SAAS TERMS OF SERVICE
These SaaS Terms of Service (“Terms”) form a legally
binding agreement between Cellebrite and the organization on whose behalf you
are accepting these Terms (“Customer”).
By clicking “I Accept,” executing a Quote
that incorporates these Terms, or accessing or using the Cellebrite services,
Customer acknowledges that it has reviewed and agrees to be bound by these
Terms. You represent and warrant that you are acting on behalf of Customer and
have the authority to bind Customer to this Agreement.
If Customer does not agree to these Terms, Customer must not
access or use the Cellebrite services identified in the applicable Quote.
Cellebrite may modify these Terms and the Cellebrite
services at any time to accommodate changes in technology, new features and
service enhancements. Unless otherwise stated by Cellebrite, changes will
become effective when posted on Cellebrite’s website or otherwise communicated
to Customer, and Customer’s continued access to or use of the services after
such changes constitute acceptance of the updated Terms. Modifications will not
materially change Customer’s liability, obligations or responsibilities under
these Terms.
1. DEFINITIONS.
“Activation Date” means the date, set forth in the
applicable Quote, on which the Cellebrite Service is scheduled to be made
available to Customer.
“Affiliate” means any entity that directly or
indirectly, through one or more intermediaries, controls, is controlled by, or
is under common control with the subject entity. For purposes of this
definition, “control” means direct or indirect possession of the power
to direct or cause the direction of the management and policies of an entity,
whether through the ownership of voting securities, by contract or
otherwise. With respect to Customer's Affiliates only, an entity
shall be considered an "Affiliate" of Customer only so long as (i) it
meets the foregoing definition and (ii) it does not have its own separate
agreement with Cellebrite for use of the Software or access and use of the
Cellebrite Services.
“Ancillary Services” means implementation, training
or consulting services that Cellebrite may perform as described in a Quote.
“Cellebrite” means Cellebrite DI Ltd. and its
Affiliates.
“Cellebrite Service” means the Cellebrite Software as
a Service (“SaaS”) to be provided by Cellebrite to Customer pursuant to
these Terms and any applicable Quote, and for all purposes of these Terms, such
services exclude any Open Source Software that may be used to provide the
Cellebrite Service and all Third Party Offerings.
“Customer Data” means all data, including Personal
Information, submitted, stored, posted, displayed, or otherwise transmitted to
the Cellebrite Service by or on behalf of Customer, including without
limitation by any User.
“Customer System” means Customer’s internal
website(s), servers and other equipment and software used in the conduct of
Customer’s business.
“Documentation” means the printed, paper, electronic
or online user instructions and help files made available by Cellebrite for use
with the Cellebrite Service, as may be updated from time to time by Cellebrite.
“Intellectual Property Rights” means all intellectual
property rights or similar Proprietary Rights, including (a) patent rights and
utility models, (b) copyrights and database rights, (c) trademarks, trade
names, domain names and trade dress and the goodwill associated therewith, (d)
trade secrets, (e) mask works, and (f) industrial design rights; in each case,
including any registrations of, applications to register, and renewals and
extensions of, any of the foregoing in any jurisdiction in the world.
“Malicious Code” means viruses, worms, time bombs,
Trojan horses and other harmful or malicious code, files, scripts, agents or
programs.
“Named Users” means a User authorized by
Customer to access or use the Services through the assignment of a single user ID, regardless of
whether such User is using the Services at any given time. A non-human device
capable of accessing the Services is counted as a Named User.
“Open Source Software” means all software that
is available under the GNU Affero General Public License (AGPL), GNU General
Public License (GPL), GNU Lesser General Public License (LGPL), Mozilla Public
License (MPL), Apache License, BSD licenses, or any other license that is
approved by the Open Source Initiative (www.opensource.org).
"Quote" means a quote issued by Cellebrite
to Customer.
“Personal Information” means (i) all data that
identifies an individual or, in combination with any other information or data
available to a relevant entity, is capable of identifying an individual, and
(ii) such other data that is defined as “personal information” or “personal
data” under applicable law.
"Proprietary Information" means any and all
proprietary or Confidential Information, materials, data, technology, trade
secrets, know-how, processes, techniques, specifications, and other information
of Cellebrite, including without limitation the Cellebrite Service, Documentation,
software, source code, object code, algorithms, user interfaces, designs,
architectures, pricing information, business methods, and any other technical,
business, or financial information that Cellebrite designates as proprietary or
confidential, or that by the nature of the circumstances surrounding disclosure
ought to be treated as proprietary and confidential.
“Services” means the Cellebrite Service, Support
Services and any Ancillary Services.
“Statement of Work” means a written statement of
work entered into and signed by the
parties describing the Ancillary Services to be provided by Cellebrite to
Customer.
“Subscription Term” means the subscription period for
Customer’s use of the Cellebrite Service set forth in a Quote.
“Support Services” means the support and maintenance
services offered by Cellebrite.
“Third Party Offerings” means certain software or
services delivered or performed by third parties that are required for the
operation of the Cellebrite Service, or other online, web-based CRM, ERP, or
other business application subscription services, and any associated offline
products provided by third parties, that interoperate with the Cellebrite
Service.
“User” means a person for whom access to the
Cellebrite Services during the Subscription Term have been purchased pursuant
to a Quote, (b) who are authorized by Customer to access and use the Cellebrite
Service, and (c) where applicable, who have been supplied user identifications
and passwords for such purpose by Customer.
2. ORDERS;
LICENSES; AND RESTRICTIONS.
2.1 Orders.
Subject to the terms and conditions contained in these Terms, Customer may
purchase subscriptions to access and use the Cellebrite Services pursuant to
Quotes. Unless otherwise specified in the applicable Quote, Cellebrite
Services are purchased as User and storage space subscriptions and may be
accessed by no more than the number of Users specified in the applicable Quote.
Additional User and storage space subscriptions may be added at any time during
the applicable Subscription Term, prorated for the remainder of the
Subscription Term in effect at the time the additional User
or storage space subscriptions are added and invoiced separately
from the then-existing User and storage space subscriptions, as applicable, for
the remainder of such Subscription Term. The added User and/or storage space
subscriptions, shall terminate on the same date as the pre-existing
subscriptions. Unless otherwise specified in the applicable Quote, User
subscriptions are for designated Users only and cannot be shared or used by
more than one User, but may be reassigned to new Users replacing former Users
who no longer require ongoing use of the Cellebrite Services. Customer agrees
that its purchases hereunder are neither contingent on the delivery of any
future functionality or features nor dependent on any oral or written public
comments made by Cellebrite regarding any future functionality or features. If
there is any inconsistency between a Quote and these Terms, the Quote controls.
2.3 Restrictions. Customer
shall not, directly or indirectly, and Customer shall not permit any User or
third party to: (a) reverse engineer, decompile, disassemble or
otherwise attempt to discover the object code, source code or underlying ideas
or algorithms of the Cellebrite Service; (b) modify, translate, or create
derivative works based on any element of the Cellebrite Service or any related
Documentation; (c) rent, lease, distribute, sell, resell, assign, or
otherwise transfer its rights to use the Cellebrite Service; (d) use the
Cellebrite Service for timesharing purposes or otherwise for the benefit of any
person or entity other than for the benefit of Customer and Users;
(e) remove any proprietary notices from the Documentation;
(f) publish or disclose to third parties any evaluation of the Cellebrite
Service without Cellebrite’s prior written consent; (g) use the Cellebrite
Service for any training purposes, other than for training Customer’s
employees, where Customer charges fees or receives other consideration for such
training, except as authorized by Cellebrite in writing; (g) deactivate, modify
or impair the functioning of any disabling code in any Software; (h) use
the Cellebrite Service for any purpose other than its intended purpose; (i)
interfere with or disrupt the integrity or performance of the Cellebrite
Service; (j) introduce any Open Source Software into the Cellebrite Service;
(k) attempt to gain unauthorized access to the Cellebrite Service or their
related systems or networks; (l) use the Cellebrite Service in violation of any
applicable law (including but not limited to any law with respect to human
rights or the rights of individuals) or to support any illegal activity or to
support any illegal activity; or (n) use the Cellebrite Service to violate any
rights of any third party.
3. THIRD
PARTY OFFERINGS.
3.1 Customer acknowledges
and agrees that the access and use of any Service (or certain features thereof)
may involve access and/or use of Third Party software. In addition to
the Agreement, Customer shall comply with the terms and conditions applicable
to any such Third Party Software, including without limitation the
following terms and conditions:
i. Azure Maps -https://www.microsoft.com/en-us/maps/product/terms-april-2011;
ii. Bing Maps - 
http://aka.ms/BingMapsMicrosoftPrivacy;
iii. OpenStreetMap - http://www.openstreetmap.org/copy right.
3.2 No Implied
Licenses. Except for the express licenses set forth herein, Cellebrite does not
grant any license to Customer, whether by implication or otherwise.
3.3 Open
Source Software. Services may use and/or be provided with third
party Open Source Software, libraries or
other components (“Open Source Component”). To the extent so stipulated by the
license that governs each Open Source
Component (“Open Source License”), each such Open Source Component is
licensed directly to Customer from its respective
licensors and not sublicensed to Customer by Cellebrite, and such Open Source Component is subject to
its respective Open Source
License, and not to this
Agreement. If, and to the extent, an Open Source
Component requires that this Agreement
effectively impose, or incorporate by reference, certain disclaimers, permissions, provisions,
prohibitions or restrictions, then such
disclaimers, Permissions, provisions, prohibitions or restrictions shall be
deemed to be imposed, or incorporated by reference into this Agreement, as
required, and shall supersede any conflicting provision of this Agreement,
solely with respect to the corresponding Open
Source Component which is governed by
such Open Source License.
If
an Open Source License requires that the source code of its corresponding Open
Source Component be made available to Customer, and such source code was
not delivered to Customer with the Software,
then Cellebrite hereby extends a written offer, valid for the period prescribed
in such Open Source License, to obtain a copy
of the source code of the corresponding Open Source Component, from Cellebrite. To accept this
offer, Customer shall contact
Cellebrite at support@cellebrite.com.
4. PASSWORDS;
SECURITY.
4.1 Passwords.
Customer shall be, and shall ensure that each of their Affiliates and their
respective Users are, responsible for maintaining the confidentiality of all
user logins and passwords and for ensuring that each user login and password is
used only by the User. Customer is solely responsible for any and all
access and use of the Cellebrite Services. Customer shall, and shall
ensure that Customer’s Affiliates, restrict its Users from sharing
passwords. Customer agrees to immediately notify Cellebrite of any
unauthorized use of or access to any account, or any other breach of security
known to Customer. Cellebrite shall have no liability for any loss or
damage arising from Customer’s failure to comply with the terms set forth in
this Section.
4.2 No
Circumvention of Security. Neither Customer nor any of Customer’s
Affiliates nor any User may circumvent or otherwise interfere with any user
authentication or security of the Cellebrite Service. Customer will
immediately notify Cellebrite of any breach, or attempted breach, of security
known to Customer.
4.3 Security.
Each of Cellebrite and Customer represents and warrants that it complies, and
at all times during the term of this Agreement, will comply with all data
protection, privacy and security laws applicable to each in its performance
under this Agreement. Cellebrite will use commercially reasonable efforts to
maintain appropriate administrative, physical and technical safeguards designed
to protect the security, confidentiality and integrity of Personal Information
in a manner consistent with what Cellebrite supplies generally to its other
customers and in compliance with applicable law. Customer
acknowledges that, notwithstanding any security precautions deployed by
Cellebrite, the use of, or connection to, the Internet provides the opportunity
for unauthorized third parties to circumvent such precautions and illegally
gain access to the Cellebrite Services and Customer Data. Cellebrite does not
guarantee the privacy, security, integrity or authenticity of any information
transmitted over or stored in any system connected to or accessible via the
Internet.
4.4 Data
Processing Addendum. The data processing addendum attached hereto
as Annex A shall apply to the parties’ processing of Personal
Information.
5. CUSTOMER
OBLIGATIONS.
5.1 Customer
System. Customer is responsible for (a) obtaining, deploying and
maintaining the Customer System, and all computer hardware, software, modems,
routers and other communications equipment necessary for Customer, its
Affiliates and their respective Users to access and use the Cellebrite Services
via the Internet; (b) contracting with third party ISP, telecommunications
and other service providers to access and use the Cellebrite Services via the
Internet; and (c) paying all third party fees and access charges incurred
in connection with the foregoing. Except as specifically set forth in
these Terms, a Quote or a Statement of Work, Cellebrite shall not be
responsible for supplying any hardware, software or other equipment to Customer
under these Terms.
5.2 Acceptable
Use Policy. Customer shall be solely responsible for its actions and
the actions of its Users while using the Cellebrite Service. Customer
represents, warrants and agrees that it does and will: (a) abide by all
local, state, national, and international laws and regulations applicable to
Customer’s use of the Cellebrite Service, including without limitation the
provision and storage of Customer Data; (b) not send or store data on or to the
Cellebrite Service which violates the rights of any individual or entity established
in any jurisdiction; (c) not upload in any way any information or
content that contain Malicious Code or data that may damage the operation of
the Cellebrite Services or another's computer or mobile device; (d)
not use the Cellebrite Service for illegal, fraudulent, unethical or
inappropriate purposes; (e) not interfere or disrupt networks
connected to the Cellebrite Service or interfere with other ability to access
or use the Cellebrite Service; (f) not interfere with another
customer’s use of the Cellebrite Service or another person or entity's use of
similar services; (g) not use the Cellebrite Service in any manner that impairs
the Cellebrite Service, including without limitation the servers and networks
on which the Cellebrite Service is provided; (h) comply with all
regulations, policies and procedures of networks connected to the Cellebrite
Service and Cellebrite’s service providers; and (i) use the
Cellebrite Services only in accordance with the Documentation. Customer
acknowledges and agrees that Cellebrite neither endorses the contents of any
Customer communications, Customer Data or other information nor assumes any
responsibility for any offensive material contained therein, any infringement
of third party Intellectual Property Rights arising therefrom or any crime
facilitated thereby. Cellebrite may remove any violating content posted
or stored using the Cellebrite Service or transmitted through the Cellebrite
Service, without notice to Customer. Notwithstanding the foregoing, Cellebrite
does not guarantee, and does not and is not obligated to verify, authenticate,
monitor or edit the Customer Data, or any other information or data input into
or stored in the Cellebrite Service for completeness, integrity, quality,
accuracy or otherwise. Customer shall be responsible and liable for the
completeness, integrity, quality and accuracy of Customer Data and Other
Information input into the Cellebrite Services.
5.3 Permissions
and Responsibilities for Customer Data. Customer represents,
warrants and agrees that: (i) it has provided and will provide all notices, and
has obtained and will obtain, all approvals, permits, licenses, consents,
authorizations, registrations, permissions, certifications, rulings, orders,
judgements and other authorizations from any applicable person, employee
representative body, regulatory authority, or third party entity or person
necessary for Customer’s or its Users’ use of the Cellebrite Services and for
Cellebrite to perform or provide any services related to the Cellebrite
Services, including, but not limited to, Cellebrite’s processing the Customer
Data for the such purposes (“Permissions”). Permissions include
rights for Cellebrite to use, access, intercept, analyze, transmit, copy,
modify, and store all of the intellectual property , Customer Data, Personal
Information, Confidential Information, or other data or information that may be
used, accessed, intercepted, transmitted, copied, modified or stored by
Cellebrite to perform or provide any Cellebrite Services to Customer; (ii) it
has the right to be in possession of, access, interact with and otherwise use,
all devices, equipment, programs, data (including Customer Data) and media
(including any telecommunications systems) that are being used in connection
with the Cellebrite Services and that the use of the Cellebrite Services,
including any instructions given to Cellebrite in connection with the same, is
made in compliance with all applicable laws; and (iii) all information provided
by or on behalf of Cellebrite during the term of the Agreement shall be
complete and accurate in all material respects, and that Customer is entitled to
provide the information to Cellebrite for its use as contemplated under the
Agreement. Customer acknowledges that: (i) Customer is exclusively responsible
to determine what Customer Data it feeds into the Services and is solely
responsible to determine the nature, content, characteristics of the Customer
Data that it feeds into the Services; and (ii) Cellebrite assumes no
responsibility for the nature, content, characteristics or consequences of the
Customer Data (whether in their form inbound to the Services, or in their form
outbound back to the Customer), and that Customer shall have no plea, claim or
demand, and waives any such claims, pleas or demands, of whatever nature, for
any of the foregoing.
5.4 Accuracy
of Customer’s Contact Information; Email Notices. Customer agrees to
provide accurate, current and complete information as necessary for Cellebrite
to communicate with Customer from time to time regarding the Services, issue
invoices or accept payment, or contact Customer for other account-related purposes.
Customer agrees to keep any online account information current and inform
Cellebrite of any changes in Customer’s legal business name, address, email
address and phone number. Customer agrees to accept emails from Cellebrite at
the e-mail addresses specified by its Users for login purposes, and to receive
updates and marketing communications from Cellebrite. In addition, Customer
agrees that Cellebrite may rely and act on all information and instructions
provided to Cellebrite by Users from the above-specified e-mail address.
5.5 Temporary
Suspension. Cellebrite may temporarily suspend Customer’s, its
Affiliates’ or their respective Users’ access to the Cellebrite Services in the
event: (i) that either Customer, its Affiliates or any of their Users is
engaged in, or Cellebrite in good faith suspects Customer, its Affiliates’ or
any of their Users is engaged in, any unauthorized or unlawful conduct
(including, but not limited to any violation of these Terms), or (ii)
Cellebrite is required to do so under the orders of a court or other governmental
body having jurisdiction over Customer or Cellebrite. Cellebrite will attempt
to contact Customer prior to or contemporaneously with such suspension;
provided, however, that Cellebrite’s exercise of the suspension rights herein
shall not be conditioned upon Customer’s receipt of any notification. A
suspension may take effect for Customer’s entire account and Customer
understands that such suspension would therefore include its Affiliates and
User sub-accounts. Customer agrees that Cellebrite shall not be liable to
Customer, any of its Affiliates or Users, or any other third party if
Cellebrite exercises its suspension rights as permitted by this Section.
Upon determining that Customer has ceased the unauthorized conduct leading to
the temporary suspension to Cellebrite’s reasonable satisfaction, Cellebrite
shall reinstate Customer’s, its Affiliates and their respective Users’ access
and use of the Cellebrite Services. Notwithstanding anything in this
Section to the contrary, Cellebrite’s suspension of Cellebrite Services is in
addition to any other remedies that Cellebrite may have under these Terms or
otherwise, including but not limited to termination of these Terms for
cause. Additionally, if there are repeated incidences of suspension,
regardless of the same or different cause and even if the cause or conduct is
ultimately cured or corrected, Cellebrite may, in its reasonable discretion,
determine that such circumstances, taken together, constitute a material
breach.
6. AVAILABILITY;
SUPPORT
6.1 Availability. Subject
to the terms and conditions of these Terms, Cellebrite will use commercially
reasonable efforts to make the Cellebrite Service available with minimal
downtime 24 hours a day, 7 days a week; provided, however, that the following
are excepted from availability commitments: (a) planned downtime (with regard
to which Cellebrite will use commercially reasonable efforts to provide advance
notice, and (b) routine maintenance times , and (c) any unavailability caused
by circumstances of Force Majeure. Certain enhancements to the Cellebrite
Services made generally available at no cost to all subscribing customers
during the applicable Subscription Term will be made available to Customer at
no additional charge. However, the availability of some new enhancements
to the Services may require the payment of additional fees, and Cellebrite will
determine at its sole discretion whether access to any other such new
enhancements will require an additional fee. These Terms will apply to,
and the Service includes, any bug fixes, error corrections, new builds,
enhancements, updates, upgrades and new modules to the Cellebrite Service
subsequently provided by Supplier to Customer hereunder.
6.2 Support.
Cellebrite makes a variety of Support Services offerings available to its
customers and will provide Customer with the level of support to which Customer
is entitled based on Customer’s purchase as set forth in a Quote.
7.1 Price List. Cellebrite may,
at its sole discretion, change its price lists or add or remove
services and/or products from the price lists. Changes in price lists
shall take effect within thirty (30) days from the date of
notification to Customer. It is hereby clarified
that changes in price lists shall not apply to services and/or products underlying
an executed Quote, however, price list changes will apply
to any executed Quote if Customer has requested an amendment to
the executed Quote and the amendment has not been accepted by Cellebrite at the
time of the price list change.
7.2 Total Purchase Price. Customer shall pay Cellebrite
the total price as set forth in the Quote (“Total Purchase Price”). Cellebrite
may charge Customer for any modifications to an accepted Quote.
7.3 Quoted Price. Unless otherwise agreed in
writing, all prices quoted in the Quote (“Quoted Price”) shall be paid
by Customer to the account(s) indicated by Cellebrite. All payments
shall be made in US currency or other currency mutually agreed by the Parties.
The payment is considered made at the date when the amounts effectively reach
Cellebrite’s bank account. The Quoted Price
does not include transportation, insurance, federal, state, local, excise,
value-added, use, sales, property (ad valorem), and similar taxes or
duties. In addition to the Quoted Price, Customer shall pay all
taxes, fees, or charges imposed by any governmental authority.
If Cellebrite is required to collect the
foregoing, Customer will pay such amounts promptly unless it has
provided Cellebrite with a satisfactory valid tax exemption certificate
authorized by the appropriate taxing authority.
7.4 Terms of Payment and Default
Interest. Payment
for the Services under any accepted Quote shall be in accordance with the
payment terms set forth in the Quote. Failure to make due payment in
accordance with the terms of the Quote may cause Cellebrite to apply
an interest charge of up to one and one-half percent (1.5%) per
month (but not to exceed the maximum lawful rate) on all
amounts which are not timely and duly paid, accruing daily and compounding
monthly from the date such amounts were due. Customer shall
reimburse Cellebrite for all costs and expenses incurred
by Cellebrite in connection with the collection of overdue amounts,
including attorneys’ fees. Customer shall
not be permitted to set off any deductions against any amounts due
to Cellebrite.
7.5 Suspension
of Service. If any amounts owed by Customer for the Services are thirty
(30) or more days overdue, Cellebrite may, without limiting Cellebrite’s other
rights and remedies, suspend Customer’s and its Users’ access to the Services
until such amounts are paid in full.
7.6 Payment
Disputes. Cellebrite agrees that it will not exercise its rights under this
Section 7 if the applicable charges are under reasonable and good-faith dispute
and Customer is cooperating diligently to resolve the dispute.
8. REPRESENTATIONS
AND WARRANTIES; DISCLAIMER.
8.1 Mutual
Representations and Warranties. Each party represents, warrants and
agrees that: (a) it has the full power and authority to enter into these
Terms and to perform its obligations hereunder, without the need for any
consents, approvals or immunities not yet obtained; and (b) its acceptance
of and performance under these Terms shall not breach any oral or written
agreement with any third party or any obligation owed by it to any third party
to keep any information or materials in confidence or in trust.
8.2 Customer
Representations and Warranties. Customer represents, warrants and
agrees that during the term of these Terms that (a) only Users who have
obtained any necessary consents and approvals pursuant to applicable laws shall
be permitted to use the Cellebrite Service; (b) Customer will obtain any
necessary approval, consent, authorization, release, clearance or license of
any third party and any release related
to any rights of privacy or publicity required in connection with Customer’s or
its Users’ use of the Cellebrite Service and Customer Data, and (c) Customer
and its Users shall use the Cellebrite Service in compliance all applicable
federal, state and local laws, rules and regulations including without
limitation those related to data privacy, protection and security.
8.3 Cellebrite
Service Warranty. Cellebrite warrants that during the relevant
Subscription Term, the Cellebrite Service will conform, in all material
respects, with the Documentation, PROVIDED, HOWEVER, THAT CELLEBRITE DOES NOT
MAKE, AND HEREBY DISCLAIMS ANY REPRESENTATIONS OR WARRANTIES CONCERNING THE
PROPER STORAGE OF THE CUSTOMER DATA (WHETHER IN ITS INBOUND OUTBOUND FORM), OR
ITS DATA-INTEGRITY, AVAILABILITY OR ABSENCE OF MODIFICATIONS THERETO. For a
breach of the foregoing warranty, Cellebrite will, at no additional cost to
Customer, provide remedial services necessary to enable the Cellebrite Service
to conform to the warranty. The Customer will provide Cellebrite with a
reasonable opportunity to remedy any breach and reasonable assistance in
remedying any defects. Such warranty shall only apply if the Cellebrite Service
has been utilized by the Customer in accordance with the Quote and this
Agreement.
8.4 Ancillary
and Support Services Warranty. Cellebrite warrants that any Ancillary
Services and the Support Services provided hereunder shall be provided in a
competent and professional manner and in accordance with any specifications set
forth in the Quote in all material respects. If the Ancillary Services or the
Support Services are not performed in conformity with the foregoing warranty,
then, upon the Customer’s written request, Cellebrite shall promptly
re-perform, or cause to be re-performed, such Ancillary Services or Support
Services, at no additional charge to the Customer. Such warranties and other
obligations shall survive for thirty (30) days following the completion of the
Ancillary Services or the Support Services.
8.5 Disclaimer. EXCEPT
FOR THE WARRANTIES SET FORTH IN THIS SECTION 8, THE CELLEBRITE SERVICES,
SUPPORT SERVICES, ANCILLARY SERVICES, THIRD PARTY OFFERINGS AND ANY NON-GA
SERVICES ARE PROVIDED ON AN AS-IS BASIS. CUSTOMER’S USE OF THE CELLEBRITE
SERVICE, SUPPORT SERVICES, ANCILLARY SERVICES, THIRD-PARTY OFFERINGS AND NON-GA
SERVICES IS AT ITS OWN RISK. CELLEBRITE DOES NOT MAKE, AND HEREBY
DISCLAIMS, ANY AND ALL OTHER EXPRESS, STATUTORY AND IMPLIED REPRESENTATIONS AND
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT AND TITLE, QUALITY,
SUITABILITY, OPERABILITY, CONDITION, SYSTEM INTEGRATION, NON-INTERFERENCE,
WORKMANSHIP, TRUTH, ACCURACY (OF DATA OR ANY OTHER INFORMATION OR CONTENT), THE
PROPER STORAGE OF THE CUSTOMER DATA (WHETHER IN ITS INBOUND OUTBOUND FORM), OR
ITS DATA-INTEGRITY, AVAILABILITY OR ABSENCE OF MODIFICATIONS THERETO, ABSENCE
OF DEFECTS, WHETHER LATENT OR PATENT, AND ANY WARRANTIES ARISING FROM A COURSE
OF DEALING, USAGE, OR TRADE PRACTICE. THE EXPRESS WARRANTIES MADE BY
CELLEBRITE IN SECTION 8 ARE FOR THE BENEFIT OF THE CUSTOMER ONLY AND NOT FOR
THE BENEFIT OF ANY THIRD PARTY. ANY SOFTWARE PROVIDED THROUGH THE
CELLEBRITE SERVICES IS LICENSED AND NOT SOLD.
8.6 NO
AGENT OF CELLEBRITE IS AUTHORIZED TO ALTER OR EXPAND THE WARRANTIES OF
CELLEBRITE AS SET FORTH HEREIN. CELLEBRITE DOES NOT WARRANT THAT: (A) THE
USE OF THE SERVICES OR NON-GA SERVICES WILL BE SECURE, TIMELY,
UNINTERRUPTED OR ERROR-FREE OR OPERATE IN COMBINATION WITH ANY OTHER HARDWARE,
SOFTWARE, SYSTEM OR DATA; (B) THE SERVICES WILL MEET CUSTOMER’S REQUIREMENTS OR
EXPECTATIONS; (C) ANY STORED CUSTOMER DATA WILL BE ACCURATE OR RELIABLE; (D)
THE QUALITY OF ANY INFORMATION OR OTHER MATERIAL OBTAINED BY CUSTOMER THROUGH
THE SERVICES OR NON-GA SERVICES WILL MEET CUSTOMER’S REQUIREMENTS OR
EXPECTATIONS; (E) THE SERVICES AND NON-GA SERVICES WILL BE ERROR-FREE OR THAT
ERRORS OR DEFECTS IN THE SERVICES AND NON-GA SERVICES WILL BE CORRECTED; OR (F)
THE SERVER(S) THAT MAKE THE SERVICES AND NON-GA SERVICES AVAILABLE ARE FREE OF
VIRUSES OR OTHER HARMFUL COMPONENTS. THE SERVICES AND NON-GA SERVICES MAY BE
SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF THE
INTERNET AND ELECTRONIC COMMUNICATIONS. CELLEBRITE IS NOT RESPONSIBLE FOR ANY
DELAYS, DELIVERY FAILURES, OR OTHER DAMAGES RESULTING FROM SUCH PROBLEMS.
9. TRIAL;
FREEMIUM.
See the attached Annex B.
10. INDEMNIFICATION.
10.1 Cellebrite
Indemnity.
I. General.
During the Subscription Term, Cellebrite, at its expense, shall defend and
indemnify Customer and its Affiliates and their respective officers, directors
and employees from and against all actions, proceedings, claims and
demands in each case by a third party (a “Third-Party Claim”) alleging
that the Cellebrite Services infringes any patent, copyright or trademark, or
misappropriates any trade secret and shall pay all damages, costs and expenses,
including attorneys’ fees and costs (whether by settlement or award of by a
final judicial judgment) paid to the Third Party bringing any such Third-Party
Claim. Cellebrite’s obligations under this Section are conditioned upon
(i) Cellebrite being promptly notified in writing of any claim under this
Section, (ii) Cellebrite having the sole and exclusive right to control
the defense and settlement of the claim, and (iii) Customer providing all
reasonable assistance (at Cellebrite’s expense and reasonable request) in the
defense of such claim. In no event shall Customer settle any claim
without Cellebrite’s prior written approval. Customer may, at its own
expense, engage separate counsel to advise Customer regarding a Claim and to
participate in the defense of the claim, subject to Cellebrite’s right to
control the defense and settlement.
II. Mitigation.
If any claim which Cellebrite is obligated to defend has occurred, or in
Cellebrite’s determination is likely to occur, Cellebrite may, in its sole
discretion and at its option and expense (a) obtain for Customer the right to
use the Cellebrite Services, (b) substitute a functionality equivalent,
non-infringing replacement for such the Cellebrite Services, (c) modify the
Cellebrite Services to make it non-infringing and functionally equivalent, or
(d) terminate these Terms and refund to Customer any prepaid amounts
attributable the period of time between the date Customer was unable to use the
Cellebrite Services due to such claim and the remaining days in the
then-current Subscription Term.
IV. Sole
Remedy. THE FOREGOING STATES THE ENTIRE LIABILITY OF CELLEBRITE WITH
RESPECT TO THE INFRINGEMENT OF ANY INTELLECTUAL PROPERTY OR PROPRIETARY RIGHTS
BY THE CELLEBRITE SERVICE OR OTHERWISE, AND CUSTOMER HEREBY EXPRESSLY WAIVES
ANY OTHER LIABILITIES OR OBLIGATIONS OF CELLEBRITE WITH RESPECT THERETO.
10.2 Customer
Indemnity. To the extent permitted by applicable law, Customer shall
defend and indemnify Cellebrite and its Affiliates, licensors and their
respective officers, directors and employees from and against any and all
Third-Party Claims which arise out of or relate to: (a) a claim or threat that
the Customer Data or Customer System (and the exercise by Cellebrite of the
rights granted herein with respect thereto) infringes, misappropriates or
violates any third party’s Intellectual Property Rights; (b) Customer’s use or
alleged use of the Cellebrite Service other than as permitted under or in
breach of these Terms, including without limitation using the Cellebrite
Service in a manner that violates applicable law including without limitation a
person’s Fourth Amendment rights under the United States Constitution or
Customer’s failure to provide any notice, or obtain any consent, approval or
release with respect to the use of Customer Data in connection with the
Cellebrite Service as required by applicable law; (c) Customer’s failure to
comply with applicable law; or (d) an allegation that the Cellebrite System
infringes, misappropriates or violates any third party’s Intellectual Property
Rights that results from (i) Customer’s use of the Cellebrite Service in
combination with any software, hardware, network or system not supplied by
Cellebrite where the alleged infringement relates to such combination, (ii) any
modification or alteration of the Cellebrite Service other than by Cellebrite,
(iii) Customer’s continued use of the Cellebrite Service after Cellebrite
notifies Customer to discontinue use because of an infringement claim, (iv)
Customer’s violation of applicable law; or (v) Third Party Offerings.
Customer shall pay all damages, costs and expenses, including attorneys’ fees
and costs (whether by settlement or award of by a final judicial judgment) paid
to the Third Party bringing any such Third-Party Claim. Customer’s
obligations under this Section are conditioned upon (x) Customer being
promptly notified in writing of any claim under this Section, (y) Customer
having the sole and exclusive right to control the defense and settlement of
the claim, and (z) Cellebrite providing all reasonable assistance (at
Customer’s expense and reasonable request) in the defense of such claim.
In no event shall Cellebrite settle any claim without Customer’s prior written
approval. Cellebrite may, at its own expense, engage separate counsel to
advise Cellebrite regarding a Third-Party Claim and to participate in the
defense of the claim, subject to Customer’s right to control the defense and
settlement.
11. CONFIDENTIALITY.
11.1 Confidential
Information. “Confidential Information” means any
and all non-public technical and non-technical information disclosed by one
party (the “Disclosing Party”) to the other party (the “Receiving
Party”) in any form or medium, whether oral, written, graphical or
electronic, pursuant to these Terms, that is marked confidential and
proprietary, or that the Disclosing Party identifies as confidential and
proprietary, or that by the nature of the circumstances surrounding the
disclosure or receipt ought to be treated as confidential and Proprietary
Information, including but not limited to: (a) techniques, sketches,
drawings, models, inventions (whether or not patented or patentable), know-how,
processes, apparatus, formulae, equipment, algorithms, software programs,
software source documents, APIs, and other creative works (whether or not
copyrighted or copyrightable); (b) information concerning research,
experimental work, development, design details and specifications, engineering,
financial information, procurement requirements, purchasing, manufacturing,
customer lists, business forecasts, sales and merchandising and marketing plans
and information; (c) proprietary or confidential information of any third party
who may disclose such information to Disclosing Party or Receiving Party in the
course of Disclosing Party’s business; and (d) the terms of these Terms and any
Quote or Statement of Work. Confidential Information of Cellebrite shall
include the Cellebrite Service, the Documentation, the pricing, and the terms
and conditions of this agreement. Confidential Information also includes all
summaries and abstracts of Confidential Information.
11.3 Exceptions
to Confidential Information. The obligations set forth in
Section 11.2 (Non-Disclosure) shall not apply to the extent that
Confidential Information includes information which: (a) was known
by the Receiving Party prior to receipt from the Disclosing Party either itself
or through receipt directly or indirectly from a source other than one having
an obligation of confidentiality to the Disclosing Party; (b) was
developed by the Receiving Party without use of the Disclosing Party’s
Confidential Information; or (c) becomes publicly known or otherwise
ceases to be secret or confidential, except as a result of a breach of these
Terms or any obligation of confidentiality by the Receiving Party.
Nothing in these Terms shall prevent the Receiving Party from disclosing
Confidential Information to the extent the Receiving Party is legally compelled
to do so by any governmental investigative or judicial agency pursuant to
proceedings over which such agency has jurisdiction; provided, however, that
prior to any such disclosure, the Receiving Party shall (x) assert the
confidential nature of the Confidential Information to the agency; (y) to
the extent permitted by applicable law, immediately notify the Disclosing Party
in writing of the agency’s order or request to disclose; and (z) cooperate
fully with the Disclosing Party in protecting against any such disclosure and
in obtaining a protective order narrowing the scope of the compelled disclosure
and protecting its confidentiality.
11.4 Injunctive
Relief. The Parties agree that any unauthorized disclosure of
Confidential Information may cause immediate and irreparable injury to the
Disclosing Party and that, in the event of such breach, the Disclosing Party
will be entitled, in addition to any other available remedies, to seek
immediate injunctive and other equitable relief, without bond and without the
necessity of showing actual monetary damages.
12.1 Cellebrite
Services. As between Cellebrite and Customer, all right, title and
interest in the Cellebrite Services and any other Cellebrite materials
furnished or made available hereunder, and all modifications and enhancements
thereof, and all suggestions, ideas and feedback proposed by Customer regarding
the Cellebrite Services, including all Intellectual Property Rights
in each of the foregoing, belong to and are retained solely by Cellebrite or
Cellebrite’s licensors and providers, as applicable. Customer hereby does
and will irrevocably assign to Cellebrite all evaluations, ideas, feedback and
suggestions made by Customer to Cellebrite regarding the Cellebrite Service,
including any reports, feedback, or information provided during Trial Services
or Freemium Services, (collectively, “Feedback”) and all Intellectual
Property Rights in the Feedback. Customer agrees to provide reasonable reports
as requested by Cellebrite regarding use of any Trial or Freemium Services,
including which portions have been used, errors or difficulties discovered in
sufficient detail to allow Cellebrite to recreate them, and other data
reasonably requested by Cellebrite.
12.2 Customer
Data. As between Cellebrite and Customer, all right, title and
interest in the Customer Data, and all Intellectual Property Rights therein,
belong to and are retained solely by Customer. Customer hereby grants to
Cellebrite a limited, non-exclusive, royalty-free, worldwide license to use the
Customer Data and perform all acts with respect to the Customer Data as may be
necessary for Cellebrite to provide the Services to Customer. To the
extent that receipt of the Customer Data requires Cellebrite to utilize any
account information from a third party service provider, Customer shall be
responsible for obtaining and providing relevant account information and
passwords, and Cellebrite hereby agrees to access and use the Customer Data
solely for Customer’s benefit and as set forth in these Terms. As between
Cellebrite and Customer, Customer is solely responsible for the accuracy,
quality, integrity, legality, reliability, and appropriateness of all Customer
Data.
12.3 Aggregated
Statistics. Notwithstanding anything else in these Terms
or otherwise, Cellebrite may monitor Customer’s use of the Services and use
Customer Data, and other information in an aggregate and anonymous manner,
including to compile statistical and performance information related to the
provision and operation of the Cellebrite Services and any data about how the
Cellebrite product and/or Services are used by the Customer and/or its Users (“Aggregated
Statistics”). As between Cellebrite and Customer, all right, title
and interest in the Aggregated Statistics and all Intellectual Property Rights
therein, belong to and are retained solely by Cellebrite. Customer
acknowledges that Cellebrite will be compiling Aggregated Statistics based on
Customer Data, other information, and information input by other customers into
the Cellebrite Service and Customer agrees that Cellebrite may (a) make such
Aggregated Statistics publicly available, and (b) use such information to
the extent and in the manner permitted by applicable law or regulation and for
any purpose of data gathering, analysis, service enhancement and marketing,
provided that such data and information does not identify Customer or its
Confidential Information.
12.4 Cellebrite
Developments. All inventions, works of authorship and developments
conceived, created, written, or generated by or on behalf of Cellebrite,
whether solely or jointly, including without limitation, in connection with
Cellebrite’s performance of the Ancillary Services hereunder, including (unless
otherwise expressly set forth in an applicable Statement of Work) all
Deliverables (“Cellebrite Developments”) and all Intellectual Property
Rights therein, shall be the sole and exclusive property of Cellebrite.
Customer agrees that, except for Customer Confidential Information, to the
extent that the ownership of any contribution by Customer or its employees to
the creation of the Cellebrite Developments is not, by operation of law or
otherwise, vested in Cellebrite, Customer hereby assigns and agrees to assign
to Cellebrite all right, title and interest in and to such Cellebrite
Developments, including without limitation all the Intellectual Property Rights
therein, without the necessity of any further consideration.
12.5 Further
Assurances. To the extent any of the rights, title and interest in
and to Feedback or Cellebrite Developments or Intellectual Property Rights
therein cannot be assigned by Customer to Cellebrite, Customer hereby grants to
Cellebrite an exclusive, royalty-free, transferable, irrevocable, worldwide,
fully paid-up license (with rights to sublicense through multiple tiers of
sublicensees) to fully use, practice and exploit those non-assignable rights,
title and interest. If the foregoing assignment and license are not enforceable,
Customer agrees to waive those non-assignable and non-licensable rights, title
and interest. Customer agrees to execute any documents or take any
actions as may reasonably be necessary, or as Cellebrite may reasonably
request, to perfect ownership of the Feedback and Cellebrite
Developments.
12.6 License
to Deliverables. Subject to Customer’s compliance with these Terms,
Cellebrite hereby grants Customer a limited, non-exclusive, non-transferable
license during the Subscription Term to use the Deliverables solely in
connection with Customer’s authorized use of the Cellebrite Service.
Notwithstanding any other provision of these Terms: (i) nothing herein shall be
construed to assign or transfer any Intellectual Property Rights in the
proprietary tools, source code samples, templates, libraries, know-how,
techniques and expertise (“Tools”) used by Cellebrite to develop the
Deliverables, and to the extent such Tools are delivered with or as part of the
Deliverables, they are licensed, not assigned, to Customer, on the same terms
as the Deliverables; and (ii) the term “Deliverables” shall not include the
Tools.
13.1 No
Consequential Damages. NEITHER CELLEBRITE NOR ITS LICENSORS OR
AFFILIATES SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL
OR PUNITIVE DAMAGES, OR ANY DAMAGES FOR LOST DATA, BUSINESS INTERRUPTION, LOST
PROFITS, LOST REVENUE OR LOST BUSINESS, ARISING OUT OF OR IN CONNECTION WITH
THESE TERMS, EVEN IF CELLEBRITE OR ITS LICENSORS OR AFFILIATES HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, INCLUDING WITHOUT LIMITATION, ANY
SUCH DAMAGES ARISING OUT OF THE LICENSING, PROVISION OR USE OF THE CELLEBRITE
SERVICE, ANCILLARY SERVICES, SUPPORT SERVICES OR THE RESULTS THEREOF.
13.2 Limits
on Liability. NEITHER CELLEBRITE NOR ITS LICENSORS OR AFFILIATES
SHALL BE LIABLE FOR CUMULATIVE, AGGREGATE DAMAGES GREATER THAN AN AMOUNT EQUAL
TO THE AMOUNTS PAID BY CUSTOMER TO CELLEBRITE UNDER THESE TERMS DURING THE
PERIOD OF TWELVE (12) MONTHS PRECEDING THE DATE ON WHICH THE CLAIM FIRST
ACCRUED, LESS THE AMOUNTS PREVIOUSLY PAID BY CELLEBRITE TO SATISFY LIABILITY
UNDER THIS AGREEMENT.
13.3 Essential
Purpose. CUSTOMER ACKNOWLEDGES THAT THE TERMS IN THIS SECTION 13
(LIMITATION OF LIABILITY) SHALL APPLY TO THE MAXIMUM EXTENT PERMITTED BY
APPLICABLE LAW AND SHALL APPLY EVEN IF AN EXCLUSIVE OR LIMITED REMEDY STATED
HEREIN FAILS OF ITS ESSENTIAL PURPOSE, AND WITHOUT REGARD TO WHETHER SUCH CLAIM
IS BASED IN CONTRACT, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR
OTHERWISE.
14. TERM
AND TERMINATION.
14.1 Term.
The term of these Terms commences on the Effective Date and continues until the
expiration or termination of all Subscription Term(s), unless earlier
terminated as provided in these Terms
14.2 Termination
for Cause. Cellebrite may terminate this Agreement: (i) for its
convenience by giving the Customer (30) days’ prior written notice;
(ii) by giving the Customer a written notice to be immediately
effective in case the Customer causes a material or continuous breach hereof
(“continuous” meaning two or more occurrences of the same breach). All of
Customer’s obligations under this Agreement shall survive the expiration or
termination of the Agreement. Termination of this Agreement will not entitle
Customer to any deduction of the Quoted Price or any refund of any prepaid
fees. Cellebrite may terminate the Agreement and revoke the license
granted hereunder by giving the other Party a written notice to be immediately
effective in case Cellebrite reasonably determines that it can no longer comply
with the terms of the Agreement in accordance with the requirement of any
applicable law, rule and/or regulations. Termination of the Agreement
in accordance with this Section shall not impose on Cellebrite liability of any
kind.
14.3 Effects
of Termination. Upon expiration or termination of these Terms, not
including expiration or termination of a Trial, (a) Customer’s use of and
access to the Cellebrite Service and Cellebrite’s performance of all Support
Services and Ancillary Services shall cease; (b) all Quotes shall terminate;
and (c) all fees and other amounts owed to Cellebrite shall be immediately due
and payable by Customer, including without limitation. Upon Customer’s request
made within ten (10) days after the effective date of applicable termination or
expiration, Cellebrite shall make any Customer Data stored on the Cellebrite
Service available, for a period of 30 days, for download by Customer in the
format in which it is stored in the Cellebrite Service. If, during such thirty
(30) day period, Customer does not have sufficient available download capacity
to retrieve all Customer Data it elects to remove from the Cellebrite Service,
Customer shall be required to purchase additional download capacity in
accordance with Cellebrite’s then-applicable pricing. After such 30-day
period, Cellebrite shall have no obligation to maintain or provide any Customer
Data and may thereafter, unless legally prohibited, delete all Customer Data in
its systems or otherwise in its possession or under its control. In addition, within
thirty (30) days of the effective date of termination, Customer shall:
(a) return to Cellebrite, or at Cellebrite’s option, Customer shall
destroy all items of Confidential Information (other than the Customer Data) in
Customer’s possession or control, including any copies, extracts or portions
thereof, and (b) upon request shall certify in writing to Cellebrite that
it has complied with the foregoing.
14.4 Survival.
This Section and Sections 1, 2.3, 2.4, 7, 8, 10, 11, 12, 13, 14, 15 and any other
Section or Appendix which should reasonably survive termination of this
Agreement, shall continue to be in force and effect after termination or expiry
of this Agreement.
15.1 Notices. All
notices under these Terms must be in writing and in English and will be deemed
given when delivered by hand, sent by a nationally recognized overnight
courier, sent by registered or certified mail, or sent by email to the
addresses designated by the parties. Notices sent by email will be deemed
received when sent unless the sender receives an automated message indicating
the email was not delivered. If receipt occurs outside normal business hours or
on a non-business day, the notice will be deemed received on the next business
day.
15.2 Governing
Law. To the extent permitted by applicable law, this Agreement and
any disputes or claims arising hereunder are governed by the laws of, and
subject to the exclusive jurisdiction of, the country of incorporation of the
Cellebrite entity that sold the Services to Customer, without giving effect to
any choice of law rules or principles. In case of sales or licenses in the
United States of America, this Agreement and any disputes or claims arising
hereunder are governed by the laws of the State of New York and subject to the
exclusive jurisdiction of the federal or state courts in New York, without
giving effect to any conflict of Law rules or principles. Notwithstanding
anything to the contrary, in the event that the entity that
sold the Services to the Customer is Cellebrite GmbH, this
Agreement shall be governed by and construed in accordance with the law of
England and Wales and the Parties hereby submit to the exclusive jurisdiction
of the London courts and, without giving effect to any conflict of law rules or
principles. The United Nations Convention on Contracts for the International
Sale of Goods (except that sales or licenses in the United States of America
shall not exclude the application of General Obligations Law 5-1401), and the
Uniform Computer Information Transactions Act do not apply to this Agreement.
Cellebrite may, at its sole discretion, initiate any dispute or claim against
Customer, including for injunctive relief, in any jurisdiction permitted by
applicable law.
15.3 U.S.
Government Customers. If Customer is a U.S. Federal
Government entity, Cellebrite provides the Cellebrite Service, including
related software and technology, for ultimate Federal Government end use solely
in accordance with the following: Government technical data rights
include only those rights customarily provided to the public with a commercial
item or process and Government software rights related to the Cellebrite
Service include only those rights customarily provided to the public, as
defined in these Terms. The technical data rights and customary
commercial software license is provided in accordance with FAR 12.211
(Technical Data) and FAR 12.212 (Software) and, for Department of Defense
transactions, DFAR 252.227-7015 (Technical Data – Commercial Items) and DFAR 227.7202-3
(Rights in Commercial Computer Software or Computer Software
Documentation). If greater rights are needed, a
mutually acceptable written addendum specifically conveying such rights must be
included in these Terms. In addition, if the Customer is a U.S. Federal
Government entity (or agency thereof), these Terms incorporate the following
FAR provisions by reference: 52.222-50, 52.233-3, 52.222-54, 52.222-21,
52.222-26, 52.203-6, 52.204-10, 52.209-9, 52.212-4, 52.222-40, 52.222-41,
52.203-13, 52.222-36, 52.222-37, 52.233-4, 52.212-5, 52.209-10, 52.222-35,
52.222-53.
15.4 Inapplicable Terms
and Provisions – VOID AB INITIO. This Section only
applies to U.S. local, county, state, governmental agencies and
other U.S. law enforcement agencies that are state or federally funded by the
United States Government. Subject to the foregoing statements, to the
extent that any term or provision of the Agreement, is considered void
ab initio, or is otherwise unenforceable against Customer pursuant to
applicable U.S. Law that expressly prohibits Customer from agreeing to such
term or condition, then such conflicting term or provision in this Agreement
shall be struck to the extent to make such term or provision enforceable, and
the remaining language, if any, shall remain in full force and effect.
15.5 Regulation.
The Cellebrite Service utilizes software and technology that may be subject to
certain export, re-export, customs or import controls, applicable in Israel,
the European Union, the United States and/or other countries. Said regulations
include but are not limited to the provisions of the
US Export Administration Regulations (EAR) and the provisions of the
regulations of the European Union. Customer expressly warrants, represents and
agrees that it shall comply fully with all applicable export laws and
regulations any relevant jurisdictions to ensure that the Services are not
exported or re-exported in violation of such laws and regulations, or used for
any purposes prohibited by such laws and regulations. As the Services are
subject to export control laws and regulations, Customer shall
not export or "re-export" (transfer) the Services
unless the Customer has complied with all applicable controls.
Customer acknowledges and agrees that the Services shall not be used, and none
of the underlying information, software, or technology may be transferred or
otherwise exported or re-exported to countries as to which the United States
maintains an embargo (collectively, “Embargoed Countries”), or to or by
a national or resident thereof, or any person or entity on the U.S. Department
of Treasury’s List of Specially Designated Nationals or the U.S. Department of
Commerce’s Table of Denial Orders (collectively, “Designated Nationals”).
The lists of Embargoed Countries and Designated Nationals are subject to change
without notice. By using the Cellebrite Services, Customer represents and
warrants that it is not located in, under the control of, or a national or
resident of an Embargoed Country or Designated National. The Cellebrite Service
may use encryption technology that is subject to licensing requirements under
the U.S. Export Administration Regulations, 15 C.F.R. Parts 730-774 and Council
Regulation (EC) No. 1334/2000. Customer agrees to comply strictly with all
applicable export laws and assume sole responsibility for obtaining licenses to
export or re-export as may be required. Cellebrite and its licensors make no
representation that the Cellebrite Service is appropriate or available for use
in other locations. Any diversion of the Customer Data contrary to law is
prohibited. None of the Customer Data, nor any information acquired through the
use of the Cellebrite Service, is or will be used for nuclear activities,
chemical or biological weapons, or missile projects.
15.6 Compliance. Customer
represents, warrants and agrees that it will not engage in any
deceptive, misleading, illegal or unethical practices that may be detrimental
to Cellebrite or to any of Cellebrite’s services and products, including but
not limited to the Services and shall only use the Services in compliance
with all applicable laws and regulations (including, without limitation,
data protection, privacy, computer misuse, telecommunications interception,
intellectual property, and import and export compliance laws and regulations or
the applicable foreign equivalents). Customer, its
subsidiaries and Affiliates will not (i) offer, promise or grant any
benefit to a public official for that person or a third party for the discharge
of a duty; (ii) offer, promise or grant an employee or an agent of a business
for competitive purposes a benefit for itself or a third party in a business
transaction as consideration for an unfair preference in the purchase of goods
or commercial services; (iii) demand, allow itself to be promised or to accept
a benefit for itself or another in a business transaction as consideration for
an unfair preference to another in the competitive purchase of goods or
commercial services, and; (iv) violate any applicable anticorruption
regulations and, if applicable, not to violate the US Foreign Corrupt Practices
Act (FCPA), the UK Bribery Act or any other applicable antibribery or
anti-corruption law. Customer further represents, agrees and warrants that
it has, and shall cause each of its subsidiaries and/or Affiliates to, maintain
systems of internal controls (including, but not limited to, accounting
systems, purchasing systems and billing systems) to ensure compliance with the
FCPA, the U.K. Bribery Act or any other applicable anti-bribery or
anti-corruption law. Upon Cellebrite's request, Customer will
confirm in writing that it complies with this Section and
is not aware of any breaches of the obligations under this Section.
If Cellebrite reasonably suspects that Customer is not complying with
this Section then, after notifying Customer regarding the reasonable
suspicion, Cellebrite may demand that Customer, in
accordance with applicable law, permit and participate in - at
its own expense - auditing, inspection, certification or screening to
verify Customer’s compliance with this Section. Any such
inspection maybe executed by Cellebrite or its third
party representative.
15.7 Assignment.
Customer shall not assign its rights hereunder or delegate the performance of
any of its duties or obligations hereunder, whether by merger, acquisition,
sale of assets, operation of law, or otherwise, without the prior written
consent of Cellebrite. Any purported assignment in violation of the
preceding sentence is null and void. Subject to the foregoing, these
Terms shall be binding upon, and inure to the benefit of, the successors and
assigns of the parties thereto.
15.8 Interpretation;
Severability. If any of these Terms is found invalid or unenforceable
that term will be enforced to the maximum extent permitted by law and the
remainder of the Terms will remain in full force.
15.9 Independent
Contractors. The parties are independent contractors, and nothing
contained herein shall be construed as creating an agency, partnership, or
other form of joint enterprise between the parties.
15.10 Entire
Agreement. These Terms, including all applicable Quotes, and Statements of
Work, constitute the entire agreement between the parties relating to this
subject matter and supersedes all prior or simultaneous understandings,
representations, discussions, negotiations, and agreements, whether written or
oral.
15.11 Force
Majeure. Except for your payment obligations hereunder, neither party
shall be liable to the other party or any third party for failure or delay in
performing its obligations under these Terms when such failure or delay is due
to any cause beyond the control of the party concerned, including, without
limitation, acts of God, governmental orders or restrictions, fire, or flood,
provided that upon cessation of such events such party shall thereupon promptly
perform or complete the performance of its obligations hereunder.
Annex A
Data Processing Addendum
This Data Processing Addendum (“Addendum”) is entered
into by and between Cellebrite and Customer.
WHEREAS, the Services involves processing certain personal
data and the parties wish to regulate Cellebrite’s processing of such personal
data, through this Addendum, which is an integral part of the Agreement.
THEREFORE, the parties have agreed to this Addendum,
consisting of four parts:
§ Part
One applies with general provision.
§ Party
Two applies with respect to the GDPR (Regulation (EU) 2016/679 of the European
Parliament and of the Council of 27 April 2016 on the protection of natural
persons with regard to the processing of personal data and on the free movement
of such data, and supplementary GDPR legislations in EU member states), but
only if Cellebrite Services to the Customer operate or Process Personal Data to
any extent, in Cellebrite’s
offices in Singapore, Brazil, India, and Australia which are not member states
of the European Economic Area, and are not territories or territorial sectors
recognized by an adequacy decision of the European Commission, as providing an
adequate level of protection for Personal Data pursuant to Article 45 of the
GDPR.
§ Part
Three applies with respect to the GDPR (Regulation (EU) 2016/679 of the
European Parliament and of the Council of 27 April 2016 on the protection of
natural persons with regard to the processing of personal data and on the free
movement of such data, and supplementary GDPR legislations in EU member
states), but only if Cellebrite Services to the Customer operate and Process
Personal Data exclusively in member states of the European Economic Area, or in
territories or territorial sectors recognized by an adequacy decision of the
European Commission, as providing an adequate level of protection for Personal
Data pursuant to Article 45 of the GDPR.
§ Part
Four applies with respect to the California Consumer Privacy Act of 2018
(CCPA).
Part 1
1. In the event of any
conflicting stipulations between this Addendum and the Agreement or any other
agreement in place between the parties, the stipulations of this Addendum shall
prevail.
2. Any
limitation of liability pursuant the Agreement shall apply to liability arising
from or in connection with breach of this Addendum.
3. Cellebrite
has appointed the person listed below as a contact person for data protection
purposes:
. Mr. Ravid Petel, Compliance Officer – Privacy and Data
Protection, Ravid.Petel@cellebrite.com.
Part 2
1. Capitalized
terms used in this Part 2 of the Addendum but not defined in the Addendum or in
the Agreement have the meaning ascribed to them in Regulation (EU) 2016/679
(GDPR) and in Directive (EU) 2016/680 of the European Parliament and of the
Council of 27 April 2016 on the protection of natural persons with regard to
the processing of personal data by competent authorities for the purposes of
the prevention, investigation, detection or prosecution of criminal offences or
the execution of criminal penalties, and on the free movement of such
data.
2. This
Part 2 applies only where Cellebrite is Processing Personal Data as a Processor
on behalf of the Customer and under the Customer’s instructions, where the Customer is a Controller subject
to the GDPR with respect to the Personal Data that Cellebrite Processes. It
does not apply to Cellebrite’s
Processing Personal Data of Customer’s
representatives to market or promote its products, to administer the business
or contractual relationship between Cellebrite and the Customer or in other
instances where Cellebrite operates as the Controller.
3. Customer
and Cellebrite hereby assent to the Annex to Commission Implementing Decision
(EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer
of personal data to third countries pursuant to Regulation (EU) 2016/679 of the
European Parliament and of the Council, as follows:
3.1. In
Section II (Obligations of the Parties), Clause 9(a) for MODULE TWO: Transfer
controller to processor: The data importer shall specifically inform the data
exporter in writing of any intended changes to that list through the addition
or replacement of sub-processors at least 10 days in advance, thereby giving
the data exporter sufficient time to be able to object to such changes prior to
the engagement of the sub-processor(s).
3.2. In
Section IV (Final Provisions), Clause 17 for MODULE TWO: Transfer controller to
processor: The Parties agree that this shall be the law of Ireland.
3.3. In
Section IV (Final Provisions), Clause 18(b) for MODULE TWO: Transfer controller
to processor: The Parties agree that those shall be the courts of Ireland.
3.4. In
Annex I, for MODULE TWO: Transfer controller to processor:
3.4.1. Data
Exporter: Customer.
3.4.1.1. Activities
relevant to the data transferred under these Clauses: A business with a need to
extract, review and analyze intelligence from digital devices and online
platforms.
3.4.1.2. Role:
controller
3.4.2. Data
Importer: Cellebrite.
3.4.2.1. Activities
relevant to the data transferred under these Clauses: Develops and operates a
software-as-a-service solution for extracting, obtaining, reviewing and
analyzing intelligence from digital devices and online platforms.
3.4.2.2. Role:
processor.
3.5. Description
of Transfer:
3.5.1. Categories
of data subjects whose personal data is transferred: Individuals using the
digital devices from which the intelligence is gathered, and their contacts.
3.5.2. Categories
of data transferred: contact information, messages and emails, correspondence,
location information, photos, data related to use of online platform, and other
information extracted from digital devices.
3.5.3. Sensitive
data transferred: to the extent present on the digital device and extracted at
the instruction of the Customer: personal data revealing racial or ethnic
origin, political opinions, religious or philosophical beliefs, or trade union
membership, and the processing of genetic data, biometric data for the purpose
of uniquely identifying a natural person, data concerning health or data
concerning a natural person’s
sex life or sexual orientation.
3.5.4. The
frequency of the transfer: On a continuous basis, as needed in the use of the
Services.
3.5.5. Nature
of the processing: collection, recording, organization, structuring, storage,
adaptation or alteration, retrieval, disclosure by transmission, alignment or
combination, restriction, erasure and destruction.
3.5.6. Purpose(s)
of the data transfer and further processing: extraction, review and analysis of
intelligence from digital devices and online platforms.
3.5.7. The
period for which the personal data will be retained: For the duration of the
Services.
3.5.8. Transfers
to the following main (sub-) processors:
|
Name |
Activity |
Servers Location |
Cellebrite Services |
|
Amazon Web Services, Inc. |
Cloud Hosting Services, Customer Relationship Management
and Support |
United States, Brazil, United Kingdom, Australia, Ireland |
All services |
|
Mapbox, Inc. |
Mapping and Location resolution |
United States EU |
Physical Analyzer ORION |
|
Datadog, Inc. |
Monitoring and log management |
United States |
All services |
|
Mixpanel, Inc. |
Usage Analytics |
United States |
MobileNow Endpoint Inspector |
|
Salesforce SFDC Irland Limited. |
Customer Relationship Management service system |
Sweden |
All services |
|
Five9, Inc. |
Contact Center interactive voice response |
United States |
All services |
|
QlikTech UK LTD |
Usage analytics |
United Kingdom |
All Services |
|
Appinium, Inc. |
Learning Management System platform |
Stockholm, Sweden |
All services |
|
Gainsight |
Customer Relationship |
United States EU - Frankfurt |
All services |
|
Pendo |
Product Experience Platform |
United States EU |
Guardian Smart Search |
|
F5 Inc. |
Web Application Firewall |
United States, United Kingdom, Ireland, Brazil |
All services |
|
Imperva Inc. |
Web Application Firewall |
United States, United Kingdom, Ireland, Brazil |
All services |
|
Altassian Pty Ltd, Atlassian US, Inc |
Jira ticketing management system Confluence documentation management system |
United States |
All services |
|
Splunk inc / Cisco Systems, Inc |
Security Information and Event Management |
United States |
All services |
3.5.9. Competent
Supervisory Authority: the supervisory authority in the EU member state where
the data exporter’s EU
representative under Article 27 of the GDPR is located.
3.6. In
Annex II, for MODULE TWO: Transfer controller to processor:
3.6.1. Information
Security Policies & Standards: Cellebrite’s Information Security Policy sets forth general
information security policy statements applicable to Cellebrite’s computer and network systems
and all information contained on those systems or relating to Cellebrite’s business activities:
• Information must be consistently protected in a manner
commensurate with its sensitivity, value, and criticality.
• Cellebrite’s information and computer resources must be
used only for the business purposes authorized by management.
3.6.2. Acceptable
Use Policy: Cellebrite’s
Acceptable Use Policy defines the activities that are permissible when using
any of the company’s
computer, device, or communication system and states the minimum compliance
requirements for users of Cellebrite’s
systems, including but not limited to computer equipment, software, operating
systems, network accounts and e-mail
3.6.3. Key
Information Security Controls: Access Control: Cellebrite has implemented
security standards, which are designed to restrict access to Cellebrite’s information and data assets
including: defines general access control requirements (e.g., access to
information resources granted only on a “need-to-know” basis, access terminated at
termination of employment, periodic review of access rights, role-based access
rights and segregation of duties, etc.)
Authentication and encryption: strong authentication with
2FA are required for every remote access to the company’s assets
3.6.4. System
and Communications Protection: Cellebrite operates a comprehensive,
multi-layered information security program, leveraging a defensive, in-depth
architecture. Tiered perimeter defenses include firewalls between zones and key
application servers, as well as segmentation between various network elements
and network segments. Web Application Firewalls are employed to protect
applications. Detective controls are also layered, with proactive
enterprise-wide scans for Advanced Persistent Threat using top notch commercial
malware detection. Network Intrusion Detection technology is in place, as well
as endpoint controls such as Host-Based IDS and advanced malware protection.
The Cellebrite’s network infrastructure is protected with the following
mechanisms, as a standard:
• Network
Firewalls – designed to protect against network-based, malicious
attacks and provide an additional layer of access control.
• Network Access Controls – Cellebrite utilizes controls
for network access and remote access, including 2- factor
authentication and forced disconnection after a period of inactivity.
• Network
Segmentation – VLAN and physical segmentation. Additional controls
may be in place at the application layer which, are detailed below in the
product specifications section of this packet.
3.6.5. Vulnerability
Management: Cellebrite maintains a systematic process to detect categorize, and
handle vulnerabilities found in its infrastructure, application and systems.
3.6.6. Change
Management: Cellebrite maintain a change management process for changes in
production, which helps protect the integrity and availability of the services
by controlling all changes to minimize risk to approve all applicable changes.
3.6.7. SaaS
Network Security: Cellebrite deploys multiple layers of network security across
our SaaS infrastructure and application stack. At the perimeter Cellebrite
relies on cloud front to provide distributed denial of service attack
mitigation and a web application firewall (“WAF”)
for traffic over HTTP and HTTPS. Cellebrite relies on IP whitelisting to ensure
that the network origin for clients is not accessible publicly. All traffic
within Cellebrite’s SaaS
platform operates on independent virtual private clouds (“VPCs”) which is in a
physically isolated from all other accounts. In the IPS layer, advanced threat
protection, intrusion prevention, firewall capabilities, web filtering, network
visibility, anti-virus, and anti-spyware services provide a broad range of
enhanced protection.
3.6.8. Content
Encryption: All traffic to and from clients to the platform uses HTTPS to
encrypt data in transit.
3.6.9. Incident Response Plan: Cellebrite will
adhere to it's internal policies and response plan in the event of a security
incident, including accidental or unlawful destruction, loss, acquisition,
alteration, unauthorized disclosure of, or access to, Personal Data
transmitted, stored, or otherwise processed (“Security Incident”).
Part 3
1. Customer
commissions, authorizes and requests that Cellebrite provide Customer the
Services, which involves Processing Personal Data (as these capitalized terms
are defined and used in: (a) the General Data Protection Regulation (GDPR)
(Regulation (EU) 2016/679) applicable as of 25 May 2018 and any national law
supplementing the GDPR; and (b) Directive (EU) 2016/680 of the European
Parliament and of the Council of 27 April 2016 on the protection of natural
persons with regard to the processing of personal data by competent authorities
for the purposes of the prevention, investigation, detection or prosecution of
criminal offences or the execution of criminal penalties, and on the free
movement of such data; and national laws transposing Directive 2016/680”.
Legislations (a) and (b) above shall collectively be referred to as “Data
Protection Law”.
2. This
Part 3 applies only where Cellebrite is Processing Personal Data as a Processor
on behalf of the Customer and under the Customer’s instructions, where the Customer is a Controller subject
to the GDPR with respect to the Personal Data that Cellebrite Processes. It
does not apply to Cellebrite’s
Processing Personal Data of Customer’s
representatives to market or promote its products, to administer the business
or contractual relationship between Cellebrite and the Customer or in other
instances where Cellebrite operates as the Controller.
3. Cellebrite
will Process the Personal Data only on Customer’s behalf and for as long as Customer instructs Cellebrite
to do so. Cellebrite shall not Process the Personal Data for any purpose other
than the purpose set forth in this Addendum.
4. The
nature and purposes of the Processing activities are as set out in the
Agreement. The Personal Data Processed may include, without limitation:
contact information, messages and emails, correspondence,
location information, photos, data related to use of online platform, and other
information extracted from digital devices.
5. The
Data Subjects, as defined in the Data Protection Law, about whom Personal Data
is Processed are:
Individuals using the digital devices from which the
intelligence is gathered, and their contacts.
6. Customer
is and will always remain the ‘Controller’, and Cellebrite is and will
remain at all times the ‘Processor’ (as these capitalized
terms are defined and used in Data Protection Law). As a Processor, Cellebrite
will Process the Personal Data only as set forth in this Addendum. Cellebrite
and Customer are each responsible for complying with the Data Protection Law
applicable to them in their roles as Controller and Processor.
7. Cellebrite
will Process the Personal Data only on instructions from Customer documented in
this Addendum or otherwise provided either in writing or through the options of
the Services configurable by Customer. The foregoing applies unless Cellebrite
is otherwise required by law to which it is subject (and in such a case,
Cellebrite shall inform Customer of that legal requirement before processing,
unless that law prohibits such information on important grounds of public
interest). Cellebrite shall immediately inform Customer if, in Cellebrite's
opinion, an instruction is in violation of Data Protection Law.
8. Cellebrite
will make available to Customer all information in its disposal necessary to
demonstrate compliance with the obligations under Data Protection Law.
9. Cellebrite
will follow Customer’s
instructions to accommodate Data Subjects’ requests to exercise their rights in relation to
their Personal Data, including accessing their data, correcting it, restricting
its processing or deleting it. Cellebrite will pass on to Customer requests
that it receives (if any) from Data Subjects regarding their Personal Data
Processed by Cellebrite. Cellebrite shall notify Customer of the receipt of
such request as soon as possible, and no later than five (5) business days from
the receipt of such request, together with the relevant details.
10. Customer
authorizes Cellebrite to engage another processor for carrying out specific
processing activities of the Services, provided that Cellebrite informs
Customer at least 10 business days in advance of any new or substitute
processor (including in respect of any material changes in the other processor’s ownership or control), in
which case Customer shall have the right to object, on reasoned grounds, to
that new or replaced processor. If Customer so objects, Cellebrite may not
engage that new or substitute processor for the purpose of Processing Personal
Data in the provision of the Services. Customer hereby authorizes Cellebrite to
engage the processors identified in Section 3.5.8 of Part 2 of the
Addendum.
11. Without
limiting the foregoing, in any event where Cellebrite engages another
processor, Cellebrite will ensure that the same data protection obligations as
set out in this Addendum are likewise imposed on that other processor by way of
a contract, in particular providing sufficient guarantees to implement
appropriate technical and organizational measures in such a manner that the
processing will meet the requirements of Data Protection Legislation. Where the
other processor fails to fulfil its data protection obligations, Cellebrite
shall remain fully liable to Customer for the performance of that other
processor's obligations.
12. Cellebrite
and its other processors will only Process the Personal Data in member states
of the European Economic Area, in territories or territorial sectors recognized
by an adequacy decision of the European Commission, as providing an adequate
level of protection for Personal Data pursuant to Article 45 of the GDPR, or
using adequate safeguards as required under Data Protection Law governing
cross-border data transfers (e.g., Standard Contractual Clauses). Cellebrite must
inform Customer at least 10 business days in advance of any new envisioned
cross-border data transfer scenario, in which case Customer shall have the
right to object, on reasoned grounds, to that new envisioned cross-border data
transfer. If Customer so objects, Cellebrite may not engage in that envisioned
cross-border data transfer for the purpose of Processing Personal Data in the
provision of the Services.
13. In
the event that the foregoing mechanism for cross-border data transfers is
invalidated by a regulatory authority under applicable law or any decision of a
competent authority under Data Protection Law, the parties shall discuss in
good faith and agree such variations (such agreement not to be unreasonably
withheld or delayed) to this Addendum as are required to enable a valid
cross-border data transfers. Further, in the event that the European Commission
establishes processor to processor standard contractual clauses, the parties
will enter into those clauses as promptly as reasonably practicable.
14. Cellebrite
will ensure that its staff authorized to Process the Personal Data have
committed themselves to confidentiality or are under an appropriate statutory
obligation of confidentiality.
15. Within
10 business days of Customer’s
written request, Cellebrite shall allow for and contribute to audits, including
carrying out inspections conducted by Customer, or another auditor mandated by
Customer in order to establish Cellebrite's compliance with this Addendum and
the provisions of the applicable Data Protection Law as regards the Personal
Data that Cellebrite processes on behalf of Customer. Such audits shall be
limited to one business day per annum (unless Data Protection Law requires
otherwise), shall be conducted during ordinary business hours and without
interruption to Cellebrite’s ordinary course of business. Under no
circumstances shall the audits or inspections extend to trade secrets of
Cellebrite or to data regarding other customers of Cellebrite. All audits are
conditioned on the Customer or its auditors first executing appropriate
confidentiality undertakings satisfactory to Cellebrite.
16. Cellebrite
shall without undue delay, and in any event within 72 hours, notify Customer of
any Personal Data Breach (as this term is defined and used in Data Protection
Law and applicable regulatory guidelines) that it becomes aware of regarding
Personal Data of Data Subjects that Cellebrite Processes. Cellebrite will
thoroughly investigate the breach and take all available measures to mitigate
the breach and prevent its reoccurrence. Cellebrite will cooperate in good
faith with Customer on issuing any statements or notices regarding such
breaches, to authorities and Data Subjects.
17. Taking
into account the state of the art, the costs of implementation and the nature,
scope, context and purposes of processing as well as the risk of varying
likelihood and severity for the rights and freedoms of natural persons,
Cellebrite shall implement in the Services appropriate technical and
organizational measures to ensure a level of security appropriate to the risk,
as detailed in Section 3.6 of Part 2.
18. Cellebrite
will assist Customer with the eventual preparation of data privacy impact
assessments and prior consultation as appropriate (and if needed).
19. Cellebrite
will provide Customer prompt notice of any request it receives from authorities
to produce or disclose Personal Data it has Processed on Customer’s behalf, so that Customer may
contest or attempt to limit the scope of production or disclosure request.
20. Upon
Customer’s request,
Cellebrite will delete the Personal Data it has Processed on Customer’s behalf under this Addendum
from its own and its processor’s
systems, or, at Customer’s
choice, return such Personal Data and delete existing copies, within 10 business
day of receiving a request to do so, and
21. Upon
Customer’s request, will
furnish written confirmation that the Personal Data has been deleted or
returned pursuant to this section.
22. The
duration of Processing that Cellebrite performs on the Personal Data is for the
period set out in the Agreement.
Part 4
1. Scope. This Part applies
to the processing of ‘personal information’ (as defined in Cal. Civ. Code
§1798.140(o)) by Cellebrite for Customer.
2. Service Provider
Obligations. The
Parties acknowledge and agree that Cellebrite is a ‘service provider’ as
defined in Cal. Civ. Code §1798.140(v). To that end, and unless otherwise
requires by law:
2.1. Cellebrite
is prohibited from retaining, using or disclosing Customer ‘personal information’ (as defined in Cal. Civ.
Code §1798.140(o))
for: (a) any purpose other than the purpose of properly performing, or for any
commercial purpose other than as reasonably necessary to perform Customer’s processing instructions; (b) ‘selling’ (as defined in Cal. Civ.
Code §1798.140(t))
Customer personal information; and (c) retaining, using or disclosing Customer
personal information outside of the direct business relationship between the
parties. Cellebrite certifies that it understands the restriction specified in
this subsection and will comply with it.
2.2. If
Cellebrite receives a request from a California consumer about his or her is ‘personal information’ (as defined in Cal. Civ.
Code §1798.140(o)),
Cellebrite shall not comply with the request itself, promptly inform the
consumer that Cellebrite’s
basis for denying the request is that Cellebrite is merely a service provider
that follows Customer’s
instruction, and promptly inform the consumer that they should submit the
request directly to Customer and provide the consumer with Customer’s contact information.
3. Subcontracting to
suppliers. Customer
authorizes Cellebrite to subcontract any of its Services-related activities
consisting (partly) of the processing of the personal information or requiring
personal information to be processed by any third party supplier without the
prior written authorization of Customer provided that: (a) Cellebrite shall
ensure that the third party is bound by the same obligations of the Cellebrite
under this Part and shall supervise compliance thereof; and (b) Cellebrite
shall remain fully liable vis-ŕ-vis Customer for the performance of any such
third party that fails to fulfil its obligations.
4. Return or
deletion of information. Upon
termination of this Part, upon Customer’s written request, or upon fulfillment
of all purposes agreed in the context of Customer’s instructions, whereby no
further processing is required, the Cellebrite shall, at the discretion of
Customer, either delete, destroy or return to Customer, some or all (however
instructed) of the of the personal information that it and its third-party
suppliers process for Customer.
5. Assistance in
responding to consumer requests. Cellebrite
shall assist Customer by appropriate technical and organizational measures,
insofar as this is possible, for the fulfilment of Customer’s obligation to
respond to requests for exercising the consumer rights under the California
Consumer Privacy Act of 2018.
6. Data security. Taking into
account the state of the art, the costs of implementation and the nature,
scope, context and purposes of Cellebrite’s processing of personal information
for Customer, as well as the nature of personal information processed for
Customer, Cellebrite shall implement and maintain reasonable security
procedures and practices appropriate to the nature of the information, designed
to protect the personal information from unauthorized access, destruction, use,
modification, or disclosure (including data breaches).
Annex B
Additional Terms and Conditions for Trial and Freemium
1. TRIAL
a. General. From
time to time, Cellebrite may invite the Customer to try certain services at no
charge, whether those services are generally available to Cellebrite customers
(“GA”) or are pre-release or otherwise not generally available (“Non-GA”)
(each, a “Trial”). The Customer may accept or decline any Trial in its sole
discretion. If the Customer accepts a Trial, it will be governed by the terms
of this Agreement. Any Trial license granted by Cellebrite is non-exclusive,
non-transferable, limited, and non-assignable, and may be provided with or
without charge, as determined by Cellebrite. Cellebrite may revoke any Trial
license at any time in its sole discretion.
b. Feedback. During the
Trial, Customer's Feedback obligations and ownership are governed by
Section 12.1 (Proprietary Rights). Customer agrees to notify Cellebrite
technical support services as promptly as practicable of the discovery of a
material error or difficulty in the Trial. All and any reports and Feedback
provided by the Customer to Cellebrite shall be the Proprietary Information of
Cellebrite alone.
c. ProFound Trial.
Notwithstanding the terms of this Agreement, ProFound Trials are provided for
evaluation purposes only, with or without charge, and for a time period
determined by Cellebrite. At the end of a ProFound Trial, the Customer shall be
granted 24 hours access to remove any of its data from the
ProFound Trial service platform. Customer shall immediately return
any and all documents, notes and other materials assessing the functionality of
the ProFound Trial Services to Cellebrite including all Proprietary Information
and all copies made thereof.
d. Non-GA. Non-GA
Services are provided for evaluation purposes and not for commercial or
production use, are not supported, may contain bugs or errors (but shall not
knowingly contain any undisclosed Malicious Code), and may be subject to
additional terms that shall be provided by Cellebrite to Customer prior to or
concurrent with Cellebrite’s invitation to the applicable Non-GA
Services. Non-GA Services are not considered “Services” hereunder.
Cellebrite has the right to discontinue Non-GA Services at any time in its sole
discretion and may never make them generally available.
e. Warranty. Customer
acknowledge that Trial Services are provided free of charge, and on “AS IS” and
“as available” basis. Furthermore, Non-GA Services are a prerelease code and
not at the level of performance or compatibility of a final generally available
product offering. Cellebrite disclaims any warranty relating to Trial Services,
express or implied, or statutory, including, but not limited to implied
warranties, duties or conditions of merchantability, fitness for a particular
purpose, accuracy or completeness with regard to the Trial Services. Therefore,
the entire risk arising out of the use or performance of Trial Services remains
with Customer and the Customer is advised to safeguard important data, to use
caution and not to rely in any way on the correct functioning or performance of
the Trial Services and accompanying materials.
f. Trial Term.
A Trial shall be in effect for a period of thirty (30) days as of the date of
its acceptance by Customer, unless indicated otherwise by Cellebrite. A Trail
may be terminated by either party for any reason by providing a written notice
to the other party. Upon termination or expiration of a Trial, for any reason,
Customer may purchase a subscription to the Services, in accordance with
Cellebrite’s terms. Otherwise, the right of use and access to the Services
hereunder shall terminate. Customer shall be granted access to remove any of
its data within 30 days hereafter. Customer shall immediately return any and
all documents, notes and other materials assessing the functionality of the
Trial Services to Cellebrite including all Proprietary Information and all
copies made thereof.
2. FREEMIUM
a. General. Cellebrite
may invite Customer to try at no charge a service or services that are
generally available to Cellebrite customers (“Freemium Services”.
Customer may accept or decline any such invitation in its sole discretion. Free
If Customer accepts such Freemium Services, the Customer’s access and use
thereof shall be subject to the terms of this Agreement. Any Freemium Services
license granted by Cellebrite to Customer shall be non-exclusive,
non-transferable, limited and non-assignable . Cellebrite has the right to
immediately revoke a Freemium Services license at any time in its sole
discretion.
b. Feedback. During the
term of the Freemium Services license, Customer's Feedback obligations and
ownership are governed by Section 12.1 (Proprietary Rights). Customer agrees to
notify Cellebrite technical support services as promptly as practicable of the
discovery of a material error or difficulty in the Freemium Services.
c. Warranty. Freemium
Services are provided free of charge on an “AS IS” and “as available” basis.
Cellebrite disclaims all warranties, whether express, implied, or statutory,
including any implied warranties of merchantability, fitness for a particular
purpose, and accuracy or completeness. Use of Freemium Services is at the
Customer’s sole risk. Customer is responsible for safeguarding data and should
not rely on the Freemium Services to operate correctly or without interruption.
d. Liability.
Notwithstanding any other term of this Agreement, Cellebrite shall not be
liable and shall not indemnify Customer in any nature whatsoever for any
direct, indirect special, consequential or indirect losses or damages, arising
from the performance or non-performance of any aspect of the Freemium Services
or from the execution or termination of this Agreement for the provision of
Freemium Services or from any cause whatsoever arising from or in any way
related to the e, sale or use of the Freemium Services, whether or
not any party shall have been made aware of the possibility of such losses.
Customer acknowledges that the Freemium Services are provided without any
compensation to Cellebrite and, therefore, this section is a fundamental
element in this Agreement and Cellebrite would not provide the Freemium
Services without such limitations.
e. Indemnity. To the
extent permitted by applicable law, Customer will, at its own expense: (i)
indemnify and hold Cellebrite and its Affiliates, officers and directors
harmless from any claim (whether brought by a third party or an employee,
consultant or agent of Customer’s) arising from: (a) any use of Freemium
Services in a manner other than as authorized under this Agreement or under any
applicable law, rule or regulation; or (b) Customer’s breach of confidentiality
and/or proprietary obligations hereunder; (ii) reimburse Cellebrite for any
expenses, costs and liabilities incurred relating to such claim or due to any
loss, theft of or damage to the Freemium Services; and (iii) pay all
settlements, damages and costs assessed against Cellebrite and attributable to such
claim.
f. Term.
Freemium Services shall be in effect for a period of ninety (90) days as of the
date of acceptance by Customer, unless indicated otherwise by
Cellebrite to the Customer in writing. Freemium Services may be terminated by
either party for any reason by providing a written notice to the other party.
Upon termination or expiration of Freemium Services for any reason, the right
to use and access the Freemium Services hereunder shall terminate.
Customer shall be granted access to remove any of its data within 30 days
thereafter. Customer shall immediately return any and all documents, notes and
other materials assessing the functionality of the Freemium Services, to
Cellebrite, including all Proprietary Information and all copies made thereof.
[Last updated: January 25, 2026]
***