Terms of Service
Effective August 15, 2024
Welcome, and thank you for your interest in SessionKeeper LLC ("SessionKeeper," "we," or "us") and our app for enhancing tabletop role-playing games, along with our website at SessionKeeper.ai, along with our related networks, applications, mobile applications, and other services provided by us (collectively, the "Service"). These Terms of Service are a legally binding contract between you and SessionKeeper regarding your use of the Service. As used herein, "you" or "your" means any entity, organization, or company accessing or using the Service ("Organization") as well as any individual end user accessing and using the Service, as applicable and hereby agreeing to these Terms.
PLEASE READ THE FOLLOWING TERMS CAREFULLY.
BY CLICKING "I ACCEPT," OR BY DOWNLOADING, INSTALLING, OR OTHERWISE ACCESSING OR USING THE SERVICE, YOU AGREE THAT YOU HAVE READ AND UNDERSTOOD, AND, AS A CONDITION TO YOUR USE OF THE SERVICE, YOU AGREE TO BE BOUND BY, THE FOLLOWING TERMS AND CONDITIONS, INCLUDING SESSIONKEEPER'S PRIVACY POLICY (TOGETHER, THESE "TERMS"). IF YOU ARE NOT ELIGIBLE, OR DO NOT AGREE TO THE TERMS, THEN YOU DO NOT HAVE OUR PERMISSION TO USE THE SERVICE. YOUR USE OF THE SERVICE, AND SESSIONKEEPER'S PROVISION OF THE SERVICE TO YOU, CONSTITUTES AN AGREEMENT BY SESSIONKEEPER AND BY YOU TO BE BOUND BY THESE TERMS.
ARBITRATION NOTICE.** Except for certain kinds of disputes described in Section 19, you agree that disputes arising under these Terms will be resolved by binding, individual arbitration, and BY ACCEPTING THESE TERMS, YOU AND SESSIONKEEPER ARE EACH WAIVING THE RIGHT TO A TRIAL BY JURY OR TO PARTICIPATE IN ANY CLASS ACTION OR REPRESENTATIVE PROCEEDING. YOU AGREE TO GIVE UP YOUR RIGHT TO GO TO COURT to assert or defend your rights under this contract (except for matters that may be taken to small claims court). Your rights will be determined by a NEUTRAL ARBITRATOR and NOT a judge or jury. (See Section 19.)
You must be at least 13 years old to use the Service. By agreeing to these Terms, you represent and warrant to us that: (a) you are at least 13 years old; (b) you have not previously been suspended or removed from the Service; and (c) your registration and your use of the Service is in compliance with any and all applicable laws and regulations. If you are an Organization, the individual accepting these Terms on your behalf represents and warrants that they have authority to bind you to these Terms and you agree to be bound by these Terms.
1. SessionKeeper Service Overview
The Service enables users to automate note-taking during tabletop role-playing game sessions and organize game information into easily accessible knowledge bases. Users may choose whether to use the free version of the Service ("Free Service") or the subscription-based paid versions of the Service for which they may be required to pay fees (the "Paid Service").
2. Eligibility
You must be at least 13 years old to use the Service. By agreeing to these Terms, you represent and warrant to us that: (a) you are at least 13 years old; (b) you have not previously been suspended or removed from the Service; and (c) your registration and your use of the Service is in compliance with any and all applicable laws and regulations. If you are an Organization, the individual accepting these Terms on your behalf represents and warrants that they have authority to bind you to these Terms and you agree to be bound by these Terms.
3. Accounts and Registration
To access most features of the Service, you must register for an account. When you register for an account, you may be required to provide us with some information about yourself, such as your name, email address, or other contact information. You agree that the information you provide to us is accurate and that you will keep it accurate and up-to-date at all times. When you register, you will be asked to provide a password. You are responsible for maintaining the confidentiality of your account and password, and you accept responsibility for all activities that occur under your account. If you believe that your account is no longer secure, then you must immediately notify us at support@sessionkeeper.ai.
4. General Payment Terms
Certain features of the Service may require you to pay fees. Before you pay any fees, you will have an opportunity to review and accept the fees that you will be charged. All fees are in U.S. Dollars and are non-refundable.### \
4.1 Price
SessionKeeper reserves the right to determine pricing for the Service. SessionKeeper will make reasonable efforts to keep pricing information published on the website up to date. We encourage you to check our website periodically for current pricing information. SessionKeeper may change the fees for any feature of the Service, including additional fees or charges, if SessionKeeper gives you advance notice of changes before they apply. SessionKeeper, at its sole discretion, may make promotional offers with different features and different pricing to any of SessionKeeper's customers. These promotional offers, unless made to you, will not apply to your offer or these Terms.
4.2 Authorization
You authorize SessionKeeper and its third party payment processors to charge all sums for the orders that you make and any level of Service you select as described in these Terms or published by SessionKeeper, including all applicable taxes, to the payment method specified in your account. If you pay any fees with a credit card, SessionKeeper or its third party payment processors may seek pre-authorization of your credit card account prior to your purchase to verify that the credit card is valid and has the necessary funds or credit available to cover your purchase.
4.3 Subscription Service
a. **General.** The Service may include automatically recurring payments for periodic charges ("Subscription Service"). If you activate a Subscription Service, you authorize SessionKeeper or its third party payment processors or Apple or Google if you subscribed directly through the mobile application to periodically charge, on a going-forward basis and until cancellation of either the recurring payments or your account, all accrued sums on or before the payment due date for the accrued sums, including all accrued sums for your Authorized Users. The "Subscription Billing Date" is the date when you purchase your first subscription to the Service. Your account will be charged automatically on the Subscription Billing Date all applicable fees and taxes for the next subscription period, which may be one month or one year depending on the selection you make on your account. The subscription will continue unless and until you cancel your subscription, or we terminate it. You must cancel your subscription before it renews in order to avoid billing of the next periodic Subscription Fee to your account.
b. **Renewals.** Unless you cancel your Subscription Service, your Subscription Service will automatically renew at the end of the applicable subscription period. If the Subscription Service is cancelled, cancellation will be effective at the end of the current subscription period. You will not receive a refund for the current subscription period, except as required by applicable law. We reserve the right to revise the pricing for Subscription Services at any time. Any increase in charges will not apply until the renewal of your subscription, and you will be provided with advance notice of such increase.
4.4 Delinquent Accounts
SessionKeeper may suspend or terminate access to the Service, including fee-based portions of the Service, for any account for which any sum is due but unpaid. In addition to the amount due for the Service, a delinquent account may be charged with fees or charges that are incidental to any chargeback or collection of any the unpaid amount, including collection fees.
5. Licenses
5.1 Limited License
Subject to your complete and ongoing compliance with these Terms, SessionKeeper grants you, solely for your personal, non-commercial use, a limited, non-exclusive, non-transferable, non-sublicensable, revocable license to: (a) install and use one object code copy of any mobile application associated with the Service obtained from a legitimate marketplace on a mobile device that you own or control; and (b) access and use the Service.###
5.2 License Restrictions
Except and solely to the extent such a restriction is impermissible under applicable law, you may not: (a) reproduce, distribute, publicly display, or publicly perform the Service; (b) make modifications to the Service; (c) interfere with or circumvent any feature of the Service, including any security or access control mechanism; (d) access or use the Service in violation of any usage restrictions or other limitations associated with the level of Service you (or your Organization) have selected to access and purchased, if applicable. If you are prohibited under applicable law from using the Service, you may not use it.
5.3 Feedback
If you choose to provide input and suggestions regarding problems with or proposed modifications or improvements to the Service ("Feedback"), then you hereby grant SessionKeeper an unrestricted, perpetual, irrevocable, non-exclusive, fully-paid, royalty-free right to exploit the Feedback in any manner and for any purpose, including to improve the Service and create other products and services.
6. Ownership; Proprietary Rights
The Service is owned and operated by SessionKeeper. The visual interfaces, graphics, design, compilation, information, data, computer code (including source code or object code), products, software, services, and all other elements of the Service ("Materials") provided by SessionKeeper are protected by intellectual property and other laws. All Materials included in the Service are the property of SessionKeeper or its third party licensors. Except as expressly authorized by SessionKeeper, you may not make use of the Materials. SessionKeeper reserves all rights to the Materials not granted expressly in these Terms.
7. Privacy and Information Security
SessionKeeper's Privacy Policy explains how SessionKeeper collects, uses, and discloses information in connection with the Service. You acknowledge and agree that SessionKeeper may collect, use, and disclose information as set forth in our Privacy Policy.SessionKeeper will employ commercially reasonable security measures designed to protect your information in its possession or control. However, SessionKeeper cannot guarantee that unauthorized third parties will never be able to defeat those measures or use your information for improper purposes. You acknowledge that you provide your information at your own risk.
8. Third Party Terms
SessionKeeper may provide tools through the Service that enable you to export information, including User Content, to third party services. By using one of these tools, you agree that SessionKeeper may transfer that information to the applicable third party service. Third party services are not under SessionKeeper's control, and, to the fullest extent permitted by law, SessionKeeper is not responsible for any third party service's use of your exported information. The Service may also contain links to third party websites. Linked websites are not under SessionKeeper's control, and SessionKeeper is not responsible for their content.
9. User Content
9.1 User Content Generally
Certain features of the Service may permit users to upload content to the Service, including voice and audio recordings, images, notes, text, creative content, software, scripts, graphics, and interactive features generated, provided, or otherwise made accessible on or through the Service ("User Content"). All User Content is the sole responsibility of the user that made such User Content available. SessionKeeper makes no representations that User Content will remain available on the Service in any way.
9.2 Limited License Grant to SessionKeeper
By making any User Content available through the Service you hereby grant to SessionKeeper a limited, non-exclusive, sublicensable, worldwide, royalty-free license to use, copy, modify, reproduce, distribute, prepare derivative works based upon, display, perform, and otherwise exploit such User Content in connection with operating and providing the Service. You irrevocably waive any claims and assertions of moral rights or attribution with respect to your User Content brought against SessionKeeper or its sublicensees.
9.3 Voice Recordings
The Service may provide a feature that allows you to record role-playing game sessions. Voice recordings may be started by any player (including the game session leader or DM) within a campaign. However, the app will provide clear visual and audio indicators that recording has started and is in progress. All players within the campaign who have the app installed will have the opportunity to opt out of having their voice print leveraged in the recording and transcription for speaker identification. If a player opts out, the voice print technology will exclude their voice print from the speaker identification. If any player in the campaign does not have the app installed, the person who starts the recording must verbally confirm they have the consent of all participants to record the session. By using the voice recording features, you represent that you have obtained the consent of all recorded parties or that you otherwise have the right to record and use the voice recording in accordance with these Terms. SessionKeeper uses voiceprint technology for speaker identification only for users who have explicitly opted in to this feature.
9.4 User Content Representations and Warranties
SessionKeeper disclaims any and all liability in connection with User Content. You are solely responsible for your User Content and the consequences of providing User Content via the Service. By providing User Content via the Service, you affirm, represent, and warrant that:a. you are the creator and owner of the User Content, or have the necessary licenses, rights, consents, and permissions to authorize SessionKeeper and users of the Service to use and distribute your User Content as necessary to exercise the licenses granted by you in this Section, in the manner contemplated by SessionKeeper, the Service, and these Terms;b. your User Content, and the use of your User Content as contemplated by these Terms, does not and will not: (i) infringe, violate, or misappropriate any third party right, including any copyright, trademark, patent, trade secret, moral right, privacy right, right of publicity, or any other intellectual property or proprietary right; (ii) slander, defame, libel, or invade the right of privacy, publicity or other property rights of any other person; or (iii) cause SessionKeeper to violate any law or regulation; and c. your User Content could not be deemed by a reasonable person to be objectionable, profane, indecent, pornographic, harassing, threatening, embarrassing, hateful, or otherwise inappropriate.
9.5 User Content Disclaimer
We are under no obligation to edit or control User Content that you or other users post or publish, and will not be in any way responsible or liable for User Content. SessionKeeper may, however, at any time and without prior notice, screen, remove, edit, or block any User Content that in our sole judgment violates these Terms or is otherwise objectionable. You understand that when using the Service you will be exposed to User Content from a variety of sources and acknowledge that User Content may be inaccurate, offensive, indecent, or objectionable. You agree to waive, and do waive, any legal or equitable right or remedy you have or may have against SessionKeeper with respect to User Content. If notified by a user or content owner that User Content allegedly does not conform to these Terms, we may investigate the allegation and determine in our sole discretion whether to remove the User Content, which we reserve the right to do at any time and without notice. For clarity, SessionKeeper does not permit copyright-infringing activities on the Service.
10. Communications
10.1 Text Messaging
SessionKeeper and those acting on our behalf may send you text (SMS) messages at the phone number you provide us. These messages may be used for two factor authentication. Standard data and message rates may apply whenever you send or receive such messages, as specified by your carrier and SessionKeeper is not responsible for these charges.
10.2 Push Notifications
When you install our app on your mobile device, you agree to receive push notifications, which are messages an app sends you on your mobile device when the app is not on. You can turn off notifications by visiting your mobile device's "settings" page.
10.3 Email
We may send you emails in the course of delivering the service to notify when User Content has been processed, shared with you or for other operational purposes. We may also send emails concerning our products and services, as well as those of third parties. You may opt out of promotional emails by following the unsubscribe instructions in the promotional email itself.
11. Prohibited Conduct
BY USING THE SERVICE YOU AGREE NOT TO:
a. use the Service for any illegal purpose or in violation of any local, state, national, or international law;
b. violate, or encourage others to violate, any right of a third party, including by infringing or misappropriating any third party intellectual property right;
c. interfere with security-related features of the Service, including by: (i) disabling or circumventing features that prevent or limit use or copying of any content; or (ii) reverse engineering or otherwise attempting to discover the source code of any portion of the Service except to the extent that the activity is expressly permitted by applicable law;
d. interfere with the operation of the Service or any user's enjoyment of the Service, including by: (i) uploading or otherwise disseminating any virus, adware, spyware, worm, or other malicious code; (ii) making any unsolicited offer or advertisement to another user of the Service; (iii) collecting personal information about another user or third party without consent; or (iv) interfering with or disrupting any network, equipment, or server connected to or used to provide the Service;
e. perform any fraudulent activity including impersonating any person or entity, claiming a false affiliation or false identity, accessing any other Service account without permission, or falsifying your age or date of birth;
f. sell or otherwise transfer the access granted under these Terms or any Materials (as defined in Section 6) or any right or ability to view, access, or use any Materials; or
g. attempt to do any of the acts described in this Section 10 or assist or permit any person in engaging in any of the acts described in this Section 10.
12. Modification of these Terms
We reserve the right to change these Terms on a going-forward basis at any time. Please check these Terms periodically for changes. If a change to these Terms materially modifies your rights or obligations, we may require that you accept the modified Terms in order to continue to use the Service. Material modifications are effective upon your acceptance of the modified Terms. Immaterial modifications are effective upon publication. Except as expressly permitted in this Section 13, these Terms may be amended only by a written agreement signed by authorized representatives of the parties to these Terms. Disputes arising under these Terms will be resolved in accordance with the version of these Terms that was in effect at the time the dispute arose.
14. Term, Termination and Modification of the Service
14.1 Term
These Terms are effective beginning when you accept the Terms or first download, install, access, or use the Service, and ending when terminated as described in Section 14.2.
14.2 Termination
If you violate any provision of these Terms, your authorization to access the Service and these Terms automatically terminate. In addition, SessionKeeper may, at its sole discretion, terminate these Terms or your account on the Service, or suspend or terminate your access to the Service, at any time for any reason or no reason, with or without notice. You may terminate your account and these Terms at any time by contacting customer service at support@sessionkeeper.ai.
14.3 Effect of Termination
Upon termination of these Terms: (a) your license rights will terminate and you must immediately cease all use of the Service; (b) you will no longer be authorized to access your account or the Service; (c) you must pay SessionKeeper any unpaid amount that was due prior to termination; and (d) all payment obligations accrued prior to termination and Sections [5.3, 6, 7, 10, 14.3, 16, 17, 18, 19, and 20] will survive.
14.4 Modification of the Service
SessionKeeper reserves the right to modify or discontinue the Service at any time (including by limiting or discontinuing certain features of the Service), temporarily or permanently, without notice to you. SessionKeeper will have no liability for any change to the Service or any suspension or termination of your access to or use of the Service.
15. Indemnity
To the fullest extent permitted by law, you are responsible for your use of the Service, and you will defend and indemnify SessionKeeper and its officers, directors, employees, consultants, affiliates, subsidiaries and agents (together, the "Otter.ai Entities") from and against every claim brought by a third party, and any related liability, damage, loss, and expense, including reasonable attorneys' fees and costs, arising out of or connected with: (a) your unauthorized use of, or misuse of, the Service; (b) your violation of any portion of these Terms, any representation, warranty, or agreement referenced in these Terms, or any applicable law or regulation; (c) your violation of any third party right, including any intellectual property right or publicity, confidentiality, other property, or privacy right; (d) the nature of content of Data processed by the Service; or (e) any dispute or issue between you and any third party. We reserve the right, at our own expense, to assume the exclusive defense and control of any matter otherwise subject to indemnification by you (without limiting your indemnification obligations with respect to that matter), and in that case, you agree to cooperate with our defense of those claims.
16. Disclaimers; No Warranties
THE SERVICE AND ALL MATERIALS AND CONTENT AND TRANSCRIPTIONS AVAILABLE THROUGH THE SERVICE ARE PROVIDED "AS IS" AND ON AN "AS AVAILABLE" BASIS. SESSIONKEEPER DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, RELATING TO THE SERVICE AND ALL MATERIALS AND CONTENT AND TRANSCRIPTIONS AVAILABLE THROUGH THE SERVICE, INCLUDING: (A) ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, QUIET ENJOYMENT, OR NON-INFRINGEMENT; AND (B) ANY WARRANTY ARISING OUT OF COURSE OF DEALING, USAGE, OR TRADE. SESSIONKEEPER DOES NOT WARRANT THAT THE SERVICE OR ANY PORTION OF THE SERVICE (OR YOUR ACCESS THERETO), OR ANY DATA, MATERIALS OR CONTENT OFFERED THROUGH OR PROCESSED BY THE SERVICE, WILL BE UNINTERRUPTED, SECURE, OR FREE OF ERRORS, VIRUSES, OR OTHER HARMFUL COMPONENTS, AND SESSIONKEEPER DOES NOT WARRANT THAT ANY OF THOSE ISSUES WILL BE CORRECTED. SESSIONKEEPER IS NOT RESPONSIBLE FOR THE FAILURE TO STORE OR MAINTAIN ANY USER DATA, CONTENT OR TRANSCRIPTIONS, USER COMMUNCIATIONS, ACCOUNT INFORMATION, OR PERSONAL SETTINGS. SESSIONKEEPER MAKES NO WARRANTY ABOUT THE COMPLETENESS OR ACCURACY OF THE TRANSCRIPTION.NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU FROM THE SERVICE OR SESSIONKEEPER ENTITIES OR ANY MATERIALS OR CONTENT AVAILABLE THROUGH THE SERVICE WILL CREATE ANY WARRANTY REGARDING ANY OF THE SESSIONKEEPER ENTITIES OR THE SERVICE THAT IS NOT EXPRESSLY STATED IN THESE TERMS. WE ARE NOT RESPONSIBLE FOR ANY DAMAGE THAT MAY RESULT FROM THE SERVICE AND YOUR DEALING WITH ANY OTHER SERVICE USER. YOU UNDERSTAND AND AGREE THAT YOU USE ANY PORTION OF THE SERVICE AT YOUR OWN DISCRETION AND RISK, AND THAT WE ARE NOT RESPONSIBLE FOR ANY DAMAGE TO YOUR PROPERTY (INCLUDING YOUR COMPUTER SYSTEM OR MOBILE DEVICE USED IN CONNECTION WITH THE SERVICE) OR ANY LOSS OF, USE OR DISCLOSURE OF DATA, INCLUDING USER CONTENT.THE LIMITATIONS, EXCLUSIONS AND DISCLAIMERS IN THIS SECTION APPLY TO THE FULLEST EXTENT PERMITTED BY LAW. SessionKeeper does not disclaim any warranty or other right that SessionKeeper is prohibited from disclaiming under applicable law.
17. Limitation of Liability
TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT WILL THE SESSIONKEEPER ENTITIES BE LIABLE TO YOU FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR PUNITIVE DAMAGES (INCLUDING DAMAGES FOR LOSS OF PROFITS, GOODWILL, OR ANY OTHER INTANGIBLE LOSS) ARISING OUT OF OR RELATING TO YOUR ACCESS TO OR USE OF, OR YOUR INABILITY TO ACCESS OR USE, THE SERVICE OR ANY MATERIALS OR CONTENT ON THE SERVICE, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), STATUTE, OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT ANY OTTER.AI ENTITY HAS BEEN INFORMED OF THE POSSIBILITY OF DAMAGE.EXCEPT AS PROVIDED IN SECTION 19.5 AND TO THE FULLEST EXTENT PERMITTED BY LAW, THE AGGREGATE LIABILITY OF THE SESSIONKEEPER ENTITIES TO YOU FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THE USE OF OR ANY INABILITY TO USE ANY PORTION OF THE SERVICE OR OTHERWISE UNDER THESE TERMS, WHETHER IN CONTRACT, TORT, OR OTHERWISE, IS LIMITED TO THE GREATER OF: (A) THE AMOUNT YOU HAVE PAID TO SESSIONKEEPER FOR ACCESS TO AND USE OF THE SERVICE IN THE 12 MONTHS PRIOR TO THE EVENT OR CIRCUMSTANCE GIVING RISE TO CLAIM; OR (B) $100.EACH PROVISION OF THESE TERMS THAT PROVIDES FOR A LIMITATION OF LIABILITY, DISCLAIMER OF WARRANTIES, OR EXCLUSION OF DAMAGES IS INTENDED TO AND DOES ALLOCATE THE RISKS BETWEEN THE PARTIES UNDER THESE TERMS. THIS ALLOCATION IS AN ESSENTIAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN THE PARTIES. EACH OF THESE PROVISIONS IS SEVERABLE AND INDEPENDENT OF ALL OTHER PROVISIONS OF THESE TERMS. THE LIMITATIONS IN THIS SECTION 17 WILL APPLY EVEN IF ANY LIMITED REMEDY FAILS OF ITS ESSENTIAL PURPOSE.
18. Privacy and Information Security
18.1 Privacy Policy
You acknowledge and agree that except as described in these Terms, any User Content, data, recordings, and information you enter into or upload to the Service or that we collect in connection with the Service ("Data") will be processed as described in the SessionKeeper Privacy Policy. Please read the Privacy Policy carefully.
18.2 Data Processing
To the extent Data falls within the scope of the General Data Protection Regulation or the United Kingdom General Data Protection Regulation, the terms of the Data Processing Attachment in Appendix 1 of these Terms ("DPA") apply to the processing of any Customer Personal Data (as defined in the DPA). To the extent Data falls within the scope of any U.S. state privacy laws or their implementing regulations, the terms of the U.S. State Data Processing Agreement in Appendix 6 ("U.S. State DPA") apply to the processing of any Personal Data (as defined in the U.S. State DPA).
18.3 Data
As between you and SessionKeeper, data that you enter into or upload to the Service is and will remain owned by you. You hereby grant SessionKeeper the right to collect, process, transmit, store, use, and disclose data to provide the Service and as otherwise set forth in these Terms and the Privacy Policy.
18.4 Use of Aggregated Data
You acknowledge and agree that SessionKeeper may collect, create, process, transmit, store, use, and disclose aggregated and/or deidentified data derived from Data or use of the Services ("Aggregated Data") for its business purposes, including for machine learning and training, industry analysis, benchmarking, and analytics. All Aggregated Data will be in an aggregated and/or deidentified form only and will not identify you. Nothing in these Terms gives you any rights in or to any part of the Service or Aggregated Data.
18.5 Compliance
You are solely responsible (a) for Data as entered into, supplied, accessed, or used by you and (b) for complying with any privacy and data protection laws and regulations applicable to Data or your use of the Service. You represent and warrant that you have obtained and will maintain all rights, consents, and authorizations required to grant SessionKeeper the rights and licenses set forth in Section 18 and to enable SessionKeeper to exercise its rights under the same without violation or infringement of the rights of any third party.
18.6 Information Security
SessionKeeper will employ commercially reasonable security measures that are designed to protect Data in its possession or control against unlawful or unauthorized access, use, alteration, or disclosure.
19. Dispute Resolution and Arbitration
19.1 Generally
In the interest of resolving disputes between you and SessionKeeper in the most expedient and cost effective manner, and except as described in Section 19.2 and 19.3, you and SessionKeeper agree that every dispute arising in connection with these Terms will be resolved by binding arbitration. Arbitration is less formal than a lawsuit in court. Arbitration uses a neutral arbitrator instead of a judge or jury, may allow for more limited discovery than in court, and can be subject to very limited review by courts. Arbitrators can award the same damages and relief that a court can award. This agreement to arbitrate disputes includes all claims arising out of or relating to any aspect of these Terms, whether based in contract, tort, statute, fraud, misrepresentation, or any other legal theory, and regardless of whether a claim arises during or after the termination of these Terms. YOU UNDERSTAND AND AGREE THAT, BY ENTERING INTO THESE TERMS, YOU AND SESSIONKEEPER ARE EACH WAIVING THE RIGHT TO A TRIAL BY JURY OR TO PARTICIPATE IN A CLASS ACTION.
19.2 Exceptions
Despite the provisions of Section 19.1, nothing in these Terms will be deemed to waive, preclude, or otherwise limit the right of either party to: (a) bring an individual action in small claims court; (b) pursue an enforcement action through the applicable federal, state, or local agency if that action is available; (c) seek injunctive relief in a court of law in aid of arbitration; or (d) to file suit in a court of law to address an intellectual property infringement claim.
19.3 Opt-Out
If you do not wish to resolve disputes by binding arbitration, you may opt out of the provisions of this Section 19 within 30 days after the date that you agree to these Terms by sending a letter to SessionKeeper LLC, Attention: Legal Department - Arbitration Opt-Out, 7627 Lake Street, Suite 206, #1159, River Forest, IL 60305 that specifies: your full legal name, the email address associated with your account on the Service, and a statement that you wish to opt out of arbitration ("Opt-Out Notice"). Once SessionKeeper receives your Opt-Out Notice, this Section 19 will be void and any action arising out of these Terms will be resolved as set forth in Section 20.2. The remaining provisions of these Terms will not be affected by your Opt-Out Notice.
19.4 Arbitrator
Any arbitration between you and SessionKeeper will be settled under the Federal Arbitration Act and administered by the American Arbitration Association ("AAA") under its Consumer Arbitration Rules (collectively, "AAA Rules") as modified by these Terms. The AAA Rules and filing forms are available online at www.adr.org, by calling the AAA at 1-800-778-7879, or by contacting SessionKeeper. The arbitrator has exclusive authority to resolve any dispute relating to the interpretation, applicability, or enforceability of this binding arbitration agreement.
19.5 Notice of Arbitration; Process
A party who intends to seek arbitration must first send a written notice of the dispute to the other party by certified U.S. Mail or by Federal Express (signature required) or, only if that other party has not provided a current physical address, then by electronic mail ("Notice of Arbitration"). SessionKeeper's address for Notice is: SessionKeeper LLC, 7627 Lake Street, Suite 206, #1159, River Forest, IL 60305. The Notice of Arbitration must: (a) describe the nature and basis of the claim or dispute; and (b) set forth the specific relief sought ("Demand"). The parties will make good faith efforts to resolve the claim directly, but if the parties do not reach an agreement to do so within 30 days after the Notice of Arbitration is received, you or SessionKeeper may commence an arbitration proceeding. All arbitration proceedings between the parties will be confidential unless otherwise agreed by the parties in writing. During the arbitration, the amount of any settlement offer made by you or SessionKeeper must not be disclosed to the arbitrator until after the arbitrator makes a final decision and award, if any. If the arbitrator awards you an amount higher than the last written settlement amount offered by SessionKeeper in settlement of the dispute prior to the award, SessionKeeper will pay to you the higher of: (i) the amount awarded by the arbitrator; or (ii) $10,000.
19.6 Fees
If you commence arbitration in accordance with these Terms, SessionKeeper will reimburse you for your payment of the filing fee, unless your claim is for more than $10,000, in which case the payment of any fees will be decided by the AAA Rules. Any arbitration hearing will take place at a location to be agreed upon in Illinois, but if the claim is for $10,000 or less, you may choose whether the arbitration will be conducted: (a) solely on the basis of documents submitted to the arbitrator; (b) through a non-appearance based telephone hearing; or (c) by an in-person hearing as established by the AAA Rules. If the arbitrator finds that either the substance of your claim or the relief sought in the Demand is frivolous or brought for an improper purpose (as measured by the standards set forth in Federal Rule of Civil Procedure 11(b)), then the payment of all fees will be governed by the AAA Rules. In that case, you agree to reimburse SessionKeeper for all monies previously disbursed by it that are otherwise your obligation to pay under the AAA Rules. Regardless of the manner in which the arbitration is conducted, the arbitrator must issue a reasoned written decision sufficient to explain the essential findings and conclusions on which the decision and award, if any, are based. The arbitrator may make rulings and resolve disputes as to the payment and reimbursement of fees or expenses at any time during the proceeding and upon request from either party made within 14 days of the arbitrator's ruling on the merits.
19.7 No Class Actions
YOU AND SESSIONKEEPER AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING. Further, unless both you and SessionKeeper agree otherwise, the arbitrator may not consolidate more than one person's claims, and may not otherwise preside over any form of a representative or class proceeding.
19.8 Modifications to this Arbitration Provision
If SessionKeeper makes any future change to this arbitration provision, other than a change to SessionKeeper's address for Notice of Arbitration, you may reject the change by sending us written notice within 30 days of the change to SessionKeeper's address for Notice of Arbitration, in which case your account with SessionKeeper will be immediately terminated and this arbitration provision, as in effect immediately prior to the changes you rejected, will survive.
19.9 Enforceability
If Section 19.7 or the entirety of this Section 19 is found to be unenforceable, or if SessionKeeper receives an Opt-Out Notice from you, then the entirety of this Section 19 will be null and void and, in that case, the exclusive jurisdiction and venue described in Section 20.2 will govern any action arising out of or related to these Terms.
20. Miscellaneous
20.1 General Terms
These Terms, together with the Privacy Policy and any other agreements expressly incorporated by reference into these Terms, are the entire and exclusive understanding and agreement between you and SessionKeeper regarding your use of the Service. You may not assign or transfer these Terms or your rights under these Terms, in whole or in part, by operation of law or otherwise, without our prior written consent. We may assign these Terms at any time without notice or consent. The failure to require performance of any provision will not affect our right to require performance at any other time after that, nor will a waiver by us of any breach or default of these Terms, or any provision of these Terms, be a waiver of any subsequent breach or default or a waiver of the provision itself. Use of section headers in these Terms is for convenience only and will not have any impact on the interpretation of any provision. Throughout these Terms, the use of the word "including" means "including but not limited to". If any part of these Terms is held to be invalid or unenforceable, the unenforceable part will be given effect to the greatest extent possible, and the remaining parts will remain in full force and effect.
20.2 Governing Law
These Terms are governed by the laws of the State of Illinois without regard to conflict of law principles. You and SessionKeeper submit to the personal and exclusive jurisdiction of the state courts and federal courts located within Cook County, Illinois for resolution of any lawsuit or court proceeding permitted under these Terms. We operate the Service from our offices in Illinois, and we make no representation that Materials included in the Service are appropriate or available for use in other locations.
20.3 Additional Terms
Your use of the Service is subject to all additional terms, policies, rules, or guidelines applicable to the Service or certain features of the Service that we may post on or link to from the Service (the "Additional Terms"). All Additional Terms are incorporated by this reference into, and made a part of, these Terms.
20.4 Consent to Electronic Communications
By using the Service, you consent to receiving certain electronic communications from us as further described in our Privacy Policy. Please read our Privacy Policy to learn more about our electronic communications practices. You agree that any notices, agreements, disclosures, or other communications that we send to you electronically will satisfy any legal communication requirements, including that those communications be in writing.
20.5 Contact Information
The Service is offered by SessionKeeper LLC. You may contact us by emailing us at support@sessionkeeper.ai.
20.6 No Support
We are under no obligation to provide support for the Service. In instances where we may offer support, the support will be subject to published policies.
21. Notice Regarding Apple
This Section 21 only applies to the extent you are using our mobile application on an iOS device. You acknowledge that these Terms are between you and SessionKeeper only not with Apple Inc. ("Apple"), and Apple is not responsible for the Service or the content thereof. Apple has no obligation to furnish any maintenance and support services with respect to the Service. If the Service fails to conform to any applicable warranty, you may notify Apple and Apple will refund any applicable purchase price for the mobile application to you; and, to the maximum extent permitted by applicable law, Apple has no other warranty obligation with respect to the Service. Apple is not responsible for addressing any claims by you or any third party relating to the Service or your possession and/or use of the Service, including: (a) product liability claims; (b) any claim that the Service fails to conform to any applicable legal or regulatory requirement; or (c) claims arising under consumer protection or similar legislation. Apple is not responsible for the investigation, defense, settlement and discharge of any third party claim that the Service and/or your possession and use of the Service infringe a third party's intellectual property rights. You agree to comply with any applicable third party terms when using the Service. Apple and Apple's subsidiaries are third party beneficiaries of these Terms, and upon your acceptance of these Terms, Apple will have the right (and will be deemed to have accepted the right) to enforce these Terms against you as a third party beneficiary of these Terms. You hereby represent and warrant that: (i) you are not located in a country that is subject to a U.S. Government embargo, or that has been designated by the U.S. Government as a "terrorist supporting" country; and (ii) you are not listed on any U.S. Government list of prohibited or restricted parties.
Data Processing Agreement
This Data Processing Agreement ("DPA") is incorporated into and made part of the Terms of Service ("Terms") between you ("Customer") and SessionKeeper LLC ("Company"). Unless otherwise defined in this DPA, capitalized terms will have the meaning given to them in the Terms. This DPA prevails over any conflicting term of the Terms, but does not otherwise modify the Terms.
1. Definitions
1.1 In this DPA:
a. "Controller," "Data Subject," "Personal Data," "Personal Data Breach," "Processing," "Processor," and "Supervisory Authority," have the meaning given to them in the GDPR.
b. "Customer Personal Data" means any Data that constitutes Personal Data, the Processing of which is subject to Data Protection Law, for which Customer or Customer's customers are the Controller, and which is Processed by Company to provide the Service;
c. "Data Protection Law" means the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the United Kingdom General Data Protection Regulation, and e-Privacy Directive 2002/58/EC (as amended by Directive 2009/136/EC), and their national implementations in the European Economic Area ("EEA"), Switzerland and the United Kingdom, each as applicable, and as may be amended or replaced from time to time;
d. "Data Subject Rights" means Data Subjects' rights to information, access, rectification, erasure, restriction, portability, objection, and not to be subject to automated individual decision-making in accordance with Data Protection Law;
e. "International Data Transfer" means any transfer of Customer Personal Data from the EEA, Switzerland or the United Kingdom to an international organization or to a country outside of the EEA, Switzerland and the United Kingdom;
f. "Subprocessor" means a Processor engaged by Company to Process Customer Personal Data;g. "Standard Contractual Clauses" means the clauses annexed to EU Commission Implementing Decision EU 2021/914 of June 4, 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European parliament and of the Council;
h. "UK Addendum" means the addendum to the Standard Contractual Clauses issued by the UK Information Commissioner under Section 119A(1) of the UK Data Protection Act 2018 (version B1.0, in force March 21, 2022).
2. Scope and Applicability
2.1
This DPA applies to Processing of Customer Personal Data by Company to provide the Service.
2.2
The subject matter, nature and purpose of the Processing, the types of Customer Personal Data and categories of Data Subjects are set out in Appendix 5.
2.3
Customer is a Controller and appoints Company as a Processor on behalf of Customer in relation to the purposes set out in Appendix 5. Customer is responsible for compliance with the requirements of Data Protection Law applicable to Controllers.
2.4
If Customer is a Processor on behalf of other Controller(s), then Customer is the single point of contact for Company; must obtain all necessary authorizations from such other Controller(s); undertakes to issue all instructions and exercise all rights on behalf of such other Controller(s); and is responsible for compliance with the requirements of Data Protection Law applicable to Processors.
2.5
Customer acknowledges that Company may Process Personal Data relating to the operation, support, or use of the Service for its own business purposes, such as billing, account management, data analysis, benchmarking, technical support, product development, and compliance with law. Company is the Controller for such Processing and will Process such data in accordance with Data Protection Law. Such Processing shall not be subject to the terms of this DPA.
3. Instructions
3.1
Company will Process Customer Personal Data to provide the Service and in accordance with Customer's documented instructions.
3.2
The Controller's instructions are documented in this DPA, the Terms, and any applicable statement of work.###
3.3
Customer may reasonably issue additional instructions as necessary to comply with Data Protection Law. Company may charge a reasonable fee to comply with any additional instructions.### 3.4
Unless prohibited by applicable law, Company will inform Customer if Company is subject to a legal obligation that requires Company to Process Customer Personal Data in contravention of Customer's documented instructions.
4. Personnel
4.1
Company personnel authorized to Process Customer Personal Data are subject to an obligation of confidentiality.
5. Security and Personal Data Breaches
5.1
Taking into account the state-of-the-art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Company will implement appropriate technical and organizational measures to provide a level of security appropriate to the risk, including the measures listed in Appendix 3.
5.2
Customer acknowledges that the security measures in Appendix 3 are appropriate in relation to the risks associated with Customer's intended Processing, and will notify Company prior to any intended Processing for which Company's security measures may not be appropriate.
5.3
Company will notify Customer without undue delay after becoming aware of a Personal Data Breach involving Customer Personal Data. If Company's notification is delayed, it will be accompanied by reasons for the delay.##
6. Subprocessing
6.1
Customer hereby authorizes Company to engage Subprocessors. A list of Company's current Subprocessors is available at https://sessionkeeper.ai/subprocessors.
6.2
Company will enter into a written agreement with Subprocessors which imposes the same obligations as required by Data Protection Law.
6.3
Customer may object to the addition of a Subprocessor based on reasonable grounds relating to a potential or actual violation of Data Protection Law by providing written notice detailing the grounds of such objection within thirty (30) days following Company's notification of the intended change. Customer and Company will work together in good faith to address Customer's objection. If Company chooses to retain the Subprocessor, Company will inform Customer at least thirty (30) days before authorizing the Subprocessor to Process Customer Personal Data, and Customer may immediately discontinue using the relevant part of the Service, and may terminate the relevant part of the Service within thirty (30) days.
7. Assistance
7.1
Taking into account the nature of the Processing, and the information available to Company, Company will assist Customer, including, as appropriate, by implementing technical and organizational measures, with the fulfillment of Customer's own obligations under Data Protection Law to: comply with requests to exercise Data Subject Rights; conduct data protection impact assessments, and prior consultations with Supervisory Authorities; and notify a Personal Data Breach.
7.2
Company will maintain records of Processing of Customer Personal Data in accordance with Data Protection Law.
7.3
Company may charge a reasonable fee for assistance under this Section 7. If Company is at fault, Company and Customer shall each bear their own costs related to assistance.
8. Compliance
8.1
Company shall maintain a program to provide compliance with the obligations set out in this DPA.
9. International Data Transfers
9.1
Customer hereby authorizes Company to perform International Data Transfers to any country deemed adequate by the EU Commission; on the basis of appropriate safeguards in accordance with Data Protection Law or pursuant to the Standard Contractual Clauses and UK Addendum referred to in Sections 9.2 and 9.3 respectively.
9.2
By signing this DPA, Customer and Company hereby agree to conclude the provisions of module two (controller to processor) of the Standard Contractual Clauses, which are hereby incorporated into this DPA and completed as set forth in Appendix 2.
9.3
By signing this DPA, Customer and Company conclude the UK Addendum which is hereby incorporated and applies to International Data Transfers outside the United Kingdom as set forth in Part 1 in Appendix 2.### 9.4
If the Standard Contractual Clauses or the UK Addendum are amended, updated, or invalidated, Customer and Company will work together in good faith to reasonably resolve such non-compliance.
10. Notifications
10.1
Customer will send notifications, requests and instructions under this DPA to Company's legal department via email to contact@sessionkeeper.ai. Company will send notifications under this DPA to Customer's contact email address.
11. Liability
11.1
To the extent permitted by applicable law, where Company has paid damages or fines, Company is entitled to claim back from Customer that part of the compensation, damages or fines, corresponding to Customer's part of responsibility for the damages or fines.
12. Termination and Return or Deletion
12.1
This DPA is terminated upon the termination of the Terms.
12.2
Upon termination of the Terms of Service, the Company will, upon Customer's request, return Customer Personal Data in Company's possession to the Customer or securely destroy such Customer Personal Data unless applicable laws prevent the Company from returning or destroying all or part of Customer Personal Data.
13. Modification of this DPA
13.1
This DPA may only be modified by a written amendment signed by both Company and Customer.
14. Invalidity and Severability
14.1
If any provision of this DPA is found by any court or administrative body of competent jurisdiction to be invalid or unenforceable, then the invalidity or unenforceability of such provision does not affect any other provision of this DPA and all provisions not affected by such invalidity or unenforceability will remain in full force and effect.
Appendix 1 - List of Parties
A. List of PartiesData exporter(s): [Identity and contact details of the data exporter(s) and, where applicable, of its/their data protection officer and/or representative in the European Union]1. Name: As included in the Terms
Address: As included in the Terms
Contact person's name, position and contact details: As included in the Terms
Activities relevant to the data transferred under these Clauses: As included in the Terms
Signature and date: As included in the Terms
Role: ControllerData importer(s): [Identity and contact details of the data importer(s), including any contact person with responsibility for data protection]
2. Name: SessionKeeper LLC
Address: As included in the Terms
Contact person's name, position and contact details: As included in the Terms
Activities relevant to the data transferred under these Clauses: As included in the Terms
Signature and date: As included in the Terms
Role: Processor
Appendix 2 - Conclusion of Standard Contract Clauses and UK Addendum
9.2
By signing this DPA, Customer and Company hereby agree to conclude the provisions of module two (controller to processor) of the Standard Contractual Clauses, which are hereby incorporated into this DPA and completed as follows:
- The optional Clause 7 is kept;
- In Clause 9, Option 1 is struck and Option 2 is kept, and Customer may object to the addition of a Subprocessor within (30) days.
- In Clause 11, the optional language is struck;
- In Clauses 17 and 18, the governing law and the competent courts are those of the country in which Customer is established.
- Appendixes 2, 3 and 4 to these terms of service### 9.3
By signing this DPA, Customer and Company conclude the UK Addendum which is hereby incorporated and applies to International Data Transfers outside the United Kingdom. Part 1 of the UK Addendum is completed as follows:
(i) in Table 1, the "Exporter" is Customer and the "Importer" is Company, their details are set forth in this DPA and the Terms;
(ii) in Table 2, the first option is selected and the "Approved EU SCCs" are the Standard Contractual Clauses referred to in Section 9.2 of this DPA;
(iii) in Table 3, Annexes 1 (A and B), II and III to the "Approved EU SCCs" are Appendixes 2, 3 and 4 to the Terms; and
(iv) in Table 4, both the "Importer" and the "Exporter" can terminate the UK Addendum.## Appendix 3 - Security Measures
The Service is provisioned using a cloud-based platform and we employ best practices and appropriate technical and organizational measures to safeguard Personal Data. The Company regularly monitors compliance with these measures. A summary of security measures includes:
Physical Access Controls
- User Content is hosted by secure cloud service providers under SOC 2 Type 2 compliance.
- The cloud infrastructure is managed in controlled data centers throughout the world secured with physical controls to prevent unauthorized access.
- Access to the Company's offices is restricted to authorized personnel.
System Access Controls
- Separate production and development/staging environments are maintained.
- Access to production environments is limited to authorized personnel and access is logged.
Data Access Controls
- Company support will only access specific User Content related to reported Customer issues after obtaining explicit permission from the Customer and approval from system administrators.
- Access to troubleshoot is further restricted to select support personnel and logged.
Transmission Controls
- Communications are transmitted over secure encrypted HTTPS connections.
- Industry standard encryption is used for stored User Content and passwords.
Input Controls
- Customer authentication via password or single sign-on.
- Two factor authentication may be enabled for higher tier accounts.
- Web cookies used to validate signed in Customers.
Data Backups
- Daily backups of databases.
- User Content stored in persistent storage.
Data Segregation
- Customer Personal Data logically segregated so Customers can only access their own data.
Appendix 4 - List of Subprocessors
The controller has authorized the use of the subprocessors listed on the page https://sessionkeeper.ai/subprocessors.
Appendix 5 - Description of Processing
1. Data Subjects
The Customer Personal Data Processed concern the following categories of Data Subjects:
- Game session participants using the SessionKeeper app
- Other game participants in sessions where the app is used by one of the above
2. Categories of Customer Personal Data
The Customer Personal Data Processed concern the following categories of data:
- User registration information including email address and volunteered name
- Audio recordings of gaming sessions that may contain personal data
3. Sensitive data
The Customer Personal Data Processed concern the following special categories of data:
- SessionKeeper may process voiceprints to recognize and tag speakers in transcripts. This is an opt-in feature.
4. Processing operations
The Customer Personal Data will be subject to the following basic Processing activities:
SessionKeeper records, transcribes, and organizes information from tabletop role-playing game sessions using automated speech recognition, natural language processing, and data structuring techniques to create campaign-specific knowledge bases. Audio may be recorded in-app, uploaded, or synced from video conferencing tools. It is processed in the cloud and delivered back to the SessionKeeper app for user consumption.
Appendix 6 - U.S. State Privacy Law Data Processing Agreement
U.S. STATE PRIVACY LAW DATA PROCESSING AGREEMENT
This U.S. Privacy Law Data Processing Agreement ("U.S. State DPA") is incorporated and made part of the Terms of Service (the "Terms") between you, on behalf of you and your affiliates ("Customer"), and SessionKeeper LLC ("Vendor") (each a "Party" and collectively the "Parties") for so long as Vendor processes Personal Data on behalf of Customer. This U.S. State DPA prevails over any conflicting terms of the Terms.
1. Definitions
For the purposes of this U.S. State DPA:
1.1
"State Privacy Laws" means, collectively, all U.S. state privacy laws and their implementing regulations, as amended or superseded from time to time, that apply generally to the processing of individuals' Personal Data and that do not apply solely to specific industry sectors (e.g., financial institutions), specific demographics (e.g., children), or specific classes of information (e.g., health or biometric information). State Privacy Laws include the following:
1.1.1
California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (California Civil Code §§ 1798.100 to 1798.199) ("CPRA");
1.1.2
Colorado Privacy Act (Colorado Rev. Stat. §§ 6-1-1301 to 6-1-1313) ("ColoPA");
1.1.3
Connecticut Personal Data Privacy and Online Monitoring Act (Public Act No. 22-15) ("CPOMA");
1.1.4
Utah Consumer Privacy Act (Utah Code Ann. §§ 13-61-101 to 13-61-404) ("UCPA"); and
1.1.5
Virginia Consumer Data Protection Act (Virginia Code Ann. §§ 59.1-575 to 59.1-585) ("VCDPA").
1.2
"Personal Data" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an identified or identifiable natural person. Where applicable, Personal Data shall be interpreted consistent with the same or similar term under State Privacy Laws.
1.3
"Share," "Shared," and "Sharing" have the meaning defined in the CPRA.
1.4
"Sale" and "Selling" have the meaning defined in the State Privacy Laws.
1.5
"Controller" means "Controller" or "Business" as those terms are defined in the State Privacy Laws.
1.6
"Processor" means "Processor," "Service Provider," or "Contractor" as those terms are defined in the State Privacy Laws.
1.7
"Consumer" has the meaning defined in the State Privacy Laws.
1.8
"Processing," "Process," and "Processed" have the meaning defined in the State Privacy Laws.
1.9
"Company Personal Data" means Personal Data provided by Company to, or which is collected on behalf of Company by, Vendor to provide services to Company pursuant to the Terms.
1.10
In the event of a conflict in the meanings of defined terms in the State Privacy Laws, the meaning from the law applicable to the state of residence of the relevant Consumer applies.
2. Scope, Roles, and Termination
2.1 Applicability
This U.S. State DPA applies only to Vendor's Processing of Company Personal Data for the nature, purposes, and duration set forth in Appendix 1 and Appendix 5.
2.2 Roles of the Parties
For the purposes of the Terms and this U.S. State DPA, Company is the Party responsible for determining the purposes and means of Processing Company Personal Data as the Controller and appoints Vendor as a Processor to Process Company Personal Data on behalf of Company for the limited and specific purposes set forth in Appendix 5.
2.3 Obligations at Termination
Upon termination of the Terms, except as set forth therein or herein, Vendor will discontinue Processing and destroy or return Company Personal Data in its or its subcontractors and sub-processors possession without undue delay. Vendor may retain Company Personal Data to the extent required by law but only to the extent and for such period as required by such law and always provided that Vendor shall ensure the confidentiality of all such Company Personal Data.
3. Compliance
3.1 Compliance with Obligations
In addition to the representations and warranties set forth in the Terms, Vendor further represents and warrants that Vendor, its employees, agents, subcontractors, and sub-processors (a) shall comply with the obligations of the State Privacy Laws, (b) shall provide the level of privacy protection required by the State Privacy Laws, (c) shall provide Company with all reasonably-requested assistance to enable Company to fulfill its own obligations under the State Privacy Laws, and (d) understand and shall comply with this U.S. State DPA. Upon the reasonable request of Company, Vendor shall make available to Company all information in Vendor's possession necessary to demonstrate Vendor's compliance with this subsection.
3.2 Compliance Assurance
Company has the right to take reasonable and appropriate steps to ensure that Vendor uses Company Personal Data consistent with Company's obligations under applicable State Privacy Laws and the security measures attached hereto at Appendix 3 and incorporated herein.
3.3 Compliance Monitoring
Company has the right to monitor Vendor's compliance with this U.S. State DPA through measures, including, but not limited to, ongoing manual reviews, automated scans, regular assessments, audits, or other annual technical and operational testing at least once every 12 months.
3.4 Compliance Remediation
Vendor shall notify Company no later than five business days after determining that it can no longer meet its obligations under applicable State Privacy Laws. Upon receiving notice from Vendor in accordance with this subsection, Company may direct Vendor to take reasonable and appropriate steps to stop and remediate unauthorized use of Company Personal Data.
4. Restrictions on Processing
4.1 Limitations on Processing
Vendor will Process Company Personal Data solely as instructed in the Terms and this U.S. State DPA. Except as expressly permitted by the State Privacy Laws, Vendor is prohibited from (i) Selling or Sharing Company Personal Data, (ii) retaining, using, or disclosing Company Personal Data for any purpose other than for the specific purpose of performing the Services specified in Appendix 5, (iii) retaining, using, or disclosing Company Personal Data outside of the direct business relationship between the Parties, and (iv) combining Company Personal Data with Personal Data obtained from, or on behalf of, sources other than Company, except as expressly permitted under applicable State Privacy Laws.
4.2 Confidentiality
Vendor shall ensure that its employees, agents, subcontractors, and sub-processors are subject to a duty of confidentiality with respect to Company Personal Data.
4.3 Subcontractors; Sub-processors
Vendor's current subcontractors and sub-processors are available at https://sessionkeeper.ai/subprocessors. Vendor shall notify Company of any intended changes concerning the addition or replacement of subcontractors or sub-processors. Further, Vendor shall ensure that Vendor's subcontractors or sub-processors who Process Company Personal Data on Vendor's behalf agree in writing to the same or equivalent restrictions and requirements that apply to Vendor in this U.S. State DPA and the Terms with respect to Company Personal Data, as well as to comply with the applicable State Privacy Laws.
4.4 Right to Object
Company may object in writing to Vendor's appointment of a new subcontractor or sub-processor on reasonable grounds by notifying Vendor in writing within 30 calendar days of receipt of notice in accordance with Section 4.3. In the event Company objects, the Parties shall discuss Company's concerns in good faith with a view to achieving a commercially reasonable resolution.
5. Consumer Rights
5.1
Vendor shall provide commercially reasonable assistance to Company for the fulfillment of Company's obligations to respond to State Privacy Law-related Consumer rights requests regarding Company Personal Data.
5.2
Company shall inform Vendor of any Consumer request made pursuant to the State Privacy Laws that they must comply with. Company shall provide Vendor with the information necessary for Vendor to comply with the request.
5.3
Vendor shall not be required to delete any Company Personal Data to comply with a Consumer's request directed by Company if retaining such information is specifically permitted by applicable State Privacy Laws; provided, however, that in such case, Vendor will promptly inform Company of the exceptions relied upon under applicable State Privacy Laws and Vendor shall not use Company Personal Data retained for any purpose other than provided for by that exception.
6. Deletion of Company Personal Data
6.1
Upon direction by Company, and in any event no later than 30 days after receipt of a request from Company, Vendor shall promptly delete Company Personal Data as directed by Company, unless Vendor is required by law to retain such data, in which case Vendor shall, on ongoing basis, isolate and protect the security and confidentiality of such Personal Data and prevent any further processing except to the extent required by such law and shall destroy or return to Company all other Personal Data not required to be retained by Vendor by law.
7. Deidentified Data
7.1
In the event that Company discloses or makes available Deidentified data (as such term is defined in the State Privacy Laws) to Vendor, Vendor shall not attempt to reidentify the information.
8. Security
8.1
Vendor and Company shall implement and maintain no less than commercially reasonable security procedures and practices, appropriate to the nature of the information, to protect Company Personal Data from unauthorized access, destruction, use, modification, or disclosure.
8.2
Vendor shall fully comply with the security measures attached at Appendix 3.
9. Sale of Data
9.1
The Parties acknowledge and agree that the exchange of Personal Data between the Parties does not form part of any monetary or other valuable consideration exchanged between the Parties with respect to the Terms or this U.S. State DPA.
10. Changes to Applicable Privacy Laws
10.1
The Parties agree to cooperate in good faith to enter into additional terms to address any modifications, amendments, or updates to applicable statutes, regulations or other laws pertaining to privacy and information security, including, where applicable, the State Privacy Laws.