Personyze Terms of Subscription Service

Last updated: May 2026

This Personyze Terms of Subscription Service (the “Agreement”) constitutes a legal, binding agreement between Personyze and you with respect to the Service defined below.

BY ACCEPTING THIS AGREEMENT, BY CLICKING A BOX INDICATING YOUR ACCEPTANCE OR BY EXECUTING AN ORDER FORM, A QUOTE, A PURCHASE ORDER OR SIMILAR ORDER DOCUMENT THAT REFERENCES THIS AGREEMENT, OR BY USING THE SERVICE, YOU AGREE TO THIS AGREEMENT AND ALL OF ITS TERMS AND CONDITIONS. If you are entering into this Agreement on behalf of a company or other legal entity, you represent that you have the authority to bind such entity and its affiliates, in which case the terms “you” or “your” shall refer to that entity. If you do not have such authority, or if you do not agree with this Agreement, you may not use the Service.

You may not use or access the Service if you are our direct competitor, on behalf of a direct competitor, or for the benefit of one of our direct competitors. You may not access or use the Service for purposes of monitoring its availability, performance or functionality, or for any other benchmarking or competitive purposes.

1. Member account, password, and security

To register for the Service, you will be required to create an online account which will be used to manage your use of the Service hereunder (“Account”). All information required during the Account set-up process must be complete and accurate. You must keep your Account credentials confidential and use commercially reasonable measures to prevent unauthorized access. You are solely responsible for any and all activity initiated through your Account, except to the extent caused by Personyze’s breach of this Agreement or its security obligations. You agree to immediately notify Personyze of any known or suspected unauthorized use of your Account. Personyze personnel may access your Account and Client Data (defined below) only as reasonably necessary to provide, maintain, support, secure or improve the Service, to respond to your support requests, or as required by applicable law. Such access is logged, restricted to personnel under written confidentiality obligations, and conducted in accordance with Personyze’s information-security program and the Data Processing Addendum attached to this Agreement.

2. Subscription service

Subject to the terms and conditions of this Agreement and during the Term (as defined in Section 15 below), Personyze shall make the Service available to you via the Service login page. “Service” means all Personyze online Web-based software-as-a-service specified on the Personyze-generated order documentation (“Quote”) provided to you, or your purchase order documentation, and includes any additional capacities, features or functionalities subsequently purchased by you that augment or enhance the Service (“Product Add-Ons”). Service will commence on the date that Personyze electronically confirms your order of the Service pursuant to this Agreement and the applicable Quote or similar order document (the “Delivery Date”). Additional limitations applicable to the specific Service you purchased are further described in the Service Schedule at the end of this Agreement.

In connection with your use of the Service, Personyze hereby grants a non-exclusive, limited license during the Term of this Agreement to (i) place the Personyze tracking code on Client Websites (defined below) for the sole purpose of collecting data for the Service, and to (ii) use the Documentation and make a reasonable number of copies of the Documentation. Upon the expiration or early termination of this Agreement, the license granted to you to place such tracking code and use such Documentation automatically terminates.

“Client Websites” means those websites, applications or devices owned or controlled by you for which you wish to use the Personyze tracking code or any other identifier to collect data for the Service. “Documentation” means the user documentation published by Personyze and made available to you in connection with the Service. Personyze may make improvements and/or changes in the Service, including the tracking code and the Documentation, from time to time in its sole discretion.

3. Restrictions

You or any of your employees, officers, directors or authorized contractors (each a “User”) shall not (i) use the Service or any portion thereof to provide services to any third party or for the benefit of any third party (whether by means of a service bureau, by “mirroring” or “framing” any part of the Service, or otherwise), or make the Service available to anyone other than Users; (ii) copy, modify, create a derivative work of or gain unauthorized access to the Service, including for the purpose of developing a similar or competitive product or service; (iii) remove, obscure or alter any proprietary notices or labels on the Service or any component thereof, or any Documentation; (iv) interfere with or disrupt the integrity or performance of the Service or third-party data contained therein; (v) disclose to any third party the results of any competitive benchmarking conducted by you against the Service (and you may not perform such benchmarking for purposes of evaluating a competing product), provided that this clause does not restrict you from (A) distributing your Reports and Client Data, or (B) publishing or describing the business results you achieve through use of the Service (including in testimonials, case studies, social media, or marketing materials); (vi) use the Service to upload, store or transmit any viruses, worms, time bombs, Trojan horses and other harmful or malicious code, files, scripts, agents or programs; (vii) use the Service to collect, upload, store or transmit infringing, libelous or otherwise unlawful or tortious material, or to collect, upload, store or transmit data in violation of third-party privacy rights or applicable privacy and data security laws, rules or regulations; or (viii) attempt to gain unauthorized access to the Service or related systems or networks.

You shall (a) be responsible for each User’s compliance with this Agreement, (b) be solely responsible for the integrity and legality of Client Data and of the means by which you acquired Client Data, and (c) use the Service only in accordance with the applicable Documentation and applicable laws and government regulations.

You acknowledge and consent to Personyze’s use of our own products to collect and analyze data regarding your and Users’ access and use of the Service, to improve the Service and Personyze technology, and to optimize your access to and use of the Service.

The Service is not fault-tolerant and is not designed or intended for use in any environment where failure of the Service could reasonably be expected to result in death, serious bodily injury, or severe physical or environmental damage. You agree not to use the Service in any such environment.

4. Rights of usage

The Documentation, the Service and all components thereof, including the Personyze tracking code, the structure and organization of the Reports, Personyze’s Confidential Information, Personyze APIs, any other Personyze information and materials, and all worldwide intellectual property rights in the foregoing, are the exclusive property of Personyze, its licensors and/or its suppliers. Personyze, its licensors and/or its suppliers reserve all rights not expressly granted to you in this Agreement. As between Personyze and you, all data collected and analyzed by the Service for your Account (“Client Data”) and all worldwide intellectual property rights in Client Data are your exclusive property. Personyze does not incorporate into the Service any third-party product, software or other materials for which the intellectual property rights are not owned solely by Personyze or for which Personyze has not properly obtained a license to the intellectual property rights from such third party.

5. Evaluation use

If you access the Service for evaluation purposes only, this Section applies in addition to the other terms of this Agreement. Unless the parties agree in writing to a different period, the evaluation period is fourteen (14) days from the date you place the Personyze tracking code on a Client Website (the “Evaluation Period”), after which Personyze may disable access. Some Service features may be limited during the Evaluation Period. Unless you purchase a paid subscription, any Client Data collected and any account configuration made during the Evaluation Period may be deleted at or after the end of the Evaluation Period. Notwithstanding any other provision of this Agreement, during the Evaluation Period the Service is provided “AS IS” without warranty of any kind.

6. Fees

You shall pay to Personyze the fees for the Service set forth on all applicable Quote(s) or other similar order document (the “Service Fees”). The Service Fees are non-refundable. Additional terms applicable to Service Fees for the specific Service you purchased are further described in the Service Schedule at the end of this Agreement.

7. Payment terms

Sales tax, use tax, VAT, GST, and any other applicable taxes that are mandatory in the country or region in which your company is registered, or doing business in, or that is otherwise required of you by any authorities, are your sole responsibility. You acknowledge and agree that the Service Fees are exclusive of all such taxes.

PERSONYZE RESERVES THE RIGHT TO SUSPEND OR TERMINATE YOUR ACCESS TO THE SERVICE IN THE EVENT OF YOUR FAILURE TO MAKE ANY PAYMENT TO PERSONYZE WITHIN THIRTY (30) DAYS AFTER SUCH PAYMENT IS DUE. Personyze will also terminate your access to the Service upon the termination or expiration of this Agreement. You agree and acknowledge that Personyze will not be responsible for any damages resulting from such suspension or termination, whether such damages are direct, indirect, incidental or consequential, even if Personyze has been advised of the possibility of such damages.

Unless otherwise stated, all fees are quoted in the currency specified in the applicable Quote or similar order document. You are responsible for paying all fees associated with using the Service.

8. Privacy

8.1 Authorization to Process. By accessing or using the Service, you authorize Personyze to collect, store, and process Client Data subject to the terms of this Agreement and the Data Processing Addendum (the “DPA”) attached hereto and incorporated by reference. In the event of any conflict between this Section 8 and the DPA with respect to the processing of personal data, the DPA controls.

8.2 Your notice obligations. You shall ensure that each Client Website maintains a publicly accessible privacy notice that clearly and conspicuously informs visitors that the site, application or device is tracked and analyzed by an analytics and personalization service, identifies the categories of data collected (including the use of cookies, device identifiers, and similar technologies), describes the purposes of processing, and explains how visitors may exercise applicable rights (including opt-out where required). You are responsible for obtaining all consents (including consent to cookies and similar technologies where required by law, e.g., the EU ePrivacy Directive and UK PECR) and for honoring all opt-outs (including U.S. state “Do Not Sell or Share My Personal Information” signals such as Global Privacy Control) prior to collection.

8.3 Compliance with applicable law. You shall ensure that your collection, storage, transmission, and processing of Client Data through the Service complies at all times with (a) your own published privacy and information-security policies, and (b) all applicable laws, rules and regulations governing the processing of personal data, including the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and the UK GDPR; the California Consumer Privacy Act as amended by the California Privacy Rights Act (the “CCPA/CPRA”) and other U.S. state comprehensive privacy laws (e.g., Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, Texas TDPSA, Oregon OCPA, and successor or similar laws); Canada’s PIPEDA and Quebec Law 25; Brazil’s LGPD; and applicable export, sanctions, and import-control laws and regulations. As between the parties, you are the controller (or business) and Personyze is the processor (or service provider) with respect to personal data within Client Data, except where Personyze acts as an independent controller for its own legitimate business purposes (e.g., billing, account administration, fraud prevention, and security), as further described in the DPA.

8.4 Prohibited categories of data. You shall not use the Service to collect, upload, transmit, store, deliver to, or otherwise provide Personyze with access to any data of a kind that the Service is not designed or contractually authorized to process, including: (i) U.S. Social Security numbers, tax identification numbers, driver’s license or other government-issued identifier numbers, passport numbers, or financial account numbers; (ii) payment card data subject to the PCI DSS; (iii) protected health information regulated by HIPAA or comparable laws, or any individual medical or mental-health information; (iv) precise geolocation data, biometric identifiers or biometric information, or genetic data; (v) personal data of children under 13 (or under 16 where applicable) subject to COPPA, GDPR Art. 8, or similar laws; (vi) account passwords or security credentials; (vii) special categories of data under GDPR Art. 9 (e.g., racial or ethnic origin, political opinions, religious beliefs, trade-union membership, sexual orientation, or health data); and (viii) any other information that, under applicable law, would be classified as sensitive personal information or that would require heightened security, consent, or breach-notification obligations that Personyze has not separately agreed in writing to support.

8.5 Security and breach notification. Personyze shall implement and maintain a written information-security program containing administrative, technical, and physical safeguards designed to protect Client Data against unauthorized access, use, disclosure, alteration or destruction, as further described in the DPA. If Personyze becomes aware of a confirmed Security Incident affecting Client Data (as defined in the DPA), Personyze shall notify you without undue delay and in any event within seventy-two (72) hours of confirmation, and shall provide reasonable cooperation in your investigation, mitigation, and notification obligations under applicable law.

8.6 Mutual indemnification for privacy claims. (a) You shall defend, indemnify and hold harmless Personyze, its affiliates, and their respective directors, officers, employees and authorized agents from and against any third-party losses, damages, fines, penalties, settlements, and reasonable attorneys’ fees (collectively, “Losses”) arising from any claim that your or any User’s collection of, instructions regarding, content of, or use of Client Data violates this Section 8, Section 3, the DPA, or applicable law. (b) Personyze shall defend, indemnify and hold harmless you, your affiliates, and their respective directors, officers and employees from and against any third-party Losses arising from Personyze’s breach of its obligations under Section 8.5 (Security and Breach Notification) or the DPA, except to the extent the Loss arises from your breach of this Agreement or your instructions to Personyze. The indemnifying party’s obligations under this Section are conditioned on the indemnified party (i) giving prompt written notice of the claim, (ii) granting sole control of the defense and settlement (provided that no settlement requiring the indemnified party to admit liability shall be entered without its prior written consent, not to be unreasonably withheld), and (iii) providing reasonable cooperation at the indemnifying party’s expense.

9. Client data

9.1 Security. Personyze shall maintain administrative, technical, and physical safeguards consistent with industry practice for SaaS providers of comparable size and scope, designed to protect the confidentiality, integrity and availability of Client Data. Further detail is provided in the DPA.

9.2 Retention. During the Term, Personyze will retain Reports and other Client Data in accordance with the data retention settings configured in your Account and Personyze’s then-current data retention practices, a description of which will be provided on request. Notwithstanding any provision to the contrary, (i) Personyze has no obligation to retain, store, deliver or provide access to Client Data except as expressly set forth in this Agreement or the DPA, and (ii) Personyze’s storage obligations terminate upon expiration or earlier termination of the applicable Service, subject to the return and deletion provisions of the DPA.

9.3 Customer access and export. You may at any time during the Term, and for a reasonable wind-down period following termination as described in the DPA, transmit, copy, extract or otherwise remove Client Data from the Service via the export functions and APIs provided as part of the Service. Personyze is not responsible for any Client Data once it has been exported by you or by a third party you have authorized.

9.4 Uploaded data. You, or a third party you authorize, may upload, copy or transmit data collected from sources other than Client Websites to the Service. Once uploaded, such data will be treated as Client Data, governed by this Agreement and the DPA, and counted toward your usage entitlements.

9.5 APIs. Your use of any Personyze application program interface (“API”) for transmitting, copying, extracting, removing or uploading data, or for developing applications, is subject to the usage terms provided with the API documentation.

9.6 Third-party applications. If you install or enable a third-party application for use with your Account, you acknowledge that Personyze may permit the provider of that application to access Client Data as reasonably required for interoperation with the Service. Personyze is not responsible for any disclosure, modification or deletion of Client Data resulting from such access. You are responsible for reviewing the third-party application provider’s terms and privacy practices.

10. Services and support

Your purchase of the Service includes basic support for the Service in accordance with Personyze’s then-current support practices applicable to your subscription. You may purchase upgraded support for an additional fee. Technical support for the Service begins on the Delivery Date. Your subscription to the Service does not include any professional services, including consulting, implementation and training services, unless otherwise specified in the Quote or other order document. Personyze may provide professional services to you from time to time. Professional services, when provided, shall be governed by a separate written statement of work or by Personyze’s then-current professional services terms, which will be provided to you in connection with the engagement.

11. Limited warranty

Subject to the terms and conditions of this Agreement and during the Term, Personyze warrants to you that it has the right to provide you with a subscription in the Service in accordance with the terms and conditions of this Agreement, and it will provide the Service to you in a professional manner as measured by current industry standards. Personyze is not responsible and shall have no warranty obligations whatsoever with respect to any Service or any component of the Service that has been modified in any way by anyone other than Personyze.

12. Warranty disclaimer

OTHER THAN AS EXPRESSLY SPECIFIED IN SECTION 11 OF THIS AGREEMENT, THE SERVICE, THE PERSONYZE TRACKING CODE, CLIENT DATA, DOCUMENTATION AND REPORTS ARE PROVIDED “AS IS”. PERSONYZE, ITS SUPPLIERS AND LICENSORS MAKE NO WARRANTIES OR REPRESENTATIONS, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WARRANTIES OF QUALITY, PERFORMANCE, NON-INFRINGEMENT, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTIES SHALL ARISE BY COURSE OF DEALING, COURSE OF PERFORMANCE, OR TRADE USAGE. PERSONYZE, ITS SUPPLIERS AND LICENSORS DO NOT WARRANT THAT THE SERVICE, THE PERSONYZE TRACKING CODE, CLIENT DATA, DOCUMENTATION OR REPORTS WILL MEET YOUR NEEDS OR BE FREE FROM ERRORS, OR THAT ERRORS WILL BE FIXED, OR THAT THE OPERATION OF THE SERVICE WILL BE UNINTERRUPTED OR TIMELY. THE FOREGOING EXCLUSIONS AND DISCLAIMERS ARE AN ESSENTIAL PART OF THIS AGREEMENT AND FORM THE BASIS FOR DETERMINING THE PRICE CHARGED FOR THE SERVICE.

13. Limitation of liability

PERSONYZE, ITS SUPPLIERS AND LICENSORS SHALL NOT BE LIABLE TO YOU, ANY USERS OR ANY THIRD-PARTY CLAIMANT FOR ANY INDIRECT, SPECIAL, PUNITIVE, CONSEQUENTIAL (INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOST DATA), OR INCIDENTAL DAMAGES, WHETHER BASED ON A CLAIM OR ACTION OF CONTRACT, WARRANTY, NEGLIGENCE, STRICT LIABILITY, TORT, BREACH OF ANY STATUTORY DUTY, INDEMNITY OR CONTRIBUTION, OR OTHERWISE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE EXCLUSION CONTAINED IN THIS PARAGRAPH SHALL APPLY REGARDLESS OF THE FAILURE OF ANY REMEDY. PERSONYZE’S CUMULATIVE LIABILITY FOR ANY AND ALL LOSS OR DAMAGES RESULTING FROM ANY CLAIMS, DEMANDS OR ACTIONS ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE SERVICE SHALL NOT EXCEED THE TOTAL FEES PAID BY YOU TO PERSONYZE FOR USE OF THE SERVICE UNDER THIS AGREEMENT DURING THE SIX-MONTH PERIOD IMMEDIATELY PRECEDING THE DATE OF THE CLAIM GIVING RISE TO LIABILITY.

14. Export control

Each party shall comply with the export laws and regulations of the United States and other applicable jurisdictions in providing and using the Service. Without limiting the foregoing, (i) each party represents that it is not named on any U.S. government list of persons or entities prohibited from receiving exports, and (ii) you shall not permit any User to access or use the Service in violation of any U.S. export embargo, prohibition, or restriction.

15. Term and termination

15.1 Commencement and term. This Agreement and the Service will commence on the Delivery Date and, unless earlier terminated as provided below, will remain effective for the contract term specified in the applicable Quote or similar ordering document (together with all renewal terms, the “Term”).

15.2 Termination for convenience. You may terminate this Agreement or downgrade your subscription at any time by giving Personyze at least thirty (30) days’ prior written notice to your account manager or to support@personyze.com. Termination for convenience will take effect at the end of the thirty (30)-day notice period. Service Fees that have already been invoiced or that cover the unused remainder of an annual prepaid Term are non-refundable except as expressly provided in this Agreement (including Sections 15.4 and 16). Personyze may terminate this Agreement for convenience at the end of any then-current Term by giving you at least thirty (30) days’ prior written notice before the renewal date.

15.3 Renewal. Upon expiration of the then-current Term, this Agreement will automatically renew for successive twelve (12)-month Terms at the same Service package, capacity and functionality levels (including Product Add-Ons), unless either party gives the other at least thirty (30) days’ prior written notice of non-renewal. Personyze will invoice for the renewal Term on the same billing schedule as the then-current Term and will provide prior written notice (and, where commercially reasonable, at least sixty (60) days’ notice) of any increase in Service Fees applicable to the renewal Term.

15.4 Termination for cause. Personyze may terminate this Agreement effective immediately upon written notice if (i) you or any User materially breaches Section 3 (Restrictions) or Section 8 (Privacy), or (ii) you or any User materially breaches any other provision of this Agreement (including payment obligations) and does not cure the breach within thirty (30) days after receiving written notice. You may terminate this Agreement effective immediately upon written notice if Personyze materially breaches this Agreement and fails to cure within thirty (30) days after receiving written notice.

15.5 Effect of termination. Upon termination by you for Personyze’s uncured material breach, you shall pay Personyze for Service Fees and any other fees accrued through the date of termination, shall have no further payment obligation, and Personyze shall refund any prepaid Service Fees covering the unused remainder of the then-current Term following the date of termination. Upon termination by Personyze for your uncured material breach, you will pay Personyze the Service Fees and any professional services fees that would otherwise be payable for the remainder of the then-current Term. Upon any termination, (i) all licenses granted herein immediately terminate, you must promptly discontinue all use of the Service, and Personyze will terminate Account access; and (ii) you must remove all Personyze tracking code from Client Websites and destroy or erase all copies of the Documentation in your possession. Upon request, you will certify in writing that you have complied with the foregoing.

15.6 Survival. The provisions of this Agreement that by their nature should survive termination shall survive, including Sections 4 (Rights of Usage), 8 (Privacy), 9 (Client Data), 12 (Warranty Disclaimer), 13 (Limitation of Liability) and the DPA’s return-and-deletion provisions.

15.7 Account deletion. Following termination, you may delete your Account by logging in at www.personyze.com and selecting “Delete Account”. If you do not delete your Account within thirty (30) days after termination, Personyze will delete it and all associated profiles in accordance with the DPA.

16. Modifications to terms of service and other policies

Personyze may update the terms of this Agreement, the Service, or any policy governing the Service from time to time by posting the revised version on the Personyze website (www.personyze.com). For any change that materially reduces your rights or increases your obligations, Personyze will provide you with at least thirty (30) days’ advance notice by email to your designated account contact and/or in-product notice. If you object to a material change, you may terminate the Agreement on written notice given before the effective date of the change, and you will be entitled to a pro-rata refund of any prepaid Service Fees for the unused remainder of the then-current Term. Continued use of the Service after the effective date of the change constitutes acceptance. Non-material changes (such as clarifications, formatting fixes, or changes required by law) take effect when posted. Price changes are governed by Section 15 (Term and Termination).

17. Client reference

Subject to your prior written approval (which may be confirmed by email and may be revoked on thirty (30) days’ notice), you grant Personyze a limited, royalty-free license to use your trade name and corporate logo on Personyze’s customer-list page and in standard sales materials to identify you as a client of Personyze. Any case study, testimonial, press release, or use of your name and logo outside this scope requires your prior written approval on a per-use basis. Personyze shall comply with your trademark usage guidelines if provided.

18. Miscellaneous; applicable law and venue

1. This Agreement, including all Quotes or similar order documents, constitutes the entire agreement between the parties, and supersedes all prior and contemporaneous agreements, proposals, representations, written or oral, concerning its subject matter. No modification, amendment, or waiver of any provision of this Agreement shall be effective unless in writing and signed by the party against whom the modification, amendment or waiver is to be asserted. Notwithstanding any language to the contrary therein, no terms or conditions stated in your purchase order or in any other order documentation of yours shall be incorporated into or form any part of this Agreement, and all such terms and conditions shall be null and void.
2. Personyze shall be excused from performance hereunder to the extent that performance is prevented, delayed or obstructed by causes beyond its reasonable control, including any force majeure event, problems with Internet access, or problems that result from your or third-party actions or inactions or that result from your or third-party equipment, software or technology (other than third-party equipment within our direct control).
3. If any provision of this Agreement is held to be invalid or unenforceable, that provision will be enforced to the maximum extent permissible, consistent with the original intent of the parties, and the other provisions of this Agreement will remain in force.
4. The waiver by either party of any default or breach of this Agreement shall not constitute a waiver of any other or subsequent default or breach.
5. Neither this Agreement nor any rights granted hereunder may be sold, leased, assigned, or otherwise transferred, in whole or in part, by you, whether voluntary or by operation of law, and any such attempted assignment shall be void and of no effect. Notwithstanding the foregoing sentence, a party may assign this Agreement in connection with a merger, reorganization, acquisition, or sale of all or substantially all of its assets, as long as in your case, the surviving entity is not a competitor of Personyze.
6. This Agreement shall be binding upon and will be effective to the benefit of the parties and their respective heirs, successors, permitted assigns, and legal representatives. This Agreement shall be governed by and interpreted under the laws of the State of New York, United States, without regard to its conflict-of-laws principles. Any controversy or claim arising out of or in any way connected with this Agreement or the alleged breach thereof shall be brought exclusively in the state or federal courts located in New York County, New York, and each party irrevocably consents to the personal jurisdiction and venue of those courts. UCITA shall not apply to this Agreement. The United Nations Convention on Contracts for the International Sale of Goods does not apply to this Agreement.

19. Clients in Europe, the Middle East and Africa

A. The contracting entity under this Agreement is Personyze for all clients in all regions, including clients in Europe, the Middle East, and Africa.

B. If the laws of the country in which you are located require that contracts be in the local language in order to be enforceable, the version of this Agreement that shall govern is the translated version of this Agreement in the local language that is produced by Personyze within a reasonable time following your written request to Personyze.

C. Section 8 (“Privacy”) is supplemented as follows: For personal data subject to the GDPR or UK GDPR, you act as the controller (or, where applicable, processor acting on behalf of a controller) and Personyze acts as the processor. The parties shall comply with the Data Processing Addendum attached to this Agreement, which incorporates the Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) for transfers of personal data from the EEA and the UK International Data Transfer Addendum where applicable. Personyze will process Client Data only in accordance with your documented instructions (which include the use of the Service in accordance with this Agreement) and applicable law.

D. Section 13 (“Limitation of Liability”) above shall not apply and instead Section 20 below shall apply.

E. Section 18 (“Miscellaneous; Applicable Law and Venue”) shall not apply and instead Section 21 below shall apply.

20. Limitation of liability (EMEA replacement)

1. Subject to Section 20.3, in no event shall either party be liable under or in relation to this Agreement or its subject matter (whether such liability arises due to negligence, breach of contract, misrepresentation or for any other reason) for any: (i) loss of profits; (ii) loss of sales; (iii) loss of turnover; (iv) loss of, or loss of use of, any (a) software or (b) data; (v) loss of use of any computer or other equipment or plant; (vi) wasted management or other staff time; (vii) losses or liabilities under or in relation to any other contract; or (viii) indirect, special or consequential loss or damage.
2. Subject to Sections 20.1 and 20.3, Personyze’s aggregate liability arising from or in connection with this Agreement (and whether the liability arises because of breach of contract, negligence, misrepresentation or for any other reason) shall not exceed 1.25 times the amounts paid or payable (having been invoiced but not yet paid) by you for the license to use the Service.
3. Notwithstanding anything to the contrary in this Agreement, neither party excludes or limits its liability for: (a) death or personal injury caused by its negligence; (b) fraud or fraudulent misrepresentation; or (c) any other liability that cannot, under applicable law, be excluded or limited by agreement.

21. Miscellaneous; applicable law and venue (EMEA replacement)

1. This Agreement, including all Quotes or similar order documents, constitutes the entire agreement between the parties, and supersedes all prior and contemporaneous agreements, proposals, representations, written or oral, concerning its subject matter. No modification, amendment, or waiver of any provision of this Agreement shall be effective unless in writing and signed by the party against whom the modification, amendment or waiver is to be asserted. Notwithstanding any language to the contrary therein, no terms or conditions stated in your purchase order or in any other order documentation of yours shall be incorporated into or form any part of this Agreement, and all such terms and conditions shall be null and void. This section shall not exclude the liability of a party for fraud or fraudulent misrepresentation or concealment or any resulting right to rescind this Agreement.
2. Personyze shall be excused from performance hereunder to the extent that performance is prevented, delayed or obstructed by causes beyond its reasonable control, including any force majeure event, problems with Internet access, or problems that result from your or third-party actions or inactions or that result from your or third-party equipment, software or technology (other than third-party equipment within our direct control).
3. If any provision of this Agreement is held to be invalid or unenforceable, that provision will be enforced to the maximum extent permissible, consistent with the original intent of the parties, and the other provisions of this Agreement will remain in force.
4. The waiver by either party of any default or breach of this Agreement shall not constitute a waiver of any other or subsequent default or breach.
5. This Agreement and all matters arising out of or relating to this Agreement shall be governed by the laws of the State of New York, United States, without regard to its conflict-of-laws principles. The parties agree to submit to the exclusive jurisdiction of the state and federal courts located in New York County, New York, save that either party may seek injunctive or other equitable relief in any court of competent jurisdiction to protect its intellectual property rights or Confidential Information. The parties agree that the United Nations Convention on Contracts for the International Sale of Goods is specifically excluded from application to this Agreement.

22. Third-party rights

Nothing in this Agreement is intended to confer any benefit on any third party, except that Personyze’s affiliates, licensors and suppliers shall have the benefit of and the right to enforce the provisions of this Agreement that by their nature benefit and are enforceable by them.

Service schedule

This Service Schedule applies to your subscription to the Service. Your entitlements are those set forth on the cover page and pricing table of your Quote, Order or similar order documentation, including the per-Term pageview allowance, managed-service hours, number of permitted domains, and any other capacity limits specified. Pageviews, API calls, and email-delivery requests count toward the pageview allowance. Usage in excess of the included allowance is billed at the per-million overage rate stated in the pricing table. You are responsible for monitoring your usage; Personyze will use commercially reasonable efforts to alert you when usage approaches your allowance but is not obligated to do so. Additional managed-service hours beyond those included are billed at the hourly rate stated in the pricing table.

Annex A — Data Processing Addendum (DPA)

This Data Processing Addendum (“DPA”) forms part of the Personyze Terms of Subscription Service (the “Agreement”) between Personyze and the entity identified on the applicable Order or Quote (“Customer”), and governs Personyze’s processing of Personal Data in connection with the Service. Capitalized terms not defined in this DPA have the meanings given in the Agreement.

1. Definitions

1.1 “Applicable Data Protection Law” means all data protection and privacy laws applicable to a party’s processing of Personal Data under the Agreement, including: (a) the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and EU Member State laws implementing it; (b) the United Kingdom General Data Protection Regulation and Data Protection Act 2018 (together, “UK GDPR”); (c) the Swiss Federal Act on Data Protection (“FADP”); (d) the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”) and other U.S. state comprehensive privacy laws (e.g., Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, Texas TDPSA, Oregon OCPA, and successor or similar laws); (e) Canada’s PIPEDA and Quebec Law 25; (f) Brazil’s LGPD; and (g) any other applicable privacy or data protection law.

1.2 “Personal Data” means any information relating to an identified or identifiable natural person that is included in Client Data and processed by Personyze on behalf of Customer in connection with the Service.

1.3 “Controller,” “Processor,” “Data Subject,” “Process/Processing,” “Personal Data Breach,” “Sub-processor,” “Business,” “Service Provider,” “Sale,” and “Sharing” have the meanings given to them under Applicable Data Protection Law.

1.4 “Security Incident” means a confirmed Personal Data Breach, i.e., a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data processed by Personyze. The term does not include unsuccessful attempts or activities that do not compromise the security of Personal Data (e.g., unsuccessful log-in attempts, pings, port scans, denial-of-service attacks, packet sniffing of network traffic).

1.5 “SCCs” means the Standard Contractual Clauses approved by the European Commission in Commission Implementing Decision (EU) 2021/914 of 4 June 2021, as may be updated or amended.

1.6 “UK IDTA” means the United Kingdom International Data Transfer Addendum to the SCCs issued by the UK Information Commissioner, version B1.0 in force 21 March 2022 (or any successor).

2. Roles, scope, and customer instructions

2.1 Roles. With respect to Personal Data processed in connection with the Service, the parties acknowledge that Customer is the Controller (or, where applicable, a Processor acting on behalf of a Controller) and Personyze is the Processor. Under the CCPA/CPRA and equivalent U.S. state laws, Personyze acts as a Service Provider (or Processor) and shall not Sell or Share Personal Data, shall not retain, use or disclose Personal Data outside the direct business relationship between the parties, and shall not combine Personal Data received from Customer with Personal Data received from other sources except as expressly permitted by Applicable Data Protection Law.

2.2 Documented instructions. Personyze will Process Personal Data only on Customer’s documented instructions, which include: (a) Processing in accordance with the Agreement (including this DPA) and Customer’s configuration of the Service; (b) Processing required to comply with applicable law (in which case Personyze shall, where permitted, inform Customer of that legal requirement before Processing); and (c) any additional written instructions agreed by the parties. Personyze shall promptly inform Customer if, in its opinion, an instruction infringes Applicable Data Protection Law.

2.3 Independent controller activities. Personyze may Process limited operational data (e.g., account contacts, usage logs, billing, fraud prevention, security telemetry, and aggregated/de-identified data) as an independent Controller for the purposes of providing, securing, supporting, and improving the Service and complying with its legal obligations. Such processing is governed by Personyze’s then-current privacy notice and is outside the scope of Sections 3–11 of this DPA.

2.4 Customer responsibilities. Customer represents and warrants that it has provided all required notices and obtained all required consents and other legal bases for Personyze’s Processing of Personal Data under the Agreement, including the use of cookies and similar technologies on Client Websites and the transfer of Personal Data to Personyze.

3. Confidentiality and personnel

Personyze shall ensure that personnel with access to Personal Data are bound by written confidentiality obligations, receive regular privacy and security training, and access Personal Data only on a least-privilege, need-to-know basis.

4. Security measures

Personyze shall implement and maintain appropriate technical and organizational measures designed to protect Personal Data against Security Incidents, as described in Annex 2 (Technical and Organizational Measures). Personyze may update these measures from time to time, provided that the overall level of protection is not materially reduced.

5. Sub-processors

5.1 General authorization. Customer grants Personyze a general authorization to engage Sub-processors to provide the Service, subject to this Section 5. The current Sub-processor list will be provided on request.

5.2 Notice of new Sub-processors. Personyze shall give Customer at least thirty (30) days’ prior notice (by email to Customer’s designated account contact) of the addition or replacement of a Sub-processor that materially affects the Processing of Personal Data. During the notice period, Customer may object on reasonable grounds related to data protection. The parties shall work in good faith to resolve the objection; if no resolution is reached, Customer may, as its sole remedy, terminate the affected portion of the Service on written notice and receive a pro-rata refund of prepaid Service Fees for the unused remainder of the then-current Term.

5.3 Sub-processor obligations. Personyze shall enter into a written agreement with each Sub-processor that imposes data protection obligations no less protective than those in this DPA, and shall remain liable for the acts and omissions of its Sub-processors as if performed by Personyze.

6. Security incidents

Personyze shall notify Customer without undue delay, and in any event within seventy-two (72) hours, after confirming a Security Incident. The notice will include, to the extent then known: (a) the nature and likely scope of the incident; (b) the categories and approximate number of Data Subjects and records concerned; (c) the likely consequences; and (d) the measures taken or proposed to address the incident and mitigate its effects. Personyze shall provide reasonable cooperation and information to assist Customer in its investigation and notification obligations under Applicable Data Protection Law. Notification of a Security Incident is not an acknowledgment of fault or liability.

7. Data subject requests

Personyze shall provide self-service functionality within the Service that enables Customer to access, correct, delete, restrict, port, or otherwise respond to Data Subject requests under Applicable Data Protection Law. Where Customer is unable to address a request through the Service, Personyze shall, on Customer’s written request and at Customer’s reasonable cost (except where assistance is required at no cost under Applicable Data Protection Law), provide reasonable assistance. Personyze shall not respond directly to a Data Subject regarding Customer’s Personal Data without Customer’s prior written authorization, except to direct the Data Subject to Customer.

8. DPIA and regulator cooperation

On Customer’s reasonable request, Personyze shall provide reasonable assistance (taking into account the nature of Processing and the information available to Personyze) with Customer’s data protection impact assessments and consultations with supervisory authorities under Articles 35–36 GDPR or equivalent provisions of Applicable Data Protection Law.

9. International data transfers

9.1 EEA transfers. Where Personyze processes Personal Data subject to the GDPR outside the European Economic Area to a country not benefitting from an adequacy decision, the parties incorporate the SCCs into this DPA by reference: Module Two (Controller-to-Processor) applies where Customer is a Controller; Module Three (Processor-to-Processor) applies where Customer is itself a Processor. The optional docking clause (Clause 7) applies. Clause 9 Option 2 (general written authorization) applies with the notice period in Section 5.2. The optional language in Clause 11(a) (independent dispute resolution) does not apply. Clause 17 Option 1 governing law: Irish law. Clause 18 competent courts: Ireland. Annexes I, II, and III of the SCCs are completed by Annexes 1, 2, and 3 of this DPA.

9.2 UK transfers. For Personal Data subject to the UK GDPR transferred outside the United Kingdom to a country not benefitting from a UK adequacy regulation, the UK IDTA is hereby incorporated and forms part of this DPA, with the SCCs serving as the “Approved EU SCCs” and Annexes 1–3 of this DPA serving as Tables 1–3 of the UK IDTA. The parties agree to the version of the UK IDTA in force from time to time.

9.3 Swiss transfers. For Personal Data subject to the FADP, the SCCs apply with the modifications described in the Swiss Federal Data Protection and Information Commissioner’s guidance, including references to the FADP in place of the GDPR and to the FDPIC as the competent supervisory authority.

10. Audit

10.1 Information on request. On Customer’s reasonable written request, and subject to confidentiality obligations, Personyze shall make available to Customer information reasonably necessary to demonstrate compliance with this DPA, which may include security questionnaires, summaries of penetration-testing results, or any third-party audit reports Personyze has obtained. This information is intended to satisfy Customer’s audit rights to the maximum extent reasonably practicable.

10.2 On-site audits. To the extent the audit reports in Section 10.1 are insufficient to satisfy Applicable Data Protection Law, Customer (or a mutually agreed independent third-party auditor bound by appropriate confidentiality obligations and not a competitor of Personyze) may conduct an on-site audit of Personyze’s privacy and security controls relevant to the Processing of Personal Data, no more than once per twelve (12) months, on at least thirty (30) days’ prior written notice, during business hours, in a manner that does not unreasonably interfere with Personyze’s operations, and at Customer’s expense. A regulator may conduct audits as required by Applicable Data Protection Law without these limitations.

11. Return and deletion of Personal Data

Upon expiration or termination of the Agreement, Personyze shall, at Customer’s choice, return or delete all Personal Data in its possession or control within ninety (90) days, except where retention is required by Applicable Data Protection Law or for the establishment, exercise, or defense of legal claims. Personyze may retain Personal Data in encrypted backups for the duration of its standard backup-rotation cycle, after which such backups will be securely deleted or anonymized. Aggregated or de-identified data that cannot be reasonably linked to a Data Subject is not subject to return or deletion.

12. CCPA / U.S. state law specific terms

12.1 No Sale or Share. Personyze does not Sell Personal Data and does not Share Personal Data for cross-context behavioral advertising. The Service Fees do not constitute consideration for Personal Data.

12.2 Limited use. Personyze shall: (a) Process Personal Data only for the limited and specified business purposes of providing the Service as set out in the Agreement; (b) comply with applicable obligations under the CCPA/CPRA and comparable U.S. state laws, and provide the same level of protection required of a Business or Controller; (c) not combine Personal Data received from Customer with Personal Data received from other sources, except as permitted by the CCPA/CPRA; and (d) notify Customer if Personyze determines it can no longer meet these obligations and, on Customer’s direction, cease Processing or take reasonable steps to remediate.

12.3 Audit rights (CCPA). Customer has the right, on reasonable notice, to take reasonable and appropriate steps to ensure that Personyze uses Personal Data in a manner consistent with the CCPA/CPRA, and to stop and remediate unauthorized use of Personal Data. The audit provisions in Section 10 apply.

13. Liability

Each party’s liability under or in connection with this DPA is subject to the limitations and exclusions of liability set forth in the Agreement (Sections 13, or 20 for EMEA clients), provided that nothing in this DPA limits any liability that cannot be excluded or limited under Applicable Data Protection Law (including liability of a Processor to a Data Subject under Article 82 GDPR).

14. Order of precedence and term

In the event of a conflict between this DPA and the Agreement, this DPA governs with respect to the Processing of Personal Data. In the event of a conflict between this DPA and the SCCs or UK IDTA, the SCCs or UK IDTA (as applicable) prevail. This DPA takes effect on the Delivery Date and remains in force for so long as Personyze Processes Personal Data on Customer’s behalf and for any survival period required by Applicable Data Protection Law.

Annex 1 — Description of Processing

Subject matter: provision of the Personyze personalization, targeting, analytics, and email-broadcasting Service.

Duration: the Term of the Agreement, plus any return-and-deletion period.

Nature and purpose: collecting, storing, segmenting, analyzing, and acting on visitor and user behavioral data on Client Websites and in Customer’s email and app channels for the purpose of personalization, A/B testing, content targeting, product/content recommendations, and reporting.

Categories of Data Subjects: visitors to Client Websites; Customer’s prospects, leads, customers, registered users, and email subscribers; and Customer’s authorized Account users.

Categories of Personal Data: online identifiers (cookie IDs, device IDs, IP addresses in truncated form where feasible), browsing behavior (pages viewed, dwell time, clicks, referrers), inferred segments, basic demographic or location signals (e.g., country/region from IP), email addresses (where Customer uploads them), CRM segment IDs, and other identifiers and attributes Customer chooses to send via the tracking code, APIs, or feeds.

Special category / sensitive data: none, unless expressly agreed by the parties in writing. See Section 8.4 of the Agreement for prohibited categories.

Frequency of transfer: continuous, for the Term.

Retention: in accordance with Customer’s data retention configuration in the Service and Personyze’s then-current data retention practices.

Competent supervisory authority (SCCs Annex I.C): determined under SCCs Clause 13; where Customer has not designated an EU establishment, the Irish Data Protection Commission shall be the competent supervisory authority.

Annex 2 — Technical and Organizational Measures

Personyze implements measures consistent with industry practice for SaaS providers of comparable size and scope, including: (a) encryption of Personal Data in transit using TLS; (b) role-based access control with least-privilege principles and access limited to personnel with a need to know; (c) network protections including firewalls and access logging; (d) regular patching of production systems; (e) a written incident-response process; (f) personnel under written confidentiality obligations with privacy and security training; (g) reliance on reputable cloud-hosting providers for physical security at hosting facilities; (h) backup procedures for production data; and (i) data-minimization practices where reasonably practicable. Additional detail is available on request.

Annex 3 — Sub-processors

The current list of Sub-processors authorized to Process Personal Data under the Agreement will be provided to Customer on written request, and is updated as described in Section 5.

---

Questions about these Terms or about data protection? Contact support@personyze.com.