These Terms and Conditions (“Terms”) are between Evisort Inc. (“Evisort”) and the Customer accessing the Evisort platform, which
references these Terms. These Terms will govern the use and provision of any
Services purchased by Customer as described in any Order Form, or the use of
the Evisort platform or any services performed in the performance of any pilot
or proof of concept. Any terms not defined herein have the meaning given to
them in the applicable Order Form. The “Agreement” shall refer to any Order
Form, these Terms, any additional Order Forms and all Appendixes and any other
attachments to the Order Form.
Any individual agreeing to be bound by this
agreement on behalf of an organization or other legal entity represents that
such individual has the authority to bind such entity to the Terms and
Conditions contained herein.
Credentials” means login information, passwords, security protocols, and
policies through which Users access the Company Services.
1.2“Evisort Services” means any Evisort
software-as-a-service application identified in the Order Form that allows
Users to access certain features and functions through a web interface.
References to any Evisort Services include the Documentation.
Content” means the data and content uploaded or submitted into the Evisort
Services by or on behalf of Customer.
1.4“Confidential Information” means all
written or oral information, disclosed by one party (the “Disclosing Party”) to the other (the “Recipient”), related to the business, products, services or
operations of the Disclosing Party or a third party that has been identified as
confidential or that by the nature of the information or the circumstances
surrounding disclosure ought reasonably to be treated as confidential,
including, without limitation: (i) trade secrets,
inventions, ideas, processes, computer source and object code, formulae, data,
programs, other works of authorship, know-how, improvements, discoveries,
developments, designs and techniques; (ii) information regarding products,
plans for research and development, marketing and business plans, budgets,
financial statements, contracts, prices, employees, suppliers and agents; and
(iii) information regarding the skills and compensation of the Disclosing
Party’s employees, contractors, and other agents.
means the documentation, user manuals, help files and videos, and other
materials that describe the features, functions and
operation of the Evisort Services.
means the number of documents
stored on the Evisort platform. For the purpose of counting Documents,each file shall count as one document, except
that for any file longer than 100 pages in length, the number of pages shall be
divided by 100 and then rounded up to the nearest integer for the purpose of
calculating the number of Documents in the Evisort platform. For clarification,
this means a one hundred (100) page document would count as one (1) document, a
one hundred twenty (120) page document would count as two (2) documents, and a
three-hundred (300) page document would count as three (3) documents.
1.7“Order Form” means the document signed
by an authorized representative of each party that references these Terms and
identifies the specific Service(s) to be made available and the fees to be
Information” means any Customer Content that identifies any specific
individual and is protected under applicable privacy laws, rules
Services” means any professional services provided by Evisort to Customer
as described in an Order Form (as may be further elaborated in any statement of
work agreed to by the parties), including implementation, support and
maintenance, and training services.
means the Evisort Services, the Professional Services and any other services
set forth in an Order Form.
Capacity” means the number of Customer Documents that can be submitted to
the Evisort Services for analysis. The Service Capacity is set forth in the
applicable Order Form. For the purpose of any usage
not listed in an Order Form, the Service Capacity shall be set at Evisort’s
discretion. The Service Capacity may be measured at any point during the
applicable time period and shall be measured as follows: Documents in the
Evisort platform at the beginning of the applicable time period plus the gross
number of Documents uploaded to the Evisort platform during the applicable time
1.12“Site” means Evisort’s website at
https://evisort.com and any website linked from such website or that is owned
or controlled by Evisort
1.13“User” means each of Customer’s
employees and independent contractors who are provided Access Credentials by
Customer orEvisort.The number of Users authorized by Evisort to
access the Services is set forth in the applicable Order Form.
Restrictions and Security
2.1Access Grant to Evisort Services.Subject to Customer’s compliance with the
terms and conditions contained in the Agreement, including the restriction on
the number of Users and Service Capacity set forth in any Order Form, Evisort
grants to Customer a non-exclusive, non-transferable, non-sublicenseable,
revocable right to allow the number of Users set forth in the applicable Order
Form to access and use the Evisort Services, subject to the Service Capacity,
during the Term (as defined below).
2.2Technical Support. Evisort shall provide
Customer with reasonable technical support services throughout the Term.
Evisort agrees to use commercially reasonable efforts to make the Evisort
Services available to Customer at least 99.5% of the time excluding planned
maintenance, measured monthly, during each month of the Term.
Credentials. Customer will safeguard, and ensure that
all Users safeguard the Access Credentials. Customer will be responsible for
all acts and omissions of Users.
Restrictions. During the Term (as defined in Section 7) and thereafter,
Customer shall not, and shall not permit any of its employees, contractors or
Users to, directly or indirectly: (a) act as a reseller or distributor of,
or a service bureau for, the Evisort Services or otherwise use, exploit, make
available or encumber any of the Evisort Services to or for the benefit of any
third party other than Customer’s customers; (b) use or demonstrate the Evisort
Services in any other way that is in competition with Evisort; (c) reverse
engineer, disassemble or decompile the Evisort Services or attempt to derive
the source code or underlying ideas or algorithms of any part of the Evisort
Services (except to the limited extent applicable laws specifically prohibit
such restriction); (d) access or use the Evisort Services without the prior
written consent of Evisort if customer is or becomes a direct competitor to
Evisort or its affiliates; (e) share access, use, or information about the
services with a direct competitor of Evisort (f) remove any notice of
proprietary rights from the Services; (g) copy, modify, translate or
otherwise create derivative works of any part of the Services; (h) use the
Evisort Services in a manner that interferes or attempt to interfere with the
proper working of the Evisort Services or any activities conducted on the
Evisort Services, including bypassing or attempting to bypass any privacy settings
or measures used to prevent or restrict access to the Evisort Services; (i) use manual or automated software, devices, robot,
spider, or other processes to “crawl” or “spider” or to retrieve, index,
“scrape”, “data mine” or in any way gather information, content or other
materials from the Evisort Services in an unauthorized manner or reproduce or
circumvent the navigational structure or presentation of the Evisort Services;
(j) use the Evisort Services in a manner which interferes with or disrupt
its integrity or performance; (k) use or allow the transmission, transfer,
export, re-export or other transfer of any software, technology or information
forming a part of the Evisort Services in violation of any export control or
other laws and regulations of the United States or any other relevant
jurisdiction; or (l) use the Evisort Services to share or store
inappropriate materials, including (i) materials
containing viruses or other harmful or malicious code; (ii) unsolicited
mail (spam); (iii) copyrighted materials to which Customer does not have
sufficient rights; (iv) harassing, tortious, or defamatory materials; or
(v) other materials prohibited by applicable international, federal,
state, or local laws and regulations.
Obligations.Customer will be
responsible for obtaining and maintaining, at Customer’s expense, all of the necessary telecommunications, computer hardware,
software, and Internet connectivity required by Customer or any User to access
the Evisort Services from the Internet.Customer shall use commercially reasonable efforts to prevent
unauthorized access to, or use of, the Evisort Services, and notify Evisort
promptly of any such unauthorized use known to Customer.
2.6Proprietary Rights and Confidential Information
(i)Use and Disclosure. During the Term (as defined
below) of the Agreement, each party will have access to the other party’s
Confidential Information. Except as otherwise expressly permitted, and without
limiting each party’s obligations, under the Agreement, each Recipient agrees
as follows: (A) it will not disclose the Confidential Information of the
Disclosing Party to anyone except its employees, service providers, and
independent contractors who have a need to know and who have been advised of
and have contractually agreed to treat such information in accordance with the
terms of the Agreement (each a “Representative”)
and (B) it will not use or reproduce the Confidential Information disclosed by
the Disclosing Party for any purpose other than exercising its rights and
performing its obligations as described herein.Each Recipient will be liable for the acts and omissions of its
Representatives with respect to the Disclosing Party’s Confidential Information.
The provisions of Section 2.6 (a)(i) will not apply
to Confidential Information that: (A) becomes generally available to the public
through no fault of the Recipient; (B) is lawfully provided to the Recipient by
a third party free of any confidentiality duties or obligations; (C) Recipient
can prove, by clear and convincing evidence, was already known to the Recipient
without restriction at the time of disclosure; or (D) Recipient can prove, by
clear and convincing evidence, was independently developed by employees and
contractors of Recipient who had no access to the Confidential Information..
Notwithstanding Section 2.6 (a)(i), each party may
disclose Confidential Information to the limited extent required by a court or
other governmental body, or as otherwise necessary to comply with applicable
law, provided that the party making the disclosure pursuant to the order will
first have given written notice to the other party and made a reasonable effort
to obtain a protective order.
Content. Customer is solely responsible for any and all
obligations with respect to the accuracy, quality and legality of Customer
Content.Customer will obtain all third
party licenses, consents and permissions needed for Evisort to use the Customer
Content to provide the Services.
Customer Content.Customer grants to
Evisort, on behalf of itself and its Users, a non-exclusive license to use the
Customer Content as necessary for purposes of providing the Services,
performing obligations under the Agreement, and exercising its rights under the
Agreement.Except for the limited
licenses granted to Evisort in any Customer Content, as between Customer and
Evisort, Customer reserves all right, title and interest in the Customer
Content. Notwithstanding anything in this agreement to the contrary, Evisort
may analyzer Customer Data to create one or more de-identified and aggregated
data sets that do not individually identify Customer or its Users or enable
anyone to identify Customer or its Users based on the information
(collectively, the “Deidentified Data”).
Evisort retains ownership of all right, title, and interest in and to
Deidentified Data. Evisort may use Deidentified Data for Evisort’s lawful
business purposes, including to improve, market, provide, and enhance the
Services and for other development, diagnostic, and corrective purposes in
connection with the Services and any other Evisort offerings.Evisort may disclose Deidentified Data solely
in aggregate form in connection with its business. “Usage Data” means any content, data, or information that is
collected or produced by the Services in connection with the use of the Services
that does not identify Customer or its Users, and may include, but is not
limited to, usage patterns, traffic logs and user conduct associated with the
Services. Evisort retainsownership of all right, title, and interest in and to Usage Data.
Evisort may use Usage Data in connection with Evisort’s rights and obligations
under this Agreement and to operate, improve, analyze, and support the Services
for benchmarking and reporting, and for any other lawful business purposes
(c)Evisort Services. Except for the limited access grant provided to
Customer in the Agreement, Evisort reserves all right, title and interest in
its intellectual property and business, including the Services, Documentation,
Usage Data, Deidentified Data, and Evisort trademarks.Unless otherwise expressly set forth in an
Order Form, and except for any Customer Content, all work product or services
provided or developed pursuant to the Agreement or any Order Form (including
any modifications and improvements to any Services pursuant to subsection (d)
or any intellectual property developed pursuant to subsection (e) below), and
all intellectual property and other proprietary rights derived therefrom, will
be the sole and exclusive property of Evisort.
(d)Continuous Development. Customer acknowledges that Evisort may continually
develop, deliver and provide to Customer on-going
innovation to the Evisort Services in the form of new features, functionality,
and efficiencies. Accordingly, Evisort reserves the right to modify the Evisort
Services, from time to time. Some modifications will be provided to Customer at
no additional charge. In the event Evisort adds additional functionality to a
particular Service, Evisort may condition the implementation of such
modifications on Customer’s payment of additional fees provided Customer may
continue to use the version of the Evisort Services that Evisort makes
generally available (without such features) without paying additional fees.
Services; Training and Support.Customer may request that Evisort provide
certain Professional Services related to Customer’s use of the Evisort
Services. Excluding those agreed between the parties in the Order Form or a
separate statement of work, Evisort will have no obligation to provide or
perform such services for or on behalf of Customer.
3.Security and Processing.
Evisort has implemented and will maintain a comprehensive information security
program as described in Schedule 1 (Security Practices) which shall be consistent
with industry standards that contains appropriate administrative, technical and
physical safeguards reasonably designed to protect Customer Content from
unauthorized disclosure. Evisort may update such security policies and
safeguards from time to time, provided that any such update does not materially
reduce the overall level of security or commitments as described in Schedule 1.
3.2Processing.If Customer requires, in its sole discretion, specific terms for processing Customer Content which includes personal information, this agreement hereby incorporates the terms of the Data Processing Addendum (“DPA”) at https://evisort.com/dpa, and the DPA on the Site. Should Customer require an executed version of the DPA, customer may request it by filling out the form available at https://evisort.com/dpa and the DPA available on the Site at the time of such submission will be incorporated into this Agreement on the date of such submission or the Effective Date, whichever is later.
Evisort may utilize subcontractors and subprocessors
(“Subcontractors”) in the performance of its obligations, provided that Evisort
shall remain liable and responsible for the Subcontractors’ acts and omissions
to the extent any of such acts or omissions, if performed by Evisort, would
constitute a breach of, or otherwise give rise to liability to Evisort under,
this Agreement when they are performing for or on behalf of Evisort.
4.1Fees. Customer will pay Evisort the then
applicable fees described in the Order Form for the Services and Professional
Services in accordance with the terms therein (the “Fees”), along with any applicable sales and use taxes.If Customer’s use of the Services exceeds the
Service Capacity or Number of Users set forth on the Order Form or otherwise
requires the payment of additional fees (per the Agreement), Customer shall be
billed for such usage and Customer agrees to pay the additional fees in the
manner provided herein.Evisort reserves
the right to change the Fees or applicable charges and to institute new charges
and Fees for any renewal term by providing at least sixty (60) days’ notice to
Customer prior to the beginning of such Renewal Term (which may be sent by
email). If Customer believes that Evisort has billed Customer incorrectly,
Customer must contact Evisort no later than sixty (60) days after the invoice
date on the invoicein which the error
or problem appeared, in order to receive an adjustment or credit (if
Evisort may choose to bill through an invoice, in which case, full payment for
invoices issued must be received by Evisort within thirty (30) days after the
date of the invoice. Invoices shall be for the fees and applicable taxes Unpaid
amounts are subject to a finance charge of 1.5% per month on any outstanding
balance, or the maximum permitted by law, whichever is lower, plus all expenses
of collection, and may result in immediate termination of Service. Customer
shall be responsible for all taxes associated with the Services other than
taxes based on Evisort’s net income.
Should Customer exceed their Service Capacity by greater than a 5% variance
threshold in any given time period, Evisort will have the right to invoice the
Customer for the increased Service Capacity at the rate specified for overages
within the contract or Order Form, pro-rated to account for any months of the
term that lapsed prior to the overage. The overages may be invoiced when first
incurred or on the same schedule as other invoices due under this agreement, and will be payable in accordance with these
Terms. Evisort will endeavor to provide the Customer with alerts upon crossing80% and 100%
of the applicable Service Capacity.
Disclaimers; Limitations on liability
5.1General Representations.Each party represents and warrants that: (a)
as of the Effective Date and throughout the Term, it is duly organized, validly
existing and in good standing under the laws of its jurisdiction of
incorporation or organization; (b) that the execution and performance of the
Agreement, or use of the Services, will not conflict with or violate any
provision of any law having applicability to such party; and (c) that the
Agreement, when executed and delivered, will constitute a valid and binding
obligation of such party and will be enforceable against such party in
accordance with its terms.
5.2Evisort Warranties.Evisort shall use reasonable efforts
consistent with industry standards to maintain the Services in a manner which
minimizes errors and interruptions in the Services and shall perform any
Professional Services in a professional and workmanlike manner. Services may be
temporarily unavailable for scheduled maintenance or for unscheduled emergency
maintenance, either by Evisort or by third-party providers, or because of other
causes beyond Evisort’s reasonable control, but Evisort shall use reasonable
efforts to provide advance notice in writing or by e-mail of any scheduled
5.3Customer Content. Customer represents and
warrants that it has obtained and will maintain throughout the Term, all
rights, consents and permissions for Customer to make available the Customer
Content to Evisort and for Evisort to use the Customer Content as contemplated
5.4Compliance with Laws and Policies. Customer
will use the Services in accordance with all applicable laws, rules and
regulations; as well as any of Evisort’s standard published policies, if any,
in effect as of the date Customer and Evisort execute an Order Form and as may
be amended by Evisort, in its sole discretion, from time to time.Although Evisort has no obligation to monitor
Customer’s use of Evisort Services, Evisort may do so and may prohibit any use
of the Evisort Services it believes may be (or alleged to be) in violation of
5.5Warranty Disclaimer.EXCEPT AS EXPRESSLY PROVIDED IN THE
AGREEMENT, NEITHER PARTY MAKES ANY WARRANTIES OF ANY KIND, WHETHER EXPRESS OR
IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT NOT LIMITED TO ANY IMPLIED
WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE,
NON-INFRINGEMENT, QUIET ENJOYMENT OR FROM A COURSE OF DEALING, COURSE OF
PERFORMANCE OR USAGE IN TRADE.EVISORT
DOES NOT WARRANT, AND SPECIFICALLY DISCLAIMS, THAT THE SERVICES WILL BE ACCURATE,
WITHOUT INTERRUPTION, OR ERROR-FREE.
5.6Disclaimer of Indirect Damages. IN NO EVENT
WILL EITHER PARTY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL,
SPECIAL, PUNITIVE OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF
PROFITS, INTERRUPTION OF SERVICE, OR LOSS OF BUSINESS OR BUSINESS OPPORTUNITY,
EVEN IF SUCH DAMAGES ARE FORESEEABLE AND WHETHER OR NOT SUCH PARTY HAS BEEN
ADVISED OF THE POSSIBILITY THEREOF.IN
NO EVENT WILL EVISORT BE LIABLE FOR THE PROCUREMENT OF SUBSTITUTE SERVICES.
5.7Limitations on Liability. EXCEPT FOR DAMAGES, LIABILITIES,
OR OBLIGATIONS UNDER SECTION 6 (INDEMNIFICATION), EACH PARTY’S MAXIMUM
AGGREGATE LIABILITY UNDER THE AGREEMENT WILL NOT EXCEED THE TOTAL AMOUNT OF
FEES RECEIVED BY EVISORT UNDER THE APPLICABLE ORDER FORM DURING THE TWELVE (12)
MONTH PERIOD PRIOR TO THE FIRST DATE ON WHICH THE LIABILITY AROSE.
BECAUSE SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF CERTAIN
LIABILITY, IN SUCH JURISDICTIONS THE LIABILITY OF EVISORT WILL BE LIMITED TO
THE MAXIMUM EXTENT PERMITTED BY LAW.THE
PROVISIONS OF THIS SECTION 5 WILL APPLY WITHOUT
REGARD TO WHETHER OTHER PROVISIONS OF THE AGREEMENT HAVE BEEN BREACHED, ANY
LIMITED REMEDY HEREIN IS HELD TO FAIL OF ITS ESSENTIAL PURPOSE OR THE
FORM OF THE CLAIM OR CAUSE OF ACTION, WHETHER IN CONTRACT, WARRANTY, STATUTE,
TORT (INCLUDING BUT NOT LIMITED TO NEGLIGENCE).
6.1Evisort Indemnity. Evisort will indemnify,
defend and hold Customer, its directors, officers, and employees harmless from
and against any and all losses, damages, liability, costs and expenses awarded
by a court or agreed upon in settlement, as well as all reasonable and related
attorneys’ fees and court costs (collectively “Losses”) arising out of any third party claim to the extent
alleging that the Evisort Services infringe any U.S. or foreign patent,
copyright, trademark or trade secret.
6.2Exclusions. Section 6.1 will not apply if the
alleged claim arises, in whole or in part, from: (a) a use or modification of
the Services by Customer or any User in breach of the Agreement,(b) a combination, operation or use of the
Services with other software, hardware or technology not provided by Evisort if
the claim would not have arisen but for the combination, operation or use, (c)
made in whole or in part in accordance with Customer specifications if the
claim would not have arisen but for such specifications, (d) where Customer
continues allegedly infringing activity after being notified thereof or after
being informed of modifications that would have avoided the alleged infringement,
or (e) the Customer Content (any of the foregoing circumstances under clauses
(a), (b), (c), (d) or (e) will be collectively referred to as a “Customer Indemnity Responsibility”).
6.3Customer Indemnity. Customer will indemnify,
defend and hold harmless Evisort, its directors, officers, and employees from
and against any and all Losses arising out of any third party claim (a)
alleging a Customer breach of any Customer representation or warranty in
Section 5, and (b) arising out of any Customer Indemnity Responsibility.
6.4Indemnification Process. The foregoing
indemnification obligations are conditioned on the indemnified party: (a)
notifying the indemnifying party promptly in writing of such action, (b)
reasonably cooperating and assisting in such defense and (c) giving sole
control of the defense and any related settlement negotiations to the
indemnifying party with the understanding that the indemnifying party may not
settle any claim in a manner that admits guilt or otherwise prejudices the
indemnified party, without consent.
6.5Infringement.If the Evisort Services are, or in Evisort’s
opinion, are likely to become, the subject of any infringement-related claim,
then Evisort will, at its expense and in its discretion: (a) procure for Customer
the right to continue using the Evisort Services; (b) replace or modify the
infringing technology or material so that the Evisort Services become
non-infringing and remain materially functionally equivalent; or (c) terminate
the Order Form pursuant to which the Evisort Services are provided and give
Customer a refund for any pre-paid but unused Fees.
PROVISIONS OF THIS SECTION 6 STATE EVISORT’S ENTIRE LIABILITY AND CUSTOMER’S
EXCLUSIVE REMEDIES FOR ANY CLAIM THAT THE EVISORT SERVICES INFRINGE A THIRD
PARTY’S INTELLECTUAL PROPERTY RIGHT.
7.Term and Termination
7.1Term.Subject to earlier termination as provided
below, the term of the Agreement will commence on the Effective Date (as
defined in the Order Form) and shall remain in effect for the initial term set
forth in the Order Form (the “Initial
Service Term”). Thereafter, the Agreement shall automatically renew for
additional periods of the same duration as the Initial Service Term
(collectively, the “Term”), unless
either party requests termination at least thirty (30) days prior to the end of
the then-current term.
7.2Termination.Either party may terminate the Agreement or
any Order Form, at its discretion, effective immediately upon written notice to
the other if the other party materially breaches any provision of the Agreement
and does not substantially cure the breach within thirty (30) days after
receiving written notice.
of Service(s).At any time during the Term, Evisort may,
immediately upon notice to Customer, suspend access to any Service for the following
reasons: (a) a threat to the technical security or technical integrity of the
Evisort Services; (b) any amount due under the Agreement is not received by
Evisort within fifteen (15) days after it was due, or (c) breach or violation
by Customer of any laws, rules, or regulations.
Content. Evisort reserves the right to permanently and
definitively delete any Customer Content thirty (30) days following termination
of the Agreement. Upon termination, Evisort shall also promptly delete
any Customer Content upon customer’s written request. Any data deleted may remain in an immutable electronic backups maintained by Evisort used purely for backup, disaster recovery and data protection purposes for up to an additional 90 days beyond any such deletion or certification.
of Termination.Upon termination or
expiration of the Agreement for any reason, (a) any amounts owed to Evisort
prior to such termination or expiration and all completed but unpaid
Professional Services fees will be immediately due and payable and (b) all
licensed and access rights granted will immediately cease to exist.Sections 1, 2.4, 2.6, 3, 5, 6, 7.4, 7.5 and 8
will survive any expiration or termination of the Agreement.
8.1Assignment.The Agreement may not be assigned by Customer
without the prior written consent of Evisort. Any attempted assignment or
delegation in violation of this Section 8.1 will be null, void and of no
8.2Publicity. During the Term and thereafter,
Evisort may refer to Customer as an Evisort customer, orally and in writing
(including in promotion or marketing materials and on Evisort’s website and
social media postings).
8.3Relationship. No agency, partnership, joint
venture, or employment is created as a result of the
Agreement and Customer does not have any authority of any kind to bind Evisort
in any respect whatsoever.
8.4Notices.All notices, consents, and approvals under the Agreement must be
delivered via email or in writing by courier, by electronic facsimile (fax), or
by certified or registered mail, (postage prepaid and return receipt requested)
to the other party at the address set forth in the Order Form and will be
effective upon receipt.Either party may
change its address by giving notice of the new address to the other party.
8.5Governing Law; Disputes.The Agreement will be governed by the laws of
the State of California without reference to its conflicts of law principles.The United Nations Convention for the
International Sale of Goods will not apply to the Agreement. Any dispute,
controversy or claim arising out of or relating to the Agreement, will be made
exclusively in the state or federal courts located in San Mateo County,
California and both parties submit to the jurisdiction and venue of such
8.6Waivers.All waivers must be in writing.Any waiver or failure to enforce any provision of the Agreement on one
occasion will not be deemed a waiver of any other provision or of such
provision on any other occasion.
8.7Severability.If any provision of the Agreement is unenforceable, such provision will
be changed and interpreted to accomplish the objectives of such provision to
the greatest extent possible under applicable law and the remaining provisions
will continue in full force and effect.
8.8No Third Party Beneficiaries.The parties acknowledge that the covenants set forth in the Agreement
are intended solely for the benefit of the parties, their successors and
permitted assigns.Nothing herein,
whether express or implied, will confer upon any person or entity (including
any User or any employee) other than the parties, their successors and
permitted assigns, any legal or equitable right whatsoever to enforce any
provision of the Agreement.
8.9Construction.The headings of Sections of the Agreement are for convenience and are
not to be used in interpreting the Agreement.As used in the Agreement, the word “including” means “including but not
8.10Force Majeure. Any delay in the performance of
any duties or obligations of either party (except the payment of money owed)
will not be considered a breach of the Agreement if such delay is caused by a
natural disaster, war, act of terror, or any other event beyond the reasonable
control of such party. The affected party will use reasonable efforts, under
the circumstances, to notify the other party of the circumstances causing the
delay and to resume performance as soon as possible.
8.11Entire Agreement.The Agreement constitutes the entire
agreement between the parties regarding the subject hereof and supersedes all
prior or contemporaneous agreements, understandings, and communication, whether
written or oral.The Agreement may be
amended only by a written document signed by both parties.
8.12Insurance. During the term of this Agreement,
Evisort shall maintain, at the minimum, (a) commercial general liability
insurance in an amount of no less than $1,000,000 per occurrence and $2,000,000
in the aggregate, (b) cyber liability and media liability insurance coverage of
at least $5,000,000 per occurrence and in the aggregate, and (c) workers’
compensation insurance as required by applicable law.
Security Practices at Evisort
1.1Information Security Program. Evisort shall
maintain a comprehensive written information security program, including
policies, standards, procedures, and related documents that establish criteria,
means, methods, and measures governing the processing and security of Customer
Content and the Evisort systems or networks used to process or secure Customer
Content in connection with providing the Services (“Evisort Information Systems”). Subcontractors engaged by Evisort in
accordance with this agreement will maintain (at a minimum) substantially
similar levels of security as applicable and required by these Security
1.2Security Controls. In accordance with its
information security program, Evisort shall implement appropriate physical,
organizational, and technical controls designed to (a) ensure the security,
integrity, and confidentiality of Customer Content accessed, collected, used,
stored, or transmitted to or by Evisort, and (b) protect Customer Content from
known or reasonably anticipated threats or hazards to its security, integrity,
accidental loss, alteration, disclosure, and other unlawful forms of
processing. Without limiting the foregoing, Evisort will, as appropriate,
utilize the following controls:
Evisort will install and maintain firewall(s) to protect data accessible via
Evisort will maintain programs and routines to keep the Evisort information
systems up to date with the latest upgrades, updates, bug fixes, new versions,
and other modifications
Evisort will deploy and use anti-malware software and will keep the
anti-malware software up to date. Evisort will use such software to mitigate
threats from all viruses, spyware, and other malicious code that are or should
reasonably be detected.
Evisort will regularly test its security programs, processes, and controls to
ensure they meet the requirements of these Security Practices.
Controls. Evisort will secure data in production Evisort Information Systems by
complying with the following:
will assign a unique ID to each individual with access
to systems processing Customer Content.
will restrict access to systems with Customer Content to only those individuals
necessary to perform a specified obligation as permitted by this Agreement.
will regularly review the list of individuals and services with access to
systems processing Customer Content and remove accounts that no longer require
will not use manufacturer supplied defaults for system passwords on any
operating systems, software, or other systems, and will mandate the use of
system-enforced “strong passwords” in accordance with or exceeding the best
practices (described below) on all systems processing Customer Content.
minimum, Evisort production passwords will (i)
contain at least eight (8) characters; include at least onecapitalized and one lowercase letter, at
least one number, and one special symbol; and (ii); be changed whenever an account
compromise is suspected or assumed.
will enforce account lockout by requiring additional validation or disabling
access to Customer Content when an account exceeds a designated number of
incorrect password attempts in a certain period of
Evisort will maintain and enforce appropriate information security,
confidentiality, and acceptable use policies for employees, subcontractors, agents and suppliers that meet the standards set forth in
these Security Practices, including methods to detect and log policy
Development and testing environments for Evisort Information Systems will be
separate from production environments.
Evisort will utilize cryptographic standards mandating authorized algorithms,
key length requirements, and key management processes that are consistent with
or exceed then-current industry standards, including NIST recommendations, and
utilize hardening and configuration requirements consistent in approach with
then-current industry standards, including SANS Institute, NIST, or Center for
Internet Security (CIS) recommendations. Pursuant to such standards, Evisort
will encrypt Customer Content at rest within the online Services and only allow
encrypted connections to the online Service for the transfer of Customer
Access. Evisort will ensure that any access from outside of its protected
corporate or production environments to a system or systems processing Customer
Content or to Evisort’s corporate or development workstation networks will
require appropriate connection controls, such as VPN or multi-factor
2.System Availability. Evisort will maintain (or, with respect to
systems controlled by its subcontractors, ensure that such subcontractors
maintain) a disaster recovery (“DR”) program designed to recover the Service’s
availability following a disaster. At a minimum, such DR program will include
the following elements: (a) routine validation of procedures to regularly and
programmatically create retention copies of Customer Content for the purpose of
recovering lost or corrupted data; (b) inventories, updated at minimum annually,
that list all critical Evisort Information Systems; (c) annual review and
update of the DR program; and (d) annual testing of the DR program designed to
validate the DR procedures and recoverability of the service detailed there
If Evisort becomes aware of confirmed unauthorized or unlawful access to any
Customer Content processed by Evisort Information Systems (a “Security Incident”), Evisort will
promptly (a) notify Customer of the Security incident; and (b) take reasonable
steps to mitigate the effects and to minimize any damage resulting from the
Attempts. An unsuccessful attack or intrusion is not a Security Incident
subject to this Section 3. An “unsuccessful attack or intrusion” is one that
does not result in unauthorized or unlawful access to Customer Content and may
include, without limitation, pings and other broadcast attacks on firewalls or
edge servers, port scans, unsuccessful log-on attempts, denial of service
attacks, packet sniffing (or other unauthorized access to traffic data that
does not result in access beyond IP addresses or TCP/UDP headers), or similar
Involvement. Unauthorized or unlawful access to Customer Content that results
from the compromise of a User’s login credentials or from the intentional or
inadvertent disclosure of Customer Content by a User is not a Security
Notification(s) of Security Incidents, if any, will be delivered to one or more
of Customer’s Admin users by any reasonable means Evisort selects, including
email, as time is typically of the essence. Customers are solely responsible
for maintaining accurate contact information in the online Service at all
Evisort’s obligation to report or respond to a Security Incident under this
Section 3 is not an acknowledgement by Evisort of any fault or liability of
Evisort with respect to the Security Incident.
Evisort monitors the effectiveness of its information security program on an
ongoing basis by conducting various audits, risk assessments, and other
monitoring activities to ensure the effectiveness of its security measures and
Reports. Evisort uses external auditors to verify the adequacy of its security
measures and controls for certain Services, including the Services provided
under the Agreement. The resulting audit will: (a) include testing of the
entire measurement period since the previous measurement period ended; (b) be
performed according to AICPA SOC2 standards or such other alternative standards
that are substantially equivalent to AICPA SOC2; (c) be performed by
independent third party security professionals at Evisort’s selection and
expense; and (d) result in the generation of a SOC2 or SOC3 report (“Audit
Report”), which will be Evisort’s Confidential Information. The Audit Report
will be made available to Customer upon written request no more than annually,
subject to the confidentiality obligations of the Agreement or a mutually-agreed non-disclosure agreement. Customer may also
request a SOC 3 report, which, if available from Evisort, will not be subject
to such confidentiality obligations but shall attest to the external auditor’s
verification and findings. For the avoidance of doubt, each Audit Report will
only discuss Services in existence at the time the Audit Report was issued;
subsequently released Services, if within the scope of the Audit Report, will
be in the next annual iteration of the Audit Report.
Testing. Evisort uses external security experts to conduct penetration testing
of certain online Services, including the Services. Such testing will: (a) be
performed at least annually; (b) be performed by independent third party
security professionals at Evisort’s selection and expense; and (c) result in
the generation of a penetration test report (“Pen Test Report”), which will be
Evisort’s Confidential Information. Pen Test Summary Reports or attestation
letters attesting to the same will be made available to Customer upon written
request no more than annually subject to the confidentiality obligations of the
Agreement or a mutually-agreed non-disclosure
Bug Bounty Program. Evisort shall maintain a bug bounty program to proactively
detect bugs and vulnerabilities on a proactive basis. The program will operate
such that external security experts shall have access to a production-like
version of the software by which the Services are provided, with such experts
incentivized and rewarded for finding vulnerabilities with monetary rewards.
This program will be run on a continuous basis with rewards available at all
time to the security experts participating in the program.
Last updated: 10/25/2020. The previous
version of these Terms can be found here.