Indemnification Agreement

Effective date: 2026-06-02  ·  Last updated: 2 June 2026

This Indemnification Agreement (the “Agreement”) is incorporated into and forms part of the EmberHound Terms of Service (the “Terms”) between EmberHound Ltd (“EmberHound”) and the customer identified in the applicable EmberHound account (“Customer”). Capitalized terms not defined here have the meanings given in the Terms. In the event of a conflict between this Agreement and the Terms, the Terms control, except with respect to the specific indemnification matters addressed in this Agreement, which govern.

1. Definitions

  • “Claim” means any third-party demand, action, suit, investigation, or proceeding, whether at law or in equity, brought against an Indemnified Party.
  • “Indemnified Party” means the party (and its directors, officers, employees, agents, and affiliates) entitled to indemnification under this Agreement.
  • “Indemnifying Party” means the party obligated to provide indemnification.
  • “Losses” means damages, fines, penalties, settlement amounts approved in accordance with Section 5, and reasonable attorneys’ fees and costs finally awarded against an Indemnified Party (or paid in settlement) in connection with a Claim.

2. EmberHound Indemnity (IP Infringement)

EmberHound will defend Customer from and against any Claim brought by an unaffiliated third party alleging that Customer’s use of the Service in accordance with the Terms and the Documentation infringes that third party’s copyright, registered trademark, issued patent, or trade secret rights enforceable under applicable law.

Mitigation rights. If a Claim is brought or, in EmberHound’s reasonable opinion, is likely to be brought, EmberHound may, at its option and expense: (a) procure the right for Customer to continue using the affected portion of the Service; (b) modify or replace the affected portion to make it non-infringing while preserving substantially equivalent functionality; or (c) if neither (a) nor (b) is commercially reasonable, terminate the affected subscription and refund any prepaid fees attributable to the unused portion of the term.

Exclusions. EmberHound has no obligation under this Section 2 to the extent a Claim arises out of or relates to: (i) Customer Data or any content, configuration, rule overlay, or material provided by Customer; (ii) use of the Service in combination with any product, service, or data not provided by EmberHound, where the Claim would have been avoided absent such combination; (iii) modifications to the Service or the Agent not made or authorized in writing by EmberHound; (iv) use of the Service after EmberHound notified Customer to stop using a version due to infringement risk and a non-infringing alternative was made available; (v) use of the Service in violation of the Terms; or (vi) Pre-Release Offerings, free, evaluation, or no-charge use of the Service.

This Section 2 states EmberHound’s sole and exclusive liability, and Customer’s sole and exclusive remedy, for any third-party claim of intellectual property infringement.

3. Customer Indemnity

Customer will defend EmberHound from and against any Claim brought by an unaffiliated third party (including any Customer employee, contractor, end user, or regulator) arising out of or related to:

  • Unauthorized deployment. The installation, operation, or use of the Agent on any device that is not an Authorized Device, or the failure to provide notices or obtain consents required under applicable law for monitoring or data-discovery activities (Section 5 of the Terms);
  • Customer Data and content. Customer Data, Customer’s rule overlays, custom detections, or other content submitted to or processed by the Service, including any claim that such content violates applicable law or infringes the rights of a third party;
  • Misuse of the Service. Customer’s breach of Section 4 (Agent Software License) or Section 6 (Acceptable Use) of the Terms, including any use of the Service to violate computer-misuse, wiretapping, surveillance, employment-monitoring, anti-discrimination, or export-control laws;
  • Regulatory programmes. Customer’s compliance, certification, attestation, or audit programmes (including PCI DSS, GDPR, CCPA, HIPAA, SOC 2, CIS), including any third-party claim that the existence, scope, scoring, or output of any report, finding, or evidence package generated by Customer’s use of the Service misrepresents Customer’s compliance posture;
  • Customer relationships. Any dispute between Customer and its employees, contractors, customers, data subjects, regulators, or other counterparties relating to the Service or to data discovered, processed, or remediated through the Service; and
  • Customer breach. Customer’s material breach of its representations, warranties, or covenants in the Terms or this Agreement.

Customer will indemnify EmberHound for Losses resulting from any such Claim. Customer’s obligations under this Section 3 are not subject to the aggregate liability cap in Section 14 of the Terms, consistent with the carve-out set forth there.

4. Acknowledgement Regarding Compliance and Security Outcomes

Customer acknowledges that the Service is a software tool that surfaces signals about data discovery and control posture, and that EmberHound is not an auditor, qualified security assessor, certified public accountant, law firm, or regulatory adviser. The Service does not constitute legal, audit, accounting, or professional compliance advice. No output of the Service, including any finding, scan summary, SOC 2 evidence record, CIS scorecard, DSAR disclosure pack, or generated report, constitutes a certification, attestation, or representation by EmberHound that Customer is compliant with any regulatory or contractual framework. Customer is solely responsible for engaging qualified advisers and independent auditors to assess and attest to its compliance posture.

Accordingly, Customer acknowledges that EmberHound is not, and does not indemnify Customer against, any fine, penalty, settlement, or Loss arising from a regulator’s finding that Customer is non-compliant with any framework, irrespective of any output of the Service.

5. Indemnification Procedure

As a condition of indemnification, the Indemnified Party will:

  • Prompt notice. Promptly notify the Indemnifying Party in writing of the Claim. Failure to give prompt notice relieves the Indemnifying Party of its obligations only to the extent it is materially prejudiced by the delay;
  • Control of defence. Give the Indemnifying Party sole control of the defence and settlement of the Claim, except that the Indemnifying Party may not enter into any settlement that (a) imposes any non-monetary obligation on the Indemnified Party, (b) admits fault on its behalf, or (c) fails to include an unconditional release of the Indemnified Party, without the Indemnified Party’s prior written consent (not to be unreasonably withheld);
  • Reasonable cooperation. Provide reasonable cooperation, information, and assistance at the Indemnifying Party’s expense; and
  • Separate counsel. Have the right to participate in the defence at its own expense with counsel of its choice.

6. Insurance

During the subscription term, EmberHound will maintain commercial general liability, technology errors-and-omissions, and cyber liability insurance with coverage limits customary for SaaS providers of comparable scale. Upon Customer’s written request (no more than once per twelve-month period), EmberHound will provide a certificate of insurance evidencing such coverage.

7. Relationship to Limitation of Liability

EmberHound’s indemnification obligations under Section 2 are subject to the aggregate liability cap and exclusion of indirect damages in Section 14 of the Terms. Customer’s indemnification obligations under Section 3 are not subject to the aggregate liability cap, as set forth in the carve-outs in Section 14 of the Terms, but remain subject to the exclusion of indirect damages, except where such exclusion is itself disapplied by the carve-out language in the Terms.

8. Survival

This Agreement survives the expiration or termination of the Terms with respect to any Claim arising out of facts or circumstances occurring during the term.

9. Notices and Contact

Notices of any Claim must be sent to legal@emberhound.com with copy to EmberHound’s registered office. Customer must provide a current legal-notice address in its account profile.

We use cookies to improve your experience and analyse site usage. Privacy policy.