Terms and Conditions for Sidero Labs Services

TERMS AND CONDITIONS

PLEASE READ THIS AGREEMENT CAREFULLY. BY PURCHASING, INSTALLING, DOWNLOADING OR OTHERWISE USING THE SIDERO LABS OMNI SERVICE (INCLUDING ITS COMPONENTS) (THE “SERVICE”), YOU AGREE TO THE TERMS OF THIS AGREEMENT AND ANY CHANGES TO THIS AGREEMENT SIDERO LABS MAY MAKE IN THE FUTURE. IF YOU DO NOT AGREE WITH THESE TERMS, YOU ARE NOT PERMITTED TO USE THE SERVICE. AN INDIVIDUAL ACTING ON BEHALF OF AN ENTITY REPRESENTS THAT HE OR SHE HAS THE AUTHORITY TO ENTER INTO THIS AGREEMENT ON BEHALF OF THAT ENTITY.

SERVICES AND SUPPORT

1. Services

a. Subject to the terms of this Agreement, Company will provide Customer the Services specified in the applicable Order Form through which the Services are ordered (each an “Order Form”) (the “Services” or “SaaS Services”). SaaS Services are provided in accordance with the Service Level Terms in Exhibit A , while Self-Hosted Services are provided as software for use on Customer-managed infrastructure and are expressly excluded from the uptime guarantees in Exhibit A.

1.1 SaaS Services.

1.1(a) SaaS Services: The “SaaS Services” (or “Hosted Services”) consist of the proprietary Omni management platform hosted and maintained by Company, through which Customer may manage Kubernetes clusters and Talos Linux distributions.

1.1(b) Self-Hosted Services: The “Self-Hosted Services” consist of Company-provided code and management tools (the “Self-Hosted Software”) that Customer installs and operates on Customer’s own private infrastructure, or infrastructure that Customer controls.

1.1(c) Definition of Platform and Software: The “Platform” means and includes (i) the proprietary and third-party software applications provided or otherwise made available by Company (the “Software“), including updates, enhancements, patches, fixes or modifications; and (ii) all technology, technical information, discoveries, ideas, theories, improvements, tools, designs, original works of authorship, processes, algorithms, software, inventions, know-how, techniques, data, documentation and other information, including all intermediate and partial versions thereof, underlying the Platform.

1.1(d) Access and License Grant: Subject to Customer’s compliance with the terms and conditions of this Agreement, Customer is granted a limited, non-exclusive, non-transferable (except as permitted in Section 9), non-sublicensable, terminable, royalty-free (apart from the Services fees due to Company) license:

(i) for SaaS Services: to access and use the Services; and

(ii) for Self-Hosted Services: to use those portions of the Platform applicable to the relevant Order Form and Customer’s subscription, including any Software that Company makes available to Customer;

Usage Limitations: Customer shall exercise the rights granted in subsections (i) and (ii) only in order to make use of the Services and solely for Customer’s internal business operations during the Term. For clarity, Customer’s license to the Services for its business operations may include Customer’s management of Services at Customer’s clients’ worksites. No other rights or licenses are granted except as expressly set forth herein.

1.1(e) Exclusions of Open Source: For the avoidance of doubt, “Platform” and “Software” do not include open-source software (e.g., Talos Linux), which is governed by its own license.

1.2 Support Services. Subject to the terms hereof, if Customer has subscribed to a support offering in the Order Form, Company will provide Customer with reasonable technical support services in accordance with the terms in Exhibit B.

1.3 Other Services. To the extent specified in an applicable Order Form accepted by the parties, the Company will perform (a) services to assist Customer in implementing the SaaS Services (“Implementation Services” or “Professional Services”). Such work will be performed for the prices in the applicable Order Form and SOWs, pursuant to the terms set forth herein and in SOWs signed by the parties.

2. RESTRICTIONS AND RESPONSIBILITIES

2.1 Restrictions

2.1.1 Open Source Compliance: Customer acknowledges that the Services manage or utilize software distributions, such as Talos Linux, provided under open-source licenses like the Mozilla Public License (MPL). Nothing in this Agreement shall restrict Customer’s rights to use, modify, or distribute such open-source software in accordance with its respective license.

2.1.2 Supportability of Modifications: While Customer may modify open-source software under its own license, any such modifications or Derivative Works are expressly excluded from the scope of Company’s Support Services. Company shall have no obligation to provide support for any version of the software that has been modified by Customer or a third party

2.1.3 Proprietary Materials: Customer will not modify, translate, or create any Derivative Works based on the Services, Software or Platform (except to the extent expressly permitted by Company or authorized within the Services); use the Services, Platform or any Software for timesharing or service bureau purposes or otherwise for the benefit of a third party; or remove any proprietary notices or labels. “Derivative Work” for this Agreement means any modification of or extension to any software, process, algorithm, trade secret, work of authorship, invention, or to any other intellectual property right therein or thereto.

2.1.4 Security Vulnerability Disclosure. If Customer discovers a potential security vulnerability in Talos Linux, the Platform, or other Company Technology, Customer agrees to report the finding directly to Company via the channels specified in the Company’s published Security Policy. Customer shall use commercially reasonable efforts to follow “Coordinated Vulnerability Disclosure” practices, providing Company with a period of at least ninety (90) days to address and patch the vulnerability before making any public disclosure.

2.2 Export Control. Technical data, Software, and the Platform provided by Company are subject to U.S. export control laws, including the U.S. Export Administration Regulations and all applicable U.S. sanctions. Customer agrees (i) not to export or re-export any technical data, software, or access to the Platform provided by Company in violation of such laws ; and (ii) not to export or re-export the foregoing to any country, region, or individual restricted by U.S. law.

2.3 Customer represents, covenants, and warrants that Customer will use the Services only in compliance with Company’s standard published policies then in effect (the “Policy”, Exhibit C) and all applicable laws and regulations. Customer hereby agrees to indemnify and hold harmless the Company against any damages, losses, liabilities, settlements and expenses (including without limitation costs and reasonable attorneys’ fees) in connection with any third party claim or action that arises from an alleged violation of the foregoing or otherwise from Customer’s use of the Services in violation of the terms of this Agreement or from its willful misconduct. Although Company has no obligation to monitor Customer’s use of the Services, Company may do so and may prohibit any use of the Services it believes may be (or alleged to be) in violation of the foregoing.

2.4 Customer shall be responsible for obtaining and maintaining any equipment and ancillary services needed to connect to, access or otherwise use the Services, including, without limitation, modems, hardware, servers, software, operating systems, networking, web servers and the like (collectively, “Equipment”). Customer shall also be responsible for maintaining the security of the Equipment, Customer account, passwords (including but not limited to administrative and user passwords) and files, and for all uses of Customer account or the Equipment with or without Customer’s knowledge or consent.

2.5 Self-Hosted Infrastructure Responsibility. For Self-Hosted Services, Customer is solely responsible for:

Infrastructure provisioning and configuration;
Cloud provider selection and costs;
Network configuration and security controls;
Identity and access management;
Backup, redundancy, and disaster recovery;
Compliance with applicable laws and regulations.

Company shall not be liable for:

Downtime, outages, or degradation caused by Customer infrastructure;
Third-party services or integrations;
Cloud cost overruns;
Security vulnerabilities introduced by Customer configuration or third-party components.

Support for Self-Hosted Services is limited to the unmodified Software and does not extend to Customer’s underlying infrastructure, workloads, or third-party components.

3. CONFIDENTIALITY; PROPRIETARY RIGHTS

3.1 Each party (the “Receiving Party”) understands that the other party (the “Disclosing Party”) has disclosed or may disclose business, technical or financial information relating to the Disclosing Party’s business (hereinafter referred to as “Proprietary Information” of the Disclosing Party). Proprietary Information of Company includes non-public information regarding features, functionality and performance of the Service. Proprietary Information of Customer includes non-public data provided by Customer to Company to enable the provision of the Services (“Customer Data”). The Receiving Party agrees: (i) to take reasonable precautions to protect such Proprietary Information, and (ii) not to use (except in performance of the Services or as otherwise permitted herein) or divulge to any third person any such Proprietary Information. The Disclosing Party agrees that the foregoing shall not apply with respect to any information that the Receiving Party can document (a) is or becomes generally available to the public through no breach hereof by Receiving Party, or (b) was lawfully in its possession or known by it prior to receipt from the Disclosing Party, or (c) was lawfully disclosed to Receiving Party without restriction by a third party, or (d) was independently developed without use of any Proprietary Information of the Disclosing Party. The confidentiality and non-use obligations of each Receiving Party under this Agreement will survive expiration or termination of this Agreement for a period of five (5) years; except that such obligations shall survive thereafter with respect to each Disclosing Party’s software, algorithms and technology-based trade secrets so long as they remain trade secrets under prevailing law (without regard to any breach of the Receiving Party).

3.2 Company owns, holds as its valuable Proprietary Information and shall continue to own and retain all right, title and interest in and to (a) the Services, Platform and Software, including the specific design and structure of individual programs, and Company’s techniques, analyses, modules, documentation, training materials and consulting methods, and all improvements, enhancements or modifications thereto; (b) any software, applications, inventions, Derivative Works, Company Tools or other technology developed by Company either in connection with or separately from Implementation Services or support, and (c) all intellectual property rights related to any of the foregoing (collectively with (a) and (b) the “Company Technology”). “Company Tools” means any intellectual property or Company Technology which Company creates or uses in order to prepare the Deliverables or Services and all Derivative Works thereof, whether or not prepared under Customer’s funding or otherwise in the course of performance of this Agreement. For the avoidance of doubt, “Company Technology” does not include the open-source software distributions supported under this Agreement, which are governed by their respective licenses.

3.3 (a) Customer shall own all right, title and interest in and to the Customer Data and any Intellectual property Customer created prior to or separate from this Agreement.

3.4 Data Processing and Compliance.

3.4.1 Roles. The parties acknowledge that with regard to the processing of Personal Data, Customer is the Data Controller and Company is the Data Processor acting on Customer’s instructions. Both parties shall comply with all applicable privacy and data protection laws (e.g., GDPR, CCPA).

3.4.2 Data Processing Addendum. To the extent Company processes Personal Data on Customer’s behalf, the parties agree to comply with the Sidero Labs Data Processing Addendum (DPA), which is hereby incorporated by reference and found at https://www.siderolabs.com/privacy-policy/. The DPA shall include appropriate safeguards for cross-border transfers, such as Standard Contractual Clauses (SCCs).

3.4.3 Usage Data. Notwithstanding the foregoing and except with respect to Self-Hosted Services, Company shall have the right to collect and analyze data relating to the performance of the Services. Company may (i) use such information to improve the Services; and (ii) disclose such data solely in anonymized, aggregated form that is not traceable to any party and contains no Personal Data.

3.5 Customer agrees that Company may identify Customer as a recipient of services and use its name and logo in sales presentations, marketing materials and press releases.

4. PAYMENT OF FEES

4.1 Customer will pay Company the then applicable fees described in each applicable Order Form for the Services and any Support agreement or Professional Services in accordance with the terms therein (the “Fees”). If Customer’s use of the Services exceeds the Service Capacity set forth on the applicable Order Form or otherwise requires the payment of additional fees (per the terms of this Agreement), Customer shall be billed for such usage and Customer agrees to pay the additional fees in the manner provided herein. Company reserves the right to change the Fees or applicable charges and to institute new charges and Fees at the end of the Initial Service Term or then current renewal term, upon thirty (30) days prior notice to Customer (which may be sent by email). In addition to any other remedies available to Company, Company reserves the right to suspend Customer’s access to the SaaS Services and the provision of Support Services for Self-Hosted Services and/or Support Services if any undisputed Fees are more than thirty (30) days past due. Such suspension shall not constitute a termination of this Agreement nor relieve Customer of its obligation to pay all Fees due hereunder.

4.2 Full payment for invoices must be received by Company thirty (30) days after the mailing date of the invoice. Unpaid amounts may be subject to a finance charge of 1% per month on any outstanding balance, plus all reasonable expenses of collection. Customer shall be responsible for all taxes associated with Services other than U.S. taxes based on Company’s net income. If Customer believes in good faith that Company has billed Customer incorrectly, Customer must contact Company no later than 60 days after the closing date on the first billing statement in which the error or problem appeared, in order to receive an adjustment, refund or credit. Inquiries should be directed to Company’s customer support department.

5. TERM AND TERMINATION

5.1 Subject to earlier termination as provided below, this Agreement is for the Initial Service Term, commencing on, and for the duration, as specified in the applicable Order Form, and shall be automatically renewed for additional periods of the same duration as the Initial Service Term unless a different renewal period is specified in the Order Form. The renewal period shall automatically renew for additional periods of the same duration. (These periods are collectively, the “Term”). Either party may request termination at least thirty (30) days prior to the end of the then-current Term to prevent automatic renewal.

5.2 In addition to any other remedies it may have, either party may also terminate this Agreement: (i) upon thirty (30) days’ notice, if the other party materially breaches any of the terms or conditions of this Agreement; (ii) if the other party becomes insolvent or admits in writing its inability to pay its debts as they mature or makes an assignment for the benefit of creditors; or (iii) if a petition under the United State Bankruptcy Act, as it now exists or as it may be amended, or any similar law of any other jurisdiction, is filed concerning the other party. Customer will pay in full for the Services up to and including the last day on which the Services are provided. If Company terminates the Agreement without cause, Customer will be refunded for any pre-paid services which are not provided. All sections of this Agreement which by their nature should survive termination will survive termination, including, without limitation, responsibilities and restrictions, accrued rights to payment, confidentiality obligations, intellectual property rights, warranty disclaimers, and limitations of liability.

6. WARRANTY AND DISCLAIMER

6.1 Company shall use reasonable efforts consistent with prevailing industry standards to maintain the Services in a manner which minimizes errors and interruptions in the Services and shall perform the SaaS Services, Support Services and Professional Services in a professional and workmanlike manner. Services may be temporarily unavailable for scheduled maintenance or for unscheduled emergency maintenance, either by Company or by third-party providers, or because of other causes beyond Company’s reasonable control, but Company shall use reasonable efforts to provide advance notice in writing or by e-mail of any scheduled service disruption.

6.2 Open Source & Upstream Security. Open-source software distributions (including Talos Linux and Kubernetes) are provided “AS IS” pursuant to their respective open-source licenses. While Company will use commercially reasonable efforts to provide security updates and backports as defined in Exhibit B, Customer acknowledges that such fixes are subject to upstream project support (e.g., Linux kernel, runc, and Kubernetes); Company does not warrant that the software will be uninterrupted or error-free, or that all vulnerabilities can or will be patched, particularly where a fix is unavailable from the relevant upstream project.

6.3 Disclaimers. HOWEVER, COMPANY DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR FREE; NOR DOES IT MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE SERVICES OR REGARDING THE SECURITY, ACCURACY, RELIABILITY, TIMELINESS OR PERFORMANCE OF THE SERVICES OR THAT SERVICES WILL MEET CUSTOMER’S REQUIREMENTS. EXCEPT AS EXPRESSLY SET FORTH IN SECTION 6.1, THE SERVICES AND PROFESSIONAL SERVICES ARE PROVIDED “AS IS” AND COMPANY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN THE CASE OF A BREACH OF WARRANTY BY COMPANY, CUSTOMER’S SOLE AND EXCLUSIVE REMEDY SHALL BE FOR COMPANY AT ITS OPTION TO REPERFORM THE SERVICES OR ISSUE A PRO-RATA REFUND FOR THE NON-CONFIRMING SERVICE.

6.4 Security Disclaimer: Company maintains a security program that includes administrative, technical, and organizational safeguards designed to protect the security, confidentiality, and integrity of the Services and Customer Data, and such program is assessed pursuant to a SOC 2 Type II audit. Notwithstanding the foregoing, Customer acknowledges that no system can be guaranteed to be completely secure, and Company does not warrant that the Services or any data transmitted or stored in connection therewith will be immune from unauthorized access, security breaches, or other security incidents. Except as expressly set forth in this Agreement, Company disclaims any warranty of absolute security or uninterrupted protection against cyber threats; provided, however, that Company shall use commercially reasonable efforts to detect, respond to, and mitigate any confirmed security incident in accordance with its documented incident response procedures. Except for Company’s gross negligence or willful misconduct, any liability arising from a Security Incident shall be subject to the limitations set forth in Section 8. Company shall not be responsible for Security Incidents arising from: (i) Customer configuration; (ii) Customer credentials; (iii) Self-Hosted infrastructure; (iv) third-party integrations; or (v) open-source software.

6.5 Regulatory Compliance Disclaimer. Except as expressly stated in this Agreement, Company does not represent or warrant that the Services comply with, or will enable Customer to comply with, any specific law, regulation, or industry standard, including but not limited to HIPAA, FedRAMP, ITAR, PCI-DSS, SOC reporting requirements, or similar regulatory regimes. Customer is solely responsible for ensuring its use of the Services meets its specific legal and regulatory obligations. Any reference to compliance, certifications, or security standards in marketing materials, security documentation, or discussions shall not be deemed a warranty or guarantee of regulatory compliance.

7. INDEMNITY

7.1 Company Indemnity. Company shall indemnify, defend and hold Customer harmless from liability to third parties based upon claims by such parties (“Claims”) resulting from infringement of any United States or European Union patent or copyright, or misappropriation of any trade secret owned by such third party, provided Company is promptly notified of any and all threats, claims and proceedings related thereto and given reasonable assistance and the opportunity to assume sole control over defense and settlement. Company will not be responsible for any settlement it does not approve in writing.

7.2 Exclusions from Indemnity. The foregoing obligations do not apply with respect to portions or components of the Service:

(i) not supplied by Company;

(ii) made in whole or in part in accordance with Customer specifications where the alleged infringement is caused by adherence to such specifications;

(iii) that are modified after delivery by Company and the alleged infringement is caused by the Customer modification;

(iv) combined with other products, processes or materials where the alleged infringement relates to such combination;

(v) where Customer continues allegedly infringing activity after being notified in writing thereof or after being informed of modifications that would have avoided the alleged infringement ;

(vi) that are underlying open-source software (e.g., Talos Linux or Kubernetes);

(vii) where Customer’s use of the Service is not strictly in accordance with this Agreement and such use causes the alleged infringement; or

(viii) resulting from the interaction of the Service with Customer’s Self-Hosted infrastructure, network configuration, or third-party cloud provider environments.

7.3 Remedy for Infringement. If, due to a claim of infringement, the Services are held by a court of competent jurisdiction to be or are believed by Company to be infringing, Company may, at its option and expense: (a) replace or modify the Service to be non-infringing provided that such modification or replacement contains substantially similar features and functionality; (b) obtain for Customer a license to continue using the Service ; or (c) if neither of the foregoing is commercially practicable, terminate this Agreement and Customer’s rights hereunder and provide Customer a refund of any prepaid, unused fees for the Service.

7.4 Sole Remedy. THE FOREGOING CONSTITUTES COMPANY’S ENTIRE LIABILITY, AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY WITH RESPECT TO THIRD PARTY CLAIMS OF INFRINGEMENT OF ANY KIND OR NATURE.

8. LIMITATION OF LIABILITY

8.1 NOTWITHSTANDING ANYTHING TO THE CONTRARY, EXCEPT FOR BODILY INJURY OF A PERSON AND THE CONFIDENTIALITY OBLIGATIONS HEREIN, IN NO EVENT WILL EITHER PARTY OR ITS SUPPLIERS’ (INCLUDING BUT NOT LIMITED TO ALL EQUIPMENT AND TECHNOLOGY SUPPLIERS), OFFICERS’, AFFILIATES’, REPRESENTATIVES’, CONTRACTORS’ AND EMPLOYEES’ AGGREGATE, CUMULATIVE LIABILITY ARISING OUT OF OR RELATING TO THESE TERMS AND ALL SOWS AND ORDER FORMS EXCEED THE AMOUNTS RECEIVED BY COMPANY FROM CUSTOMER DURING TWELVE (12) MONTHS PRECEDING THE FIRST EVENT GIVING RISE TO LIABILITY. THIS LIMITATION IS CUMULATIVE FOR ALL CLAIMS ARISING UNDER ALL SOWS AND ORDERING DOCUMENTS, AND SHALL APPLY EVEN IF THE REMEDIES PROVIDED IN THIS AGREEMENT SHALL FAIL OF THEIR ESSENTIAL PURPOSE. NEITHER PARTY SHALL BE RESPONSIBLE OR LIABLE WITH RESPECT TO ANY SUBJECT MATTER OF THIS AGREEMENT OR TERMS AND CONDITIONS RELATED THERETO UNDER ANY CONTRACT, NEGLIGENCE, STRICT LIABILITY OR OTHER THEORY: (A) INTERRUPTION OF USE OR FOR LOSS OR CORRUPTION OF DATA INCLUDING NONPAYMENT ONLY FOR THE AFFECTED TIME PERIOD AS A RESULT OF THE FOREGOING, OR COST OF PROCUREMENT OF SUBSTITUTE GOODS, SERVICES OR TECHNOLOGY OR LOSS OF BUSINESS; (B) FOR ANY INDIRECT, EXEMPLARY, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN ANY WAY RELATING TO THESE TERMS, THE SERVICES PROVIDED, OR THE USE OF OR INABILITY TO USE THE SERVICES; OR (C) FOR ANY MATTER BEYOND THE AFFECTED PARTY’S REASONABLE CONTROL; WHETHER OR NOT THE OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

8.2 Open Source and Self-Hosted Software. Customer acknowledges that the Services utilize open-source projects (e.g., Talos Linux) and that Self-Hosted Services involve deploying Company code on Customer’s own infrastructure. While Company will use commercially reasonable efforts to address bugs or vulnerabilities in the software, Company shall not be liable for any damages, system failures, or security breaches resulting from the use of Talos Linux or the Self-Hosted Services, except to the extent such damages are a direct result of Company’s gross negligence or willful misconduct in the performance of its obligations. For the avoidance of doubt, the limitations in Section 8.1 apply to all claims related to the software, the Self-Hosted Services, and the Support Services.

9. MISCELLANEOUS

9.1 Severability and Waiver: If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable. The failure of either party to enforce any right or provision of this Agreement shall not be deemed a waiver of such right or provision.

9.2 Assignment: Except in connection with a merger or sale of substantially all of its assets (a “Change in Control”) or Company’s assignment to an affiliate, this Agreement is not assignable or transferable by either Party except with the other Party’s prior written consent.

9.3 Entire Agreement and Modification: This Agreement, together with the applicable Order Forms and any Exhibits and SOWs entered by the parties, constitutes the complete and exclusive statement of the mutual understanding of the parties. It supersedes and cancels all previous written and oral agreements, communications, and other understandings relating to the subject matter of this Agreement. All waivers and modifications must be in a writing signed by both parties.

9.4 Relationship of the Parties: No agency, partnership, joint venture, or employment is created as a result of this Agreement. Customer does not have any authority of any kind to bind Company in any respect whatsoever.

9.5 Notices: All notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by e-mail; the day after it is sent, if sent for next-day delivery by recognized overnight delivery service ; or upon receipt, if sent by certified or registered mail.

9.6 Force Majeure: Neither party shall be liable by reason of failure or delay in the performance of its obligations hereunder on account of strikes, shortages, riots, insurrection, war, acts of terrorism, public health emergencies, pandemic, epidemic, fires, flood, storm, explosions, earthquakes, outages or failures of third-party cloud service providers, Internet delays or outages, acts of God, governmental action, labor conditions, or any other cause which is beyond the reasonable control of the party.

9.7 Governing Law and Jurisdiction: This Agreement shall be governed by the laws of the State of California without regard to its conflict of laws provisions. Except for actions seeking injunctive relief, the parties agree to the exclusive jurisdiction of the federal and state courts in Santa Barbara County, California. In any action to enforce rights under this Agreement, the prevailing party will be entitled to recover its reasonable costs and attorneys’ fees.

9.8 Dispute Resolution: Excluding actions seeking injunctive relief, if any disputes arise between the parties, before taking formal action, the parties will use reasonable efforts to resolve the dispute through their good-faith discussions within thirty (30) days from the date that one party notifies the other of such dispute in reasonable detail.

9.9 Capacity Audit: Not more than once per twelve (12) month period, Company may verify Customer’s node count to ensure compliance with the Support and Platform Capacity defined in the Order Form. Customer agrees to provide a certified report or allow the execution of a discovery script solely for the purpose of verifying the number of active nodes receiving Services.

9.10 Non-Solicitation: During the Term of this Agreement and for a period of twelve (12) months thereafter, neither party shall, directly or indirectly, solicit for employment or hire any employee or contractor of the other party who was involved in the performance or receipt of the Services, without the prior written consent of the other party. This provision shall not restrict either party from hiring individuals who respond to general, public advertisements for employment.

9.11 Order of Precedence: In the event of any conflict or inconsistency between the documents comprising this Agreement, the following order of precedence shall apply: (i) the Order Form (but only as to the specific Services, Fees, and Capacity being purchased ); (ii) the Acceptable Use Policy (Exhibit C) (as to all matters regarding prohibited use and platform security ); (iii) the Terms and Conditions of this MSA ; and (iv) any other Exhibits or SOWs. No terms in a Customer purchase order or similar document shall have any force or effect.

EXHIBIT A

Service Level Terms

The Company will use commercially reasonable efforts to ensure that the Services shall be available 99% of the time, measured monthly, excluding scheduled maintenance (“Services Availability”). Any uptime or downtime calculation will exclude periods affected by such maintenance. Further, any downtime resulting from outages of third-party connections or utilities or other reasons beyond Company’s control will also be excluded from any such calculation. Excluding scheduled maintenance periods, the Service will be deemed “available” so long as Customer’s authorized users are able to login to their assigned Customer portal interface. “Services Availability” as used herein relates to the core Service’s availability as served from Company-hosted environments for Customer portal access. This SLA does not apply to Self Hosted Service(s). For Self-Hosted Services, Company’s sole obligation is to provide Support Services for the code in accordance with Exhibit B, but no uptime availability credit shall apply.

Customer’s sole and exclusive remedy, and Company’s entire liability, in connection with Service availability shall be that for each period of downtime lasting longer than four (4) hours during one (1) calendar month, Company will credit Customer 2% of Service fees for that month; provided that no more than one such credit will accrue per day. Downtime shall begin to accrue as soon as Customer (with notice to Company) recognizes that downtime is taking place, and continues until the availability of the Services is restored. In order to receive downtime credit, Customer must notify Company in writing within five (5) business days from the time of downtime, and failure to provide such notice will forfeit the right to receive downtime credit. Such credits may not be redeemed for cash and shall not be cumulative beyond a total of credits for one (1) week of Service Fees in any one (1) calendar month in any event. Company will only apply a credit to the month in which the incident occurred. Company’s blocking of data communications or other Service in accordance with its security processes and published policies shall not be deemed to be a failure of Company to provide adequate service levels under this Agreement.

EXHIBIT B

Support Services Terms

Support Subscription. If Customer has subscribed to Support Services as specified in an Order Form, SIDERO will provide such support in accordance with these terms. All capitalized terms not defined herein have the meaning in the Master Services Agreement (“MSA”).

Scope of Coverage

Support coverage includes Customer issues related to the following components:

Sidero Omni SaaS: Support for the Omni SaaS service or Self-Hosted Omni.
Talos Linux: Troubleshooting, configuration guidance, and bug fixes for the Talos Linux Operating System.
Management Tools: Assistance with Sidero CLI and automation tools.
Kubernetes Control Plane: Support for the Kubernetes lifecycle and control plane

Support for Self-Hosted Services is limited to the Software itself and does not include troubleshooting of Customer’s underlying infrastructure, network latency, or hardware failures.

3 Support Lifecycle and Upstream Dependency

Kubernetes: Support is provided for the most current 5 stable releases of Kubernetes.
Talos Linux: Full support and security updates are provided for the two latest minor releases.
Security Backports: Backports for the “N-1” release are limited to high-severity CVEs and are strictly subject to upstream project support (e.g., Linux kernel).
Upstream Disclaimer: Customer acknowledges that fixes are subject to upstream project availability; Company does not warrant that all vulnerabilities can be patched if a fix is unavailable from the relevant upstream project.

4. Professional Services and Support Exclusions Sidero offers Professional Services (“PS”) for projects falling outside the scope of standard Support. Unless explicitly included in an Order Form or a separate Statement of Work (SOW), Support Services do not include:

Feature Development: Implementation of new features or hardware device support.
Design & Third-Party Tools: Troubleshooting third-party components, architectural design/discussion, or implementation of management components.
Workload Debugging: Workload-specific debugging (e.g., writing Kubernetes Jobs or Deployments).
Modified Software: Support for any software that has been modified or altered by the Customer or a third party.
Other Professional Services.

5. Support Tier and Turn-Around. The turn-around time SLA, and mode of communications for support depends upon the Support Subscription Customer selected as set forth on the Order Form. SIDERO will provide services and response to issues and requests that are within the scope of Support Services according to the Support Tier matrix below, using all commercially reasonable efforts to respond within the applicable timeframes according to the various Priority levels as defined.

Sidero Labs reserves the right to re-classify the Priority Level of any support request at its reasonable discretion based on the technical impact described by the Customer and the definitions provided in the Priority Definitions table below.

	Support Subscription
	Business		Enterprise
	Initial	Ongoing	Initial response time	Ongoing update response time (not counting issues pending a response from customer)
Priority 1 SLA	2 business hours	4 business hours	1 hour	2 hours
Priority 2 SLA	4 business hours	8 business hours	2 hours	4 hours
Priority 3 SLA	1 business day	2 business days	4 business hours initial response	8 business hours
Priority 4 SLA	1 business day	5 business days	1 business day initial response,	2 business days
Notes	Business hours: Monday to Friday 8:00am to 5:00pm Eastern US time, excluding US Federal Holidays.		Support is 24 x 7 x 365

	Priority Definitions
Priority 1 Urgent	A problem that severely impacts your use of the software (such as loss of data or in which your systems are not functioning). The situation halts your business operations and no procedural workaround exists.
Priority 2 High	A problem where the software is functioning but your use is severely reduced. The situation is causing a high impact to portions of your business operations and no procedural workaround exists.
Priority 3 Medium	A problem that involves partial, non-critical loss of use of the software. There is a medium-to-low impact on your business, but your business continues to function, including by using a procedural workaround.
Priority 4 Low	A general usage question, reporting of a documentation error, or recommendation for a future product enhancement or modification. There is low-to-no impact on your business or the performance or functionality of your system.

7 Customer Collaboration. Sidero Labs’s ability to deliver high-quality Support Services is conditioned upon the Customer:

- maintaining a current Support Subscription;
- providing Sidero Labs with all reasonable assistance, diagnostic data, and information necessary to resolve the issue;
- providing appropriate contact information for the technical personnel requiring support; and
- utilizing Sidero Labs’s published Support guidance and FAQs prior to escalating common configuration issues.

Acceptable Use Policy

This Acceptable Use Policy (this “Policy”) describes and provides guidance on prohibited uses of the Services and Platform of Sidero Labs, Inc., a Delaware corporation (“Sidero Labs” or the “Company”). The “Services” mean the products and services that are ordered by you (hereinafter “Customer,” “you,” or “your”) under an Order Form and pursuant to a Master Services Agreement with the Company (the “MSA”). In the event of any conflict or inconsistency between and among this Policy, the applicable Order Form and the MSA between the parties, first this Policy, and then the Order Form and then the MSA shall control. Capitalized terms in this Policy that are not otherwise defined herein have the meanings ascribed to them in the MSA or Order Form.

If you violate this Policy or authorize or help others to do so, Sidero Labs may suspend or terminate your use of and access to the Services and the Platform, or any part thereof.

The examples listed in this Policy are not exhaustive. Prohibited uses and activities include, without limitation, any use of the Services or Platform by Customer or any of its users (each an “End User”) in a manner that, in Sidero Labs’s reasonable judgment, involves, facilitates, or attempts to engage in:

Modifying, reverse-engineering, hacking or attempting to hack or otherwise discover any underlying ideas, algorithms or source code of a proprietary nature or vulnerabilities of the Services or Platform;
Using the Services or Platform in a manner that is, facilitates, or otherwise encourages (a) any illegal, fraudulent, or abusive activities, or (b) materially interfering with or harming the business or activities of Sidero Labs or any of its customers;
Attempting to bypass or break any security mechanism of the Services or Platform, or using the Services or Platform in any other manner that poses a material security or service risk to Sidero Labs or any of its other users;
Permitting direct or indirect access to or use of the Services or Platform for (i) any form of excessive automated bulk activity such as spamming; (ii) inauthentic interactions, such as the creation or use of fake accounts and automated inauthentic activity; or (iii) using the resources of the Platform (but excluding resources simply managed by the Platform) for mining or demonstrating proof-of-work or other proof by use of resources for any cryptocurrency or blockchain;
Selling, reselling, licensing, sublicensing, providing, leasing, lending, using for time-sharing or service bureau purposes, or otherwise using or allowing others to use the Services for the benefit of any third party, except as expressly permitted by the MSA, Order Form or Statement of Work;
Transmitting, storing, using, displaying, distributing or otherwise making available any content, data or technology that may damage, interfere with, surreptitiously intercept, or expropriate any system, program or data, including without limitation viruses, Trojan horses, bots, worms, scripting exploits, time bombs or other malicious code;
Using the Services or Platform to interfere with or disrupt the integrity or performance of the Services or Platform (or their components), or to attempt to gain unauthorized access to the Services or Platform, or any related systems or networks;
Launching or facilitating a denial of service attack (including any actions, which effectively cause a similar result) on any of the Services or Platform, or any other conduct that, at Sidero Labs’s sole discretion, materially and adversely impacts the availability, reliability, or stability of the Services or Platform;
Using the Services or Platform for any illegal purpose or to violate, or to encourage or facilitate the violation of, any laws (including, without limitation, data protection, privacy, consumer protection, and export control laws);
Copying the Services or Platform, or any part, feature, function or user interface thereof, or accessing the Services or Platform in order to build a competitive product or service;
Modifying, altering, tampering with or creating a derivative work of any software included in the Services or Platform;
Using the Services or Platform in any manner that would result in an infringement, dilution, misappropriation or other violation of any intellectual property or proprietary rights of others, including but not limited to copyrights and rights arising from patents, trademarks and trade secrets;
Using the Services or Platform to create or transmit any material or content that is, facilitates, or encourages libelous, defamatory, discriminatory, or otherwise malicious or harmful speech or acts to any person or entity, including but not limited to hate speech and any other material or content that Sidero Labs reasonably believes degrades, intimidates, incites violence against, or encourages prejudicial action against anyone based on age, disability, ethnicity, gender, geographic location, national origin, race, religion, sexual orientation or any other protected category;
Using the Services or Platform to transmit, store, display, distribute or otherwise make available content that is defamatory, libelous, threatening, harassing, abusive, hateful, deceptive, fraudulent, obscene, indecent, harmful to minors, or otherwise objectionable; or
Collecting or using the Personal Information (as defined in the California Consumer Privacy Act of 2018 – see https://oag.ca.gov/privacy/ccpa) of any individual without their permission.

Responsibility for End Users

This Policy applies with respect to the use or access by anyone using or accessing the Services or the Platform on Customer’s behalf, and Customer is responsible for violations of this Policy by the End Users.

Monitoring and Enforcement

Sidero Labs reserves the right, but does not assume the obligation, to investigate any violation of this Policy or misuse of the Services or Platform. Sidero Labs may report any activity that it suspects violates any law or regulation to appropriate law enforcement officials, regulators, or other appropriate third parties. Such reporting may include disclosing applicable Customer Data. Sidero Labs also may cooperate with appropriate law enforcement agencies, regulators, or other appropriate third parties to help with the investigation and prosecution of illegal conduct by providing network and systems information related to alleged violations of this Policy.

Reporting Violations

If you become aware of any violation of this Policy by you or any End User, you must immediately notify Sidero Labs and provide assistance as reasonably requested to stop or remedy the violation.

Our Whistleblower Policy is intended to encourage and enable employees and others to raise serious concerns internally so that we can address and correct inappropriate conduct and actions. It is the responsibility of all employees to report concerns about violations of our code of ethics or suspected violations of law or regulations that govern our operations. It is contrary to our values for anyone to retaliate against any employee or anyone else who in good faith reports an ethics violation, or a suspected violation of law, such as a complaint of discrimination, or suspected fraud, or suspected violation of any regulation.

Reports can be made at our anonymous reporting form.

Updates

Sidero Labs may modify this Policy at any time by posting a revised version on the Platform. By using the Services or accessing the Platform, you agree to the latest version of the Policy.