End User License Agreement

1. Parties and Relationship

1.1 AnansiTraps Ltd.

AnansiTraps Ltd. is a cybersecurity company headquartered in Nairobi, Kenya, specializing in active cyber deception technology. AnansiTraps develops, maintains, and distributes software designed to detect, engage, and neutralize unauthorized actors within enterprise, government, and financial institution infrastructure through the strategic deployment of deception assets including honeypots, decoys, lures, and breadcrumbs.

1.2 End User

You are the individual or organizational entity that has obtained the Software through authorized channels, including AnansiTraps' official website, authorized resellers, enterprise procurement agreements, managed security service arrangements, or authorized download portals.

1.3 Relationship to Other Agreements

This EULA governs your use of the Software specifically. If you or your organization has also executed an AnansiTraps Terms and Conditions agreement, Order Form, Data Processing Agreement, or Service Level Agreement, those documents govern the broader commercial and legal relationship between the parties. In the event of a conflict between this EULA and those agreements with respect to Software usage, this EULA governs. In all other respects, the Terms and Conditions take precedence.

1.4 Acceptance

Your acceptance of this EULA occurs at the earliest of the following:

• Clicking "I Agree," "Accept," or equivalent during Software installation or activation
• Downloading the Software or any component thereof
• Installing the Software on any device or infrastructure
• Activating a license key or authentication credential associated with the Software
• Deploying any Software agent, executable, or Platform component within your infrastructure

2. Definitions

For the purposes of this EULA, the following terms have the meanings set out below:

• "Software" means all AnansiTraps software products, components, agents, executables, libraries, APIs, SDKs, configuration files, scripts, and associated documentation licensed under this EULA, including but not limited to: AnansiTraps Endpoint Sensor (AES), CloudAegis Sentinel (CS), ZeroWeb Defense Sensor (ZDS), AnansiTraps Management Console, and all associated platform agents, collectors, and connectors.
• "Agent" means any AnansiTraps software component installed on a device, server, virtual machine, container, or cloud instance that operates locally to collect telemetry, deploy deception assets, monitor network activity, or communicate with the AnansiTraps backend.
• "Deception Assets" means honeypots, decoys, fake credentials, lures, breadcrumbs, and other deceptive infrastructure elements deployed by the Software within your environment.
• "Telemetry Data" means technical data, logs, behavioral signals, network activity indicators, attacker interaction records, and system performance metrics collected by Agents and transmitted to AnansiTraps' backend infrastructure.
• "Backend Services" means AnansiTraps' server-side infrastructure, cloud services, APIs, and management platform to which the Software connects to transmit Telemetry Data, receive configuration updates, and enable platform functionality.
• "Licensed Environment" means the specific infrastructure, network, endpoints, cloud accounts, and systems within which you are authorized to deploy the Software, as defined in your Order Form or activation credentials.
• "Authorized Deployment" means deployment of the Software within the Licensed Environment on infrastructure that you own or for which you have explicit written authorization from the infrastructure owner to deploy monitoring and deception software.
• "Update" means any patch, bug fix, minor version update, or security update to the Software provided by AnansiTraps during the License Term.
• "Upgrade" means a major version release of the Software that may include new features, architectural changes, or revised system requirements.
• "License Term" means the period during which you are licensed to use the Software, as specified in your Order Form, activation credentials, or subscription agreement.
• "Documentation" means technical guides, deployment manuals, API references, configuration instructions, and other materials provided by AnansiTraps in connection with the Software.
• "Intellectual Property Rights" means all patents, copyrights, trademarks, trade secrets, database rights, moral rights, and all other intellectual property rights, whether registered or unregistered, in any jurisdiction worldwide.
• "Malicious Code" means viruses, worms, ransomware, trojans, spyware, logic bombs, backdoors, or any other code designed to cause unauthorized access, damage, disruption, or destruction.
• "Sensitive Environment" means critical national infrastructure, healthcare systems, emergency services, financial market infrastructure, nuclear facilities, aviation systems, or any environment where Software malfunction could result in risk to life, national security, or systemic financial harm.

3. License Grant

3.1 Grant of License

Subject to your compliance with this EULA, timely payment of all applicable fees, and the terms of any applicable Order Form, AnansiTraps grants you a:

• Limited — restricted to the scope expressly defined herein
• Non-exclusive — AnansiTraps may license the Software to others
• Non-transferable — you may not assign or transfer this license
• Non-sublicensable — you may not grant sublicenses to third parties
• Revocable — AnansiTraps may terminate this license as provided herein

license to install, deploy, and use the Software solely within your Licensed Environment, solely for your internal cybersecurity operations, and solely during the License Term.

3.2 MSSP License

Where you are an authorized Managed Security Service Provider (MSSP), AnansiTraps may grant you an extended license to deploy the Software within the infrastructure of your end clients, subject to:

• A separate written MSSP authorization agreement executed with AnansiTraps
• Obtaining explicit written authorization from each end client prior to deployment
• Ensuring each end client's deployment complies with this EULA
• Maintaining records of end client authorizations and providing copies to AnansiTraps upon request
• Assuming full responsibility for end client compliance with this EULA

3.3 Multiple Deployments

Where your Order Form specifies a deployment limit (by number of endpoints, nodes, cloud instances, or network segments), you may not exceed that limit without obtaining an expanded license from AnansiTraps. Exceeding deployment limits constitutes a material breach of this EULA.

3.4 Documentation License

AnansiTraps grants you a limited, non-exclusive license to use Documentation solely in connection with your authorized use of the Software.

3.5 Trial License

Where you access the Software under a Free Trial, your license is further limited to the trial scope, duration, and feature set specified by AnansiTraps at the time of trial activation. Trial licenses may be terminated by AnansiTraps at any time without notice. No Service Level commitments apply to trial deployments.

4. License Restrictions

4.1 Prohibited Activities

You must not, and must ensure that your Authorized Users, employees, contractors, and agents do not:

a) Reverse Engineering and Modification

• Reverse engineer, decompile, disassemble, or attempt to derive the source code, algorithms, or underlying architecture of the Software or any component thereof
• Modify, adapt, translate, or create derivative works based on the Software
• Remove, alter, or obscure any proprietary notices, labels, or markings within the Software
• Patch, crack, or bypass any license enforcement, authentication, or security mechanism within the Software

b) Unauthorized Distribution

• Sell, resell, rent, lease, lend, sublicense, or otherwise transfer the Software or any license rights to any third party without AnansiTraps' prior written consent
• Distribute the Software through unauthorized channels including peer-to-peer networks, file sharing platforms, or unauthorized download portals
• Bundle the Software with other products for commercial distribution without written authorization
• Include the Software in any compilation, archive, or collection that is sold or distributed

c) Unauthorized Deployment

• Deploy Agents, Deception Assets, or any Software component within any infrastructure that you do not own or for which you have not obtained explicit written authorization from the infrastructure owner
• Use the Software to monitor, intercept, or collect data from individuals without their knowledge where required by applicable law to obtain consent
• Deploy the Software in violation of any applicable employment, privacy, or monitoring law in any jurisdiction where the Software is used
• Use the Software to conduct offensive cyberattacks, unauthorized penetration testing, or any activity directed against infrastructure you are not authorized to test

d) Misuse of Deception Capabilities

• Weaponize Deception Assets or any Software component for use against third parties outside your Licensed Environment
• Use Deception Assets to deceive, defraud, or harm legitimate users within your own organization without proper authorization and disclosure to appropriate internal stakeholders
• Deploy Deception Assets in a manner designed to entrap individuals in violation of applicable law

e) Competitive and Harmful Use

• Use the Software to develop a competing product or service
• Benchmark or test the Software for the purpose of publishing comparative performance data without AnansiTraps' prior written consent
• Introduce Malicious Code into the Software, Backend Services, or AnansiTraps' infrastructure
• Attempt to gain unauthorized access to AnansiTraps' Backend Services, management infrastructure, or other clients' data
• Use the Software to process, store, or transmit data in violation of applicable privacy laws or third-party intellectual property rights

f) Sensitive Environments

• Deploy the Software as the sole or primary security control in any Sensitive Environment without implementing additional safeguards and obtaining AnansiTraps' written acknowledgment of the deployment context

4.2 Export Restrictions

The Software may be subject to export control laws and regulations of Kenya, the United States, the European Union, and other applicable jurisdictions. You agree not to export, re-export, or transfer the Software or any related technical data to any country, entity, or individual in violation of applicable export control laws. You represent that you are not located in, under the control of, or a national of any country subject to applicable trade sanctions or embargoes.

4.3 Compliance with Laws

You are solely responsible for ensuring that your deployment and use of the Software complies with all applicable laws and regulations in every jurisdiction in which the Software is deployed, including but not limited to cybersecurity laws, privacy and data protection laws, employment and monitoring laws, financial sector regulations, government procurement regulations, and computer crime statutes.

5. Agent Software — Special Provisions

5.1 Nature of Agent Software

The AnansiTraps Agent software (including AES, CS, ZDS, AGS, AIRE, and associated collectors) is installed directly on your endpoints, servers, virtual machines, containers, or cloud instances. By installing an Agent, you acknowledge and agree to the provisions of this Section 5 in addition to all other terms of this EULA.

5.2 System Access

Agents require elevated system privileges to perform their functions, including but not limited to:

• Monitoring network traffic and connection attempts on the host system
• Creating and managing Deception Asset files, registry entries, network services, and credentials on the host system
• Intercepting and logging interactions with Deception Assets
• Collecting and transmitting Telemetry Data to AnansiTraps' Backend Services
• Receiving and applying configuration updates from AnansiTraps' Backend Services
• Integrating with host operating system security features and event logging infrastructure

You authorize AnansiTraps' Agent software to perform these functions within your Licensed Environment for the purpose of delivering the Software's deception and detection capabilities.

5.3 System Impact

AnansiTraps designs its Agent software to minimize impact on host system performance. However, you acknowledge that:

• Agent software consumes system resources including CPU, memory, network bandwidth, and disk storage
• Deception Assets created by the Agent will appear as additional services, files, or credentials on your systems
• Agent activity may be detected by other security tools, antivirus software, or endpoint detection and response (EDR) platforms, which may require whitelisting configuration
• AnansiTraps is not responsible for compatibility issues between the Agent and third-party software not listed in the Documentation as supported

5.4 Whitelisting Responsibility

You are responsible for configuring your existing security tools, antivirus software, and EDR platforms to recognize and whitelist AnansiTraps Agent processes. AnansiTraps will provide guidance on recommended whitelisting configurations in the Documentation. Failure to implement whitelisting may result in Agent interference by third-party security tools, for which AnansiTraps bears no liability.

5.5 Uninstallation

You may uninstall Agents at any time through the AnansiTraps Management Console or via standard operating system uninstallation procedures as documented. Upon uninstallation, Agents will remove Deception Assets deployed by that Agent instance and cease Telemetry Data transmission. You acknowledge that some artifacts of Agent deployment (such as system logs of Deception Asset activity) may persist in your environment after uninstallation as part of your normal system logging infrastructure.

5.6 Agent Updates

AnansiTraps may push automatic Updates to Agent software to address security vulnerabilities, fix defects, or improve performance. Critical security Updates may be applied automatically without prior notice. Non-critical Updates will be communicated via the Management Console and may be scheduled by you within a reasonable window. You must not disable automatic security Updates as doing so may compromise the integrity of the deception layer and void applicable SLA commitments.

6. Data Collection, Monitoring, and Privacy

6.1 Transparency Commitment

AnansiTraps is committed to full transparency regarding the data collected by its Software. This Section describes what the Software collects, why, how it is used, and what controls you have. This Section should be read alongside AnansiTraps' Privacy Policy and Data Processing Agreement.

6.2 What the Software Collects

The AnansiTraps Software and Agents collect the following categories of data:

Telemetry Data (Core Functionality):

• Network connection attempts to Deception Assets, including source IP addresses, ports, protocols, and timestamps
• Authentication attempts against decoy credentials, including usernames attempted and authentication methods used
• File system interactions with decoy files, including access, modification, and execution attempts
• Process and command execution associated with attacker interaction with Deception Assets
• Lateral movement indicators captured through deception breadcrumbs
• Attacker tooling signatures, payloads, and behavioral patterns observed during deception engagement

System Performance Data:

• Agent CPU and memory utilization
• Network bandwidth consumed by Agent processes
• Agent health status, uptime, and connectivity to Backend Services
• Error logs and diagnostic information

Configuration and Inventory Data:

• Host system identifiers (hostname, IP address, operating system, version)
• Network topology information relevant to Deception Asset placement
• Installed software inventory relevant to deception asset authenticity calibration
• Active network services and open ports relevant to decoy configuration

6.3 What the Software Does Not Collect

AnansiTraps explicitly does not collect:

• Personal communications, emails, messages, or documents of legitimate users
• Keystrokes, screen captures, or user activity monitoring of legitimate users going about normal work
• Passwords or credentials of legitimate users
• Personal data of individuals beyond what is incidentally captured in Telemetry Data through attacker interactions
• Financial transaction data, customer records, or business application data

6.4 Purpose of Data Collection

Telemetry Data is collected exclusively for the following purposes:

• Detecting and alerting on unauthorized access and lateral movement within your environment
• Providing threat intelligence and attack analysis through the Management Console
• Enabling AnansiTraps Managed Security Service analysts to investigate and respond to threats on your behalf
• Improving deception asset authenticity and detection accuracy
• Generating threat reports and security posture assessments

6.5 Data Transmission and Storage

Telemetry Data is transmitted from Agents to AnansiTraps' Backend Services over encrypted channels using TLS 1.2 or higher. Data is stored on AnansiTraps' infrastructure hosted on AWS, Microsoft Azure, or Google Cloud Platform, encrypted at rest using AES-256. Data residency options are available for Enterprise tier Clients — contact privacy@anansitraps.com for details.

6.6 Your Obligations Regarding Monitoring Disclosure

You are solely responsible for:

• Providing appropriate notice to individuals within your organization whose activity may be captured through deception interactions, to the extent required by applicable employment, privacy, and monitoring laws in your jurisdiction
• Obtaining any required consents from employees, contractors, or other individuals prior to deploying monitoring software within your environment
• Ensuring that your deployment of the Software complies with applicable works council, trade union, or collective bargaining requirements
• Maintaining appropriate internal policies governing the use of security monitoring software

AnansiTraps strongly recommends that you obtain legal advice on monitoring disclosure requirements in your jurisdiction before deploying the Software. AnansiTraps does not provide legal advice on jurisdiction-specific monitoring compliance.

6.7 Data Processing Agreement

Where AnansiTraps processes personal data on your behalf through the Software, such processing is governed by AnansiTraps' Data Processing Agreement (DPA), which is available at [www.anansitraps.com/dpa] and is incorporated into this EULA by reference.

7. Intellectual Property Ownership

7.1 AnansiTraps Ownership

AnansiTraps retains all right, title, and interest in and to the Software, including all Intellectual Property Rights therein. This includes the underlying source code, object code, algorithms, deception methodologies, threat detection logic, machine learning models, user interfaces, Documentation, and all Updates, Upgrades, modifications, and derivative works thereof, whether developed independently or in response to Client feedback.

Nothing in this EULA transfers any ownership rights in the Software to you. The license granted in Section 3 is a license to use, not a transfer of ownership.

7.2 Your Data Ownership

You retain all right, title, and interest in your Telemetry Data and any other data generated within your environment through the Software. AnansiTraps' rights to use your data are limited to those expressly granted in this EULA and the applicable Data Processing Agreement.

7.3 Aggregate and Anonymized Data

AnansiTraps may use aggregated, anonymized, and de-identified Telemetry Data across its client base for the purpose of:

• Improving deception asset authenticity and coverage
• Developing threat detection models and machine learning capabilities
• Publishing industry threat intelligence reports and research
• Benchmarking platform performance

Such aggregate data will never identify you, your organization, or any individual within your environment.

7.4 Feedback

If you provide suggestions, ideas, enhancement requests, or other feedback regarding the Software ("Feedback"), you grant AnansiTraps a perpetual, irrevocable, worldwide, royalty-free license to use, reproduce, modify, and incorporate such Feedback into the Software or any other AnansiTraps product without any obligation, compensation, or restriction. Feedback does not constitute your Confidential Information.

7.5 Trademarks

The AnansiTraps name, logo, product names (including AES, CloudAegis Sentinel, ZeroWeb Defense Sensor, GhostID Sensor, and AIRE), and all associated marks are the exclusive trademarks of AnansiTraps Ltd. You may not use AnansiTraps' trademarks without prior written consent, except to truthfully identify the Software as an AnansiTraps product in internal documentation and authorized communications.

7.6 Open Source Components

The Software may incorporate open source software components. A list of open source components and their applicable licenses is available in the Software's Documentation. To the extent required by applicable open source licenses, those licenses apply to the relevant components. Nothing in this EULA restricts your rights under any applicable open source license.

8. Confidentiality

8.1 Confidential Information

Each party acknowledges that in connection with this EULA it may receive Confidential Information of the other party. For AnansiTraps, Confidential Information includes the Software source code, deception methodologies, threat detection algorithms, pricing, roadmap, and business information. For you, Confidential Information includes your network topology, security posture, Telemetry Data, and incident information.

8.2 Obligations

Each party agrees to:

• Hold the other party's Confidential Information in strict confidence
• Use Confidential Information only for the purposes of this EULA
• Not disclose Confidential Information to any third party without prior written consent, except to employees, contractors, or advisors with a need to know who are bound by equivalent confidentiality obligations
• Apply security measures to protect Confidential Information that are no less rigorous than those applied to its own most sensitive information

8.3 Exclusions

Confidentiality obligations do not apply to information that is or becomes publicly available through no breach of this EULA, was already known to the receiving party prior to disclosure, is independently developed without use of Confidential Information, or is required to be disclosed by law or court order.

8.4 Survival

Confidentiality obligations survive termination or expiry of this EULA for five (5) years, except with respect to trade secrets, which are protected indefinitely.

9. Updates, Upgrades, and Support

9.1 Updates

AnansiTraps will provide Updates to the Software during the License Term. Updates are included in your subscription at no additional charge. AnansiTraps may deliver Updates automatically through the Backend Services or may make them available for manual download through the Management Console or authorized download portal.

9.2 Critical Security Updates

AnansiTraps may deliver critical security Updates automatically without prior notice where necessary to address active security vulnerabilities in the Software. You acknowledge and consent to automatic delivery of critical security Updates as a condition of using the Software. Disabling automatic Update delivery is not supported for critical security Updates.

9.3 Upgrades

Major version Upgrades may be provided as part of your subscription or may require an additional fee, as specified in your Order Form. AnansiTraps will provide at least thirty (30) days' advance notice of any Upgrade that requires action on your part, including system requirement changes or migration procedures.

9.4 End of Life

AnansiTraps may discontinue support for specific Software versions ("End of Life" or "EOL"). AnansiTraps will provide at least ninety (90) days' written notice before any Software version reaches EOL. Following EOL, AnansiTraps will no longer provide Updates, security patches, or support for the affected version. You are strongly advised to upgrade to a supported version prior to EOL.

9.5 Support

Technical support for the Software is provided in accordance with the applicable Service Level Agreement. Support contacts and escalation procedures are set out in the SLA.

10. Warranties and Disclaimers

10.1 AnansiTraps Limited Warranty

AnansiTraps warrants that:

• The Software will perform materially in accordance with the Documentation for a period of ninety (90) days following initial installation ("Warranty Period")
• The Software does not, to AnansiTraps' knowledge at the time of distribution, contain Malicious Code intentionally introduced by AnansiTraps
• AnansiTraps has the right and authority to grant the license in Section 3

10.2 Warranty Remedy

If the Software fails to perform materially in accordance with the Documentation during the Warranty Period, your sole and exclusive remedy is to notify AnansiTraps in writing and AnansiTraps will use commercially reasonable efforts to correct the non-conformity. If AnansiTraps is unable to correct the non-conformity within a reasonable time, AnansiTraps may, at its discretion, refund the pro-rated portion of fees paid for the affected License Term.

10.3 Disclaimer of Warranties

EXCEPT FOR THE LIMITED WARRANTY IN SECTION 10.1, THE SOFTWARE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTY OF ANY KIND. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, ANANSITRAPS EXPRESSLY DISCLAIMS ALL OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING BUT NOT LIMITED TO:

• IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT
• WARRANTIES THAT THE SOFTWARE WILL BE UNINTERRUPTED, ERROR-FREE, OR FREE FROM SECURITY VULNERABILITIES
• WARRANTIES THAT THE SOFTWARE WILL DETECT ALL ADVERSARIAL ACTIVITY, ALL INTRUSION ATTEMPTS, OR ALL THREATS WITHIN YOUR ENVIRONMENT
• WARRANTIES REGARDING THE ACCURACY, COMPLETENESS, OR TIMELINESS OF TELEMETRY DATA OR THREAT INTELLIGENCE GENERATED BY THE SOFTWARE
• WARRANTIES THAT THE SOFTWARE IS COMPATIBLE WITH ALL HARDWARE, OPERATING SYSTEMS, OR THIRD-PARTY SOFTWARE IN YOUR ENVIRONMENT

YOU ACKNOWLEDGE THAT CYBER DECEPTION TECHNOLOGY IS ONE COMPONENT OF A COMPREHENSIVE CYBERSECURITY STRATEGY AND THAT ANANSITRAPS DOES NOT WARRANT THAT THE SOFTWARE WILL PREVENT ALL SECURITY INCIDENTS OR ELIMINATE ALL CYBERSECURITY RISK.

11. Limitation of Liability

11.1 Exclusion of Consequential Damages

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL ANANSITRAPS, ITS DIRECTORS, OFFICERS, EMPLOYEES, CONTRACTORS, AGENTS, LICENSORS, OR SUPPLIERS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES ARISING OUT OF OR IN CONNECTION WITH THIS EULA OR THE SOFTWARE, INCLUDING BUT NOT LIMITED TO:

• LOSS OF PROFITS, REVENUE, OR ANTICIPATED SAVINGS
• LOSS, CORRUPTION, OR UNAUTHORIZED ACCESS TO DATA
• BUSINESS INTERRUPTION OR LOSS OF BUSINESS OPPORTUNITY
• REPUTATIONAL HARM OR LOSS OF GOODWILL
• COST OF SUBSTITUTE GOODS OR SERVICES
• FAILURE TO DETECT A SECURITY INCIDENT OR BREACH

EVEN IF ANANSITRAPS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND EVEN IF A REMEDY SET FORTH HEREIN IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.

11.2 Cap on Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, ANANSITRAPS' TOTAL CUMULATIVE LIABILITY TO YOU ARISING OUT OF OR IN CONNECTION WITH THIS EULA OR THE SOFTWARE, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR OTHERWISE, SHALL NOT EXCEED THE TOTAL FEES PAID BY YOU TO ANANSITRAPS FOR THE SOFTWARE IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM. WHERE NO FEES HAVE BEEN PAID (INCLUDING DURING A FREE TRIAL), ANANSITRAPS' MAXIMUM LIABILITY SHALL BE USD 100.

11.3 Exceptions

The limitations and exclusions in Sections 11.1 and 11.2 do not apply to:

• Death or personal injury caused by AnansiTraps' negligence
• Fraud or fraudulent misrepresentation by AnansiTraps
• AnansiTraps' indemnification obligations under Section 12
• Any liability that cannot be excluded or limited under applicable law including the Kenya Consumer Protection Act

11.4 Basis of the Bargain

You acknowledge that the limitations of liability in this Section reflect a reasonable allocation of risk between the parties and are a fundamental element of the basis of the bargain between AnansiTraps and you. AnansiTraps would not have entered into this EULA without these limitations.

11.5 Essential Security Disclaimer

YOU EXPRESSLY ACKNOWLEDGE THAT THE SOFTWARE IS A DECEPTION AND DETECTION TOOL DESIGNED TO IMPROVE YOUR SECURITY POSTURE. IT IS NOT A GUARANTEE AGAINST ALL SECURITY INCIDENTS. ANANSITRAPS SHALL NOT BE LIABLE FOR ANY SECURITY BREACH, DATA LOSS, OR UNAUTHORIZED ACCESS THAT OCCURS WITHIN YOUR ENVIRONMENT, WHETHER OR NOT THE SOFTWARE IS DEPLOYED, WHETHER OR NOT THE SOFTWARE DETECTED THE RELEVANT ACTIVITY, AND WHETHER OR NOT THE SOFTWARE FUNCTIONED AS DOCUMENTED.

12. Indemnification

12.1 By AnansiTraps

AnansiTraps will defend you against any third-party claim alleging that the Software, as delivered and used in strict accordance with this EULA and the Documentation, infringes any patent, copyright, trademark, or trade secret enforceable in Kenya or a jurisdiction in which AnansiTraps has authorized use of the Software. AnansiTraps will pay damages and costs finally awarded against you in connection with such a claim.

This obligation does not apply if the alleged infringement arises from:

• Your modification of the Software
• Combination of the Software with third-party products, data, or services not approved by AnansiTraps
• Your use of the Software outside the scope of this EULA
• Your failure to implement Updates that would have avoided the infringement

12.2 By You

You will defend, indemnify, and hold harmless AnansiTraps and its directors, officers, employees, and agents against any third-party claim, loss, damage, liability, cost, or expense (including reasonable legal fees) arising from:

• Your breach of any provision of this EULA
• Your deployment of the Software outside your Licensed Environment or without required authorizations
• Your use of the Software in violation of applicable law
• Claims by your employees, contractors, or other individuals arising from your deployment of monitoring and deception software without required disclosures or consents
• Your Telemetry Data or other data infringing any third-party rights
• Any claim by an MSSP's end client arising from the MSSP's deployment of the Software

12.3 Indemnification Process

The indemnified party must promptly notify the indemnifying party in writing of any claim, grant the indemnifying party sole control of the defense and settlement, and provide reasonable cooperation and assistance. The indemnifying party may not settle any claim that imposes liability or obligation on the indemnified party without prior written consent, not to be unreasonably withheld.

13. Term and Termination

13.1 Term

This EULA commences on the date you first download, install, or use the Software and continues for the duration of the License Term specified in your Order Form or activation credentials, and thereafter for any renewal periods, unless earlier terminated in accordance with this Section.

13.2 Termination by You

You may terminate this EULA at any time by:

• Uninstalling all Agents and Software components from your environment
• Ceasing all use of the Software
• Providing written notice of termination to legal@anansitraps.com

Termination does not entitle you to a refund of prepaid fees except as expressly provided in the Terms and Conditions.

13.3 Termination by AnansiTraps for Cause

AnansiTraps may terminate this EULA and your license to the Software immediately upon written notice if:

• You materially breach this EULA and fail to cure such breach within fifteen (15) days of receiving written notice specifying the breach in detail
• You breach Section 4 (License Restrictions), Section 5.3 (Unauthorized Deployment), or Section 6.6 (Monitoring Disclosure Obligations) — such breaches are deemed material and incurable at AnansiTraps' discretion
• You become insolvent, make an assignment for the benefit of creditors, or become subject to bankruptcy, liquidation, or equivalent proceedings
• You use the Software in a manner that AnansiTraps reasonably determines poses an immediate security risk to AnansiTraps' Backend Services or other clients

13.4 Suspension

In addition to termination rights, AnansiTraps may immediately suspend your access to Backend Services and deactivate Agent functionality without terminating this EULA where:

• AnansiTraps has reasonable grounds to believe your deployment constitutes unauthorized use
• Your account has outstanding undisputed overdue invoices (following notice as per the Terms and Conditions)
• AnansiTraps is required to suspend access by applicable law or regulatory authority

AnansiTraps will restore access promptly upon resolution of the issue giving rise to suspension.

13.5 Effect of Termination

Upon termination or expiry of this EULA for any reason:

• All licenses granted herein immediately cease
• You must immediately uninstall all Agents and Software components and cease all use of the Software
• You must destroy all copies of the Software in your possession or control
• AnansiTraps will deactivate your license credentials and cease Backend Services connectivity
• AnansiTraps will handle your Telemetry Data in accordance with the Data Processing Agreement
• You must certify in writing to AnansiTraps upon request that you have complied with the foregoing obligations

13.6 Surviving Provisions

The following Sections survive termination or expiry of this EULA: 2 (Definitions), 4 (License Restrictions), 6.3 (What the Software Does Not Collect), 7 (Intellectual Property Ownership), 8 (Confidentiality), 10.3 (Disclaimer of Warranties), 11 (Limitation of Liability), 12 (Indemnification), 13.5 (Effect of Termination), 13.6 (Surviving Provisions), 14 (Governing Law and Dispute Resolution), and 15 (General Provisions).

14. Governing Law and Dispute Resolution

14.1 Governing Law

This EULA is governed by and construed in accordance with the laws of Kenya, without regard to its conflict of laws principles. Where mandatory consumer protection or data protection laws of the End User's jurisdiction impose requirements that cannot be waived by contract, those requirements apply to the extent of the mandatory provisions only.

14.2 Good Faith Negotiation

The parties agree to first attempt to resolve any dispute arising out of or in connection with this EULA through good faith negotiation between senior representatives for a period of thirty (30) days following written notice of the dispute to legal@anansitraps.com.

14.3 Arbitration

If a dispute is not resolved through negotiation within thirty (30) days, it shall be finally and exclusively resolved by binding arbitration under the Nairobi Centre for International Arbitration (NCIA) Rules. The seat of arbitration shall be Nairobi, Kenya. The arbitration shall be conducted in English by a single arbitrator. The arbitral award shall be final, binding, and enforceable in any court of competent jurisdiction.

14.4 Injunctive Relief

Notwithstanding Section 14.3, either party may seek urgent injunctive or other equitable relief from any court of competent jurisdiction without prior notice or the exhaustion of negotiation procedures, where necessary to prevent or restrain:

• Unauthorized use or distribution of the Software
• Breach or threatened breach of confidentiality obligations
• Infringement or threatened infringement of Intellectual Property Rights
• Any other irreparable harm

14.5 Class Action Waiver

TO THE EXTENT PERMITTED BY APPLICABLE LAW, YOU AGREE THAT ANY DISPUTE RESOLUTION PROCEEDING WILL BE CONDUCTED ON AN INDIVIDUAL BASIS ONLY AND NOT AS A CLASS ACTION, COLLECTIVE ACTION, OR REPRESENTATIVE PROCEEDING.

15. General Provisions

15.1 Entire Agreement

This EULA, together with the applicable Order Form, Terms and Conditions, Data Processing Agreement, and Service Level Agreement, constitutes the entire agreement between the parties with respect to the Software and supersedes all prior agreements, representations, warranties, and understandings relating to the subject matter hereof.

15.2 Severability

If any provision of this EULA is held by a court or arbitrator of competent jurisdiction to be invalid, illegal, or unenforceable, that provision shall be modified to the minimum extent necessary to make it enforceable. If modification is not possible, the provision shall be severed from this EULA. The remaining provisions shall continue in full force and effect.

15.3 Waiver

No failure or delay by AnansiTraps in exercising any right or remedy under this EULA shall operate as a waiver of that right or remedy. No single or partial exercise of any right or remedy shall preclude any further exercise of that right or remedy. Waivers must be in writing and signed by an authorized representative of AnansiTraps to be effective.

15.4 Amendment

AnansiTraps reserves the right to amend this EULA at any time. Material amendments will be communicated to active license holders via email and posted at [www.anansitraps.com/eula] with at least thirty (30) days' notice before taking effect. Your continued use of the Software after the effective date of an amendment constitutes acceptance of the amended EULA. If you do not agree to an amendment, you must cease using the Software and notify AnansiTraps of termination before the amendment takes effect.

15.5 Assignment

You may not assign, transfer, or delegate this EULA or any rights or obligations hereunder without AnansiTraps' prior written consent. AnansiTraps may assign this EULA in connection with a merger, acquisition, corporate restructuring, or sale of all or substantially all of its assets, provided the assignee assumes all obligations herein and written notice is given to you. Any purported assignment in violation of this Section is void.

15.6 Force Majeure

AnansiTraps is not liable for any failure or delay in performance of its obligations under this EULA where such failure or delay is caused by circumstances beyond its reasonable control, including acts of God, war, civil unrest, cyberattacks on third-party infrastructure, government action, pandemic, power failure, or natural disaster, provided AnansiTraps gives prompt written notice and uses commercially reasonable efforts to resume performance.

15.7 No Third-Party Beneficiaries

This EULA is entered into solely for the benefit of AnansiTraps and you. Nothing in this EULA confers any rights or remedies on any third party.

15.8 Notices

All notices under this EULA must be in writing and delivered by email with confirmation of receipt, or by courier, to the addresses specified in the Order Form. Notices to AnansiTraps must be addressed to legal@anansitraps.com. Notices are effective upon confirmed receipt.

15.9 Language

This EULA is executed in the English language. Where this EULA is translated into any other language for convenience, the English version shall prevail in the event of any inconsistency.

15.10 Headings

Section headings are included for convenience only and shall not affect the interpretation of this EULA.

15.11 Relationship of the Parties

The parties are independent contractors. Nothing in this EULA creates a partnership, joint venture, agency, franchise, employment, or fiduciary relationship between the parties.

15.12 Anti-Corruption and Ethics

Each party represents and warrants that it has not and will not offer, pay, promise, or authorize any bribe, kickback, or improper payment in connection with this EULA or the Software, in compliance with applicable anti-corruption laws including the Kenyan Anti-Corruption and Economic Crimes Act and the US Foreign Corrupt Practices Act where applicable.

15.13 Government End Users

If you are a government entity, the Software is provided as a "commercial item" as defined under applicable government procurement regulations. Government End Users acquire only those rights expressly granted in this EULA and no greater rights. Where government procurement regulations impose requirements that conflict with this EULA, the parties agree to negotiate in good faith to accommodate such requirements while preserving the essential commercial terms herein.

16. Contact Information

For all matters relating to this EULA, including licensing inquiries, compliance questions, suspected misuse, and legal notices, please contact:

AnansiTraps Ltd.
Attn: Legal & Compliance
Nairobi, Kenya

Response Times:

• Legal notices: Acknowledged within 2 business days
• Licensing inquiries: Responded to within 3 business days
• Security reports: Acknowledged within 24 hours