Get Early Access to Credible

Sign up to join our early access program. We’re rolling out new spots in batches and will reach out with your invite soon.

You’re on the list!
We’re onboarding new users in batches and will be in touch soon.
Oops! Something went wrong while submitting the form.

Platform Agreement

  1. Defined Terms.
    1. Affiliate” means an entity controlling, controlled by or under common control with a party to this Agreement at any time during the term of this Agreement, for so long as such ownership and control exists, provided such entity is not a current or prospective competitor to Credible Data or in the business of developing and offering products or technologies that are substantially similar to the Platform.
    2. AI Tool(s)” means any components of the Platform made available by Credible Data that implement or utilize large language models or other artificial intelligence (collectively, “AI”) to generate Output based upon Customer’s Input.
    3. Application(s)” means one or moresoftware componentsthat operate on the Platform. Customers may build their own Applications or may engage Credible Data to develop Applications via Professional Services engagements.
    4. “Beta Features” means pre-production Platform features or functionalities.
    5. Customer Data” means, other than Service Metrics, information, data, and other content, in any form or medium, that is submitted, posted, or otherwise transmitted by or on behalf of Customer or any User through the Platform. Customer Data includes all Applications, Input and Output.
    6. Documentation” means the technical manuals and documentation made available in connection with the Platform.
    7. Fees” means all fees payable by Customer to Credible Data identified on each Order Form.
    8. Input” means any instructions, text, data, content, or materials that Customer enters into or otherwise submit to the AI Tools for the purpose of generating the Output. Input shall be considered Customer Data.
    9. Order Form” means each order form, statement of work or comparable document regarding the provision of the Platform that has been executed by Credible Data and Customer.
    10. Output” means the resulting output of the AI Tools created as a result of or in response to the Input, including any information, data, conclusions, insights, summaries, correlations, images, text, text effects, vector graphic files, audio files, video files, or any other content, which is created and provided to Customer by the AI Tools.
    11. Credible Data IP” means: (a) the Platform, including the underlying software, algorithms, interfaces, technology, data, tools, know-how, processes and methods used to provide or deliver the foregoing; (b) all improvements, modifications or enhancements to, or derivative works of, the foregoing, regardless of inventorship or authorship, excluding, for clarity, Customer Data; and (c) all intellectual property rights in and to any of the foregoing.
    12. Platform” means Credible Data’s proprietary infrastructure-as-a-service product(s), as described on each Order Form.
    13. Professional Services” means the  implementation of datamodels andApplications on the Platform,  training, andprojectmanagementprovided by Credible Data pursuant to an Order Form.
    14. Prohibited Content” means content that: (a) is illegal under applicable law; (b) violates any third party’s intellectual property rights, including, without limitation, copyrights, trademarks, patents, and trade secrets; (c) contains indecent or obscene material; (d) contains libelous, slanderous, or defamatory material, or material constituting an invasion of privacy or misappropriation of publicity rights; (e) promotes unlawful or illegal goods, services, or activities; (f) contains false, misleading, or deceptive statements; or (g) contains any harmful, malicious, or hidden code, programs, procedures, routines, or mechanisms that would: (i) cause the Platform to cease functioning; (ii) in any way damage or corrupt data, storage media, programs, equipment, or communications; or (iii) otherwise interfere with the operations of the Platform, including, without limitation, trojan horses, viruses, worms, time bombs, time locks, devices, traps, access codes, or drop dead or trap door devices.
    15. Service Metrics” means data and information related to Customer’s or its Users’ use of the Platform that is used by Credible Data in an aggregate and/or permanently anonymized manner such that it does not identify an individual or Customer, and for which Credible Data has implemented technical safeguards and business processes to prohibit reidentification of such data.
    16. Subscription Term”, as specified on each Order Form, means the period during which Customer is authorized to use the Platform.
    17. Users” means Customer’s employees, consultants, contractors, end users and other third parties who are authorized by Customer under the rights granted hereunder and for whom access has been purchased pursuant to an Order Form.
  2. Access and Use.
    1. Platform Access. Subject to Customer’s compliance with this Agreement, Credible Data hereby grants Customer a non-exclusive, non-transferable (except pursuant to Section 10.4) right during the Subscription Term identified on each Order Form to access and use the Platform solely for Customer’s internal purposes. Delivery of the Platform shall be made by electronic means only, via online access to the Platform.
    2. Platform Applications. Customers may develop applications that operate on the Platform.
    3. Subscription Term. Customer may use the Platform for the Subscription Term specified in the Order Form, or if no such term is stated, then for one year, in either case subject to the provisions of this Agreement.
    4. Renewal. Each Subscription Term will automatically renew for additional one year periods unless either party gives the other written notice of non-renewal at least 30 days prior to expiration of the then-current term, so long as Credible Data makes the Platform available. Credible Data will invoice Customer for each renewal period at least 30 days prior to expiration of each term.
    5. Orders by Affiliates. Customer’s Affiliates may obtain Platform license or subscription use rights on execution of additional Order Forms referencing this Agreement. On execution of an Order Form by Credible Data and the Affiliate, the Affiliate will be bound by the provisions of this Agreement as if it were an original party hereto.
    6. Restrictions. Customer shall not use or make the Platform or other Credible Data IP available for any purposes beyond the scope of access granted in this Agreement and the applicable Order Form. Without limiting the generality of the foregoing, except as expressly agreed by Credible Data and Customer in this Agreement or the applicable Order Form, Customer shall not, and shall not permit any Users to: (a) copy, modify, or create derivative works of the Platform or other Credible Data IP, in whole or in part; (b) reverse engineer, disassemble, decompile, decode, adapt, or otherwise attempt to derive or gain access to any software component of the Platform or other Credible Data IP, in whole or in part; (c) frame, mirror, sell, resell, market, sublicense, publish, distribute, reproduce, assign, transfer, rent, lease or loan any portion of the Platform or other Credible Data IP to any other person or entity, or otherwise allow any person or entity to use the Platform or other Credible Data IP for any purpose other than for the benefit of Customer in accordance with this Agreement; (d) remove proprietary notices from Platform or other Credible Data IP; (e) access or search the Platform (or download any data or content contained therein or transmitted thereby) through the use of any engine, software, tool, agent, device or mechanism (including spiders, robots, crawlers or any other similar data mining tools) other than software or Platform features provided by Credible Data for use expressly for such purposes; (f) use the Platform, Documentation or any other Credible Data or Confidential Information for benchmarking or competitive analysis with respect to competitive or related products or services, or to develop, commercialize, license or sell any product, service or technology that could, directly or indirectly, compete with the Platform or other Credible Data IP; or (g) introduce, post, or upload to the Platform any Prohibited Content.
    7. Suspension. Notwithstanding anything to the contrary in this Agreement, Credible Data may temporarily suspend Customer’s and any User’s access to any portion of the Credible Data IP for a suspected or actual breach of this Agreement (a “Suspension”). Credible Data shall use commercially reasonable efforts to provide written notice of any Suspension to Customer and to provide updates regarding resumption of access to the Platform following any Suspension. Although Credible Data does not monitor Customer Data, if Credible Data becomes aware of any Customer Data that allegedly violates this Agreement, Credible Data may investigate the allegation and determine in its sole discretion whether to act (including removal or disabling of access to Customer Data), but has no liability or responsibility to a User to do so. Customer agrees to cooperate with Credible Data in good faith in any such investigation upon Credible Data’s request.
    8. Platform Trials. If Credible Data grants license or use rights to Customer on an evaluation, trial or no-fee basis, the warranties and indemnification obligations herein do not apply, and Credible Data’s sole obligation to Customer will be to provide reasonable assistance to permit Customer to evaluate the Platform.
    9. Beta Features. From time to time, Credible Data may invite Customer to try Beta Features. Customer may accept or decline any such trial in its sole discretion. Beta Features are for evaluation purposes only and not for production use, are not considered part of the Platform, are not supported, and may be subject to additional terms. Credible Data may discontinue Beta Features at any time in its sole discretion and may never make them generally available.
    10. Customer Responsibilities. Customer will implement and maintain reasonable and appropriate measures designed to help secure its access to and use of the Platform. Customer may only configure the Platform using the tools, functionality or API functionality provided in the Platform and as indicated in the Documentation.
  3. Fees.
    1. Payment. Customer shall pay Credible Data all Fees in US dollars (unless otherwise specified on the Order Form) on or before the due date set forth in the applicable Order Form (and if no due date is set forth therein, no later than 30 days after the receipt of each invoice) without offset or deduction. Unpaid amounts are subject to a finance charge of 1.5% per month on any outstanding balance, or the maximum permitted by law, whichever is lower. All Fees are non-cancelable and non-refundable. If Customer fails to pay all undisputed Fees when due, Credible Data may suspend access to the Platform until all payments are made in full. Customer will reimburse Credible Data for all reasonable costs and expenses incurred (including reasonable attorneys’ fees) in collecting any late payments or interest.
    2. Taxes. All amounts payable by Customer under this Agreement are exclusive of taxes and similar assessments. Customer is responsible for all sales, use, and excise taxes, and any other similar taxes, duties, and charges of any kind imposed by any federal, state, or local governmental or regulatory authority on any amounts payable by Customer hereunder, other than any taxes imposed on Credible Data’s income.
  4. Confidentiality.
    1. Confidential Information. From time to time during the term of this Agreement, either party may disclose or make available to the other party information about its business affairs, products, confidential intellectual property, trade secrets, third-party confidential information, and other sensitive or proprietary information, in each case, whether orally or in writing, that is designated as confidential or that reasonably should be considered to be confidential given the nature of the information and/or the circumstances of disclosure (“Confidential Information”).
    2. Exceptions. Confidential Information does not include information that, at the time of disclosure is: (a) in the public domain; (b) known to the receiving party at the time of disclosure; (c) rightfully obtained by the receiving party on a non-confidential basis from a third party; or (d) independently developed by the receiving party.
    3. Nondisclosure. The receiving party shall safeguard the disclosing party’s Confidential Information using the same degree of care (but not less than reasonable care) that it uses to protects its own Confidential Information and not disclose the disclosing party’s Confidential Information to any person or entity, except to the receiving party employees or vendors who have a need to know the Confidential Information for the receiving party to exercise its rights or perform its obligations hereunder and who are bound by written agreements with use and nondisclosure restrictions at least as protective of the Confidential Information as those set forth herein. Notwithstanding the foregoing, each party may disclose Confidential Information to the limited extent required in order to comply with a valid and effective subpoena or court order, provided that the receiving party immediately notifies the disclosing party (to the extent permitted) of the existence, terms and circumstances surrounding such a request so that the disclosing party may seek appropriate protective action.
    4. Return. On the expiration or termination of the Agreement, the receiving party shall promptly return to the disclosing party all copies, whether in written, electronic, or other form or media, of the disclosing party’s Confidential Information, or destroy all such copies and certify in writing to the disclosing party that such Confidential Information has been destroyed. Notwithstanding the foregoing, the receiving party may retain disclosing party Confidential Information if necessary to comply with any obligations under applicable law or reasonable corporate governance requirements. The receiving party shall: (a) maintain the protections described above regarding such information as long as the receiving party retains it, (b)not use such information for any purpose inconsistent with this Agreement, and (c) return or destroy such information when it is no longer needed.
  5. Intellectual Property Rights.
    1. Overview. Except as described below, this Agreement is for IaaS subscription rights. Neither party will assign ownership rights in any of its assets to the other pursuant to this Agreement, and neither party grants the other any rights or licenses not expressly set out in this Agreement.
    2. Credible Data Rights in the Platform. Other than the rights specifically granted to Customer herein, Credible Data owns and retains all right, title and interest in and to: (a) the Credible Data IP, and (b) all intellectual property rights related thereto.
    3. Customer Rights in Customer Data. Customer owns all right, title and interest in and to the Customer Data, and all intellectual property rights related thereto.
    4. Application Ownership. If an Order Form provides that Credible Data will create Applications for Customer, Credible Data assigns all intellectual property and other ownership rights in such Applications to Customer. Customer acknowledges that Applications developed for it may be substantially similar to Applications developed for other customers, or that customers develop independently, but for Customer Data embodied therein.
    5. Feedback. If Customer or any of its employees or contractors sends or transmits any communications or materials to Credible Data suggesting or recommending changes to the Platform or Credible Data’s business, products or services generally (“Feedback”), Credible Data is free to use and exploit such Feedback irrespective of any other obligation or limitation between the parties governing such Feedback.
    6. Service Metrics. Notwithstanding anything to the contrary, Customer acknowledges and agrees that Credible Data may monitor Customer’s use of the Platform, collect and compile Service Metrics. Credible Data may use such Service Metrics for its own business purposes during the term of this Agreement and thereafter.
  6. Representations and Warranties.
    1. Authority. Each of Credible Data and Customer represents and warrants that: (a) it has the full right, power and authority to enter into and fully perform this Agreement; (b) the person signing this Agreement on its behalf is a duly authorized representative of such party who has in fact been authorized to execute this Agreement; (c) its entry herein does not violate any other agreement by which it is bound; and (d) it is a legal entity in good standing in the jurisdiction of its formation.
    2. Platform Operation. The Platform will operate substantially in conformity with the Documentation and will be provided in a good and workmanlike manner consistent with applicable industry standards. As Customer’s sole and exclusive remedy and Credible Data’s entire liability for any breach of the foregoing warranty, Credible Data will promptly re-perform any services that fail to meet this limited warranty.
    3. Protection of Customer Content. Credible Data will maintain administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Customer Content in accordance with its security Documentation, which will be made available to Customer on request. Those safeguards will include, but will not be limited to, measures for preventing access, use, modification or disclosure of Customer Content by Credible Data personnel except: (a) to provide the Platform and to prevent or address service or technical problems, or (b) as Customer expressly permits in writing.
    4. Customer Content. Customer represents, warrants and covenants to Credible Data that it owns or has and will have the necessary rights and consents in and relating to the Customer Content so that, as received and used by Credible Data in accordance with this Agreement, Customer Content will not violate any applicable laws, infringe, misappropriate, or otherwise violate any intellectual property or other rights of any third party, violate any applicable laws or regulations or cause a breach of any agreement or obligations between Customer and any third-party.
    5. Subcontractors. Credible Data may use subcontractors and other third-party vendors (“Subcontractors”) in connection with the performance of its own obligations hereunder as it deems appropriate;providedthat Credible Data remains responsible for the performance of each such Subcontractor. Credible Data will provide notice to Customer of addition or changes regarding Subcontractors that process Customer personal data.
    6. Use of Artificial Intelligence Tools.
      1. Customer is solely responsible for any and all Input it and its Users submit to the Platform, including obtaining any and all necessary rights to provide or use such Input.
      2. Customer acknowledges and agrees that the use of AI has known and unknown risks and limitations and the AI Tools may provide Output that is inaccurate, offensive, biased, poses a threat to public safety, or does not meet Customer’s specific needs, particular purpose, expectations, or legal, regulatory, or compliance obligations. Additionally, Output may not be unique, and similar or identical Output may be generated by other users of the AI Tools. The parties agree that Customer is solely responsible for reviewing, validating, editing, and amending any Output before any publication, use, disclosure, or reliance on such Output.
      3. Subcontractors that process Customer Data to provide AI Tools are identified on Credible Data’s subprocessor list. Input and Output are Customer’s Confidential Information, subject to Credible Data’s confidentiality and security obligations in this Agreement. Credible Data will not, except with Customer’s prior written consent: (i) train any AI model using Customer Data, or (ii) export Customer Data into, or cause Customer Data to be ingested by, large language models.
    7. Export Restrictions. Each party affirms that it is not named on, owned by, or acting on behalf of any U.S. government denied-party list, and it agrees to comply fully with all relevant export control and sanctions laws and regulations of the United States (“Export Laws”) to ensure that neither the Platform, other Credible Data IP, Customer Data, or any technical data related thereto is: (i) used, exported or re-exported directly or indirectly in violation of Export Laws; or (ii) used for any purposes prohibited by the Export Laws. Each party will complete all applicable undertakings required by Export Laws, including obtaining any necessary export license or other governmental approval.
    8. Disclaimer. EXCEPT FOR THE LIMITED WARRANTIES SET FORTH IN THIS AGREEMENT, THE PLATFORM IS PROVIDED “AS IS” AND CREDIBLE DATA HEREBY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. CREDIBLE DATA SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE. EXCEPT FOR THE LIMITED WARRANTIES IN THIS AGREEMENT, CREDIBLE DATA MAKES NO WARRANTY OF ANY KIND THAT THE PLATFORM, OR ANY PRODUCTS OR RESULTS OF THE USE THEREOF, WILL MEET CUSTOMER’S OR ANY OTHER PERSON’S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM, OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE, OR ERROR FREE. CREDIBLE DATA STRICTLY DISCLAIMS ALL WARRANTIES WITH RESPECT TO ANY THIRD-PARTY PRODUCTS. CREDIBLE DATA DOES NOT GUARANTEE THAT UNAUTHORIZED THIRD PARTIES WILL NEVER BE ABLE TO DEFEAT CREDIBLE DATA’S SECURITY MEASURES OR USE CUSTOMER DATA FOR UNAUTHORIZED PURPOSES. CUSTOMER ACKNOWLEDGES THAT IT PROVIDES CUSTOMER DATA AT ITS OWN RISK AND THAT CREDIBLE DATA TAKES NO RESPONSIBILITY AND ASSUMES NO LIABILITY FOR CUSTOMER DATA.
  7. Indemnification.
    1. By Credible Data. Credible Data shall indemnify, defend, and hold harmless Customer from and against any and all losses, damages, liabilities, costs (“Losses”) incurred by Customer resulting from any third-party claim, suit, action, or proceeding (“Third-Party Claim”) that the Platform infringes or misappropriates such third party’s intellectual property rights, provided that Customer promptly notifies Credible Data in writing of such Third-Party Claim, cooperates with Credible Data, and allows Credible Data sole authority to control the defense and settlement of such Third-Party Claim. If a Third-Party Claim is made or appears possible, Customer agrees to permit Credible Data, at Credible Data’s sole discretion, to modify or replace the Platform, or component or part thereof, to make it non-infringing, or obtain the right for Customer to continue use. If Credible Data determines that neither alternative is reasonably available, Credible Data may terminate this Agreement, in its entirety or with respect to the affected component or part, effective immediately on written notice to Customer and refund to Customer any unused, prepaid fees paid by Customer applicable to the terminated portion. Credible Data will have no indemnification obligation if the alleged infringement arises from: (a) use of the Platform in combination with data, software, hardware, equipment, or technology not provided or authorized in writing by Credible Data; (b) modifications to the Platform not made by Credible Data; (c) Customer Data; or (d) third-party products with which Customer integrates the Platform. THIS SECTION 7.1 SETS FORTH CUSTOMER’S SOLE REMEDIES AND CREDIBLE DATA’S SOLE LIABILITY AND OBLIGATION FOR ANY ACTUAL, THREATENED, OR ALLEGED CLAIMS THAT THE CREDIBLE DATA IP INFRINGES, MISAPPROPRIATES, OR OTHERWISE VIOLATES A THIRD PARTY’S INTELLECTUAL PROPERTY RIGHTS.
    2. By Customer. Customer shall indemnify, hold harmless, and, defend Credible Data from and against Losses resulting from any Third-Party Claim that Customer Data, or any use thereof in accordance with this Agreement, infringes or misappropriates such third party’s intellectual property rights or rights of publicity or privacy, or results in the violation of any applicable law or regulation; provided that Credible Data promptly notifies the Customer in writing of such Third-Party Claim, cooperates with the Customer, and allows Customer sole authority to control the defense and settlement of such Third-Party Claim. THIS SECTION 7.2 SETS FORTH CREDIBLE DATA’S SOLE REMEDIES AND CUSTOMER’S SOLE LIABILITY FOR ANY THREATENED OR ALLEGED LOSSES RESULTING FROM THE THIRD-PARTY CLAIMS IDENTIFIED IN THIS SECTION.
    3. The indemnifying party may not settle any Third-Party Claim without the indemnified party’s prior written approval unless the settlement is for a monetary amount that does not require payment by the indemnified party, unconditionally releases the indemnified party from all liability without prejudice, does not require any admission by the indemnified party, and does not place restrictions upon the indemnified party’s business, products or services.
  8. Limitations of Liability.
    1. No Consequential Damages. To the extent permitted by law, in no event will a party be liable under or in connection with this Agreement under any legal or equitable theory, including breach of contract, tort (including negligence), strict liability, and otherwise, for any: (a) consequential, incidental, indirect, exemplary, special, enhanced, or punitive damages; (b) increased costs, diminution in value or lost business, production, revenues, or profits; (c) loss of goodwill or reputation; or (d) cost of replacement goods or services, in each case regardless of whether such party was advised of the possibility of such losses or damages or such losses or damages were otherwise foreseeable.
    2. Direct Damages. To the extent permitted by law, in no event will either party’s total cumulative aggregate liability to the other exceed the fees paid or payable by Customer to Credible Data in the 12 month period preceding the first event giving rise to liability. The existence of more than one claim will not enlarge this limit.
    3. Exceptions. The foregoing exclusions and limits in this section do not apply to Customer’s payment obligations, either party’s liability arising out of or related to infringement or misappropriation of the other party’s intellectual property rights, or loss or damage caused by a party’s gross negligence or willful misconduct.
  9. Term and Termination.
    1. Term. This Agreement will continue from the Effective Date until the earlier of: (a) the expiration of all Subscription Terms, or (b) termination pursuant to Section 9.2 below.
    2. Termination. In addition to any other remedies it may have, either party may terminate this Agreement upon written notice if the other party: (a) materially breaches any of the terms or conditions of this Agreement and fails to cure such breach within 30 days after written notice describing the breach; or (b) files for bankruptcy or is the subject of an involuntary filing in bankruptcy (in the latter case, which filing is not discharged within 60 days) or makes an assignment for the benefit of creditors or a trustee is appointed over all or a substantial portion of its assets.
    3. Effect of Termination. Upon expiration or earlier termination of this Agreement, Customer shall immediately discontinue use of the Platform, and each party will comply with the obligations in Section 4 regarding return or destruction of the other party’s Confidential Information. No expiration or termination will affect Customer’s obligation to pay all Fees that may have become due before such expiration or termination or entitle Customer to any refund. Customer will have reasonable access to, and the ability to reasonably export, its Customer Data for a period of 30 days following such termination or expiration, after which Credible Data shall delete, destroy, or return all copies of information retained on the Platform provided by Customer.
    4. EU Data Act. If Customer is located in the European Economic Area, then pursuant to the EU Data Act (Regulation (EU) 2023/2854), Credible Data will: (a) extend Customer’s subscription for up to 90 days after Credible Data’s receipt of a valid switching request pursuant to the Data Act, subject to Customer’s payment of all Fees through the end of such period, and (b) assist Customer to export Customer Data during the post-termination period identified in Section 9.3 above.
    5. Survival. This Section 9.5 and Sections 2.2, 4, 5, 7, 8 and 10, and each other provision that by its nature should survive termination, will survive any termination or expiration of this Agreement for any reason.
  10. Miscellaneous.
    1. Entire Agreement. This Agreement (together with all Order Forms) constitutes the entire agreement and understanding between Credible Data and Customer with respect to the subject matter hereof and supersedes all prior and contemporaneous understandings, agreements, representations, and warranties, both written and oral, with respect to such subject matter. This Agreement shall supersede the terms of any purchase order or other business form. If accepted by Credible Data in lieu of or in addition to Credible Data’s Order Form, Customer’s purchase order shall be binding only as to the following terms: (a) the Platform usage rights ordered and (b) the appropriately calculated fees due.
    2. Notices. All notices made pursuant to this Agreement shall be in writing and shall be deemed effectively given upon the earlier of actual receipt, or: (a) personal delivery to the party to be notified, (b) on the day of delivery, if sent by electronic mail with no notice of delivery failure, (c) five days after having been sent by registered or certified mail, return receipt requested, postage prepaid, or (d) one business day after deposit with a nationally recognized overnight courier, freight prepaid, specifying next business day delivery, with written verification of receipt.
    3. Interpretation, Waiver. The words “hereof,” “herein,” and “hereunder” and words of similar import, when used in this Agreement, will refer to this Agreement as a whole and not to any particular provision of this Agreement. A word importing the singular includes the plural and vice versa. Gendered pronouns are used for convenience and are intended to refer to the masculine or feminine, as applicable. Whenever the words “include,” “includes” or “including” are used in this Agreement, they will be deemed to be followed by the words “without limitation,” unless preceded by the word “not”. The invalidity, illegality, or unenforceability of any provision herein does not affect any other provision herein or the validity, legality, or enforceability of such provision in any other jurisdiction. Any failure to act by either party with respect to a breach of this Agreement by the other party or others does not constitute a waiver and will not limit such party’s rights with respect to such breach or any subsequent breaches.
    4. Assignment. This Agreement may not be assigned by either party without the other party’s prior written consent, whether by operation of law or otherwise; provided that either party may assign this Agreement without consent to its successor in the event of a merger, acquisition or sale of all or substantially all of the assets of such party. The assigning party will promptly notify the other party of any of the foregoing events. Any other purported assignment shall be void.
    5. Governing Law. This Agreement is governed by and construed in accordance with the internal laws of the State of Colorado without giving effect to any choice or conflict of law provision or rule that would require or permit the application of the laws of any other jurisdiction. The parties expressly agree that the United Nations Convention on Contracts for the International Sale of Goods will not apply.
    6. Arbitration. Any dispute between the Parties that cannot be resolved through good-faith informal negotiation will be resolved through final and binding arbitration under the JAMS Commercial Arbitration Rules (or any successor rules then in effect). This arbitration provision is governed by the Federal Arbitration Act (FAA) (9 U.S.C. §§ 1-16,201-208,301-307). The seat (legal place) of the arbitration will be Boulder, Colorado USA. The Parties agree that arbitration proceedings will be conducted by a single arbitrator chosen by the parties or in accordance with the JAMS rules if the parties are unable to agree on an arbitrator, and that arbitration proceedings will be conducted remotely using videoconferencing technology, and in English. The decision of the arbitrator will be final and binding, and judgment on the arbitral award may be entered in any court of competent jurisdiction for enforcement. Unless otherwise agreed by the parties or directed by the arbitrator, each party will bear its own legal and expert fees and an equal share of the arbitration costs, including arbitrator fees. The arbitrator shall have the authority to award any remedy or relief that a court of competent jurisdiction could award, including injunctive relief and specific performance. The arbitrator may, in the final award, apportion costs and fees between the parties, including awarding costs, and reimbursement of reasonable travel expenses to the prevailing party.
    7. Amendments. All amendments or modifications to this Agreement must be made only by a written document executed by duly authorized representatives of the parties. To the extent that any term of an Order Form conflicts with any of the terms of this Agreement, and the Order Form explicitly states that it intends to modify the conflicting terms, then the Order Form supersedes this Agreement with respect to such conflicting terms.
    8. Independent Parties. Nothing in this Agreement will be construed to create a partnership, joint venture or agency relationship between the parties. Neither party will have the power to bind the other or to incur obligations on the other’s behalf without such other party’s prior written consent. Except as expressly set forth in this Agreement, the exercise by either party of any remedy under this Agreement will be without prejudice to its other remedies under this Agreement or otherwise.
    9. Counterparts. This Agreement may be executed and delivered by facsimile or electronic signature and in two or more counterparts, each of which will be deemed an original, but all of which together will constitute one and the same instrument.

Schedule 1 — Description of Data Processing

The data processing activities carried out by Credible Data under the Agreement may be described as follows:

Categories of data subjects whose personal data is transferred
Data subjects are: (a) Customer’s personnel who use the Platform by or at the direction of Customer, and (b) users of Customer’s product or service, if Customer imports their Personal Data into the Platform.
Categories of personal data transferred
The categories of Personal Data are: (a) the name, email and telephone contact information for Customer personnel who use the Platform, (b) other Personal Data that Customer or its users may process via the Platform or otherwise provide to Credible Data, and (c) contact information for users of Customer’s product or service, if Customer stores such information and imports it into the Platform.
Sensitive data categories.
Not anticipated. If Customer processes sensitive data using the Platform, it will be subject to the security obligations applicable to all Customer Data.
The frequency of the transfer
(e.g. whether the data is transferred on a one-off or continuous basis). Continuous
Nature of the processing
Credible Data will process Personal Data to provide the Platform identified in the Agreement.
Purpose(s) of the data transfer and further processing
Credible Data will transfer Personal Data to provide the Platform identified in the Agreement.

Schedule 2 — Technical and Organizational Measures (TOMs)

The technical and organizational measures (TOMs) provided below apply to Platform provided by Credible Data, Inc. except where Customer is responsible for its own TOMs in its use of the Platform. Evidence of the implementations of these TOMs may be presented in the form of up-to-date attestations, reports or extracts from independent bodies upon written request from Customer.

Technical and Organizational Security MeasureDetails
Measures of pseudonymisation and encryption of personal dataCustomer data is stored in a multi-tenant application with logical separation between Customer instances. Sensitive authentication information is encrypted, and the database is encrypted at rest.
Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and servicesCredible Data has policies and procedures in place to ensure confidentiality, integrity and resilience of processing systems and services. These include an Access Control Policy, Business Continuity and Disaster Recovery Policy, Data Classification Policy and a Secure Development Policy.
Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incidentCustomer data is backed up at least at a daily cadence. Restoration tests are performed annually.
Processes for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures in order to ensure the security of the processingCredible Data monitors and tests controls to ensure they are operating as intended and updated as needed. Credible Data usesoutside vendorsto automate several of these controls, including employee activity and adherence to Credible Data policies and procedures, infrastructure monitoring, and development procedures.
Measures for user identification and authorizationCredible Data maintains an Access Control Policy. Measures for access control and authorization include formally documented roles and permissions, encrypted connection to production systems and networks, and single-sign on or 2FA where available. Access reviews are performed on a regular basis.
Measures for the protection of data during transmissionAll data transfer outside Credible Data’s private network is encrypted with HTTPS/SSL.
Measures for the protection of data during storageCredible Data’s database and file stores are encrypted at rest.
Measures for ensuring physical security of locations at which personal data are processedCredible Data does not operate physical servers or other infrastructure. For employer-provided computers: All Credible Data employees are required to complete physical security training, and all employees and contractors are required to enable a screen lock when the work computer is left unattended.
Measures for ensuring events loggingCredible Data has detailed event and data access logging, with automated alerts for anomalies or missing data.
Measures for ensuring system configuration, including default configurationCredible Data maintains guidelines for configuring and hardening instances, images and containers before they can be used in production.
Measures for ensuring data minimisationCredible Data collects data in connection with Customer’s use of the Platform, but only in aggregate, de-identified form which is not linked specifically to Customer or any individual, excluding Customer Data uploaded or submitted by Customer.
Measures for ensuring data qualityChanges to Credible Data data collection are reviewed, tested and monitored after deployment.
Measures for ensuring limited data retentionCredible Data retains data as long as Credible Data has a need for its use, or to meet regulatory or contractual requirements. Once data is no longer needed, it is securely disposed of or archived.
Measures for ensuring accountabilityCredible Data employees are required to review and acknowledge Credible Data security practices and policies, complete security training, and go through a security walkthrough with a senior member of the engineering organization. Credible Data conducts background checks on all new employees and requires all employees to sign a non-disclosure agreement before gaining access to systems.
Measures for allowing data portability and ensuring erasureCustomer may exercise portability or erasure rights upon request to Credible Data.
Technical and organizational measures of sub-processorsCredible Data collects and reviews the most security assessments from sub-processors on an annual basis.

Schedule 3 — Subprocessor List

Identified at https://credibledata.com/subprocessors