Enterprise Subscription Agreement

This Enterprise Subscription Agreement (“ESA”) is between DomainTools, LLC (“DomainTools”) and the entity indicated on the applicable Service Order (defined below).

This ESA, any Service Order in which it is incorporated, any applicable Service Level Agreement, and any document incorporated by reference herein or therein, represents the parties’ entire agreement regarding the Services detailed in a Service Order (collectively, the “Agreement”).  In the event of a conflict between this ESA and a Service Order, the terms of the Service Order will control.  No modification or amendment of this Agreement will be effective unless it is in writing and signed by the parties. No terms, provisions or conditions of any purchase order or other business form Customer may use will affect the rights, duties or obligations of the parties hereunder, or otherwise modify this Agreement.

1. Definitions

“Confidential Information” means information that one party discloses to the other party under this Agreement that is marked as confidential or that would normally be considered confidential information under the circumstances. It does not include information that (a) is independently developed by the recipient; (b) is rightfully made available to the recipient by a third party, and to the recipient’s knowledge, is not subject to any obligations of confidentiality to the disclosing party;  or (c) that becomes public through no fault of the recipient.

“On-Site Customer Managed Data” means Services Data from DomainTools’ databases made available to Customer and for which persistent storage and usage by Customer is allowed pursuant to the terms of this Agreement.

“Permitted Location” means (a) a server owned and controlled by Customer, addressable only from IP addresses within Customer’s local network and physically located on Customer’s premises; (b) a server owned and controlled by Customer, addressable only by VPN from an IP address within Customer’s local network, and physically located within a secure hosting facility; or (c) a virtual server controlled by Customer and provided by a third party from a physical server located within a secure hosting facility owned or controlled by such third party.

“Query” means a request for Services Data submitted by a user of a Service.

“Services” means the DomainTools services to which Customer subscribes as identified in the Service Order, including any Application Program Interface (“API”), tools, software, code, documentation or other materials provided therewith.

“Services Data” means data made available to Customer by a Service.

“Service Order” means a DomainTools’ quote accepted by Customer or other ordering document signed by DomainTools and Customer incorporating this Agreement.  For Customer’s purchasing through a reseller “Service Order” also means the ordering document entered into between Customer and reseller, but only with respect to the description of Services, Subscription and Term and any Service specific terms included therein which are consistent with the corresponding order made by reseller and accepted by DomainTools.

“Subscription” means a subscription to a Service for a defined term as specified in an Service Order.

Term”  has the meaning set forth in Section 6.

2. Subscription to Services

a. Right to Use. Subject to the terms and conditions of this Agreement, DomainTools grants Customer a limited, non-exclusive, and nontransferable right, during the appliable Term, to (i) access and use the Services through the interfaces provided by DomainTools, and (ii) if software is provided as part of the Services, to install and use such software in executable form, solely for purposes of accessing the Service, (iii) if an API or other tool or technology is provided with the Service, to use the tool or technology solely for the purpose of accessing the Service as directed by DomainTools.

b. Acceptable Use.Customer agrees to use the Services and any Services Data (i) solely for Customer’s internal business purposes (except to the extent product integration is expressly authorized in a Service Order), (ii) solely in connection with cybersecurity; fraud prevention; network and information security; threat detection, prevention, and remediation; law, regulatory, and rights enforcement; and the investigation of illegal acts or threats to safety or security, and (iii) solely in accordance with this Agreement and the applicable Service Order.

c. Restrictions. Customer may not use the Services or any Services Data: (i) in a way prohibited by law, regulation, governmental order, or decree; (ii) to violate the rights of others; (iii) to disparage or harm the reputation of any third-party, (iv) to try to gain unauthorized access to or disrupt any service, device, data, account or network; (v) to generate, distribute, publish, or facilitate spam, malware, malicious code, or items of a destructive or deceptive nature; or (vi) to harm, disable, interfere with, or circumvent any aspect of the Services or impair anyone else’s use of the Services. Customer may not distribute, sublicense, resell, transfer, or make available the Services, Services Data, or any portion thereof, to or for third parties, in each case unless and except as expressly authorized in a Service Order. Additionally, Customer may not, copy, modify, create a derivative work of, reverse engineer, decompile, disassemble, or work around technical limitations in the Services, except to the extent applicable law permits it despite these limitations. Use of any “deep-link,” “page-scrape,” “robot,” “spider” or other automatic device, program, algorithm or methodology, or any similar manual process, to access, acquire, copy, or monitor any portion of the Services, or any Services Data, is prohibited. Customer may not access or use the Services or Services Data for purposes of monitoring their availability, performance or functionality, or for any other benchmarking or competitive purposes, including, without limitation, for the purpose of designing and/or developing any competitive service or data set. Without limiting the foregoing, Customer may not use Services Data to train machine learning algorithms or input the Services Data into any generative artificial intelligence (AI) applications. Customer shall not alter the form or content of the Services without the written permission of DomainTools, nor remove, conceal or alter any intellectual property or proprietary rights notices used with the Services. Except for On-Site Customer-Managed Data, which is subject to Section 3(c) below, Customer shall not utilize the Services to create a persistent database or other repository containing Services Data.

d. Account Credentials. Customer is responsible for maintaining the confidentiality of any non-public authentication credentials associated with Customer’s use of a DomainTools account or the Services.

e. User Access.Users may be required to have a DomainTools account in order to use the Services. Customer will obtain and maintain any consents necessary for DomainTools to provide Customer’s users access to the Services. Customer controls access to the Services by its users and is responsible for their use in accordance with this Agreement.

f. Changes to the Services.DomainTools may make commercially reasonable changes to the Services from time to time. DomainTools will provide Customer with 30 days’ notice before removing any material feature or functionality or discontinuing a Service, unless security, legal or system performance considerations require an expedited removal.

g. Reservation of Rights. As between Customer and DomainTools, DomainTools reserves all right title and interest in and to the Services and the Services Data, and Customer acquires no rights with respect to the Services or the Services Data, by implication or otherwise, except as expressly granted under this Agreement.

3. Service Specific Terms and Conditions

a. Generally. The Service specific terms and conditions set out in this Section 3 apply in each case to the extent a purchased Subscription includes the identified Service components. Additional Service specific terms and conditions may apply as identified in the applicable Service Order.

b. Remote Access APIs. DomainTools may provide Customer with capability to make Queries to certain of the DomainTools databases through the use of a DomainTools API. Customer will be issued one or more API keys which Customer may use solely to access Services during the applicable Subscription Term. Customer is responsible for keeping the API keys confidential. Customer may not exceed API Query limits set forth in the applicable Service Order. Data accessed via APIs and stored for more than 30 days shall be treated as On-Site Customer Managed Data.

c. On-Site Customer Managed Data.

i. Installation and Access. DomainTools may provide Customer with, or direct Customer to, the basic software and instructions to install and operate an instance of subscribed DomainTools databases, enabling On-Site Customer Managed Data. Customer will not install or use the On-Site Customer Managed Data except as expressly authorized hereunder. Customer may install one copy of the On-Site Customer-Managed Data and may access and use the On-Site Customer-Managed Data, subject to the terms of this Agreement. Customer may also install one (1) inactive backup copy of the On-Site Customer-Managed Data. Customer’s initial placement of the On-Site Customer-Managed Data and the backup copy must be approved in writing by DomainTools (email to suffice). Any relocation of On-Site Customer-Managed Data is subject to DomainTools’ prior written approval (email to suffice). Database updates will be made available as set forth in the applicable Service Order.

ii. Security Obligations. Customer shall at all times utilize reasonable and appropriate security practices to protect, safeguard, and secure the On-Site Customer-Managed Data against unauthorized access, use or disclosure. Those security practices will include, at a minimum: (A) strong encryption of the full database of On-Site Customer-Managed Data or any significant subset thereof in transit and at rest; (B) segregation of the full database of On-Site Customer-Managed Data or any significant subset thereof from other data (where logical segregation shall be adequate, with implementation of industry standard access controls); (C) ensuring that all computers or servers containing or with access to the On-Site Customer-Managed Data run the current version (including updated virus and threat definitions) of industry standard anti-virus software or intrusion detection software; (D) ensuring that all systems containing the full database of On-Site Customer-Managed Data or any significant subset thereof are protected by fully updated industry-standard firewalls; (E) not placing the full database of On-Site Customer-Managed Data or any significant subset thereof on any portable computer or media; (F) ensuring that only personnel with a need to know for the fulfillment of their duties to Customer will access the On-Site Customer-Managed Data, only to the extent necessary for fulfillment of the duties of such personnel; and (G) establishing and maintaining a system of granular access control (including automatic logging of user access and retention of such logs) to enforce the access limitations described in clause (F).

iii. Deletion.Customer shall promptly delete all On-Site Customer Managed Data, Query results, and any back-ups of these, at the end of the applicable Subscription Term.

d. Security Information Exchange Channels. DomainTools may provide Customer with access to streamed data channels through its private framework (Security Information Exchange (SIE) Channels). Customer will receive access to the SIE Channels through the delivery mechanism set forth on the applicable Service Order or otherwise agreed to by the parties. DomainTools may monitor ingoing and outgoing Internet traffic to and from the SIE to ensure compliance by Customer with this Agreement. Services Data accessed via SIE Channels may be stored temporarily by Customer, if stored for more than 30 days such data shall be treated as On-Site Customer Managed Data and subject to the requirements of 3.c. above.

e. Take Down Requests. To the extent DomainTools initiates takedown requests to third-parties as a part of the Services, Customer hereby grants to DomainTools a limited, revocable appointment to submit such takedown requests on behalf of Customer (or its affiliates), and agrees to provide written authorizations upon DomainTools’ request to confirm DomainTools’ authority to submit such takedown requests. Customer understands that DomainTools does not and cannot control the processing of takedown requests or guarantee success.

4. Orders and Payment

a. If Purchasing Directly from DomainTools. Customer will pay DomainTools the fees for a Subscription, and any other amounts due under a Subscription Order, without deduction or setoff. Unless otherwise set forth in a Service Order, Subscription fees shall be invoiced annually in advance and will be payable in U.S. Dollars. Payment shall be due within thirty (30) days of the invoice date in accordance with the remittance instructions provided by DomainTools. Prices are exclusive of tax. All taxes, duties, fees and other governmental charges (other than taxes based on DomainTools’ net income) imposed on the Subscription fees will be paid by Customer.

b. If Purchasing through a Reseller. Prices for each Subscription and any invoicing terms and conditions will be established by Customer’s reseller. If Customer or reseller chooses to terminate their business relationship, Customer may choose a replacement reseller or purchase a Subscription directly from DomainTools, which may require Customer to accept different terms.

5. Confidentiality

a. Protection of Confidential Information.Each party will protect the other’s Confidential Information from unauthorized use, access or disclosure in the same manner as it protects its own Confidential Information, but with no less than reasonable care. Each party may use the other’s Confidential Information solely to exercise rights and fulfill obligations under this Agreement and will disclose such Confidential Information (i) solely to the employees and/or non-employee service providers and contractors who have a need to know such Confidential Information and who are bound to maintain the confidentiality of, and not misuse, such Confidential Information; (ii) as necessary to comply with any applicable law, regulation, order, or subpoena. Each party may disclose the other party’s Confidential Information when required by law but only after it, if legally permissible, uses commercially reasonable efforts to notify the other party and gives the other party the chance to challenge the disclosure.

b. Security. DomainTools employs and will maintain appropriate technical and organizational measures to safeguard the Services, Services Data, and any Customer Confidential Information.

6. Compliance with Laws

a. Compliance with laws. DomainTools will comply with all applicable laws related to the provision of the Services and Customer will comply with all applicable laws related to its use of the Services and any Services Data. In no event shall any advice, suggestion or component of the Services provided by DomainTools be deemed to constitute legal advice. DomainTools is not responsible for compliance with any laws or regulations applicable to Customer or Customer’s industry that are not generally applicable to online services providers.

b. Independent controllers. Where subject to the General Data Protection Regulation or the United Kingdom data protection laws, each party (i) is an independent controller of any personal data in the Services Data and of any employee (or other Customer agent) personal data Customer provides to DomainTools related to obtaining Services, (ii) will individually determine the purposes and means of processing such data; and (iii) will comply with the obligations applicable to it under privacy laws regarding the processing of such data. Either party may transfer such personal data outside of the United Kingdom, the European Union or the European Economic Area only if the party complies with the provisions on the transfer of personal data to third countries under applicable privacy law.  In addition, if Customer is subject to the General Data Protection Regulation, the Standard Contractual Clauses (including the International Data Transfer Addendum to Standard Contractual Clauses for the United Kingdom) available at are hereby incorporated into this Agreement and shall apply where there is transfer of personal data between the parties to a country or territory that does not ensure an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data as determined by the European Commission. Customer address and Customer’s contact person for purpose of the Standard Contractual Clauses shall be as set forth in the Service Order.  In addition, where applicable, Customer shall identify, in the Service Order, its data protection officer and/or its representative in the European Union.

c. Processor. If, as part of a Query, Customer provides personal data of any third party to DomainTools in order to obtain Services, Customer is a controller of said personal data and DomainTools is a processor. DomainTools will not process said personal data other than on and according to Customer’s documented instructions and will not process said personal data for any other purpose, unless required by applicable law. DomainTools will not sell said personal data; retain, use, or disclose said personal data for a commercial purpose; or retain, use, or disclose said personal data outside of the direct business relationship between DomainTools and Customer. For clarity, Customer’s instructions are to provide Services, which including processing personal data for which DomainTools is a controller, but DomainTools must receive certain personal data from Customer as a processor in order to provide the Services. DomainTools may continue to process the same personal data as a controller that it separately receives from Customer as a processor.

d. Standard Contractual Clauses. The following Standard Contractual Clauses (including the International Data Transfer Addendum to Standard Contractual Clauses for the United Kingdom) are incorporated into this Agreement and shall apply to any transfer of personal data that would be prohibited by data protection laws without the parties agreement to them:

i. For personal data in the Services Data, the Standard Contractual Clauses available at www.domaintools.com/company/standard-contractual-clauses-services-data

ii. For personal data of Customer’s employees or agents, the Standard Contractual Clauses available at www.domaintools.com/company/standard-contractual-clauses-customer-employees-agents

iii. For personal data in Customer Queries, the Standard Contractual Clauses available at www.domaintools.com/company/standard-contractual-clauses-customer-queries (or other Customer agent)

Customer address and Customer’s contact person for purpose of these Standard Contractual Clauses shall be as set forth in the Service Order.  In addition, where applicable, Customer shall identify, in the Service Order, its data protection officer and/or its representative in the European Union.

e. Privacy Notice. The Privacy Notice available at www.domaintools.com/about/privacy-policy, provides additional information regarding processing of personal data by DomainTools.

f. Trade compliance. Each party will comply with all applicable import, sanctions, anti-boycott, and export control laws, including the U.S. Export Administration Regulations, the International Traffic in Arms Regulations, and end-user, end-use, and destination restrictions issued by the United States and other governments.

7. Term, Suspension, and Termination

a. Term. The applicable Service Order will specify the initial term of each Subscription. Unless otherwise set forth in the Service Order, upon expiration of the then-current term, a Subscription will automatically renew for an additional one-year term unless either party has given the other party written notice of non-renewal at least sixty (60) days prior to expiration (such renewal terms together with the initial term, the “Term”). Subscription fees applicable to any renewal term shall increase by a minimum five percent (5%) from the preceding year.  Unless otherwise agreed in writing by both parties, the Agreement will expire if, for a period of sixty (60) days, there is no valid and existing Service Order that incorporates its terms.

b. Suspension. A violation of Section 2(b) or (c) of this Agreement, or the failure to timely pay for Services when due, may result in a suspension of the Services.  Unless DomainTools believes an immediate suspension is required due to the nature, severity, or impact of the actions involved, DomainTools will provide reasonable notice before suspending a Service.

c. Termination.

i. Subscription. Either party may terminate a Subscription if the other party is in material breach (of this Agreement or any other agreement between the parties) and fails to cure that breach within thirty (30) days after receipt of written notice.  If the breach is not capable of being cured within thirty (30) days, the non-breaching party may terminate the Subscription immediately upon written notice. A breach of any Subscription that incorporates this Agreement will constitute a breach of all other Subscriptions that incorporate this Agreement.

ii. Agreement. A party terminating a Subscription for cause may concurrently terminate this Agreement.

iii. Effect of termination. Upon the expiration or termination of a Subscription, Customer’s right to access and use the applicable Services will end unless the parties enter into a new Service Order for the Services.  If DomainTools terminates a Subscription for Customer’s uncured material breach, all unpaid fees related to the terminated Subscription will be immediately due and payable and all rights granted thereunder will immediately terminate. If Customer terminates a Subscription for DomainTools’ uncured material breach, Customer, or Customer’s reseller as applicable, will be entitled to a pro-rata refund of any fees that it prepaid for the terminated portion of the applicable Term.

8. Indemnity

a. By DomainTools. DomainTools will defend Customer against any claims made by a third party that a Service infringes that third party’s patent, copyright, or trademark, or makes unlawful use of its trade secret. In the event an infringement allegation impacts Customer’s ability to access or use the Services, DomainTools will (i) obtain the right for Customer to keep using the impacted Service; or (ii) modify or replace the impacted Service with a functional equivalent. If these options are not commercially reasonable, DomainTools may terminate Customer’s Subscription and issue Customer, or Customer’s reseller as applicable, a pro-rata refund of any fees that it prepaid for the terminated portion of the applicable Term.

b. By Customer. Customer will defend DomainTools against any claims made by a third party that arise from Customer’s violation of Sections 2(b) – (e) of this Agreement.

c. Obligations. Each party must notify the other promptly of a claim under this Section 8. The party seeking protection must give the other sole control over the defense and settlement of the claim and give reasonable help in defending the claim. The party providing the protection will reimburse the other for the reasonable out-of-pocket expenses that it incurs in giving that help and pay the amount of any resulting adverse final judgment or settlement.

9. Limitation of Liability

a. Limitation of Liability. The aggregate liability of each party for all claims under a Subscription is limited to the amount paid by Customer for such Subscription during the twelve (12) months prior to the first event giving rise to such liability.


c. Exceptions. The limits of liability in this section do not apply to violations of the parties’ confidentiality obligations under Section 5 or the parties’ indemnification obligations under Section 8.


10. Miscellaneous

a. Notices. All notices must be in writing and addressed, if to Customer, using the contact information provided in the Service Order, and if to DomainTools, at 2101 4th Avenue, Suite 1720, Seattle WA, 98121, Attn: Legal Department, or by email to [email protected]. Notice may be given by email, registered mail or by a recognized overnight courier and will be treated as delivered on the date the date shown on a return receipt or courier confirmation of delivery or confirmation of email receipt.

b. Assignment. Neither party may assign any part of this Agreement without the written consent of the other, except that either party may assign this Agreement to an affiliate or in connection with a merger or acquisition of all or substantially all of the assets of the assigning company by providing the non-assigning party with prompt written notice. Any other attempt to assign is void.

c. Force Majeure. Neither party will be liable for a failure or delay in performance due to causes beyond that party’s reasonable control, such as an act of nature, war, terrorism, or sabotage; an electrical, internet, or telecommunication outage; or acts of regulatory or governmental bodies.

d. Audit. DomainTools may, on reasonable written notice (which shall not be less than five (5) business days), during reasonable business hours, and subject to any reasonable additional obligations of confidentiality that Customer may impose, and not more than once in any twelve (12) month period, conduct an audit to verify that Customer complies with the terms of this Agreement and in particular in relation to use, access and storage of Services Data. Customer will fully cooperate with such audit.

e. No Agency. This Agreement does not create any agency, partnership, or joint venture between the parties.

f. No Waiver. Failure to enforce any provision of this agreement will not constitute a waiver. Nothing in this Agreement will limit a party’s ability to seek equitable relief.

g. Severability. If any term of this Agreement is held invalid, illegal, or unenforceable, the rest of the Agreement remains in effect.

h. No Third-Party Beneficiaries. There are no third-party beneficiaries to this agreement.

i. Governing Law and Venue. This agreement is governed by Washington law, without regard to its conflict of laws principles. Any action to enforce this agreement must be brought in the State of Washington. This choice of jurisdiction does not prevent either party from seeking injunctive relief in any appropriate jurisdiction with respect to violation of intellectual property rights.

End of Agreement.