Developer Terms of Service

POLICIES

CROSSHATCH U.S. DEVELOPER TERMS

‍MASTER SUBSCRIPTION AGREEMENT

This Master Subscription Agreement (this “Agreement”) is entered into by and between Olympus Technologies Inc. DBA Crosshatch (“Crosshatch”) and the party that enters into the Agreement by entering its name and address and clicking the “I agree” box below (“App Partner”, and the date on which the App Partner enters into the Agreement in this manner, the “Effective Date”).

Definitions.
1. “Affiliate” means any entity controlling, controlled by or under common control with the referenced entity. For purposes of this Agreement, “control” means an economic or voting interest of at least fifty percent (50%) of the referenced entity, or in the absence of such economic or voting interest, the power to direct or cause the direction of the management and policies of such entity.
2. “ Application” means the applications (including artificial intelligence applications) operated by Crosshatch that are utilized in connection with the Services.
3. “App Partner Data” means any information (including Personal Information) or materials provided by or on behalf of App Partner to Crosshatch for use in connection with the Services. For the avoidance of doubt, App Partner Data does not include Crosshatch Content.
4. “App Partner Marks” means the App Partner’s name and logo, in the form provided to Crosshatch by App Partner.
5. “Crosshatch APIs” means the package of application programming interface materials provided to App Partner by Crosshatch.
6. “Crosshatch Content” means any data, technology, documents or materials, access to which is provided by or on behalf of Crosshatch in connection with the Services, including Software, files, documents, photos, chat logs, transcripts and images; in each case, excluding App Partner Data, the Personalized Recommendations and Crosshatch APIs.
7. “Crosshatch Marks” means the name “Crosshatch” and associated logo in the form provided to App Partner by Crosshatch.
8. “De-Identified Data” means (i) information that cannot reasonably be used to infer information about, or otherwise be linked to, a particular consumer or (ii) any information or data defined as “deidentified” or any analogous term under any applicable Privacy Laws.
9. “End User” means each individual end user (i) who, in connection with the Services has created an Crosshatch account and (ii) to whom App Partner desires to provide Personalized Recommendations based on Crosshatch Content, App Partner Data (where applicable) and such end user’s interactions with App Partner.
10. “End User Data” means the information (including Personal Information) provided by or on behalf of an End User to Crosshatch, or otherwise accessed by Crosshatch upon authorization from the End User, for use in connection with the Services. End User Data does not include the Personalized Recommendations.
11. “Health Information” has the meaning ascribed to it under the Health Insurance Portability and Accountability Act, 42 U.S.C. § 1320(4), and any regulations promulgated thereunder.
12. “Initial Term” means the initial term for a Service as specified in ‎Section 10.
13. “Intellectual Property Rights” means, collectively, intellectual property rights or other similar proprietary rights, protected, created or arising under the laws of any jurisdiction, and whether registered or unregistered, including rights in and to any of the following: (i) patents, utility models and any similar or equivalent statutory rights with respect to the protections of inventions and any applications for any of the foregoing; (ii) copyrights, applications for registrations thereof and moral rights; (iii) trade names, trademarks, service marks, domain names and other Internet addresses identifiers, logos, slogans and trade dress, including applications for registrations of any of the foregoing; (iv) trade secrets, know-how, processes, inventions (whether or not patentable), algorithms, methods, formulae, models, methodologies, business plans, technical data, specifications, research and development information, product roadmaps, and any other confidential or proprietary information (“Trade Secrets”); (v) databases and data; and (vi) Software.
14. “Laws” means all statutes, laws, rules, regulations, ordinances, codes, administrative rulings, judgments, decrees, orders, constitutions, treaties, ministerial instructions, directives, policies, standards and other requirements or rules of law of any federal, provincial, territorial, municipal, state or foreign governmental authority or other law or regulation-making entity of competent jurisdiction.
15. “Order Form” means the document, executed by the parties hereto, which describes the Services and pricing.
16. “PCI DSS” means the Payment Card Industry Data Security Standard, issued by the Payment Card Industry Security Standards Council, as may be revised from time to time.
17. “Personal Information” means any information (i) defined as “personal information”, “personal data”, “personally identifiable information” or any analogous term under any applicable Law or (ii) that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a natural person or household.
18. “Personalized Recommendations” means the recommendations, insights and inferences Crosshatch (i) creates, using the Application, about an End User based on (a) relevant End User Data contained within the Vault, (b) Crosshatch Content and (c) App Partner Data (including as related to the End User’s relevant interactions with and queries to the App Partner), where applicable, and (ii) provides to or otherwise makes available to App Partner, in each case, in connection with the Services.
19. “Privacy Laws” means all applicable Laws worldwide relating to the Processing, privacy or security of Personal Information, including, as applicable, the California Consumer Privacy Act as amended by the California Privacy Rights Act of 2020 and its implementing regulations, the Virginia Consumer Data Protection Act, the Colorado Privacy Act, Connecticut’s An Act Concerning Personal Data Privacy and Online Monitoring and other similar state privacy laws, each as amended from time to time, the Telecommunications Act, Section 5 of the Federal Trade Commission Act, the Fair Credit Reporting Act, the Fair and Accurate Credit Reporting Act, the Gramm-Leach-Bliley Act, the Children’s Online Privacy Protection Act, and any other Laws, binding guidelines, industry standards (including PCI DSS) and codes of practices concerning data protection, information security, cybercrime, data breach notification and social security number protection.
20. “Process”, “Processed” or “Processing” means any operation or set of operations that are performed on Personal Information or on sets of Personal Information, whether or not by automated means.
21. “Renewal Term” means the renewal term for a Service commencing after the Initial Term or another Renewal Term as specified in ‎Section 10.
22. “Services” means the provision by Crosshatch of End-User permissioned Personalized Recommendations to App Partner for the purpose of the Use Case.
23. “Software” means any: (i) computer programs, software, interfaces and firmware, and (ii) any documentation including user manuals and other training documentation relating to any of the foregoing.
24. “Taxes and Fees” means all applicable sales, use, value-added or regulatory taxes, fees, duties. Charges, surcharges or assessments levied on the provision of Services to App Partner (exclusive of any income tax imposed on Crosshatch).
25. “Term” means the Initial Term together with any Renewal Terms.
26. “Usage Limit” means a maximum number of one hundred (100) End Users that can access the Services via App Partner at a given time, as may be amended by Crosshatch from time to time.
27. “Use Case” shall have the meaning set forth on Exhibit A, which may be amended by App Partner from time to time by accessing and updating its selections via the Crosshatch App Partner portal.
28. “Vault” means the online data management repository administered by Crosshatch that stores End User Data and from which Personalized Recommendations will be provided to or otherwise made available to App Partner in connection with the Services.
Use of the Services.
1. Services. On the terms and subject to the conditions set forth in this Agreement, and in consideration of the fees paid by App Partner pursuant to the Order Form, Crosshatch shall provide to App Partner, and App Partner shall receive, the Services during the Term.
2. Right to Use. Subject to the terms and conditions of this Agreement, Crosshatch hereby grants to App Partner a non-exclusive, revocable, non-transferable, non-sublicenseable right to use the Services, including the Crosshatch Content, during the Term solely as permitted in this Agreement. Crosshatch reserves the right, at any time and its sole discretion, to enhance, correct or otherwise modify the Services, with or without notice to App Partner; provided that Crosshatch will not materially disable the core functionality of, or discontinue in its entirety, the Services without providing prior notice to App Partner. Crosshatch will provide to App Partner standard updates to the Services that are made generally available to Crosshatch’s customers during the Term; provided that Crosshatch reserves the right to offer to App Partner additional functionality or premium feature improvements for an additional cost. All rights not expressly granted herein by Crosshatch to App Partner are reserved by Crosshatch and its licensors.
3. [Fair Usage. To ensure access to Crosshatch’s services for all of its customers and users, Crosshatch operates a fair usage policy pursuant to which certain types of traffic may be prioritized over other traffic. Fair usage will be determined by Crosshatch at its sole discretion.]
4. Compliance. App Partner shall be fully responsible for its use of the Services.
5. App Partner Restrictions and Obligations.

Restrictions on Use. App Partner shall not: (A) disassemble, decompile, prepare derivative works of, decrypt, reverse engineer or otherwise attempt to gain access to the source code of the Software included in the Crosshatch Content or the Crosshatch APIs; (B) use the Services, the Crosshatch Content or the Crosshatch APIs in a way that abuses, interferes with or disrupts the Services or Crosshatch’s networks or systems, customer or End User accounts or provision of services to any person; (C) use the Services, the Crosshatch Content or the Crosshatch APIs in connection with any activity that is illegal or fraudulent; (D) copy any features, functions, or other aspects of the Services, the Crosshatch Content, the Crosshatch APIs or the Vault or any components thereof; (E) resell or otherwise use the Services, the Crosshatch Content or the Crosshatch APIs to provide services similar to the Services to third parties, except to the extent expressly permitted hereunder; (F) use the Services, the Crosshatch Content or the Crosshatch APIs in violation of (1) the terms of this Agreement, including any Usage Limits or (2) any applicable Law; (G) use any robot, spider, scraper, or other automated means to access or monitor the Services, the Crosshatch Content, the Crosshatch APIs or the Vault for any purpose; (H) attempt to obtain unauthorized access to account information or otherwise circumvent any access controls or other protections relating to the Services, the Crosshatch Content, the Crosshatch APIs or the Vault; or (I) use the Personalized Recommendations for any purpose other than the specific Use Case set forth on Exhibit A or (J) use the Personalized Recommendations other than in compliance with (1) the Crosshatch Privacy Policy available here and (2) any agreements between App Partner and End Users (for clarity, including any privacy policy or statement), which shall, for the avoidance of doubt, include disclosure of its use of Personalized Recommendations in connection with the Use Case set forth in Exhibit A.
Restrictions on Access to End User Data. The Parties hereby acknowledge and agree that it is not envisaged that App Partner will have access to End User Data in connection with the Services. Accordingly, App Partner shall not (A) attempt to obtain unauthorized access to End User Data or otherwise circumvent any access controls or other protections relating to the protection of the End User Data within the Vault, (B) extract, decrypt, reverse engineer or otherwise attempt to obtain direct or indirect access to any End User Data in connection with the Services or (C) issue API calls to Crosshatch via the Vault to obtain or attempt to obtain any raw data, including End User Data (without limiting the right to obtain Personalized Recommendations). Without limiting the foregoing, if and solely to the extent App Partner does obtain, directly or indirectly, any access to such End User Data, or any such End User Data is otherwise made available to App Partner, App Partner shall (X) comply with the obligations and restrictions set forth on Exhibit B with respect to any such End User Data in its possession, (Y) cease Processing such End User Data immediately and (Z) at Crosshatch’s election, either return or destroy such End User Data and promptly confirm in writing that this obligation has been complied with in full.
Prohibited Data and Information. Without limiting ‎Section 2(e)(i), in connection with the use of the Services, App Partner shall not upload, transmit or otherwise provide to Crosshatch any data (including App Partner Data) or information, that: (A)(1) infringes the Intellectual Property Rights or other rights of third parties (including, for the avoidance of doubt, rights of publicity or privacy rights); (2) is fraudulent, deceptive, illegal, obscene, defamatory, libelous, threatening, harmful to minors, pornographic, indecent, harassing, hateful or religiously, racially, or ethnically offensive; or (3) encourages illegal or tortious conduct; (B) may not be disclosed to others pursuant to any obligations of confidentiality or Laws relating to Trade Secrets; [(C) contains or constitutes Health Information,] is regulated by PCI DSS or constitutes Personal Information that App Partner does not have a lawful basis to Process and authorize Crosshatch to Process in connection with the Services; (D) may reasonably cause a breach of, or threat to, the security of the Services, including any “back door,” “time bomb,” “Trojan horse,” “worm,” “drop dead device,” “virus” or other software routines or hardware components that permit unauthorized access or the unauthorized disablement or erasure of Software; or (E) may not be transferred outside of App Partner’s jurisdiction under applicable Law, including applicable export control and sanctions Laws, Privacy Laws or Laws regulating the transfer of information or data concerning or comprising munitions or weapons.
Notice of Incidents; Cooperation. Without limiting the rights set forth in ‎Section 10(c), upon becoming aware of (A) any violations of this ‎Section 2 by App Partner, (B) any unauthorized use of any password or account of App Partner or (C) any other known or suspected security breach or cyber-attacks relating to, or unauthorized access to or use of, the Services ((A)-(C), collectively, an “Incident”), the party becoming aware thereof shall notify the other party in writing and, if requested by either party hereto, the other party shall reasonably cooperate with the requesting party to investigate, contain and remediate such Incident and take such other actions that are reasonably requested such requesting party and (b) Crosshatch shall have the right to take any of the actions set forth in ‎Section 4.

Standard Support Services. Crosshatch will provide commercially reasonable support for the Services during the applicable Term by answering questions by email or phone, charges for which are included in the Service Charges.
Monitoring Violations; Remedial Actions. Notwithstanding anything to the contrary herein, App Partner acknowledges and agrees Crosshatch has the right to (a) monitor App Partner’s use of the Services and usage of Personalized Recommendations for the purpose of ensuring compliance with, and enforcing, the terms of this Agreement, including those set forth in ‎Section 2; and (b) if Crosshatch has reason to believe App Partner has violated the terms of this Agreement, including those set forth in ‎Section 2, or applicable Law, take any action that it deems appropriate (in its sole discretion), including issuing warnings to App Partner, removing data or information, immediately suspending App Partner’s access to the Personalized Recommendations, the API, the Crosshatch Content, and the Services, reducing certain functionalities or the performance of the Services, terminating App Partner accounts or profiles or reporting to law enforcement, regulatory agencies or other third parties any conduct that Crosshatch believes violates this Agreement or applicable Law.
Data Ownership, Access and Usesome text
1. Ownership. As between Crosshatch and App Partner, (i) App Partner shall own or retain ownership of all App Partner Data and (ii) Crosshatch shall own or retain ownership of all data included in the Crosshatch Content and any data created or enriched by Crosshatch based on End User Data or App Partner Data (other than Personalized Recommendations). The parties hereto further acknowledge that, to the extent there are any proprietary rights, including Intellectual Property Rights, in the Personalized Recommendations, as between Crosshatch and App Partner App Partner shall be deemed to be the owner of such proprietary rights, subject to the restrictions set forth in Section 2(e)(i)(H), Section 2(e)(i)(J) and Section 6. Notwithstanding the foregoing, App Partner acknowledges and agrees that the data used to generate the Personalized Recommendations for App Partner may be similar to data used to generate personalized recommendations for third parties and that, due to the nature of machine learning and the technology powering the Application, the Personalized Recommendations may not be unique to App Partner and thus Crosshatch may generate the same or similar personalized recommendations for third parties.
2. Access to App Partner Data. App Partner (on behalf of itself and its Affiliates) hereby grants to Crosshatch, during the Term, a worldwide, royalty-free, non-exclusive, non-transferrable (except to the extent permitted under ‎Section 14(h)) license to use, copy, modify, perform, distribute, display or otherwise Process any App Partner Data solely for the purpose of providing the Services to App Partner and verifying or maintaining the quality and security of the Services.
Data Processing Obligations and Agreements. some text
1. (i) Data Processing Obligations. The parties hereto hereby acknowledge and agree that certain Personal Information contemplated to be provided by or Processed in connection with the Services pursuant to the Agreement may be subject to legal or regulatory requirements necessitating additional measures prior to the disclosure of such data, including providing notice to, and obtaining the consent of, affected data subjects, honoring the rights of data subjects as provided under applicable Privacy Laws, executing additional disclosure agreements between the legal entities sending and receiving the Personal Information and complying with notice or consultation obligations with employee representative bodies. The parties shall work together in good faith to implement measures and take such actions to comply with these agreements and requirements.

Data Processing Agreements. Upon request by either party hereto, to the extent required by or reasonably advisable to comply with applicable Privacy Laws, Crosshatch will prepare and execute a data processing agreement or addendum to this Agreement further delineating the parties’ responsibilities with respect to the Processing of Personal Information.
Access Limitation. Access to any Personal Information provided hereunder shall be restricted to directors, officers, employees, agents and advisors of the receiving party who need to know such information in connection with the Services and such persons shall access and use the Personal Information solely to the extent necessary to perform the Services. The receiving party shall ensure that any such persons authorized to Process any Personal Information have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
Privacy Law Compliance The parties hereto shall (A) comply with their respective obligations under applicable Privacy Laws with respect to the Processing of Personal Information provided or made available pursuant to this Agreement, including by providing notices to and receiving consent from data subjects where applicable, (B) cooperate with the other party to notify applicable government bodies or data subjects in the event of a data or other security breach where required by applicable Privacy Laws, (C) implement appropriate technical and organizational measures to maintain the security of and to protect the Personal Information provided hereunder against any accidental or unlawful Processing, destruction or accidental loss, alteration, unauthorized disclosure or access and (D) only disclose or otherwise make available any Personal Information provided hereunder to a third party service provider (1) where strictly necessary to perform, and in accordance with, the Services and (2) after (a) conducting a reasonable investigation of such third party service provider’s safeguards to ensure such safeguards are reasonable and consistent with its obligations under this Agreement and (b) contractually imposing upon such third party service provider the same or no less protective contractual duties imposed hereunder; provided that the disclosing party shall remain responsible for such third party service provider’s compliance with all of the terms and conditions of this Agreement.
De-Identified Data. To the extent either party hereto provides or makes available to the other party De-Identified Data, the receiving party shall (A) take reasonable measures to ensure that such De-Identified Data cannot be associated with a consumer or household, (B) publicly commit to maintain and use such De-Identified Data in deidentified form and not to attempt to reidentify such De-Identified Data unless permitted by and in accordance with applicable Law and (C) contractually obligate any third party recipients of such De-Identified Data to comply with the foregoing (A) and (B).

Responsibility for App Partner Data; Representations and Warranties. As between Crosshatch and App Partner, App Partner is solely responsible for any Processing, communication, uploading, transmission or other use of the App Partner Data and compliance with all Laws and contractual obligations applicable thereto, including obtaining any required third-party consents and providing any required notices to third parties. App Partner hereby represents and warrants to Crosshatch that App Partner and Crosshatch have the right to Process, communicate, upload, transmit and otherwise use any App Partner Data in connection with the Services and that such activities do not and will not violate any Laws or violate or infringe on any Intellectual Property Rights or other rights of any third party. Under no circumstances will Crosshatch be liable in any way for any (i) App Partner Data; (ii) errors or omissions in any App Partner Data; or (iii) loss or damage of any kind incurred by any person as a result of the Processing of any App Partner Data.
No Other Obligations. Except as set forth in this ‎Section 6, Crosshatch has no other obligations with respect to any App Partner Data.

Intellectual Property Rights. some text
1. Ownership. App Partner acknowledges and agrees that, as between App Partner and Crosshatch, Crosshatch or its licensors exclusively own and shall retain all right, title and interest in and to all Crosshatch Content and Crosshatch APIs and in and to the Services (excluding, for the avoidance of doubt, App Partner Data and Personalized Recommendations), together with any changes, improvements or modifications thereto and derivative works thereof, and all Intellectual Property Rights embodied therein. App Partner acknowledges and agrees that Crosshatch shall own any suggestions, feedback and recommendations provided by App Partner to Crosshatch relating to the Services and hereby assigns to Crosshatch all right, title and interest in and to any Intellectual Property Rights embodied in any of the foregoing. App Partner acknowledges and agrees that (i) the Services, Crosshatch Content and Crosshatch APIs are protected by copyright laws and other Laws relating to Intellectual Property Rights; and (ii) App Partner has a subscription to use the Services during the Term subject to the terms and conditions set forth herein, but nothing herein shall confer upon App Partner any other right, title or interest in or to any of the Services, Crosshatch Content or Crosshatch APIs.
2. License to Crosshatch APIs. Subject to ‎Section 2(e), Crosshatch hereby grants App Partner a revocable, non-exclusive, non-transferable, non-sublicensable license to access, copy and use the Crosshatch APIs to enable App Partner to connect with the Services for purposes of providing queries and receiving Personalized Recommendations.
3. License to Crosshatch Marks. Crosshatch hereby grants App Partner, during the Term, a worldwide, royalty-free, revocable, non-exclusive, non-transferrable, non-sublicensable license to display the Crosshatch Marks on the App Partner’s website solely for the purpose of identifying the Application as compatible with the Services in a form approved in advance by Crosshatch. All use of the Crosshatch Marks shall inure to the benefit of Crosshatch.
4. License to App Partner Marks. App Partner hereby grants Crosshatch, during the Term, a worldwide, royalty-free, revocable, non-exclusive, non-transferrable, non-sublicensable license to display the App Partner Marks on Crosshatch’s website, applications and other promotional materials solely for the purpose of identifying the App Partner as compatible with the Services in a form approved in advance by App Partner. All use of the App Partner Marks shall inure to the benefit of App Partner.
Pricing and Payment Terms. As full consideration for the Services and the rights granted to App Partner herein (which, for the avoidance of doubt, include the standard support services described in ‎Section 3 and the standard updates described in ‎Section 2(b), App Partner agrees to pay Crosshatch all fees charged to App Partner as set forth on the applicable Order Form, or as otherwise agreed between the parties hereto in writing.
Confidentiality.
1. Confidential Information. “Confidential Information” means all non-public information disclosed in connection with the Services by either party hereto (with respect to such information, the “Disclosing Party”) to the other party (with respect to such information, the “Receiving Party”) prior to or after the Effective Date that is designated as “confidential” or that, given the nature of the information or the circumstances surrounding its disclosure, reasonably should be understood to be confidential, including non-public information relating to the Disclosing Party’s business, systems, operations, strategic plans, customers or vendors, pricing, technology, methods, processes, financial data, forecasts, programs, products or services. Confidential Information shall not include any information that (i) was known by the Receiving Party prior to its receipt from the Disclosing Party; (ii) is or becomes publicly known or available without breach of this Agreement; (iii) is rightfully disclosed to the Receiving Party by a third party without breach of confidentiality obligations; or (iv) is independently developed by the Receiving Party without use of any Confidential Information of the Disclosing Party.
2. Confidentiality Obligations. Except as needed to fulfill its obligations or as otherwise permitted under this Agreement, the Receiving Party shall not disclose to any third party (except as expressly permitted herein) or use for its own benefit, or the benefit of a third party, the Confidential Information of the Disclosing Party, without the Disclosing Party’s prior written consent. The Receiving Party shall limit disclosure of the Disclosing Party’s Confidential Information to its Affiliates and its and their respective directors, officers, employees, agents, contractors and advisors who have a need to know and who are under obligations of confidentiality. Additionally, the Receiving Party shall (i) take reasonable measures to avoid unauthorized disclosure, dissemination or use of the Confidential Information of the Disclosing Party, exercising at least the same degree of care in safeguarding the Confidential Information of the Disclosing Party as the Receiving Party would exercise with respect to its own Confidential Information of similar nature, but in no event less than a reasonable degree of care; and (ii) notify the Disclosing Party promptly upon discovery of any unauthorized disclosure, dissemination or use of Confidential Information of the Disclosing Party and cooperate with the Disclosing Party to regain possession of such Confidential Information and prevent its further unauthorized disclosure, dissemination and use. The Receiving Party may disclose Confidential Information of the Disclosing Party where required by Law, provided that Receiving Party shall, where permitted, notify the Disclosing Party prior to such disclosure in order to afford the Disclosing Party an opportunity to seek a protective order to prevent or limit disclosure of its Confidential Information to third parties. Notwithstanding anything to the contrary herein in this ‎Section 9, the Receiving Party may retain copies Confidential Information of the Disclosing Party to the extent (i) stored in back-up/archival storage in accordance with its policies or (ii) required to comply with applicable Law.
3. Confidentiality Term. The confidentiality obligations set forth in this ‎Section 9 with respect to any Confidential Information of the Disclosing Party shall remain in effect for a period of three (3) years from the disclosure of such information by the Disclosing Party to the Receiving Party, except with respect to any Confidential Information that is a trade secret under applicable Law, for which the foregoing obligations will remain in effect so long as such Confidential Information remains a trade secret.
Term and Termination; Suspension.
1. Term. This agreement shall remain in force for a period of thirty (30) days counted from the Effective Date (the “Initial Term”) and will automatically renew for subsequent periods of thirty (30) days (the “Renewal Terms”), unless Crosshatch or App Partner provides the other party hereof with notice of termination no later than ten (10) days prior to the commencement of the next Renewal Term. This Agreement will become effective on the Effective Date and continue in force until this Agreement is terminated pursuant to this ‎Section 10.
2. Termination by App Partner for Breach. Without limiting ‎Section 10(a), App Partner may terminate this Agreement by notice to Crosshatch in the event that Crosshatch materially breaches this Agreement and fails to cure such breach within five (5) days of receiving notice of such breach.
3. Termination by Crosshatch. Without limiting Sections ‎10(a) and ‎12(a):
4. Termination for Breach. In the event that App Partner materially breaches this Agreement and fails to cure such breach within fifteen (15) days of receiving notice of such breach, Crosshatch may terminate this Agreement by notice to App Partner.
5. Suspension. Notwithstanding anything to the contrary herein, Crosshatch may immediately suspend or disconnect App Partner from accessing the relevant Services pursuant to ‎Section 2, ‎Section 4 or the applicable Order Form. Crosshatch may also immediately suspend App Partner from accessing any Service if it reasonably believes that such suspension is necessary to prevent violation of Law, violation of ‎Section 2, infringement of Intellectual Property Rights or imminent harm to Crosshatch, Crosshatch’s networks, or any End User, customer, or other third party. Any such suspension or disconnection shall be without liability to Crosshatch, and, in the event that such suspension is pursuant to ‎Section 2, ‎Section 4 or the applicable Order Form, App Partner will remain responsible for all Service Charges incurred during any period of suspension or disconnection.
6. Effects of Termination. Upon termination of this Agreement, all licenses granted hereunder shall immediately and automatically terminate and App Partner will immediately cease any use of the Services, Crosshatch Content and Crosshatch APIs. Following the termination of this Agreement by either party hereto, Crosshatch shall issue an invoice for all Service Charges due under this Agreement for Services actually rendered through the effective date of termination, which App Partner shall pay within thirty (30) days of receipt.

Warranties.

By Both Parties. Each party hereto warrants to the other party that (i) it is duly organized, validly existing and in good standing; and (ii) the execution and delivery of this Agreement and the transactions contemplated hereby have been duly and validly authorized by all necessary action.
Disclaimer of Crosshatch Warranties. EXCEPT AS EXPLICITLY PROVIDED IN ‎SECTION 11(a), THE SERVICES AND ASSOCIATED DOCUMENTATION AND MATERIALS ARE PROVIDED ON AN “AS-IS” BASIS, WITHOUT WARRANTY OF ANY KIND, AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, CROSSHATCH AND ITS LICENSORS EXPRESSLY DISCLAIM ALL REPRESENTATIONS, WARRANTIES OR CONDITIONS, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE WITH RESPECT THERETO, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, OR THE CONTINUOUS, UNINTERRUPTED, ERROR-FREE, VIRUS-FREE, OR SECURE ACCESS TO OR OPERATION OF THE SERVICES. CROSSHATCH EXPRESSLY DISCLAIMS ANY WARRANTY AS TO THE ACCURACY OR COMPLETENESS OF ANY INFORMATION OR DATA ACCESSED OR USED IN CONNECTION WITH THE SERVICES.
Specific Disclaimers. WITHOUT LIMITING ‎SECTION 11(b), AS THE USE OF THE SERVICES INVOLVES HARDWARE, INTERNET ACCESS AND SOFTWARE, EACH OF WHICH MAY REQUIRE UPDATES OR UPGRADES FROM TIME TO TIME, APP PARTNER ACKNOWLEDGES AND AGREES THAT (I) ITS ABILITY TO ACCESS AND USE THE SERVICES MAY BE AFFECTED BY THE SETTINGS OF APP PARTNER’S HARDWARE, INTERNET ACCESS AND SOFTWARE AND (II) IT IS APP PARTNER’S RESPONSIBILITY TO ENSURE THAT SUCH SYSTEM REQUIREMENTS ARE MET.

Indemnification.

Indemnification by Crosshatch. Crosshatch agrees to indemnify, defend and hold harmless App Partner from and against any losses, damages, costs and expenses (including reasonable attorneys’ fees) (collectively, “Losses”) arising from any claim made by a third party to the extent relating to or arising from (i) Crosshatch’s fraud, willful misconduct or gross negligence in its performance of this Agreement; or (ii) any violation of applicable Law by Crosshatch.
Indemnification by App Partner. App Partner agrees to indemnify, defend and hold harmless Crosshatch and its respective officers, directors and employees from any Losses arising from any claim made by a third party to the extent relating to or arising from (i) App Partner’s fraud, willful misconduct or gross negligence; (ii) breach of this Agreement by App Partner, including any unauthorized access to the Vault or use of End User Data by or on behalf of App Partner; or (iii) any violation of applicable Law by App Partner.
Indemnification Procedures. The indemnified party shall give prompt notice to the indemnifying party of any claim for which indemnification under this ‎Section 12 is applicable, provided that the indemnifying party’s obligations shall not be affected by any delay or failure in respect of such notice except to the extent that the indemnifying party is actually prejudiced thereby. The indemnified party shall reasonably cooperate with the indemnifying party (at the indemnifying party’s expense) in the defense of any indemnified claim. The indemnifying party shall have sole control over the defense of any indemnified claim, except that it may not agree to settle any claim without the indemnified party's prior written consent (not to be unreasonably withheld or delayed), unless such settlement (i) does not impose any liability or other obligation, including any payment obligations (unless such payment obligations are fulfilled by the indemnifying party), on the indemnified party; and (ii) does not include any statement as to, or admission of fault, culpability or failure to act by on behalf of the indemnified party and does not otherwise adversely affect the indemnified party.

Limitation on Liability. CROSSHATCH SHALL NOT BE LIABLE TO APP PARTNER, ITS AFFILIATES OR ANY THIRD PARTY FOR (I) THE COST OF PROCURING SUBSTITUTE PRODUCTS OR SERVICES; (II) ANY UNAUTHORIZED ACCESS TO, OR ALTERATION, THEFT OR DESTRUCTION OF ANY WEBSITES, CONTENT, SOFTWARE, DATA OR INFORMATION THROUGH ANY ACT, OMISSION, ERROR, ACCIDENT NOT DIRECTLY ATTRIBUTABLE TO CROSSHATCH’S GROSSLY NEGLIGENT ACTS OR OMISSIONS OR ANY CIRCUMSTANCES OUTSIDE OF CROSSHATCH’S REASONABLE CONTROL; OR (III) ANY MALFUNCTION OR CESSATION OF SERVICES OF THIRD PARTIES (INCLUDING INTERNET SERVICE PROVIDERS) WHICH MAY AFFECT THE OPERATION OF THE SERVICES. IN NO EVENT SHALL EITHER PARTY HERETO BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES (INCLUDING DAMAGES FOR LOSS OF PROFITS, REVENUES, APP PARTNERS, OPPORTUNITIES, GOODWILL, USE, OR DATA OR DAMAGES FOR BUSINESS INTERRUPTION, BREACH OF DATA, OR THE COST OF SUBSTITUTE PRODUCTS OR SERVICES) ARISING IN CONNECTION WITH THIS AGREEMENT, EVEN IF THE OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. EACH PARTY HERETO AGREES TO TAKE REASONABLE ACTION TO MITIGATE ITS LOSSES. IN NO EVENT SHALL THE LIABILITY OF EITHER PARTY IN CONNECTION WITH THIS AGREEMENT EXCEED AN AMOUNT EQUAL TO THE TOTAL CHARGES PAID BY APP PARTNER TO CROSSHATCH UNDER THIS AGREEMENT IN THE TWELVE (12) MONTHS PRECEDING THE INCIDENT GIVING RISE TO THE APPLICABLE CLAIM. THE LIMITATIONS IN THIS ‎SECTION 13 SHALL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY REMEDY.
Miscellaneous.

Governing Law/Jurisdiction/Waiver of Jury Trial. This Agreement shall be deemed to have been executed in the County and State of New York, and shall be construed and governed in accordance with the Laws of the State of New York (without regard for the conflict of laws principles applied by the Courts of the State of New York). The parties hereby consent to the exclusive jurisdiction of the United States District Court for the Southern District of New York and any of the courts of the State of New York in any dispute arising under this Agreement. EACH PARTY IRREVOCABLY AND UNCONDITIONALLY WAIVES TO THE FULLEST EXTENT PERMITTED BY LAW ANY RIGHT IT MAY HAVE TO A TRIAL BY JURY WITH RESPECT TO ANY ACTION BASED UPON, ARISING OUT OF OR RELATING TO THIS AGREEMENT.
No Waiver. The failure of any party hereto to enforce at any time any of the provisions of this Agreement shall not be construed as a waiver of such provisions or of the right of such party thereafter to enforce any such provisions.
Invalidity and Severability. The invalidity or unenforceability of any particular provision of this Agreement shall not affect the enforceability of other provisions hereof, and this Agreement shall be construed in all respects as if such invalid or unenforceable provisions were omitted.
Entire Agreement; Amendments. Except as expressly set forth herein, this Agreement constitutes the entire agreement of the parties hereto with respect to the subject matter hereof and supersedes any prior contemporaneous oral and written agreements and discussions, including any non-disclosure agreement executed by and between the parties hereto prior to the Effective Date. This Agreement may not be amended orally, nor shall any purported oral amendment or modification (even if accompanied by partial or complete performance in accordance therewith) be of any legal force or effect or constitute an amendment or modification of this Agreement, but rather this Agreement may be amended or modified only by an agreement in writing signed by the parties hereto.
Interpretation. For purposes of this Agreement: (i) “include,” “includes” or “including” shall be deemed to be followed by “without limitation”; (ii) “hereof,” “herein”, “hereby”, “hereto” and “hereunder” shall refer to this Agreement as a whole and not to any particular provision of this Agreement; (iii) “extent” in the phrase “to the extent” shall mean the degree to which a subject or other item extends and shall not simply mean “if”; (iv) the singular includes the plural and vice versa; (v) “any” shall mean “any and all”; (vi) “or” is used in the inclusive sense of “and/or”.
Headings. Headings, titles, and captions contained in this Agreement are inserted only as a matter of convenience and reference and in no way define, limit, extend, or describe the scope of this Agreement or the intent of any provisions hereof.
Relationship of Crosshatch and App Partner. No joint venture, partnership, employment, or agency relationship exists between Crosshatch or the App Partner as a result of this Agreement or the provision or receipt of the Services. Neither Crosshatch nor App Partner shall have any right or authority to assume or create any obligations or to make any representations or warranties on behalf of the other, whether express or implied, or to bind the other in any respect whatsoever.
Assignment. This Agreement may not be assigned by App Partner without the prior written consent of Crosshatch. Crosshatch may assign this Agreement without the prior consent of App Partner to any entity that assumes the performance of the Services. Any purported assignment in violation of this section shall be void.
Notice. Any notices or other communications required or permitted by this Agreement or by Law to be served on or given to either party by the other party to this Agreement shall be in writing and shall be addressed to such party (x) in the case of notice or communication to Crosshatch, at the address set forth in the Preamble or to the following e-mail address: support@crosshatch.io or (y) in the case of notice or communication to App Partner, at the address indicated by App Partner below or to the e-mail address provided by App Partner during login. Such notices and communications shall be deemed duly served, given, or delivered: (i) upon receipt, if delivered personally; (ii) on the next business day, if sent by internationally recognized courier service for next business day delivery; or (iii) on the business day received, if sent by e-mail (provided, that any notice received by e-mail or otherwise at the addressee’s location on any non-business day or any business day after 5:00 p.m. (addressee’s local time) shall be deemed to have been received at 9:00 a.m. (addressee’s local time) on the next business day).
Survival. The provisions of ‎Section 5(a) (Data Ownership, Access and Use; Ownership), Section 7(a) (Intellectual Property Rights; Ownership), ‎Section 9 (Confidentiality), Section 11(b) (Disclaimer of Warranties), ‎Section 12 (Indemnification), ‎Section 13 (Limitation on Liability) and ‎Section 14 (Miscellaneous) will survive the expiration or termination of this Agreement. Expiration or termination of this Agreement for any reason will not affect any payment obligation of App Partner incurred before such expiration or termination.

‍

EXHIBIT A

App Partner Use Case

“Use Case” as used in the Agreement shall mean one of the purposes selected by the App Partner via the Crosshatch portal:

Personalized Travel. Effortlessly find your ideal trip. Get personalized suggestions for destinations, hotels, and activities that match your interests and travel style.

Personalized Retail. Get a seamless shopping experience personalized just for you. Instantly see products, deals, and inspiration tailored to your past purchases and preferences.

Personalized Real Estate. Discover your dream home effortlessly. See personalized listings and insights instantly matched to your budget, desired locations, and favorite styles.

Personalized Social. Connect with content and people tailored just for you. See posts, pages, groups, and event recommendations instantly matched to your interests and activities. Discover new connections and join conversations with like-minded individuals effortlessly.

as well as Internal Evaluation for Testing Sources

Internal Evaluation. Allow App Partner to use your data solely for internal evaluation of the Services to determine whether to enter into a paid commercial relationship with Crosshatch, and not for production access or any other purpose.

‍

EXHIBIT B

Plaid-Provided Data

The terms of this Schedule 1 to the Master Subscription Agreement (the “Agreement”) apply where and only to the extent that the provision of the Services requires App Partner to process of Plaid-Provided Data (defined below) that is provided or made available to App Partner by Crosshatch. Capitalized terms not defined herein shall have the meanings assigned to them in the Agreement. None of the terms and conditions of the Agreement shall be waived or modified by this Schedule 1 but if there is any conflict between any of the provisions of this Schedule 1 and the provisions of the Agreement in relation to the processing of Plaid-Provided Data, the parties agree the provisions of this Schedule 1 shall prevail to the extent of any such conflict and solely with respect to Plaid-Provided Data.

Through the Services, App Partner may have access to information about or of End Users provided to Crosshatch through Plaid Inc. (“Plaid”) by a bank, financial institution, or other data source (each, as designated by Plaid, “FI”, and such information, the “Plaid-Provided Data”).

Restrictions. Unless Plaid specifically agrees in writing, App Partner will not, and will not enable or assist any third-party to: (i) attempt to reverse engineer (except as permitted by law), decompile, disassemble, or otherwise attempt to discover the source code, object code, or underlying structure, ideas, or algorithms of the Plaid services described at https://www.plaid.com (the, “Plaid Services”); (ii) modify, translate, or create derivative works based on the Plaid Services; (iii) make the Plaid Services or information and data of App Partner’s end users (such businesses and consumers, the “End Users”) provided to App Partner via the Plaid Services (such information and data, the “Output”) (or any derivative work thereof) available to, or use the Plaid Services or Output (or any derivative work thereof) for the benefit of, anyone other than App Partner or End Users; (iv) sell, resell, license, sublicense, distribute, rent or lease any Plaid Services or Output to any third-party, or include any Plaid Services or Output (or any derivative work thereof) in a service bureau, time-sharing, or equivalent offering; (v) publicly disseminate information from any source regarding the performance of the Plaid Services or Output; or (vi) attempt to create a substitute or similar service through use of, or access to, the Plaid Services or Output. App Partner will use the Plaid Services and Output only in compliance with (a) the App Partner application, use case, and other restrictions agreed to between Plaid and Crosshatch, (b) the Plaid developer policies (available at https://www.plaid.com/legal), (c) Plaid’s applicable technical user documentation (available at https://www.plaid.com/docs), and (d) any agreements between App Partner and End Users (for clarity, including any privacy policy or statement). Notwithstanding anything to the contrary, the App Partner accepts and assumes all responsibility for complying with all applicable laws and regulations in connection with all of App Partner’s activities involving any Plaid Services, Output, or End User data. App Partner acknowledges and agrees that Plaid is neither a “consumer reporting agency” nor a “furnisher” of information to consumer reporting agencies under the Fair Credit Reporting Act (“FCRA”) and the Output is not a “consumer report” under the FCRA and cannot be used as or in such. App Partner represents and warrants that it will not, and will not permit or enable any third-party to, use the Plaid Services (including Output) as a or as part of a “consumer report” as that term is defined in the FCRA or otherwise use the Plaid Services (including Output) such that the Plaid Services (including Output) would be deemed “consumer reports” under the FCRA. Notwithstanding anything to the contrary, App Partner will be bound by and will only use the Plaid Services or Output in compliance with the terms and conditions set forth herein.
Secondary Investors. Subject to this Section 2, App Partner may request that Plaid or Crosshatch disclose Output or a Crosshatch product or service incorporating Output (collectively, the “Shared Data”) to App Partner’s Secondary Investors. “Secondary Investor” means a third-party investor or purchaser of a financial product originated by App Partner and provided to an End User (e.g., a loan), with which investor or purchaser Plaid maintains a separate technical integration.some text
1. App Partner represents and warrants to Plaid that, before disclosure of Shared Data to any Secondary Investor, App Partner will provide all required notices to and obtain all required consents (including notices and consents required under applicable Law) from the applicable End User with respect to disclosure of Shared Data to such Secondary Investor by Plaid or Crosshatch.
2. Notwithstanding anything to the contrary: (i) App Partner is solely responsible for its own relationships with Secondary Investors and with Crosshatch, including any related billing matters, technical support, or disputes; (ii) App Partner will enter into legally binding written agreements with each Secondary Investor that are consistent with this Section 2 and all applicable terms and conditions of this Schedule 1, including, without limitation, Section 1 (Restrictions); and (iii) App Partner will remain responsible for compliance by Secondary Investors with all of the terms and conditions of this Schedule 1 (including, without limitation, terms relating to use of Output or Shared Data).
3. App Partner will be fully liable for: (i) any breach by App Partner of this Section 2, (ii) any acts or omissions of Secondary Investors, and (iii) any dispute arising among App Partner, Crosshatch, Secondary Investors, and/or End Users relating to the disclosure or use of Shared Data as contemplated in this Section 2.
Privacy and Authorizations. Before any End User engages with Crosshatch products or services which include, are derived from, or incorporate the Plaid Services, the App Partner warrants and will ensure that it provides all notices and obtains all consents required under applicable Law to enable Plaid to process End User data in accordance with Plaid’s privacy policy (currently available at https://www.plaid.com/privacy). App Partner will not (a) make representations or other statements with respect to End User data that are contrary to or otherwise inconsistent with Plaid’s privacy policy or (b) interfere with any independent efforts by Plaid to provide End User notice or obtain End User consent.
WARRANTY; DISCLAIMER; ENFORCEMENT. THE PLAID SERVICES ARE PROVIDED “AS IS.” TO THE FULLEST EXTENT PERMITTED BY LAW, NEITHER PLAID NOR ITS AFFILIATES, SUPPLIERS, LICENSORS, AND DISTRIBUTORS MAKE ANY WARRANTY OF ANY KIND, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR ANY WARRANTY THAT THE PLAID SERVICES ARE FREE FROM DEFECTS. PLAID DOES NOT MAKE ANY WARRANTY AS TO THE OUTPUT THAT MAY BE OBTAINED FROM USE OF THE PLAID SERVICES. PLAID WILL BE AN INTENDED THIRD-PARTY BENEFICIARY OF THE AGREEMENT BETWEEN CROSSHATCH AND APP PARTNER AND MAY DIRECTLY ENFORCE SUCH AGREEMENT AGAINST APP PARTNER, WITHOUT CROSSHATCH’S CONSENT OR PARTICIPATION, BUT SOLELY RELATING TO THE OUTPUT OR PLAID SERVICES PROVIDED BY PLAID TO CROSSHATCH OR APP PARTNER.
FI Data. Through the Services or Plaid Services, App Partner may have access to information about or of End Users provided to Plaid by an FI (such information, the “FI Data”).some text
1. App Partner Obligations.some text
  1. End User Consents. App Partner will provide all notices and obtain all express consents from each End User as required under applicable laws in connection with App Partner’s use, storage and other processing of any FI Data (such notices and consents, the “Express Consents”). Express Consents will be clear and conspicuous and will generally specify the categories of FI Data that App Partner will receive and how App Partner will use, store and otherwise process it, in addition to any other required disclosures under applicable laws. App Partner will maintain records (which may include technical logs, screenshots, versions of Express Consents obtained) to demonstrate its compliance with this Section 5(a)(i) and will promptly provide such records to Plaid upon request.
  2. Scope of Access. App Partner will only access FI Data for which it has obtained Express Consents from the End User for the use case reviewed and permitted by Plaid in writing that is consented to by the applicable End User (such use case, the “Permitted Use Case”). Key factors Plaid will consider during its review include whether the use case is appropriate and useful to provide the End User with the App Partner application that the End User has enrolled in, whether the App Partner application provides a direct benefit to the End User, and whether the use case directly supports the development of new or improved product features for the benefit of End Users, and the jurisdiction(s) in which App Partner operates and/or stores FI Data. If App Partner possesses FI Data that exceeds the scope of the End User’s Express Consents, App Partner will use industry-standard means to permanently and securely delete (“Delete”) such FI Data.
  3. Data Use. App Partner will use, store and otherwise process FI Data solely in accordance with the End User’s Express Consents and applicable laws.
  4. Data Disclosure. App Partner will not disclose, transfer, syndicate or distribute FI Data to any third party (including its permitted service providers) (“Data Sharing”) except in each case with the End User’s Express Consents and in accordance with applicable Laws. Notwithstanding anything to the contrary, App Partner will not sell FI Data.
  5. Data Deletion. App Partner will promptly Delete any FI Data upon request by the applicable End User; provided that App Partner may retain copies of FI Data solely to the extent required by applicable laws.
  6. No Attribution. App Partner will not charge End Users any fees attributable to an FI for (a) access to its FI Data or (b) use of End User’s account with an FI in connection with the Application. In addition, App Partner will not publicize its receipt of FI Data from specific FIs under the Agreement or this Section 5 (FI Data).
  7. No Other Access. App Partner will only access FI Data through the Plaid Services or another manner that uses the FI’s authorized APIs. App Partner will not “screen scrape” data from FIs or collect an End User’s log on credentials for FI accounts, and will not otherwise knowingly obtain from a third party FI Data that was originally sourced through screen scraping. App Partner will immediately Delete any such End User log on credentials in its possession. App Partner will maintain records to demonstrate compliance with this Section 1(vii) and will provide them to Plaid upon request.
  8. Compliance with Laws. App Partner will comply with all applicable privacy, security and other laws, including, as applicable, the Gramm-Leach-Bliley Act, the California Consumer Privacy Act, and all other laws relating to FI Data. App Partner will not use, store, disclose, or otherwise process any FI Data for any purpose not permitted under applicable laws.
  9. Information Security Program. App Partner will maintain a comprehensive written information security program approved by its senior management (“Infosec Program”). The Infosec Program will include administrative, technical and physical measures designed to: (a) ensure the security of FI Data, (b) protect against unauthorized access to or use of FI Data and anticipated threats and hazards to FI Data and (c) ensure the proper disposal of FI Data. The Infosec Program will be appropriate to App Partner’s risk profile and activities, the nature of the Application, and the nature of the FI Data received by App Partner. In any event, the Infosec Program will meet or exceed applicable control objectives captured in industry standards and best practices such as AICPA Trust Service Criteria for Security, NIST 800-53, or ISO 27002 and will comply with applicable laws. App Partner will use up-to-date antivirus software and anti-malware tools designed to prevent viruses, malware and other malicious code in the Application or on App Partner’s systems.
  10. Security Breach Obligations. App Partner will promptly notify Plaid (and in no event after more than twelve (12) hours) upon becoming aware of any Security Breach, providing a description of all known facts, the types of End Users affected, and any other information that Plaid may reasonably request. App Partner will reasonably cooperate with Plaid in investigating and remediating Security Breaches. App Partner will be responsible for the costs of investigating, mitigating, and remediating the Security Breach, including costs of credit monitoring, call centers, support, and other customary or legally required remediation. “Security Breach” means any event that compromises the Application or App Partner’s systems, or that does or reasonably could compromise the security, integrity or confidentiality of FI Data or result in its unauthorized use, disclosure or loss.
  11. FI Confidential Information. If Plaid discloses to App Partner any confidential or proprietary materials of an FI (such materials, “FI Confidential Information”), such materials will be subject to the same obligations that apply to Crosshatch’s Confidential Information under the Agreement, which will in no event be less protective of such information than a reasonable standard of care. FI Confidential Information will also be subject to the same obligations as FI Data under this Section (a) (App Partner Obligations) of this Section 5 (FI Data).
  12. Oversight and Cooperation. App Partner will promptly provide all reasonably necessary information and cooperation requested by Plaid, an FI, or any entity with examination, supervision, or other legal or regulatory authority over Plaid, or an FI. In the event that Plaid has a good faith reason to believe that App Partner is not in material compliance with this Section 5 (FI Data), Plaid will notify App Partner and, at Plaid’s option, App Partner will promptly provide sufficient documentation to demonstrate such material compliance or submit to a third-party audit by a firm selected from a Plaid-approved list of audit firms to verify such compliance. Plaid and FIs may also conduct technical or operational assessments of App Partner, which will be subject to advance notice and will not occur more than once per year unless legally required and materially different in scope from a preceding audit.
  13. Information Sharing. Where required by an FI and to the extent relevant to an App Partner’s access or use of FI Data from that FI, Plaid may share with such FI certain information related to App Partner’s compliance with this Section 5 (FI Data), including with respect to App Partner’s Infosec Program. Plaid will request that such FI treat any such information in a confidential manner.
  14. Insurance. App Partner will maintain insurance coverage appropriate to App Partner’s risk profile and activities, the nature of the App Partner application, and the nature of the FI Data received by App Partner; provided that such coverage will be no less than industry standard and will include cybersecurity liability insurance.
  15. Access Frequency. App Partner will comply with any guidelines provided by Plaid regarding App Partner’s frequency of “batch” pulls of FI Data. Plaid may enforce such guidelines in accordance with its standard practices, which may include throttling, suspension or termination of App Partner’s access.
2. Suspension. Plaid may suspend or terminate App Partner’s access to the Plaid Services or FI Data, in whole or in part, if it believes App Partner has breached this Section 5 (FI Data) or where App Partner’s use of the Plaid Services or FI Data could violate or give rise to liability under any Plaid agreement (including Plaid’s agreement with any FI) or pose a risk of harm, including reputational harm, to any End User, FI, the Plaid Services, or Plaid and its affiliates. In addition, an FI may suspend App Partner’s access to FI Data with respect to such FI.
3. Indemnity. App Partner will indemnify, defend and hold harmless each FI, Plaid, and the affiliates of each of the foregoing from any claims, actions, suits, demands, losses, liabilities, damages (including taxes), costs and expenses arising from or in connection with: (a) any Security Breach resulting in unauthorized disclosure of FI Data or (b) App Partner’s unauthorized or improper use of FI Data (including any unauthorized Data Sharing, transmission, access, display, storage or loss). This Section (c) is not subject to any limitation of liabilities set forth in the Agreement. Each FI is a third-party beneficiary of this Section (c).
4. Modifications. App Partner acknowledges that continued access to FI Data provided by certain FIs may require modifications to this Section 5 (FI Data), and App Partner will accept such modifications to enable App Partner to continue accessing or using the Plaid Services with respect to such FIs. Plaid will use commercially reasonable efforts to notify App Partner of the modifications and the effective date of such modifications through communications via App Partner’s account, email, or other means. If App Partner objects to the modifications, its exclusive remedy is to cease any and all access and use of the Plaid Services as it relates to such FI(s). Continued access or use of such the Plaid Services after the effective date of such modifications to this Section 5 (FI Data) will constitute App Partner’s acceptance of such modifications.
5. Miscellaneous. In the event of a conflict with any other agreement (including the Agreement), the terms and conditions of Section 5 (FI Data) will govern and prevail. Capitalized terms used in this Section 5 (FI Data) and not otherwise defined will have the meanings ascribed to them in the Agreement. All provisions of this Section 5 (FI Data) will remain in force in the event of this Section 5’s (FI Data) or the Agreement’s termination or expiration.