End-User Terms of Use
FINGOAL ENTERPRISE PLATFORM COMMERCIAL TERMS AND CONDITIONS
1. SERVICES AND SUPPORT
1.1 Subject to the terms of this Agreement, Company will use commercially reasonable efforts to provide Customer the Services in accordance with any Service Level Agreements agreed, in writing, between the parties and the below Security Standards. As part of the registration process, Customer will identify an administrative username and password for Customer’s Company account.
1.2 Subject to the terms hereof, Company will provide Customer with reasonable technical support services in accordance with Company’s standard practice.
2. RESTRICTIONS AND RESPONSIBILITIES
2.1 Customer will not, directly or indirectly: reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas, know-how or algorithms relevant to the Services or any software, documentation or data related to the Services (“Software”); modify, translate, or create derivative works based on the Services or any Software (except to the extent expressly permitted by Company or authorized within the Services); use the Services or any Software for timesharing or service bureau purposes or otherwise for the benefit of a third; or remove any proprietary notices or labels.
2.2 Further, Customer may not remove or export from the United States or allow the export or re-export of the Services, Software or anything related thereto, or any direct product thereof in violation of any restrictions, laws or regulations of the United States Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, or any other United States or foreign agency or authority. As defined in FAR section 2.101, the Software and documentation are “commercial items” and according to DFAR section 252.227 7014(a)(1) and (5) are deemed to be “commercial computer software” and “commercial computer software documentation.” Consistent with DFAR section 227.7202 and FAR section 12.212, any use modification, reproduction, release, performance, display, or disclosure of such commercial software or commercial software documentation by the U.S. Government will be governed solely by the terms of this Agreement and will be prohibited except to the extent expressly permitted by the terms of this Agreement.
2.3 Customer represents, covenants, and warrants that Customer will use the Services only in compliance with Company’s standard published policies then in effect (the “Policy”) and all applicable laws and regulations. Customer hereby agrees to indemnify and hold harmless Company against any damages, losses, liabilities, settlements and expenses (including without limitation costs and attorneys’ fees) in connection with any claim or action that arises from an alleged violation of the foregoing or otherwise from Customer’s use of Services. Although Company has no obligation to monitor Customer’s use of the Services, Company may do so and may prohibit any use of the Services it believes may be (or alleged to be) in violation of the foregoing.
2.4 Customer shall be responsible for obtaining and maintaining any equipment and ancillary services needed to connect to, access or otherwise use the Services, including, without limitation, modems, hardware, servers, software, operating systems, networking, web servers and the like (collectively, “Equipment”). Customer shall also be responsible for maintaining the security of the Equipment, Customer account, passwords (including but not limited to administrative and user passwords) and files, and for all uses of Customer account or the Equipment with or without Customer’s knowledge or consent.
3. CONFIDENTIALITY; PROPRIETARY RIGHTS
3.1 Each party (the “Receiving Party”) understands that the other party (the “Disclosing Party”) has disclosed or may disclose business, technical or financial information relating to the Disclosing Party’s business (hereinafter referred to as “Proprietary Information” of the Disclosing Party). Proprietary Information of Company includes non-public information regarding features, functionality and performance of the Service. Proprietary Information of Customer includes non-public data provided by Customer to Company to enable the provision of the Services (“Customer Data”). The Receiving Party agrees: (i) to take reasonable precautions to protect such Proprietary Information, and (ii) not to use (except in performance of the Services or as otherwise permitted herein) or divulge to any third person any such Proprietary Information. The Disclosing Party agrees that the foregoing shall not apply with respect to any information after five (5) years following the disclosure thereof or any information that the Receiving Party can document (a) is or becomes generally available to the public, or (b) was in its possession or known by it prior to receipt from the Disclosing Party, or (c) was rightfully disclosed to it without restriction by a third party, or (d) was independently developed without use of any Proprietary Information of the Disclosing Party or (e) is required to be disclosed by law.
3.2 Customer shall own all right, title and interest in and to the Customer Data. Company shall own and retain all right, title and interest in and to (a) the Services and Software, all improvements, enhancements or modifications thereto, (b) any software, applications, inventions or other technology developed in connection with Implementation Services or support, and (c) all intellectual property rights related to any of the foregoing.
3.3 Notwithstanding anything to the contrary, Company shall have the right collect and analyze data and other information relating to the provision, use and performance of various aspects of the Services and related systems and technologies (including, without limitation, information concerning Customer Data and data derived therefrom), and Company will be free (during and after the term hereof) to (i) use such information and data to improve and enhance the Services and for other development, diagnostic and corrective purposes in connection with the Services and other Company offerings, and (ii) disclose such data solely in aggregate or other de-identified form in connection with its business. No rights or licenses are granted except as expressly set forth herein.
4. PAYMENT OF FEES
4.1 Customer will pay Company the then applicable fees described in the Order Form for the Services and Implementation Services in accordance with the terms therein (the “Fees”). If Customer’s use of the Services exceeds the Service Capacity set forth on the Order Form or otherwise requires the payment of additional fees (per the terms of this Agreement), Customer shall be billed for such usage and Customer agrees to pay the additional fees in the manner provided herein. Company reserves the right to change the Fees or applicable charges and to institute new charges and Fees at the end of the Initial Service Term or then current renewal term, upon ninety (90) days prior notice to Customer (which may be sent by email). If Customer believes that Company has billed Customer incorrectly, Customer must contact Company no later than sixty (60) days after the closing date on the first billing statement in which the error or problem appeared, in order to receive an adjustment or credit. Inquiries should be directed to Company’s customer support department.
4.2 Company may choose to bill through an invoice, in which case, full payment for invoices issued in any given month must be received by Company thirty (30) days after the mailing date of the invoice. Unpaid amounts are subject to a finance charge of 1.5% per month on any outstanding balance, or the maximum permitted by law, whichever is lower, plus all expenses of collection and may result in immediate termination of Service. Customer shall be responsible for all taxes associated with Services other than U.S. taxes based on Company’s net income.
5. TERM AND TERMINATION
5.1 Subject to earlier termination as provided below, this Agreement is for the Initial Service Term as specified in the Order Form, and shall be automatically renewed for additional periods of the same duration as the Initial Service Term (collectively, the “Term”), unless either party requests termination at least ninety (90) days prior to the end of the then-current term.
5.2 In addition to any other remedies it may have, either party may also terminate this Agreement upon thirty (30) days’ notice (or without notice in the case of nonpayment), if the other party materially breaches any of the terms or conditions of this Agreement. Customer will pay in full for the Services up to and including the last day on which the Services are provided. Upon any termination, Company will make all Customer Data available to Customer for electronic retrieval for a period of thirty (30) days, but thereafter Company may, but is not obligated to, delete stored Customer Data. All sections of this Agreement which by their nature should survive termination will survive termination, including, without limitation, accrued rights to payment, confidentiality obligations, warranty disclaimers, and limitations of liability.
6. WARRANTY AND DISCLAIMER
Company shall use reasonable efforts consistent with prevailing industry standards to maintain the Services in a manner which minimizes errors and interruptions in the Services and shall perform the Implementation Services in a professional and workmanlike manner. Services may be temporarily unavailable for scheduled maintenance or for unscheduled emergency maintenance, either by Company or by third-party providers, or because of other causes beyond Company’s reasonable control, but Company shall use reasonable efforts to provide advance notice in writing or by e-mail of any scheduled service disruption. HOWEVER, COMPANY DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR FREE; NOR DOES IT MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE SERVICES. EXCEPT AS EXPRESSLY SET FORTH IN THIS SECTION, THE SERVICES AND IMPLEMENTATION SERVICES ARE PROVIDED “AS IS” AND COMPANY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
7. INDEMNITY Company shall hold Customer harmless from liability to third parties resulting from infringement by the Service of any United States patent or any copyright or misappropriation of any trade secret, provided Company is promptly notified of any and all threats, claims and proceedings related thereto and given reasonable assistance and the opportunity to assume sole control over defense and settlement; Company will not be responsible for any settlement it does not approve in writing. The foregoing obligations do not apply with respect to portions or components of the Service (i) not supplied by Company, (ii) made in whole or in part in accordance with Customer specifications, (iii) that are modified after delivery by Company, (iv) combined with other products, processes or materials where the alleged infringement relates to such combination, (v) where Customer continues allegedly infringing activity after being notified thereof or after being informed of modifications that would have avoided the alleged infringement, or (vi) where Customer’s use of the Service is not strictly in accordance with this Agreement. If, due to a claim of infringement, the Services are held by a court of competent jurisdiction to be or are believed by Company to be infringing, Company may, at its option and expense (a) replace or modify the Service to be non-infringing provided that such modification or replacement contains substantially similar features and functionality, (b) obtain for Customer a license to continue using the Service, or (c) if neither of the foregoing is commercially practicable, terminate this Agreement and Customer’s rights hereunder and provide Customer a refund of any prepaid, unused fees for the Service.
8. LIMITATION OF LIABILITY
NOTWITHSTANDING ANYTHING TO THE CONTRARY, EXCEPT FOR BODILY INJURY OF A PERSON, COMPANY AND ITS SUPPLIERS (INCLUDING BUT NOT LIMITED TO ALL EQUIPMENT AND TECHNOLOGY SUPPLIERS), OFFICERS, AFFILIATES, REPRESENTATIVES, CONTRACTORS AND EMPLOYEES SHALL NOT BE RESPONSIBLE OR LIABLE WITH RESPECT TO ANY SUBJECT MATTER OF THIS AGREEMENT OR TERMS AND CONDITIONS RELATED THERETO UNDER ANY CONTRACT, NEGLIGENCE, STRICT LIABILITY OR OTHER THEORY: (A) FOR ERROR OR INTERRUPTION OF USE OR FOR LOSS OR INACCURACY OR CORRUPTION OF DATA OR COST OF PROCUREMENT OF SUBSTITUTE GOODS, SERVICES OR TECHNOLOGY OR LOSS OF BUSINESS; (B) FOR ANY INDIRECT, EXEMPLARY, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES; (C) FOR ANY MATTER BEYOND COMPANY’S REASONABLE CONTROL; OR (D) FOR ANY AMOUNTS THAT, TOGETHER WITH AMOUNTS ASSOCIATED WITH ALL OTHER CLAIMS, EXCEED THE FEES PAID BY CUSTOMER TO COMPANY FOR THE SERVICES UNDER THIS AGREEMENT IN THE 12 MONTHS PRIOR TO THE ACT THAT GAVE RISE TO THE LIABILITY, IN EACH CASE, WHETHER OR NOT COMPANY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
9. MISCELLANEOUSIf any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable. This Agreement is not assignable, transferable or sublicensable by Customer except with Company’s prior written consent. Company may transfer and assign any of its rights and obligations under this Agreement without consent. This Agreement is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of this Agreement, and that all waivers and modifications must be in a writing signed by both parties, except as otherwise provided herein. No agency, partnership, joint venture, or employment is created as a result of this Agreement and Customer does not have any authority of any kind to bind Company in any respect whatsoever. In any action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover costs and attorneys’ fees. All notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; the day after it is sent, if sent for next day delivery by recognized overnight delivery service; and upon receipt, if sent by certified or registered mail, return receipt requested. This Agreement shall be governed by the laws of the State of Delaware without regard to its conflict of laws provisions. The parties shall work together in good faith to issue at least one mutually agreed upon press release within 90 days of the Effective Date, and Customer otherwise agrees to reasonably cooperate with Company to serve as a reference account upon request.
Security Standards
10. MUTUAL OBLIGATIONS.
10.1. Financial Institution Security Standards. Each party will comply with the appropriate information security standards based on the type of confidential information exchanged by the parties. Such security standards include the Interagency Guidelines Establishing Standards for Safeguarding Customer Information (“Guidelines”) or any other applicable security regulations set forth by a state or federal bank regulatory agency.
10.2. PCI DSS Compliance. To the extent either party handles cardholder information (e.g., credit or debit card information) that is subject to PCI DSS, such party is responsible for securing the cardholder information pursuant to the Payment Card Industry Data Security Standard (“PCI DSS”).
11. FINGOAL’S OBLIGATIONS.
11.1. Security Practices:
11.1.1. Each party will materially adhere to ISO 27002:2013, SOC2 Type II, or similar security standards.
11.2. Information Security Program. FinGoal’s Information Security Program complies with applicable United States federal and state laws and regulations regarding the protection of Non-Public Personal Information (NPPI).
11.3. Security Incident Response. FinGoal will document, maintain, and follow industry best practices for security incident notification and response plans.
11.4. Background Investigations of Personnel. FinGoal will conduct at its expense comprehensive background checks following FinGoal’s policies on its employees and contractors (“Personnel”) that are materially involved in providing the Services. FinGoal will provide its background check policy upon request. Any Personnel with an unsatisfactory background check will not be permitted to perform material aspects of the Services.
11.5. Security Breach of FinGoal Services:
11.5.1. FinGoal will notify Customer of any material security breach of the Services within twenty-four (24) hours of its discovery and confirmation.
11.5.2. FinGoal will reasonably cooperate with Customer in the investigation of a security breach. FinGoal will provide access to information reasonably required by Customer, and will make Personnel available to the extent necessary to assist Customer in determining the impact to Customer. All information exchanged for this activity is FinGoal’s Confidential Information.
11.5.3. At the conclusion of the security breach investigation, FinGoal will provide a written summary to Customer.
11.6. Vulnerability Assessments and Penetration Testing:
11.6.1. FinGoal will conduct annual vulnerability assessment and penetration testing of FinGoal’s network and applications (as relevant to the Services) to identify potential security vulnerabilities. FinGoal will make a summary reports of testing results and mitigation plans available to Customer upon request. FinGoal will use commercially reasonable efforts to mitigate any critical or high-risk vulnerabilities within 30 days of identification.
11.6.2. Customer may perform an annual vulnerability assessment and penetration test of FinGoal’s network and applications (as relevant to the Services); provided that: (i) the parties mutually agree on testing timing and scope; (ii) the testing is non-intrusive; (iii) the testing is conducted on a dedicated stage environment; and (iv) the testing complies with FinGoal’s Security Policies. FinGoal does not permit unauthorized scans of FinGoal assets, nor respond to reports from unauthorized scans or testing by Customers or Customer vendors.
12. CUSTOMER OBLIGATIONS.
12.1. Customer Security Breach:
12.1.1. Customer will notify FinGoal of any material security breach of the Customer App within twenty-four (24) hours of discovery.
12.1.2. Customer will reasonably cooperate with FinGoal in the investigation of a security breach. Customer will provide access to information required by FinGoal, and will make personnel available to the extent necessary to assist FinGoal in determining the impact to FinGoal. All information exchange for this activity is Confidential Information.
12.1.3. FinGoal may suspend the Services upon written notice to Customer in the event of a security breach until FinGoal has determined that the incident does not pose a security or reputational risk to FinGoal. Customer will not be responsible for any fees during the period of such suspension. If Customer and FinGoal are unable to agree on reinstatement of the Services after a security breach, Customer and FinGoal may immediately terminate all or part of the Services or the agreement without cost or penalty.
12.2. Attestation of Security Practices. If requested by FinGoal, Customer will provide:
12.2.1. A letter, on Customer letterhead and signed by a duly authorized officer, that certifies the existence and viability of the security practices of the Customer.In addition to the foregoing, if Customer is not a US-based regulated financial institution, upon FinGoal’s request, Customer will demonstrate:
12.2.2. Customer has a comprehensive security program that includes the policies, procedures, and practices used to deliver the Services.
12.2.3. Customer adheres to security standards such as ISO 27001:2013, SOC2 Type II, or other similar standards.
12.3. Security-Related Representations to Users. Customer shall not make reference to FinGoal’s security certifications, audits, or practices to Users or any other third parties without FinGoal’s prior written approval.