1. Definition of Confidential Information
“Confidential Information” means any and all non-public, proprietary, or trade secret information disclosed by Sigma Shake to Recipient, whether orally, in writing, electronically, or by any other means, in connection with Recipient’s evaluation of Sigma Shake’s security controls documentation. This includes but is not limited to: security architectures, control implementations, vulnerability assessments, penetration test results, audit findings, internal processes, source code evidence, threat models, incident response procedures, infrastructure configurations, encryption methodologies, and any other technical, operational, or business information that is designated as confidential or that a reasonable person would understand to be confidential given its nature and the circumstances of disclosure.
2. Obligations of Recipient
Recipient agrees to: (a) hold all Confidential Information in strict confidence using at least the same degree of care Recipient uses to protect its own most sensitive confidential information, but in no event less than reasonable care; (b) not disclose Confidential Information to any third party without Sigma Shake’s prior written consent; (c) restrict access to Confidential Information to only those employees, contractors, and advisors who (i) have a legitimate need to know for the purpose of evaluating Sigma Shake’s security posture, and (ii) are bound by confidentiality obligations no less protective than those herein (“Authorized Recipients”); (d) be responsible for any breach by its Authorized Recipients; and (e) not use Confidential Information for any purpose other than the evaluation described in this Agreement.
3. Exclusions
These obligations do not apply to information that: (a) is or becomes publicly available through no fault or breach by Recipient; (b) was rightfully known by Recipient prior to disclosure, as documented by written records; (c) is rightfully received from a third party without restriction; (d) is independently developed without reference to the Confidential Information, as documented by written records; or (e) is required to be disclosed by applicable law, regulation, or valid court order, provided Recipient gives Sigma Shake prompt written notice (to the extent legally permitted) and reasonable opportunity to seek a protective order before disclosure.
4. No License; No Warranty
Nothing in this Agreement grants Recipient any license, right, title, or interest in any Confidential Information, intellectual property, trade secrets, or proprietary rights of Sigma Shake. All Confidential Information is provided “AS IS” without warranty of any kind, express or implied.
5. Return or Destruction
Upon Sigma Shake’s written request or upon termination or expiration of this Agreement, Recipient shall within ten (10) business days: (a) return all tangible materials containing Confidential Information; (b) permanently destroy all electronic copies, including backups and cloud storage; and (c) provide written certification signed by an authorized officer confirming complete return or destruction. Recipient may retain copies solely to the extent required by applicable law, subject to ongoing confidentiality obligations.
6. Breach Notification
Recipient shall notify Sigma Shake in writing within forty-eight (48) hours of discovering any unauthorized access to, use of, or disclosure of Confidential Information. Notification shall include: nature of the incident, information affected, corrective actions taken or planned, and a designated point of contact. Recipient shall cooperate fully with any investigation and take all reasonable steps to mitigate the unauthorized disclosure.
7. Data Handling and Security
Recipient shall implement and maintain commercially reasonable administrative, technical, and physical safeguards including: (a) encryption at rest and in transit; (b) role-based access controls; (c) audit logs of access to Confidential Information; and (d) no storage on personal devices, removable media, or unapproved cloud services without Sigma Shake’s prior written consent.
8. Indemnification
Recipient shall indemnify, defend, and hold harmless Sigma Shake, its officers, directors, employees, agents, and successors from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys’ fees and court costs) arising out of or relating to: (a) any breach of this Agreement by Recipient or its Authorized Recipients; (b) any unauthorized use or disclosure of Confidential Information; or (c) any third-party claims resulting from Recipient’s failure to comply with its obligations.
9. Injunctive Relief
Recipient acknowledges that any breach or threatened breach of this Agreement may cause Sigma Shake irreparable harm for which monetary damages would be an inadequate remedy. Sigma Shake shall be entitled to seek injunctive or other equitable relief (including temporary restraining orders, preliminary injunctions, and specific performance) without proving actual damages or posting bond, in addition to any other remedies available at law or in equity.
10. Non-Circumvention
Recipient shall not, directly or indirectly, use any Confidential Information to: (a) develop, design, create, or contribute to any competing product, service, or technology; (b) reverse engineer, decompile, or disassemble any product or technology described in the Confidential Information; or (c) solicit, recruit, or hire any employee, contractor, or consultant of Sigma Shake whose identity or qualifications became known through Confidential Information.
11. Non-Assignment
Recipient shall not assign, transfer, or delegate this Agreement without Sigma Shake’s prior written consent. Any attempted assignment without consent is void. In the event of a merger, acquisition, or change of control of Recipient, Sigma Shake may terminate this Agreement upon written notice.
12. Term
This Agreement shall remain in effect for two (2) years from the date of acceptance. Either party may terminate with thirty (30) days’ written notice. Confidentiality obligations survive termination for an additional five (5) years, or for so long as the Confidential Information remains a trade secret under applicable law, whichever is longer.
13. Governing Law and Dispute Resolution
This Agreement shall be governed by the laws of the State of California. Disputes shall first be submitted to good-faith mediation administered by JAMS in San Francisco, California. If mediation is unsuccessful within thirty (30) days, the dispute shall be resolved by binding arbitration administered by JAMS under its Comprehensive Arbitration Rules before a single arbitrator with expertise in technology and intellectual property. The arbitrator’s award shall be final and binding. Either party may seek injunctive relief in court without first submitting to mediation or arbitration.
14. Severability
If any provision is held invalid, illegal, or unenforceable, it shall be modified to the minimum extent necessary to make it valid, and all remaining provisions continue in full force and effect.
15. Entire Agreement
This Agreement constitutes the entire agreement between the parties regarding confidentiality and supersedes all prior agreements. May be amended only by written instrument signed by both parties.
16. Electronic Acceptance
Electronic acceptance of this Agreement (including clicking “I Accept” combined with provision of name, title, and company information) constitutes a legally binding signature under the United States Electronic Signatures in Global and National Commerce Act (E-SIGN Act) and the California Uniform Electronic Transactions Act.