Terms of Service
These Terms of Service include and incorporate any ordering document (“Order Form”), statement of work (“SOW”), or any other agreement that references it. Capitalized terms otherwise used but not defined herein are defined in the Order Form or SOW.
1. ORDERED SERVICES
1.1. Subscription Service. Certa authorizes Customer to access and use the SaaS products (“Subscription Service”) for the duration specified in the Order Form (“Subscription Term”) solely for its internal business purposes in accordance with Certa issued product documentation (“Documentation”). Customer will not exceed the authorized access and use rights as set forth in this Agreement and the relevant Order Form.
1.2. Support Service. Certa will provide Customer with technical support services (“Support Service”) in accordance with the support terms (“Support Terms”) set forth in the Order Form.
1.3. Implementation Services. Customer and Certa may enter into one or more SOWs or Order Forms subject to this Agreement for the purchase of implementation services (“Implementation Services”). Certa will perform the Implementation Services, subject to Customer’s performance of its responsibilities and payment of fees as stated in the SOW and/or the Order Form.
2. AUTHORIZED USE
2.1. User Accounts. During registration, Customer will appoint an administrative user who will set up the username and password for Customer’s Subscription Service account. Customer bears sole responsibility for safeguarding these credentials.
2.2. Restrictions. Customer agrees not to: (a) exceed contractual usage limits or bypass access controls; (b) sublicense, sell, or distribute the Services, except as expressly permitted; (c) use the Services to develop or operate competing services for third parties; (d) reverse engineer or modify the Services; (e) remove or alter proprietary notices in the Services; (f) infringe on intellectual property rights; (g) engage in malicious activities or disrupt security; or (h) access or disable any data, software, or network beyond Customer’s authorized usage. Prior to undertaking any of the aforementioned actions that it believes it may be entitled to, Customer will provide Certa with at least 30 days' prior notice and necessary information for assessment. Certa may offer alternatives to mitigate adverse impacts on its rights. “Services” means the Subscription Service, Support Service, Implementation Service, and/or Documentation.
2.3. Third Party Services. Customer may connect third party services to the Subscription Service to enable its use as permitted herein, in the Order Form or SOW (each, a “Third-Party Service”).
(a) If such Third-Party Service was resold by Certa, then the terms of license for such Third-Party Service will be set forth in the Order Form, SOW, or this Agreement.
(b) If such Third-Party Service was licensed directly by Customer from another provider, then the terms of such license shall be in a separate agreement between Customer and such provider.
(c) Customer acknowledges that all Third-Party Service providers may have access to Customer Data (as defined below) from Customer activating the connection between the Third-Party Service and the Subscription Service. Customer authorizes the access or transmission of Customer Data to such Third-Party Service and the access or transmission of data from such Third-Party Service to the Subscription Service.
(d) Customer acknowledges and agrees that Third-Party Service provider’s agreement with Customer will govern the provision of the Third-Party Service, and Certa shall not be responsible for, any use, disclosure, modification or deletion of such Customer Data, or for any act or omission of such Third-Party Service provider. For instance, when the Subscription Service calls a Third-Party Service application protocol interface (API) to return a match, Certa is not responsible for, nor guarantees, that the returned data will be correct or accurate (e.g., matching the correct entity), as this is within the purview of the Third-Party Service provider and is beyond Certa’s control. However, to the extent any Third-Party Service fails to properly display data within the Subscription Service, and to the extent such failure is caused by Certa, Certa shall fix such malfunctions in accordance with the Support Terms. Additionally, for all implementations of Third-Party Services within the Subscription Service made by Certa at the direction of Customer per an Order Form or SOW, Customer acknowledges that Certa is performing as Customer’s contractor and Customer authorizes Certa to perform work on such Third-Party Service.
3. INTELLECTUAL PROPERTY AND OTHER RIGHTS
3.1. Certa's Intellectual Property Rights. Certa owns all intellectual property rights to the Services, including derivatives, translations, modifications, and enhancements, irrespective of provisions in this Agreement, Order Form, or SOW. Certa owns and retains all rights to: (a) the Services and associated improvements and modifications, (b) any software, applications, inventions, or technology developed in connection with the Services, and (c) all related intellectual property and proprietary rights. Additionally, Certa exclusively owns all rights to suggestions, enhancement requests, feedback, or recommendations related to the Services from Customer or third parties. Customer acknowledges that this Agreement does not constitute a sale and confers no ownership rights to the Services. The Certa name, logo, and product names are trademarks of Certa, and no usage rights or licenses are granted. All rights not expressly granted to Customer are reserved by Certa.
3.2. Customer Data. Customer exclusively owns all rights, title, and interest in Customer Data. Customer warrants they have necessary rights and consents for Certa to use Customer Data in accordance with this Agreement. Customer grants Certa a royalty-free, fully paid, non-exclusive, non-transferable (except as outlined in Section 11.8), sub-licensable, worldwide license to reproduce, use, process, transfer, and store Customer Data solely for performing Certa’s obligations under this Agreement. Certa will provide, upon request, a copy of all Customer Data within the Subscription Service in a mutually agreed, commercially reasonable, and readily accessible format, either via the Subscription Service or within a reasonable timeframe. “Customer Data" refers to any data inputted into the Subscription Service by or on behalf of Customer during this Agreement.
3.3. Data Usage by Certa. Certa may collect and analyze data and other information relating to the provision, use and performance of various aspects of the Services and related systems and technologies (including information concerning Customer Data and data derived therefrom), and Certa will be free, during and after the Term (as defined below) to (i) use such information and data to improve and enhance the Services and for other development, diagnostic and corrective purposes in connection with the Services as well as other Certa offerings, and (ii) disclose all such data solely in aggregate or de-identified form that does not contain Customer’s Confidential Information or Customer Data or refer to Customer in connection with Certa’s business.
4. DATA SECURITY AND PRIVACY
4.1. Data Security. Certa commits to implementing reasonable security measures to protect Customer Data, including but not be limited to, encryption, access controls, monitoring, and regular security audits. Certa shall continuously evaluate and update these measures to align with industry best practices and evolving security threats. Additionally, Customer agrees to promptly notify Customer of any security incidents that may impact the confidentiality, integrity, or availability of Customer Data. Certa shall obtain annual certification to demonstrate compliance with the System and Organization Controls for Service Organizations 2 (SOC 2) Type 2 audit requirements.
4.2. Data Privacy Compliance. Both parties affirm their commitment to full compliance with data privacy laws, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant regulations, ensuring that all processing activities adhere to legal requirements and respect individuals' rights to privacy and data protection. Customer, acting as the data controller, is responsible for determining the purposes and means of processing personal data, obtaining valid consent, and providing transparent information to individuals. Certa, acting as the data processor, must process data only as instructed by Customer, implement appropriate security measures, maintain confidentiality, assist Customer in meeting obligations under these data privacy laws, and ensure that any sub-processors comply with applicable legal requirements.
4.3. Subcontractors. To the extent that Certa discloses Customer Data consisting of personal data to any of its contractors or vendors, Certa will do so in accordance with applicable law and subject to an obligation of confidentiality. If required under applicable law, Certa and Customer will enter into a data processing agreement consistent with such legal requirements. When engaging sub-processors of Customer Data, Certa will ensure via a written contract that the sub-processor only accesses and uses Customer Data to the extent required to perform the subcontracted obligations and only in accordance with applicable law.
5. CONFIDENTIALITY
Each party shall (i) treat all information (“Confidential Information”) received from the other party as confidential to the extent such information is designated as confidential or the receiving party reasonably should have understood the confidential nature of such information and shall not disclose such information to third parties except as expressly contemplated herein and (ii) not use Confidential Information except to the extent necessary to exercise rights or fulfill obligations under this Agreement. A party may disclose the disclosing party’s Confidential Information to its subsidiaries and contractors under a materially similar contractual duty of confidentiality as herein. To the extent the receiving party is required, by a government authority via subpoena or other means, to disclose Confidential Information of the disclosing party, or must do so to pursue a claim, the receiving party will give the disclosing party reasonable advance notice prior to any disclosure to allow the disclosing party time to resist or restrict such disclosure request. The receiving party shall return or destroy (and not retain any copies of) the disclosing party’s Confidential Information reasonably promptly upon request. Confidential Information shall not be considered confidential to the extent it: (a) was already known by the receiving party free of restrictions; (b) was subsequently learned from an independent third party free of restrictions and without breach of this Agreement; or (c) was independently developed by the receiving party without reference to the disclosing party’s Confidential Information.
6. TERM AND TERMINATION
6.1. Term. The term of this Agreement is for the period stated in the initial Order Form (“Initial Term”). At expiration, such Order Form shall renew per the terms therein and if there are none, each shall automatically renew for repeated successive one-year terms on the anniversary of the Effective Date unless a party opts out of such renewal via notice to the other party provided 60 days before such renewal anniversary (the Initial Term and renewal periods collectively are the “Term”).
6.2. Termination for Breach, Survival. Either party may terminate this Agreement upon thirty (30) days’ notice if the other party materially breaches any of the material terms or conditions of this Agreement and fails to cure such breach within such thirty (30) day notice period (except for Customer’s failure to timely pay amounts due hereunder, in which case the cure period shall be ten (10) days). Customer will pay in full for the Subscription Service per the Order Form(s) for the entire purchased Subscription Term and for all Implementation Services provided prior to Agreement termination.
6.3. Survival. All provisions of this Agreement which by their nature should survive termination will survive, including, accrued rights to payment, definitions for interpretation purposes, and the provisions entitled “Intellectual Property and Other Rights”, “Confidentiality”, “Survival”, “Wind-Down Assistance”, “Disclaimer”, “Limitation of Liability”, “Indemnity”, and “General Provisions”.
6.4. Wind-Down Assistance. Upon any termination or expiration of this Agreement, subject to the parties signing an SOW, Certa will assist Customer in an orderly manner by continuing to provide the affected Services (as reasonably needed by Customer) using commercially reasonable efforts to assist Customer in the transfer of Customer Data, such assistance deemed to be governed by the applicable provisions of this Agreement. Customer will compensate Certa for any wind-down assistance on an hourly basis at Certa’s then-current rates generally charged to its customers for such assistance.
7. PAYMENT OF FEES
7.1. Fees. Customer will pay Certa the applicable fees set forth in the Order Form and/or SOW in accordance with the terms therein and this Agreement (the “Fees”). If Customer's usage of the Subscription Service surpasses the capacity or usage limits specified in the Order Form and/or this Agreement, Customer agrees to pay any additional charges outlined in the Order Form or agreed upon by both parties.
7.2. Payment Terms. Customer agrees to make full payment to Certa within thirty (30) days of the invoice mailing date. Unpaid amounts will incur a finance charge of 1.5% per month on outstanding balances or the maximum allowed by law, plus collection expenses. Customer is responsible for all taxes associated with the Services except those based on Certa's net income. For the avoidance of doubt, taxes will not be deducted from payments to Certa, except as required by applicable law, in which case Customer will increase the amount payable as necessary so that, after making all required deductions and withholdings, Certa receives and retains (free from any liability for taxes) an amount equal to the amount it would have received had no such deductions or withholdings been made. Any billing discrepancies must be reported to Certa within 15 days of the billing statement date for adjustments or credits.
8. WARRANTIES AND DISCLAIMER
8.1. Warranties. Both parties warrant that they have the requisite corporate power and authority to enter into this Agreement and shall comply with all applicable laws. Certa warrants that it shall: (a) provide the Services diligently, in a competent and professional manner, (b) use reasonable efforts consistent with prevailing industry standards to maintain the Subscription Service in accordance with the Support Terms; and (c) perform the Implementation Services in a professional and workmanlike manner. Customer's exclusive remedy for any breach of these warranties shall be, at Certa's option, to remedy the non-conformity or refund the fees paid by Customer for the affected Services covering the period after effective termination.
8.2. Disclaimer. EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE SERVICES ARE PROVIDED ON AN "AS IS" AND "AS-AVAILABLE" BASIS. CERTA DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE, NOR DOES IT MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM THE USE OF THE SERVICES. TO THE FULLEST EXTENT PERMITTED BY LAW, CERTA EXPRESSLY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.
9. LIMITATION OF LIABILITY
9.1. THIS LIMITATION OF LIABILITY PROVISION APPLIES IN THE AGGREGATE AND NOT ON A PER CLAIM BASIS, WHETHER ANY DAMAGES ARE CHARACTERIZED IN TORT, NEGLIGENCE, CONTRACT, OR OTHER THEORY OF LIABILITY, REGARDLESS OF WHETHER A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF OR COULD HAVE FORESEEN ANY DAMAGES, AND IRRESPECTIVE OF ANY FAILURE OF ESSENTIAL PURPOSE OF A LIMITED REMEDY. IN NO EVENT SHALL CERTA OR CUSTOMER BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, EXEMPLARY OR CONSEQUENTIAL DAMAGES OF ANY KIND IN CONNECTION WITH OR ARISING OUT OF THIS AGREEMENT.
9.2. IN NO EVENT SHALL EACH PARTY BE LIABLE FOR ANY DAMAGES (INCLUDING DIRECT DAMAGES) FOR ANY MONIES THAT EXCEED AMOUNTS PAID OR PAYABLE BY CUSTOMER TO CERTA UNDER THIS AGREEMENT IN THE 365 DAYS PRIOR TO THE ACT(S) THAT GAVE RISE TO THE APPLICABLE CLAIM(S).
9.3. THIS LIMITATION OF LIABILITY PROVISION DOES NOT LIMIT (1) CUSTOMER’S PAYMENT OBLIGATIONS UNDER THIS AGREEMENT; OR (2) A PARTY'S LIABILITY FOR INTELLECTUAL PROPERTY INFRINGEMENT; OR (3) INTENTIONAL MISCONDUCT OR FRAUD.
10. INDEMNITY
10.1. Certa Obligation. Certa will defend Customer and its affiliates against third party claims alleging (a) infringement of third-party intellectual property rights related to the Services or (b) physical injury or tangible property damage to the extent caused by negligence or misconduct of Certa personnel onsite at Customer’s premises. Certa will pay any resulting settlement or court-ordered damages. With respect to (a), Certa may contest claims, obtain permissions for Customer’s continued use, replace or modify the Services, or terminate access with a refund if other options are not feasible. Certa is not liable for claims arising from Customer Data or unauthorized access or use of the Services in violations of law, usage after termination, modifications by Customer or on its behalf in violation of the Documentation or this Agreement, or combination with non-Certa components.
10.2. Customer Obligation. Customer will defend Certa against third party claims related to Customer Data or modifications to the Services made by the Customer, and cover associated settlement amounts or damages.
10.3. Process. Both parties must promptly notify each other of claims, with the defending party assuming sole control of defense and settlement negotiations, and neither party can stipulate fault without consent, nor can settlements be publicized without mutual agreement. This Section outlines each party's entire liability and exclusive remedy for third-party claims and actions.
11. GENERAL PROVISIONS
11.1. Trade Compliance. Customer agrees to comply with all applicable trade sanctions and export control laws in its use of the Services. Specifically, Customer will not: (a) use the Services in countries subject to comprehensive U.S. sanctions; (b) provide access to any party on U.S. government restricted lists; (c) export, re-export, or transfer the Services in violation of applicable laws. Customer is responsible for its own trade law compliance.
11.2. Force Majeure. Failure to perform obligations under this Agreement due to a force majeure event, including acts of nature, pandemics, war, terrorism, riots, or strikes, shall not constitute a default or breach. The affected party must promptly notify the other party, provide a good faith estimate of the impact, and take all reasonable measures to resolve the situation.
11.3. Entire Agreement. This Agreement is the parties' entire understanding relating to its subject matter and supersedes any previous oral or written agreement between the parties concerning such subject matter, as well as any Certa invoice terms or Certa “click-through” or “click-wrap” terms required to access the Services. Such terms are specifically rejected by Customer, even if assented to by Customer’s users when required to do so to access the Services. Any Customer similar terms (such as Customer purchase orders) are similarly specifically rejected by Certa.
11.4. Amendments. No changes or modifications or waivers to this Agreement will be effective unless in writing and signed by both parties.
11.5. Waivers. The failure of a party to enforce its rights under this Agreement at any time for any period shall not be construed as a waiver of such rights.
11.6. Governing Law and Venue. This Agreement shall be governed by the laws of the State of California, without regard to its conflicts of laws provisions. Any legal disputes arising from this Agreement shall be exclusively resolved in the state or federal courts located in Santa Clara, California. The parties consent to the jurisdiction and venue of these courts, except when seeking temporary injunctive relief.
11.7. Severability. If any Agreement provision or part is held invalid by a court of competent jurisdiction, the remainder of this Agreement will continue in full force and effect.
11.8. Independent Contractors, No Third-Party Beneficiaries. The parties are independent contractors. This Agreement is for the sole benefit of the parties hereto and there are no third-party beneficiaries. This Agreement does not create any joint venture, partnership, or any other similar relationship.
11.9. Assignments. Neither party may assign this Agreement without the prior written consent of the other party, except that a party may assign this Agreement to: (a) an entity acquiring all or substantially all of its assets and assuming related liabilities, or (b) an affiliate controlled by the assigning party. Notice must be provided to the other party in such cases. Any assignee must agree in writing to comply with the terms of this Agreement.
11.10. Notices. All notices shall be in writing and delivered personally, by email, or by first-class mail to the addresses provided in the Agreement's signature block (or as updated by notice). Parties may update their contact information via notice.