Terms of Service
Updated December 20, 2017
THE TERMS OF THIS MASTER SERVICES AGREEMENT (“AGREEMENT”) GOVERN YOUR USE OF THE APPLICATION SERVICES (AS DEFINED BELOW) OF SENSEFORCE GMBH. (“SENSEFORCE”). IF YOU DO NOT AGREE TO THESE TERMS, DO NOT USE SENSEFORCE’S APPLICATION SERVICES. BY ACCEPTING THESE TERMS BELOW OR BY USING SENSEFORCE’S APPLICATION SERVICES IN ANY MANNER, YOU, THE ENTITY YOU REPRESENT AND ANY AFFILIATE OF SUCH ENTITY (COLLECTIVELY, “CUSTOMER”) AGREE THAT YOU HAVE READ AND AGREE TO BE BOUND BY THIS AGREEMENT TO THE EXCLUSION OF ALL OTHER TERMS. IF THE TERMS OF THIS AGREEMENT ARE CONSIDERED AN OFFER, ACCEPTANCE IS EXPRESSLY LIMITED TO SUCH TERMS. THIS AGREEMENT IS ENTERED INTO AS OF THE DATE YOU ACCEPT THESE TERMS OR USE THE APPLICATION SERVICES (“EFFECTIVE DATE”).
1. LICENSE TO USE THE SERVICES
1.1 Subject to the terms of this Agreement, Senseforce grants to Customer a limited, non-exclusive, non-transferable right to access and use the Application Services, and allow its Authorized Users to access and use the Application Services, solely for Customer’s internal business purposes and not for resale or further distribution. Customer’s right to use the Application Services is limited by all terms and conditions herein. Customer shall be responsible for its Authorized Users in compliance with Customer’s obligations under the terms of the Agreement. Except for this license granted to Customer, Senseforce and its licensors retain all right, title and interest in and to the Application Services, including all related intellectual property rights. The Application Services are protected by applicable intellectual property laws, including U.S. copyright law and international treaties. “Authorized User” means any individual provided with access to the Application Services by Customer. “Application Services” shall mean the online, web-based and mobile-based applications ordered by Customer through either: (i) Customer’s selection and acceptance of a specific pricing plan and volume tier for the Application Services, which are set forth at https://senseforce.io/pricing (the “Pricing Page”) via the online purchasing process at https://senseforce.io, or (ii) an Order Form, in each case provided by Senseforce via https://senseforce.io or other designated websites or IP addresses or mobile applications, as communicated to Customer by Senseforce. An “Order Form” shall mean means an ordering document, including without limitation statements of work, signed by both parties and incorporating the terms of this Agreement by reference, that specifies the Application Services purchased by Customer. An “Affiliate” means an entity which, directly or indirectly, owns or controls, is owned or is controlled by or is under common ownership or control with a party. As used herein, “control” means the power to direct the management or affairs of an entity, and “ownership” means the beneficial ownership of fifty percent (50%) or more of the voting equity securities or other equivalent voting interests of the entity.
1.2 Pricing Plans. Senseforce’s Application Services are comprised of People Plans for the purchase of “people profiles” and Engagement Plans for the purchase of “data points,” which can be purchased separately or jointly, each with features and functionality set forth on the Pricing Page. For Application Services provided on a People Plan basis, a “people profile” is a JSON object comprised of an identifier or identifying string intended to indicate a unique user and a dictionary of properties (object) that is stored by the Application Services. For Application Services provided on an Engagement Plan basis, a “data point” is a JSON object comprised of an event (string) and a dictionary of properties (object) that is stored by the Application Services. Senseforce supports certain legacy pricing plans which remain grandfathered in until the end of their current term or as otherwise terminated. Senseforce reserves the right to discontinue supporting legacy pricing plans at any time with prior notice. Senseforce may modify its Pricing Page at any time and add new services or pricing plans for additional fees and charges, or amend fees and charges for existing services, at any time and in its sole discretion without prior notice to you.
1.3 Free Services. Senseforce’s Free People Plan and Free Engagement Plan are each offered at no charge, but have limited people profiles and data points, respectively, as well as limited features and functionality, as set forth on the Pricing Page. Both plans have a monthly term and automatically renew unless Customer terminates the applicable plan by writing to Senseforce at [email protected], Senseforce terminates the Agreement or Customer otherwise purchases a paid plan. Senseforce may modify the services offered with either free plan at any time in its sole discretion or even discontinue them entirely without prior notice to you.
1.4 Paid Services.
(i) People Plans. Senseforce offers People Plans with a length of term and in the volume tiers set forth on the Pricing Page. In addition, Senseforce offers an Enterprise People Plan with custom people profile volumes that may only be purchased by Customer through execution of an Order Form. These People Plans are all billed in advance of their respective terms and automatically renew at the end of their respective terms for an equivalent term, or as otherwise stated in the Order Form, unless Customer chooses not to renew such plan by writing to Senseforce at [email protected] or Senseforce terminates the Agreement. The number of people profiles purchased by Customer in a given volume tier of People Plan is the maximum number of people profiles that Customer may have at the end of each month of a given term. In the event Customer’s count of people profiles at the end of any month during a given term exceeds the volume tier selected by Customer, Senseforce will charge additional fees (“People Overage Fees”) at 120% of the unit price applicable to Customer’s selected volume tier and the Customer shall be obligated to pay any People Overage Fees in the next month. Customer may upgrade and purchase a higher volume tier of a People Plan at any time through the Application Services by paying the price of the higher volume tier. Upon such upgrade, Customer will be allocated the number of people profiles for such higher volume tier through the remainder of the applicable term.
(ii) Engagement Plans. Senseforce offers Engagement Plans with a length of term and in the volume tiers set forth on the Pricing Page. In addition, Senseforce offers an Enterprise Engagement Plan with custom data point volumes, features, support and services that may only be purchased by Customer through execution of an Order Form. These Engagement Plans are all billed in advance of their respective terms and automatically renew at the end of their respective terms for an equivalent term, or as otherwise stated in the Order Form, unless Customer chooses not to renew such plan by writing to Senseforce at [email protected] or Senseforce terminates the Agreement. The number of data points purchased by Customer in a given volume tier of an Engagement Plan must be used during each applicable term and any unused data points at the end of such term are forfeited. In the event Customer’s usage of data points exceeds the volume tier selected by Customer during a given term, Senseforce will thereafter through the end of such term charge additional fees (“Event Overage Fees”) at 120% of the unit price applicable to Customer’s selected volume tier and the Customer shall be obligated to pay any Event Overage Fees in the next month. Customer may upgrade and purchase a higher volume tier at any time through the Application Services by paying the price of the higher volume tier. Upon such upgrade, Customer will receive additional data points equal to the net difference between the purchased higher volume tier and Customer’s current volume tier (such incremental amount, the “Upgrade Bundle”). The Upgrade Bundle must be used during the remainder of the applicable term in which it was purchased, otherwise it will be forfeited.
To the extent of any conflict or inconsistency between the foregoing provisions in Section 1 of this Agreement and any Order Form, the terms of such Order Form shall prevail and govern Customer’s use and purchase of the Application Services. For purposes herein, “Overage Fees” shall mean People Overage Fees and Event Overage Fees collectively.
1.5 Fees paid hereunder, including Overage Fees, are non-refundable and shall be billed in U.S. Dollars. Except as otherwise set forth in an Order Form, fees due hereunder will be billed to Customer’s credit card and Customer authorizes the card issuer to pay all such amounts and authorizes Senseforce (or its billing agent) to charge the credit card account until Customer or Senseforce cancels or terminates the Application Services as set forth herein; provided that if payment is not received from the credit card issuer, Customer agrees to pay all amounts due upon demand. Customer must provide current, complete and accurate billing and credit card information. Customer agrees to pay all costs of collection, including attorney’s fees and costs, on any outstanding balance. In certain instances, the issuer of the credit card may charge a foreign transaction fee or related charges, which Customer shall be responsible to pay.
1.6 Fees do not include any local, state, federal or foreign taxes, levies, duties or similar governmental assessments of any nature, including value-added, use or withholding taxes (collectively, “Taxes”). Customer is responsible for payment of all Taxes associated with its purchases hereunder (excluding taxes based on Senseforce’s net income or property), and any related penalties and interest. Customer will make all required payments to Senseforce free and clear of, and without reduction for, any withholding taxes. Customer will, upon Senseforce’s request, provide Senseforce with official receipts issued by appropriate taxing authorities, or such other evidence as Senseforce may reasonably request, to establish that such Taxes have been paid.
2. ACCESS TO THE SERVICES
2.1 Senseforce does not provide the equipment required to access the Application Services. Customer is responsible for all fees charged by third parties related to Customer’s access and use of the Application Services (e.g., charges by Internet service providers). In the event Customer utilizes SMS notifications as part of its utilization of the Application Services, Senseforce reserves the right to pass through its costs of such service to Customer, and Customer agrees to be pay such fees.
2.2 Senseforce also reserves the right to restrict, suspend, or terminate access to the Application Services at any time, if in Senseforce’s sole determination, Customer is using the Application Services in a manner that violates applicable laws or the terms of this Agreement, fails to make payment to Senseforce or creates an Excess Burden on Senseforce’s systems. “Excess Burden” means when the Application Services are being used to engage in denial of service attacks, spamming, or any illegal activity, and/or use of Application Services is causing immediate, material and ongoing harm to Senseforce or Senseforce’s other customers.
2.3 Senseforce does not provide maintenance for or guarantee the continued function of, and Senseforce reserves the right to change, discontinue, delete and/or deprecate, at any time and at Senseforce’s sole discretion, any product feature, support service and any custom report template that may be made available to or accessible by Customer, including through the Application Services. Custom reports could include, but are not limited to, custom JQL queries, ReportKit Applications, or other reports customized for Customer’s use.
2.4 From time to time, Senseforce may make Beta Services (as defined below) available to Customer at no charge. Customer may choose to utilize such Beta Services in Customer’s sole discretion. Beta Services are intended for evaluation purposes and not for production use, are not fully supported and may be subject to additional terms that may be presented to Customer. Beta Services are provided on an “as-is” and “as available” basis without any warranty, support, maintenance, storage, service-level agreement or indemnity obligation of any kind and so, are not considered “Application Services” hereunder, even if displayed in the user interface; however, all restrictions herein, Senseforce’s reservation of rights and Customer’s obligations concerning the Application Services shall apply equally to Senseforce’s use of Beta Services. Senseforce may discontinue Beta Services at any time in its sole discretion and may never make them generally available. Senseforce will have no liability for any harm or damage arising out of or in connection with a Beta Service. “Beta Services” means a product, service or functionality provided by Senseforce that may be made available to Customer to try at Customer’s option at no additional charge which is clearly designated as beta, pilot, limited release, non-production, early access, evaluation or by a similar description. Beta Services may be considered Confidential Information of Senseforce, if so denoted or communicated by Senseforce to Customer. Customer will not disclose (including, but not limited to, in a press release or public statement) any information about, involving or regarding Beta Services (including the existence of), except as agreed by Senseforce in writing.
Customer shall use the Application Services only in compliance with all applicable laws, including any applicable privacy laws, and the terms of this Agreement. Customer shall not and shall not permit or authorize any third party to: (i) copy, rent, sell, lease, sublicense, distribute, assign, or otherwise transfer or encumber rights to the Application Services, or use the Application Services for the benefit of any third party, or make the Application Services available to anyone other than its Authorized Users; (ii) use the Application Services to send spam or otherwise duplicative or unsolicited messages in violation of applicable laws, or to process, send or store Sensitive Information, infringing or unlawful material, viruses, worms, time bombs, Trojan horses or other harmful or malicious code, files, scripts, agents or programs; (iii) circumvent or disable any digital rights management, usage rules, or other security features of the Application Services, or otherwise attempt to gain unauthorized access to, or disrupt the integrity or performance of, the Application Services or the data contained therein; (iv) modify, copy, translate, enhance, decompile, disassemble, reverse engineer or create derivative works based on the Application Services, or any portion thereof; (v) access or use the Application Services for the purpose of building a competitive product or service or copying its features or user interface; (vi) remove, alter, or obscure any copyright, trademark or other proprietary notices appearing in or on the Application Services; or (vi) use the Application Services in a manner that overburdens, or that threatens the integrity, performance, or availability of, the Application Services.
4.1 To the extent Customer Content that includes Personal Information is sent by Customer through the Application Services and Customer’s use of the Application Services involves transferring Personal Information outside the European Economic Area or Switzerland to any country not deemed by the European Commission as providing an adequate level of protection for personal data, the terms of the Data Processing Addendum available at https://senseforce.io/dpa/ shall apply to such Personal Information and be incorporated into the Agreement. Customer Content shall be hosted and persistently stored by Senseforce or its third-party service providers in the United States. In providing the Application Services, Senseforce may engage sub-processors to process Customer Content, including, without limitation, any associated Personal Information pursuant to this Agreement within the European Economic Area, the United States and in other countries and territories. Under no circumstances will Senseforce be deemed a data controller with respect to Customer Content under the Data Protection Act (European Directive 95/46/EC) or any relevant or replacement law or regulation of any Member State as defined therein. “Personal Information” means any Customer Content processed by Senseforce pursuant to the Agreement, relating to an identified or identifiable natural person; where an “identifiable natural person” means an individual who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to the individual’s physical, physiological, mental, economic, cultural or social identity.
4.3 Customer agrees to comply with all applicable privacy and data protection regulations. Further, Customer agrees to not use the Application Services to send Senseforce Sensitive Information. “Sensitive Information” shall means information the unauthorized disclosure of which could cause material, severe, or catastrophic harm or impact to Senseforce, any data subjects or third parties, including but not limited to passwords, authentication/authorization credentials, business secrets deemed highly confidential (e.g., highly-confidential business strategies and communications, sensitive attorney-client privileged and confidential communications), and information under regulatory or contractual handling requirements (e.g., Payment Card Industry Data Security Standards) including without limitation: credit card information, credit card numbers and magnetic stripe information, social security numbers, driver’s license numbers, passport numbers, government issued identification numbers, financial account information, genetic, bio-metric, or health data, personally identifiable information collected from children under the age of 13 or from online services directed toward children, and real time geo-location data which can identify an individual.
4.4 Senseforce collects, stores, uses and accesses Customer Content to maintain, improve and support the Application Services. Senseforce may also use Customer Content in an encrypted and aggregated form (“Aggregated Data”) for Senseforce’s own business purposes, including use, duplication, modification and creation of derivative works regarding usage and performance of Aggregated Data which does not directly or indirectly identify Customer or End Users. Senseforce shall own all right, title and interest to the Aggregated Data and any derivative works thereof. Senseforce only shares Customer Content with others under special circumstances as follows:
a. With third parties who work on Senseforce’s behalf to provide the Application Services;
b. To the extent needed to comply with laws or to respond to lawful requests and legal process (provided that Senseforce will endeavor to notify Customer if Senseforce has received a lawful request for Customer’s information);
d. In an emergency, including to protect the personal safety of any person;
e. In connection with a sale or transfer of all or a part of Senseforce’s business or assets (business deals may include, for example, any merger, financing, acquisition, divestiture, or bankruptcy transaction or proceeding); or
f. As directed by Customer, including through its use of the Application Services.
4.5 Senseforce provides Customer with access to Customer Content and the ability to delete Customer Content upon request. Upon cessation of Senseforce’s relationship with Customer, Senseforce may delete Customer Content no longer in active use. Senseforce agrees to maintain commercially reasonable technical and organizational measures designed to safeguard Customer Content from unauthorized access, use or disclosure. These will include measures designed to: (i) store Customer Content on servers located in a physically secured location and (ii) use firewalls, access controls and similar security technology designed to protect Customer Content from unauthorized disclosure. Senseforce takes no responsibility and assumes no liability for any Customer Content other than its express security obligations in this section.
4.6 End Users can opt-out of Senseforce’s automatic retention of data collected through their web browsers while on Customer’s mobile and web properties or websites that have the Application Services integrated by visiting https://senseforce.io/optout. To track opt-outs, Senseforce uses a persistent opt-out cookie placed on devices of End Users. Senseforce opt-out cookies will not stop Customer from sending other data about that End User from Customer’s servers to Senseforce, nor will it prevent any other data collection methods.
5. RESTRICTED AREAS OF THE SERVICES
Certain parts of the Application Services, including account management features, may be password-restricted to registered users or other authorized persons (“Password-Protected Areas”). If Customer is authorized to gain access to any Password-Protected Areas, Customer agrees that Customer is entirely responsible for maintaining the confidentiality of Customer’s password, and agrees to notify Senseforce if the password is lost, stolen, disclosed to an unauthorized third party, or otherwise may have been compromised. Customer agrees that Customer is entirely responsible for any and all activities that occur under Customer’s account, whether or not Customer undertakes such activities. Customer agrees to immediately notify Senseforce of any unauthorized use of Customer’s account or any other breach of security in relation to Customer’s password or the Application Services that is known to Customer.
6. LINKS AND THIRD PARTY CONTENT
6.1 The Application Services may display, or contain links to, third party products, services, and websites. Any opinions, advice, statements, services, offers, or other information that constitutes part of the content expressed, authored, or made available by other users or other third parties on the Application Services, or which is accessible through or may be located using the Application Services (collectively, “Third Party Content”) are those of the respective authors or producers and not of Senseforce or its stockholders, directors, officers, employees, agents, or representatives.
6.2 Senseforce does not control Third Party Content and does not guarantee the accuracy, integrity or quality of such Third Party Content. Senseforce is not responsible for the performance of, does not endorse, and is not responsible or liable for, any Third Party Content or any information or materials advertised in any Third Party Content. By using the Application Services, Customer may be exposed to content that is offensive, indecent, or objectionable. Senseforce is not be responsible or liable, directly or indirectly, for any damage or loss caused to Customer by Customer’s use of or reliance on any goods, services, or information available on or through any third party service or Third Party Content. It is Customer’s responsibility to evaluate the information, opinion, advice, or other content available on and through the Application Services.
6.3 Customer will not use the Application Services to: (i) upload, post, email, or otherwise transmit any content that contains unlawful, harmful, threatening, abusive, harassing, tortious, defamatory, vulgar, obscene, libelous, invasive of another’s privacy, hateful, or racially, ethnically or otherwise objectionable; (ii) harm Senseforce or third parties in any way; (iii) impersonate any person or entity, or otherwise misrepresent Customer’s affiliation with a person or entity; (iv) upload, post, email, or otherwise transmit any content that Customer does not have a right to transmit under any law or under contractual or fiduciary relationships (such as inside information, proprietary and confidential information learned or disclosed as part of employment relationships or under nondisclosure agreements); (v) upload, post, email or otherwise transmit any content that infringes any patent, trademark, trade secret, copyright, or other right of any party; (vi) upload, post, email, or otherwise transmit any unsolicited or unauthorized advertising, promotional materials, “junk mail,” “spam,” “chain letters,” “pyramid schemes,” or any other forms of solicitation; (vii) upload, post, email, or otherwise transmit any material that contains software viruses or any other computer code, files, or programs designed to interrupt, destroy, or limit the functionality of any computer software or hardware or telecommunications equipment; (viii) interfere with or disrupt the Application Services or servers or networks connected to the Application Services, or disobey any requirements, procedures, policies or regulations of networks connected to the Application Services; (ix) intentionally or unintentionally violate any applicable local, state, national or international law or regulation; (x) “stalk” or otherwise harass another; or (xi) collect or store personal data about other users.
7. USE POLICIES
Customer is solely responsible for any content and other material that Customer submits, publishes, transmits, or displays on, through, or with the Application Services.
The Application Services we may provide or make available to Customer may be subject to U.S. export control and economic sanctions laws. Customer agrees to comply with all such laws and regulations as they relate to access to and use of the Application Services. Customer shall not access or use the Application Services if Customer is located in any jurisdiction in which the provision of the Application Services is prohibited under U.S. or other applicable laws or regulations (a “Prohibited Jurisdiction”) and Customer shall not provide access to the Application Services to any government, entity or individual located in any Prohibited Jurisdiction. Customer represents, warrants and covenants that (a) Customer is not named on any U.S. government list of persons or entities prohibited from receiving U.S. exports, or transacting with any U.S. person; (b) Customer is not a national of, or a company registered in, any Prohibited Jurisdiction; (c) Customer shall not permit its Authorized Users or any agents to access or use the Application Services in violation of any U.S. or other applicable export embargoes, prohibitions or restrictions; and (d) Customer shall comply with all applicable laws regarding the transmission of technical data exported from the United States and the country in which Customer, its Authorized Users and its agents are located.
8. EMAIL AND MESSAGES RELATED RULES
Customer agrees to the following while using Senseforce’s Messages service (which is described at https://senseforce.io/messages/ and which enables Customer to send targeted emails, notifications or messages):
a. Customer will not use purchased, scraped, or illegally obtained email lists;
b. Customer will not use rented email lists (even if they “opted in”);
c. Customer will not use third party email lists whatsoever;
d. Customer will not send Spam or Unsolicited Bulk Email, as defined by Spamhaus at http://www.spamhaus.org/definition.html.
e. Customer will abide by the CAN-SPAM Act of 2003, as amended, and all applicable, state, federal, or international anti-spam laws, rules and regulations, including email laws relating to consent, opt-out methods and processing, notices, and emails sent to email addresses with wireless domains; and agrees that Customer, and not Senseforce, is responsible for determining whether the Senseforce Messages service will be suitable for Customer’s compliance obligations. Customer will not send emails or messages promoting illegal activity or offering to sell illegal substances.
9. TRADEMARKS AND PUBLICITY
“Senseforce,” the Senseforce logo, and any other product or service name or slogan displayed on the Application Services are trademarks of Senseforce Gmbh. or its affiliates, and its suppliers or licensors, and may not be copied, imitated or used, in whole or in part, without the prior written permission of Senseforce or the applicable trademark holder. Customer shall not use any metatags or any other “hidden text” utilizing “Senseforce” or any other name, trademark or product or service name of Senseforce without prior written permission. In addition, the look and feel of the Application Services, including all page headers, custom graphics, button icons and scripts, is the service mark, trademark and/or trade dress of Senseforce and may not be copied, imitated or used, in whole or in part, without prior written permission. All other trademarks, registered trademarks, product names and company names or logos mentioned in the Application Services are the property of their respective owners. Reference to any products, services, processes or other information, by trade name, trademark, manufacturer, supplier, or otherwise does not constitute or imply endorsement, sponsorship, or recommendation thereof by Senseforce.
Customer agrees to allow Senseforce, and hereby does provide Senseforce with the necessary rights and licenses, to use Customer’s name and logo on the Senseforce website, blog and/or in marketing materials, including case studies and as press references, to identify Customer as a customer of Senseforce. Customer agrees to act as a customer reference for the Application Services and Customer agrees to respond reasonably to all such reference contacts.
10. CONFIDENTIAL INFORMATION; FEEDBACK
10.1 “Confidential Information” shall mean all written or oral information, disclosed by either party to the other, related to the operations of either party or a third party that has been identified as confidential or that by the nature of the circumstances surrounding disclosure ought reasonably to be treated as confidential. The parties acknowledge that during the performance of this Agreement, each party will have access to certain of the other party’s Confidential Information or Confidential Information of third parties that the disclosing party is required to maintain as confidential. Both parties agree that all items of Confidential Information are proprietary to the disclosing party or such third party, as applicable, and will remain the sole property of the disclosing party or such third party.
10.2 Each party agrees as follows: (a) to use Confidential Information disclosed by the other party only for the purposes described herein; (b) that such party will not reproduce Confidential Information disclosed by the other party, and will hold in confidence and protect such Confidential Information from dissemination to, and use by, any third party; (c) that neither party will create any derivative work from Confidential Information disclosed to such party by the other party; (d) to restrict access to the Confidential Information disclosed by the other party to such of its personnel, agents, and/or consultants, if any, who have a need to have access and who have been advised of and have agreed in writing to treat such information in accordance with the terms of this Agreement; and (e) to the extent practicable, return or destroy all Confidential Information disclosed by the other party that is in its possession upon termination or expiration of this Agreement, upon request of the other party.
10.3 Notwithstanding the foregoing, the provisions of Sections 10.1 and 10.2 will not apply to Confidential Information that (a) is publicly available or in the public domain at the time disclosed; (b) is or becomes publicly available or enters the public domain through no fault of the recipient; (c) is rightfully communicated to the recipient by persons not bound by confidentiality obligations with respect thereto; (d) is already in the recipient’s possession free of any confidentiality obligations with respect thereto at the time of disclosure; (e) is independently developed by the recipient; or (f) is approved for release or disclosure by the disclosing party without restriction. Notwithstanding the foregoing, each party may disclose Confidential Information to the limited extent required (x) in order to comply with the order of a court or other governmental body, or as otherwise necessary to comply with applicable law, provided that, to the extent permitted by law, the party making the disclosure pursuant to the order shall first have given written notice to the other party and made a reasonable effort to obtain a protective order; or (y) to establish a party’s rights under this Agreement, including to make such court filings as it may be required to do.
10.4 If Customer or its Authorized Users provide Senseforce any suggestions, recommendations, or other feedback relating to Senseforce’s current or future products or services (“Feedback”), Senseforce shall have the right to use the Feedback in any manner, including but not limited to future enhancements and modifications to the Application Services. Customer hereby grants to Senseforce and its assigns a perpetual, worldwide, fully transferable, sublicensable, fully paid-up, irrevocable, royalty free license to use, reproduce, modify, create derivative works from, distribute, and display the Feedback in any manner any for any purpose, in any media, software, or technology of any kind now existing or developed in the future, without any obligation to provide attribution or compensation to Customer or any third party. In addition, Senseforce shall be free to reuse all general knowledge, experience, know-how, works and technologies (including ideas, concepts, processes and techniques) related to or acquired during provision of the Application Services.
11. WARRANTIES; DISCLAIMER OF WARRANTIES
11.1 Senseforce warrants to Customer that the Application Services will perform materially in accordance with the documentation that accompany or is available for the Application Services by Senseforce. Senseforce’s sole liability and Customer’s exclusive right and remedy for a breach of the foregoing warranty is for Senseforce to correct or re-perform the nonconforming Application Services.
11.2 Customer warrants that Customer owns or has obtained all necessary rights, title and interest, and obtained all necessary consents, to transfer the Customer Data to Senseforce and its data center provider(s) for the purpose of processing such Customer Data in accordance with this Agreement.
11.3 EXCEPT AS SPECIFICALLY PROVIDED HEREIN, USE OF SERVICES PROVIDED BY SENSEFORCE INCLUDING BUT NOT LIMITED TO THE APPLICATION SERVICES, ANY PROFESSIONAL SERVICES AND CUSTOMER SUPPORT SERVICES IS AT CUSTOMER’S SOLE RISK. SUCH SERVICES ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. SENSEFORCE AND ITS SUPPLIERS AND LICENSORS EXPRESSLY DISCLAIM ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO THE IMPLIED INDEMNITIES AND WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. SENSEFORCE DOES NOT GUARANTEE THE ACCURACY, COMPLETENESS, OR USEFULNESS OF ITS SERVICES, AND CUSTOMER RELIES ON SUCH SERVICES AT CUSTOMER’S OWN RISK. NEITHER DOES SENSEFORCE GUARANTEE THE ACCURACY, USABILITY, COMPLETENESS, OR USEFULNESS OF ANY CUSTOM REPORT, AND CUSTOMER USES CUSTOM REPORTING FEATURES AT CUSTOMER’S OWN RISK. ANY MATERIAL THAT CUSTOMER ACCESSES OR OBTAINS THROUGH SENSEFORCE’S SERVICES, INCLUDING CUSTOMER CONTENT, IS DONE AT CUSTOMER’S OWN DISCRETION AND RISK AND CUSTOMER WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO CUSTOMER’S COMPUTER OR LOSS OF DATA THAT RESULTS FROM THE DOWNLOAD OF ANY MATERIAL THROUGH SENSEFORCE’S SERVICES. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY CUSTOMER FROM SENSEFORCE OR THROUGH OR FROM THE APPLICATION SERVICES WILL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THIS AGREEMENT.
12. LIMITATION OF LIABILITY
SENSEFORCE AND ITS SUPPLIERS AND LICENSORS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA, OR OTHER INTANGIBLE LOSSES (EVEN IF SENSEFORCE HAS BEEN ADVISED OF THE POSSIBILITY OF THESE DAMAGES), RESULTING FROM CUSTOMER’S USE OF THE APPLICATION SERVICES OR SENSEFORCE’S PROVISION OF ANY OTHER SERVICES. UNDER NO CIRCUMSTANCES WILL THE TOTAL LIABILITY OF SENSEFORCE AND ITS SUPPLIERS AND LICENSORS OF ALL KINDS ARISING OUT OF OR RELATED TO CUSTOMER’S USE OF THE APPLICATION SERVICES (INCLUDING BUT NOT LIMITED TO WARRANTY CLAIMS) OR SENSEFORCE’S PROVISION OF ANY OTHER SERVICES, REGARDLESS OF THE FORUM AND REGARDLESS OF WHETHER ANY ACTION OR CLAIM IS BASED ON CONTRACT, TORT, NEGLIGENCE OR OTHERWISE, EXCEED THE AMOUNTS, IF ANY, THAT CUSTOMER HAS PAID TO SENSEFORCE FOR CUSTOMER’S USE OF THE APPLICATION SERVICES FOR THE TWELVE (12) MONTH PERIOD PRIOR TO THE CLAIM.
Customer will defend, indemnify and hold harmless Senseforce, its suppliers and licensors, and its respective subsidiaries, affiliates, officers, agents, employees, representatives, and assigns, from any costs, damages, expenses, and liability caused by Customer’s use of the Application Services, Customer’s violation of this Agreement, Customer Content, or Customer’s violation of any rights of a third party through use of the Application Services.
14.1 Enforcement of any dispute relating to this Agreement will be governed by the laws of the State of California, excluding its conflict and choice of law principles. For parties residing in the United States, the exclusive jurisdiction and venue for any claims arising out of or related to this Agreement or Customer’s use of the Application Services is in the state and federal courts located in City and County of San Francisco, California, and Customer irrevocably agrees to submit to the jurisdiction of such courts.
14.2 Senseforce’s failure to enforce any right or provision in this Agreement will not constitute a waiver of such right or provision unless acknowledged and agreed to by Senseforce in writing. In the event that a court of competent jurisdiction finds any provision of this Agreement to be illegal, invalid, or unenforceable, the remaining provisions will remain in full force and effect.
14.3 The terms and conditions which by their nature are intended to survive termination of this Agreement shall survive, including Restrictions, Disclaimer of Warranties, Feedback, Indemnity, and Limitation of Liability. This Agreement contains the entire understanding of the parties on the subject matter hereof.
14.4 If Customer is a U.S. federal government department or agency or contracting on behalf of such department or agency, the Application Services are a “Commercial Item” as that term is defined at 48 C.F.R. §2.101, consisting of “Commercial Computer Software” and “Commercial Computer Software Documentation,” as those terms are used in 48 C.F.R. §12.212 or 48 C.F.R. §227.7202. Consistent with 48 C.F.R. §12.212 or 48 C.F.R. §227.7202-1 through 227.7202-4, as applicable, the Application Services are licensed to Customer with only those rights as provided under the terms and conditions of this Agreement.
15. CONTACTING US
All notices to be provided by Senseforce to Customer under this Agreement may be delivered in writing (a) by nationally recognized overnight delivery service (“Courier”) or U.S. mail to the contact mailing address provided by Customer on any Order Form; or (b) by electronic mail to the electronic mail address provided for Customer’s account owner. If you need to give notice to Senseforce, you must do so in writing by Courier or U.S. mail to 405 Howard Street, 2nd Floor, San Francisco, CA 94105, Attn: Legal Department. All notices shall be deemed to have been given immediately upon delivery if by electronic mail; or, if otherwise delivered, then upon the earlier of receipt or two (2) business days after being deposited in the mail or with a Courier as permitted above. If you have any questions or concerns about the Application Services or this Agreement, you may contact us by email at [email protected]
Senseforce has made several product updates to allow our customers to use Senseforce and comply with GDPR, including an open API for event deletion and data export functionality. We have also updated our client-side SDKs so our customer’s website and mobile app visitors can quickly opt out of being tracked. Senseforce’s team of privacy and security experts have been working hard to ensure we provided the tools our customers need and to ensure we can comply with our obligations to our customers. Please visit our page on Senseforce & GDPR to read the full story on our GDPR work.
On May 25, 2018, the General Data Protection Regulation (“GDPR”) will take effect. As the most significant data protection regulation in twenty years, the GDPR replaces the EU Data Protection Directive and seeks to strengthen individual rights while harmonizing the patchwork of data protection laws throughout Europe. The GDPR regulates the “processing” of personal data, which is defined very broadly, of any EU resident, regardless of where the processing takes place. Failure to comply with the GDPR could result in heavy fines: up to €20 million or 4% of worldwide revenue.
In December, we outlined the steps Senseforce was taking to ensure it was ready for GDPR, and the changes we were implementing that would allow our customers to use Senseforce and comply with GDPR. Below we’ve provided the details on the changes we’ve made and links to our product updates and GDPR resources.
Assisting Customers With Data Subject Access Requests
The GDPR grants broad rights to individuals with regard to their personal information and who has access to it. The GDPR, therefore, provides individuals (known as “data subjects”) with the “right to be forgotten.” In practice, this means organizations must now comply with a data subject’s request for access to his/her personal information in order to correct, delete, or retrieve such information. As a data processor for our customers, we have built tools that will allow us to assist our customers in complying with these data subject requests.
First, our client side SDKs have been updated to provide more robust opt-out methods that will opt users out of tracking on both the API and cookie level. While customers are still responsible for ensuring they have a lawful basis for processing (i.e. consent, legitimate interest) from their end users, our SDKs will now provide enhanced flags to help with that opt-in process. Customers will also be able to set a default opt-in/out state for their client-side implementations. You can read more about the SDKs here.
Second, we have developed deletion and export tools for end user data. When we began this journey, we knew we wanted to provide our customers with the tools they needed to respond to not only general deletion or access requests, but also to more specific requests for deletion of specific pieces of personal data from their end users; it was important to us to build retrieval and deletion tools that were sophisticated enough to provide an accurate response for our customers rather than providing a generic one-size-fits-all tool. Our engineering team has built a tool capable of exporting or deleting event data for distinct_ids or deleting specific properties – it can handle either type of request. This is not an all-or-nothing tool that you might have seen from other analytics providers – Senseforce will be able to retrieve or delete a specific property for a unique user or all of the data for a distinct_id. When GDPR takes effect, event deletion and export requests will be handled by our Support team via a webform in the customer’s Account Settings. We will be providing instructions to our customers on how to submit the data subject deletion or export request prior to the GDPR effectiveness date. We will also have our external deletion API ready for customer use by the end of May. In the meantime, we have created GDPR documents to help customers with Senseforce and GDPR related implementation questions, which you can find here.
Third, we’ve updated our customer data retention period to a default period of five years for event data. Among other obligations, GDPR limits the time period in which an organization may retain data to “no longer than is necessary for the purposes for which the personal data are processed.” Senseforce has historically allowed customers to retain data indefinitely. In developing this new policy, we were mindful of our customers’ needs for historical data while also trying to balance the rigorous data storage limitations in the GDPR which is why our default retention period will be five years. You can find more information on the details on our retention policy, and the options available to customers, in our Help Center. If you have any questions you can always reach out to [email protected]
Finally, as we discuss in more detail below, we wanted to make sure we tightened up controls around who in Senseforce has access to the data our customers send into Senseforce. To do that, we audited our systems and access permissions to ensure that only those we designated as a “need to know” are able to access the data sent into Senseforce. We enhanced our data logging system to be sure we can track who is accessing customer data both internally and externally by customers, when it was accessed, and what they did, if anything, with the data. Customers can be sure that our logs will accurately reflect the details of access to their data.
Data Processing Addendum
Assistance with Data Subject Requests – to the extent our customers cannot delete or retrieve data processed by Senseforce on their own, we will assist customers with the data subject requests they receive.
Notification of Data Incidents – Senseforce will notify customers without undue delay if there are any accidental, unauthorised or unlawful destruction, loss, alteration, or disclosure of, or access to the personal data. We will assist our customers in their obligations under Articles 32-36 of the GDPR.
Confidentiality Commitments of Personnel – All Senseforce employees are required to sign a confidentiality agreement prior to employment, complete mandatory privacy trainings, and adhere to other internal policies.
The GDPR allows for several ways to facilitate transfers of personal data outside of the EU. One valid mechanism for transfer of personal data outside of the EU is transfer of data under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. Senseforce was among the first analytics providers to self-certify under the Privacy Shield Frameworks in 2016 and has maintained that certification. You can find more information about Senseforce and the Privacy Shield Framework in our Help Center.
As obligations to protect data transfers from the EU continue to develop, we’re committed to maintaining a valid mechanism to facilitate transfers of personal data outside of the EU.
Vendor Obligations and Subcontractors
As a data processor under the GDPR, we are responsible for the subcontractors we retain to help us provide our services. To support delivery of our services to customers, we engage certain vendors who help us process our customers’ data. Some of these vendors provide our data storage and infrastructure and are an integral part of the services we provide while others provide important account management assistance. We know we have an important responsibility when it comes to scrutinizing these subcontractors which is why our Vendor Risk Assessment program requires each subcontractor to undergo a rigorous review by our legal and security teams to ensure each has the required technical and organizational expertise and measures in place to deliver an appropriate level of security and privacy. In addition, we have entered into a data processing addendum with each subprocessor to make sure we have contractual commitments to ensure the privacy and security obligations with our customers flow through to our subcontractors. We have also developed a comprehensive internal map of all customer data flow in connection with our subcontractor review to ensure GDPR compliance, which include our requirements to assist with data subject access requests.
A list of our subcontractors can be found here and is also linked to in Section 4 of our Data Processing Addendum that is publicly available. As noted in our DPA, if a customer requires prior notification of any updates to the list of subcontractors, that customer can request notifications of those updates by emailing [email protected]
Enterprise Grade Security
The GDPR requires controllers and processors of personal data to “implement appropriate technical and organisational” measures to ensure a level of security appropriate to the risk. Senseforce uses Google Cloud Platform (“GCP”) as its third-party cloud storage subcontractor and does not host customer data on its premises. GCP is a leading cloud provider, and holds industry best security certifications, such as SOC2 and ISO27001, and provides encryption in transit and at rest, without any action required from our customers.
Internal Controls – For Senseforce employees, access rights and levels are based on job function and role, using the concepts of least-privilege and need-to-know to match access privileges to defined responsibilities. Additionally, all Senseforce employees must abide by multiple policies about handling customer data securely and protecting customer data.
Audits for Vulnerabilities – At least annually, we invite an independent, third-party auditor to run penetration testing. Additionally we run scans for software vulnerabilities and have a Security Information and Event Management platform, which provides 24x7x365 monitoring and alerting for security incidents in our networks and systems.
Product Security – Senseforce customers can access product features and configurations to further protect personal data against unauthorized or unlawful processing, including Single Sign On (“SSO”) and 2-Step Verification. You can read more about our security architecture here.
You may find additional information about Senseforce’s security program at https://senseforce.io/legal/security-overview/
Global Privacy Program
At the end of the day, GDPR has forced organizations to be more thoughtful in their approach to the collection and processing of personal data, which we welcome and fully embrace. We have appointed a Data Protection Officer (DPO) to guide Senseforce’s global privacy program and ensure that Senseforce complies with its obligations under GDPR and other privacy regimes. Our DPO will help the teams at Senseforce work through the Data Privacy Impact Assessment process (as required by Article 35 of the GDPR) to recognize and minimize data protection risks. When you are entrusted with the data that our customers entrust to us, Privacy by Design should be an integral part of your product engineering process, as it is at Senseforce. And finally, as part of our global privacy program, all employees have received privacy awareness training and will continue to receive this training annually, in addition to more position specific security training some employees may need. We will not only ensure employees receive the ongoing training, but we have also developed a privacy program audit procedure to ensure the principles and policies are being followed.