Platform Product Attachment

Online versions of these documents are not negotiable. Please do not cut and paste this into another program in order to edit.

This document is a “Product Attachment” as defined in the General Terms entered into by Client and Firstup and is subject to and incorporates by reference the provisions of the General Terms. This Product Attachment is effective as of the date it is “accepted” (in accordance with the Preamble to the General Terms). Capitalized terms are defined in Section 9 below, unless otherwise defined within the body of this Product Attachment or the General Terms.

1. Services 

Firstup will provide Services related to the Scope, including without limitation access to its Platform. Firstup will use commercially reasonable efforts to make the Products available in accordance with the SLA.

2. Platform Responsibilities

2.1 Firstup hereby grants to Client a limited, non-exclusive, non-transferable, non-sublicensable license during the term of this Product Attachment (a) to access and use the Platform within the Scope and in accordance with the terms of this Agreement, and (b) to display, reproduce, distribute, and transmit in digital form Firstup’s name and logo solely within the Scope.  

2.2 Client hereby grants to Firstup a license to: (i) use Client Content for purposes of the provision, maintenance, or support of the Platform, Products and Services; (ii) communicate with Users who have initiated a request for information from Firstup as part of their use of the Products; (iii) use Client Content in non-personal, anonymized, and aggregated form (e.g., for the analysis and improvement of its products and services) provided that such information is not traceable back to Client or a User; (iv) provide access to Client Content to Firstup’s contracted third parties and vendors solely as necessary to provide the Products that are required to be delivered under this Agreement or as requested by Client or Users; (v) communicate with Client and/or Users regarding the Products; (vi) modify the Client Content at Client’s request; and (vii) use Client Content as otherwise permitted or required by applicable law.

2.3 App stores may require Client to have a privacy policy in place when submitting the Client App to the applicable App store(s). Client is responsible for creating and complying with its own privacy policy for the Client App. 

2.4 Client will: (a) not use the Platform to store, transmit, publish, communicate, or otherwise distribute any Client Content that is or that may reasonably be perceived as being harmful, threatening, discriminatory, offensive, obscene, or otherwise objectionable; (b) not attempt to gain access to any systems or networks that connect to the Services and Platform except for the express purpose of using the Platform in accordance with this Agreement; (c) not interfere with or disrupt the integrity, security or performance of the Platform (e.g., by bypassing security measures, sharing login or password information, or unreasonably overloading the Platform’s servers); (d) not share information about Client’s use of the Products with persons or entities that may operate or be affiliated with businesses that compete with Firstup or grant access to Client’s account to such competitors; (e) not sell, resell, distribute, host, lease, rent, license, sublicense, or make available to third parties on a service-bureau or other similar basis, in whole or in part, the Platform; (f) not reverse engineer or decompile, decrypt, disassemble or otherwise reduce any part of the Platform to human-readable form; (g) not disclose to any third party or publish, without Firstup’s prior written consent, performance or capacity statistics, or the results of any benchmark test performed on the Platform; (h) not introduce any Malicious Code into the Platform; and (i) not attempt to probe, scan, or test the vulnerability of the Platform, or disclose or cause to disclosed any information related to any security penetration, similar tests, or vulnerabilities without Firstup’s prior written consent. 

2.5 Client represents and warrants that (a) it has the necessary rights and consents to provide Client Content to Firstup, in order for Firstup to provide access to the Platform or perform the Services hereunder; (b) the Client Content does not infringe, violate, or misappropriate the Intellectual Property Rights of any third party; (c) it will not use the Platform to store, transmit, publish, communicate, or otherwise distribute Restricted Data; (d) it will only use the Products in accordance with the Documentation and this Agreement; and (e) it will comply with all applicable laws, rules and regulations related to its use of the Products. Client further acknowledges and agrees that the Platform is not intended for use or transmission of any Restricted Data, and Firstup will not be responsible for complying with any laws, rules or regulations which are specific to Restricted Data. 

2.6. If Client becomes aware that Client Content is subject to any take down requests, infringement claims, or any other claims, or if Firstup requests that Client remove Client Content based on information received that Client Content is infringing, violates applicable law, or has the potential to harm a third party, Client must promptly remove such Client Content from the Platform. If Client does not take required action in accordance with the above, Firstup may disable access to the Platform and/or remove the applicable Client Content until the issue is resolved. 

2.7 The Platform’s functionality is subject to changes from time to time at Firstup’s sole discretion; provided that Firstup will not materially diminish the performance of the Platform during the term of this Product Attachment.

3. Security, Data Privacy, and Audit

3.1 Firstup will (i) maintain industry standard administrative, physical, and technical safeguards designed for the protection of Client Content, and (ii) complete an annual SOC2 Type II audit. The details of Firstup’s data security practices can be found at https://firstup.io/legal/security/. 

3.2 Client is solely responsible for the security of its login information and the use or misuse of such information, and for all activities that occur under its Platform account. Client will immediately disable a User’s access once such User is no longer authorized to use the Platform. 

3.3 To the extent that a DPA is required by applicable law, Firstup’s DPA applies and is hereby expressly made part of this Agreement, unless Firstup and Client have entered into a separate written data processing agreement.

3.4 For the thirty (30) day period following the effective date of termination or expiration of the final Schedule under this Platform Product Attachment, Client may download the Client Content in Firstup’s industry standard format. Firstup will delete the Client Content within ninety (90) days following the effective date of termination or expiration of the final Schedule under this Platform Product Attachment, unless otherwise necessary to comply with Firstup’s legal or record retention requirements.

3.5 Client may conduct a remote audit of Firstup’s compliance with the terms of this Agreement up to once per calendar year. If a third party is to conduct the audit, the third party must be mutually agreed to by Client and Firstup and must execute a written confidentiality agreement acceptable to Firstup before conducting the audit. To request an audit, Client must submit a detailed audit plan that is reasonably acceptable to Firstup at least four weeks in advance of the proposed audit date to Firstup’s information security team describing the proposed scope, duration, and start date of the audit. Firstup will reasonably cooperate with Client on a final audit plan. If the requested audit scope is already addressed in a SOC 2 Type 2, ISO 27001, the NIST standards, or similar audit report performed by a qualified third party auditor within the prior twelve months, and Firstup confirms there are no known material changes in the controls audited, Client agrees to accept those findings in lieu of performing an audit of the controls covered by the report. Client will provide Firstup’s information security team with any audit reports generated in connection with an audit under this Section, unless prohibited by law. The contents of any such audit will be treated as Firstup’s Confidential Information, and Client may use the audit reports only for the purposes of meeting its regulatory audit requirements and/or confirming compliance with the requirements of this Agreement. Any audits are at Client’s sole expense.

4. Third Party Products and Integrations 

4.1 If Client installs or enables Third Party Products for use with the Products, Client agrees that Firstup may enable such third party providers to access Client Content for the interoperation of such Third Party Products with the Products, and any exchange of data or other interaction between Client and a third party provider is solely between Client and such third party provider pursuant to the applicable Third Party Terms. Firstup will not be responsible for any disclosure, modification or deletion of Client Content resulting from any such access by Third Party Products or third party providers. 

4.2 If Client elects to use an Integration, Client hereby consents to Firstup enabling the transmission of Client’s information for the purposes of the Integration. Client expressly agrees that Firstup reserves the right to disable any Integration for any reasonable purpose (as determined by Firstup, in its discretion), and Client’s payment of fees for the Platform is not dependent on Firstup providing any Integration, except to the extent such fees are specifically related to such Integration, as set forth on an applicable Schedule. Use of Integrations are at Client’s option and are not required for Client’s use of the Platform. Therefore, Firstup will bear no liability for any harm caused to Client by the use of Integrations, except to the extent any such harm results directly from Firstup’s negligence.

5. Fees

5.1 Client will pay the fees as more fully described in the applicable Schedule. The applicable currency will be set forth on the Schedule, and if no currency is listed, the fees are in USD. Unless set forth otherwise in the applicable Schedule, the first payment of subscription fees will be payable upon the Start Date, with subsequent annual subscription fees being payable upon each anniversary of the Start Date. 

5.2 The Schedule specifies the number of Users included in Client’s subscription. User counts are based on the data available on the Platform. Deactivated users (previously invited Users that accepted the invitations, registered, and then have been deactivated) are not counted towards the total number of Users. If Firstup determines that Client has exceeded the number of Users set forth in the applicable Schedule or has otherwise exceeded its usage rights, Firstup will notify Client and, within thirty (30) days thereafter, Client will either: (a) disable any unpermitted use and Users, or (b) purchase additional User licenses and/or an expanded subscription. The reduction of the number of Users during the term of the applicable Schedule will not reduce the fees due thereunder, unless otherwise expressly set forth in such Schedule.

6. Beta Products

From time to time, Firstup may make available, to some or all of its customers, Beta Products. Beta Products are intended for evaluation purposes only and not for production use (unless otherwise stated expressly by Firstup, in writing), are not supported by Firstup, and may be subject to additional terms. Beta Products are not considered “Products” under the Agreement for purposes of any representations, warranties, commitments, or agreements of Firstup; however, all restrictions and limitations applicable to Client’s use of Products will apply to Beta Products. Firstup may discontinue Beta Products at any time in its sole discretion and may never make them generally available. Firstup’s provision of Beta Products is on an as is and as available basis without any warranties of any kind, express or implied. Client expressly agrees that Firstup will have no liability for any harm or damage arising out Client’s use of a Beta Product.

7. Survival

Sections 5, 7, and 8 of this Product Attachment and any fees owed by Client in accordance with Section 2 of the General Terms will survive any termination or expiration of this Product Attachment.

8. Definitions

“Beta Products” means new or modified Products, or features or functionalities of existing Products, which are designated as beta, pilot, limited release, developer preview, non-production, evaluation, trial, or by a similar description.

“Client App” means Client’s mobile, white-labeled instance of the Platform. 

“Client Content” means content, images, fonts, icons, videos, templates, information, text, audio, and other data, including but not limited to trademarks, trade names, and service marks uploaded by Client (including its Users) or created within the Platform, or otherwise transmitted by or on behalf of Client in connection with its use of the Platform.

“DPA” means data processing agreement located at https://firstup.io/legal/data-processing-addendum/.

“GDPR” means Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation).

“Integration” means an integration between the Products with products not provided by Firstup, including Third Party Products that causes the Products and such other products to interact by sharing data and/or creating interoperability.

“Personal Data” means any information relating to an identified or identifiable natural person where such information is protected as personal data, personal information, or personally identifiable information under GDPR.

“Restricted Data” means (a) social security or other government issued identification number, passport number, driver’s license number, full birthdate, or similar identifier (or any portion thereof); (b) genetic, biometric, health, or any Protected Health Information of any person as defined under Health Insurance Portability and Accountability Act, as amended; (c) credit or debit card number, credit information, financial account or other financial information of a person; (d) personally identifiable or confidential information of Client’s customers (including any financial, credit card, or account information), including any “nonpublic personal information” as defined under the Gramm-Leach-Bliley Act, as amended, or other information subject to any banking or financial law or regulation control; (e) any data subject to the U.S. International Traffic in Arms Regulations (ITAR), U.S. Export Administration Regulations (EAR) or other export control laws or regulations; (f) any Controlled Unclassified Information (CUI) or data that is subject to the Defense Federal Acquisition Regulation Supplement (DFARS); (g) any information that falls within the definition of “special categories of data” under GDPR; and/or (h) any other information that requires specific safeguarding, handling, or distribution controls under any applicable law or regulation that is not otherwise generally applicable to Personal Data.

“Scope” means internal communications, employee engagement, and advocacy.