Terms of Service
Effective Date: Jan 10th, 2025 This page contains the following:
1. Overview This Software Services Agreement (“Software Agreement”), together with (i) the applicable Subscription Form(s), if any, or (ii) any free user registration flow (collectively, the “Agreement”), govern Customer’s or Free User’s use of the OTee Platform.
For avoidance of doubt, if you are accessing the OTee Platform as a Free User, Sections related to “Fees” and “Subscription Forms” do not apply to you. However, you are still bound by all other terms and conditions of this Agreement. Capitalized terms used but not defined herein are defined in Exhibit A.
2. OTee Obligations
2.1. License.
Subject to the terms and conditions of the Agreement, OTee hereby grants Customer a limited, non-exclusive, non-transferable (subject to Section 10.5), non-sublicensable license in the Territory, during the Order Term, for Authorized Users to access and use the OTee Platform in connection with Customer’s and its Affiliates’ internal business purposes.
2.2. OTee Security Standards.
OTee will adhere to the security requirements outlined in Exhibit C. It's important to note that Exhibit C encompasses measures and standards that are currently undergoing development as part of the ongoing enhancement and validation process for the OTee Platform. For updates on the current status of these developments, please contact the designated contact person listed in the Subscription Form.
3. Service Terms.
3.1. Use Restrictions.
Except as otherwise expressly authorized in the Agreement, Customer will not, will ensure its Authorized Users do not, and will not encourage or assist third parties to: (i) reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code, object code, or underlying structure, ideas, know-how, or algorithms relevant to the OTee Platform (except to the extent that such a restriction is impermissible under applicable law); (ii) provide, sell, resell, transfer, sublicense, lend, distribute, rent, or otherwise allow others to access or use the OTee Platform; (iii) copy, modify, create derivative works of, or remove proprietary notices from the OTee Platform; or (iv) use the OTee Platform for personal or other non-commercial purposes.
3.2. Acceptable Use Policy.
Customer will comply with, and will ensure its Authorized Users comply with, OTee’s Acceptable Use Policy available at https://www.otee.io/user-policy
3.3. Authorized Users; Accounts.
As part of the registration process, Customer will identify an administrative username and password for Customer’s OTee account. Customer represents and warrants that all registration information, including with respect to the list of domains owned or controlled by Customer for purposes of domain capture, Customer provides is truthful, accurate, and complete, and that Customer will maintain the accuracy of such information. Customer is responsible and liable for maintaining control over Customer’s account, including the confidentiality of Customer’s username and password. Customer will ensure that its Affiliates and all Authorized Users using the OTee Platform under its account comply with all of Customer’s obligations under the Agreement, and Customer is responsible for their acts and omissions relating to the Agreement as though they were those of Customer. OTee supports logins using two-factor authentication (“2FA”), which is known to reduce the risk of unauthorized use of or access to the OTee Platform. Therefore, OTee will not be responsible for any damages, losses, or liability to Customer, Authorized Users, or anyone else if any event leading to such damages, losses, or liability would have been prevented by the use of 2FA.
3.4. Feedback.
To the extent that Customer gives OTee feedback, comments, or suggestions concerning the OTee Platform or other services provided by OTee (collectively, “Feedback”), Customer hereby grants OTee a worldwide, perpetual, non-exclusive, irrevocable, royalty-free, fully paid license to use and exploit the Feedback without payment, attribution, or restriction. The portions of Feedback that are about the OTee Platform and do not identify Customer will not be considered Customer’s Confidential Information.
3.5. Usage Data.
OTee will have the right to collect and analyze data and other information relating to the provision, use, and performance of various aspects of the OTee Platform, and related systems and technologies, and OTee will be free (during and after the Order Term) to use such data and information in a de-identified and aggregated form to maintain, improve, and enhance OTee’s products and services.
3.6. Reservation of Rights.
As between the parties, OTee owns all right, title, and interest in the OTee Platform, and Customer owns all right, title, and interest in the Customer Materials. Except as expressly set forth in the Agreement, each party retains all right, title, and interest in and to its intellectual property rights. All rights not expressly granted are reserved, and no license, covenant, immunity, transfer, authorization, or other right will be implied, by reason of statute, estoppel, or otherwise, under the Agreement. 3.7 Free Users
Applicability of Agreement
Except for Sections 4 (Charges and Payment) and any other references to Fees or Subscriptions, all other terms and conditions of this Agreement (including any incorporated policies such as the Acceptable Use Policy) fully apply to Free Users.
Term and Termination of Free Access
OTee may terminate or suspend a Free User’s access to the OTee Platform at any time, with or without notice and for any reason or no reason at all, including if OTee suspects the Free User is violating the Acceptable Use Policy or any other terms in this Agreement.
No Warranties or Support
Free Users understand and agree that the OTee Platform is provided “AS IS” and without any warranties or indemnities of any kind (to the maximum extent permitted by law), and OTee has no obligation to provide support, maintenance, or any service level commitments to Free Users.
Data Retention for Free Accounts
Free Users acknowledge that OTee may delete, limit, or otherwise restrict access to any content or data stored in a Free User’s account at OTee’s sole discretion, without liability. Free Users are solely responsible for backing up any data they wish to retain.
Upgrading to a Paid Subscription
If a Free User wishes to upgrade to a paid subscription, the user must enter into a Subscription or Order Form with OTee. At that time, all terms relating to fees and payment under Section 4 (Charges and Payment) will become applicable.
4. Charges and Payment.
4.1. Fees.
Customer will pay OTee all fees described in a Subscription in accordance with the terms therein (the “Fees”). Unless otherwise specified in a Subscription, all Fees are stated and solely payable in the currency stated in the Subscription. All Fees are non-cancelable and non-refundable (except as otherwise expressly set forth in this Software Agreement), and are not subject to setoff. Customer is solely responsible for any bank fees, interest charges, finance charges, overdraft charges, and any other fees Customer incurs as a result of the charges billed by us. If the Subscription renews, OTee may change the fees applicable to a renewed Order Term by providing Customer with at least 45 days’ written notice of the new fees before the end of the then-current Order Term. For clarity, any change in fees will not apply to the then-current Order Term.
4.2. Payment.
Unless otherwise specified in a Subscription, (a) Customer will be invoiced annually in advance and thereafter according to the true-up process described in a Subscription, and (b) full payment is due 14 days from the date of the applicable invoice. Unpaid amounts are subject to a finance charge of 1.5% per month on any outstanding balance, or the maximum permitted by law, whichever is lower. In the event that Customer fails to pay the full amount owed under a Subscription, OTee may limit Customer’s access to the OTee Platform, in addition to any other rights or remedies OTee may have.
4.3. Taxes.
The Fees do not include taxes. Each party is responsible for the payment of all taxes (including any interest and penalties) in connection with the Agreement that are imposed on that party by law. For Customer, such taxes may include, but are not limited to, sales/use, gross receipts, value-added, GST, personal property, excise, consumption and other similar taxes or duties. Each party will be responsible for its own income taxes, employment taxes, and real property taxes.
4.4. Withholding.
All payments made by Customer to OTee under the Agreement will exclude any deduction or withholding. If any such deduction or withholding (including but not limited to cross-border withholding taxes) is required by law, Customer will pay such additional amounts as are necessary so that the net amount received by OTee after such deduction or withholding will be equal to the full amount that OTee would have received if no deduction or withholding had been required. Each party will use commercially reasonable efforts to work with the other party to help obtain, reduce, or eliminate any necessary withholding, deduction, or royalty tax exemptions where applicable.
5. Confidentiality.
5.1. Confidential Information.
Each party (the “Discloser”) has disclosed or may disclose proprietary or non-public business, technical, financial, or other information in anticipation of the Agreement or during the term of the Agreement (“Confidential Information”) to the other party (the “Recipient”). Confidential Information of OTee expressly includes non-public information regarding features, functionality, and performance of the OTee Platform, and Confidential Information of the Customer expressly includes Customer Materials. However, Confidential Information excludes any information that: (a) is or becomes generally available to the public without action or omission by Recipient; (b) was in the Recipient’s possession or known by it prior to receipt from the Discloser; (c) was rightfully disclosed to the Recipient without restriction by a third party; or (d) was independently developed by Recipient without use of or reference to any Confidential Information of the Discloser.
5.2. Obligations.
The Recipient will use the Discloser’s Confidential Information only to exercise its rights and fulfill its obligations under the Agreement, including, in OTee’s case, to provide the OTee Platform to Customer. The Recipient will use reasonable care to protect against disclosure of the Discloser’s Confidential Information to parties other than the Recipient’s employees, contractors, Affiliates, agents, or professional advisors (“Representatives”) who need to know it and who have a legal obligation to keep it confidential. The Recipient will ensure that its Representatives are subject to no less restrictive confidentiality obligations than those herein. Notwithstanding the foregoing, the Recipient may disclose the Discloser’s Confidential Information: (a) if directed by Discloser; or (b) to the extent required by applicable legal process, provided that the Recipient uses commercially reasonable efforts to (i) promptly notify the Discloser in advance, to the extent permitted by law, and (ii) comply with the Discloser’s reasonable requests regarding its efforts to oppose the disclosure. With respect to each Subscription, the obligations set forth herein will survive for the duration of the Order Term and five years following the expiration or termination of such Subscription.
6. Warranties.
6.1. Mutual Warranties.
Each party represents and warrants to the other that (a) the Agreement has been duly executed and delivered and constitutes a valid and binding agreement enforceable against the executing party in accordance with its terms, (b) the execution, delivery, and performance of the Agreement by the executing party does not violate the terms or conditions of any other agreement to which it is a party or by which it is otherwise bound or require authorization or approval from any third party, and (c) it will perform its rights and obligations under this Agreement in accordance with applicable law.
6.2. OTee Warranties.
OTee represents and warrants to Customer during the applicable Order Term that: (a) OTee will provide access to the OTee Platform and related support services in substantive conformity with the Documentation at the time of the Subscription; and (b) OTee will employ applicable industry standard measures to protect the OTee Platform, in the form provided to Customer by OTee, against software viruses, Trojan horses, worms, or other similar malicious programs or code.
6.3. DISCLAIMER.
EXCEPT FOR THE EXPRESS REPRESENTATIONS AND WARRANTIES STATED IN THIS SECTION 6, THE PARTIES MAKE NO REPRESENTATION OR WARRANTY OF ANY KIND WHETHER EXPRESS, IMPLIED (EITHER IN FACT OR BY OPERATION OF LAW), OR STATUTORY, AS TO ANY MATTER WHATSOEVER RELATING TO THE AGREEMENT. OTEE EXPRESSLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUALITY, ACCURACY, TITLE, AND NON-INFRINGEMENT. NON-OTEE RESOURCES ARE PROVIDED BY THIRD PARTIES, NOT OTEE, AND ANY USE OF NON-OTEE RESOURCES IS SOLELY BETWEEN CUSTOMER AND THE APPLICABLE THIRD PARTY PROVIDER. OTEE DOES NOT WARRANT OR SUPPORT, AND WILL NOT HAVE ANY RESPONSIBILITY OR LIABILITY OF ANY KIND FOR, NON-OTEE RESOURCES.
7. Indemnity.
7.1. Indemnification by OTee.
7.1.1. OTee will defend Customer from any third party claim, action, suit, or demand (a “Claim”) based on an allegation that the OTee Platform violates, infringes, or misappropriates any third-party copyright, trade secret, or trademark, and will indemnify Customer for any costs, liabilities, damages, or other amounts (including reasonable attorneys’ fees) actually paid or payable to unaffiliated third parties (“Losses”) resulting from such Claim.
7.1.2. OTee will have no obligation to indemnify Customer for any Claim subject to indemnification under Section 7.1.1 to the extent it is based on: (a) Customer’s failure to use updates or modifications to the OTee Platform that OTee makes available to Customer that would have helped avoid or mitigate the Claim; (b) the combination, operation, or use of the OTee Platform with third-party equipment, devices, software, systems, or data, including Non-OTee Resources where the infringement would not have occurred but for such combination, (c) use of the OTee Platform by Customer or Customer’s Authorized Users in violation of the Agreement, or (d) Customer Materials.
7.1.3. If Customer’s use of the OTee Platform is, or in OTee’s reasonable opinion is likely to be, subject to a Claim eligible for indemnification under Section 7.1.1, OTee may, at OTee’s sole option and at no charge to Customer (and in addition to OTee’s indemnity obligation to Customer): (a) procure for Customer the right to continue using the OTee Platform; (b) replace or modify the OTee Platform so that it is non-infringing and include substantially similar functionality as the original OTee Platform; or (c) if options (a) and (b) above are not commercially practicable in OTee’s reasonable estimation, OTee may terminate Customer’s right to use the impacted portion of the OTee Platform and related licenses granted hereunder (in which event, Customer will immediately stop using the impacted portion of the OTee Platform) and provide a pro-rata refund of any pre-paid unused fees for the impacted service as of the date of termination.
7.1.4. THIS SECTION 7.1 SETS FORTH OTEE’S SOLE AND EXCLUSIVE OBLIGATIONS, AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDIES, WITH RESPECT TO ANY ACTUAL OR ALLEGED INFRINGEMENT OR MISAPPROPRIATION OF ANY THIRD PARTY INTELLECTUAL PROPERTY RIGHT BY THE OTEE PLATFORM AND ANY OTHER TYPE OF CLAIM SPECIFICALLY COVERED UNDER OTEE’S INDEMNITY OBLIGATION (IF ANY). NO PARTY TO THE AGREEMENT WILL BE ENTITLED TO ANY FORM OF IMPLIED OR EQUITABLE INDEMNIFICATION AT ANY TIME, WHETHER BASED ON A THEORY OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, WARRANTY, OR ANY OTHER THEORY OF LIABILITY, AND ANY RIGHT THERETO IS HEREBY IRREVOCABLY WAIVED AND DISCLAIMED BY EACH OF THE PARTIES.
7.2. Indemnification by Customer.
Customer will defend OTee from any Claim based on Customer Materials or use of the OTee Platform by Customer (or Customer’s Authorized Users) in violation of the Agreement, and Customer will indemnify OTee from any Losses resulting from any such Claim.
7.3. Process.
If a party entitled to indemnification (the “Indemnified Party”) becomes aware of any indemnifiable Claim, such party will give the other party (the “Indemnifying Party”) written notice of the Claim as soon as reasonably practicable. The Indemnified Party will cooperate, at the expense of the Indemnifying Party, with the Indemnifying Party and its counsel in the defense or settlement of the Claim, and will allow the Indemnifying Party to have sole control of the defense or settlement. Subject to the prior sentence, the Indemnified Party will have the right to participate fully, at its own expense, in the defense of such Claim. To take advantage of the indemnity, the Indemnified Party must use all commercially reasonable efforts to mitigate its Losses. The Indemnified Party is not required to admit liability, except as required by applicable law, and any compromise or settlement of a Claim requiring the Indemnified Party to admit liability or to pay any money will require the prior written consent of both parties, such consent not to be unreasonably withheld or delayed. The indemnity obligations of the Indemnifying Party will be contingent on the Indemnified Party’s compliance with this process.
8. Limitations of Liability.
8.1. Limitation on Indirect Liability.
EXCEPT FOR EXCLUDED CLAIMS, UNDER NO CIRCUMSTANCES, AND UNDER NO LEGAL THEORY (WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, WARRANTY, OR ANY OTHER THEORY OF LIABILITY), WILL EITHER PARTY, ITS AFFILIATES AND ITS OR THEIR CONTRACTORS, EMPLOYEES, AGENTS, OR THIRD-PARTY PARTNERS, LICENSORS, OR SUPPLIERS (COLLECTIVELY, ITS “PARTY REPRESENTATIVES”), BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES (INCLUDING LOSS OF PROFITS, DATA, OR USE OR COST OF COVER) ARISING OUT OF OR RELATING TO THE AGREEMENT OR THE USE OF OR THE INABILITY TO USE THE OTEE PLATFORM, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
8.2. Limitation on Amount of Liability.
EXCEPT FOR EXCLUDED CLAIMS, UNDER NO CIRCUMSTANCES, AND UNDER NO LEGAL THEORY (WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, WARRANTY, OR ANY OTHER THEORY OF LIABILITY), WILL THE TOTAL LIABILITY OF EITHER PARTY, ITS AFFILIATES AND ITS OR THEIR PARTY REPRESENTATIVES FOR ANY AND ALL DAMAGES AND CAUSES OF ACTION ARISING OUT OF OR RELATING TO THE AGREEMENT OR THE USE OF OR THE INABILITY TO USE THE OTEE PLATFORM, EXCEED, IN THE MAXIMUM AGGREGATE, THE FEES PAID AND PAYABLE TO OTEE UNDER THE CUSTOMER’S APPLICABLE SUBSCRIPTION FORM IN THE TWELVE-MONTH PERIOD PRIOR TO THE DATE ON WHICH THE DAMAGE OCCURRED.
8.3. IN GENERAL.
EACH PROVISION OF THE AGREEMENT THAT PROVIDES FOR A LIMITATION OF LIABILITY, DISCLAIMER OF WARRANTIES, OR EXCLUSION OF DAMAGES IS TO ALLOCATE THE RISKS OF THE AGREEMENT BETWEEN THE PARTIES. THIS ALLOCATION IS REFLECTED IN THE PRICING OFFERED BY OTEE TO CUSTOMER AND IS AN ESSENTIAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN THE PARTIES. EACH OF THESE PROVISIONS IS SEVERABLE AND INDEPENDENT OF ALL OTHER PROVISIONS OF THE AGREEMENT. THE LIMITATIONS IN THIS SECTION 8 WILL APPLY TO THE MAXIMUM EXTENT NOT PROHIBITED BY LAW AND NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY IN THE AGREEMENT. 8.4 Additional Limitation for Free Users. For Free Users, OTee’s total liability under or in connection with this Agreement (whether in contract, tort, strict liability, or any other theory) will not exceed $50.00 USD (or the equivalent in local currency), unless otherwise required by applicable law.
9. Term and Termination.
9.1. Term.
The term of this Software Agreement will commence on the date of signature of the Subscription Form entered into between the parties and will continue until all Subscriptions hereunder expire or until terminated in accordance with this Software Agreement, whichever happens first.
9.2. Termination for Material Breach.
Either party may terminate an individual Subscription or this Software Agreement, upon written notice to the other party, if the other party materially breaches the Agreement and such breach is incapable of cure, or with respect to a breach capable of cure, the breaching party does not cure such breach within 30 days of receiving notice of it. Either party may terminate or suspend an individual Subscription or this Software Agreement upon written notice to the other party without a cure period if the other party breaches any of the terms relating to such party’s intellectual property rights or Confidential Information.
9.3. Effect of Termination.
Termination of this Software Agreement will result in termination of all ongoing Subscriptions; however, termination of a single Subscription will not result in termination of this Software Agreement or any other ongoing Subscriptions. If Customer terminates a prepaid Subscription for OTee’s uncured material breach, OTee will provide Customer a pro rata refund of prepaid unused fees applicable to the remainder of the Order Term for any terminated Subscription. If this Software Agreement or any Subscription is terminated for any other reason, Customer will not receive a refund and will pay all fees as if the Subscription had not been terminated. Upon any termination, OTee will make all Customer Materials then held by OTee pursuant to the applicable Subscription available to Customer for electronic retrieval for a period of 30 days, but thereafter OTee will delete or retain any stored Customer Materials as directed by the account holder. The following sections of this Software Agreement will survive any expiration or termination of this Software Agreement: 1, 3, 4, 5, 6.3, and 7-10.
10. Miscellaneous.
10.1. Affiliates.
A Customer Affiliate may enter into a Subscription under this Software Agreement and, in such case, by entering into the Subscription, the Affiliate agrees to be bound by the terms and conditions of this Software Agreement with respect to such Subscription and such Affiliate will be considered to be Customer, as such term is used herein, with respect to such Subscription. This Software Agreement is intended for the benefit of the parties who have entered into a Subscription under this Software Agreement and their respective permitted successors and assigns, and is not for the benefit of, nor may any provision hereof be enforced by, any other person.
10.2. Force Majeure
A party will not be liable for, or be considered to be in breach of or default under the Agreement on account of, any delay or failure to perform as required by the Agreement (other than payment obligations) as a result of any cause or condition beyond such party’s reasonable control, including if a governmental authority with proper jurisdiction prohibits a party from performing its obligations under the Agreement. If a party fails to perform its obligations as a result of such cause or condition for a period of more than 30 days, then the other party may terminate the Agreement upon written notice, without liability.
10.3. Notices.
All notices, requests, consents, claims, demands, waivers, and other communications under the Agreement (each, a “Notice”) must be in writing (electronic mail sufficient) and sent to:
OTee: Contact identified in the Subscription
Customer: Contact identified in the Subscription
10.4. Severability.
The invalidity or unenforceability of any provision of the Agreement will not affect the validity or enforceability of any other provision hereof and it is the intent and agreement of the parties that the Agreement will be deemed amended by modifying such provision to the extent necessary to render it valid, legal, and enforceable while preserving its intent or, if such modification is not possible, by substituting another provision that is legal and enforceable and that achieves the same objective.
10.5. Assignment.
The Agreement is not assignable or transferable by either party without the other party’s prior written consent, except that either party may (without the other party’s prior written consent) assign the Agreement, in whole, in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of such party’s assets. Any purported assignment in violation of this section is null and void.
10.6. Service Providers
For the avoidance of doubt, OTee may engage third parties as service providers to the OTee Platform (for example, as of the date of this Software Agreement, OTee hosts the OTee Platform on Google Cloud). OTee will be responsible for its service providers’ compliance with this Agreement.
10.7. No Partnership.
No agency, partnership, joint venture, or employment is created as a result of the Agreement, and neither party has any authority of any kind to bind the other party in any respect whatsoever.
10.8. Governing Law and Dispute Resolution.
The Agreement will be governed by the laws of Norway, without regard to its conflict of laws provisions. The United Nations Convention on Contracts for the International Sale of Goods is specifically disclaimed. The ordinary courts of Norway shall settle all disputes that the Parties cannot settle amicably.
10.9. Interpretation
Whenever the words “including,” “include,” or “includes” are used herein, they will be deemed to be followed by the phrase “without limitation.”
10.10. Entire Agreement.
The Agreement supersedes all other agreements between the parties relating to its subject matter. In the event of any conflict among any Subscriptions and this Software Agreement (including any applicable data processing addendum), the order of precedence will be (a) this Software Agreement, and (b) the Subscriptions (from newest to oldest), unless such Subscription explicitly overrides this Software Agreement. Each party expressly objects to any different or additional terms set forth in any purchase order, acceptance, vendor portal, code of conduct, or other ordering documentation, and neither party’s later failure to object to any such different or additional terms nor its use or acceptance of any such other document or materials will be deemed acceptance thereof or a waiver of any of the terms hereof.
Exhibit A – Definitions
Defined Terms. The following capitalized terms will have the meanings set forth below:
a. “Affiliate” means, with respect to any entity, any other entity that, directly or indirectly through one or more intermediaries, is controlled by, or under common control with such entity. As used in this definition, “control” (including, with correlative meanings, “controlled by” or “under common control with”) means the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of such entity, whether through ownership of voting securities, by contract or otherwise.
b. “Authorized Users” means employees, contractors, and other persons associated with the Customer or its Affiliates who access or use the OTee Platform through the Customer’s account.
c. “Customer” means the person or entity (other than OTee) that has agreed to be bound by this Agreement.
d. “Customer Materials” means applications and materials that are developed by Customer on the OTee Platform or uploaded to the OTee Platform by Customer.
e. “Documentation” means OTee-provided documentation available at https://otee.io.
f. “Excluded Claims” means damages resulting from (1) either party’s willful misconduct or gross negligence or (2) infringement by a party of the other party’s intellectual property rights.
g. “OTee”, “we” or “us” means OTee AS.
h. “OTee Platform” means the OTee offering identified in a Subscription, including any updates, enhancements, or improvements thereto, related mobile and desktop applications, Early Access Features, and related Documentation, but, for the avoidance of doubt, excludes all Non-OTee Resources.
i. “Non-OTee Resources” means applications and materials that are developed or otherwise provided by a party other than OTee, including design files, plugins, component libraries, services, products, platforms, integrations, and code components.
j. “Subscription” means an ordering/subscription document or online order/subscription that is entered into between Customer and OTee and specifies, among other things, details relating to the number of Authorized Users.
k. “Order Term” means the subscription/order term length set forth in the applicable Subscription or, with respect to Early Access Features, the evaluation period set forth by OTee.
l. “Territory” means worldwide with the exception of: (1) jurisdictions that are embargoed; and (2) jurisdictions whose laws do not permit engaging in business with OTee or use of the OTee Platform.
Exhibit B – Customer-Specific Terms
1. Development Resources. OTee’s Developer Terms (available at https://otee.io/developerterms) apply to any use by Customer or its Authorized Users of OTee’s Application Programming Interfaces (APIs), Software Development Kits (SDKs), and related documentation.
2. Beta Features, Free Trials, and Free Users.
a. Product features clearly identified as Alpha or Beta features as well as any features, products, or services provided on a free trial basis (collectively “Early Access Features”) made available by OTee are provided to Customer for testing and evaluation purposes only. OTee does not make any commitment to provide Alpha or Beta features in any future versions of the OTee Platform. OTee may immediately and without notice remove Alpha or Beta features for any reason without liability to Customer. Any features, products, or services provided on a free trial basis will be free of charge until the earlier of (a) the end of the evaluation period set forth by OTee in writing (email sufficient), or (b) the start date of any purchased subscriptions ordered by Customer for the feature, product, or service being evaluated under the trial, or (c) termination by OTee in its sole discretion. Customer is not obligated to use Early Access Features. Any features, products, or services provided on a free trial basis (hereinafter “Free Trial Users”) or at no cost (“Free Users”) may be governed by additional terms in Section 3.7 of the main Agreement.
b. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THE AGREEMENT, ALL EARLY ACCESS FEATURES ARE PROVIDED "AS IS'' WITHOUT WARRANTY OF ANY KIND, WITHOUT ANY PERFORMANCE OBLIGATIONS, AND OTEE SHALL HAVE NO INDEMNIFICATION OBLIGATIONS NOR LIABILITY OF ANY TYPE WITH RESPECT TO THE EARLY ACCESS FEATURES UNLESS SUCH EXCLUSION OF LIABILITY IS NOT ENFORCEABLE UNDER APPLICABLE LAW IN WHICH CASE OTEE’S LIABILITY WITH RESPECT TO THE EARLY ACCESS FEATURES SHALL NOT EXCEED $1,000.00.
c. ANY DATA CUSTOMER ENTERS INTO THE OTEE PLATFORM DURING A FREE TRIAL MAY BE PERMANENTLY LOST UNLESS CUSTOMER PURCHASES A SUBSCRIPTION TO THE OTEE PLATFORM TRIALED, PURCHASES A SUBSCRIPTION TO THE OTEE PLATFORM THAT IS AN UPGRADE TO THE SUBSCRIPTION TRIALED, OR EXPORTS SUCH DATA, BEFORE THE END OF THE TRIAL PERIOD.
Exhibit C – OTee Security Standards
UPDATED Feb 15th 2024
1. Definitions. For purposes of this Exhibit, the following terms apply
1.1 “Agreement” means the agreement between OTee and Customer governing Customer’s use of the OTee Platform
1.2. “Customer Data” means Customer Materials and Customer Personal Data
1.3. “Customer Materials” means any application(s) and/or material(s) that are developed by Customer on the OTee Platform or uploaded to the OTee Platform by Customer.
1.4. “Customer Personal Data” means Personal Data pertaining to Customer’s Authorized Users of the OTee Platform Processed by OTee on behalf of Customer under the Agreement.
1.5. “Data Protection Laws” means all applicable data privacy, data protection, and cybersecurity laws, rules and regulations to which the Customer Personal Data are subject. “Data Protection Laws” shall include, but not be limited to, the California Consumer Privacy Act of 2018 (“CCPA”) and the EU General Data Protection Regulation 2016/679 (“GDPR”).
1.6. “OTee Platform” has the meaning provided in the Agreement.
1.7. “Personal Data” has the meaning assigned to the term “personal data” or “personal information” under applicable Data Protection Laws.
1.8. “Process” or “Processing” means any operation or set of operations which is performed on Customer Data or sets of Customer Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
1.9. “Security Incident(s)” means a confirmed breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data attributable to OTee.
1.10. “Subcontractors” means OTee’s third party service providers who Process Customer Data.
1.11. “Systems” means the applications, databases, infrastructure, and platforms under OTee’s control that are utilized to Process Customer Data. 1.12. “Free User” means an individual or entity that is using the OTee Platform at no charge, without entering into a Subscription or Order Form, which may include, but is not limited to, trial users, beta users, or other users granted access to the OTee Platform without payment obligations.
2. Policies and Codes of Conduct
2.1. OTee maintains an Information Security Policy and reviews it at least annually, including after any major changes occur in applicable law or regulatory guidance or are otherwise made to the Systems.
2.2. OTee maintains codes of conduct and other policies covering anti-bribery and corruption, whistle-blowing and other ethics policies (such as anti-money laundering and anti-slavery) and communicates these policies to all relevant staff. OTee’s codes of conduct are available upon request.
2.3. OTee implements processes designed to ensure the ongoing compliance with these policies and to identify and enable OTee to take action against any areas of non-compliance. Failure to comply with policies are addressed through appropriate disciplinary actions.
3. Information Security Program
3.1. OTee assigns responsibility for information security management to senior personnel.
3.2. OTee implements technical and organizational measures designed to protect against unauthorized or unlawful processing of Customer Data and against accidental loss or destruction of, or damage to, Customer Data, including a written information security program, which includes policies, procedures, and technical and physical controls designed to ensure the security, availability, integrity and confidentiality of Customer Data.
4. Background Checks and Confidentiality
4.1. OTee conducts pre-employment background screening on employees and contractors who will access Customer Data in the ordinary course of performing their job responsibilities, to the extent legally permissible and practicable in the applicable jurisdiction.
4.2. OTee requires all OTee employees and Subcontractors to execute a confidentiality agreement as a condition of employment or engagement and to follow policies on the protection of Customer Data.
5. Access Control
5.1. OTee assigns unique User IDs to authorized individual users to access Systems. All access to Systems must be authorized and authenticated.
5.2. OTee access rights to Customer Data are based on the principle of least privilege and designed to ensure that persons entitled to use a System have access only to the Customer Data for which they have a business need.
5.3. OTee maintains an accurate and up to date list of all personnel who have access to Systems and has a process to promptly disable within one business day of transfer or termination access by any individual personnel.
5.4. OTee periodically reviews and revokes Systems access rights, as needed, and logs and monitors such access.
5.5. Non-privileged users are prohibited from executing privileged functions, including, but not limited to, disabling, circumventing, or altering implemented security safeguards/countermeasures.
5.6. OTee maintains a password management policy designed to ensure strong passwords consistent with industry standard practices and requires the use of multi-factor authentication to access Systems. Passwords are promptly changed if OTee becomes aware that an account has been compromised.
5.7. OTee implements controls designed to ensure that Systems access is subject to appropriate authentication and user access controls:
● User IDs are unique and authorized;
● User accounts are granted the minimum required privileges to enable a user to perform their designated function;
● Access to audit trails is restricted and logged;
● Default accounts are deleted or disabled where possible and suitably authorized and controlled where this is not possible;
● Privileged accounts (e.g., administrator, root) are only used when technically required under change control procedures and not for day-to-day system operation;
● Where privileged account access is used, this access is logged and reviewed and access can be attributed to a named individual.
6. Logging, Audit, and Accountability
6.1. OTee intends to create, protect, and retain Systems audit records to maintain integrity and enable the monitoring, analysis, investigation, and reporting of unlawful, unauthorized, or inappropriate Systems activity.
6.2. OTee intends to follow the practice of reviews and analyses of Systems audit records on a regular basis to detect significant unauthorized activity with respect to Systems.
7. System Change Control
7.1. OTee establishes a configuration baseline for Systems using applicable information security standards, manufacturer recommendations, or industry standard practices. Monitoring is intended to validate that Systems are configured according to the established configuration baseline.
7.2. The introduction of new systems are controlled, documented, and enforced by the use of formal change control procedures including documentation, specifications, testing, quality control, recovery, and managed implementation.
7.3. OTee employs controls designed to secure source code, including version control, segregation of source code repositories, and least privilege access principles.
7.4. OTee follows a structured secure development methodology, adheres to secure coding standards, and undergoes basic security assessment activities (e.g., dynamic and static scans). The intention is to expand it with vulnerability scanning to identify and remediate security vulnerabilities before being released to production.
7.5. OTee employs reasonable controls designed to remove or disable unnecessary ports and services from Systems in accordance with the vendors’ recommendations and settings.
8. Vulnerability Management
8.1. OTee maintains up-to-date anti-malware software, has implemented a vulnerability management program with regular scanning for vulnerabilities, subscribes to a vulnerability notification service, has a method for prioritizing vulnerability remediation based on risk, and has established remediation timeframes based on risk rating.
8.2. Once a patch is released, and the associated security vulnerability has been reviewed and assessed for its applicability and importance, the patch is applied and verified in a timeframe which is commensurate with the risk posed to Systems.
8.3. Internal vulnerability assessment is conducted on the Systems on a regular basis, following subsequent development of components of Systems. Any remediation items identified as a result of the assessment are resolved as soon as possible on a timetable commensurate with the risk. OTee communicates the tests performed, findings and resolution stages on an ongoing basis.
8.4. OTee uses commercially reasonable efforts to regularly identify software vulnerabilities and, in the case of known software vulnerabilities, to provide relevant updates, upgrades, and bug fixes.
8.5. OTee deploys intrusion detection processes to monitor and respond to alerts which could indicate potential compromise of Customer Data.
9. Capacity Planning
9.1. OTee maintains a capacity management program that continuously and iteratively monitors, analyses, and evaluates the performance and capacity of the Systems.
10. Physical and Environmental Security
10.1. OTee implements physical access control measures at OTee facilities and data centers designed to prevent unauthorized access to Systems (e.g., access ID cards, card readers, front desk officers, alarm systems, video surveillance, and exterior security).
11. Security Incidents
11.1. OTee intends to maintain an information security incident management program that addresses management of Security Incidents, including an Incident Response Plan that specifies actions to be taken in the event of a Security Incident.
11.2. Upon becoming aware of a Security Incident, OTee agrees to provide written notice without undue delay and within the time frame required under Data Protection Laws to Customer. Where possible, such notice will include all available details required under Data Protection Laws for Customer to comply with its own notification obligations to regulatory authorities or individuals affected by the Security Incident.
11.3. OTee will take reasonable measures to mitigate the risks of further Security Incidents.
12. Subcontractors
12.1. OTee will conduct a risk-based review of all Subcontractors designed to ensure that they are taking appropriate technical and organizational measures.
12.2. OTee will enter into agreements with its Subcontractors that require such Subcontractors to secure and protect Customer Data by using at least the same degree of care outlined in this Standard.
13. Data Encryption
13.1. OTee encrypts Customer Data in OTee’s possession or control so that it cannot be read, copied, changed, or deleted by unauthorized personnel while in transit and storage, including when saved on removable media.
13.2. Keys are protected from unauthorized use, disclosure, alteration, and destruction, and have a backup and recovery process.
13.3 If a private key is compromised, all associated certificates will be revoked.
14. Data Retention
14.1. At the expiry or termination of the Agreement, OTee will, at Customer’s option, delete or return all Customer Data (excluding any back-up or archival copies which shall be deleted in accordance with OTee’s data retention schedule), except where OTee is required to retain copies under applicable laws, in which case OTee will isolate and protect that Customer Data from any further Processing except to the extent required by applicable laws.
15. Secure Disposal
15.1. OTee implements controls designed to ensure the secure disposal of Customer Data in accordance with applicable law taking into account available technology so that Customer Data cannot be read or reconstructed.
15.2. Media will be securely erased electronically before disposal by overwriting or degaussing, or physically destroyed prior to disposal or reassignment to another system. Media cleansing/wipe products and processes prior to disposal comply with NIST SP 800-88 standard, “Guidelines for Media Sanitization” (or its successor) or equivalent industry standards.
16. Risk Assessments
16.1. OTee intends to maintain a risk assessment program that includes regular risk assessments and controls for risk identification, analysis, monitoring, reporting and corrective action.
16.2. At least annually, OTee will perform risk assessments (either internally or with contracted, independent resources) to identify risks to Customer Data, risks to OTee’s business assets (e.g., technical infrastructure), threats against those elements (both internal and external), the likelihood of those threats occurring, and the impact upon the organization.
17. Asset Management
17.1. OTee will have an asset management program that classifies and controls hardware and software assets throughout their life cycle.
18. Business Continuity and Disaster Recovery
18.1. OTee will use industry standard practices for redundancy, robustness, and scalability designed to maintain the availability of the OTee Platform.
18.2. OTee implements and maintains contingency plans to address emergencies or other occurrences (for example, fire, vandalism, system failure, and natural disaster) that could damage or destroy Systems or Customer Data, including a data backup plan and a disaster recovery plan with at least annual testing of such plans. OTee may not modify such plans to provide materially less protection to the Customer without the Customer’s prior written consent, which may not be unreasonably conditioned or withheld.
18.3. Backups are taken and recovery is tested on a regular basis.
19. Security and Privacy Training
19.1. OTee conducts mandatory training for OTee employees and relevant Subcontractors, at least annually, on ethics, privacy, and information security awareness. These trainings are reviewed for relevance and updated as needed, annually.
19.2. Teams associated with development efforts impacting Customer Data, undergo specific training focused on well-defined and secured coding practices.
20. Security Control Testing
20.1. At least annually, OTee will engage a qualified, independent external auditor to conduct periodic reviews of OTee’s security practices against recognized audit standards, such as SOC 2 Type II and ISO 27001 certification audits (including surveillance and recertifications), as applicable. Upon request, OTee agrees to make such reports available to the Customer.
21. Verification Rights
21.1. No more than once per calendar year, OTee will use commercially reasonable efforts to respond to appropriately scoped questionnaires from Customer that are designed to verify OTee’s security practices. Questionnaire responses are provided for informational purposes only, and OTee may charge a reasonable fee for its costs in responding to such questionnaires.
22. Data Protection Governance
22.1. OTee assigns accountability for data protection to a designated individual or other body with appropriate seniority.