SECURITI.ai selected as “Most Innovative Startup 2020” at RSA! 
The California Consumer Privacy Act (“CCPA”) 2018, which took effect on 1 January 2020, creates new rights for California consumers relating to the access to, deletion of, and sharing of personal information that is collected by certain types of businesses.
The CCPA also requires the California Attorney General to adopt regulations to further clarify the CCPA, establish procedures to facilitate consumers’ new rights under the CCPA and provide guidance to businesses for how to comply (the Regulations).
On 10 October 2019, the California Attorney General published draft Regulations for public consultation. The draft Regulations have been subject to a number of public hearings and are not expected to be finalized and enforced before July 1, 2020. There is therefore some uncertainty regarding the final text of the Regulations.
You can find out more about the CCPA by visiting the California Attorney General’s CCPA page here.
Securiti is dedicated to ensuring compliance with the CCPA and the Regulations (once finalized).
At this current time, Securiti does not consider that it meets the thresholds to be a “Business” under the CCPA and has identified itself as a “Service Provider”.
Similar to the concept of a data processor under the GDPR, a Service Provider under the CCPA processes personal information on behalf of a Business for a specific purpose, such as providing services to the Business.
Here is a brief overview of the steps Securiti has taken or is in the process of taking in response to the CCPA:
Please note that these changes do not affect your use of our services and products and you may continue to use our services in accordance with our updated policies and terms.
If you have any questions regarding Securiti’s privacy program or the CCPA please feel free to contact us at [email protected]
The SECURITI.ai platform was developed using multiple data centers to ensure high redundancy and availability to meet our commitments to uptime and performance. Privaci is the first product suite offered on the Securiti platform.
Securiti uses security tools to scan its environment and services. We also engage professional security vendors to perform third-party penetration tests and audits of our environment on an annual basis, respectively, while internal system scans are performed weekly. Securiti uses multiple data centers (AWS availability zones) to provide redundancy, and data centers are geographically distributed and are highly redundant within an AWS region.
A subset of SECURITI's Personnel have access to customer data as necessary to support the platform. Individual access is granted based on the role and job responsibilities of the individual. Access to systems containing customer data is reviewed on a regular basis and is monitored on an ongoing basis.
Securiti has taken a simple, no nonsense approach to security.
Our solution is hosted on Amazon Web Services. AWS is responsible for the security of the underlying cloud infrastructure and SECURITI takes the responsibility of securing workloads we deploy in AWS. AWS computing environments are continuously audited, with certifications from accreditation bodies across geographies and verticals, including ISO 27001, FedRAMP, DoD CSM, and PCI DSS. Any device storing any data is subjected to data-at-rest encryption. Thus, a decommissioned device cannot be misused.
Securiti makes use of per-customer, virtual database instances to logically separate one customer’s data from other customers’ data. When a customer stops using the service, securiti destroys the corresponding virtual database instance. Any customer data that is identified and cataloged by SECURITI as personal data is subjected to a one-way, irreversible hash and stored in the virtual database instance of the customer. At no point, personal data is captured in clear-text in logs or database.
Securiti platform’s first product, Privaci, provides the broad functionality of Privacy Operations and Management (PrivacyOps) to its customers. Securiti platform It is provided as a multi-tenant, cloud-based service, accessible on the internet via web browsers such as Chrome, Firefox, etc. As a user of the Securiti platform, customers should be proactive in recognizing the value, sensitivity, and need to safeguard the information provided by the service and access to the policy enforcement capabilities. This document details Securiti customer responsibilities as they relate to use of the Securiti platform. It is the responsibility of Securiti customers to familiarize themselves with the information and procedures set forth below and comply with them.
To safeguard information assets and policy enforcement capabilities available in the Securiti platform, the customers’ IT governance processes should include end-user training regarding appropriate use and awareness of the need for securing access to their Securiti platform account credentials. As with most cloud services, access to the Securiti platform requires a login ID and password or integration with a Single-Sign-On (SSO) provider. When an organization subscribes to the Securiti platform service, it is the customer’s responsibility to manage which end users should be given access. Customers should also define when access should be taken away from the end users. For example, access should be revoked upon end user’s separation from employment or as part of departmental changes that result in change of duties or responsibilities. Only valid account credentials should be used by authorized users to access the Securiti platform service.
Securiti’s platform service should be considered sensitive and confidential by Securiti platform users. Users should follow information security best practices in ensuring access to their account credentials is appropriately limited, as well as ensuring that the information and functionality provided by the Securiti platform service is protected and restricted from unauthorized use. Securiti platform users are responsible for maintaining the security and confidentiality of their user credentials (e.g., Login ID and Password), and are responsible for all activities and uses performed under their account credentials whether authorized by them or not. By establishing user credentials and accessing the Securiti platform, end users of the Securiti platform service agree to comply with these requirements to safeguard assets and account information.
Securiti platform service is accessible to the global Internet public, as a result, great care must be exercised by Securiti platform users in protecting their subscription against unauthorized access and use of their credentials. By establishing user credentials and accessing the Securiti platform service, end users agree to proactively protect the security and confidentiality of their user credentials and never share service account credentials, disclose any passwords or user identifications to any unauthorized persons, or permit any unauthorized person to use or access their Securiti platform accounts. Any loss of control of passwords or user identifications could result in the loss of “Personally Identifiable Data (PII)” and the culpable account owner(s) may be liable for the actions taken under their service account credentials whether they authorized the activity or not. Additionally, when establishing Securiti platform account credentials, end users are required to establish strong passwords following password strength and complexity best practices; passwords should not be easily guessable.
All Securiti services are monitored 24×7 and the status of the platform is updated at status.securiti.ai. Any scheduled maintenance is also posted on the status page. On the occasion that Securiti users observe performance issues, problems or service outages, users can open a ticket at support.securiti.ai or email [email protected] to report such issues.
By establishing Securiti platform account credentials or accessing its service, end users of the service agree to notify Securiti immediately of any security incident, including any suspected or confirmed breach of security by opening a support ticket at support.securiti.ai or by emailing [email protected] or [email protected]. Also, users of the service agree to logout or exit the service immediately at the end of each session to provide further protection against unauthorized use and intrusion. Securiti platform users should also notify Securiti immediately if they observe any activity or communications in other forums that may indicate that other Securiti customers have had their accounts compromised. Lastly, Securiti encourages users to practice responsible disclosure by notifying Securiti of any identified security vulnerabilities. Securiti is dedicated to providing secure services to clients, and will triage all security vulnerabilities that are reported. Furthermore, Securiti will prioritize and fix security vulnerabilities in accordance with the risk that they pose.
Regulatory requirements and industry mandates are continuously increasing in scope & depth and can vary from industry to industry. Securiti users agree to abide by the regulatory requirements, industry mandates, and other compliance requirements imposed on their organizations and understand that use of cloud-based services does not exclude the organizations from responsibilities for restricting access to application information and functionality.
Securiti is dedicated to keeping its cloud platform safe from all types of security issues thereby providing a safe and secure environment to our customers. Data security is a matter of utmost importance and a top priority for us. If you are a dedicated security researcher or vulnerability hunter and have discovered a security flaw in the Securiti platform including the cloud application and infrastructure, we appreciate your support in disclosing the issue to us in a responsible manner. Our responsible disclosure process is managed by the security team at Securiti. We are always ready to recognize the efforts of security researchers by rewarding them with a token of appreciation, provided the reported security issue is of high severity and not known to us. While reporting the security vulnerability to Securiti’s Security team, please refrain from disclosing the vulnerability details to the public outside of this process without explicit permission. Please provide the complete details. We determine the impact of vulnerability by looking into the ease of exploitation and business risks associated with the vulnerability.
As a security researcher, if you identify or discover a security vulnerability in compliance with the responsible disclosure guidelines, Securiti’s security team commits to:
Please send the details of the discovered vulnerability or any security issue to: [email protected].
Last revised on July 27, 2019 effective as of August 1, 2019
If your browser is configured to accept cookies, we may collect non-personally identifiable information passively using "cookies" and "page tags".
It is SECURITI's policy to respect your privacy regarding any information we may collect while operating our website. Please read this policy carefully to understand how we handle and treat your personal information.
"Cookies" are small text files that can be placed on your computer or mobile device in order to identify your Web browser and the activities of your computer on the Securiti Service and other websites.
"Page tags," also known as web beacons or gif tags, are a web technology used to help track website or email usage information, such as how many times a specific page or email has been viewed. Page tags are invisible to you, and any portion of the SecuritiService, including advertisements, or email sent on our behalf, may contain page tags.
Yes. We use cookies to personalize your experience on the Securiti websites (such as dynamically generating content on webpages specifically designed for you), to assist you in using the Securiti Service (such as saving time by not having to reenter your name each time you use the Securiti Service), to allow us to statistically monitor how you are using the Securiti Service so that we can improve our offerings, and to target certain advertisements to your browser which may be of interest to you or to determine the popularity of certain content. By using cookies and page tags together, we are able to improve the Securiti Service and measure the effectiveness of our advertising and marketing campaigns.
Please be aware that this cookie policy does not govern the use of third-party websites or services or providers of third-party services.
You do not have to accept cookies to use the Securiti Service. If you reject cookies, certain features or resources of the Securiti websites may not work properly or at all and you may have a degraded experience.
Although most browsers are initially set to accept cookies, you can change your browser settings to notify you when you receive a cookie or to reject cookies generally. To learn more about how to control privacy settings and cookie management, click the link for your browser below.
To learn more about cookies; how to control, disable or delete them, please visit http://www.aboutcookies.org. Some third party advertising networks, like Google, allow you to opt out of or customize preferences associated with your internet browsing. For more information on how Google lets you customize these preferences, see their documentation.
All cookies, on our website and everywhere else on the web, fall into one of four categories:
Scroll left/right to view the table below
| cookie | Purpose | category | |
|---|---|---|---|
| _gat_gtag_UA_* | Google Analytics cookies which provides us with data on unique browser visits to our website | Performance | |
| _gid | Used to distinguish users | Performance | |
| _ga | Used to distinguish users | Performance | |
| _gat | Used to throttle request rate | Performance | |
| __adroll_fpc | AdRoll | Used to identify the visitor across visits and devices. This allows the website to present the visitor with relevant advertisement - The service is provided by third party advertisement hubs, which facilitate real-time bidding for advertisers. | Advertising |
| __ar_v4 | Advertisement conversion rate tracking. Used by DoubleClick advertising service from Google | Advertising | |
| _mkto_trk | Marketo | Used to link visitor behavior to marketing campaign, to measure campaign effectiveness | Performance |
| _fbp | We use this cookie to deliver a series of advertisement products such as real time bidding from third party advertisers | Advertising | |
| __privaci_cookie_consent_generated | Securiti | Consent Management | Essential |
| __privaci_cookie_consent_uuid | Securiti | Consent Management | Essential |
We collect non-personal information through our Internet log files, which record data such as browser types, domain names, and other anonymous statistical data involving the use of the Securiti services. This information may be used to analyze trends, to administer the Securiti services, to monitor the use of the Securiti services, and to gather general demographic information. We may link this information to personal information for these and other purposes such as personalizing your experience on the Securiti services and evaluating the Securiti services in general.
Effective as of October 1, 2019
THIS CUSTOMER AGREEMENT AND ITS CORRESPONDING ORDER FORM(S) (COLLECTIVELY REFERRED TO AS THIS "AGREEMENT") GOVERN CUSTOMER’S USE OF SECURITI, INC.’S ("SECURITI") SECURITI PRODUCT (DEFINED BELOW). PLEASE READ THE TERMS AND CONDITIONS OF THIS AGREEMENT CAREFULLY BEFORE USING THE SECURITI PRODUCT. BY EXECUTING AN ORDER FORM FOR THE SECURITI PRODUCT EITHER DIRECTLY OR INDIRECTLY, OR BY ACCEPTING THIS AGREEMENT BY ANY ONLINE OR DIGITAL PROCESS, CUSTOMER HEREBY ACCEPTS THE TERMS AND CONDITIONS SET OUT BELOW. THE INDIVIDUAL ACCEPTING THIS AGREEMENT HEREBY REPRESENTS THAT SUCH INDIVIDUAL IS AN AUTHORIZED REPRESENTATIVE OF THE CUSTOMER LISTED ON AN ORDER FORM AND IS AUTHORIZED TO OBLIGATE SUCH CUSTOMER TO ALL TERMS AND CONDITIONS IN THIS AGREEMENT, AND SUCH INDIVIDUAL ACKNOWLEDGES THAT SECURITI RELIES ON SUCH REPRESENTATION IN ENTERING INTO THIS AGREEMENT. SECURITI MAY MODIFY THIS AGREEMENT FROM TIME TO TIME, AND CHANGES TO THIS AGREEMENT WILL BE POSTED ON THE SECURITI WEBSITE AND REVISIONS WILL BE INDICATED BY VERSION DATE. CUSTOMER AGREES TO BE BOUND TO ANY CHANGES TO THIS AGREEMENT WHEN CUSTOMER USES THE SECURITI PRODUCT AFTER ANY SUCH MODIFICATION BECOMES EFFECTIVE. MODIFICATIONS TO THIS AGREEMENT WILL BECOME EFFECTIVE UPON THE RENEWAL OF AN ORDER FORM. THE "EFFECTIVE DATE" OF THIS AGREEMENT IS THE DATE THIS AGREEMENT IS ACCEPTED BY CUSTOMER
Securiti is the developer of PRIVACI.ai, the PrivacyOps platform with multiple modules to assist with compliance for privacy regulations. Customer desires to use certain functions of the Securiti Product to enhance its privacy practices.
The following terms, when used in this Agreement will have the following meanings:
"Affiliates" means an entity that directly or indirectly Controls, is Controlled by, or is under common Control with another entity, so long as such Control exists. For the purposes of this definition, "Control" means beneficial ownership of 50% or more of the voting power or equity in an entity.
"Authorized Users" means the employees, contractors and service providers of Customer or its Affiliates who are authorized to access and use the Securiti Product on behalf of Customer and its Affiliates.
"Confidential Information" means any information or data disclosed by either party that is marked or otherwise designated as confidential or proprietary or that should otherwise be reasonably understood to be confidential in light of the nature of the information and the circumstances surrounding disclosure. However, "Confidential Information" will not include any information which (a) is in the public domain through no fault of receiving party; (b) was properly known to receiving party, without restriction, prior to disclosure by the disclosing party; (c) was properly disclosed to receiving party, without restriction, by another person with the legal authority to do so; or (d) is independently developed by the receiving party without use of or reference to the disclosing party’s Confidential Information. Customer Data and any data or information that identifies Customer’s business or business practices (e.g., number of Customer Data records, number of consumer requests or responses processed) is the Confidential Information of Customer.
"Documentation" means the printed and digital instructions, on-line help files, technical documentation and user manuals made available by Securiti for the Securiti Product.
"Order Form" means an order form, quote or other similar document that sets forth the specific Securiti Product and pricing therefor, and that references this Agreement and is mutually executed by the parties.
"Professional Services" means any implementation, training, configuration, consulting, data migration, conversion, integration setup, or other services provided by Securiti to Customer, as set forth in an Order Form.
"Securiti Product" means the web-based application, as well as certain downloadable components that must deployed within Customer’s environment, made available to Customer by Securiti via a subscription. Securiti will host and operate such web-based application on computer servers accessible by Customer over the Internet. "Securiti Product" excludes any Customer Data contained or processed therein.
Subject to the terms and conditions of this Agreement and the Service Level Agreement (SLA) attached in Exhibit A, Securiti will make certain functions of the Securiti Product available to Customer pursuant to this Agreement and the applicable Order Form, and hereby grants Customer a non-exclusive right to access and use the Securiti Product for its privacy compliance purposes. Customer may extend the rights granted herein to its Affiliates, provided that it will ensure their compliance with this Agreement and be responsible for their acts and omissions hereunder, in each case as if they were Customer hereunder. Customer hereby grants to Securiti a royalty-free, worldwide, non-exclusive, fully paid-up license to use the Customer Data (as defined below) in order to perform and provide the Securiti Product and Professional Services for the benefit of Customer or for the purpose of enhancing product or services in accordance with the terms of this Agreement.
(a) Securiti will maintain a security program materially in accordance with industry standards that is designed to reasonably (i) ensure the security and integrity of Customer data uploaded by, or on behalf of, Customer to the Securiti Product ("Customer Data"); (ii) protect against threats or hazards to the security or integrity of Customer Data; and (iii) prevent unauthorized access to Customer Data. Securiti’s security safeguards include measures for preventing access, use, modification or disclosure of Customer Data by Securiti personnel except (a) to provide the Securiti Product and prevent or address service or technical problems, (b) as required by applicable law, or (c) as Customer expressly permits in writing or under this Agreement. Securiti will comply with the Security Exhibit attached hereto as Exhibit B, and will provide to Customer, upon request, Securiti’s most recently completed Service Organization Control 2 (SOC2) audit reports or industry-standard successor report ("Controls Reports"). Securiti will not materially diminish the protections provided in this Section during the term of this Agreement.
(b) To the extent that Securiti processes any Personal Data (as defined in the DPA referenced below) contained in Customer Data that is subject to the GDPR (as defined in the DPA), on Customer’s behalf, in the provision of the Securiti Product, Customer shall download and execute Securiti’s Data Processing Agreement ("DPA") which DPA shall be deemed attached to and a part of this Agreement.
(a) The rights granted herein are subject to the following restrictions. Customer will not directly or indirectly:
reverse engineer, decompile, disassemble, modify, create derivative works of or otherwise create, attempt to create or derive, or permit or assist any third party to create or derive, the source code underlying the Securiti Product;
(b) attempt to probe, scan or test the vulnerability of the Securiti Product, breach the security or authentication measures of the Securiti Product without proper authorization or wilfully render any part of the Securiti Product unusable;
(c) use or access the Securiti Product to develop a product or service that is competitive with Securiti’s products or engage in competitive analysis or benchmarking;
(d) transfer, distribute, resell, lease, license, or assign the Securiti Product or otherwise offer the Securiti Product on a standalone basis; or
(e) otherwise use the Securiti Product outside the scope expressly permitted hereunder and in the applicable Order Form.
Customer may permit its Authorized Users to use the Securiti Product and such access rights shall not be shared with any third parties other than Authorized Users. The number of Authorized Users accessing the Securiti Product shall not exceed the maximum number of Authorized Users specified in the Order Form.
(a) Customer may permit its Authorized Users to use the Securiti Product and such access rights shall not be shared with any third parties other than Authorized Users. The number of Authorized Users accessing the Securiti Product shall not exceed the maximum number of Authorized Users specified in the Order Form.
(b) Customer will (i) be responsible for all use of the Securiti Product under its account by parties other than Securiti and its Affiliates (whether or not authorized), (ii) use commercially reasonable efforts to prevent unauthorized access to or use of the Securiti Product and notify Securiti promptly of any such unauthorized access or use and (iii) be responsible for obtaining and maintaining any equipment, software and ancillary services needed to connect to, access or otherwise use the Securiti Product, in each case as set forth in the Documentation. Customer will be solely responsible for its failure to maintain such equipment, software and services, and Securiti will have no liability for such failure (including under any service level agreement, if applicable).
(c) Customer understands that the Securiti Product provides a platform whereby Customer is able to manage personal data, including, without limitation, the Customer Data, that may be governed by U.S., General Data Protection Regulation ("GDPR"), and foreign data protection and privacy laws (the "Applicable Laws"). The Applicable Laws regulate personal data in terms of collection, retention and transfer of such information. Customer acknowledges that under Applicable Laws, Customer assumes full responsibility as the controller of such data. The Securiti Product contains tools and functions that allow the Securiti Product to be configured by Customer as necessary for its compliance with Applicable Laws. Accordingly, Customer assumes the responsibility as the controller of personal data that may be collected and reside in the Securiti Product to ensure that the Securiti Product is configured by Customer to comply with any and all Applicable Laws in terms of all transparency-related obligations (including, without limitation, displaying any and all relevant and required privacy notices or policies) and shall have any and all required legal bases in order to collect, process and transfer to Securiti the Customer Data (including, without limitation, personal data) and to authorize the processing by Securiti of the personal data and any other applicable requirements. For avoidance of doubt, it is Customer’s responsibility to confer as needed with legal counsel to confirm and maintain compliance by Customer with Applicable Laws.
Securiti may, from time to time, implement enhancements, upgrades, updates, improvements, modifications, extensions and other changes to the Securiti Product. Securiti shall provide Customer with access to all such changes to the specific Securiti Product subscribed to by Customer in an existing Order Form without separate charge.
Securiti agrees to comply with the Service Level Agreement attached hereto as Exhibit A.
Customer will pay Securiti the fees set forth in an Order Form. Except as otherwise specified herein or in any applicable Order Form, (a) fees are quoted and payable in United States dollars and (b) payment obligations are non-cancelable and non-pro-ratable for partial months, and fees paid are non-refundable, except as otherwise expressly provided herein. Customer is not liable for any expenses incurred by Securiti (including travel, meals and hotels) except as otherwise pre-approved in writing by Customer.
Securiti may suspend access to the Securiti Product immediately upon notice to Customer if Customer fails to pay any non-disputed amounts hereunder at least thirty (30) days past the applicable due date.
All amounts payable hereunder are exclusive of any sales, use and other taxes or duties, however designated (collectively "Taxes"). Customer will be solely responsible for payment of all Taxes, except for those taxes based on the income of Securiti. Customer will not withhold any taxes from any amounts due to Securiti, provided that if Customer is required by law to withhold any taxes then the invoiced amount shall be deemed increased so that the amount payable by Customer after such withholding equals the invoiced amount.
As between the parties, Securiti exclusively owns all right, title and interest in and to the Securiti Product (including any Securiti Product trademarks), and Securiti’s Confidential Information, including all System Data."System Data" means anonymized user and other data collected by Securiti regarding the Securiti Product that may be used to generate logs, statistics and reports regarding performance, availability, integrity and security of the Securiti Product. Customer exclusively owns all right, title and interest in and to the Customer Data and Customer’s Confidential Information.
Customer may from time to time provide Securiti suggestions or comments for enhancements or improvements, new features or functionality or other feedback with respect to the Securiti Product. Securiti will have full discretion to determine whether or not to proceed with the development of any requested enhancements, new features or functionality. Securiti will have the full, unencumbered right, without any obligation to compensate or reimburse Customer, to use, incorporate and otherwise fully exercise and exploit any such feedback in connection with its products and services.
Each party agrees that it will use the Confidential Information of the other party solely in accordance with the provisions of this Agreement and it will not disclose, or permit to be disclosed, the same directly or indirectly, to any third party without the other party’s prior written consent, except as otherwise expressly permitted hereunder. However, either party may disclose Confidential Information (a) to its employees, officers, directors, attorneys, auditors, financial advisors and other representatives who have a need to know and are legally bound to keep such information confidential by confidentiality obligations consistent with those of this Agreement; and (b) as required by law (in which case the receiving party will provide the disclosing party with prior written notification thereof, will provide the disclosing party with the opportunity to contest such disclosure, and will use its reasonable efforts to minimize such disclosure to the extent permitted by applicable law). Neither party will disclose the terms of this Agreement to any third party, except that either party may confidentially disclose such terms to actual or potential lenders, investors or acquirers. Each party agrees to exercise due care in protecting the Confidential Information from unauthorized use and disclosure. In the event of actual or threatened breach of the provisions of this Section or the restrictions in Section 2.3 hereof, the non-breaching party will be entitled to seek immediate injunctive and other equitable relief, without waiving any other rights or remedies available to it. Each party will promptly notify the other in writing if it becomes aware of any violations of the confidentiality obligations set forth in this Agreement.
Both parties. Each party warrants that it has the authority to enter into this Agreement and, in connection with its performance of this Agreement, shall comply with all laws and regulations applicable to such party.
Securiti warrants that the Securiti Products will (i) substantially meet the requirements described in the relevant Order Form during the term of the Order Form consistent with prevailing industry standards, (ii) will substantially conform with the Documentation, and (iii) be free of viruses, malware, malicious code, time bombs, Trojan horses, back doors, drop dead devices, worms, self-replicating or other code of any kind that when used in Customer’s network environment, may alter, destroy, inhibit, disable, or disable or discontinue effective use of the Customer’s systems. The functionality of the Securiti Products ordered will not be decreased during the term of this Agreement. Securiti will perform any Professional Services in a professional and workmanlike manner. For a material breach of the foregoing express warranties contained this Section 5.2, Customer’s exclusive remedy shall be the re-performance of the deficient Securiti Product or Professional Services or, if Securiti cannot re-perform such deficient Securiti Product or Professional Services as warranted, Customer shall be entitled to terminate this Agreement for breach, any Order Form or applicable portion of the Order Form covering such Securiti Product or Professional Services in accordance with Section 8.2 and recover a pro-rata portion of the fees paid to Securiti for such deficient Securiti Product or Professional Services.
Customer warrants that it has all rights necessary to provide any information, data or other materials that it provides hereunder, and to permit Securiti to use the same as contemplated hereunder.
EXCEPT AS EXPRESSLY SET FORTH HEREIN, SECURITI DISCLAIMS ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, TITLE, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMER ACKNOWLEDGES THAT THE SECURITI PRODUCT IS INTENDED ONLY TO AUGMENT CUSTOMER’S PRIVACY PRACTICES, BUT NOT REPLACE, LEGAL AND OTHER PROFESSIONAL ADVISORS. CUSTOMER IS A DATA CONTROLLER, RESPONSIBLE FOR WHICH DATA IT COLLECTS, AND IS RESPONSIBLE FOR ITS OWN PRIVACY POLICIES. EXCEPT AS EXPRESSLY SET FORTH HEREIN, SECURITI DOES NOT WARRANT THAT ACCESS TO THE SECURITI PRODUCTS WILL BE UNINTERRUPTED OR ERROR-FREE, THAT ALL DEFECTS AND ERRORS IN THE SECURITI PRODUCTS WILL BE CORRECTED, OR THAT THE SECURITI PRODUCTS AND SERVICES WILL MEET CUSTOMER’S PARTICULAR REQUIREMENTS OR EXPECTATIONS. SECURITI SHALL NOT BE LIABLE OR RESPONSIBLE FOR ANY DELAYS, INTERRUPTIONS, SERVICE FAILURES, AND ANY OTHER PROBLEMS ARISING FROM CUSTOMER’S USE OF THE INTERNET, ELECTRONIC COMMUNICATIONS OR ANY OTHER SYSTEMS. CUSTOMER ACKNOWLEDGES THAT IT MAY HAVE ACCESS TO CERTAIN SECURITY ASSESSMENT TEMPLATES PROVIDED BY THIRD PARTIES, AND SECURITI MAKES NO REPRESENTATIONS, WARRANTIES OR OTHER COMMITMENTS WITH RESPECT SUCH TEMPLATES OR THE ACCURACY OF INFORMATION PROVIDED THEREIN. THE PROVISIONS OF THIS SECTION ALLOCATE THE RISKS UNDER THIS AGREEMENT BETWEEN SECURITI AND CUSTOMER. SECURITI’S PRICING REFLECTS THIS ALLOCATION OF RISK AND THE LIMITED WARRANTIES SPECIFIED HEREIN.
Securiti will defend Customer against any claim, demand, suit, or proceeding made or brought against Customer by a third party ("Claim") (i) alleging that the use of the Securiti Product as permitted hereunder infringes or misappropriates a United States patent, copyright or trade secret or trademark of any third party, or (ii) arising out of any use or disclosure of Customer Data by Securiti in breach of this Agreement and in respect of each Claim described in (i) and (ii) above, Securiti will indemnify Customer for any liabilities, awards, penalties or costs (including reasonable attorneys' fees) in connection with any such Claim ("Costs"); provided that (a) Customer will promptly notify Securiti of such Claim (provided that the failure to provide such notice shall not relieve Securiti of its indemnification obligations except to the extent of any material prejudice directly resulting from such failure), (b) Securiti will have the sole and exclusive authority to defend and/or settle any such Claim (provided that Securiti may not settle any Claim without Customer’s prior written consent, which will not be unreasonably withheld, unless it unconditionally releases Customer of all related liability) and (c) Customer reasonably cooperates with Securiti in connection therewith. If the use of the Securiti Product by Customer has become, or in Securiti’s opinion is likely to become, the subject of any claim of infringement, Securiti may at its option and expense (i) procure for Customer the right to continue using and receiving the Securiti Product as set forth hereunder; (ii) replace or modify the Securiti Product to make it non-infringing (with comparable functionality); or (iii) if the options in clauses (i) or (ii) are determined by Securiti to not be reasonably practicable, terminate this Agreement and provide refund of any prepaid unused fees corresponding to the terminated portion of the applicable subscription term. Securiti will have no liability or obligation with respect to any Claim to the extent such Claim results from (A) compliance with designs, guidelines, plans or specifications provided by Customer, or the use or inclusion of Customer Data; (B) use of the Securiti Product by Customer not in accordance with this Agreement or in violation of any applicable law; (C) modification of the Securiti Product by any party other than Securiti without Securiti’s express consent; (D) Customer Confidential Information or (E) the combination, operation or use of the Securiti Product with other applications, portions of applications, product(s) or services in a manner not reasonably required where the Securiti Product would not by itself be infringing (clauses (A) through (E), "Excluded Claims"). This Section states Securiti’s sole and exclusive liability and obligation, and Customer’s exclusive remedy, for any claim of any nature related to infringement or misappropriation of intellectual property.
Customer will defend Securiti against any Claim made or brought against Securiti by a third party arising out of the Excluded Claims, and Customer will indemnify Securiti for any Costs in connection with any such Claim; provided that (a) Securiti will promptly notify Customer of such Claim (provided that the failure to provide such notice shall not relieve Customer of its indemnification obligations except to the extent of any material prejudice directly resulting from such failure), (b) Customer will have the sole and exclusive authority to defend and/or settle any such Claim (provided that Customer may not settle any Claim without Securiti’s prior written consent, which will not be unreasonably withheld, unless it unconditionally releases Securiti of all liability) and (c) Securiti reasonably cooperates with Customer in connection therewith.
UNDER NO LEGAL THEORY, WHETHER IN TORT, CONTRACT, OR OTHERWISE, WILL EITHER PARTY OR ITS AFFILIATES, OR THEIR RESPECTIVE DIRECTORS, OFFICERS, EMPLOYEES, AGENTS OR CONTRACTORS, BE LIABLE TO THE OTHER UNDER THIS AGREEMENT FOR (A) ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES OF ANY CHARACTER, INCLUDING DAMAGES FOR LOSS OF GOODWILL, LOST PROFITS, LOST SALES OR BUSINESS, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, LOST CONTENT OR DATA, EVEN IF A REPRESENTATIVE OF SUCH PARTY HAS BEEN ADVISED, KNEW OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES, OR (B) EXCLUDING CUSTOMER’S PAYMENT OBLIGATIONS, ANY DIRECT DAMAGES, COSTS, OR LIABILITIES IN EXCESS OF THE AMOUNTS PAID BY CUSTOMER UNDER THE APPLICABLE ORDER FORM DURING THE TWELVE (12) MONTHS PRECEDING THE INCIDENT OR CLAIM.
The term of this Agreement will commence on the Effective Date and continue until terminated as set forth below. The initial term of each Order Form will begin on the Order Form effective date of such Order Form and will continue for the subscription term set forth therein. Except as set forth in such Order Form, the term of such Order Form will automatically renew for successive renewal terms equal to the length of the initial term of such Order Form, unless either party provides the other party with written notice of non-renewal at least thirty (30) days prior to the end of the then-current term.
Each party may terminate this Agreement upon written notice to the other party if there are no Order Forms then in effect. Each party may also terminate this Agreement or the applicable Order Form upon written notice in the event (a) the other party commits any material breach of this Agreement or the applicable Order Form and fails to remedy such breach within thirty (30) days after written notice of such breach or (b) subject to applicable law, upon the other party’s liquidation, commencement of dissolution proceedings or assignment of substantially all its assets for the benefit of creditors, or if the other party become the subject of bankruptcy or similar proceeding that is not dismissed within sixty (60) days.
Upon any termination or expiration of this Agreement: (i) Securiti will terminate Customer’s access to the Securiti Product and will cease providing such services; (ii) Customer shall immediately cease any and all use of and access to any Securiti Products; and (iii) each party hereunder shall return to the other party any and all Confidential Information of the other party in its possession. Termination shall not relieve Customer of the obligation to pay Securiti the fees agreed in an Order Form.
Upon termination of this Agreement all rights and obligations will immediately terminate except that any terms or conditions that by their nature should survive such termination will survive, including the restrictions in Section 2.3 hereof, and terms and conditions relating to proprietary rights and confidentiality, payment, disclaimers, indemnification, limitations of liability and termination and the general provisions below.
Each party will comply with the export laws and regulations of the United States, European Union and other applicable jurisdictions in providing and using the Securiti Product.
Customer agrees that Securiti may refer to Customer’s name and trademarks in Securiti’s marketing materials and website and case studies, provided Customer is allowed to review such use prior to publication. Securiti will not refer to Customer or its business in a press release without Customer’s prior written consent. In addition, Customer agrees to become part of Securiti’s reference program by working with a representative from Securiti’s marketing team to develop a customer profile for use on Securiti’s website. The profile will include a quote from an executive of Customer and Customer’s logo.
Neither party hereto may assign or otherwise transfer this Agreement, in whole or in part, without the other party’s prior written consent, except that either party may assign this Agreement without consent to a successor to all or substantially all of its assets or business related to this Agreement. Any attempted assignment, delegation, or transfer by either party in violation hereof will be null and void. Subject to the foregoing, this Agreement will be binding on the parties and their successors and assigns.
No amendment or modification to this Agreement, nor any waiver of any rights hereunder, will be effective unless assented to in writing by both parties, or in a manner otherwise set forth in this Agreement. Any such waiver will be only to the specific provision and under the specific circumstances for which it was given, and will not apply with respect to any repeated or continued violation of the same provision or any other provision. Failure or delay by either party to enforce any provision of this Agreement will not be deemed a waiver of future enforcement of that or any other provision.
Nothing contained herein will in any way constitute any association, partnership, agency, employment or joint venture between the parties hereto, or be construed to evidence the intention of the parties to establish any such relationship. Neither party will have the authority to obligate or bind the other in any manner, and nothing herein contained will give rise or is intended to give rise to any rights of any kind to any third parties.
If a court of competent jurisdiction determines that any provision of this Agreement is invalid, illegal, or otherwise unenforceable, such provision will be enforced as nearly as possible in accordance with the stated intention of the parties, while the remainder of this Agreement will remain in full force and effect and bind the parties according to its terms.
This Agreement will be governed by the laws of the State of California, exclusive of its rules governing choice of law and conflict of laws. The parties agree to submit to the exclusive jurisdiction of (i) the state courts located in Santa Clara County in the State of California and (ii) the federal courts located in the Northern District of California, with respect to disputes hereunder. This Agreement will not be governed by the United Nations Convention on Contracts for the International Sale of Goods or by Uniform Computer Information Transactions Act (UCITA).
Any notice required or permitted to be given hereunder will be given in writing by personal delivery, certified mail, return receipt requested, by overnight delivery, or by email or fax. Notices will be deemed given upon verifiable receipt
This Agreement comprises the entire agreement between Customer and Securiti with respect to its subject matter, and supersedes all prior and contemporaneous proposals, statements, sales materials or presentations and agreements (oral and written). No oral or written information or advice given by Securiti, its agents or employees will create a warranty or in any way increase the scope of the warranties in this Agreement.
Neither Party will be deemed in breach hereunder for any cessation, interruption or delay in the performance of its obligations due to causes beyond its reasonable control ("Force Majeure Event"), including earthquake, flood, or other natural disaster, act of god, labor controversy, civil disturbance, terrorism, war (whether or not officially declared), cyber-attacks (e.g., denial of service attacks), or the inability to obtain sufficient supplies, transportation, or other essential commodity or service required in the conduct of its business, or any change in or the adoption of any law, regulation, judgment or decree.
For purposes hereof, "including" means "including without limitation".
To the extent hosted and operated by or on behalf of Securiti, the Securiti Product will be Available 99.5% of the time, measured on a calendar monthly basis (the "Availability Commitment"). "Availability" means that the Securiti Product is available for use by Customer. Availability measures will not include downtime resulting from:
The Availability Commitment does not apply to any downtime of the Securiti Product that results from:
Securiti will provide Customer with reports on Availability upon request.
If Securiti fails to achieve the above Availability Commitment for the Securiti Product, Customer may claim a credit as provided below.
| PERCENTAGE AVAILABILITY PER MONT | CREDIT |
|---|---|
| 99.5-100.0 | 0% |
| 97.0-99.49 | 4% |
| 94.0-96.99 | 6% |
| 92.0-93.99 | 10% |
Customer will not be entitled to a credit if it is in breach of its Agreement with Securiti, including payment obligations. To receive a credit, a Customer must file a claim for such credit within fifteen (15) days following the end of the month in which the Availability Commitment was not met by contacting Securiti at [email protected] (or by opening a customer support ticket at https://app.securiti.ai/#/customer-support) with a complete description of the downtime, how Customer was adversely affected, and for how long.
The credit remedy set forth in this Service Level Agreement is Customer’s sole and exclusive remedy for the unavailability of the Securiti Product; provided that Customer shall have the right to terminate this Agreement if Securiti fails to achieve an Availability Commitment of 92% or better in three consecutive months; provided further that notwithstanding anything to the contrary in the Agreement, Customer shall have no payment obligations for services to be performed following such termination.
Securiti live technical support business hours will start at 9:00 am Pacific Time and run until 5:00 pm Pacific Time on weekdays (excluding holidays). Technical support can be contacted via email at [email protected] or by opening a customer support ticket at https://app.securiti.ai/#/customer-support.
Communication Channels:
| COMMUNICATION TOOL | |
|---|---|
| [email protected] | Open a support ticket at https://app.securiti.ai/#/customer-support |
Live technical support will not be available on Christmas Day (December 25) and New Year’s Day (January 1). Limited technical support will be available during the hours listed above during Securiti holidays. The current Securiti holidays are set forth below:
Customer Technical Contact(s): As designated by Customer
Initial privileged customer support accounts will be created for the customer contacts listed above. Additional privileged customer support accounts may be created based on a documented authorization request from a designated customer contact above or by Customer directly.
Securiti maintains a comprehensive, written information security program that contains administrative, technical, and physical safeguards that are appropriate to (a) the size, scope and type of Securiti’s business; (b) the type of information that Securiti will store; and (c) the need for security and confidentiality of such information.
Securiti’s security program includes:
A mandatory security awareness and training program for all members of Securiti’s workforce (including management), which includes:
Controls that provide reasonable assurance that access to physical servers at the production data center, if applicable, is limited to properly authorized individuals and that environmental controls are established to detect, prevent and control destruction due to environmental extremes. These controls are implemented by Amazon Web Services (AWS) and they are listed here: https://aws.amazon.com/compliance/data-center/controls/. Specific to Securiti:
A security incident response plan that includes procedures to be followed in the event of any Security Breach. Such procedures include:
Policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, pandemic flu, and natural disaster) that could damage Customer Data or production systems that contain Customer Data. Such procedures include:
Hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic information.
Policies and procedures to ensure the confidentiality, integrity, and availability of Customer Data and protect it from disclosure, improper alteration, or destruction.
Security measures to guard against unauthorized access to Customer Data that is being transmitted over a public electronic communications network or stored electronically. Such measures include requiring encryption of any Customer Data stored on desktops, laptops or other removable storage devices.
Policies and procedures regarding the secure disposal of tangible property containing Customer Data, taking into account available technology so that Customer Data cannot be practicably read or reconstructed.
Assigning responsibility for the development, implementation, and maintenance of Securiti’s security program, including:
Regularly testing the key controls, systems and procedures of its information security program to validate that they are properly implemented and effective in addressing the threats and risks identified. Where applicable, such testing includes:
Network and systems monitoring, including error logs on servers, disks and security events for any potential problems. Such monitoring includes:
Maintaining policies and procedures for managing changes Securiti makes to production systems, applications, and databases. Such policies and procedures include:
Monitoring, evaluating, and adjusting, as appropriate, the security program in light of:
Ensuring that all laptop and desktop computing devices utilized by Securiti and any subcontractors when accessing Customer Data:
"Security Breach" means any security incident if there is a reason to believe Customer Data has been or may have been accessed by an unauthorized party.
At all times Securiti accesses, processes or stores Customer Data, Securiti will maintain: Errors & Omissions/Professional Liability /Cyber Insurance, in an amount not less than $3,000,000 per claim and annual aggregate, covering all acts, errors, omissions, negligence, and including infringement of intellectual property (except patent and trade secret) in the performance of services for Customer or on behalf of Customer hereunder. Securiti’s policy will provide for Data Security & Privacy "Cyber" coverage (including coverage for unauthorized access and use, failure of security, breach of confidential information, of privacy perils, as well as breach mitigation costs and regulatory coverage). Such insurance shall be maintained in force at all times during the term of the Agreement and for a period of two years thereafter for services completed during the term of the Agreement. Customer shall be given at least 30 days’ notice of the cancellation or expiration of the aforementioned insurance for any reason.
Last updated February, 2020
Securiti Inc. (together, "Securiti" "we", "our" or "us") provides privacy, security and data protection services ("Services") to its business customers (its "Business Partners") through a SaaS offering, PRIVACI.ai and/or any other mobile software application that we license (collectively, the “Product”), and provides information relating to those services through its website at www.securiti.ai and related pages and subdomains (the "Website").
In order to ensure transparency and give you more control over your personal information, this privacy policy ("Privacy Policy") governs how we use, collect, store and disclose personal data we collect or receive from or about you ("you") in the following use cases:
We greatly respect your privacy, which is why we make every effort to provide a platform that would live up to the highest of user privacy standards. Please read this Privacy Policy carefully, so you can fully understand our practices in relation to personal data. "Personal data" or "personal information" means any information that can be used, alone or together with other data, to uniquely identify any living human being. Please note that this is a master privacy policy and some of its provisions only apply to individuals in certain jurisdictions. For example, the legal basis in the table below is only relevant for GDPR and/or CCPA protected individuals.
Important note: Nothing in this Privacy Policy is intended to limit in any way your statutory right, including your rights to a remedy or means of enforcement.
Table of contents:
This Privacy Policy can be updated from time to time and, therefore, we ask you to check back periodically for the latest version of this Privacy Policy. If we implement significant changes to the use of your personal data in a manner different from that stated at the time of collection, we will notify you by posting a notice on our Website or by other means.
We collect this information automatically through the use of various technologies, such as cookies.
For more information, please read our cookies policy available here: https://www.privaci.ai/cookies-policy
3rd parties for the following purposes:
For more information, please read our cookies policy: https://www.privaci.ai/cookies-policy
Read more about the purposes of each cookie here: https://www.privaci.ai/cookies-policy
3rd parties for the following purposes:
Until we no longer need the information and proactively delete it or you send a valid deletion request.
Please note that we may retain it for a longer or shorter period in accordance with data retention laws.
3rd parties for the following purposes:
Until we no longer need the information and proactively delete it or you send a valid deletion request.
Please note that we may retain it for a longer or shorter period in accordance with data retention laws.
3rd parties for the following purposes:
Until we no longer need the information and proactively delete it or you send a valid deletion request.
Please note that we may retain it for a longer or shorter period in accordance with data retention laws.
3rd parties for the following purposes:
Until we no longer need the information and proactively delete it or you send a valid deletion request.
Please note that we may retain it for a longer or shorter period in accordance with data retention laws.
Until we no longer need the information and proactively delete it or you send a valid deletion request.
Please note that we may retain it for a longer or shorter period in accordance with data retention laws.
Until we no longer need the information and proactively delete it or you send a valid deletion request.
Please note that we may retain it for a longer or shorter period in accordance with data retention laws.
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Legitimate interest (e.g. to implement security measures).
Until we no longer need the information and proactively delete it or you send a valid deletion request.
Please note that we may retain it for a longer or shorter period in accordance with data retention laws.
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Legitimate interest (e.g. to create your account and allow you to login).
3rd parties for the following purposes:
Until we no longer need the information and proactively delete it or you send a valid deletion request.
Please note that we may retain it for a longer or shorter period in accordance with data retention laws.
3rd parties for the following purposes:
Until we no longer need the information and proactively delete it or you send a valid deletion request.
Please note that we may retain it for a longer or shorter period in accordance with data retention laws.
3rd parties for the following purposes:
Until we no longer need the information and proactively delete it or you send a valid deletion request.
Please note that we may retain it for a longer or shorter period in accordance with data retention laws.
3rd parties for the following purposes:
Until we no longer need the information and proactively delete it or you send a valid deletion request.
Please note that we may retain it for a longer or shorter period in accordance with data retention laws.
We obtain your personal data:
3rd parties for the following purposes:
Until we no longer need the information and proactively delete it or you send a valid deletion request.
Please note that we may retain it for a longer or shorter period in accordance with data retention laws.
Accounting system
Until we no longer need the information and proactively delete it or you send a valid deletion request.
Please note that we may retain it for a longer or shorter period in accordance with data retention laws.
3rd parties for the following purposes:
Until we no longer need the information and proactively delete it or you send a valid deletion request.
Please note that we may retain it for a longer or shorter period in accordance with data retention laws.
Finally, please note that some of the abovementioned personal data will be used for fraud detection and prevention, and for security purposes. The abovementioned personal data may also be used to comply with applicable laws, with investigations performed by the relevant authorities, law enforcement purposes, and/or to exercise or defend legal claims. In certain cases, we may or will anonymize your personal data. “Anonymous Information” means information which does not enable identification of an individual user, such as aggregated information about the use of our services. We may use Anonymous Information and/or disclose it to third parties without restrictions (for example, in order to improve our services and enhance your experience with them).
In addition to the recipients described above, we may share your personal data as follows:
Rights:
We do not offer our products or services for use by children and, therefore, we do not knowingly collect personal data from, and/or about children under the age of eighteen (18). If you are under the age of eighteen (18), do not provide any personal data to us without involvement of a parent or a guardian. For the purposes of the GDPR, we do not intend to offer information society services directly to children. In the event that we become aware that you provide personal data in violation of applicable privacy laws, we reserve the right to delete it. If you believe that we might have any such information, please contact us at [email protected].
We enable you to interact with third party websites, mobile software applications and products or services that are not owned or controlled by us (each a “Third Party Service”). We are not responsible for the privacy practices or the content of such Third Party Services. Please be aware that Third Party Services can collect Personal Data from you. Accordingly, we encourage you to read the terms and conditions and privacy policies of each Third Party Service.
We use log files. The information inside the log files includes internet protocol (IP) addresses, type of browser, Internet Service Provider (ISP), date/time stamp, referring/exit pages, clicked pages and any other information your browser may send to us. We use such information for security purposes and to analyze trends, administer the Website, track users’ movement around the Website, and gather demographic information.
We currently use marketing and sales analytics tools including: Google Analytics, Google Ads, Marketo, Salesforce, Outreach, LinkedIn, Facebook, Twitter. We reserve the right to remove or add new analytic tools.
California Civil Code Section 1798.83 permits our customers who are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please submit a request here. Please note that we will respond to one request per customer each year, unless otherwise required by law.
If you have any questions, concerns or complaints regarding our compliance with this notice and the data protection laws, or if you wish to exercise your rights, we encourage you to first contact us at [email protected].
"API" is the application-programming interface used by you to access functionality provided by SECURITI |
"Monthly Active User" or "MAU" is a Platform Application User that uses the Service via an API call (made by or on behalf of the Platform Application User account) at least once in a monthly calendar period. |
"Monthly Platform API Calls" is any API call made by a Platform Application to the Service within a monthly calendar period on behalf of: (a) a Platform Application User; (b) a User; or (c) a Platform Service Account (connectors), not to exceed your allotted amount. Except as otherwise set forth in an order, excluded from Monthly Platform API Calls are API calls made on behalf of: (i) third party software application integrations that are permitted with your use of the Service; (ii) SECURITI provided application (e.g. PRIVACI virtual appliance); (iii) SECURITI provided services (e.g. consent javascript). |
"Monthly Platform Bandwidth" is the Platform Bandwidth consumed on a monthly calendar basis by or on behalf of: (a) a Platform Application User; or (b) a Platform Service Account (e.g. Connectors), not to exceed your allotted amount. Unless specified in an order, excluded from Monthly Platform Bandwidth is Platform Bandwidth consumed by: (i) SECURITI provided applications (e.g., the PRIVACI web app) and (ii) SECURITI provided software application (e.g. PRIVACI virtual appliance), if applicable. |
"PlatformApplication" is an application used by or on behalf of you that uses the API for the purposes of access to the Service. |
"Platform Application User" is a user with a unique identifier that is created and provisioned by the enterprise administrator and such user’s access to Content in the Service is governed through the Platform Application. |
"Platform Bandwidth" is the flow of data to or from the Service as a result of the Platform Application, measured in gigabytes (GB), not to exceed your allotted amount. |
"Platform Service Account" is a SECURITI.ai API based ‘Connector’ service that is created and provisioned by an application administrator to scan and detect personal data within your data stores and execute data subject rights requests where possible. |
"Platform Storage" is the total amount of Content, measured in gigabytes (unless otherwise specified), stored by or on behalf of all Platform Application Users, Platform Service Accounts and any other users of Platform Products, not to exceed your allotted amount. |
"Platform UseLimit(s)" is the amount as specified and allocated to you for: (i) Monthly Platform Bandwidth, Monthly Platform API Calls, Platform Storage and number of Monthly Active Users; and (ii) any other applicable usage limits or restrictions. |
"System Admin(s)" Users with system admin (also known as ‘admin’) access profile are one or more key stakeholders or IT managers who needs full control over the PRIVACI.ai account and its administration. This role has special access to all system features, functions, and data because administrators can override access profile rules and pass all access profile checks.
|
"Data Source Instance" is a unique, data repository that can be scanned to detect personal data and/or automated to execute data rights requests. A single data source instance could be a unique SaaS service instance identified by its instance Id or domain name, a single application database, a unique file share, a unique storage bucket, an LDAP/AD Organizational Unit etc. which can be connected to the PRIVACI environment through a supported PRIVACI Monitored or User Defined Connector. |
You receive the features and functionality that are provided in the specific Platform Product(s) that you have registered or purchased. You will ensure that your usage of the Platform Products is at all times in conformance with the Platform Use Limits, these Terms and applicable law. If you exceed the Platform Use Limits, additional fees will be due and/or reasonable restrictions may be placed on your account until any such excess usage is adequately eliminated by you.
You may not co-brand any Platform Products or use any SECURITI.ai OR PRIVACI.ai trademarks, logos, or other SECURITI marks to promote and market the Platform Products without SECURITI’s prior written consent.
You will not permit use of the Platform Application:
Download the Data Processing Addendum [PDF]
This Data Processing Agreement (“DPA”) is made and entered into as of this ____ day of ____, 2019 forms part of the Securiti Customer Agreement (the “Agreement”). You acknowledge that you, on behalf of [______] incorporated under __________ law, with its principal offices located at ____________________ (“Organization”) (collectively, ”You”, ”Your”, “Client”, or “Data Controller”) have read and understood and agree to comply with this DPA, and are entering into a binding legal agreement with Securiti as defined below (“Securiti”, ”Us”, ”We”, ”Our”, “Service Provider” or “Data Processor”) to reflect the parties’ agreement with regard to the Processing of Personal Data (as such terms are defined below) of GDPR-protected individuals. Both parties shall be referred to as the “Parties” and each, a “Party”.
WHEREAS, Securiti shall provide the services set forth in the Agreement (collectively, the “Services”) for Client, as described in the Agreement; and
WHEREAS, In the course of providing the Services pursuant to the Agreement, we may process Personal Data on your behalf, in the capacity of a “Data Processor”; and the Parties wish to set forth the arrangements concerning the processing of Personal Data (defined below) within the context of the Services and agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.
NOW THEREFORE, in consideration of the mutual promises set forth herein and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged by the Parties, the parties, intending to be legally bound, agree as follows:
If Securiti receives a request from a Data Subject to exercise its right to be informed, right of access, right to rectification, erasure, restriction of Processing, data portability, right to object, or its right not to be subject to a decision solely based on automated processing, including profiling (“Data Subject Request”), Securiti shall, to the extent legally permitted, promptly notify and forward such Data Subject Request to Client. Taking into account the nature of the Processing, Securiti shall assist Client by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Client’s obligation to respond to a Data Subject Request under Data Protection Laws and Regulations. To the extent legally permitted, Client shall be responsible for any costs arising from Securiti’s provision of such assistance.
Securiti maintains security incident management policies and procedures specified in Security Documentation and, to the extent required under applicable Data Protection Laws and Regulations, shall notify Client without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data, including Personal Data, transmitted, stored or otherwise Processed by Securiti or its Sub-processors of which Securiti becomes aware (a “Personal Data Incident”). Securiti shall make reasonable efforts to identify the cause of such Personal Data Incident and take those steps as Securiti deems necessary and reasonable in order to remediate the cause of such a Personal Data Incident to the extent the remediation is within Securiti’s reasonable control. The obligations herein shall not apply to incidents that are caused by Client or Client’s users. In any event, Client will be the party responsible for notifying supervisory authorities and/or concerned data subjects (where required by Data Protection Laws and Regulations).
Subject to the Agreement, Securiti shall, at the choice of Client, delete or return the Personal Data to Client after the end of the provision of the Services relating to processing, and shall delete existing copies unless applicable law requires storage of the Personal Data. In any event, to the extent required or allowed by applicable law, Securiti may retain one copy of the Personal Data for evidence purposes and/or for the establishment, exercise or defence of legal claims and/or to comply with applicable laws and regulations. If the Client requests the Personal Data to be returned, the Personal Data shall be returned in the format generally available for Securiti’s Clients.
This DPA shall automatically terminate upon the termination or expiration of the Agreement under which the Services are provided. Sections 2.2, 2.3.3, 2.3.4 and 12 shall survive the termination or expiration of this DPA for any reason. This DPA cannot, in principle, be terminated separately to the Agreement, except where the Processing ends before the termination of the Agreement, in which case, this DPA shall automatically terminate.
In the event of any conflict between the provisions of this DPA and the provisions of the Agreement, the provisions of this DPA shall prevail over the conflicting provisions of the Agreement.
Notwithstanding anything to the contrary in the Agreement and/or in any agreement between the parties and to the maximum extent permitted by law: (A) Securiti’s (including Securiti’s Affiliates’) entire, total and aggregate liability, related to, or for breach of, this DPA and/or Data Protection Laws and Regulations, including, without limitation, if any, any indemnification obligation under the Agreement or applicable law regarding data protection or privacy, shall be limited to the amounts paid to Securiti under the Agreement within twelve (12) months preceding the event that gave rise to the claim. This limitation of liability is cumulative and not per incident; (B) In no event will Securiti and/or Securiti Affiliates and/or their third-party providers, be liable under, or otherwise in connection with this DPA for: (i) any indirect, exemplary, special, consequential, incidental or punitive damages; (ii) any loss of profits, business, or anticipated savings; (iii) any loss of, or damage to data, reputation, revenue or goodwill; and/or (iv) the cost of procuring any substitute goods or services; and (C) The foregoing exclusions and limitations on liability set forth in this Section shall apply: (i) even if Securiti, Securiti Affiliates or third-party providers, have been advised, or should have been aware, of the possibility of losses or damages; (ii) even if any remedy in this DPA fails of its essential purpose; and (iii) regardless of the form, theory or basis of liability (such as, but not limited to, breach of contract or tort).
This DPA may be amended at any time by a written instrument duly signed by each of the Parties.
This DPA shall only become legally binding between Client and Securiti when the formalities steps set out in the Section “INSTRUCTIONS ON HOW TO EXECUTE THIS DPA” below have been fully completed.
The Parties represent and warrant that they each have the power to enter into, execute, perform and be bound by this DPA.
You, as the signing person on behalf of Client, represent and warrant that you have, or you were granted, full authority to bind the Organization and, as applicable, its Authorized Affiliates to this DPA. If you cannot, or do not have authority to, bind the Organization and/or its Authorized Affiliates, you shall not supply or provide Personal Data to Securiti.
By signing this DPA, Client enters into this DPA on behalf of itself and, to the extent required or permitted under applicable Data Protection Laws and Regulations, in the name and on behalf of its Authorized Affiliates, if and to the extent that Securiti processes Personal Data for which such Authorized Affiliates qualify as the/a “data controller”.
This DPA has been pre-signed on behalf of Securiti.
Instructions on how to execute this DPA.
The parties’ authorized signatories have duly executed this Agreement:
Signature:
Client Legal Name:
Print Name:
Title:
Date:
Signature:
Legal Name:
Print Name:
Title:
Date:
Securiti will Process Personal Data as necessary to perform the Services pursuant to the Agreement, as further instructed by Client in its use of the Services.
Subject to any Section of the DPA and/or the Agreement dealing with the duration of the Processing and the consequences of the expiration or termination thereof, Securiti will Process Personal Data for the duration of the Agreement, unless otherwise agreed upon in writing.
Client may submit Personal Data to the Services, the extent of which is determined and controlled by Client in its sole discretion, and which may include, but is not limited to the following categories of Personal Data:
The Client and the Data Subjects shall provide the Personal data to Securiti by supplying the Personal data to Securiti’s Service.
In some limited circumstances Personal Data may also come from others sources, for example, in the case of anti-money laundering research, fraud detection or as required by applicable law. For clarity, Client shall always be deemed the “Data Controller” and Securiti shall always be deemed the “Data Processor” (as such terms are defined in the GDPR).
Client may submit Personal Data to the Services, the extent of which is determined and controlled by Client in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of data subjects:
| Entity Name | Sub-Processing Activities | Entity Country |
| Amazon Web Services, Inc. | Cloud Service Provider | United States |
| Zendesk, Inc. | Cloud Customer Support | United States |
