This Solution Addendum for SentinelOne Acquired Products (“Acquired Products Addendum”) is between SentinelOne, Inc. (“SentinelOne”) and the customer (“Customer”) who has a governing agreement, which apply to services and the SentinelOne Acquired Products, in place with SentinelOne and the Customer who purchased a subscription to the SentinelOne Acquired Products (as defined below) and/or any Other SentinelOne Services and Products (as defined below) in a Purchase Order or is Evaluating the SentinelOne Acquired Products all of which are subject to the applicable agreements located at https://www.sentinelone.com/legal/ or similar terms (collectively “Agreement”). Capitalized terms defined in herein shall apply to this Acquired Products Addendum and capitalized terms not defined herein shall have their meaning as defined in the Agreement.

To the extent this SentinelOne Acquired Products Addendum conflicts with the Agreement, this Agreement shall control.

I. DEFINITIONS, LICENSE AND SCOPE

1. DEFINITIONS

1.1. “SentinelOne Acquired Products” means products that SentinelOne has recently acquired through merger or acquisition which may have specific terms agreed to by Customer that are inconsistent with the Agreement. SentinelOne recently acquired PingSafe Pte ltd and is now offering their products. These products include, without limitation, Cloud Native Security: Foundation and Cloud Native Security: Pro and SentinelOne reserves all rights with final product naming and offering which may be subject to change (collectively, “CNAPP”). Notwithstanding, the following terms supersede terms within the Agreement.

1.2. “Documentation” means SentinelOne’s then-current published documentation currently specific to the SentinelOne Acquired Products such as technical user guides, installation instructions, specifying the functionalities of the Solutions and made available by SentinelOne to when and if available. Regarding CNAPP, Documentation is https://docs.pingsafe.com/.

1.3. “SentinelOne Services” means Support, Technical Account Management or other services related to SentinelOne Acquired Products.

1.4. “Singularity Platform” means SentinelOne’s singularity platform including its malware protection, detection and remediation solutions, endpoint detection and response solutions, device discovery and control solutions, identity and directory management security solutions, and other solutions offered by SentinelOne over time, directly or through a Partner, together with the software underlying such products and services and any Enhancements.

1.5. “Singularity Support” means services related to the SentinelOne Acquired Products, software tools and/or applications from SentinelOne, including but not limited to support services.

2. LICENSE AND SCOPE

2.1. Scope. The terms herein govern SentinelOne Acquired Products only. When and if available, SentinelOne may notify you through release notes, customer success or other reasonable communication channels that services and offerings related to SentinelOne Acquired Products are available with the same terms as offered for the Singularity Platform, Singularity Support, and related terms. To the extent these terms herein are silent, the terms of the Agreement shall apply to the SentinelOne Acquired Products.

2.2. Documentation. All use of the Acquired Products shall be in accordance with the then-current Documentation.

2.3. License Grant. Subject to Customer’s compliance with the terms and conditions of this Agreement, SentinelOne hereby grants Customer a worldwide, non-transferable, non-exclusive license during the Subscription Term or any Evaluation Period to access, use, execute, install (as provided for by the applicable Purchase Order), store, and display the SentinelOne Acquired Products (including Enhancements) solely in support of Customer’s (and Customer’s Affiliate(s)) internal business and security and operations, in accordance with the Documentation describing the permissible use of the Acquired Product (“License”). The License granted herein is limited to the meter and quantity described in the Purchase Order.

2.4. License Restrictions. Except as expressly authorized by these terms, Customer shall not do any of the following: (i) modify, disclose, alter, translate, or create derivative works of the SentinelOne Acquired Products (or any components thereof) or any accompanying Documentation; (ii) license, sublicense, resell, distribute, lease, rent, lend, transfer, assign, or otherwise dispose of the SentinelOne Acquired Products (or any components thereof) or any Documentation; (iii) use the SentinelOne Acquired Products other than as permitted under these terms, as directly related to Customer’s internal business operations and in conformity with the Documentation, and not otherwise use the SentinelOne Acquired Products for any other commercial or business use, including without limitation by offering any portion of the SentinelOne Acquired Products as benefits or services to third parties; (iv) use the SentinelOne Acquired Products or upload Customer Data in violation of any laws or regulations, including without limitation to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or material in violation of third-party privacy rights; (v) use the SentinelOne Acquired Products to store, transmit, or test for any viruses, software routines, or other code designed to permit unauthorized access, disable, erase, or otherwise harm software, hardware, or data, or to perform any other harmful actions; (vi) probe, scan, or test the efficacy or vulnerability of the SentinelOne Acquired Products, or take any action in an effort to circumvent or undermine the SentinelOne Acquired Products, except for the legitimate testing of the SentinelOne Acquired Products in coordination with SentinelOne, in connection with considering a subscription to the SentinelOne Acquired Products as licensed herein; (vii) attempt to or actually disassemble, decompile, or reverse engineer, copy, frame, or mirror any part or content of the SentinelOne Acquired Products, or otherwise derive any of the SentinelOne Acquired Products’ source code; (viii) access, test, and/or use the SentinelOne Acquired Products in any way to build a competitive product or service, or copy any features or functions of the SentinelOne Acquired Products; (ix) interfere with or disrupt the integrity or performance of the SentinelOne Acquired Products; (x) attempt to gain unauthorized access to the SentinelOne Acquired Products or their related systems or networks or fail to maintain commercially reasonable technical and organizational measure to secure its login information; (xi) disclose to any third party or publish in any media any performance information or analysis relating to the SentinelOne Acquired Products; (xii) fail to maintain all copyright, trademark, and proprietary notices on the SentinelOne Acquired Products and any permitted copy thereof; (xiii) upload, manage, or process any Special Information in the SentinelOne Acquired Products; or (xiv) cause or permit any SentinelOne Acquired Products user or third party to do any of the foregoing.

II. CNAPP SUPPORT TERMS AND UPTIME.

The support and uptime terms within the Agreement shall apply only to the extent consistent with the terms below. Where support services and uptime availability terms in the Agreement conflict with these CNAPP Support Terms and Uptime, the CNAPP Support Terms and Uptime shall control with respect to CNAPP.

1. DEFINITIONS.

1.1. “Interoperability” means a Malfunction caused by an interoperation of CNAPP with a software component at Customer's environment.

1.2. “Malfunction” means any error or other condition that prevents the CNAPP from performing substantially in accordance with the operating specifications in the then current Documentation, but excluding Interoperability caused by a Malfunction Exception.

1.3. “Response” means SentinelOne personnel response in-application response to a designated Customer contact acknowledging receipt of the Initial Support Request.

1.4. “Malfunction Exception” means CNAPP component Malfunction caused by, related to or arising out of any abuse, misuse or unauthorized use of the CNAPP by Customer, or any unauthorized combination of CNAPP any software or hardware components, or other item not reasonably expected to be combined with and/or interoperate with the CNAPP or an interoperability beyond SentinelOne’s reasonable control.

1.5. “CNAPP Availability” means the ability to access CNAPP through a web-browser.

1.6. “Support Plans” are intentionally omitted for CNAPP.

1.7. “Support Hours” means 9x5 (business hours in IST) during weekdays.

1.8. “Version” means the generally available release of CNAPP as designated in accordance with Documentation.

2. SCOPE OF SUPPORT SERVICES

2.1. SentinelOne provides support Services for the most current version of CNAPP (including all Resolution thereof). Provided Customer follows all terms and has paid all applicable fees, SentinelOne will provide Support Services herein.

2.2. Support Services consist of reasonable web, in-application and email support and Resolutions when possible. Support Services provided via email shall be used solely for ongoing communication between SentinelOne and Customer to address open support tickets and shall not be used to generate new support tickets. Support Services do not include (i) support with respect to Malfunction Exception, or (ii) any monitoring and/or incident response services. SentinelOne has no obligation to develop any particular Resolutions, and products/solutions marketed by SentinelOne as separate products, or as upgrades for which additional fee is generally charged, are not considered a Resolution.

3. SUPPORT SERVICE PROCESS

3.1. Customer Responsibilities. Before contacting SentinelOne with an Initial Support Request or with a suspected Malfunction, Customer undertakes to: (i) analyze the Malfunction to determine if it is the result of Customer’s misuse, the performance of a third party or some other Malfunction Exception or cause beyond SentinelOne’s reasonable control, (ii) ascertain that the Malfunction can be replicated, and (iii) collect and provide to SentinelOne all relevant information relating to the Malfunction.

3.2. SentinelOne Response. Upon receiving Customer’s Initial Support Request, SentinelOne’s qualified personnel will use commercially reasonable efforts to provide a Response within the Response Time detailed in the Priority levels and communication channels detailed in the table below. The Support Personnel will reach out to relevant Customer employee to resolve the issue.

3.3. Support Services Workflow. SentinelOne will use commercially reasonable efforts to provide Customer with a Resolution within a reasonable time after receiving an Initial Support Request. In providing Support Services, SentinelOne support or engineering personnel may interact with the Customer's CNAPP instance, review application data within such instance and otherwise exchange relevant information with Customer as needed to provide such Support Services.

3.4. Remedies. The remedies set forth herein are Customer’s sole and exclusive remedy with respect to any Malfunction. SentinelOne has no obligation to provide Support Services, Resolution with respect to any Malfunction Exception.
Priority Levels and Response Times.

PRIORITY DEFINITION RESPONSE TIME
1 - Urgent Customer’s native services are negatively impacted by CNAPP 1 hour from in-app submission
2 - High Customer is unable to access CNAPP at all 3 hours from in-app submission
3 - Normal General inquiries and feedback on results Support personnel discretion

III. CNAPP PRIVACY AND SECURITY.

The privacy and security terms within the Agreement shall apply only to the extent consistent with the terms below. In the event of a conflict between the privacy and security terms of the Agreement and this Section, this CNAPP Privacy and Security Section shall control with respect to CNAPP.

1. DEFINITIONS.

1.1. “Applicable Privacy Law” means, as applicable to the processing of Customer Personal Data, any national, federal, state, provincial, or other privacy, data security, or data protection law or regulation.

1.2. “Customer Data” means data processed by SentinelOne on behalf of Customer via Customer’s use of CNAPP.

1.3. “Customer Personal Data”, if not defined in the Agreement, means the Personal Data contained with the Customer Data.

1.4. “Data Protection Addendum”, if not defined in the Agreement, means the then-current terms describing data processing and security obligations with respect to Customer Data, available at https://www.sentinelone.com/legal/data-protection-addendum/.

1.5. “EU GDPR” means EU General Data Protection Regulation 2016/679.

1.6. “Personal Data” has the meaning given by Applicable Privacy Law or, absent such meaning or law, by the EU GDPR.

1.7. “Processing” has the meaning given by Applicable Privacy Law or, absent any such meaning or law, by the EU GDPR.

2. Data Privacy. SentinelOne will store, and otherwise process Customer Data, including any Personal Data contained therein, in accordance with the Data Protection Addendum.

3. Data Security. SentinelOne has implemented and will maintain technical, organizational, and physical measures designed to protect Customer Data, as further described in the Data Protection Addendum.

4. Data Hosting and Processing. Customer Data shall be hosted exclusively in India, may not be migrated from India, but may be processed in any location in which SentinelOne Subprocessors, including SentinelOne affiliates, are located, as set forth at https://www.sentinelone.com/legal/sentinelone-sub-processors/ (as may be updated by SentinelOne from time to time in accordance with the Agreement).

5. Categories of Personal Data Processed. SentinelOne may process the following categories of Customer Personal Data in connection with CNAPP, all to the extent where considered Personal Data under Applicable Privacy Law):
- Uniquely identifying data, including name and business email
- Cloud activity, configuration, vulnerabilities, and usage data
- Network and network usage data
- Unstructured data provided to SentinelOne by Customer in furtherance of CNAPP.

6. Special Categories of Personal Data Processed. CNAPP is not intended to process special categories of Personal Data, and special categories of Personal Data are not required to deliver CNAPP to Customer. Notwithstanding the foregoing, SentinelOne may come into contact with Customer passwords through the provision of CNAPP, which may be considered Sensitive Personal Data under Applicable Privacy Law.