Software as a Service Agreement

This Software as a Service Agreement (the “Agreement”) is between NetDocuments and the Customer, as outlined on an Order Form referencing this Agreement.

If Customer’s principal place of business stated above is: (a) in the North America, Central America, or South America, “NetDocuments” refers to NetDocuments Software, Inc., a Delaware corporation with offices at 2500 West Executive Parkway, Suite 300, Lehi, Utah 84043; (b) in the United Kingdom, European Economic Area, Africa, or the Middle East, “NetDocuments” refers to NetDocuments Limited registered in England and Wales with registered company number 7509508, with offices at 8th Floor South Reading Bridge House, George Street, Reading, England RG1 8LS; or (c) in Australia, New Zealand, or Asia, “NetDocuments” refers to NetDocuments Australia Pty Limited, with offices at Suite 503, Level 5, Grafton Bond Building, 201 Kent Street, Sydney 2000, NSW, Australia.

  1. Definitions
    1. “Access Software” means any software in object code form that is supplied by NetDocuments in conjunction with the Services and that installs and runs on Customer Systems, for example, ndOffice or mobile applications. NetDocuments’ support policy for Access Software is posted on the NetDocuments support site.
    2. “Administrative Contacts” means individuals designated by Customer to receive notices related to NetDocuments Services, including the operations and functionality thereof. Administrative Contacts will receive Digital Notice by email. Notice will also be posted on the NetDocuments support page.
    3. “Affiliates” means any entity that directly or indirectly controls, is controlled by, or is under common control with, Customer or NetDocuments.
    4. “Billing Date” means the date identified in the Order Form as the date NetDocuments will bill Customer for the Services.
    5. “Confidential Information” of a party means any information, technical data or trade secrets, relating to: product plans, Intellectual Property, products, services, customers, employees, documents, markets, software, developments, inventions, processes, designs, drawings, engineering, marketing, product pricing or financial information of the party, but excluding any information other than Personal Data that: (a) is obtained from a third-party free of any confidentiality obligation; (b) is in or enters the public domain without unauthorized disclosure in breach of this Agreement; (c) was in the Receiving Party’s possession prior to receiving it from the Disclosing Party; or (d) is developed by the Receiving Party without reference to the Disclosing Party’s Confidential Information. Customer’s Confidential Information includes the terms of this Agreement, Customer Data (including to the extent Customer volunteers Customer Data to NetDocuments in decrypted form for any purpose), and Personal Data. NetDocuments’ Confidential Information includes the terms of this Agreement, all Platform Data, and all non-public information regarding the Services.
    6. “Customer Data” means data residing on the ND Network that is uploaded or otherwise transmitted by or on behalf of any Service User, for the period of time such data is being stored or processed by the Services.
    7. “Customer Managed Storage Location” means a server not hosted by NetDocuments, where Customer can store Customer Data outside the ND Network including, for example, ndFlexStore or ndMirror. Customer’s use of Customer Managed Storage Locations is optional.
    8. “Customer Service Account” means the functionality of the Services that allows Administrative Contacts to manage Customer’s account. For example, Administrative Contacts can add Internal Users and External Users, create user groups, and set user and group permissions through the Customer Service Account.
    9. “Data Processing Addendum” means the document attached hereto as Exhibit A.
    10. “Digital Notice” means information provided by NetDocuments on the NetDocuments support webpage. Customers and Administrative Contacts may register on the support webpage to receive updates by email.
    11. “Documentation” means the official documentation related to the Services made generally available by NetDocuments, including instructions and specifications that describe components, features, requirements, or other aspects of the Services.
    12. “External User” means any person granted access to the all or part of a Service by an Internal User.
    13. “Help Desk Support” means support provided in connection with the Services by NetDocuments to the Customer as described in Section 2.6 and Exhibit B.
    14. “Intellectual Property” means existing and future rights and interests (registered or unregistered) applied for, granted, or otherwise existing anywhere in the world in and to patents, inventions, trademarks and service marks (including all goodwill therein), copyrights, copyrightable works, trade names, domain names, moral rights, trade secrets, know-how, proprietary information, designs, and all other intellectual, industrial, or proprietary rights, however arising and whether or not registered or issued.
    15. “Internal Users” are employees or subcontractors of Customer or a Customer Affiliate given an account in Customer’s repository by Customer’s administrators. Internal Users also include accounts created for use by other applications and integrations (including additional Services or third-party services that integrate with Services) for ongoing functionality or access to a Service, but not associated with a specific individual user. All employees or subcontractors of Customer or a Customer Affiliate who use the Services must be Internal Users and may not be External Users.
    16. “ND Network” means servers and infrastructure under the control of NetDocuments and used to host and operate the Services up to the boundary where such servers and infrastructure connect to the Internet. The ND Network does not include any Customer Managed Storage Locations.
    17. “Order Form” or “Order” means the form, regardless of name, title, format, or media, through and pursuant to which Customer subscribes to Services. Customer may have more than one Order Form.
    18. “Personal Data” means information relating to an identified or identifiable natural person and any information defined as such in the Data Processing Addendum.
    19. “Platform Data” means any data or statistics that are associated or generated in connection with use of the Services. NetDocuments may use Platform Data to analyze Customer performance and usage in order to provide or improve the Services. NetDocuments may use anonymized, aggregated Platform Data for benchmarking or other internal purposes, including generating reports regarding Service usage and customer data trends generally.
    20. “Professional Services” means any services provided by NetDocuments and described in a Statement of Work.
    21. “Services” means, as the case may be, the ND Network cloud-hosted content management software, the Access Software and any related services provided by NetDocuments, but excludes Professional Services.
    22. “Services Region” means the geographic location(s) specified in the relevant Order Form in which NetDocuments hosts the Services to which Customer subscribes.
    23. “Service Users” means Internal Users and External Users.
    24. “Statement of Work” means a document executed by Customer and NetDocuments that refers to this Agreement and describes Professional Services purchased by Customer and to be supplied by NetDocuments.
    25. “Subscription Fees” means the recurring fees for the Services specified in the Order Form.
    26. “Term” means, collectively, the Initial Term and any Renewal Term, as defined in the relevant Order Form.
    27. “Unauthorized Access” means: (a) unauthorized access, use, disclosure, alteration to Customer Data while it is residing on the ND Network by anyone other than a person using the login credentials of a Service User; or (b) access to Customer Data by NetDocuments’ personnel other than as permitted by this Agreement, or volunteered by Customer or a Service User.
  2. NetDocuments Services.
    1. Use of Access Software, Documentation, and Services. NetDocuments hereby grants to Customer during the Term a limited, non-exclusive, non-transferable (except as permitted by Section 12.6), non-sublicensable right for Service Users to (a) access and use the Services (b) install and run the Access Software; (c) store and print the Documentation for use with the Services;, in each case solely in accordance with the terms and conditions herein and all applicable laws, rules, and regulations.
    2. Use by Customer Affiliates. Customer may procure Services for its Affiliates. Customer shall be fully responsible for the use of and access to the Services or Documentation by its Affiliates and its Affiliates’ compliance with this Agreement. Customer agrees and shall ensure that any claim connected with this Agreement will be asserted only by Customer and not any of its Affiliates; provided, however, Customer may claim loss or damage incurred by its Affiliates as if such loss or damage were incurred by Customer.
    3. Use of Services by External Users. All employees or subcontractors of Customer or a Customer Affiliate who use the Services are and must be treated as Internal Users, not External Users. Customer may grant External Users access to the Services up to the number specified in the relevant Order Form. Customer shall be fully responsible for External Users’ use of the Services or Documentation and their compliance with this Agreement.
    4. Services Region. NetDocuments will store Customer Data in the Services Region specified in the Order Form and will not transfer or access Customer Data, except at Customer’s or a Service User’s direction, unless required by Law. For purposes of this Section, “transfer” shall not include (a) any transfer of or access to Customer Data on or through the Services in accordance with the digital instructions of a Services User (for example, using the sharing facilities of the Services ); or (b) use of the Services by Service Users outside of the Services Region if the Customer configures the Services to permit or not restrict such use.
    5. Security Specifications and Data Processing. NetDocuments shall implement and maintain appropriate industry standard administrative, physical, and technical safeguards to protect the confidentiality and integrity of Customer Data from Unauthorized Access using measures equal to or better than those of the ND Network Security document attached hereto as Exhibit C and the Data Processing Addendum attached hereto as Exhibit A (if and to the extent applicable).
    6. NetDocuments Services and Support Levels. NetDocuments shall provide Help Desk Support in accordance with the NetDocuments’ Service Levels and Support attached hereto as Exhibit B and the NetDocuments support policies posted on the NetDocuments support website.
    7. Retirement of Services or Features. NetDocuments will provide Customer with at least 6 months’ Digital Notice of material changes to or retirement of Services or features. The NetDocuments Services may change but its functionality will not materially decrease during the Term.
  3. Restrictions on Customer’s Use.
    1. Use Limited to Service Users. The Services and Documentation may only be accessed by Service Users. Customer and Service Users must not share login credentials with any other person.
    2. Business Purposes. Customer shall use the Services and Documentation only for its internal business purposes. Customer shall not transfer, copy, modify, sublicense, distribute, translate, disassemble, reverse engineer, decompile, frame, mirror, or resell the NetDocuments Services and Documentation internally or to any third party or use the NetDocuments Items for any purpose competitive to NetDocuments, or to interfere with or disrupt the integrity of the NetDocuments Items.
    3. Click-Through Terms of Service. If any Internal User is required to review and agree to NetDocuments Terms of Service before accessing the Services, such NetDocuments Terms of Service are of no effect with respect to such Internal Users and are superseded by the terms of this Agreement. External Users are required to accept NetDocuments Terms of Service before accessing the Services. The prevailing NetDocuments Terms of Service are located at Customer agrees it will cooperate with NetDocuments at NetDocuments’ reasonable request to enforce these terms against External Users.
    4. Compliance with Laws and Third-Party Rights. Customer shall not use any NetDocuments Items in any way that breaches the rights of any third party or violates any applicable law, rule, or regulation, including export control and data privacy laws. NetDocuments is not responsible for compliance with any law, rule, or regulation applicable to Customer, Customer Data, or Customer’s industry that are not generally applicable to information technology service providers. Without limiting the foregoing, Customer shall not use the Services to store or transmit unlawful content, except as such may be required in its role as a professional service provider, in which case Customer will ensure that any use of the Services to store or process such content is appropriate under the circumstances, lawful, restricted to only necessary Service Users, and removed at the earliest opportunity.
  4. Customer Responsibilities.
    1. Customer System Requirements. Customer shall provide, configure and maintain: (a) all hardware and client-side software necessary to use the Services and deploy the selected Access Software; (b) Internet access; (c) software not provided by NetDocuments that is required to access the Services in addition to the Access Software (for example, a compatible Internet browser); and, if applicable, (d) Customer Managed Storage Locations (collectively “Customer Systems”). Customer is responsible for ensuring Customer Systems provide sufficient capacity, performance and connectivity and meet the service levels recommended by NetDocuments. Customer will maintain appropriate security and protection of the devices accessing the NetDocuments Service.
    2. Help Desk Support. NetDocuments will provide Help Desk Support as provided in Exhibit B. Help Desk Support may be provided by NetDocuments’ personnel or subcontractors in regions other than Customer’s Service Region. Customer is responsible for any and all Customer Data shared as a result of its initiation of Help Desk Support and will ensure that Customer Data is shared in conformity with any Customer or client policies or laws, rules, or regulations that may apply to Customer Data. NetDocuments will not be liable for any Customer Data shared by Customer or its Service Users in violation of any policy or law, rule, or regulation applicable to Customer Data.
    3. Third-Party Applications. NetDocuments enables select third parties to provide a service or software (“Third-Party Applications”) that integrates with one or more NetDocuments Services. NETDOCUMENTS MAKES NO WARRANTIES REGARDING ANY THIRD-PARTY APPLICATION, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTY THAT ANY THIRD-PARTY APPLICATION WILL (A) REMAIN AVAILABLE THROUGHOUT THE TERM; (B) BE ERROR FREE OR RUN UNINTERRUPTED; (C) OFFER ANY PARTICULAR FEATURES OR PERFORMANCE OR (D) MEET CUSTOMER’S NEEDS. ALL THIRD-PARTY APPLICATIONS ARE PROVIDED “AS-IS” AND ANY REPRESENTATION OR WARRANTY OF OR CONCERNING ANY THIRD-PARTY APPLICATION IS STRICTLY BETWEEN CUSTOMER AND THE THIRD-PARTY OWNER OR DISTRIBUTOR OF THE THIRD-PARTY APPLICATION. A limited selection of Third-Party Applications may be offered by NetDocuments as additional Services, as evidenced by their inclusion on an Order Form or their selection using the Customer Service Account subject to additional Subscription Fees. Other Third-Party Applications require a separate contract (for which NetDocuments will have no responsibility) between Customer and the third-party supplier.
    4. NetDocuments’ Application Programming Interface. The Services do not include access to NetDocuments’ application programming interface (“API”). Customer acknowledges and agrees if NetDocuments grants Customer access to NetDocuments’ API, Customer will be solely responsible for use of the API in accordance with the terms of this Agreement and Customer may not share its API access with any third party. Any access to NetDocuments’ API may be subject to additional terms and conditions, at NetDocuments’ discretion.
  5. Intellectual Property and Related Rights.
    1. NetDocuments Intellectual Property. NetDocuments or its licensors own all right, title, and interest in and to Intellectual Property in the NetDocuments Items, Platform Data, and other proprietary rights and interests comprising and used to support and operate the Services. Customer has no rights in or to such Intellectual Property except as expressly set forth in this Agreement. NetDocuments expressly reserves all other rights.
    2. Customer Data.
      1. NetDocuments disclaims ownership of Intellectual Property rights in Customer Data. Customer hereby grants NetDocuments a limited, free of charge, non-exclusive, non-transferable (except in accordance with Section 12.6), non-sublicensable (except as necessary to provide Third-Party Applications in accordance with Section 4.3) license to store, copy, and process Customer Data in order to provide the Services.
      2. NetDocuments shall not use, disclose or access Customer Data other than (a) to provide the Services and perform the obligations contemplated in this Agreement (including Professional Services, if applicable); (b) as required to facilitate Third-Party Applications in accordance with Section 4.3; (c) as requested or volunteered by Customer or a Service User in connection with Help Desk Support; or (d) as required to comply with a legal demand in accordance with Section 6.2.
      3. The license and obligations pursuant to this Section 5.2.2 will survive the termination or expiration of this Agreement until Customer Data is no longer on the ND Network.
  6. Confidential Information.
    1. Protection. During the Term each party (“Receiving Party”) may receive Confidential Information from the other party (“Disclosing Party”). During the Term and indefinitely thereafter, as long as the Confidential Information is held, the Receiving Party shall protect any Confidential Information received from the Disclosing Party by exercising the same degree of care it uses to protect its own information of like importance from unauthorized use or disclosure, but in no event less than a reasonable degree of care.
    2. Permitted Use and Disclosure. Receiving Party may only use Disclosing Party’s Confidential Information for purposes in connection with this Agreement or as expressly authorized by this Agreement. Receiving Party shall not disclose Disclosing Party’s Confidential Information to any third party, without the prior written consent of the Disclosing Party, except in the following circumstances: (a) to its employees or authorized agents or independent contractors to the extent necessary for them to perform the Receiving Party’s obligations in this Agreement; (b) in confidence, to legal counsel, accountants, banks, and financing sources and their advisors or in connection with an actual or proposed merger, acquisition, or similar transaction; (c) in connection with the enforcement of this Agreement; or (d) in order to comply with Law or a court order (it being understood that such disclosure may include Customer Data, in the case of NetDocuments) provided that to the extent legally permissible the Receiving Party gives the Disclosing Party prior notice of such compelled disclosure and reasonable assistance, at the Disclosing Party's expense, if the Disclosing Party seeks to contest such disclosure.
    3. Protection of Personal Data. To the extent that Customer Data is subject to EU Data Protection Legislation, each party shall comply with the obligations in the Data Processing Addendum attached as Exhibit A to this Agreement with regard to processing Customer Data. NetDocuments shall only process Personal Data given to NetDocuments outside the Services as permitted by applicable law and to the extent necessary for the following purposes: (a) providing the NetDocuments Services; (b) developing and maintaining NetDocuments’ relationship with Customer’s vendor management contacts; (c) billing and invoicing; (d) compliance with quality control and risk management procedures; (e) security-related processing (for example, automated scanning of incoming and outgoing emails for viruses); (f) complying with legal and regulatory obligations; and (g) establishing, exercising and defending legal claims.
  7. Term and Termination.
    1. Term. The Term of this Agreement will commence on the Effective Date and will continue until the expiration or termination of all Order Forms, Statements of Work, and Transition Periods governed by this Agreement, unless earlier terminated in accordance with the terms herein. Notwithstanding anything to the contrary, unless the parties mutually execute a new agreement, if any Order Form or Statement of Work is executed by the parties, or if NetDocuments, at Customer’s election, continues to provide Services or Professional Services to Customer after the expiration or termination of this Agreement, then this Agreement shall govern all such Services or Professional Services and shall remain in effect until all Order Forms, Statements of Work, and Transition Periods have been completed.
    2. Termination for Breach. A party may terminate this Agreement, any Order Form, or any Statement of Work by giving notice (specifying the grounds for such notice in reasonable detail) to the other party, if the other party: (a) materially breaches any obligations under this Agreement or any Order Form; (b) files a voluntary petition in bankruptcy or has an involuntary petition in bankruptcy filed against it; or (c) is declared insolvent, makes an assignment for the benefit of creditors, appoints or has appointed a receiver, conservator, or trustee to operate its business, or liquidates all or substantially all of its business assets, or the equivalent of any of the foregoing. Termination for breach of a material obligation under this Section 7.2(a) will take effect: (y) immediately, if the breach cannot be cured; or (z) on the 31st day following receipt of notice from the non-breaching party, unless the breaching party corrects the stated breaches within the first 30 days following receipt of notice. Without limiting the foregoing, NetDocuments may suspend or limit Customer’s access to the Services, in whole or in part, in the event of Customer’s breach of this Agreement, including payment obligations hereunder until such time as Customer remedies the breach. Except as necessary to mitigate serious security risks, NetDocuments shall give Customer not less than 14 days’ notice (in addition to any other notice required by this Section 7.2) specifically referring to the threat of suspension and shall provide Customer the opportunity to remedy the breach in that period before exercising its right to suspend or limit Services.
    3. Transition Period. If NetDocuments or Customer provides notice of termination of this Agreement, Customer may elect to continue using the NetDocuments Items for a period of up to 6 months from the notified end date (the “Transition Period”) provided Customer: (a) is not in breach of its obligations under this Agreement on the date of the notice of termination nor thereafter during the Transition Period; (b) is current on its Subscription Fee payments under this Agreement, and (c) prepays the Subscription Fee for the Transition Period within 10 days of its election to establish a Transition Period. The continuation of the Services during the Transition Period shall not constitute a waiver by any non-defaulting party of its claims against a defaulting party hereunder. If Customer elects the continuation of the Services pursuant to this Section, the parties agree that their respective rights and obligations under this Agreement shall continue in force until the conclusion of the Transition Period.
    4. Removal of Customer Data. Customer shall ensure that all Customer Data is removed from the ND Network before the end of the Term or any applicable Transition Period. To the extent any Customer Data remains on the ND Network 30 days after the termination or expiration of this Agreement (including any applicable Transition Period) NetDocuments may: (a) delete and permanently destroy all Customer Data stored on the ND Network; or (b) at Customer’s request, charge Customer for the continued storage of Customer Data at a rate equal to the Subscription Fees previously applicable to the relevant Order Form(s).
    5. Cessation of Services. Upon termination or expiration of this Agreement and the end of any applicable Transition Period, NetDocuments will discontinue Customer’s access to the Services, and Customer will immediately delete all copies of the Access Software from Customer Systems.
    6. Australian Protection. This Section 7.6. applies only if Customer is domiciled in Australia. Despite any other provision to the contrary in this Agreement, to the extent that section 415D, 434J or 451E of the Australian Corporations Act (each, an “ACA Section”) applies to any right in this Agreement (“Right”), the Right must not be enforced to that extent only during the period prescribed by the ACA Section, any extended period ordered by a court and at any other time required by the ACA Section (except, for the avoidance of doubt, to the extent that the ACA Section does not apply to the Right, contract, agreement or arrangement in this Agreement including (without limitation) as a result of any court order, any regulation or declaration that relates to the ACA Section or any other provision in Chapter 5 of the Corporations Act). This provision does not affect any other enforcement of the Right or the enforcement of any other right.
  8. Fees and Payment.
    1. Disputed Amounts. If Customer disputes any invoice, Customer shall notify NetDocuments of the disputed portion within 30 days of the invoice date and pay the undisputed portion as provided in Section 8.1. The parties will cooperate in good faith to resolve the dispute promptly.
    2. Costs of Collection. In the event Customer fails to pay NetDocuments any amounts due under this Agreement, Customer will pay all costs of collection, including reasonable attorney fees and legal expenses incurred by NetDocuments.
    3. Sales, Use, and Other Taxes. Customer shall pay taxes (including sales or use taxes, value added taxes, and stamp taxes), fees, tariffs, duties, or other similar levies required by Law, except taxes based on NetDocuments’ income and employment-related taxes. Except as expressly and specifically set out in an Order Form (and subject to instructions in the Order Form relating to the administration, procedures, and requirement for documentary evidence as NetDocuments may require to lawfully minimize the withholding and obtain acknowledgement from any taxing authority for the withholding) Customer shall (a) pay invoices without withholding for any taxes or other levies imposed by any taxing authority or (b) pay amounts in addition to the amounts invoiced so that the net amount received by NetDocuments, after any tax or levy charged or withheld, equals the amount invoiced.
  9. Representations and Warranties.
    1. Right to Enter into Agreement. Each party represents that: (a) it is validly formed and in good standing in the jurisdiction in which it is formed; (b) it has the legal right and all requisite power and authority to enter into this Agreement and to execute, deliver, and perform its obligations under this Agreement; and (c) the execution, delivery, and performance of this Agreement has been duly authorized by all necessary organizational action of such party, and when executed and delivered by both parties, this Agreement will constitute a legal, valid, and binding obligation of such party, enforceable against such party in accordance with its terms and conditions and will not violate or constitute a breach of any agreement binding upon such party.
    2. Additional NetDocuments Warranties. NetDocuments represents that it has the legal right to provide the Services. NetDocuments shall perform the Services and the Professional Services using the care and skill to be expected of a professional and competent service provider in accordance with good industry practice.
    3. Additional Customer Warranties. Customer represents, warrants, and covenants that it has, and during the Term and any Transition Period will at all times have, the legal right to possess, store, and transmit the Customer Data using the Services.
  10. Limitation of Liability.
    4. Exceptions. Notwithstanding the foregoing, nothing in this Agreement excludes or limits a party’s liability for (a) death or personal injury to the extent caused by a party’s negligence; (b) that party’s fraud or fraudulent statements; or (c) any liability for which the governing law of this Agreement prohibits the exclusion or limitation of liability. This Section 10 in no way limits Customer’s liability for Subscription Fees owed pursuant to this Agreement.
    5. Australian Consumer Law. This Section 10.5. applies only if Customer is domiciled in Australia. Nothing in this Agreement shall be read or applied so as to exclude, restrict or modify or have the effect of excluding, restricting or modifying any condition, warranty, guarantee, right or remedy implied by the Australian Consumer Law (“ACL”) and which by law cannot be excluded, restricted or modified.
      1. NetDocuments’ Services come with guarantees that cannot be excluded under the ACL. For major failures with the Services, Customer may be entitled:
        1. to terminate this Agreement with NetDocuments; and
        2. to a refund of Subscription Fees for any unused portion of the Services occurring after the termination, or to compensation for its reduced value in accordance with Exhibit B of this Agreement.
      2. Customer is also entitled to be compensated for any other reasonably foreseeable loss or damage, subject to the limitations of liability in Sections 10.1. and 10.2. If the failure does not amount to a major failure Customer is entitled to have problems with the Services rectified in a reasonable time and, if this is not done, to terminate this Agreement and obtain a refund of Subscription Fees for any unused portion of the Services occurring after the termination.
  11. Indemnification.
    1. Indemnification by NetDocuments. NetDocuments shall indemnify and defend Customer and its directors, officers, and employees from and against losses, damages, judgments, and expenses, including attorney fees, arising out of a claim, suit, action, or proceeding brought by a third party to the extent arising from an allegation that the Services, when used in accordance with this Agreement, infringe the Intellectual Property rights of any third party. NetDocuments will not be obligated to indemnify Customer to the extent that any claim of infringement arises from: (a) the combination, operation, or use of any Services with equipment, devices, or software not supplied by NetDocuments, to the extent such claims could have been avoided if the Services had not been so combined, operated, or used; (b) Customer’s breach of this Agreement or Law; and (c) alterations or modifications to the Services which are not performed by NetDocuments, to the extent such claims could have been avoided if the Services had not been so altered or modified.
    2. Indemnification by Customer. Customer will indemnify and defend NetDocuments and its directors, officers, and employees from and against losses, damages, judgments, and expenses, including attorney fees, arising out of a claim, suit, action, or proceeding by a third party to the extent arising from an allegation that: (a) Customer Data violates Law or the rights of any third party, including Intellectual Property rights, or (b) that Customer does not have the legal right to possess Customer Data or transmit it to NetDocuments or the Services.
    3. Indemnification Procedures. Upon an event giving rise to a claim under this Section 11, the party claiming the right to indemnification (the “Indemnified Party”) shall:
      1. promptly notify the other party (the “Indemnifying Party”) of any circumstances the Indemnified Party believes may result in a claim for indemnification (provided that the indemnifying party shall not be relieved of any indemnification obligations except to the extent it is materially prejudiced as a result of the Indemnified Party’s failure to provide prompt notice); and
      2. cooperate with and take all reasonable steps requested by the Indemnifying Party to allow the Indemnifying Party to control the defense and settlement of claims subject to indemnification with counsel selected in the Indemnifying Party’s discretion. The Indemnified Party may participate in the defense with its own counsel and at its sole cost. The Indemnifying Party shall not settle a claim that imposes obligations on, or restricts the operations of, the Indemnified Party without the written consent of the Indemnified Party, which consent must not be unreasonably withheld, conditioned, or delayed.
  12. General.
    1. Export Compliance. Customer acknowledges that NetDocuments’ Service is subject to U.S., foreign, and international export control, import, and economic sanctions laws and regulations and agrees to comply with all such applicable laws and regulations, including, but not limited to, the U.S. Export Administration Regulations (EAR, 15 C.F.R. Parts 730-774) and regulations administered by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC, 31 C.F.R. § 500, et seq.). Customer hereby agrees that it will not, under any circumstances, engage in any activities during the course of its engagement with NetDocuments that could cause NetDocuments to violate any applicable law or regulation. Customer specifically agrees that it will not, directly or indirectly, export, reexport, transfer (in-country), sell, lease, or supply, or allow any other access to or use of the Services to, in, by, or for any country/region subject to U.S. embargo or sanctions, any U.S. denied or sanctioned person, or any prohibited end-use under U.S. law without authorization from the U.S. government and prior written approval from NetDocuments.
      Without limiting the generality of the foregoing, Customer represents and warrants that neither it nor its employees, board members, consultants, affiliates, suppliers, or subcontractors are subject to U.S. sanctions or other export restrictions, including, but not limited to, being (1) identified on or in the U.S. Department of Commerce’s Denied Persons List, Unverified List, or Entity List; the U.S. Department of State’s Non-Proliferation Sanctions Determinations; or OFAC’s Specially Designated Nationals List, Foreign Sanctions Evaders List, or Sectoral Sanctions Identifications List; (2) directly or indirectly 50 percent or more owned, in the aggregate, by individuals/entities sanctioned by OFAC; (3) designated or blocked pursuant to sanctions- or export-related U.S. Executive Orders; (4) located or ordinarily resident in a country/region subject to U.S. embargo or sanctions; or (5) an official, employee, agent, or contractor of, or directly or indirectly acting or purporting to act for or on behalf of, a government (including any political subdivision, agency, or instrumentality thereof or any person directly or indirectly owned or controlled by the foregoing) or political party subject to U.S. embargo or sanctions or any other entity in an embargoed/sanctioned country or region or subject to U.S. embargo or sanctions.
      Customer is required to immediately notify NetDocuments in writing if there is any change that impacts the accuracy of any representation or other information in this clause. Notwithstanding any other provision in this Agreement, NetDocuments shall have the right to terminate this Agreement or discontinue performance immediately and without penalty upon the determination by NetDocuments, in NetDocuments’s sole discretion, that Customer has breached, intends to breach, or insists upon breaching any of the provisions in this clause; or if NetDocuments deems such cessation necessary, in its sole discretion, to ensure compliance with U.S. law.
    2. Common Subcontractors. NetDocuments may subcontract any part of its obligations under this Agreement that is common to and subcontracted for other NetDocuments’ customers (such subcontractors referred to as “Common Subcontractors”). NetDocuments may change or appoint new Common Subcontractors from time to time during the Term, and NetDocuments will give Customer Digital Notice of material changes or additions to Common Subcontractors.
    3. Force Majeure. Except for Customer’s payment obligations hereunder, neither party will be liable for failure or delay to perform under this Agreement if such failure or delay is caused by the occurrence of any contingency beyond its reasonable control (a “Force Majeure Event”), including, but not limited to, widespread Internet outage, industrial disturbance, denial of service attack, war, act of terrorism, insurrection, multi-day power outage, acts of God or acts of civil or military authority. A Force Majeure Event also includes a temporary suspension of the Services at any time NetDocuments reasonably believes such suspension is necessary in response to a perceived threat to the Services, ND Network, or Customer Data. A party experiencing a Force Majeure Event shall notify the other party promptly and shall resume performance as soon as practicable under the circumstances.
    4. Relationship of the Parties. The parties are independent contractors, and neither will at any time be considered, or represent itself to be, an agent, employee, associate, or joint venture party of the other.
    5. Notices. Any notice must be in writing and will be deemed given as follows: (a) if by personal delivery, on the date of receipt by the intended recipient; or (b) if by private courier or certified postage prepaid and return receipt requested, on the date of first attempted delivery to the intended recipient’s last known address. All notices must be sent to the address of the intended recipient listed in the preamble to this Agreement. Each party shall provide the other party with timely notice of any change in its address to which notices must be sent. Notwithstanding the foregoing, Administrative Contacts will receive Digital Notice by email and NetDocuments may also post notice on the NetDocuments support website.
    6. Assignment. Neither party may assign or otherwise transfer any of its rights or obligations under this Agreement without the prior written consent of the other party, which must not be unreasonably withheld, conditioned, or delayed. Notwithstanding the foregoing, either party may assign its rights and obligations under this Agreement without prior consent to any successor entity in the event of such party’s transfer of all or substantially all of its assets or stock, merger, spin-off, consolidation, reorganization or other business combination or change of control, so long as the assigning party provides notice thereof to the other party. Subject to the foregoing, this Agreement will be binding upon and inure to the benefit of the parties, their successors, and their permitted assigns.
    7. No Third-Party Beneficiaries. The provisions of the Agreement are only for reliance upon and the benefit of Customer and NetDocuments and its licensors and confer no rights or remedies on any other person or entity.
    8. Waiver/Amendment. Neither this Agreement nor any of its provisions may be waived, amended, or otherwise modified, except by a written instrument signed by both parties. Except as otherwise set forth in this Agreement, no failure to exercise, or delay in exercising, ant right, remedy, power, or privilege arising from this Agreement will operate or be construed as a waiver thereof; nor shall any single or partial exercise of any right, remedy, power, or privilege hereunder preclude any other or further exercise thereof or the exercise of any other right, remedy, power, or privilege.
    9. Announcements of Agreement. NetDocuments shall be permitted to use Customer’s name or logo to identify the existence of Customer as a customer of NetDocuments in marketing content or in any media interview without Customer’s written consent, provided that such reference to Customer is included with at least several other similar references and is given no more prominence than such other references, and subject to compliance with any written branding or trademark usage guidelines provided to NetDocuments.
    10. Counterparts. This Agreement may be executed in any number of counterparts which may be delivered as a .pdf attached to email or by digital or electronic signature, and each counterpart so executed and delivered will be deemed an original, all of which together will constitute one instrument.
    11. Governing Law, Venue, and Jurisdiction. This Agreement shall be governed by and construed in accordance with the laws as set forth below, without giving effect to conflict of law or choice of law principles. Any and all actions, suits or judicial proceedings upon any claim arising from or relating to this Agreement shall be instituted and maintained in the city, state, territory, or province as applicable.
      1. If Customer is domiciled in the North America, Central America, or South America, governing law is the law of the State of Utah;
      2. If Customer is domiciled in the United Kingdom, European Economic Areas, Africa, or the Middle East, governing law is the law of England and Wales;
      3. If Customer is domiciled in Australia, New Zealand, or Asia, governing law is the law of Australia.
        This Agreement expressly excludes the provisions of the Contracts (Rights of Third Parties) Act 1999 and any amendment thereto.
    12. Dispute Resolution. In the event of a dispute arising out of or relating to this Agreement, any Order Form, or Statement of Work the parties agree that they will attempt to resolve the dispute informally. If a dispute is not resolved within 90 days, any resulting legal actions (except for actions to collect amounts owed NetDocuments under this Agreement) shall be resolved through final and binding arbitration.
      If Customer’s principal place of business stated in the preamble to this Agreement is in North America, Central America, or South America, the Parties agree that arbitration shall be conducted in accordance with the Commercial Arbitration Rules (the “Rules”) of the American Arbitration Association (the “AAA”) in effect at the time of the arbitration. All fees and expenses of the arbitration, excluding a transcript, shall be borne equally by the parties. Each party will pay for the fees and expenses of its own attorneys, experts, witnesses, and preparation and presentation of proofs and post-hearing briefs. The arbitration will be conducted in Salt Lake City, Utah.
      If Customer’s principal place of business as stated in the preamble to this Agreement is in the United Kingdom, European Economic Area, Africa, or the Middle East, arbitration shall be conducted by the Centre for Effective Dispute Resolution in London, England.
      If Customer’s principal place of business as stated in the preamble to this Agreement is in Australia, New Zealand, or Asia, arbitration shall be conducted by the Australian Disputes Centre in Sydney, New South Wales, Australia.
      Judgment may be entered on the arbitrator’s award in any court having jurisdiction.
      This clause does not prevent either party from applying for injunctive remedies.
    13. Equitable Remedies. Customer acknowledges and agrees that a breach or threatened breach by Customer of any of its obligations under Section 5 would cause NetDocuments irreparable harm for which monetary damages would not be an adequate remedy and that, in the event of such breach or threatened breach, NetDocuments will be entitled to equitable relief, including a restraining order, and injunction, specific performance, and any other relief that may be available from any court, without any requirements to post a bond or other security, or to prove actual damages or that monetary damages are not an adequate remedy. Such remedies are not exclusive and are in addition to all other remedies that may be available at law, in equity, or otherwise.
    14. Severability. If any provision of this Agreement is held to be unenforceable or invalid by any court of competent jurisdiction, the validity and enforceability of the remaining provisions of this Agreement will not be affected and that provision is to be construed either by modifying it to the minimum extent necessary to make it enforceable (if permitted by law) or disregarding it (if not).
    15. Survival. Any provision of this Agreement that by its nature extend beyond the expiration or termination of this Agreement, including accrued rights to payment, use restrictions, indemnity obligations, confidentiality obligations, warranty disclaimers, and limitations of liability, will remain in effect until all obligations are satisfied in accordance with their terms.
    16. Services by Third Parties. If Customer engages a person or entity other than NetDocuments to provide professional or other services related to the Services or Customer Data including data conversion, training, installation, application integration, NetDocuments will have no liability for the acts or omissions of such person or entity.
    17. Entire Agreement; Order of Precedence. This Agreement, including any Exhibits, constitutes the entire understanding and agreement of the parties relating its subject matter, and supersedes all prior agreements and understandings, whether written or oral. In the event of a conflict between this Agreement and any Exhibit, Order Form, or Statement of Work then the terms shall control in accordance with the following order of priority, unless otherwise stated: first, the terms in the Order Form; second, the terms in an Exhibit to this Agreement, to the extent conflicting with terms in the body of this Agreement; third, the terms in the body of this Agreement; and fourth, the terms in a Statement of Work.
    18. Purchase Orders. Any purchase order or other document issued or delivered to NetDocuments in connection with Customer’s subscription to the Services is only for Customer’s administrative purposes. No terms and conditions of any purchase order or other ordering document will apply to, or be binding upon, NetDocuments. Preprinted, standard, or posted terms and conditions in any media (including terms where acquiescence, approval, or agreement requires a mouse click or an electronic signature) shall not be effective, incorporated into, nor construed to amend the terms of this Agreement.
    19. Interpretation. For all purposes of this Agreement, except as otherwise expressly provided: (a) the terms defined herein include the plural as well as the singular and vice versa; (b) any section of this Agreement that specifies a restriction or states that a Customer shall not do something is to be interpreted as an obligation to prevent Customer’s Affiliates, Service Users, and third parties under Customer’s control from breaching the same; (c) any reference to an “Exhibit” or a “Section” refers to an Exhibit, or a Section, as the case may be, of this Agreement; (d) the Exhibits hereto form part of this Agreement; (e) all references to this Agreement and the words “herein”, “hereof”, “hereto” and “hereunder” and other words of similar import refer to this Agreement as a whole and not to any particular Exhibit, Section, or other subdivision; (f) all Section and Exhibit headings are for convenience only and shall not affect the interpretation or construction of this Agreement; (g) the words “including,” “included” and “includes” mean inclusion without limitation do not limit the generality of the statements they qualify; (h) the word “or” is not exclusive and shall have the meaning commonly ascribed to the term “and/or;” and (i) this Agreement has been jointly negotiated by the parties hereto and their respective legal counsel, and any legal or equitable principles that might require or permit the construction of this Agreement or any provision hereof against the party drafting this Agreement shall not apply in any construction or interpretation of this Agreement.

Exhibit A—Data Processing Addendum

  1. Definitions.
    1. Except as expressly stated in this Section 1, words and phrases defined in that certain Software as a Service Agreement (the “Agreement”) to which this Data Processing Addendum is attached have the same meaning in this Exhibit.
    2. “Compliant Jurisdiction” means (i) the United Kingdom, or (ii) a country within the European Economic Area, or (iii) a country with the benefit of a favorable adequacy decision under Article 45 of Regulation (EU) 2016/679.
    3. “EU Data Protection Legislation” means Regulation (EU) 2016/679 (commonly known as the General Data Protection Regulation) as amended from time to time.
    4. References to “Controller,” “Data Subject,” “Personal Data,” “Data Breach,” “Processor,” “Processing,” and “Supervisory Authority” have the meanings defined in the EU Data Protection Legislation. References to “Sub-Processor” mean another processor appointed by a processor.
  2. Status of This Exhibit.
    1. This Exhibit supplements the terms of the Agreement. It forms part of the Agreement.
    2. This Exhibit applies only to Customer Data that includes (or might potentially include) Personal Data in circumstances where the Processing of that Personal Data is subject to EU Data Protection Legislation.
    3. If this Exhibit is inconsistent with any other provisions of the Agreement, the parties intend that the provisions of this Exhibit should prevail to the extent of such inconsistency.
  3. EU Data Protection Legislation.
    1. For all Personal Data provided to NetDocuments by or on behalf of Customer for Processing under the Agreement, the parties intend that Customer is the Controller and NetDocuments is the Processor of the Personal Data.
    2. Except for (i) login details of Service Users; and (ii) Customer Data that happens to include Personal Data and is supplied to NetDocuments personnel by Customer in a manner other than by uploading it or otherwise transmitting it as Customer Data to the Services (there being no obligation or expectation of such supply), NetDocuments represents and Customer agrees as follows:
      1. Customer Data is Processed by NetDocuments using encryption methods that render the Customer Data unintelligible to NetDocuments personnel and any software other than for the normal operation of the Services;
      2. even if the Customer uses the features of the Service to identify Customer Data that contains Personal Data, such attributes of Customer Data are unintelligible to NetDocuments personnel;
      3. NetDocuments is therefore unable to:
        1. ascertain whether Customer Data includes Personal Data (and NetDocuments therefore treats all Customer Data as if it might include Personal Data);
        2. ascertain whether Customer Data includes any special categories of Personal Data (and NetDocuments will not treat any such Customer Data any differently);
        3. ascertain whether the Services are used by Service Users to Process Personal Data outside the European Economic Area;
        4. determine when Personal Data ought to be deleted or when Processing of Personal Data ought to cease;
        5. take any steps to comply with the rights of Data Subjects for access to Personal Data, rectification or erasure of Personal Data, data portability, rights to be forgotten, or to act upon any notices from Data Subjects; or
        6. keep a record of Processing with any greater information than that which is required to be kept by NetDocuments pursuant to the Agreement and this Exhibit.
      4. Subject to the foregoing limitations, and to the extent NetDocuments is able to, NetDocuments will:
        1. Process the Personal Data only on documented instructions from the Customer, including with regard to transfers of Personal Data to a third country or an international organisation, unless required to do so by European Union law or the laws of a member state of the European Union to which NetDocuments is subject. In that case, NetDocuments shall inform the Customer of that legal requirement before Processing, unless that law prohibits such information on important grounds of public interest;
        2. ensure that persons authorised to Process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
        3. take all measures and implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons;
        4. if there is a Personal Data breach in relation to any Customer Data, notify the Customer without undue delay and, where practicable, within 48 hours and thereafter assist the Customer with its obligations to notify the Personal Data breach to a supervisory authority;
        5. provide the Customer with reasonable assistance to undertake data protection impact assessments in relation to Processing of Personal Data pursuant to the Agreement and reasonable assistance requested by Customer in relation to any consultation with a supervisory authority that the Customer carries out in relation to such assessment, provided Customer bears the cost of NetDocuments preparing data protection impact assessments for the Customer or providing reasonable assistance in consultation with a supervisory authority;
        6. at the choice of the Customer, securely delete or enable Customer to download all Customer Data (and thereby ensure the deletion or return of all Personal Data) to the Customer after the end of the Services as described in the Agreement;
        7. make available to the Customer its standard Due Diligence Response (DDR) package which contains all information necessary to demonstrate compliance with the obligations in this section 3. Additionally, NetDocuments will allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer, provided Customer bears the cost of the audit and auditors; and
        8. immediately notify the Customer if, in NetDocuments’ opinion, an instruction infringes Data Protection Legislation.
  4. Protection of Personal Data.
    1. If the Customer uses the Services to Process any Customer Data that includes Personal Data in circumstances where the Processing of that Personal Data is subject to EU Data Protection Legislation, for the purpose of ensuring adequacy as required by Article 45 of GDPR:
      1. at the date of this Addendum, NetDocuments is certified with the Privacy Shield Framework (see;
      2. NetDocuments shall use commercially reasonable efforts to remain certified with the Privacy Shield Framework for so long as the scheme continues and is generally recognized as satisfying the requirements of Article 45 of the EU Data Protection Legislation; and
      3. NetDocuments shall, upon request by Customer, execute in favor of the Customer Standard Contractual Clauses recognized by GDPR.

Exhibit B—NetDocuments Service Levels and Support

  1. Definitions.
    1. “Downtime” is any period during which Customer is unable to access or use a Service as a result of a Service Outage but excludes periods of Network Maintenance and Force Majeure Events.
    2. “Maintenance Window” means periods of time when NetDocuments is performing scheduled Network Maintenance.
    3. “Network Maintenance” means work on the ND Network to facilitate ongoing operations, including updates to the Services. Scheduled Network Maintenance will take place during Maintenance Windows. Emergency Network Maintenance may take place any time NetDocuments’ reasonably perceives a threat to the ND Network or the Services. The Services may not be available during periods of Network Maintenance.
    4. “Services Availability” or “Uptime” for any 12-month period shall be the percentage determined by dividing (a) the net of the total number of minutes per year minus the total number of minutes of Downtime per year by (b) the total the number of minutes per year.
    5. “Services Outage” means a period of time in which the ND Network is generally inaccessible to customers due to failures of the ND Network. Network Maintenance, Force Majeure Events, and failure of Customer Systems, including connectivity between Customer Systems and the Internet, are not Service Outages.
  2. Services Availability. NetDocuments shall endeavor to maintain a 99.9% Services Availability per year, subject to Network Maintenance. NetDocuments will monitor Service Availability and will make Service Availability metrics available to Customer via the NetDocuments Trust website or a similar function. If Customer experiences what it believes is a Service Outage, Customer shall promptly notify Help Desk Support using the procedures described in Section 5 of this Exhibit. In the event of a Service Outage, NetDocuments shall restore the respective Service as soon as practical under the circumstances. NetDocuments shall use commercially reasonable efforts to provide Digital Notice of the status of the Service and correct issues and interruptions to the Services.
  3. Maintenance Windows. Except for emergency Network Maintenance, NetDocuments will use reasonable efforts provide 10 days’ notice of Maintenance Windows. Digital Notice will be provided, and the date and time of the Maintenance Window will be posted on the NetDocuments support webpage. Whenever possible, Maintenance Windows will be outside of business hours in Customer’s Service Region.
  4. Credits for Service Outages.
    1. Eligibility for Service Credits. To be eligible for Service Outage Credits (as defined below), Customer must: (a) be in compliance with its obligations under the Agreement, including obligations regarding Customer Systems; and (b) log a report through the NetDocuments support website. The date/time stamp on the logged report through the NetDocuments support website reporting any Service Outage will be used as the commencement time for the calculation of any Service Outage Credits due. NetDocuments will post on the NetDocuments support website a date/time stamp verifying the end time of the Service Outage.
    2. Service Credits. If Service Outages reported by Customer and confirmed by NetDocuments during any calendar year during the Term result in Service Availability of a Service falling below 99.9% on an annualized basis in such calendar year (the “Service Credit Threshold”), NetDocuments shall provide “Service Outage Credits” as follows with respect to such Service: All Service Outages incidents logged by Customer during the calendar year will be totaled at the end of the calendar year, and if requested by Customer within 30 days following the respective calendar year, will be evaluated against the following schedule to determine any Service Outage Credit due. The Service Outage Credit will be applied to the Customer’s next installment of its Subscription Fee following the end of the calendar year. If applicable, any “startup” months prior to the Billing Date identified in any Order are excluded from the calculation of any Service Outage Credits. Service Outage Credits will only be applied against future Subscription Fees. If Customer terminates the Agreement, any accrued and unapplied Service Outage Credits are lost. The parties agree that Service Outage Credits are a fair estimate of the damages that Customer will incur for each event for which a Service Outage Credit is granted in the Agreement, that the actual damages incurred by Customer in each such event would be difficult and costly to determine, and that Service Outage Credits are liquidated damages awarded in lieu of actual damages incurred by Customer. Service Outage Credits are the sole and exclusive remedy of Customer with respect to the incident or event with respect to which such Service Outage Credits are credited to Customer by NetDocuments, subject to and as limited by the provisions of Section 10 of this Agreement. If Customer is domiciled in Australia, this Section 4.2 shall not limit any remedy available to Customer under the ACL, if and to the extent the ACL applies.
  5. Cumulative Services Outages Above Service Credit Threshold Service Outage Credit (Number of days * annualized subscription fee for respective Service(s) / 365)
    1 minute to 120 minutes 1 day
    121 minutes to 240 minutes 2 days
    241 minutes to 480 minutes 4 days
    481 minutes to 960 minutes 8 days
    961 minutes or more 16 days

  6. Priority Definitions and Target Responses for Service Outages. The Service Outage priority definitions and target responses are as set forth below. Target response times and target status updates are provided by Digital Notice. NetDocuments shall cooperate with Customer to determine the priority level of an event reported by Customer. Adverse internet issues beyond NetDocuments' control may impact the stated time frames.
  7. Priority Level Scope Target Initial Response Time Target Status Update Time
    1 Any Service Outage 45 Minutes Hourly
    2 Any failure of search, write or other material functions of a Service for general users that do not represent a Service Outage. 4 hours, if request is submitted during normal business hours in Customer’s Service Region, or 16 hours is request is outside normal business hours Once each business day
    3 Any failure of a Service that affects the functionality of the Service for general users and is not a Priority 1 or Priority 2 request. 24 hours, if request is submitted during normal business hours in Customer’s Service Region, or 48 hours if request is outside normal business hours As Needed

  8. NetDocuments Help Desk Support. Help Desk Support is the means by which NetDocuments provides technical advice to Customer by Customer’s Administrative Contacts or Help Desk Contacts designated by Customer. Training of Service Users and Services support other than that listed above is to be provided by Customer’s information technology staff, and NetDocuments has no obligation or responsibility to provide Help Desk Support (or any other support) directly to Service Users or any to provide technical support for software or services not provided by NetDocuments as part of the Services or with respect to Customer Systems.
    1. Requesting Help Desk Support From NetDocuments. Help Desk Support is available to Customer’s Administrative Contacts or Help Desk Contacts 24 hours/day, 7 days/week, 52 weeks/year on an as-available basis. Customer’s Help Desk Contacts can submit support requests as follows:
      1. Requests through Support System. Requests may be submitted at (or by such other digital means as directed by NetDocuments from time to time by Digital Notice). Follow-up of a request can be provided either via phone or digital means at the discretion of NetDocuments Help Desk Support personnel.
      2. Telephone requests shall be to the telephone number provided on the NetDocuments support website.
        Requests should include the following information: the name and customer association of the individual submitting the request, asserted priority level, date and time of the occurrence, complete description of the issue, including steps to recreate the problem, the text of any error messages, and relevant information about the Service User’s environment.
        At the request of Customer, NetDocuments Help Desk Support personnel may have limited access to Customer Systems or Customer Data to resolve support issues. Customer agrees it will use all reasonable efforts to ensure Customer Data it shares with NetDocuments Help Desk Support personnel does not contain Personal Data or sensitive information.
        Help Desk Support may be provided by NetDocuments personnel or subcontractors in regions other than Customer’s Service Region. If Customer’s policies or applicable law restricts the access to or use of Customer Data outside of a specific geographic location, Customer must notify NetDocuments Help Desk Support personnel prior to sharing any Customer Data.

Exhibit C—NetDocuments Security

NetDocuments employs a comprehensive range of procedures, tools, and independent services to provide industry-leading security for data stored in the Services. Below is a summary of NetDocuments’ existing security features as of the date of this Agreement. NetDocuments will use reasonable efforts to update its security standards, policies, and procedures from time to time to keep pace with changes in industry standards or to comply with legal or regulatory requirements. Accordingly, NetDocuments reserves the right to make changes to its security measures or any of the policies or procedures identified herein but will not make changes that will decrease the overall security of the Services or Customer Data.

  1. Safeguarding Customer Data. NetDocuments will maintain appropriate administrative, organizational, technical, and physical safeguards designed to: (a) ensure the security, confidentiality, and availability of Customer Data, and (b) protect against Unauthorized Access to Customer Data while it is stored in the Services.
  2. Certifications and Standards. NetDocuments will have a Type 2 SOC 2 audit for security, availability, and privacy undertaken annually and will maintain its certification to ISO 27001 or a comparable successor standard. Customer may download NetDocuments’ then current Due Diligence Response package (“DDR”), which contains information sufficient for Customer to verify NetDocuments’ certification and audit results, from the NetDocuments Security Center (available to repository administrators). All of the following controls are verified in NetDocuments Type 2 SOC 2 audit and ISO 27001 certification report.
  3. Security Controls and Audits. NetDocuments has and will maintain an information security program that includes policies and procedures regarding physical security, handling of confidential information, employee background checks, network security, anti-virus/anti-malware protection, access control management, and incident response. NetDocuments conducts regular internal control assessments to validate that controls are designed and operating effectively. Issues identified from assessments are documented, tracked and remediated as appropriate.
  4. Physical Security of NetDocuments Facilities. NetDocuments implements appropriate physical security controls, including physical access controls, at its facilities and requires its material vendors to implement comparable physical security standards. Access to NetDocuments facilities is limited to authorized individuals, validated through photo identification badges, and logged. NetDocuments removes physical access when access is no longer required and as a component of the employee termination process.
  5. Physical Security of Data Centers. NetDocuments requires data center vendors to meet industry-standard physical security controls. NetDocuments conducts internal audits of all data centers annually, and all data centers are included in the scope of NetDocuments annual ISO 27001 certification audit.
  6. Disaster Recovery and Business Continuity NetDocuments will have in place at all times during the Term disaster recovery and business continuity plans to be implemented in the event of a disaster. NetDocuments will actively review and update the disaster recovery and business continuity plans on at least an annual basis. NetDocuments’ target recovery point objective is 2 hours and its target recovery time objective is 6 hours.
  7. Human Resource Security. NetDocuments’ employees sign a confidentiality agreement and acknowledge security policies during the employee on-boarding process and annually for the term of employment. In addition, NetDocuments conducts training annually on its security policies and processes. NetDocuments conducts background verification and credit checks in accordance with applicable law during the hiring process and annually for the term of an employee’s employment.
  8. ND Network Security. In the course of providing the Services, NetDocuments shall, at a minimum:
    1. cause the ND Network to include a multi-tier server structure consisting of web servers, directory servers, database servers, and index servers in which each class of server is highly available without a single point of failure;
    2. deploy within the ND Network a managed firewall and intrusion detection system that includes monitoring for Unauthorized Access;
    3. store Customer Data that has been saved on the ND Network using the Services (and which has not been subsequently deleted) in highly available storage located at two or more geographically separate data centers;
    4. provide technology for local echoing on compatible access devices, subject to proper activation, configuration and management of the relevant access devices by Customer;
    5. connect the ND Network to the Internet with redundant high-capacity Internet service providers;
    6. ensure the data centers that host the ND Network are supported by backup power generators designed to provide at least 48 hours of power in case of a major power outage;
    7. encrypt Customer Data in transit and at rest using industry-standard encryption protocols; and
    8. employ virus and malware scanning software on all corporate networks and compensating controls to protect against viruses and malware on production networks.
  9. Access Controls. NetDocuments manages access to internal networks through Active Directory user groups. NetDocuments allocates permissions and privileges on a least privilege principle. NetDocuments assigns network and data access rights based on user groups and job function. Active Directory requires minimum password parameters for access to NetDocuments’ internal networks. NetDocuments removes access to NetDocuments’ networks when access is no longer required and as a component of the employee termination process.
  10. Logging and Monitoring. NetDocuments will employ logging mechanisms within the Service to permit Customer to review document-level events and administrative changes for the previous 90 days. Details about the Consolidated Activity Log and Administrative Activity Log can be found on the NetDocuments support website. NetDocuments also logs comprehensive information regarding the functionality of the ND Network. NetDocuments maintains its log information for at least 1 year.
  11. Penetration Testing and Vulnerability ScansNetDocuments will perform regular penetration tests to be completed by independent third parties to assess the ND at least twice per 12-month period. NetDocuments will perform vulnerability scans (internal and external) of the ND Network to detect vulnerabilities at least once per month. NetDocuments will remediate critical and high-risk vulnerabilities promptly.
  12. Notification and Remedial Actions. NetDocuments will continuously monitor the ND Network for Unauthorized Access. NetDocuments will report any confirmed Unauthorized Access to Customer without unreasonable delay, not to exceed 24 hours. NetDocuments will use commercially reasonable efforts to remedy any confirmed Unauthorized Access promptly, perform a root cause analysis, and develop a future incident mitigation plan with regard to any Unauthorized Access affecting Customer Data.
  13. Secure Development. NetDocuments’ Software Development Life Cycle (SDLC) methodology governs the acquisition, development, implementation, configuration, maintenance, modification, and management of software components. NetDocuments developers use secure coding guidelines based on leading industry standards and receive annual secure coding training. For each release, NetDocuments performs a security architecture review and conducts vulnerability scans and dynamic and static code reviews in the development environment. Identified vulnerabilities and coding defects are resolved prior to implementation, and an internal rollout is performed to test and troubleshoot the product release prior to placing it in production. NetDocuments utilizes a code versioning control system to maintain the integrity and security of application source code. Access privileges to the source code repository are reviewed quarterly and limited to authorized employees.
  14. Change Management. NetDocuments follows documented change management policies and procedures for requesting, testing, and approving application, infrastructure, and Service-related changes. Dedicated environments separate from production exist for development and testing activities. Logical access controls requiring two-factor authentication secure these separate environments. Only authorized individuals can move code into production.
  15. Assistance with Compliance Requests. NetDocuments will provide Customer reasonable assistance in responding to Customer’s clients’ requests for information about NetDocuments’ security policies and procedures applicable to Customer Data, subject to reasonable confidentiality measures required by NetDocuments and Customer’s payment of NetDocuments' then-current fees for customer audit support requests.