Commvault Master Terms & Conditions

Commvault’s industry-leading Intelligent Data Services Platform empowers businesses to store, protect, optimize, and use data, wherever it lives. Delivering the ultimate
in simplicity and flexibility, the Intelligent Data Services Platform is available as a license, term-based subscription, integrated appliance, or software-as-a-service.

1. Solutions. These Master Terms and Conditions (the “Terms”) apply to Solutions are provided “as is” and without representation, warranty, liability or
Customer’s use of Commvault’s software or software-as-a-service (together, indemnification obligations. Commvault is under no obligation to retain
the “Solutions).” Customer data during a Trial. Customer will uninstall and destroy or return any
Solution upon expiration of a Trial. To the extent a Trial includes hardware and
(a) Software. These terms apply to Commvault’s on-premise software hard drives (together, the “Hardware”), Customer agrees to return the entirety
(“Software).” of the Hardware in the same working condition upon expiration of the Trial or
pay Commvault’s then-current fees for the Hardware or any damage thereto.
(b) Software-as-a-Service. These terms apply to Commvault’s Metallic Additionally, and to the extent a Trial is a “Try and Buy,” Customer shall issue
“SaaS Solution.” acceptance and a purchase order for the Solution prior to shipment of the
Hardware for the Trial. If Customer has good reason to reject the Solution
2. Customer Use. Customer is responsible for ensuring that it maintains and during the Trial, Customer shall arrange for the return of the Solutions within
operates the information technology infrastructure from which the Solutions five (5) days of expiration of Trial (the “Return Period”). If Customer has not
copy, back up, maintain, and transfer Customer’s data including databases, returned the Solutions during the Trial or Return Period, the Solutions and/or
applications, files, software, computers, servers, network hardware, or any Hardware shall be deemed accepted and purchased.
other device (collectively, the “Customer Environment”) and determining
whether the Solutions meet Customer’s technical, business or regulatory 6. Diagnostics & Feedback. Commvault may collect or receive: (i) technical
requirements. Commvault will cooperate with Customer’s efforts to determine data, such as logs, reports and error messages, (ii) limited personal data, such
whether use of the Solutions is consistent with those requirements. Customer’s as names and business contact details, (iii) reports and surveys regarding
shall not: (i) interfere with the proper working of the Solutions or, if applicable, Customer’s use of the Solutions which may include geolocation data
impose an unreasonably large load on Commvault’s infrastructure; (ii) copy, (“Reporting”), and (iv) network architecture or security threat data
modify, disassemble, decompile or reverse engineer any part of the Solutions (collectively, “Diagnostic Data”) through the Solutions. Reporting may be
or apply any other process or procedure to derive source code or functionality disabled by Customer at any time via the dashboard. Further, Customer may
of any software included in the Solutions; (iii) violate or infringe upon any provide Commvault with reports, comments, suggestions or ideas relating to
third-party right, including any intellectual property right or right of privacy; the Solutions (“Feedback”). Customer agrees Commvault is free to disclose and
(iv) initiate a denial of service attack, software viruses or other harmful or use any Feedback, and derivatives thereto, and Customer does not obtain any
deleterious computer code, files or programs; (v) use the Solutions in order to intellectual property or any other right, title or interest in or to any aspects of
build a similar or competitive application or service; or (vi) violate any the Solutions. Customer grants Commvault a worldwide, non-exclusive,
applicable laws. royalty-free, fully-paid up, transferable and sublicensable right to use,
reproduce, and modify Diagnostic Data in an anonymized manner.
3. Intellectual Property. Commvault delivers great value to its Customers
through its intellectual property. Customer agrees that Commvault-owned or 7. Confidentiality. By the nature of Commvault’s services, Commvault and its
licensed hardware, software, code, trademarks, trade secrets, proprietary Customers regularly share confidential, proprietary information with each
methods and systems used to provide the Solutions (collectively, the other. “Confidential Information” means any and all information and material
“Commvault Technology”) and the content made available or displayed by disclosed by one party (the “Discloser”) to the other party (the “Recipient”)
Commvault through the Solutions, including all text, graphics, images, trade including but not limited to Customer Data, trade secrets, know-how,
names, service marks, product names, and the look and feel of the Solutions inventions, techniques, processes, programs, ideas, algorithms, formulas,
(collectively, the “Commvault Content”) are owned by or licensed to schematics, testing procedures, software design and architecture, computer
Commvault. Other than the authorizations or licenses expressly granted by code, internal documentation, design and functional specifications, product
Commvault to Customer in these Terms, no assignment or other transfer of requirements, problem reports, performance information, documents, and other
ownership shall be conferred or vest in and to the Commvault Technology or technical, business, product, marketing, customer, financial information, or any
the Commvault Content to Customer, either by implication, estoppel, or other information the Recipient knows or ought to is confidential due to its
otherwise. nature. Recipient shall hold all Confidential Information in strict confidence
and take the same degree of care that it uses to protect its own confidential
4. Professional Services. Commvault may provide “Professional Services” which information (but in no event less than reasonable care) to protect the
may be further described in a separate document. Customer acknowledges that confidentiality thereof. Confidential Information does not include information
all right, title and interest to any and all work or work products developed or that (i) is or becomes generally known by the public, (ii) was or becomes
produced during the performance of Professional Services are the sole property available to a party on a non-confidential basis from a person not otherwise
of Commvault. “Work or work product” means all ideas, concepts, know-how, bound by the Terms of Service or is not otherwise known to be prohibited from
techniques, inventions, discoveries, improvements, secret processes, trade transmitting the information, or (iii) is independently developed by the parties,
secrets, trademarks, patentable, copyrightable subject matter or any other work provided that the party claiming an exception shall have the burden of
developed or produced during the performance of the Professional Services, establishing such exception.
whether individually by Commvault or jointly with Customer. Customer is
solely responsible for the protection of its legacy data during any Professional 8. Termination. Commvault may, upon reasonably practicable and lawfully
Services engagement. Commvault shall, at its own expense, purchase and permitted notice, suspend or terminate Customer’s access to the Solutions or
maintain insurance for the duration of any Professional Services engagement. Professional Services, in whole or in part, for the following reasons: (i) a
To the extent permitted by law and except for general employment solicitation significant threat to the security or integrity of the Solutions, including if
practices, Customer agrees that it will not solicit for employment, or employ Customer’s registration information is inaccurate or incomplete, or if Customer
directly or indirectly, any employee of Commvault involved in a Professional fails to maintain the security of its access credentials; (ii) Customer has
Services engagement during such engagement, or for a period of twelve (12) materially breached these Terms; or (iii) any amount due under these Terms is
months thereafter, without Commvault’s consent. Customer acknowledges that not received by Commvault within fifteen (15) days after it was due.
the Professional Services will not customize or alter the value or functionality Commvault will use reasonable efforts to reestablish Customer’s access to the
of any Software and no development activity will be included as part of Solutions promptly after Commvault determines that the issue causing the
Professional Services. Acceptance of any Software is not contingent upon the suspension has been resolved. Any suspension under this section shall not
performance of the Professional Services. excuse Customer’s obligation to make payments under these Terms. Either
party may terminate these Terms immediately if the other party materially
5. Free Solutions. Commvault may provide Customers with a thirty (30)-day free breaches its obligations hereunder, and such breach remains uncured for thirty
trial or evaluation of the Solutions for non-production purposes (a “Trial”). (30) days following written notice to the breaching party. These Terms shall
Commvault may deactivate the Trial upon written notice. The Trial and related terminate immediately, where either party is declared insolvent or adjudged
bankrupt by a court of competent jurisdiction or a petition for bankruptcy or
1
 reorganization or an arrangement with creditors is filed by or against that party against third-party claims arising out of, or related to, any unauthorized, third-
and is not dismissed within sixty (60) days. party access that results in compromise of unencrypted Customer data backed
up by the Solutions to the extent such access or compromise was caused by
9. Effect of Termination. Customer is responsible for preserving its data upon Commvault, provided Customer shall give Commvault prompt written notice
termination or expiration of these Terms. In the event of termination or of such claim and Commvault shall have the authority to control the defense of
expiration of these Terms: (i) all rights and licenses to the Solutions and related the claim by counsel of its choice. In the event Customer seeks indemnification
materials shall immediately cease; (ii) Customer shall promptly pay from Commvault pursuant to this provision, Customer’s remedies shall be
Commvault any fees due and payable through the date of termination; (iii) limited to actual and direct damages, excluding fines. This indemnification is
Customer shall uninstall and destroy or return the applicable Solution, and (iv) conditioned on Customer partnering with Commvault during any investigation
Commvault may delete any Customer data Commvault has access to sixty (60) of potential or actual data compromises or breaches, including remediation
days following such termination or expiration. Customers who require a long efforts.
data retention period post termination or expiration must notify Commvault
before the expiration of such sixty (60) day period and pay the then-current fees 11.3 Customer Indemnification. Customer shall indemnify, defend and
to preserve Customer data. hold harmless Commvault, its officers, directors, employees and agents, from
and against claims, losses, damages, liabilities, costs, and expenses (including
10. Commvault Warranty. Commvault warrants that the Solutions, Professional reasonable attorneys’ fees), awards, fines, or settlements arising from or
Services, support and maintenance shall be provisioned and performed in a relating to Customer’s: (i) misuse of the Solutions, (ii) failure to meet
diligent, prompt and professional manner by personnel with the requisite reasonable privacy and security obligations; (iii) misappropriation or
knowledge, skills expertise and training. Any Professional Services that are not infringement of a third-party’s intellectual property rights; or (iv) violation of
of a professional quality shall be corrected by Commvault without charge, applicable law or regulation, including without limitation, data protection laws.
provided Customer gives Commvault written notice within fifteen (15) days Customer’s indemnification obligations include claims arising out of the acts or
upon completion. Commvault shall have a reasonable period of time, based on omissions of its contractors, employees, customers or end users, any person to
the severity and complexity of the defect, to correct the Professional Services. whom Customer grants access to the Solutions or its data, and any person who
Commvault shall not be obligated to correct Professional Services if such defect gains access to the Solutions or its data other than as a result of Commvault’s
is the result of Customer’s actions or omissions. If Commvault is unable to actions.
correct the defect to Customer’s reasonable satisfaction, Customer shall have
no obligation to pay for the defective Professional Services. Commvault further 11.4 Limitation. Except as otherwise provided for herein or by
warrants that it will comply with applicable law and the Solutions do not applicable law, the aggregate liability of each party for all claims under these
knowingly infringe upon any third-party’s intellectual property rights. Except Terms is limited to direct damages up to the amount paid for the Solutions or
as otherwise stated in any product-specific terms, the Solutions are provided Professional Services during the twelve (12) months before the cause of action
“as is” without representation or warranty, whether express, implied or arose; provided, that in no event will a party's aggregate liability exceed the
statutory. Commvault specifically disclaims any implied warranties of amount paid for the Solutions during the Term.
merchantability, fitness for a particular purpose, non-infringement, title and
quiet enjoyment or from a course of dealing, course of performance or usage in 11.5 No Special or Punitive Damages. Neither party will be liable for
trade. Commvault and its licensors do not warrant that the Solutions will run loss of revenue or indirect, special, incidental, consequential, punitive, or
properly in all IT environments, be uninterrupted or error-free, meet Customer’s exemplary damages, or damages for lost profits, revenues, business
needs or requirements, or guarantee compliance with specific law. interruption, or loss of business information, even if the party knew they were
possible or reasonably foreseeable.
11. Limitation of Liability, Indemnification and Remedies.
12. General Provisions.
11.1 Commvault Intellectual Property Indemnification. Commvault
is proud of the Solutions it builds and takes seriously the protection of our 12.1 Export Controls and Trade Sanctions Compliance. Customer’s
Customers’ intellectual property and data. Commvault will indemnify, defend use of the Solutions is subject to compliance with U.S. and other applicable
and hold Customer harmless against third-party claims that Commvault’s export control and trade sanctions laws, rules and regulations, including without
proprietary technology or intellectual property within the Solutions infringes limitation, the U.S. Export Administration Regulations, administered by the
any validly issued patent, trademark or copyright, provided Customer shall give U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) and
Commvault prompt, written notice of any such claim and Commvault shall have U.S. trade sanctions, administered by the U.S. Department of the Treasury’s
the authority to control the defense and settlement of the claim with counsel of Office of Foreign Assets Control (“OFAC”) (collectively, “Export Control
its choice. Notwithstanding the foregoing, Commvault shall have no liability Laws”). Customer acknowledges that the Solutions may not be available in all
for any claim arising from: (i) any modification to the Solutions other than by jurisdictions and that Customer is solely responsible for complying with
Commvault; (ii) use of an outdated or discontinued versions of the Solutions; applicable Export Control Laws related to the manner in which Customer
(iii) use of the Solutions in combination with any products or services not chooses to use the Solutions, including Customer’s transfer and processing of
provided or authorized by Commvault; (iv) use of the Solutions in violation of its data (if applicable) and the region in which any of the foregoing occur.
these Terms; (v) Commvault’s compliance with Customer’s designs,
specifications, or instructions; or (vi) any claim for which Customer is obligated 12.2 U.S. Government End User Provisions. Commvault provides the
to indemnify Commvault. In the event the Solutions or any portion, becomes, Solutions to federal government end users. Government technical data and
or, in Commvault’s opinion, is likely to become, subject to a claim of software rights related to the Solutions include only those rights customarily
infringement of a third-party’s intellectual property rights, Commvault may, in provided to the public as defined in these Terms. This customary commercial
its sole discretion: (i) procure for Customer the right to continue use of the license is provided in accordance with FAR 12.211 (Technical Data), FAR
Solutions; (ii) replace or modify the Solutions with a version that does not 12.212 (Software), and FAR 52.227-14 (Rights in Data) and, for Department of
infringe; or (iii) if Commvault cannot accomplish (i) or (ii) using commercially Defense transactions, DFAR 252.227-7013 (Technical Data – Commercial
reasonable efforts, terminate these Terms and the applicable ordering Items) and DFAR 227.7202–3 (Rights in Commercial Computer Software or
documents. Computer Software Documentation), as applicable.

11.2 Commvault Data Privacy and Security Indemnification. We 12.3 Data Privacy. If Customer is subject to: (i) GDPR, or (ii) other
exist in an ever-evolving data security threat landscape. Just as our Customers applicable data protection laws requiring that processing be governed by a
work diligently to protect against data security threats, Commvault is contract, or (iii) HIPAA, Customer agrees to Commvault's Data Agreements
continuously advancing its privacy and security program, posture and vigilance and Business Associate Agreement, as applicable.
to protect Customers’ data. The Solutions may access and transfer information
over the internet, and Commvault does not operate or control the internet. 12.4 Third-Party Products & Services. Commvault may use third
Viruses, worms, trojan horses and other undesirable data or components or parties to assist in the provision of the Solutions and such third parties are
unauthorized users (e.g., hackers) may attempt to obtain access to and damage intended beneficiaries of these Terms. As such, the Solutions may include third-
Customer data, devices and networks. Commvault is not responsible for any party software, applications, platforms, hosted storage, messaging or
such activities. Commvault will indemnify, defend and hold Customer harmless communication services or API’s (collectively, the “Third-Party Services”).
2
These Third-Party Services are not offered, controlled or provided by 12.10 Governing Law and Language. Without regard to conflict of law
Commvault, and may be changed, modified or discontinued by the third-party principles, these Terms will be governed by and construed in accordance with
without notice. Commvault and its Third-Party Service Providers expressly the laws of the jurisdiction of Customer’s principal place of business as follows:
disclaim any and all liability related to, or arising from, the Third-Party (i) the State of Delaware for Customers located in the Americas, (ii) the
Services, including Customer’s use thereof, or any updates, modifications, Province of Ontario for Customers located in Canada, (iii) New South Wales,
outages, delivery failures, corruptions, discontinuance or termination of Australia for Customers located in Australia and New Zealand (iv) Singapore
services by the Third-Party Service. Commvault is not responsible or liable for for all other Customers located in Asia Pacific, and (v) the Netherlands for all
the manner in which Third-Party Services transmits, accesses, processes, stores, Customers located in other jurisdictions. Any legal action or proceeding arising
uses or provides data to Commvault. For a list of open source and third party under these Terms will be brought exclusively in the venue corresponding with
licensing notices, please navigate here. the appropriate governing law. For illustrative purposes, the venue for legal
action with a Customer located in North America shall be the State of Delaware.
12.5 Publicity. Customer grants Commvault the limited right to use its The parties irrevocably consent to the personal jurisdiction and venue therein.
company name and logo as a reference for marketing and promotional purposes Customer and Commvault agree not to participate in, or seek to recover
on Commvault’s website and in other public and private communications. If monetary or equitable relief, in any lawsuit filed alleging class, collective or
Customer does not wish to grant these limited rights, Customer may opt-out by representative claims on a party’s behalf. Customer acknowledges that any
emailing [email protected]. translation of the English language version of these Terms or any portion
thereof is for convenience only, and the English language version will take
12.6 Modifications. Commvault may, from time to time, upgrade, precedence over the translation in the event of any conflicts arising from
update, or discontinue the Solutions, or portions or versions thereof, to provide translation. Some jurisdictions restrict limitations of warranties or liabilities.
ongoing innovation in the form of new services, features and functionality. Therefore, certain limitations herein may not apply to Customer.
Upon Commvault’s notification, Customer may be responsible for installation
of certain upgrades or updates. In the event of any material modifications, 12.11 Notices. Customer acknowledges that Commvault shall
Commvault will notify Customer of such change by emailing the e-mail address communicate with Customer electronically via its platforms or using the e-mail
Customer provides to Commvault or sending a message through Commvault’s address provided by Customer. For contractual purposes, Customer consents to
platforms. receive communications from Commvault in an electronic form and agrees this
satisfies any legal requirement of notice delivery. Customer agrees that all
12.7 Assignment. Neither party may assign these Terms, in whole or in notices are considered received by Customer within twenty-four (24) hours of
part, without the other party’s prior written consent, except in the case of a the time posted to Commvault’s website or platform, or the time emailed to
merger, reorganization, acquisition, consolidation, or sale of all, or substantially Customer. Legal notices to Commvault shall be sent to
all, of its assets, in which case Customer consents to the secure transfer of [email protected].
Customer Data to any Commvault successor, assignee or affiliate or subsidiary
of Commvault for the purpose of service continuation. Any attempt to assign 12.12 Other Provisions. These Terms, Commvault’s Privacy Policy, and
these Terms other than as permitted herein will be null and void. Customer’s the applicable order forms are an agreement between Customer on behalf of its
right to use the Solutions, including any allotment of storage capacity or end affiliates and subsidiaries, as identified in the applicable order forms or as an
users, shall not extend to acquired entities, in whole or in part, or new entities end user of the Solutions, and Commvault Systems, Inc., including its affiliates
established as a result of an acquisition. In such event, the fees set forth in the and subsidiaries. Each party represents and warrants they have the authority to
order form shall be adjusted. Without limiting the foregoing, these Terms will enter into this agreement and doing so does not conflict with any other
inure to the benefit of and bind the parties’ respective successors and agreement to which they are a party. In the event of a conflict between these
permitted assigns. Terms and the applicable ordering documents, any other document set forth by
Customer or any previous agreement, these Terms shall prevail. Any preprinted
12.8 Audits. Commvault may, upon forty-five (45) days’ notice and no terms in a purchase order are of no force and effect. The parties are independent
more than once every twelve (12) months, audit Customer’s installation and use contractors and will have no authority to assume or create any obligation or
of the Solutions to ensure Customer is in compliance with these Term and the responsibility on behalf of each other. If any provision of these Terms is invalid
applicable order form. Any such audit shall not unreasonably interfere with or unenforceable under applicable law, then such terms will be changed,
Customer’s normal business operations. Customer agrees to cooperate with interpreted or severed, as appropriate to accomplish the objectives of such
Commvault’s audit and to provide reasonable assistance and access to provision to the greatest extent possible under applicable law in order to protect
information reasonably requested by Commvault. The performance of the audit the drafter, and the remaining provisions continue in full force and effect. No
and any non-public Customer data obtained during the audit (including findings waiver of any term herein shall be deemed a further or continuing waiver. The
or reports that result from the audit) shall be considered confidential sections of these Terms that ought to survive due to their nature shall survive
information. If the audit identifies non-compliance, Customer agrees to remedy any termination or expiration of these Terms and remain in full force and effect.
such non-compliance within thirty (30) days of written notification of that non-
compliance (which may include, without limitation, the payment of any fees for
additional Solutions). Customer agrees that Commvault shall not be
responsible for any of Customer’s costs incurred in cooperating with the audit.

12.9 Force Majeure. Except for Customer’s obligation to pay fees, the
parties shall not be liable for any failure or delay in the performance of its
obligations hereunder caused by forces beyond its control, including, but not
limited to the following, acts of God, nature or war; acts, rules, regulations or
orders of or issued by any governmental authority; riots, strikes or lockouts;
utility or telecommunication failures; pandemics; or failure or outages of third-
party service providers, it being understood that the parties shall use reasonable
efforts to resume performance as soon as practical under the circumstances.

3
 SAAS SOLUTION TERMS & CONDITIONS

Metallic’s SaaS Solution is the “easy button” for cost-effective, secure and scalable data management, backup and security, with a single command center, enabling
organizations to deliver on data protection strategies. Built with layered, air-gapped cloud security, secure and restrictive account access and data isolation, Metallic’s
SaaS Solution provides ease you can trust.

1. Getting Started. As a Customer you will register a Commvault account and

provide Commvault with accurate and complete information (the “Customer SaaS Solution Availability Service Credit
Account”). Customers may authorize one or more of its employees, consultants,
vendors or agents (collectively, “Authorized Users”) to access and use the SaaS Less than 99.9% 10%
Solution on Customer’s behalf. Each Authorized User will establish or be
provided a username and password, and may also establish or be provided other Less than 99% 25%
access credentials, such as an encryption key (the “Access Credentials”).
Customer acknowledges that its Authorized Users have full access to and
management privileges of its Customer Account(s) and Customer Data. The 4. Data Privacy & Security.
term “Customer” is intended to include its Authorized Users for the purposes
4.1 Commvault Privacy and Security Program. Customer data
of the Terms.
privacy and security is Commvault’s priority. Commvault represents and
warrants that it maintains: (i) network security, business continuity and disaster
2. SaaS Solution Agent. Customers may be required to download or install a recovery policies and procedures commensurate with industry best practices;
software agent to support the SaaS Solution. Commvault grants Customers a and (ii) administrative, physical and technical safeguards designed to secure
limited, non-exclusive, non-sublicensable, non-transferable and revocable Customer Data from accidental or unauthorized access, use, alteration or
license to install, execute and use the agent solely in binary code form during disclosure. Commvault’s collection, use, processing, storage and disclosure of
the SaaS Solution Term, and access the SaaS Solution in accordance with the any personal data included in Customer Data shall be in accordance with
Privacy Policy, FAQs, website, user manuals and other information provided applicable data protection laws and Commvault’s Privacy Policy. Customer
to assist Customer in its use and operation of the SaaS Solution (the acknowledges that it is Customer’s responsibility to verify that the SaaS
“Documentation”). Customer’s license to the agent is co-terminus with Solution’ security and privacy protections are adequate and in compliance with
Customer’s right to access and use the SaaS Solution for which the agent is all applicable laws governing the type of data included in Customer Data.
required. Customer grants Commvault a worldwide, non-exclusive, royalty- Customer acknowledges (i) effective security is dependent on multi-layered,
free, fully-paid up, transferable and sublicensable right to use, replicate, multi-faceted combination of solutions, deployed and managed in accordance
deduplicate, and store Customer Data for the purpose of delivering the SaaS with appropriate policies and procedures consistently applied, (ii) the quality
Solution pursuant to these Terms, improving the SaaS Solution, and as of data, other output and strength of Customer’s threat detection program are
otherwise provided in Commvault’s Privacy Policy. “Customer Data” means dependent on the configuration and deployment of the deceptive environment
the data transmitted by Customer to Commvault in connection with the by Customer and its Authorized Users, and (iii) no individual element alone is
provision of the SaaS Solution. sufficient to detect and prevent all security threats, as a result Commvault does
not warrant and disclaims liability that all security threats will be detected and
3. Global Availability and Support. prevented by the Solutions. Customer agrees to, and will ensure that each
Authorized User will, notify Commvault at [email protected]
3.1 Global Service and Support. Commvault is proud to administer immediately upon learning of any suspicious access to its Customer Account.
the SaaS Solution from global geographic locations that best suit our Commvault’s comprehensive privacy and security program is set forth in the
Customers’ needs. Where applicable and subject to data center availability, Security Terms and incorporated herein by reference.
Customer Data will be backed up to a data center located in Customer’s country
4.2 Access. Customer data privacy and security is Commvault’s
of origin, or in a geographic location selected by Customer. For additional
priority. At times, Commvault may be required to access or disclose Customer
information, refer to the SaaS Solution configuration portal. Commvault is
Data: (i) to provision the SaaS Solution to Customer pursuant to these Terms;
pleased to provide Customers with the support program for the SaaS Solution (ii) to respond to a validly issued subpoena, an investigative demand or warrant;
as set forth at Metallic Support. The support terms are incorporated by reference
(iii) to investigate or prevent security threats, fraud, or other illegal, malicious,
and may be modified from time to time in Commvault’s sole discretion.
or inappropriate activity; (iv) to enforce or protect Commvault’s rights and
Communications related to support of the SaaS Solution may be sent to properties or those of its affiliates or subsidiaries; or (v) with the informed
[email protected].
consent of the data subject. In the event Commvault is required to access
Customer Data, Commvault shall not disclose Customer Data to third parties
3.2 Global Availability. The SaaS Solution is available at least 99.9% without Customer’s consent or instruction, unless prohibited by law.
of the time measured on a monthly basis (“Uptime”). The Uptime does not
apply to any downtime due to: (i) any emergency or planned maintenance, 5. Term. Commvault initiates activation of the SaaS Solution upon receipt of a
repair, or upgrade; (ii) issues or failures with Customer’s or its service valid purchase order, by providing Customer with access to an account (the
providers’ services, applications, software, hardware or other components not “Activation Date”). The term of Customer’s subscription to the SaaS Solution
supplied by Commvault; (iii) third-party attacks, intrusions, distributed denial shall begin on the Activation Date and continue as set forth on the applicable
of service attacks or force majeure events, including those at Customer’s site or purchase order (the “SaaS Solution Term”). The SaaS Solution Term shall
between Customer’s site and data centers made available through the SaaS renew for an equal term unless either party provides written notice of non-
Solution; or (iv) Customer’s acts or omissions in violation of these Terms. In renewal sixty (60) days prior to the renewal date.
the event of Commvault’s Uptime failure, Commvault shall: (i) use
commercially reasonable efforts to provide Customer with an error correction 6. Customer Acknowledgments. Customer agrees: (i) Customer is solely
or work-around that corrects the Uptime failure; and (ii) provide Customer with responsible for data retention policies and any other policy settings, schedules,
a credit as set forth in the table below (a “Service Credit”), provided such and configurable parameters applied to Customer Data, including implementing
Service Credit is approved by Commvault, such approval not to be its own specific retention policies, (ii) Customer and its Authorized Users will
unreasonably withheld. For the avoidance of doubt, service providers are not keep Access Credentials confidential, and Customer remains responsible for the
eligible for Service Credits. Within thirty (30) days of the downtime incident, acts and omissions of its Authorized Users and any activity that occurs under
Customer must submit a Service Credit claim to Commvault with all its Customer Account(s) using the Access Credentials; (iii) Customer will use
information necessary for Commvault to validate such claim, including: (i) a the most current version of the SaaS Solution at all times, unless otherwise
detailed description of the incident; (ii) information regarding the time and agreed in writing; (iv) Customer is responsible for the security of its Customer
duration of the downtime; and (iii) a description of the attempts to resolve the Data if Customer disables any encryption or other security feature within the
incident. Service Credits will be applied to Customer’s next invoice. Customer SaaS Solution; and (v) Customer is responsible for maintaining its own internet
is not eligible for any Service Credits if Customer’s use of the SaaS Solution is and data connections, and components of the SaaS Solution that are accessed
free of charge. This is Customer’s sole and exclusive remedy for any Uptime or used through internet connections and may be subject to Customers’ internet
failure. service providers fees and downtime. Customer acknowledges Customer Data
4
may not be available if: (i) Customer’s initial backup and replication is not
properly completed by Customer; (ii) Customer deletes Customer Data and
does not restore it after deletion pursuant to Customer’s data retention policies;
(iii) Customer selects incorrect or inappropriate retention policies within the
SaaS Solution; (iv) Customer’s IT environment is unable to secure a connection
with Commvault’s servers or network; or (v) Customer fails to follow
Commvault’s technical requirements and the Documentation for utilizing the
SaaS Solution, including installing updates, or failing to periodically test
Customer’s backups and restores, or ensure that Customer Data is protected and
not otherwise corrupted.

5
 Commvault Software Terms & Conditions

Commvault’s Software delivers a unified solution combining backup and recovery with disaster recovery to deliver enterprise-grade data protection that is powerful and
easy to use and provides data availability and business continuity across on-premise and cloud environments using a single extensible platform.

1. Getting Started. Commvault grants Customer a limited, non-exclusive, non- 3. Maintenance & Support. Commvault provides support and maintenance for
sublicensable, and non-transferable license to install, execute and use the the Software as set forth here at Commvault’s then-current pricing. Customers
Software (including Software embedded in any hardware, if applicable) solely who purchase support and maintenance must do so for all Software in
in binary code form during the Software Term (defined below), in accordance Customer’s Environment. Maintenance and support commence upon delivery
with the applicable ordering documents, Commvault’s Privacy Policy, FAQs, of the Software, if applicable.
website, user manuals and other information provided to assist Customer in its
use and operation of the Software (collectively, the “Documentation”). The 4. Commvault Software Warranty. Commvault warrants that the Software shall
Software is licensed, not sold and except as set forth herein, all sales of Software substantially perform in accordance with the user documentation for a period
are final, non-returnable and non-refundable. Acceptance of the Software of ninety (90) days from the date of delivery (the “Warranty Period”). During
occurs upon delivery. Software license key(s) are electronically delivered by the Warranty Period, if the Software is defective, Customer must immediately
Commvault. Any Software license acquired by virtue of Customer’s use or notify Commvault in writing, and Commvault, in its discretion, will either: (i)
purchase of hardware shall be limited to the hardware upon which the Software repair or replacement the defective Software; or (ii) return prorated fees paid by
was originally installed. Customer may be required to periodically reapply Customer for the defective Software, in which case Customer shall uninstall
Software license keys during the Software Term which Commvault shall and return or destroy the defective Software.
provide. Customer may make a copy of the Software solely for back-up
purposes, provided such back-up copy is used only as a replacement for the 5. Term. The term of Customer’s license to the Software shall begin on the date
original copy on the same hardware upon which the Software was originally the Software is delivered and continue as set forth in the applicable order form
installed. Customer may use the Software solely for its internal data center (the “Software Term”), except where such license is perpetual. Upon expiration
operations. of the Software Term, Customer may use a limited recovery version of the
Software solely for recovering data backed up by the Software during the
2. Capacity. Customer shall activate and maintain the reporting features of any Software Term.
capacity-based Software and provide usage reports to Commvault upon request.
In the event Customer’s use of limited capacity-based Software exceeds
capacity, Customer shall be obligated to pay Commvault, directly or through its
authorized reseller, for all excess usage. Software purchased on a capacity-basis
may cease to operate and perform if Customer exceeds capacity. If Customer
purchases unlimited capacity Software for itself and/or its affiliates and
subsidiaries: (i) the Software may be used by Customer’s affiliates and
subsidiaries in the territory set forth in the order forms only, (ii) Customer
assumes all liability for those affiliates and subsidiaries, and (iii) upon
acquisition of Customer’s business by another entity, the unlimited capacity
Software license shall terminate, and Customer will retain a limited license for
the Software then-deployed in Customer’s environment for the remainder of the
Software Term.