CORALOGIX MASTER SUBSCRIPTION TERM
FOR U.S. FEDERAL END USERS
Updated June 2026
PLEASE NOTE THAT THE TERMS OF THIS END USER LICENSE AGREEMENT SHALL GOVERN YOUR USE OF THE OFFERINGS, REGARDLESS OF ANY TERMS THAT MAY APPEAR DURING THE INSTALLATION OF THE SOFTWARE.
THESE TERMS APPLY ONLY IF THE CUSTOMER IS AN EXECUTIVE AGENCY OF THE U.S. GOVERNMENT OR AN ELIGIBLE ORDERING ACTIVITY. IF THE CUSTOMER IS NOT AN EXECUTIVE AGENCY OF THE U.S. GOVERNMENT OR AN ELIGIBLE ORDERING ACTIVITY, THEN CORALOGIX’S STANDARD MASTER SUBSCRIPTION TERMS AVAILABLE AT https://coralogix.com/terms- conditions/ APPLY.
This Coralogix Master Subscription Terms (hereafter “Terms”) is made by and between Coralogix Inc., a company incorporated in the United States under the laws of Delaware, having its principal place of business at Address: 225 Franklin Street, Floor 19 Suite B, Boston, Massachusetts, or any of its Affiliates (“Coralogix”) and the entity entering in an Order referencing this Agreement (“Customer”). These Terms govern Customer’s use of Coralogix’s service(s) as made available from time to time and further defined below. The term “Order” shall mean any written quote, order, or other ordering document acceptable to, acknowledged or executed in writing by Coralogix and Customer, either online or offline or through an Authorised Reseller (these Terms collectively with an applicable Order, hereafter the “Agreement”). For the purpose of these Terms “Affiliate” is defined to mean, any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control” for purposes of this definition means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
PLEASE READ THESE TERMS CAREFULLY BEFORE ACCESSING OR USING THE SERVICE. IF YOU DO NOT AGREE TO THESE TERMS OR ARE NOT AUTHORIZED TO BIND THE ENTITY ON BEHALF OF WHICH YOU ARE ACTING, PLEASE DO NOT ACCESS OR USE THE SERVICE; BY ACCEPTING THESE TERMS OR ACCESSING OR USING THE SERVICES, YOU ARE AGREEING TO THE TERMS AND CONDITIONS OF THE AGREEMENT (HOWEVER THEY WERE ACQUIRED INCLUDING WITHOUT LIMITATION THROUGH AN AUTHORIZED RESELLER OR ONLINE MARKETPLACE.) ON BEHALF OF THE ENTITY ON BEHALF OF WHICH YOU ARE ACTING, AND YOU HEREBY REPRESENT AND WARRANT THAT YOU ARE AUTHORIZED TO DO SO.
1. Services.
1.1 Services made available by Coralogix from time to time through the Coralogix software-as-a- service platform, and any related services provided by Coralogix to Customer, as detailed in an applicable Order, shall be referred to hereafter as the “Services”. Unless otherwise explicitly indicated in an Order, the term Services also includes all software, revisions, fixes, improvements and/or updates thereto, user manuals and documentation provided to Customer in connection with the operation of the Services, and available at “Documentation”.
1.2 Subject to these Terms and Customer’s payment of all applicable Fees, Coralogix hereby grants Customer a non-exclusive, non-transferable, non-sublicensable, revocable right, during the Term, to access and use the Services, all in object code form only, solely for Customer’s internal business purposes and within the scope set forth in the applicable Order.
1.3 Customer may request in writing an increase of the Services scope, including via the Coralogix Support Chat. If Coralogix approved the requested scope increase, per mutually executed Order for such increased scope, the increased scope shall be implemented within 24 hours of the increase Order effective date.
1.4 Customer’s Contractors and Third-Party Providers. Customer may permit its authorized consultants, contractors, and agents (“Third-Party Providers”) to access and use the Services on Customer’s behalf in connection with providing services to Customer, subject to the terms and conditions of these Terms. It is hereby clarified that (i) the Customer is fully liable for all Third-Party Providers acts and omissions under this Agreement; (ii) Third-Party Providers use is within the scope of the applicable Order; and (iii) Third-Party Providers do not acquire independent rights under this Agreement.
1.5 Preview, early-access features and Beta Services. Coralogix may provide access to certain unpaid, preview, early-access features or beta features of the Services for the Customer to evaluate and experience the platform’s capabilities. The Customer agrees to use these features solely for non- commercial, testing, or evaluation purposes, unless explicitly permitted otherwise by Coralogix in writing. The unpaid, preview, early-access features or beta features are provided “as-is” and “as- available” without any warranties, express or implied. These features may have limited functionality, may not be fully secure or reliable, and may not have complete support. Coralogix is not obligated to provide support, maintenance, or updates for any unpaid, trial, or beta features. Coralogix reserves the right to modify or discontinue any unpaid, preview, early-access features or beta features at any time, with or without notice, and without liability to the Customer. Upon completion of the unpaid, preview, early-access features beta period, or upon Coralogix’s request, the Customer agrees to discontinue use of the unpaid, unpaid, preview, early-access features or beta features. Coralogix may remove or delete any data related to these features, and the Customer understands that continued access to such data or functionality may require a paid subscription or license. To the maximum extent permitted by law, Coralogix disclaims any and all liability arising from or related to the Customer’s use of the platform during the trial or beta period.
2. FedRAMP-Specific Hosting Requirements. Coralogix shall store and process Customer Data solely with a cloud service provider that maintains a current FedRAMP authorization at a level equal to or higher than the level applicable to the Services. Such Services shall be hosted in a U.S.-located region operated and accessed exclusively by U.S. Persons (“Approved FedRAMP Hosting Providers”). The availability of the Services is dependent, in part, on the uptime and availability of the Hosting Provider’s infrastructure. Coralogix may update the Approved FedRAMP Hosting Providers list from time to time by updating Coralogix’s Trust Center. Customer may subscribe to the Trust Centerto receive relevant updates. The Services shall be available twenty-four (24) hours a day, seven (7) days a week, with a Monthly Uptime Percentage of at least 99.9%, all in accordance with and subject to the Coralogix Uptime SLA Policy attached hereto as Exhibit B.
3. Intellectual Property Rights. Coralogix is the sole and exclusive owner of all rights title and interest, including all intellectual property rights, in and to the Services and all parts and components thereof and any and all derivatives, modifications, enhancements, changes and improvements thereof (the “Coralogix Technology”). For the avoidance of doubt, nothing in this Section 3 affects the Customer’s rights in the Customer Data (as defined below), all of which are retained by the Customer. Notwithstanding the foregoing, the Government technical data and rights related to the Services are provided in accordance with the U.S. Government Use Terms set forth in the new Section 20 below (FAR 12.211, FAR 12.212, and applicable DFARS provisions).
4. Feedback. Customer may provide Coralogix feedback, suggestions, requests for enhancements, recommendations, corrections, or information regarding the Services (including without limitation the Services operation, performance, design of functionality) (collectively “Feedback”). Customer hereby grants Coralogix a royalty-free, worldwide, irrevocable, perpetual, unlimited license to use such Feedback in connection with the Coralogix Services.Coralogix shall ensure that its use of any Feedback does not identify the Customer and does not include or disclose Customer Data.
5. Use Restrictions and Acceptable Use.
5.1 Use Restrictions. Customer shall not, and shall not permit any third party to: (i) use the Services in excess of, or outside the scope of, the metrics, entitlements, or other limitations expressly set forth in the applicable Order and the applicable Documentation; (ii) resell, sublicense, distribute, or otherwise make the Services available to any third party, except as expressly permitted under an applicable Order; (iii) reverse engineer, decompile, disassemble, or create derivative works of the Services or the Coralogix Technology, except to the extent expressly permitted by applicable law; (iv) remove, obscure, or alter any proprietary notices, or challenge Coralogix’s intellectual property rights; or (v) use the Services for the purpose of developing, benchmarking, or providing competing observability, monitoring, logging, analytics, or artificial intelligence–based products or services, other than internal evaluation solely for Customer’s internal business purposes.
5.2 Acceptable Use. Customer shall use the Services in accordance with the applicable Documentation, in a reasonable and good-faith manner, and in compliance with this Agreement , and shall not: (i) interfere with or disrupt the security, integrity, or availability of the Services or Coralogix’s infrastructure; (ii) attempt to gain unauthorized access to the Services, APIs, accounts, data, or underlying systems; (iii) transmit, ingest, store, or process malware, malicious code, or harmful content through the Services; or (iv) exploit or abuse the Services, including by generating excessive, disproportionate, or abnormal volumes of data ingestion, queries, API calls, alerts, or requests that materially degrade the Services or unreasonably increase Coralogix’s operational costs, even if such usage is otherwise within the technical limits of the applicable Order.
5.3 Hazardous Use. Customer shall not use the Services in connection with the operation of nuclear facilities, aircraft navigation, air-traffic control, life-support systems, weapons systems, or any other hazardous environment in which the failure of the Services could lead to death, personal injury, severe property damage, or environmental damage. The Services are not designed, manufactured, or intended for use in such environments.
6. Customer Data and Usability Data.
6.1 Customer Data. Any content, information or data provided or made accessible by Customer to Coralogix or otherwise collected by Coralogix in the course of or in connection with the provision of the Services and/or Customer’s use thereof (collectively “Customer Data”) is and remains (as between the parties) the property of Customer. Customer, and not Coralogix, shall be responsible for the Customer Data as it was provided, transmitted, or made available by, or obtained from Customer, including with respect to the Customer Data accuracy, completeness, truthfulness, errors and omissions and/or infringement of intellectual property of any third party.
6.2 Unless expressly stated otherwise in the applicable Service Documentation or Order, the Services are not intended for the processing of sensitive information, or personal data (“Sensitive Data”), especially trade secrets, government identifiers, protected health information, payment card data, biometric data, or special categories of personal data as defined under applicable privacy laws. In addition Customer shall not upload, submit, or otherwise provide classified information, as defined under applicable Federal law Customer acknowledges that Services are not accredited to process classified information. Customer shall be responsible for all sanitization, remediation, and incident response costs incurred by Coralogix if Customer or its users introduce any classified information into the Services in violation of this Section 6.2. For all other data, Customer shall use commercially reasonable efforts to minimize the inclusion of personal data in Customer Data, including through filtering, masking, and configuration tools available at Handling PII and Sensitive Data Documentation. In addition, the Customer is solely responsible for determining whether Customer Data constitutes technical data, defense articles, defense-service information, or any other export- controlled content under any applicable laws, the Export Administration Regulations (EAR), or other applicable U.S. export-control laws, and whether Customer’s proposed use of the Services is legally permitted. Customer shall promptly notify Coralogix in writing if Customer determines that any Customer Data previously submitted to the Services not permitted to be processed through the Services was not permitted to be processed through the Services.
6.3 Customer acknowledges and agrees that Coralogix may collect and process information regarding the configuration, performance, security, access to and use of the Services by Customer (“Usability Data”) for its internal business purposes including to develop, improve, support, secure and operate services and to fulfill legal obligations. Usability Data shall not include any information in identifiable form and shall be aggregated and/or anonymized and shall not include or disclose Customer Data or any content submitted to the Services by or on behalf of Customer.
6.4 No AI Training on Your Data. Coralogix will not use Customer Data for training, fine-tuning, testing, optimizing, or otherwise improving any artificial intelligence, machine learning, or statistical model, whether proprietary or third-party. Coralogix will not permit any third party to use Customer Data for such purposes.
7. Data Security, Privacy and Access Restrictions.
7.1 Data Security and Environment Separation.
(a) Security Standards. During the Term, Coralogix shall provide the Services in accordance with the security standards, technical and organizational measures attached hereto as Exhibit A (“TOMs“), and applicable FedRAMP-related policies reflected in Coralogix FedRAMP package materials which Customer may request directly through the Coralogix U.S. GovOps listing in the FedRAMP Marketplace.
(b) Federal Environment Isolation. Coralogix shall maintain appropriate technical and organizational measures designed to logically segregate the Federal Services environment and its corresponding support model from Coralogix’s standard commercial service environments.
(c) Personnel and Vendor Screening. Coralogix ensures that all employees involved in the performance or support of the Services undergo appropriate background checks, and that all third- party vendors utilized by Coralogix are subject to risk assessments prior to onboarding to verify that their data protection and security practices meet Coralogix’s standards.
7.2 Coralogix follows globally recognized data protection principles and industry-leading standards for the security of personal data. Coralogix is self-certified with the U.S. Department of Commerce for the EU-U.S., Swiss-U.S., and UK-U.S., Data Privacy Frameworks. Coralogix’s data protection practices include (as applicable) standard terms for the processing of Personal Data as defined under GDPR and Personal Information as defined under the CCPA.
7.3 Coralogix shall restrict access to Customer Data to U.S. Persons located in the United States who have a legitimate need to know and who are bound by appropriate confidentiality, security, and export-control obligations. Coralogix shall not permit access to Customer Data by any non-U.S. Person in a manner that would constitute an export or deemed export under any applicable law, nor shall Coralogix transfer Customer Data outside the United States without Customer’s prior written request, provision of all required governmental authorizations and Coralogix’s written approval, which may be withheld at its reasonable discretion.
7.4 The Customer (i) is responsible for: (a) maintaining the security of its account credentials, enforcing appropriate access controls (including multi-factor authentication where available), and for all activities conducted through its accounts; (b) ensuring that access to Customer Data, including via users, administrators, integrations, and credentials, is limited to U.S. Persons or otherwise authorized individuals in compliance with applicable export-control laws. and (ii) may designate administrators with elevated privileges and the Customer shall be responsible for their actions, including user management and configuration of retention, access, and deletion settings
8. Customer’s Representations and Warranties. Customer represents, warrants, and undertakes that throughout the Term: (i) Customer has obtained and will maintain all rights, licenses, consents, and authorizations necessary to provide Customer Data to Coralogix and to permit its processing in accordance with these Terms and applicable law; (ii) Customer Data, and Coralogix’s use thereof as contemplated under these Terms, does not and will not infringe, misappropriate, or otherwise violate any intellectual property, privacy, or other rights of any third party; (iii) Customer is a U.S. Federal agency or an authorized Ordering Activity entitled to procure Services under this Federal version of the Agreement; (iv) Customer will use the Services in compliance with applicable laws and regulations; and (v) Customer is solely responsible for its systems, configurations, and technical environment used in connection with the Services.
9. Coralogix Representations and Warranties. Coralogix hereby warrants and represents that, to its knowledge: (i) the Service, used in accordance with these Terms, does not infringe any third party’s intellectual property rights; (ii) in the provision of the Services Coralogix is not in breach of any third- party licenses, permits, and authorizations required for the provision of the Services hereunder; (iii) the Service does not contain any viruses, worms, trojan horses, or other harmful or destructive code; and (iv) Coralogix complies with all applicable laws in its performance of this Agreement.
10 Support. Coralogix shall provide Customer support, available during regular business hours, all as further detailed in Exhibit C (the “Support Policy”). Coralogix shall use commercially reasonable efforts to ensure the proper functioning of the solution and the availability of the Services, in accordance with generally accepted industry standards and Documentation, and shall provide any additional support services as may be agreed in an applicable Order. Customer’s sole and exclusive remedy for any failure by Coralogix to provide support with reasonable skill, care, and diligence shall be the re-performance of the applicable support. For Services provisioned in a FedRAMP-authorized environment, support shall be provided by U.S. Persons located within the United States, all details are set forth in the Support Policy.
11. Pricing, Payment and Taxes.
11.1 Purchases Through Authorized Resellers. The Customer may purchase the Services through an authorized reseller (“Reseller“), and Customer’s use of the Services shall remain subject to this Agreement. In such events, the Reseller shall execute an applicable Order with Coralogix referencing this Agreement, and the commercial terms between Customer and the Reseller (including, without limitation, fees, payment terms, invoicing, and taxes) shall be governed solely by their separate agreement. Reseller is not authorized to make any modifications to this Agreement or to bind Coralogix to any additional or different obligations or liabilities. Coralogix is not a party to such separate agreement, bears no responsibility for the Reseller’s obligations thereunder.
11.2 Pricing, Fees and Payment Terms. The Customer will pay the Reseller the applicable fees for the Services as set forth in the applicable separate agreement or order between Customer and the Reseller (the “Fees”).
11.3 Non-Refundable Fees. Except as specifically set forth in this Agreement, all Fees are non- refundable.
12. Limited Warranties.
12.1. Mutual Warranty. Each party represents that it has validly entered into this Agreement and that it has the power and authority to do so.
12.2. Coralogix Warranty. Coralogix represents and warrants that the Services shall substantially perform in accordance with the Documentation. In the event of non-compliance, Coralogix shall use commercially reasonable efforts to adjust the Services to substantially perform in conformance with the Documentation, and such adjustment or repair shall constitute Coralogix’s sole liability for breach of this warranty and the Customer’s sole and exclusive remedy therewith. The warranty set forth above shall not apply if the failure of the Services results from or is otherwise attributable to Customer’s acts or omissions in violation of the Terms. Notwithstanding anything to the contrary stated herein, Coralogix shall not be liable for any delay and/or unavailability of the Services, caused due to (i) failure of Customer to access the internet, any other public telecommunications network, or any shortage of power, (ii) any use by the Customer of hardware and systems incompatible with the Services appliance, (iii) maintenance within the Customer’s systems affecting the operation of the Services, (iv) The Hosting Provider uptime and availability that has not been adversely affected by Coralogix’s actions and (v) in addition Coralogix does not warrant, the accuracy, completeness, reliability, or suitability of any AI-generated output, nor any decisions, actions, or outcomes based on reliance on such output.
EXCEPT FOR THE WARRANTIES EXPRESSLY PROVIDED BY CORALOGIX IN THIS AGREEMENT, THE SERVICE(S) ARE PROVIDED AND MADE AVAILABLE (INCLUDING ANY OUTPUT, REPORT, SUGGESTIONS, RECOMMENDATION OR ANALYSIS GENERATED, LEARNED, OR MADE AVAILABLE, THEREBY, INCLUDING THROUGH ANY ARTIFICIAL INTELLIGENCE OR MACHINE LEARNING FEATURES) ON AN “AS IS” OR “AS AVAILABLE” BASIS, WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR ACCURACY. ANY SUCH OUTPUT MAY BE INACCURATE, INCOMPLETE OR MISLEADING AND IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY. CUSTOMER REMAINS SOLELY RESPONSIBLE FOR ALL DECISIONS, ACTIONS OR OMISSIONS TAKEN IN RELIANCE THEREON. CORALOGIX DOES NOT WARRANT THAT THE SERVICE WILL BE DELIVERED OR PERFORMED ERROR-FREE OR WITHOUT INTERRUPTION. THE FOREGOING DISCLAIMERS DO NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.
13. LIMITATION OF LIABILITY.
13.1 TO THE MAXIMUM EXTENT PERMITTED BY LAW AND EXCEPT FOR A PARTY’S LIABILITY RESULTING FROM EVENT OF GROSS NEGLIGENCE, INTENTIONAL MISCONDUCT OR FRAUD NEITHER PARTY OR ITS AFFILIATES SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF REVENUE, REPUTATION, PROFITS, OR DATA.
13.2 THE AGGREGATE LIABILITY OF EITHER PARTY UNDER OR IN CONNECTION WITH THIS AGREEMENT, WHETHER IN CONTRACT, TORT, OR OTHERWISE, SHALL NOT EXCEED THE TOTAL FEES PAID OR PAYABLE TO CORALOGIX UNDER THE APPLICABLE ORDER FOR THE SERVICES GIVING RISE TO THE CLAIM DURING THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO SUCH LIABILITY.TO THE EXTENT THAT CUSTOMER LIABILITY IS LIMITED IN ANY WAY, INCLUDING, FOR EXAMPLE, UNDER THE ANTI-DEFICIENCY ACT, CORALOGIX’S LIABILITY WILL BE LIMITED TO THE SAME AMOUNT, SUBJECT TO APPLICABLE FEDERAL APPROPRIATIONS LAW.
13.3 NOTWITHSTANDING ANYTHING TO THE CONTRARY IN SECTIONS 13.1 and 13.2, AND SUBJECT TO THE ANTI-DEFICIENCY ACT, NOTHING SHALL RESTRICT (OR OTHERWISE LIMIT) THE LIABILITY FOR (I) EITHER PARTY’S LIABILITY UNDER ITS INDEMNIFICATION OBLIGATIONS UNDER SECTION 14 BELOW; (II) CUSTOMER’S LIABILITY IN THE EVENT OF BREACH OF THE SECTION 5 (“USE RESTRICTIONS AND ACCEPTABLE USE”); (III) CUSTOMER’S PAYMENT OBLIGATIONS FOR SERVICES RENDERED; AND (IV) A PARTY’S GROSS NEGLIGENCE, WILLFUL MISCONDUCT, OR FRAUD IN RELATION TO THIS AGREEMENT.
13.4 The foregoing disclaimers and limitations of damages will not apply to the extent prohibited by applicable law. Nothing in this Agreement shall impair or limit the U.S. Government’s right to recover against Coralogix or the Reseller for fraud or crimes under any applicable Federal statute, including the False Claims Act (31 U.S.C. §§ 3729-3733). Furthermore, this Agreement shall be subject to the statutory remedies and order of precedence provisions provided in the applicable prime government contract or GSA Schedule contract under which the Services are procured.
13.5 RESELLER LIABILITY. NOTWITHSTANDING ANYTHING TO THE CONTRARY, CORALOGIX WILL HAVE NO LIABILITY FOR ANY REFUND THAT, IN ACCORDANCE WITH THE TERMS OF THIS AGREEMENT, IS TO BE PAID BY RESELLER.
14. Indemnification.
14.1 Coralogix agrees to defend, at its expense, any third party action or suit brought against the Customer alleging that the Services when used as permitted under these Terms and each respective Order, infringes the intellectual property rights of a third party (“IP Infringement Claim”), and Coralogix will indemnify and hold harmless the Customer for any actual damages awarded in a final judgment against the Customer or settled in a settlement approved in writing by Coralogix, that are attributable to such IP Infringement Claim. If the Services become, or in Coralogix’s opinion is likely to become, the subject of an IP Infringement Claim, then Coralogix may, at its sole discretion: (a) procure for the Customer the right to continue using the Services; (b) replace or modify the Services to avoid the IP Infringement Claim; or (c) if options (a) and (b) cannot be accomplished despite Coralogix’s reasonable efforts, then Coralogix or Customer may terminate all affected Orders and Coralogix shall provide a pro-rata refund for any amount pre-paid by Customer for the remaining unused period of the Term. Notwithstanding the foregoing, Coralogix shall have no responsibility for IP Infringement Claims to the extent resulting from or related to: (i) Customer Data; (ii) modifications to the Services made by a party other than Coralogix or its designee; (iii) the Customer’s failure to implement software updates provided by Coralogix; (iv) combination or use of the Services with any software not supplied by Coralogix or not in accordance with the Documentation;. Nothing in this Section 14.1 shall be construed in derogation of the U.S. Department of Justice’s right to defend any claim or action brought against the United States, pursuant to its jurisdictional statute, 28 U.S.C. § 516.
14.2 The indemnification obligations above are subject to Customer (i) promptly notifying Coralogix in writing of such claim; (ii) allow Coralogix to have the sole and exclusive authority to assume all management, handling and defense or settlement of any such claim underlying the indemnity cause.; and (iii) providing Coralogix with all reasonable information and assistance with respect to handling and managing the claim underlying the claimed indemnity liability, at Coralogix’s expense. Customer will not enter into any settlement in connection with the matter underlying the indemnification claim without the Coralogix’s prior written consent. Nothing in this Section 14.3 shall be construed in derogation of the U.S. Department of Justice’s right to defend any claim or action brought against the United States, pursuant to its jurisdictional statute, 28 U.S.C. § 516.
15. Confidential Information.
15.1 Each party acknowledges that it may have access to certain confidential information of the other party (“Confidential Information”). Confidential Information will include all information in any form that under the circumstances of its disclosure, should reasonably be considered confidential, including but not limited to trade secrets. Each party agrees that it will not use Confidential Information of the other party in any way, except as expressly required for the purposes of this Agreement, nor will it disclose to any third party (except as required by law or to that party’s attorneys, accountants and other advisors as reasonably necessary on a need to know basis) any of the other party’s Confidential Information and it will take reasonable precautions to protect the confidentiality of such information. Confidential Information shall not include any information that (i) is publicly known, (ii) was in the prior possession of a party and obtained through lawful means, (iii) was disclosed to a party by a third party without breaching any duty of confidentiality and (iv) was independently developed without using Confidential Information. Coralogix acknowledges that Customer, as a U.S. Federal agency, is subject to the Freedom of Information Act (5 U.S.C. § 552), and that Customer may be required to disclose information designated as Confidential Information pursuant to a valid FOIA request or other applicable law, notwithstanding any confidentiality markings. Such disclosure shall not constitute a breach of this Agreement.
15.2 Permitted Disclosures. Both parties will have the right to disclose the existence of this Agreement, but not any negotiated terms and conditions of the Agreement, unless such disclosure is approved in writing by both parties prior to such disclosure, is required to be disclosed under Freedom of Information Act, or is included in a filing required to be made by a party with a governmental authority (provided such party will use reasonable efforts to obtain confidential treatment or a protective order) or is made on a confidential basis as reasonably necessary to a party’s attorneys, accountants, auditors, financial advisers, creditors, insurers, as well as acquirers, investors, financiers and bona fide potential acquirers, investors and financiers of such party, who are subject to an obligation of confidentiality. If the Order Form is issued under a GSA prime contract, Coralogix acknowledges that the ability to use this Agreement in advertising is limited by GSAR 552.203-71.
16. Term and Termination.
16.1 Term. The Agreement shall become effective on the earlier of (i) the mutual execution by Customer and Coralogix of an Order referencing these Terms; or (ii) the subscription date set forth in the Order, and unless earlier terminated in accordance with Section 16.2, shall remain in effect for such term as specified in the Order (the “Term”).
16.2 Termination for Cause. Either party may terminate an Order and/or this Agreement for cause with immediate effect if: (a) the other party breaches any material term or condition of an Order and/or this Agreement, and such breach (if curable) remains uncured thirty (30) days after date of a written notice of such breach, by the non- breaching party, or (b) the other party seeks protection under any bankruptcy, receivership, trust deed, creditors’ arrangement, composition or comparable proceeding, or if any such proceeding is instituted against that party and not dismissed within sixty (60) days thereafter. Where Customer disputes an alleged breach, the Contract Disputes Act shall govern, and Coralogix shall continue performance pending final resolution.
16.3 Effects of Termination. Upon termination or expiration of this Agreement and/or an Order: (i) all rights granted to Customer in connection with the Services shall expire, and Customer shall discontinue any further use and access thereof including, to the extent applicable, by deinstalling any Coralogix provided software; (ii) Customer acknowledges that Customer Data processed in connection with the Services is stored per customer choice; either in Customer-controlled storage or in Coralogix- controlled storage for the retention period defined by Customer. Coralogix retains Customer Data solely for the purpose of providing the Services and only for the duration and in the manner configured by Customer. Customer remains solely responsible for defining retention periods, accessing, exporting, and managing its Customer Data. Except as expressly required by applicable law, and as set forth in a data processing addendum, if applicable, Coralogix shall delete Customer Data following termination or expiration of the Services and shall have no obligation to return, export, migrate, or otherwise retain such Customer Data. If the Customer terminates this Agreement in accordance with Section 16.2 (Termination for Cause), Coralogix will refund to the Customer any prepaid fees covering the remainder of the then-current Subscription Term after the effective date of termination. If Coralogix terminates these Terms in accordance with Section 16.2 (Termination for Cause), the Customer will pay any unpaid fees covering the remainder of the then-current Subscription Term after the effective date of termination. In no event will termination relieve the Customer of its obligation to pay any fees payable to Coralogix for the period prior to the effective date of termination. Except where an exclusive remedy may be specified in these Terms, the exercise by either party of any remedy, including termination, will be without prejudice to any other remedies it may have under these Terms, by law or otherwise.
16.4 Survival. Section 3, 4, 5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20 shall survive termination or expiration of this Agreement for any reason.
17. Publicity. Subject to Customer’s prior written approval and consistent with GSAR 552.203-71, Coralogix may add Customer’s name to its customer list and identify Customer as a Coralogix customer on Coralogix’s website. Any further public use of Customer’s name in connection with Coralogix marketing activities (e.g., press releases, case studies, customer videos) shall require Customer’s prior written approval. Coralogix shall remove any use of Customer’s name and logo upon written request.
18. Government Matters
18.1 Export Compliance. The Services may be subject to export laws and regulations of the United States and other jurisdictions. Coralogix and Customer each represents that it is not on any U.S. government denied-party list. Customer will not access or use the Service in a U.S. embargoed countries or regions as may be updated from time to time, nor by any person who is on the U.S. OFAC Specially Designated Nationals List or otherwise on any U.S. government sanctioned or denied-party list persons, or otherwise in violation of any U.S. export law or regulation.
18.2 Government Customers. Coralogix provides the Services for U.S. Federal Government end use solely in accordance with the following: Government technical data and rights related to the Services include only those rights customarily provided to the public, as defined in this Agreement. This customary commercial license is provided in accordance with FAR 12.211 (Technical Data) and FAR 12.212 (Computer Software), and for Department of Defense transactions, DFARS 252.227-7015 (Technical Data – Commercial Items) and DFARS 227.7202-3 (Rights in Commercial Computer Software or Commercial Computer Software Documentation). If a Federal agency has a need for rights not conveyed under this Agreement, it must negotiate with Coralogix to determine if acceptable terms exist for transferring such rights, and a mutually acceptable written addendum specifically conveying such rights must be included in any applicable contract or agreement.
18.3 Anti-Bribery and Anti-Corruption. Each party shall comply with applicable laws concerning anti- bribery and anti-corruption, including the U.S. Foreign Corrupt Practices Act of 1977.
19. Governing law; Jurisdiction.
19.1 Governing Law and Venue. This Agreement will be governed by and construed in accordance with the laws of the United States.
19.2 Dispute Resolution and Arbitration. Disputes between Customer and Coralogix are governed by the Contract Disputes Act.
20. Miscellaneous.
20.1 Assignment. Customer may not assign this Agreement without Coralogix’s prior written consent, which consent shall not be unreasonably withheld, conditioned, or delayed. Notwithstanding the foregoing, and subject to the requirements of FAR Subpart 42.12, Coralogix may assign this Agreement without Customer’s consent in connection with a merger, reorganization, or sale of all or substantially all of its assets. Any purported assignment contrary to this section shall be void.
20.2 Entire Agreement. This Agreement and applicable Order is binding upon, and inures to the benefit of, Coralogix and Customer, and their respective successors. This Agreement constitutes the entire Agreement between the parties and supersedes any previous Agreements or representations, either oral or written with respect to the subject matter of this Agreement. Coralogix may, from time to time, release additional features or Services, which may be subject to separate or specific terms. In the event of any conflict between this Agreement and such specific terms, the specific terms shall govern solely with respect to the applicable feature or Service.
20.3 Prevailing Agreement. To the extent explicitly stated in the applicable Order, the terms contained in an applicable Order shall prevail over any contradicting terms contained in the automatic stripe or online package purchase flow made available through the Coralogix website and/or any other online marketplaces.
20.4. Amendments. Except as otherwise set forth in Section 20.5, this Agreement may be amended only by a written document duly signed by the authorized representatives of both Parties.
20.5 Updates. Coralogix may update or modify the Services and its operational policies (including security and support updates) from time to time, and may update the applicable documentation accordingly, provided such changes do not materially reduce the overall functionality or security protections of the Services. However, the commercial practice of modifying contract terms via website postings shall not apply to U.S. Federal Customers. Any material modification to this Agreement during the Term shall require a written amendment executed by a duly authorized Contracting Officer or authorized Customer official.
20.6 Force Majeure. Excusable delays shall be governed by FAR 52.212-4(f). Neither Party shall be liable for any delay or failure in the performance of its obligations under this Agreement (except for payment obligations) to the extent caused by events or circumstances beyond its reasonable control and without its fault or negligence, including acts of God, war, terrorism, civil unrest, internet or telecommunications failures, power outages, embargoes, sanctions, or government actions of general application (each, a “Force Majeure Event”).The affected Party shall promptly notify the other Party of the occurrence and expected duration of any Force Majeure Event and shall use commercially reasonable efforts to mitigate its effects and resume performance as soon as practicable.
20.7 Notices. All notices shall be in writing and delivered either personally, or by registered mail or courier, to the address and contact of the parties or by email, as set forth in the Order. Legal notices to Coralogix shall also be sent by email to [email protected]. Any such notice shall be deemed given five business days after being placed in the mail, or one business day after personal delivery or email. The Customer is responsible for keeping its email address up-to-date with Coralogix.
20.8. Independent Contractors. Nothing in this Agreement shall be construed to mean a relationship of agents, partners or joint venture between the parties. The parties are independent contractors.
20.9 Third Party Services. To the extent Coralogix provides any third party services, the terms of such third party service provider shall apply.
20.10. Waiver. Any failure by a party to insist upon or enforce performance by the other of any of the provisions of this Agreement or to exercise any rights or remedies under this Agreement or otherwise by law will not be construed as a waiver of such right.
Exhibit A
Technical and Organizational Measures
These Technical and Organizational Measures (“TOMs”) are implemented in connection with the provision of the Services to ensure an appropriate level of security for Customer Data. Coralogix maintains the TOMs to protect the security, confidentiality, and integrity of Customer Data processed as part of the Services.
These TOMs support Coralogix’s compliance with applicable data protection regulations and its obligations under this Coralogix Master Subscription Terms for U.S Federal End Users (the “Terms”).
1. Encryption:
Customer Data is encrypted in transit using industry-standard transport layer security (TLS 1.2 or higher) and at rest using strong encryption algorithms (AES-256).
2. Data Security:
Customer Data is logically and physically segregated from data belonging to other customers within Coralogix’s multi-tenant environment. Logical segregation is implemented through customer-specific encryption keys, while physical segregation is applied on a regional basis.
Coralogix prohibits the transfer and storage of Customer Data on removable media.
3. Vulnerability Management:
Coralogix implements and maintains a vulnerability management program to ensure that relevant systems, applications, and infrastructure are kept up to date with the latest security patches and updates, including ensuring remediations within industry-accepted SLA’s.
Coralogix conducts penetration testing at least annually. Qualified independent third-party security firms perform such security assessments in accordance with industry best practices.
Coralogix ensures the integrity of its code through extensive security scanning, including SAST, DAST, and SBOM analysis.
4. Access Controls:
Coralogix using multi-factor authentication, role-based access controls, and intrusion detection solutions to ensure a level of security commensurate with the risk.
Coralogix conducts access reviews at least quarterly to ensure the continued appropriateness of access rights and to maintain the principle of least privilege.
Coralogix enforces password complexity requirements and password rotation policies.
5. Audits:
Coralogix conducts information security risk assessments at least annually and implements appropriate risk mitigation measures.
Coralogix conducts third-party audits at least annually, including SOC 2 Type 2, ISO 27001, ISO 27701, ISO 27017, ISO 27018, and ISO 42001 audits.
Coralogix conducts self-assessments at least annually to ensure compliance with various regulatory frameworks such as GDPR, CCPA, HIPAA, DORA, AI Act, as well as external standards such as PCI- DSS.
6. Business Continuity and Disaster Recovery:
Coralogix maintains a business continuity and disaster recovery policy to minimize service disruptions and comply with applicable laws. The policy is tested at least annually through table-top exercises. Coralogix ensures high availability of its services across availability zones. Continuity is achieved by the availability of customer data and the employee workforce.
7. Physical Access Controls:
Coralogix Implements and maintains appropriate physical security controls to prevent unauthorized physical access to facilities, systems, and infrastructure that process, store, or transmit Customer Data, including physical access controls and surveillance systems.
8. Awareness and Training:
Coralogix provides an appropriate level of periodical training concerning organizational security measures and privacy issues, to all personnel as well as additional training to those who have access to Customers’ Confidential Information. Training is conducted upon hiring and at least annually thereafter.
9. Breach Notification:
n the event that Coralogix becomes aware of a reasonably suspected or confirmed security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to Customer Data, Coralogix shall promptly inform the Customer without undue delay and within 1 hour of acquiring knowledge of the reasonably suspected or confirmed incident.
10. Customer Responsibilities:
Notwithstanding the Technical and Organizational Measures described above, the Customer remains responsible for securely configuring and using the Services in accordance with the applicable Coralogix Documentation. This includes, without limitation, configuring and managing authentication and access controls (including SAML SSO and Customer identity provider integrations), securing and regularly rotating API keys, and administering user permissions and IP-based access restrictions. The Customer is also responsible for determining what data is submitted to the Services, including the handling of PII and sensitive data prior to transmission to Coralogix. The Customer shall take reasonable measures to prevent unauthorized access to Customer Credentials and shall promptly notify Coralogix if it becomes aware of any compromise of Customer Credentials or unauthorized access to Customer Data.
11. Notifications:
The Customer may subscribe to: (i) The Coralogix Status Page for immediate system alerts and operational notifications;(ii) The Coralogix Trust Center notification center for official updates regarding material announcements and data impact notifications including additions or changes to Sub-Processors.
Exhibit B
Uptime SLA
1. Except for terms defined herein, capitalized terms used and not defined herein shall have the meanings as set forth in the Coralogix Master Subscription Terms (“Terms”).
2. Service Commitment
- During the term of the Subscription Period, Coralogix will use commercially reasonable efforts to make the Services available with a Monthly Uptime Percentage on a twenty-four hour a day, seven days a week (24×7) basis at a rate of 99.9% (Service Commitment).
- If the Service Commitment is not met, the Customer will be eligible to receive a Service Credit to be applied as described below, provided that such eligibility shall not apply to Customers under a Pay-as-you-Go plan, to Beta Services, or to Services provided on a trial, evaluation, or free-of-charge basis. The Service Credits described herein shall constitute the Customer’s sole and exclusive remedy for any Downtime Events, except as expressly set forth in Section 5 (Termination for Chronic Failure).
3. Definitions
- “Downtime Event” means the time in which a Coralogix Service is unavailable to the Customer as measured and determined solely by Coralogix and made available at the status page. Downtime Events shall exclude: (i) planned downtime events announced in-advance by Coralogix on its status page, including without limitation, for periodic upgrade and scheduled routine maintenance; and/or (ii) any time where Coralogix is awaiting information from the Customer or awaiting Customer confirmation that the Service has been restored.
- “Downtime Period” means the number of minutes in a calendar month during which Coralogix’s Service is unavailable to the Customer due to Downtime Event(s).
- “Monthly Uptime Percentage” means the total number of minutes in a calendar month minus the Downtime Period, divided by the total number of minutes in a calendar month. The status of the Monthly Uptime Percentage is available at Coralogix’s status page which can be subscribed to by the Customer to receive important notifications regarding planned downtime, maintenance etc.
- “Service Credits” mean monetary credit due to the Customer as a result of Downtime Period during a specific month, which will be deducted by Coralogix from Customer’s next billing cycle/invoice for future use of the Services, or by refund in case of advance payment as detailed in the following table:
Service Credit per Monthly Uptime Percentage:
| Between 99.0% – 99.9% the credit shall be 10% from the Customer monthly charge. The 10% credit is calculated based on the Customer’s monthly charge and applies to the Services provided during the Downtime Period month. |
| Below 99.0% the credit shall be 30% from the Customer monthly charge. The 30% credit is calculated based on the Customer’s monthly charge and applies to the Services provided during the Downtime Period month |
4. Service Credit Eligibility
- If the Monthly Uptime Percentage is less than 99.9%, then the Customer will be eligible to receive a Service Credit as detailed in the table above.
- In order to receive any of the Service Credits described above, the Customer must notify Coralogix’s technical support team within thirty (30) days from the time on which the Customer becomes eligible to receive Service Credits. Failure to comply with this requirement will forfeit such Customer’s right to receive Service Credits.
- Maximum Service Credits The aggregate maximum number of Service Credits to be issued by Coralogix to Customer for any and all Downtime Periods that occur in a single calendar month shall not exceed 30% of the amount due by Customer for the Services provided to it during the applicable month.
5. Termination for Chronic Failure. If Coralogix Service Uptime is less than 97.5% in 2 consecutive months or 3 months out of any 12-month period, such event will be considered a material breach and Customer will have the right to Terminate the Agreement or applicable Order Form in accordance with provisions the Terms.
6. THE CUSTOMER HEREBY ACKNOWLEDGES AND AGREES THAT ITS RIGHT TO RECEIVE SERVICE CREDITS AS SPECIFIED ABOVE AND TERMINATION FOR CHRONIC FAILURE CONSTITUTES ITS SOLE AND EXCLUSIVE REMEDY FOR ANY DOWNTIME EVENTS.
7. SLA EXCLUSIONS
THIS SLA DOES NOT APPLY TO ANY DOWNTIME EVENTS THAT (A) ARE EXPLICITLY EXCLUDED UNDER THIS SLA OR THE TERMS; OR (B) ARE CAUSED DUE TO FAILURE OF CUSTOMERS TO ACCESS THE INTERNET, OR TELECOMMUNICATIONS NETWORK REQUIRED FOR THE PROPER FUNCTIONING OF SERVICES, OR ANY SHORTAGE OF POWER; OR (C) RESULTED FROM CUSTOMER HARDWARE OR SOFTWARE INCOMPATIBLE WITH THE SERVICE; OR (D) RESULTED FROM DOWNTIME OF THE HOSTING PROVIDER OR WAF PROVIDER; OR (E) RESULTED FROM NON-COMPLIANCE OF THE CUSTOMER WITH SERVICES’ DOCUMENTATION; OR (F) CAUSED DUE TO MAINTENANCE OF CUSTOMER’S SYSTEMS AFFECTING THE OPERATION OF THE SERVICES; AND (G) RESULTED FROM CIRCUMSTANCES BEYOND CORALOGIX OR ITS HOSTING PROVIDER’S REASONABLE CONTROL INCLUDING, BUT NOT LIMITED TO ON ACCOUNT OF STRIKES, SHORTAGES, RIOTS, INSURRECTION, FIRES, FLOOD, STORMS, EXPLOSIONS, ACTS OF GOD, WAR, EPIDEMIC/ENDEMIC, GOVERNMENT OR QUASI-GOVERNMENTAL AUTHORITIES’ ACTIONS, ACTS OF TERRORISM, EARTHQUAKES, OR POWER OUTAGES.
Exhibit C
Support Policy