Vaultera Customer Agreement

Effective starting: March 14, 2024

This Vaultera Customer Agreement (the “Agreement”) is between you and Vaultera ehf (5902240140) Trading as Vaultera (“Vaultera”). If you are agreeing to this Agreement not as an individual but on behalf of your company, then “Customer” or “you” means your company, and you are binding your company to this Agreement. Vaultera may modify this Agreement from time to time, subject to the terms in Section 26 (Changes to this Agreement) below.

By clicking on the “I agree” (or similar button) that is presented to you at the time of your Order, or by using or accessing Vaultera products, you indicate your assent to be bound by this Agreement.

1 Scope of the Agreement. This Agreement governs your initial purchase as well as any future purchases made by you that reference this Agreement. This Agreement includes our Privacy Policy, our Acceptable Use Policy, any Orders, and any other referenced policies and attachments. This Agreement applies to Vaultera add-ons or plugins that you purchase from the Vaultera Marketplace. However, it does not apply to add-ons or plugins from other vendors on the Vaultera Marketplace, which are covered under the Vaultera Marketplace Terms of Use.

2 Types of Vaultera Products. This Agreement governs (a) Vaultera’s commercially available downloadable software products (currently designated as “Server” or “Data Center” deployments) (“Software”), (b) Vaultera’s hosted or cloud-based solutions (currently designated as “Cloud” deployments) (“Hosted Services”), and (c) any related support or maintenance services provided by Vaultera. Software and Hosted Services, together with related Documentation, are referred to as “Products”. The Products and their permitted use are further described in Vaultera’s standard documentation (“Documentation”). Section 6 (Software Terms) applies specifically to Software, and Section 7 (Hosted Services Terms) applies specifically to Hosted Services, but unless otherwise specified, other provisions of this Agreement apply to all Products.

3 Account Registration. You may need to register for a Vaultera account in order to place orders or access or receive any Products. Any registration information that you provide to us must be accurate, current and complete. You must also update your information so that we may send notices, statements and other information to you by email or through your account. You are responsible for all actions taken through your accounts.

4 Orders.

4.1 Directly with Vaultera. Vaultera’s Product ordering documentation or purchase flow (“Order”) will specify your authorised scope of use for the Products, which may include: (a) number and type of Authorised Users (as defined below), (b) storage or capacity (for Hosted Services), (c) numbers of licenses, copies or instances (for Software), or (d) other restrictions or billable units (as applicable, the “Scope of Use”). The term “Order” also includes any applicable Product or Support and Maintenance renewal, or purchases you make to increase or upgrade your Scope of Use.

4.2 Reseller Orders. This Agreement applies whether you purchase our Products directly from Vaultera or through authorised resellers (each, a “Reseller”). If you purchase through a Reseller, your Scope of Use shall be as stated in the Order placed by Reseller for you, and Reseller is responsible for the accuracy of any such Order. Resellers are not authorised to make any promises or commitments on Vaultera’s behalf, and we are not bound by any obligations to you other than what we specify in this Agreement.

5 Authorised Users. Only the specific individuals for whom you have paid the required fees and whom you designate through the applicable Product (“Authorised Users”) may access and use the Products. Some Products may allow you to designate different types of Authorised Users, in which case pricing and functionality may vary according to the type of Authorised User. Authorised Users may be you or your Affiliates’ employees, representatives, consultants, contractors, agents, or other third parties who are acting for your benefit or on your behalf. You may also permit your customers to have limited access to certain Products as Authorised Users. You may increase the number of Authorised Users permitted to access your instance of the Product by placing a new Order or, in some cases, directly through the Product. In all cases, you must pay the applicable fee for the increased number of Authorised Users. You are responsible for compliance with this Agreement by all Authorised Users. All use of Products by you and your Authorised Users must be within the Scope of Use and solely for the benefit of you or your Affiliates. “Affiliate” means an entity which, directly or indirectly, owns or controls, is owned or is controlled by or is under common ownership or control with a party, where “control” means the power to direct the management or affairs of an entity, and “ownership” means the beneficial ownership of 50% (or, if the applicable jurisdiction does not allow majority ownership, the maximum amount permitted under such law) or more of the voting equity securities or other equivalent voting interests of the entity.

6 Software Terms.

6.1 Your License Rights. Subject to the terms and conditions of this Agreement, Vaultera grants you a non-exclusive, non-sublicenseable and non-transferable license to install and use the Software during the applicable License Term in accordance with this Agreement, your applicable Scope of Use, and the Documentation. The term of each Software license (“License Term”) will be specified in your Order. Your License Term will end upon any termination of this Agreement, even if it is identified as “perpetual” or if no expiration date is specified in your Order. The Software requires a license key in order to operate, which will be delivered as described in Section 10.2 (Delivery).

6.2 Number of Instances. Unless otherwise specified in your Order, for each Software license that you purchase, you may install one production instance of the Software on systems owned or operated by you (or your third party service providers so long as you remain responsible for their compliance with the terms and conditions of this Agreement). We also make available “developer” licenses free of charge for certain of our Software offerings to allow you to deploy non-production instances, such as for staging or QA purposes. Details for how to request non-production licenses are available on our website.

6.3 Your Modifications. Subject to the terms and conditions of this Agreement (including without limitation Section 2 (Combining the Products with Open Source Software) of Third Party Code in Vaultera Products): (1) for any elements of the Software provided by Vaultera in source code form, and to the extent permitted in the Documentation, you may modify such source code solely for purposes of developing bug fixes, customizations and additional features for the Software and (2) you may also modify the Documentation to reflect your permitted modifications of the Software source code or the particular use of the Products within your organization. Any modified source code or Documentation constitutes “Your Modifications”. You may use Your Modifications solely with respect to your own instances in support of your permitted use of the Software but you may not distribute the code to Your Modifications to any third party. Notwithstanding anything in this Agreement to the contrary, Vaultera has no support, warranty, indemnification or other obligation or liability with respect to Your Modifications or their combination, interaction or use with our Products. You shall indemnify, defend and hold us harmless from and against any and all claims, costs, damages, losses, liabilities and expenses (including reasonable attorneys’ fees and costs) arising out of or in connection with any claim brought against us by a third party relating to Your Modifications (including but not limited to any representations or warranties you make about Your Modifications or the Software) or your breach of this Section 6.3. This indemnification obligation is subject to your receiving (i) prompt written notice of such claim (but in any event notice in sufficient time for you to respond without prejudice); (ii) the exclusive right to control and direct the investigation, defense, or settlement of such claim; and (iii) all reasonably necessary cooperation of Vaultera at your expense.

6.4 Attribution. In any use of the Software, you must include the following attribution to Vaultera on all user interfaces in the following format: “Powered by Vaultera,” which must in every case include a hyperlink to https://vaultera.co, and which must be in the same format as delivered in the Software.

6.5 Third Party Code. The Software includes code and libraries licensed to us by third parties, including open source software.

7 Hosted Services Terms.

7.1 Access to Hosted Services. Subject to the terms and conditions of this Agreement, Vaultera grants you a non-exclusive right to access and use the Hosted Services during the applicable Subscription Term (as defined below) in accordance with this Agreement, your applicable Scope of Use and the Documentation. If Vaultera offers client software (e.g., a desktop or mobile application) for any Hosted Service, you may use such software solely with the Hosted Service, subject to the terms and conditions of this Agreement. You acknowledge that our Hosted Services are on-line, subscription-based products and that we may make changes to the Hosted Services from time to time.

7.2 Subscription Terms and Renewals. Hosted Services are provided on a subscription basis for a set term specified in your Order (“Subscription Term”). Except as otherwise specified in your Order, all subscriptions will automatically renew for periods equal to your initial Subscription Term (and you will be charged at the then-current rates) unless you cancel your subscription through your account. If you cancel, your subscription will terminate at the end of then-current billing cycle, but you will not be entitled to any credits or refunds for amounts accrued or paid prior to such termination.

7.3 Credentials. You must ensure that all Authorised Users keep their user IDs and passwords for the Hosted Services strictly confidential and not share such information with any unauthorised person. User IDs are granted to individual, named persons and may not be shared. You are responsible for any and all actions taken using your accounts and passwords, and you agree to immediately notify Vaultera of any unauthorised use of which you become aware.

7.4 Your Data. “Your Data” means any data, content, code, video, images or other materials of any type that you upload, submit or otherwise transmit to or through Hosted Services. You will retain all right, title and interest in and to Your Data in the form provided to Vaultera. Subject to the terms of this Agreement, you hereby grant to Vaultera a non-exclusive, worldwide, royalty-free right to (a) collect, use, copy, store, transmit, modify and create derivative works of Your Data, in each case solely to the extent necessary to provide the applicable Hosted Service to you and (b) for Hosted Services that enable you to share Your Data or interact with other people, to distribute and publicly perform and display Your Data as you (or your Authorised Users) direct or enable through the Hosted Service. Vaultera may also access your account or instance in order to respond to your support requests.

7.5 Security. Vaultera implements security procedures to help protect Your Data from security attacks. However, you understand that use of the Hosted Services necessarily involves transmission of Your Data over networks that are not owned, operated or controlled by us, and we are not responsible for any of Your Data lost, altered, intercepted or stored across such networks. We cannot guarantee that our security procedures will be error-free, that transmissions of Your Data will always be secure or that unauthorised third parties will never be able to defeat our security measures or those of our third party service providers.

7.6 Storage Limits. There may be storage limits associated with a particular Hosted Service. These limits are described in the services descriptions on our websites or in the Documentation for the particular Hosted Service. Vaultera reserves the right to charge for additional storage or overage fees at the rates specified on our website. We may impose new, or may modify existing, storage limits for the Hosted Services at any time in our discretion, with or without notice to you.

7.7 Responsibility for Your Data.

7.7.1 General. You must ensure that your use of Hosted Services and all Your Data is at all times compliant with our Acceptable Use Policy and all applicable local, state, federal and international laws and regulations (“Laws”). You represent and warrant that: (i) you have obtained all necessary rights, releases and permissions to provide all Your Data to Vaultera and to grant the rights granted to Vaultera in this Agreement and (ii) Your Data and its transfer to and use by Vaultera as authorised by you under this Agreement do not violate any Laws (including without limitation those relating to export control and electronic communications) or rights of any third party, including without limitation any intellectual property rights, rights of privacy, or rights of publicity, and any use, collection and disclosure authorised herein is not inconsistent with the terms of any applicable privacy policies. Other than its security obligations under Section 7.5 (Security), Vaultera assumes no responsibility or liability for Your Data, and you shall be solely responsible for Your Data and the consequences of using, disclosing, storing, or transmitting it.

7.7.2 Sensitive Data. You will not submit to the Hosted Services (or use the Hosted Services to collect): (i) any personally identifiable information, except as necessary for the establishment of your Vaultera account; (ii) any patient, medical or other protected health information regulated by HIPAA or any similar federal or state laws, rules or regulations; or (iii) any other information subject to regulation or protection under specific laws such as the Gramm-Leach-Bliley Act (or related rules or regulations) ((i) through (iii), collectively, “Sensitive Data”). You also acknowledge that Vaultera is not acting as your Business Associate or subcontractor (as such terms are defined and used in HIPAA) and that the Hosted Services are not HIPAA compliant. “HIPAA” means the Health Insurance Portability and Accountability Act, as amended and supplemented. Notwithstanding any other provision to the contrary, Vaultera has no liability under this Agreement for Sensitive Data.

7.7.3 Indemnity for Your Data. You will defend, indemnify and hold harmless Vaultera from and against any loss, cost, liability or damage, including attorneys’ fees, for which Vaultera becomes liable arising from or relating to any claim relating to Your Data, including but not limited to any claim brought by a third party alleging that Your Data, or your use of the Hosted Services in breach of this Agreement, infringes or misappropriates the intellectual property rights of a third party or violates applicable law. This indemnification obligation is subject to your receiving (i) prompt written notice of such claim (but in any event notice in sufficient time for you to respond without prejudice); (ii) the exclusive right to control and direct the investigation, defense, or settlement of such claim; and (iii) all reasonable necessary cooperation of Vaultera at your expense.

7.8 Removals and Suspension. Vaultera has no obligation to monitor any content uploaded to the Hosted Services. Nonetheless, if we deem such action necessary based on your violation of this Agreement or in response to takedown requests that we receive following our guidelines for Reporting Copyright and Trademark Violations, we may (1) remove Your Data from the Hosted Services or (2) suspend your access to the Hosted Services. We will generally alert you when we take such action and give you a reasonable opportunity to cure your breach, but if we determine that your actions endanger the operation of the Hosted Service or other users, we may suspend your access immediately without notice. You will continue to be charged for the Hosted Service during any suspension period. We have no liability to you for removing or deleting Your Data from or suspending your access to any Hosted Services as described in this section.

7.9 Deletion at End of Subscription Term. We may remove or delete Your Data within a reasonable period of time after the termination of your Subscription Term.

7.10 Service-Specific Terms. Some of our Hosted Services may be subject to additional terms specific to that service as set forth in our Service-Specific Terms.

8 Support and Maintenance. Vaultera will provide the support and maintenance services for the Products described in the Vaultera Support Policy (“Support and Maintenance”) during the period for which you have paid the applicable fee. Support and Maintenance is subject to the terms of the Vaultera Support Policy and will be provided at the support level and during the support term specified in your Order. The Vaultera Support Policy may be modified by Vaultera from time to time to reflect process improvements or changing practices. Support and Maintenance for Software includes access to New Releases, if and when available. You may use any New Releases that we provide to you during a valid support term in the same way that you use Software, and New Releases are included in the definition of Software in that case. “New Releases” are bug fixes, patches, major or minor releases, or any other changes, enhancements, or modifications to the Software that we make generally commercially available.

9 TAM and Training Services. We will provide Technical Account Manager (TAM) and training services purchased in an Order in accordance with the descriptions and conditions for those services set forth in the Order and the accompanying service descriptions or datasheets (“Ancillary Services”). Vaultera shall retain all right, title and interest in and to any materials, deliverables, modifications, derivative works or developments related to any training services we provide (“Training Materials”). Any Training Materials provided to you may be used only in connection with the Products subject to the same use restrictions for the Products. If applicable, you will reimburse Vaultera for reasonable travel and lodging expenses as incurred.

10 Returns and Financial Terms.

10.1 Return Policy. As part of our commitment to customer satisfaction, it is our customary business practice to allow customers to return a Product within 30 days of payment for any reason or no reason and to receive a refund of the amount paid for the returned Product. In the context of Software, a return means that we will disable the license key that allowed the Software to operate. In the context of Hosted Services, a return means that we will disable access to the Hosted Service. We will not accept returns after the 30-day return period. You understand that Vaultera may change this practice in the future in accordance with Section 25 (Changes to this Agreement).

10.2 Delivery. We will deliver the applicable license keys (in the case of Software) or login instructions (in the case of Hosted Services) to the email addresses specified in your Order when we have received payment of the applicable fees. All deliveries under this Agreement will be electronic. For the avoidance of doubt, you are responsible for installation of any Software, and you acknowledge that Vaultera has no further delivery obligation with respect to the Software after delivery of the license keys.

10.3 Payment. You agree to pay all fees in accordance with each Order. Unless otherwise specified in your Order, you will pay all amounts in U.S. dollars at the time you place your Order. Other than as expressly set forth in Section 10.1 (Return Policy) and Section 20 (IP Indemnification by Vaultera), all amounts are non-refundable, non-cancelable and non-creditable. In making payments, you acknowledge that you are not relying on future availability of any Products beyond the current License Term or Subscription Term or any Product upgrades or feature enhancements. If you add Authorised Users during your License Term or Subscription Term, we will charge you for the increased number of Authorised Users pursuant to the then-currently applicable rates in your next billing cycle. You agree that we may bill your credit card for renewals, additional users, and unpaid fees, as applicable. If you purchase any Products through a Reseller, you owe payment to the Reseller as agreed between you and the Reseller, but you acknowledge that we may terminate your rights to use Products if we do not receive our corresponding payment from the Reseller.

10.4 Taxes. Your payments under this Agreement exclude any taxes or duties payable in respect of the Products in the jurisdiction where the payment is either made or received. To the extent that any such taxes or duties are payable by Vaultera, you must pay to Vaultera the amount of such taxes or duties in addition to any fees owed under this Agreement. Notwithstanding the foregoing, you may have obtained an exemption from relevant taxes or duties as of the time such taxes or duties are levied or assessed. In that case, you will have the right to provide to Vaultera any such exemption information, and Vaultera will use reasonable efforts to provide such invoicing documents as may enable you to obtain a refund or credit for the amount so paid from any relevant revenue authority if such a refund or credit is available.

11 No-Charge Products. We may offer certain Products to you at no charge, including free accounts, trial use, and access to Beta Versions as defined below (“No-Charge Products”). Your use of No-Charge Products is subject to any additional terms that we specify and is only permitted for the period designated by us. You may not use No-Charge Products for competitive analysis or similar purposes. We may terminate your right to use No-Charge Products at any time and for any reason in our sole discretion, without liability to you. You understand that any pre-release and beta products we make available (“Beta Versions”) are still under development, may be inoperable or incomplete and are likely to contain more errors and bugs than generally available Products. We make no promises that any Beta Versions will ever be made generally available. In some circumstances, we may charge a fee in order to allow you to access Beta Versions, but the Beta Versions will still remain subject to this Section 11 (No-Charge Products). All information regarding the characteristics, features or performance of Beta Versions constitutes Vaultera’s Confidential Information. To the maximum extent permitted by applicable law, we disclaim all obligations or liabilities with respect to No-Charge Products, including any Support and Maintenance, warranty, and indemnity obligations.

12 Restrictions. Except as otherwise expressly permitted in this Agreement, you will not: (a) rent, lease, reproduce, modify, adapt, create derivative works of, distribute, sell, sublicense, transfer, or provide access to the Products to a third party, (b) use the Products for the benefit of any third party, (c) incorporate any Products into a product or service you provide to a third party, (d) interfere with any license key mechanism in the Products or otherwise circumvent mechanisms in the Products intended to limit your use, (e) reverse engineer, disassemble, decompile, translate, or otherwise seek to obtain or derive the source code, underlying ideas, algorithms, file formats or non-public APIs to any Products, except as permitted by law, (f) remove or obscure any proprietary or other notices contained in any Product, or (g) publicly disseminate information regarding the performance of the Products.

13 Your Development of Add-Ons.

13.1 License to Developer Guides. From time to time, Vaultera may publish SDK’s or API’s and associated guidelines (“Developer Guides”) to allow you to develop plugins, extensions, add-ons or other software products or services that interoperate or are integrated with the Products (“Add-Ons”). You may distribute your Add-Ons to third parties, but only for those Products permitted by Vaultera, and only in accordance with the Developer Guides.

13.2 Conditions to Development of Add-Ons. Notwithstanding anything in this Agreement to the contrary, Vaultera has no support, warranty, indemnification or other obligation or liability with respect to your Add-Ons or their combination, interaction or use with the Products. You shall indemnify, defend and hold us harmless from and against any and all claims, costs, damages, losses, liabilities and expenses (including reasonable attorneys’ fees and costs) arising out of or in connection with any claim brought against us by a third party relating to your Add-Ons (including but not limited to any representations or warranties you make about your Add-Ons) or your breach of this Section.

14 License Certifications and Audits. At our request, you agree to provide a signed certification that you are using all Products pursuant to the terms of this Agreement, including the Scope of Use. You agree to allow us, or our authorised agent, to audit your use of the Products. We will provide you with at least 10 days advance notice prior to the audit, and the audit will be conducted during normal business hours. We will bear all out-of-pocket costs that we incur for the audit, unless the audit reveals that you have exceeded the Scope of Use. You will provide reasonable assistance, cooperation, and access to relevant information in the course of any audit at your own cost. If you exceed your Scope of Use, we may invoice you for any past or ongoing excessive use, and you will pay the invoice promptly after receipt. This remedy is without prejudice to any other remedies available to Vaultera at law or equity or under this Agreement. To the extent we are obligated to do so, we may share audit results with certain of our third party licensors or assign the audit rights specified in this Section to such licensors.

15 Ownership and Feedback. Products are made available on a limited license or access basis, and no ownership right is conveyed to you, irrespective of the use of terms such as “purchase” or “sale”. Vaultera and its licensors have and retain all right, title and interest, including all intellectual property rights, in and to the Products (including all No-Charge Products), their “look and feel”, any and all related or underlying technology, and any modifications or derivative works of the foregoing created by or for Vaultera, including without limitation as they may incorporate Feedback (“Vaultera Technology”). From time to time, you may choose to submit comments, information, questions, data, ideas, description of processes, or other information to Vaultera, including sharing Your Modifications or in the course of receiving Support and Maintenance (“Feedback”). Vaultera may in connection with any of its products or services freely use, copy, disclose, license, distribute and exploit any Feedback in any manner without any obligation, royalty or restriction based on intellectual property rights or otherwise. No Feedback will be considered your Confidential Information, and nothing in this Agreement limits Vaultera’s right to independently use, develop, evaluate, or market products, whether incorporating Feedback or otherwise.

16 Confidentiality. Except as otherwise set forth in this Agreement, each party agrees that all code, inventions, know-how, business, technical and financial information disclosed to such party (“Receiving Party”) by the disclosing party (“Disclosing Party”) constitute the confidential property of the Disclosing Party (“Confidential Information”), provided that it is identified as confidential at the time of disclosure. Any Vaultera Technology and any performance information relating to the Products shall be deemed Confidential Information of Vaultera without any marking or further designation. Except as expressly authorised herein, the Receiving Party will hold in confidence and not use or disclose any Confidential Information. The Receiving Party’s nondisclosure obligation shall not apply to information which the Receiving Party can document: (i) was rightfully in its possession or known to it prior to receipt of the Confidential Information; (ii) is or has become public knowledge through no fault of the Receiving Party; (iii) is rightfully obtained by the Receiving Party from a third party without breach of any confidentiality obligation; or (iv) is independently developed by employees of the Receiving Party who had no access to such information. The Receiving Party may also disclose Confidential Information if so required pursuant to a regulation, law or court order (but only to the minimum extent required to comply with such regulation or order and with advance notice to the Disclosing Party). The Receiving Party acknowledges that disclosure of Confidential Information would cause substantial harm for which damages alone would not be a sufficient remedy, and therefore that upon any such disclosure by the Receiving Party the Disclosing Party shall be entitled to appropriate equitable relief in addition to whatever other remedies it might have at law. For the avoidance of doubt, this Section shall not operate as a separate warranty with respect to the operation of any Product.

17 Term and Termination. This Agreement is in effect for as long as you have a valid License Term or Subscription Term (the “Term”), unless sooner terminated as permitted in this Agreement. Either party may terminate this Agreement before the expiration of the Term if the other party materially breaches any of the terms of this Agreement and does not cure the breach within thirty (30) days after written notice of the breach. Either party may also terminate the Agreement before the expiration of the Term if the other party ceases to operate, declares bankruptcy, or becomes insolvent or otherwise unable to meet its financial obligations. You may terminate this Agreement at any time with notice to Vaultera, but you will not be entitled to any credits or refunds as a result of convenience termination for prepaid but unused Software, Hosted Services subscriptions, or Support and Maintenance. Except where an exclusive remedy may be specified in this Agreement, the exercise by either party of any remedy, including termination, will be without prejudice to any other remedies it may have under this Agreement, by law, or otherwise. Once the Agreement terminates, you (and your Authorised Users) will no longer have any right to use or access any Products, or any information or materials that we make available to you under this Agreement, including Vaultera Confidential Information. You are required to delete any of the foregoing from your systems as applicable (including any third party systems operated on your behalf) and provide written certification to us that you have done so at our request. The following provisions will survive any termination or expiration of this Agreement: Sections 7.7.3 (Indemnity for Your Data), 10.3 (Payment), 10.4 (Taxes), 11 (No-Charge Products) (disclaimers and use restrictions only), 12 (Restrictions), 13.2 (Conditions to Development of Add-Ons), 14 (License Certifications and Audits), 15 (Ownership and Feedback), 16 (Confidentiality), 17 (Term and Termination), 18.2 (Warranty Disclaimer), 19 (Limitation of Liability), 21 (Third Party Vendor Products), 24 (Dispute Resolution), 25 (Export Restrictions), and 27 (General Provisions).

18 Warranty and Disclaimer.

18.1 Due Authority. Each party represents and warrants that it has the legal power and authority to enter into this Agreement, and that, if you are an entity, this Agreement and each Order is entered into by an employee or agent of such party with all necessary authority to bind such party to the terms and conditions of this Agreement.

18.2 WARRANTY DISCLAIMER. ALL PRODUCTS ARE PROVIDED “AS IS,” AND Vaultera AND ITS SUPPLIERS EXPRESSLY DISCLAIM ANY AND ALL WARRANTIES AND REPRESENTATIONS OF ANY KIND, INCLUDING ANY WARRANTY OF NON-INFRINGEMENT, TITLE, FITNESS FOR A PARTICULAR PURPOSE, FUNCTIONALITY, OR MERCHANTABILITY, WHETHER EXPRESS, IMPLIED, OR STATUTORY. YOU MAY HAVE OTHER STATUTORY RIGHTS, BUT THE DURATION OF STATUTORILY REQUIRED WARRANTIES, IF ANY, SHALL BE LIMITED TO THE SHORTEST PERIOD PERMITTED BY LAW. Vaultera SHALL NOT BE LIABLE FOR DELAYS, INTERRUPTIONS, SERVICE FAILURES AND OTHER PROBLEMS INHERENT IN USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS OR OTHER SYSTEMS OUTSIDE THE REASONABLE CONTROL OF Vaultera. TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER Vaultera NOR ANY OF ITS THIRD PARTY SUPPLIERS MAKES ANY REPRESENTATION, WARRANTY OR GUARANTEE AS TO THE RELIABILITY, TIMELINESS, QUALITY, SUITABILITY, TRUTH, AVAILABILITY, ACCURACY OR COMPLETENESS OF ANY PRODUCTS OR ANY CONTENT THEREIN OR GENERATED THEREWITH, OR THAT: (A) THE USE OF ANY PRODUCTS WILL BE SECURE, TIMELY, UNINTERRUPTED OR ERROR-FREE; (B) THE PRODUCTS WILL OPERATE IN COMBINATION WITH ANY OTHER HARDWARE, SOFTWARE, SYSTEM, OR DATA; (C) THE PRODUCTS (OR ANY PRODUCTS, SERVICES, INFORMATION, OR OTHER MATERIAL PURCHASED OR OBTAINED BY YOU THROUGH THE PRODUCTS) WILL MEET YOUR REQUIREMENTS OR EXPECTATIONS); (D) ANY STORED DATA WILL BE ACCURATE OR RELIABLE OR THAT ANY STORED DATA WILL NOT BE LOST OR CORRUPTED; (E) ERRORS OR DEFECTS WILL BE CORRECTED; OR (F) THE PRODUCTS (OR ANY SERVER(S) THAT MAKE A HOSTED SERVICE AVAILABLE) ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS.

19 Limitation of Liability. NEITHER PARTY (NOR ITS SUPPLIERS) SHALL BE LIABLE FOR ANY LOSS OF USE, LOST OR INACCURATE DATA, FAILURE OF SECURITY MECHANISMS, INTERRUPTION OF BUSINESS, COSTS OF DELAY OR ANY INDIRECT, SPECIAL, INCIDENTAL, RELIANCE OR CONSEQUENTIAL DAMAGES OF ANY KIND (INCLUDING LOST PROFITS), REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF INFORMED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE. NEITHER PARTY’S AGGREGATE LIABILITY TO THE OTHER SHALL EXCEED THE AMOUNT ACTUALLY PAID BY YOU TO US FOR PRODUCTS AND SUPPORT AND MAINTENANCE IN THE 12 MONTHS IMMEDIATELY PRECEDING THE CLAIM. NOTWITHSTANDING ANYTHING ELSE IN THIS AGREEMENT, OUR AGGREGATE LIABILITY TO YOU IN RESPECT OF NO-CHARGE PRODUCTS SHALL BE US$20. THIS SECTION 19 (LIMITATION OF LIABILITY) SHALL NOT APPLY TO (1) AMOUNTS OWED BY YOU UNDER ANY ORDERS, (2) EITHER PARTY’S EXPRESS INDEMNIFICATION OBLIGATIONS IN THIS AGREEMENT, OR (3) YOUR BREACH OF SECTION 12 (RESTRICTIONS) OR SECTION 2 (COMBINING THE PRODUCTS WITH OPEN SOURCE SOFTWARE) OF THIRD PARTY CODE IN Vaultera PRODUCTS). TO THE MAXIMUM EXTENT PERMITTED BY LAW, NO SUPPLIERS OF ANY THIRD PARTY COMPONENTS INCLUDED IN THE PRODUCTS WILL BE LIABLE TO YOU FOR ANY DAMAGES WHATSOEVER. The parties agree that the limitations specified in this Section 19 (Limitation of Liability) will survive and apply even if any limited remedy specified in this Agreement is found to have failed of its essential purpose.

20 IP Indemnification by Vaultera. We will defend you against any claim brought against you by a third party alleging that a Product, when used as authorised under this Agreement, infringes a United States or European Union patent or registered copyright (a “Claim”), and we will indemnify you and hold you harmless against any damages and costs finally awarded by a court of competent jurisdiction or agreed to settlement by Vaultera (including reasonable attorneys’ fees) arising out of a Claim, provided that we have received from you: (a) prompt written notice of the claim (but in any event notice in sufficient time for us to respond without prejudice); (b) reasonable assistance in the defense and investigation of the claim, including providing us a copy of the claim and all relevant evidence in your possession, custody or control; and (c) the exclusive right to control and direct the investigation, defense, and settlement (if applicable) of the claim. If your use of a Product is (or in our opinion is likely to be) enjoined, if required by settlement, or if we determine such actions are reasonably necessary to avoid material liability, we may, at our option and in our discretion: (i) procure a license for your continued use of the Product in accordance with this Agreement; (ii) substitute a substantially functionally similar Product; or (iii) terminate your right to continue using the Product and refund, in the case of Software, the license fee paid by you as reduced to reflect a three year straight-line depreciation from the license purchase date, and in the case of a Hosted Service, any prepaid amounts for the terminated portion of the Subscription Term. Vaultera’s indemnification obligations above do not apply: (1) if the total aggregate fees received by Vaultera with respect to your license to Software or subscription to Hosted Services in the 12 month period immediately preceding the claim is less than US$50,000; (2) if the Product is modified by any party other than Vaultera, but solely to the extent the alleged infringement is caused by such modification; (3) if the Product is used in combination with any non-Vaultera product, software or equipment, but solely to the extent the alleged infringement is caused by such combination; (4) to unauthorised use of Products; (5) to any Claim arising as a result of (y) Your Data (or circumstances covered by your indemnification obligations in Section 7.7.3 (Indemnity for Your Data)) or (z) any third-party deliverables or components contained with the Products; (6) to any unsupported release of the Software; or (7) if you settle or make any admissions with respect to a claim without Vaultera’s prior written consent. THIS SECTION 20 (IP INDEMNIFICATION BY Vaultera) STATES OUR SOLE LIABILITY AND YOUR EXCLUSIVE REMEDY FOR ANY INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS IN CONNECTION WITH ANY PRODUCT OR OTHER ITEMS PROVIDED BY Vaultera UNDER THIS AGREEMENT.

21 Third Party Vendor Products. Vaultera or third parties may from time to time make available to you (e.g., through the Vaultera Marketplace) third-party products or services, including but not limited to add-ons and plugins as well as implementation, customisation, training, and other consulting services. If you procure any of these third party products or services, you do so under a separate agreement (and exchange of data) solely between you and the third party vendor. Vaultera does not warrant or support non-Vaultera products or services, whether or not they are designated by Vaultera as “verified” or otherwise, and disclaims all liability for such products or services. If you install or enable any third party products or services for use with Vaultera products, you acknowledge that Vaultera may allow the vendors of those products and services to access Your Data as required for the interoperation and support of such add-ons with the Vaultera products. Vaultera shall not be responsible for any disclosure, modification or deletion of Your Data resulting from any such access by third party add-on vendors.

22 Publicity Rights. We may identify you as an Vaultera customer in our promotional materials. You may request that we stop doing so by submitting an email to hello@vaultera.co at any time. Please note that it may take us up to 30 days to process your request.

23 Improving Our Products. We are always striving to improve our Products. In order to do so, we need to measure, analyse, and aggregate how users interact with our Products, such as usage patterns and characteristics of our user base. We collect and use analytics data regarding the use of our Products as described in our Privacy Policy.

24 Dispute Resolution

24.1 Dispute Resolution; Arbitration. In the event of any controversy or claim arising out of or relating to this Agreement, the parties hereto shall consult and negotiate with each other and, recognising their mutual interests, attempt to reach a solution satisfactory to both parties. If the parties do not reach settlement within a period of 60 days, any unresolved controversy or claim arising out of or relating to this Agreement shall proceed to binding arbitration under the Rules of Arbitration of the International Chamber of Commerce. The parties shall seek to mutually appoint an arbitrator. If the parties cannot agree on a single arbitrator, then there shall be three (3) arbitrators: one selected by each party, and a third selected by the first two. Arbitration will take place in the following cities as mutually agreed between the parties: London (UK). All negotiations and arbitration proceedings pursuant to this Section will be confidential and treated as compromise and settlement negotiations for purposes of all similar rules and codes of evidence of applicable legislation and jurisdictions. The language of the arbitration shall be English.

24.2 Governing Law; Jurisdiction. This Agreement will be governed by and construed in accordance with the applicable laws of the United Kingdom.

Vaultera may bring a claim for equitable relief in any court with proper jurisdiction.

24.3 Injunctive Relief; Enforcement. Notwithstanding the provisions of Section 24.1 (Dispute Resolution; Arbitration), nothing in this Agreement shall prevent either party from seeking injunctive relief with respect to a violation of intellectual property rights, confidentiality obligations or enforcement or recognition of any award or order in any appropriate jurisdiction.

24.4 Exclusion of UN Convention and UCITA. The terms of the United Nations Convention on Contracts for the Sale of Goods do not apply to this Agreement. The Uniform Computer Information Transactions Act (UCITA) shall not apply to this Agreement regardless of when or where adopted.

25 Changes to this Agreement. We may update or modify this Agreement from time to time, including any referenced policies and other documents. If a revision meaningfully reduces your rights, we will use reasonable efforts to notify you (by, for example, sending an email to the billing or technical contact you designate in the applicable Order, posting on our blog, through your Vaultera account, or in the Product itself). If we modify the Agreement during your License Term or Subscription Term, the modified version will be effective upon your next renewal of a License Term, Support and Maintenance term, or Subscription Term, as applicable. In this case, if you object to the updated Agreement, as your exclusive remedy, you may choose not to renew, including cancelling any terms set to auto-renew. With respect to No-Charge Products, accepting the updated Agreement is required for you to continue using the No-Charge Products. You may be required to click through the updated Agreement to show your acceptance. If you do not agree to the updated Agreement after it becomes effective, you will no longer have a right to use No-Charge Products. For the avoidance of doubt, any Order is subject to the version of the Agreement in effect at the time of the Order.

27 General Provisions. Any notice under this Agreement must be given in writing. We may provide notice to you via email or through your account. Our notices to you will be deemed given upon the first business day after we send it. You may provide notice to us by email to hello@vaultera.co. Your notices to us will be deemed given upon our receipt. Neither party shall be liable to the other for any delay or failure to perform any obligation under this Agreement (except for a failure to pay fees) if the delay or failure is due to unforeseen events which are beyond the reasonable control of such party, such as a strike, blockade, war, act of terrorism, riot, natural disaster, failure or diminishment of power or telecommunications or data networks or services, or refusal of a license by a government agency. You may not assign this Agreement without our prior written consent. We will not unreasonably withhold our consent if the assignee agrees to be bound by the terms and conditions of this Agreement. We may assign our rights and obligations under this Agreement (in whole or in part) without your consent. The Products are commercial computer software. If you are an agency, department, or other entity of the United States Government, the use, duplication, reproduction, release, modification, disclosure, or transfer of the Products, or any related documentation of any kind, including technical data and manuals, is restricted by the terms of this Agreement. The Products were developed fully at private expense. All other use is prohibited. This Agreement is the entire agreement between you and Vaultera relating to the Products and supersedes all prior or contemporaneous oral or written communications, proposals and representations with respect to the Products or any other subject matter covered by this Agreement. If any provision of this Agreement is held to be void, invalid, unenforceable or illegal, the other provisions shall continue in full force and effect. This Agreement may not be modified or amended by you without our written agreement (which may be withheld in our complete discretion without any requirement to provide any explanation). As used herein, “including” (and its variants) means “including without limitation” (and its variants). No failure or delay by the injured party to this Agreement in exercising any right, power or privilege hereunder shall operate as a waiver thereof, nor shall any single or partial exercise thereof preclude any other or further exercise thereof or the exercise of any right, power or privilege hereunder at law or equity. The parties are independent contractors. This Agreement shall not be construed as constituting either party as a partner of the other or to create any other form of legal association that would give on party the express or implied right, power or authority to create any duty or obligation of the other party.

  1. GDPR Data Protection addendum

28.1.  Definitions: In this Addendum, the following terms shall have the following meanings:

(a)  “controller”, “processor”, “data subject”, “personal data”, “processing” (and “process”) and “special categories of personal data” shall have the meanings given in Applicable Data Protection Law;

(b)  “Applicable Data Protection Law” shall mean: (i) prior to 25 May 2018, the EU Data Protection Directive (Directive 95/46/EC); and (ii) on and after 25 May 2018, the EU General Data Protection Regulation (Regulation 2016/679); and

(c)  “Vaultera” means the Vaultera entity that is a party to this Addendum, as specified in paragraph 1 of the section “APPLICATION OF THIS ADDENDUM” above.

1.2.  Relationship of the parties: Customer (the controller) appoints Vaultera as a processor to process the personal data described in the Agreement (the “Data”) for the purposes described, and the terms set out, in the Agreement, including, for the avoidance of doubt, to provide you with, and update and improve, our services (or as otherwise agreed in writing by the parties) (the “Permitted Purpose”). Each party shall comply with the obligations that apply to it under Applicable Data Protection Law.

1.3.  Prohibited data: Unless explicitly requested by Vaultera to do so, Customer shall not disclose (and shall not permit any data subject to disclose) any special categories of personal data to Vaultera for processing.

1.4.  International transfers: Vaultera shall not transfer the Data outside of the European Economic Area (“EEA”) unless it has taken such measures as are necessary to ensure the transfer is in compliance with Applicable Data Protection Law. Such measures may include (without limitation) transferring the Data to a recipient in a country that the European Commission has decided provides adequate protection for personal data (e.g., New Zealand), to a recipient in the United States that has certified its compliance with the EU-US Privacy Shield, or to a recipient that has executed standard contractual clauses adopted or approved by the European Commission.

1.5.  Confidentiality of processing: Vaultera shall ensure that any person it authorises to process the Data (an “Authorised Person”) shall protect the Data in accordance with Vaultera’s confidentiality obligations under the Agreement.

1.6.  Security: Vaultera shall implement technical and organisational measures which may be amended and updated from time to time, to protect the Data (i) from accidental or unlawful destruction, and (ii) loss, alteration, unauthorised disclosure of, or access to the Data (a “Security Incident”).

1.7.  Subcontracting: Customer consents to Vaultera engaging third party subprocessors to process the Data for the Permitted Purpose provided that: (i) Vaultera maintains an up-to-date list of its subprocessors, which shall be available on its website on or before 25 May 2018, which it shall update with details of any change in subprocessors at least 30 days prior to the change; (ii) Vaultera imposes data protection terms on any subprocessor it appoints that require it to protect the Data to the standard required by Applicable Data Protection Law; and (iii) Vaultera remains liable for any breach of this Addendum that is caused by an act, error or omission of its subprocessor. Customer may object to Vaultera’s appointment or replacement of a subprocessor prior to its appointment or replacement, provided such objection is based on reasonable grounds relating to data protection. In such event, Vaultera will either not appoint or replace the subprocessor or, if this is not reasonably possible, in Vaultera’s sole discretion, Customer may suspend or terminate the Agreement without penalty (without prejudice to any fees incurred by Customer up to and including the date of suspension or termination).

1.8.  Cooperation and data subjects’ rights: Vaultera shall provide reasonable and timely assistance to Customer (at Customer’s expense) to enable Customer to respond to: (i) any request from a data subject to exercise any of its rights under Applicable Data Protection Law; and (ii) any other correspondence, enquiry or complaint received from a data subject, regulator or other third party in connection with the processing of the Data. In the event that any such request, correspondence, enquiry or complaint is made directly to Vaultera, Vaultera shall promptly inform Customer providing full details of the same.

1.9.  Data Protection Impact Assessment: If Vaultera believes or becomes aware that its processing of the Data is likely to result in a high risk to the data protection rights and freedoms of data subjects, it shall inform Customer and provide reasonable cooperation to Customer in connection with any data protection impact assessment that may be required under Applicable Data Protection Law.

1.10.  Security incidents: If it becomes aware of a confirmed Security Incident, Vaultera shall inform Customer without undue delay and shall provide reasonable information and cooperation to Customer so that Customer can fulfil any data breach reporting obligations it may have under (and in accordance with the timescales required by) Applicable Data Protection Law. Vaultera shall further take reasonably necessary measures and actions to remedy or mitigate the effects of the Security Incident and keep Customer informed of all material developments in connection with the Security Incident.

1.11.  Deletion or return of Data: Upon termination or expiry of the Agreement, Vaultera will, on Customer’s explicit request, delete or return the Data in its possession or control (in a manner and form decided by Vaultera, acting reasonably). This requirement shall not apply to the extent that Vaultera is required by applicable law to retain some or all of the Data, or to Data it has archived on back-up systems, which Data Vaultera shall securely isolate and protect from any further processing.

Modifications

We may revise these Terms from time to time to better reflect:

(a) changes to the law,

(b) new regulatory requirements, or

(c) improvements or enhancements made to our Services.

If an update affects your use of the Services or your legal rights as a user of our Services, we’ll notify you prior to the update’s effective date by sending an email to the email address associated with your account or via an in-product notification. These updated terms will be effective no less than 30 days from when we notify you.

If you don’t agree to the updates we make, please cancel your account before they become effective.

Where applicable, we’ll offer you a pro rata refund based on the amounts you have prepaid for Services and your account cancellation date.

By continuing to use or access the Services after the updates come into effect, you agree to be bound by the revised Terms.

Privacy Policy

Introduction

This Privacy Policy explains what information buuqit.com ltd a registered company in the UK and its related entities (“Vaultera”) collect about you and why, what we do with that information, how we share it, and how we handle the content you place in our products and services. It also explains the choices available to you regarding our use of your personal information and how you can access and update this information.

We are committed to fully being UK Data Protection and the Global Data Protection Regulations (“GDPR”) compliant

Scope of Privacy Policy

This Privacy Policy applies to the information that we obtain through your use of “The Vaultera Services” via a “Device” or when you otherwise interact with Vaultera.

“Vaultera” include our:

but does not include:

A “Device” is any computer used to access the The Vaultera Services, including without limitation a desktop, laptop, mobile phone, tablet, or other consumer electronic device.

Unless otherwise stated, our SaaS Products and our Downloadable Products are treated the same for the purposes of this document.

By registering for or using Vaultera Services you consent to the collection, transfer, processing, storage, disclosure and other uses described in this Privacy Policy.

Definitions

Add-On: a bundle of code, resources and configuration files that can be used with an The Vaultera product to add new functionality or to change the behavior of that product’s existing features.

Content: any information or data that you upload, submit, post, create, transmit, store or display in an Vaultera Service.

Downloadable Products: Vaultera’s downloadable software products and mobile applications, including Add-Ons created by Vaultera, that are installed by customers on an infrastructure of their choice. Downloadable Products do not include Add-Ons created by third parties, even when they are accessed through Vaultera.com or available through the Vaultera Marketplace.

Information: all of the different forms of data, content, and information collected by us as described in this Privacy Policy.

Personal Information: information that may be used to readily identify or contact you as an individual person, such as: name, address, email address, or phone number. Personal Information does not include information that has been anonymized such that it does not allow for the ready identification of specific individuals.

SaaS Products: Vaultera’s “Cloud” hosted solutions, as well as other Vaultera hosted solutions that display a link to this Privacy Policy. For the avoidance of doubt, if a Vaultera hosted solution displays a link to a different privacy policy, then that other privacy policy shall apply.

Websites: Vaultera’s websites, including but not limited to vaultera.co and any related websites, sub-domains and pages.

Changes to our Privacy Policy

We may change this Privacy Policy from time to time. If we make any changes, we will notify you by revising the “Effective Starting” date at the top of this Privacy Policy. If we make any material changes, we will provide you with additional notice (such as by adding a notice on the Vaultera Services homepages, login screens, or by sending you an email notification). We encourage you to review our Privacy Policy whenever you use Vaultera Services to stay informed about our information practices and the ways you can help protect your privacy.

If you disagree with any changes to this Privacy Policy, you will need to stop using Vaultera Services and deactivate your account(s).

Information you provide to us

We collect the following information:

Account and Profile Information: We collect information about you and your company as you register for an account, create or modify your profile, make purchases through, use, access, or interact with the Vaultera Services (including but not limited to when you upload, download, collaborate on or share Content). Information we collect includes

You may provide this information directly when you enter it in Vaultera Services.

In some cases another user (such as a system administrator) may create an account on your behalf and may provide your information, including Personal Information (most commonly when your company requests that you use our products). We collect Information under the direction of our customers and often have no direct relationship with the individuals whose personal data we process. If you are an employee of one of our customers and would no longer like us to process your information, please contact your employer. If you are providing information (including Personal Information) about someone else, you must have the authority to act for them and to consent to the collection and use of their Personal Information as described in this Privacy Policy.

Content: We collect and store Content that you create, input, submit, post, upload, transmit, store or display in the process of using our SaaS Products or Websites. Such Content includes any Personal Information or other sensitive information that you choose to include (“incidentally-collected Personal Information”).

Other submissions: We collect other data that you submit to our Websites or as you participate in any interactive features of the Vaultera Services, participate in a survey, contest, promotion, sweepstakes, activity or event, apply for a job, request customer support, communicate with us via third party social media sites or otherwise communicate with us. For example, information regarding a problem you are experiencing with a Vaultera product could be submitted to our Support Services or posted in our public forums.

Information we collect from your use of Vaultera Services

Web Logs: As is true with most websites and services delivered over the Internet, we gather certain information and store it in log files when you interact with our Websites and SaaS Products. This information includes internet protocol (IP) addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, identification numbers associated with your Devices, your mobile carrier, and system configuration information. In the case of our SaaS Product, the URLs you accessed (and therefore included in our log files) include usernames as well as elements of Content as necessary for the SaaS Product to perform the requested operations. Occasionally, we connect Personal Information to information gathered in our log files as necessary to improve Vaultera Services for individual customers. In such a case, we would treat the combined Information in accordance with this privacy policy.

Analytics Information from Website and SaaS Products: We collect analytics information when you use our Websites and SaaS Products to help us improve our products and services. In the SaaS Products, this analytics information consists of the feature and function of the Vaultera Service being used, the associated licence identifier (SEN) and domain name, the username and IP address of the individual who is using the feature or function (which will include Personal Information if the Personal Information was incorporated into the username), the sizes and original filenames of attachments, and additional information required to detail the operation of the function and which parts of the Vaultera Services are being affected. edit is made by a user or automatically generated by the system, and whether email notifications are to be sent.

The analytics information we collect includes elements of Content related to the function the user is performing. As such, the analytics information we collect may include Personal Information or sensitive business information that the user has included in Content that the user chose to upload, submit, post, create, transmit, store or display in an Vaultera Service.

As of the date this policy went into effect, we use Google Analytics as an analytics provider. To learn more about the privacy policy of Google Analytics, refer to Google’s Policies and Principles. Use the Google Analytics Opt-out Browser Add-on to prevent analytics information from being sent to Google Analytics.

Analytics Information Derived from Content. Analytics information also consists of data we collect as a result of running queries against Content across our user base for the purposes of generating Usage Data. “Usage Data” is aggregated data about a group or category of services, features or users that does not contain Personal Information. For example, we may query Content to determine the most common types of workflows that users use by searching for the most common workflow.

Though we may happen upon sensitive or Personal Information as we compile Usage Data from Content across user instances, this is a byproduct of our efforts to understand broader patterns and trends. It is not a concerted effort by us to examine the Content of any particular customer.

Analytics Information from Downloadable Products: We collect analytics information when you use our Downloadable Products to help us improve our products and services. Our Downloadable Products contain a feature that sends information about the technical operation of the Downloadable Products on your systems (“System Information”) to us. System Information includes information about (a) the server environment in which the Downloadable Product is operating: OS type and version, JVM version, Java environment properties, CPU type, RAM allocation, language and locale settings, database type and version, and disk utilisation, as well as (b) user client information, for example: browser type and version, native client type and version, and client device specifications (e.g. screen resolution, OS version, device type, etc.). In addition, we collect analytics information from Downloadable Products that is a subset of the analytics information described above for Websites and SaaS Products. As with Websites and SaaS Products, the analytics information we collect includes elements of Content related to the function the user is performing, but with an important caveat. With the Downloadable Products, before sending the information to Vaultera’s servers, we filter the analytics information to remove elements that we believe may contain sensitive or Personal Information. For example: (1) we conduct a one-way hash of usernames and hostnames before collecting them and (2) we filter any Content elements we collect to discard all words except those on a list of common business and IT terminology. You can disable our collection of analytics information from Downloadable Products via the Administrator settings or by blocking collection at the local network level.

Installer Analytics, Software Updates & License Information from Downloadable Products: During the installation of our Downloadable Products, the installer sends analytics information to Vaultera to allow us to understand where in the installation process users are experiencing trouble or dropping out. Our Downloadable Products also communicate with Vaultera servers for licensing purposes, as well as to check for updates, patches, and compatibility with Add-Ons. Examples of information we collect for these purposes include the name and version of the Downloadable Product and the server ID, SEN, and IP address of the customer instance.

Cookies and Other Tracking Technologies: Vaultera and our third party partners, such as our advertising and analytics partners, use various technologies to collect information, such as cookies and web beacons. Cookies are small data files stored on your hard drive or in device memory. We use cookies to improve and customise Vaultera Services and your experience; to allow you to access and use the Websites or SaaS Products without re-entering your username or password; and to count visits and understand which areas and features of the Websites and SaaS Products are most popular. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from websites you visit. If you do not accept cookies, however, you may not be able to use all aspects of our Websites or SaaS Products. Vaultera and our third party partners also collect information using web beacons (also known as “tracking pixels”). Web beacons are electronic images that may be used in our Websites or SaaS Products or in emails that help us to deliver cookies, count visits, understand usage and campaign effectiveness and determine whether an email has been opened and acted upon.

Vaultera and our third party partners also use javascript, e-tags, “flash cookies”, and HTML5 local storage to collect information about your online activities over time and across different websites or online services. Many browsers include their own management tools for removing HTML5 local storage objects. To manage “flash cookies” please click here.

You may be able to opt out of receiving personalised advertisements as described below under “Your Choices.”

How we use Information we collect

General Uses: We use the Information we collect about you (including Personal Information to the extent applicable) for a variety of purposes, including to:

Notwithstanding the foregoing, we will not use Personal Information appearing in our Analytics Logs or Web Logs for any purpose. The use of Information collected through our Vaultera Services shall be limited to the purposes disclosed in this policy.

Compiling aggregate analytics information: Because our SaaS Products and Downloadable Products are some of the most configurable in the market, we make extensive use of analytics information (including log and configuration data) to understand how our products are being configured and used, how they can be improved for the benefit of all of our users, and to develop new products and services. As such we generate Usage Data (as defined above) from the web logs and analytics logs described above, including the Content elements captured in such logs, as well as from the Content stored in the Websites and SaaS Products.

Information sharing and disclosure

We will not share or disclose any of your Personal Information or Content with third parties except as described in this policy. We do not sell your Personal Information or Content.

Your Use: When you use Vaultera Services, Content you provide will be displayed back to you. Certain features of Vaultera Services allow you or your administrator to make some of your Content public, in which case it will become readily accessible to anyone. We urge you to consider the sensitivity of any data you input into Vaultera Services.

Collaboration: As a natural result of using Vaultera Services, you may create Content and grant permission to other Vaultera users to access it for the purposes of collaboration. Some of the collaboration features of Vaultera Services display your profile information, including Personal Information included in your profile, to users with whom you have shared your Content. Where this information is sensitive, we urge you to use the various security and privacy features of the Vaultera Services to limit those who can access such information. Your sharing settings may make any Information, including some Personal Information, that you submit to the Vaultera Services visible to the public, unless submitted to a restricted area.

Access by your system administrator: You should be aware that the administrator of your instance of Vaultera Services may be able to:

Vaultera Community: Our Websites offer publicly accessible community services such as blogs, forums, bug trackers, and wikis. You should be aware that any Content you provide in these areas may be read, collected, and used by others who access them. Your posts may remain even after you cancel your account. To request removal of your Personal Information from the Vaultera Community, please contact us using the information listed below. In some cases, we may not be able to remove your Personal Information, in which case we will let you know if we are unable to and why.

Service Providers, Business Partners and Others: We work with third party service providers to provide website, application development, hosting, maintenance, back-up, storage, virtual infrastructure, payment processing, analysis and other services for us. These service providers may have access to or process your Information for the purpose of providing those services for us. Some of our pages utilize white-labeling techniques to serve content from our service providers while providing the look and feel of our site. Please be aware that you are providing your Information to these third parties acting on behalf of Vaultera.

Third Party Add-Ons: You may choose to make use of third party Add-Ons in conjunction with Vaultera Services. Third party Add-Ons are software written by third parties to which you grant access privileges to your Content (which may include your Personal Information). When access is granted, your Content is shared with the third party. Third party Add-On policies and procedures are not controlled by Vaultera even though the third party Add-On may be available through Vaultera Services. Third parties who have been granted access to your Content through Add-Ons could use this data to contact you and market services to you, and could share your data with other third parties. This Privacy Policy does not cover the collection or use of your data by third party Add-Ons, and we urge you to consider the privacy policies governing third party Add-Ons. If you object to your Personal Information being shared with these third parties, please uninstall the Add-On (in the event installed from the Vaultera Marketplace) or terminate your agreement with the third party Add-On provider (in the event you have purchased a direct integration).

Links to Third Party Sites: The Vaultera Services may include links to other websites whose privacy practices may differ from ours. If you submit Personal Information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.

Social Media Widgets: The Vaultera Services may contain social media features, such as the Twitter “tweet” button. These features may collect your IP address, which page you are visiting on the Vaultera Services, and may set a cookie to enable the feature to function properly. Social media features and Widgets are either hosted by a third party or hosted directly on our Vaultera Services. Your interactions with these features are governed by the privacy policy of the company providing it.

Testimonials: We may display personal testimonials of satisfied customers on the Vaultera Services. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us using the information below.

Compliance with Laws and Law Enforcement Requests; Protection of Our Rights: We may disclose your Information (including your Personal Information) to a third party if (a) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request, (b) to enforce our agreements, policies and terms of service, (c) to protect the security or integrity of Vaultera’s products and services, (d) to protect Vaultera, our customers or the public from harm or illegal activities, or (e) to respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.

Business Transfers: We may share or transfer your Information (including your Personal Information) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified via email and/or a prominent notice on the Vaultera Services of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.

Aggregated or Anonymized Data: We may also share aggregated or anonymized information that does not directly identify you with the third parties described above.

With Your Consent. We will share your Personal Information with third parties when we have your consent to do so.

Information we do not share

We do not share Personal Information about you with third parties for their marketing purposes (including direct marketing purposes) without your permission.

Data storage, transfer and security

Vaultera hosts data with hosting service providers in numerous countries including the United States and Europe. The servers on which Personal Information is stored are kept in a controlled environment. While we take reasonable efforts to guard your Personal Information, no security system is impenetrable and due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others, such as hackers. In addition, we cannot guarantee that any incidentally-collected Personal Information you choose to store in Websites or SaaS Products are maintained at levels of protection to meet specific needs or obligations you may have relating to that information.

Where data is transferred over the Internet as part of a Website or SaaS Product, the data is encrypted using industry standard SSL (HTTPS).

Where Downloadable Products are used, responsibility of securing access to the data you store in the Downloadable Products rests with you and not Vaultera. We strongly recommend that administrators of Downloadable Products configure SSL to prevent interception of data transmitted over networks and to restrict access to the databases and other storage used to hold data.

Your Choices

You may opt out of receiving promotional communications from Vaultera by using the unsubscribe link within each email or within your Vaultera settings menu, or emailing us to have your contact information removed from our promotional email list or registration database. Although opt-out requests are usually processed immediately, please allow ten (10) business days for a removal request to be processed. Even after you opt out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding Vaultera’s Services. You can opt-out of some notification messages in your account settings.

Accessing and updating your information

You may often correct, update, amend, or remove your Personal Information in your account settings or by directing your query to your account administrator. You may also contact Support Services, or contact us by postal mail using the address listed below. We will respond to your request for access within 30 days.

You can often remove Content using editing tools associated with that Content. In some cases, you may need to contact your administrator to request they remove the Content. You can contact us to request removal of Personal Information from Vaultera Community services.

You or your administrator may be able to deactivate your Vaultera Services account. If you can deactivate your own account, you can most often do so in your account settings. Otherwise, please contact your administrator. To deactivate an organisation account, please contact Support Services. To deactivate an account made for you without authorisation, please contact us at the contact information below.

We will retain your account information for as long as your account is active, or as reasonably useful for commercial purposes or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. If your account is managed by an administrator, that account administrator may have control with regards to how your account information is retained and deleted.

Accessing and updating your information

You may often correct, update, amend, or remove your Personal Information in your account settings or by directing your query to your account administrator. You may also contact Support Services, or contact us by postal mail using the address listed below. We will respond to your request for access within 30 days.

You can often remove Content using editing tools associated with that Content. In some cases, you may need to contact your administrator to request they remove the Content. You can contact us to request removal of Personal Information from Vaultera Community services.

You or your administrator may be able to deactivate your Vaultera account. If you can deactivate your own account, you can most often do so in your account settings. Otherwise, please contact your administrator. To deactivate an organisation account, please contact Support. To deactivate an account made for you without authorisation, please contact us at the contact information below.

We will retain your account information for as long as your account is active, or as reasonably useful for commercial purposes or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. If your account is managed by an administrator, that account administrator may have control with regards to how your account information is retained and deleted.

Our policy towards children

Vaultera Services are not directed to individuals under 13. We do not knowingly collect Personal Information from children under 13. If we become aware that a child under 13 has provided us with Personal Information, we will take steps to delete such information. If you become aware that a child has provided us with Personal Information, please contact our Support Services.

Complaints procedure

You have the right to request a copy of the information we hold about You, and you have the right to request that Your personal data be deleted from our systems. Our security procedures mean that we may request proof of identity before we are able to disclose any Information to You.

To the extent that We have a legal obligation to hold Your Information – for example the requirement to hold invoice information for up to seven (7) years and the requirement to provide guest registration information to the local health & safety or police authorities – the minimum Information required shall be held until the legal requirement expires and the minimum required Information shall be passed to the relevant authorities.

Where applicable, if as part of our Booking Service, we have passed Your Information to an accommodation provider or to a travel agency for the sole purpose of completing a Booking on Your behalf, You may need to direct your request to these third parties also.

If You wish to make a complaint about Vaultera, our services or any associated matter, you may contact us by telephone, email, letter or fax. We do not require complaints to be made in writing. Wherever possible, complaints will be dealt with promptly, and you will receive a response under 28 days.

If you are dissatisfied with the outcome of your complaint, you may choose to escalate the complaint internally by contacting our Support, hello@vaultera.co.

Contact Us

E-Mail: hello@vaultera.co

Acceptable Use Policy

Here at Vaultera, our goal is to help you and your team do the best work of your lives, every day. To do this, we need to keep our products and services running smoothly, quickly, and without distraction. For this to happen, we need help from you, our users. We need you not to misuse or abuse our products and services.

To describe exactly what we mean by “misuse” or “abuse” – and help us identify such transgressions, and react accordingly – we’ve created this Acceptable Use Policy. Under this policy, we reserve the right to remove content that is inconsistent with the spirit of the guidelines, even if it’s something that is not forbidden by the letter of the policy. In other words, if you do something that isn’t listed here verbatim, but it looks or smells like something listed here, we may still remove it.

You’ll see the word “services” a lot throughout this page. That refers to all websites owned or operated by Vaultera (such as vaultera.co, and any related websites, sub-domains and pages) as well as any hosted services operated by Vaultera.

Use your judgement, and let’s be kind to each other so we can keep creating great things. You can find all the legal fine print at the bottom of this page.

Here’s what we won’t allow:

Disruption

Wrongful activities

Inappropriate communications

Inappropriate content

In this Acceptable Use Policy, the term “content” means: (1) any information, data, text, software, code, scripts, music, sound, photos, graphics, videos, messages, tags, interactive features, or other materials that you post, upload, share, submit, or otherwise provide in any manner to the services and (2) any other materials, content, or data you provide to Vaultera or use with the Services.

Without affecting any other remedies available to us, Vaultera may permanently or temporarily terminate or suspend a user’s account or access to the services without notice or liability if Vaultera (in its sole discretion) determines that a user has violated this Acceptable Use Policy.

Security Policy

Executive Overview

The Vaultera Platform is designed to help Enterprises and Independent Software Vendors (ISVs) securely handle credit card data and connect payment gateways and deliver them to hotels, customers, and or partners. Vaultera realizes that helping to protect our customer’s data, ensure proper security regulations, and mitigate any potential risk is essential to building trust and delivering a high-level of service. Vaultera takes a risk based approach to security and this paper will detail the many different measures and technologies in place to protect our customers.

Our security implementation allows us to adhere to the following best practices, demonstrating our commitment to customer security and privacy:

What Data Do We Store?

Vaultera only stores metadata about your organisation and your organisation’s properties and users.

We store the following data for the purpose of authentication:

Usernames and/or email addresses,

We store the following data for the purpose of online payments:

Payment Metadata (including if present: Customer name, customer address, customer card details).

Defense in Depth

Process & Policy

The first layer of defense is having a well-defined and comprehensive set of security processes and policies to ensure the security of our customers’ data and users. Vaultera’s employs a number of process and policy measures that instill security as a key priority at our most core layer…. our people.

Change Control

A formal change control process minimises the risk associated with system changes. The process enables tracking of changes made to the systems and verifies that risks have been assessed, inter-dependencies are explored and necessary policies and procedures have been considered and applied before any change is authorised.

Training

Vaultera employees authorised to access the Vaultera platform undergo periodic training to focus employee attention to compliance with corporate security policies. For example, Vaultera DevOps and Professional Services personnel who may handle sensitive customer data and information will regularly undergo security, auditing, access, and compliance training (e.g. for GDPR)

Authorised Access

In addition to restricted personnel entering the production area, operational access is limited to only a restricted set of Vaultera operations employees. Access is controlled via a physically separate network that is isolated from the Vaultera corporate network that serves its general employee population ensuring that only personnel authorised to access the data centre may do so. All Vaultera personnel with physical or operational access to production environments are subject to training and all activities are logged for audit-ability.

Physical

All Vaultera data centres are certified to major InfoSec standards, including ISO 27001 and PCI DSS. These data centres also feature N+1 redundant HVAC and UPS. The physical security adheres to the best practices in the industry and include:

Systems Hardening

Just like any SaaS offering, the Vaultera Enterprise Connectivity Platform utilises many well coordinated technologies to deliver our service, yet there may be many capabilities that are not required. Consistent with industry best practices, Vaultera DevOps closely inspects the entire solution to identify unnecessary services and remove and/or disable these capabilities to reduce vulnerabilities to security threats.

No Root Access

All customer access to the Vaultera Platform is controlled through user interfaces (UI), APIs, and/or dedicated tools. Use of any of these methods of access require a username and password with privileges appropriate for the requested access.

Customers do not have root or administrative access to any portion of the Enterprise Insights Platform technology stack and access is permitted only via the Enterprise Insights Platform application layer (UI or API).

Shutdown All Unnecessary Ports

As previously mentioned in the Firewalls section, any ports on any server and/or virtual host not required for the operation of the Vaultera Enterprise Connectivity Platform is disabled eliminating additional opportunities for external intrusion.

Security Patches

Vaultera has rigorous policies and procedures in place to update all components of the Vaultera Enterprise Connectivity Platform, including operating systems, VM hypervisors, middleware, databases, etc. with their vendors’ security patches.

Data Retention


Customer data is not stored for longer that it is needed.  We require data about properties, bookings and users to deliver accurate data visualisations, and remove this data either upon request, or after a period [30 days max] after the account is terminated.

Data is also removed if deemed out of date, or no longer valid.  This can happen from removal of connected services, termination of accounts, or other events originating from connected service providers.

Account data (Username, password, properties, channels & bookings) will be deleted within 30 days of account cancellation or on request.

Conclusion

Here at Vaultera, we pride ourselves on the vigilance we employ to protect our customers’ data assets and we continually stress that a mature security organisation requires coordinated dedication across technology, policy, procedures, and people. This dedication is underscored by the risk-based approach laid out in this document to demonstrate strength at every layer of security, minimising any potential vulnerability or weakness.

We want our customers to know their data is sufficiently protected by this approach and welcome the opportunity to discuss these practices and approaches further.