THIS SERVICES AGREEMENT (“AGREEMENT”) IS BETWEEN DATAVISOR, INC., A DELAWARE CORPORATION WITH A BUSINESS ADDRESS AT 967 N. SHORELINE BLVD., MOUNTAIN VIEW, CA 94043, USA (“DATAVISOR”) AND YOU (“YOU” OR “CUSTOMER”). PLEASE CAREFULLY READ THIS AGREEMENT BEFORE ACCESSING, DOWNLOADING OR OTHERWISE USING THE ONLINE DATAVISOR FRAUD DETECTION SERVICES (“DATAVISOR SERVICES”) FROM THE WEBSITE OF DATAVISOR,
BY CLICKING ON THE “ACCEPT” BUTTON, AND/OR DOWNLOADING OR USING THE DATAVISOR SERVICES, YOU, AS THE CUSTOMER (REFERRED TO HEREIN AS “YOU” OR “CUSTOMER”) ARE STATING THAT YOU HAVE READ THIS AGREEMENT, AGREE TO ALL OF ITS TERMS, AND CONSENT TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, CLICK THE “DO NOT ACCEPT” BUTTON AND/OR DO NOT ACCESS, DOWNLOAD OR USE THE DATAVISOR SERVICES.
IF YOU ARE ACCEPTING THIS AGREEMENT ON BEHALF OF YOUR EMPLOYER OR ANOTHER ENTITY, YOU REPRESENT AND WARRANT THAT: (I) YOU HAVE FULL LEGAL AUTHORITY TO BIND YOUR EMPLOYER, OR THE APPLICABLE ENTITY, TO THE LICENSE AGREEMENT; (II) YOU HAVE READ AND UNDERSTAND THIS AGREEMENT; AND (III) YOU AGREE, ON BEHALF OF THE PARTY THAT YOU REPRESENT, TO THIS AGREEMENT.
ACCEPTANCE OF THIS AGREEMENT IS REQUIRED AS A CONDITION TO PROCEEDING WITH ACCESS AND USE OF THE DATAVISOR SERVICES. IF YOU DO NOT AGREE TO ALL OF THE TERMS AND CONDITIONS OF THE AGREEMENT OR IF YOU DO NOT HAVE THE LEGAL AUTHORITY TO BIND YOUR EMPLOYER OR THE APPLICABLE ENTITY, YOU MUST NOT USE OR ACCESS THE DATAVISOR SERVICES.
IN CONSIDERATION OF THE PREMISES AND THE MUTUAL COVENANTS CONTAINED HEREIN, YOU AND DATAVISOR HEREBY AGREE AS FOLLOWS:
1.1. Scope of Services. Subject to the terms and conditions of this Agreement and the payment of all Services fees as set forth in the applicable Order Form, DataVisor shall provide to Customer the following services (“Services”).
a. DataVisor Services. DataVisor shall provide Customer with remote or on-prem access to DataVisor’s unwanted and fraudulent detection services as more fully described in the applicable Order Form (“DataVisor Services”) in order to process the user accounts for Customer’s product or service described in such Order Form (“Customer Product”). If remote access is provided, the DataVisor Services will be hosted and operated on computer servers maintained by DataVisor or by a third party on behalf of DataVisor. Customer will have the option to expand the scope of the DataVisor Services to increase the number of the events or user accounts of the Customer Product to be processed by the DataVisor Services, or otherwise change the scope of the DataVisor Services, upon payment of additional fees for such expanded scope as set forth in DataVisor’s then-current price list.
b. Support. DataVisor shall provide Customer with technical support for use of the DataVisor Services as specified in Schedule A (“Support Services”).
1.2. Internal Use Only. The Services are for use only by Customer and only for Customer’s internal business purposes, and is not to be used for the benefit of any third party.
1.3. Restrictions. As between the parties, DataVisor hereby reserves all intellectual property rights in the Services, all underlying software, architecture, algorithms, inventions, technology, processes, and related documentation, as well as all improvements and modifications made to any of the foregoing in connection with the performance of the Agreement. Customer agrees not to reverse engineer, reverse assemble, decompile, or otherwise attempt to derive source code from any such software. No license is granted, by implication, estoppel or otherwise, under any such intellectual property rights except for the right to access and use the DataVisor Services as set forth herein.
2.2 Data Security. To the extent that any Customer Data provided to DataVisor under Section 2.1 contains any personally identifiable information or other personal data that is protected under applicable law (“Personally Identifiable Information”), DataVisor will maintain and protect such information in accordance with the DataVisor Information Security Requirements on Schedule B and, where applicable, Data Protection Laws. In addition, DataVisor will take prompt action to notify Customer of security breaches in accordance with applicable law and to remedy any known security breaches.
DataVisor may update the DataVisor Services at any time and from time to time in its sole discretion. DataVisor shall include in the DataVisor Services provided hereunder any such updates that DataVisor generally makes available to its customers free of charge. Upgrades or add-ons that include new features or substantial increases in functionality may be subject to additional charge.
4.1. Support. As a condition to DataVisor’s support obligations, Customer shall (i) provide DataVisor with reasonable access to Customer’s servers and personnel as necessary to duplicate and resolve errors, (ii) document and promptly report all errors or malfunctions in the Services to DataVisor, and (iii) all steps necessary to carry out procedures for the rectification of errors or malfunctions within a reasonable time after such procedures have been received from DataVisor.
4.2. Use. Customer shall provide supervision, control and management of the use of the Services. Customer shall use commercially reasonable efforts to prevent unauthorized access to or use of the DataVisor Services and to notify DataVisor of any unauthorized access that may come to Customer’s attention. Customer shall not interfere with or disrupt the integrity or performance of the DataVisor Services or third-party data.
5.1. Confidential Information. Each party acknowledges that it will have access to certain confidential information of the other party concerning the other party’s business, plans, customers, technology, and products, including the terms and conditions of this Agreement (“Confidential Information”). Each party shall not use in any way, for its own account or the account of any third party, except as expressly permitted by this Agreement, nor disclose to any third party (except as required by law or to that party’s attorneys, accountants and other advisors as reasonably necessary), any of the other party’s Confidential Information and shall take reasonable precautions to protect the confidentiality of such information.
5.2. Exceptions. Information will not be deemed Confidential Information if such information: (i) is known to the receiving party prior to receipt from the disclosing party directly or indirectly from a source other than one having an obligation of confidentiality to the disclosing party; (ii) becomes known (independently of disclosure by the disclosing party) to the receiving party directly or indirectly from a source other than one having an obligation of confidentiality to the disclosing party; (iii) becomes publicly known or otherwise ceases to be secret or confidential, except through a breach of this Agreement by the receiving party; or (iv) is independently developed by the receiving party.
DATAVISOR DOES NOT MAKE, AND HEREBY DISCLAIMS, ANY AND ALL EXPRESS, IMPLIED OR STATUTORY WARRANTIES, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. DATAVISOR DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR COMPLETELY SECURE, OR WILL DETECT ALL UNWANTED OR FRAUDULENT ACCOUNTS, OR WILL NOT DETECT ACCOUNTS THAT ARE NOT UNWANTED OR FRAUDULENT.
7.1. Exclusions. DATAVISOR WILL NOT BE LIABLE TO CUSTOMER FOR ANY LOST REVENUE, LOST PROFITS, REPLACEMENT GOODS, LOSS OF TECHNOLOGY, RIGHTS OR SERVICES, INCIDENTAL, PUNITIVE, INDIRECT OR CONSEQUENTIAL DAMAGES, LOSS OF DATA, OR INTERRUPTION OF BUSINESS, EVEN IF DATAVISOR IS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE.
7.2 Maximum Liability. DATAVISOR’S MAXIMUM AGGREGATE LIABILITY TO CUSTOMER RELATED TO OR IN CONNECTION WITH THIS AGREEMENT WILL BE LIMITED TO THE TOTAL AMOUNT PAYABLE BY CUSTOMER TO DATAVISOR HEREUNDER FOR THE 12 MONTH PERIOD PRIOR TO THE DATE THE CAUSE OF ACTION AROSE.
8.1. DataVisor’s Indemnification of Customer. DataVisor shall, at its own expense, defend or at its option settle any third party claim brought against Customer to the extent it alleges that DataVisor’s provision of the Services under this Agreement infringes any copyright, trade secret, patent or trademark of any third party, and shall pay those judgments finallyawarded against Customer in any such action that are specifically attributable to such claim or those costs and damages agreed to in a monetary settlement of such action agreed to by DataVisor; provided that Customer provides DataVisor with (i) prompt written notice of such claim; (ii) control over the defense and settlement of such claim; and (iii) proper and full information and assistance to settle and/or defend any such claim. Notwithstanding the foregoing, in no event shall DataVisor be liable for any such claim to the extent that it is based on (a) any modification to the Services performed by a party other than DataVisor, where the infringement would not have occurred but for that modification, (b) any use of the Services in combination with other products or services not furnished by DataVisor, where the infringement would not have occurred but for that combination, or (c) any use of the Services not expressly authorized by DataVisor under this Agreement, where the infringement would not have occurred but for that unauthorized use. The foregoing provisions of this Section 8.1 state the entire liability of DataVisor, and the sole remedy of Customer, with respect to any actual or alleged claim of infringement or misappropriation of intellectual property rights, or any intellectual property non-infringement warranty.
8.2. Customer’s Indemnification of DataVisor. Customer shall, at its own expense, defend or at its option settle any third party claim brought against DataVisor to the extent it alleges that (a) Customer’s use of Services violates any applicable law or regulation, (b) Customer does not have the right to provide the Customer Data to DataVisor, or (c) the Customer Data infringes the copyright, trade secret, privacy, publicity, or other rights of any third party, and shall pay those judgments finally awarded against DataVisor in any such action that are specifically attributable to such claim or those costs and damages agreed to in a monetary settlement of such action agreed to by Customer; provided that DataVisor provides Customer with (i) prompt written notice of such claim; (ii) control over the defense and settlement of such claim; and (iii) proper and full information and assistance to settle and/or defend any such claim. The foregoing provisions of this Section 8.2 state the entire liability of Customer, and the sole remedy of DataVisor, with respect to any actual or alleged claim of infringement or misappropriation of intellectual property rights, or any intellectual property non-infringement warranty.
9.1. Term and Renewal. This Agreement will become effective commencing on the Effective Date of the applicable Order Form, and continue for an initial period of three years (“Initial Term”). After the Initial Term, this Agreement will automatically renew for additional one year terms (each a “Renewal Term”) unless either party provides the other party with notice of non-renewal at least 30 days prior to the expiration of the Initial Term or the then-current Renewal Term.
9.2. Termination. Either party will have the right to terminate this Agreement if the other party breaches any material term or condition of this Agreement and fails to cure such breach within 30 days after receipt of written notice of the same, except in the case of Customer’s failure to pay fees, which must be cured within five days after receipt of written notice from DataVisor. Under no circumstances is Customer permitted to terminate this Agreement for convenience or for any reason other than as set forth in this Section 9.2.
9.3. Suspension. At DataVisor’s sole option, DataVisor may suspend Customer’s access to the Services in the event of any breach by Customer of a material term or condition of this Agreement, and reinstate such access at such time as the breach has been cured.
9.4. Effect of Termination. Upon the effective date of expiration or termination of this Agreement: (a) DataVisor may immediately cease providing Services; (b) any and all payment obligations of Customer under this Agreement will become due immediately; and (c) within 30 days after such expiration or termination, each party shall return all Confidential Information of the other party in its possession at the time of expiration or termination and shall not make or retain any copies of such Confidential Information except as required to comply with any applicable legal or accounting record keeping requirement.
9.5. Survival. The following provisions will survive any expiration or termination of the Agreement: Sections 1.3, 2, 5, 6, 7, 8, 9.5 and 10.
10.1. Force Majeure. Except for the obligation to pay money, neither party will be liable for any failure or delay in its performance under this Agreement due to any cause beyond its reasonable control, including act of war, acts of God, earthquake, flood, embargo, riot, sabotage, labor shortage or dispute, governmental act or failure of the Internet, provided that the delayed party: (a) gives the other party prompt notice of such cause, and (b) uses its reasonable commercial efforts to correct promptly such failure or delay in performance.
10.2. Government Regulations. Customer shall not export, re-export, transfer, or make available, whether directly or indirectly, any regulated item or information to anyone outside the U.S. in connection with this Agreement without first complying with all export control laws and regulations which may be imposed by the U.S. Government and any country or organization of nations within whose jurisdiction Customer operates or does business.
10.3. Governing Law; Dispute Resolution. This Agreement is made under and will be governed by and construed in accordance with the laws of the State of California (except that body of law controlling conflicts of law). Except for the right of either party to apply to any court of competent jurisdiction for a temporary restraining order, a preliminary injunction, or other equitable relief to preserve the status quo or prevent irreparable harm, any dispute as to the interpretation, enforcement, breach, or termination of this Agreement will be settled by binding arbitration in San Francisco County, California, under the Rules of Arbitration of the International Chamber of Commerce Court of Arbitration, by a single arbitrator appointed in accordance with such rules. Arbitration shall be conducted in English. Judgment upon the award rendered by the arbitrators may be entered in any court of competent jurisdiction.
10.4. Assignment. Customer may not assign its rights or delegate its duties under this Agreement either in whole or in part without the prior written consent of DataVisor, except that Customer may assign this Agreement, upon prior written notice to DataVisor, in whole as part of a corporate reorganization, consolidation, merger, or sale of substantially all of its assets. Any attempted assignment or delegation without such consent will be void. DataVisor may assign this Agreement in whole as part of a corporate reorganization, consolidation, merger, sale or transfer of substantially all of its assets. This Agreement will bind and inure to the benefit of each party’s successors and permitted assigns.
10.5. Notices. Any notice or communication required or permitted to be given hereunder may be delivered by hand, deposited with an overnight courier, sent by confirmed facsimile, or mailed by registered or certified mail, return receipt requested, postage prepaid to the address for the Customer on the Order Form and for DataVisor at 967 N. Shoreline Blvd., Mountain View, California 94043, USA, or at such other address as may hereafter be furnished in writing by either party hereto to the other. Such notice will be deemed to have been given as of the date it is delivered, mailed or sent, whichever is earlier.
10.6. Relationship of Parties. DataVisor and Customer are independent contractors and this Agreement will not establish any relationship of partnership, joint venture, employment, franchise or agency between DataVisor and Customer. Neither DataVisor nor Customer will have the power to bind the other or incur obligations on the other’s behalf without the other’s prior written consent, except as otherwise expressly provided herein.
10.7. General Terms. This Agreement, including all documents incorporated herein by reference, constitutes the complete and exclusive agreement between the parties with respect to the subject matter hereof, and supersedes and replaces any and all prior or contemporaneous discussions, negotiations, understandings and agreements, written and oral, regarding such subject matter. This Agreement may be executed in two or more counterparts, each of which will be deemed an original, but all of which together shall constitute one and the same instrument. In the event any provision of this Agreement is held by a tribunal of competent jurisdiction to be contrary to the law, the remaining provisions of this Agreement will remain in full force and effect. The waiver of any breach or default of this Agreement will not constitute a waiver of any subsequent breach or default, and will not act to amend or negate the rights of the waiving party.
10.8. Publicity. Customer agrees that DataVisor may include the name, logo, and success stories of Customer on DataVisor’s website, press releases, promotional and sales literature, and advertising materials.
Support Hours and Methods. DataVisor shall provide the following support: e-mail support at firstname.lastname@example.org. DataVisor will use commercially reasonable efforts to respond to support requests within 24 hours of receipt of any request.
Liaison. Customer’s support liaison will be notified to DataVisor by email at email@example.com at the commencement of the subscription term. Customer may change such liaison upon written notice to Customer from time to time at reasonable intervals. DataVisor will not be obligated to provide support to any person other than the designated liaison.
1. DataVisor Information Security Program. DataVisor is responsible for establishing and maintaining an information security program based on recognized generally accepted information security principles or “best practices”, such as ISO 27002. Policies for the following control areas, and their associated standards and procedures, shall be defined, as further described below.
2. Organizational Security. DataVisor shall have a documented policy that defines responsibility for the protection of company and customer information. DataVisor employees are to be made aware of their responsibilities for maintaining effective security controls, particularly regarding the use of passwords, disposal of information, social engineering attacks, incident reporting, and the physical security of users and company equipment.
3. Asset Classification and Control. DataVisor shall be capable of adequately protecting Personally Identifiable Information according to level of sensitivity. If allowed in printed form, this would include on-site shredding bins or incinerators, statements of disposal, etc.
4. Personnel Security. DataVisor shall ensure that employees that have access to unencrypted Personally Identifiable Information have passed basic background checks designed to validate the completeness and accuracy of resumes, confirmation of academic and professional qualifications, and verification of identity. Where allowable by law these checks should also include checks of criminal history. Individuals whose background checks reveal inconsistencies or convictions related to computer crimes, fraud or theft shall not be permitted to access Personally Identifiable Information.
5. Communications and Operations Management. The following operational controls will be implemented to protect the systems used to access Personally Identifiable Information.
5.1. Patch Management. DataVisor shall establish a patch management process that ensures that all systems used to access Personally Identifiable Information, including network devices, servers, and desktop/laptop computers, are patched against known security vulnerabilities in a reasonable period of time based on the criticality of the patch and sensitivity of data accessed. The following schedule defines the acceptable limits for testing and applying patches.
5.2. Secure System Configuration. DataVisor shall establish controls to ensure that all systems used to access Personally Identifiable Information or process information intended for delivery to Customer are securely configured in a repeatable manner. This involves changes to default settings to improve system security (e.g., system “hardening”), changes to default account passwords and removal of unnecessary software or services/daemons.
5.3. Malware Prevention. Detection and prevention controls to protect against malicious software and appropriate user awareness procedures shall be implemented. Technical controls shall be kept updated and DataVisor shall regularly evaluate all systems for the existence of malware.
5.4. Use of Encryption Technology. All encryption shall use commercially available cryptographic algorithms. Keys shall be rotated on a regular basis as defined by the level of sensitivity of information, retired keys shall be destroyed.
6. Access Control.
6.1. Identification and Authentication. All user accounts used to access Personally Identifiable Information shall be unique, and shall be clearly associated with an individual user. Group or “generic” accounts, shared by many users, are prohibited on systems used to access Personally Identifiable Information. Users may only have one account per system. If multiple accounts are needed each account shall clearly indicate the user and the access level or type of account (e.g., user1_user and user1_administrative) to ensure that there is no possibility to unintentionally log into an account with higher privileges without being aware of it. Complex passwords shall be used to control access to systems used to gain access to Personally Identifiable Information. Where identified, two-factor authentication (2FA) may be required. Inactive accounts shall be identified and disabled after a period of inactivity not to exceed 10 business days. Following separation, accounts may be disabled for a period of up to 10 business days and shall be permanently deleted within 20 business days of separation.
6.2. Authorization. Access to Personally Identifiable Information will be granted on a need-to-know basis.
6.3. Network Access Controls. All networks used to access Personally Identifiable Information shall be protected through the use of controls capable of blocking unauthorized network traffic, both inbound and outbound (ingress and egress). These devices shall be configured to log network activity for audit, incident response and forensic purposes. Where such controls are not available, networks used to access Personally Identifiable Information shall be physically separate from other DataVisor networks.
7. Incident Detection and Response.
DataVisor shall be responsible for establishing and maintaining an operational incident detection capability and a documented incident response program for responding to suspected or known violations of information security policy or system breaches. Incident response plans shall include methods to protect evidence of activity from modification or tampering, and to properly allow for the establishment of a chain of custody for evidence.
8. Point of Contact. DataVisor shall provide Customer a Point of Contact for escalation of all information security matters.
This partner terms was last modified on May 11th, 2021.