Skip to main content

Ground Labs Professional Services

Terms and conditions of service

Group 1171276127

Reviewed: 7 July 2026

This page outlines the terms that apply when engaging Ground Labs’ Professional Services, including project scope, delivery, customer responsibilities, fees, and acceptance criteria. It also covers key commercial and legal terms related to service delivery. This summary is provided for convenience only and does not replace the full agreement below.

1. Purpose

These Professional Services Terms and Conditions of Service (“Service Terms”) describe service-specific delivery terms for Ground Labs Professional Services.

These Service Terms apply to any SOW that references them.

These Service Terms are intended to supplement, and not duplicate, the Professional Services Addendum. The Addendum contains the legal, commercial, partner resale, payment, liability, data protection, acceptance, reliance, confidentiality, intellectual property and termination terms that apply to all Professional Services.

2. Shadow Engineering Support

Shadow Engineering Support is delivered in an advisory, coaching and knowledge-transfer capacity.

Ground Labs may observe Service Recipient-led implementation activity, provide guidance and recommend approaches relating to the Service Recipient’s deployment of Ground Labs’ software including architecture, configuration, scan planning, performance considerations and operational handover.

The Service Recipient performs all hands-on implementation, configuration, deployment, scan-planning, scan execution, reporting, troubleshooting and operational activities.

For Shadow Engineering Support, any screen sharing must be controlled by the Service Recipient. Ground Labs will not request or accept direct access, login credentials, keyboard control, mouse control or administrative access.

Ground Labs does not require access to premises, networks, infrastructure, Service Recipient’s deployment of Ground Labs’ software, cloud environments or production systems. The Service Recipient maintains operational control over deployment of Ground Labs’ software, infrastructure, credentials, configuration, scan execution, data environment and production systems.

Shadow Engineering Support activities may include architecture and topology review, deployment shadowing, configuration mentoring, scan-planning guidance, knowledge transfer and operational handover, only to the extent included in the SOW.

3. Technical Enablement Services

Technical Enablement Services are delivered as a remote technical Professional Services engagement.

Ground Labs may create, customize, validate or document approved technical enablement assets, including scripts, general patterns, custom data discovery patterns, exclusion rules, scan profile settings, configuration materials, usage notes and handover materials.

Ground Labs may perform only the technical activities approved in the applicable SOW. Ground Labs will not create, customize, validate, deploy, load, execute or modify scripts, patterns, rules, scan profiles or configuration materials outside the approved scope without written approval.

The Service Recipient must provide the technical objectives, requirements, approved examples, redacted samples, test data, solution outputs, existing scripts, pattern requirements, validation criteria and other inputs required for Ground Labs to deliver the approved scope.

Unless expressly stated otherwise in the SOW, the Service Recipient is responsible for deploying, testing, approving, maintaining, monitoring and operating any technical enablement assets provided by Ground Labs.

Technical enablement assets are point-in-time deliverables based on the approved requirements, available inputs, product capabilities and stated assumptions. They are not product features, product warranties, managed services, support commitments or ongoing maintenance commitments.

4. Data Intelligence and Analysis Services

Data Intelligence and Analysis Services are delivered as remote execution-and-analysis engagements using the Service Recipient’s existing deployment of Ground Labs’ software.

Data Intelligence and Analysis Services may cover AI readiness assessment, quantum resilience assessment or other agreed data-risk assessment, only to the extent included in the SOW.

Ground Labs may operate the Service Recipient’s deployment of Ground Labs’ software only for the limited purpose of configuring approved scans, running approved scans, reviewing approved results, generating approved reports, preparing agreed findings and recommendations and, where expressly approved, completing approved remediation tasks through Service Recipient’s deployment of Ground Labs’ software.

Ground Labs may perform only the scan activity and remediation activity approved for the engagement.

Ground Labs will not scan targets, search data types, use credentials, export results, review match samples, prepare reports or perform remediation tasks outside the approved scope without written approval.

Raw scan results and raw match data will remain in the Service Recipient’s environment by default.

Ground Labs will not export reports, screenshots, raw match data, evidence packs or findings unless expressly approved by the Customer or, for Partner resale engagements, by the Partner and End Customer.

Approved remediation tasks, if any, must be documented in the SOW, scan matrix or other approved project record. The Service Recipient must approve the remediation task and provide evidence of its internal change approval in a format Ground Labs can retain before Ground Labs performs the task.

Ground Labs will perform approved remediation tasks only through Service Recipient’s deployment of Ground Labs’ software and will not perform remediation directly in the Service Recipient's underlying systems, repositories, databases, storage, network controls, IAM permissions, retention settings, production infrastructure or other non-Ground Labs systems.

Before a Data Intelligence and Analysis Service begins, the contracting customer must ensure that Ground Labs’ software is installed, operational and appropriately licensed; required scan infrastructure and access paths are available; approved scan targets, approved data types and approved scan windows have been confirmed; credential sets are available where applicable; export approvals are documented where applicable; remediation approvals and retainable change approval evidence are documented where applicable; and required data-processing terms are in place where applicable.

5. Advisory Services

Advisory Services are delivered in a workshop-led advisory capacity.

Ground Labs may facilitate stakeholder workshops, review Customer-provided, Partner-provided or End Customer-provided information, identify risks, maturity gaps and planning considerations, develop advisory findings and recommend next steps.

Advisory Services may cover AI readiness, quantum resilience, data security posture management, compliance and governance or other agreed data-risk topics, only to the extent included in the SOW.

Ground Labs will not access the Service Recipient’s digital environment or premises as part of Advisory Services.

TO THE GROUND LABS PRODUCT END USER LICENSE AGREEMENTS

1. Scope and application

This Professional Services Addendum (“Addendum”) applies to Professional Services ordered from Ground Labs under a signed quote, order, Statement of Work or service schedule (“SOW”).

This Addendum applies to both direct customer engagements and partner resale engagements.

For direct customer engagements, the customer identified in the SOW is the contracting customer and the service recipient.

For partner resale engagements, the reseller, channel partner, managed service provider, systems integrator, consultant or other partner identified in the SOW (“Partner”) is the contracting customer. The end customer identified in the SOW (“End Customer”) is the service recipient.

This Addendum is accepted when the contracting customer signs a SOW, quote or order that references this Addendum.

2. Document structure and precedence

Professional Services are governed by the following documents:

Document

Purpose

Statement of Work (SOW)

Deal-specific service description, approved scope, delivery details, deliverables, pricing and commercial details.

Professional Services Addendum

Legal, commercial and operational terms for all Professional Services.

Professional Services Terms and Conditions

Service-specific delivery terms for each Professional Services offering.

Software Terms (EULA)

Customer software use, license limits, product terms and subscription terms.

Technical Support Service Terms

Technical support service terms, where applicable.


If there is a conflict between the Ground Labs Product EULAs or other Software Terms and this Addendum in relation to Professional Services, this Addendum controls for Professional Services.

If there is a conflict between this Addendum and the Professional Services Terms and Conditions of Service, this Addendum controls for legal, commercial, liability, data protection, payment, reliance, warranty, indemnity, confidentiality and termination matters.

If there is a conflict between this Addendum and a SOW, the SOW controls only for deal-specific scope, deliverables, timing, pricing, contacts and approved project details. No SOW will expand Ground Labs’ liability, warranties, indemnities, service commitments, support obligations, software license rights, remediation obligations, compliance commitments or legal responsibilities unless the SOW expressly states that it amends this Addendum and identifies the specific clause being amended.

A SOW may include remediation tasks only to the limited extent they are performed through Ground Labs’ data intelligence solutions and remain subject to the approval, change-control and liability provisions in this Addendum.

3. Relation to software terms and support

Professional Services are separate from Ground Labs’ software licensing, product subscriptions and technical support.

A SOW does not grant, amend, expand, transfer or extend any Ground Labs software license, product entitlement, support entitlement, target allowance, data allowance, node allowance, capacity allowance, subscription term or permitted use unless expressly stated in the SOW.

Customer use of all Ground Labs software remains governed by the applicable software license, EULA, subscription agreement and order.

Professional Services do not change support service levels, support response times or product warranties.

Any temporary specialist consultant license, consultant-specific access or consultant-specific feature access provided for a Professional Services engagement is temporary, non-transferable, revocable and provided only for the approved project duration and purpose. It does not grant, amend or expand the underlying software license. Any included licensing is for Ground Labs’ delivery of the Professional Services only and is subject to the same limits in this section.

4. Partner resale / End Customer delivery

This section applies only to partner resale engagements.

Where Ground Labs enters into a SOW with a Partner for Professional Services to be delivered to or for the benefit of an End Customer, the Partner is the contracting customer under this Addendum.

The Partner contracts directly with the End Customer under the Partner’s own agreement. Ground Labs is not a party to the Partner’s agreement with the End Customer unless Ground Labs signs a separate written agreement with the End Customer.

Ground Labs’ obligations under a Partner SOW are owed to the Partner only unless Ground Labs expressly agrees otherwise in writing.

The Partner is responsible for its agreement with the End Customer and for all end customer commercial arrangements, approvals, authorizations, access permissions, data-processing permissions, instructions, stakeholder coordination and payment obligations.

The Partner must not make any representation, warranty, commitment or service promise on behalf of Ground Labs, or that expands Ground Labs' obligations, liability, service scope, deliverables, support commitments, software license terms, remediation commitments or compliance commitments beyond those expressly stated in the SOW, this Addendum and the Professional Services Terms and Conditions of Service. For clarity, any remediation commitment is limited to approved remediation tasks performed through Ground Labs’ data intelligence solutions in accordance with this Addendum.

The Partner must not make any representation, warranty, commitment or service promise on behalf of Ground Labs, or that expands Ground Labs’ obligations, liability, service scope, deliverables, support commitments, software license terms, remediation obligations or compliance commitments beyond those expressly stated in the SOW, this Addendum and the Professional Services Terms and Conditions of Service.

The Partner is responsible for any commitment, warranty, representation or service promise it makes to the End Customer that is broader than the SOW.

By signing a Partner SOW, the Partner represents, warrants and undertakes that it has obtained all End Customer approvals, authorizations, instructions, access permissions, data permissions, security permissions and flow-down protections required for Ground Labs to deliver the Professional Services described in the SOW.

Ground Labs may rely on the Partner’s signature of the SOW as confirmation that required End Customer approvals, authorizations and flow-down protections are in place. Ground Labs is not required to obtain a separate authorization form, checklist, signature or written approval from the End Customer unless Ground Labs expressly requires it for a specific engagement.

Ground Labs may delay, suspend or decline delivery where any End Customer approval, authorization, access permission, data permission, data-processing arrangement, flow-down protection or delivery instruction is missing, incomplete, unclear, disputed or inconsistent with the SOW.

Deliverables may be shared with the End Customer identified in the SOW for internal business use only, provided the Partner does not remove or alter any scope statement, assumption, limitation, disclaimer, reliance restriction, advisory-only language, remediation approval language, technical artifact limitation or liability limitation language.

5. Customer and Service Recipient responsibilities

The contracting customer must ensure that the service recipient provides all information, access, personnel, approvals, systems, inputs and dependencies reasonably required for Ground Labs to deliver the Professional Services.

Unless expressly stated otherwise in the SOW, the service recipient is responsible for the general responsibilities in section 5.1 and the additional responsibilities applicable to the Professional Services offering identified in the SOW.

5.1 General responsibilities for Professional Services

  • defining the project objective, business driver, advisory objective, technical objective or scan objective before delivery begins;
  • providing appropriate business, technical, security, compliance, legal, risk, governance, AI, data or executive stakeholders;
  • providing relevant documentation, policies, process materials, architecture summaries, prior reports, solution outputs or other agreed inputs;
  • confirming the accuracy and completeness of information provided to Ground Labs;
  • maintaining applicable valid solution license(s) and ensuring use remains within applicable license limits;
  • approving scope, deliverables, workshops, reports, evidence packs, exports, technical artifacts and changes, as applicable;
  • confirming authority to access, scan, discuss or provide information about all systems, repositories, cloud services, SaaS platforms, databases, endpoints, file shares, data stores, business areas and data types included in scope;
  • provisioning, configuring and maintaining required infrastructure, systems, storage, network connectivity, access paths, firewall rules, routing, cloud access, SaaS access and third-party platform access;
  • creating, approving, managing, rotating and revoking credentials, secrets, service accounts, API keys, private keys, privileged accounts and authentication mechanisms;
  • coordinating any MSP, MSSP, outsourced IT provider, cloud provider, SaaS provider or other third party required for delivery;
  • making all legal, regulatory, compliance, operational, remediation, implementation and risk-acceptance decisions;
  • removing or disabling Ground Labs consultant access at closure where access has been provided.

5.2 Shadow Engineering Support responsibilities

This section applies only where the SOW is for Shadow Engineering Support.

  • assigning qualified technical personnel to perform all hands-on implementation, configuration, scan and operational activities of Ground Labs’ data intelligence solutions;
  • controlling all screen sharing during remote sessions;
  • providing architecture, topology, deployment, configuration and scan-planning information required for Ground Labs to provide guidance;
  • deciding whether, when and how to apply any guidance or recommendation provided by Ground Labs;
  • ensuring Ground Labs is not provided with direct system access, login credentials, keyboard control, mouse control or administrative access.

5.3 Technical Enablement Service responsibilities

This section applies only where the SOW is for Technical Enablement Services.

  • defining the approved technical objective, requirements, use case, expected technical outcome and validation criteria before delivery begins;
  • providing approved examples, redacted samples, test data, existing scripts, pattern requirements, false-positive examples, false-negative examples, solution outputs and other technical inputs reasonably required for Ground Labs to deliver the approved scope;
  • ensuring any data, samples or examples provided to Ground Labs are redacted, anonymized or synthetic unless the SOW expressly permits Ground Labs to receive or process personal data or raw sensitive data;
  • reviewing, testing and approving any scripts, general patterns, custom data discovery patterns, rules, exclusion rules, scan profile settings, configuration materials, usage notes, validation notes or other technical artifacts before production use;
  • confirming that any technical artifact is suitable for the service recipient’s solution deployment, data environment, operating practices and risk tolerance before production use;
  • deploying, operating, maintaining, monitoring and validating any technical artifact unless the applicable SOW expressly states otherwise;
  • managing version control, change control, production release, rollback planning and ongoing maintenance for technical artifacts used in the service recipient’s environment;
  • deciding whether, when and how to use, modify, retire or replace any technical artifact delivered by Ground Labs.

5.4 Data Intelligence and Analysis Service responsibilities

This section applies only where the SOW is for Data Intelligence and Analysis Service.

  • approving the project objective, approved targets, data types, exclusions, scan windows, credential sets, performance constraints, exports, reports and evidence packs;
  • providing and maintaining the solution deployment, Master Server, scan infrastructure, storage, network access and approved access paths as applicable and as required for delivery;
  • confirming authority to scan all approved targets and use all approved credential sets;
  • approving any review of scan results, match locations, match samples, screenshots, reports, evidence packs or other approved outputs;
  • approving any remediation task before Ground Labs performs it;
  • following internal change approval processes for any approved remediation task;
  • providing Ground Labs with evidence of internal change approval in a format Ground Labs can retain before Ground Labs performs any approved remediation task;
  • deciding whether, when and how to act on findings, reports, recommendations or remediation options.

5.5 Advisory Services responsibilities

This section applies only where the SOW is for Advisory Services.

  • defining the advisory focus area, business driver, key questions, intended outcomes and decision-support needs before delivery begins;
  • providing appropriate business, technical, security, compliance, legal, risk, governance, AI, data or executive stakeholders for workshops;
  • providing agreed policies, diagrams, process documents, architecture summaries, prior reports, solution outputs or other workshop materials;
  • ensuring materials provided to Ground Labs do not include personal data, raw sensitive data, credentials, secrets or production data unless expressly approved in the SOW;
  • reviewing advisory findings, roadmap options and recommended next steps and deciding whether, when and how to act.

5.6 Delays and incomplete prerequisites

Ground Labs is not responsible for delay, incomplete delivery, reduced findings, reduced value, technical artifact limitations or incomplete outcomes caused by unavailable stakeholders, incomplete information, missing materials, unclear objectives, missing approvals, unavailable infrastructure, insufficient permissions, failed credentials, unsupported systems, license limitations, third-party restrictions, service-provider throttling, access limitations, incomplete prerequisites, incomplete technical requirements, insufficient test data, missing validation criteria, Partner delay, Customer delay or End Customer delay.

6. Operational performance and service-specific controls

Ground Labs may provide technical expertise, advisory guidance, configuration support, scan execution, analysis, findings, recommendations, approved remediation tasks, workshops, briefings and deliverables only to the extent expressly included in the applicable SOW.

Ground Labs does not assume responsibility for the service recipient's environment, systems, data, infrastructure, security posture, implementation activities, remediation decisions, legal decisions, compliance decisions, operational decisions or risk acceptance.

Ground Labs may identify, discuss or recommend possible customer actions. The service recipient remains solely responsible for deciding whether, when and how to act, including whether to approve any remediation task.

6.1 Operation of and approved remediation via Ground Labs’ data intelligence solutions

This section applies only where the SOW is for Data Intelligence and Analysis Services.

The consultant may access or operate the Service Recipient’s deployment of Ground Labs’ software for the limited purposes expressly included in the SOW. Ground Labs will not operate the service recipient’s underlying systems, repositories, databases, storage, network controls, IAM permissions, retention settings, production infrastructure or other non-Ground Labs systems.

Ground Labs may perform remediation tasks only where the task is expressly included in the SOW, scan matrix or other approved project record; the service recipient has approved the task; and Ground Labs has received evidence of the service recipient's internal change approval in a format Ground Labs can retain.

Ground Labs will perform approved remediation tasks only through the Service Recipient’s deployment of Ground Labs’ software platform. Ground Labs will not perform remediation directly in the service recipient's underlying systems, repositories, databases, storage, network controls, IAM permissions, retention settings, production infrastructure or other non-Ground Labs systems.

The service recipient is responsible for all consequences of approved remediation tasks, including data loss, data unavailability, workflow impact, business interruption, access issues, audit findings, compliance outcomes, remediation outcomes, false positives, false negatives and downstream operational effects. Ground Labs accepts no liability for any consequences related to completion of approved remediation tasks.

6.2 Technical artifacts

This section applies only where the SOW includes Technical Enablement Services or another approved deliverable involving technical enablement assets.

Ground Labs may create, customize, validate or document scripts, general patterns, custom data discovery patterns, exclusion rules, scan profile settings, configuration materials and related technical enablement assets only to the extent expressly included in the applicable SOW.

Technical enablement assets are provided for use with the service recipient’s licensed Ground Labs software deployment and do not constitute product features, product support commitments, managed services, ongoing maintenance services, product warranties or regulatory compliance commitments.

7. Consultant access and security

This section applies only where consultant access is permitted by a SOW.

The service recipient will provision a named, least-privilege account or approved access method for the duration of the engagement.

Access must not be granted beyond what is necessary for delivery of the services defined in the SOW.

Unless expressly approved in writing, the consultant account must not include administrative or privileged access to systems other than the service recipient’s Ground Labs software deployment.

The service recipient may monitor Ground Labs account activity, which must be attributable to the named consultant account or approved access method.

The service recipient must not provide Ground Labs with passwords, private keys, secrets, API keys, cryptographic keys, privileged credentials or shared administrator credentials outside an approved access method.

If credentials, secrets or privileged access are inadvertently disclosed to Ground Labs, the service recipient remains responsible for rotation, revocation and related security actions.

Ground Labs may delay, suspend or decline delivery where access rights, authority to scan, credential approval, export approval, data-processing role, lawful basis, transfer mechanism, Customer authorization or End Customer authorization is missing, incomplete or unclear.

8. Data handling and approved exports

Ground Labs will use reasonable efforts to minimize exposure to raw match data, personal data, payment card data, credentials, secrets, incident data and other sensitive information.

Ground Labs will handle Customer, Partner and End Customer information in accordance with the applicable SOW, this Addendum and agreed data-handling requirements.

9. Short-form data processing terms

Where Ground Labs processes personal data on behalf of the Customer or End Customer under this Addendum, the Customer or End Customer remains the data controller and Ground Labs is the data processor unless a separate signed data processing agreement states otherwise.

The Customer, Partner or End Customer, as applicable, is responsible for lawful basis, notices, consents, Data Privacy Impact Assessments, data-subject communications, legal decisions and regulator communications.

Ground Labs will ensure personnel authorized to process personal data are subject to confidentiality obligations and will use appropriate technical and organizational measures for personal data in Ground Labs-controlled systems.

If personal data may be accessed from outside the Customer or End Customer jurisdiction, the parties will identify locations and agree acceptable transfer mechanisms before access.

Ground Labs will notify the contracting customer without undue delay after becoming aware of a personal data breach affecting personal data processed by Ground Labs under the SOW.

Taking into account the nature of processing, Ground Labs will provide reasonable assistance for data-subject requests, security obligations, Data Privacy Impact Assessments and regulator consultation where required by applicable law and related to Ground Labs processing under the SOW.

At closure, Ground Labs will delete or return personal data in approved exports and working files as agreed, except for copies retained in backups, legal records or ordinary business records protected from active use.

Ground Labs will make available information reasonably necessary to demonstrate compliance with these data processing terms. Any audit must be reasonable, confidential, limited to relevant processing within scope of the SOW and must not compromise other customers, security, confidential information or systems.

For Partner resale engagements, the Partner must ensure that an appropriate data-processing arrangement is in place before processing begins. Ground Labs may delay, suspend or decline delivery where the data-processing role, authority, transfer mechanism, access approval or End Customer authorization is missing, incomplete or unclear.

10. Deliverables and acceptance criteria

Deliverables are advisory, technical or point-in-time outputs based on the SOW, Customer-provided, Partner-provided or End Customer-provided information, approved scans, approved targets, approved data types, approved technical requirements, available credentials, product capabilities, available materials and stated assumptions.

Deliverables may include reports, findings, recommendations, scripts, patterns, rules, configuration materials, validation notes, handover materials or other outputs expressly stated in the applicable SOW.

Services are accepted when Ground Labs delivers the activities and deliverables described in the SOW, unless the contracting customer gives written notice within ten (10) business days identifying a material non-conformity with the SOW.

For clarity, the customer may not withhold, delay or condition acceptance on any matter outside of the SOW, including any of the following:

  1. completion of Customer or End Customer deployment
  2. successful scans
  3. discovery of a specific data type
  4. completeness outside approved scope
  5. absence of false positives or false negatives
  6. implementation of recommendations
  7. technical artifact performance, compatibility or production use
  8. achievement of compliance outcomes
  9. PCI DSS compliance
  10. AI readiness
  11. quantum resilience
  12. risk reduction
  13. remediation outcomes
  14. acceptance by any auditor, regulator, insurer, payment brand, acquirer, customer or other third party
  15. any activity outside Ground Labs’ obligations in the SOW

Deliverables are for the internal business use of the service recipient identified in the SOW only.

For Partner resale engagements, the Partner is responsible for obtaining any End Customer feedback required under the Partner’s own agreement with the End Customer.

11. Service limitations

Ground Labs provides technical, operational and advisory findings only.

Ground Labs does not provide legal advice, regulatory advice, compliance certification, audit certification, forensic certification, formal attestation, cyber assurance, breach investigation, expert witness services or regulator-facing legal conclusions.

Ground Labs does not guarantee that data discovery scanning will identify all sensitive data within the service recipient’s environment or global infrastructure.

Ground Labs does not guarantee absence of false positives, absence of false negatives, regulatory compliance, PCI DSS compliance, AI readiness, quantum resilience, future-proofing, threat immunity, audit outcomes, remediation outcomes, risk reduction, third-party acceptance or immunity from legal, regulatory or security events.

Ground Labs does not guarantee that any script, pattern, rule, scan profile setting, configuration material or other technical artifact will identify all relevant data, avoid all false positives or false negatives, remain compatible with all environments or future software versions, achieve any specific performance result, satisfy any legal or regulatory requirement or be accepted by any third party.

Approved remediation tasks do not create any guarantee of remediation effectiveness, regulatory compliance, risk reduction, security improvement, operational outcome or third-party acceptance.

The Customer, Partner and End Customer remain responsible for their own data security, risk management, legal compliance, regulatory compliance, operational decisions and risk acceptance.

12. Fees, expenses, delays and cancellations

The contracting customer will pay the fees stated in the applicable quote, order or SOW.

Fees are exclusive of taxes and expenses unless stated otherwise.

Professional Services are provided as fixed-fee prepaid packages unless otherwise stated in the SOW. The fixed package fee covers only the scope, activities and deliverables expressly stated in the SOW. Additional work requires prior written approval and may be subject to additional fees.

The Professional Services fee for Data Intelligence and Analysis services includes the temporary Ground Labs consultant or product licensing required for Ground Labs to deliver the approved services under this SOW.

Unless stated otherwise in the SOW:

  1. the full package fee is due before Services commence
  2. Ground Labs is not required to begin delivery until payment has been received
  3. any consultant software licensing is granted for delivery of Professional Services only
  4. unused time, unused sessions, unused workshops or unused activities are not refundable
  5. the package fee is exclusive of taxes
  6. travel, accommodation and out-of-pocket expenses are excluded unless expressly included

For direct sale engagements, Ground Labs will invoice the Customer for the full fixed package fee on acceptance of the quote, order or SOW.

For Partner resale engagements, Ground Labs will invoice the Partner for the full fixed package fee on acceptance of the quote, order or SOW. The Partner’s payment obligation is not conditional on payment by the End Customer.

The contracting customer is responsible for completing any purchase order, vendor onboarding, procurement approval or internal payment process in time to meet payment requirements. Delay in issuing a purchase order or completing internal approvals does not change the payment obligation.

Ground Labs may delay, reschedule or suspend delivery if payment has not been received before the scheduled start date.

The contracting customer must notify Ground Labs of any good-faith invoice dispute within ten (10) business days of the invoice date. The notice must identify the disputed amount and explain the reason for the dispute. Any undisputed amount remains payable by the due date. If the contracting customer does not dispute an invoice within the required period, the invoice will be deemed accepted.

If customer delay, Partner delay, End Customer delay, missing prerequisites, unavailable stakeholders, unavailable infrastructure, failed credentials, unavailable third parties or missing approvals prevent delivery, Ground Labs may reschedule and charge for additional effort or reserved time as stated in the SOW.

Unless stated otherwise in the SOW, prepaid or fixed-fee Professional Services expire ninety (90) days after the scheduled start date if the service recipient is not ready to proceed.

13. Out-of-scope work and change control

Out-of-scope work may include additional workshops, additional training sessions, additional advisory focus areas, additional stakeholder groups, additional targets, additional scans, additional data types, additional analysis, additional report versions, additional recipients, additional technical artifacts, additional validation cycles, expedited delivery, onsite delivery, implementation support, direct product operation, remediation tasks not expressly approved in accordance with this Addendum, remediation outside the Service Recipient’s deployment of Ground Labs’ software, legal advice, compliance certification, managed services or technical operation of Customer or End Customer systems.

Ground Labs is not required to perform out-of-scope work without an amended quote, change order or written scope amendment.

Any change to objectives, advisory focus area, key questions, topics, workshops, sessions, participants, targets, exclusions, data types, scan windows, access rights, credential sets, exports, report recipients, deliverables, delivery timetable, assumptions or scope must be approved in writing.

For Partner resale engagements, any change must be approved in writing by Ground Labs and the Partner. Where the change affects the End Customer’s environment, data, obligations, approvals or delivery expectations, the Partner must obtain End Customer approval before Ground Labs performs the changed work.

14. Intellectual property

All tools, scanning methodologies, custom patterns, exclusion rule sets, configuration scripts, templates, know-how, methods and technical approaches developed or utilized by Ground Labs in the course of performing the Professional Services remain the sole and exclusive intellectual property of Ground Labs.

Subject to payment, the service recipient is granted a limited, non-exclusive, internal-use license to use finalized reports, findings, scripts, patterns, rules, configuration materials, validation notes, handover materials and other deliverables provided in the course of the engagement, solely for internal use with the service recipient’s licensed Ground Labs software deployment.

Customer, Partner and End Customer retain ownership of their pre-existing data, documents and materials provided to Ground Labs. No rights are granted except as expressly stated in the SOW or this Addendum.

15. Confidentiality and publicity

Each party will protect the other's confidential information using reasonable care.

Neither party may issue public statements or case studies naming the other without prior written approval, except as required by law.

Ground Labs may identify the service recipient by company name or logo only in online materials, printed materials or other promotional activities. The identified party may opt out at any time by providing written notice to Ground Labs.

16. Non- solicitation of personnel

During the term of a SOW and for twelve (12) months after its completion or termination, the contracting customer shall not, directly or indirectly, solicit for employment or engagement any Ground Labs personnel involved in the performance of the Professional Services, without Ground Labs’ prior written consent. This restriction does not apply to personnel who respond to general public job advertisements not specifically targeted at such personnel. For Partner resale engagements, the Partner is responsible for ensuring the End Customer does not solicit such personnel, and any solicitation by the End Customer will be treated as solicitation by the Partner.

17. Liability and indemnity

Customer explicitly acknowledges that the software licenses granted under the EULA and the Professional Services delivered under this Addendum are distinct financial and legal engagements.

Any liability arising out of or related to the delivery of Professional Services under a SOW will be strictly capped at the fees paid by the contracting customer under that SOW and will not trigger or aggregate with the liability caps established for the software licensing components under the EULA.

Ground Labs is not liable for Customer-executed, Partner-executed or End Customer-executed deployment, configuration, scanning, reporting, remediation, implementation, production changes, legal decisions, compliance decisions or risk acceptance.

Ground Labs is not liable for Customer-executed, Partner-executed or End Customer-executed deployment, use, modification, validation failure, maintenance failure or production operation of scripts, patterns, rules, scan profile settings, configuration materials or other technical artifacts delivered under a SOW.

Ground Labs also accepts no liability for consequences related to approved remediation tasks performed by Ground Labs through the Service Recipient’s deployment of Ground Labs’ software at the direction or approval of the service recipient.

The contracting customer will defend and indemnify Ground Labs against third-party claims arising from lack of authority to scan or provide access, unlawful instructions, third-party platform terms breached by authorized scanning, customer remediation, customer implementation, approved remediation tasks, failure to obtain or follow required internal change approvals, or disclosure of credentials or secrets contrary to the SOW, this Addendum or the Professional Services Terms and Conditions of Service.

The contracting customer will defend and indemnify Ground Labs against third-party claims arising from deployment, use, modification, maintenance or production operation of scripts, patterns, rules, scan profile settings, configuration materials or other technical artifacts, except to the extent caused by Ground Labs’ breach of the applicable SOW.

For Partner resale engagements, the Partner’s indemnity includes third-party claims brought by or on behalf of an End Customer arising from Partner commitments, Partner misrepresentation, missing End Customer authorization, insufficient flow-down terms, unlawful instructions, unauthorized access, unauthorized scanning, disputed approvals, approved remediation tasks, failure to obtain or follow required End Customer internal change approvals, End Customer remediation, End Customer implementation, End Customer credential disclosure, End Customer use or modification of technical artifacts, or Partner failure to obtain required data-processing permissions.

18. Stop-clause and service termination

Ground Labs may pause, suspend or decline services if it reasonably believes continuing would require unauthorized access, unauthorized scanning, unauthorized or unapproved remediation, remediation outside the Service Recipient’s deployment of Ground Labs’ software, remediation without retainable evidence of required change approval, implementation, data-impacting activity outside the approved scope, access to unexpectedly sensitive data, breach of law, breach of license terms, unsafe scan conditions, excessive operational risk, sanctions or export-control concerns or work outside scope.

Either party may terminate a SOW for material breach not cured within thirty (30) days after written notice.

The contracting customer will pay for services performed and non-cancellable commitments incurred up to termination.