SERVICE AGREEMENT
Last Updated February 27, 2023
This Service Agreement is a binding agreement made between, Truepic, Inc. (hereinafter, “Truepic,” “we” or “our”) and you, a customer of Truepic that has entered into an Enterprise Service Order (“Order”) which incorporates this Service Agreement in its entirety. As used herein, “you”, “your”, and “Customer” refer to the entity that entered into such Order, together with all Affiliates of such entity. You and Truepic are also sometimes each herein referred to as a “party” or collectively as the “parties”.
This Service Agreement, including Exhibit A (Description of Products and Services) and Exhibit B (Data Processing Agreement), together with the Order constitutes the entire agreement between the parties (the “Agreement”). The Agreement governs Customer’s access to and use of the Truepic product or service identified in the Order, as further described in Exhibit A (collectively, the “Services” or “Service”). Capitalized terms used herein shall have the meanings ascribed to them in this Agreement and the Order.
You acknowledge that you have had the opportunity to review this Agreement before signing the Order. By signing an Order, you acknowledge that you have read and understand this Agreement, that you accept the terms and conditions contained in this Agreement. You agree that this Agreement shall be legally binding upon you and your Affiliates, without the need for any further indication of acceptance on your part (such as by signature, click through or other means of electronic acceptance). If you are acting on behalf of an entity, you represent that you have full legal authority to bind the entity and its Affiliates.
IF YOU CHOOSE NOT TO AGREE TO ALL OF THESE TERMS AND CONDITIONS, DO NOT ACCESS AND/OR USE THE SERVICES. YOUR ACCESS AND/OR USE OF THE SERVICES SHALL CONSTITUTE YOUR ACCEPTANCE OF ALL OF THE TERMS AND CONDITIONS SET FORTH IN THIS AGREEMENT.
TRUEPIC RESERVES THE RIGHT TO CHANGE THIS AGREEMENT OR ANY PART OF THE SERVICE AT ANY TIME. ALTHOUGH TRUEPIC MAY INCLUDE A NOTICE ON THE TRUEPIC WEBSITE OR WITHIN THE SERVICE THAT THIS AGREEMENT HAS BEEN MODIFIED, SUCH NOTICE MAY NOT REMAIN IN PLACE FOR ANY EXTENDED PERIOD OF TIME. ACCORDINGLY, YOU SHOULD REVIEW THIS AGREEMENT, AS POSTED ON THE SERVICE, FROM TIME TO TIME. TO THE FULLEST EXTENT PERMITTED UNDER ALL APPLICABLE LAWS, YOUR CONTINUED USE OF THE SERVICE AFTER ANY REVISED SERVICE AGREEMENT HAS BEEN POSTED CONSTITUTES YOUR ACCEPTANCE OF THE REVISED AGREEMENT AND YOU SHALL BE BOUND TO THE REVISED AGREEMENT AS THOUGH IT WAS IN EFFECT AT THE TIME YOU ORIGINALLY ENTERED INTO THE APPLICABLE ORDER.
This Agreement is effective between you and Truepic as of the date of the Effective Date or Effective Start Date set forth on the Order (the “Effective Date”). This Agreement, as modified or amended, will continue in full force and effect until it is terminated or superseded as set forth herein.
- Definitions. The following capitalized terms shall have the meanings set forth below:
“Affiliate” means any entity that is controlled by, controls, or is under common control with a party for so long as such relationship exists. For purposes of this definition, “control” means (i) beneficial ownership (direct or indirect) of at least fifty percent (50%) of the equity interests of the subject entity entitled to vote in the election of directors (or, in the case of an entity that is not a corporation, in the election of the corresponding managing authority) or (ii) any other arrangement whereby an entity controls or has the right to control the board of directors or equivalent governing body of the subject entity, or the ability to cause the direction of the management or policies of such subject entity.
“Aggregated Anonymous Data” means any of the following information that has been aggregated with other similar information of other Truepic customers, and anonymized so that it does not reveal any personally identifying information or information identifying Customer: (a) information related to how Truepic’s customers are using the Truepic Service, (b) information related to the performance of the Truepic Service, and (c) any other information that provides insight into Truepic’s business or the Truepic Service.
“Applicable Law” means all applicable laws, rules, regulations and legal requirements.
“Customer Content” means photos, information, data, text, images, graphics, videos, comments, posts and any other content p rovided by Customer or its End-Users through the Service and any analysis, results or outcomes provided by the Service based on such content.
“End User” means any person or entity, such as Customer’s clients, contractors or employees, involved in capturing photo or video images and providing such images to Customer or its Affiliates for use with the Service.
“Intellectual Property Right” means any patent, utility model, design patent, copyright, trademark, service mark, trade dress, trade name, logo, trade secret, moral right, know-how, all rights in computer software and data, database rights, and all other intangible property rights and privileges throughout the world, whether or not a party has applied for or been granted registration or other protection therefor.
“Personal Information” or “Personal Data” means any information relating to an identified or identifiable person as defined by applicable privacy or data protection laws.
- Service
- Service. Truepic shall provide, and Customer shall use, the Service in accordance with the terms and conditions of this Agreement. In using the Service, Customer agrees to comply (and ensure that End-User’s comply) with the User Code of Conduct set forth in Section 4.3.
- Documentation. Truepic will provide or make available to Customer documentation (“Documentation”) that describes the major features and functionality of the Service.
- License Grants; Ownership.
- Customer License Grant. Customer grants Truepic a non-exclusive, worldwide, non-sublicensable, royalty-free right and license during the Term to use and modify any Customer Content solely to deliver the Service. Truepic may not publicly display Customer Content without the prior written consent of Customer.
- Truepic License Grant. Subject to the terms and conditions of this Agreement, Truepic grants Customer a non-exclusive, worldwide, non-transferable, non-sublicensable right and license during the Term to access and use the Service for the purposes contemplated in this Agreement.
- Ownership. Truepic owns all right, title, and interest in and to the Service, and any related suggestions, ideas, enhancements, requests, feedback, and recommendations provided by Customer and its Affiliates to Truepic. This Agreement is not a sale and does not convey to Customer any rights of ownership in or related to the Service, or Intellectual Property Rights of Truepic.
- Restriction on Modification. Except as otherwise provided herein, Customer shall not: (a) reverse engineer, disassemble or decompile the Service; (b) remove, obscure or alter any proprietary rights notices, branding, text, or images, affixed or related to the Service; (c) access or attempt to access Truepic’s other accounts, computer systems or networks not covered by this Agreement, through password mining or any other means; or (d) use the Service to store or transmit any Customer Content containing: (i) any malicious code; (ii) any unlawful, defamatory or pornographic material; or (iii) any material that encourages conduct that could constitute a criminal offense or violate applicable law; or (e) knowingly allow any End-User or other third party to do any of the foregoing. Customer shall promptly notify Truepic if Customer becomes aware of any unauthorized use of the whole or any part of the Service.
- Limitations on Use. Except as expressly authorized by this Agreement, Customer may not: (a) copy, modify or create derivative works of the Service; (b) license, sublicense, sell, rent, lease, resell, transfer, assign or otherwise make available to any third party the Service or any part thereof; (c) use the Service to impersonate any person or entity or otherwise misrepresent its affiliation with a person or entity; (d) use the Service to breach any right of privacy, confidentiality or right under applicable consumer or data protection laws; (e) interfere with the Service or disobey any requirements, procedures, policies or regulations of networks connected to the Service; or (f) work around any limitations or permissions of the Service.
- No Other Rights Granted. The parties acknowledge and agree that, except for the rights and licenses expressly granted by each party to the other party under this Agreement, each party will retain all right, title and interest in and to its software, hardware, technology or products, trademarks, and all content, information and other materials on its website(s), technology platforms and mobile applications, and nothing contained in this Agreement will be construed as conferring upon such party, by implication, operation of law or otherwise, any other license or other right. Without limiting the generality of the foregoing, the parties agree that Truepic shall maintain all Intellectual Property Rights in and to the Service and Customer shall maintain all Intellectual Property Rights in and to the Customer Content. Neither party will, whether during or after the Term of this Agreement, contest or aid others in contesting, or doing anything which otherwise impairs the validity of any Intellectual Property Right of the other party. Notwithstanding the foregoing, Customer acknowledges and agrees that (i) Truepic may use and modify Customer Content in connection with providing the Truepic Service, (ii) Truepic may collect information and generate Aggregated Anonymous Data (as defined below), (iii) Truepic is and will remain the sole and exclusive owner of all right, title and interest in and to all Aggregated Anonymous Data, including all intellectual property rights related thereto, and (iv) Truepic may freely use and make available Aggregated Anonymous Data for Truepic’s business purposes (including without limitation, for purposes of improving, testing, operating, promoting and marketing Truepic’s current and future products and services).
- Responsibilities of Customer.
- Connectivity. Customer must provide all equipment and software (such as an internet browser) necessary to connect to the Service, including but not limited to, a computer or mobile device that is suitable to connect with and use the Service. Truepic shall not be responsible for any fees, including Internet connection or mobile fees, that may be incurred when accessing the Service.
- Customer Content. Customer shall not submit Customer Content that: (i) includes material that is copyrighted, protected by trade secret or otherwise subject to third party proprietary rights (including, without limitation, trademark, privacy and publicity rights) unless Customer is the owner of such rights or Customer has all necessary license rights to do so and to grant Truepic the rights set forth in this Agreement; (ii) includes any material that by itself, or by its use as permitted in this Agreement, infringes upon, misappropriates or violates the rights of any person or entity or any applicable laws; (iii) is unlawful, obscene, defamatory, libelous, threatening, pornographic, harassing, hateful, racially or ethnically offensive or encourages conduct that would be considered a criminal offense, gives rise to civil liability, violates any law or is otherwise inappropriate; (iv) contains Personal Information, except with the consent of the individual to whom such information relates or as otherwise expressly permitted under applicable data protection and privacy laws; or (v) could be considered bulk unsolicited communications or otherwise violate applicable anti-spam laws.
- User Code of Conduct. In using or accessing the Service, Customer agrees to comply with the following requirements (and shall ensure that its End-Users also comply with them):
- not to use the Service in breach of the Service Agreement;
- not to “spam” others or “phish” for others’ Personal Information;
- not to disrupt or interfere with the security of, or otherwise abuse, the Service, or any part the Service;
- not to create accounts with the Service through unauthorized means, including but not limited to, by using an automated device, script, bot, spider, crawler or scraper;
- not to interfere or disrupt the Service or servers or networks connected to the Service, including by transmitting any worms, viruses, spyware, malware or any other code of a destructive or disruptive nature;
- not to inject content or code or otherwise alter or interfere with the way any Truepic page is rendered or displayed in a user’s browser or device;
- not to use, frame or utilize framing techniques to enclose any part of the Service without Truepic’s express prior written consent;
- not to “deeplink” to the Service without Truepic’s express prior written consent;
- not to attempt to obtain unauthorized access to the Service or portions of the Service that are restricted from general access; and
- not to use the Service in breach of any third-party site’s terms and conditions.
- Notice Requirements. Customer agrees to immediately notify Truepic if Customer suspects illegal, fraudulent or abusive activity, or any activity in violation of this Agreement. If Customer so notifies Truepic, or Truepic otherwise suspects such activity, Customer agrees to cooperate with Truepic in any investigation and to use any prevention measures prescribed by Truepic.
- Fees and Payment.
- Fees. Customer is responsible for timely payment of all fees specified in the Order (“Fees”).
- Invoicing and Payment. All Fees shall be due and payable within thirty (30) days after the date the applicable invoice is electronically sent to Customer. In the event Customer disputes any invoiced Fees, Customer will provide written notice of the disputed amount within fourteen (14) days after receiving such invoice and timely pay any undisputed portion of such invoice. Upon resolution of the dispute, Customer will pay Truepic the portion of the disputed amount agreed or determined to be owing to Truepic.
- Taxes. The Fees are inclusive of all sales, use or VAT taxes that may be legally assessed by Truepic for the Service.
- Term and Termination.
- Term. This Agreement is effective as of the Effective Date, and shall continue in force, unless otherwise terminated, for the contract length or initial term set forth in the Order (the “Initial Term”). Unless either party provides written notice to the other party of its intent not to renew this Agreement at least sixty (60) days prior to the end of the then-current term or the Agreement is otherwise terminated as provided herein, the Agreement shall automatically renew for an additional one (1) year term (any renewal and the Initial Term are referred to as the “Term”).
- Termination for Cause. Either party may terminate this Agreement for cause if any material breach or default of the terms and conditions of this Agreement remains uncured after thirty (30) days following written notice of such breach.
- Termination for Bankruptcy or Insolvency. Either party may terminate this Agreement if the other party becomes insolvent, admits in writing its inability to pay its debts as they mature, makes an assignment for the benefit of creditors, becomes subject to control of a trustee, receiver or similar authority, or becomes subject to any bankruptcy or insolvency proceeding.
- Suspension of Service. Truepic reserves the right to suspend Customer’s access to the Service, without liability to Customer, if Customer is (a) more than sixty (60) days late in payment of the service Fees due under this Agreement; or (b) in material breach of this Agreement. The foregoing shall be in addition to any other rights or remedies available to Truepic, including termination of this Agreement.
- Effect of Termination. In the event of termination or expiration of this Agreement, Customer shall discontinue all use of the Service and destroy or return copies of all Documentation or other documents provided by Truepic in its possession or control. Customer acknowledges that on expiration or earlier termination of this Agreement, Truepic may terminate Customer’s account, and its End-Users will therefore no longer have access to any of the Service. Truepic will maintain Customer’s Content for a period of thirty (30) days after the effective date of termination. Termination for any reason shall not relieve Customer of the obligation to pay any Fees accrued or due and payable to Truepic prior to the effective date of termination.
- Transition Service; Data Transfer. Upon expiration or termination of this Agreement for any reason, Truepic will, at Customer’s written request, prior to the date of expiration or termination, continue to allow Customer to access and use the Service after the date of any such expiration or termination for the sole purpose of effecting an orderly transition from the Service. During such period, the then-existing fees will continue to be in effect and the terms of this Agreement shall survive and continue to govern the parties’ rights and obligations with respect to the Service. This transition period shall end when the transition from the Service has occurred, which period shall not exceed three (3) months following the expiration or termination date (the “Transition Period”). During the Transition Period, at Customer’s written request, Truepic will transfer Customer’s Content and related data from Truepic’s databases and image storage on Amazon AWS to a file storage location designated by Customer.
- Survival. The provisions of Sections 1 (Definitions), 3.3, 3.4, 3.5, 3.6, 5 (Fees and Payment), 6.5 (Effect of Termination), 6.6 (Transition Service; Data Transfer), 6.7 (Survival), 7 (Data Protection), 8 (Confidentiality), 12.1 (Disclaimer of Warranties), 12.2 (Warranty Exclusions), 13 (Indemnification), 14 (Limitation of Liability) and 15 (Miscellaneous) shall survive expiration or termination of this Agreement and any terms in the Exhibits to this Agreement which are stated to survive the expiration or termination of such exhibits shall also survive any expiration or termination of this Agreement.
- Data Protection. Truepic shall use and access Customer Content for the purposes of providing the Service in accordance with the Agreement. Subject to Customer’s compliance with all laws applicable to the Customer Content provided to Truepic, Truepic will comply with its obligations under privacy and data protection laws applicable to it in connection with the Service.
- Truepic will have no liability for any distribution, display or disclosure of Customer Content by Customer or by Customer’s End-Users, regardless of whether such distribution, display or disclosure results in a violation of any applicable privacy or data protection laws.
- The parties shall incorporate the data processing agreement attached as Exhibit B solely to the extent required under applicable law.
- Customer instructs Truepic to process Personal Data for the following purposes (each a permitted purpose): (i) processing in accordance with the Agreement; (ii) processing in order to authenticate and verify certain photos and videos as directed by Customer and/or Customer’s End-Users; and (iii) processing to comply with other reasonable instructions provided by Customer where such instructions are acknowledged by Truepic as consistent with the terms of the Agreement. Truepic may process Personal Data other than on the instructions of the Customer if it is mandatory under applicable law to which Truepic is subject but otherwise shall not sell such Personal Data and may not share Personal Data except as instructed in writing by Customer.
- Except to the extent expressly otherwise provided herein, Customer is solely responsible for ensuring that its use of the Service complies with all applicable privacy and data protection laws. Without limiting the foregoing, to the extent that Customer Content includes Personal Information, Customer is responsible for ensuring that it has provided all necessary notices, obtained all necessary consents, and otherwise has all requisite authority to provide such Personal Information to Truepic and for Truepic to collect, use, store and disclose the Personal Information for the purposes of providing the Service.
- Confidentiality.
- “Confidential Information” means any of either party’s proprietary information, technical data, trade secrets or know-how, including, but not limited to, computer code, data, analytics, and related tools, stems and/or processes, product plans, designs, costs, prices, names, finances, marketing plans, business opportunities, personnel, research, development, know how, source code, products, services, customers, customer lists, markets, software, developments, inventions, processes, formulas, technology, designs, drawings, engineering, hardware configuration information, marketing, finances or other business information disclosed by one party (“Discloser”) to another (“Recipient”), either directly or indirectly in writing, orally or by drawings or inspection of parts or equipment, or the fact that negotiations or discussions are taking place between the Parties or that Confidential Information has been made available to a party. Confidential Information shall not include information that: (a) is or becomes generally available to the public through no fault or breach on the part of Recipient; (b) Recipient can demonstrate to have had rightfully in its possession prior to disclosure to Recipient by Discloser; or (c) Recipient rightfully obtains from a third party who has the right to transfer or disclose it.
- Non-Use and Non-Disclosure. Recipient shall not, during or subsequent to the Term of this Agreement, use Discloser’s Confidential Information for any purpose whatsoever other than the performance of the Service, or disclose Discloser’s Confidential Information to any third party. Recipient may disclose the Confidential Information to its employees and contractors with a bona fide need to know in order to fulfill the performance of the Service, and who have signed a nondisclosure agreement at least as protective of the disclosing party’s rights as those terms and conditions applicable to Recipient under this Agreement. It is understood that said Confidential Information will remain the sole property of Discloser.
- Return or Destruction of Materials. Upon the termination or expiration of this Agreement, or upon receipt of written request by a party, each party shall promptly deliver to the other party (or delete or destroy at such party’s request) any property and/or Confidential Information of the other party in its possession or control. Upon written request, such party will provide to the other party a written certificate stating that all such property and copies have been so delivered, deleted or destroyed.
- Marketing and Promotion
- Customer hereby grants to Truepic a worldwide, non-exclusive, royalty-free right and license to use Customer’s trade names, trademarks, service marks, domain names and other logos of Customer (the “Customer Trademarks”) solely in connection with Truepic providing the Service to or on behalf of Customer and in accordance with Customer’s trademark guidelines provided or made available by Customer to Truepic. All use by Truepic of the Customer Trademarks (including any goodwill associated therewith) will inure to the benefit of Customer. Truepic shall not challenge or assist others to challenge Customer Trademarks or the registration thereof by Customer, nor shall Truepic attempt to register any Customer Trademarks or domain names that are confusingly similar to those of Customer.
- Truepic hereby grants to Customer a worldwide, non-exclusive, royalty-free right and license to use Truepic’s trade names, trademarks, service marks, domain names and other logos of Truepic (the “Truepic Trademarks”) solely in connection with Customer’s use of the Service and in accordance with Truepic’s trademark guidelines provided or made available by Truepic to Customer. All use by Customer of the Truepic Trademarks (including any goodwill associated therewith) will inure to the benefit of Truepic. Customer shall not challenge or assist others to challenge Truepic Trademarks or the registration thereof by Truepic, nor shall Customer attempt to register any Truepic Trademarks or domain names that are confusingly similar to those of Truepic.
- Mutual Representations and Warranties.
- Each party represents and warrants to the other that as of the Effective Date: (i) it has full power and authority to enter into this Agreement, (ii) it is duly organized, validly existing and in good standing under the laws of its state of organization, (iii) its signatory to the Order has the right and authority to enter into the Order and this Agreement and to legally bind it to the terms and obligations of the Order and this Agreement, and (iv) no agreement previously entered into by such party will interfere with such party’s performance of its obligations under this Agreement.
- Truepic Warranty and Covenants.
- Truepic warrants that the Service will operate substantially in accordance with its published specifications and online documentation during the Term of this Agreement.
- Truepic will maintain and support the Service consistent with generally accepted industry practices.
- Truepic will implement and maintain disaster recovery and business continuity plans, including procedures to be followed in the event Truepic’s facilities or equipment are destroyed or damaged.
- Truepic shall notify Customer of a breach of security that results in a theft or unauthorized access to, use or disclosure of Customer Content (a “Security Breach”), promptly after it becomes aware of the Security Breach. In any notification to Customer required under this Section, Truepic shall designate a single individual employed by Truepic as a contact regarding Truepic’s obligations under this Agreement. Unless prohibited by an applicable law, Truepic will also promptly notify Customer of any third-party legal process relating to any Security Breach, including, but not limited to, any legal process initiated by any governmental entity (foreign or domestic) and limit the associated disclosure to only that information that must be disclosed to comply with the order. In the event of a Security Breach, Truepic shall assist Customer in investigating and remedying the Security Breach.
- Warranty Disclaimers and Exclusions.
- Disclaimer of Warranties. EXCEPT AS OTHERWISE SPECIFICALLY SET FORTH HEREIN, THE SERVICE, AND ANY OTHER APPLICATIONS, SERVICES, OR MATERIALS HEREUNDER ARE PROVIDED BY Truepic AND ACCEPTED BY CUSTOMER “AS IS” AND WITHOUT WARRANTY OF ANY KIND AND THE PARTIES EXPRESSLY DISCLAIM ANY AND ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
- Warranty Exclusions. EXCEPT AS OTHERWISE SPECIFICALLY SET FORTH HEREIN, TRUEPIC DOES NOT WARRANT THAT THE SERVICE, OR ANY OTHER APPLICATIONS, SERVICES, MATERIALS PROVIDED UNDER THIS AGREEMENT WILL MEET CUSTOMER’S REQUIREMENTS OR THAT THEY OR THEIR ACCESS OR USE WILL BE UNINTERRUPTED OR ERROR FREE OR THAT THE SERVICE WILL BE SUITABLE FOR CUSTOMER’S NEEDS OR CUSTOMER’S INTENDED APPLICATIONS, OR THAT THE SERVICE WILL BE COMPATIBLE WITH OR OPERATE IN THE HARDWARE, SOFTWARE, OR WEBSITE CONFIGURATIONS THAT CUSTOMER SELECTS. TRUEPIC IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES OR OTHER DAMAGES RESULTING FROM USE OF THE INTERNET OR ELECTRONIC COMMUNICATIONS OR RELATED EQUIPMENT TO WHICH THE SERVICE MAY BE SUBJECT. TRUEPIC MAKES NO REPRESENTATIONS OR WARRANTIES AS TO THE SUITABILITY OF THIRD-PARTY SERVICES OR FOR THE ACTS OR OMISSIONS OF PROVIDERS OF SUCH THIRD-PARTY SERVICES.
- Indemnification.
- Truepic Indemnification. Truepic shall indemnify, defend and hold harmless Customer, its Affiliates and their respective directors, officers and employees (the “Customer Indemnitees”) from and against any and all damages, losses, liabilities, costs or expenses, including reasonable attorneys’ fees (collectively “Losses”), related to third-party claims, demands, assessments, actions, suits, investigations or proceedings (collectively “Claims”), resulting from (a) a breach by Truepic of its representations, warranties or other obligations set forth in this Agreement; (b) a failure by Truepic to comply with any Applicable Law; (c) allegations that the Service, when used in accordance with this Agreement, infringes the Intellectual Property Rights of a third-party; except, in each case, to the extent such Claims or Losses resulted from any action, inaction or circumstance for which Customer is obligated to indemnify, defend and hold harmless Truepic pursuant to Section 13.2 below.
- Customer Indemnification. Customer agrees to indemnify, defend and hold harmless Truepic and its directors, officers and employees (the “Truepic Indemnitees”) from and against any and all Losses related to third-party Claims resulting from (a) a breach by Customer of its representations, warranties or other obligations set forth in this Agreement; (b) a failure by Customer to comply with any Applicable Law; (c) any unauthorized use of the Service or any violation, through use of the Service, of the rights of a third-party, including violation of privacy rights but excluding intellectual property infringement covered by Section 13.1(c).
- Indemnification Process. Any party providing indemnification under this Agreement shall have the right to control the defense and settlement of any Claims or Losses for which such party is providing indemnification. The indemnified party shall reasonably cooperate in the defense of any Claims or Losses and provide prompt notice to the indemnifying party of any Claims or Losses for which indemnification is sought. The indemnified party shall have the right to obtain separate legal counsel at its own expense, if it so chooses. No settlement shall be entered into without the consent of the indemnified party, provided that such consent shall not be unreasonably withheld or delayed.
- Restrictions. Truepic shall have no obligation to indemnify and defend or any liability in respect of a Claim to the extent that the Claim results from: (a) any use of the Service other than in accordance with the terms of this Agreement; (b) any modification, configuration or change made to the Service or Truepic’s software other than by Truepic (or a third-party acting at its direction); and (c) failures by third-party-internet service providers, cloud services, telecommunications equipment or the like.
- Remedies. In the event the Service becomes subject to a third-party claim of infringement for which Truepic may be liable, Truepic may, at its own option and expense, take one of the following courses of action: (a) procure the right for Customer to continue using and allowing access to the Service in accordance with this Agreement; (b) make such alterations, modifications or adjustments to the Service so that it becomes non-infringing; (c) replace the Service with a non-infringing substitute; or (d) if Truepic determines that it is not possible or commercially reasonable to exercise any of the foregoing options, then Truepic may terminate this Agreement immediately with no liability to Customer except Truepic shall refund any payments which have been made by Customer in advance which exceed amounts due. The indemnity obligations contained in this Section 13 are the sole and exclusive remedy available to Customer for an allegation of breach by Truepic of third-party intellectual property rights.
- Limitation of Liability.
- General Limitation of Liability. EXCEPT FOR A BREACH OF THE INTELLECTUAL PROPERTY LICENSES SET FORTH HEREIN, SECTION 8 (CONFIDENTIALITY), OR SECTION 13 (INDEMNIFICATION), IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, PUNITIVE, RELIANCE, OR EXEMPLARY DAMAGES, WHETHER FORESEEABLE OR NOT, AND INCLUDING, BUT NOT LIMITED TO, DAMAGE OR LOSS OF PROPERTY, EQUIPMENT, INFORMATION OR DATA; LOSS OF PROFITS, REVENUE, GOODWILL, OR OTHER PECUNIARY LOSS; BUSINESS INTERRUPTION; REGARDLESS OF THEORY OF LIABILITY WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHER THEORY AT LAW OR IN EQUITY. THESE LIMITATIONS WILL APPLY EVEN IF THE OTHER PARTY HAS BEEN ADVISED OR IS AWARE OF THE POSSIBILITY OF SUCH DAMAGES AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY PROVIDED HEREIN.
- EXCEPT FOR A BREACH OF THE INTELLECTUAL PROPERTY LICENSES SET FORTH HEREIN, SECTION 8 (CONFIDENTIALITY), OR SECTION 13 (INDEMNIFICATION), IN NO EVENT WILL EITHER PARTY BE LIABLE FOR ANY DAMAGES THAT EXCEED THE TOTAL FEES PAID OR PAYABLE BY CUSTOMER TO TRUEPIC UNDER THIS AGREEMENT IN THE TWELVE (12) MONTHS PRIOR TO THE ACTIONS GIVING RISE TO THE CLAIM.
- TRUEPIC’S LIABILITY FOR AN INTELLECTUAL PROPERTY INFRINGEMENT CLAIM UNDER SECTION 13.1, SHALL NOT EXCEED ONE MILLION DOLLARS OR TWO TIMES (2X) THE TOTAL FEES PAID OR PAYABLE BY CUSTOMER TO TRUEPIC UNDER THIS AGREEMENT, WHICHEVER AMOUNT IS GREATER.
- The foregoing limitations and exclusions apply to the fullest extent permitted under applicable laws, however, nothing herein is intended to limit or exclude any liability in a way that is not permitted under such laws.
- Miscellaneous.
- Assignment. Neither party may assign, license, sub-license, or transfer this Agreement or any of its rights hereunder, without the prior written consent of the other party, such consent not to be unreasonably withheld or delayed. Notwithstanding the foregoing, in the event of a sale, merger, acquisition or similar corporate activity, either party may assign its rights and obligations under this Agreement to the successor in interest or title to all or substantially all of that part of the business to which this Agreement relates.
- Successors and Assigns. All references in this Agreement to the parties shall be deemed to include, as applicable, a reference to their respective successors and assigns. The provisions of this Agreement shall be binding on and shall inure to the benefit of the successors and assigns of the parties.
- Notices. Any notice under this Agreement must be in writing and delivered to the other party by personal delivery, overnight mail courier, registered mail, or by email. Notices will be deemed effective if sent to the other party (a) five (5) working days after deposit, if mailed with postage prepaid; (b) upon electronic delivery confirmation if sent by overnight courier; or (c) the same day if sent by email during the receiver’s normal business hours (or the following day if sent after normal business hours).
- Governing Law; Venue. The laws of Delaware without regard to any conflict-of-laws rules shall govern this Agreement, and the United Nations Convention on Contracts for the International Sale of Goods is hereby excluded. The sole jurisdiction and venue for actions related to the subject matter hereof shall be the state and federal courts located in Wilmington, Delaware, and both parties hereby consent to such jurisdiction and venue.
- Export. Each party agrees to comply all export laws, restrictions, national security controls and regulations of the United States or other applicable national or foreign agency or authority, and not to export or re-export, or allow the export or re-export of any software or other Confidential Information, or any copy or direct product thereof, in violation of any such restrictions, laws or regulations
- Equitable Relief. Notwithstanding anything to the contrary herein, the parties agree that a material breach of this Agreement adversely affecting either party’s intellectual property rights or either party’s rights in Confidential Information may cause irreparable injury to the other party for which monetary damages would not be an adequate remedy and that either party shall be entitled to apply for equitable relief, without the posting of a bond, in addition to any remedies it may have hereunder or at law.
- Severability If any provision, or part thereof, of this Agreement is held to be invalid or unenforceable, the parties shall use their best efforts to replace such provision by a provision that, to the extent permitted by applicable law, achieves the purposes originally intended. If it cannot be so reformed, it shall be omitted and the balance of this Agreement shall remain valid and unchanged and in full force and effect.
- Independent Contractors. Each party will act at all times as an independent contractor to the other party and will have no right or authority to act on behalf of, create any obligation for, or bind the other party in any way. Nothing in this Agreement will be deemed to create a partnership or joint venture between the parties.
- Attorney’s Fees. In the event of any litigation between the parties hereto, the prevailing party shall be entitled to recover reasonable attorney’s fees in addition to other relief as the court may award.
- Force Majeure. Neither party shall be liable to the other for acts beyond its reasonable control including, but not limited to, acts of God, or public enemy, the acts or failure to act of any governmental authority, civil unrest, acts of civil or military authority, war, embargos, labor disputes, fires, earthquakes, epidemics, floods, unusually severe weather, or shortage or absence of power, without limitation including primary power and failure of backup systems.
- Compliance with Laws. The parties shall at all times comply with laws and regulations and conventions and treaties to which their countries are a party or relating to this agreement and the parties’ performance of this Agreement, including the US Children’s Online Privacy Protection Act, and all other laws and regulations relating to the gathering, handling and dissemination of all data from or concerning End-Users. Each party, at its own expense, shall negotiate and obtain any approval, license or permit required in the performance of its obligations and shall declare, record or take steps to render this Agreement binding, including the recording of this Agreement with any appropriate governmental authorities where required.
- Forms. Pre-printed or standard terms and conditions of any purchase or other ordering document issued by Customer in connection with the Order shall be void, and as such shall not be binding on Truepic and shall not be deemed to supersede or replace any terms and conditions hereof or otherwise modify the Order or this Agreement, regardless of whether such documents claim to do so.
- Counterparts; Electronic Signatures. The Order may be executed in counterparts by emailed pdf, or similar form, each of which shall be an original, and all of which when taken together shall constitute one and the same agreement. Additionally, the parties consent to the use of electronic signatures and agree that electronic signatures appearing on the Order are the same as handwritten signatures for all purposes.
- Headings, Captions and Names. The name of this Agreement, and all headings and captions herein contained, are for reference and convenience only and do not define, limit or expand the scope or intent of any provision hereof and shall not be relied upon in or in connection with the construction or interpretation of this Agreement. The words “herein,” “hereunder,” “hereof” and similar terms refer to this entire Agreement and shall not be limited to the specific sections in which they are used.
- Modification. As indicated in the preamble of this Agreement, Truepic reserves the right to change this Agreement at any time by posting an updated version at the link that is part of the associated Order. To the fullest extent permitted under Applicable Law, Customer’s continued use of the Services after any revised Service Agreement has been posted constitutes Customer’s acceptance of the revised Agreement, and Customer shall be bound to the revised Agreement as though it was in effect at the time Customer originally entered into the applicable Order. This Agreement may also be amended by Customer entering into a new Order if such new Order expressly provides that the new Order will supersede the terms of any prior Service Agreement between the parties.
- Entire Agreement. This Agreement, along with all exhibits, the Order and Truepic’s Privacy Policy, sets forth the entire agreement between the parties and supersedes any and all prior proposals, agreements and representations between them, whether written or oral. In the event of any conflict in terms and conditions, this Service Agreement will prevail over any Exhibit, Appendix or Annex.
EXHIBIT A
DESCRIPTION OF PRODUCTS AND SERVICES
TRUEPIC VISION
Truepic Vision is an end-to-end SaaS solution for conducting inspections, capturing verified photos, and post-capture analysis of the images to aid in detecting fraud and to present useful information to Truepic’s customers regarding the content of the photos.
Components of Truepic Vision
- A web application for initiating and reviewing inspections
- A dashboard for reporting and user administration
- Pre- and post-capture fraud prevention and detection services and features provided by native apps and computer vision-powered APIs
- Workflow:
- Per-Inspection texting messages and/or emails
- Enterprise API for integration with Customer systems
- “Vision Camera” – native iOS and Android apps that are downloaded by the end-user onto their own device after being sent a message from Truepic’s customer with a personalized link to an inspection session. The app is automatically branded by Truepic with the customer’s own logo and colors, but the name of the app stays the same.
Billable Events
Vision is billed per “Virtual Inspection,” which means an inspection conducted using Truepic Vision submitted from a single End-User and related to a single event (e.g. an insurance claim, a loan application, etc.) that may include up to 100 images. A Virtual Inspection is initiated by Customer sending an End User an email, text message or similar communication and Customer receiving images in return from such End User using the Mobile App or the Customer App(s). In the event a single inspection conducted using Truepic Vision includes more than 100 but less than 200 images, such inspection shall count as two (2) Virtual Inspections. This shall continue if a single inspection contains more than 200 images, with each additional 100 images counting as one additional Virtual Inspection.
Availability
Truepic commits that it will use commercially reasonable efforts to deliver Truepic Vision to Customer with at least 99.5% availability (the “Uptime Commitment”). Uptime is calculated as follows: (total minutes in any calendar month – total minutes of downtime) divided by (the total minutes in such calendar month). Downtime resulting from any of the following does not count as a period of unavailability for purposes of calculating the Uptime Commitment: (i) scheduled maintenance (currently 5:30am US ET Saturday to 8:30am US ET Saturday, or such other alternative time outside of 9:00am US ET through 9:00pm US ET Monday through Friday, upon notice to Customer); (ii) unavailability caused by acts or omissions of Customer or its agents or caused by any breach by Customer of this Agreement; (iii) unavailability caused by network unavailability or bandwidth limitations outside of the Truepic network; (iv) hacks, malicious introduction of viruses, disabling devices, and other forms of attacks that disrupt access to Truepic Vision, provided such disruptions did not result from Truepic’s gross negligence or willful misconduct; and (v) a Force Majeure event.
SUPPORT SERVICES
Standard Support Services for Truepic Vision
Provided that Customer has paid all Fees due and owing to Truepic and is otherwise in material compliance with the terms of the Service Agreement, then Truepic shall provide Customer with the following service and support on its standard terms at no additional charge:
- Product updates and maintenance
- Reasonable telephone, email, and website-based technical support to assist Customer in utilizing the Service
- Account management contact
- Technical documentation, including periodic updates
Premium Support Services for Truepic Vision
If Customer has selected and separately purchased Premium Support for Vision, then in addition to the Standard Support Services described above, Customer will be entitled to the following Premium Support Services for Vision:
- One-time, during deployment
- Dashboard template configuration
- Mobile app template configuration
- Rollout and communication planning
- Customized application user guide template
- Up to 4 live virtual training sessions
- On-going support
- Named/Dedicated Account Manager
- Customized reporting dashboards
- Reporting support and training
- Operationalized support
- Quarterly business reviews (QBRs)
Up to 40 hours of project management per year
EXHIBIT B
DATA PROCESSING AGREEMENT
This Data Processing Agreement (“DPA”) is part of and will be deemed to be incorporated into the Service Agreement (the “Agreement”) between Customer and Truepic, pursuant to which Truepic provides the Services (as defined in the Agreement) to Customer. All capitalized terms that are not defined in this DPA shall have the meanings ascribed to such terms in the Agreement.
The parties agree to comply with the following provisions with respect to any Personal Data Processed by Truepic for Customer in connection with the provision of the Services. References to the Agreement will be construed as including this DPA. To the extent that the terms of this DPA differ from those in the Agreement, the terms of this DPA shall govern.
- DEFINITIONS
- “CCPA” means the California Consumer Privacy Act of 2018 (California Civil Code §§ 1798.100 et seq.), as may be amended, superseded, or replaced, as well as any regulations promulgated by the California Attorney General’s office and/or the California Privacy Protection Agency.
- “Data Controller” means the entity which determines the purposes and means of the Processing of Personal Data.
- “Data Processor” means the entity which Processes Personal Data on behalf of the Data Controller.
- “Data Protection Laws” means all privacy and data protection laws and regulations applicable to the Processing of Personal Data under the Agreement, including, as applicable: (a) the GDPR; (b) the Federal Data Protection Act of 19 June 1992 (Switzerland), (c) the Data Protection Act 2018 (United Kingdom) (d) the General Law for the Protection of Personal Data, Law 13.709 of Brazil and/or (e) CCPAand applicable to the Processing of Personal Data under the Agreement.
- “Data Subject” means the individual to whom Personal Data relates.
- “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. For purposes of clarity, references to the GDPR shall include the Federal Data Protection Act of 19 June 1992 (Switzerland) and the Data Protection Act 2018 (United Kingdom).
- “Personal Data” means any information relating to an identified or identifiable person that is subject to the Data Protection Laws as specified in Appendix A, including but not limited to any personal information as defined by the CCPA.
- “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction (“Process”, “Processes” and “Processed” shall have the same meaning).
- “Security Breach” has the meaning set forth in Section 7 of this DPA.
- “Sub-processor” means any sub-processor engaged by Truepic for the Processing of Personal Data.
- “Term” means the period from the Effective Date to the date the DPA is terminated in accordance with Section 11.1.
- “Third Party Partner” means any entity engaged by Customer for the Processing of Personal Data.
- ROLES OF THE PARTIES IN PROCESSING OF PERSONAL DATA
- To the extent the Services involve the Processing of Personal Data governed under Data Protection Laws, the parties agree that Customer is the Data Controller and Truepic is a Data Processor and that the subject matter and details of the processing of such Personal Data are described in Appendix A. To the extent that CCPA applies to the Services, the parties agree that Truepic is a service provider of such Personal Data. To the extent that the data protection legislation of another jurisdiction is applicable to either party’s processing of data, the parties acknowledge and agree that the relevant party will comply with any obligations applicable to it under that legislation with respect to the processing of that data. Truepic shall keep a record of all processing activities with respect to Customer’s Personal Data as required under GDPR.
- Each party will comply with the obligations applicable to it under the Data Protection Legislation with respect to the processing of Personal Data, including but not limited to providing the other party contact details for each party’s Data Protection Officer which are accurate and up to date. Customer shall, in its use or receipt of the Services, Process Personal Data in accordance with the requirements of the Data Protection Laws and Customer will ensure that its instructions for the Processing of Personal Data shall comply with the Data Protection Laws. If Truepic believes or becomes aware that any of Customer’s instructions conflicts with any Data Protection Laws, Truepic shall inform Customer. As between the parties, Customer shall have sole responsibility for determining the legal basis for processing of Personal Data and (to the extent legally required) obtain all consents from Data Subjects necessary for collection, storage (e.g., via HTTP cookies) and Processing of Personal Data in the scope of the Services. Both parties shall post a publicly facing privacy policy in compliance with Data Protection Laws and shall adhere to such policy in its execution of the Agreement.
- The objective of Processing of Personal Data by Truepic is the performance of the Services pursuant to the Agreement. During the Term of the Agreement, Truepic shall only Process Personal Data on behalf of and in accordance with the Agreement and Customer’s instructions and shall treat such Personal Data as Confidential Information. Customer instructs Truepic to Process Personal Data for the following purposes (each a permitted purpose): (i) Processing in accordance with the Agreement; (ii) Processing in order to authenticate and verify certain photos and videos as directed by Customer and/or Customer’s End-Users; and (iii) Processing to comply with other reasonable instructions provided by Customer where such instructions are acknowledged by Truepic as consistent with the terms of the Agreement. Truepic may Process Personal Data other than on the instructions of the Customer if it is mandatory under applicable law to which Truepic is subject but otherwise shall not sell such Personal Data and may not share Personal Data except as instructed in writing by Customer. In this situation Truepic shall inform the Customer of such a requirement unless the law prohibits such notice. Both parties agree that Customer instructions may include Customer directing Truepic to send data to one or more Third Party Partner(s) for further processing.
- RIGHTS OF DATA SUBJECTS; DATA DELETION
- Truepic shall provide reasonable and timely assistance to the Customer to enable the Customer to respond to: (i) any request from a Data Subject to exercise any of its rights under Data Protection Law (including its rights of access, correction, objection, erasure and data portability, as applicable); and (ii) any other correspondence, enquiry or complaint received from a Data Subject in connection with the processing of the Data.
- TRUEPIC PERSONNEL
- Truepic shall ensure that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data as well as any security obligations with respect to such Data.
- Truepic will take appropriate steps to ensure compliance with the Security Measures outlined in Annex II of Appendix A by its personnel to the extent applicable to their scope of performance, including ensuring that all persons authorized to process Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality and that any such obligations survive the termination of that individual’s engagement with Truepic.
- Truepic shall ensure that access to Personal Data is limited to those personnel who require such access to perform the Services.
- SUB-PROCESSORS
- Customer acknowledges and agrees that (i) Truepic Affiliates may be retained as Sub-processors; and (ii) Truepic may engage third-party Sub-processors in connection with the provision of the Services. Any such Sub-processors will be permitted to obtain Personal Data only to deliver the services Truepic has retained them to provide, and are prohibited from using Personal Data for any other purpose. Truepic will have a written agreement with each Sub-processor and agrees that any agreement with a Sub-processor will include substantially the same data protection obligations as set out in this DPA.
- A list of Sub-processors is available in the Truepic user interface and/or in Annex III to Appendix A. Truepic may change the list of such other Sub-processors by no less than twenty (20) business days’ notice to Customer. If Customer objects to Truepic’s change in such Sub-processors on reasonable data protection grounds, Truepic may, as its sole and exclusive remedy, terminate the portion of the Agreement relating to the Services that cannot be reasonably provided without the objected-to new Sub-processor by providing 30 days’ written notice to Customer. In the event of such termination, that parties shall negotiate in good faith regarding a pro-rata refund for Customer.
- Truepic shall be liable for the acts and omissions of its Sub-processors to the same extent Truepic would be liable if performing the services of each Sub-processor directly under the terms of this DPA, except as otherwise set forth in the Agreement.
- Customer acknowledges and agrees that Third Party Partners are not Sub-processors and Truepic assumes no responsibility or liability for the acts or omissions of such Third-Party Partners.
- SECURITY; AUDIT RIGHTS; PRIVACY IMPACT ASSESSMENTS
- Truepic shall maintain administrative, physical and technical safeguards for protection of the security, confidentiality and integrity of Customer’s Personal Data. Truepic will implement and maintain technical and organizational measures to protect Customer’s Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access as described in Annex II of Appendix A (the “Security Measures”). As described in Annex II of Appendix A, the Security Measures include measures to protect Personal Data; to help ensure ongoing confidentiality, integrity, availability and resilience of Truepic’s systems and services; to help restore timely access to Personal Data following an incident; and for regular testing of effectiveness. Truepic may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services.
- Truepic will (taking into account the nature of the processing of Customer Personal Data and the information available to Truepic) assist Customer in ensuring compliance with any of Customer’s obligations with respect to the security of Personal Data and Personal Data breaches applicable to GDPR, including (if applicable) Customer’s obligations pursuant to Articles 32 to 34 (inclusive) of the GDPR, by: (a) implementing and maintaining the Security Measures in accordance with Annex II of Appendix A; and (b) complying with the terms of Section 7 of this DPA.
- No more than once per year, Customer may engage a mutually agreed upon third party to audit Truepic solely for the purposes of meeting its audit requirements pursuant to Article 28, Section 3(h) of the General Data Protection Regulation (“GDPR”). To request an audit, Customer must submit a detailed audit plan at least four (4) weeks in advance of the proposed audit date describing the proposed scope, duration, and start date of the audit. Audit requests must be sent to [email protected]. The auditor must execute a written confidentiality agreement acceptable to Truepic before conducting the audit. The audit must be conducted during regular business hours, subject to Truepic’s policies, and may not unreasonably interfere with Truepic’s business activities. Any audits shall be at Customer’s expense.
- Any request for Truepic to provide assistance with an audit is considered a separate service if such audit assistance requires the use of resources different from or in addition to those required by law. Customer shall reimburse Truepic for any time spent for any such audit at the rates agreed to by the parties. Before the commencement of any such audit, Customer and Truepic shall mutually agree upon the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Truepic.
- Customer shall promptly notify Truepic with information regarding any non-compliance discovered during the course of an audit.
- SECURITY BREACH MANAGEMENT AND NOTIFICATION
- If Truepic becomes aware of any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to any Customer Personal Data transmitted, stored or otherwise Processed on Truepic’ equipment or facilities (“Security Breach”) which, in the reasonable opinion of Truepic’ Data Protection Officer, requires such notification, Truepic will promptly notify Customer of the Security Breach. Notifications made pursuant to this Section will describe, to the extent possible, details of the Security Breach, including steps taken to mitigate the potential risks and steps Truepic recommends Customer take to address the Security Breach.
- Customer agrees that an unsuccessful Security Breach attempt will not be subject to this Section. An unsuccessful Security Breach attempt is one that results in no unauthorized access to Customer Personal Data or to any of Truepic’s equipment or facilities storing Customer Personal Data, and may include, without limitation, pings and other broadcast attacks on firewalls or edge servers, port scans, unsuccessful log-on attempts, denial of service attacks, or similar incidents.
- Notification(s) of Security Breaches, if any, will be delivered to one or more of Customer’s business, technical or administrative contacts by any means Truepic selects, including via email. It is Customer’s sole responsibility to ensure it maintains accurate contact information on Truepic’s support systems at all times.
- Truepic’s notification of or response to a Security Breach under this Section 7 will not be construed as an acknowledgement by Truepic of any fault or liability with respect to the Security Breach.
- Truepic shall implement reasonable technical and organizational Security Measures to provide a level of security appropriate to the risk in respect to the Customer Personal Data. As technical and organizational measures are subject to technological development, Truepic is entitled to implement alternative measures provided they do not fall short of the level of data protection set out by Data Protection Law.
- Customer acknowledges and agrees that (taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Customer Personal Data as well as the risks to individuals) the Security Measures provide a level of security appropriate to the risk in respect to the Customer Personal Data.
- RETURN AND DELETION OF CLIENT DATA
- Truepic will enable Customer to delete Customer’s Personal Data during the Term in a manner consistent with the functionality of the Services. If Customer uses the Services to delete any Customer’s Personal Data during the Term and that Customer’s Personal Data cannot be recovered by Customer, this use will constitute an instruction to Truepic to delete the relevant Customer’s Personal Data from Truepic’s systems in accordance with Data Protection Laws. Truepic will comply with instructions from the Customer to delete certain Personal Data as soon as reasonably practicable and within a maximum period of 30 days, unless Data Protection Law (or, in the case the data is not subject to Data Protection Law, applicable law) requires further storage.
- On expiry of the Agreement, Customer instructs Truepic to delete all Customer’s Personal Data (including existing copies) from Truepic’s systems and discontinue processing of such Customer’s Personal Data in accordance with Data Protection Law. Truepic will comply with this instruction as soon as reasonably practicable and within a maximum period of 30 days, unless Data Protection Law (or, in the case the data is not subject to Data Protection Law, applicable law) requires further storage. This requirement shall not apply to the extent that Truepic has archived Customer’s Personal Data on back-up systems so long as Truepic securely isolates and protect such data from any further processing except to the extent required by applicable law. Without prejudice to this Section, Customer acknowledges and agrees that Customer will be responsible for exporting, before the Agreement expires, any Customer’s Personal Data it wishes to retain afterwards. Notwithstanding the foregoing, the provisions of this DPA will survive the termination of this Agreement for as long as the Truepic retains any of the Customer Personal Data.
- CROSS-BORDER DATA TRANSFERS
- Truepic may, subject to this Section 9, store and Process the relevant Personal Data in the European Economic Area, Switzerland, the United Kingdom and the United States.
- If the Services involve the storage and/or Processing of Customer’s Personal Data which transfers such Personal Data out of the European Economic Area or Switzerland to a jurisdiction that does not have adequate Data Protection Laws, and the Data Protection Laws apply to the transfers of such data (“Transferred Personal Data”), the parties agree that the EU Commission Implementing Decision (EU) 2021/914 and available at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj(as amended or updated from time to time) (“Standard Contractual Clauses”) will apply and such Standard Contractual Clauses shall be incorporated by reference and form an integral part of this DPA. Purely for the purposes of the descriptions in the Standard Contractual Clauses and only as between Customer and Truepic, the parties agree that: (a) Roles of the Parties: Customer is a Data Controller and “data exporter” and Truepic is the Data Processor and “data importer” under the Standard Contractual Clauses, (b) Governing Law and Supervisory Authority: The Standard Contractual Clauses shall be governed by the law of the EU Member State in which the data exporter is established and enforced by the Supervisory Authority of such EU Member State. Where such law does not allow for third-party beneficiary rights, they shall be governed by the law of an EU Member State that does allow for third-party beneficiary rights. In such case, the Parties agree that this shall be the laws of Ireland; (c) Sub-Processors: the parties select general written authorization for Sub-processors; (d) Redress: The parties elect to omit the optional text; and (e) Annex I, II and III are provided at the end of this DPA as part of Appendix A and to the extent that there’s a conflict as between the DPA and Appendix A, Appendix A shall govern.
- The parties further agree that if Transferred Personal Data includes Personal Data from Data Subjects located in the United Kingdom, and the Data Protection Laws apply to the transfers of such data, both parties agree that the Standard Contractual Clauses for transfers reflecting the roles of the parties as described in the DPA in the form approved by the UK Information Commissioner’s Office and currently available at https://ico.org.uk/media/for-organisations/documents/4019483/international-data-transfer-addendum.pdf (as amended or updated from time to time) (“UK Standard Contractual Clauses”) shall be incorporated by reference and form an integral part of this DPA. For the purposes of the UK Standard Contractual Clauses, Appendix A of these Terms shall take the place of Annex I, Annex II and Annex III respectively of the UK Standard Contractual Clauses.
- At Customer’s written request, or if the Services involve the storage and/or processing of Customer’s Personal Data collected from persons located in Argentina, Brazil or another jurisdiction not described above but which restricts the transfer of such Personal Data (each a “Restricted Transfer Country”) outside of each Restricted Transfer Country to a place that does not have adequate data protection laws, the parties agree to execute each applicable Restricted Transfer Country’s model clause agreement to ensure that such transfers are conducted in accordance with Data Protection Laws.
- To the extent Customer is the recipient of Personal Data from Truepic pursuant to this DPA, Customer agrees that Customer will provide at least the same level of protection for the information as Truepic has agreed to provide herein.
- If the Standard Contractual Clauses or any other model clause transfer agreement are deemed invalid by a governmental entity with jurisdiction over Transferred Personal Data (e.g., the EU Court of Justice) or if such governmental entity imposes additional rules and/or restrictions regarding such Transferred Personal Data, the parties agree to work in good faith to find an alternative and/or modified transfer mechanism.
- LIABILITY
- Both parties agree that their respective liability under this DPA shall be apportioned according to each parties’ respective responsibility for the harm (if any) caused by each respective party.
- Liability Cap Exclusions. Nothing in this Section 10 will affect the remaining terms of the Agreement relating to liability (including any specific exclusions from any limitation of liability).
- MISCELLANEOUS
- This DPA will take effect on the Effective Date and will remain in effect until, and automatically expire upon, the deletion of all Customer’s Personal Data by Truepic as described in this DPA.
- Nothing in this DPA shall confer any benefits or rights on any person or entity other than the parties to this DPA.
- Where Customer’s Affiliates are Data Controllers of the Personal Data, they may enforce the terms of this DPA against Truepic directly.
ANNEX I
Data exporter – The data exporter is Customer
Data importer – The data importer is Truepic, Inc., a company that provides a platform to verify photos and videos on behalf of Customer.
Purpose of Processing – As described in the Agreement.
Data subjects – The personal data transferred concern the following category of data subjects: Customer’s End-Users of the Truepic platform and Services as described in the Agreement as well as Customer and Truepic personnel to the extent necessary to provide the Services.
Categories of data – The personal data transferred concern the following categories of personal data:
- The name, user ID and login information of Customer’s End Users.
- GPS Coordinates, Address, OS Type, OS Version, IP Address, Device name, Screen height and width.
- In order to manage the Agreement, Truepic will process Personal Data from Customer’s employees and other personnel such as name, title, email address, telephone number and (for billing purposes) Customer’s payment details. Customer will process Personal Data from Truepic’s employees and other personnel such as name, title, email address, telephone number.
Special categories of data (if appropriate): None.
Processing operations – The personal data transferred will be subject to the following basic processing activities: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
ANNEX II
Set forth below is a summary description of the technical and organizational Security Measures implemented by Truepic:
- Access control to premises and facilities: Truepic is a fully remote company without physical offices or facilities.
- Access control to systems: Truepic uses standard personal computers which are managed by MDM. Each employee has his own account secured with a password and encrypted. In order to access the platform, which is hosted by Amazon Web Services, access is determined by AWS and Okta SSO including MFA. These accounts are managed by Truepic’s Security Team who ensure that only employees who need to access the platform at Truepic can do so.
- Access control to data: Admission control is performed by Truepic’s Security Officer, who, for example, creates, manages and terminates user accounts for employees as needed. Each account can be assigned with specific user roles with role specific admissions.
- Disclosure control: All Truepic employees sign a non-disclosure agreement as part of their working contract. In addition, all employees sign a data privacy statement according to CCPA and GDPR data privacy law under which they undertake to comply with data secrecy requirements. Furthermore, data is encrypted with VPN and SSL technology when transferred between Truepic’s systems.
- Input control: Truepic’s Security Officer regularly checks the logs of deployed systems and software. He or she checks the plausibility of log entries, errors and warnings usually issued by respective systems. Depending on the configured log level, the logs give insights on data manipulation within the systems and, depending on the system, by whom the data has actually been changed or manipulated.
- Job control: The wording of applicable agreements, such as the Service Agreement, defines the responsibilities between Truepic and Customer and ensures that all commissioned data processing must be carried out according to such agreements or Customer instructions. Where subcontractors are employed, Truepic carefully selects subcontractors and requires them to demonstrate their measures in terms of data security and privacy.
- Availability control: Truepic has installed data backups to ensure the availability of Customer data. Data such as addresses, emails and calendars are stored and backed-up by respective service providers. Furthermore, Truepic deploys antivirus software on its computers. The antivirus software is updated on a regular basis. Firewalls provided by the operating systems are also activated for protection.
- Segregation control: Truepic’s employees are instructed to only access data that is necessary to do their work. Truepic’s Security Officer manages master accounts to access the systems on which the UIP is operated and to process Customer data so that such data cannot be accessed by all Truepic employees.
ANNEX III
LIST OF SUB-PROCESSORS
Name | Nature of Processing | Territory(ies) |
Twilio | Send SMS text messages to users to initiate inspections | USA |
ChurnZero | Customer Success | USA |
Communications | USA | |
Slack | Communications | USA |
Auth0 | Customer authentication | USA |
Branch Metrics | Build authenticated deep links to inspections | USA |
Sendgrid | Send emails to users to initiate inspections | USA |
Amazon Web Services | Cloud platform | USA |
Freshworks | Customer support | USA |
Dropbox | Deliver customer data | USA |