SecOps Service Specific Terms

1. Data Location. In the Order Form or by other means made available by Google, Customer may select to store Customer Data in a specific Region or Multi-Region as detailed in the SecOps Services Locations Page (“Data Location Selection”), and Google will store that Customer Data at rest only in the selected Region/Multi-Region. If a Data Location Selection is not made by Customer, Google may (subject to the Data Processing and Security Terms) process and store Customer Data anywhere Google or its agents maintain facilities. The Services do not limit the locations from which Customer or Customer End Users may access Customer Data or to which they may move Customer Data. For clarity, Customer Data does not include resource identifiers, attributes, or other data labels.

2. General Software Terms. The following terms apply to all Software:

a. License. Google grants Customer a royalty-free (unless otherwise stated by Google), non-exclusive, non-sublicensable, non-transferable license during the Term to reproduce and use the Software ordered by Customer on systems owned, operated, or managed by or on behalf of Customer in accordance with (i) the Agreement, and (ii) if applicable, the Scope of Use. Customer may authorize its and its Affiliates' employees, agents, and subcontractors (collectively, “Software Users”) to use the Software in accordance with this section (License), so long as Customer remains responsible. Customer may make a reasonable number of copies of the Software for back-up and archival purposes. For clarity, Software does not constitute Services.

b. Documentation. Google may provide Documentation describing the appropriate operation of the Software, including a description of how Software is properly used, and whether and how the Software collects and processes data. Customer will comply with any restrictions in the Documentation regarding Software use.

c. Compliance With Scope of Use. Within 30 days of Google’s reasonable written request, Customer will provide a sufficiently detailed written report describing its usage in accordance with the applicable Scope of Use of each Software product used by Customer and its Software Users during the requested period. If requested, Customer will provide reasonable assistance and access to information to verify the accuracy of Customer’s Software usage report(s).

d. Other Warranties and Compliance. Each party represents and warrants that it will comply with all laws and regulations applicable to its provision or use of the Software, as applicable. Customer will: (i) ensure that Customer and its Software Users' use of the Software complies with the Agreement and the restrictions in the Agreement applying to Customer's use of the Services; (ii) use commercially reasonable efforts to prevent and terminate any unauthorized access to or use of the Software; and (iii) promptly notify Google of any unauthorized access to or use of the Software of which Customer becomes aware. If the Software contains open source or third-party components, those components may be subject to separate license agreements, which Google will make available to Customer. Customer is solely responsible for complying with the terms of any third-party sources from which Customer elects to migrate its workloads onto the Services, and represents and warrants that such third-party sources permit the use of Software to migrate applications away from such sources. If the Agreement terminates or expires, then Customer will stop using all Software and delete it from Customer's systems.

3. Premium Software Terms. The following terms apply only to Premium Software:

a. Introduction. Google makes certain Software available under the Agreement described as “Premium Software” in an Order Form or as otherwise identified as Premium Software by Google (“Premium Software”). Customer will pay applicable Fees for any Premium Software it obtains as described in the applicable Order Form. Premium Software is Google’s Confidential Information.

b. Software Warranty. Google warrants to Customer that for one year from its delivery, Premium Software will perform in material conformance with the applicable Documentation. This warranty will not apply if (i) Customer does not notify Google of the non-conformity within 30 days after Customer first discovers it, (ii) Customer modifies Premium Software or uses it in violation of the Agreement, or (iii) the non-conformity is caused by any third-party hardware, software, services, or other offerings or materials, in each case not provided by Google.

If Google breaches this warranty, then Google will, in its discretion, repair or replace the impacted Premium Software at no additional charge. If Google does not believe that repairing or replacing would be commercially reasonable, then Google will notify Customer and (A) Customer will immediately cease use of the impacted Premium Software and (B) Google will refund or credit any prepaid amounts for the impacted Premium Software and Customer will be relieved of any then-current commitment to pay for future use of the impacted Premium Software. Without limiting the parties’ termination rights, this section (Software Warranty) states Customer’s sole remedy for Google’s breach of the warranty in this section (Software Warranty).

c. Software Indemnification. Google’s indemnity obligations under the Agreement with respect to allegations of infringement of third-party Intellectual Property Rights apply to Premium Software, and Customer’s indemnity obligations under the Agreement with respect to Customer’s use of the Services apply to Customer’s use of Premium Software. In addition to any other indemnity exclusions in the Agreement, Google’s indemnity obligations will not apply to the extent the underlying allegation arises from modifications to Premium Software not made by Google or use of versions of Premium Software that are no longer supported by Google.

d. Technical Support. Unless otherwise specified by Google, Google will make TSS available for Premium Software for an additional charge, in accordance with the TSS Guidelines.

e. Compliance. Premium Software may transmit to Google metering information reasonably necessary to verify that use of the Premium Software complies with the Scope of Use, as described in the applicable Documentation. Customer will not disable or interfere with the transmission of such metering information.

f. Updates and Maintenance. During the Term, Google will make available to Customer copies of all current versions, updates, and upgrades of Premium Software, promptly upon general availability, as described in the Documentation. Unless otherwise stated in the Documentation for the applicable component of Premium Software, Google will maintain the current release of Premium Software and the two versions immediately preceding the current release, including by providing reasonable bug fixes and security patches. Maintenance for any Premium Software may be discontinued with one year’s notice from Google, except Google may eliminate maintenance for a version and require upgrading to a maintained version to address a material security risk or when reasonably necessary to avoid an infringement claim or comply with applicable law.

4. Pre-GA Offerings Terms. Google may make available to Customer pre-general availability features, services or software that are either not yet listed at https://cloud.google.com/terms/secops/services or identified as “Early Access,” “Alpha,” “Beta,” “Preview,” “Experimental,” or a similar designation in related documentation or materials (collectively, “Pre-GA Offerings”). While Pre-GA Offerings are not Services or Software, Customer’s use of Pre-GA Offerings is subject to the terms of the Agreement applicable to Services (or Software, if applicable), as amended by this Section 4.

Customer may provide feedback and suggestions about the Pre-GA Offerings to Google, and Google and its Affiliates may use any feedback or suggestions provided without restriction and without obligation to Customer.

PRE-GA OFFERINGS ARE PROVIDED “AS IS” WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES OR REPRESENTATIONS OF ANY KIND. Pre-GA Offerings (a) may be changed, suspended or discontinued at any time without prior notice to Customer and (b) are not covered by any SLA or Google indemnity. Except as otherwise expressly indicated in a written notice or the documentation for a given Pre-GA Offering, (i) Pre-GA Offerings may not be covered by TSS, (ii) the Data Processing and Security Terms do not apply to Pre-GA Offerings and Customer should not use Pre-GA Offerings to process personal data or other data subject to legal or regulatory compliance requirements, and (iii) Google’s data location commitments set out in these Service Specific Terms will not apply to Pre-GA Offerings. With respect to Pre-GA Offerings, to the maximum extent permitted by applicable law, neither Google nor its suppliers will be liable for any amounts in excess of the lesser of (A) the limitation on the amount of liability stated in the Agreement or (B) $25,000. Nothing in the preceding sentence will affect the remaining terms of the Agreement relating to liability (including any specific exclusions from any limitation of liability). Customer's access to and use of any Pre-GA Offering is subject to any applicable Scope of Use. Either party may terminate Customer's use of a Pre-GA Offering at any time with written notice to the other party. Certain Pre-GA Offerings may be subject to additional terms stated below.

5. Benchmarking. Customer may conduct benchmark tests of the Services (each a "Test"). Customer may only publicly disclose the results of such Tests if it (a) obtains Google's prior written consent, (b) provides Google all necessary information to replicate the Tests, and (c) allows Google to conduct benchmark tests of Customer's publicly available products or services and publicly disclose the results of such tests. Notwithstanding the foregoing, Customer may not do either of the following on behalf of a hyperscale public cloud provider without Google's prior written consent: (i) conduct (directly or through a third party) any Test of the Services or (ii) disclose the results of any such Test.

6. Trials. Certain Services may be made available to Customer on a trial basis. The parameters of each trial, including any Scope of Use, may be presented to Customer either through the Order Form, Documentation, email, or as otherwise communicated by Google. Use of a trial indicates Customer’s acceptance of any such parameters.

7. Additional Definitions.

“Multi-Region” means a defined set of Regions.

“Region” means a region from which a particular Service is offered, as identified at the SecOps Services Locations Page.

“Scope of Use” means any limits on installation or usage of Services or Software presented by Google.

“SecOps Services Locations Page” means https://cloud.google.com/terms/secops/data-residency.

The following terms apply only to the Service(s) indicated in the section title.

1. Chronicle SIEM

a. Service Models. Chronicle SIEM is available in one of the following two service models, as specified in an Order Form:

i. Data Ingestion. Customers are charged a flat rate based on data ingestion up to the Data Cap. The following terms apply to this service model:

A. Data Limitations. Chronicle SIEM is only to be used for Security Telemetry. Customer agrees that it will not provide any data to Chronicle SIEM that is not Security Telemetry.

B. Overages. If Customer exceeds its Data Cap, then Customer will purchase an increase to its Data Cap. If Customer does not purchase an increase to its Data Cap within fifteen (15) days of notice from Google, then Google may terminate the applicable Order Form(s) upon written notice to Customer.

ii. Covered Personnel. Customers are charged a flat rate per each Covered Personnel. The following terms apply to this service model:

A. Data Limitations. Chronicle SIEM is only to be used for Network Telemetry and Third Party Telemetry. Customer agrees that it will not provide any data to Chronicle SIEM that is not Network Telemetry or Third Party Telemetry. Customer further agrees to work with Google to filter Customer Data that does not constitute Network Telemetry or Third Party Telemetry.

B. Overages. Overages in the number of Covered Personnel are subject to proportional increases in Customer’s Fees during an Order Term based on any ten percent (10%) or more increase in Covered Personnel from the number reported in an Order Form. 

C. Compliance. Within 30 days of Google’s reasonable written request, Customer will provide documentation establishing that the number of Covered Personnel providing Customer Data to Chronicle SIEM does not exceed the number reported in an Order Form plus ten percent (10%).

b. Service Suspension. Google may Suspend Customer’s access to Chronicle SIEM if Customer does not comply with the data limitations provisions in Section 1(a)(i)(A) and Section 1(a)(ii)(A) (as applicable) of these Chronicle SIEM Service Terms, and Customer’s non-compliance is not cured following notice from Google within the Data Limitation Notice Period. If Google Suspends Customer’s access to Chronicle SIEM under this Section, then (i) Google will provide Customer notice of Suspension without undue delay, to the extent legally permitted, and (ii) the Suspension will be to the minimum extent and for the shortest duration required to resolve the cause for Suspension.

c. Data Period. Subject to and in accordance with the Data Processing and Security Terms, (i) Google will maintain Customer Data in Chronicle SIEM for the Data Period, and (ii) Customer instructs Google that it may delete Customer Data that is outside the Data Period.

d. Third-Party Terms. 

i. Third-Party Offerings. Customer must obtain access to any Third-Party Offerings from the respective provider (a “Third-Party Provider”). To the extent Customer provides access to the Customer’s Account to a Third-Party Offering or Third-Party Provider, Customer explicitly consents and instructs Google to allow the Third-Party Provider of any such Third-Party Offerings to access Customer Data as may be required to interact with Chronicle SIEM, including to copy Customer Data into or out of Chronicle SIEM. For clarity, Third-Party Providers are not Subprocessors (as defined in the Data Processing and Security Terms).

A. Disclaimers. The manner in which Third-Party Offerings and Third-Party Providers transmit, use, store, and disclose Customer Data is governed solely by the policies of such Third-Party Offering and Third-Party Provider. To the extent permitted under applicable law, Google will have no liability or responsibility for:

1. Customer’s use of a Third-Party Offering, including any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such Third-Party Offering, actions or the effect of actions that Customer authorizes Google to take with respect to Third-Party Offerings and a Third-Party Provider’s access to and use of Customer Data;

2. the privacy practices or other actions of any Third-Party Offering or Third-Party Provider; or

3. the accuracy, availability, or reliability of any data, information, content, services, advice, or statements made available in connection with such Third-Party Offering.

B. Representations and Warranties. Customer represents and warrants that nothing in the Agreement, or Customer’s use of Chronicle SIEM, will violate any agreement or terms with a third party to which Customer is subject. 

ii. Looker Terms. Google uses Looker and BigQuery with Chronicle SIEM for dashboarding and reporting features. Customer may only use Looker and BigQuery as part of Chronicle SIEM subject to any deployment, configuration, and use limitations provided or described by Google. Google may make Software available to Customer in connection with Customer’s use of Looker, including third-party Software. Some Software may be subject to third-party license terms, which can be found at https://looker.com/trust-center/legal/notices-and-acknowledgements. If Customer stops using Chronicle SIEM or Looker, then Customer will also stop using the Software. Notwithstanding any provision in these Chronicle SIEM Service Terms, the then-current data processing and security terms for Looker described at https://looker.com/trust-center/legal/customers/dpst are incorporated by reference in the Agreement and apply to the storage and processing of Customer Data by Looker. Customer’s access to Looker may be terminated by Google, at any time, if Customer is found to be in breach of the Agreement. Notwithstanding anything to the contrary in the Agreement, as used in this Section 1(d)(ii) in these Chronicle SIEM Service Terms, the term “Customer Data” means (a) all data in Customer’s databases provided to Looker by Customer or End Users via Chronicle SIEM, and (b) all results provided to Customer or End Users for queries executed against such data via Looker. Google’s data location commitments under General Service Terms Section 1 (Data Location) do not apply to Looker dashboarding and reporting.

e. Managed Security Service Providers. The following terms apply where Customer purchases Chronicle SIEM as a Managed Security Service Provider:

i. In the following definitions in Section f (Additional Definitions) in these Chronicle SIEM Service Terms, all references to Customer will be replaced with End User(s): (A) Covered Personnel, (B) Customer Network, (C) Network Telemetry, and (D) Third Party Telemetry; 

ii. Customer may not use Chronicle SIEM for internal purposes, unless Customer has a separate Order Form for internal use; and 

iii. In General Service Terms Section 2 (General Software Terms): (A) End Users are included in the definition of “Software Users”, and (B) Customer may reproduce and use the Software ordered by Customer on systems owned, operated, or managed by or on behalf of End Users in accordance with (Y) the Agreement, and (Z) if applicable, the Scope of Use, provided that Customer will be liable for the acts and omissions of its End Users.

f. Additional Definitions. 

“Covered Personnel” means an employee or contractor of Customer. 

“Customer Network” means the network used by Customer for internal business purposes, and all applications, software, services, and physical devices used for internal business purposes that connect to such network.

“Data Cap” means the amount of Customer Data that is provided to Chronicle SIEM through the Account on an annual basis starting from the Services Start Date, as specified in an Order Form.

“Data Limitation Notice Period” means either (a) 72 hours after Google’s notice to Customer of non-compliance or (b) 7 days after Google’s notice if Customer reasonably demonstrates to Google that Customer is taking reasonable steps to remedy the non-compliance.

“Data Period” means the length of time that Customer Data will be available in Chronicle SIEM, as specified in an Order Form. The Data Period is calculated on a monthly rolling, lookback basis from the current date using the event date/timestamp of the Customer Data as read by the Chronicle SIEM. If not specified in an Order Form, the Data Period is 12 months.

“Documentation” means the then-current Chronicle SIEM documentation made available by Google to its customers for use with the Services at https://cloud.google.com/chronicle/docs.

“Managed Security Service Provider” means a Customer that provides its own Customer Applications that complement, enhance, or extend the reach or functionality of Chronicle SIEM for use solely by End Users. This would be applicable to Customer’s participation in the Program.

“Network Telemetry” means Security Telemetry generated by devices that are part of the Customer Network and does not include Security Telemetry generated by anyone other than Covered Personnel; for example Network Telemetry does not include Security Telemetry generated by Customer’s customers or Customer’s partners.

“Program” means the GCSecurity MSSP Partner Program as described in the then-current GCSecurity MSSP Partner Program, the most current version of which can be found at https://chronicle.security/partners.

“Security Telemetry” means the metadata or other data that relates to Customer’s or a Customer End User’s security posture and that is produced by security related features, products, or services.

“Third Party Telemetry” means Security Telemetry Customer has received from a third party that Customer uses for purposes of securing the Customer Network.

2. Chronicle SOAR

a. Cooperation. To facilitate Google’s performance of its obligations under the Agreement and the proper provision of Chronicle SOAR, Customer and its End Users will assist Google to provide and share Performance Information at its disposal. If Customer licensed Premium Software, Customer shall facilitate Google’s remote access to the Premium Software deployed at Customer’s site or premises for the purpose of Google obtaining Performance Information. If Customer uses Chronicle SOAR, Customer will allow Google to access Customer’s account for the purpose of Google obtaining Performance Information. To the extent that Customer fails to provide the foregoing, Google shall be excused from the performance of its obligations hereunder, insofar as such performance is not possible due to Customer’s failure to so provide the foregoing.

b. Output Data. Customer assumes sole and exclusive responsibility: (i) for all acts or omissions, that Customers or others on its behalf engage in, in response to the Output Data; (ii) to thoroughly review the Output Data frequently, check for any alerts or warnings issued by the Premium Software or Services, address the findings specified in the Output Data and determine what actions are appropriate in light thereof; and (iii) to carry out such actions as Customer deems appropriate as a result of the Output Data. To the extent permitted under applicable law, Google has no responsibility or liability, regarding the Customer’s reliance upon, or use of, the Output Data, Customer's actions or omissions in connection with the Output Data, or any consequences resulting therefrom.

c. Related Systems. Customer acknowledges that given the nature of Chronicle SOAR and/or Premium Software, the use, operation and performance of Chronicle SOAR and/or Premium Software relies on the availability and proper configuration of the Related Systems. Customer acknowledges and agrees that in order to use the Services and/or Premium Software, Customer has to acquire and properly manage and configure such Related Systems, at its own responsibility, cost and expense.

d. Additional Definitions.

“Documentation” means the then-current Chronicle SOAR documentation made available by Google to its customers for use with the Services at https://documents.siemplify.co/en.

“Output Data” means the reports, alerts, notices and other types of information and data that Chronicle SOAR and/or Premium Software may generate.

“Performance Information” means the Output Data and any information about Customer’s use of Chronicle SOAR and/or Premium Software, including Chronicle SOAR and/or Premium Software’s performance, compatibility, interoperability, bugs, errors and malfunctions, in connection with Customer’s use of Chronicle SOAR and/or Premium Software, the architecture and layout of the Related Systems and Chronicle SOAR and/or Premium Software’s functions and processes as carried out with respect to the Related Systems.

“Related Systems” means Customer’s IT systems that are directly or indirectly connected with or monitored by Chronicle SOAR and/or Premium Software.