Delfi logo
SolutionsAbout UsResourcesTerms of Service

Terms of Service

Last updated: October 15th, 2024

Overview

Delfi offers a SaaS Solution, which provides AI co-pilot that generates actionable risk management strategies and algorithmic hedging solutions for financial institutions of all size by creating efficient risk management and hedging strategies. These Terms of Service that follow (“Terms of Service”) govern the use of the SaaS Solution and apply to the signed order referencing these Terms of Services (“Order”) between Delfi Labs Inc. (“Delfi”) and the Client indicated in the Order (“Client”) pursuant to which Client subscribes to the SaaS Solution. Copies of these Terms of Service are available for download and printing by using current web browser software and going to https://www.delfi.co

The “Agreement” consists of the Order and these Terms of Service. If there is a conflict between the terms in the Order and these Terms of Service, the terms in the Order will control. The parties may accept or execute an Order in writing, electronically or using any other process specified in the Order. The parties may execute the Order in several counterparts, all of which together constitute one agreement between the parties. This Agreement constitutes the entire agreement between the parties on the subject matter of this Agreement and supersedes all prior or contemporaneous agreements, negotiations, representations, and proposals with respect to the subject matter of this Agreement.

Introduction

1.1        Defined Terms. 

Some defined terms used in these Terms are defined in context; there is also a glossary of defined terms at the end.

1.2       Changes. 

Delfi is constantly trying to improve its offerings. From time to time, Delfi may make changes to these Terms of Service. If Delfi makes a material change to the Terms of Service, Delfi will notify Client and the respective change will become effective 30 days following that notice unless earlier implementation is required by law or is necessary to protect Delfi and/or users of the SaaS Solution. If Client does not agree to the changes made, Client may discontinue use of the SaaS Solution and close Client’s account.

1.3       Contact Delfi. 

Client may contact Delfi regarding the SaaS Solution or these Terms of Service at: info@delfi.co

SaaS Solution

 2.1       SaaS Solution Subscription. 

Subject to the terms and conditions of this Agreement, Delfi hereby grants Client the nonexclusive, nontransferable (except in connection with an assignment permitted by this Agreement), non-sublicenseable right during the Term to permit its Authorized Users to access and use the SaaS Solution and such Delfi Materials as Delfi may supply or make available to Client hereunder solely for  Client and/or its Authorized Users.

2.2       Provision and Operation of SaaS Solution. 

(a) Provision of SaaS Solution. Delfi shall provide to Client the SaaS Solution in accordance with these Terms of Service and the Order, including the operation, provision, maintenance, and management Delfi Systems; Delfi reserves the right to engage and substitute Ordinary Course Providers as it deems appropriate.

(b) Service Level Commitments. Delfi will use commercially reasonable efforts to make the SaaS Solution available 99.98% of the time in a given month, excluding downtime (e.g. caused by a Client, caused by force majeure, scheduled maintenance, third party outages).  

(c) Changes to SaaS Solution. Delfi reserves the right, in its sole discretion, to make any changes to the SaaS Solution and Delfi Materials that it deems necessary or useful.

2.3       Use Limitations and Reservation of Rights.

As between the parties, Delfi reserves all right, title and interest in and to the SaaS Solution and Delfi Materials, including all Intellectual Property Rights therein, except for the limited rights to use the SaaS Solution and Delfi Materials set forth above. Client shall not, and shall not permit any other person or entity to, access or use the SaaS Solution or Delfi Materials except as expressly permitted by this Agreement and, in the case of Ordinary Course Providers, any applicable Ordinary Course Provider license terms. Without limiting the generality of the foregoing, Client shall not, except as this Agreement expressly permits:

(a) copy, modify or create derivative works or improvements of the SaaS Solution or Delfi Materials;

(b) rent, lease, lend, sell, sublicense, assign, distribute, publish, transfer or otherwise make available the SaaS Solution or Delfi Materials to any person or entity;

(c) reverse engineer, disassemble, decompile, decode, adapt or otherwise attempt to derive or gain access to the source code of the SaaS Solution software or Delfi Materials, in whole or in part;

(d) bypass or breach any security device or protection used by the SaaS Solution or access or use the SaaS Solution other than by an Authorized User through the use of his/ her own then valid Access Credentials;

(e) input, upload, transmit or otherwise provide to or through the SaaS Solution or Delfi Systems, any information or materials that are unlawful or injurious, or contain, transmit or activate any Harmful Code;

(f) damage, destroy, disrupt, disable, impair, interfere with or otherwise impede or harm in any manner the SaaS Solution, Delfi Systems or Delfi’s provision of services to any third party, in whole or in part;

(g) remove, delete, alter or obscure proprietary rights notices or disclaimers from the Delfi Materials;

(h) access or use the SaaS Solution or Delfi Materials in any manner or for any purpose that infringes, misappropriates or otherwise violates any Intellectual Property Right or other right of any third party (including by any unauthorized access to, misappropriation, use, alteration, destruction or disclosure of the data of any other Delfi Client), or that violates any Applicable Law; or

(i) access or use the SaaS Solution or Delfi Materials for purposes of competitive analysis of the SaaS Solution or Delfi Materials, the development, provision or use of a competing software service or product or any other purpose that is to the Delfi’s detriment or commercial disadvantage.

2.4       Suspension or Termination of SaaS Solution Access.

Delfi may, directly or indirectly, including by use of a Delfi Disabling Device or any other lawful means, suspend, terminate or otherwise deny Client’s, any Authorized User’s or any other person’s access to or use of all or any part of the SaaS Solution without incurring any resulting obligation or liability, if:

(a) Delfi receives a judicial or other governmental demand or order, subpoena or law enforcement request that requires Delfi to do so;

(b) Client fails to pay any undisputed amounts due under this Agreement within ten days following written notice thereof; or

(c) Delfi believes, in its discretion, that: (i) Client or any Authorized User has failed to comply with any material term of this Agreement; (ii) Client or any Authorized User is, has been, or is likely to be involved in any fraudulent, misleading or unlawful activities relating to or in connection with the SaaS Solution; (iii) this Agreement expires or is terminated; (iv) Client or any Authorized User has failed to maintain the Client Systems such that Delfi’s performance hereunder is no longer practicable; or (v) Client’s or any Authorized User’s use of the SaaS Solution poses a security risk or threat to the function of the SaaS Solution, or to Delfi, its Affiliates, any TP Cloud Provider or any other third party. Delfi will restore Client’s or its Authorized User’s suspended access and use rights promptly after such entity resolves the issue giving rise to the limitation (if resolvable) and, where the suspended party is an Authorized User, after Client agrees to such restoration of the SaaS Solution service. This Section does not limit any of Delfi’s other rights or remedies, whether at law, in equity or under this Agreement.

Client Obligations

3.1       Client’s Management.

Client has and will retain sole control over the operation, maintenance, and management of, and all access to and use of, the Client Systems, and sole responsibility for all access to and use of the SaaS Solution and Delfi Materials by any person or entity by or through the Client Systems and any other means controlled by Client or any Authorized User. Within Client’s infrastructure, Client is responsible for properly configuring and using the SaaS Solution in a manner that provides security and redundancy, such as, for example, using enhanced access controls to prevent unauthorized access to the SaaS Solution, using encryption technology to prevent unauthorized access, and ensuring the appropriate level of backup to prevent loss of information. If Client becomes aware of any actual or threatened activity prohibited by the provisions of these Terms of Service or unauthorized use of any Access Credentials or any other known or suspected breach of security of the SaaS Solution, Client shall immediately:

(a) take all reasonable and lawful measures within their respective control that are necessary to stop the activity or threatened activity and to mitigate its effects and permanently erase from their systems and destroy any data to which any of them have gained unauthorized access; and

(b) notify Delfi of any such actual or threatened activity

3.2       Reservation of Company’s Rights; Ownership.

Other than as expressly provided in this Agreement, Client is not granted any right or license under, and Client shall not use any Delfi Confidential Information or any Delfi Intellectual Property Rights, including, but not limited to the SaaS Solution and the Delfi Materials, and Delfi reserves all rights related thereto. No other right or license is to be implied by or inferred from this Agreement’s terms or Delfi’s conduct.

3.3       Compliance.

Client shall comply with, and is solely responsible for its compliance with, Applicable Laws related to the manner in which Client chooses to use the SaaS Solution.

3.4       Effect of Client Failure or Delay.

Delfi is not responsible or liable for any delay or failure of performance caused in whole or in part by Client’s delay in performing, or failure to perform, any of its obligations under this Agreement.

Fees; Payment Terms

4.1       Fees.

Client shall pay Delfi the fees set forth in the Order (“Fees”) . Unless otherwise set forth in an Order, Client shall pay all Fees in U.S. dollars within 30 days after the date of the invoice therefor without deduction or setoff. If Client fails to make any payment when due, then in addition to all other remedies that may be available (a)  Delfi may charge interest on the past due amount at a rate equal to the lesser of 1% per month or the highest rate allowed by Applicable Law; and (b) Client shall reimburse Delfi for all costs incurred by Delfi in collecting any late payments or interest, including attorneys’ fees, court costs and collection agency fees

4.2       Fee Increases.

Unless otherwise set forth in an Order, Delfi may increase Fees no more than once every twelve (12) months or at any renewal of an Order by providing written notice to Client at least sixty (60) calendar days prior to the change or beginning of the renewal.

4.3       Additional Charges.

Out-of-pocket expenses, if any, shall be billed to Client as set forth in an Order.

4.4       Taxes.

All Fees and other amounts payable by Client under this Agreement are exclusive of taxes and similar assessments. Client is responsible for such taxes and similar assessments, including all sales, use and excise taxes, and any other similar taxes, duties and charges of any kind imposed by any federal, state or local governmental or regulatory authority on any amounts payable by Client hereunder, other than any taxes imposed on Delfi’s income.

4.5       Fee Dispute.

If Client objects to any portion of an invoice in good faith, Client shall so notify Delfi identifying the specific cause of the disagreement and the amount in dispute in writing no later than the date the invoice is otherwise due for payment. Client shall pay that portion of the invoice not in dispute in accordance with the other payment terms of this Terms of Service.  Any dispute over invoiced amounts due that cannot be resolved within thirty (30) calendar days after Client notifies Delfi of the dispute by direct negotiation between the Parties shall be resolved in accordance with the Dispute Resolution provisions of this Terms of Service.

Data

5.1       Client Data.

As between Client and Delfi, Client is and will remain the sole and exclusive owner of all rights, title and interest in and to all Client Data. Delfi is providing the SaaS Solution hereunder as a service provider to Client and Delfi shall only process Client Data: (1) to provide the SaaS Solution and related obligations under this agreement; (2) to retain and employ another service provider as a subcontractor; (3) for internal use to build or improve the quality of its services; (4) to detect data security incidents, or protect against fraudulent or illegal activity; (5) to comply with Applicable Laws; (6) to comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities; (7) to cooperate with law enforcement agencies concerning conduct or activity that Delfi or a third party believes may violate law; (8) to exercise or defend legal claims; or (9) as authorized by Client.

5.2       Protection of Client Data.

Delfi will implement and maintain reasonable and appropriate technical, physical, and administrative safeguards designed to secure Client Data against accidental or unlawful loss, access or disclosure. The data protection addendum located in Schedule C (Data Protection Addendum) describes the privacy and security obligations related to Delfi’s handling of Client Data.

5.3       Usage Data.

As between the parties, Delfi owns, without restriction, all rights, including all Intellectual Property Rights, in the statistical usage data derived from the operation of the SaaS Solution, including data regarding web applications utilized in connection with the SaaS Solution, configurations, log data, and the performance results for the services (“Usage Data”).

Confidentiality

6.1       Confidential Information.

In connection with this Agreement, each party may disclose or make available Confidential Information to the other party. Subject to Section 9.2, “Confidential Information” means the terms of this Agreement and all non-public information of the disclosing party in any form or medium, including, but not limited to, information consisting of or relating to the disclosing party’s technology, trade secrets, know-how, business operations, plans, strategies, Clients and pricing, and information with respect to which the disclosing party has contractual or other confidentiality obligations, in each case whether or not marked, designated or otherwise identified as “confidential”.

6.2       Exclusions.

Confidential Information does not include information that the receiving party can demonstrate by written or other documentary records: (a) was rightfully known to the receiving party without restriction on use or disclosure prior to such information’s being disclosed or made available to the receiving party in connection with this Agreement; (b) was or becomes generally known by the public other than by the receiving party’s or any of its Representatives’ noncompliance with this Agreement; (c) was or is received by the receiving party on a non-confidential basis from a third party that, to the receiving party’s knowledge, was not or is not, at the time of such receipt, under any obligation to maintain its confidentiality; or (d) the receiving party can demonstrate by written or other documentary records was or is independently developed by the receiving party without reference to or use of any Confidential Information of the disclosing party.

6.3       Protection of Confidential Information.

The receiving party shall (a)  not access or use Confidential Information other than as necessary to exercise its rights or perform its obligations under and in accordance with this Agreement, and (b) safeguard the Confidential Information from unauthorized use, access or disclosure using at least the degree of care it uses to protect its similarly sensitive information and in no event less than a reasonable degree of care. Except as may be permitted by and subject to its compliance with Section 6.4, the receiving party shall not disclose or permit access to Confidential Information other than to its Representatives who: (i) need to know such Confidential Information for purposes of the Receiving Party’s exercise of its rights or performance of its obligations under and in accordance with this Agreement; and (ii) are bound by written confidentiality and restricted use obligations at least as protective of the Confidential Information as the terms set forth in this Section 6. The receiving party shall ensure its Representatives’ compliance with and be responsible and liable for any of its Representatives’ non-compliance with, the terms of this Section 6.

6.4       Compelled Disclosures.

If the receiving party is compelled by Applicable Law to disclose any Confidential Information then, to the extent permitted by Applicable Law, the receiving party shall: (a) promptly, and prior to such disclosure, notify the disclosing party in writing of such requirement so that the disclosing party can seek a protective order or other remedy; and (b) provide reasonable assistance to the disclosing party, at the disclosing party’s sole cost and expense, in opposing such disclosure or seeking a protective order or other limitations on disclosure. if the disclosing party waives compliance or, after providing the notice and assistance required under this Section, the receiving party remains required by law to disclose any Confidential Information, the receiving party shall disclose only that portion of the Confidential Information that, on the advice of the receiving party’s legal counsel, the receiving party is legally required to disclose and, on the disclosing party’s request, shall use commercially reasonable efforts to obtain assurances from the applicable court or other presiding authority that such Confidential Information will be afforded confidential treatment.

Term and Termination

7.1       Term.

This Agreement will continue for the period set forth in the Order, unless the Agreement is earlier terminated as set forth in this Agreement.

7.2       Termination.

A party may terminate this Agreement for convenience subject to the timeframe listed in the Order by notifying the other party in writing. A party may terminate Agreement by notifying the other party in writing:

(a)  if the other party commits a material breach of this Agreement, and such breach: (i) is incapable of cure; or (ii) being capable of cure, remains uncured 30 days after the breaching party receives written notice of such breach from the non-breaching party; or

(b) if the other party (i) becomes insolvent or is generally unable to pay, or fails to pay, its debts as they become due; (ii) files or has filed against it, a petition for voluntary or involuntary bankruptcy or otherwise becomes subject, voluntarily or involuntarily, to any proceeding under any domestic or foreign bankruptcy or insolvency law; (iii) makes or seeks to make a general assignment for the benefit of its creditors; or (iv) applies for or has appointed a receiver, trustee, custodian or similar agent appointed by order of any court of competent jurisdiction to take charge of or sell any material portion of its property or business.

7.3       Effect of Expiration or Termination.

Upon any expiration or termination of this Agreement, except as expressly otherwise provided in this Agreement:

(a)  all rights, licenses, consents and authorizations granted by Delfi hereunder will immediately terminate;

(b)  Client shall immediately cease all use of any SaaS Solution and Delfi Materials and (i) within 30 days return to Delfi or destroy, all Delfi Materials or Delfi’s Confidential Information; (ii) permanently erase all Delfi Materials and Delfi’s Confidential Information from all systems that Client directly or indirectly controls; and (iii) upon request; certify to Delfi in a signed, written instrument that it has complied with the requirements of this Section; and

(c)  Delfi may disable all Client and Authorized User access to the SaaS Solution and Delfi Materials Delfi will within 30 days of termination and shall (i) return or destroy all Client Data and Client Confidential Information, (ii) permanently erase all Client Data and Client’s Confidential Information from all systems that Delfi directly or indirectly controls; and (iii) upon request certify to Client in a signed, written instrument that it has complied with the requirements of this Section; except that Delfi is not, in connection with the foregoing obligations, be required to delete Client’s Confidential Information or Client Data held electronically in archive or backup systems in accordance with Delfi’s general systems archiving or backup policies.

7.4       Surviving Terms.

Any other right or obligation of the parties in this Agreement that, by its nature, should survive termination or expiration of this Agreement, will survive any expiration or termination of this Agreement, including but not limited to Sections 4, 6, 7.3, 7.4, 8.2, 9, 10, 12, 13, 14, and 17.

Representations and Warranties

8.1       Mutual Representations and Warranties.

Each party represents and warrants to the other party that:  (a)  it is duly organized, validly existing and in good standing as a corporation or other entity under the laws of the jurisdiction of its incorporation or other organization; and (b) it has the full right, power and authority to enter into and perform its obligations and grant the rights, licenses, consents and authorizations it grants or is required to grant under this Agreement and its performance hereunder does not breach any other agreement to which it is bound.

8.2       Disclaimer.

THE SAAS SOLUTION AND DELFI MATERIALS ARE PROVIDED “AS IS,” AND DELFI HEREBY DISCLAIMS ALL WARRANTIES, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT OR ARISING FROM COURSE OF DEALING, USAGE OR TRADE PRACTICE. WITHOUT LIMITING THE FOREGOING, DELFI MAKES NO WARRANTY OF ANY KIND THAT THE SAAS SOLUTION OR DELFI MATERIALS WILL MEET CLIENT’S OR ANY OTHER PERSON’S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE OR ERROR FREE. ALL THIRD-PARTY MATERIALS ARE PROVIDED “AS IS.

Indemnification

9.1       Delfi Indemnification.

Delfi shall defend any claim brought by a third party against Client that Client’s or an Authorized User’s use of the SaaS Solution or Delfi Materials in compliance with this Agreement infringes a U.S. Intellectual Property Right, and shall indemnify Client for any award of damages and costs made against Client in a final judgment by a court of competent jurisdiction, or any amount in settlement, arising out of the claim. The foregoing obligation does not apply to the extent arising out of or relating to any: (a) access to or use of the SaaS Solution or Delfi Materials in combination with any hardware, system, software, network or other materials or service not provided or authorized writing by Delfi; (b)   modification of the SaaS Solution or Delfi Materials other than by Delfi or its agents; (c) Client Data or any other materials not provided by Delfi; or (d)  abuse, misuse, alteration or use of the SaaS Solution or (d) any act, omission or other matter described in Section 9.2 whether or not the same results in any claim against Delfi or Client. If either of the SaaS Solution or Delfi Materials are, or in Delfi’s opinion are likely to be, claimed to infringe, misappropriate, or otherwise violate any third-party Intellectual Property Right, or if Client’s or any Authorized User’s use of the SaaS Solution or Delfi Materials is enjoined or threatened to be enjoined, Delfi may, at its option and sole cost and expense: (i) obtain the right for Client to continue to use the SaaS Solution and Delfi Materials materially as contemplated by this Agreement;  (ii)  modify or replace the SaaS Solution and Delfi Materials, in whole or in part, to seek to make the SaaS Solution and Delfi Materials (as so modified or replaced) non-infringing, while providing materially equivalent features and functionality; or (iii) by written notice to Client, terminate this Agreement, and require Client to immediately cease any use of the SaaS Solution and Delfi Materials, in which case Delfi shall return to Client a prorated portion (calculated on a daily basis as of the date of notification of termination by Delfi) of any license fees which have been prepaid for the period of time for which Client will no longer receive access to the SaaS Solution. THIS SECTION SETS FORTH CLIENT’S SOLE REMEDIES AND DELFI’S SOLE LIABILITY AND OBLIGATION FOR ANY ACTUAL, THREATENED OR ALLEGED CLAIMS THAT THE DELFI MATERIALS OR SAAS SOLUTION INFRINGES ANY THIRD-PARTY INTELLECTUAL PROPERTY RIGHT.

9.2       Client Indemnification.

Client shall defend any claim brought by a third party against Delfi and its Ordinary Course Providers, that arises out of any (a) allegation that Client Data or any other materials or information provided by or on behalf of Client or any Authorized User, including Delfi’s compliance with any specifications or directions provided by or on behalf of Client or any Authorized User, infringes a U.S. Intellectual Property Right;  or (b)  Client’s breach of Sections 2.3, 3.1, or 3.3 of this Agreement; and shall indemnify them for any award of damages and costs made against them in a final judgment by a court of competent jurisdiction, or any amount in settlement, arising out of the claim.

9.3       Indemnification Procedure.

Each party shall promptly notify the other party in writing of any claim for which such party believes it is entitled to be indemnified. The indemnified party shall cooperate with the indemnifying party at the Indemnifying party’s sole cost and expense. The indemnifying party shall immediately take control of the defense and investigation of such claim and shall employ counsel to handle and defend the same, at the indemnifying party’s sole cost and expense. The indemnified party’s failure to perform any obligations under this Section 9.3 will not relieve the indemnifying party of its obligations under this Section 9 except to the extent that the indemnifying party can demonstrate that it has been materially prejudiced as a result of such failure. The indemnified party may participate in and observe the proceedings at its own cost and expense with counsel of its own choosing.

Limitations of Liability

10.1    Exclusion Of Damages.

IN NO EVENT WILL EITHER PARTY BE LIABLE UNDER OR IN CONNECTION WITH THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR OTHERWISE, FOR ANY: (A) LOSS OF PRODUCTION, USE, BUSINESS, REVENUE OR PROFIT OR DIMINUTION IN VALUE; (B) LOSS, DAMAGE, CORRUPTION OR RECOVERY OF DATA; OR (C) CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, ENHANCED OR PUNITIVE DAMAGES, REGARDLESS OF WHETHER SUCH PERSONS WERE ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE, AND NOTWITHSTANDING THE FAILURE OF ANY AGREED OR OTHER REMEDY OF ITS ESSENTIAL PURPOSE.

10.2    Liability Cap.

EXCEPT WITH RESPECT TO A PARTY’S INDEMNIFICATION OBLIGATIONS HEREUNDER OR VIOLATION OF THE LICENSE RESTRICTIONS REGARDING THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, EACH PARTY’S AGGREGATE LIABILITY TO THE OTHER UNDER THIS AGREEMENT, WHETHER IN, TORT, CONTRACT OR OTHERWISE, SHALL NOT EXCEED IN THE AGGREGATE THE TOTAL FEES PAID BY CLIENT TO DELFI DURING THE 12-MONTH PERIOD PRECEDING THE DATE ON WHICH THE EVENT GIVING RISE TO THE LIABILITY AT ISSUE OCCURRED. IF THE FIRST SUCH CLAIM IS MADE DURING THE FIRST 12 MONTHS OF THE TERM, THEN FOR PURPOSES OF CALCULATING THE LIABILITY LIMIT UNDER THIS SECTION, THE AMOUNT OF FEES RECEIVED DURING THE PERIOD PRECEDING THE EVENT GIVING RISE TO LIABILITY SHALL BE ANNUALIZED. WITH RESPECT TO A PARTY’S INDEMNITY OBLIGATIONS HEREUNDER, EACH PARTY’S AGGREGATE LIABILITY TO THE OTHER DURING THE TERM SHALL NOT EXCEED THREE TIMES (3X) THE TOTAL FEES PAID BY CLIENT TO DELFI DURING THE TWELVE-MONTH PERIOD PRECEDING THE DATE ON WHICH THE EVENT GIVING RISE TO THE LIABILITY AT ISSUE OCCURRED. IF THE FIRST SUCH CLAIM IS MADE DURING THE FIRST TWELVE MONTHS OF THE TERM, THEN FOR PURPOSES OF CALCULATING THE LIABILITY LIMIT UNDER THIS SECTION, THE AMOUNT OF FEES RECEIVED DURING THE PERIOD PRECEDING THE EVENT GIVING RISE TO LIABILITY SHALL BE ANNUALIZED.

Force Majeure

11.1    Force Majeure.

In no event will either party be liable or responsible to the other party or be deemed to have defaulted under or breached this Agreement, for a Force Majeure Event. Either party may terminate this Agreement if a Force Majeure Event affecting the other party continues substantially uninterrupted for a period of ninety (90) days or more. In the event of any failure or delay caused by a Force Majeure Event, the affected party shall give prompt written notice to the other party stating the period of time the occurrence is expected to continue and use commercially reasonable efforts to end the failure or delay and minimize the effects of such Force Majeure Event.

Governing Law

12.1    Governing Law.

This Agreement is governed by the laws of the State of Delaware without regard to any conflicts of law rules.

Dispute Resolution

13.1    Dispute Resolution.

Before initiating legal action against the other relating to a dispute herein, the parties agree to work in good faith to resolve disputes arising out of this Agreement. To this end, either party may request that each party designate an officer or other management employee with authority to bind such party to meet to resolve the dispute. If the dispute is not resolved within thirty (30) days of the commencement of informal efforts under this paragraph, either party may pursue formal legal process. This paragraph will not apply if expiration of the applicable time for bringing an action is imminent and will not prohibit a party from pursuing injunctive or other equitable relief to which it may be entitled.

Equitable Relief

14.1    Equitable Relief.

A breach or threatened breach by a party of any of its restrictions on use or disclosure in Section 2.3, 5.2, or 6 would cause the other party irreparable harm for which monetary damages would not be an adequate remedy and agrees that, in the event of such breach or threatened breach, the other party will be entitled to equitable relief, without any requirement to post a bond or other security, or to prove actual damages or that monetary damages are not an adequate remedy. Such remedies are not exclusive and are in addition to all other remedies that may be available at law, in equity or otherwise.

Notices

15.1    Notices.

All notices, requests, consents, claims, demands, waivers, and other communications under this Agreement have binding legal effect only if in writing and addressed to a party at its address in the Order (or to such other address or such other person that such party may designate from time to time in accordance with this Section) will be deemed effectively given: (a) upon receipt when delivered in person or by nationally recognized overnight courier; (b) two days after the date mailed by certified or registered mail, return receipt requested, postage prepaid; or (c) if sent by email, upon confirmation of receipt or upon delivery if sent by email via a commercially available email service which provides the sender legally valid and court admissible evidence of email correspondence.

Assignment

16.1    Assignment.

Neither party may assign this Agreement without the prior written consent of the other, except that either party may assign this Agreement as a whole to an Affiliate or in connection with the sale of all or substantially all of the business or assets of such party including any merger, consolidation, or other reorganization of such party. Any purported assignment in violation of this Section is void. This Agreement is binding upon and inures to the benefit of the parties hereto and their respective permitted successors and assigns.

Independent Contractors

17.1    Independent Contractors.

The parties are independent contractors and their relationship is nonexclusive. Nothing contained in this Agreement shall be construed as creating any agency, Clientship, joint venture or other form of joint enterprise, employment or fiduciary relationship between the parties, and neither party shall have authority to contract for or bind the other party in any manner whatsoever.

Miscellaneous

18.1   Miscellaneous.

There are no third-party beneficiaries to this Agreement. Except as expressly provided above in Section 1, no waiver, amendment or modification of any provision of this Agreement will be effective unless it is in writing, refers to this Agreement, and is signed by authorized representatives of the parties.  No failure or delay by either party to exercise any right, power, or remedy constitutes a waiver of that right, power, or remedy.  A party’s waiver of the performance of any covenant or any breach is not to be construed as a waiver of any succeeding breach or of any other covenant. If any provision of this Agreement requires judicial interpretation, this Agreement is not to be more strictly construed against one party than the other. If any provision of this Agreement is declared invalid by a court of competent jurisdiction, the provision will be ineffective only to the extent of the invalidity, so that the remainder of that provision and all remaining provisions of this Agreement will continue in full force and effect. During the term of these Terms, (a) Client agrees to participate in case studies and other similar marketing efforts reasonably requested by Delfi; (b) Delfi may disclose that Client is a Delfi customer to third parties; and (c) Delfi may include on and in Delfi’s website, case studies, marketing materials, and conference presentations and other speaking opportunities, Client’s testimonials and other feedback regarding the Services, name, website URL, use case, and logo and other marks. Upon request from Client, Delfi will promptly stop making the disclosure and use described in the foregoing sentence except to the extent already included in any then-existing materials.

Glossary

Glossary

“Access Credentials” means any username, identification number, password, license or security key, security token, PIN or other security code, method, technology, or device used, alone or in combination, to verify a user’s identity and authorization to access and use the SaaS Solution.

“Affiliate” means any entity that is directly or indirectly Controlled by, Controlling, or under common Control with an entity, where “control” used above means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

“Applicable Law” means with respect to any person or entity any federal, state, local or foreign statute, law, ordinance, regulation, rule, code, order, constitution, treaty, common law, judgment, decree or other requirement of any federal, state, local or foreign government or political subdivision thereof, or any arbitrator, court or tribunal of competent jurisdiction that is binding upon or applicable to such person or entity.

“Authorized User” means one individual natural person, whether an employee, business Client, contractor, or agent of Client or its Affiliates who is registered by Client in Client’s Saas Solution to use the Delfi services. An Authorized User must be identified by a unique username, and two or more persons may not use the Delfi services as the same Authorized User. If the Authorized User is not an employee of Client, use of the Delfi services will be allowed only if the user is under confidentiality obligations with Client at least as restrictive as those in the Terms of Service and is accessing or using the Delfi services solely to support Client’s and/or Client Affiliates’ internal business purposes.

“Client Data” means information, data and other content that is collected, downloaded, or otherwise received, directly or indirectly from Client or an Authorized User by or through the SaaS Solution, including the information submitted by or about Authorized Users.

“Client Systems” means Client’s information technology infrastructure, including, without limitation any on-premises components required to enable or fully leverage the SaaS Solution, as well as computers, software, hardware, databases, electronic systems and networks, whether operated directly by Client or through the use of third-party service providers.

“Force Majeure Event” means any act, event or cause, except in relation to obligations to make payments under this Agreement, beyond the reasonable control of the party affected by that event and not otherwise due to such party’s negligence including, without limitation, any act of God or any public enemy, fire, flood, epidemic, pandemic, breakdown of or damage to equipment or facilities, inability to obtain or unavailability of materials, strikes, war, sabotage, riot, national emergency, embargo, decree or order of any government, governmental authority or court. With respect to Delfi, a “Force Majeure Event” also includes failures or delays arising from or related to a TP Cloud Provider’s acts or omissions.

“Harmful Code” means any software, hardware or other technology, device or means, including any virus, worm, malware or other malicious computer code, the purpose or effect of which is to (a) permit unauthorized access to, or to destroy, disrupt, disable, distort, or otherwise harm or impede in any manner (i) any computer, software, firmware, hardware, system or network or (ii) any application or function of any of the foregoing or the security, integrity, confidentiality or use of any data processed thereby, or (b) prevent Client or any Authorized User from accessing or using the SaaS Solution or Delfi Systems as intended by this Agreement. Harmful Code does not include any Delfi Disabling Device.

“Intellectual Property Rights” means any and all registered and unregistered rights granted, applied for or otherwise now or hereafter in existence under or related to any patent, copyright, trademark, trade secret, database protection or other intellectual property laws, and all similar or equivalent rights or forms of protection, in any part of the world.

“Ordinary Course Providers” means TP Cloud Providers and other service providers used by Delfi to support the provision of the SaaS Solution in the ordinary course of its business and not specifically for Client.

“Representatives” means, with respect to a party, that party’s and its Affiliates’ employees, officers, directors, consultants, agents, independent contractors, service providers, sublicensees, Ordinary Course Providers and legal advisors.

“SaaS Solution” means the software as a service available through www.delfi.co

“Support Services” means the services that Delfi offers to Clients to assist with questions about and problems with the SaaS Solution.

“Delfi Disabling Device” means any software, hardware or other technology, device or means used by Delfi or its designee to disable Client’s or any Authorized User’s access to or use of the SaaS Solution automatically with the passage of time or under the positive control of Delfi or its designee.

“Delfi Materials” means the SaaS Solution, documentation and Delfi Systems and all other information, data, documents, materials, works, devices, and other technologies and inventions, including any deliverables, technical or functional descriptions, or requirements, that are provided or used by Delfi or any Ordinary Course Providers in connection with the SaaS Solution or that otherwise comprise or relate to the SaaS Solution or Delfi Systems.

“Delfi Personnel” means all individuals involved in the performance hereunder as employees, agents or independent contractors of Delfi or any Ordinary Course Providers.

“Delfi Systems” means the information technology infrastructure used by or on behalf of Delfi in providing the SaaS Solution, including computers, software, hardware, databases, electronic systems (including database management systems) and networks, whether operated directly by Delfi or through the use of third-party services.

“TP Cloud Provider” means a third-party service provider who provides cloud services, including hosting services, to Delfi and/or its service providers with respect to infrastructure, databases, and operations necessary for Delfi to perform hereunder.

Schedule C - Data Protection Addendum

Schedule C – Data Protection Addendum

This Data Protection Addendum (this Addendum) is made a part of the Agreement to which it is attached.  This Addendum sets forth additional protections regarding Client Data.

  1.         Definitions.

In addition to any terms defined elsewhere in the Addendum or Agreement, the following terms have the following meanings:

“Data Protection Laws” means all Applicable Laws regarding the privacy, security, or Processing of Personal Information.

“Personal Information” means any information constituting Client Data (1) relating to an identified or identifiable natural person; and (2) any information defined as “personally identifiable information,” “personal information,” “personal data” or similar terms as such terms are defined under Applicable Laws that Delfi processes in connection with the SaaS Solution hereunder.

“Security Incident” means any unauthorized access to, or use or disclosure of, Personal Information in Delfi’s possession or control.

“Processed”“Process” and “Processing” means any operation or set of operations which is performed on Client Data or on sets of Client Data, whether or not by automated means, such as creation, collection, sale, retention, deidentification, aggregation, accessing, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, transmission, disclosure, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

  1.         Compliance.

Delfi shall comply with all applicable Data Protection Laws. Delfi also shall maintain an appropriate level of data security certification established by a qualified third-party certification body and regularly obtain an assessment of its Security Program (as defined below) consistent with industry best practices. In its use of the SaaS Services, Client will comply with the Data Protection Laws, including any applicable requirements to provide notice to and/or obtain consent from individuals for Processing of Client Data. Client shall be solely responsible for the accuracy, quality, and legality of Client Data and the means by which Client acquired Client Data.

  1.         Security Program.

Delfi has implemented and will maintain a comprehensive written privacy and data security program (“Security Program”) that complies with Data Protection Laws; incorporates appropriate administrative, technical, and physical safeguards designed to ensure the security, confidentiality, integrity, and availability of Client Data, to protect against any threats or hazards to the security, confidentiality, integrity, or availability of Client Data, and to protect against unauthorized Processing of Client Data (including unauthorized access to, use of, and disclosure of Client Data). Delfi’s Security Program shall include at least the following safeguards:

3.1       Appropriate user authentication controls, including secure methods of assigning, selecting, and storing access credentials, restricting access to active users, blocking access after a reasonable number of failed authentication attempts, and multi-factor authentication;

3.2       Appropriate secure access controls, including controls that limit access to Client Data to individuals that have a need-to-know, supported by policies, protocols and controls to facilitate access authorization, establishment, modification and termination;

3.3       Appropriate ongoing training and awareness programs designed to ensure workforce members and others acting on Delfi’s behalf are aware of and adhere to Security Program policies, procedures, and protocols, including training on Delfi’s privacy and data security obligations, Delfi’s administrative, physical, and technical safeguards, handling, use, and disposal of Client Data, and threats to the privacy, confidentiality, integrity, availability, or security of Client Data, including social engineering, phishing, and hacking threats;

3.4       Appropriate monitoring of systems and other technical security measures, including firewall protection, antivirus protection, security patch management, logging of access to or use or disclosure of data, and intrusion detection;

3.5       Appropriate business resumption, data backup, continuity, and contingency plans and safeguards and disaster recovery plans and safeguards, including at a minimum a disaster recovery/business continuity plan (“BCP”) designed to ensure that Delfi can continue to provide the services and protect Client Data in compliance with the Agreement and this Addendum in the event of: (i) a disaster, (ii) another event that could result in the interruption of Delfi’s capability to perform its obligations to Client under this Agreement; or (iii) another BCP-triggering event (as may be defined in the BCP).

3.6       Appropriate regular and timely adjustments to Delfi’s Security Program based on: periodic risk assessments; regular comprehensive evaluations (such as third-party assessments) of Delfi’s Security Program; monitoring and regular testing of the effectiveness of safeguards, including vulnerability assessment and penetration testing; and a review of safeguards at least annually and whenever there is a material change in Delfi’s technical environment or business practices that may implicate the confidentiality, availability, integrity, or security of Client Data, or Delfi’s information systems;

3.7       Secure disposal of Client Data;

3.8       Appropriate facility security measures, including access controls, designed to prevent unauthorized access to premises, information systems, and data;

3.9       Appropriate security checks and vetting of employees and other individuals with access to Client Data, including through background checks;

3.10     Appropriate safeguards that conform with industry best practices and that ensure the services are not impacted by, and are free of, any computer program routines, devices, code, instructions, or features capable of accessing, modifying, deleting, damaging, disabling, deactivating, interfering with access to, or otherwise harming Client Data;

3.11     Appropriate encryption of all Client Data that constitutes Personal Information in transit and at rest. Delfi’s encryption shall meet industry standards and be sufficient to support application of legal safe harbors and effectively prevent unauthorized access in the event of a security incident.

3.12     Logical segmentation of Client Data from data of others.

  1.         Unauthorized Processing of Client Data.

Delfi shall not Process Client Data, nor permit the Processing of Client Data, except pursuant to the Agreement. For the avoidance of doubt, Delfi shall not sell any Personal Information, and Delfi shall not retain, use, or disclose Personal Information outside of the direct business relationship between Delfi and Client. The parties acknowledge that Client is not selling or providing any Personal Information to Delfi in return for monetary or other consideration. Delfi certifies that it understands the restrictions set forth in this section and will comply with them.

  1.         Security Incidents.

5.1       Delfi agrees to notify Client without undue dela after Delfi becomes aware of any Security Incident.

5.2       Delfi shall promptly take actions that are necessary and advisable to correct, mitigate, and designed to prevent recurrence of the Security Incident. Delfi shall reasonably cooperate fully with Client and its designees in all efforts to investigate the Security Incident including responding to Client’s inquiries about the Security Incident in a timely fashion. The obligations in this Section 5 do not apply to incidents that are caused by Client or its Authorized Users.

5.3       In the event of a Security Incident, Client’s point of contact at Delfi will be: security@Delfi.com.

  1.         Security Review.

On an annual basis and upon request, Delfi will provide Client access to a standard due diligence package, inclusive of a copy of Delfi’ current SOC 2 report. Reasonable requests outside the scope of the standard due diligence package will be responded to within 30 days of Client request and at the Client’s expense.

  1.         Audit Due To Security Incident.

Following any notice by Delfi to Client of an actual or reasonably suspected Security Incident, upon Client’s reasonable belief that Delfi is in breach of its Personal Information protection obligations under this Addendum, or if such audit is required by Client’s supervisory authority under Data Protection Law, Client may contact Delfi to request an audit of the procedures relevant to the protection of Personal Information. Any such audit shall be conducted remotely, except Client and/or its supervisory authority may conduct on onsite audit at Delfi’s premises if so required by the Data Protection Laws. Before the commencement of any audit, Client and Delfi shall mutually agree upon the scope, timing, and duration of the audit. In no event will any audit of TP Cloud Services Providers or other service provider of Delfi, beyond a review of reports, certifications and documentation made available by the service provider, be permitted without the service provider’s consent. Client acknowledges that Delfi’s TP Cloud Services Providers will not allow on-site audits.

  1.         Third Parties.

Delfi may permit its TP Cloud Services Providers and other service providers to Process Client Data on behalf of Delfi, provided Delfi contractually requires that the third party service provider (to be subject to confidentiality and security obligations substantially equivalent to those in this Addendum. Delfi shall be responsible for the Processing of Client Data by such service providers.

  1.         International Data Transfer.

Delfi shall not transfer, store, process, or access Personal Information, or otherwise Process Personal Information, outside of the United States without prior express written approval from Client, including transfers by Delfi to subcontractors or agents.

  1.       Notice of Process.

In the event Delfi receives a request from a regulator, or other governmental or regulatory request, for or pertaining to, or any legal process from or initiated by any third party (including any subpoena or legal filing) requesting or pertaining to, any Client Data, Delfi shall promptly notify Client to the extent permitted by Applicable Law in order that Client will have the option to defend such action, and Delfi shall provide Client with ongoing status reports in connection with such requests or legal process. Delfi shall reasonably cooperate with Client in Client’s defense.  The costs of responding to and/or cooperating in Client’s defense of any such request or legal process shall be borne by Client unless and to the extent caused by Delfi’s breach of the Agreement or this Addendum.

  1.       Individual Requests and Complaints.

Delfi shall promptly notify Client in the event Delfi receives: (1) requests from individuals relating to Client Data, including requests to access, delete, or rectify Personal Information; or (2) complaints of any kind from individuals relating to the privacy, confidentiality, or security of Personal Information. Delfi will (taking into account the nature of the Processing of Personal Information) provide Client with assistance reasonably necessary for Client to perform its obligations under Data Protection Laws to fulfill requests under subsection (1) above with respect to Personal Information in Delfi’s possession or control. Client shall compensate Delfi for any such assistance at Delfi’s then-current professional services rates, which shall be made available to Client upon request. If Delfi receives a request pursuant to subsection (1) above, Delfi will advise the data subject to submit the request to Client, and Client will be responsible for responding to the request.

  1.       Return or Deletion of Client Data.

Delfi shall return or delete Client Data in its possession, custody, or control, upon termination of the Agreement in accordance with the provisions of the Agreement.

  1.       Survival.

Section 11 of this Addendum will survive termination of this Addendum and the Agreement. The remaining provisions of this Addendum will survive until such time as Delfi has fully complied with the provisions of Section 11 of this Addendum.