UNITED STATES DISTRICT COURT FOR THE SOUTHERN DISTRICT OF FLORIDA MIAMI DIVISION Case Number: 22-22454-CIV-MARTINEZ JUSTTECH, LLC, Plaintiff, v. KASEYA US LLC, Defendant. / ORDER GRANTING MOTION TO DISMISS THIS CAUSE came before this Court on Defendant’s Motion to Dismiss the Complaint (the “Motion”), (ECF No. 15). This Court has reviewed the Motion, pertinent portions of the record, and applicable law and is otherwise fully advised of the premises. Accordingly, after careful consideration, the Motion is GRANTED for the reasons set forth herein. I. FACTUAL BACKGROUND Plaintiff JustTech, LLC, is a managed service provider (“MSP”) that provides IT, computer network, print, fax, and copy solution services to its downstream clients in the Mid-Atlantic and Southeast regions. (Compl. § 11, ECF No. 1.) Plaintiff creates, processes, stores, secures, and exchanges electronic data in connection with these services. (/d.) Defendant Kaseya US LLC is a global technology company that provides MSPs like Plaintiff with IT management and security software and services. (/d. § 16.) Defendant publicly promotes the safety and effectiveness of its software and services against cyberattacks by making representations online and messaging MSP customers. (/d. § 18.)

Since approximately 2016, Plaintiff has paid for Defendant’s IT management and security software and services. (Id. § 12.) Plaintiff used Defendant’s Virtual System Administrator (“VSA”) software for most of its downstream clients, opting for the on-premises product connected to a local server. (/d. J 13.) In exchange for these services, Plaintiff disclosed its clients’ electronic data to Defendant and granted Defendant certain rights to use such data. (/d.) This arrangement was governed by Defendant’s end user license agreement (the “EULA”), which users like Plaintiff must agree to without any objections or qualifications when accepting Defendant’s software and services.” Ud. § 14.) The EULA contains provisions that shield Defendant from liability related to the delivery, performance, or use of its software and services. (/d.) The EULA provides in relevant part that: Kaseya and its suppliers and licensors shall not be liable or obligated with respect to the subject matter of this agreement... or under any contract, negligence, strict liability or other legal or equitable theory . . . (II) for any cost of procurement of substitute goods, technology, services or rights, or (IID) for any incidental, indirect, special, punitive, or consequential damages (including, without limitation, loss of profits, loss of use or data, damage to systems or equipment, business interruption or cost of cover) in connection with or arising out of the delivery, performance or use of the software, documentation, any other materials provided by Kaseya or other services performed by Kaseya....

[E]xcept for Kaseya’s gross negligence or willful misconduct, Kaseya shall not be responsible or liable for the unauthorized access to, alteration of, or deletion, correction, destruction, corruption, damage, loss or failure to secure or store Customer Data.

* While this Court is generally constrained to review the four corners of the Complaint in determining whether to grant a motion to dismiss for failure to state a claim, this Court may consider documents attached to Defendant’s Motion when the document “is (1) central to the plaintiffs claim and (2) undisputed.” Day v. Taylor, 400 F.3d 1272, 1276 (11th Cir. 2005) (citing Horsley y, Feldt, 304 F.3d 1125, 1134 (11th Cir. 2002)). Because the EULA is central to the Complaint and it is undisputed that the EULA attached to Defendant’s Response to the Motion is authentic, this Court considers the EULA in addressing the Motion. See id.

[T]his Agreement is the entire agreement between Kaseya and Licensee regarding Licensee’s use of the Software, and supersedes and replaces any previous communications, representations, or agreements... (See End-User License Agreement (“EULA”) 5, 8-9, 11, ECF No. 15-1.) Plaintiff alleges that Defendant understands and has publicly acknowledged that cyberattacks on MSPs present heightened risks and consequences because the attack affects the MSP and its downstream clients. (/d. §§ 20, 24.) Defendant has frequently reported on cyber- and ransomware attacks and provided guidance on how to minimize their associated risks. (/d. 26.) One risk-prevention method Defendant promotes is to timely discover and “patch” or fix software vulnerabilities. (/d. § 33.) Industry guidelines recommend that third-party users be warned of such software vulnerability risks in a timely manner. (/d. { 31.) On April 6, 2021, the Dutch Institute for Vulnerability Disclosure (the “DIVD”), an international team of voluntary computer researchers that investigates and reports software vulnerabilities, warned Defendant that its VSA software contained multiple, critical vulnerabilities. (/d. § 36.) These vulnerabilities were critical due to their “zero-day” nature (meaning that hackers could exploit them immediately) and potential to affect Plaintiff's clients in the defense, aerospace, medical, transport, financial, and energy markets. (/d. §37.) Defendant and the DIVD worked together to address the VSA vulnerabilities, but Plaintiff alleges that progress stalled on patching the vulnerabilities. (/d. § 40.) Scheduled patches of the vulnerabilities were spread out and included dates after the date of the ransomware attack that prompted this dispute. (/d.) Plaintiff alleges that it was unaware of these vulnerabilities in the VSA software, and that Defendant failed to issue any warnings or implement additional cybersecurity measures. (/d. § 41.)

Defendant was also warned of cybersecurity concerns from its own employees in the years leading up to the ransomware attack. (/d. 444.) Between 2017 and 2020, Defendant’s engineers and developers warned the company of these concerns, and other employees reported that company executives were made aware of the numerous problems with the VSA software. Ud. J] 44-45.) Former employees considered Defendant’s decision to outsource work to Belarus, a country with close ties to Russia, as another potential security issue because, Plaintiff alleges, many cybercriminals operate in Russia. (/d. § 46.) A Russian-based criminal operation known as REvil was determined to be the source of the July 2, 2021, ransomware attack on Defendant’s VSA software that disrupted operations for Plaintiff and its downstream clients. (/d. 9 47.) REvil completed this attack by exploiting the VSA software vulnerabilities. (/d.) Around 12:30 p.m. on July 2, 2021, over one thousand devices managed by Plaintiff became inaccessible and displayed a document explaining that all of Plaintiff s files had been encrypted by a third party and would not be made accessible until Plaintiff followed further instructions. (/d. §§ 48-49.) Plaintiff was informed it would lose this data if it failed to pay $45,000.00 ransom for each encrypted device. (/d. §49.) All of Plaintiff's downstream clients connected to the VSA software were affected. Ud. § 50.) Within eight minutes of the attack, Plaintiff shut down the VSA system and instructed its downstream clients to shut down all computers in their systems until further notice. Ud. 51.) At 4:00 p.m., Defendant publicly disclosed that a “limited,” “potential” attack on its VSA servers took place that afternoon and recommended users to shut down all VSA servers. (/d. § 52.) Defendant claimed to have followed an “established incident response process to determine the scope of the incident and the extent that our customers were affected.” (/d. § 53.) Defendant believed it had identified the source of the vulnerability and began preparing a patch to mitigate

its risks. id.) On July 11, 2021, Defendant released a patch to its VSA on-premises customers to restore their service. (/d, § 53.) The attack reached more than fifty MSPs (including Plaintiff) and between 800 and 1500 downstream businesses (including Plaintiff's). Ud. § 58.) In the aftermath of the attack, Plaintiff ceased normal business operations and devoted considerable resources to help itself and its clients recover data. (/d. J 62.) Plaintiff did not charge its clients for any recovery work performed, including the expenses incurred by hiring outside IT contractors. (Id. Jf 62-63.) Plaintiff claims that it was forced to spend time and money to recruit and train new employees as former employees quit. (/d. § 63.) Plaintiff also alleges that it lost current business and opportunities to secure new business. (/d. § 64.) Further, Plaintiff claims that it is anticipating added expenses from the legal claims pursued by Plaintiffs clients. Ud. § 66.) After the attack, Defendant began making public statements to reassure its MSP customers of Defendant’s commitment to protecting their data. (/d. § 70.) On July 7, 2021, Defendant’s CEO, Fred Voccola, promised “direct financial assistance to MSPs” impacted by the attack as part of the “Kaseya Cares 2021” program. (/d. ¢ 71.) Voccola stated that Defendant will “be doing millions of dollars of restitution for all of our customers who have suffered” in an interview the following day. Ud. | 72.) Two days after the initial promise was made to provide “direct financial assistance,” Plaintiff informed its clients that they would not be billed for recovery work related to the attack. (Ud. 74.) In August and September 2021, however, Defendant allegedly notified Plaintiff that it had limited funds available to provide the promised financial assistance and could not compensate Plaintiff for its losses. (/d. § 75.) Plaintiff alleges that Defendant neither deflected responsibility for Plaintiffs losses nor asserted a legal defense to payment during these months. (/d. {| 77.)

I. LEGAL STANDARD A court must grant a motion to dismiss for failure to state a claim when the complaint fails to provide grounds for relief beyond labels and conclusions or a “formulaic recitation of the elements of a cause of action.” Bell Atl Corp. v. Twombly, 550 U.S. 544, 555 (2007). When considering a motion to dismiss, this Court is not required to accept conclusory allegations or legal conclusions as true. See, e.g., Am. Dental Ass’n v. Cigna Corp., 605 F.3d 1283, 1290 (11th Cir. 2005), “While legal conclusions can provide the framework of a complaint, they must be supported by factual allegations. When there are well-pleaded factual allegations, a court should assume their veracity and then determine whether they plausibly give rise to an entitlement to relief.” Ashcroft v. Iqbal, 556 U.S. 662, 679 (2009). Even taking Plaintiff's factual allegations as true, they must be enough to raise a right to relief above the speculative level. See Bell Atl. Corp., 550 U.S. at 555. To satisfy this pleading standard, however, the complaint need not contain detailed factual allegations. Jd. Courts typically “do not consider anything beyond the face of the complaint and documents attached thereto when analyzing a motion to dismiss.” Fin. Sec. Assur., Inc. v. Stephens, Inc., 500 F.3d 1276, 1284 (11th Cir. 2007) (citing Brooks v. Blue Cross & Blue Shield of Fla., Inc., 116 F.3d 1364, 1368 (11th Cir. 1997)). Courts, however, “may consider a document attached to a motion to dismiss without converting the motion into one for summary judgment if the attached document is (1) central to the plaintiffs claim and (2) undisputed.” Day, 400 F.3d at 1276 (citing Horsley, 304 F.3d at 1134). Ill. DISCUSSION Defendant moves to dismiss the Complaint for failure to state a claim for (1) common law gross negligence (Count I); (2) common law negligent misrepresentation (Counts II and III); (3)

common law promissory estoppel (Count IV); and (4) Florida’s Deceptive and Unfair Trade Practice Act (the “FDUTPA”) (Count V). Plaintiff argues that it sufficiently pleaded a gross negligence claim and justifiably relied on Defendant’s extra-contractual statements in pleading its negligent misrepresentation, promissory estoppel, and FDUTPA claims. This Court addresses each argument in turn. A. Plaintiff’s Gross Negligence Claim (Count I) is Dismissed To state a claim for gross negligence under Florida law, Plaintiff must plead the elements of an ordinary negligence claim—that Defendant owes Plaintiff a duty, Defendant breached that duty, Plaintiff suffered an injury from Defendant’s breach, and Plaintiff sustained damages—and (1) the existence of a composite of circumstances which, together, constitute an imminent or clear and present danger amounting to more than the normal and usual peril; (2) a showing of chargeable knowledge or awareness of the imminent danger; and (3) an act of omission occurring in a manner which evinces a conscious disregard of the consequences. See Santiago v. Honeywell Int’l, Inc., No. 16-cv-25359, 2021 WL 5066924, at *7 (S.D. Fla. Sept. 29, 2021) (quoting Cortes v. Honeywell Bldg. Sols. SES Corp., 37 F. Supp. 3d 1260, 1270 (S.D. Fla. 2014)). Defendant argues that Plaintiff fails to state a claim for gross negligence in Count I because Defendant neither owed Plaintiff a duty beyond the obligations imposed by the EULA nor displayed a conscious disregard of “a clear and present danger” to constitute gross negligence. Plaintiff argues in opposition that Defendant owed a duty of reasonable care in providing its software and services to Plaintiff and was grossly negligent in ignoring the dangers posed by software vulnerabilities on MSPs. This Court agrees with Defendant: Defendant owed no independent duty to Plaintiff outside those duties expressly imposed in the EULA, and Plaintiff failed to sufficiently plead that Defendant’s actions constituted gross negligence.

associated risks because it knew of the heightened risks posed by cyberattacks on MSPs, (see Compl. § 24), and consequently chose not to ignore the dangers presented but rather cooperate with the DIVD to alleviate these dangers, see Moradiellos, 176 So. 3d at 336 (“On this record, [the defendant’s inaction] created a possibility of harm, which is required to prove simple negligence. But they did not create a condition in which an accident would probably and most likely occur, which is required to prove gross negligence.”); Pyjek, 116 So. 3d at 477-478 (holding that defendant’s decision to ignore a dangerous condition despite knowledge of that dangerous condition was evidence of a conscious disregard of a clear and present danger). Therefore, even had Plaintiff sufficiently pleaded that Defendant owed Plaintiff an extracontractual duty of care, Plaintiff cannot sufficiently plead that Defendant’s actions displayed a conscious disregard for the dangers posed by software vulnerabilities. Accordingly, even were Plaintiff to have sufficiently pleaded that Defendant owed Plaintiff an extracontractual duty of

care, the Motion would still be due to be GRANTED in this regard, and Count | of the Complaint would still be due to be DISMISSED. B. Plaintiff's Negligent Misrepresentation Claims (Counts II and IHD) Are Dismissed To plead a negligent misrepresentation claim under Florida law, Plaintiff must allege: (1) a misrepresentation of material fact that Defendant believed to be true but which was actually false; (2) Defendant was negligent in making the misrepresentation because it should have known it was false; (3) Defendant intended to induce Plaintiff to rely on the misrepresentation; and (4) Plaintiff was injured acting in justifiable reliance upon the misrepresentation. See McGee v. JP Morgan Chase Bank, NA, 520 F. App’x 829, 831 (11th Cir. 2013) (citing Simon v. Celebration Co., 883 So. 2d 826, 832 (Fla. 5th DCA 2004)). Defendant argues that Plaintiff failed to state a claim for negligent misrepresentation because Plaintiff cannot rely on Defendant’s extra- contractual representations of its software and services or its restitution efforts. Plaintiff argues in opposition that it justifiably relied on Defendant’s promotions of its software and services and promises of compensation given Defendant’s prominence in the software security space and financial assets. This Court agrees with Defendant that Counts II and JJI fail to state a claim because Plaintiff cannot sufficiently justifiably rely on Defendant’s extra-contractual representations that are superseded by the EULA.

clause can preclude a claim based on extra-contractual representations); Bates v. Rosique, 777 So. 2d 980, 982 (Fla. 3d DCA 2001) (prohibiting buyer from taking contradictory position when pleading a misrepresentation claim where governing contract unambiguously superseded prior agreements and representations); Garcia v. Santa Maria Resort, Inc., 528 F. Supp. 2d 1283, 1292- 1293 (S.D. Fla. 2007) (precluding property investors from claiming that their purchases served federal security law purposes where contract stated that property was for personal use only). Here, Plaintiff cannot allege that it acted in justifiable reliance on Defendant’s pre- contractual promotions of its software and services because these alleged misrepresentations relate directly to the products and services the EULA expressly governs. See Tyco Safety Prods., 2008 WL 4753728, at *3 (finding that plaintiff was unable to plead a negligent misrepresentation claim based on the same subject matter covered in the parties’ contract). Moreover, Plaintiff cannot justifiably rely on Defendant’s pre-contractual statements related to the safety and security of its software and services because the EULA contains a merger clause that supersedes all previous representations. (See EULA 11); Bates, 777 So. 2d at 982 (prohibiting buyer from pleading a position inconsistent with what contract outlined); Garcia, 528 F. Supp. 2d at 1292-93 (preventing investors from claiming property served a purpose other than what contract provided). Plaintiff cannot now allege that it detrimentally relied on Defendant’s pre-contractual statements because the EULA expressly “supersedes and replaces any previous communications, representations, or agreements ... whether oral or written.” (See EULA 11.) Therefore, Plaintiff cannot sufficiently plead that it acted in justifiable reliance on Defendant’s representations of its software and services because these statements relate directly to the EULA, and the EULA supersedes all prior statements made by Defendant. Accordingly, the Motion is GRANTED in this regard, and Count I is DISMISSED.

contractual period). Here, Plaintiff cannot establish a negligent misrepresentation claim based on Defendant’s restitution representations because these statements are overly vague and not independent of the substance covered in the EULA. See Century 21 Admiral’s Port, Inc., 47] So. 2d at 545 (holding that vague or indefinite statements cannot establish justifiable reliance). Defendant’s promises of restitution cannot establish a negligent misrepresentation claim because the details of the compensation are too indefinite to be justifiably relied on. See id. (“We affirm on a holding that since the time for performance was left subject to future agreement, the appellants had no right to rely on the representation made.”), Defendant’s announcement that it would provide “direct financial assistance to MSPs” as part of its “Kaseya Cares 2021” program, (see Compl. § 74), does not sufficiently specify who out of the several MSPs affected by the attack will be compensated, what form of compensation will be provided, when the compensation will be provided, or how the compensation will be calculated and, thus, precludes a claim for negligent misrepresentation, see Ceithaml, 207 F. Supp. 3d at 1353 (requiring plaintiff to specify “the who, what, when, where, and how” of alleged misrepresentations when pleading negligent misrepresentation claim). Moreover, Defendant’s promises cannot be relied on because Defendant’s statements do not impose any definite obligations on Defendant or outline definite terms of compensation. See Bankers Tr., 960 So. 2d at 777-778 (finding that agreement could not be justifiably relied on because it failed to assign accountability to the parties or set out definite terms). Further, Plaintiff cannot rely on Defendant’s promises of restitution to establish a claim because these statements relate directly to Defendant’s contractually defined liability and were made while the EULA was in effect. See Altamonte Pediatric Assocs., 2020 WL 5350303, at *5— 6. Just as the alleged misrepresentation regarding the terms of the insurance policy took place while the contract governed the parties’ relationship and could not be differentiated from the contract’s substance, see id., Defendant’s promises to provide “direct financial support” to its MSP customers were made while the EULA controlled Plaintiffs relationship with Defendant and are directly related to the section of the EULA describing Defendant’s limited liability, (see EULA 9), Plaintiff further argues that the restitution representations need not specify all relevant details, (see Pl.’s Resp. 11), but these statements are nevertheless too indefinite to be justifiably relied on because the “who, what, when, where, and how” of Defendant’s compensation efforts are left subject to future consideration, see Ceithaml, 207 F. Supp. 3d at 1353. Therefore, this Court finds that Plaintiff cannot sufficiently plead that it justifiably relied on Defendant’s restitution representations because these statements are too indefinite regarding the terms of compensation and are directly related to Defendant’s contractually defined liability. Accordingly, the Motion is GRANTED in this regard, and Count HI is DISMISSED. C. Plaintiff’s Promissory Estoppel Claim (Count IV) is Dismissed To state a claim for promissory estoppel under Florida law, Plaintiff must allege: (1) the plaintiff detrimentally relied on a promise made by the defendant; (2) the defendant should have reasonably expected the promise to induce action or forbearance on the part of the plaintiff or a third person; (3) that injustice can only be avoided by enforcing the promise. W.R. Townsend Contracting, Inc. v. Jensen Civil Const., Inc., 728 So. 2d 297, 302 (Fla. Ist DCA 1999), Defendant argues that Plaintiff failed to state a claim for promissory estoppel because Plaintiff cannot demonstrate that Defendant made any definite promises or that the actions Plaintiff took in response to Defendant’s promises of compensation were reasonable and detrimental. Plaintiff argues in opposition that Defendant should have reasonably expected Plaintiff to act on those promises and that Plaintiff's reliance caused it to expend resources and continue its business with Defendant to Plaintiff's detriment. This Court agrees with Defendant that Count IV should be dismissed for failure to sufficiently plead that Plaintiff reasonably and detrimentally relied on Defendant’s statements. The terms of a promise must be definite in relation to the remedy sought to demonstrate reasonableness under a promissory estoppel claim. See Fried v. Stiefel Lab’ys, No. 11-CV-20853, 2012 WL 4364300, at[*10] (S.D. Fla. June 8, 2012) (finding discussions of potential compensation between employee and CEO too indefinite to induce reasonable reliance because parties never agreed on method of compensation). It is unreasonable to rely on promises of compensation where the “comprehensive, integrated written contract” that governs the parties’ relationship does not mention such compensation. Harris v. Sch. Bd. of Duval Cnty., 921 So. 2d 725, 735 (Fla. lst DCA 2006) (failing to find detrimental reliance on an oral promise of reimbursement where the governing contract made no mention of such reimbursement). Detrimental reliance on a promise must be demonstrated by the plaintiff taking some action as a result of the defendant’s promise that is ultimately detrimental to the plaintiff. See Mangravite v. Univ. of Mia., No. 10-cv-22895, 2010 WL 4702358, at *3 (S.D. Fla. Nov. 12, 2010) (dismissing claim for promissory estoppel where professor could not demonstrate how he was harmed by accepting job under notion that he would eventually become tenured and was later denied this status). Here, Plaintiff did not sufficiently plead that the resources it expended constituted a reasonable response to Defendant’s restitution representations or that its continued business with Defendant was detrimental. (See Compl § 115.) Defendant could not have reasonably expected Plaintiff to allocate resources to itself and its clients and take responsibility for such expenses when Defendant had not definitively identified how and to what extent it would compensate its MSP customers. See Fried, 2012 WL 4364300, at[*10] (lacking grounds to induce reasonable reliance where method of compensation was not solidified). Plaintiff's reliance on Defendant’s promises of restitution is, as pleaded, also unreasonable because the EULA does not discuss compensation in response to cyber-attacks. (See EULA at 8-9); Harris, 921 So. 2d at 735 (failing to find detrimental reliance where reimbursement was orally promised but not mentioned in parties’ contract). Moreover, Plaintiff cannot show that the actions it took in response to Defendant’s promises of restitution were detrimental because Plaintiff cannot sufficiently plead how its continued relationship with Defendant in the aftermath of the attack was detrimental to itself or its clients. See Mangravite, 2010 WL 4702358, at *3 (failing to find detrimental reliance where plaintiff received less than anticipated but still benefitted from relationship with defendant). Because Plaintiff failed to allege that its actions constituted a reasonable response to Defendant’s promises of compensation and that it relied on these promises to its own detriment, the Motion is GRANTED in this regard, and Count IV is DISMISSED. D. Plaintiff's FDUTPA Claim (Count V) is Dismissed Under Florida law, unfair or deceptive acts or practices in the conduct of any trade or commerce are unlawful. § 501.204(1), Fla. Stat. (2022). To state a claim under FDUTPA, Plaintiff must show: “(1) a deceptive act or unfair practice; (2) causation; and (3) actual damages.” Angelo vy. Parker, 275 So. 3d 752, 755 (Fla. Ist DCA 2019) (quoting Baptist Hosp., Inc. v. Baker, 84 So. 3d 1200, 1204 (Fla. 1st DCA 2012)). An unfair practice “offends established public policy” and is “immoral, unethical, oppressive, unscrupulous or substantially injurious to consumers.” Samuels vy. King Motor Co. of Fort Lauderdale, 782 So. 2d 489, 499 (Fla. 4th DCA 2001). A deceptive act occurs where there is a “representation, omission, or practice that is likely to mislead consumers acting reasonably in the circumstances, to the consumers’ detriment.” State v. Beach Blvd. Auto. Inc., 139 So. 3d 380, 387 (Fla. Ist DCA 2014). Under FDUTPA, actual damages are “the difference in the market value of the product or service in the condition in which it was delivered and its market value in the condition in which it should have been delivered according to the contract of the parties.” Rollins, Inc. v. Heller, 454 So. 2d 580, 585 (Fla. 3d DCA 1984), Defendant argues that Count V should be dismissed because Plaintiff failed to sufficiently plead an unfair practice or deceptive act and actual damages as required by the statute. Plaintiff argues in opposition that Defendant’s misrepresentations about its software and services and false promises of compensation constitute an unfair practice or deceptive act. This Court agrees with Defendant. A party cannot demonstrate an unfair practice or deceptive act based on alleged misrepresentations that are expressly contradicted in a written contract when making a FDUTPA claim. TRG Night Hawk Ltd. v. Registry Dev. Corp., 17 So. 3d 782, 784-785 (Fla. 2d DCA 2009) (barring a FDUTPA claim based on reliance of alleged misrepresentations where parties entered into a contract disclaiming any prior representations); Rosa v. Amoco Oil Co., 262 F. Supp. 2d 1364, 1368-1369 (S.D. Fla. 2003) (dismissing a FDUTPA claim because it was unreasonable to rely on alleged misrepresentations that differentiated from the written contract). FDUTPA claims are also barred where there are no actual damages alleged as defined by the statute. See Rodriguez v. Recovery Performance & Marine, LLC, 38 So. 3d 178, 180 (Fla. 3d DCA 2010) (labeling down payment and loan payments for a boat as consequential damages whereas actual damages were limited to the “difference between the market value of the []boat as delivered and its market value as it should have been delivered.”); Urling v. Helms Exterminators, Inc., 468 So. 2d 451, 454 (Fla. Ist DCA 1985) (holding that FDUTPA allows a consumer to recover damages for the diminished value of goods or services received but not consequential damages for property related to the consumer’s use of such goods or services). Here, Plaintiff cannot rest its FDUTPA claim on Defendant’s alleged misrepresentations of its software and services or promises of restitution because these representations were superseded by the EULA, and Plaintiff failed to allege actual damages in connection with them. Plaintiff cannot depend on Defendant’s promotions of its software and services to demonstrate an unfair practice or deceptive act because the EULA expressly replaces all prior representations. (See EULA 11); TRG Night Hawk Ltd., 17 So. 3d at 784 (dismissing a FDUTPA claim based on alleged misrepresentations that were expressly disclaimed in a later written contract). Further, Plaintiff cannot rely on the promises of compensation because these statements define Defendant’s liability differently from what is outlined in the EULA. See Rosa, 262 F. Supp. 2d at 1368-1369 (precluding reliance on statements which differentiate from contract to establish a FDUTPA claim). Moreover, Plaintiff cannot recover under FDUTPA because it failed to allege actual damages. The expenses Plaintiff incurred while acting under the impression that Defendant would provide restitution cannot be attributed to the value of the VSA software when it was initially delivered to Plaintiff and thus cannot be categorized as actual damages. (See Compl. § 119); see Rodriguez, 38 So. 3d at 181. Plaintiff's attempt to recover damages for lost property and business opportunities is barred by FDUTPA as these represent consequential damages stemming from Plaintiff's use of the VSA rather than any defect in the software when it was originally received by Plaintiff. See Urling, 468 So. 2d at 454 (denying recovery of consequential damages for property related to consumer’s use of goods or services under FDUTPA). This Court finds that Plaintiff failed to state a claim under FDUTPA because it did not sufficiently plead an unfair practice or deceptive act and actual damages as required by statute.

Accordingly, the Motion is GRANTED in this regard, and Count V of the Complaint is DISMISSED. IV. CONCLUSION Accordingly, it is ORDERED AND ADJUDGED that: l. The Motion, (ECF No. 15), is GRANTED. ^[2], Counts I-V of the Complaint are DISMISSED.