Skyfire Commercial Terms of Service

Last updated: July 13, 2024

These Skyfire Commercial Terms of Service (these “Terms”) are an agreement between Super Mojo, Inc., a Delaware corporation (“Company” or “we”) and you (“Customer”or “you”) that governs Customer’s access to and use of the [Skyfire Dashboard], API Platform and other Company Materials (each, as defined below, and collectively the “Skyfire Services”). By creating an account to use the Skyfire Services or by accessing or using the Skyfire Services, Customer agrees to be bound by these Terms.  If you are an individual using the Skyfire Services on behalf of an entity, then “Customer” includes you and the entity, and you represent to Company that (a) you are an authorized representative of the Customer entity with the authority to bind the Customer entity to these Terms, and (b) you agree to these Terms on the entity’s behalf.   The Skyfire Services under these Terms are not for consumer use.

These Terms also refer to and incorporate [the Data Processing Agreement (“DPA”), and] any other guidelines or policies we may provide in writing or through the Skyfire Dashboard (any such other guidelines or policies, together with the DPA and these Terms, the “Agreement”).

1. USE OF THE SKYFIRES SERVICES.

1.1 Right to Use. Subject to all terms and conditions of the Agreement, Customer may, on a non-exclusive and non-transferable (except in connection with a permitted assignment under Section 9.5) basis during the term of the Agreement: (a) access and internally use the Skyfire Dashboard, (b) internally use the API Documentation for purposes of enabling and maintaining the integration between the Customer Application and the API Platform, and (c) following the successful completion of such integration, use the Customer Application to send Calls and receive and display corresponding Responses within the Customer Application through the API Platform, in each case through use of the API Keys provided by Company and in accordance with the most current API Documentation. Customer acknowledges and agrees that Company reserves the right to suspend or terminate Customer’s access to the Skyfire Services for any or no reason.

1.2 Definitions. As used herein, the following capitalized terms shall carry the indicated meanings, and other capitalized terms shall have the meaning set forth for such term elsewhere in the Agreement:

  • API Documentation” means any reference materials relating to integration with the API Platform which may be provided by Company to Customer from time to time.
  • API Key” means each unique identifier or credential issued by Company to Customer that must be sent as part of each Call.
  • API Platform” means Company’s proprietary API integration platform intended to allow software applications that are integrated with the API Platform to send requests to and receive responses from multiple Supported Information Services.
  • Call” means any request for a response or result from the API Platform enabled by Company to be sent to the API Platform, as set forth in the API Documentation.
  • Customer Application” means the software and other applications that Customer integrates with the API Platform.
  • Response” means a response sent by the API Platform in response to a Call.
  • Skyfire Dashboard” means the developer website maintained by Company where Customer can generate API Keys for Supported Information Services and purchase Credits (as defined below) for use in the Skyfire Services.
  • Supported Information Service” means each large language model, generative image model, generative 3D object model or other information service that Company, in its sole discretion, elects to support through the API Platform.

1.3. Restrictions. Customer is solely responsible for all content, including but not limited to code, video, images, information, data, text, software, messages, or other materials (“Customer Content”) that Customer or its users transmit via the Skyfire Service.s Customer’s use of the Skyfire Services may also be subject to license and use restrictions set forth in the applicable license terms of services of each Supported Information Service (“Supported Information Service Terms”).  Customer is solely responsible for ensuring that its use of the Skyfire Services complies with all Supported Information Service Terms.   Company reserves the right to investigate and take appropriate legal action against anyone who, in Company’s sole discretion, violates this Section 1.3, including without limitation, suspending or terminating the account of such violators, and reporting them to applicable law enforcement authorities.  Customer has no right or license to, and shall not nor permit others to:

  • upload or transmit any Customer Content that: (a) infringes any intellectual property or other proprietary rights of any party; (b) is prohibited under any law or contractual or other relationships; (c) contains software viruses or any other computer code, files, or programs designed to interrupt, destroy, or limit the functionality of any computer software or hardware or telecommunications equipment; (d) poses or creates a privacy or security risk to any person; (e) constitutes unsolicited or unauthorized advertising, promotional materials, commercial activities and/or sales, “junk mail,” “spam,” “chain letters,” “pyramid schemes,” “contests,” “sweepstakes,” or any other form of solicitation; (f) is unlawful, harmful, threatening, abusive, harassing, tortious, excessively violent, defamatory, vulgar, obscene, pornographic, libelous, invasive of another's privacy, hateful racially, ethnically or otherwise objectionable; or (g) in the sole judgment of Company, is objectionable or which restricts or inhibits any other person from using or enjoying the Skyfire Services, or which may expose Company or its users to any harm or liability of any type;
  • copy, distribute, rent, lease, lend, sublicense, transfer or make derivative works of the Skyfire Dashboard, API Platform, API Documentation, API Key, or any related materials provided by Company (collectively, the “Company Materials”) or use any of the foregoing on a service bureau basis;
  • decompile, reverse engineer, or disassemble the Company Materials or otherwise attempt to discover the source code of the Company Materials;
  • use the Company Materials to create or make available an application programming interface or other product or service similar to, or that would otherwise be a substitute for, the Skyfire Services;
  • engage in any activity with the Company Materials that interferes with, disrupts, damages or accesses in an unauthorized manner the servers, networks or other properties or services of Company or any third party;
  • violate, encourage the violation of, or offer guidance on violating any applicable local, state, national, or international law, or any regulations having the force of law;
  • pretend to be someone or something else, or provide false information or misrepresent Customer’s connection to a person or entity;
  • solicit personal information from anyone under the age of 18;
  • gather or accumulate email addresses or any contact details of other users from the Skyfire Services through electronic or alternative methods with the intent of dispatching unsolicited emails or other unrequested communications; or
  • utilize the Skyfire Services to generate harmful or offensive content (as determined solely by Company) or any content that breaches a Company policy; or employ the Skyfire Services (or any aspect thereof or the technology within) in a way that infringes upon, wrongfully appropriates, or otherwise breaches the intellectual property rights or any other rights of individuals, or contravenes any applicable laws.

1.4. Customer Account.To use the Skyfire Services, Customer will need to create an account (“Account”).  Customer agrees to provide Company with accurate, complete and updated information in Customer’s Account.  Customer is solely responsible for any activity on its Account and for maintaining the security of Customer’s log-in credentials.  Company is not liable for any acts and omissions by Customer in connection with its Account.  Customer shall immediately notify Company if Customer expects its account or log-in credentials have been stolen, misappropriated or otherwise compromised, or in case of any actual or suspected unauthorized use of Customer’s Account.

1.5. API Key. Customer is responsible for the compliance with this Agreement of any and all persons accessing the API Platform using any API Key.  Customer shall use all reasonable means to secure API Keys, and shall promptly notify Company if it suspects that any API Key has been compromised.

1.6. Beta Services. Company may offer services that are in pre-release, beta, or trial form (“Beta Services”). This means that they are not suitable for production use and provided “as-is” on a temporary basis. Company is not responsible for Customer’s use of or reliance on Beta Services.

1.7. Customer Responsibility for Supported Information Service Selection and Output. It is Customer’s responsibility to evaluate whether a Supported Information Service and its outputs are appropriate for Customer’s use case.  Company’s decision to support any particular Supported Information Service via the API Platform is not an endorsement or approval of the Supported Information Service’s value, security, operation, or underlying technology.

1.8. Data. Customer agrees that Company may use and disclose all data submitted to the API Platform through the Customer Application as follows: (i) Company may use and disclose such data as is reasonably necessary or desirable for purposes of providing the functionality of the API Platform to Customer and end users of the Customer Application during the term of the Agreement and (ii) Company may disclose such data to the extent required by applicable law or legal process.  Company does not receive any “Personal Data” through the API Platform (including about any authorized end user who submits data to the API Platform), as such term is defined in the DPA, and instead receives log information and metadata relating to any Call. Notwithstanding the foregoing, the parties agree that the DPA applies to the extent that Personal Data is received by Company from Customer or end users of Customer through the API Platform.

2. INTELLECTUAL PROPERTY

As between the parties, Company retains all right title and interest, including all intellectual property rights, in and to the Company Materials and any and all improvements, modifications or enhancements thereto, well as all related software programs, data, documentation, specifications, descriptions, algorithms, methods, processes, techniques and know-how (the “Company Property”).  Company shall be free to use, implement and exploit in any manner any and all ideas, suggestions, recommendations and/or feedback from Customer and/or its personnel relating to the Skyfire Services. As between the parties, Customer retains all intellectual property rights in and to all Customer Content.

3. FEES.

3.1. Skyfire Wallet. Upon creating an Account, a digital wallet set up by us or our service providers (a “Skyfire Wallet”) will be linked to your Account. To access a Supported Information Service, you must have a sufficient Credit (as defined below) balance in your Skyfire Wallet to pay for access according to [address pricing].

3.2. Usage Credits. Customer can purchase credits to cover Customer’s usage of the Skyfire Service (“Usage Credits”) by credit card or USDC through the Skyfire Dashboard.   Company, in its sole discretion, may establish and impose transaction limits on the purchase of Usage Credits.    [describe fees, chargeback policy]

3.3. Promotional Credits. Company may, in its sole discretion, offer Customer free credits as part of a promotion or during sign up for the Skyfire Services (“Promotional Credits”).

3.4. Non-Refundable. Credits issued by Company, which includes Usage Credits, Promotional Credits and any other credits Company offers (“**Credits**”) are non-refundable. Usage Credits expire one calendar year from the date Company sends a purchase confirmation or otherwise issues the Credits. Promotional Credits expire at the time indicated when issued (or otherwise one calendar year from when issued if no time is specified). Credits will also automatically expire if Customer closes its Account and cannot be recovered. Credits are not legal tender or currency of any kind and have no cash value. Customer can check the Credit balance associated with Customer’s Account on the Skyfire Dashboard.

3.5. Taxes. Customer is responsible for paying any and all withholding, sales, value added or other taxes, duties or charges applicable to the fees payable by Customer under this Agreement, other than taxes based on Company’s income.

4. CONFIDENTIALITY

4.1. Confidential Information. Each party (the “receiving party”) shall keep confidential and not disclose to any third party all information and materials provided or made available by the other party (the “disclosing party”) which the receiving party should reasonably understand to be confidential or proprietary to the disclosing party due to its content and/or the circumstances surrounding its disclosure (“Confidential Information”). Without limitation, the API Documentation, API Keys, features, functionality and performance of the Skyfire Services, and any information regarding potential or actual modifications or updates to any of the foregoing constitutes Confidential Information of Company. “Confidential Information” shall not include any Personal Data provided by Customer or end users of Customer.

4.2. Protection of Confidential Information. The receiving party agrees: (i) to protect the confidentiality of the disclosing party’s Confidential Information with at least the same degree of care that it utilizes with respect to its own similar confidential information; (ii) not to disclose or otherwise permit any other person or entity access to, in any manner, the Confidential Information, or any part thereof in any form whatsoever, except that such disclosure or access shall be permitted to an employee of the receiving party requiring access to the Confidential Information in the course of his or her employment in connection with this Agreement and who has signed an agreement obligating the employee to maintain the confidentiality of the confidential information of third parties in the receiving party’s possession; (iii) to notify the disclosing party promptly and in writing of the circumstances surrounding any suspected possession, use or knowledge of the Confidential Information or any part thereof at any location or by any person or entity other than those authorized by this Agreement; and (iv) not to use the Confidential Information for any purpose other than as explicitly set forth herein.

4.3. Exceptions. Confidential Information shall not include information that:  (a) was rightfully possessed by the receiving party without restrictions before it was received from the disclosing party, as supported by documentary evidence; (b) is independently developed by the receiving party without reference to or use of the disclosing party’s information or data, as supported by documentary evidence; (c) is subsequently furnished to the receiving party by a third party not under any obligation of confidentiality with respect to such information or data, and without restrictions on use or disclosure; or (d) is or becomes available to the general public otherwise than through any act or default of the receiving party.  In addition, the receiving party shall not be in breach of this Section 4 for any disclosure of Confidential Information required by law or legal process, provided that in the event of such requirement the receiving party shall (other than to the extent prohibited by law) provide prior written notice to the disclosing party and reasonably cooperate, at the disclosing party’s expense, with any efforts by the disclosing party to contest or limit such disclosure requirement (e.g., a protective order).

4.4 Injunctive Relief. Because the unauthorized use, transfer or dissemination of any Confidential Information provided may diminish substantially the value of such information and may irreparably harm the disclosing party, the disclosing party shall, without limiting its other rights or remedies, be entitled to equitable relief, including but not limited to injunctive relief, with respect to any actual or threatened breach of the provisions of this Section 4 by the receiving party.

5. REPRESENTATIONS AND WARRANTIES.

Each party represents and warrants to the other party that: (a) it has the requisite power and authority and the legal right to enter into the Agreement and to perform its obligations hereunder; and (b) the entry into the Agreement and the performance of such party’s obligations hereunder do not conflict with, or constitute a default under, any contractual obligation of such party.

6. LIMITATION OF LIABILITY; DISCLAIMERS.**

6.1 EXCEPT AS EXPRESSLY SET FORTH HEREIN, THE SKYFIRE SERVICES (INCLUDING THE API PLATFORM, API KEYS, AND API DOCUMENTATION) ARE PROVIDED “AS IS” AND “WITH ALL FAULTS” AND COMPANY MAKES NO EXPRESS OR IMPLIED WARRANTIES OF ANY KIND WITH RESPECT THERETO OR THE SUBJECT MATTER OF THIS AGREEMENT AND DISCLAIMS ALL OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT OR FITNESS FOR A PARTICULAR PURPOSE.  WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, COMPANY MAKES NO REPRESENTATION OR WARRANTY THAT THE SKYFIRE SERVICES SHALL BE ERROR-FREE, THAT DEFECTS WILL BE CORRECTED OR THAT ACCESS TO THE SKYFIRE SERVICES WILL BE UNINTERRUPTED. CUSTOMER ACKNOWLEDGES AND AGREES THAT COMPANY SHALL HAVE NO LIABILITY RESULTING FROM ANY FAILURE OR DEFECT IN THE SKYFIRE SERVICES.

6.2 OTHER THAN INDEMNIFICATION OBLIGATIONS UNDER SECTION 7 OR A BREACH OF SECTION 4, AND LIABILITY ARISING FROM A PARTY’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW: (I) IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR SPECIAL, INCIDENTAL, CONSEQUENTIAL OR OTHER INDIRECT DAMAGES ARISING OUT OF OR RELATING TO THIS AGREEMENT, INCLUDING WITHOUT LIMITATION ANY LOST PROFITS OR BUSINESS, REGARDLESS OF THE FORESEEABILITY OR ANY NOTICE OF SUCH DAMAGES AND REGARDLESS OF THE THEORY OF LIABILITY; AND (II) THE TOTAL AGGREGATE LIABILITY OF EACH PARTY ARISING OUT OF OR RELATED TO THIS AGREEMENT WILL NOT EXCEED THE AMOUNTS PAID BY CUSTOMER TO COMPANY UNDER THE AGREEMENT, REGARDLESS OF THE THEORY OF LIABILITY.

7. INDEMNIFICATION.

Customer agrees to indemnify and hold harmless Company and its directors, officers, employees or agents (the “Company Indemnitees”) from and against any liabilities, damages, interest, losses, costs, expenses (including reasonable attorneys’ fees) to the extent arising out of Customer’s use of the Skyfire Services or from the Customer Application.

8. TERM; TERMINATION

8.1. Term. This Agreement shall commence upon the earlier of Customer’s online acceptance of these Terms or the date Customer first uses any Skyfire Service and shall continue until terminated in accordance with Section 8.2.

8.2 Termination Rights.

  • (a) This Agreement may be terminated at any time by either party, effective immediately upon notice, if the other party: breaches any of its material obligations under this Agreement and the breach is not cured within thirty (30) days from written notice of such breach from the other party (provided that Company may terminate the Agreement immediately if Customer breaches Section 1.3).

  • (b) Customer may terminate the Agreement for any or no reason by providing written notice to Company or through the Skyfire Dashboard.

  • (c) Company may terminate the Agreement for any or no reason by providing written notice to Customer at least thirty (30) days before the desired termination date or immediately if the Skyfire Services or the provision thereof under the Agreement are suspected to infringe or otherwise violate a third party’s intellectual property rights or violate applicable laws, rules or regulations.

  • (d) Nothing in this Section 8.2 limits Company’s termination or suspension rights under Section 1.3.

8.3. Effect of Expiration or Termination.  Termination of this Agreement shall be without prejudice to any rights which shall have accrued to the benefit of a party prior to such expiration or termination.  Sections 3.4, 3.5, 4, 6, 7 8.3 and 9 survive any expiration or termination of the Agreement.

9 MISCELLANEOUS

9.1. Governing Law; Venue.  This Agreement are governed by and construed in accordance with the laws of the State of California.  Any suits, actions, or proceedings related to these Terms that are not required to be resolved via arbitration pursuant to Section 9.2 will be instituted exclusively in the federal or state courts located in California.

9.2 Disputes.

  • (a) In the event of a dispute, claim or controversy relating to these Terms ("Dispute"), the parties will first attempt in good faith to informally resolve the matter. The party raising the Dispute must notify the other party ("Dispute Notice"), who will have 15 days from the date of delivery of the Dispute Notice to propose a time for the parties to meet with appropriately leveled executives to attempt to resolve the Dispute. If the parties have not resolved the dispute within 45 days of delivery of the Dispute Notice, either party may seek to resolve the dispute through arbitration as stated in Section 9.2(b).

  • (b) Any Dispute will be determined in English by final, binding arbitration according to the region-specific processes below. Judgment on any award issued through the applicable arbitration process in this Section 9.2(b) may be entered in any court having jurisdiction. EACH PARTY AGREES THEY ARE WAIVING THE RIGHT TO A TRIAL BY JURY, AND THE RIGHT TO JOIN AND PARTICIPATE IN A CLASS ACTION, TO THE FULLEST EXTENT PERMITTED UNDER THE LAW IN CONNECTION WITH THESE TERMS.

  • (c) Disputes will be determined by a sole arbitrator in San Francisco, CA pursuant to the Comprehensive Arbitration Rules and Procedures of Judicial Arbitration and Mediation Services, Inc.

  • (d) This Section 9.2 does not limit either party from seeking equitable relief.

9.3 Severability.  In the event any one or more of the provisions of this Agreement are unenforceable, it shall be stricken from this Agreement but the remainder of the Agreement shall be unimpaired.

9.4 Waiver.  No waiver of any term of this Agreement shall bind the party making such waiver unless in writing and signed by the party making such waiver.  Any such waiver shall be effective only in the specific instance and for the specific purpose given.  No waiver by a party hereto of any breach or default of any of the covenants or agreements herein set forth shall be deemed a waiver as to any subsequent and/or similar breach or default.

9.5 Assignment.  Neither party may assign any of its rights or obligations under this Agreement without the prior written consent of the other party, except that either party may assign its rights and obligations under this Agreement without the consent of the other party to an affiliate of the assigning party or as part of any merger (by operation of law or otherwise), consolidation, reorganization, change in control or sale of all or substantially all of its assets related to this Agreement or similar transaction. The Agreement shall be binding upon and inure to the benefit of the permitted successors and assigns of the parties.

9.6 Independent Contractors.  The relationship of the parties hereto is that of independent contractors.  The parties hereto are not deemed to be agents, partners or joint venturers of the others for any purpose as a result of this Agreement or the transactions contemplated thereby.

9.7 Notices. All notices, demands, waivers, and other communications under the Agreement (each, a "Notice") must be in writing. Except for notices related to demands to arbitrate or where equitable relief is sought, any Notices provided under this Agreement may be delivered electronically to the Customer's address or other authorized addresses provided to Company; and to [email protected] if to Company. Notice is effective only: (i) upon receipt by the receiving party, and (ii) if the party giving the Notice has complied with all requirements of this Section 9.7.

9.8 Electronic Communications. Customer agrees to receive electronic communications from Company related to Customer's use of the Skyfire Services and related to this Agreement. Except where prohibited by applicable law, electronic communications may include email, through the Skyfire Services or Customer's Skyfire Dashboard, or on Company's website.

9.9 Force Majeure. In the event that either party is prevented from performing, or is unable to perform, any of its obligations under the Agreement due to any cause beyond the reasonable control of the party invoking this provision, the affected party’s performance shall be excused and the time for performance shall be extended for the period of delay or inability to perform due to such occurrence.

9.10 Publicity.  Company may reproduce and display Customer’s trademarks and logos on its websites and other marketing materials for the purpose of identifying Customer as a Customer of the Skyfire Services.  Customer will consider in good faith any request by Company to (1) provide a quote from a Customer executive regarding Customer’s motivation for using the Skyfire Services that Company may use publicly and (2) participate in a public co-marketing activity.

9.11 Headings.  The captions to the several sections in these Terms are not a part of the Agreement, but are included merely for convenience of reference only and shall not affect its meaning or interpretation.

9.12 Amendment.  Company may modify these Terms from time to time in which case Company will update the “Last Revised” date at the top of these Terms. If Company makes changes that are material, Company will use reasonable efforts to attempt to notify Customer, such as by email and/or by placing a prominent notice on the first page of its website.  However, it is Customer’s sole responsibility to review these Terms from time to time to view any such changes. The updated Terms will be effective as of the time of posting, or such later date as may be specified in the updated Terms.  Customer’s continued access to or use of the Skyfire Services after the modifications have become effective will be deemed Customer’s acceptance of the modified Terms.

9.13 Export and Sanctions. Customer may not export or provide access to the Skyfire Services to persons or entities or into countries or for uses where it is prohibited under United States or other applicable international law. Without limiting the foregoing sentence, this restriction applies (a) to countries where export from the U.S. or into such country would be prohibited or illegal without first obtaining the appropriate license, and (b) to persons, entities, or countries covered by U.S. sanctions.

9.14 Entire Agreement. The Agreement constitutes the entire agreement between the parties with regard to the subject matter hereof.  In entering into the Agreement, neither party is relying on any statements, representations or warranties not contained herein.

DATA PROCESSING ADDENDUM

This Data Processing Addendum (“DPA”) forms part of and is incorporated into the Skyfire Commercial Terms of Service (the “Terms”). To the extent that Company processes any Personal Data in connection Customer’s use of the Skyfire Services, this DPA sets forth Customer’s instructions for the processing of such Personal Data and the rights and obligations of both Parties. Except as expressly set forth in this DPA, the Terms shall remain unmodified and in full force and effect. In the event of any conflicts between this DPA and the Terms, this DPA will govern to the extent of the conflict.

1) Definitions. For the purposes of this DPA, the following terms shall have the meanings set out below. Capitalized terms used but not defined in this DPA shall have the meanings given in the Terms. All other capitalized terms in this DPA not otherwise defined in the API Terms and Conditions shall have the corresponding meanings given to them in Privacy Laws.** **

  • a) “Controller to Processor Clauses” means (i) in respect of transfers of Personal Data subject to the GDPR, the standard contractual clauses for the transfer of Personal Data to third countries set out in Commission Decision 2021/914 of 4 June 2021, specifically including Module 2 (Controller to Processor) (“EU SCCs”); and (ii) in respect of transfers of Personal Data subject to the UK GDPR, the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (version B.1.0) issued by the UK Information Commissioner (“UK Addendum”), in each case as amended, updated or replaced from time to time.

  • b) “EU/UK Privacy Laws” means, as applicable: (i) the General Data Protection Regulation 2016/679 (the “GDPR”); (ii) the Privacy and Electronic Communications Directive 2002/58/EC; (iii) the UK Data Protection Act 2018, the UK General Data Protection Regulation as defined by the UK Data Protection Act 2018 as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (together with the UK Data Protection Act 2018, the “UK GDPR”), and the Privacy and Electronic Communications Regulations 2003; and (iv) any relevant law, directive, order, rule, regulation or other binding instrument which implements any of the above, in each case, as applicable and in force from time to time, and as amended, consolidated, re-enacted or replaced from time to time.

  • c) “Personal Data” means any information that Company processes on behalf of Customer to provide the Skyfire Services that is defined as “personal data,” “personal information” or “personally identifiable information” under any Privacy Law.

  • d) “Privacy Laws” means, as applicable, EU/UK Privacy Laws, US Privacy Laws and any similar law of any other jurisdiction which relates to data protection, privacy or the use of Personal Data and requires Controllers and Processors to agree to specific contractual commitments regarding the processing of Personal Data, in each case, as applicable and in force from time to time, and as amended, consolidated, re-enacted or replaced from time to time.

  • e) “Processor to Processor Clauses” means (i) in respect of transfers of Personal Data subject to the GDPR, the standard contractual clauses for the transfer of personal data to third countries set out in Commission Decision 2021/914 of 4 June 2021, specifically including Module 3 (Processor to Processor); and (ii) in respect of transfers of Personal Data subject to the UK GDPR, the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (version B.1.0) issued by the UK Information Commissioner, in each case as amended, updated or replaced from time to time.

  • f) “Third Country” means any country or territory outside of the scope of the data protection laws of the European Economic Area or the UK, as relevant, excluding countries or territories approved as providing adequate protection for Personal Data by the relevant competent authority from time to time.

  • g) “US Privacy Laws” means, as applicable, the California Consumer Privacy Act, Colorado Privacy Act, Connecticut Data Privacy Act, Utah Consumer Privacy Act, and Virginia Consumer Data Protection Act, and any similar law of any other state related to the processing of Personal Data, in each case, as applicable and in force from time to time, and as amended, consolidated, re-enacted or replaced from time to time.

  • h) The terms “Business,” “Controller,” “Processor,” “Sell,” “Service Provider,” and “Share” shall have the meaning given to them under applicable Privacy Laws.

2) Amendments. Customer agrees that Company may make modifications to this DPA if changes are required for Company to continue to process the Personal Data as contemplated by the Agreement or this DPA in compliance with Privacy Laws, or to address the legal interpretation of the Privacy Laws.

3) Roles of the Parties. The Parties acknowledge that in relation to any Personal Data received from Customer in providing the Skyfire Services, for purposes of Privacy Laws, Customer is the Controller or Business and Company is the Service Provider or Processor.

4) Customer Obligations: Customer shall comply with all Privacy Laws in providing Personal Data to Company in connection with its use of the Skyfire Services, including any integration between the Customer Application and the API Platform. Customer represents and warrants that (a) all Personal Data was collected and at all times processed and maintained by or on behalf of Customer in compliance with all Privacy Laws, including with respect to any obligations to provide notice to and/or obtain consent from individuals and (b) Customer has complied with Privacy Laws in, including having a lawful basis for, disclosing the Personal Data to Company and enabling Company to process the Personal Data as set out in the Agreement and this DPA. Customer shall notify Company without undue delay if Customer makes a determination that the processing of Personal Data under the Agreement does not or will not comply with Privacy Laws, in which case, Company shall not be required to continue processing such Personal Data.

5) Processing of Personal Data. The Parties agree that the details of processing are as described in Annex 1. In processing Personal Data under the Agreement, Company shall:

  • a) only process Personal Data on documented instructions from Customer, for the limited and specific purpose described in Annex 1, unless otherwise permitted to process such Personal Data by applicable Privacy Laws, and at all times in compliance with Privacy Laws and the terms of this DPA, providing the same level of privacy protection as is required by Privacy Laws;

  • b) notify Customer promptly if it makes a determination that (i) it can no longer comply with Customer’s instructions for the processing of Personal Data, its obligations under Privacy Laws or the terms of this DPA or (ii) if it believes that the instruction of Customer infringes applicable Privacy Laws;

  • c) to the extent required by Privacy Laws, grant Customer the right to take reasonable and appropriate steps to help ensure that Company uses the Personal Data in a manner consistent with Customer’s obligations under this DPA and Privacy Laws, and stop and remediate any unauthorized use of the Personal Data;

  • d) require that each employee or other person processing Personal Data is subject to an appropriate duty of confidentiality with respect to such Personal Data.

6) Prohibitions. To the extent required by Privacy Laws, Company shall not (a) Sell or Share Personal Data, (b) retain, use, or disclose the Personal Data outside of the direct business relationship between Company and Customer and for any purpose other than for the specific purpose of providing the Skyfire Services to Customer  or (c) combine the Personal Data received from, or on behalf of, Customer with any Personal Data that may be collected from Company’s separate interactions with the individual(s) to whom the Personal Data relates or from any other sources.

7) Use of Subcontractors.

  • a) Customer hereby grants Company general written authorization to engage the subcontractors set out in Annex 2, subject to the requirements of this Section 7.
  • b) If Company appoints a new subcontractor or intends to make any changes concerning the addition or replacement of any subcontractor, it shall provide Customer with seven business days’ prior written notice, during which Customer can object to the appointment or replacement on reasonable and documented grounds related to the confidentiality or security of Personal Data or the subcontractor’s compliance with Privacy Laws (and if Customer does not so object, Company may proceed with the appointment or replacement).
  • c) Company shall engage subcontractors only pursuant to a written agreement that contains obligations on the subcontractor which are no less onerous on the relevant subcontractor than the obligations on Company under this DPA.
  • d) In the event Company engages a subcontractor to carry out specific processing activities on behalf of Customer pursuant to EU/UK Privacy Laws, where that subcontractor fails to fulfil its obligations, Company shall remain fully liable under applicable EU/UK Privacy Laws to Customer for the performance of that subcontractor’s obligations.

8) Assistance. Company shall, in relation to the processing of Personal Data and to enable Customer to comply with its obligations which arise as a result thereof, provide assistance to Customer, through appropriate technical and organizational measures, in entering into this DPA and:

  • a) notifying Customer of, and (if authorized by Customer) responding to, requests from individuals pursuant to their rights under Privacy Laws, including by providing, deleting or correcting the relevant Personal Data, or by enabling Customer to do the same, insofar as this is possible**;**
  • b) implementing reasonable security procedures and practices appropriate to the nature of the Personal Data to protect the Personal Data from unauthorized or illegal access, destruction, use, modification, or disclosure;
  • c) to the extent required by Privacy Laws, conducting data protection impact assessments and, if required, prior consultation with relevant competent authorities; and
  • d) notifying relevant competent authorities and/or affected individuals of Personal Data breaches.

9) Security Measures. Company shall, taking into account the state-of-the-art, the costs of implementation and the nature, scope, context and purpose of the processing, implement appropriate technical, physical and organizational measures designed to provide a level of security appropriate to the risk, as set out in Annex 3, or otherwise agreed and documented between Customer and Company from time to time, and shall continue to comply with them during the term of the Agreement. Company shall provide data protection and security training to those employees and other persons authorized to access Personal Data.

10) Access and Audits. Upon reasonable written request of Customer, Company shall allow for and contribute to inspections and audits regarding Company’s compliance with its obligations under this DPA and Privacy Laws by, on Customer’s request, providing to Customer such information in Company’s possession as is reasonably necessary to demonstrate such compliance and/or arranging for a qualified and independent auditor to conduct an assessment of Company’s policies and technical and organizational measures for such compliance, using an appropriate and accepted control standard or framework and assessment procedure for such assessments. Company will provide a report of such assessment to Customer upon reasonable request. Customer shall be permitted to request such information and/or audit no more than once every 12 months, upon 30 days’ advance written notice to Company, and only after the Parties come to agreement on the scope of the audit and provided the auditor is bound by a duty of confidentiality. Notwithstanding the foregoing, in no event shall Company be required to give Customer access to information, facilities or systems to the extent doing so would cause Company to be in violation of confidentiality obligations owed to other customers or its legal obligations.

11) Deletion of Personal Data.  At Customer’s choice and direction, Company shall delete or return all Personal Data to Customer as requested at the end of the provision of the Skyfire Services to Customer, unless retention of the Personal Data is required by law, in which case, Company shall notify Customer without undue delay of such legal requirement and shall upon the expiration of such retention obligation immediately delete or return the Personal Data, at Customer’s choice and direction.

12) Data Transfers. To the extent Company processes Personal Data subject to EU/UK Privacy Laws in a Third Country, and it is acting as data importer, Company shall comply with the data importer’s obligations set out in the Controller to Processor Clauses, which are hereby incorporated into and form part of this DPA, and:

  • a) for the purposes of Annex I or Part 1 (as relevant), Customer is a controller and Company is a processor, and the parties, contact person’s details and processing details set out in the Agreement, this DPA and Annex 1 shall apply and the Start Date is the effective date of the Agreement;
  • b) if applicable, for the purposes of Part 1 of the UK Addendum, the relevant Addendum EU SCCs (as such term is defined in the UK Addendum) are the EU SCCs as incorporated into this DPA by virtue of this Section 12;
  • c) for the purposes of Annex II or Part 1 (as relevant), the technical and organizational security measures, and the technical and organizational measures taken by Company to assist Customer, as each are set out in Annex 3, shall apply;
  • d) if applicable, for the purposes of Annex III or Part 1 (as relevant), the list of authorized sub-contractors set out in Annex 2 shall apply; and
  • e) if applicable, for the purposes of: (i) Clause 9, Option 1 (“Specific prior authorization”) is deemed to be selected and a notice period of 30 days shall apply; (ii) Clause 11(a), the optional wording in relation to independent dispute resolution is deemed to be included; (iii) Clause 13 and Annex I.C, the competent supervisory authority shall be the Irish regulator; (iv) Clauses 17 and 18, Option 1 is deemed to be selected and the governing law and the competent courts shall be Irish law and Irish courts, respectively; (vi) Part 1, Customer as exporter may terminate the UK Addendum pursuant to Section 19 of such UK Addendum.

To the extent Company appoints an affiliate or third-party subcontractor to process the Personal Data in a Third Country, Company shall execute the Processor to Processor Clauses with any relevant subcontractor (including affiliates) it appoints on behalf of Customer. At Customer’s request, Company shall enter separately into the Controller to Processor Clauses with Customer and shall take any other alternative or additional steps reasonably requested by Customer in order to ensure that Company’s processing of Personal Data takes place in accordance with the requirements of Privacy Laws.

Annex 1

Details of Processing

Nature of the processing

The provision of the API Platform to Customer as set out in the Agreement.

Purpose(s) of the processing

The provision of the API Platform to Customer as set out in the Agreement.

Categories of individuals whose Personal Data is processed

Users of API Platform.

Categories of Personal Data processed

Email address for users of the API Platform and information provided by users in unstructured data.

Types of Personal Data subject to the processing that are considered “sensitive” or “special category” under Privacy Laws

None.

Frequency (e.g. one-off or continuous) and duration of the processing

On a continuous basis, for the duration of the term of the Agreement.

The subject matter, nature and duration of processing carried out by any sub-processors authorized pursuant to Section 7 is as set out in this Annex 1 and in Annex 2.

Annex 2

Authorized Subcontractors

Subcontractor Name: Amazon Web Services

Type of Service: Cloud infrastructure

Location: Worldwide

Annex 3

Security Measures

Company maintains reasonable Security Measures in proportionate measure to the risk presented by the processing of Personal Data and otherwise relies on security measures implemented and maintained by subcontractors set out in Annex 2, including Amazon Web Services.