Solutions Agreement
Last Updated: 3/12/2026
This Solutions Agreement ("Agreement") is a binding contract between Vigilant Sec, Inc. ("Vigilant Sec") and the entity that purchases, accesses, or uses Vigilant Sec's cybersecurity solutions ("Customer"). By executing a Binding Quote, Statement of Work ("SOW"), or using Vigilant Sec's solutions, Customer agrees to the terms of this Agreement. If Customer does not agree to these terms, they must not use the solutions.
1. SCOPE AND LICENSE GRANT
1.1 Solutions and Services. Vigilant Sec provides cybersecurity solutions and services, including proprietary offerings and third-party software licenses it resells or distributes, as specified in an applicable Binding Quote or SOW.
1.2 Acceptance of Terms. By purchasing a subscription, executing a Binding Quote, or using the solutions, Customer acknowledges and agrees to be bound by this Agreement.
1.3 License Grant. Subject to the terms of this Agreement and payment of applicable fees, Vigilant Sec grants Customer a non-exclusive, non-transferable, non-sublicensable, limited right to access and use the solutions for its internal business purposes during the applicable subscription term. This license is subject to usage limitations defined in the Binding Quote or SOW.
1.4 License Usage Review and Audit. Customer agrees that the licensing count and entitlements under an agreed-upon Binding Quote for Vigilant Sec solutions and services will be reviewed on an annual basis. In the event of a merger, acquisition, or other material change resulting in a growth of more than twenty percent (20%) in Customer’s usage or workforce, Vigilant Sec reserves the right to conduct an off-cycle review and adjust licensing requirements accordingly. Additionally, for third-party software licenses resold by Vigilant Sec, licensing counts may be subject to real-time true-up requirements as mandated by the respective third-party EULA.
1.5 Third-Party Software. Customer's use of third-party software resold or distributed by Vigilant Sec is subject to the respective third-party provider’s end-user license agreements ("EULAs"). Vigilant Sec makes no warranties regarding third-party software beyond those provided by the third party.
1.6 Future Functionality. Customer acknowledges that purchases are not contingent on the delivery of any future functionality unless explicitly stated in a Binding Quote or SOW.
2. FEES, PAYMENT, AND TAXES
2.1 Fees. Customer agrees to pay all fees specified in the applicable Binding Quote or SOW.
2.2 Payment Terms.
(a) Default Payment Terms. All invoices are due and payable upon receipt unless otherwise specified in the applicable Binding Quote or SOW. For subscriptions processed by credit card or other electronic payment method, payment is collected at the time of purchase and on each subsequent renewal date.
(b) Late Payment. If payment is not received within the applicable payment period, Vigilant Sec reserves the right to temporarily suspend Customer's access to the solutions and services until payment is received in full. If the account remains delinquent for more than sixty (60) days, Vigilant Sec may terminate access and take further collection actions as necessary. Late payments may incur interest at 1.5% per month (or the maximum rate permitted by applicable law, if lower), compounding monthly from the due date until paid in full.
2.3 Taxes. Fees are exclusive of all applicable taxes, duties, levies, VAT, GST/HST, and similar governmental assessments. Customer is responsible for all such taxes other than taxes based on Vigilant Sec's net income. If Customer is required to withhold taxes, Customer shall gross up payments so that Vigilant Sec receives the full invoiced amount, unless prohibited by applicable law.
2.4 Payment Processing Fees. For payments made by credit card or other electronic payment methods, Vigilant Sec reserves the right to pass through payment processing fees charged by third-party payment processors. Any applicable processing fees will be disclosed to Customer at the time of payment. Customer may avoid processing fees by paying via ACH transfer or wire transfer where available.
2.5 Purchase Orders. Any purchase order or procurement document issued by Customer is for administrative convenience only. Preprinted or referenced terms in a purchase order, vendor portal, onboarding platform, or similar document are rejected and shall not modify, amend, or supplement this Agreement unless expressly agreed in writing by an authorized representative of Vigilant Sec.
3. SUPPORT AND MAINTENANCE
3.1 Scope of Support. Vigilant Sec provides support services related to its proprietary cybersecurity solutions, as well as basic assistance with third-party software licenses resold or distributed by Vigilant Sec. Support services are provided based on the terms outlined in the applicable Binding Quote or SOW.
3.2 Support Channels. Customers can access support through the following channels:
Online Support Portal – Ticket-based support available 24/7.
Email Support – Support requests may be submitted via support@vigilantsec.com.
Dedicated Slack Channel – Available upon request no SLA associated.
Phone Support – Available for customers only when explicitly stated in quote or SOW.
3.3 Support Tiers and Response Times. Vigilant Sec provides tiered support levels with target response times based on the severity of the issue:/alert
Severity 1 (Critical Issue/Alert): Response within 4 hours.
Severity 2 (Major Issue/Alert): Response within 8 hours.
Severity 3 (Minor Issue/Alert): Response within 16 hours.
Severity 4 (General Inquiry or Informational Alert): Response within 24 hours.
Support is available 24/7 for all customers.
3.4 Service Uptime Commitment. Vigilant Sec commits to maintaining a monthly uptime of 99.9% for its solutions. If service availability falls below this threshold in a given month, Customer may be eligible for service credits as outlined below:
Monthly Uptime & Credit:
99.9% - 99.7% — No Credit
99.6% - 99.4% — 2 hours of service credit
99.3% - 99.1% — 4 hours of service credit
99.0% - 98.8% — 8 hours of service credit
98.7% - 98.5% — 1 day of service credit
Below 98.5% — 1 month of service credit
Service credits apply to the following month’s invoice and must be requested by the Customer within thirty (30) days of the qualifying downtime event. Credits are the sole remedy for service availability failures and do not apply to issues caused by force majeure events, planned maintenance, or Customer’s own network conditions.
4. CONFIDENTIALITY AND DATA OWNERSHIP
4.1 Mutual Confidentiality Obligations. Each party agrees to protect the other party's Confidential Information from unauthorized use or disclosure using at least the same degree of care it uses to protect its own confidential information, but no less than reasonable care. Confidential Information includes, but is not limited to, business plans, strategies, financial information, technical data, software, and any other non-public materials disclosed in connection with this Agreement. Confidentiality obligations with respect to ordinary Confidential Information will remain in effect for three (3) years following termination of this Agreement. Trade secrets are protected for as long as they remain trade secrets under applicable law.
4.2 Exclusions. Confidentiality obligations do not apply to information that:
Is publicly available or becomes publicly available through no fault of the receiving party.
Is independently developed without reliance on the disclosing party’s confidential information.
Is obtained lawfully from a third party without confidentiality obligations.
Is required to be disclosed by law, provided that the receiving party provides prompt notice and cooperates in seeking a protective order where applicable.
4.3 Data Ownership.
Customer Data: Customer retains all rights, title, and interest in and to Customer Data, including data in its original raw form generated by Customer's security appliances or systems. Such data remains Customer Data when directly shared with or transferred to Vigilant Sec in transit up until it is processed by the platform. Any data shared that is not processed by Vigilant Sec’s platform remains the property of the Customer.
Vigilant Sec Data: Data that is ingested, transformed, or processed by Vigilant Sec’s solutions, including telemetry data, security insights, metadata, and aggregated analytical information derived from Customer Data, becomes Vigilant Sec Data upon ingestion and transformation. Vigilant Sec retains full ownership and rights to Vigilant Sec Data, which may be used to enhance Vigilant Sec solutions and services, subject to applicable data protection laws.
Customer’s rights in Customer Data include the rights set forth in Section 8.6 (Data Portability; Return or Deletion of Customer Data).
4.4 Use of Data.
Vigilant Sec may process Customer Data solely for the purpose of delivering and improving its services, subject to applicable data privacy regulations.
Customer acknowledges that Vigilant Sec may use aggregated and anonymized security insights derived from Vigilant Sec Data to enhance overall cybersecurity capabilities.
4.5 Data Protection and Security Measures.
Both parties agree to implement reasonable administrative, technical, and physical safeguards to protect Confidential Information and Customer Data from unauthorized access, disclosure, or misuse.
Vigilant Sec shall maintain industry-standard security measures for data encryption, access controls, and incident response in accordance with applicable cybersecurity frameworks.
4.6 Compelled Disclosure. If a party is legally compelled to disclose Confidential Information, it shall provide prior written notice to the other party, unless legally prohibited, and shall limit disclosure to the minimum amount required by law.
4.7 Survival. The confidentiality obligations in this Section 4 survive termination of this Agreement for the periods stated in Section 4.1.
4.8 Residual Knowledge. Nothing in this Agreement restricts Vigilant Sec from using general skills, experience, ideas, concepts, know-how, methodologies, techniques, and residual knowledge retained in the unaided memory of its personnel, provided Vigilant Sec does not disclose Customer Confidential Information or use Customer Data in violation of this Agreement.
5. WARRANTIES AND DISCLAIMERS
5.1 Mutual Warranties. Each party warrants that it has the authority to enter into this Agreement and will comply with all applicable laws and regulations.
5.2 Vigilant Sec Warranty. Vigilant Sec warrants that its proprietary solutions will materially conform to the applicable documentation for the duration of the subscription term defined in the applicable Binding Quote or SOW. If a breach is reported during this period, Vigilant Sec will use commercially reasonable efforts to correct the issue.
5.3 Cybersecurity Disclaimer. Customer acknowledges and agrees that cybersecurity solutions, including those provided by Vigilant Sec, are intended to reduce, but cannot completely eliminate, the risk of cybersecurity incidents. Vigilant Sec does not guarantee that its solutions will detect, prevent, or respond to all cyber threats, breaches, attacks, or malicious activities.
5.4 Third-Party Software Disclaimer. Vigilant Sec provides third-party software "as-is," without warranties beyond those provided by the third-party vendor.
5.5 General Disclaimer. EXCEPT AS EXPRESSLY PROVIDED IN THIS AGREEMENT, VIGILANT SEC DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT
6. INDEMNIFICATION
6.1 Indemnification by Customer. Customer shall defend, indemnify, and hold Vigilant Sec harmless from any claims, damages, liabilities, or expenses arising from:
Customer's use of the solutions in violation of this Agreement;
Customer Data, systems, configurations, instructions, or materials provided to Vigilant Sec;
Customer's failure to comply with third-party software licensing terms;
Customer's violation of applicable law; or
Claims arising from Customer's business operations, products, services, employees, contractors, or end users.
6.2 Indemnification by Vigilant Sec. Vigilant Sec shall defend, indemnify, and hold Customer harmless from any claims that Vigilant Sec’s proprietary solutions infringe a third party’s intellectual property rights. If an infringement claim arises, Vigilant Sec may, at its option:
Modify the solutions to make them non-infringing.
Obtain a license for Customer to continue using the solutions.
Terminate the affected solutions and provide a prorated refund.
6.3 Exclusions. Vigilant Sec is not liable for claims based on unauthorized modifications, third-party software, or use of the solutions outside of the permitted scope.
6.4 Indemnification Procedure. The party seeking indemnification must: (a) promptly notify the indemnifying party in writing of the claim; (b) give the indemnifying party sole control over defense and settlement; and (c) provide reasonable cooperation. The indemnifying party may not settle any claim in a manner that imposes material obligations or liability on the indemnified party without prior written consent.
7. LIMITATION OF LIABILITY
7.1 Liability Cap. EXCEPT FOR INDEMNIFICATION OBLIGATIONS, NEITHER PARTY’S TOTAL AGGREGATE LIABILITY SHALL EXCEED THE AMOUNTS PAID BY CUSTOMER TO VIGILANT SEC IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM.
7.2 Exclusions. IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFITS, DATA, OR BUSINESS INTERRUPTION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
7.3 Force Majeure. Neither party shall be liable for delays or failures in performance caused by events beyond its reasonable control, including natural disasters, acts of government, labor disputes, pandemics, or failures of third-party infrastructure providers outside the party's reasonable control. This provision does not excuse Vigilant Sec from its core obligations to monitor, detect, and respond to threats against Customer's environment unless Vigilant Sec's own infrastructure is materially and unavoidably affected by an event outside its reasonable control.
8. TERM AND TERMINATION
8.1 Term. This Agreement shall remain in effect for the agreed-upon initial term and any subsequent renewal terms, as specified in the applicable Binding Quote or SOW, or for as long as Customer maintains an active subscription or continues to use Vigilant Sec's solutions.
8.2 Auto-Renewal. Unless otherwise stated in the applicable Binding Quote or SOW, subscriptions renew automatically for successive renewal terms equal in duration to the expiring term, unless either party provides written notice of non-renewal to the other party at least thirty (30) days before the end of the then-current term. Renewal fees are billed at Vigilant Sec's then-current pricing unless a fixed renewal rate is specified in the Binding Quote or SOW. Vigilant Sec will use reasonable efforts to provide Customer with advance notice of an upcoming auto-renewal at least thirty (30) days prior to the renewal date.
8.3 Termination for Cause. Either party may terminate this Agreement upon thirty (30) days’ written notice if the other party materially breaches the Agreement and fails to cure such breach within that period.
8.4 Termination for Convenience. Customer may terminate this Agreement upon ninety (90) days’ written notice, provided that Customer pays Vigilant Sec in full all outstanding fees or payments associated with the entire remaining term of the Agreement, unless otherwise mutually agreed in writing by both parties.
8.5 Effect of Termination. Upon termination, Customer shall immediately cease all use of Vigilant Sec's solutions and any related third-party software. All outstanding fees shall become immediately due and payable, and Customer must provide written certification of the deletion or destruction of any software or confidential materials provided under this Agreement, except as otherwise provided under Section 8.6 (Data Portability; Return or Deletion of Customer Data).
8.6 Survival. Provisions relating to Confidentiality, Indemnification, Limitation of Liability, payment obligations, and any other terms that, by their nature, are intended to survive termination shall continue to remain in full force and effect following termination.
9. CUSTOMER RESPONSIBILITIES
9.1 Customer is responsible for: (a) maintaining appropriate backups, business continuity, disaster recovery, and restoration capabilities; (b) providing timely access, credentials, logs, telemetry, and designated technical contacts required for the services; (c) maintaining supported systems and current third-party licenses within scope; (d) implementing reasonable security recommendations made by Vigilant Sec in a timely manner; (e) identifying regulated data, critical systems, operational constraints, and legal requirements that may affect the services, including any systems where containment or configuration changes may create safety, operational, legal, or business-continuity risk; (f) making all legal, regulatory, business, and risk decisions based on Vigilant Sec's technical findings; and (g) ensuring that Customer's systems, data, and configurations comply with applicable law and do not expose Vigilant Sec to liability arising from Customer's own operations.
9.2 Vigilant Sec's ability to perform the services is dependent on Customer's timely cooperation. Delays or failures by Customer to meet its responsibilities may affect service delivery, and Vigilant Sec shall not be responsible for service degradation resulting from Customer's failure to cooperate.
10. RULES OF ENGAGEMENT AND CHANGE MANAGEMENT
10.1 Default Rules of Engagement. Subject to the specific terms of any applicable Binding Quote or SOW, Vigilant Sec may take the following actions within the agreed technical scope without prior Customer authorization, where Vigilant Sec determines in good faith that such action is necessary to reduce active or imminent security risk: (a) disabling or resetting compromised credentials; (b) blocking malicious network activity or IP addresses; (c) isolating suspected compromised endpoints from the network; (d) removing confirmed malware, unwanted programs, or malicious files; and (e) applying security configuration changes to reduce confirmed active risk.
10.2 Critical Systems Identification. Customer must identify in writing, prior to or at the commencement of services, any critical systems, production environments, operational technology (OT), or other systems where isolation, account disabling, or configuration changes may create safety, operational, legal, or business-continuity risk ("Critical Systems"). Vigilant Sec will use commercially reasonable efforts to consult with Customer-designated contacts before taking containment actions on identified Critical Systems. Absent written identification of Critical Systems, Vigilant Sec may treat systems within scope as eligible for standard containment actions, and Customer assumes responsibility for any business impact of good-faith containment actions on unidentified systems.
10.3 Time-Sensitive Containment. Customer acknowledges that time-sensitive containment actions may be necessary to limit harm during an active security incident. Vigilant Sec will use commercially reasonable efforts to notify Customer-designated contacts before or promptly after taking containment actions, but prior authorization may not be possible in every circumstance.
10.4 Change Requests. Any material change to the scope of services, covered systems, access credentials, or service configuration must be submitted by Customer in writing (including via email to the designated Vigilant Sec contact) and acknowledged in writing by Vigilant Sec before implementation. Changes that affect fees, service scope, or material service terms require a mutually executed amendment or updated Binding Quote. Verbal change requests are not binding on Vigilant Sec.
10.5 No Breach or Legal Determination. Vigilant Sec may assist Customer with technical investigation, triage, containment, and reporting of security events within the scope of the applicable SOW. Vigilant Sec is not responsible for determining whether a security event constitutes a reportable breach, privacy incident, legal claim, regulatory violation, or notifiable event. Customer is responsible for all legal determinations, regulatory notifications, affected-individual notices, law-enforcement notifications, public communications, and engagement of breach counsel, unless expressly agreed in a separate written agreement.
10.6 Incident Response Scope Limitation. Unless expressly stated in the applicable SOW, the services do not include full forensic imaging, onsite incident response, malware reverse engineering, eDiscovery, expert witness services, litigation support, public relations, regulatory notification, business restoration, disaster recovery, backup restoration, or operation of Customer's business systems.
11. PUBLICITY AND CUSTOMER REFERENCE
11.1 Mutual Restrictions. Neither party may use the other party's name, logo, trademarks, or service marks in any public-facing marketing, press release, case study, or public statement regarding the parties' relationship without the other party's prior written consent.
11.2 Vigilant Sec Reference Rights. Upon Customer's written consent, Vigilant Sec may identify Customer as a customer in marketing materials, website listings, case studies, or industry presentations, including use of Customer's name and logo for such purposes. Customer may revoke any prior consent upon written notice to Vigilant Sec, and Vigilant Sec will promptly remove or discontinue any Customer identification upon receipt of such notice.
11.3 Internal Records. Vigilant Sec may identify Customer as a customer in internal records, business development materials, and investor or financial reporting without requiring separate consent.
11.4 Factual Representations. Neither party shall make any public statement that misrepresents the nature of the parties' relationship, the services provided, or the other party's capabilities.
12. INTELLECTUAL PROPERTY
12.1 Vigilant Sec IP. Vigilant Sec retains all rights, title, and interest in and to its platform, software, tools, scripts, detections, rules, playbooks, workflows, templates, methodologies, know-how, ideas, concepts, techniques, and improvements, including those developed or refined in connection with the services. No rights are granted to Customer except as expressly stated in this Agreement.
12.2 Customer Deliverables. Customer may use reports and deliverables prepared specifically for Customer under an applicable SOW for Customer's internal business and security purposes. Vigilant Sec retains all rights in any pre-existing materials, tools, templates, software, or methodologies incorporated into or used to generate such deliverables.
13. ASSIGNMENT
Neither party may assign this Agreement or any rights or obligations hereunder without the other party's prior written consent, not to be unreasonably withheld, conditioned, or delayed, except that either party may assign this Agreement without consent to an affiliate or in connection with a merger, reorganization, acquisition, sale of substantially all of its assets, or change of control, provided the assignee assumes all of the assigning party's obligations under this Agreement. Any purported assignment in violation of this section is void.
14. GOVERNING LAW AND DISPUTE RESOLUTION
14. GOVERNING LAW AND DISPUTE RESOLUTION
14.1 Governing Law. This Agreement is governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of laws principles.
14.2 Dispute Resolution. The parties agree to first attempt to resolve any dispute arising under this Agreement through good-faith negotiation between senior representatives of the parties for a period of thirty (30) days following written notice of the dispute before initiating formal proceedings.
14.3 Jurisdiction and Venue. The parties consent to the exclusive jurisdiction and venue of the state and federal courts located in the State of Delaware for any dispute arising under this Agreement.
14.4 Injunctive Relief. Nothing in this section prevents either party from seeking emergency injunctive or other equitable relief from any court of competent jurisdiction to prevent irreparable harm.
15. GENERAL PROVISIONS
15.1 Entire Agreement. This Agreement, together with any applicable Binding Quote, SOW, data processing addendum, business associate agreement, or other regulatory schedule, constitutes the entire agreement between the parties with respect to its subject matter and supersedes all prior and contemporaneous agreements, representations, and understandings. In the event of a conflict: (1) any mutually executed data processing addendum, business associate agreement, or other regulatory schedule controls solely with respect to its subject matter; (2) the applicable Binding Quote or SOW controls with respect to its specific commercial terms and scope; and (3) this Agreement controls in all other respects.
15.2 Amendments. This Agreement may not be amended except by a written instrument signed by authorized representatives of both parties. No purchase order, vendor portal term, click-through term, or course of dealing shall modify this Agreement unless expressly signed by an authorized representative of Vigilant Sec.
15.3 Waiver. Failure by either party to enforce any provision of this Agreement does not constitute a waiver of future enforcement of that or any other provision.
15.4 Severability. If any provision of this Agreement is found to be invalid or unenforceable, the remaining provisions remain in full force and effect, and the invalid or unenforceable provision will be modified to the minimum extent necessary to make it valid and enforceable.
15.5 Notices. All formal notices under this Agreement must be in writing and delivered by email (with confirmation of receipt), certified mail, or nationally recognized overnight courier to the addresses specified in the applicable Binding Quote or SOW, or to legal@vigilantsec.net for notices to Vigilant Sec.
15.6 No Third-Party Beneficiaries. This Agreement does not create any third-party beneficiary rights.
15.7 Relationship of Parties. The parties are independent contractors. Nothing in this Agreement creates a partnership, joint venture, agency, franchise, or employment relationship between the parties
16. DATA PORTABILITY; RETURN OR DELETION OF CUSTOMER DATA
16.1 Data Return Request. Upon expiration or termination of this Agreement for any reason, Customer may, by written request made within thirty (30) days after such expiration or termination, require Vigilant Sec to export and deliver all Customer Data in its possession or control in a commonly used, machine-readable format (such as CSV, JSON, XML, or another industry standard format) ("Return Data").
16.2 Delivery & Costs. Vigilant Sec shall deliver the Return Data within thirty (30) days after receipt of the written request, via secure transmission or other mutually agreed method. Customer shall reimburse Vigilant Sec for reasonable costs (including labor, storage, and transmission) incurred in preparing and delivering the Return Data, provided Vigilant Sec supplies a written cost estimate in advance and obtains Customer’s written approval.
16.3 Retention and Customer-Requested Destruction. Following delivery of Return Data (or following expiration of the thirty (30) day request period if no Return Data request is made), Vigilant Sec may retain Customer Data as necessary for legal, regulatory, audit, security, compliance, backup, and disaster recovery purposes, and as otherwise required or permitted by applicable law. Vigilant Sec shall delete or destroy Customer Data upon Customer's written request, subject to any retention obligations imposed by law or legitimate legal-defense requirements. Retained data remains subject to the confidentiality and data-protection obligations of this Agreement.
16.4 Non‑obligation for Unexportable Data. If certain data cannot reasonably be exported (due to technical limitations, third‑party license restrictions, or irretrievable deletion per retention policies), Vigilant Sec shall notify Customer in writing and provide the portion of data that is exportable.
16.5 Fees for Extended Storage. If Customer fails to request Return Data within the period above or requests extended storage beyond such period, Vigilant Sec may charge a storage and access fee as set forth in a separate schedule or SOW.
16.6 Confidentiality & Security. Vigilant Sec shall securely handle Return Data during export and transmission and shall maintain confidentiality in accordance with Section 4.
16.7 Survival. The rights and obligations in this Section 8.6 shall survive termination or expiration of this Agreement.