TERMS & CONDITIONS
Effective Date: May 1, 2021 (Prior version archived here.)
Please read these Terms and Conditions (“Terms”) carefully as they form a contract between Customer and NowSecure, Inc. (“NowSecure”) and govern use of and access to the Services by Customer and Customer’s Affiliates and Users.
1.1 Manner of Acceptance. By clicking the acceptance box or button, or ordering, accessing, or using the Services, Customer accepts and agrees to be bound by these Terms and any applicable addenda or exhibits identified herein. Customer, as an individual, must be 18 years or older to order, access, or use the Services.
1.2 Acceptance by legal entity. If Customer is accepting these Terms on behalf of a company, organization, governmental body, or other legal entity (“Entity”), Customer represent and warrant that it has the authority to bind such Entity, such Entity agrees to be legally bound by the Terms, and neither Customer nor such Entity are barred from ordering, accessing, or using the Services or accepting the Terms. If acceptance is on behalf of an Entity, any reference to the terms “Customer” used herein shall refer to such Entity. If Customer does not have such authority, or if Customer does not agree with these Terms, Customer must not accept these Terms and may not order, access, or use the Services.
1.3. Scope. These Terms govern Customer’s access to and use of the Services. These Terms do not apply to any Third-Party Products (other than those provided directly by NowSecure as part of the Services).
1.4. Modified Terms. NowSecure may modify these Terms from time to time by providing notice to Customer in its Account or by email to the Account Owner, and posting a modified version of the terms with a new date of last revision to the Website. The modified terms will be effective upon Customer’s renewal of the Services or purchase of additional Services; provided, however, any Urgent Change in the modified terms will be effective immediately upon written notice to Customer in its Account or by email to the Account Owner and posting to the Website. An “Urgent Change” means a change to the Terms that: (a) addresses new Services or features or functionality of existing Services; (b) is required by a NowSecure third-party provider; (c) is reasonably necessary in order to protect the stability and security of the Services or the systems used to provide the Services; or (d) in the reasonable opinion of NowSecure’s legal counsel, is necessary in order to comply with applicable laws, rules, or regulations. Customer’s continued use of the Services following notice or posting of the modified terms shall be deemed acceptance of and agreement to the modified terms.
1.5. Accounts & Credentials. In order to access and use the Services, Customer may be required to establish an Account and provide a valid form of payment when first registering with NowSecure. Customer will provide true, accurate, current, and complete information when registering for an Account and will update the information as necessary to keep contact and payment information current at all times. In order to access Customer’s Account, Customer and each User under Customer’s Account will register unique username(s) and password(s) (“Credentials”). NowSecure reserves the right to refuse registration of, or cancel, Accounts in its sole discretion. The Services may not be accessed for competitive purposes. NowSecure’s direct competitors are prohibited from accessing the Services, except with NowSecure’s prior written consent.
“Account” means the account Customer establishes with NowSecure when first accessing the Services.
“Account Owner” means the individual or entity identified when establishing an Account. The individual registering is designated as the Account Owner by default unless subsequently changed.
“Affiliate” means any entity that directly or indirectly Controls, is Controlled by, or is under common Control with, the subject entity. For purposes of this definition, “Control” means the possession, directly or indirectly, of the power to direct or cause the direction of the management and operating policies of the subject entity, or the ownership of more than fifty percent (50%) of its voting or equity securities, contract, voting trust, or otherwise.
“Beta Services” means new Services, or new features or functionality of an existing Service, that have not been made commercially available.
“Customer Data” means all of Customer’s proprietary data, content, software, mobile applications, or other material or information that Customer or its Users submit to, or otherwise generate in connection with, the Services. Customer Data includes Customer Reports.
“Customer Reports” means the security and vulnerability analysis and reports generated by the Services on Customer’s proprietary mobile applications that Customer or its Users upload or provide to the Services, or which are generated based on any configuration or test data Customer or its Users upload or provide.
“Deployment Services” means deployment, integration, training, and security assessment services offered by NowSecure.
“Documentation” means all user guides, documentation, specifications, training, and support materials, as updated from time to time, that are made available to Customer by NowSecure.
“Equipment” means all hardware provided to Customer by NowSecure in connection with a Subscription.
“Fees” means the fees to be paid by Customer to NowSecure or Reseller, as specified in the Order Form.
“Free/Trial Use” means any Services made available to Customer free of charge or on a no-cost subscription tier for the purpose of testing or evaluating the applicable Services.
“Harmful Content” means code, files, scripts, or programs, including viruses, worms, and Trojans, intended to deceive, disrupt, destroy, distort, disable, or otherwise do harm, but does not include access control code.
“Hosted Services” means the Services comprised of software applications hosted and operated by NowSecure and made available via the internet (also known as SaaS), as described in the applicable Order Form.
“Integration Application” means a third-party software application not provided by NowSecure that interoperates with the Services.
“Order Form” means an ordering document, schedule, statement of work, or similar instrument that specifies the Services to be provided to Customer by NowSecure.
“Pre-Existing Content” means text, images, graphics, designs, tools, methodologies, language, and other content created independent of Customer Data and used by NowSecure to provide the Services, including standard content in Software or reports.
“Reseller” means, if applicable, the third-party specified in an applicable Order Form and authorized by NowSecure to resell Software, Services, and Equipment.
“Services” means all NowSecure products and services, including but not limited to Hosted Services and Software, and all Documentation and Pre-Existing Content associated therewith and contained therein, made available to Customer by NowSecure pursuant to an Order Form or under Free/Trial Use.
“Software” means all software and/or computer program(s), including any new versions, updates, upgrades, configurations, derivate works, or revisions thereof, made available to Customer by NowSecure in connection with the Services.
“Subscription” means the right to access and use Services for the duration, in the quantity, and at the price specified in an Order Form.
“System Data” means aggregated and anonymized analytics data relating to how the Services are being used and the environment in which they are being used. The term System Data does not include Customer Data.
“Third-Party Products” means all third-party websites, services, or products referenced in, accessible through, or provided in connection with, the Services (other than those provided directly by NowSecure as part of a Service).
“User” means Customer’s or its Affiliates’ employees, contractors, and agents who are permitted to access the Services through Customer’s Account.
“Website” means the NowSecure website located at www.nowsecure.com and related subdomains.
3. RIGHTS & RESTRICTIONS.
3.1 Rights Grant. Subject to and conditioned on Customer’s payment of all applicable Fees and compliance with the Terms, NowSecure hereby grants Customer a limited, non-exclusive, non-sublicensable, and non-transferable (except as otherwise expressly set forth herein) right to access and use the Services identified in an Order Form, for the duration identified in the Order Form, solely for Customer’s internal organization purposes. Customer may, at its option, provide access and use rights to the Services to one or more of its Affiliates, subject to these Terms. If Customer provides such access and use rights to an Affiliate, Customer will be wholly responsible for the acts and omissions of such Affiliate. No Customer Affiliate shall have the right to take any legal action against NowSecure under these Terms.
3.2 Restrictions. Except as otherwise expressly authorized by these Terms, Customer and its Users shall not: (a) modify, alter, tamper with, or make derivative works based upon the Services; (b) copy or reproduce all or any part of the Services; (c) reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code or underlying ideas or algorithms of the Services, except to the extent specifically allowed by applicable law; (d) access the Services in order to build a competitive product or service or to copy any ideas, features, functions, or graphics thereof; (e) license, sublicense, sell, resell, distribute, transfer, assign, or otherwise commercially exploit the Services; (f) access or use the Services in a way intended to avoid incurring Fees or exceeding usage limits or quotas; (g) provide any third-party with access to the Services; or (h) engage, permit, or otherwise allow any third-party to do any of the foregoing.
3.3 Prohibited Uses. Customer and its Users may access and use the Services solely for Customer’s internal organization purposes consistent with these Terms and applicable Documentation. In addition to the Restrictions in Section 3.2, Customer agrees that neither Customer nor its Users will: (a) use the Services for any unlawful purpose, or in any manner that would violate the rights of any third-party; (b) upload to, or distribute through, Hosted Services any Harmful Content; (c) upload to, or distribute through, Hosted Services any nonpublic personal information (NPI as defined by GLBA), protected health information (PHI as defined in HIPAA), or sensitive personal information such as social security numbers; (d) knowingly interfere with or disrupt Hosted Services, the data associated therewith or contained therein, or the networks connected thereto; or (e) attempt to gain unauthorized access to the Services or their related systems or networks. If Customer (or a User who is accessing the Services on Customer’s behalf) provides mobile application security assessment or analysis as a commercial product or service or regularly incorporates information from mobile application security assessments or analyses into its commercial products or services, Customer (or the User) shall not access the Services until Customer receives NowSecure’s express written approval.
3.4 Reasonable Technical Controls. NowSecure may implement reasonable technical controls and limits to protect the security and availability of the Services, including but not limited to API rate controls, user creation/approval controls, email validation, account security lockouts, bot prevention (e.g. captcha), and denial-of-service protections.
4. OUR RESPONSIBILITIES.
4.1 Providing the Services. NowSecure will make the Services available to Customer in accordance with the Terms and any applicable Order Form. NowSecure may from time to time, and in its discretion, utilize its Affiliates or engage third-party contractors in connection with providing or maintaining the Services, provided that: (a) any such Affiliate or third-party contractor shall be bound by written confidentiality obligations no less restrictive than those contained in these Terms; and (b) NowSecure shall be directly liable to Customer, to the extent provided in these Terms, for any breach of these Terms caused by such Affiliate or third-party contractor.
4.2 Security Commitment. NowSecure will utilize appropriate technical, physical, and organizational security measures and safeguards in connection with the storage, transmission, handling, and processing of Customer Data via the Services, in order to protect Customer Data from unauthorized use, access, and disclosure. NowSecure will utilize: (a) adequate physical security of all premises in which Customer Data will be processed and/or stored by NowSecure; (b) reasonable precautions with respect to the employment of, and access given to, NowSecure personnel and third-party contractors engaged by NowSecure in connection with providing the Services, including assigning appropriate access privileges to individuals; (c) an appropriate network security program; (d) appropriate access controls and data integrity controls; (e) testing and auditing of all controls; and (f) appropriate corrective action and incident response plans.
4.3 Uptime Commitment. For paid Subscriptions, NowSecure will ensure Hosted Services are Available as set forth in Addendum A – Support and Service Level Agreement (“SSLA”), unless otherwise specified in the applicable Order Form. The SSLA is not applicable to Free/Trial Use Services, Beta Services, or Deployment Services.
4.4 Standard Support. For paid Subscriptions, NowSecure will provide Customer with its standard support for the Services as specified in the SSLA, unless otherwise specified in the applicable Order Form. Support for Free/Trial Use Services will be provided in NowSecure’s sole discretion.
4.5 Updates. NowSecure may Update the Services from time to time. The term “Update” means making modifications to any feature or functionality of the Services that are: (a) enhancements to the Services; (b) necessary for the stability or security of the Services; or (c) in the opinion of legal counsel, reasonably necessary in order for NowSecure to comply with applicable law or third-party restrictions. If an Update removes a material feature or functionality of the Service, NowSecure will use commercially reasonable efforts to inform Customer of the removal at least thirty (30) days prior to release of the Update, except in the event the Update is being made in connection with subsection (b) or (c) above, in which case NowSecure will notify Customer within a commercially reasonable period of time after release of the Update. If in Customer’s reasonable judgment an Update removes a material feature or function, which negatively impacts Customer’s benefit of using the Services, Customer may notify NowSecure of such negative impact within thirty (30) days after the release of the Update, and NowSecure shall cure the negative impact within forty-five (45) days. If after such cure period NowSecure has not provided a sufficient remedy, Customer may terminate the affected Subscription, without penalty, upon written notice. In such case, termination shall be without penalty and NowSecure shall refund the pro rata amount of any whole months of prepaid fees for unused Services. NowSecure’s foregoing duty to cure negative impacts of an Update shall not apply to functions that are wholly dependent on mobile platform components outside of NowSecure’s control.
4.6 Customer Data Export and Removal. NowSecure will provide access and functionality to export Customer Data from the Services in an industry-standard format throughout the applicable Subscription term and for thirty (30) days after termination. NowSecure will delete Customer Data (a) upon termination or expiration of all Services hereunder; (b) upon written request from Customer delivered via support request as defined in Addendum A; or (c) automatically within the Services when delete features are utilized by a User with appropriate permissions.
5. CUSTOMER RESPONSIBILITIES.
5.1 Customer Software and Equipment. Customer is responsible for purchasing, installing, and maintaining all hardware, software, and communications equipment (except for Equipment and Software) identified in the applicable Documentation as the minimum necessary to access and use the Services, and for paying all third-party access charges (e.g., ISP, telecommunications, Integration Application fees) incurred while using the Services.
5.2 Replacement of Equipment. Customer is responsible for safeguarding the Equipment in its possession or control. If the Equipment is inoperable or malfunctioning upon delivery to Customer, NowSecure will replace such Equipment free of charge. However, if the Equipment is lost, stolen, damaged, or becomes inoperable while in Customer’s possession or control, Customer shall be responsible for all replacement costs, including shipping charges, customs taxes or duties, and all other related taxes.
5.3 Actions of Users. Customer is solely responsible for the actions of its Users in connection with their use of Customer’s Account, the Services, the Documentation, and the Equipment, and Customer will ensure that all of its Users abide by the Terms and all applicable laws, rules, and regulations.
5.4 Account Access. Customer is responsible for maintaining the security of its Account and each of its User’s Credentials, all Services ordered, accessed, or otherwise used in connection with its Account and its Users’ Credentials, and all actions taken in association therewith. Customer will not share its Account or its Users’ Credentials with any third-party, and Customer will promptly notify NowSecure if its Account or its Users’ Credentials have been compromised.
5.5 Data Authorization. Customer is solely responsible for ensuring it and its Users have all necessary rights, authorizations, and consents to use and share Customer Data as contemplated by these Terms.
5.6 Data Backup. NowSecure will implement reasonable measures to ensure data backup for the Hosted Services, in order to provide continuity of service in accordance with the SSLA (Addendum A). Notwithstanding the foregoing, Customer and its Users may modify, delete, or remove Customer Data stored in Customer’s Account using provided features and functions. Customer acknowledges and agrees that the Hosted Services do not contain an inherent archival backup (for example, to retrieve prior versions of modified, deleted, or removed Customer Data) and that Customer is responsible for making its own data backups for any archival purpose using the provided data APIs. NowSecure is not responsible for the modification, deletion, or removal of Customer Data by Customer or its Users.
6.1 Ownership. As between NowSecure and Customer, NowSecure and its licensors own all rights, title, and interest in and to the Services, Hosted Services, Deployment Services, Software, Documentation, and Pre-Existing Content, including all related intellectual property rights, and Customer owns all rights, title, and interest in and to Customer Data. Customer shall own all Customer Reports; however, to the extent Customer Reports contain Pre-Existing Content, NowSecure grants Customer a worldwide, perpetual, irrevocable, non-exclusive license to have, use, reproduce, and distribute such Pre-Existing Content in conjunction with its use of Customer Reports. NowSecure reserves the right to retain and use System Data without restriction. No rights are granted by either party to the other except those expressly set forth herein.
6.2 Customer License to NowSecure. Customer grants NowSecure a limited, nonexclusive, nontransferable, worldwide license to host, copy, transmit, use, display, and/or process Customer Data for the duration of the Subscription period and any applicable retention period, solely for the purpose of providing the Services to Customer.
6.3 Feedback. Customer and its Users may provide NowSecure with ideas, opinions, recommendations, feedback, or advice in connection with Customer’s use of the Services, including Free/Trial Use Services (collectively “Feedback”). If Customer or its Users submit Feedback to NowSecure, Customer grants NowSecure an irrevocable, perpetual, transferable, non-exclusive, fully-paid-up, royalty-free, worldwide license (sublicensable through multiple tiers) to: (a) use, copy, distribute, reproduce, modify, create derivative works of, adapt, publish, translate, publicly perform, and publicly display such Feedback (or any modification thereto), in whole or in part, in any format, medium, or application now known or later developed; and (b) use, and permit others to use, Feedback in any manner and for any purpose (including, without limitation, commercial purposes) that NowSecure deems appropriate in its discretion (including, without limitation, incorporating Feedback, in whole or in part, into any technology, product, or service). The Feedback license shall not be construed as granting NowSecure any rights to Customer’s preexisting intellectual property.
7.1 Fees. Customer agrees to pay all Fees specified in the applicable Order Form. Unless otherwise expressly set forth in the Terms or the applicable Order Form: (a) all fees and payment obligations are noncancelable and nonrefundable; (b) quantities purchased cannot be decreased during the Subscription term; and (c) Fees are due in advance for the Subscription term.
7.2 Invoicing and Payment. Customer shall provide complete and accurate billing and contact information to NowSecure and promptly notify NowSecure of any changes to such information (or notify Reseller, if applicable). NowSecure shall deliver a commercial invoice to Customer after acceptance of an Order Form, and unless otherwise stated in the applicable Order Form, Fees are due Net thirty (30) days from the date the invoice is received.
7.3 Taxes. Fees are stated exclusive of all applicable duties, tariffs, and taxes. Customer agrees to pay, in addition to the Fees, all applicable duties, tariffs, taxes, and similar government mandated charges which result from its purchase of Services, except taxes based on NowSecure’s own income. Each party will provide and make available to the other party any exemption certificates, treaty certification, or other exemption information reasonably requested by the other party.
7.4 Future Functionality. Customer agrees that its purchase of the Services is not contingent on the delivery of any future feature or functionality, or dependent on any representations or statements made by NowSecure or any other party regarding future features or functionality.
8. FREE/TRIAL USE SERVICES & BETA SERVICES.
8.1 Free/Trial Use. NowSecure may, in its discretion, provide Customer or its Users with access to certain Services on a Free/Trial Use basis. If so, Customer and its Users may use such Services for its internal evaluation until the earlier to occur of: (a) the date specified in the applicable Order Form; (b) the start date of Customer’s paid Subscription for the Free/Trial Use Services; or (c) the end date identified in any notice from NowSecure terminating the Free/Trial Use period. If Customer ends a paid Subscription without notice to NowSecure, NowSecure may convert Customer to a Free/Trial Subscription. Additional terms and conditions may accompany the Free/Trial Use Services, and any such additional terms and conditions are hereby incorporated into these Terms. Any Customer Data, personalized configurations, or output generated by or as a result of using the Services during the Free/Trial Use period may be permanently lost unless Customer procures a paid Subscription for such Services prior to the end of the Free/Trial Use period.
8.2 Beta Services. NowSecure may, in its discretion, make available to Customer and its Users certain Beta Services. If so, Customer and its Users may use such Beta Services for internal evaluation. Customer understands and agrees that such Beta Services: (a) may be available for a temporary period and may be removed or modified at any time; (b) may not ultimately be incorporated into commercially available Services; and (c) may contain errors or undocumented functionality. Customer Data and configurations specifically related to a Beta Service may not be retained if the Beta Service is discontinued.
8.3 Disclaimer. ALL FREE/TRIAL USE AND BETA SERVICES ARE PROVIDED “AS-IS” AND WITHOUT ANY WARRANTY AND ARE EXCLUDED FROM ANY REPRESENTATIONS OR WARRANTIES SET FORTH IN THESE TERMS.
9.1 Confidential Information. In connection the relationship and obligations created by these Terms, NowSecure and Customer may deliver to each other Confidential Information (the party disclosing such information or materials being the “Disclosing Party” and the party receiving such information or materials being the “Receiving Party”). “Confidential Information” means nonpublic information that Disclosing Party designates as being confidential or proprietary, or which under the circumstances surrounding disclosure reasonably ought to be treated as confidential. Confidential Information includes, without limitation, (a) information relating, in whole or in part, to released or unreleased Disclosing Party’s technical, financial, pricing, customer, client, member, personnel, regulatory, and/or other organization information in written, graphic, oral, visual or other tangible or intangible forms including, but not limited to, financial statements and other financial data, specifications, patent applications, records, data, computer programs, drawings, schematics, know-how, notes, models, reports, policies, processes, and samples; (b) proprietary or confidential material or trade secrets of Disclosing Party, Disclosing Party software or hardware products, the marketing or promotion of any Disclosing Party product, Disclosing Party’s organization policies or practices, and information received or derived from third parties that Disclosing Party is obligated to treat as confidential; (c) the names, addresses, telephone numbers, e-mail addresses, assets, or other nonpublic personal information regarding the parties’ clients and consumers. Customer Confidential Information includes Customer Data, and NowSecure Confidential Information includes the Services, Documentation, Pre-Existing Content, and all Public Reports and pricing terms related thereto. Confidential Information excludes information that the Receiving Party can demonstrate, through written or other documentary records: (a) was rightfully in the Receiving Party’s possession without obligation of confidentiality prior to receipt from the Disclosing Party; (b) has become publicly known or is otherwise generally available to the public through no action or fault of the Receiving Party; (c) was rightfully furnished to the Receiving Party by a third-party without restriction on disclosure or use; or (d) was independently developed by the Receiving Party without use of or reference to the Disclosing Party’s Confidential Information.
9.2 Protection of Confidential Information. The Receiving Party will: (a) hold the Confidential Information of the Disclosing Party in trust and confidence and not disclose such Confidential Information to any third-party except as provided herein; (b) not use the Confidential Information of the Disclosing Party for any purpose except for the purposes described in the Terms; (c) use the same degree of care to protect the Disclosing Party’s Confidential Information as it uses to protect the confidentiality of its own confidential information of like kind, but in no event less than a reasonable degree of care; and (d) except as otherwise authorized by the Disclosing Party in writing, limit disclosure of the Disclosing Party’s Confidential Information to its Affiliates, financial and legal advisors, its employees or agents who have a need to know and who are bound, either in connection with their relationship, employment, or representation, by confidentiality obligations no less restrictive than the confidentiality obligations contained herein. Receiving Party accepts responsibility for the actions of its agents or employees to whom it has disclosed Confidential Information. Neither Customer nor its Users shall remove or destroy any proprietary markings or restrictive legends placed upon or contained in the Services, the Documentation, or output generated thereby. Receiving Party shall promptly notify the Disclosing Party upon becoming aware of a breach or threatened breach hereunder, and shall cooperate with any reasonable request of the Disclosing Party in enforcing its rights.
9.3 Public Reports. Public Reports are security and vulnerability reports accessible via the Services for publicly available mobile applications which have been independently tested by NowSecure without use or inclusion of any Customer Data. Public Reports are Pre-Existing Content. For purposes of clarification, and without limiting the foregoing confidentiality obligations, Public Reports are strictly for Customer’s internal organization use only and may not be published, stored, or otherwise made available in any location where anyone other than Customer or its Users can access them, except as follows: Customer may perform limited sharing of Public Reports with an unaffiliated party only under duty of non-disclosure, and in direct performance of its regular organization functions. If Customer shares Public Reports, as provided above, Customer must retain any and all markings restricting use or dissemination on a Public Report so shared.
9.4 Compelled Disclosure. The Receiving Party may disclose Disclosing Party’s Confidential Information in response to a court order, or as otherwise required by law, provided that: (a) the Receiving Party gives the Disclosing Party prior notice of the required disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party’s cost, if the Disclosing Party wishes to contest the disclosure or obtain a protective order prior to disclosure; and (b) the Receiving Party discloses only that portion of the Confidential Information that, in the opinion of its legal counsel, the Receiving Party is legally required to disclose.
9.5 Survival. Receiving Party’s obligations regarding Confidential Information will survive the expiration or termination of the Terms, and all obligations of confidentiality and non-disclosure shall continue for three (3) years after the expiration or termination of these Terms, except such obligations of confidentiality and non-disclosure will survive with respect to trade secrets for so long as any such Confidential Information remains a trade secret under applicable law.
10. REPRESENTATIONS, WARRANTIES, AND DISCLAIMERS.
10.1 Mutual Representations. Each party represents and warrants to the other that: (a) it has all necessary right, power, and authority, and has taken all necessary action to enter into and perform its obligations under the Terms and to grant the rights granted to the other party herein; (b) it will abide by all laws, rules, and regulations applicable to its performance under the Terms; and (c) its execution and performance of the Terms will not violate or conflict with the rights of any third-party or with any confidentiality or other agreement to which it is a party or by which it is bound.
10.2 NowSecure Representations. NowSecure represents and warrants to Customer that: (a) the Services (except for Free/Trial Use and Beta Services) will function in all material respects in conformity with the applicable Documentation; and (b) the Services will not knowingly contain any Harmful Content. The warranties set forth herein shall not apply to any error, interruption, other non-conformity, or Harmful Content caused by: (i) Customer’s use of the Service not in conformity with the applicable Documentation; (ii) Customer’s or any third-party’s network, equipment, hardware, or software; (iii) Customer Data; or (iv) Customer’s breach of the Terms.
10.3 Customer Warranties. Customer represents and warrants to NowSecure that: (a) it owns, or has obtained from the owner of, all authorizations, consents, permissions, and licenses necessary for Customer and NowSecure to utilize Customer Data in connection with the Services, and for the Services to process and store Customer Data in the manner identified in the Documentation and these Terms; (b) Customer Data does not and will not infringe, misappropriate, or otherwise violate any Intellectual Property Rights or any privacy or other rights (including contractual rights) of any third-party or violate any applicable law; and (c) Customer Data does not and will not contain any Harmful Content.
10.4 Disclaimers. UNLESS OTHERWISE EXPRESSLY SET FORTH HEREIN, CUSTOMER’S USE OF THE SERVICES WILL BE AT ITS OWN RISK AND ALL SERVICES ARE PROVIDED “AS IS”, “AS AVAILABLE”, AND “WITH ALL FAULTS”, AND NOWSECURE AND ITS LICENSORS DISCLAIM ALL WARRANTIES, CONDITIONS, AND REPRESENTATIONS, WHETHER STATUTORY, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES, CONDITIONS AND REPRESENTATIONS OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT AND ALL WARRANTIES, CONDITIONS, AND REPRESENTATIONS ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. NOWSECURE MAKES NO WARRANTIES, CONDITIONS, OR REPRESENTATIONS ABOUT: (A) THE ABILITY OF THE SERVICES TO PERFORM WITHOUT LIMITATION OR RESTRICTION IN ANY GIVEN ENVIRONMENT; (B) THE ACCURACY, COMPLETENESS, OR CONTENT OF THE SERVICES (SPECIFICALLY INCLUDING ANY REPORT GENERATED OR OBTAINED THROUGH USE OF THE SERVICES); AND (C) THIRD-PARTY PRODUCTS, AND NOWSECURE ASSUMES NO LIABILITY OR RESPONSIBILITY THEREWITH. THE REFERENCE TO, OR AVAILABILITY OF, THIRD-PARTY PRODUCTS IN CONNECTION WITH THE SERVICES DOES NOT CONSTITUTE, AND WILL NOT BE CONSTRUED AS CONSTITUTING, AN ENDORSEMENT, AUTHORIZATION, SPONSORSHIP, OR AFFILIATION BY OR WITH NOWSECURE WITH RESPECT TO SUCH THIRD-PARTY PRODUCTS. CUSTOMER ACKNOWLEDGES AND AGREES THAT NOWSECURE EXERCISES NO CONTROL OVER, AND ACCEPTS NO RESPONSIBILITY FOR, CUSTOMER’S COMPLIANCE WITH ANY LAW, RULE, REGULATION, OR THIRD-PARTY CONTRACTUAL OBLIGATION APPLICABLE TO CUSTOMER OR ITS USERS USE OF THE SERVICES OR CUSTOMER DATA. NO ORAL OR WRITTEN INFORMATION OR ADVICE PROVIDED BY NOWSECURE OR ANY OF ITS EMPLOYEES WILL CREATE A WARRANTY, CONDITION, OR REPRESENTATION OF ANY KIND. THE FOREGOING DISCLAIMER WILL APPLY TO THE FULLEST EXTENT PERMITTED BY LAW, AND WILL SURVIVE ANY TERMINATION OR EXPIRATION OF THESE TERMS. SOME JURISDICTIONS MAY NOT ALLOW THE EXCLUSION AND/OR LIMITATION OF IMPLIED REPRESENTATIONS, CONDITIONS, OR WARRANTIES OR ALLOW LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS, SO THE ABOVE LIMITATIONS OR EXCLUSIONS MAY NOT APPLY TO CUSTOMER. IN SUCH EVENT, NOWSECURE’S WARRANTIES, CONDITIONS, AND REPRESENTATIONS WILL BE LIMITED TO THE GREATEST EXTENT PERMITTED BY APPLICABLE LAW IN SUCH JURISDICTION.
10.5 High Risk Activities. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING DISCLAIMERS, THE SERVICES, AND ANY RESULTS OBTAINED FROM THE SERVICES, ARE NOT INTENDED FOR USE IN THE OPERATION OF, OR IN CONNECTION WITH THE OPERATION OF, NUCLEAR OR CHEMICAL PROCESSING FACILITIES, AIRCRAFT NAVIGATION OR COMMUNICATION SYSTEMS, AIR TRAFFIC CONTROL SYSTEMS, LIFE SUPPORT MACHINES, OR OTHER EQUIPMENT OR SYSTEMS IN WHICH THE FAILURE OF THE SERVICES COULD LEAD TO DEATH, PERSONAL INJURY, OR SEVERE PHYSICAL OR ENVIRONMENTAL DAMAGE.
11.1 NowSecure’s Indemnification of Customer. With the exception of Free/Trial Use and Beta Services, NowSecure shall indemnify, defend, and hold Customer harmless against any losses, damages, or expenses, including attorneys’ fees and costs, incurred by Customer as a result of any suit, proceeding, claim, demand or other legal action (“Claim”) alleging that Customer’s authorized use of the Services infringes on a third-party’s intellectual property rights. NowSecure will not have any obligation to indemnify, defend, or hold Customer harmless where the Claim could have been avoided but for Customer’s: (a) access to or use of the Services in combination with any hardware, system, software, network, or other materials or services not provided or authorized in writing by NowSecure; (b) modification of the Services or modifications made on Customer’s behalf; (c) failure to timely implement any modifications, upgrades, replacements, or enhancements made available to Customer by NowSecure; or (d) breach of the Terms. If NowSecure receives information about an infringement claim related to the Services, NowSecure may in its discretion: (i) modify the Services so that they no longer infringe, but are substantially, functionally equivalent; (ii) obtain a license for Customer’s continued use of the affected Services; or (iii) terminate Customer’s Subscription for the affected Service upon thirty (30) days’ written notice with a refund of any unused, prepaid fees. NowSecure will not have any obligation to indemnify, defend, or hold Customer harmless for any alleged or actual infringement, or damages related thereto, resulting from Customer’s continued use of the affected Service after NowSecure’s written notice to Customer to cease use thereof in order to avoid further infringement.
11. Customer’s Indemnification of NowSecure. To the fullest extent permitted by law, Customer and/or its Affiliates shall indemnify, defend, and hold NowSecure and its parents, subsidiaries, officers, employees, directors, agents, and representatives (“NowSecure Indemnified Parties”) harmless against any losses, damages, or expenses, including attorneys’ fees and costs, incurred by NowSecure Indemnified Parties as a result of any Claim alleging that Customer Data, NowSecure’s authorized use of Customer Data, or Customer’s use of the Service in breach of the Terms infringes on a third-party’s intellectual property or contractual rights. Customer shall not have any obligation to indemnify, defend, or hold NowSecure Indemnified Parties harmless where the Claim could have been avoided but for NowSecure’s modification of Customer Data in violation of these Terms.
11.3 Indemnification Requirements. The following requirements apply to any Claim under Sections 11.1 and 11.2: (a) the indemnified party shall provide prompt written notice to the indemnifying party of the Claim; (b) the indemnified party shall tender to the indemnifying party sole control of the defense and settlement negotiations related to the Claim; (c) the indemnified party shall reasonably assist (at indemnifying party’s expense) in the defense or settlement of the Claim; (d) the indemnified party shall avoid taking any action that would be prejudicial to the defense of the Claim; (e) the indemnified party agrees to take all reasonable steps to mitigate losses; (f) the indemnifying party may not settle any Claim in any manner that imposes any admission of guilt or liability on the indemnified party without the prior written consent of the indemnified party; and (g) the indemnified party may participate in the defense of the Claim, at its expense, with counsel of its choice.
12. LIMITATION OF LIABILITY.
12.1 Direct Damages. EXCEPT AS OTHERWISE PROVIDED IN SECTION 12.4, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY, OR ANY THIRD-PARTY, FOR AN AMOUNT GREATER THAN THE TOTAL FEES PAID OR PAYABLE TO NOWSECURE FOR THE SERVICES IN THE TWELVE (12) MONTHS PRECEDING THE DATE ON WHICH THE LIABILITY AROSE. THE ABOVE LIMITATIONS WILL APPLY WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY.
12.2 Limitations. EXCEPT AS OTHERWISE PROVIDED IN SECTION 12.4, TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL EITHER PARTY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, EXEMPLARY, SPECIAL, PUNITIVE, OR CONSEQUENTIAL LOSS, DAMAGE, COST, OR EXPENSE WHATSOEVER, INCLUDING WITHOUT LIMITATION, ANY LOSS OF PRODUCTION, LOSS OR CORRUPTION OF DATA, LOSS OF PROFITS OR OF CONTRACTS, OR LOSS OF BUSINESS OR OF REVENUES UNDER ANY THEORY OF LIABILITY, WHETHER BASED IN CONTRACT, TORT, NEGLIGENCE, PRODUCT LIABILITY, BREACH OF WARRANTY, MISREPRESENTATION OR OTHERWISE. THIS LIMITATION WILL APPLY REGARDLESS OF WHETHER A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF THOSE DAMAGES AND REGARDLESS OF WHETHER ANY REMEDY FAILS OF ITS ESSENTIAL PURPOSE. EACH PARTY ACKNOWLEDGES THAT IT UNDERSTANDS THE LEGAL AND ECONOMIC RAMIFICATIONS OF THE FOREGOING LIMITATIONS, AND THAT THE FOREGOING LIMITATIONS FORM AN ESSENTIAL BASIS OF THE BARGAIN BETWEEN THE PARTIES, AND THAT, ABSENT SUCH LIMITATIONS, THE TERMS, INCLUDING, WITHOUT LIMITATION, ANY ECONOMIC TERMS, WOULD BE SUBSTANTIALLY DIFFERENT. THE EXCLUSIONS AND LIMITATIONS IN SECTION 12 WILL SURVIVE ANY TERMINATION OR EXPIRATION OF THE TERMS.
12.3 Limitations Period. ANY CAUSE OF ACTION ARISING OUT OF OR RELATED TO THE SERVICES MUST BE COMMENCED WITHIN ONE (1) YEAR AFTER THE CLAIM OR CAUSE OF ACTION ACCRUES, OTHERWISE SUCH CLAIM AND CAUSE OF ACTION WILL BE PERMANENTLY BARRED.
12.4 Exceptions. The exclusions and limitations set forth in this Section 12 shall not apply to claims or allegations arising from: (a) a party’s gross negligence or willful misconduct; (b) a party’s breach of its confidentiality obligations herein; (c) a party’s indemnification obligations herein; (d) Customer’s breach of Section 3.2 or 3.3; or (e) Customer’s failure to pay undisputed Fees. Some jurisdictions may not allow the exclusion or limitation of consequential, incidental, special, or other damages, so the above limitations or exclusions may not be allowed, and in such event, the liability of NowSecure and its licensors shall be limited to the fullest extent permitted by law in such Jurisdiction.
13. TERM AND TERMINATION.
13.1 Term. The Terms are effective as of the date Customer accepts them pursuant to Section 1 and will continue to bind the parties until the earlier of: (a) termination by either party in accordance with this Section 13; or (b) twelve (12) months after termination or expiration of all Subscriptions (including Free/Trial Use). The term of the applicable Subscription shall be as specified in the relevant Order Form.
13.2 Termination for Cause. Either party may terminate the Terms, individual Order Forms, or individual Subscriptions immediately upon written notice to the other party if: (a) the other party commits any material breach of the Terms and fails to cure such breach within thirty (30) days after written notice thereof from the non-breaching party; or (b) if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation, or assignment for the benefit of creditors, or otherwise becomes generally unable to pay its debts. In addition, Customer may terminate the Terms, individual Order Forms, or individual Subscriptions immediately upon notice to NowSecure as provided in the SSLA (Addendum A). If the Terms, individual Order Forms, or individual Subscriptions are terminated by Customer for cause under this Section 13.2, NowSecure agrees to refund Customer’s prepaid Fees covering whole months of the applicable Subscription period remaining after the effective date of termination. If the Terms, individual Order Forms, or individual Subscriptions are terminated by NowSecure for cause, Customer agrees to pay any unpaid Fees for the entire Subscription period for the terminated Services.
13.3 Termination for Convenience. Upon thirty (30) days prior written notice, Customer may terminate the Terms, individual Order Forms, or individual Subscriptions at its convenience. Either party may terminate the Terms if there are no active Subscriptions upon thirty (30) days prior written notice. In no event will termination of the Terms under this Section 13.3 relieve Customer of its obligation to pay any Fees for Services it procured prior to such termination or entitle Customer to a refund for any Fees already paid by Customer for the Services.
13.4 Effect of Termination of Terms. If the Terms are terminated for any reason: (a) all Order Forms and Subscriptions will terminate; (b) all rights, licenses, consents, and authorizations granted by either party to the other will immediately cease; (c) NowSecure will disable Customer’s Account and its Users’ access to all Services; (d) Customer shall pay for all Subscriptions up to the effective date of termination, which in the case of annual Subscriptions or longer shall be the full amount, and any termination Fees if specified in the relevant Order Form (except where Customer is terminating the Terms for cause as provided in Section 13.2); (e) Customer and its Users will immediately cease all use of the Services; (f) Customer may export Customer Data and NowSecure will delete Customer Data in accordance with Section 4.6; and (g) for all other Confidential Information the Receiving Party will promptly destroy, or at the Disclosing Party’s request return, all Confidential Information of the Disclosing Party. Notwithstanding anything to the contrary in the foregoing, with respect to Confidential Information of the Disclosing Party that may reside in electronic form in the Receiving Party’s backups, archives, and disaster recovery systems, the Receiving Party may retain such Confidential Information for the period required by applicable law, or for the period that is consistent with the Receiving Party’s standard electronic records retention policies applicable to the media on which such Confidential Information is stored, whichever is longer. Upon expiration of the applicable period, the Receiving Party will erase, destroy, or overwrite the media containing the Disclosing Party’s Confidential Information. The confidentiality obligations contained in these Terms shall continue to bind the Receiving Party until such time as the Disclosing Party’s Confidential Information is returned, erased, destroyed, or overwritten.
13.5 Effect of Termination of Individual Order Forms or Subscriptions. In the event of expiration or termination of individual Order Forms or Subscriptions for any reason, upon the effective date of such expiration or termination: (a) all rights, licenses, consents, and authorizations granted by either party to the other under the affected Order Forms or Subscriptions will cease immediately; (b) NowSecure will disable Customer’s and its Users’ access to all affected Services; (c) Customer shall pay for all Subscriptions up to the effective date of termination, which in the case of annual Subscriptions shall be the full amount, and any termination Fees if specified in the relevant Order Form (except where Customer is terminating the Terms for cause as provided in Section 13.2); and (d) Customer and its Users will immediately cease all use of the affected Services.
13.6 Suspension of Access. NowSecure reserves the right to suspend Customer’s and its Users’ access to Services in the event of a breach of Section 3 by Customer or its Users, or if Customer fails to pay undisputed Fees in accordance with these Terms within sixty (60) days of the applicable due date. If NowSecure suspends Customer’s access to Services, it will notify Customer in writing, and shall restore access when the breach is cured (if capable of cure) and/or undisputed Fees are paid in full, as applicable.
14. DATA PRIVACY LAWS.
Customer and NowSecure agree to comply with all applicable data protection and privacy laws, including but not limited to California Consumer Privacy Act (“CCPA”) and General Data Protection Regulation (“GDPR”), while operating under these Terms. Customer shall ensure that any and all information or data, including without limitation, personal information and data, used by Customer in connection with the Services is collected, processed, transferred, and used in full compliance with applicable data protection laws and that it has all obtained all necessary authorizations and consents from any data subjects to process personal information and data. Customer shall adopt and maintain appropriate organizational, technical, and security measures prior to any such collection, processing, or transfer in order to protect against unauthorized access to or use of personal information and data. If required by applicable data protection and privacy laws, the parties will enter into standard contractual clauses under GDPR for the transfer of any Customer Data outside of the European Union.
The Services may interoperate with Integration Applications. Customer acknowledges and agrees that if it utilizes Integration Applications, it is solely responsible for obtaining all necessary use rights from the applicable third-party, and NowSecure shall have no obligation to Customer in connection with such Integration Applications (including without limitation any support obligation).
16.1 Notices. Except as otherwise specified by the Terms, all notices, permissions, and approvals shall be in writing and shall be deemed to have been given upon: (a) the second organization day after proper mailing; or (b) the first organization day after successfully sending by email; provided email alone shall not be sufficient to establish notice of an indemnification Claim. For notices sent by NowSecure to Customer, such notices will be sent to the applicable address or email address identified in Customer’s Account, and for notices by Customer to NowSecure, such notices shall be sent to the applicable address or email address identified below:
Attention: Legal Department
141 W. Jackson Boulevard, Suite 2100
Chicago, IL 60604
16.2 Mediation. If a dispute arises out of or relates to these Terms or the breach thereof, and if the dispute cannot be settled through direct discussions or negotiation, the parties agree first to try in good faith to settle the dispute by mediation administered by the American Arbitration Association under its Commercial Mediation Procedures before resorting to arbitration, litigation, or any other dispute resolution procedure. The place of mediation shall be Chicago, Illinois, U.S.A, and the language of the mediation shall be English.
16.3 Governing Law. The Terms shall be governed by and construed in accordance with the laws of the State of New York, U.S.A. without regard to its conflict of law provisions. The parties agree that (i) the United Nations Convention on Contracts for the International Sale of Goods shall not apply to these Terms, and (ii) the Uniform Computer Information Transactions Act shall not apply to these Terms, even if any performance under these Terms would implicate the laws of a jurisdiction which has adopted such laws/acts.
If Customer is incorporated in, or if Customer is an individual and a resident of the U.S.A., each party consents to, and agrees that each party is subject to, the exclusive jurisdiction of the state and federal courts of the State of New York with respect to any action for enforcement of or any dispute arising out of these Terms.
If Customer is incorporated, or if Customer is an individual and resides outside of the U.S.A., each party consents to, and agrees that each party is subject to, arbitration administered by the International Centre for Dispute Resolution with respect to any action for enforcement of or any dispute arising out of these Terms. The arbitration shall be administered in accordance with the International Arbitration Rules for the time being in force. The seat of the arbitration shall be in Chicago, Illinois, U.S.A., the Tribunal shall consist of one (1) arbitrator, and the language of the arbitration shall be English.
16.4 Force Majeure. Except for payment obligations, each party shall be excused from failure to perform its obligations hereunder if such failure results from causes beyond its reasonable control, including without limitation, acts of God, pandemic or epidemics, acts of civil or military authority, civil unrest, insurrections, war, terrorist acts, boycotts, embargoes, labor strikes, natural disasters, or internet or telecommunications failures (collectively “Force Majeure Events”). If a Force Majeure Event prevents or delays a party’s performance, it will promptly notify the other party in writing, and will use all commercially reasonable efforts to resume performance if and when possible. Either party may terminate the Terms if a Force Majeure Event prevents or delays performance for a period of thirty (30) days or more.
16.5 Export Compliance. The Software, Equipment, and Documentation may be subject to U.S. export control laws, and may be further subject to export or import regulations in other countries. If such regulations are applicable, Customer agrees to comply with all such regulations and acknowledge that it is Customer’s responsibility to obtain all necessary licenses to import and re-export the Software, Equipment, and Documentation outside the U.S. The Software, Equipment, and Documentation may not be distributed (or downloaded in the case of Software and Documentation), or otherwise exported or re-exported: (a) into, or to a national or resident of, any country to which the U.S. at any time has embargoed goods or trade restrictions; or (b) to anyone on the U.S. Treasury Department’s list of Specially Designated Nationals or on the U.S. Commerce Department’s Denied Persons, Denied Entities, and Unverified lists.
16.6 Federal Use. The Software and related Documentation are “Commercial Items,” as that term is defined at 48 C.F.R. Section 2.101, consisting of “Commercial Computer Software” and “Commercial Computer Software Documentation,” as such terms are used in 48 C.F.R. Section 12.212 or 48 C.F.R. Section 227.7202, as applicable. Consistent with 48 C.F.R. Section 12.212 or 48 C.F.R. Section 227.7202-1 through 227.7202-4, as applicable, the Commercial Computer Software and Commercial Computer Software Documentation are being licensed to U.S. Government end users (a) only as Commercial Items and (b) with only those rights as are granted to all other end users pursuant to the terms and conditions herein. Unpublished rights are reserved under the copyright laws of the United States.
16.7 Purchase Order Terms. The parties agree that any term or condition stated in a purchase order, or similar purchase documentation provided by Customer, will be inapplicable and is hereby disclaimed.
16.8 Assignment. Neither party may assign or otherwise transfer any of its rights or obligations hereunder, whether voluntarily, involuntarily, by operation of law or otherwise, without the other party’s prior written consent, which will not be unreasonably withheld. Notwithstanding the foregoing, either party may assign or otherwise transfer its rights or obligations under the Terms by operation of law or otherwise in connection with a change in control, defined as a sale of 51% or more of the company’s ownership, or the sale of all or substantially all of the assets of such party, or the assets to which the Terms pertains, without the other party’s prior written consent (“Change of Control”), provided that the party subject to the Change of Control notifies the other party in writing of such Change of Control within thirty (30) days thereafter. If a Change of Control is to a direct competitor of the non-assigning party, then the non-assigning party will have the right to terminate these Terms immediately upon written notice. Subject to the foregoing, the Terms will bind and inure to the benefit of the parties, their respective successors, and permitted assigns. Any nonconforming assignment or transfer shall be null and void.
16.9 Relationship of the Parties. Nothing in the Terms shall be deemed to create a joint venture, partnership, or agency relationship between the parties or be deemed to authorize either party to incur any liabilities or obligations on behalf of, or in the name of, the other.
16.10 Third-Party Beneficiaries. There are no third-party beneficiaries under the Terms. Customer’s Users, specifically, are not third-party beneficiaries under the Terms.
16.11 No Waiver. The failure of a party to take any action or to demand compliance with the Terms shall not be deemed a waiver of any right or remedy of that party, nor shall any action taken pursuant the Terms, including any investigation or any demand for partial relief or for compliance with the Terms in a single instance, be deemed to constitute a waiver by the party taking such action or making such demand of any right or remedy hereunder. In no event will any waiver of any particular term or provision of the Terms or in any particular instance be deemed a waiver of any subsequent occurrence under the same or any other term or provision contained herein. No waiver of any right or remedy shall be binding on any party unless it is in writing and is signed by the party to be charged.
16.12 Survival. The following Sections, and any other right or obligation of the parties in the Terms that, by its nature, should survive termination or expiration of the Terms, will survive any expiration or termination of the Terms: 6.1 Ownership, 6.3 Feedback, 7.1 Fees (to the extent outstanding), 7.3 Taxes (to the extent applicable), 9 Confidentiality, 10 Representations, Warranties and Disclaimers, 11 Indemnification, 12 Limitation of Liability, 16.2 Notices, and 16.3 Governing Law.
16.13 Severability. In the event that any provision contained herein shall for any reason be held invalid, illegal, or unenforceable in any respect by a court of competent jurisdiction, to such extent such provision shall be deemed null and void and severed from the Terms, and the remainder hereof shall remain in full force and effect.
16.14 Construction. The section headings used throughout the Terms are for convenience of reference only and shall have no effect upon the construction or interpretation of the Terms or any part thereof. The use of the singular or plural form shall include the other form and the use of the masculine, feminine, or neuter gender shall include the other genders. In construing or interpreting the Terms, the word “including” shall not be limiting, and the words “hereunder” and “herein” mean within the Terms, including its attachments. The parties agree that any principle of construction or rule of law that provides that an agreement shall be construed against the drafter shall not apply to the Terms.
16.15 Entire Agreement. The Terms, including all addenda, relevant Order Forms, other attachments, and any associated terms and policies referenced and incorporated hereunder and thereunder, comprise the entire agreement regarding Customer’s use of the Services and supersedes all prior and contemporaneous agreements, proposals, or representations, written or oral, concerning its subject matter
ADDENDUM A – SUPPORT AND SERVICE LEVEL AGREEMENT
This Support and Service Level Agreement (“SSLA”) provides the standards and procedures for product support, issue reporting, and response times for Services, and uptime commitment for Hosted Services. The SSLA is not applicable to Free/Trial Use Services, Beta Services, or Deployment Services. This SSLA incorporates the Terms and any capitalized terms not defined in this SSLA will have the meanings set forth in the Terms.
“Available” means all material functions of the Services are operational.
“Business Hours” means NowSecure’s standard organization operating hours, Monday through Friday (excluding U.S. holidays) from 8:00 a.m. to 6:00 p.m. U.S. Central Time.
“Critical Issues” means major issues preventing all or nearly all effective use of the affected Service, or high security risk reports.
“Downtime” means a period when the Hosted Services are not Available, outside of Scheduled Maintenance Periods, for reasons other than Exclusions.
“Exclusions” means any period when the Hosted Services are not available: (a) caused by factors outside of NowSecure’s reasonable control, including any Force Majeure Event or network outage or disruption outside the data center hosting the Hosted Services; (b) that results from any action or inaction by Customer or any third-party acting on Customer’s behalf; (c) caused by Customer’s software or hardware, or third-party software or hardware not supplied by NowSecure; or (d) arising from NowSecure’s suspension or termination of Customer’s Subscription in accordance with the Terms.
“Product Support” means written or verbal information provided for user assistance, troubleshooting, and advice regarding the access to and use of the Services.
“Regular Issues” means common problems, user questions, or less-serious bugs.
“Scheduled Maintenance” means limited pre-announced time periods when Services have reduced functionality or become unavailable for purposes of scheduled maintenance.
“Serious Issues” means significant issues preventing effective use of one or more Service features, or medium security risk reports.
“Uptime Percentage” means the proportion of time during each calendar month when the Services are Available, as a percentage (Available minutes/total minutes), where total minutes in the month excludes Scheduled Maintenance and other Exclusions (both defined herein).
2. STANDARD BUSINESS PRODUCT SUPPORT.
2.1 Product Support. NowSecure will provide Product Support to the Customer and its Users, via website, telephone, email, and other methods made available by NowSecure. NowSecure may limit the number of Users eligible for Product Support on certain Services, but at least two (2) will be allowed for all Subscriptions.
2.2 Support Contacts. Specific support phone numbers and email contacts (“Support Contacts”) are provided at https://support.nowsecure.com, and Customer may submit a support request to the Support Contacts on a 24 hour, 7 days a week over 365 days a year (24/7/365) basis.
2.3 Response Time. For support requests received during Business Hours, NowSecure will respond to Customer’s support requests as follows:
● Within one (1) hour for Critical Issues;
● Within two (2) hours for Serious Issues; and
● Within one (1) organization day for Regular Issues.
2.4 Customer Cooperation. Customer agrees to cooperate and work with NowSecure to reproduce errors, including conducting diagnostic or troubleshooting activities, as reasonably requested and appropriate.
2.5 Case Tracking and Resolution. All support requests are assigned a case ID and tracked through resolution. NowSecure will initiate remediation promptly for Critical and Serious Issues and work until such issues are resolved or an acceptable workaround provided. Any Critical Issue not resolved or remediated through reasonable workaround within two (2) organization hours of NowSecure’s receipt of Customer’s support request will be considered Downtime under the Uptime Commitment, counted from the time NowSecure receives Customer’s initial request.
2.6 Escalation. Customer may escalate any reported Critical or Serious Issues to NowSecure’s VP or Director of Customer Success.
2.7 In-app Live Help. NowSecure may provide an integrated, real-time chat-based help within the Services (“Live Help”) available at certain times, whereby NowSecure personnel directly communicate with a User when such Live Help is initiated by the User. For Live Help sessions, no case ID will be tracked unless specifically requested by the User. NowSecure shall have sole discretion in establishing availability of Live Help.
2.8 Individual App Test Standard. Certain Services enable automated testing of mobile apps on mobile platform versions specified in the Documentation. For technical reasons (including development implementations, test configuration, app security protections, and compatibility issues) a specific app may not complete an automated test cycle, even when such app has completed test(s) in the past. In the case that an app test cycle does not complete, NowSecure will attempt to troubleshoot the cause and assist Customer in any required changes to enable automated test completion. If an app cannot complete automated testing for any reason, NowSecure may, at its option, complete comparable testing with human intervention, or refund Fees related to the affected app. Incompletion of specific app cycle(s) shall not be considered Downtime when the Hosted Services are Available.
3. SERVICE LEVEL STANDARDS.
3.1 Uptime Commitment. NowSecure will make the Hosted Services Available with a minimum of at least 99.5% Uptime Percentage, in each monthly period. In the event NowSecure does not meet the required Uptime Percentage during any calendar month, Customer will be eligible to receive a Service Credit as described below. For clarity, this uptime commitment applies only to annual Subscription based Hosted Services.
3.2 Scheduled Maintenance. Scheduled Maintenance will be performed during non-US organization hours, and unavailability during Scheduled Maintenance will not exceed four (4) hours per month. NowSecure will provide notice to Customer through the NowSecure status portal at least twenty-four (24) hours in advance for Scheduled Maintenance with expected duration of less than one (1) hour, and at least five (5) days in advance for any Scheduled Maintenance which will require suspension of all or the majority of the Services for a period of more than one (1) hour.
3.3 Service Credits. Service credits will be provided, as specified in the following table, for any month NowSecure fails to meet the required Uptime Percentage, subject to the service credit procedures and requirements. Credit days will be applied to Customer’s Subscription by extending the duration of Customer’s Subscription by the specified number of credit days.
Monthly Uptime Percentage
Less than 99.5% but equal to or greater than 99%
Less than 99% but equal to or greater than 95%
Less than 95% but equal to or greater than 90%
Less than 90%
To receive a Service credit, Customer must submit a claim by emailing support within ten (10) days of the end of the month in which the required Uptime Percentage was not met. The email should state “SLA Credit Request” in the subject line, and must specify: (a) the particular Service related to the claim; (b) the dates and times of each Downtime claimed; and (c) logs and other material that document and corroborate the claimed Downtime(s) (s) (any confidential or sensitive information in these logs should be removed or replaced with asterisks). NowSecure reserves the right to withhold any Service Credit if: (i) it cannot verify the Downtime(s) or reasonably verify that the Services were not Available during the reported time; or (ii) the Downtime is subject to an Exclusion.
4. SOFTWARE UPDATES.
4.1 On-Premises Software Updates. During the term, NowSecure will provide Customer all generally released updates to on-premises Software that is part of the Services, where applicable, including security patches, bug fixes, modifications, or enhancements. In order to apply updates, Customer may be required to update software dependencies, including the operating system or other components. All updates are provided for the current software version, and patches or updates to prior versions are not provided.
4.2 Hosted Services Updates. During the term, NowSecure will update Hosted Services including any Web application or API that is part of the Services, where applicable, including updates for security, bug fixes, modifications or enhancements.
ADDENDUM B – DEPLOYMENT SERVICES AGREEMENT
This Deployment Services Agreement (“DSA”) governs the Deployment Services to be provided to Customer by NowSecure as identified in an Order Form. This DSA incorporates the Terms and any capitalized terms not defined in this DSA will have the meanings set forth in the Terms. In the event of a conflict between the Terms and this DSA, this DSA shall prevail with respect to all Deployment Services.
1. Deployment Services Generally. NowSecure will provide Customer the Deployment Services identified in an Order Form. Customer acknowledges and agrees that this DSA only governs the Deployment Services.
2. Customer Policies. While performing the Deployment Services onsite at a Customer facility, NowSecure personnel will comply with all lawful workplace safety and security policies provided by Customer to NowSecure in advance. Upon Customer’s written request, NowSecure will promptly replace any NowSecure personnel that fail to comply with such Customer policies.
3. Warranty. NowSecure represents and warrants that the Deployment Services will be provided in a manner consistent with the prevailing standard of care and skill ordinarily exercised by other providers under similar circumstances at the time of performance. Customer will notify NowSecure in writing of any warranty deficiencies within thirty (30) days of the performance of the relevant Deployment Service. Upon receipt of such notice, NowSecure will promptly attempt to re-perform the deficient Deployment Service within thirty (30) days (or such longer period as agreed to by the parties in writing), or at NowSecure’s option, refund the Fees Customer paid for the deficient Deployment Service on a pro rata basis. Such refund will be NowSecure’s entire liability to Customer in connection with breach of the foregoing warranty. A Deployment Service will be deemed accepted if no written notice of a warranty deficiency is received by NowSecure within thirty (30) days of delivery of the Deployment Service.
4. Disclaimers. THE LIMITED WARRANTY PROVIDED IN SECTION 3 IS THE ONLY WARRANTY PROVIDED BY NOWSECURE IN CONNECTION WITH THE DEPLOYMENT SERVICES. FOR SAKE OF CLARITY, ALL DISCLAIMERS IDENTIFIED IN SECTION 10.4 OF THE TERMS ARE APPLICABLE TO DEPLOYMENT SERVICES.
5. Security Testing. Customer acknowledges the risks of service disruption and system modification inherent in certain types of security testing, including without limitation penetration testing, and that no security assessment is 100% accurate. NowSecure shall have no liability to Customer, or any third-party, for any disruption or modification occurring as a result of NowSecure’s provisioning of security testing or for inaccurate findings, whether false positive or false negative.
6. Customer Devices. Customer acknowledges that any hardware (including all devices or media containing Customer software) delivered by Customer to NowSecure in connection with the Deployment Services (“Customer Devices”) may be damaged during delivery, and that the performance of the Deployment Services may result in damage to the Customer Devices, including physical damage or software corruption. NowSecure will promptly notify Customer if any significant damage is discovered upon receipt or during performance of the Deployment Services. NowSecure shall not be liable for any damage that may occur to Customer Devices during transit (whether from Customer to NowSecure or NowSecure to Customer) or during performance of the Deployment Services. All Customer Devices will be returned to Customer promptly after completion of the Deployment Services.
7. Payment Terms. Customer agrees to pay all Fees for Deployment Services as specified in the applicable Order Form. If specified in the Order Form or approved in writing, Customer shall pay out-of-pocket travel, hotel, and meal expenses reasonably incurred in connection with NowSecure’s delivery of the Deployment Services (provided such expenses conform to Customer’s applicable written expense reimbursement policies and guidelines which Customer will provide to NowSecure in advance). Deployment Services must be consumed within the period specified in the Order Form, or if not specified, within one (1) year from the date of the Order Form, after which they expire and are non-refundable. Customer may reschedule Deployment Services by sending an email to [email protected], but if rescheduling results in NowSecure incurring unavoidable or additional expenses, such expenses shall be fully reimbursed by Customer.
8. Customer Responsibilities. Customer will provide hardware, software, facilities, materials, data, access, assistance, and cooperation reasonably necessary for NowSecure to perform the Deployment Services. Customer shall be solely responsible for ensuring it backs-up and otherwise protects all of its data and software that is accessed or utilized in connection with the Deployment Services. NowSecure shall have no liability to Customer in connection with any hardware, software, or data that is lost, damaged, or corrupted in connection with the provisioning of the Deployment Services. Customer shall be solely responsible for reconstructing data (including but not limited to data located on disk files and memories) and software that may be lost, damaged, or corrupted during the performance of Deployment Services. Customer represents and warrants that it has the authority to give NowSecure access to the hardware (including Customer Devices), software, and data provided to NowSecure in connection with performing the Deployment Services (“Customer Materials”), and for NowSecure to perform the Deployment Services on the Customer Materials. Customer agrees to defend NowSecure in any Claim (as defined in the Terms) brought against NowSecure based on Customer’s failure to obtain authority contemplated in the preceding sentence, and to indemnify NowSecure from any damages, attorney fees, and costs finally awarded against NowSecure by a court of competent jurisdiction or included in a settlement approved by Customer in connection with such Claim. The indemnification requirements in Section 11.3 of the Terms apply to Customer’s indemnification obligations in this Section 8 of the DSA.
9. Ownership. As between NowSecure and Customer, Customer shall own all Customer Materials (including Customer Devices), as well as all Deliverable Reports, and NowSecure acknowledges that all Customer Materials are provided solely for use in connection with NowSecure’s provisioning of the Deployment Services, and NowSecure agrees not to externally distribute Customer Materials or Deliverable Reports, without Customer’s prior written permission in each instance. To the extent a Deliverable Report contains Pre-Existing Content, NowSecure grants Customer a worldwide, perpetual, irrevocable, non-exclusive license to have, use, reproduce, and distribute such Pre-Existing Content in conjunction with its use of Deliverable Reports. As between NowSecure and Customer, NowSecure shall own all Equipment, Software, Documentation, Pre-Existing Content and other materials utilized by NowSecure and/or provided to Customer in connection with the Deployment Services (collectively “Deployment Materials”). Customer acknowledges that all Deployment Materials made available by NowSecure are intended for Customer’s internal use only, and Customer agrees not to externally distribute such Deployment Materials without the prior written permission of NowSecure in each instance. NowSecure may configure software and train Users, but NowSecure will not provide Customer any custom software development pursuant to this DSA or the Terms. With regard to security assessments, NowSecure will apply preexisting tools and techniques in order to produce security reports specific to Customer’s hardware or software (“Deliverable Reports”), and will not create new ideas, processes, or inventions. Customer, therefore, acknowledges and agrees that no “work product” or other intellectual property is being created for Customer in connection with the Deployment Services.
ADDENDUM C – DATA PROCESSING ADDENDUM
1. GENERAL TERMS.
1.1 This Data Processing Addendum (“DPA“) is supplemental to the Terms between NowSecure and Customer (each, a “Party,” and collectively, the “Parties”) for the provision of the Services and applies as set out in the Terms.
1.2 In the event of a conflict between any of the provisions of this DPA and the provisions of the Terms, the provisions of this DPA shall prevail.
2. CCPA PERSONAL INFORMATION PROCESSING.
To the extent NowSecure is required to process CCPA Personal Information on behalf of Customer, the following terms in this Section 2 shall apply.
2.1 Role of the Parties. For the purposes of the CCPA, the Parties acknowledge and agree that NowSecure will act as a “Service Provider” as such term is defined in the CCPA, in its performance of its obligations pursuant to this DPA or the Terms. NowSecure shall be referred to as “Service Provider” throughout this Section 2. The Customer will act as a single point of contact for its Affiliates with respect to CCPA compliance, such that if Service Provider gives notice to the Customer, such information or notice will be deemed received by the Customer’s Affiliates. The Parties acknowledge and agree that any claims in connection with the CCPA under this DPA will be brought by the Customer, whether acting for itself or on behalf of an Affiliate.
2.2 Definitions. Unless otherwise set out below, each capitalized term in this Section 2 shall have the meaning set out in the Terms.
“CCPA” means the California Consumer Privacy Act, Cal. Civ. Code 1798.100 et seq., including any amendments and any implementing regulations thereto that become effective on or after the effective date of this Data Processing Addendum.
“CCPA Consumer” means a “consumer” as such term is defined in the CCPA.
“CCPA Personal Information” means the “personal information” (as defined in the CCPA) that the Service Provider Processes on behalf of the Customer and/or Customer’s Affiliates in connection with the Service Provider’s provision of the Service.
“Data Processing Services” means the Processing of CCPA Personal Information for any purpose permitted by the CCPA, such as for a permitted “organization purpose,” as such term is defined in the CCPA, or for any other purpose expressly permitted by the CCPA.
“Processing” has the meaning given in the CCPA, and “Process” will be interpreted accordingly.
“Services” means the applicant testing services and any other services provided by Service Provider to the Customer under the Terms, including the Data Processing Services.
“Subprocessor” means any subcontractor engaged by Service Provider who Processes CCPA Personal Information on behalf Service Provider.
2.3 CCPA Personal Information Processing.
2.3.1 Instructions for CCPA Personal Information Processing. Service Provider shall not retain, use or disclose CCPA Personal Information for any purpose other than for the specific purpose of providing the Services, or as otherwise permitted by the CCPA. Service Provider acknowledges and agrees that it shall not retain, use, or disclose CCPA Personal Information for a commercial purpose other than providing the Services. Processing CCPA Personal Information outside the scope of this DPA or the Terms will require prior written agreement between the Customer and the Service Provider on additional instructions for Processing.
2.3.2 Required consents and notices. Where required by applicable laws, Customer will ensure that it has obtained/will obtain all necessary consents, and has given/will give all necessary notices, for the Processing of CCPA Personal Information by the Service Provider in accordance with the Terms.
2.4 Transfer of CCPA Personal Information.
2.4.1 No Disclosure of CCPA Personal Information. The Service Provider shall not disclose, release, transfer, make available or otherwise communicate any CCPA Personal Information to another organization or third party without the prior written consent of the Customer unless and to the extent that such disclosure is made to a Subprocessor for a organization purpose. Notwithstanding the foregoing, nothing in the Terms shall restrict the Service Provider’s ability to disclose CCPA Personal Information to comply with applicable laws or otherwise permitted by the CCPA.
2.4.2 No Sale of CCPA Personal Information. The Service Provider shall not Sell any Customer Personal Information to another organization or third party without the prior written consent of the Customer.
2.5 Consumer Rights Requests.
2.5.1 CCPA Consumer Rights Requests. On and after the effective date of the CCPA, Service Provider shall comply with all applicable requirements of the CCPA, and shall, where possible assist Customer with responding to CCPA Consumer Rights Requests as required by applicable CCPA requirements.
2.5.2 Notice of Requests. The Service Provider shall promptly notify the Customer of any request received by the Service Provider from a CCPA Consumer in respect of the CCPA Personal Information of the CCPA Consumer, and shall not respond to the CCPA Consumer except to direct such CCPA Consumer to contact Customer.
3. GDPR PERSONAL DATA PROCESSING.
To the extent NowSecure is required to Process GDPR Personal Data on behalf of Customer, the following terms in this Section 3 shall apply.
3.1 Role of the Parties. For the purposes of the EU Data Protection Laws, the Parties acknowledge and agree that NowSecure acts as a “Processor” and the Customer and/or Customer’s Affiliates act as “Controllers.” NowSecure shall be referred to as “Processor” throughout this Section 3. The Customer will act as a single point of contact for its Affiliates with respect to GDPR compliance, such that if Processor gives notice to the Customer, such information or notice will be deemed received by the Customer’s Affiliates. The Parties acknowledge and agree that any claims in connection with EU Data Protection Laws under this DPA will be brought by the Customer, whether acting for itself or on behalf of an Affiliate.
3.2 Definitions. Unless otherwise set out below, each capitalized term in this Section 3 shall have the meaning set out in the Terms. The terms “personal data“, “Controller“, “Processor“, “Data Subject“, “Process” and “Supervisory Authority” shall have the same meaning as set out in GDPR.
“GDPR Personal Data” means the “personal data” (as defined in the GDPR) described in ANNEX 1 and any other personal data that Processor Processes on behalf of Customer or Customer’s Affiliate in connection with Processor’s provision of the Services.
“EU Data Protection Laws” means the EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council (“GDPR“) and all applicable legislation protecting the fundamental rights and freedoms of persons and their right to privacy with regard to the Processing of GDPR Personal Data.
“European Economic Area” or “EEA” means the Member States of the European Union together with Iceland, Norway, Lichtenstein, and the United Kingdom.
“Security Incident” means any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, any GDPR Personal Data.
“Subprocessor” means any person or legal entity engaged by Processor who agrees to receive from Processor any Customer Personal Data.
3.3 Data Processing.
3.3.1 Instructions for Data Processing. Processor will only Process GDPR Personal Data in accordance with (a) the Terms, to the extent necessary to provide the Services to the Customer, and (b) the Customer’s written instructions, unless Processing is required by European Union or Member State law to which Processor is subject, in which case Processor shall, to the extent permitted by applicable law, inform the Customer of that legal requirement before Processing that GDPR Personal Data. The Terms (subject to any changes to the Service agreed between the Parties) and this DPA shall be the Customer’s complete and final instructions to Processor in relation to the processing of GDPR Personal Data. Processing outside the scope of this DPA or the Terms will require prior written agreement between the Customer and Processor on additional instructions for Processing.
3.3.2 Required Consents. Where required by applicable EU Data Protection Laws, Customer will be responsible for ensuring that all Data Subjects have given/will give all necessary consents for the lawful Processing of GDPR Personal Data by the Processor in accordance with the Terms.
3.3.3 Privacy Notices. Customer warrants and represents that: (i) it has provided all applicable notices to Data Subjects required for the lawful Processing of GDPR Personal Data by the Processor in accordance with the DPA; or (ii) with respect to any GDPR Personal Data collected by the Processor on behalf of the Customer, it has reviewed and confirmed the notices provided by the Processor to Data Subjects as accurate and sufficient for the lawful Processing of GDPR Personal Data by the Processor in accordance with the Terms.
3.3.4 Indemnity. Customer agrees to indemnify the Processor and its officers, directors, employees, agents, affiliates, successors and permitted assigns (each an “Indemnified Party“, and collectively the “Indemnified Parties“) against any and all losses, damages, liabilities, deficiencies, claims, actions, judgments, settlements, interest, awards, penalties, fines, costs, or expenses of whatever kind, including legal fees and court fees, that are incurred by the Indemnified Parties (collectively, “Losses”) arising out of any third party claim brought against the Processor relating to or arising out any instructions given by the Customer to the Processor under paragraph 3.3.1, any failure to obtain the consents as required by paragraph 3.3.2, any breach by the Customer of the warranties in paragraph 3.3.3, or any other breach by the Customer of any EU Data Protection Laws.
3.4 Transfer of Personal Data.
3.4.1 Subprocessors. Processor shall make available to Customer the current list of Subprocessors, if any, for the Services, and such list shall include the identity of those Subprocessors and their country of location. Processor shall notify Customer of a new Subprocessor.
3.4.2 Liability of Subprocessors. Processor shall at all times remain responsible for compliance with its obligations under the DPA and will be liable to the Customer for the acts and omissions of any Subprocessor approved by the Customer as if they were the acts and omissions of Processor.
3.4.3 Prohibition of Transfer of Personal Data. The Customer acknowledges that the Processor or its Subprocessors may access the GDPR Personal Data outside the EEA or Switzerland, provided that Processor maintains its certification to the EU-U.S. Privacy Shield.
3.5 Data Security, Audits, and Security Notifications.
3.5.1 Processor Security Obligations. Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of Processing.
3.5.2 Security Incident Notification. If Processor or any Subprocessor becomes aware of a Security Incident, Processor will (a) notify the Customer of the Security Incident within seventy-two (72) hours, (b) investigate the Security Incident and provide such reasonable assistance to the Customer (and any law enforcement or regulatory official) as required to investigate the Security Incident, and (c) take steps to remedy any non-compliance.
3.5.3 Processor Employees and Personnel. Processor and its employees shall treat the GDPR Personal Data as the Confidential Information of the Customer.
3.6 Access Request and Data Subject Rights.
3.6.1 Data Subject Requests. Save as required (or where prohibited) under applicable law, Processor shall notify Customer of any request received by Processor or any Subprocessor from a Data Subject in respect of their personal data included in the GDPR Personal Data, and shall not respond to the Data Subject. Processor shall provide Customer with the ability to correct, delete, block, access or copy the GDPR Personal Data.
3.6.2 Government Disclosure. Processor shall notify Customer of any request for the disclosure of GDPR Personal Data by a governmental or regulatory body or law enforcement authority (including any data protection supervisory authority) unless otherwise prohibited by law or a legally binding order of such body or agency.
3.7 Assistance. Where applicable, taking into account the nature of the Processing, and to the extent required under applicable EU Data Protection Laws, the Processor shall provide the Customer with any information or assistance reasonably requested by the Customer for the purpose of complying with any of the Customer’s obligations under applicable EU Data Protection Laws, including: (i) using all reasonable endeavors to assist Customer by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Customer’s obligation to respond to requests for exercising Data Subject rights laid down in the GDPR; and (ii) providing reasonable assistance to the Customer with any data protection impact assessments and with any prior consultations to any Supervisory Authority of the Customer, in each case solely in relation to Processing of GDPR Personal Data and taking into account the information available to Processor.
3.8.1 Deletion of Data. GDPR Personal Data will be deleted as identified in the Terms.
3.8.2 Retention. Processor and its Subprocessors may retain GDPR Personal Data to the extent required by applicable laws and only to the extent and for such period as required by applicable laws and always provided that Processor shall ensure the confidentiality of all such GDPR Personal Data and shall ensure that such GDPR Personal Data is only Processed as necessary for the purpose(s) specified in the applicable laws requiring its storage and for no other purpose.
ANNEX 1 – DETAILS OF THE PROCESSING OF GDPR PERSONAL DATA
This ANNEX 1 includes certain details of the processing of GDPR Personal Data as required by Article 28(3) of the GDPR.
Duration of the Processing: The duration of the Processing of GDPR Personal Data is the term set out in the Terms.
Nature and Purpose of the Processing: Processor will process GDPR Personal Data as necessary to perform the Services pursuant to the Terms, for Customer to use of and access to the Services in accordance with the Term, and as further instructed by Customer in its use of the Services. The Processing of GDPR Personal Data provided by Customer to the Processor, or collected by Processor on behalf of the Customer, is for the purposes of providing the Services to the Customer.
The types of GDPR Personal Data to be Processed: Customer and its Users may submit GDPR Personal Data to the Services, the extent of which is determined and controlled by Customer in its sole discretion, and which may include: first and last name; organization contact information (company, email, phone, physical organization address); personal contact information (email, cell phone); title; position; employer; professional life data; personal life data; connection data; and localization data.
Categories of Data Subjects: Customer may submit GDPR Personal Data to the Services, the extent of which is determined and controlled by Customer in its sole discretion, and which may include, but is not limited to the following categories: customers, organization partners, and venters of the Customer; employees or contact persons of Customer’s customers, organization partners, and vendors; and employees, agents, advisors, contractors, or any user authorized by the Customer to use the Services.
Obligations and Rights of the Customer: The obligations and rights of the Customer are as set out in this DPA.
ANNEX 2 – SUBPROCESSOR INFORMATION
The following are third-party subprocessors of NowSecure for the purposes of this DPA
Amazon Web Services, Inc.
Data center hosting (IaaS, PaaS)
User experience enrichment
Hosted helpdesk software