Terms of Service

Effective date: 27th of October, 2023

THESE TERMS OF SERVICE (the “Agreement”) GOVERN CUSTOMER’S RECEIPT, ACCESS, TO AND USE OF THE SERVICE (AS DEFINED BELOW) PROVIDED BY SOCRATIC WORKS, INC. (“Socratic”). IN ACCEPTING THIS AGREEMENT BY (A) PURCHASING ACCESS TO THE SERVICE THROUGH AN ONLINE ORDERING PROCESS THAT REFERENCES THIS AGREEMENT, (B) SIGNING UP FOR A FREE ACCESS PLAN FOR THE SERVICE THROUGH A SCREEN THAT REFERENCES THIS AGREEMENT, OR (C) CLICKING A BOX INDICATING ACCEPTANCE, CUSTOMER AGREES TO BE BOUND BY ITS TERMS. THE INDIVIDUAL ACCEPTING THIS AGREEMENT DOES SO ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY (“Customer”); SUCH INDIVIDUAL REPRESENTS AND WARRANTS THAT THEY HAVE THE AUTHORITY TO BIND SUCH ENTITY TO THIS AGREEMENT. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT DOES NOT HAVE SUCH AUTHORITY, OR THE APPLICABLE ENTITY DOES NOT AGREE WITH THESE TERMS AND CONDITIONS, SUCH INDIVIDUAL MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE OR RECEIVE THE SERVICE. CAPITALIZED TERMS HAVE THE DEFINITIONS SET FORTH HEREIN. THE PARTIES AGREE AS FOLLOWS:

1. The Service

1.1. Service Description. Socratic is the owner and provider of a cloud-based software for product teams (the “Service”). Anything Customer (including Users) posts, uploads, shares, stores, or otherwise provide through the Service is considered a “User Submission.” Customer is solely responsible for all User Submissions it contributes to the Service. Further terms regarding User Submissions, including ownership, are in Section 8.2 below. The Service may also include templates, help documents, and other documents or information that can assist Customer using the Service (“Socratic Content”). Customer will not receive or have access to the code or software that underlies the Service (collectively the “Software”) or receive a copy of the Software itself.

1.2 Customer’s Subscription. Subject to the terms of this Agreement, Customer may purchase a subscription to, and has the right to access and use, the Service as specified in one or more ordering screens agreed to by the parties through Socratic’s website that reference this Agreement and describe the business terms related to Customer’s subscription (“Order(s)”). All subscriptions will be for the period described on the applicable Order (“Subscription Period”). Use of and access to the Service is permitted only by individuals authorized by Customer and for Customer’s own internal business purposes and not for the benefit of any third party (“Users”).

1.3. Socratic’s Ownership. Socratic owns the Service, Software, Socratic Content, Documentation, and anything else provided by Socratic to Customer (collectively the “Socratic Materials”). Socratic retains all right, title and interest (including, without limitation, all patent, copyright, trademarks, trade secret and other intellectual property rights) in and to the Socratic Materials, all related and underlying technology and any updates, enhancements, upgrades, modifications, patches, workarounds, and fixes thereto and all derivative works of or modifications to any of the foregoing. There are no implied licenses under this Agreement and any rights not expressly granted to Customer in this Agreement are expressly reserved by Socratic.

1.4. Permissions. The Service contains customizable settings allowing each User to give permission to other Users to perform various tasks within the Service (“Permissions”). It is also solely Customer’s responsibility to set and manage all Permissions, including which Users can set such Permissions. Accordingly, Socratic will have no responsibility for managing Permissions and no liability for the Permissions set by Customer and its Users. Customer may, at its option, provide access to the Service and Documentation to its Affiliates (defined below), in which case all rights granted, and obligations incurred, under this Agreement will also inure to the benefit of such Affiliates. Customer represents and warrants that it is fully responsible for any breach of this Agreement by its Affiliates and that Customer has the power to negotiate this Agreement on behalf of its Affiliates. Customer will also be responsible for all payment obligations under this Agreement regardless of whether the use of the Service is by Customer or its Affiliates. Any claim by an Affiliate against Socratic will be brought by Customer and not the Affiliate. For the purposes of this Agreement “Affiliate” will mean of a party will mean an entity directly or indirectly controlling, controlled by or under common control with that party (where “control” means the ownership or control, directly or indirectly, of more than fifty percent (50%) of all the voting power of the shares (or other securities or rights) entitled to vote for the election of directors or other governing authority.

2. Restrictions.

2.1 Customer’s Responsibilities. Customer is responsible for all activity on its Users’ accounts unless such activity is caused by a third party bad actor able to access Customer’s account by exploiting vulnerabilities in the Service itself. Customer will ensure that its Users are aware of and bound by obligations and/or restrictions stated in this Agreement and Customer will be responsible for breach of any such obligation and/or restriction by a User

2.2. Use Restrictions. Customer agrees that it will not, and will not allow Users or third parties to, directly or indirectly (a) modify, translate, copy or create derivative works based on the Service, (b) reverse assemble, reverse compile, reverse engineer, decompile or otherwise attempt to discover the object code, source code, non-public APIs or underlying ideas or algorithms of the Service, except as and only to the extent this restriction is prohibited by law, (c) license, sublicense, sell, resell, rent, lease, transfer, assign, distribute, time share or otherwise commercially exploit or make the Service available to any third party, other than Authorized Customers, (d) remove or obscure any copyright, trademark or other proprietary notices, legends or Socratic branding contained in or on the Service, (e) use the Service in any way that violates any applicable federal, state, local or international law or regulation, (f) attempt to gain unauthorized access to, interfere with, damage or disrupt any parts of the Service, including, without limitation, by introducing viruses and other harmful code or by using flood pings, denial-of-service attacks, or similar methods or technology, (g) use or access the Service to build or support and/or assist a third party in building or supporting products or services competitive to the Service or (h) attempt to probe, scan, or test the vulnerability of the Service or any Socratic system or networks. If Customer (including Users) is using the Service in a manner that, in Socratic’s reasonable judgment, causes or is likely to cause significant harm to Socratic or the Service or otherwise threatens the security, integrity or availability of the Service then Socratic may suspend Customer’s access to the Service. Socratic will use commercially reasonable efforts under the circumstances of such suspension to (x) provide Customer with notice and an opportunity to remedy such violation or threat prior to any such suspension; (y) limit the suspension to only accounts involved in the activities in question; and (z) remove the suspension as quickly as practicable after the circumstances leading to the suspension have been resolved.

2.3. API Access Restrictions. As part of provision of its Service, Socratic may provide Customer with access to one or more application program interfaces (“API(s)”). Socratic may, in its sole discretion, set and enforce limits on Customer’s use of the API and Customer agrees to adhere to such limits. Socratic may also suspend Customer’s access to the API or cease providing the API at any time.

3. Third-Party Applications. The Service may work together with third party products, services or applications that are not owned or controlled by Socratic, (e.g., Github) (“Third-Party Applications”) and Customer, at its sole option, may choose to use such Third-Party Applications. If necessary for the Service and the Third-Party Application to work together, Customer will provide its login information to Socratic for the sole purpose of Socratic providing the Service to Customer and Customer represents and warrants that Customer has the right to provide such login information without breach by Customer of any of the terms and conditions that govern Customer’s use of the applicable Third-Party Application. Socratic does not endorse such Third-Party Applications. Customer acknowledges and agrees that this Agreement does not apply to Customer’s use of such Third-Party Applications and Customer be required by the providers of such Third-Party Applications to enter into separate agreements for Customer’s use. Socratic expressly disclaims all representations and warranties relating to any Third-Party Applications. Customer will look solely to the providers of the Third-Party Applications for any warranty related issues or other claims. Customer’s use of Third-Party Applications is at Customer’s own risk. Socratic will have no liability or other obligation of any kind arising out of or related to any third-party applications, including arising from Customer’s use or inability to use Third-Party Applications.

4. Payment Obligations.

4.1. Fees. Customer will pay for access to and use of the Service as set forth on the applicable Order (“Fees”). All Fees will be paid in the currency stated in the applicable Order or, if no currency is specified, U.S. dollars. Payment obligations are non-cancelable and, except as expressly stated in this Agreement, non-refundable. Socratic may modify its Fees or introduce new fees in its sole discretion. Customer always has the right to choose not to renew its subscription if it does not agree with any new or revised Fees.

4.2. Payment. Socratic, either directly or through its third-party payment processor (“Payment Processor”) will charge Customer for the Fees via credit card or ACH payment, pursuant to the credit card or ACH payment information provided by Customer to Socratic. Socratic will have the right to charge Customer’s credit card or ACH payment method for any services provided to Customer by Socratic under the Order, including recurring Fees. It is Customer’s sole responsibility to provide Socratic with current and up to date credit card or ACH information; failure to provide such information may result in suspension of Customer’s access to the Services. Socratic will also have the right to set-off any Fees due from Customer to Socratic. If Customer pays the Fees through a Payment Processor such payment processing will be subject to the terms, conditions, and privacy policies of the Payment Processor in addition to this Agreement. Socratic is not responsible for any error by, or other acts or omissions of, the Payment Processor. Socratic reserves the right to correct any errors or mistakes that the Payment Processor makes even if Socratic has already requested or received payment. If authorized by Customer through acceptance of an Order, recurring charges (e.g. monthly billing) will be charged to Customer’s payment instrument without further authorization from Customer, until Customer terminates this Agreement in accordance with its terms or changes its payment method in Customer’s account in the Service.

4.3. Taxes. Fees do not include any taxes, levies, duties or similar governmental assessments of any nature, including, for example, value-added, sales, use or withholding taxes, assessable by any jurisdiction whatsoever (collectively, “Taxes”). Customer is responsible for paying all Taxes associated with its purchases hereunder. If Socratic has the legal obligation to pay or collect Taxes for which Customer is responsible under this section, Socratic will invoice Customer and Customer will pay that amount unless Customer provides Socratic with a valid tax exemption certificate authorized by the appropriate taxing authority in advance. For clarity, Socratic is solely responsible for taxes assessable against it based on its income, property, and employees.

4.4. Failure to Pay. If Customer fails to pay any Fees when due, Socratic may suspend Customer’s access to the Service pending payment of such overdue amounts. Customer also authorizes Socratic to re-try charging Customer’s payment instrument up to four (4) times if an initial attempt at such charge has not been successful. If Customer believes that Socratic has billed Customer incorrectly, Customer must contact Socratic no later than sixty (60) days after the closing date on the first billing statement in which the error or problem appeared, to receive an adjustment or credit. Once Socratic receives notice of a disputed invoice, Socratic will review such notice and provide Customer with a written decision regarding the dispute, including documentary support for such decision. If Socratic reasonably determines that the amounts billed are, in fact, due, Customer will pay such amounts (if it has not done so already) within ten (10) days of Socratic notifying Customer in writing of such decision.

5. Term and Termination.

5.1. Agreement Term and Renewals. Subscriptions to access and use the Service commence on the start date stated on the applicable Order (“Subscription Start Date”) and continue for the duration of the Subscription Period. Customer may choose not to renew its Subscription Period by notifying Socratic at hello@socraticworks.com (provided that Socratic confirms such cancellation in writing) or by modifying its subscription through Customer’s account within the Service. This Agreement will become effective on the first day of the Subscription Period and remain effective for the duration of the Subscription Period stated on the Order along with any renewals of the Subscription Period and any period that Customer is using the Service even if such use is not under a paid Order (“Term”). If the parties terminate this Agreement, it will automatically terminate all Orders. If Customer cancels or does not renew its paid subscription to the Service, Customer’s subscription will be accessible but will automatically be downgraded to a version of the Service with diminished features and functionality that Socratic offers to unpaid subscribers (“Free Version”). If Customer or Socratic terminates this Agreement or Customer deletes its workspace within the Service, Customer will not have access to the Free Version.

5.2. Termination. Either party may terminate this Agreement upon written notice to the other party if the other party materially breaches this Agreement and such breach is not cured within thirty (30) days after the breaching party’s receipt of such notice. Socratic may terminate Customer’s access to the Free Version at any time upon notice to Customer.

5.3. Effect of Termination. If Customer terminates this Agreement because of Socratic’s uncured breach, Socratic will refund any unused, prepaid Fees for the remainder of the then-current Subscription Period. If Socratic terminates this Agreement because of Customer’s uncured breach, Customer will pay any unpaid Fees covering the remainder of the then-current Subscription Period after the effective date of termination, if any. In no event will any termination relieve Customer of the obligation to pay any Fees payable to Socratic for the period prior to the effective date of termination. Upon any termination of this Agreement, all rights and licenses granted by Socratic hereunder will immediately terminate; Customer will no longer have the right to access or use the Service. Within thirty (30) days of termination of this Agreement for cause, upon Customer’s request following termination, or if Customer deletes its workspace within the Service, Socratic will delete Customer’s User Information, including passwords and all related information, files, and User Submissions, unless Customer requests an earlier deletion in writing. If Customer is using the Free Version, Socratic will retain User Submissions and User Information to facilitate such use. Socratic may delete all User Submissions or User Information if Customer maintains an account in the Free Version but such account is not usedfor a period of one (1) year or more.

5.4. Survival. Sections titled “Socratic’s Ownership”, “Third-Party Applications”, “Payment Obligations”, “Term and Termination”, “Warranty Disclaimer”, “Limitation of Liability”, “Confidentiality”, “Data” and “General Terms” will survive any termination or expiration of this Agreement.

6. Warranty Disclaimers.

6.1. Warranties. Customer represents and warrants that all User Submissions submitted by Users follow all applicable laws, rules and regulations.

6.2. Warranty Disclaimer. EXCEPT AS EXPRESSLY PROVIDED FOR HEREIN, THE SERVICES AND ALL RELATED COMPONENTS AND INFORMATION ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS WITHOUT ANY WARRANTIES OF ANY KIND, AND SOCRATIC EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. CUSTOMER ACKNOWLEDGES THAT Socratic DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE. SOME JURISDICTIONS DO NOT ALLOW THE DISCLAIMER OF CERTAIN TYPES OF WARRANTIES. THE FOREGOING DISCLAIMERS WILL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.

7. Limitation of Liability. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS AGREEMENT, SOCRATIC WILL NOT BE LIABLE WITH RESPECT TO ANY CAUSE RELATED TO OR ARISING OUT OF THIS AGREEMENT, WHETHER IN AN ACTION BASED ON A CONTRACT, TORT (INCLUDING NEGLIGENCE AND STRICT LIABILITY) OR ANY OTHER LEGAL THEORY, HOWEVER ARISING, FOR (A) INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES, (B) ANY DAMAGES BASED ON USE OR ACCESS, INTERRUPTION, DELAY OR INABILITY TO USE THE SERVICE, LOST REVENUES OR PROFITS, DELAYS, INTERRUPTION OR LOSS OF SERVICES, BUSINESS OR GOODWILL, LOSS OR CORRUPTION OF DATA, LOSS RESULTING FROM SYSTEM OR SYSTEM SERVICE FAILURE, MALFUNCTION OR SHUTDOWN, FAILURE TO ACCURATELY TRANSFER, READ OR TRANSMIT INFORMATION, FAILURE TO UPDATE OR PROVIDE CORRECT INFORMATION, SYSTEM INCOMPATIBILITY OR PROVISION OF INCORRECT COMPATIBILITY INFORMATION OR BREACHES IN SYSTEM SECURITY, OR (C) ANY DAMAGES THAT IN THE AGGREGATE EXCEED THE TOTAL FEES PAID OR PAYABLE BY CUSTOMER FOR THE SERVICE THAT IS OR THE PROFESSIONAL SERVICES THAT ARE THE SUBJECT OF THE CLAIM DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT WHICH GIVES RISE TO SUCH DAMAGES. THESE LIMITATIONS WILL APPLY WHETHER OR NOT A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.

8. Confidentiality.

8.1 Definition. Each party (the “Receiving Party”) understands that the other party (the “Disclosing Party”) may disclose business, technical or financial information relating to the Disclosing Party’s business that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure (hereinafter referred to as the “Confidential Information” of the Disclosing Party). Socratic’s Confidential Information includes non-public information regarding features, functionality, and performance of the Service. Customer’s Confidential Information includes the User Information and User Submissions. This Agreement and the information in all Orders will be deemed the Confidential Information of both parties. Notwithstanding the above, Confidential Information does not include information that (a) is or becomes generally available to the public without breach of any obligation owed to the Disclosing Party; (b) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party; (c) is received from a third party without breach of any obligation owed to the Disclosing Party; or (d) was independently developed by the Receiving Party without use or reference to the Disclosing Party’s Confidential Information.

8.2. Protection and Use of Confidential Information. The Receiving Party will (a) protect the Disclosing Party’s Confidential Information using the same degree of care used to protect its own confidential or proprietary information of like importance, but in any case using no less than a reasonable degree of care, (b) limit access to the Confidential Information to those employees, affiliates, subcontractors, agents, consultants, legal advisors, financial advisors, and contractors (“Representatives”) who need to know such information in connection with this Agreement and who are bound by confidentiality and non-use obligations just as protective of the Disclosing Party’s Confidential Information as the terms of this Agreement; (c) except as expressly set forth herein, make all commercially reasonable efforts not to disclose any of Disclosing Party’s Confidential Information to any third parties without the Disclosing Party’s prior written consent; and (d) will not use the Disclosing Party’s Confidential Information for any purpose other than to fulfill its obligations under this Agreement. Nothing above will prevent either party from sharing the terms of this Agreement or the name of the other party with prospective investors or acquirors; provided, however, that the foregoing persons or entities are bound to standard confidentiality obligations.

8.3. Compelled Access or Disclosure. The Receiving Party may access or disclose Confidential Information of the Disclosing Party if it is required by law; provided, however, that the Receiving Party gives the Disclosing Party prior notice of the compelled access or disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party's cost, if the Disclosing Party wishes to contest the access or disclosure.

8.4. Feedback. Customer may from time to time provide suggestions, comments, or other feedback with respect to the Service (“Feedback”). For the avoidance of doubt, Feedback will only refer to suggestions, comments or other feedback provided to Socratic specifically regarding the Service and will not include User Information or User Submissions. Socratic may want to incorporate Feedback into its Service and this clause provides Socratic with the necessary license to do so. Customer hereby grant to Socratic and Socratic’s assigns a royalty-free, worldwide, perpetual, irrevocable, fully transferable and sublicensable right and license, if any, to use, disclose, reproduce, modify, create derivative works from, distribute, display, and otherwise distribute and exploit any Feedback as Socratic sees fit, entirely without obligation or restriction of any kind, except that Socratic will not identify Customer as the provider of such Feedback.

9. Data.

9.1. User Information. Customer and its Users are required to provide information such as IP address, username, password, and any personally identifiable information including, without limitation, name, phone number, or email address (“User Information”) upon logging into the Service in order to access the Service. Customer grants Socratic and its subcontractors the right to store, process and retrieve the User Information in connection with Customer’s use of the Service. Customer represents and warrants that it has obtained all necessary rights to transfer User Information to Socratic and to process the User Information as contemplated by this Agreement. Customer is responsible for all User Information. Accordingly, Customer is responsible for all resulting liability if usernames, passwords, tokens, or keys in Customer’s possession are used by any party not authorized to do so. Customer (on behalf of its Users) grants Socratic the right to access, use, process, copy, distribute (to Users), perform (for Users), export (to Users) and display (for Users) User Information, only as reasonably necessary (a) to provide the Service to Customer (including the transfer of User Information to Socratic); (b) to prevent or address service, security, support, or technical issues; (c) as required by law; and (d) as expressly permitted in writing by Customer.

9.2. User Submissions. Customer grants Socratic and its subcontractors a non-exclusive, worldwide, royalty-free, paid-up, transferable right and license to use, process, and display (to Users) User Submissions for the sole purpose of providing the Service to Customer. Except for the limited rights and licenses granted in this Agreement, Customer will own all right, title and interest in and to the User Submissions and there are no implied licenses under this Agreement.

9.3. Service Data. As Customer (including its Users) interacts with the Service, the Service collects data pertaining to the performance of the Service and measures of the operation of the Service (“Service Data”). Notwithstanding anything else to the contrary herein, provided that the Service Data is aggregated and anonymized, and no User Information, User Submissions, or any other personal identifying information of Customer is revealed to any third party, the parties agree that Socratic is free to use the Service Data in any manner. Socratic owns all right, title, and interest in and to such Service Data. For clarity, this section does not give Socratic the right to identify Customer (including its Users) as the source of any Service Data.

9.4. Data Protection. Socratic has established and implemented reasonable information security practices regarding the protection of User Submissions and User Information (collectively “Customer Data”), including administrative, technical, and physical security processes, as further set forth in Appendix B. Notwithstanding the foregoing, Customer is responsible for maintaining appropriate security, protection and backup of its hardware, software, systems, information, and Customer Data. To the extent that any User Submissions contain “personal information” or “personal data” subject to U.S. Privacy Laws (as defined in the Data Processing Addendum or “U.S. DPA”), the U.S. DPA appended to this Agreement is hereby incorporated into and made a part of this Agreement, and shall apply to such personal information or personal data processed by Socratic on behalf of Customer.

10. General Terms.

10.1. Publicity. Provided that Customer gives its prior written consent, Socratic may identify Customer and use and display Customer’s name, logo, trademarks, or service marks on Socratic’s website and in Socratic’s marketing materials.

10.2. Force Majeure. Socratic will not be liable by reason of any failure or delay in the performance of its obligations on account of events beyond the reasonable control of Socratic that make it impossible or commercially impracticable for such party to perform its obligations hereunder, which may include failure by a third-party hosting provider or utility provider, strikes (provided that such strike does not involve the employees of the party failing to perform), shortages, riots, fires, acts of God, war, terrorism, and governmental action.

10.3. Changes. Customer acknowledges that the Service is an on-line, subscription-based product, and that to provide improved customer experience Socratic may make changes to the Service provided, however Socratic will not materially decrease the core functionality of the Service. Socratic may also unilaterally modify the terms of this Agreement by notifying you at least thirty (30) days prior to such changes taking effect and posting such changes at https://socraticworks.com/terms.

10.4. Relationship of the Parties. The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the parties.

10.5. No Third-Party Beneficiaries. There are no third-party beneficiaries to this Agreement; a person who is not a party to this Agreement may not enforce any of its terms under any applicable law.

10.6. Email Communications. Notices under this Agreement will be provided as follows: (a) all notices regarding the Service will be sent by email, although Socratic may instead choose to provide notice to Customer through the Service, (b) notices to Socratic must be sent to hello@socraticworks.com, and (c) all notices to Customer will be sent to the email(s) provided through the Service. Notices will be deemed to have been duly given (a) the business day after it is sent, in the case of notices through email; and (b) the same day, in the case of notices through the Service.

10.7. Amendment and Waivers. No modification or amendment to this Agreement will be effective unless made in writing and signed or accepted by an authorized representative of both parties. No failure or delay by either party in exercising any right under this Agreement will constitute a waiver of that right. No waiver under this Agreement will be effective unless made in writing and signed by an authorized representative of the party being deemed to have granted the waiver.

10.8. Severability. This Agreement will be enforced to the fullest extent permitted under applicable law. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision will be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of this Agreement will remain in effect.

10.9. Assignment. Neither party will assign or delegate any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other party (not to be unreasonably withheld). Notwithstanding the foregoing, Socratic may assign this Agreement in its entirety (including all Orders), without the consent of Customer, in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all Socratic’s assets. Any purported assignment in violation of this section is void. Subject to the foregoing, this Agreement will bind and inure to the benefit of the parties, their respective successors and permitted assigns.

10.10. Governing Law and Venue. This Agreement, and any disputes arising out of or related hereto, will be governed exclusively by the internal laws of the State of Delaware, without regard to its conflicts of laws rules or the United Nations Convention on the International Sale of Goods. The parties acknowledge that this Agreement evidences a transaction involving interstate commerce. The state and federal courts located in New Castle County, Delaware will have exclusive jurisdiction to adjudicate any dispute arising out of or relating to this Agreement or its formation, interpretation or enforcement. Each party hereby consents and submits to the exclusive jurisdiction of such courts. Each party also hereby waives any right to jury trial in connection with any action or litigation in any way arising out of or related to this Agreement. In any action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover its reasonable costs and attorney’s fees.

10.11. Entire Agreement. This Agreement, including all referenced pages and Orders, if applicable, constitutes the entire agreement between the parties and supersedes all prior and contemporaneous agreements, proposals, or representations, written or oral, concerning its subject matter.

U.S. Privacy Law Data Processing Addendum

Pursuant to the Terms of Service between Customer and Socratic (each a “Party”; collectively the “Parties”), the Parties hereby adopt this U.S. Privacy Law Data Processing Addendum (“U.S. DPA”) for so long as Socratic processes Personal Data on behalf of Customer. This U.S. DPA prevails over any conflicting terms of the Agreement.

    1. Definitions. For the purposes of this U.S. DPA--
    1. “U.S. Privacy Laws” means, collectively, all U.S. federal and state privacy laws and their implementing regulations, as amended or superseded from time to time, that apply generally to the processing of individuals’ Personal Data and that do not apply solely to specific industry sectors (e.g., financial institutions), specific demographics (e.g., children), or specific classes of information (e.g., health or biometric information). U.S. Privacy Laws include, but are not limited to, the following:
      1. California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (“CCPA”);
      2. Colorado Privacy Act;
      3. Connecticut Personal Data Privacy and Online Monitoring Act;
      4. Delaware Personal Data Privacy Act;
      5. Indiana Consumer Data Protection Act;
      6. Iowa Consumer Data Protection Act;
      7. Montana Consumer Data Privacy Act;
      8. Oregon Consumer Privacy Act;
      9. ennessee Information Privacy Act;
      10. Texas Data Privacy and Security Act;
      11. Utah Consumer Privacy Act; and
      12. Virginia Consumer Data Protection Act.
    2. “Personal Data” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an identified or identifiable natural person. Where applicable, Personal Data shall be interpreted consistent with the same or similar term under U.S. Privacy Laws.
    3. “Share,” “Shared,” and “Sharing” have the meaning defined in the CCPA.
    4. “Sale” and “Selling” have the meaning defined in the U.S. Privacy Laws.
    5. “Controller” means “Controller” or “Business” as those terms are defined in the U.S. Privacy Laws.
    6. “Processor” means “Processor,” “Service Provider,” or “Contractor” as those terms are defined in the U.S. Privacy Laws.
    7. “Consumer” has the meaning defined in the U.S. Privacy Laws.
    8. “Processing,” “Process,” and “Processed” have the meaning defined in the U.S. Privacy Laws.
    9. “Customer Personal Data” means Personal Data contained within User Submissions.
    10. In the event of a conflict in the meanings of defined terms in the U.S. Privacy Laws, the meaning from the law applicable to the state of residence of the relevant Consumer applies.
    2. Scope, Roles, and Termination.
    1. Applicability - This U.S. DPA applies only to Socratic’s Processing of Customer Personal Data for the nature, purposes, and duration set forth in Appendix A.
    2. Roles of the Parties - For the purposes of the Agreement and this U.S. DPA, Customer is the Party responsible for determining the purposes and means of Processing Customer Personal Data as the Controller and appoints Socratic as a Processor to Process Customer Personal Data on behalf of Customer for the limited and specific purposes set forth in Appendix A.
    3. Obligations at Termination - Upon termination of the Agreement, except as set forth therein or herein, Socratic will discontinue Processing and destroy or return Customer Personal Data in its or its subcontractors’ and sub-processors’ possession without undue delay. Socratic may retain Customer Personal Data to the extent required by law but only to the extent and for such period as required by such law and always provided that Socratic shall ensure the confidentiality of all such Customer Personal Data.
    3. Compliance
    1. Compliance with Obligations - Socratic, its employees, agents, subcontractors, and sub-processors (a) shall comply with the obligations of the U.S. Privacy Laws, (b) shall provide the level of privacy protection required by the U.S. Privacy Laws, (c) shall provide Customer with all reasonably-requested assistance to enable Customer to fulfill its own obligations under the U.S. Privacy Laws, and (d) understand and shall comply with this U.S. DPA. Upon the reasonable request of Customer, Socratic shall make available to Customer all information in Socratic’s possession necessary to demonstrate Socratic’s compliance with this subsection.
    2. Compliance Assurance - Customer has the right to take reasonable and appropriate steps to ensure that Socratic uses Customer Personal Data consistent with Customer’s obligations under applicable U.S. Privacy Laws.
    3. Compliance Monitoring - Customer has the right to monitor Socratic’s compliance with this U.S. DPA through measures, including, but not limited to, ongoing manual reviews, automated scans, regular assessments, audits, or other annual technical and operational testing at least once every 12 months.
    4. Compliance Remediation - Socratic shall promptly notify Customer if it determines that it can no longer meet its obligations under applicable U.S. Privacy Laws. Upon receiving notice from Socratic in accordance with this subsection, Customer may direct Socratic to take reasonable and appropriate steps to stop and remediate unauthorized use of Customer Personal Data.
    5. Security - The Parties shall implement and maintain no less than commercially reasonable security procedures and practices, appropriate to the nature of the information, to protect Customer Personal Data from unauthorized access, destruction, use, modification, or disclosure. See Appendix B for additional details.
    4. Restrictions on Processing.
    1. Limitations on Processing - Socratic will Process Customer Personal Data solely as instructed in the Agreement and this U.S. DPA. Except as expressly permitted by the U.S. Privacy Laws, Socratic is prohibited from (i) Selling or Sharing Customer Personal Data, (ii) retaining, using, or disclosing Customer Personal Data for any purpose other than for the specific purpose of performing the services specified in Appendix A, (iii) retaining, using, or disclosing Customer Personal Data outside of the direct business relationship between the Parties, and (iv) combining Customer Personal Data with Personal Data obtained from, or on behalf of, sources other than Customer, except as expressly permitted under applicable U.S. Privacy Laws.
    2. Confidentiality - Socratic shall ensure that its employees, agents, subcontractors, and sub-processors are subject to a duty of confidentiality with respect to Customer Personal Data.
    3. Subcontractors; Sub-processors - Socratic’s current subcontractors and sub-processors are set forth in Appendix C. Socratic shall notify Customer of any intended changes concerning the addition or replacement of subcontractors or sub-processors. Further, Socratic shall ensure that Socratic’s subcontractors or sub-processors who Process Customer Personal Data on Socratic’s behalf agree in writing to the same or equivalent restrictions and requirements that apply to Socratic in this U.S. DPA and the Agreement with respect to Customer Personal Data, as well as to comply with the applicable U.S. Privacy Laws.
    4. Right to Object - Customer may object in writing to Socratic’s appointment of a new subcontractor or sub-processor on reasonable grounds by notifying Socratic in writing within 30 calendar days of receipt of notice in accordance with Section 10.6 of the Agreement. In the event Customer objects, the parties shall discuss Customer’s concerns in good faith with a view to achieving a commercially reasonable resolution.
    5. Consumer Rights
    1. Socratic shall provide commercially reasonable assistance to Customer for the fulfillment of Customer’s obligations to respond to State Privacy Law-related Consumer rights requests regarding Customer Personal Data.
    2. Where applicable, Socratic shall enable Customer to comply with any Consumer request made pursuant to the U.S. Privacy Laws.
    3. Socratic shall not be required to delete any Customer Personal Data to comply with a Consumer’s request directed by Customer if retaining such information is specifically permitted by applicable U.S. Privacy Laws; provided, however, that in such case, Socratic shall not use Customer Personal Data retained for any purpose other than provided for by that exception.
    6. Exemptions
    1. Notwithstanding any provision to the contrary in the Agreement or this U.S. DPA, the terms of this U.S. DPA shall not apply to Socratic’s Processing of Customer Personal Data that is exempt from applicable U.S. Privacy Laws.
    7. Changes to Applicable Privacy Laws.
    1. The parties agree to cooperate in good faith to enter into additional terms to address any modifications, amendments, or updates to applicable statutes, regulations or other laws pertaining to privacy and information security, including, where applicable, the U.S. Privacy Laws.

Appendix A - Processing Details

Nature of the ProcessingCustomer Personal Data may be obtained from Customer’s product development tickets.
Purpose(s) of the ProcessingTo provide analytical insights that will help streamline Customer’s work, such as evaluating project team member workloads.
Types of Customer Personal DataIdentity information (e.g., name, email address); project team member communications and workload.
Duration of ProcessingSocratic will process Customer Personal Data for as long as the Agreement is in effect.

Appendix B – Security Measures

Socratic will apply at least the following types of security measures to Customer Personal Data:

1. Virtual access control

Technical and organizational measures to prevent data processing systems from being used by unauthorized persons include:

  • User identification and authentication procedures;

  • ID/password security procedures (special characters, minimum length, change of password);

  • Automatic blocking (e.g. password or timeout);

  • Monitoring of break-in-attempts;

  • Creation of one master record per user, user-master data procedures per data processing environment; and

  • Encryption of archived data media.

2. Data Access Control

Technical and organizational measures to ensure confidentiality and that persons entitled to use a data processing system gain access only to such Customer Personal Data in accordance with their access rights, and that Customer Personal Data cannot be read, copied, modified or deleted without authorization, include:

  • Internal policies and procedures;

  • Control authorization schemes;

  • Default configuration;

  • Differentiated access rights (profiles, roles, transactions and objects);

  • Monitoring and logging of access;

  • Disciplinary action against employees who access Customer Personal Data without authorization;

  • Reports of access;

  • Access procedure;

  • Change procedure;

  • Deletion procedure; and

  • Encryption.

3. Disclosure control

echnical and organizational measures to ensure that Customer Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage on storage media (manual or electronic), and that it can be verified to which companies or other legal entities Customer Personal Data are disclosed, include:

  • Encryption/pseudonymization/tunneling;

  • Logging; and

  • Transport security.

4. Entry control

Technical and organizational measures to monitor whether Customer Personal Data have been entered, changed or removed (deleted), and by whom, from data processing systems, include:

  • Logging and reporting systems; and

  • Audit trails and documentation.

5. Control of Instructions

Technical and organizational measures to ensure that Customer Personal Data are Processed solely in accordance with the instructions of the Controller include:

  • Written agreements with vendors and related third parties; and

  • Vendor management program.

6. Availability control

Technical and organizational measures to ensure the integrity, availability and resilience of the processing systems, and that Customer Personal Data are protected against accidental destruction or loss (physical/logical) include:

  • Backup procedures;

  • Remote storage;

  • Antivirus/firewall systems; and

  • Disaster recovery plan, in the event of a physical or technical incident.

7. Separation control

Technical and organizational measures to ensure that Customer Personal Data collected for different purposes can be Processed separately include:

  • Separation of databases; and

  • Segregation of functions (production/testing).

8. Testing Controls

Technical and organizational measures to test, assess and evaluate the effectiveness of the technical and organizational measures implemented in order to ensure the security of the processing include:

  • Periodic review and testing of disaster recovery plan;

  • Testing and evaluation of software updates before they are installed;

  • Authenticated (with elevated rights) vulnerability scanning; and

  • Test bed for specific penetration tests and red team attacks.

9. IT governance

Technical and organizational measures to improve the overall management of IT and ensure that the activities associated with information and technology are aligned with the compliance efforts include:

  • Certification/assurance of processes and products;

  • Processes for data minimization;

  • Processes for data quality;

  • Processes for limited data retention; and

  • Processes for ensuring accountability.

Appendix C – Sub-processor Details

To support delivery of Socratic’s services, Socratic may engage and use third parties as sub-processors to Process certain Customer Personal Data. This Appendix C provides information about the identity, location, and role of each sub-processor.

Entity NamePurpose of ProcessingLocation of ProcessingAdditional Details
AWSServicing, processing, and directing network traffic and data; data storage (including Customer Personal Data); management of user accounts.US regions
AzureServicing, processing, and directing network traffic and data; data storage (including Customer Personal Data).US regions
Auth0Identity provider and authentication processing.