Trusted by leading companies
- Definitions
- Usage Rights and Access
- Client Obligations and Restrictions
- Uptime Commitment
- Customer Support
- Confidentiality, Security and Privacy
- Non-Disclosure
- Charges and Payment Terms
- Subscription Renewal
- Trial and Pre-Release Services
- Purchases via Authorized Intermediaries
- Partner and Vendor Access Rules
- Warranty and Disclaimers
- Adherence to Applicable Laws
- Defense and Indemnification
- Limits of Responsibility
- Duration and Termination
- Agreement Transferability
- Unexpected Occurrences
- Communications and Branding
- Notices of Claims
- Legal Authority and Forum
- Closing Provisions
Definitions
“Account Data” means the information the Customer provides to Middleware to create or manage its Middleware accounts, including, for example, an Authorized User’s first and last name, username, email address, or the Customer’s billing contact details.
- The Customer is responsible for keeping all Account Data accurate and up to date during the Order Term.
- Account Data must not include any Sensitive Information.
- Account Data will be managed according to Middleware’s Privacy Policy, available at https://middleware.io/privacy-policy/.
“Affiliate” means, for a Party, any business entity that directly or indirectly controls, is controlled by, or is under common control with that Party. Here, “control” means owning, directly or indirectly, more than fifty percent (50%) of the voting securities or other ownership interests of the entity.
“Applicable Laws” means all laws, regulations, directives, rules, or governmental orders that govern a Party’s obligations or performance under this Agreement.
“Authorized User” means an individual who is an employee, agent, contractor, or service provider (as allowed under Section 18 – Third Party Access Terms) of the Customer or a Customer Affiliate, and who has been given user credentials for the Services by the Customer (or by Middleware at the Customer’s request).
“Available” means, for each Core Service, that the Customer can access and use that Core Service. “Availability” is interpreted in the same way. Availability is measured from when the Core Service is accessible via Middleware’s hosting provider and is calculated in minutes over each calendar month during the applicable Order Term. The Customer can request Availability details from Middleware’s Support team.
“Core Service” means any Service or feature listed in the applicable Order (excluding beta or trial offerings) that is available on the Middleware platform and for which the Customer has committed to spend during the applicable month.
“Customer Administrator” means the individual or individuals listed in the Account Data as administrative users for the Customer’s account.
“Customer Environment” means the systems, platforms, services, software, devices, sites, and networks that the Customer uses in its operations, excluding the subscribed Services.
“Data Protection Laws” means all Applicable Laws that govern the privacy, security, and protection of Personal Data.
“Middleware Customer Success Manager” means the Middleware representative assigned to support and manage the Customer’s relationship with Middleware. If the Customer is unsure of their assigned Customer Success Manager’s contact details, they may reach out to [INSERT CUSTOMER SUCCESS CONTACT EMAIL].
“Middleware Operations Data” means data related to, or used in, the operation, use, and testing of the Services. This includes:
- Data generated from Customers’ use of the Services,
- Aggregated data on third-party components,
- Aggregated and/or anonymized data as described in Section 2.3, and
- Other information that supports and informs the delivery and improvement of the Services.
“Middleware Partner Network” means Middleware’s network of approved partners, as described at [INSERT PARTNER NETWORK URL].
“Documentation” means Middleware’s standard user documentation for the Services, available at [INSERT DOCUMENTATION URL].
“Exceptions” means any of the following:
- the Customer’s breach of this Agreement, an Order, or the AUP.
- the Customer’s failure to configure or use the Services in accordance with the Documentation.
- issues or failures within the Customer Environment.
- Force Majeure Events.
- Middleware’s suspension of Authorized Users’ access to the Services under Section 3.3 or 8.2; or
- scheduled maintenance for which Middleware has provided advance notice to the Customer Administrator by email or through the Services.
“Feedback” means bug reports, enhancement requests, suggestions, or other feedback regarding the Services or Documentation provided by or on behalf of the Customer to Middleware, excluding any Customer Confidential Information contained within.
“Intellectual Property Rights” means all registered and unregistered rights that are granted, applied for, or currently exist or may arise in the future under or in connection with any patent, copyright, trademark, trade secret, database protection, or other intellectual property laws, as well as all similar or equivalent rights or forms of protection worldwide.
“Malicious Code” means any code, file, script, agent, or program designed to cause harm or disrupt operations, including but not limited to viruses, worms, time bombs, and Trojan horses.
“Order” means either: (1) the purchase of a subscription to the Services that is (a) completed and submitted by the Customer through Middleware’s website, or (b) executed in writing between Middleware and the Customer; or (2) the use of the Services on a pay-as-you-go basis.
“Order Term” means, for each Order, the subscription period for the Services as specified in the applicable Order, unless terminated earlier in accordance with this Agreement or the terms of the Order. For pay-as-you-go usage, “Order Term” refers to each day the Customer accesses or uses the Services.
“Party” means either Middleware or the Customer.
“Personal Data” means any information that relates to an identified or identifiable natural person.
“Pricing Page” means the web page or pages where Middleware publishes its list prices for the Services, with the general Services pricing currently available at https://middleware.io/pricing/.
“Process” means to carry out any operation or set of operations on data, content, or information, including submitting, transmitting, posting, transferring, disclosing, collecting, recording, organizing, structuring, storing, adapting, or altering it; “Processing” will be interpreted accordingly.
“Sensitive Information” means: (a) government-issued identification numbers, such as Social Security numbers; (b) financial account or payment information; (c) special categories of personal data as defined in Article 9 of the GDPR; (d) personal data concerning criminal convictions and offenses as defined in Article 10 of the GDPR; (e) protected health information (PHI) as defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended; and (f) any other information subject to specific or heightened requirements under Applicable Laws or applicable industry standards. “GDPR” refers to the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, concerning the protection of natural persons with respect to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC.
“Service Plan” means the subscription package and its associated features, as described on the Pricing Page, for the hosted Middleware service to which the Customer subscribes.
“Services” means the hosted services provided by Middleware and made accessible online through the applicable login page https://app.middleware.io/auth/login or other web pages designated by Middleware, which are offered on a fee-based subscription. “Services” does not include: (a) any offerings provided free of charge, or any alpha, beta, or other pre-commercial releases of a Middleware product or service (or feature or functionality of a Service); and (b) any tools or services that are not individually essential to the operation of the Services and that Middleware makes available under separate license terms, including those listed on the Middleware Marketplace.
“Supplemental Terms” means any additional terms that apply to specific Customer Data, Services, Service Plans, and/or customers, including any applicable Service-Specific Terms, as made available at https://middleware.io/terms-and-conditions/.
“Threat Actor Data” refers to any information related to unauthorized third-party malicious actors and any associated malicious code, tools, techniques, or other details regarding such actors or their activities, collected or identified through or during the use of the Services by Middleware customers. This definition excludes any information that directly identifies Customer or its Authorized Users.
Usage Rights and Access
1. Rights to Use Services
If you follow the terms in your Order and this Agreement, Middleware gives you a limited right—non-exclusive and non-transferable—to access and use the Services. You can use them only as described in the Documentation, for the duration of your Order Term, and only within your own systems and environment.
You may only use the Services for the direct benefit of other parties if you are accepted into the Middleware Partner Program and follow its rules.
To be clear, this does not stop you from sharing reports, dashboards, or other outputs created by the Services—if they contain your own Customer Data—with people or organizations outside of your own.
2. Customer-Controlled Environment
Between the two parties, the Customer keeps full control over its own operating environment and all its individual components (“Customer Components”). These components may be owned, leased, or licensed by the Customer; hosted on the Customer’s premises; run in the cloud; or delivered through a software-as-a-service or other model.
The Customer alone is responsible for setting up, turning on or off, and managing the connections between its Customer Components and the Services (“Connections”). The Customer is also responsible for configuring the Services themselves, including deciding how they will work with the Customer Components.
When the Customer connects any Customer Component to the Services, they give Middleware permission—and direct Middleware—to access and work with that Customer Component only as needed to provide and support the Services.
The Customer must make sure that this access, use, and interaction follow all applicable terms, licenses, and policies that apply to the Customer Components, their data, and the Connections (together, the “Customer Component Terms”).
3. Customer Data, Account Data, and Usage Data
Through its settings and use of the Services, the Customer decides what type and amount of data from its environment is sent or uploaded to the Services (“Customer Data,” not including Account Data). By providing this data, the Customer gives Middleware, its affiliates, and approved contractors permission—and explicit instructions—to process it so they can deliver, maintain, and support the Services, as described in the Documentation, this Agreement, and the Data Processing Addendum. Middleware is fully responsible for the actions or mistakes of its affiliates and contractors as if Middleware had performed the work itself.
The Customer also allows Middleware to use information about its configuration and use of the Services (“Usage Data”), along with Customer Data and Account Data, to:
(a) manage the Customer’s account, including calculating fees.
(b) run, maintain, and improve the Services and related support; and
(c) send you product updates, announcements about new features, and other helpful insights.
The Customer acknowledges that Middleware may use combined or anonymized versions of Customer Data and Usage Data—both during and after this Agreement—for legitimate business purposes, such as improving products, creating new features, or producing reports and analytics.
All handling of Customer Data and Usage Data will comply with this Agreement (including the security commitments in Section 6.1 and the confidentiality terms in Section 7), the Data Processing Addendum (if applicable), any relevant Supplemental Terms, and, for Account Data, the Privacy Policy.
Q1: How can we simplify the “aggregated or anonymized data” part so it’s clearer without losing the legal intent?
A1: We could say “Middleware may use combined or anonymized versions of your data (with personal details removed) to improve services, create insights, and develop new features, even after this Agreement ends.” This keeps it short while making it very clear what’s meant.
Q2: Should the section about “Usage Data” explicitly include analytics tools or tracking methods?
A2: If you want maximum transparency, yes. Adding a phrase like “including through analytics tools or performance tracking” makes it clear that Middleware may collect usage information through various technical means.
Q3: How can we make the “responsibility for affiliates and contractors” clause stronger?
A3: You could add, “Middleware will be liable for any breach of this Agreement caused by its affiliates or contractors to the same extent as if it committed the breach itself.” This reinforces legal accountability in plain language.
4. Reservation of Rights
Between the two parties:
(a) The Customer keeps all rights, ownership, and interest in its Environment and Customer Data, including all related intellectual property rights.
(b) Middleware keeps all rights, ownership, and interest in the Services, Documentation, Middleware Operations Data, and any Feedback, including all related intellectual property rights.
Both parties may use Threat Actor Data only to reduce or remove the threat and may work with third parties for that purpose when needed. Except for the rights specifically granted in this Agreement, all other rights remain with the party that owns them. Any rights granted under this section are limited, non-exclusive, and—unless this Agreement says otherwise—non-transferable.
Client Obligations and Restrictions
1. Client Duties
The Customer is fully responsible for:
- managing and maintaining their own environment, including anything needed to allow Authorized Users to access and use the Services.
- all Account Data, Customer Data, and Customer Credentials (including any activity conducted using those credentials), subject to Middleware’s obligations under this Agreement.
- providing all required notices and obtaining any necessary consents or permissions from Customer Component providers, Authorized Users, and anyone whose Personal Data may be included in Account Data, Customer Data, or Customer Credentials; and
- making sure the Services are used only within the Customer’s environment and in full compliance with the Acceptable Use Policy, the Documentation, and any applicable Customer Component Terms.
2. Restrictions on Use of Services
The Customer does not have the right under this Agreement—and agrees not—to do any of the following, either directly or indirectly:
- allow anyone other than Authorized Users to access or use the Services.
- attempt to gain unauthorized access to any Service, system, or network.
- use any Service to access Middleware’s Intellectual Property Rights, except as explicitly permitted in this Agreement.
- modify, copy, or create derivative works based on any Service or its features, functions, or components.
- resell, share, sublicense, or otherwise make any Service available to third parties, including as part of a managed service offering.
- reverse engineer, disassemble, decompile, or attempt to access, discover, or recreate the source code of any Service, unless restricted by applicable law.
- use the Services or Documentation to compete with Middleware, including copying ideas, features, functions, or designs, creating competing products or services, or performing competitive analysis.
- remove, hide, or alter any proprietary notices in the Services.
- use the Services to store, transmit, or introduce malicious code.
- use the Services in violation of any applicable laws; or
- use the Services for anything other than the Customer’s internal operations as described in the applicable Order, Documentation, and this Agreement.
3. Middleware Rights and Remedies
If Middleware reasonably believes that Section 3.2 has been violated, it may, in addition to any other legal or equitable remedies (including termination under Section 17.2), investigate the suspected violation and temporarily suspend access for any Authorized User(s) believed to be involved, for as long as reasonably necessary to address the issue.
Middleware will provide the Customer with written notice of the suspension (a “Suspension Notice”) and will work in good faith with the Customer to resolve the matter. Notice will be given in advance, unless Middleware believes the situation is urgent or an emergency, where waiting could put Middleware, the Customer, or other customers at risk of immediate harm.
For clarity, Middleware reserves the right—but is not obligated, except to provide the Suspension Notice—to take the actions described in this section.
Uptime Commitment
Middleware will make commercially reasonable efforts to keep the Services available at least 99.8% of the time (the “Availability Standard”), not counting downtime caused by defined Exceptions.
1. Intellectual Property Rights
- The Customer keeps all rights, ownership, and interest in its Environment and Customer Data, including all related intellectual property rights.
- Middleware keeps all rights, ownership, and interest in the Services, Documentation, Middleware Operations Data, and any Feedback, including all related intellectual property rights.
Both parties may use Threat Actor Data only to reduce or remove the threat and may work with third parties for that purpose when necessary.
Except for the rights specifically granted in this Agreement, all other rights remain with the party that owns them. Any rights granted under this section are limited, non-exclusive, and—unless this Agreement says otherwise—non-transferable.
Customer Support
During the Order Term, Middleware will provide support to Authorized Users based on the support terms in the applicable Order or as described in Middleware’s Support Plans.
Unless this Agreement says otherwise for the Services, the Customer’s only remedy for any claimed failure by Middleware to provide Support with reasonable skill, care, and diligence is for Middleware to re-perform the affected Support services.
Confidentiality, Security and Privacy
Each Party will meet its own security and privacy responsibilities under this Agreement. These measures must be appropriate to the type, purpose, and risks of processing Personal Data in connection with the Services and must comply with all applicable Data Protection Laws.
1. Protection of Customer Data
Middleware will use the right technical tools and security practices to protect your Customer Data and Account Data from being lost by accident or accessed, used, changed, or shared without permission, as described in our Security Measures. You are responsible for setting up the Services as explained in the Documentation, turning on single sign-on for account access, and keeping all your passwords, keys, tokens, and other login details (“Customer Credentials”) safe. Please take reasonable care to prevent anyone from using the Services without permission, and let Middleware know immediately if:
- your Customer Credentials are lost, stolen, or shared with someone who should not have them, or
- you think someone has accessed the Services or your Customer Data without authorization.
2. Privacy
Both Parties agree to follow the Data Processing Addendum, which is an important part of this Agreement. The Customer will share Personal Data with the Services only when it is truly needed to use or access them, and only when permitted under the applicable Data Protection Laws. In doing so, the Customer should carefully consider the nature of the Personal Data, how the Services function, and the terms of this Agreement.
The Customer must not use the Services to manage any Sensitive Information unless it is clearly allowed in the Supplemental Terms, explained in the Documentation, or agreed to in writing by both Parties. The Customer should also try to limit the amount of Personal Data in their Customer Data by using things like filters, data masking, or other security tools described in the Documentation.
3. Data Removal
Upon receiving a valid request for data removal, the Company shall process and address the request within seven (7) business days. All reasonable efforts will be made to ensure that the requested data is permanently deleted from active systems, backups, and records in accordance with applicable laws and company policies.
Non-Disclosure
1. Confidential Information
Confidential Information” refers to any information shared by a Party, its Affiliates, business partners, or their employees, agents, or contractors (collectively, the “Discloser”) that is marked as confidential or that a reasonable person would recognize as confidential under the circumstances. This includes, but is not limited to:
- Customer Data.
- details about the Discloser’s or its Affiliates’ technology, customers, business strategies, marketing and promotions, finances, pricing, and other operations.
- third-party information that the Discloser must keep confidential; and
- the terms of this Agreement, pricing information, and all Orders.
Confidential Information does not include information that:
- the receiving Party (“Recipient”) already knew legally without any confidentiality obligation.
- the Recipient develops independently without using the Discloser’s Confidential Information.
- the Recipient receives from a third party who is free to share it; or
- becomes public through no fault of the Recipient.
2. Restrictions on Confidential Information
The Recipient must take at least the same care to protect the Discloser’s Confidential Information as it does for its own confidential information—and always at least reasonable care. The Recipient may:
- use the information only as allowed under this Agreement, unless the Discloser gives written permission for other uses; and
- share it only with employees, partners, contractors (including legal and accounting professionals), and service providers (“Representatives”) who:
- are bound by confidentiality rules as strict as this Agreement, and
- need the information to exercise the Recipient’s rights or fulfil its obligations under this Agreement.
The Recipient is responsible for any breaches by its Representatives.
If disclosure is required by law (for example, a subpoena or court order), the Recipient should only share what is necessary and, when allowed, give the Discloser advance notice so they can seek protection.
If the Discloser believes a breach has occurred or may occur, they may seek injunctive or other equitable relief from a court.
Charges and Payment Terms
1. Payments and Invoicing
Except as explained in Section 8.2 about good faith disputes, the Customer agrees to pay all applicable fees (“Fees”) for using the Services, as set out in this Agreement, the relevant Order(s), and the applicable Service Plan(s). Unless an Order says otherwise:
- pricing for the Services is shown on the Pricing Page.
- Fees are based on usage and billed monthly after the usage period.
- all payments must be made in U.S. dollars and, unless covered by Section 8.2, within thirty (30) days from the invoice date; and
- standard Support is included in the Fees at no extra cost.
The way usage is measured may vary depending on the specific type of Service and its features, as described in the applicable Service Plan.
2. Resolution of Payment Issues
If the Customer thinks there is an error in the Fees, they must notify Middleware in writing within ten (10) days of getting the invoice. If there is no valid dispute and the payment is late, Middleware may:
- If a dispute is raised, it will be addressed within seven (7) working days, and if found valid, the disputed amount shall either be refunded or adjusted against the next invoice.
- recover reasonable collection costs, including legal fees; and
- if payment is more than ten (10) days overdue, temporarily suspend the Customer’s and their Authorized Users’ access to the Services until the balance is fully paid.
Middleware will not add interest or suspend access if the Customer is disputing the charges in good faith and actively working with Middleware to resolve the issue.
3. Billing Information and Payment Methods
If the Customer pays Fees by credit card or another supported digital payment method, they give Middleware permission to charge that account for the Services. The Customer must keep their billing information accurate and up to date to avoid payment delays.
If the Customer asks Middleware to stop using a payment method but does not provide a replacement, Middleware may immediately suspend the Customer’s and their Authorized Users’ access to the Services. Updates to the billing account will not affect charges that have already been submitted before Middleware could process the change.
Middleware uses a third-party payment processor to manage credit card transactions. The processor is allowed to use the Customer’s payment information only to process authorized payments. Any communication from the payment processor—by email or otherwise—about declined payments or account issues will be treated as valid notice from Middleware.
4. Applicable Taxes
All Fees are charged without including any taxes, levies, duties, or government-imposed charges (“Taxes”). Except for taxes based on Middleware’s own income, revenue, gross receipts, personnel, or assets, the Customer is responsible for paying all applicable sales, service, value-added, use, excise, consumption, or other Taxes on amounts due under the Orders and this Agreement.
If the Customer is required by laws outside the United States to withhold or deduct any Taxes, they must promptly pay those Taxes in line with the law. These Taxes cannot be subtracted from or used to reduce the Fees the Customer owes to Middleware.
Subscription Renewal
1. Automatic Extension of Term
For annual contracts, the Order will automatically renew for an additional twelve (12) months unless the Customer provides written notice to Middleware at least thirty (30) days prior to the renewal date of their intention not to renew.
For non-commitment (pay-as-you-go) plans, the Order will automatically renew monthly, with charges applied based on actual usage during the billing period.
2. Pricing Adjustments for Auto-Renewal
For any auto-renewal of Orders lasting twelve (12) months or more, Middleware may increase the pricing at the end of the current Order Term by the greater of:
- nine percent (9%), or
- the percentage increase during the previous twelve (12) months (or the prior Order Term if longer) in the U.S. Consumer Price Index – All Urban Consumers (U.S. All Items), or its successor, as published by the U.S. Bureau of Labor Statistics.
Unless the applicable Order says otherwise:
credits will not carry over to the renewal, and any promotional or one-time pricing will not apply to renewal terms; and
renewals for Orders shorter than twelve (12) months, or renewals where the Customer reduces their subscription quantity and/or Order Term, will be re-priced at the time of renewal, and will not be subject to the pricing limits in this section.
3. Termination of Renewal
If the Customer wants to stop auto-renewal, they should notify their Middleware Customer Success Manager at least fifteen (15) days before the current Order Term ends or make the change directly in the Services. End use and avoid extra charges, they can also submit a Support request to disable their account, stating the date for deactivation.
If the Customer keeps using the Services after the Order Term expires (except as allowed under Section 17.5) without signing a new Order, that use will be subject to Middleware’s standard terms, and pricing will follow the current rates listed on the Pricing Page. Continuing to use the Services after an Order expires will not extend the Order Term and does not prevent Middleware from suspending or ending access at any time after expiration.
Middleware may also choose not to renew an Order and will give at least fifteen (15) days’ notice before the end of the current Order Term.
Trial and Pre-Release Services
The following rules apply to any use of:
- Services provided to the Customer at no cost (“Free Services”); and
- services or features not available to all Middleware customers, or identified as beta, pilot, preview, or similar (“Beta Services”).
Unless stated otherwise in an Order:
- Free Services and Beta Services provided at no charge will become subject to the Fees on the Pricing Page once any free period in the Order ends, or, if no period is specified, upon fifteen (15) days’ prior notice from Middleware.
- free trials for new Customers are limited to fourteen (14) days, and Middleware’s right to use the Customer’s name and logo under Section 20 does not apply during the trial.
- Middleware may modify or discontinue any Beta Services at any time, with or without notice.
- Sections 4 (Up Commitment), 5 (Customer Support), and 13.1 (Middleware Warranties) do not apply to Free Services or Beta Services.
- Security Measures do not apply to Beta Services except where they relate to the underlying Services; and
- Middleware’s indemnification obligation under Section 15.1, as it relates to these offerings, is limited to a cumulative maximum of $10,000.
Purchases via Authorized Intermediaries
If the Customer obtains the Services through a third-party marketplace or a Middleware-approved reseller (each, an “Intermediary”), the following will apply only to that indirect purchase:
- all references to an “Order” in this Agreement will mean the order placed between the Customer and the Intermediary.
- in addition to the rights in Section 2.3 (Customer Data, Account Data, and Usage Data), Middleware may share Usage Data and other relevant information about the Customer with the Intermediary.
- Sections 8 (Charges and Payment Terms) and 9 (Subscription Renewal) do not apply; instead, the terms in the agreement between the Customer and the Intermediary govern.
- under Middleware’s agreement with the Intermediary, Middleware may terminate its order(s) with the Intermediary if the Intermediary fails to pay Middleware; and
- Sections 17.2, 17.3, and 17.4 (Duration and Termination) do not apply, as any termination, refund, or payment issues are handled between the Customer and the Intermediary; however, both Parties agree to follow the necessary processes via the Intermediary to achieve the intended results of Sections 17.2, 17.3, and 17.4, including any related refunds or payments.
Partner and Vendor Access Rules
If a service provider or Middleware-authorized partner (each, a “Service Provider”) accesses or uses the Services on behalf of the Customer, each user from that Service Provider will be considered an Authorized User. Middleware may enforce the following sections of this Agreement with respect to the Service Provider’s activities: Section 2 (Usage Rights and Access), Section 6 (Confidentiality, Security and Privacy), Section 7 (Non-Disclosure), Section 3 (Client Obligations and Restrictions), Section 14 (Adherence Applicable Laws), and Section 15 (defence and Indemnification).
For these sections, references to “Customer” will be interpreted as references to the Service Provider, except where the terms “Customer Environment” and “Customer Data” are concerned. For clarity, Service Providers are not beneficiaries of this Agreement.
Warranty and Disclaimers
1. Middleware Warranties
Middleware guarantees that, during the applicable Order Term:
- it will not significantly reduce the overall security of the Services.
- the Services will operate, in all material respects, as described in the Documentation; and
- it will not significantly reduce the overall functionality of the Services.
2. Exclusion of Implied Warranties
Unless this Agreement specifically says otherwise, neither Party provides any warranties or guarantees of any kind, whether express, implied, statutory, or otherwise. To the fullest extent allowed by law, each Party explicitly disclaims all implied and statutory warranties, including—but not limited to—warranties of ownership, merchantability, fitness for a particular purpose, non-infringement, and any warranties that might arise from past dealings, industry practice, or trade usage.
3. Provision of Services Without Warranty
Unless this Agreement specifically says otherwise, all Services, Support, and related materials are provided by Middleware on an “as is” and “as available” basis. Middleware does not make any promises or warranties and has no additional support obligations or liability, except as explicitly stated in this Agreement regarding the Services.
Middleware does not guarantee that the Services, Documentation, related materials, or the results of using them will:
- meet the Customer’s or any third party’s requirements.
- operate without interruption.
- achieve any intended results.
- be free from errors; or
- be compatible with, work with, or continue to collaborate with Customer Components.
Any changes or modifications to the Customer Environment, Customer Components, related connections (including periods of unavailability), or Customer Component Terms during the Order Term will not affect the Customer’s obligations under the applicable Order or this Agreement.
Adherence to Applicable Laws
Each Party agrees to follow all applicable laws and regulations while fulfilling its obligations and exe0rcising its rights under this Agreement. This includes, but is not limited to:
1. Bribery and Corruption Laws
Each Party agrees to comply with all applicable anti-bribery and anti-corruption laws, including, without limitation, the U.S. Foreign Corrupt Practices Act of 1977 and the UK Bribery Act 2010.
As of the Effective Date and the date of each Order, each Party confirms that it has not offered, given, or received any unlawful or improper bribes, kickbacks, payments, gifts, or other items of value to or from any employee, agent, or representative of the other Party or its Affiliates in connection with this Agreement.
Each Party also agrees to promptly notify the other if it becomes aware of any violation of this provision.
For clarity, this does not restrict reasonable and customary business gifts or entertainment that are allowed by law and provided in the normal course of business.
2. Trade Compliance and Sanctions
Compliance with Export Controls
Each Party agrees to follow all applicable export control laws and regulations, including the U.S. Export Administration Regulations, the International Traffic in Arms Regulations, sanctions enforced by the Office of Foreign Assets Control, and any other relevant export restrictions (together, “Export Controls”).
Each Party will ensure that no software, Services, technology, or related technical data under its control is:
- exported, re-exported, or transferred in violation of Export Controls; or
- used by anyone or for any purpose prohibited under Export Controls.
- The Customer also agrees not to include any technology or technical data in Customer Data that is subject to export control restrictions—except for technology classified as EAR99 under the U.S. Export Administration Regulations.
Following this section may require one or more export licenses or government approvals, depending on factors like destination, end-user, and intended use.
Restricted Parties and Sanctions
Neither Party will, directly or indirectly, provide, transfer, or make available any Middleware software, Services, technology, or related technical data to:
- any individual, entity, country, or region listed on the Consolidated Screening List;
- anyone located in Russia or Belarus; or
- any party that is 50% or more owned by one or more of these sanctioned targets (together, “Sanctions Targets”).
Each Party represents and warrants that:
- it is not a Sanctions Target; and
- it is not otherwise restricted—by ownership, location, intended use, or other legal factors—from providing or receiving the Services without the required license or approval under applicable Export Controls.
Defense and Indemnification
1. Middleware Indemnification Commitment
Subject to Sections 15.2 and 15.4, Middleware will defend the Customer, its Affiliates, and their employees, officers, and directors (together, the “Customer Indemnitees”) against any claim, demand, suit, or proceeding (“Action”) brought by a third party claiming that the Customer’s use
- finally awarded against them in connection with a Customer Claim, or
- paid by them under a settlement of a Customer Claim, provided the settlement has Middleware’s prior written approval.
2. Remedies for Infringement Claims
If the Services become, or Middleware believes they are likely to become, the subject of a Customer Claim, Middleware may, at its discretion and expense:
- obtain for the Customer the right to continue using the Services.
- update or adjust the Services to eliminate the infringement or misappropriation without significantly affecting functionality; or
- if neither (a) nor (b) is commercially feasible, end the Order only for the affected Services and provide a Pro-Rated Refund for those Services.
Middleware is not obligated to defend or indemnify the Customer Indemnitees for any Customer Claim resulting from “Customer-Controlled Matters,” including:
- the Customer’s Environment.
- Account Data, Customer Data, or Customer Credentials (including actions taken using those credentials), subject to Middleware’s processing obligations under this Agreement; or
- the Customer or its Authorized Users using the Services in violation of an Order, Service Plan, or this Agreement.
The responsibilities described in Sections 15.1 and 15.2 are the Customer’s only remedies and represent Middleware’s full liability for any claims of Intellectual Property Rights infringement or misappropriation.
3. Customer Indemnification Commitment
Subject to Section 15.4, the Customer will defend Middleware, its Affiliates, and their employees, officers, and directors (together, the “Middleware Indemnitees”) against any Action brought by a third party related to Customer-Controlled Matters. The Customer will cover the Middleware Indemnitees for any Losses that are either:
- finally awarded against them, or
- paid under a settlement of such Action that the Customer has approved in writing,
- in each case arising from or relating to Customer-Controlled Matters.
4. Defense Procedures
If a Customer or Middleware Indemnitee seeks indemnification under Sections 15.1 or 15.3, they must promptly:
Notify the other Party in writing about the claim.
Cooperate in the defines and investigation, at the other Party’s expense.
The Indemnifying Party will control the defense, including choosing and paying for counsel. The Indemnitee may participate and monitor the proceedings with their own counsel at their own cost but cannot control the defense.
If the Indemnitee fails to meet these obligations, the Indemnifying Party remains responsible—unless it can show that this failure significantly harmed the defense.
The Indemnifying Party cannot settle any claim that imposes costs or obligations on the Indemnitee without the Indemnitee’s prior written approval.
Limits of Responsibility
1. Exclusions from Liability
To the fullest extent permitted by applicable law, and except as otherwise stated in this Section 16:
- neither Party, nor its Affiliates, nor any of their employees, agents, contractors, officers, or directors, will be liable for any indirect, punitive, incidental, special, or consequential damages, or for any loss of business, profits, goodwill, use, data, or other intangible losses, arising out of or relating to this Agreement.
- Middleware, its Affiliates, and their employees, agents, contractors, officers, and directors will not be responsible for any compensation, reimbursement, or damage arising from the Customer’s inability to use the Services, including due to any permitted termination or suspension of this Agreement, limitations on use or access to the Services, or the cost of obtaining substitute services; and
- in no event will either Party’s total cumulative liability under this Agreement exceeds the total Fees paid by or on behalf of the Customer to Middleware for the specific Services giving rise to the liability under the applicable Order(s), including prior Orders for the same Services, during the twelve (12) months preceding the event giving rise to such liability.
2. Exceptions to Liability Limits
The exclusions and limits in Section 16.1 do not apply to:
- A Party’s gross negligence, intentional wrongdoing, or fraud related to this Agreement.
- Party’s indemnification obligations under Section 15.
- The Customer’s breach of Section 3.2 (Customer Restrictions); or
- The Customer’s payment obligations to Middleware under this Agreement.
Duration and Termination
1. Effectiveness of Agreement
This Agreement will remain in effect until ninety (90) days after the expiration or earlier termination of the final active Order.
2. Termination Rights for Cause
Middleware may terminate any Order by giving written notice to the Customer if the Customer fails to pay any undisputed amount due under the Order, as described in Section 5.2, and the failure continues for more than fifteen (15) days after notice. Either Party may terminate all Orders and this Agreement with written notice if the other Party materially breaches the Agreement and does not fix the breach within thirty (30) days of receiving notice.
Additionally, either Party may terminate all Orders and this Agreement with written notice if the other Party:
- becomes insolvent, files for bankruptcy, begins or participates in any similar financial restructuring, or agrees to such a process; or
- assigns its rights or assets for the benefit of creditors.
3. Consequences of Termination
When an Order ends, whether by expiration or early termination:
- the Customer’s right to use the Services under that Order stops on the termination date, except as described in Section 11.5.
- Middleware is no longer required to provide the Services to the Customer or its Authorized Users after that date, except as described in Section 11.5; and
- any outstanding payments will be settled according to Section 11.4, subject to Section 5.2 (Payment Disputes).
4. Post-Termination Payments
If an Order is ended early—by the Customer under Section 11.2, or by Middleware under Section 12.2:
- the Customer will not have to pay for any Services that have not been provided yet; and
- Middleware will give the Customer a pro-rated refund for any unused prepaid amounts for those Services (a “Pro-Rated Refund”).
In all other cases, the Customer is not entitled to a refund, even if they did not use all the Services. Any committed Fees for the full Order term, along with any additional Fees accrued up to the termination date based on actual usage, will be immediately due and payable.
5. Termination Data Access Rights
If the Customer has paid all amounts due under this Agreement, and unless the Service Plan specifies a shorter retention period, an Authorized User can access and download Customer Data for up to thirty (30) days after the Agreement or Order ends. This access is limited to Customer Data that was available to Authorized Users just before termination and may only be used for downloading that data.
Any use of the Services beyond this authorized period will be billed according to the Pricing Page. Customer Data will be deleted according to the normal process and will not be kept beyond the retention period specified in the Service Plan. The Customer can request earlier deletion by sending a request to [email protected].
6. Clauses that Survive Termination
The following Sections, along with any other rights or obligations that naturally continue even after the Agreement ends, will remain in effect after termination or expiration of this Agreement:
- 2.3 (Customer Data, Account Data and Usage Data)
- 8 (Charges and Payment Terms)
- 7 (Non-Disclosure)
- 3.2 (Restriction on Use of Services)
- 17 (Duration and Termination)
- 15 (Defence and Indemnification)
- 16 (Limits of Responsibility)
- 21 (Notices of Claims)
- 22 (Legal, Authority and Forum)
- 23 (Closing Provisions)
Agreement Transferability
Either Party may transfer this Agreement and its Orders to an Affiliate or as part of a merger, reorganization, or sale of most or all its business related to this Agreement, provided that:
- Written notice is given within 60 days of the transfer; and
- The new party agrees in writing to assume all obligations under this Agreement, including any outstanding Fees.
Apart from this, neither Party may assign or transfer any rights or obligations without the other Party’s written consent. Any unauthorized transfer is invalid.
This Agreement binds and benefits both Parties and their permitted successors and assigns.
Unexpected Occurrences
Neither Party will be liable or considered in breach for any delay or failure to perform (except for payment obligations) caused by events beyond its reasonable control, such as natural disasters, pandemics, war, civil unrest, terrorism, cyberattacks, major internet outages, government actions, or other emergencies (“Force Majeure Event”).
The affected Party must promptly notify the others, estimate the duration of the disruption, and take reasonable steps to resume performance and limit the impact.
Communications and Branding
Neither Party may, except as required by law or stock exchange rules, make any announcement, statement, press release, or other public or marketing communication about this Agreement, or use the other Party’s logos or trademarks, without prior written consent.
However, Middleware may list the Customer’s name and logo in its customer lists, on its public website, and in other promotional materials, if it follows any Customer brand guidelines provided. Middleware will stop using the Customer’s name and logo within thirty (30) days of receiving a written request submitted through Middleware’s specified process.
Notices of Claims
1. Indemnification and Legal Notices
Notices related to indemnification and Section 7 (“Legal Notices”) must be sent:
- to Middleware, Attn: Legal, at the headquarters address listed on its public website, with a copy to [email protected]; or
- to the Customer at the physical and email addresses listed in its Order(s).
All Legal Notices under this Section 21.1 must be in writing and will be considered delivered:
- one business day after being sent by overnight courier to the recipient’s physical address; or
- three business days after being sent by registered mail, return receipt requested, to the recipient’s physical address.
2. Operational Communications
To Middleware
- [email protected] – for matters related to Sections 5 and 17.5.
- [email protected] – for matters related to Section 8.
- any other email address specifically listed in the relevant section of this Agreement; or
- the Customer’s designated Middleware Customer Success Manager via email – for all other communications, including those under Sections 9.3 and 18.
To Customer
For any other notices or communications to the Customer, Middleware may contact:
- the designated Customer Administrator via email (including for matters related to Section 21.3).
- the Customer’s billing contact, as listed in the applicable Order or within the Account Data, via email (for matters related to Section 8); or
- for general notices not specific to the Customer, by posting the communication within the Services.
Legal Authority and Forum
Unless a matter is governed by U.S. federal law, this Agreement is governed by the laws of New York State, without considering its conflict-of-law rules.
Any dispute, claim, or legal proceeding related to this Agreement must be brought only in the state or federal courts in New York, USA, and both Parties agree to the jurisdiction and venue of these courts.
The Parties also agree that the United Nations Convention on Contracts for the International Sale of Goods does not apply.
Closing Provisions
1. Complete Understanding
This Agreement, together with all Orders, the Acceptable Use Policy (AUP), and any Supplemental Terms, is the complete and only agreement between the Parties, replacing any prior written or oral proposals, communications, or agreements on this topic.
Any conflicting or additional terms in documents issued by the Customer will not apply. This Agreement also overrides any prior confidentiality, non-disclosure, evaluation, or trial agreements related to the Customer’s or its Affiliate’s evaluation of, or use of, the Services.
2. Government End-User Terms
The Services and Documentation are provided to the U.S. Government as “commercial items,” including commercial software, software documentation, and technical data, under the same rights and restrictions as standard commercial licenses.
If the Customer or any Authorized User is using the Services or Documentation for the U.S. Government and finds that these terms conflict with federal requirements or law, they must stop using them right away.
These terms are based on the definitions in the Federal Acquisition Regulation (FAR) and the Defense Federal Acquisition Regulation Supplement (DFARS).
3. Independence of Parties; No External Rights
The Parties are independent contractors, and this Agreement does not create a partnership, joint venture, employment, or agency relationship.
It is intended only for the benefit of the Parties and their permitted successors or assigns and does not grant any rights or claims to third parties.
4. Amendment
Except as allowed under Section 23.8, any changes or amendments to this Agreement must be in writing and signed by authorized representatives of both Parties.
5. No Waiver
If a Party fails to enforce or require compliance with any part of this Agreement, it does not waive that right. Likewise, any waiver granted by a Party does not waive any other term, condition, or provision of this Agreement.
6. Severability
If any part of this Agreement is found to be invalid or unenforceable, the rest of the Agreement will remain fully valid, binding, and enforceable.
7. Headings
Headings in this Agreement are for convenience only and do not affect how its terms are interpreted. In this Agreement:
- “Include,” “includes,” and “including” mean “including without limitation.”
- “Or” is interpreted as non-exclusive.
- “Herein,” “hereof,” “hereby,” “hereto,” and “hereunder” refer to the Agreement as a whole.
8. Changes to this Agreement
Middleware may update this Agreement at any time by posting a revised version at https://middleware.io/master-subscription-agreement/.
- Changes take effect on the first day of the month after they are posted.
- If an Order has a fixed term of 12 months or longer, changes take effect at the start of the next Renewal Order Term.
- If the Customer disagrees with the revised Agreement, the sole remedy is to decline renewal under Section 13.3.
- Each Order is governed by the version of the Agreement in effect on the date the Order was placed.