforce to enable it to provide Support for the BYOC Services (as set forth in Section 6 hereof). Customer is solely responsible for any delay in implementation, deployment or performance of the BYOC Services that is caused by the delay or failure to provide or maintain such access and provisioning.

1. Securing the Customer Cloud. Customer agrees to follow industry standard security practices to ensure the safety and security of the Customer Cloud, including the Distributed Software, any Connections used to access the Distributed Software, and any Customer Data residing therein, which measures shall include, without limitation, the regular rotation of access keys, employment of encryption, the usage of audit logs, and other industry standard steps to preclude unauthorized access. For the avoidance of doubt, the Security Measures referred to in the Agreement shall not apply to the BYOC Services except as expressly set forth in Section 5 hereof.

1. Backing up Customer Data. The BYOC Services do not archive or permanently retain Customer Data but merely provide an environment to facilitate Customer’s processing of Customer Data within the Customer Cloud. The BYOC Services do not include any backup or disaster recovery services.
2. Restricting Access to Customer Data. Customer must ensure that Exaforce does not have access to Customer Data that is not strictly necessary for Exaforce to have in order to provide the BYOC Services, including, without limitation any Restricted Information. Customer is further responsible for any access to the Customer Data by its Users or any third-party users of its Customer Cloud.

1. Nature of Customer Data. For purposes of this BYOC Addendum only, Section 8 of the Agreement is replaced with the following:

“Data Submitted to BYOC Services. Customer has exclusive control and responsibility for determining what Customer Data are submitted to BYOC Services and the accuracy, quality, integrity, legality, reliability and appropriateness of such Customer Data.  Customer acknowledges and agrees that: (a) Exaforce’s responsibilities with respect to Customer Data submitted to and used by the BYOC Services are limited as set forth in this BYOC Addendum; (b) Customer is solely responsible for the content of any Customer Data submitted to BYOC Services; (c) Customer must provide any required notices to, and receive any required consents and authorizations from, Users and other individuals whose Personal Information may be included in Customer Data submitted to or used by BYOC Services (or in Customer Credentials or other information that Customer makes available to Exaforce); and (d) Customer may process Restricted Information, but Customer’s collection, storage, and use of such Restricted Information must comply at all times with Applicable Laws. Exaforce is not responsible for any storage or use of Customer Data or Restricted Information by or with the Distributed Software.”

7. Sharing Usage Data. Customer agrees to share Usage Data, and only that Usage Data, that Exaforce requires in order to provide Support for the BYOC Services, as may be further set forth in the Documentation.

Customer expressly assumes any and all risks associated with the foregoing responsibilities.

1. Exaforce Responsibilities.  Subject to the Customer responsibilities and assumptions of risk set forth in Section 4 above and the Shared Responsibility Model, Exaforce is responsible for (a) operation of the Control Plane, (b) basic functioning of Distributed Software in accordance with the Documentation; and (c) implementation of the Security Measures over the Control Plane (and not the Distributed Software).

1. Support. Customer acknowledges and agrees that Support for BYOC Services will consist only of general monitoring, updating, and alerting with respect to the BYOC Services and not any Customer Systems or Customer Data, subject in each case to the limitations in the Support Policy and Order.

1. Privacy. Customer acknowledges and agrees that the DPA shall not apply to the BYOC Services except to the extent that Customer Personal Data is made available to Exaforce in the Control Plane. The DPA shall not apply to any Customer Personal Data residing in the Distributed Software to which Exaforce does not have direct access.

1. Trial Services. To the extent the BYOC Services are offered on a trial basis or as a Preview Offering pursuant to the Order, all terms and conditions of the MSA applicable to Trial Services shall apply.

1. Effect of Termination.  The terms of Sections 3 and 4 of this BYOC Addendum will survive the expiration or termination thereof for any reason in accordance with their terms.

1. Scope.  For the avoidance of doubt, and notwithstanding any provision in this BYOC Addendum or the Agreement to the contrary:  (a) the terms and conditions of this BYOC Addendum are “Supplemental Terms” under the Agreement; (b) any BYOC Services that are not generally available are “Preview Offerings” under, and subject to, the MSA; and (c) Customer will be charged for its use of BYOC Services in accordance with the Agreement and applicable Order Form.
2. General. This BYOC Addendum, together with the Agreement (and the terms incorporated therein), is the complete and exclusive statement of the mutual understanding of the Parties and supersedes all communications and agreements between the Parties (oral or written) relating to, the subject matter of this BYOC Addendum. In the event of any conflict between this BYOC Addendum and the Agreement, this BYOC Addendum will control with respect to the subject matter of this BYOC Addendum.  Exaforce may modify this BYOC Addendum from time to time by posting a revised version at [ADD LINK].

EXHIBIT A

Shared Responsibility Model