Legal Privacy & Security

Software as a Service Agreement

This Software as a Service Agreement and related schedules (“SaaS”) is effective as of the earlier of: (a) the last date of the signature of this SaaS; and (b) the last date of the signature of the first Order Form (defined below) (the “Effective Date”), by and between the entity named below and each of its Affiliates entering into an Order Form (“Client”) and either Riskified, Inc., or Riskified Ltd., as set out in Section 13 (“Riskified”). Each of Riskified and Client are individually referred to as a “Party” and collectively as the “Parties”.

1. Riskified responsibilities

   1. Provision of Services. Riskified will make the Services available to Client, as described in this SaaS and related order forms with schedules (each, an “Order Form”, and with the SaaS, the “Agreement”). Each Client Affiliate receiving the Services shall execute a separate Order Form. “Services” means the products and services provided by Riskified and/or its Affiliates. For the avoidance of doubt, by executing an Order Form, each Client Affiliate shall be bound to this SaaS. “Affiliate” means any entity that directly or indirectly Controls, is Controlled by, or is under common Control with the subject entity. “Control” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests and/or management of the subject entity.
   2. Support. Riskified, at its own expense, will provide Client with technical support in accordance with Riskified’s standard practices.
   3. Security and Data Protection Program. Riskified will maintain physical, administrative, and technical safeguards consistent with industry-accepted practices including the International Organization for Standardization (ISO) 27001:2013 and a System and Organizational Controls (SOC) 2, Type II report to protect the confidentiality, integrity, and availability of Client Data (defined below). The Parties will adhere to the terms of the Data Processing Addendum (“DPA”), available at https://security.riskified.com/, which is incorporated herein by reference, with respect to any “personal data” or “personal information”, as such terms are defined by applicable law, that are processed in connection with the Agreement, unless the Parties have executed a separate data processing addendum, which shall prevail. Riskified reserves the right to update such measures, as set forth at https://security.riskified.com/, provided that any updates shall not materially diminish the level of security applicable to the Services. Client is responsible for reviewing the information Riskified makes available regarding its data processing and security and making an independent determination as to whether the Services meet Client’s requirements and legal obligations.

2. Client Responsibilities

   1. Use Restrictions. Except for the rights granted in the Agreement, no other rights in or to any Services, express, implied or otherwise, are granted to Client. Without limiting the foregoing, Client shall not, and shall not allow, directly or through a third party to: (i) use the Services other than for the purpose permitted herein; (ii) transfer, sell, rent, lease or share the Services or the results, including recommendations; (iii) permit any person who is not an Authorized User (defined below) to use or access the Services or the results thereof; (iv) attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of Riskified’s online software application provided as part of the Services; (v) attempt to reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Services; (vi) access the Services or use the results thereof in order to build, improve upon, develop a product or service which competes with the Services or frustrates the purpose of the Agreement; (vii) make available to Riskified any data regulated under PCI; (viii) use the Services or provide data to Riskified in a manner that violates any applicable law, ordinance, regulation or administrative order; or (ix) take any action that imposes or may impose (as determined in Riskified’s reasonable discretion) an unreasonable or disproportionately large load on the servers, API, network, bandwidth, or other cloud infrastructure which operate or support the Services, or otherwise systematically abuse or disrupt the integrity of such servers, network, bandwidth, or infrastructure, including but not limited to API calls exceeding a volume of 700% of Client’s daily average of API calls (or such other volume reasonably determined by Riskified), all as reasonably measured by Riskified.
   2. Client Security Standards and Data Protection. Client shall establish and maintain a data security and protection program that includes physical, technical, administrative, and organizational safeguards no less rigorous than accepted industry practices and as required by applicable law, that is designed to ensure the access to, and security of, the Client Data, Client’s platform and systems, as well as any integrations associated therewith, and as reasonably requested by Riskified. Client is solely responsible for all aspects of Client Data, including its sourcing, inputting, accuracy, quality, integrity and management and maintaining reasonable security measures with respect to the Client Data while in its possession and control.
   3. Client IT Infrastructure. Client is solely responsible for obtaining and maintaining network connections and telecommunications links from its systems to Riskified, and for all problems, conditions, delays, delivery failures, as well as all other loss or damage arising from or relating to Client’s network connections or telecommunications links or caused by the internet. Notwithstanding anything herein to the contrary, Riskified is not responsible for technical issues due to Client’s failure to comply with Riskified’s instructions; or modification or alteration of the Services by any anyone other than Riskified or Riskified’s duly authorized contractors or agents.
   4. Audit; Competition. Client agrees to provide its reasonable cooperation in the event Riskified audits Client’s use of the Service, which may occur only upon reasonable advance notice, during Client’s business hours, not more than once per calendar year or in connection with a breach of the Agreement. For the Term of the Agreement (defined below), Client agrees that it shall not receive third party fraud mitigation services.
   5. Authorized Users; Credentialing. Only those users authorized by Client may use the Services (each, an “Authorized User”). Any violation of the Agreement by an Authorized User shall be deemed to be a violation by Client. Client is solely responsible for the security and proper creation, use and termination of all Authorized User names, passwords and other security devices used in connection with the Services and shall take all reasonable steps to ensure that they are kept confidential and secure, are used properly and are not disclosed to unauthorized persons. Client shall immediately notify Riskified in writing if there is any reason to believe that any security credentials or any other security device has or was likely compromised or used in an unauthorized way. Riskified may require Client to change any of its Authorized User’s usernames, passwords or other security devices used by Client in connection with the Services, and Client shall promptly comply with any such requirement.
   6. Fair Credit Reporting Act. Client acknowledges that Riskified, is not a consumer-reporting agency as defined by the Fair Credit Reporting Act, 15 U.S.C. §1681 et seq. (“FCRA”), and that the Services provided to Client hereunder do not constitute “Consumer Reports,” as defined in the FCRA. Client represents and warrants that it shall not use the Services to determine any consumer’s eligibility for any product or service to be used by a consumer for personal, family or household purposes. Further, Client represents and warrants that it shall not use the Services in whole or in part: (i) as a factor in establishing a consumer’s eligibility for credit; (ii) as a factor in establishing a consumer’s eligibility for insurance; (iii) for employment purposes; (iv) in connection with a determination of an individual’s eligibility for a license or other benefit granted by a governmental authority; or (v) in connection with any permissible purpose as defined by the FCRA.
   7. Sanctions; Compliance. Client acknowledges the Services do not guarantee compliance with any specific law or regulation. Client represents and warrants that: (1) neither Client, nor any of its directors, officers, employees, Authorized Users, customers and/or end-users: (a) is subject to sanctions and/or named as specifically designated national on the most current list published by the U.S. Treasury Department Office of Foreign Asset Control (“OFAC“) at its official website (“Prohibited Persons“), or (b) are located, organized, or resident in a country or territory that is, or whose government is, the target of sanctions imposed by OFAC (“Sanctioned Area“) and (2) Client implements appropriate controls designed to comply with sanctions regulations, including but not limited to OFAC.

3. Client Data

   1. Provision of Client Data. Client is solely responsible for ensuring it is authorized to provide or make available the data it provides or makes available to Riskified and the Services (collectively, the “Client Data”), including the provision of any requisite notices and obtaining consent to the extent required under applicable law (which may include but not be limited to for the use of automated decision making). Client Data required by Riskified and processed in connection with the Services is detailed in documentation made available by Riskified, including in the DPA.
   2. License to Client Data. Client consents to and grants Riskified and its Affiliates the worldwide, non-exclusive, royalty-free, perpetual, sub-licensable, fully-paid-up, and irrevocable, right to: (i) use the Client Data to provide the Services; (ii) use the Client Data to improve the Services; and (iii) process such Client Data in accordance with the DPA and Riskified’s Privacy Policy. In order to provide the Services, Riskified and its Affiliates combine data from their clients and will provide Client Data to third parties to the extent permitted under this Agreement.

4. Fees and payment

   1. Fees. Client and/or Client Affiliate, as applicable, agree to pay the fees described in the Agreement (the “Fees”).
   2. Invoicing; Non-refundable. Except as otherwise specified herein or in an Order Form, amounts due are invoiced on a monthly basis and due within thirty (30) days of Client’s receipt of the applicable invoice (“Payment Term”). Client agrees to remit payment by wire transfer or ACH, unless the invoice is $3,000 or less, in which event Client may remit payment by credit card. Fees are non-cancelable and non-refundable. Each Client Affiliate will be invoiced separately. Should the Parties agree to allow Client to pay in a currency other than USD, GBP or EUR, Client shall be charged an additional 0.15% on the invoiced amount.
   3. Late Payment; Disputes. Unpaid amounts are subject to a finance charge of 1.5% per month, or the maximum percentage permitted by law (whichever is lower), in addition to all reasonable costs of collection, including reasonable attorneys’ fees. Any good faith objection to an invoice shall be provided in writing to Riskified within the applicable Payment Term, otherwise Client would be deemed to waive any objections, and such invoice will be deemed final and not subject to dispute.
   4. Taxes. All fees are exclusive of taxes and duties. If the Services are subject to collection or payment of any federal, state, or local tax under the Agreement, or any other similar taxes or duties levied by any governmental authority, excluding taxes levied on Riskified’s net income, then such taxes and/or duties shall be invoiced to and paid solely by Client upon receipt of invoice.
   5. Service Suspension. Riskified may suspend the Services (in whole or part) if Client fails to pay an overdue payment within ten (10) days of written demand by Riskified.

5. Term and termination

   1. Term of SaaS. The SaaS begins on the Effective Date and continues until the termination or expiration of all Order Form(s) between Riskified and Client and/or Client’s Affiliates.
   2. Term of Order Form. The start date and term of the Service(s) shall be set out in an Order Form. Except as otherwise specified in an Order Form, the term for each Order Form shall be for one (1) year (the “Initial Term”). The Initial Term will automatically renew for consecutive periods, each equal to the Initial Term specified, or one (1) year, whichever is longer (each, a “Renewal Term”, and together with the Initial Term, the “Term”), unless either Party notifies the other Party of its intent not to renew such Services at least sixty (60) days prior to the end of the then-current Term.
   3. Early Termination by Client. Client may terminate an Order Form for convenience upon ninety (90) days written notice (“Early Termination”). In the event of Early Termination, Client shall pay Riskified an amount equal to the gross average monthly Fees invoiced by Riskified and multiplied by the number of months remaining in the then-current Term (“Early Termination Fee”), which will be reduced by any and all credits owed to Client in the final invoice. Client acknowledges and agrees that the Early Termination Fee constitutes liquidated damages and is not a penalty and that the amount of actual loss due to the foregoing is difficult to precisely estimate and the amount of liquidated damages bears a reasonable proportion to the probable loss that Riskified will suffer in relation to the foregoing.
   4. Termination for Breach. If a Party materially breaches the Agreement and fails to cure such breach within thirty (30) days of receipt of written notice from the other Party outlining the nature of such breach, then the other Party may terminate the affected Order Form(s).

6. Representations and warranties; covenants

   1. Mutual Representations and Warranties; Covenants. Each Party represents, warrants and covenants to the other Party that it has the full power and authority to enter into the Agreement.
   2. Future Functionality. Client agrees that its entry into the Agreement is not contingent on the delivery of any future functionality or features, or dependent on any oral or written comments or commitments made by Riskified regarding future functionality or features.
   3. DISCLAIMER. EXCEPT AS EXPRESSLY PROVIDED IN THE AGREEMENT, RISKIFIED IS PROVIDING THE SERVICES “AS IS” AND “AS AVAILABLE” AND RISKIFIED DOES NOT MAKE AND CLIENT HAS NOT RELIED UPON ANY WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE IN ENTERING INTO THE AGREEMENT. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, RISKIFIED SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.

7. Indemnification

   1. Indemnification by Riskified. Riskified shall defend and indemnify Client against claims, actions, proceedings, losses, damages, out-of-pocket expenses and costs (including reasonable attorney’s fees), finally awarded and arising out of or in connection with any third-party claim alleging infringement by the Services of any patent or copyright or misappropriation of any trade secret. The foregoing defense and indemnification obligations do not apply if: (i) the allegation does not state the Services are the basis of the claim against Client; (ii) a claim against Client arises from the use or combination of the Services or any part thereof with software, hardware, data, or processes not provided by Riskified, if the Services or use thereof would not infringe without such combination; (iii) a claim against Client arises from Services under an Order Form for which there is no charge; or (iv) a claim against Client arises from Client Data, third-party applications, services or software or Client’s breach of the Agreement.
   2. Indemnification by Client. Client shall defend and indemnify Riskified against claims, actions, proceedings, losses, damages, expenses and costs (including reasonable attorney’s fees) arising out of or in connection with any third-party claim, alleging: (i) Client’s use of the Services violates applicable law or payment network rule, or (ii) Client Data infringes or misappropriates a copyright, patent, trademark, trade secret, privacy or other proprietary right, or Client’s provision of Client Data to the Services violates any right, law, or regulation applicable to such Client Data.
   3. Indemnification Process. As a condition to the indemnification obligations set out herein, the indemnified Party shall: (i) promptly notify the indemnifying Party of any claim for which indemnity will be sought; provided that no delay in providing such notice shall relieve the indemnifying Party of any liability or obligations hereunder except to the extent the indemnifying Party has been prejudiced by such delay; (ii) permit the indemnifying Party to assume sole control of the defense and settlement of such claim with counsel of its choosing; and (iii) provide cooperation reasonably requested by the indemnifying Party in investigating and defending such claim, at the indemnifying Party’s expense (provided that the indemnified Party shall not be entitled to compensation for time spent providing such cooperation). The indemnified Party shall have the right to participate in (but not control) the defense of any such claim, at its sole cost and expense, using counsel of its choosing.
   4. Exclusive Remedy. This “Indemnification” section states the indemnifying Party’s sole obligation and liability to, and the indemnified Party’s exclusive remedy against, the indemnified Party for any third-party claim described in this section.

8. Exclusions; limitation of liability

   1. Exclusion of Consequential and Related Damages. IN NO EVENT WILL EITHER PARTY OR ITS AFFILIATES HAVE ANY LIABILITY FOR ANY LOST PROFITS, REVENUES, GOODWILL OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER, BUSINESS INTERRUPTION OR PUNITIVE DAMAGES, ANY LOSS OF DATA, WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY, EVEN IF A PARTY OR ITS AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR IF A PARTY’S OR ITS AFFILIATES’ REMEDY OTHERWISE FAILS OF ITS ESSENTIAL PURPOSE. THE FOREGOING DISCLAIMER WILL NOT APPLY TO THE EXTENT PROHIBITED BY LAW.
   2. Limitation on Liability. IN NO EVENT SHALL THE AGGREGATE LIABILITY OF EITHER PARTY, TOGETHER WITH ALL OF ITS AFFILIATES, ARISING OUT OF OR RELATED TO THE AGREEMENT, EXCEED THE TOTAL AMOUNT PAID BY CLIENT AND/OR ITS AFFILIATES FOR THE SERVICES UNDER THE APPLICABLE ORDER FORM(S) GIVING RISE TO THE LIABILITY IN THE SIX (6) MONTHS PRECEDING THE FIRST INCIDENT OUT OF WHICH THE LIABILITY AROSE. THE FOREGOING LIMITATION WILL APPLY WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY, BUT WILL NOT LIMIT CLIENT’S PAYMENT OBLIGATIONS HEREUNDER.
   3. Claim Period. ANY CLAIM OR ACTION BY EITHER PARTY RELATED TO THE AGREEMENT, INCLUDING, BUT NOT LIMITED TO THE SERVICE, MUST BE COMMENCED WITHIN TWO (2) YEARS AFTER THE DATE ON WHICH THE ACT, EVENT, CONDITION, OR OMISSION GIVING RISE TO SUCH CLAIM OR ACTION, OCCURRED OR COULD HAVE REASONABLY BEEN DISCOVERED (“CLAIM PERIOD”). ANY ACTION NOT BROUGHT WITHIN THE CLAIM PERIOD SHALL BE BARRED, NOTWITHSTANDING ANY LONGER LIMITATIONS PERIOD SET FORTH IN ANY APPLICABLE LAW OR STATUTE.A

9. Confidentiality

   1. “Confidential Information” shall mean information made available by a Party or its Affiliates (“Discloser”) to the other Party or its Affiliates (“Recipient”), that is proprietary or confidential and is either clearly labeled or identified as Confidential Information or that a reasonable person should understand to be confidential given the nature of the information or the circumstances of its disclosure, and whether such information is disclosed by the Discloser in connection with the Agreement before, on or after the Effective Date. Confidential Information includes the terms of the Agreement. Confidential Information does not include any of the following: (i) information that is or becomes part of the public domain or otherwise available on an unrestricted basis to one or more third persons without violation of the Agreement by the Recipient; (ii) information that was known to or in the possession of the Recipient on a non-confidential basis prior to the disclosure thereof to the Recipient by the Discloser, as evidenced by written records; (iii) information that was developed independently by or on behalf of the receiving Party, without use of or reference to the Confidential Information; (iv) information that is disclosed to the Recipient by a third person without violation of the Agreement by the Recipient; or (v) Client Data, which shall be subject to the terms of the DPA, related Security Addendum, Riskified’s Privacy Policy, and applicable law.
   2. Protection of Confidential Information. Each Party shall hold the other’s Confidential Information in confidence and, unless required by law, not make the other’s Confidential Information available to any third-party or use the other’s Confidential Information other than as permitted under the terms of the Agreement. Each Party shall take all reasonable steps to ensure that the other’s Confidential Information to which it has access is not disclosed or distributed in violation of the terms of the Agreement.
   3. Compelled Disclosure. The obligations of the Parties under this Section shall not apply to the extent of any disclosure required pursuant to a duly authorized subpoena, court order, government authority or under any other legal obligation, provided that the Recipient has provided prompt notice and assistance to the Discloser prior to such disclosure, so that Discloser may seek a protective order or other appropriate remedy to protect against disclosure.
   4. Injunctive Relief. Any breach or threatened breach of the obligations set forth in this section may constitute a material breach of the Agreement, which the breaching Party acknowledges may cause irreparable harm to the non-breaching Party, leaving it without an adequate remedy at law. As such, any such breach shall entitle the non-breaching Party to seek any equitable relief, in addition to all other remedies, without necessity of posting of a bond or other security in connection therewith.

10. Proprietary rights and licenses

    1. Ownership. Client acknowledges and agrees that Riskified and/or its Affiliates and/or licensors exclusively own all Intellectual Property Rights in and to the Services and associated documentation. Except as expressly stated herein, the Agreement does not grant Client any rights to or in any Intellectual Property Rights or any other rights or licenses with respect to the Services or the associated documentation. Client acknowledges that the Services, associated documentation and the inventions, know-how and methodology embodied therein are proprietary to, and are the valuable trade secrets of, Riskified and its Affiliates and licensors, as applicable, and that the Services and associated documentation constitute Confidential Information of Riskified and/or its Affiliates. “Intellectual Property Rights” shall mean all rights throughout the world in and to any and all of the following: (i) patents, patent applications, patent disclosures and inventions (whether patentable or not); (ii) trademarks, service marks, trade dress, trade names, logos, corporate names, Internet domain names and registrations and applications for the registration thereof together with all of the goodwill associated therewith; (iii) copyrights and copyrightable works (including computer programs and mask works) and registrations and applications for registration thereof; (iv) trade secrets, know-how and other proprietary information of a like kind; (v) waivable or assignable rights of publicity, waivable or assignable moral rights; and (vi) all other forms of intellectual property, such as data and databases, in each case, to the extent protectable under applicable law, as well as any derivative works of any intellectual property.
    2. Feedback. Client grants to Riskified and its Affiliates a worldwide, perpetual, irrevocable, royalty-free license to use and incorporate into Services any suggestion, enhancement request, recommendation, correction or other feedback provided by or derived from Client or its Authorized Users use of the Services. Client hereby waives and agrees not to assert any moral rights (or similar rights) in and to such feedback, as well as any rights to royalties or other payments.

11. Publicity

    1. Press Release. The Parties agree to issue a joint press release announcing the relationship between the companies within six (6) months from the Effective Date. Riskified’s marketing team will cooperate with the Client regarding the drafting and distribution of any such content.
    2. Use of Logo. Riskified may use Client’s name and logo on Riskified’s website and in any promotional and marketing materials, in accordance with Client’s trademark and/or brand guidelines, as provided to Riskified.

12. Insurance

    1. Coverage. Riskified has obtained and will maintain the following insurance coverages during the Term: (i) Professional Liability (including Products Liability, Privacy, Intellectual Property Infringement, Cyber Liability) insurance in the amount of at least $10,000,000 ($5,000,000 per occurrence) on a claims made basis, (ii) Directors and Officers insurance in the amount of at least $5,000,000 on a claims made basis, as well as policies for Business Owners, Workers’ Compensation and Employer’s Liability insurance.
    2. COI. Upon Client’s written request, Riskified shall provide Client with certificates of insurance evidencing the above coverage. Additionally, upon Client’s written request, Riskified will name Client as an additional insured with respect to Riskified’s aforementioned Professional Liability insurance coverage.

13. Contracting party; governing law & venue; arbitration

    1. Contracting Party. If Client is domiciled in North America, Central America, or South America, Client is entering into the Agreement with Riskified, Inc., a Delaware corporation. If Client is domiciled elsewhere, Client is entering into the Agreement with Riskified Ltd., a limited liability company organized under the laws of Israel.
    2. Governing Law and Venue. The Agreement shall be governed by and construed in accordance with the laws of the State of New York. The Parties hereby irrevocably consent and submit to the exclusive jurisdiction and venue of the state and federal courts in the State of New York.
    3. Arbitration. Notwithstanding anything herein to the contrary, any controversy, dispute or claim arising out of or related to this Agreement that cannot be resolved by informal and good-faith negotiations between authorized representatives of the parties shall be settled by final and binding arbitration to be conducted by an arbitration tribunal in the State, City and County of New York, NY pursuant to the rules of the American Arbitration Association.

14. General provisions

    1. No Joint Venture or Partnership. The Parties are independent contractors. The Agreement does not create a partnership, joint venture, franchise, agency, fiduciary, or employment relationship.
    2. Waiver. No failure or delay by either Party in exercising any right under the Agreement will constitute a waiver of that right.
    3. Notice. Any notice given pursuant to the Agreement shall be in writing and shall be provided by personal delivery, registered mail, or email. Any such notice shall be deemed to have been given on (i) the day such notice or communication is personally delivered, (ii) three (3) days after such notice or communication is mailed by registered mail, (iii) one (1) business day after such notice or communication is sent by overnight courier, or (iv) Notice sent by email shall be deemed effective when the receipt is electronically confirmed. Notices to Riskified shall be addressed to 220 5th Avenue, 2nd Floor, New York, NY 10001, Attn: Legal Department; with a copy to [email protected].
    4. Affiliates. All obligations of either party and its respective Affiliates under the Agreement are joint and several.
    5. Force Majeure. If either Party is unable to perform any obligation (excluding any payment obligation) under the Agreement because of any matter beyond that Party’s reasonable control, such as flood, exceptionally severe weather, fire, explosion, war, terrorist attack, civil disorder, protests, industrial dispute (whether or not involving employees of either Party), acts of local or central government or other competent authorities, problems with telecommunications providers, hostile network attacks, pandemics or other events beyond a Party’s reasonable control (each, a “Force Majeure Event”), that Party will have no liability (including any obligation to issue refunds or credits) to the other for such failure to perform; provided, however, that such Party shall resume performance promptly upon removal of the circumstances constituting the Force Majeure Event.
    6. Interpretation. To the extent of any conflict in terms between: (a) this SaaS and/or its schedules, and (b) an Order Form and/or its schedules, then the terms of such Order Form and/or its schedules shall control.
    7. Assignment. Client may not assign or otherwise transfer the Agreement without prior written consent by Riskified. Riskified may assign or delegate the Agreement, or any duty or right under the Agreement to an Affiliate.
    8. Counterparts. The Agreement may be executed in one or more counterparts, in original or electronic form, each of which shall be deemed an original, but all of which together shall constitute one and the same Agreement.
    9. Severability. If any provision of the Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that the Agreement will otherwise remain in full force and effect and enforceable.
    10. Entire Agreement; Amendments. The Agreement, including any schedules, exhibits, annexes and/or Order Forms, is the complete and exclusive statement of the mutual understanding of the Parties and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of the Agreement. Any and all waivers, amendments and modifications regarding the Agreement must be in writing and signed by both parties.