Mutual Non-Disclosure Agreement

1. Purpose

The Parties wish to exchange certain confidential information in connection with the User's access to and use of the free DevOps audit tools made available by OpsHero at opshero.tools (the "Tools"), including but not limited to tools across the categories of CI/CD, FinOps, Security, Compliance, Kubernetes, and Site Reliability Engineering (the "Purpose").

In particular, this Agreement governs:

1. the confidentiality of any configuration files, infrastructure data, or other technical information that the User uploads to or inputs into the Tools ("User Data"); and
2. the confidentiality of any proprietary information, methodologies, audit results, recommendations, or other materials provided by OpsHero to the User through the Tools ("OpsHero Information").

2. Definition of Confidential Information

2.1 For the purposes of this Agreement, "Confidential Information" means any non-public information disclosed by one Party (the "Disclosing Party") to the other Party (the "Receiving Party"), whether in written, oral, electronic, visual, or any other form, that is either marked as confidential or that a reasonable person would understand to be confidential given the nature of the information and the circumstances of disclosure.

2.2 Confidential Information includes, without limitation:

1. User Data, including but not limited to: Terraform configurations, Kubernetes manifests, CI/CD pipeline definitions, cloud cost reports, infrastructure-as-code files, security configurations, compliance artifacts, and any other technical configuration files uploaded by the User to the Tools;
2. Personal contact information provided by the User to access the Tools, including name, email address, and job role;
3. Audit results, reports, recommendations, and analysis generated by the Tools for the benefit of the User;
4. OpsHero's proprietary methodologies, scoring algorithms, audit frameworks, and software underlying the Tools;
5. Any business, technical, financial, or commercial information of either Party disclosed in connection with the Purpose.

2.3 Confidential Information does not include information that:

1. is or becomes publicly available without breach of this Agreement by the Receiving Party;
2. was lawfully in the Receiving Party's possession before disclosure by the Disclosing Party, without obligation of confidentiality;
3. is lawfully received from a third party without obligation of confidentiality;
4. is independently developed by the Receiving Party without use of or reference to the Disclosing Party's Confidential Information; or
5. is required to be disclosed by law, regulation, or order of a competent authority, provided that the Receiving Party gives the Disclosing Party prompt written notice (where legally permitted) to allow the Disclosing Party to seek a protective order.

3. Obligations of the Receiving Party

3.1 The Receiving Party shall:

1. hold the Confidential Information in strict confidence;
2. use the Confidential Information solely for the Purpose and for no other purpose whatsoever;
3. protect the Confidential Information using at least the same degree of care it uses to protect its own confidential information of similar nature and importance, and in no event less than a reasonable standard of care;
4. limit disclosure of the Confidential Information to its employees, officers, directors, contractors, and professional advisors who have a legitimate need to know for the Purpose and who are bound by confidentiality obligations no less protective than those set forth herein;
5. not copy, reproduce, distribute, publish, or otherwise disseminate the Confidential Information except as strictly necessary for the Purpose; and
6. not reverse engineer, decompile, or disassemble any software, tools, or technology comprising the Confidential Information.

4. Specific commitments by OpsHero regarding User Data

4.1 OpsHero acknowledges that the User may upload configuration files and technical data to the Tools, and that the User requires assurance regarding the handling of such data. Accordingly, OpsHero specifically commits and warrants that:

1. No Retention Beyond Necessity. User Data uploaded to the Tools shall be processed solely for the purpose of generating the audit, analysis, or output requested by the User. OpsHero shall not retain User Data beyond the period strictly necessary to deliver the requested output, and in no event longer than thirty (30) days following the User's session, unless the User explicitly requests otherwise.
2. No Commercial Exploitation. OpsHero shall not sell, lease, license, monetize, or otherwise commercially exploit User Data in any manner. User Data shall not be used to train any machine learning or artificial intelligence models without the User's prior explicit written consent.
3. No Third-Party Disclosure. OpsHero shall not disclose, share, transfer, or make available User Data to any third party, except: (i) to sub-processors strictly necessary for the operation of the Tools (such as hosting providers), each of whom is bound by confidentiality obligations substantially equivalent to those in this Agreement; or (ii) where required by law in accordance with Section 2.3(e).
4. No Profiling or Re-identification. OpsHero shall not attempt to identify, profile, or correlate the User Data with any specific business, system, or individual beyond the User's own use of the Tools.
5. Security Measures. OpsHero shall implement and maintain appropriate technical and organizational measures to protect User Data against unauthorized access, disclosure, alteration, or destruction, including encryption in transit and at rest where technically feasible.
6. Deletion on Request. Upon written request by the User to the email address designated by OpsHero, OpsHero shall delete all User Data associated with the User within fifteen (15) business days of receipt of such request, except where retention is required by applicable law.

4.2 The User is solely responsible for ensuring that User Data uploaded to the Tools does not contain personal data of third parties, secrets (such as API keys, passwords, or tokens), or any other information that the User is not authorized to disclose. The User represents and warrants that User Data uploaded to the Tools consists solely of configuration files and does not contain personal data within the meaning of Regulation (EU) 2016/679 (GDPR).

5. No license or ownership transfer

5.1 All Confidential Information shall remain the exclusive property of the Disclosing Party. Nothing in this Agreement shall be construed as granting any license, right, title, or interest in or to the Confidential Information, whether by implication, estoppel, or otherwise, except the limited right to use such Confidential Information solely for the Purpose.

5.2 No representation or warranty, express or implied, is made by either Party as to the accuracy, completeness, or fitness for any particular purpose of the Confidential Information, except as expressly set forth in this Agreement.

6. Term and termination

6.1 This Agreement shall commence on the Effective Date and shall remain in force for a period of two (2) years, unless earlier terminated in accordance with this Section 6.

6.2 Either Party may terminate this Agreement at any time by providing thirty (30) days' written notice to the other Party.

6.3 Notwithstanding any termination or expiration of this Agreement, the confidentiality obligations set forth in Sections 3 and 4 shall survive for a period of three (3) years following such termination or expiration. The obligations relating to trade secrets shall continue for as long as the relevant information qualifies as a trade secret under applicable law.

6.4 Upon termination or expiration of this Agreement, or upon written request of the Disclosing Party at any time, the Receiving Party shall promptly: (a) return all Confidential Information to the Disclosing Party; or (b) destroy all copies of the Confidential Information in its possession or control and certify such destruction in writing. The Receiving Party may retain one (1) copy of the Confidential Information solely for legal, compliance, or archival purposes, subject to continued confidentiality obligations.

7. Remedies

7.1 Each Party acknowledges that any breach of this Agreement may cause irreparable harm to the other Party for which monetary damages alone may be inadequate. Accordingly, each Party shall be entitled to seek injunctive relief and other equitable remedies, in addition to any other remedies available at law or in equity, without the requirement to post bond.

8. No obligation to proceed

8.1 Nothing in this Agreement shall obligate either Party to enter into any further business relationship, contract, or transaction with the other Party. The execution of this Agreement does not constitute an offer, commitment, or promise to engage in any commercial activity.

9. General provisions

9.1 Entire Agreement. This Agreement constitutes the entire agreement between the Parties with respect to the subject matter hereof and supersedes all prior or contemporaneous understandings, agreements, representations, and warranties, whether written or oral.

9.2 Amendments. Any amendment or modification of this Agreement shall be valid only if made in writing and signed by both Parties (or, in the case of electronic acceptance, agreed by both Parties through equivalent electronic means).

9.3 Severability. If any provision of this Agreement is held to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect, and the invalid provision shall be replaced by a valid provision that most closely reflects the original intent of the Parties.

9.4 No Waiver. No failure or delay by either Party in exercising any right under this Agreement shall constitute a waiver of such right.

9.5 Assignment. Neither Party may assign or transfer this Agreement, in whole or in part, without the prior written consent of the other Party, except that OpsHero may assign this Agreement to an affiliate or in connection with a merger, acquisition, or sale of substantially all of its assets.

9.6 Notices. All notices under this Agreement shall be in writing and delivered to the email addresses of the Parties as provided upon acceptance of this Agreement, or to such other address as either Party may designate in writing.

9.7 Independent Contractors. Nothing in this Agreement creates a partnership, joint venture, agency, employment, or similar relationship between the Parties.

10. Governing law and jurisdiction

10.1 This Agreement shall be governed by and construed in accordance with the laws of the Republic of Bulgaria, without regard to its conflict of laws principles.

10.2 Any dispute, controversy, or claim arising out of or in connection with this Agreement, including its existence, validity, interpretation, performance, breach, or termination, shall be subject to the exclusive jurisdiction of the competent courts of Sofia, Bulgaria.

11. Acceptance and electronic execution

11.1 By accessing or using the Tools at opshero.tools, providing the requested information (name, email, and job role), and taking an affirmative action to accept this Agreement (such as ticking a checkbox and clicking an "I Agree" or equivalent button), the User acknowledges that they have read, understood, and agree to be bound by the terms of this Agreement.

11.2 The individual accepting this Agreement on behalf of a legal entity represents and warrants that they have full authority to bind such entity to the terms of this Agreement.

11.3 Electronic Execution under eIDAS. The Parties expressly agree that this Agreement may be executed by electronic means and that the User's affirmative acceptance constitutes a valid electronic signature within the meaning of Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market ("eIDAS Regulation") and the Bulgarian Electronic Document and Electronic Trust Services Act (Закон за електронния документ и електронните удостоверителни услуги). In accordance with Article 25(1) of the eIDAS Regulation, the legal effect and admissibility of this Agreement as evidence in legal proceedings shall not be denied solely on the grounds that it is in electronic form or that it does not meet the requirements for qualified electronic signatures. The Parties waive any right to challenge the validity, enforceability, or admissibility of this Agreement on the basis that it was executed electronically rather than by handwritten signature.

11.4 Evidence of Acceptance. OpsHero shall record and retain evidence of the User's acceptance of this Agreement, including but not limited to: the date and time of acceptance (UTC), the IP address from which acceptance was made, the User's name, email address, and job role as provided, the version of this Agreement accepted, and a cryptographic hash of the accepted text. Such records shall constitute conclusive evidence of the User's acceptance of this Agreement, absent demonstrable error.

11.5 Copy of Agreement. Upon acceptance, OpsHero shall, where technically feasible, deliver a copy of this Agreement to the email address provided by the User, together with the recorded Effective Date.

Parties

OpsHero OOD
UIC: 202862235
Registered office: Sinanishko ezero 9A str., 1680 Sofia, Bulgaria
Email: [email protected]

The User
Name: [as provided upon access]
Email: [as provided upon access]
Job Role: [as provided upon access]
Date of Acceptance: [auto-recorded upon access]