Service Supplement
Last Modified: April 11, 2025
SERVICE SUPPLEMENT EDGECAST CDN SERVICES
1. Edgecast CDN Services – Description. Edgecast shall provide digital media management, content delivery network ("CDN"), network capacity and storage services (collectively, "CDN Services" or “Services”).
2. Fees and Charges. Customer shall pay in full to Edgecast all fees or charges incurred on Customer’s account, as set forth in this Agreement and any SO or SOW, without set-off, withholding or deduction by Customer, regardless of whether or how much Customer uses the CDN Services. Edgecast shall provide notice to Customer of rate changes to the CDN Services. The new rates shall be effective on the date set forth in the notice. Edgecast makes available to Customer, via Edgecast reporting tools, data regarding Customer's billable usage of bandwidth or Services on which fees or charges are assessed; but Edgecast is not responsible for notifying Customer of usage or activity patterns occurring on Customer’s account.
3. Encryption. Customer shall be solely responsible for any encryption of Customer Content on or in connection with the CDN Services.
4. Acceptance of SO or SOW. Edgecast shall not be bound to provide CDN Services until the applicable SO or SOW has been mutually accepted. If Customer begins using CDN Services prior to the Service Start Date set forth in the applicable SO or SOW, the provision and use of CDN Services nonetheless shall be governed by the terms of the SO or SOW.
5. SLA. The CDN Services SLA is attached as Attachment 1 and incorporated herein by this reference.
6. Payment. Edgecast shall submit invoices (electronically or otherwise) to Customer for amounts due under the SO or SOW. Payment is due within 30 days of the invoice date.
7. Invoicing. Except as otherwise expressly stated in the SO applicable to the Services, Edgecast shall invoice Customer (1) quarterly, in advance, for monthly recurring fees (“MRC”) for Services and for any nonrecurring fees (“NRC”), including any other set-up or one-time fees; or monthly, in advance, for MRCs and NRCs, including any other set-up or other one-time fees, if Customer has pre-authorized automatic payments via credit card; and (2) monthly, in arrears, for charges for use of the Services that exceed the applicable MRCs (“Overages”), as set forth in the applicable SO. Edgecast will begin invoicing Customer on the Service Start Date, even if Edgecast cannot begin timely delivery of Services for any reason caused by Customer. All fees or charges shall be invoiced and payable in United States dollars, unless otherwise mutually agreed in writing. For each credit/debit card chargeback decided in Edgecast’s favor, Edgecast may invoice Customer a $25.00 charge to recover costs and may pursue any other remedies available herein. Any Credit granted under the applicable SLA, as defined therein, shall be applied to the next applicable invoice.
7.1. Transaction Volumes, Logs, Sub-Accounts.
a. For transaction invoicing purposes, delivered objects smaller than 1 kilobyte ("kB") in size shall be rounded up to 1 kB. Delivery measurements shall include transferred FTP and rsync data. If at least five percent of Customer’s transactions are erroneous (e.g., HTTP 1.1 standard errors that include HTTP status codes 403, 404, 500, 502 or 504), Edgecast reserves the right to invoice Customer additional charges, up to $0.01 per 1,000 transactions.
b. If Customer has enabled logging functionality and is generating more than 5,000,000,000 log records per month, Edgecast reserves the right to invoice Customer additional charges, up to $0.01 per 1,000 log records processed.
c. If Customer has purchased partner control center functionality, Edgecast reserves the right to invoice Customer an additional monthly charge of $1.00 for each Customer sub-account beyond the initial 50 created within Customer’s account.
7.2. 95th Percentile Basis. As specified in the applicable SO or SOW, for CDN Services provided on a megabits-per-second (“Mb/s”) or burst-able basis (“95th Percentile Basis”), Customer agrees to a monthly minimum commitment for bandwidth use, with the opportunity to ‘burst’ beyond such commitment subject to a charge for each Mb/s of excess use. A gigabyte (“GB”) means 1,000,000,000 bytes of data transferred (for CDN Services other than dedicated storage) or data stored (for storage services). Each month, Customer is responsible for paying the greater of
(1) the applicable charges for CDN Services provided to Customer during the period on a 95th Percentile Basis or (2)Customer’s applicable MRC. Every five minutes, Edgecast’s bandwidth monitoring shall sample (i.e., record a data point reflecting Customer’s bandwidth use) the inbound and outbound bandwidth for each CDN Services connection. This sample shall represent the average aggregate use of all Customer Delivery during that five-minute increment. Edgecast shall store all such samples for one month. At the end of the month, Edgecast shall collect and sort all such samples from highest to lowest, discarding the top five percent of inbound samples and outbound samples. The next highest remaining sample on the combined inbound and outbound shall represent the 95th Percentile Basis result. The following is the formula based on a 30-day month of Services use: 12 (Samples/Hour) x 24 (Hours/day) x 30 (days/Month) = 8,640Samples/Month. Five percent of the 8,640 Samples/Month = 432 Samples/Month are discarded. The highest remaining data sample in the inbound or outbound represents the 95th Percentile Basis, for purposes of calculating total bandwidth use. Edgecast shall use the 95th Percentile Basis result as the basis for calculating any additional fees or charges for use of CDN Services during that month in excess of Customer’s applicable MRCs. If the 95th Percentile Basis result falls below the minimum use commitment, Edgecast shall not invoice additional fees or charges. To calculate the 95th Percentile Basis, Edgecast shall disregard samples with zero inbound or outbound data. For example, to enable use ofServices for short events (e.g., three hour duration) at fair pricing, Edgecast shall calculate the 95th Percentile Basis onlyfrom sample data obtained during the event.
7.3. Log Streaming. Log Streaming or Real Time Logs Delivery (RTLD) is a service that processes and streams raw logs to a Customer’s endpoint as they occur, rather than being batched or stored for periodic delivery or retrieval. Unless included in a bundle, Log Streaming may be subject to an additional charge.
a. Customer Responsibilities. Customer is solely responsible for properly enabling and configuring LogStreaming in the customer portal, and for provisioning, configuration, and security of customer’s specified endpoint. Useof the Log Streaming service is limited to internal use for general analytics, business intelligence, and diagnostic purposes.Customer may not use the service or data provided by the service for benchmarking or comparative purposes.
b. Service Conditions. Edgecast’s responsibility for this service ends with the log messages being transmitted from our infrastructure. Edgecast does not represent or guarantee that every log record generated by every request will arrive at Customer’s designated endpoint, and Customer acknowledges that log record delivery may be the subject of delivery delays. The Log Streaming service cannot be used as a substitute for CDN billing computation and should not be used as an alternative for edge-deployed business logic for processing or analyzing requests served by the CDN.
7.4. Origin Shield. Origin Shield establishes an additional layer of proxy servers in a tiered-distribution architecture to increase cache hit ratio and reduce the number of connections from proxy server to origin. Unless included in a bundle, Origin Shield may be subject to an additional charge.
7.5. Termination. If Customer terminates an SO or SOW without cause or if Edgecast terminates the applicable SO or SOW for cause, then Customer shall be invoiced and shall pay to Edgecast an amount equal to (i)Customer’s MRCs multiplied by the number of months remaining in the term of the applicable SO or SOW and (ii)Customer's average monthly Overages multiplied by the number of months remaining in the term of the applicable SO or SOW.
ATTACHMENT 1 TO SERVICE SUPPLEMENT
This Service Level Agreement (“CDN Services SLA”) shall only apply to CDN Services.
1. Definitions.
a. "Customer Content," for purposes of this CDN Services SLA means objects delivered from a Delivery Server.
b. "Delivery Server" means Edgecast-owned and operated servers for delivering Customer Content located on the CDN at Edgecast’s Points of Presence (each, a “POP”).
c. "Services Outage" means an instance in which CDN Services are completely unavailable for more than 15 consecutive minutes.
d. "Origin Server" means either Edgecast’s or Customer’s Internet web server, where Customer Content is stored for retrieval by Delivery Servers.
2. SLA. This Service Level Agreement shall only apply to CDN Services, as defined within this attachment.
2.1. Guarantee of 100% Uptime. Subject to the SLA Exceptions set forth below, Edgecast provides an uptime guarantee of 100% to Customer covering (a) uptime of the Edgecast content delivery network and (b) CustomerContent delivery uptime and availability. Periodically (i.e., every 15 minutes or more often), Edgecast shall measure Customer Content delivery availability by requesting representative Customer Content from DeliveryServers at selected POPs, using software and hardware components capable of measuring Delivery and responses at the selected POPs.
a. To be eligible for a Credit under this SLA, Customer must be in good standing with no delinquent invoices, in addition to any other SLA requirements.
b. Credit will only be issued if the Customer has paid in full for all Services covering the time period within which the Credit is requested. Credit will not be issued if the Customer is in breach of the Agreement, including the applicable SO.
c. If Customer is eligible to receive more than one Credit attributable to the same SLA failure,Customer shall only receive one Credit equal to the highest of all Credits then available.
d. Edgecast may modify any SLA from time to time, effective upon notice to Customer or posting of the revised SLA on Edgecast's website or other Service specific website as applicable. Continued use of Services 15 days after the date of such notice or posting shall constitute assent to the modified SLA.
2.2. SLA Exceptions. Customer shall not be eligible to receive a Credit and Edgecast shall not be held responsible for an SLA failure, if a Services Outage (as defined above) or other service level failure occurs due, directly or indirectly, to the following (collectively, the “SLA Exceptions”): (i) Force Majeure Events; (ii) DNS issues beyond Edgecast’s direct control; (iii) scheduled maintenance and emergency maintenance and upgrades; (iv)failure or unavailability of hardware that Customer provides or controls, including, but not limited to, any Customer origin server; (v) failure or unavailability of any third party or public network or system, or software applications or code that Customer provides to Edgecast, or the interactions of these items; (vi) negligent acts or omissions, willful misconduct or breach of the applicable SO, Service Supplement, or the Agreement by Customer or others engaged or authorized by Customer; or (vii) stream buffering that occurs due to, or associated with, conditions beyond Edgecast’s network or Edgecast’s immediate control.
3. Credits and Credits Claims.
a. In order to be eligible for a Credit Claim, as defined below, Customer must notify Customer Support at Edgecast of any Services Outage, using the procedures set forth by Edgecast by emailing support@edgecast.io, within five business days following the Services Outage.
b. To request a Credit under this SLA, Customer must submit a request in writing via email to support@edgecast.io. The request must include Customer’s (i) company name; (ii) contact name; (iii) email address; (iv) phone number; (v) the date(s) of the suspected Services Outage; (vi) a reasonably detailed description of the reason for the Credit request; and (vii) the duration of the Services Outage, network trace routes, the URL(s) affected and any attempts made by Customer to resolve the Services Outage (a “Credit Claim”).
c. Edgecast must receive the Credit Claim within 30 days of the suspected Services Outage, including sufficient evidence to support the Credit Claim from the Customer.
d. The suspected Services Outage must be capable of confirmation by Edgecast’s measurement tools. Edgecast will use all information reasonably available to it to validate Credit Claims and make a good faith judgment on whether the SLA applies to the Credit Claim.
e. A Credit may not be transferred or applied to any other Edgecast account.
f. Any issued Credit shall be applied to Customer’s invoice within two invoicing cycles after Edgecast initially received the Credit request. Credits are exclusive of any Taxes charged to Customer or collected by Edgecast.
g. A Credit is calculated on the basis of a 30-day month. Notwithstanding anything in this SLA to the contrary, total Credits issued to Customer in connection with any calendar month shall not exceed 50% of the Base Charge paid by Customer for such month. “Base Charge” consists solely of the committed base monthly charge paid by Customer for Applications Services at issue and excludes all other fees or charges that might be paid by Customer including, but not limited to, setup charges, charges for additional or other services, incremental bandwidth usage, professional services, whether MRC or on a time and material basis, e.g., SOC and expert services, and any other type of optional additional services.
h. Credits are exclusive of any Taxes charged to Customer or collected by Edgecast.
i. Calculation of Credits: Subject to the terms and conditions of this CDN Platform Service SLA, Edgecast shall issue to Customer a credit for a Services Outage in an amount equal to the lesser of one day’s worth of the Base Charge paid by Customer, multiplied by each 24-hour period in which Customer experienced a Services Outage during a particular month.
j. Edgecast reserves the right to periodically change the measurement points and methodologies it uses. This CDN Services SLA sets forth Customer’s sole and exclusive remedy for a Services Outage and other issues related to the CDN Platform Service.
SERVICE SUPPLEMENT EDGECAST SECURITY SERVICES
1. Edgecast Security Services - Description. Edgecast Security Services or (“Security Services” or “Services”), embedded in the Edgecast platform, provide the capability to inspect Customer’s web traffic through Edgecast’s platform to identify malicious traffic targeted at Customer web applications and to perform mitigation of the malicious traffic. Customers may enable security rules settings via a configuration user interface (UI) or application programming interface (API) to protect their web traffic. The Services also provide a Customer with visibility on attack trends via a security dashboard or through security logs.
2. Security Application Manager. Customer implements the Services through the security application manager (the “Security Application Manager”), and within each Security Application Manager Customer may configure the following security settings (the “Settings”):
a. Access Rules Setting: This setting includes access to create an access control list (ACL) to deny/allow requests based on criteria such as IP, country, user-agent, referrer, ASN, and cookie.
b. Managed Rules Setting: This setting includes access to Edgecast managed Web Security Rules to protect against common or application-specific attacks such as SQL injection (SQLi), cross-site-scripting (XSS), remote code execution (RCE) and HTTP protocol violations.
c. Custom Rules Setting: This setting includes access to create custom security rules for Web Application Firewall that matches Customer’s defined conditions such as request header, request body, URI and cookie.
d. Rate Rules Setting: This setting includes access to create rate-based rules to limit the Customer request rate to the web application or API to prevent volumetric attack.
e. Bot Manager Standard Rules Setting: This setting includes the access to create rules that challenge any type of request(s) to access Customer’s web applications, and to prevent such request(s) that fail the challenge to access Customer’s web applications.
f. Bot Manager Advanced Rules Setting: This setting includes all of the features present in Edgecast’s Bot Manager Standard Rules Setting, plus additional features including Known, Unknown and Spoof Bot detection, multiple detection methods, Bot scoring, and support for redirects, captcha, and custom responses.
3. Customer Responsibilities. Customer will configure, implement, and manage the Services through the Customer portal user interface (the “Edgecast Portal”). Customer is responsible for: (i) configuring the Service and making configuration changes as needed to meet Customer’s requirements, unless otherwise agreed to in a mutually executed SO or SOW; (ii) choosing a tier of service that covers Customer’s intended needs; (iii) ensuring that only authorized personnel in their organization have access to the Services in the Edgecast Portal and to the public API for the Service; (iv) periodically reviewing the data resulting from the Service; and (v) maintaining appropriate security controls in its software and infrastructure.
4. Disclaimer. In addition to any disclaimers or limitations in the Agreement, Edgecast does not make any warranty, representation or guarantee that the Services are or will be free of defects or interruptions or will detect in all cases, or eliminate the risk or prevent damage or service interruptions from, intrusions, malicious attacks, or harmful or destructive software or programming routines. Edgecast is not responsible or liable for any failure by Customer to purchase a tier of service that sufficiently covers Customer’s intended needs. Edgecast is not responsible for any service degradation, performance issues, false positives or security issues resulting from Customer’s action or lack of action. Customer agrees that Edgecast may make changes to the Service configuration if Customer or the Edgecast network is under attack, or if the configuration is causing any issues on or for the Edgecast network.
5. Termination. Upon termination of the Services, (i) Customer’s right to use and access the Services will be terminated; (ii) all Service accounts associated with the Customer will be deactivated (iii) Customer will immediately discontinue use of the Service; (iv) Customer will immediately pay all outstanding Fees due to Edgecast through the date of termination or expiration; and (v) Customer shall be invoiced for any remaining revenue commitment for the Services as set forth in Customer’s SO or SOW. If the SO or SOW providing for the Services also sets forth other Services, a notice of termination or non-renewal of the Services shall not serve as a notice of termination or non-renewal of such other Services, except as expressly agreed in writing by the Parties.
ADDITIONAL SECURITY SERVICES:
ATTACK SURFACE MANAGEMENT
1. Edgecast Attack Surface Management – Description. Edgecast Attack Surface Management (“ASM”) is the continuous threat exposure management tool for cybersecurity threats and potential attack vectors on Customer’s web-based assets. ASM provides a comprehensive picture of Customer’s security posture, helping understand what attackers might see and exploit to compromise web-based assets. ASM includes the following features: 1.1. Discovery: Identifying external assets including websites, domains, IP addresses and APIs, and their associated risks or threat exposure. 1.2. Inventory: Creating and maintaining an inventory of the discovered assets. 1.3.Assessment: Conducting security assessments and vulnerability scans to identify weaknesses and misconfigurations in the attack surface. 1.4.Monitoring: Continuously monitoring the attack surface for changes, new assets, and emerging threats. 1.5.Risk Prioritization Score: Providing suggested priority for vulnerabilities and risks based on their potential impact and likelihood of exploitation. 1.6.Mitigation: Implementing controls, virtual patches, and security measures via Edgecast’s Security Services to reduce the organization's exposure to external threats. 2. Customer Responsibilities. Customer will configure, implement, and manage ASM through the Customer portal user interface (the “Edgecast Portal”). Customer is responsible for: (i) confirming that the assets including websites, domains, IP addresses and APIs are owned by Customer. (ii) configuring ASM and making configuration changes as needed to meet Customer’s requirements, unless otherwise agreed to in a mutually executed SO; (iii) ensuring that only authorized personnel in their organization have access to ASM in the Edgecast Portal; (iv) periodically reviewing the data resulting from ASM. Customer is ultimately responsible for determining the priority of any risks or potential threats that are identified by ASM. 3. Disclaimer. In addition to any disclaimers or limitations in the Agreement, Edgecast does not make any warranty, representation or guarantee that ASM is or will be free of defects or interruptions or will in all cases detect all the vulnerabilities or potential attack vectors in Customer assets. Customer consents to scans performed by ASM on Customer assets, acknowledges that ASM scans may be invasive and may cause service degradation, performance issues or outage on Customer’s assets for which Edgecast is not responsible. Customer further acknowledges that the ASM Services are historical reporting and analytics services that are solely designed to identify potential threat exposure to Customer assets to assist Customer in its efforts to mitigate or eliminate those risks through additional Services or otherwise.4. Acceptance. Edgecast shall not be bound to provide ASM until the applicable Sales Order (SO) has been mutually accepted. However, if Customer begins using ASM before the Service Start Date set forth in an applicable SO, the provision and use of ASM nonetheless shall be governed by the terms of such SO.5. Payment. Customer shall pay to Edgecast all fees or charges incurred on Customer’s account in full, as set forth in this Agreement and any SO, without set-off, withholding or deduction by Customer. Edgecast shall provide notice to Customer of rate changes to ASM. The new rates shall be effective on the date set forth inthe notice. 6. Invoicing. Edgecast’s ASM is billed in advance for monthly recurring charges (“MRC”) per Asset Under Management (AUM) and for any nonrecurring fees (“NRC”) as set forth in the applicable SO. AUM means the assets that are continuously scanned and assessed for threat exposure by Edgecast’s ASM. Edgecast shall invoice Customer monthly in arrears for use of ASM. All fees or charges shall be invoiced and payable in United States dollars, unless otherwise mutually agreed in writing.
1. Edgecast CDN Services – Description. Edgecast shall provide digital media management, content delivery network ("CDN"), network capacity and storage services (collectively, "CDN Services" or “Services”).
2. Fees and Charges. Customer shall pay in full to Edgecast all fees or charges incurred on Customer’s account, as set forth in this Agreement and any SO or SOW, without set-off, withholding or deduction by Customer, regardless of whether or how much Customer uses the CDN Services. Edgecast shall provide notice to Customer of rate changes to the CDN Services. The new rates shall be effective on the date set forth in the notice. Edgecast makes available to Customer, via Edgecast reporting tools, data regarding Customer's billable usage of bandwidth or Services on which fees or charges are assessed; but Edgecast is not responsible for notifying Customer of usage or activity patterns occurring on Customer’s account.
3. Encryption. Customer shall be solely responsible for any encryption of Customer Content on or in connection with the CDN Services.
4. Acceptance of SO or SOW. Edgecast shall not be bound to provide CDN Services until the applicable SO or SOW has been mutually accepted. If Customer begins using CDN Services prior to the Service Start Date set forth in the applicable SO or SOW, the provision and use of CDN Services nonetheless shall be governed by the terms of the SO or SOW.
5. SLA. The CDN Services SLA is attached as Attachment 1 and incorporated herein by this reference.
6. Payment. Edgecast shall submit invoices (electronically or otherwise) to Customer for amounts due under the SO or SOW. Payment is due within 30 days of the invoice date.
7. Invoicing. Except as otherwise expressly stated in the SO applicable to the Services, Edgecast shall invoice Customer (1) quarterly, in advance, for monthly recurring fees (“MRC”) for Services and for any nonrecurring fees (“NRC”), including any other set-up or one-time fees; or monthly, in advance, for MRCs and NRCs, including any other set-up or other one-time fees, if Customer has pre-authorized automatic payments via credit card; and (2) monthly, in arrears, for charges for use of the Services that exceed the applicable MRCs (“Overages”), as set forth in the applicable SO. Edgecast will begin invoicing Customer on the Service Start Date, even if Edgecast cannot begin timely delivery of Services for any reason caused by Customer. All fees or charges shall be invoiced and payable in United States dollars, unless otherwise mutually agreed in writing. For each credit/debit card chargeback decided in Edgecast’s favor, Edgecast may invoice Customer a $25.00 charge to recover costs and may pursue any other remedies available herein. Any Credit granted under the applicable SLA, as defined therein, shall be applied to the next applicable invoice.
7.1. Transaction Volumes, Logs, Sub-Accounts.
a. For transaction invoicing purposes, delivered objects smaller than 1 kilobyte ("kB") in size shall be rounded up to 1 kB. Delivery measurements shall include transferred FTP and rsync data. If at least five percent of Customer’s transactions are erroneous (e.g., HTTP 1.1 standard errors that include HTTP status codes 403, 404, 500, 502 or 504), Edgecast reserves the right to invoice Customer additional charges, up to $0.01 per 1,000 transactions.
b. If Customer has enabled logging functionality and is generating more than 5,000,000,000 log records per month, Edgecast reserves the right to invoice Customer additional charges, up to $0.01 per 1,000 log records processed.
c. If Customer has purchased partner control center functionality, Edgecast reserves the right to invoice Customer an additional monthly charge of $1.00 for each Customer sub-account beyond the initial 50 created within Customer’s account.
7.2. 95th Percentile Basis. As specified in the applicable SO or SOW, for CDN Services provided on a megabits-per-second (“Mb/s”) or burst-able basis (“95th Percentile Basis”), Customer agrees to a monthly minimum commitment for bandwidth use, with the opportunity to ‘burst’ beyond such commitment subject to a charge for each Mb/s of excess use. A gigabyte (“GB”) means 1,000,000,000 bytes of data transferred (for CDN Services other than dedicated storage) or data stored (for storage services). Each month, Customer is responsible for paying the greater of
(1) the applicable charges for CDN Services provided to Customer during the period on a 95th Percentile Basis or (2)Customer’s applicable MRC. Every five minutes, Edgecast’s bandwidth monitoring shall sample (i.e., record a data point reflecting Customer’s bandwidth use) the inbound and outbound bandwidth for each CDN Services connection. This sample shall represent the average aggregate use of all Customer Delivery during that five-minute increment. Edgecast shall store all such samples for one month. At the end of the month, Edgecast shall collect and sort all such samples from highest to lowest, discarding the top five percent of inbound samples and outbound samples. The next highest remaining sample on the combined inbound and outbound shall represent the 95th Percentile Basis result. The following is the formula based on a 30-day month of Services use: 12 (Samples/Hour) x 24 (Hours/day) x 30 (days/Month) = 8,640Samples/Month. Five percent of the 8,640 Samples/Month = 432 Samples/Month are discarded. The highest remaining data sample in the inbound or outbound represents the 95th Percentile Basis, for purposes of calculating total bandwidth use. Edgecast shall use the 95th Percentile Basis result as the basis for calculating any additional fees or charges for use of CDN Services during that month in excess of Customer’s applicable MRCs. If the 95th Percentile Basis result falls below the minimum use commitment, Edgecast shall not invoice additional fees or charges. To calculate the 95th Percentile Basis, Edgecast shall disregard samples with zero inbound or outbound data. For example, to enable use ofServices for short events (e.g., three hour duration) at fair pricing, Edgecast shall calculate the 95th Percentile Basis onlyfrom sample data obtained during the event.
7.3. Log Streaming. Log Streaming or Real Time Logs Delivery (RTLD) is a service that processes and streams raw logs to a Customer’s endpoint as they occur, rather than being batched or stored for periodic delivery or retrieval. Unless included in a bundle, Log Streaming may be subject to an additional charge.
a. Customer Responsibilities. Customer is solely responsible for properly enabling and configuring LogStreaming in the customer portal, and for provisioning, configuration, and security of customer’s specified endpoint. Useof the Log Streaming service is limited to internal use for general analytics, business intelligence, and diagnostic purposes.Customer may not use the service or data provided by the service for benchmarking or comparative purposes.
b. Service Conditions. Edgecast’s responsibility for this service ends with the log messages being transmitted from our infrastructure. Edgecast does not represent or guarantee that every log record generated by every request will arrive at Customer’s designated endpoint, and Customer acknowledges that log record delivery may be the subject of delivery delays. The Log Streaming service cannot be used as a substitute for CDN billing computation and should not be used as an alternative for edge-deployed business logic for processing or analyzing requests served by the CDN.
7.4. Origin Shield. Origin Shield establishes an additional layer of proxy servers in a tiered-distribution architecture to increase cache hit ratio and reduce the number of connections from proxy server to origin. Unless included in a bundle, Origin Shield may be subject to an additional charge.
7.5. Termination. If Customer terminates an SO or SOW without cause or if Edgecast terminates the applicable SO or SOW for cause, then Customer shall be invoiced and shall pay to Edgecast an amount equal to (i)Customer’s MRCs multiplied by the number of months remaining in the term of the applicable SO or SOW and (ii)Customer's average monthly Overages multiplied by the number of months remaining in the term of the applicable SO or SOW.
ATTACHMENT 1 TO SERVICE SUPPLEMENT
This Service Level Agreement (“CDN Services SLA”) shall only apply to CDN Services.
1. Definitions.
a. "Customer Content," for purposes of this CDN Services SLA means objects delivered from a Delivery Server.
b. "Delivery Server" means Edgecast-owned and operated servers for delivering Customer Content located on the CDN at Edgecast’s Points of Presence (each, a “POP”).
c. "Services Outage" means an instance in which CDN Services are completely unavailable for more than 15 consecutive minutes.
d. "Origin Server" means either Edgecast’s or Customer’s Internet web server, where Customer Content is stored for retrieval by Delivery Servers.
2. SLA. This Service Level Agreement shall only apply to CDN Services, as defined within this attachment.
2.1. Guarantee of 100% Uptime. Subject to the SLA Exceptions set forth below, Edgecast provides an uptime guarantee of 100% to Customer covering (a) uptime of the Edgecast content delivery network and (b) CustomerContent delivery uptime and availability. Periodically (i.e., every 15 minutes or more often), Edgecast shall measure Customer Content delivery availability by requesting representative Customer Content from DeliveryServers at selected POPs, using software and hardware components capable of measuring Delivery and responses at the selected POPs.
a. To be eligible for a Credit under this SLA, Customer must be in good standing with no delinquent invoices, in addition to any other SLA requirements.
b. Credit will only be issued if the Customer has paid in full for all Services covering the time period within which the Credit is requested. Credit will not be issued if the Customer is in breach of the Agreement, including the applicable SO.
c. If Customer is eligible to receive more than one Credit attributable to the same SLA failure,Customer shall only receive one Credit equal to the highest of all Credits then available.
d. Edgecast may modify any SLA from time to time, effective upon notice to Customer or posting of the revised SLA on Edgecast's website or other Service specific website as applicable. Continued use of Services 15 days after the date of such notice or posting shall constitute assent to the modified SLA.
2.2. SLA Exceptions. Customer shall not be eligible to receive a Credit and Edgecast shall not be held responsible for an SLA failure, if a Services Outage (as defined above) or other service level failure occurs due, directly or indirectly, to the following (collectively, the “SLA Exceptions”): (i) Force Majeure Events; (ii) DNS issues beyond Edgecast’s direct control; (iii) scheduled maintenance and emergency maintenance and upgrades; (iv)failure or unavailability of hardware that Customer provides or controls, including, but not limited to, any Customer origin server; (v) failure or unavailability of any third party or public network or system, or software applications or code that Customer provides to Edgecast, or the interactions of these items; (vi) negligent acts or omissions, willful misconduct or breach of the applicable SO, Service Supplement, or the Agreement by Customer or others engaged or authorized by Customer; or (vii) stream buffering that occurs due to, or associated with, conditions beyond Edgecast’s network or Edgecast’s immediate control.
3. Credits and Credits Claims.
a. In order to be eligible for a Credit Claim, as defined below, Customer must notify Customer Support at Edgecast of any Services Outage, using the procedures set forth by Edgecast by emailing support@edgecast.io, within five business days following the Services Outage.
b. To request a Credit under this SLA, Customer must submit a request in writing via email to support@edgecast.io. The request must include Customer’s (i) company name; (ii) contact name; (iii) email address; (iv) phone number; (v) the date(s) of the suspected Services Outage; (vi) a reasonably detailed description of the reason for the Credit request; and (vii) the duration of the Services Outage, network trace routes, the URL(s) affected and any attempts made by Customer to resolve the Services Outage (a “Credit Claim”).
c. Edgecast must receive the Credit Claim within 30 days of the suspected Services Outage, including sufficient evidence to support the Credit Claim from the Customer.
d. The suspected Services Outage must be capable of confirmation by Edgecast’s measurement tools. Edgecast will use all information reasonably available to it to validate Credit Claims and make a good faith judgment on whether the SLA applies to the Credit Claim.
e. A Credit may not be transferred or applied to any other Edgecast account.
f. Any issued Credit shall be applied to Customer’s invoice within two invoicing cycles after Edgecast initially received the Credit request. Credits are exclusive of any Taxes charged to Customer or collected by Edgecast.
g. A Credit is calculated on the basis of a 30-day month. Notwithstanding anything in this SLA to the contrary, total Credits issued to Customer in connection with any calendar month shall not exceed 50% of the Base Charge paid by Customer for such month. “Base Charge” consists solely of the committed base monthly charge paid by Customer for Applications Services at issue and excludes all other fees or charges that might be paid by Customer including, but not limited to, setup charges, charges for additional or other services, incremental bandwidth usage, professional services, whether MRC or on a time and material basis, e.g., SOC and expert services, and any other type of optional additional services.
h. Credits are exclusive of any Taxes charged to Customer or collected by Edgecast.
i. Calculation of Credits: Subject to the terms and conditions of this CDN Platform Service SLA, Edgecast shall issue to Customer a credit for a Services Outage in an amount equal to the lesser of one day’s worth of the Base Charge paid by Customer, multiplied by each 24-hour period in which Customer experienced a Services Outage during a particular month.
j. Edgecast reserves the right to periodically change the measurement points and methodologies it uses. This CDN Services SLA sets forth Customer’s sole and exclusive remedy for a Services Outage and other issues related to the CDN Platform Service.
SERVICE SUPPLEMENT EDGECAST SECURITY SERVICES
1. Edgecast Security Services - Description. Edgecast Security Services or (“Security Services” or “Services”), embedded in the Edgecast platform, provide the capability to inspect Customer’s web traffic through Edgecast’s platform to identify malicious traffic targeted at Customer web applications and to perform mitigation of the malicious traffic. Customers may enable security rules settings via a configuration user interface (UI) or application programming interface (API) to protect their web traffic. The Services also provide a Customer with visibility on attack trends via a security dashboard or through security logs.
2. Security Application Manager. Customer implements the Services through the security application manager (the “Security Application Manager”), and within each Security Application Manager Customer may configure the following security settings (the “Settings”):
a. Access Rules Setting: This setting includes access to create an access control list (ACL) to deny/allow requests based on criteria such as IP, country, user-agent, referrer, ASN, and cookie.
b. Managed Rules Setting: This setting includes access to Edgecast managed Web Security Rules to protect against common or application-specific attacks such as SQL injection (SQLi), cross-site-scripting (XSS), remote code execution (RCE) and HTTP protocol violations.
c. Custom Rules Setting: This setting includes access to create custom security rules for Web Application Firewall that matches Customer’s defined conditions such as request header, request body, URI and cookie.
d. Rate Rules Setting: This setting includes access to create rate-based rules to limit the Customer request rate to the web application or API to prevent volumetric attack.
e. Bot Manager Standard Rules Setting: This setting includes the access to create rules that challenge any type of request(s) to access Customer’s web applications, and to prevent such request(s) that fail the challenge to access Customer’s web applications.
f. Bot Manager Advanced Rules Setting: This setting includes all of the features present in Edgecast’s Bot Manager Standard Rules Setting, plus additional features including Known, Unknown and Spoof Bot detection, multiple detection methods, Bot scoring, and support for redirects, captcha, and custom responses.
3. Customer Responsibilities. Customer will configure, implement, and manage the Services through the Customer portal user interface (the “Edgecast Portal”). Customer is responsible for: (i) configuring the Service and making configuration changes as needed to meet Customer’s requirements, unless otherwise agreed to in a mutually executed SO or SOW; (ii) choosing a tier of service that covers Customer’s intended needs; (iii) ensuring that only authorized personnel in their organization have access to the Services in the Edgecast Portal and to the public API for the Service; (iv) periodically reviewing the data resulting from the Service; and (v) maintaining appropriate security controls in its software and infrastructure.
4. Disclaimer. In addition to any disclaimers or limitations in the Agreement, Edgecast does not make any warranty, representation or guarantee that the Services are or will be free of defects or interruptions or will detect in all cases, or eliminate the risk or prevent damage or service interruptions from, intrusions, malicious attacks, or harmful or destructive software or programming routines. Edgecast is not responsible or liable for any failure by Customer to purchase a tier of service that sufficiently covers Customer’s intended needs. Edgecast is not responsible for any service degradation, performance issues, false positives or security issues resulting from Customer’s action or lack of action. Customer agrees that Edgecast may make changes to the Service configuration if Customer or the Edgecast network is under attack, or if the configuration is causing any issues on or for the Edgecast network.
5. Termination. Upon termination of the Services, (i) Customer’s right to use and access the Services will be terminated; (ii) all Service accounts associated with the Customer will be deactivated (iii) Customer will immediately discontinue use of the Service; (iv) Customer will immediately pay all outstanding Fees due to Edgecast through the date of termination or expiration; and (v) Customer shall be invoiced for any remaining revenue commitment for the Services as set forth in Customer’s SO or SOW. If the SO or SOW providing for the Services also sets forth other Services, a notice of termination or non-renewal of the Services shall not serve as a notice of termination or non-renewal of such other Services, except as expressly agreed in writing by the Parties.
ADDITIONAL SECURITY SERVICES:
ATTACK SURFACE MANAGEMENT
1. Edgecast Attack Surface Management – Description. Edgecast Attack Surface Management (“ASM”) is the continuous threat exposure management tool for cybersecurity threats and potential attack vectors on Customer’s web-based assets. ASM provides a comprehensive picture of Customer’s security posture, helping understand what attackers might see and exploit to compromise web-based assets. ASM includes the following features: 1.1. Discovery: Identifying external assets including websites, domains, IP addresses and APIs, and their associated risks or threat exposure. 1.2. Inventory: Creating and maintaining an inventory of the discovered assets. 1.3.Assessment: Conducting security assessments and vulnerability scans to identify weaknesses and misconfigurations in the attack surface. 1.4.Monitoring: Continuously monitoring the attack surface for changes, new assets, and emerging threats. 1.5.Risk Prioritization Score: Providing suggested priority for vulnerabilities and risks based on their potential impact and likelihood of exploitation. 1.6.Mitigation: Implementing controls, virtual patches, and security measures via Edgecast’s Security Services to reduce the organization's exposure to external threats. 2. Customer Responsibilities. Customer will configure, implement, and manage ASM through the Customer portal user interface (the “Edgecast Portal”). Customer is responsible for: (i) confirming that the assets including websites, domains, IP addresses and APIs are owned by Customer. (ii) configuring ASM and making configuration changes as needed to meet Customer’s requirements, unless otherwise agreed to in a mutually executed SO; (iii) ensuring that only authorized personnel in their organization have access to ASM in the Edgecast Portal; (iv) periodically reviewing the data resulting from ASM. Customer is ultimately responsible for determining the priority of any risks or potential threats that are identified by ASM. 3. Disclaimer. In addition to any disclaimers or limitations in the Agreement, Edgecast does not make any warranty, representation or guarantee that ASM is or will be free of defects or interruptions or will in all cases detect all the vulnerabilities or potential attack vectors in Customer assets. Customer consents to scans performed by ASM on Customer assets, acknowledges that ASM scans may be invasive and may cause service degradation, performance issues or outage on Customer’s assets for which Edgecast is not responsible. Customer further acknowledges that the ASM Services are historical reporting and analytics services that are solely designed to identify potential threat exposure to Customer assets to assist Customer in its efforts to mitigate or eliminate those risks through additional Services or otherwise.4. Acceptance. Edgecast shall not be bound to provide ASM until the applicable Sales Order (SO) has been mutually accepted. However, if Customer begins using ASM before the Service Start Date set forth in an applicable SO, the provision and use of ASM nonetheless shall be governed by the terms of such SO.5. Payment. Customer shall pay to Edgecast all fees or charges incurred on Customer’s account in full, as set forth in this Agreement and any SO, without set-off, withholding or deduction by Customer. Edgecast shall provide notice to Customer of rate changes to ASM. The new rates shall be effective on the date set forth inthe notice. 6. Invoicing. Edgecast’s ASM is billed in advance for monthly recurring charges (“MRC”) per Asset Under Management (AUM) and for any nonrecurring fees (“NRC”) as set forth in the applicable SO. AUM means the assets that are continuously scanned and assessed for threat exposure by Edgecast’s ASM. Edgecast shall invoice Customer monthly in arrears for use of ASM. All fees or charges shall be invoiced and payable in United States dollars, unless otherwise mutually agreed in writing.