At cloudfortress®, we are committed to protecting your privacy and complying with applicable data privacy laws.

Personal Data We Collect:
We collect personal data to provide you with our services. This includes:

• Contact Information: Your name, email address, and phone number.
• Account Information: Username, password, and security questions.
• Transaction Data: Payment details necessary for processing orders.
• Usage Data: Information on how you use our services, including IP addresses, browser types, and interaction logs.

How We Use Your Data:
We use your data to:

• Provide and manage our services.
• Communicate with you about your account or services.
• Improve our services and develop new features.
• Ensure the security of our systems and detect/prevent fraud.

Data Sharing:
We do not share your personal data with third parties except:

• When required by law or in response to legal processes.
• With service providers who assist us in delivering our services, under strict confidentiality agreements.
• If necessary, to protect the rights, property, or safety of cloudfortress, our users, or the public.

Data Retention:
We retain your personal data only as long as necessary to fulfill the purposes outlined in this statement, or as required by law. Once the data is no longer needed, we securely delete or anonymize it.

Your Rights:
You have the right to:

• Access the personal data we hold about you.
• Correct any inaccuracies in your data.
• Request deletion of your data, subject to legal obligations.
• Object to or restrict the processing of your data.
• Withdraw consent for data processing at any time.

To exercise these rights, please contact us at [email protected].

Cookies:
We use cookies to enhance your experience and gather data on how our services are used. You can control your cookie preferences through your browser settings. For more information on our cookie usage, please visit our Cookie Policy.

International Data Transfers:
If you are accessing our services from outside the United States, please note that your data may be transferred to and processed in the United States or other countries where we operate. We ensure that such transfers are conducted in compliance with data protection laws.

cloudfortress, LLC Products and Services Data Protection Addendum
Last updated July 2, 2024
Published in English on July 2, 2024. Translations will be published by cloudfortress, LLC when available. These commitments are binding on cloudfortress, LLC as of July 2, 2024.

Introduction:
The parties agree that this cloudfortress, LLC Products and Services Data Protection Addendum (“DPA”) sets forth their obligations with respect to the processing and security of Customer Data, Professional Services Data, and Personal Data in connection with the Products and Services. The DPA is incorporated by reference into the Product Terms and other cloudfortress, LLC agreements. The parties also agree that, unless a separate Professional Services agreement exists, this DPA governs the processing and security of Professional Services Data. Separate terms, including different privacy and security terms, govern Customer’s use of Non-cloudfortress, LLC Products.
In the event of any conflict or inconsistency between the DPA Terms and any other terms in Customer’s volume licensing agreement or other applicable agreements in connection with the Products and Services (“Customer’s agreement”), the DPA Terms shall prevail. The provisions of the DPA Terms supersede any conflicting provisions of the cloudfortress, LLC Privacy Statement that otherwise may apply to processing of Customer Data, Professional Services Data, or Personal Data, as defined herein.
cloudfortress, LLC makes the commitments in this DPA to all Customers with an existing Customer’s agreement. These commitments are binding on cloudfortress, LLC with regard to Customer regardless of (1) the Product Terms that are otherwise applicable to any given Product subscription or license, or (2) any other agreement that references the Product Terms.

Applicable DPA Terms and Updates
Limits on Updates
When Customer renews or purchases a new subscription to a Product or enters into a work order for a Professional Service, the then-current DPA Terms will apply and will not change during Customer’s subscription for that Product or term for that Professional Service. When Customer obtains a perpetual license to Software, the then-current DPA Terms will apply (following the same provision for determining the applicable then-current Product Terms for that Software in Customer’s agreement) and will not change during Customer’s license for that Software.
New Features, Supplements, or Related Software
Notwithstanding the foregoing limits on updates, when cloudfortress, LLC introduces features, offerings, supplements or related software that are new (i.e., that were not previously included with the Products or Services), cloudfortress, LLC may provide terms or make updates to the DPA that apply to Customer’s use of those new features, offerings, supplements, or related software. If those terms include any material adverse changes to the DPA Terms, cloudfortress, LLC will provide Customer a choice to use the new features, offerings, supplements, or related software, without loss of existing functionality of a generally available Product or Professional Service. If Customer does not install or use the new features, offerings, supplements, or related software, the corresponding new terms will not apply.
Government Regulation and Requirements
Notwithstanding the foregoing limits on updates, cloudfortress, LLC may modify or terminate a Product or Professional Service in any country or jurisdiction where there is any current or future government requirement or obligation that (1) subjects cloudfortress, LLC to any regulation or requirement not generally applicable to businesses operating there, (2) presents a hardship for cloudfortress, LLC to continue operating the Product or offering the Professional Service without modification, and/or (3) causes cloudfortress, LLC to believe the DPA Terms or the Product or Professional Service may conflict with any such requirement or obligation.
Electronic Notices
cloudfortress, LLC may provide Customer with information and notices about Products and Services electronically, including via email, through the portal for an Online Service, or through a web site that cloudfortress, LLC identifies. Notice is given as of the date it is made available by cloudfortress, LLC.

Definitions
Capitalized terms used but not defined in this DPA will have the meanings provided in Customer’s agreement. The following defined terms are used in this DPA:

• “Customer Data” means all data, including all text, sound, video, or image files, and software, that are provided to cloudfortress, LLC by, or on behalf of, Customer through use of the Online Service. Customer Data does not include Professional Services Data.
• “Data Protection Requirements” means the GDPR, Local EU/EEA Data Protection Laws, and any applicable laws, regulations, and other legal requirements relating to (a) privacy and data security; and (b) the use, collection, retention, storage, security, disclosure, transfer, disposal, and other processing of any Personal Data.
• “DPA Terms” means the terms in the DPA and any Product-specific terms in the Product Terms that specifically supplement or modify the privacy and security terms in the DPA for a specific Product (or feature of a Product).
• “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
• “Local EU/EEA Data Protection Laws” means any subordinate legislation and regulation implementing the GDPR.
• “GDPR Terms” means the terms in Attachment 1, under which cloudfortress, LLC makes binding commitments regarding its processing of Personal Data as required by Article 28 of the GDPR.
• “Personal Data” means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• “Product” has the meaning provided in the volume license agreement. For ease of reference, “Product” includes Online Services and Software, each as defined in the volume license agreement.
• “Products and Services” means Products and Professional Services. Product and Professional Service availability may vary by region and applicability of this DPA to specific Products and Professional Services is subject to the limitations in the Scope section in this DPA.
• “Professional Services” means the following services: (a) cloudfortress, LLC’s consulting services, consisting of planning, advice, guidance, data migration, deployment and solution/software development services provided under a cloudfortress, LLC Enterprise Services Work Order or, when agreed to in the Project Description, under a Cloud Workload Acceleration Agreement that incorporates this DPA by reference; and (b) technical support services provided by cloudfortress, LLC that help customers identify and resolve issues affecting Products, including technical support provided as part of cloudfortress, LLC Unified Support or Premier Support Services, and any other commercial technical support services.
• “Professional Services Data” means all data, including all text, sound, video, image files or software, that are provided to cloudfortress, LLC, by or on behalf of a Customer (or that Customer authorizes cloudfortress, LLC to obtain from a Product) or otherwise obtained or processed by or on behalf of cloudfortress, LLC through an engagement with cloudfortress, LLC to obtain Professional Services.
• “2021 Standard Contractual Clauses” means the standard data protection clauses (processor-to-processor module) between cloudfortress, LLC Ireland Operations Limited and cloudfortress, LLC Corporation for the transfer of personal data from processors in the EEA to processors established in third countries which do not ensure an adequate level of data protection, as described in Article 46 of the GDPR and approved by the European Commission in decision 2021/914/EC, dated 4 June 2021.
• “Subprocessor” means other processors used by cloudfortress, LLC to process Customer Data, Professional Services Data, and Personal Data, as described in Article 28 of the GDPR.
• “Supplemental Professional Services” means support requests escalated from support to a Product engineering team for resolution and other consulting and support from cloudfortress, LLC provided in connection with Products or a volume license agreement that are not included in the definition of Professional Services.

General Terms:
cloudfortress, LLC will comply with all laws and regulations applicable to its providing the Products and Services, including security breach notification law and Data Protection Requirements. However, cloudfortress, LLC is not responsible for compliance with any laws or regulations applicable to Customer or Customer’s industry that are not generally applicable to information technology service providers. cloudfortress, LLC does not determine whether Customer’s data includes information subject to any specific law or regulation. All Security Incidents are subject to the Security Incident Notification terms below.
Customer must comply with all laws and regulations applicable to its use of Products and Services, including laws related to biometric data, confidentiality of communications, and Data Protection Requirements. Customer is responsible for determining whether the Products and Services are appropriate for storage and processing of information subject to any specific law or regulation and for using the Products and Services in a manner consistent with Customer’s legal and regulatory obligations. Customer is responsible for responding to any request from a third party regarding Customer’s use of Products and Services, such as a request to take down content under the U.S. Digital Millennium Copyright Act or other applicable laws.

Data Protection Terms:

• Scope: The DPA Terms apply to all Products and Services except as described in this section.
• Nature of Data Processing; Ownership: cloudfortress, LLC will use and otherwise process Customer Data, Professional Services Data, and Personal Data only as described and subject to the limitations provided below (a) to provide Customer the Products and Services in accordance with Customer’s documented instructions and (b) for business operations incident to providing the Products and Services to Customer.
• Processing to Provide Customer the Products and Services: For purposes of this DPA, “to provide” a Product consists of delivering functional capabilities as licensed, configured, and used by Customer and its users, troubleshooting, and keeping Products up to date and performant, and enhancing user productivity, reliability, efficacy, quality, and security.
• Processing for Business Operations Incident to Providing the Products and Services to Customer: For purposes of this DPA, “business operations” means the processing operations authorized by customer in this section.
• Disclosure of Processed Data: cloudfortress, LLC will not disclose or provide access to any Processed Data except: (1) as Customer directs; (2) as described in this DPA; or (3) as required by law.
• Processing of Personal Data; GDPR: All Personal Data processed by cloudfortress, LLC in connection with providing the Products and Services is obtained as part of either (a) Customer Data, (b) Professional Services Data, or (c) data generated, derived or collected by cloudfortress, LLC, including data sent to cloudfortress, LLC as a result of a Customer’s use of service-based capabilities or obtained by cloudfortress, LLC from locally installed software.
• Processor and Controller Roles and Responsibilities: Customer and cloudfortress, LLC agree that Customer is the controller of Personal Data and cloudfortress, LLC is the processor of such data, except (a) when Customer acts as a processor of Personal Data, in which case cloudfortress, LLC is a subprocessor; or (b) as stated otherwise in the Product-specific terms or this DPA.
• Processing Details: The parties acknowledge and agree that the subject-matter of the processing is limited to Personal Data within the scope of the section of this DPA entitled “Nature of Data Processing; Ownership” above and the GDPR.
• Data Subject Rights; Assistance with Requests: cloudfortress, LLC will make available to Customer, in a manner consistent with the functionality of the Products and Services and cloudfortress, LLC’s role as a processor of Personal Data of data subjects, the ability to fulfill data subject requests to exercise their rights under the GDPR.
• Records of Processing Activities: To the extent the GDPR requires cloudfortress, LLC to collect and maintain records of certain information relating to Customer, Customer will, where requested, supply such information to cloudfortress, LLC and keep it accurate and up-to-date.
• Data Security: cloudfortress, LLC will implement and maintain appropriate technical and organizational measures to protect Customer Data, Professional Services Data, and Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
• Security Incident Notification: If cloudfortress, LLC becomes aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data, Professional Services Data, or Personal Data while processed by cloudfortress, LLC, cloudfortress, LLC will promptly and without undue delay (1) notify Customer of the Security Incident; (2) investigate the Security Incident and provide Customer with detailed information about the Security Incident; (3) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Incident.
• Data Transfers and Location: Customer Data, Professional Services Data, and Personal Data that cloudfortress, LLC processes on Customer’s behalf may not be transferred to, or stored and processed in a geographic location except in accordance with the DPA Terms and the safeguards provided below in this section.
• Data Retention and Deletion: At all times during the term of Customer’s subscription or the applicable Professional Services engagement, Customer will have the ability to access, extract and delete Customer Data stored in each Online Service and Professional Services Data.
• Processor Confidentiality Commitment: cloudfortress, LLC will ensure that its personnel engaged in the processing of Customer Data, Professional Services Data, and Personal Data will process such data only on instructions from Customer or as described in this DPA, and will be obligated to maintain the confidentiality and security of such data even after their engagement ends.
• Notice and Controls on use of Subprocessors: cloudfortress, LLC may hire Subprocessors to provide certain limited or ancillary services on its behalf. Customer consents to this engagement and to cloudfortress, LLC Affiliates as Subprocessors.
• Educational Institutions: If Customer is an educational agency or institution to which regulations under the Family Educational Rights and Privacy Act, 20 U.S.C. § 1232g (FERPA), apply, cloudfortress, LLC acknowledges that for the purposes of the DPA, cloudfortress, LLC is a “school official” with “legitimate educational interests” in the Customer Data and Professional Services Data, as those terms have been defined under FERPA and its implementing regulations, and cloudfortress, LLC agrees to abide by the limitations and requirements imposed by 34 CFR 99.33(a) on school officials.
• CJIS Customer Agreement: cloudfortress, LLC provides certain government cloud services (“Covered Services”) in accordance with the FBI Criminal Justice Information Services ("CJIS") Security Policy (“CJIS Policy”).
• HIPAA Business Associate: If Customer is a “covered entity” or a “business associate” and includes "protected health information" in Customer Data or Professional Services Data, as those terms are defined under the Health Insurance Portability and Accountability Act of 1996, as amended, and the regulations promulgated thereunder (collectively, “HIPAA”), execution of Customer’s agreement includes execution of the HIPAA Business Associate Agreement (“BAA”).
• Telecommunication Data: To the extent cloudfortress, LLC is processing traffic, content and other Personal Data in the provision of Products and Services that qualify as telecommunication services under applicable law, specific statutory obligations may apply.
• California Consumer Privacy Act (CCPA): If cloudfortress, LLC is processing Personal Data within the scope of the CCPA, cloudfortress, LLC makes the following additional commitments to Customer. cloudfortress, LLC will process Customer Data, Professional Services Data, and Personal Data on behalf of Customer and not retain, use, or disclose that data for any purpose other than for the purposes set out in the DPA Terms and as permitted under the CCPA.
• Biometric Data: If Customer uses Products and Services to process Biometric Data, Customer is responsible for providing notice to data subjects, obtaining consent from data subjects, and deleting the Biometric Data, all as appropriate and required under applicable Data Protection Requirements.
• Supplemental Professional Services: When used in the sections listed below, the defined term “Professional Services” includes Supplemental Professional Services, and the defined term “Professional Services Data” includes data obtained for Supplemental Professional Services.
• How to Contact cloudfortress, LLC: If Customer believes that cloudfortress, LLC is not adhering to its privacy or security commitments, Customer may contact customer support or use [email protected].

cloudfortress, LLC has implemented and will maintain for Customer Data in the Core Online Services and Professional Services Data the following security measures, which in conjunction with the security commitments in this DPA (including the GDPR Terms), are cloudfortress, LLC’s only responsibility with respect to the security of that data.

Domain Practices

Organization of Information Security: cloudfortress has appointed one or more security officers responsible for coordinating and monitoring the security rules and procedures. Personnel with access to Customer Data or Professional Services Data are subject to confidentiality obligations. Risk assessments are performed before processing the Customer Data or launching the Online Services and Professional Services.

Asset Management: cloudfortress maintains an inventory of all media on which Customer Data or Professional Services Data is stored. Access to the inventories of such media is restricted to cloudfortress personnel authorized in writing to have such access. Customer Data and Professional Services Data are classified to help identify and restrict access appropriately.

Human Resources Security: cloudfortress informs its personnel about relevant security procedures and their respective roles. Only anonymous data is used in training.

Physical and Environmental Security: cloudfortress limits access to facilities where information systems processing Customer Data or Professional Services Data are located to identified authorized individuals. Records of incoming and outgoing media containing Customer Data or Professional Services Data are maintained.

Communications and Operations Management: cloudfortress maintains security documents describing its security measures and the relevant procedures and responsibilities of its personnel who have access to Customer Data or Professional Services Data.

Data Recovery Procedures: Multiple copies of Customer Data and Professional Services Data are maintained, and data recovery procedures are reviewed regularly. Data restoration efforts are logged, including details of the restoration process.

Malicious Software: cloudfortress has anti-malware controls to help avoid unauthorized access to Customer Data and Professional Services Data by malicious software.

Data Beyond Boundaries: Customer Data and Professional Services Data transmitted over public networks are encrypted. Access to media containing this data is restricted.

Service Monitoring: Security personnel verify logs at least every six months and propose remediation efforts if necessary.

Business Continuity Management: cloudfortress maintains emergency and contingency plans for facilities processing Customer Data or Professional Services Data. Redundant storage and data recovery procedures are designed to attempt to reconstruct data in its original state.

Data Subjects:
Data subjects include the Customer’s representatives and end-users including employees, contractors, collaborators, and customers of the Customer. Data subjects may also include individuals attempting to communicate or transfer personal information to users of the services provided by cloudfortress, LLC. cloudfortress, LLC acknowledges that, depending on Customer’s use of the Products and Services, Customer may elect to include personal data from any of the following types of data subjects in the personal data:

• Employees, contractors, and temporary workers (current, former, prospective) of Customer
• Dependents of the above
• Customer's collaborators/contact persons (natural persons) or employees, contractors, or temporary workers of legal entity collaborators/contact persons (current, prospective, former)
• Users (e.g., customers, clients, patients, visitors, etc.) and other data subjects that are users of Customer's services
• Partners, stakeholders, or individuals who actively collaborate, communicate, or otherwise interact with employees of the Customer and/or use communication tools such as apps and websites provided by the Customer
• Stakeholders or individuals who passively interact with Customer (e.g., because they are the subject of an investigation, research or mentioned in documents or correspondence from or to the Customer)
• Minors
• Professionals with professional privilege (e.g., doctors, lawyers, notaries, religious workers, etc.)

Categories of Data:
The personal data that is included in e-mail, documents, and other data in an electronic form in the context of the Products and Services. cloudfortress, LLC acknowledges that, depending on Customer’s use of the Products and Services, Customer may elect to include personal data from any of the following categories in the personal data:

• Basic personal data (e.g., place of birth, street name, and house number, postal code, city of residence, country of residence, mobile phone number, first name, last name, initials, email address, gender, date of birth), including basic personal data about family members and children
• Authentication data (e.g., username, password or PIN code, security question, audit trail)
• Contact information (e.g., addresses, email, phone numbers, social media identifiers; emergency contact details)
• Unique identification numbers and signatures (e.g., Social Security number, bank account number, passport and ID card number, driver’s license number, vehicle registration data, IP addresses, employee number, student number, patient number, signature, unique identifier in tracking cookies or similar technology)
• Pseudonymous identifiers
• Financial and insurance information (e.g., insurance number, bank account name and number, credit card name and number, invoice number, income, type of assurance, payment behavior, creditworthiness)
• Commercial information (e.g., history of purchases, special offers, subscription information, payment history)
• Biometric information (e.g., DNA, fingerprints, iris scans)
• Location data (e.g., Cell ID, geo-location network data, location by start call/end of the call. Location data derived from the use of wifi access points)
• Photos, video, and audio
• Internet activity (e.g., browsing history, search history, reading, television viewing, radio listening activities)
• Device identification (e.g., IMEI-number, SIM card number, MAC address)
• Profiling (e.g., based on observed criminal or anti-social behavior, pseudonymous profiles based on visited URLs, click streams, browsing logs, IP-addresses, domains, apps installed, or profiles based on marketing preferences)
• HR and recruitment data (e.g., declaration of employment status, recruitment information such as curriculum vitae, employment history, education history details, job and position data, including worked hours, assessments and salary, work permit details, availability, terms of employment, tax details, payment details, insurance details, and location and organizations)
• Education data (e.g., education history, current education, grades and results, highest degree achieved, learning disability)
• Citizenship and residency information (e.g., citizenship, naturalization status, marital status, nationality, immigration status, passport data, details of residency or work permit)
• Information processed for the performance of a task carried out in the public interest or in the exercise of an official authority
• Special categories of data (e.g., racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, data concerning a natural person’s sex life or sexual orientation, or data relating to criminal convictions or offenses)
• Any other personal data identified in Article 4 of the GDPR

By this Additional Safeguards Addendum to the DPA (this “Addendum”), cloudfortress, LLC provides additional safeguards to Customer for the processing of personal data, within the scope of the GDPR, by cloudfortress, LLC on behalf of Customer and additional redress to the data subjects to whom that personal data relates.

This Addendum supplements and is made part of, but is not in variation or modification of, the DPA.

1. Challenges to Orders:
In the event cloudfortress, LLC receives an order from any third party for compelled disclosure of any personal data processed under this DPA, cloudfortress, LLC shall:

• Use every reasonable effort to redirect the third party to request data directly from Customer;
• Promptly notify Customer, unless prohibited under the law applicable to the requesting third party, and, if prohibited from notifying Customer, use all lawful efforts to obtain the right to waive the prohibition in order to communicate as much information to Customer as soon as possible; and
• Use all lawful efforts to challenge the order for disclosure on the basis of any legal deficiencies under the laws of the requesting party or any relevant conflicts with applicable law of the European Union or applicable Member State law.

If, after the steps described in a. through c. above, cloudfortress, LLC or any of its affiliates remains compelled to disclose personal data, cloudfortress, LLC will disclose only the minimum amount of that data necessary to satisfy the order for compelled disclosure.

2. Indemnification of Data Subjects:
Subject to Sections 3 and 4, cloudfortress, LLC shall indemnify a data subject for any material or non-material damage to the data subject caused by cloudfortress, LLC’s disclosure of personal data of the data subject that has been transferred in response to an order from a non-EU/EEA government body or law enforcement agency in violation of cloudfortress, LLC’s obligations under Chapter V of the GDPR (a “Relevant Disclosure”). Notwithstanding the foregoing, cloudfortress, LLC shall have no obligation to indemnify the data subject under this Section 2 to the extent the data subject has already received compensation for the same damage, whether from cloudfortress, LLC or otherwise.

3. Conditions of Indemnification:
Indemnification under Section 2 is conditional upon the data subject establishing, to cloudfortress, LLC’s reasonable satisfaction, that:

• cloudfortress, LLC engaged in a Relevant Disclosure;
• The Relevant Disclosure was the basis of an official proceeding by the non-EU/EEA government body or law enforcement agency against the data subject; and
• The data subject bears the burden of proof with respect to conditions a. through c.

Notwithstanding the foregoing, cloudfortress, LLC shall have no obligation to indemnify the data subject under Section 2 if cloudfortress, LLC establishes that the Relevant Disclosure did not violate its obligations under Chapter V of the GDPR.

4. Scope of Damages:
Indemnification under Section 2 is limited to material and non-material damages as provided in the GDPR and excludes consequential damages and all other damages not resulting from cloudfortress, LLC’s infringement of the GDPR.

5. Exercise of Rights:
Rights granted to data subjects under this Addendum may be enforced by the data subject against cloudfortress, LLC irrespective of any restriction in Clauses 3 or 6 of the Standard Contractual Clauses. The data subject may only bring a claim under this Addendum on an individual basis, and not part of a class, collective, group or representative action. Rights granted to data subjects under this Addendum are personal to the data subject and may not be assigned.

6. Notice of Change:
cloudfortress, LLC agrees and warrants that it has no reason to believe that the legislation applicable to it or its sub-processors, including in any country to which personal data is transferred either by itself or through a sub-processor, prevents it from fulfilling the instructions received from the Customer and its obligations under this Addendum or the 2021 Standard Contractual Clauses and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by this Addendum or the Standard Contractual Clauses, it will promptly notify the change to Customer as soon as it is aware, in which case Customer is entitled to suspend the transfer of data and/or terminate the contract.

cloudfortress, LLC makes the commitments in these GDPR Terms to all customers effective May 25, 2018. These commitments are binding upon cloudfortress, LLC with regard to Customer regardless of (1) the version of the Product Terms and DPA that is otherwise applicable to any given Product subscription or license, or (2) any other agreement that references this attachment.

For purposes of these GDPR Terms, Customer and cloudfortress, LLC agree that Customer is the controller of Personal Data and cloudfortress, LLC is the processor of such data, except when Customer acts as a processor of Personal Data, in which case cloudfortress, LLC is a subprocessor. These GDPR Terms apply to the processing of Personal Data, within the scope of the GDPR, by cloudfortress, LLC on behalf of Customer. These GDPR Terms do not limit or reduce any data protection commitments cloudfortress, LLC makes to Customer in the Product Terms or other agreement between cloudfortress, LLC and Customer. These GDPR Terms do not apply where cloudfortress, LLC is a controller of Personal Data.

Relevant GDPR Obligations: Articles 5, 28, 32, and 33

1. cloudfortress, LLC supports Customer's accountability obligations via this DPA and the product documentation provided to Customer, and will continue to do so during the term of Customer’s subscription or the applicable Professional Services engagement pursuant to subsection 3(h) below. (Article 5(2))
2. cloudfortress, LLC shall not engage another processor without prior specific or general written authorization of Customer. In the case of general written authorization, cloudfortress, LLC shall inform Customer of any intended changes concerning the addition or replacement of other processors, thereby giving Customer the opportunity to object to such changes. (Article 28(2))
3. Processing by cloudfortress, LLC shall be governed by these GDPR Terms under European Union (hereafter “Union”) or Member State law and are binding on cloudfortress, LLC with regard to Customer. The subject-matter and duration of the processing, the nature and purpose of the processing, the type of Personal Data, the categories of data subjects and the obligations and rights of the Customer are set forth in the Customer’s licensing agreement, including these GDPR Terms. In particular, cloudfortress, LLC shall:
   1. Process the Personal Data only on documented instructions from Customer, including with regard to transfers of Personal Data to a third country or an international organization, unless required to do so by Union or Member State law to which cloudfortress, LLC is subject; in such a case, cloudfortress, LLC shall inform Customer of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;
   2. Ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
   3. Take all measures required pursuant to Article 32 of the GDPR;
   4. Respect the conditions referred to in paragraphs 1 and 3 for engaging another processor;
   5. Taking into account the nature of the processing, assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the Customer’s obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR;
   6. Assist Customer in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of processing and the information available to cloudfortress, LLC;
   7. At the choice of Customer, delete or return all the Personal Data to Customer after the end of the provision of services relating to processing, and delete existing copies unless Union or Member State law requires storage of the Personal Data;
   8. Make available to Customer all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by Customer or another auditor mandated by Customer.
4. Where cloudfortress, LLC engages another processor for carrying out specific processing activities on behalf of Customer, the same data protection obligations as set out in these GDPR Terms shall be imposed on that other processor by way of a contract or other legal act under Union or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of the GDPR. Where that other processor fails to fulfill its data protection obligations, cloudfortress, LLC shall remain fully liable to the Customer for the performance of that other processor's obligations. (Article 28(4))
5. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Customer and cloudfortress, LLC shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
   1. The pseudonymization and encryption of Personal Data;
   2. The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
   3. The ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and
   4. A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing. (Article 32(1))
6. In assessing the appropriate level of security, account shall be taken of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed. (Article 32(2))
7. Customer and cloudfortress, LLC shall take steps to ensure that any natural person acting under the authority of Customer or cloudfortress, LLC who has access to Personal Data does not process them except on instructions from Customer, unless he or she is required to do so by Union or Member State law. (Article 32(4))
8. cloudfortress, LLC shall notify Customer without undue delay after becoming aware of a Personal Data breach. (Article 33(2)). Such notification will include that information a processor must provide to a controller under Article 33(3) to the extent such information is reasonably available to cloudfortress, LLC.

Version 2024.8.2

This cloudfortress® Customer Agreement (the “Agreement”) is between Customer and cloudfortress® and consists of these General Terms, the DPA (“Data Protection Agreement”), the applicable Product Terms and SLAs, and any additional terms cloudfortress® presents when an order is placed. This Agreement takes effect when the Customer accepts it, applies to any order under this Agreement, and supersedes any end-user license agreement that accompanies a Product. The individual who accepts the Agreement represents that they are authorized to enter into this Agreement on behalf of Customer. Capitalized terms have the meanings given under “Definitions.”

General Terms

FOR INDIVIDUAL USERS, ADDITIONAL TERMS UNDER “SUPPLEMENTAL INDIVIDUAL USER TERMS” APPLY.

License to use cloudfortress® Products

• Licenses for Products: Products are licensed and not sold. Upon cloudfortress®’s acceptance of each order and subject to Customer’s compliance with this Agreement, cloudfortress® grants Customer a nonexclusive and limited license to use the Products ordered as provided in this Agreement. These licenses are solely for Customer’s own use and business purposes and are nontransferable except as expressly permitted under this Agreement or applicable law.
• Duration of licenses: Online Services and some Software are licensed on a subscription basis for a specified period. Subscriptions expire at the end of the applicable subscription period unless renewed. Some Subscriptions renew automatically until canceled. The Subscription term for Online Services that are billed in arrears based on usage is the same as the billing period unless otherwise specified in the Product Terms. Perpetual Software licenses become perpetual upon payment in full.
• End Users: The customer will control access to, and use of, the Products by End Users and is responsible for any use of the Products that does not comply with this Agreement.
• Affiliates: Customer may order Products for use by its Affiliates. If it does, the licenses granted to Customer under this Agreement will apply to such Affiliates, but Customer will have the sole right to enforce this Agreement against cloudfortress®. Customer will remain responsible for all obligations under this Agreement and for its Affiliates’ compliance with this Agreement.
• Reservation of Rights: cloudfortress® reserves all rights not expressly granted in this Agreement. Products and Services Deliverables are protected by copyright and other intellectual property laws and international treaties. No rights will be granted or implied by waiver or estoppel. Rights to access or use a Product on a device do not give Customer any right to implement cloudfortress® patents or other cloudfortress® intellectual property in the device itself or in any other software or devices.
• Restrictions: Except as expressly permitted in this Agreement or Product documentation, Customer must not (and is not licensed to):
  • reverse engineer, decompile, or disassemble any Product or Services Deliverable, or attempt to do so (except where applicable law permits despite this limitation);
  • install or use non-cloudfortress® software or technology in any way that would subject cloudfortress®’s intellectual property or technology to any other license terms;
  • work around any technical limitations in a Product or Services Deliverable or restrictions in Product documentation;
  • separate and run parts of a Product or Services Deliverable on more than one device;
  • upgrade or downgrade parts of a Product at different times;
  • transfer parts of a Product separately;
  • distribute, sublicense, rent, lease, or lend any Products or Services Deliverables, in whole or in part, or use them to offer hosting services to a third party.
• License transfers: Licenses are NOT TRANSFERRABLE. Attempted license transfers that do not comply with this section are void.
• Customer Eligibility: Customer agrees that if it is purchasing academic, government, or nonprofit Products, Customer meets the respective eligibility requirements; please contact [email protected] for additional information. cloudfortress® reserves the right to verify eligibility and suspend Product use if requirements are not met.

Professional Services

• Performance of Professional Services: Upon cloudfortress®’s acceptance of each Statement of Services and subject to Customer’s compliance with this Agreement, cloudfortress® will perform the Professional Services ordered as provided in this Agreement and the applicable Statement of Services.
• Fixes: Each Fix is licensed under the same terms as the Product to which it applies. If a Fix is not provided for a specific Product, any use rights cloudfortress® provides with the Fix will apply.
• Pre-existing Work: All rights in any computer code or other written materials a party develops or obtains independent of this Agreement (“Pre-existing Work”) will remain the sole property of the party providing it. Each party may use, reproduce, and modify the other party’s Pre-existing Work only as needed to perform obligations related to Professional Services.
• Services Deliverables: Subject to Customer’s compliance with this Agreement, cloudfortress® grants Customer a non-exclusive, limited license to use and modify the Services Deliverables as provided in this Agreement, including, without limitation, the reservation of rights, restrictions, and license transfer provisions under the section entitled License to use cloudfortress® Products. These licenses are solely for Customer’s own use and business purposes in connection with its use of Products and are nontransferable except as expressly permitted under this Agreement or applicable law.

Non-cloudfortress® Products

Non-cloudfortress® Products are provided under separate terms by the Publishers of such products. Customer will have an opportunity to review those terms prior to placing an order for a Non-cloudfortress® Product through a cloudfortress® online store or Online Service. cloudfortress® is not a party to the terms between Customer and the Publisher. cloudfortress® may provide Customer’s contact information and transaction details to the Publisher. cloudfortress® makes no warranties and assumes no responsibility or liability whatsoever for Non-cloudfortress® Products. Customer is solely responsible and liable for its use of any Non-cloudfortress® Product.

Verifying compliance

• Verification process: Customer must keep records relating to Products it and its Affiliates use or distribute. At cloudfortress®’s expense, cloudfortress® may verify Customer’s and its Affiliates’ compliance with this Agreement at any time upon 30 days’ notice. cloudfortress® may engage an independent auditor under nondisclosure obligations to perform the verification. Customer must promptly provide any information and documents that cloudfortress® or the auditor reasonably requests related to the verification and visual access to systems running the Products. All information and reports related to the verification process will be Confidential Information and used solely to verify compliance.
• Remedies for non-compliance: If verification reveals any unlicensed use, Customer must, within 30 days, order sufficient licenses to cover the period of its unlicensed use. Without limiting cloudfortress®’s other remedies, if unlicensed use is 5% or more of Customer’s total use of all Products, Customer must reimburse cloudfortress® for its costs incurred in verification and acquire sufficient licenses to cover its unlicensed use at 125% of the then-current Customer price or the maximum allowed under applicable law, if less.

Data Protection and Processing

cloudfortress® and its Affiliates, and their respective agents and subcontractors, will process Customer Data, Personal Data, and Professional Services Data as provided in this Agreement and the DPA, which is incorporated by reference. Before providing Personal Data to cloudfortress®, Customer will obtain all required consents from third parties (including Customer’s contacts, Partners, distributors, administrators, and employees) under applicable privacy and data protection laws.

Confidentiality

• Confidential Information: “Confidential Information” is non-public information that is designated “confidential” or that a reasonable person should understand is confidential, including, but not limited to, Customer Data, Professional Services Data, the terms of this Agreement, and Customer’s account authentication credentials. Confidential Information does not include information that (1) becomes publicly available without a breach of a confidentiality obligation; (2) the receiving party received lawfully from another source without a confidentiality obligation; (3) is independently developed; or (4) is a comment or suggestion volunteered about the other party’s business, products, or services.
• Protection of Confidential Information: Each party will take reasonable steps to protect the other’s Confidential Information and will use the other party’s Confidential Information only for purposes of the parties’ business relationship. Neither party will disclose Confidential Information to third parties, except to its Representatives, and then only on a need-to-know basis under nondisclosure obligations at least as protective as this Agreement. Each party remains responsible for the use of Confidential Information by its Representatives and, in the event of discovery of any unauthorized use or disclosure, must promptly notify the other party. The Product Terms and DPA provide additional terms regarding the disclosure and use of Customer Data.
• Disclosure required by law: A party may disclose the other’s Confidential Information if required by law, but only after it notifies the other party (if legally permissible) to enable the other party to seek a protective order.
• Residual information: Neither party is required to restrict work assignments of its Representatives who have had access to Confidential Information. Each party agrees that the use of information retained in Representatives’ unaided memories in the development or deployment of the parties’ respective products or services does not create liability under this Agreement or trade secret law, and each party agrees to limit what it discloses to the other accordingly.
• Duration of Confidentiality obligation: These obligations apply: (1) for Customer Data, until it is deleted from the Online Services; and (2) for all other Confidential Information, for a period of five years after a party receives the Confidential Information.

Warranties

• Limited warranties and remedies: To the extent permitted by applicable law, the remedies below are Customer’s sole remedies for breach of the warranties provided in this section, and Customer waives any warranty claims not made during the applicable warranty period.
  • Online Services: cloudfortress® warrants that each Online Service will perform in accordance with the applicable SLA during Customer’s use. Customer’s remedies for breach of this warranty are described in the SLA.
  • Software: cloudfortress® warrants that the Software version that is current at the time Customer acquires it will perform substantially as described in the applicable Product documentation for one year from the date Customer acquires a license for that version. If it does not, and Customer notifies cloudfortress® within the warranty term, cloudfortress® will, at its option, (1) return the amount Customer paid for the Software license or a prorated portion of the applicable subscription fee or (2) repair or replace the Software.
  • Professional Services: cloudfortress® warrants that it will perform Professional Services with the applicable professional standard of care and skill in the industry. If cloudfortress® fails to do so, and Customer notifies cloudfortress® within 90 days from the completion of the work giving rise to the warranty claim, then cloudfortress® will, at its discretion, either re-perform the Professional Services or return the amount Customer paid for them.
• Exclusions: The warranties in this Agreement do not apply to problems caused by accident, abuse, or use inconsistent with this Agreement or applicable documentation, including failure to meet minimum system requirements. These warranties do not apply to free, trial, preview, or prerelease products, or to components of Products that Customer is permitted to redistribute.
• Disclaimer: Except for the limited warranties above or as required by applicable law, cloudfortress® provides no other warranties or conditions and disclaims any other express, implied, or statutory warranties and conditions, including warranties and conditions of quality, title, non-infringement, merchantability, and fitness for a particular purpose. Professional Services that are provided without charge are provided “AS IS,” WITHOUT ANY WARRANTY OR CONDITION.

Defense of third-party claims

The parties will defend each other against the third-party claims described in this section and will pay the amount of any resulting adverse final judgment or approved settlement, but only if the defending party is promptly notified in writing of the claim and has the right to control the defense and any settlement of it. The party being defended must provide the defending party with all requested assistance, information, and authority. The defending party will reimburse the other party for reasonable out-of-pocket expenses it incurs in providing assistance. This section describes the parties’ sole remedies and entire liability for such claims.

• By cloudfortress®: cloudfortress® will defend Customer against any third-party claim to the extent it alleges that a Product or Services Deliverable made available by cloudfortress® for a fee and used within the scope of the license granted under this Agreement (unmodified from the form provided by cloudfortress® and not combined with anything else), misappropriates a trade secret or directly infringes a patent, copyright, trademark, or other proprietary right of a third party. If cloudfortress® is unable to resolve a claim of misappropriation or infringement, it may, at its option, either (1) modify or replace the Product or Services Deliverable with a functional equivalent or (2) terminate Customer’s license and refund any license fees (less depreciation for perpetual licenses), including amounts paid in advance for unused consumption for any usage period after the termination date. cloudfortress® will not be liable for any claims or damages due to Customer’s continued use of a Product or Services Deliverable after being notified to stop due to a third-party claim.
• By Customer: To the extent permitted by applicable law, Customer will defend cloudfortress® and its Affiliates against any third-party claim to the extent it alleges that: (1) any Customer Data or Non-cloudfortress® Product hosted in an Online Service by cloudfortress® on Customer's behalf misappropriates a trade secret or directly infringes a patent, copyright, trademark, or other proprietary right of a third party; or (2) Customer’s use of any Product or Services Deliverable, alone or in combination with anything else, violates the law or harms a third party.

Limitation of liability

Subject to the Exclusions, Exceptions and Applicability provisions in subsections e, f, and g, each party’s liability to the other party for each Product or Professional Service provided under this Agreement is limited to direct damages finally awarded, not to exceed an amount determined as follows:

• Perpetual Licenses: For each Product licensed on a perpetual basis, each party’s maximum, aggregate liability is the amount Customer paid for the applicable licenses.
• Subscriptions: For each Product licensed on a subscription basis, each party’s maximum, aggregate liability is the total amount of subscription fees Customer paid to use the Product during the 12 months preceding the most recent incident giving rise to the claim(s).
• Professional Services: For Professional Services, each party’s maximum, aggregate liability is the amount Customer paid for the applicable Professional Services.
• Free offers and distributable code: For Products or Professional Services provided free of charge, and code that Customer is authorized to redistribute to third parties without separate payment to cloudfortress®, cloudfortress®’s liability is limited to direct damages finally awarded up to US$5,000.
• Exclusions: In no event will either party be liable for indirect, incidental, special, punitive, or consequential damages; loss of revenue, profits, or anticipated savings (whether direct or indirect); or loss of use, loss of business information, or interruption of business, however caused or on any theory of liability.
• Exceptions: No limitation or exclusions under this Agreement will apply to liability arising out of either party’s (1) confidentiality obligations (except for all liability related to Customer Data and Professional Service Data, which will remain subject to the limitations and exclusions above); (2) obligations under the section entitled Defense of Third-Party Claims; or (3) violation of the other party’s intellectual property rights.
• Applicability: To the extent permitted by applicable law, the limitations, exclusions, and exceptions set forth in this Limitation of Liability section apply to all claims and damages under or relating to this Agreement or the Products or Professional Services provided under this Agreement, including, without limitation, breach of contract, breach of warranty, strict liability, and negligence and other torts, even if the parties knew or should have known about the possibility of the damages.

Partners

• Selecting a Partner: Customer may authorize a Partner to place orders on Customer’s behalf and manage Customer’s purchases by associating the Partner with its account. If the Partner’s distribution right is terminated, Customer must select an authorized replacement Partner or purchase directly from cloudfortress®. Partners and other third parties are not agents of cloudfortress® and are not authorized to enter into any agreement with Customer on behalf of cloudfortress®.
• Partner Administrator privileges and access to Customer Data: If Customer purchases Online Services from a Partner, Customer may choose to provide that Partner with administrator privileges. Customer consents to cloudfortress® and its Affiliates providing that Partner with Customer Data and Administrator Data for purposes of provisioning, administering, and supporting (as applicable) the Online Services. Partner may process such data according to the terms of Partner’s agreement with Customer, and its privacy commitments may differ from cloudfortress®’s. Customer appoints Partner as its agent for purposes of providing and receiving notices and other communications to and from cloudfortress®. Customer may terminate the Partner’s administrative privileges at any time.
• Product Support: Partners may provide support for Products and other value-added services, and Partner is responsible for the performance of any services it provides. If Customer purchases cloudfortress® Support Services through a Partner, cloudfortress® will be responsible for the performance of those services subject to the terms of this Agreement.

Pricing and payment

If Customer orders from a Partner, the Partner will set Customer’s pricing and payment terms for that order, and Customer will pay the amount due to the Partner. Pricing and payment terms related to orders placed by Customer directly with cloudfortress® are set by cloudfortress®, and Customer will pay the amount due as described in this section.

• Payment method: Customer must provide a payment method or, if eligible, choose to be invoiced for purchases made on its account. By providing cloudfortress® with a payment method, Customer (1) consents to cloudfortress®’s use of account information regarding the selected payment method provided by the issuing bank or applicable payment network; (2) represents that it is authorized to use that payment method and that any payment information it provides is true and accurate; (3) represents that the payment method was established and is used primarily for commercial purposes and not for personal, family or household use; and (4) authorizes cloudfortress® to charge Customer using that payment method for orders under this Agreement.
• Invoices: cloudfortress® may invoice eligible Customers. Customer’s ability to elect payment by invoice is subject to cloudfortress®’s approval of Customer’s financial condition. Customer authorizes cloudfortress® to obtain information about Customer’s financial condition, which may include credit reports, to assess Customer’s eligibility for invoicing. Unless the Customer’s financial statements are publicly available, Customer may be required to provide its balance sheet, profit and loss and cash flow statements to cloudfortress®. Customer may be required to provide security in a form acceptable to cloudfortress® to be eligible for invoicing. cloudfortress® may withdraw Customer’s eligibility at any time and for any reason. Customer must promptly notify cloudfortress® of any changes in its company name or location and of any significant changes in the ownership, structure, or operational activities of the organization.
• Invoice Payment terms: Each invoice will identify the amounts payable by Customer to cloudfortress® for the period corresponding to the invoice. Customer will pay all amounts due within thirty (30) calendar days following the invoice date.
• Late Payment: cloudfortress® may, at its option, assess a late fee on any payments to cloudfortress® that are more than fifteen (15) calendar days past due at a rate of up to two percent (2%) of the total amount payable, calculated and payable monthly, or the highest amount allowed by law, if less.
• Cancelation fee: If a Subscription or Statement of Services permits early termination and Customer cancels the Subscription or Statement of Service before the end of the Subscription or billing period, Customer may be charged a cancelation fee. More details about cancelation can be found in the Product Terms.
• Recurring Payments: For subscriptions that renew automatically, Customer authorizes cloudfortress® to charge Customer’s payment method periodically for each subscription or billing period until the subscription is terminated. By authorizing recurring payments, Customer authorizes cloudfortress® to store Customer’s payment details and process such payments as either electronic debits or fund transfers, or as electronic drafts from the designated bank account (in the case of automated clearing house or similar debits), as charges to the designated card account (in the case of credit card or similar payments) (collectively, “Electronic Payments”). If any payment is returned unpaid or if any credit card or similar transaction is rejected or denied, cloudfortress® or its service providers reserve the right to collect any applicable return item, rejection, or insufficient funds fee to the maximum extent permitted by applicable law and to process any such fees as an Electronic Payment or to invoice Customer for the amount due.
• Taxes: cloudfortress® prices exclude applicable taxes unless identified as tax inclusive. If any amounts are to be paid to cloudfortress®, Customer will also pay any applicable value added, goods and services, sales, gross receipts, or other transaction taxes, fees, charges, or surcharges, or any regulatory cost recovery surcharges or similar amounts that are owed under this Agreement and that cloudfortress® is permitted to collect from Customer. Customer will be responsible for any applicable stamp taxes and for all other taxes that it is legally obligated to pay including any taxes that arise on the distribution or provision of Products or Professional Services by Customer to its Affiliates. cloudfortress® will be responsible for all taxes based upon its net income, gross receipts taxes imposed in lieu of taxes on income or profits, and taxes on its property ownership.
  • If any taxes are required to be withheld on payments invoiced by cloudfortress®, Customer may deduct such taxes from the amount owed and pay them to the appropriate taxing authority, but only if Customer promptly provides cloudfortress® an official receipt for those withholdings and other documents reasonably requested to allow cloudfortress® to claim a foreign tax credit or refund. Customer will ensure that any taxes withheld are minimized to the extent possible under applicable law.

Term and termination

• Term: This Agreement is effective until terminated by a party, as described below.
• Termination without cause: Either party may terminate this Agreement without cause on 60 days’ notice. Termination without cause will not affect Customer’s perpetual licenses. Licenses granted on a subscription basis and access to Online Services and cloudfortress® Support Services will continue for the remainder of the then-current subscription period(s) or support term, subject to the terms of this Agreement.
• Termination for cause: Without limiting other remedies it may have, either party may terminate this Agreement on 30 days’ notice for material breach if the other party fails to cure the breach within the 30-day notice period. Upon such termination, the following will apply:
  • All licenses granted under this Agreement will terminate immediately except for fully paid, perpetual licenses.
  • All amounts due under any unpaid invoices shall become due and payable immediately. For Subscriptions billed in arrears based on usage, Customer must pay for all unpaid usage as of the termination date immediately upon receipt of an invoice.
  • If cloudfortress® is in breach, Customer will receive a credit for any Subscription fees, including amounts paid in advance for unused consumption for any usage period after the termination date.
  • Customer must pay for all Professional Services provided as of the termination date immediately upon receipt of an invoice.
• Suspension: During any period of material breach by Customer, cloudfortress® may suspend a Subscription or Statement of Services without terminating this Agreement. cloudfortress® will give Customer 30 days’ notice before such suspension unless cloudfortress®’s charge against Customer’s payment method is declined or cloudfortress® reasonably believes immediate suspension is required to prevent unauthorized access to Customer Data or to ensure the ongoing confidentiality, integrity, availability, or resilience of cloudfortress®’s systems and services.
• Termination to comply with laws: cloudfortress® may modify or discontinue offering a Product or Professional Service and/or terminate a Subscription or Statement of Services for that Product or Professional Service in any country or jurisdiction where there is any current or future government requirement or obligation that (1) subjects cloudfortress® to any regulation or requirement that is not generally applicable to businesses operating there; (2) presents a hardship for cloudfortress® to continue offering the Product or Professional Service without modification; or (3) causes cloudfortress® to believe this Agreement or the Product or Professional Services offering may conflict with any such requirement or obligation. If cloudfortress® terminates a Subscription or Statement of Services under this provision, Customer will receive, as its sole remedy, a refund for any amount paid in advance for any period after termination. Customer will pay for all services provided or used before termination.

Modifications to this Agreement

cloudfortress® may update this Agreement from time to time. No changes will apply to perpetual Software licenses previously acquired. Changes will apply to new orders and to existing Subscriptions and Statements of Services as follows:

• DPA and SLA: Changes to the DPA and SLA will apply as provided in those documents.
• Product Terms: Material Adverse Changes will not apply during the then-current Subscription term but will take effect upon renewal. All other changes will apply when they are published on the Product Terms site. In addition, for Software Subscriptions, if Customer chooses to update the Software to a new version before the end of the Subscription term, the terms in effect at the time of the update will apply to the use of that Software.
• Other terms: Customer may be required to accept revised or additional terms when placing a new order. For existing Subscriptions and Statements of Services, Customer will be notified at least 60 days before changes take effect to these General Terms or any other terms that are part of the Agreement except the DPA, SLA, and Product Terms, which have separate terms for updates. Such changes will take effect upon renewal unless Customer accepts them earlier in the manner specified in the notice and will not supersede or modify any amendments to this Agreement. Customer agrees that its continued use of the Products or Professional Services after renewal will constitute its acceptance of all changes. If Customer does not agree to the changes, it must stop using the Products and Professional Services by the end of the Subscription or support term and turn off recurring billing for any Subscriptions that are set to renew automatically.
• Changes proposed by Customer: Customer may not modify this Agreement. Any additional or conflicting terms contained in a purchase order or otherwise presented by Customer are expressly rejected and will not apply.

Miscellaneous

• Independent contractors: The parties are independent contractors. Customer and cloudfortress® each may develop products independently without using the other’s Confidential Information.
• Agreement not exclusive: Customer is free to enter into agreements to license, use, and promote the products and services of others.
• Assignment: Either party may assign this Agreement to an Affiliate, but it must notify the other party in writing of the assignment. Customer consents to the assignment to an Affiliate or third party, without prior notice, of any rights cloudfortress® may have under this Agreement to receive payment and enforce Customer's payment obligations, and all assignees may further assign such rights without further consent. Any other proposed assignment of this Agreement must be approved by the non-assigning party in writing. Assignment will not relieve the assigning party of its obligations under the assigned Agreement. Any attempted assignment without required approval will be void.
• Severability: If any part of this Agreement is held to be unenforceable, the rest of the Agreement will remain in full force and effect.
• Waiver: Failure to enforce any provision of this Agreement will not constitute a waiver. Any waiver must be in writing and signed by the waiving party.
• No third-party beneficiaries: This Agreement does not create any third-party beneficiary rights except as expressly provided by its terms.
• Survival: All provisions survive termination of this Agreement except those requiring performance only during the term of the Agreement.
• Notices: All notices must be in writing. Except for notices relating to arbitration (as provided in certain supplemental terms for individual users), notices to cloudfortress® must be sent to the following address and will be deemed received on the date received at that address:
  • cloudfortress® LLC
  • 50 Alberigi Drive
  • Jessup, PA 18434
  • USA
  cloudfortress® may provide Customer with information and notices electronically, including via email, through the portal for an Online Service, or through a web site that cloudfortress® identifies. Notice is given as of the date it is made available by cloudfortress®.
• Applicable law: This Agreement will be governed by and construed in accordance with the laws of the State of Pennsylvania and federal laws of the United States. The 1980 United Nations Convention on Contracts for the International Sale of Goods and its related instruments will not apply to this Agreement.
• Dispute resolution: When bringing any action arising under this Agreement, the parties agree to the following exclusive venues:
  • If cloudfortress® brings the action, the venue will be where Customer has its headquarters.
  • If Customer brings the action against cloudfortress® or any cloudfortress® Affiliate located outside of Europe, the venue will be the state or federal courts in Wayne, County, Pennsylvania, USA.
  • If Customer brings the action against cloudfortress® or any cloudfortress® Affiliate located in Europe, and not also against cloudfortress® or a cloudfortress® Affiliate located outside of Europe, the venue will be Ireland.
  • The parties consent to personal jurisdiction in the agreed venues. This choice of venue does not prevent either party from seeking injunctive relief in any jurisdiction with respect to a violation of intellectual property rights or confidentiality obligations.
• Order of precedence: If there is a conflict between any documents in this Agreement that is not expressly resolved in those documents, their terms will control in the following order, from highest to lowest priority: (1) DPA; (2) these General Terms; (3) Product Terms; (4) SLA; and (5) any additional terms presented when an order is placed. Terms in an amendment control over the amended document and any prior amendments concerning the same subject matter.
• cloudfortress® Affiliates and subcontractors: cloudfortress® may perform its obligations under this Agreement through its Affiliates and use subcontractors to provide certain services. cloudfortress® remains responsible for their performance.
• Government procurement rules: If Customer is a government entity or is otherwise subject to government procurement requirements, Customer represents and warrants that (1) it has complied and will comply with all applicable government procurement laws and regulations; (2) it is authorized to enter into this Agreement; and (3) this Agreement satisfies all applicable procurement requirements.
• Compliance with Trade Laws: Products and Services Deliverables may be subject to U.S. and other countries' export jurisdictions. Each party will comply with all laws and regulations applicable to the import or export of the Products and Services Deliverables, including, without limitation, trade laws such as the U.S. Export Administration Regulations and International Traffic in Arms Regulations and sanctions regulations administered by the U.S. Office of Foreign Assets Control (“OFAC”) (“Trade Laws”). Customer will not take any action that causes cloudfortress® to violate U.S. or other applicable Trade Laws. cloudfortress® may suspend or terminate this Agreement to the extent that cloudfortress® reasonably believes that performance would cause it to violate Trade Laws or put it at risk of becoming subject to sanctions and penalties under such laws.

Definitions

• “Administrator Data” means the information provided to cloudfortress® or its Affiliates during sign-up, purchase, or administration of Products.
• “Affiliate” means any legal entity that controls, is controlled by, or is under common control with a party.
• “Control” means ownership of more than a 50% interest of voting securities in an entity or the power to direct the management and policies of an entity.
• “Confidential Information” is defined in the “Confidentiality” section.
• “Customer” means the entity identified as such on the account associated with this Agreement.
• “Customer Data” means all data, including all text, sound, video or image files, and software, that are provided to cloudfortress® or its Affiliates by, or on behalf of, Customer and its Affiliates through the use of Online Services. Customer Data does not include Professional Services Data.
• “DPA” means the cloudfortress® Products and Services Data Protection Addendum, as updated from time to time, published at https://needtocreatehyperlink or a successor site and any additional data protection terms that cloudfortress® presents with this Agreement.
• “End User” means any person Customer permits to use a Product or access Customer Data.
• “Fix” or “Fixes” means Product fixes, modifications or enhancements, or their derivatives, that cloudfortress® either releases generally (such as Product service packs) or provides to Customer to address a specific issue.
• “Licensing Site” means an approved reseller’s site or a successor site.
• “Material Adverse Change” means any change to the Use Rights for a Product that could reasonably affect Customer’s decision to purchase the Product and that would require Customer to purchase additional licenses, increase the cost to Customer of using the Product, remove an existing right, or place additional restrictions on the use of the Product.
• “cloudfortress®” means cloudfortress® LLC.
• “cloudfortress® Support Services” means Product support services that cloudfortress® offers under this Agreement as described in the Product Terms.
• “Non-cloudfortress® Product” means any third party-branded software, data, service, website, or product, unless incorporated by cloudfortress® in a Product.
• “Online Services” means cloudfortress®-hosted services to which Customer subscribes under this Agreement. It does not include software and services provided under separate license terms.
• “Partner” means a company cloudfortress® has authorized to distribute Products to Customer.
• “Personal Data” means any information relating to an identified or identifiable natural person.
• “Pre-Existing Work” means any computer code or other written materials developed or otherwise obtained independent of this Agreement.
• “Product” means all Software and Online Services that cloudfortress® offers under this Agreement as identified in the Product Terms, including previews, prerelease versions, updates, patches, and Fixes from cloudfortress®. Product availability may vary by region. “Product” does not include Non-cloudfortress® Products.
• “Product Terms” means the Use Rights and other terms, as updated from time to time or a successor site.
• “Professional Services” means cloudfortress® Support Services and consulting services provided by cloudfortress® to Customer under this Agreement. “Professional Services” do not include Online Services.
• “Professional Services Data” means all data, including all text, sound, video, image files, or software, that are provided to cloudfortress® or its Affiliates by, or on behalf of, Customer and its Affiliates (or that Customer or an Affiliate authorizes cloudfortress® to obtain from an Online Service) or otherwise obtained or processed by or on behalf of cloudfortress® or its Affiliates through an engagement with cloudfortress® to obtain Professional Services.
• “Publisher” means a provider of a Non-cloudfortress® Product.
• “Representatives” means a party’s employees, Affiliates, contractors, advisors, and consultants.
• “SLA” means Service Level Agreement, which specifies the minimum service level for the Online Services and is published on the Licensing Site.
• “Services Deliverables” means any computer code or materials (including without limitation proofs of concept, documentation and design recommendations, sample code, software libraries, algorithms, and machine learning models), other than Products or Fixes, that cloudfortress® leaves with Customer at the conclusion of cloudfortress®’s performance of Professional Services.
• “Software” means licensed copies of cloudfortress® software identified in the Product Terms. Software does not include Online Services, but Software may be part of an Online Service.
• “Statement of Services” means any order under this Agreement that includes or describes Professional Services.
• “Subscription” means a license for Customer to use or access a Product during a defined period of time.
• “use” means to copy, download, install, run, access, display, or otherwise interact with.
• “Use Rights” means the following sections of the Product Terms, as applicable to each Product offering: Use Rights, License Model terms, General Service Terms, Service Specific Terms, Add-ons, Universal License Terms, and Other Legal Terms.

Supplemental Individual User Purchase Terms

FOR INDIVIDUAL USERS (AS DEFINED BELOW), THE FOLLOWING ADDITIONAL TERMS BELOW ALSO APPLY.

IF INDIVIDUAL USER LIVES IN THE UNITED STATES, PLEASE READ THE “BINDING ARBITRATION AND CLASS ACTION WAIVER” CLAUSE IN THE “MISCELLANEOUS” SECTION. IT AFFECTS HOW DISPUTES CONCERNING THE CLOUDFORTRESS PRODUCT (INCLUDING ITS PRICE, ADVERTISING, MARKETING, OR COMMUNICATIONS), THE PURCHASE TRANSACTION, BILLING, OR THIS AGREEMENT ARE RESOLVED.

1. Definitions applicable to these Supplemental Individual User Purchase Terms:

• “Customer” means the entity or individual identified as such on the account associated with this Agreement.
• “Customer Individual User” means an Individual User who subscribes for or orders Products using an authentication identity (such as an email address) provided by the Individual User’s organization (such as an employer or school).
• “Individual User” means any individual person (other than an Administrator) subscribing to Online Services for use by a member or members of the subscriber’s organization, and if such Online Services require payment of a fee, providing a payment method for which Individual User is personally responsible.

2. The paragraph titled “Affiliates” in the “License to use cloudfortress® Products” section of this Agreement does not apply to Individual Users.

3. The “License Transfer” paragraph under the “License to use cloudfortress® Products” section is replaced as follows:

For Individual User purchases, Customer may not assign this Agreement either in whole or in part or transfer licenses without cloudfortress®’s consent, except in case of an Administrator assumption of control as permitted in this Agreement.

4. The below paragraphs are added under the “License to use cloudfortress® Products” section:

• Individual User and Customer rights: The following applies to Individual User purchases: To the extent Individual User is acting on behalf of its organization, the organization is the Customer and the owner of all rights and licenses to the Products that Individual User is purchasing hereunder, and Individual User’s access and rights thereto are granted to Individual User in its capacity as an end-user within such organization. In such case, if there is another agreement in effect with cloudfortress® pursuant to which the same organization maintains active subscriptions to Online Services (a “Prior Agreement”), then the terms of that Prior Agreement shall also govern the Customer’s use of and rights in and to the Online Services and control over any conflicting terms in the Agreement, but these Supplemental Terms shall continue to apply to Individual User.
• Authorization to use Customer domain and acknowledgment of shared directory data: For Customer Individual User purchases, Customer Individual User (1) represents that they have the authority to use that organization’s domain to sign up for a subscription or order Products in their capacity as a member of that organization; and (2) acknowledges that they will be added to a directory of users that share the same domain, and that directory data (name, date of signup, and email address) may be visible to other users of the Online Services within the same organization’s domain. All of the terms of the Agreement applicable to Customer (as amended and supplemented by these Individual User Purchase Terms) also apply to Customer Individual User.
• Assignment and assumption of rights and responsibilities:
  • For Customer Individual User purchases, the organization within which Online Services are used, as the owner of the domain associated with the authentication identity used for the purchase, may assume control over and manage Customer Individual User’s use of the Online Services. If it does, the organization’s designated administrator (the “Administrator”) may (1) control and administer Customer Individual User’s account, including modifying and terminating Customer Individual User’s access, and (2) access and process Customer Individual User’s data, including the contents of Customer Individual User’s communications and files. For other Individual User purchases, the Administrator has the rights described in (1) and (2) above from the time of purchase.
  • For any Individual User purchase, the Administrator may assume responsibility for future subscription fees or renewal fees. In such case, the Individual User must cancel the original subscription prior to the next renewal to avoid incurring any further payment obligation with respect to such subscription.
  • Effective upon any assumption of control or responsibility by the Administrator over the Online Services, the subscription or associated fees, Individual User hereby assigns to such Customer organization all of its right, title, and interest, if any, in the Products arising out of this Agreement. cloudfortress® may inform Individual User that Customer’s organization has assumed control of the Online Services covered by Individual User’s subscription or responsibility for the associated payment obligations, but cloudfortress® is under no obligation to provide such notice.
• Data Subject Requests: Except where the Administrator has assumed control over the account, Customer Individual Users should direct data subject requests and privacy inquiries directly to cloudfortress®. For other Individual Users, since the organization is managing the account associated with Individual User’s subscription and administering the use of the Online Services, Individual User should direct data subject requests and privacy inquiries to its Administrator.

5. The “Data Protection and Processing” section is replaced as follows:

Individual User’s privacy is important to cloudfortress®. Please read the cloudfortress® Privacy Statement (You need a link here – privacy policy attached) as it describes the types of data cloudfortress® collects from Individual users and Individual User’s devices (“Data”), how cloudfortress® uses that Data, and the legal bases cloudfortress® has to process that Data.

6. The sections entitled “Confidentiality” and “Partners” do not apply to Individual Users.

7. The first paragraph of the “Pricing and Payment” section is replaced as follows:

For Individual User purchases, pricing and payment terms for a given order are set by cloudfortress®, and Individual User will pay the amount due to cloudfortress®. In such a case, Individual User remains solely responsible for the timely payment of all amounts due to cloudfortress® in connection with the Products ordered by Individual User under this Agreement until they terminate the Agreement.

8. The “Independent Contractors,” “Agreement not exclusive,” and “Assignment” paragraphs included in the “Miscellaneous” section do not apply to Individual Users.

9. The below paragraph is added to the “Severability” paragraph of the “Miscellaneous” section:

For Individual User purchases, the “Binding arbitration and class action waiver” clause below describes what happens if parts of that “Binding arbitration and class action waiver” clause are found to be illegal or unenforceable. The “Binding arbitration and class action waiver” clause prevails over this section if inconsistent with it.

10. The “No third-party beneficiary” paragraph of the “Miscellaneous” section is replaced as follows:

For Individual User purchases, except for the “Binding arbitration and class action waiver” clause below, this Agreement does not create any third-party beneficiary rights except as expressly provided by its terms.

11. For Customers in the United States, the “Applicable Law” paragraph of the “Miscellaneous” section is replaced as follows:

For Individual User purchases, If Customer lives in (or if an organization has assumed the obligations of Customer under the “License to Use cloudfortress® Products” section above, and has its principal place of business in) the United States, the laws of the state where Customer lives (or where the organization’s principal place of business is located) govern all claims, regardless of conflict of laws principles, except that the Federal Arbitration Act governs all provisions relating to arbitration. Customer and cloudfortress® irrevocably consent to the exclusive jurisdiction and venue of the state or federal courts in Wayne County, State of Pennsylvania, for all disputes arising out of or relating to this Agreement or the cloudfortress® Product that are heard in court (excluding arbitration and small claims court). The 1980 United Nations Convention on Contracts for the International Sale of Goods and its related instruments will not apply to this Agreement.

12. For Customers in the United States, the “Dispute resolution” paragraph of the “Miscellaneous” section is replaced as follows:

a. Binding arbitration and class action waiver: For Individual User purchases, if you live in (or if an organization has assumed the obligations of Customer under the “License to Use cloudfortress® Products” section above and has its principal place of business in) the United States.

Customer and cloudfortress® agree to try for 60 days to resolve any dispute informally. If no resolution is reached, Customer and cloudfortress® agree to binding individual arbitration before the American Arbitration Association (“AAA”) under the Federal Arbitration Act (“FAA”), and not to sue in court in front of a judge or jury. Instead, a neutral arbitrator will decide, and the arbitrator’s decision will be final except for a limited right of review under the FAA. Class action lawsuits, class-wide arbitrations, private attorney-general actions, and any other proceeding where someone acts in a representative capacity are not allowed. Nor is combining individual proceedings without the consent of all parties. For purposes of this “Binding arbitration and class action waiver” clause, “cloudfortress®” includes cloudfortress® and its affiliates, and “Customer” includes any organization that assumed Customer’s obligations under the “License to Use cloudfortress® Products” section above.

• Disputes covered – everything except IP: The term “dispute” is as broad as it can be. It includes any claim or controversy between Customer and cloudfortress® concerning the Product, its price, advertising, marketing, communications, the purchase transaction, billing, or this Agreement, under any legal theory including contract, warranty, tort, statute, or regulation, except disputes relating to the enforcement or validity of Customer’s, Customer’s licensors,’ cloudfortress®’s, or cloudfortress®’s licensors’ intellectual property rights.
• Mail a Notice of Dispute first: If Customer has a dispute and cloudfortress®’s customer service representatives cannot resolve it, send a Notice of Dispute by U.S. Mail to cloudfortress® LLC, ATTN: Legal Department, 50 Alberigi Drive, Jessup PA 18434. Include Customer’s name and contact information, what the problem is, and what Customer wants.
• Small claims court option: Instead of mailing a Notice of Dispute, Customer may sue cloudfortress® in small claims court in Customer’s county of residence (or, if an organization assumed Customer’s obligations, its principal place of business) or Wayne County, State of Pennsylvania, U.S.A. if the dispute meets the court’s requirements.
• Arbitration procedure: The AAA will conduct any arbitration under its Commercial Arbitration Rules (or its Consumer Arbitration Rules if Customer is an individual and Uses the Product for personal or household use, or if the value of the dispute is $75,000 or less, whether or not Customer is an individual and regardless of how Customer Uses the Product). For more information, see http://www.adr.org or call 570-277-1200. To start an arbitration, mail a copy to cloudfortress®. In a dispute involving $25,000 or less, any hearing will be telephonic unless the arbitrator finds good cause to hold an in-person hearing instead. Any in-person hearing will take place in Customer’s County of residence (or, if an organization assumed Customer’s obligations, its principal place of business) or Wayne County, Pennsylvania. Customer chooses. The arbitrator may award the same damages to the Customer individually as a court could. The arbitrator may award declaratory or injunctive relief only to Customer individually to satisfy Customer’s individual claim. Under AAA Rules, the arbitrator rules on his or her own jurisdiction, including the arbitrability of any claim. But a court has exclusive authority to enforce the prohibition on arbitration on a class-wide basis or in a representative capacity.
• Arbitration fees and payments:
  • Disputes involving $75,000 or less: cloudfortress® will promptly reimburse Customer’s filing fees and pay the AAA’s and arbitrator’s fees and expenses. If Customer rejects cloudfortress®’s last written settlement offer made before the arbitrator was appointed, Customer’s dispute goes all the way to an arbitrator’s decision (called an “award”), and the arbitrator awards Customer more than this last written offer, cloudfortress® will: (1) pay the greater of the award or $1,000; (2) pay Customer’s reasonable attorney’s fees, if any; and (3) reimburse any expenses (including expert witness fees and costs) that Customer’s attorney reasonably accrues for investigating, preparing, and pursuing Customer’s claim in arbitration.
  • Disputes involving more than $75,000: The AAA rules will govern payment of filing fees and the AAA’s and arbitrator’s fees and expenses.
• Must file within one year: Customer and cloudfortress® must file in small claims court or arbitration any claim or dispute (except intellectual property disputes) within one year from when it first could be filed. Otherwise, it is permanently barred.
• Severability: If any part of the “Binding arbitration and class action waiver” clause is found to be illegal or unenforceable, the remainder will remain in effect (with an arbitration award issued before any court proceeding begins), except that if a finding of partial illegality or unenforceability would allow class-wide or representative arbitration, the section will be unenforceable in its entirety.
• Conflict with AAA rules: This Agreement governs to the extent it conflicts with the AAA’s Commercial Arbitration Rules or Consumer Arbitration Rules.