Grafana Labs Master Services Agreement

Legal and Security › Master Services Agreement

This Grafana Labs Master Services Agreement is by and between Raintank, Inc. d/b/a Grafana Labs (“Grafana Labs”) and the entity described below (“Client”). Grafana Labs and Client may be referred to individually as “party” and collectively as “parties.” This Master Services Agreement, collectively with: (a) all Service Orders agreed to by the parties in writing; and (b) any other materials specifically incorporated by reference herein, is referred to herein as the “Agreement.” This Agreement becomes binding and effective on Client upon the earliest of: (1) when Client accesses or uses the Software or Hosting Services, (2) when Client clicks an “I Accept,” “Sign up” or similar button or checkbox referencing this Agreement, or (3) when Client enters into a Service Order (as defined below) with Grafana Labs (“Effective Date”).

1. DEFINITIONS

Capitalized terms in the Agreement have the meaning set forth in Exhibit A or elsewhere in the Agreement.

2. SCOPE

2.1 Service Orders. This Agreement sets forth the terms pursuant to which Client may access and use the Software or Hosting Service in connection with one or more Service Orders. 

2.2 Affiliates.  Each of Client’s Affiliates may enter into Service Orders with Grafana Labs and shall be responsible for all of its obligations related thereto and shall be considered “Client” with respect to that Service Order. Each Affiliate will pay for all Software and/or Hosting Services rendered pursuant to a Service Order entered into by that Affiliate. The rights and interests which are granted hereunder include the right of Client and an Affiliate to purchase and use the Software and/or Hosting Services provided that, in each case, each Affiliate complies with the terms of this Agreement. Client shall be fully liable for any and all actions or inactions of any current or future Affiliate, and its employees, agents and contractors.

3. TERM & TERMINATION

3.1 Term of Agreement. The Agreement commences on the Effective Date and continues until all Service Orders hereunder have expired or been terminated, or until this Agreement is terminated pursuant to the terms hereunder.

3.2 Term of Service Order(s). The term of the applicable Services will be specified in each Service Order. 

3.3 Termination for Breach. Either party may terminate this Agreement or any active Service Order in the event that the other party materially defaults in performing any obligation under this Agreement (including any Service Order) and such default continues un-remedied for a period of thirty (30) days following written notice of default. In addition, Grafana Labs may also terminate a free or trial account at any time in its sole discretion.  

3.4 Effect of Termination.  Termination or expiration of a Service Order shall not be construed, by implication or otherwise, to constitute termination of this Agreement or any other active Service Order, however, in the event that this Agreement is terminated, any active Service Order shall also terminate. Without prejudice to any other right or remedy of Grafana Labs, in the event either party terminates a Service Order, Client will pay Grafana Labs for all Services provided up to the effective date of termination.

4. PAYMENT

4.1 Fees.  Client will pay all fees due hereunder, and other charges to Client’s account, in accordance with the applicable Service Order(s). All payment obligations are non-cancelable, and all amounts paid are non-refundable. Client is responsible for paying for all Service that Client orders for the entire Term (or through the termination date, if earlier terminated) whether or not such Service is actually used, up to and including the date of termination of this Agreement in accordance with Section 3.3. Fees are stated in United States Dollars, must be paid in United States Dollars. All pricing terms are Confidential Information and Client agrees to treat them in accordance with the confidentiality provisions of this Agreement.

4.2 Payment.  Subject to the terms and conditions herein, Client shall pay Grafana Labs all undisputed fees upon Client’s receipt of Grafana Labs’ invoice for such Fees, or as set forth on the applicable Service Order. Grafana Labs’ fees are exclusive of all taxes, levies, or duties imposed by taxing authorities, and Client will be solely responsible for payment of all such taxes, levies or duties, excluding only United States (federal or state) taxes based solely on Grafana Labs’ income. 

4.3 Consequences of Non-Payment. Delinquent invoices (accounts in arrears) are subject to a service fee of one and one-half percent (1.5%) per month, or the maximum penalty permitted by law (whichever is less), on any outstanding balance, plus all expenses of collection; provided, however, that this interest may not be applied until any amount due hereunder remains unpaid ten (10) days after a written notice is provided to Client regarding such overdue amount, at which point interest shall apply from the date the written notice has been mailed. In addition to any other rights Grafana Labs may have, Grafana Labs reserves the right to suspend the Agreement and Client’s access to the Service if any amount due hereunder remains unpaid ten (10) days after a written notice is provided to Client regarding such overdue amount. 

5. OWNERSHIP & LICENSES

5.1 Ownership of Software and Hosting Services.  Grafana Labs (and its licensors, where applicable) owns all right, title and interest (including all related Intellectual Property Rights) in and to the Software, Hosting Services and Grafana Labs Technology.  If a Client or an Affiliate provides Grafana Labs with any Feedback, Grafana Labs will own all right, title and interest in and to such Feedback, and Grafana Labs will have the right to use such Feedback without restriction.

5.2 Software License. Subject to Client’s compliance with the terms and conditions of this Agreement, Grafana Labs grants to Client a worldwide, non-exclusive, non-sublicensable, non-transferable, revocable (except as otherwise permitted herein) right and license to access and use the Software and/or Hosting Services during the Term. For any Software consisting of Open Source Software, in whole or in part, Grafana Labs shall provide in the Documentation a description of the Open Source Software that is used or linked (whether by dynamic, static or other linking methods) or otherwise called, or referenced by, or in, providing Software or Services. Grafana Labs shall not use or distribute the Open Source Software that is incorporated into the Software or otherwise provided, in a manner that would require any provision of notice, disclosure of source code, royalty free licensing or other distribution of source code by Client. The Agreement is not a sale and does not convey to Client any rights of ownership in or related to the Software, Hosting Services, the Grafana Labs Technology or any Intellectual Property Rights owned by Grafana Labs.

5.3 Audits. At Grafana Labs’ written request no more frequently than quarterly, Client will furnish Grafana Labs with a certification signed by a Client authorized representative verifying that Client has not exceeded either (a) the Active Users Limit (for Software) or (b) Peak Data Volume (for Hosting Services). In its notice, Client will include (a) any Users that exceed the Active Users Limit (and the date(s) on which such Users were utilized), or (b) volume of data that exceeds the Peak Data Volumen, as are set forth in an applicable Service Order. Grafana Labs will invoice Client for such additional usage charges at the rates set forth in the applicable Service Order and Client will pay the invoice no later than thirty (30) days from the date of receipt

5.4 Software Use Restrictions; Client Credentials. Client must not: (i) sublicense, sell, resell, transfer, assign, distribute or otherwise commercially exploit or make available to any third-party any of the Software or Hosting Services in any way, except with Grafana Lab’s prior written consent in each instance; (ii) modify or make derivative works based upon any of the Software or Hosting Services, or otherwise remove, decompile, disassemble or reverse engineer any software; or (iii) reverse engineer or use any of the Software or Hosting Services to: (A) build a competitive product or service; (B) build a product or service using similar ideas, features, functions or graphics to any portion of the Software or Hosting Services; (C) copy, print, republish, display, distribute, transmit, sell, rent, lease, loan or otherwise make available in any form or by any means all or any portion of the Software or Hosting Services; (D) create any compilations or derivative works of any portion of the Software or Hosting Services; or (E) copy (other than a reasonable number of copies for Client’s operation of the Software) or resell any marketing, training or other materials such as slides, advice, guidance, or frameworks provided by Grafana Labs. 

Client is responsible for properly configuring the Software and/or Hosting Services in accordance with the Documentation and securing access passwords, keys, tokens or other credentials used by Client in connection with the Software (collectively, “Client Credentials”).  Client agrees to use reasonable efforts to prevent unauthorized access or use of the Software and/or Hosting Services and to promptly notify Grafana Labs if Client believes (a) any Client Credentials have been lost, stolen or made available to an unauthorized third party or (b) an unauthorized third party has accessed the Software, Hosting Services or Client Data.

5.5 Ownership of Client Data; Access. Client or its licensors (a) own all rights in and to all Client Data. Client, not Grafana Labs, and (b) have sole responsibility for ensuring the accuracy, quality, integrity, legality, security, reliability, appropriateness, and Intellectual Property Rights to use all Client Data.  Except for limited Personal Information used in setting Client Credentials, or through the Hosting Services, Grafana Labs does not require Personal Information for Client’s access and use of the Software. With regard to Client Data, Client shall not use the Software or Hosting Services to Process any Sensitive Information and shall use reasonable efforts to restrict the inclusion of other Personal Information in Client Data.

5.6 Data Security. To the extent the performance of its obligations entails the access to, or use of, Client Data, Grafana Labs shall implement and follow the security controls, practices and procedures set forth in Exhibit 1 (Data Security Rider).  

6. OBLIGATIONS ON CLIENT’S PREMISES

Grafana Labs will deliver to Client the Software and/or Hosting Services electronically after the execution of an applicable Service Order. Unless otherwise stated in a Service Order, installation of the Software will be the responsibility of Client. If Grafana Labs personnel are working on Client’s premises (a) Client will provide a safe and secure working environment for Grafana Labs personnel, and (b) Grafana Labs will comply with all reasonable workplace safety and security standards and policies, applicable to Client’s employees, of which Grafana Labs is notified in writing by Client in advance. Client may provide Grafana Labs access to Client Data, systems, and software, and resources such as workspace, network access, and telephone connections as reasonably required by Grafana Labs in order to provide the Services. Client understands and agrees that the completeness, accuracy of, and extent of access to, any Client information provided to Grafana Labs may affect Grafana Labs’ ability to provide Services. Client will use reasonable efforts to obtain any third-party consents necessary to grant Grafana Labs access to the Client information that is subject to the proprietary rights of, or controlled by, any third party, or which is subject to any other form of restriction upon disclosure.

7. REPRESENTATIONS & WARRANTIES

Grafana Labs represents and warrants that: (a) it has the requisite corporate power and authority to enter into this Agreement and each Service Order; (b) it is the lawful owner or licensee of the Software, Hosting Services and Grafana Technology, and each component thereof; (c) at the time of delivery the Software or Hosting Services do not contain any Harmful Code; and (d) the Software, Hosting Services and Grafana Labs Technology shall substantially conform to and materially function as described in their respective Documentation.

8. DISCLAIMER OF WARRANTIES

EXCEPT AS EXPRESSLY STATED IN THE PRECEDING SECTION OF THE AGREEMENT:

8.1 THE SOFTWARE, HOSTING SERVICES AND GRAFANA LABS TECHNOLOGY ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS; GRAFANA LABS AND ITS OWNERS, EMPLOYEES, AGENTS, AFFILIATES AND LICENSORS MAKE NO REPRESENTATION, WARRANTY OR GUARANTEE AS TO THE RELIABILITY, TIMELINESS, QUALITY, PERFORMANCE, SUITABILITY, RESULTS, TRUTH, AVAILABILITY, ACCURACY OR COMPLETENESS OF THE SOFTWARE OR THE GRAFANA LABS TECHNOLOGY;

8.2 WITHOUT LIMITING SECTION 8.1, GRAFANA LABS AND ITS OWNERS, EMPLOYEES, AGENTS, AFFILIATES AND LICENSORS DO NOT REPRESENT OR WARRANT THAT: (a) THE USE OF THE SOFTWARE, HOSTING SERVICES OR GRAFANA LABS TECHNOLOGY WILL BE SECURE, TIMELY, UNINTERRUPTED OR ERROR-FREE OR OPERATE IN COMBINATION WITH ANY OTHER HARDWARE, SOFTWARE, SYSTEM OR DATA; (b) THE SERVICE WILL MEET CLIENT’S REQUIREMENTS OR EXPECTATIONS; (c) ANY STORED CLIENT DATA WILL BE ACCURATE OR RELIABLE; (d) THE QUALITY OF ANY PRODUCTS, SERVICES, INFORMATION OR OTHER MATERIAL PURCHASED OR OBTAINED BY CLIENT THROUGH THE SERVICE WILL MEET CLIENT’S REQUIREMENTS OR EXPECTATIONS; OR (e) ERRORS OR DEFECTS WILL BE CORRECTED.

8.3 ALL CONDITIONS, REPRESENTATIONS AND WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE (INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE), ARE HEREBY DISCLAIMED TO THE FULLEST EXTENT PERMITTED BY LAW.

9. INDEMNIFICATION

9.1 Grafana Labs. Grafana Labs hereby does agree to, and shall, indemnify and hold harmless Client and its affiliates from and against all losses, liabilities, damages, costs and expenses (including settlement awards and reasonable attorneys’ fees) and other liabilities (“Losses”) based on third-party (including governmental agency or body) claims, actions, inquiries, demands or proceedings (each of the foregoing a “Claim”) that (i) the Software or its usage by Client infringes, violates, or misappropriates Intellectual Property Rights, or (ii) bodily injury (including death) to any person or damage to property resulting from the gross negligence or willful misconduct of Grafana Labs, its employees, subcontractors, agents, or representatives. Notwithstanding the foregoing, Grafana Labs shall have no obligation under this Section 9.1(i) for any claim resulting or arising from: (A) modifications made to the Software or  Hosting Services that were not performed or provided by or on behalf of Grafana Labs; or (B) the combination, operation or use by Client or anyone acting on Client’s behalf, of the Software or Hosting Services in connection with a third-party product or service (the combination of which causes the infringement).

9.2 Client. Client will defend, indemnify and hold harmless Grafana Labs and its affiliates, and their officers, directors employees, agents, and successors and assigns, from and against any and all Losses based on Claims arising out of or related to: (a) Client Data, or Grafana Labs’ use thereof in accordance with this Agreement, infringes, violates, or misappropriates Intellectual Property Rights, or (ii) bodily injury (including death) to any person or damage to property resulting from the gross negligence or willful misconduct of Client, its employees, subcontractors, agents, or representatives.

9.3  Obligations. Each indemnifying Party will assume the defense of any Claim and will, upon request by the other Party, allow such other Party to cooperate in such defense at its own expense.  Each Party will give prompt notice of any Claim covered by this indemnification provision. Each Party shall reasonably cooperate with the other Party in connection with the defense of any Claim subject to this section and shall provide all information and assistance reasonably requested for defense of any such Claim. Neither Party shall agree to settle Claims on behalf of the other Party where such settlement would constitute an admission of guilt or liability by the other Party, without the other Party’s prior written consent.

10. LIMITATION OF LIABILITY

To the maximum extent permitted by Applicable Laws, and except with respect to either party’s liability for (i) its indemnification obligations under this Agreement, or (ii) gross negligence, willful misconduct, or fraud:

a. IN NO EVENT WILL EITHER PARTY OR THEIR RESPECTIVE OWNERS, EMPLOYEES, AGENTS, AFFILIATES, REPRESENTATIVES OR LICENSORS BE LIABLE UNDER THE AGREEMENT FOR ANY INDIRECT, CONSEQUENTIAL, INCIDENTAL, SPECIAL, PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF OR RELATING TO THE AGREEMENT; AND

b. IN NO EVENT WILL THE TOTAL, AGGREGATE LIABILITY OF EITHER PARTY AND ITS RESPECTIVE AFFILIATES, OFFICERS, DIRECTORS, SHAREHOLDERS, EMPLOYEES, AGENTS, REPRESENTATIVES AND SUPPLIERS FOR ANY AND ALL CLAIMS ARISING OUT OF OR RELATING TO THE SERVICE, GRAFANA LABS TECHNOLOGY AND/OR THE AGREEMENT EXCEED THE TOTAL AMOUNT ACTUALLY PAID BY CLIENT TO GRAFANA LABS IN THE THREE (3) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENTS GIVING RISE TO SUCH CLAIM(S).

The foregoing limitations, exclusions and disclaimers shall apply, regardless of whether the claim for such damages is based in contract, warranty, strict liability, negligence, and tort or otherwise.  Insofar as Applicable Laws prohibits any limitation herein, the parties agree that such limitation will be automatically modified, but only to the extent so as to make the limitation permitted to the fullest extent possible under such law.  The parties agree that the limitations on liabilities set forth herein are agreed allocations of risk constituting in part the consideration for Grafana Labs’ sale of Software and/or Services to Customer, and such limitations will apply notwithstanding the failure of essential purpose of any limited remedy and even if a party has been advised of the possibility of such liabilities.

11. CONFIDENTIALITY

The parties agree that (i) Confidential Information will be used only in accordance with the terms and conditions of this Agreement; (ii) each will use the same degree of care it utilizes to protect its own confidential information, but in no event less than reasonable care; and (iii) the Confidential Information may be disclosed only to employees, agents and contractors with a need to know, and to its auditors and legal counsel, in each case, who are under a written obligation to keep such information confidential using standards of confidentiality not less restrictive than those required by this Agreement. Both parties agree that obligations of confidentiality will survive expiration or termination of this Agreement. Notwithstanding the foregoing, if any court or other governmental entity with competent jurisdiction requires the Receiving Party to disclose any of the Disclosing Party’s Confidential Information, the Receiving Party may comply with its legal obligations after giving the Disclosing Party prompt, reasonably detailed written notice regarding such required disclosure (including a copy of the relevant order or other legal process) to allow the Disclosing Party to seek a protective order or other appropriate remedy. The Receiving Party will disclose only such information as it reasonably deems is legally required and will cooperate reasonably with the Disclosing Party to obtain confidential treatment for any of the Disclosing Party’s Confidential Information that is so disclosed. Similarly, the Receiving Party may disclose the Disclosing Party’s Confidential Information on a “need-to-know” basis to its legal counsel, accountants, banks and other financing sources and advisors under commercially reasonable confidentiality agreements. Upon termination or expiration of the Agreement, or at the request of the Disclosing Party, the Receiving Party will promptly return all tangible material embodying the Disclosing Party’s Confidential Information, and will destroy (or, in the case of electronic embodiments, permanently erase) all other tangible material containing or reflecting such Confidential Information (in any form including, without limitation, all summaries, copies and excerpts) in its possession or under its control, whether prepared by the Disclosing Party, the Receiving Party, their respective advisors or otherwise, and will not retain any copies, extracts or other reproductions in whole or in part of such materials. 

12. COMPLIANCE WITH LAWS; EXPORT CONTROL

The parties shall comply with all Applicable Laws, including, without limitation, technology export, use, and transfer laws of the United States and other countries. Each party shall provide documentation and assistance the other party’s reasonable requests in connection with securing government authorizations or providing required reports.

13. PUBLICITY; NON-SOLICITATION

13.1 Publicity. Neither party shall, except as otherwise required by Applicable Laws, issue or release any announcement, statement, press release, or other publicity or marketing materials relating to this Agreement or otherwise use the other Party’s marks or logos without the prior written consent of the other Party; provided, however, that Grafana Labs may include Client’s name and logo in its list of customer, its public website, and other promotional material.  Grafana Labs agrees to promptly cease such uses of Client’s name and logo following Client’s request sent to hello@grafana.com

13.2 Non-Solicitation. Client agrees not to solicit any personnel of  Grafana Labs involved with the delivery of Services in connection with any Service Order during the term of and for twelve (12) months after termination or expiration of such Service Order; provided that Client may hire an individual employed by Grafana Labs who, without other solicitation, responds to advertisements or solicitations aimed at the general public.

14. NOTICES

The parties shall provide all notices and consents in writing.  Notices and consents delivered via e-mail are effective upon the receiving party’s acknowledgement of receipt via e-mail. Notices and consents delivered by hand or by a national transportation company are effective upon delivery to. Grafana Labs:  Attn: Chief Operating Officer, 29 Broadway, Penthouse Suite, New York, NY 10006; for Client, to the address on file. 

15. ASSIGNMENT

This Agreement is assignable by either party only with the other party’s prior written consent, which will not be unreasonably withheld, conditioned or delayed; provided, however, either party may, upon written notice and without the prior approval of the other party, (a) assign this Agreement to an affiliate as long as the affiliate has sufficient assets to satisfy its obligations under this Agreement and the scope of Service is not affected; or (b) assign this Agreement pursuant to a merger, consolidation, reorganization, change of control, or a sale of all or substantially all of such party’s assets or stock.

16. U.S. GOVERNMENT CUSTOMERS

The Software and Services are provided to the U.S. Government as “commercial items,” “commercial computer software,” “commercial computer software documentation,” and “technical data” with the same rights and restrictions generally applicable to the Software and Services. If Client or any User is using Software or Services on behalf of the U.S. Government and these terms fail to meet the U.S. Government’s needs or are inconsistent in any respect with federal law, Client and Users must immediately discontinue use of the Software and Services. The terms listed above are defined in the Federal Acquisition Regulation and the Defense Federal Acquisition Regulation Supplement.

17. GENERAL LEGAL TERMS

17.1 Governing Law; Venue. New York law governs this Agreement and if either party brings against the other party any proceeding in connection with this agreement or a Transaction Document, that party may bring that proceeding only in the United States District Court for the Southern District of New York or, only if there is no federal subject matter jurisdiction, in the New York Supreme Court for the County of New York, and each party submits to the exclusive jurisdiction of those courts for purposes of any such proceeding.  However, either party may seek interim or temporary injunctive relief in any court of appropriate jurisdiction with respect to any alleged breach of such party’s intellectual property, confidentiality, or proprietary rights under this agreement, as such a breach may cause the non-breaching party irreparable damage for which the award of damages may not be adequate compensation.  The parties specifically disclaim the application of the UN Convention on Contracts for the International Sale of Goods to the interpretation or enforcement of this Agreement.

17.2 Force Majeure. Neither party shall be liable for any delay or failure in performance of any part of this Agreement (except payment) to the extent that such delay is caused by a Force Majeure Event. If any such Force Majeure Event occurs, the Party delayed or unable to perform (“Delayed Party”), upon giving prompt notice to the other Party, shall be excused from such performance on a day-to-day basis during the continuance of such Condition (and the other Party shall likewise be excused from performance of its obligations on a day-to-day basis during the same period); provided, however, that the Party so affected shall use its best reasonable efforts to avoid or remove such Condition, and both Parties shall proceed immediately with the performance of their obligations under this Agreement whenever such causes are removed or cease.

17.3 Independent Parties; No Third Party Beneficiaries. The Parties expressly understand and agree that their relationship is that of independent contractors. Nothing in this Agreement shall constitute one Party as an employee, agent, joint venture partner or servant of another. This Agreement is for the sole benefit of the Parties hereto and their respective successors and permitted assigns and nothing herein, express or implied, is intended to or shall confer on any other person any legal or equitable right, benefit or remedy of any nature whatsoever under or by reason of this Agreement. 

17.4 Scope of Business. Nothing in this Agreement will preclude or limit Grafana Labs from providing the Software or Services to other clients. Further, nothing in this Agreement will prohibit or restrict either party’s right to develop, use or market products or services similar to or competitive with the other party; provided, however, that neither party is relieved of its confidentiality obligations under this Agreement.

17.5 Severability. If any provision of this Agreement is held invalid or unenforceable for any reason, then such provision shall be fully severable and will not affect the validity of the remaining provisions of the Agreement.

17.6 No Waiver. The failure of either Party to enforce any right or provision in the Agreement will not constitute a waiver of such right or provision, unless acknowledged and agreed in writing.

17.7 Complete Agreement. Each Service Order (a) is deemed to be incorporated into this Agreement; (b) constitutes the terms and conditions with respect to the subject matter of that Service Order, notwithstanding any different or additional terms that may be contained in the form of purchase order or other document used by Client to place orders or otherwise effect transactions under this Agreement; and (c) along with this Agreement, and all attachments hereto or otherwise incorporated herein, represents the final, complete and exclusive statement of the agreement between the parties with respect thereto, notwithstanding any prior written agreements or prior and contemporaneous oral agreements with respect to the subject matter of the Service Order. 

17.8 Section Headings. Section headings are for reference purposes only and in no way define, limit, construe or describe the scope or extent of such section.

17.9 Changes to this Agreement. Grafana Labs may modify this Agreement at any time by posting a revised version at www.grafana.com which modifications will become effective as of the first day of the calendar month following the month in which they were first posted; provided, however, that if an Service Order specifies a fixed term of 12 months or longer, the modifications will instead be effective immediately upon the start of the next Renewal Order Term. In either case, if Client objects to the updated Agreement, as its sole and exclusive remedy, Client may choose not to renew, including canceling any terms set to auto-renew. For the avoidance of doubt, any Service Order is subject to the version of the Agreement in effect at the time of the Service Order.

17.10 Survival. If this Agreement or a Service Order is terminated for any reason, Sections 4-5, 7-9, 11-13, 2, 17.1, and 17.4-17.10 of this Agreement (as the same are incorporated into each Service Order) will survive such termination.

EXHIBIT A

(DEFINITIONS)

This Exhibit A to the Master Services Agreement between Grafana Labs and Client (the “Agreement”) forms part of the Agreement and is subject to the terms and conditions of the Agreement. Any capitalized terms not defined in this Exhibit A have the meaning indicated elsewhere in the Agreement (including its exhibits).

The following definitions apply to the Agreement:

1.Active User Limit” means the total number of Active Users for which Client has paid the applicable Fees set forth in a Service Order. “Active User”  means a user who has logged in within the previous thirty (30) days.

2.Affiliate” means an Entity that controls, is controlled by, or under common control with Client or Grafana Labs, as applicable.  An Entity has “Control” when it possesses, directly or indirectly, the power to direct management through the ownership of fifty percent (50%) or more of its voting or equity securities, contract, voting trust or otherwise.  “Entity” means a corporation, limited liability company, partnership, sole proprietorship, trust, association, or any other legally recognized entity or organization.

3. “Applicable Laws” means any and all governmental laws, rules, directives, regulations or orders that are applicable to a particular Party’s performance under this Agreement.

4.Client Data” means: any data, information, materials or multimedia content relating to Client, Affiliates, or a User that Client provides or submits in the course of using the Software and Services.

5.Confidential Information” means information and tangible materials disclosed by one Party (the “Disclosing Party”) to the other Party (the “Receiving Party”) in connection with the Parties’ relationship under the Agreement that are or should be reasonably understood to be confidential or proprietary to the Disclosing Party, including without limitation the terms of this Agreement, technical processes or formulas, sales, software, cost and other unpublished financial information, product and business plans, and projections. “Confidential Information” will not, however, include information or materials the Receiving Party can prove through verifiable, objective evidence: 

(a) became part of the public domain without breach of the Agreement;

(b) was known to the Receiving Party prior to its receipt from the Disclosing Party; 

(c) was rightfully received from a third-party that did not acquire or disclose such information or materials by a wrongful or tortious act or in breach of any confidentiality obligation to the Disclosing Party; or

(d) was developed independently by or for the Receiving Party without use of or reference to any Confidential Information of the Disclosing Party.

6.Documentation” means Grafana Labs’ standard user manuals, guides, specifications, technical documentation, “best practices” materials, or other documentation provided by Grafana Labs in connection with Client’s access to and use of the Software and Hosting Services, and any related documentation as may be modified by or on behalf of Grafana Labs from time to time.

7.Feedback” means bug reports, suggestions, or other feedback relating to the Software or Grafana Labs Technology.

8.Force Majeure Event” means reason of acts of God, wars, revolution, civil commotion, acts of public enemy, embargo, acts of government in its sovereign capacity, pandemic, or any other circumstances beyond the reasonable control and not involving any fault or negligence of the delayed Party. 

9. “Grafana Labs Technology” means Grafana Labs’ proprietary technology (including Software, hardware, products, processes, algorithms, user interfaces, APIs, know-how, techniques, designs and other tangible or intangible technical material or information) made available to Client by Grafana Labs in connection with providing the Software.

10. “Harmful Code” means any virus, “drop dead” device, time bomb, malicious or hidden mechanisms or code for the purpose of or capable of damaging or corrupting the Software or Hosting Services.

11.Hosting Services” means the specific edition of Grafana Labs’ cloud hosting platform and associated services provided to Client (e.g., Grafana Cloud), to which Client subscribes through a Service Order, including without limitation the Software, Grafana Labs Technology, and Documentation, and any other ancillary online or offline products or services provided to Client). The Hosting Services are developed, operated, and maintained by Grafana Labs, and accessible via the Grafana Labs’ website, Grafana Labs APIs, mobile application, and/or any other designated website, venue or IP address.

12.Intellectual Property Rights” means: (a) unpatented inventions, patent applications, patents, design rights, copyrights, trademarks, service marks, trade names, domain name rights, mask work rights, and all other intellectual property rights, derivatives thereof, and forms of protection of a similar nature anywhere in the world including, without limitation, with respect to all computer software, software design, software code, software architecture, firmware, programming tools, graphic user interfaces, reports, dashboard, business rules, use cases, screens, alerts, notifications, drawings, specifications and databases; and (b) all moral rights; trade secrets and other rights with respect to confidential or proprietary information; know-how; other rights with respect to inventions, discoveries, ideas, improvements, techniques, formulae, algorithms, processes, schematics, testing procedures, technical information and other technology.

13.Open Source Software” means any software that is distributed as free software, open source software (e.g., Linux or software distributed under any license approved by the Open Source Initiative as set forth at www.opensource.org) or under a similar licensing or distribution model, and as to any of the foregoing, that requires any one or more of the following (i) redistribution of the software on a royalty-free basis, and/or (ii) redistribution of the software under the same license/distribution terms as those contained in the software license under which such software was originally released, and/or (iii) release to the public, disclosure, or a requirement to otherwise make available the source code of the software or any other software that links with such software.

14.Peak Data Volume” means the daily volume for data processed as part of the Hosting Services which is set forth in an applicable Service Order.

15. “Personal Information” means information relating to an identified or identifiable natural person that is protected by Applicable Laws with respect to privacy where the individual resides.

16. “Process” means to perform an operation or set of operations on data, content or information, including to submit, transmit, post, transfer, disclose, collect, record, organize, structure, store, adapt or alter.

16.Sensitive Information” means the following categories of Personal Information: (a) government-issued identification numbers, including Social Security numbers; (b) financial account data; (c) biometric, genetic, health or insurance data; (d) financial information; (e) data revealing race, ethnicity, political opinions, religion, philosophical beliefs or trade union membership; (f) data concerning sex life or sexual orientation; and (g) data relating criminal convictions and offenses. Without limiting the foregoing, the term “Sensitive Information” includes Personal Information that is subject to specific or heightened requirements under Applicable Laws or industry standards.

17.Software” means (a) any Grafana Labs proprietary software and other software programs branded by Grafana Labs, its affiliates and/or third parties including all modifications, additions or further enhancements thereto, and (b) the standard specifications applicable to each type of software, which are made available to Client by Grafana Labs, as covered in each applicable Service Order.

17.User” means an employee, agent, representative, consultant, or contractor of Client or its Affiliates for whom subscriptions to the Software and Services has been purchased pursuant to the terms of the applicable Service Order and this Agreement who is authorized to use the Service.

EXHIBIT 1

DATA SECURITY RIDER

  1. 1. SECURITY; SYSTEM PROTECTION.
    1. 1.1 Safeguarding Client Data.  Grafana Labs agrees to safeguard Client Data in accordance with this Data Security Rider.  Grafana Labs will not disclose, transfer or use any Client Data for any purpose other than to perform its obligations under this Agreement. Grafana Labs will promptly overwrite (e.g., with “X”s) any such information upon and pursuant to Client’s written or email notice . 
    2. 1.2 System Protection & Recovery.  Grafana Labs will protect its computer and operations systems against outages using standard industry methods designed to prevent outages and minimize impacts during any unavoidable service interruptions, including ensuring that (a) its computer system is UPS protected, backed up automatically, and (b) it has implemented and regularly tests a disaster recovery or business continuity plan for its facilities where Client Data is stored or processed.
  2. 2. CLIENT SECURITY POLICY.
    1. 2.1 Basic Security Requirements.
      1. (A) Install and maintain a working network firewall to protect data accessible via the Internet.
      2. (B) Keep security patches up-to-date.
      3. (C) Encrypt data sent across open networks.
      4. (D) Use and regularly update anti-virus software.
      5. (E) Don’t use supplier-supplied defaults for system passwords and other security parameters.
      6. (F) Mandate the use of “strong passwords” on all systems or, in the absence of a mandatory (system enforced) password quality checker, enforce account lockout after no more than 10 consecutive incorrect password attempts.
      7. (G) For systems containing customer information, mandate use of “strong passwords” with multi-factor authentication.
      8. (H) Regularly test security systems and processes.
      9. (I) Maintain a policy that addresses information security for employees and suppliers.
      10. (J) Restrict physical access to systems containing Client Data.
      11. (K) Restrict remote access to the entire network and employ remote access controls to verify the identity of users connecting.
    2. 2.2 Security Audits.
      1. (A) If requested by Client, Grafana Labs will undergo a security audit.
      2. (B) Client reserves the right to periodically audit the systems that Grafana Labs uses to store the Client Data, upon prior written notice to Grafana Labs and during Grafana Labs’ normal business hours; provided, that, no more than one such audit shall be made during any 12 month period during the term of this Agreement; provided further that the foregoing restriction will not apply in the event of any security breach related to or in connection with Client Data.
    3. 2.3 Data Transmission.
      1. (A) Grafana Labs agrees to meet industry level standards for protecting the confidentiality and integrity of data transmissions. Approved mechanisms for data transmission may include:
        1. (1) XML/HTTP over SSL, with certificate-based authentication utilizing a 2048-bit (or larger) RSA public key, and 128-bit (or stronger) symmetric encryption.
        2. (2) Digitally signed and encrypted S/MIME messages over HTTP or SMTP, using certificates with a 2048-bit (or larger) RSA public key, and 128-bit (or stronger) symmetric encryption.
        3. (3) Digitally signed and encrypted PGP (Pretty Good Privacy) or GPG (Gnu Privacy Guard) messages over a variety of transports, with 2048-bit (or larger) RSA or DH/DSS public keys, and 128-bit (or stronger) symmetric encryption.
      2. (B) For all message-based encryption schemes employing digital signatures (including PGP and S/MIME), Grafana Labs will verify the digital signature of the message and reject messages with invalid signatures.
      3. (C) For all encryption schemes employing public key cryptography, Grafana Labs will ensure the confidentiality of the private component of the public-private key pair, and will promptly notify Client in the event that the private key is compromised.
      4. (D) In general, the mechanism choice will depend on a number of factors such as technical capability, transaction volume, latency requirements, availability requirements, and will be chosen by mutual agreement.
    4. 2.4 Data Retention.
      1. (A) Client has no obligation to provide any Client Data to Grafana Labs.
      2. (B) Grafana Labs will retain Client Data only for as long as is necessary to perform the Services. 
      3. (C) Grafana Labs will delete all live (online or network accessible) instances of the Client Data within 30 days after completion of the Services or termination or expiration of this Agreement Agreement.
    5. 2.5 Forensic Destruction.  Prior to disposing of any hardware, media, or software (including any sale or transfer of such hardware, media, or software, any disposition in connection with any liquidation of Grafana Labs’ business, or any other disposition) that contains, or has at any time contained, Client Data, Grafana Labs will perform a complete forensic destruction of the Client Data in such hardware or software such that none of such Client Data can be recovered or retrieved.  Such forensic destruction may include: (a) physical destruction, particularly incineration; or (b) secure data wipe.
    6. 2.6 Security Incidents. Grafana Labs will notify Client within 48 hours of detecting any actual or suspected unauthorized access, use, disclosure, acquisition, corruption or loss of Client Data, or breach of any environment (a) containing Client Data, or (b) managed by Grafana Labs with controls substantially similar to those protecting Client Data (any such incident, a “Security Incident”).  Grafana Labs will remedy any Security Incident in a timely manner and provide Client written details regarding Grafana Labs’ internal investigation regarding any Security Incident. Grafana Labs agrees not to notify any regulatory authority, nor any customer, on behalf of Client unless Client specifically requests in writing that Grafana Labs does so.  Grafana Labs will cooperate and work together with Client to formulate and execute a plan to rectify all confirmed Security Incidents.