.svg)
.svg)
.svg)
Pivoting Owl Inc. (“Thena”) provides a solution for businesses to effortlessly track and manage their customers directly in Slack.
This Privacy Policy describes how Thena collects, uses, discloses and otherwise processes personal information in connection with our website and any other sites or services that link to this Privacy Policy (collectively, the “Services”), and explains the rights and choices available to individuals with respect to their information.
This Privacy Policy does not apply to personal information (including name, business email address, link to Slack profile picture, and Slack user metadata) that we process on behalf of our customers. We process this information as instructed by our customers, in our capacity as a service provider/data processor, in accordance with the terms of our Data Processing Addendum.
Automatic data collection. We and our service providers may automatically log information about you, your computer or mobile device, and your interaction over time with our Services, our communications and other online services, such as:
We use both persistent cookies and session cookies. Persistent cookies stay on your device for a set period of time or until you delete them, while session cookies are deleted once you close your web browser. We use persistent cookies, for example, to record your choice of language and country location. The cookies placed through your use of our website are either set by us (first-party cookies) or by a third party at our request (third-party cookies).
We use the following categories of cookies:
Essential. These cookies are necessary to allow the technical operation of our services (e.g., they enable you to move around on a website and to use its features).
Functionality / performance. We use these cookies to enhance the functionality and performance of the services.
Analytics. We use these cookies to help us understand how our services are performing and being used. These cookies may work with web beacons included in emails we send to track which emails are opened and which links are clicked by recipients.
Providing and supporting our Services. We use personal information to operate, maintain, and provide you with our Services. In particular, we will use personal information to perform our contractual obligation under our terms of service, such as to allow you to use the Services.
Communicating with you about our Services. It is in our legitimate business interests to use personal information to respond to your requests, provide customer support, and communicate with you about our Services, including by sending announcements, updates, security alerts and support and administrative messages.
Improving, monitoring, personalizing, and protecting our Services. It is in our legitimate business interests to improve and keep our Services safe for our users, which includes:
troubleshooting, testing and research and to keep the Services secure; and
Direct marketing. We may send you Thena-related direct marketing communications as permitted by law, including by email. Except where consent is required, we undertake such marketing on the basis of our legitimate business interest. You may opt-out of our marketing communications as described in the Opt out of marketing communications section below. Where we seek your consent, you may withdraw your consent at any time by contacting us using the details in the How to Contact Us section below.
Compliance and protection. We may use personal information to comply with legal obligations, and to defend us against legal claims or disputes, including to understanding your needs and interests, and personalize your experience with the Services and our communications; troubleshooting, testing and research and to keep the Services secure; and investigating and protecting against fraudulent, harmful, unauthorized or illegal activity.
Security Practices
We use reasonable organizational, technical and administrative measures designed to protect againstunauthorized access, misuse, loss, disclosure, alteration and destruction of personal information wemaintain. Unfortunately, data transmission over the Internet cannot be guaranteed as completely secure.Therefore, while we strive to protect your personal information, we cannot guarantee the security ofpersonal information.
Children
Our Services are not intended for use by children under 18 years of age. If we learn that we havecollected personal information through the Services from a child under 18 without the consent of thechild’s parent or guardian as required by law, we will delete it.
Job Applicants
When you visit the Careers portion of the website, we collect the information that you provide to us inconnection with your job application. This includes business and personal contact information,professional credentials and skills, educational and work history, and other information of the type thatmay be included in a resume. This may also include diversity information that you voluntarily provide. Weuse this information on the basis of our legitimate business interests to facilitate our recruitment activitiesand process employment applications, such as by evaluating a job candidate for an employment activity,to monitor recruitment statistics, and to respond to surveys. We may also use this information to provideimproved administration of the services, and as otherwise necessary (a) to comply with relevant laws or torespond to subpoenas or warrants served on us; (b) to protect and defend our or others’ rights orproperty; (c) in connection with a legal investigation; and/or (d) to investigate or assist in preventing anyviolation or potential violation of the law, this Privacy Policy, or our terms of service.
International Data Transfers
You will provide personal information directly to our website in the United States. We may also transferpersonal information to our affiliates and service providers in the United States and other jurisdictions.Please note that such jurisdictions may not provide the same protections as the data protection laws inyour home country.When we engage in cross-border data transfers, we will ensure that relevant safeguards are in place toafford adequate protection for personal information and we will comply with applicable data protectionlaws, in particular by relying on an EU Commission or UK government adequacy decision or oncontractual protections for the transfer of personal information. For more information about how wetransfer personal information internationally, please contact us as set out in the How to Contact Ussection below.
To determine the appropriate retention period for personal information, we consider the amount, nature,and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosureof personal information, the purposes for which we use personal information and whether we can achievethose purposes through other means, and the applicable legal and regulatory requirements.
Changes to this Privacy Policy
We reserve the right to modify this Privacy Policy at any time. If we make material changes to this PrivacyPolicy, we will notify you by updating the date of this Privacy Policy and posting it on our Services.
How to Contact Us
Pivoting Own Inc. is the entity responsible for the processing of our business contacts’ personalinformation (as a controller, where provided under applicable law).
Please direct any questions or comments about this Policy or privacy practices to legal@thena.ai. Youmay also write to us via postal mail at:
548 Market St
San Francisco, CA 94104
1.1 The following terms, when used in this Agreement will have the following meanings:
“Affiliates” means an entity that directly or indirectly Controls, is Controlled by, or is under commonControl with another entity, so long as such Control exists. For the purposes of this definition, “Control”means beneficial ownership of 50% or more of the voting power or equity in an entity.
“Confidential Information” means any information or data disclosed by either party that is marked orotherwise designated as confidential or proprietary or that should otherwise be reasonably understoodto be confidential in light of the nature of the information and the circumstances surrounding disclosure.However, “Confidential Information” will not include any information which (a) is in the public domainthrough no fault of receiving party; (b) was properly known to receiving party, without restriction, priorto disclosure by the disclosing party; (c) was properly disclosed to receiving party, without restriction, byanother person with the legal authority to do so; or (d) is independently developed by the receivingparty without use of or reference to the disclosing party’s Confidential Information.
“Documentation” means the printed and digital instructions, on-line help files, technical documentationand user manuals made available by Thena for the Thena Product.
“Non-Thena Product” means a third party or Customer web-based, mobile, offline or other softwareapplication that integrates with the Thena Product (other than third party data hosting services used byThena). For clarity, the Thena Product excludes Non-Thena Products.
2.1 Provision of Thena Product.
(a) Subject to the terms and conditions of this Agreement, Thena will make the ThenaProduct available to Customer pursuant to this Agreement, the Service Level Agreement provided belowin Exhibit A (the “SLA”) and the applicable Order Form, and hereby grants Customer a non-exclusive rightto access and use the Thena Product for its internal business purposes to augment its customercommunication capabilities.
(b) If an applicable Order Form allows Customer to trial or evaluate the Thena Product, orany portion thereof, whether free of charge or for a reduced fee, or Customer is otherwise providedaccess to the Thena Product free of charge (each, a “Trial”), then Customer may exercise the rightsgranted in this Section solely during the trial period indicated in the Order Form or during the periodindicated by Thena. Thena reserves the right to suspend or terminate any Trial at any time.Notwithstanding anything contained herein, for any Trial, the Thena Product is provided “as is” withoutany representations, warranties or indemnities, and not subject to the SLA.
2.2 Data Security.
(a) Thena will maintain a security program materially in accordance with industry standardsthat is designed to (i) ensure the security and integrity of Customer data uploaded by or on behalf ofCustomer to the Thena Product (“Customer Data”); (ii) protect against threats or hazards to the securityor integrity of Customer Data; and (iii) prevent unauthorized access to Customer Data. In furtherance ofthe foregoing, Thena will maintain the administrative, physical and technical safeguards to protect thesecurity of Customer Data that are described in the Thena security page located at https://www.thena.ai/security (the “Security Page”) posted as of the date of the initial Order Formhereunder (and as the Security Page may be updated by Thena in a manner that does not materiallydecrease the applicable protections).
(b) To the extent that Thena processes any Personal Data (as defined in the DPA referencedbelow) contained in Customer Data that is subject to Data Protection Legislation (as defined in the DPA),on Customer’s behalf, in the provision of the Thena Product, the Data Processing Addendum (“DPA”)currently available at: https://www.thena.ai/data is hereby deemed incorporated herein by reference.
2.3 Customer Responsibilities.
(a) Customer will (i) be responsible for all use of the Thena Product under its account,(ii) use commercially reasonable efforts to prevent unauthorized access to or use of the Thena Productand notify Thena promptly of any such unauthorized access or use or any other known or suspectedbreach of security or misuse of the Thena Product and (iii) be responsible for obtaining and maintainingany equipment, software and ancillary services needed to connect to, access or otherwise use the ThenaProduct, including as set forth in the Documentation. Customer will be solely responsible for its failureto maintain such equipment, software and services, and Thena will have no liability for such failure(including under any service level agreement).
(b) Customer will not use the Thena Product to transmit or provide to Thena any financialor medical information of any nature, or any sensitive personal data (e.g., social security numbers,driver’s license numbers, birth dates, personal bank account numbers, passport or visa numbers andcredit card numbers).
(c) Customer shall be responsible for the content of all communications sent by its users viathe Thena Product. Customer agrees that it will not use the Thena Product to communicate anymessage or material that (i) is libellous, harmful to minors, obscene or constitutes pornography;(ii) infringes the intellectual property rights of any third party or is otherwise unlawful; or (iii) constitutesor encourages conduct that could constitute a criminal offense.
2.4 Affiliates. Any Affiliate of Customer will have the right to enter into an Order Form executed bysuch Affiliate and Thena and this Agreement will apply to each such Order Form as if such Affiliate werea signatory to this Agreement. With respect to such Order Forms, such Affiliate becomes a party to thisAgreement and references to Customer in this Agreement are deemed to be references to such Affiliate.Each Order Form is a separate obligation of the Customer entity that executes such Order Form, and noother Customer entity has any liability or obligation under such Order Form.
3.1 Fees. Customer will pay Thena the fees set forth in the applicable Order Form. Customer shallpay those amounts due and not disputed in good faith within thirty (30) days of the date of receipt of theapplicable invoice, unless a specific date for payment is set forth in such Order Form, in which casepayment will be due on the date specified. Except as otherwise specified herein or in any applicableOrder Form, (a) fees are quoted and payable in United States dollars and (b) payment obligations arenon-cancelable and non-pro-ratable for partial months, and fees paid are non-refundable. If Customer’spayment plan includes an ongoing subscription that is automatically renewed periodically, Customerhereby authorizes Thena to bill Customer’s payment instrument in advance on such periodic basis inaccordance with the terms of the applicable Order Form until the expiration or termination of theapplicable Order Form, and Customer further agrees to pay any and all charges so incurred.
3.2 Late Payment. Thena may suspend access to the Thena Product immediately upon notice ifCustomer fails to pay any amounts hereunder at least five (5) days past the applicable due date.
3.3 Taxes. All amounts payable hereunder are exclusive of any sales, use and other taxes or duties,however designated (collectively “Taxes”). Customer will be solely responsible for payment of all Taxes,except for those taxes based on the income of Thena. Customer will not withhold any Taxes from anyamounts due to Thena.
4.1 Proprietary Rights. As between the parties, Thena exclusively owns all right, title and interest inand to the Thena Product, System Data and Thena’s Confidential Information, and Customer exclusivelyowns all right, title and interest in and to the Customer Data, and Customer’s Confidential Information.“System Data” means data collected by Thena regarding the Thena Product that may be used togenerate logs, statistics or reports regarding the performance, availability, usage, integrity or security ofthe Thena Product.
4.2 Feedback. Customer may from time to time provide Thena suggestions or comments forenhancements or improvements, new features or functionality or other feedback (“Feedback”) withrespect to the Thena Product. Thena will have full discretion to determine whether or not to proceedwith the development of any requested enhancements, new features or functionality. Thena will havethe full, unencumbered right, without any obligation to compensate or reimburse Customer, to use,incorporate and otherwise fully exercise and exploit any such Feedback in connection with its productsand services.
5.1 Confidentiality. Each party agrees that it will use the Confidential Information of the other partysolely in accordance with the provisions of this Agreement and it will not disclose the same directly orindirectly, to any third party without the other party’s prior written consent, except as otherwisepermitted hereunder. However, either party may disclose Confidential Information (a) to its employees,officers, directors, attorneys, auditors, financial advisors and other representatives who have a need toknow and are legally bound to keep such information confidential by confidentiality obligationsconsistent with those of this Agreement; and (b) as required by law (in which case the receiving partywill provide the disclosing party with prior written notification thereof, will provide the disclosing partywith the opportunity to contest such disclosure, and will use its reasonable efforts to minimize suchdisclosure to the extent permitted by applicable law. Neither party will disclose the terms of thisAgreement to any third party, except that either party may confidentially disclose such terms to actual orpotential lenders, investors or acquirers. Each party agrees to exercise due care in protecting theConfidential Information from unauthorized use and disclosure. In the event of actual or threatenedbreach of the provisions of this Section 5, the non-breaching party will be entitled to seek immediateinjunctive and other equitable relief, without waiving any other rights or remedies available to it. Eachparty will promptly notify the other in writing if it becomes aware of any violations of the confidentialityobligations set forth in this Agreement.
5.2 Technology Restrictions. Customer will not directly or indirectly: (a) reverse engineer, decompile,disassemble, modify, create derivative works of or otherwise create, attempt to create or derive, orpermit or assist any third party to create or derive, the source code underlying the Thena Product;(b) attempt to probe, scan or test the vulnerability of the Thena Product, breach the security orauthentication measures of the Thena Product without proper authorization or wilfully render any partof the Thena Product unusable; (c) use or access the Thena Product to develop a product or service thatis competitive with Thena’s products or Product or engage in competitive analysis or benchmarking;(d) transfer, distribute, resell, lease, license, or assign the Thena Product or otherwise offer the ThenaProduct on a standalone basis; or (e) otherwise use the Thena Product in violation of applicable law(including any export law) or outside the scope expressly permitted hereunder and in the applicableOrder Form.
6.1 Thena. Thena warrants that it will, consistent with prevailing industry standards, provide theThena Product in a professional and workmanlike manner and the Thena Product will conform in allmaterial respects with the Documentation. For material breach of the foregoing express warranty,Customer’s exclusive remedy shall be the re-performance of the deficient Thena Product or, if Thenacannot re-perform such deficient Thena Product as warranted within thirty (30) days after receipt ofwritten notice of the warranty breach, Customer shall be entitled to terminate the applicable OrderForm and recover a pro-rata portion of the prepaid subscription fees corresponding to the terminatedportion of the applicable subscription term.
6.2 Customer. Customer warrants that it has all rights necessary to provide any information, data orother materials that it provides hereunder, and to permit Thena to use the same as contemplatedhereunder.
6.3 DISCLAIMERS. EXCEPT AS EXPRESSLY SET FORTH HEREIN, EACH PARTY DISCLAIMS ANY AND ALLWARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, TITLE,NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMER ACKNOWLEDGES THATTHE THENA PRODUCT IS INTENDED TO AUGMENT THE EFFICIENCY OF, BUT NOT REPLACE, CUSTOMER’SCUSTOMER COMMUNICATION SYSTEMS AND PROCESSES. THENA DOES NOT REPRESENT OR WARRANTTHAT THE THENA PRODUCT WILL BE ERROR-FREE. THENA IS NOT RESPONSIBLE OR LIABLE FOR ANYNON-THENA PRODUCTS, DOES NOT GUARANTEE THE CONTINUED AVAILABILITY THEREOF OR ANYINTEGRATION THEREWITH, AND MAY CEASE MAKING ANY SUCH INTEGRATION AVAILABLE IN ITSDISCRETION.
6.4 BETA PRODUCTS. FROM TIME TO TIME, CUSTOMER MAY HAVE THE OPTION TO PARTICIPATE IN APROGRAM WITH THENA WHERE CUSTOMER GETS TO USE ALPHA OR BETA PRODUCTS, FEATURES ORDOCUMENTATION (COLLECTIVELY, “BETA PRODUCTS”) OFFERED BY THENA. THE BETA PRODUCTS ARENOT GENERALLY AVAILABLE AND ARE PROVIDED “AS IS”. THENA DOES NOT PROVIDE ANY INDEMNITIES,SERVICE LEVEL COMMITMENTS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OFMERCHANTABILITY, TITLE, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE, IN RELATIONTHERETO. CUSTOMER OR THENA MAY TERMINATE CUSTOMER’S ACCESS TO THE BETA PRODUCTS ATANY TIME.
7.1 Indemnity by Thena. Thena will defend Customer against any claim, demand, suit, or proceeding(“Claim”) made or brought against Customer by a third party alleging that the use of the Thena Productas permitted hereunder infringes or misappropriates a United States patent, copyright or trade secretand will indemnify Customer for any damages finally awarded against Customer (or any settlementapproved by Thena) in connection with any such Claim; provided that (a) Customer will promptly notifyThena of such Claim, (b) Thena will have the sole and exclusive authority to defend and/or settle anysuch Claim (provided that Thena may not settle any Claim without Customer’s prior written consent,which will not be unreasonably withheld, unless it unconditionally releases Customer of all relatedliability) and (c) Customer reasonably cooperates with Thena in connection therewith. If the use of theThena Product by Customer has become, or in Thena’s opinion is likely to become, the subject of anyclaim of infringement, Thena may at its option and expense (i) procure for Customer the right tocontinue using and receiving the Thena Product as set forth hereunder; (ii) replace or modify the ThenaProduct to make it non-infringing (with comparable functionality); or (iii) if the options in clauses (i) or (ii)are not reasonably practicable, terminate the applicable Order Form and provide a pro rata refund of anyprepaid subscription fees corresponding to the terminated portion of the applicable subscription term.Thena will have no liability or obligation with respect to any Claim if such Claim is caused in whole or inpart by (A) compliance with designs, guidelines, plans or specifications provided by Customer; (B) use ofthe Thena Product by Customer not in accordance with this Agreement; (C) modification of the ThenaProduct by or on behalf of Customer; (D) Customer Confidential Information or (E) the combination,operation or use of the Thena Product with other products or services where the Thena Product wouldnot by itself be infringing (clauses (A) through (E), “Excluded Claims”). This Section states Thena’s soleand exclusive liability and obligation, and Customer’s exclusive remedy, for any claim of any naturerelated to infringement or misappropriation of intellectual property.
7.2 Indemnification by Customer. Customer will defend Thena against any Claim made or broughtagainst Thena by a third party arising out of the Excluded Claims, and Customer will indemnify Thena forany damages finally awarded against Thena (or any settlement approved by Customer) in connectionwith any such Claim; provided that (a) Thena will promptly notify Customer of such Claim, (b) Customerwill have the sole and exclusive authority to defend and/or settle any such Claim (provided thatCustomer may not settle any Claim without Thena’s prior written consent, which will not beunreasonably withheld, unless it unconditionally releases Thena of all liability) and (c) Thena reasonablycooperates with Customer in connection therewith.
EXCEPT FOR A PARTY’S INDEMNIFICATION OBLIGATIONS, A BREACH OF SECTION 5 OR A PARTY’SINFRINGEMENT OR MISAPPROPRIATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS,UNDER NO LEGAL THEORY, WHETHER IN TORT, CONTRACT, OR OTHERWISE, WILL EITHER PARTY BELIABLE TO THE OTHER UNDER THIS AGREEMENT FOR (A) ANY INDIRECT, SPECIAL, INCIDENTAL,CONSEQUENTIAL OR PUNITIVE DAMAGES OF ANY CHARACTER, INCLUDING DAMAGES FOR LOSS OFGOODWILL, LOST PROFITS, LOST SALES OR BUSINESS, WORK STOPPAGE, COMPUTER FAILURE ORMALFUNCTION, LOST CONTENT OR DATA, EVEN IF A REPRESENTATIVE OF SUCH PARTY HAS BEENADVISED, KNEW OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES, OR (B) EXCLUDINGCUSTOMER’S PAYMENT OBLIGATIONS, ANY AGGREGATE DAMAGES, COSTS, OR LIABILITIES IN EXCESS OFTHE AMOUNTS PAID BY CUSTOMER UNDER THE APPLICABLE ORDER FORM DURING THE TWELVE (12)MONTHS PRECEDING THE CLAIM.
9.1 Term. The term of this Agreement will commence on the date of the initial Order Form andcontinue until terminated as set forth below. The initial term of each Order Form will begin on the startdate indicated in such Order Form and will continue for the subscription term set forth therein. Exceptas set forth in such Order Form, the term of such Order Form will automatically renew for successiverenewal terms equal to the length of the initial term of such Order Form, unless either party provides theother party with written notice of non-renewal at least thirty (30) days prior to the end of thethen-current term.
9.2 Termination. Each party may terminate this Agreement upon written notice to the other party ifthere are no Order Forms then in effect. Each party may also terminate this Agreement or the applicableOrder Form upon written notice in the event (a) the other party commits any material breach of thisAgreement or the applicable Order Form and fails to remedy such breach within thirty (30) days afterwritten notice of such breach or (b) subject to applicable law, upon the other party’s liquidation,commencement of dissolution proceedings or assignment of substantially all its assets for the benefit ofcreditors, or if the other party become the subject of bankruptcy or similar proceeding that is notdismissed within sixty (60) days.
9.3 Survival. Upon expiration or termination of this Agreement all rights and obligations willimmediately terminate except that any terms or conditions that by their nature should survive suchexpiration or termination will survive, including the License Restrictions and terms and conditionsrelating to proprietary rights and confidentiality, technology restrictions, disclaimers, indemnification,limitations of liability and termination and the general provisions below. Upon expiration or terminationof this Agreement, each party will return or destroy, at the other party’s option, any ConfidentialInformation of such party in the other party’s possession or control.
10.1 Insurance. Thena shall, during the term of this Agreement, maintain in force the following insurance coverage at its own cost and expense: (a) Statutory Worker’s Compensation and Employer’sLiability as required by state law with a minimum limit of $1,000,000 each accident / $1,000,000 each disease / $1,000,000 policy limit per occurrence, Disability and Unemployment Insurance, and all other insurance as required by law, including Employer’s Liability Insurance with limits of no less than $1,000,000 per occurrence, or any amount required by applicable law, whichever is greater; (b) Commercial General Liability, on an occurrence basis, including premises-operations, product completed-operations, broad form property damage, contractual liability, independent contractors and personal liability, with a minimum combined single limit of $1,000,000 per occurrence; and (c) Professional Errors and Omissions and Cyber Liability coverage covering the Thena Product, with coverage limits of not less than $2,000,000 per claim or per occurrence/$2,000,000 aggregate, placed either on an “occurrence” basis or on a “claims made” basis.
10.2 Publicity. Customer agrees that Thena may refer to Customer’s name and trademarks in Thena’smarketing materials and website; however, Thena will not use Customer’s name or trademarks in anyother publicity (e.g., press releases, customer references and case studies) without Customer’s priorwritten consent (which may be by email).
10.3 Assignment; Delegation. Neither party hereto may assign or otherwise transfer this Agreement,in whole or in part, without the other party’s prior written consent, except that either party may assignthis Agreement without consent to a successor to all or substantially all of its assets or business relatedto this Agreement. Any attempted assignment, delegation, or transfer by either party in violation hereofwill be null and void. Subject to the foregoing, this Agreement will be binding on the parties and theirsuccessors and assigns.
10.4 Amendment; Waiver. Thena reserves the right in its sole discretion and at any time and for anyreason to modify these Terms and Conditions. With respect to each Order Form, any modifications tothese Terms and Conditions shall become effective upon the date of Customer’s next renewal of suchOrder Form. It is Customer’s responsibility to review these Terms and Conditions from time to time forany changes or modifications. If Customer does not agree to the modified Terms and Conditions,Customer may provide notice of Customer’s non-renewal at any point prior to the Customer’s nextrenewal. No waiver by either party of any breach or default hereunder shall be deemed to be a waiverof any preceding or subsequent breach or default. Any such waiver will be only to the specific provisionand under the specific circumstances for which it was given, and will not apply with respect to anyrepeated or continued violation of the same provision or any other provision. Failure or delay by eitherparty to enforce any provision of this Agreement will not be deemed a waiver of future enforcement ofthat or any other provision. The section headings used herein are for convenience only and shall not begiven any legal import.
10.5 Relationship. Nothing contained herein will in any way constitute any association, partnership,agency, employment or joint venture between the parties hereto, or be construed to evidence theintention of the parties to establish any such relationship. Neither party will have the authority toobligate or bind the other in any manner, and nothing herein contained will give rise or is intended togive rise to any rights of any kind to any third parties.
10.6 Unenforceability. If a court of competent jurisdiction determines that any provision of thisAgreement is invalid, illegal, or otherwise unenforceable, such provision will be enforced as nearly aspossible in accordance with the stated intention of the parties, while the remainder of this Agreementwill remain in full force and effect and bind the parties according to its terms.
10.7 Governing Law. This Agreement will be governed by the laws of the State of California, exclusiveof its rules governing choice of law and conflict of laws. This Agreement will not be governed by theUnited Nations Convention on Contracts for the International Sale of Goods.
10.8 Notices. Any notice required or permitted to be given hereunder will be given in writing bypersonal delivery, certified mail, return receipt requested, or by overnight delivery. Notices to Customermay be sent to the address listed on the Customer’s applicable Order Form or email address provided byCustomer when Customer creates its Thena Product account. Notices to Thena must be sent to thefollowing:
Pivoting Owl, Inc.
Pivoting Owl Inc
548 Market St, San Francisco, CA 94104
10.9 Entire Agreement. This Agreement comprises the entire agreement between Customer andThena with respect to its subject matter, and supersedes all prior and contemporaneous proposals,statements, sales materials or presentations and agreements (oral and written). No oral or writteninformation or advice given by Thena, its agents or employees will create a warranty or in any wayincrease the scope of the warranties in this Agreement
10.10 Force Majeure. Neither Party will be deemed in breach hereunder for any cessation,interruption or delay in the performance of its obligations due to causes beyond its reasonable control(“Force Majeure Event”), including earthquake, flood, or other natural disaster, act of God, laborcontroversy, civil disturbance, terrorism, war (whether or not officially declared), cyber attacks (e.g.,denial of service attacks), or the inability to obtain sufficient supplies, transportation, or other essentialcommodity or service required in the conduct of its business, or any change in or the adoption of anylaw, regulation, judgment or decree.
10.11 Government Terms. Thena provides the Thena Product, including related software andtechnology, for ultimate federal government end use solely in accordance with the terms of thisAgreement. If Customer is an agency, department, or other entity of any government, the use,duplication, reproduction, release, modification, disclosure, or transfer of the Thena Product, or anyrelated documentation of any kind, including technical data, software, and manuals, is restricted by theterms of this Agreement. All other use is prohibited and no rights than those provided in this Agreementare conferred. The Thena Product was developed fully at private expense.
10.12 Interpretation. For purposes hereof, “including” means “including without limitation”.
SLA
Availability Commitment.
The Thena Product will be Available 99.5% of the time, measuredly on a calendar monthly basis(the “Availability Commitment”). “Availability” means that the Thena Product is available to be used tosupport, service and communicate with Customer’s customers. Availability measures will not includedowntime resulting from:
● Upgrades: Customer will receive prior notice by email of Thena’s upgrade windows, which will bescheduled to the extent feasible. Downtime due to upgrades will not exceed 2 hours per month.
● Pre-scheduled maintenance periods: Customer will receive at least 24 hoursprior notification byemail of pre-scheduled maintenance periods. Downtime due to pre-scheduled maintenance willnot exceed 2 hours per month.
● Emergency maintenance periods: Customer will receive prior notification by email on acommercially reasonable efforts basis. These maintenance periods will involve applying criticalsecurity patches and other emergency repairs to the Thena infrastructure.
The Availability Commitment does not apply to any downtime of the Thena Product that results from:
● Account suspension or termination due to Customer’s breach of the Agreement;
● Disengagement of functionality of the Thena Product due to Customer’s request;
● Force Majeure Events; or
● Customer’s or its service provider’s equipment, software or other technology.
Thena will provide Customer with reports on Availability upon request.
Credit.
If Thena fails to achieve the above Availability for the Thena Product, Customer may claim a credit basedon a monthly pro-rated amount of the annual subscription fee, as provided below.
Customer will not be entitled to a credit if it is in breach of this Agreement, including its paymentobligations. To receive a credit, a Customer must file a claim for such credit within five (5) days followingthe end of the month in which the Availability Commitment was not met by contacting Thena atsupport@thena.ai with a complete description of the downtime, how Customer was adversely affected,and for how long.The credit remedy set forth in this Service Level Agreement is Customer’s sole and exclusive remedy forthe unavailability of the Thena Product.
Customer Support.
Thena live technical support business hours will be available 24 hours for 5 working days betweenMonday to Friday. Technical support can be contacted via email at support@thena.ai or via sharedchannels in the customer communication platform.
Communication Channels:
Live technical support will not be available on Christmas Day (December 25) and New Year’s Day (January1). Limited technical support will be available during the hours listed above during Thena holidays. Thecurrent Thena holidays are set forth below:
● Presidents Day (third Monday of February)
● Memorial Day (last Monday of May)
● Independence Day (July 4)
● Labor Day (first Monday of September)
● Thanksgiving Day (fourth Thursday in November)
● Christmas Eve (December 24)
● New Year’s Eve (December 31)
In accordance with our SOC 2 Type II compliance program, wemaintain policies, procedures, and practices documenting ourtechnological, administrative, and procedural safeguards relating tothe privacy, security, integrity, and availability of personal data.
Our information security framework includes periodic audits,assessments, and employee privacy and security training.
We undergo annual independent third-party SOC 2 Type II auditsthat include a risk assessment of the threats to the privacy,confidentiality, security, integrity and availability of personal data,the likelihood that these threats occur, and measures to mitigatethese risks.We conduct penetration testing of the network and our applicationto evaluate the security of our production environment
We only collect the personal data we need to accomplish ourbusiness purposes, including names, business email addresses,links to Slack profile pictures, and Slack user metadata. We do notstore users’ conversation data on our systems.
When a customer uninstalls our solution, we securely dispose ofthe personal data in our possession by deleting the customer’sdata from our systems.
We conduct background checks on all of our employees usingCheckr.
We regularly train all our employees on our information securityprogram, the importance of the security, confidentiality, and privacyof personal data, and the risks to our company and its customersassociated with security incidents.
We only permit access to personal data, sensitive informationsystems, and our premises to authorized employees based on theirrole and with prior approval.
Terminated employees are prevented from accessing personaldata and lose access to all devices and applications upontermination.
In accordance with our SOC 2 Type II compliance program, wemaintain policies, procedures, and practices documenting ourtechnological, administrative, and procedural safeguards relating tothe privacy, security, integrity, and availability of personal data.
Our information security framework includes periodic audits,assessments, and employee privacy and security training.
All communication between customer systems and our platformtakes place using high levels of encryption (TLS 1.2/HPPS).
All stored data, session cookies, and backups are encrypted atrest. Our databases are also encrypted using custom keys foradditional security.
We use industry-standard encryption and a monitoring agent toprotect the data stored on company laptops.
We store all personal data on private networks that require VPN toaccess, and we conduct biannual penetration testing to evaluatethe security of the network.
We have implemented Snyk to detect and remedy malicious orunsecure code designed to perform an unauthorized function on,or permit unauthorized access to, any information system.
We remediate any malicious or unsecure code promptly uponidentification.
Management
We conduct biannual vulnerability assessments to detectvulnerabilities on the network, and we have implementedprocesses to remediate any detected vulnerabilities.
We maintain application security and software developmentcontrols, including private networks, custom key encryption, andbiannual penetration testing, to detect and prevent the introductionof security vulnerabilities.
Prior to implementing code changes, our employees follow adocumented change management process to assess the potentialsecurity and product impact of such changes.
We document all changes to our information systems as part ofmerger requests.
We monitor and document the movement of records or mediausing Vanta, an automated security and compliance platform.
We have implemented strict password protection on all personaldevices that access our systems.
We maintain restrictions on physical access to our offices andinformation systems through the implementation of strict accesscontrols that are recorded in a digital registry
1.1 In this DPA:
(a) “Controller”, “Data Subject”, “Processing”, “Processor”, “Service Provider”, and“Supervisory Authority” have the meaning given to them in Data Protection Law;
(b) “Data Protection Law” means the General Data Protection Regulation (EU) 2016/679("GDPR") and all other Data Protection Laws of the European Union, the European EconomicArea (“EEA”), and their respective Member States, Switzerland and the United Kingdom (“UK”);(ii) the California Consumer Privacy Act as amended by the California Privacy Rights Act(California Civil Code § 1798.100) (“CCPA”); and (iii) all laws implementing or supplementingthe foregoing and any other applicable data protection or privacy laws;
(c) “Data Subject Rights” means all rights granted to Data Subjects by Data Protection Law, suchas the right to information, access, rectification, erasure, restriction, portability, objection, andnot to be subject to automated individual decision-making;
(d) “Restricted Data Transfer” means any international transfer of Personal Data that would beprohibited under Data Protection Law in the EEA or UK without implementation of additionalsafeguards such as Standard Contractual Clauses.
(e) “Personnel” means any natural person acting under the authority of Thena;
(f) “Personal Data” means any information that constitutes “personal data” or “personalinformation” within the meaning of applicable Data Protection Law that Thena may access inperforming the services under the Agreement.
(g) “Personal Data Breach” means actual or reasonable degree of certainty of unauthorizeddestruction, loss, control, alteration, disclosure of, or access to, Personal Data for which Thenais responsible. Personal Data Breaches do not include unsuccessful access attempts or attacksthat do not compromise the confidentiality, integrity, or availability of Personal Data, includingunsuccessful log-in attempts, pings, port scans, denial of service attacks, and other networkattacks on firewalls or networked systems.
(h) “Sensitive Data” means any type of Personal Data that is designated as a sensitive or specialcategory of Personal Data, or otherwise subject to additional restrictions under Data ProtectionLaw or other laws to which the Controller is subject;
(i) “Standard Contractual Clauses” means the clauses annexed to the EU CommissionImplementing Decision 2021/914 of June 4, 2021 on standard contractual clauses for thetransfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of theEuropean Parliament and of the Council as amended or replaced from time to time; and
(j) “Data Subject Rights” means all rights granted to Data Subjects by Data Protection Law, suchas the right to information, access, rectification, erasure, restriction, portability, objection, andnot to be subject to automated individual decision-making
(k) “UK Addendum” means the International Data Transfer Addendum to the EU CommissionStandard Contractual Clauses, issued by the UK Information Commissioner for parties makingrestricted transfers, available at
https://view.officeapps.live.com/op/view.aspx?src=https% 3A%2F% 2Fico.org.uk% 2Fmedia% 2Ffor-organisations% 2Fdocuments% 2F4019535% 2Faddendum- international- data- transfer. docx&wd Origin= BROWSELINK.
1.2 Capitalized terms used but not defined herein have the meaning given to them in the Agreement.
2.1 Thena shall process Personal Data only as a processor acting on behalf of Customer and, withrespect to CCPA and other applicable U.S. state privacy laws, as a service provider, in each case,regardless of whether Customer acts as a controller or as a data processor on behalf of a third-partycontroller with respect to Personal Data.
3.1 This DPA applies to Processing of Personal Data by Thena in the context of the Agreement.
3.2 The subject matter, nature and purpose of the Processing, the types of Personal Data and categoriesof Data Subjects are set out in Annex I, which is an integral part of this DPA.
4.1 Thena will only Process Personal Data to provide the services to the Customer
4.2 It is the parties’ intent that Thena is a service provider, and Thena certifies that it will not (a) “sell” or“share” (as defined in the CCPA) the Personal Data; (b) (b) retain, use, or disclose the Personal Datato any person other than as necessary to provide the services or outside of the direct businessrelationship between the parties, unless required by applicable laws; or (c) combine the PersonalData that Thena receives from or on behalf of Customer with personal data that Reveal AI collects orreceives from another person .
4.3 Customer’s instructions are documented in Annex I, the Agreement, and any applicable statement ofwork.
4.4 Customer may issue additional instructions to Thena as it deems necessary to comply with DataProtection Law. Such instructions must be provided to Thena in writing and acknowledged in writingby Thena as constituting instructions for purposes of this DPA, and Thena may charge a reasonablefee to comply with any such additional instructions.
4.5 The parties acknowledge and agree that the disclosure of Personal Data by the Customer to Thenadoes not form part of any monetary or other valuable consideration exchanged between the parties.
5.1 Customer is responsible for the lawfulness of Personal Data processing under or in connection withthe services. Customer shall (i) have provided, and will continue to provide all notices and haveobtained, and will continue to obtain, all consents, permissions and rights necessary under applicableData Protection Law for Thena to lawfully process Personal Data for the purposes contemplated bythe Agreement (including this DPA); (ii) make appropriate use of the services to ensure a level ofsecurity appropriate to the particular content of the Personal Data; (iii) have complied with all DataProtection Law applicable to the collection of Personal Data and the transfer of such Personal Data toThena and its Subprocessors; and (iv) ensure its processing instructions comply with applicable laws(including applicable Data Protection Law).
6.1 Customer authorizes Thena to engage the Subprocessors included in the list of Subprocessorsprovided to Customer and set out in Annex III (“Subprocessor List”); and Subprocessors engaged inaccordance with Section 6.2.
6.2 Thena must inform Customer at least thirty (30) days prior to any intended change of Subprocessor,thereby giving Customer the opportunity to object to such change and Customer may object only onreasonable grounds relating to a potential or actual violation of Data Protection Law. If Customerdoes not make a reasonable objection to the proposed engagement within 30 days of Thenaproviding notice to Customer under this Section 6.2 Customer is deemed to have authorized theengagement of such Subprocessor. Where Customer raises a reasonable objection to the proposedengagement of a Subprocessor, Thena may, at its discretion, make reasonable efforts to remedy thesituation giving rise to the reasonable objection or propose an alternative Subprocessor to conductPage 2 of 10the relevant Processing. In the event Thena is unable to remedy the situation and no alternativeSubprocessor is proposed, then Thena will be entitled to terminate the Agreement without penalty orliability effective immediately on written notice to the Customer and the Customer shall pay Thenaany fees due for the services performed prior to termination.
6.3 Thena must obtain sufficient guarantees from all Subprocessors that they will implement appropriatetechnical and organizational measures in such a manner that the Processing will meet therequirements of Data Protection Law and this DPA.
6.4 Thena will enter into a written agreement with all Subprocessors which imposes substantially similarobligations on the Subprocessors as this DPA imposes on Thena.
6.5 To the extent required by law, Thena will provide a copy of Thena’s agreements with Subprocessorsto Customer upon request. Thena may redact commercially sensitive information before providingsuch agreements to Customer.
7.1 To the extent required by Data Protection Law in the EEA, by signing this DPA Customer and Thenaconclude module 2 (Controller-to-Processor) of the Standard Contractual Clauses, which are herebyincorporated by reference and completed as follows: the “data exporter” is Customer; the “dataimporter” is Thena; the optional docking clause in Clause 7 is implemented; Clause 9(a) option 1 isimplemented and the time period therein is specified as thirty (30) days; the optional redress clausein Clause 11 (a) is struck; Clause 13, (a) paragraph 2 is implemented; Clause 17 option 1 isimplemented and the governing law is the law of the Republic of Ireland; the court in Clause 18(b)are the Courts of the Republic of Ireland; Annex 1, 2 and 3 to module 2 of the Standard ContractualClauses are Annex I, II and III to this DPA respectively
7.2 To the extent required by Data Protection Law in the UK, by signing this DPA Customer and Thenaagree to be bound by the UK Addendum. Part 1, table 1 of the UK Addendum will be deemed to becompleted like its equivalent provisions in the Standard Contractual Clauses (module 2) in Annex I,Section 1. For the purpose of Part 1, Table 2 of the UK Addendum, the Approved EU SCCs are theStandard Contractual Clauses (module 2) incorporated by reference into this DPA pursuant toSection 7.1 of this DPA. For the purpose of Part 1, Table 3, Annex 1, 2 and 3 to the StandardContractual Clauses (module 2) are Annex I, II and III to this DPA respectively. For the purpose ofPart 1, Table 4, the party that may end the UK Addendum in accordance with Section 19 of the UKAddendum is the importer. For the purposes of any transfers covered by the Data Protection Law inthe UK, the Standard Contractual Clauses (module 2) will be deemed to be amended as set out inPart 2 of the UK Addendum.
8.1 Thena must ensure that all Personnel authorized to Process Personal Data agree to appropriateconfidentiality arrangements.
8.2 Thena will regularly train Personnel regarding the protection of Personal Data.
9.1 Thena must implement technical and organizational measures to ensure a level of securityappropriate to the risks presented by the Processing, including the measures listed in Annex II.
9.2 Thena must inform the Customer without undue delay after becoming aware of a Personal DataBreach. Thena must, either in the initial notice or in subsequent notices as soon as the informationbecomes available, inform Customer of the nature of the Personal Data Breach, the categories andnumber of Data Subjects, the categories and amount of Personal Data, the likely consequences ofthe Personal Data Breach, and the measures taken or proposed to be taken to address the PersonalData Breach and mitigate possible adverse effects. If Thena’s notice or subsequent notices aredelayed, they must be accompanied by reasons for the delay.
9.3 Thena’s notification of or response to a Personal Data Breach under Section 9.2 will not beconstrued as an acknowledgement by Thena of any fault or liability with respect to the Personal DataBreach.
9.4 In the event of a Personal Data Breach, Customer is solely responsible for complying with all lawsrelating to investigation of such Personal Data Breaches and notification of affected individuals,regulators and other parties.
9.5 To the extent required by law, Thena will provide a copy of Thena’s agreements with Subprocessorsto Customer upon request. Thena may redact commercially sensitive information before providingsuch agreements to Customer.
10.1 Thena must assist Customer, including by implementing appropriate technical and organizationalmeasures, with the fulfillment of Customer’s own obligations under Data Protection Law, including:
(a) “complying with Data Subjects’ requests to exercise Data Subject Rights;
(b) replying to inquiries or complaints from Data Subjects;
(c) replying to investigations and inquiries from Supervisory Authorities;
(d) conducting data protection impact assessments, and prior consultations with SupervisoryAuthorities; and
(e) Notifying Personal Data Breaches.
10.2 Unless prohibited by Data Protection Law, Thena must inform Customer without undue delay if Thena:
(a) receives a request, complaint or other inquiry regarding the Processing of Personal Data from aData Subject or Supervisory Authority;
(b) receives a binding or non-binding request to disclose Personal Data from law enforcement,courts or any government body;
(c) is subject to a legal obligation that requires Thena to Process Personal Data in contravention ofCustomer’s instructions; or
(d) is otherwise unable to comply with Data Protection Law or this DPA.
10.3 Unless prohibited by Data Protection Law, Thena must obtain Customer’s written authorizationbefore responding to, or complying with any requests, orders, or legal obligations referred to inSection 10.2.
11.1 Thena must maintain records of all Processing of Personal Data, including at a minimum thecategories of information required under Data Protection Law, and must provide a copy of suchrecords to Customer upon request.
11.2 Thena must inform Customer without undue delay if Thena believes that an instruction of Customerviolates Data Protection Law, in which case Thena may suspend the Processing until Customer hasmodified or confirmed the lawfulness of the instructions in writing. Customer has the right, uponnotice, to take reasonable and appropriate steps to stop and remediate Thena’s unauthorized use ofPersonal Data.
12.1 Upon Customer’s written request and no more than once in a calendar year, Thena will makeavailable to Customer all information reasonably necessary to demonstrate compliance with theobligations of Data Protection Law and this DPA and allow for and contribute to audits, includinginspections, conducted by a Supervisory Authority, Customer or another auditor mandated byCustomer.
12.2 TIf Customer’s requested audit scope is addressed in an SSAE 16/ISAE 3402 Type 2, ISO, NIST orsimilar audit report performed by a qualified third party auditor within twelve (12) months ofPage 4 of 10Customer’s audit request and Thena confirms there are no known material changes in the controlsaudited, Customer agrees to accept those findings in lieu of requesting an audit of the controlscovered by the report.
12.3 Any Customer-requested audits are at Customer’s expense. Customer shall reimburse Thena for anytime expended by Thena or its Subprocessors in connection with any Customer-requested audits orinspections at Thena’s then-current professional services rates, which shall be made available toCustomer upon request.
12.4 TIf Customer’s requested audit scope is addressed in an SSAE 16/ISAE 3402 Type 2, ISO, NIST orsimilar audit report performed by a qualified third party auditor within twelve (12) months ofPage 4 of 10Customer’s audit request and Thena confirms there are no known material changes in the controlsaudited, Customer agrees to accept those findings in lieu of requesting an audit of the controlscovered by the report.
13.1 The total combined liability of either party and its Affiliates towards the other party and its Affiliates,whether in contract, tort or any other theory of liability, under or in connection with Agreement andthis DPA combined, will be limited to limitations on liability or other liability caps agreed to by theparties in the Agreement.
14.1 Thena must keep all Personal Data and all information relating to the Processing thereof, in strictconfidence.
15.1 Customer acknowledges and agrees that Thena may create and derive from Processing related tothe services anonymized and/or aggregated data that does not identify Customer or any naturalperson, and use, publicize or share with third parties such data to improve Thena’s products andservices and for its other legitimate business purposes.
16.1 Thena must make all notifications required under this DPA as agreed to in the Agreement or thethen-established daily point of contact with the Customer.
17.1 The Processing will last no longer than the term of the Agreement.
17.2 Upon termination of the Processing, Thena will, as soon as reasonably practicable, return or securelydelete and destroy all Personal Data in Thena’s possession or control, except as otherwise requiredby law or set out in the Agreement. Upon request from Customer, Thena will certify such securedeletion in writing within thirty (30) days of Customer’s request.
17.3 This DPA is terminated upon Thena’s deletion of all remaining copies of Personal Data in accordancewith Section 17.2.
18.1 This DPA may only be modified by a written amendment signed by both Customer and Thena
19.1 If any provision of this DPA is found by any court or administrative body of competent jurisdiction tobe invalid or unenforceable, then the invalidity or unenforceability of such provision does not affectany other provision of this DPA and all provisions not affected by such invalidity or unenforceabilitywill remain in full force and effect.
Customer is the controller and the data exporter and Thena is the processor and the data importer.
Thena’s provision of the Saas-based customer communication platformservices to Customer.
Personal Data will be retained for as long as necessary taking into account thepurpose of the Processing, and in compliance with applicable laws, includinglaws on the statute of limitations and Data Protection Law.
Thena will process Customer Personal Data for the purposes of providing theservices to Customer in accordance with the DPA.
As and when the services are accessed.
Data relating to individuals provided to Thena in connection with the services,by (or at the direction of) Customer, including email address, name, user ID,and profile picture.
The services are not intended to Process special categories of data.
Customers’ end users
In accordance with our SOC 2 Type II compliance program, wemaintain policies, procedures, and practices documenting ourtechnological, administrative, and procedural safeguards relating tothe privacy, security, integrity, and availability of personal data.
Our information security framework includes periodic audits,assessments, and employee privacy and security training.
We undergo annual independent third-party SOC 2 Type II auditsthat include a risk assessment of the threats to the privacy,confidentiality, security, integrity and availability of personal data,the likelihood that these threats occur, and measures to mitigatethese risks.We conduct penetration testing of the network and our applicationto evaluate the security of our production environment
We only collect the personal data we need to accomplish ourbusiness purposes, including names, business email addresses,links to Slack profile pictures, and Slack user metadata. We do notstore users’ conversation data on our systems.
When a customer uninstalls our solution, we securely dispose ofthe personal data in our possession by deleting the customer’sdata from our systems.
We conduct background checks on all of our employees usingCheckr.
We regularly train all our employees on our information securityprogram, the importance of the security, confidentiality, and privacyof personal data, and the risks to our company and its customersassociated with security incidents.
We only permit access to personal data, sensitive informationsystems, and our premises to authorized employees based on theirrole and with prior approval.
Terminated employees are prevented from accessing personaldata and lose access to all devices and applications upontermination.
In accordance with our SOC 2 Type II compliance program, wemaintain policies, procedures, and practices documenting ourtechnological, administrative, and procedural safeguards relating tothe privacy, security, integrity, and availability of personal data.
Our information security framework includes periodic audits,assessments, and employee privacy and security training.
All communication between customer systems and our platformtakes place using high levels of encryption (TLS 1.2/HPPS).
All stored data, session cookies, and backups are encrypted atrest. Our databases are also encrypted using custom keys foradditional security.
We use industry-standard encryption and a monitoring agent toprotect the data stored on company laptops.
We store all personal data on private networks that require VPN toaccess, and we conduct biannual penetration testing to evaluatethe security of the network.
We have implemented Snyk to detect and remedy malicious orunsecure code designed to perform an unauthorized function on,or permit unauthorized access to, any information system.
We remediate any malicious or unsecure code promptly uponidentification.
Management
We conduct biannual vulnerability assessments to detectvulnerabilities on the network, and we have implementedprocesses to remediate any detected vulnerabilities.
We maintain application security and software developmentcontrols, including private networks, custom key encryption, andbiannual penetration testing, to detect and prevent the introductionof security vulnerabilities.
Prior to implementing code changes, our employees follow adocumented change management process to assess the potentialsecurity and product impact of such changes.
We document all changes to our information systems as part ofmerger requests.
We monitor and document the movement of records or mediausing Vanta, an automated security and compliance platform.
We have implemented strict password protection on all personaldevices that access our systems.
We maintain restrictions on physical access to our offices andinformation systems through the implementation of strict accesscontrols that are recorded in a digital registry
1.1 Pivoting Owl, Inc. (herein referred to as the “Thena,” “we,” “us” or “our”) provides and makes available this web site (the “Site”). All use of the Site is subject to the terms and conditions contained in these Website Terms and Conditions (this “Agreement”). Please read this Agreement carefully. By accessing, browsing or otherwise using the Site, you acknowledge that you have read, understood, and agree to be bound by this Agreement. If you do not accept the terms and conditions of this Agreement, you shall not access, browse or use the Site. You understand and agree that your use of our customer communication platform and services (“Thena Products”) shall not be governed by this Agreement, but rather by your company’s or organization’s agreement with Thena covering such Thena Products. However, please note that your access to and use of the Site and any Thena Products is also subject to Thena’s Privacy Policy located at https://www.thena.ai /privacy-policy.
1.2 You understand and agree that we may change this Agreement at any time without prior notice. You may read a current, effective copy of this Agreement at any time by selecting the “Terms of Use” link on the Site. The revised terms and conditions will become effective at the time of posting. Any use of the Site after such date shall constitute your acceptance of such revised terms and conditions. If any change to this Agreement is not acceptable to you, your sole remedy is to cease accessing, browsing and otherwise using the Site.
2.1 This Site contains material, including but not limited to software, text, graphics and images (collectively referred to as the “Content”). We may own the Content or portions of the Content may be made available to us through arrangements that we have with third-parties. The Content is protected by United States and foreign intellectual property laws. Unauthorized use of the Content may result in violation of copyright, trademark, and other laws. You have no rights in or to the Content, and you will not copy the Content and will only access and use the Content for your personal purposes. You may not sell, transfer, assign, license, sublicense, or modify the Content or reproduce, display, publicly perform, make a derivative version of, distribute, or otherwise use the Content in any way for any public or commercial purpose. The use or posting of any of the Content on any other web site or computer network for any purpose is expressly prohibited. If you violate any part of this Agreement, your right to access and/or use the Content and Site shall automatically terminate.
2.2 The trademarks, service marks, and logos of Thena (the “Thena Trademarks”) used and displayed on this Site are registered and unregistered trademarks or service marks of Thena. Other company, product, and service names located on the Site may be trademarks or service marks owned by third-parties (the “Third-Party Trademarks”, and, collectively with the Thena Trademarks, the “Trademarks”). Nothing on this Site or in this Agreement should be construed as granting, by implication, estoppel, or otherwise, any license or right to use any Trademark displayed on this Site without the prior written consent of Thena specific for each such use. The Trademarks may not be used to disparage Thena or the applicable third-party, Thena’s or third-party’s products or services, or in any manner (using commercially reasonable judgment) that may damage any goodwill in the Trademarks. Use of any Trademarks as part of a link to or from any web site is prohibited without Thena’s prior written consent. All goodwill generated from the use of any Thena Trademark shall inure to Thena’s benefit.
2.3 You agree not to: (a) take any action that imposes an unreasonable load on the Site’s infrastructure, (b) use any device, software or routine to interfere or attempt to interfere with the proper working of the Site or any activity being conducted on the Site, (c) attempt to decipher, decompile, disassemble or reverse engineer any of the software comprising or making up the Site, (d) delete or alter any material posted on the Site by Thena or any other person or entity, or (e) frame or link to any of the materials or information available on the Site.
2.4 The Site contains links to third-party web sites (“External Sites”). These links are provided solely as a convenience to you and not as an endorsement by us of the content on such External Sites. The content of such External Sites is developed and provided by others. You should contact a representative of those External Sites if you have any concerns regarding such links or any content located on such External Sites.
We are not responsible for the content of any linked External Sites and do not make any representations regarding the content or accuracy of any materials on such External Sites. You should take precautions when downloading files from all web sites to protect your computer from viruses and other destructive programs. If you decide to access any External Sites, you do so at your own risk.
2.5 Certain elements of the Site are protected by trade dress, trademark, unfair competition, and other state and federal laws and may not be copied or imitated in whole or in part, by any means, including but not limited to, the use of framing or mirrors, except as otherwise expressly permitted by Section 2.1 of the Agreement. None of the Content for this Site may be retransmitted without the express written consent from Thena for each and every instance.
2.6 You may from time to time provide suggestions, comments for enhancements or functionality or other feedback (“Feedback”) to us with respect to the Site or Content. We shall have full discretion to determine whether or not to proceed with the development or implementation of any Feedback. You hereby grants Thena a royalty-free, fully paid up, worldwide, transferable, sublicenseable, irrevocable, perpetual license to (a) copy, distribute, transmit, display, perform, and create derivative works of the Feedback; and (b) use the Feedback and/or any subject matter thereof, including without limitation, the right to develop, manufacture, have manufactured, market, promote, sell, have sold, offer for sale, have offered for sale, import, have imported, rent, provide and/or lease products or services which practice or embody, or are configured for use in practicing, the Feedback and/or any subject matter of the Feedback.
3.1 THENA, ITS AFFILIATES, THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SUPPLIERS, OR LICENSORS (COLLECTIVELY, THE “THENA PARTIES“) MAKE NO WARRANTIES OR REPRESENTATIONS ABOUT THE SITE OR CONTENT, INCLUDING BUT NOT LIMITED TO ITS ACCURACY, RELIABILITY, COMPLETENESS, TIMELINESS OR RELIABILITY. THE THENA PARTIES SHALL NOT BE SUBJECT TO LIABILITY FOR THE TRUTH, ACCURACY OR COMPLETENESS OF THE SITE OR CONTENT OR ANY OTHER INFORMATION CONVEYED TO THE USER OR FOR ERRORS, MISTAKES OR OMISSIONS THEREIN OR FOR ANY DELAYS OR INTERRUPTIONS OF THE DATA OR INFORMATION STREAM FROM WHATEVER CAUSE. YOU AGREE THAT YOU USE THE SITE AND THE CONTENT AT YOUR OWN RISK.
THE THENA PARTIES DO NOT WARRANT THAT THE SITE WILL OPERATE ERRORFREE OR THAT THE SITE, ITS SERVER, OR THE CONTENT ARE FREE OF COMPUTER VIRUSES OR SIMILAR CONTAMINATION OR DESTRUCTIVE FEATURES. IF YOUR USE OF THE SITE OR THE CONTENT RESULTS IN THE NEED FOR SERVICING OR REPLACING EQUIPMENT OR DATA, NO THENA PARTY SHALL BE RESPONSIBLE FOR THOSE COSTS.
THE SITE AND CONTENT ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS WITHOUT ANY WARRANTIES OF ANY KIND. THE THENA PARTIES DISCLAIM ALL WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE WARRANTIES OF TITLE, MERCHANTABILITY, NONINFRINGEMENT OF THIRD PARTIES RIGHTS, AND FITNESS FOR PARTICULAR PURPOSE.
3.2 IN NO EVENT SHALL ANY THENA PARTY BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, INCIDENTAL AND CONSEQUENTIAL DAMAGES, LOST PROFITS, OR DAMAGES RESULTING FROM LOST DATA OR BUSINESS INTERRUPTION) RESULTING FROM THE USE OR INABILITY TO USE THE SITE AND THE CONTENT, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), OR ANY OTHER LEGAL THEORY, EVEN IF SUCH THENA PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
3.3 SOME STATES DO NOT ALLOW THE DISCLAIMER OR EXCLUSION OF CERTAIN WARRANTIES OR THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES. ACCORDINGLY, IN SUCH STATES, SOME OF THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU OR BE ENFORCEABLE WITH RESPECT TO YOU, AND THE LIABILITY OF THE THENA PARTIES SHALL BE LIMITED TO THE GREATEST EXTENT PERMITTED BY LAW.
3.4 IF YOU ARE FROM NEW JERSEY, THE FOREGOING SECTIONS 3.1 AND 3.2 AND SECTION 4 BELOW ARE INTENDED TO BE ONLY AS BROAD AS IS PERMITTED UNDER THE LAWS OF THE STATE OF NEW JERSEY. IF ANY PORTION OF THESE SECTIONS IS HELD TO BE INVALID UNDER THE LAWS OF THE STATE OF NEW JERSEY, THE INVALIDITY OF SUCH PORTION SHALL NOT AFFECT THE VALIDITY OF THE REMAINING PORTIONS OF THE APPLICABLE SECTIONS.
4.1 To the extent permitted under applicable law, you agree to defend, indemnify, and hold harmless the Thena Parties from and against any claims, actions or demands, including, without limitation, reasonable legal and accounting fees, arising or resulting from your breach of this Agreement or your access to, use or misuse of the Content or Site. Thena shall provide notice to you of any such claim, suit, or proceeding. Thena reserves the right to assume the exclusive defense and control of any matter which is subject to indemnification under this section. In such case, you agree to cooperate with any reasonable requests assisting Thena’s defense of such matter.
5.1 Thena reserves the right, in its sole discretion, to restrict, suspend, or terminate this Agreement and your access to all or any part of the Site or the Content at any time and for any reason without prior notice or liability. Thena reserves the right to change, suspend, or discontinue all or any part of the Site or the Content at any time without prior notice or liability.
5.2 Sections 2 (Use of the Site), 3 (Limitation of Liability and Warranty), 4 (Indemnification), 5 (Termination of Agreement), and 8 (Miscellaneous) shall survive the termination of this Agreement.
6.1 This Site is hosted in the United States. We make no claims concerning whether the Content may be downloaded, viewed, or be appropriate for use outside of the United States. If you access the Site or the Content from outside of the United States, you do so at your own risk. Whether inside or outside of the United States, you are solely responsible for ensuring compliance with the laws of your specific jurisdiction.
6.2 The United States controls the export of products and information. You expressly agree to comply with such restrictions and not to export or re-export any of the Content to countries or persons prohibited under the export control laws. By downloading the Content, you are expressly agreeing that you are not in a country where such export is prohibited or are a person or entity for which such export is prohibited. You are solely responsible for compliance with the laws of your specific jurisdiction regarding the import, export, or re-export of the Content.
7.1 This Agreement is governed by the internal substantive laws of the State of California, without respect to its conflict of laws provisions. You expressly agree to submit to the exclusive personal jurisdiction of the state and federal courts located in San Francisco, California. If any provision of this Agreement is found to be invalid by any court having competent jurisdiction, the invalidity of such provision shall not affect the validity of the remaining provisions of this Agreement, which shall remain in full force and effect. Failure of Thena to act on or enforce any provision of the Agreement shall not be construed as a waiver of that provision or any other provision in this Agreement. No waiver shall be effective against Thena unless made in writing, and no such waiver shall be construed as a waiver in any other or subsequent instance. Except as expressly agreed by Thena and you, this Agreement constitutes the entire Agreement between you and Thena with respect to the subject matter, and supercedes all previous or contemporaneous agreements, whether written or oral, between the parties with respect to the subject matter. The section headings are provided merely for convenience and shall not be given any legal import. You may not assign this Agreement without the prior written consent of Thena, but Thena may assign or transfer this Agreement, in whole or in part, without restriction. This Agreement will inure to the benefit of our successors, assigns, licensees, and sublicensees. Any information submitted or provided by you to the Site might be publicly accessible. Important and private information should be protected by you.
