Bridge Terms and Conditions

These terms and conditions apply to the provision of the products or services by getBridge, LLC (“Bridge”) to the entity identified in the Order Form (“Customer”). An “Order Form” means any order for the provision of products or services signed by Customer. These terms are incorporated into the Order Form and together, form the “Agreement.” Bridge and Customer are referred to in this Agreement each as a “party” and together as the “parties.”

1.         Service. Subject to the terms of this Agreement, Bridge will provide to Customer proprietary software as a service offering(s) made available through a URL in a hosted environment (together with any other products and services identified in the Order Form, the “Service”). All rights in and to the Service not expressly granted to Customer in this Agreement are reserved by Bridge. Bridge shall: (a) deploy all updates and upgrades to the Service to Customer that Bridge provides to its customers generally for no additional charge; and (b) provide support (“Support”) pursuant to the terms described on the Order Form. For purposes of this Agreement, “User” means an individual who is authorized by the Customer to use the Service and for whom Customer has purchased a subscription.

2.         Customer Restrictions. Customer shall not (and shall not permit Users to): (a) sell, resell, rent, lease, lend, sublicense, distribute, assign, timeshare, or otherwise transfer or provide access to the Service to any third party except as expressly authorized under this Agreement; (b) use or access the Service for competitive purposes; (c) copy, modify, adapt, or create derivative works from any feature, function, interface, or graphic in the Service; (d) remove or modify Bridge’s policies or proprietary markings displayed within the Service; (e) use, interfere with, disrupt or circumvent the integrity, security or performance of the Service, including by probing, scanning, or testing any Bridge system or network or its security or authentication measures; (f) store or transmit any malicious code; (g) permit direct or indirect access to or use of any Service or Customer Data (as defined below) in a way that circumvents a contractual usage limit; (h) attempt to gain unauthorized access to the Service, its related systems or networks or Third-Party Services (as defined below); (i) use the Service or any Third-Party Services to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights; or (j) use the Service to distribute software or tools that gather information, distribute advertisements, or engage in conduct that may result in retaliation against Bridge or its data, systems, or networks. Use and access to the Application Program Interface (“API”) will be subject to the Bridge API Policy as updated from time to time and available at https://www.getbridge.com/bridge-terms-of-use/.

3.          Customer Data means all permitted electronic data stored by Customer or processed through use of the Service. Customer Data does not include Prohibited Information (as defined below). As between Bridge and Customer, Customer Data remains the sole property of Customer. Bridge may use the Customer Data solely to provide and improve the Service in accordance with this Agreement or Customer’s instructions.Customer retains all rights to its Customer Data, and Bridge may use the Customer Data only to provide the Service and as permitted by this Agreement, and not for any other purpose. Customer is the owner and data controller for its Customer Data. Customer is responsible for the accuracy, integrity, and for obtaining all legally-required consents for, and complying with all data protection laws applicable to the use of Customer Data in the Service, for examining and confirming results before use, and adopting procedures for identifying and preventing errors in the Customer Data. Each party will use diligence in the protection of Customer Data and in preventing any unauthorized person(s) from gaining access thereto.

4.         Data Protection.  To the extent any personal data or personal information will be processed by Bridge as a processor or service provider respectively under this Agreement (including any Order Form and/or SOW hereunder), the terms and conditions of LTG’s Data Protection Addendum (as may be amended by Bridge from time to time), found at link: https://ltgplc.com/data-protection-addendum/ shall apply.

5.         Customer Responsibilities. Customer shall have sole responsibility for Customer Data and use of the Service by Users in compliance with this Agreement and the Acceptable Use Policy provided within the Service and available at https://www.getbridge.com/bridge-terms-of-use/ (the “AUP”). Customer agrees to reasonably assist Bridge in connection with a User’s adherence to the AUP. Customer further agrees to: (a) maintain the confidentiality and security of passwords and abide by any access protocols or credential requirements set by Bridge; (b) obtain from Users any consents necessary under this Agreement or to allow Bridge to provide the Service; (c) use commercially reasonable efforts to prevent unauthorized access to or use of the Service; (d) notify Bridge promptly of any such unauthorized access or use of which it learns; (e) cooperate reasonably in all respects with respect to implementation, access, support, and maintenance of the Service;  (f) ensure that a current email address is associated with each User’s account; and (g) notify Bridge of any increase in the number of Users, employees or other metrics greater than the applicable quantity specified in the Order Form (“Quantity”) and Bridge may monitor Customer’s use. Upon receipt of Bridge‘s invoice for excess use, Customer shall pay additional fees on a proportionate basis for the excess use in minimum blocks of 10% of the applicable Quantity, for prior use and for future use for the remainder of the term specified in the applicable Order Form.

6.         Representations. Each party represents that: (a) it has the power and authority to validly enter into this Agreement; (b) this Agreement has been duly and validly authorized, executed and delivered by such party; (c) the execution and delivery of this Agreement does not violate or conflict with any other agreement, license, or obligation of such party; (d) it has not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from or on behalf of any employees or agents of the other party in connection with this Agreement; and (e) it is financially solvent and has the ability to perform its obligations hereunder.

7.         Bridge Warranties. Bridge warrants that: (a) it shall implement reasonable administrative, technical, and physical safeguards in an effort to secure its facilities and systems from unauthorized access and to secure the Customer Data; (b) it will perform any professional services in a professional manner in accordance with prevailing industry standards; and (c) for a period of 90 days from its delivery, any Service will materially conform to the specifications as set forth in the then current documentation. At no additional cost to Customer, and as Customer’s sole and exclusive remedy for nonconformity of the Service with this limited warranty, Bridge will use commercially reasonable efforts to correct any such nonconformity, provided Customer promptly notifies Bridge in writing outlining the specific details upon discovery. This limited warranty shall be void if the failure of the Service to conform is caused by (i) the use or operation of the Service with an application or in an environment other than as set forth in the then current documentation, or (ii) modifications to the Service that were not made by Bridge or Bridge’s authorized representatives.

Neither Bridge nor its affiliates will knowingly introduce any time bomb, virus or other harmful or malicious code designed to disrupt the use of the Service.

EXCEPT AS EXPRESSLY PROVIDED IN THIS SECTION 7 AND TO THE MAXIMUM EXTENT OF THE LAW, BRIDGE AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, WHETHER WRITTEN, ORAL, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE. WITHOUT LIMITING THE FOREGOING, BRIDGE DOES NOT WARRANT THE RESULTS OR OUTCOMES FROM USE OF THE SERVICE OR THAT THE SERVICE WILL BE UNINTERRUPTED OR ERROR-FREE. TO THE EXTENT THE FOREGOING DISCLAIMER IS EXPRESSLY PROHIBITED BY LAW, ANY AVAILABLE WARRANTY SHALL BE LIMITED TO THIRTY (30) DAYS AND TO THE SERVICE REMEDIES PROVIDED BY BRIDGE IN THIS SECTION 7.

8.         Fees. All payments are due within thirty (30) days of the date of the invoice and are non-cancellable and non-refundable except as provided in this Agreement, or as otherwise agreed to in the Order Form. Customer shall pay all fees set forth in an Order Form (“Fees”) annually in advance, or as otherwise agreed to in the Order Form. If Customer requires a purchase order (“P.O.”), it shall be provided when the Order Form or SOW is signed.  In no event shall Customer’s failure or delay in providing a P.O. alter its payment obligations under the relevant Order Form or SOW. All Fees owed by Customer are exclusive of, and Customer shall pay all applicable sales, use, VAT, excise, withholding, and other taxes that may be levied in connection with this Agreement. If Customer does not pay any amount (not disputed in good faith) when due, Bridge may charge interest on the unpaid amount at the rate of 1.5% per month (or if less, the maximum rate allowed by law). Bridge reserves the right (in addition to any other rights or remedies Bridge may have) to discontinue the Service and to suspend all Users’ and Customer’s access to the Service if any Fees are overdue until such amounts are paid in full. Customer will remain obligated to make all payments due under this Agreement. Customer agrees to pay Bridge’s expenses, including reasonable attorneys and collection fees, incurred in collecting amounts not subject to a good faith dispute. 

9.         Service Standard. Bridge will use commercially reasonable efforts to make each Service available with an annual uptime percentage of at least 99.9% (“Service Commitment”).

 

10.        Prohibited Information. “Prohibited Information” means credit or debit card numbers, passwords, protected health information as defined in HIPAA (45 C.F.R. § 160.103), and information relating to a customer or consumer of a financial institution under GLBA (15 U.S.C. §§ 6801–6809). Customer’s use of the Service does not require the entry or collection of Prohibited Information. Customer agrees not to use the Service to collect or manage Prohibited Information. NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT, BRIDGE DISCLAIMS ANY AND ALL LIABILITY THAT MAY ARISE FROM CUSTOMER’S USE OF THE SERVICE TO COLLECT OR MANAGE PROHIBITED INFORMATION. 

11.        Data Use. Customer agrees that data derived from Bridge’s provision of the Service or Customer’s use of the Service (“Usage Data”) may be used by Bridge for the purposes of analysis, including statistical analysis, trend analysis, creation of data models, and creation of statistical rules. Such Usage Data will only be used in its aggregated or anonymized form and such results may be used by Bridge for any lawful purpose not otherwise excluded by this Agreement. As between the parties, Bridge owns the Usage Data. Notwithstanding anything contained in this Agreement to the contrary, Usage Data does not include Customer Data or any information that identifies or can be reasonably used to identify an individual person or Customer.

12.        Third-Party Services. Customer may access third-party services, content or links through the use of the Service (collectively “Third-Party Services”). Bridge does not control Third-Party Services or make any representations or warranties with respect to Third-Party Services. In addition, Bridge is not responsible for Third-Party Services.

13.        OpenAI Integration. Customer may activate the optional OpenAI integration feature included in the Service. Activation of this feature is at the discretion of Customer and may be used for certain compatible OpenAI solutions as identified in the current documentation. Customer is solely responsible for ensuring that it ascertains any approval or authorisation required before it activates and uses the OpenAI integration feature. The OpenAI integration feature is offered as a resource to our customers that have their own OpenAI corporate account and not intended to be used with free or public instances of OpenAI. Customer acknowledges and agrees that any reliance or use of any AI generated content is at their own risk and Bridge is not responsible for any use or content generated from the OpenAI tool/services.  BRIDGE MAKES NO WARRANTY OR REPRESENTATION OF ANY KIND (WHETHER WRITTEN, ORAL, EXPRESS, IMPLIED, OR STATUTORY) INCLUDING  WITHOUT LIMITATION TO THE ACCURACY, RELIABILITY, LAWFULNESS, OR CORRECTNESS OF ANY CONTENT GENERATED THROUGH THE USE OF ANY THIRD-PARTY INTEGRATED OPENAI TOOL/SERVICES. NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT, BRIDGE DISCLAIMS ANY AND ALL LIABILITY THAT MAY ARISE FROM ANY THIRD-PARTY INTEGRATED OPENAI TOOL/SERVICES.  

14.        Limitation of Liability.

a.         EACH PARTY AND ITS SUPPLIERS SHALL NOT BE LIABLE TO THE OTHER PARTY FOR ANY INDIRECT, SPECIAL, EXEMPLARY, PUNITIVE, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT OR THE USE OR INABILITY TO USE THE SERVICE (INCLUDING, WITHOUT LIMITATION, COSTS OF DELAY, LOSS OR INACCURACY OF DATA, RECORDS OR INFORMATION, COST(S) OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, AND ANY FAILURE OF DELIVERY OF THE SERVICE), EVEN IF THE OTHER PARTY HAS BEEN NOTIFIED OF THE LIKELIHOOD OF SUCH DAMAGES.

b.         EXCEPT FOR ANY DAMAGES RESULTING FROM THE GROSS NEGLIGENCE, FRAUD OR THE WILLFUL MISCONDUCT OF A PARTY, THE DEATH, BODILY INJURY OF ANY PERSON CAUSED BY THE NEGLIGENT ACTS OR OMISSIONS OF A PARTY, PAYMENT OBLIGATIONS, OR INDEMNIFICATION OBLIGATIONS AS SET FORTH IN SECTION 19 (IN RESPECT OF WHICH BRIDGE’S AGGREGATE LIABILITY SHALL BE AT THE LIMIT SPECIFIED AT THE END OF THIS SECTION), EACH PARTY’S CUMULATIVE MAXIMUM LIABILITY FOR DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT (WHETHER IN CONTRACT, TORT OR OTHERWISE) SHALL NOT EXCEED THE AMOUNT PAID BY CUSTOMER UNDER THIS AGREEMENT WITHIN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO LIABILITY.

c.          BRIDGE’S TOTAL AGGREGATE LIABILITY UNDER OR IN RESPECT OF ANY INDEMNITY OBLIGATION UNDER THIS AGREEMENT SHALL BE LIMITED TO $500,000.

15.        Confidentiality. Each party acknowledges that it or any entity that directly, or indirectly through one or more intermediaries’ controls, is controlled by or is under common control with such party (an “Affiliate”) may disclose (in such capacity the “Disclosing Party”) Confidential Information to the other party or its Affiliates (in such capacity, the “Receiving Party”) in the performance of this Agreement. Accordingly, the Receiving Party shall: (a) keep the Confidential Information disclosed by the other party confidential; (b) use Confidential Information only for purposes of fulfilling its obligations and exercising its rights hereunder; and (c) disclose such Confidential Information only to the Receiving Party’s employees or Affiliates who have a need to know and only for the purposes of fulfilling this Agreement or to the extent required by law. As used herein, “Confidential Information” means any and all non-public, confidential and proprietary information, data, or know-how, including all Personal Information and information about the Disclosing Party’s businesses, operations, finances, properties, employees, relationships with third parties, plans, trade secrets, and other intellectual property and all analyses, compilations, forecasts, studies, summaries, notes, reports, memoranda, interpretations, data, and other materials which contain or are generated from the Confidential Information, whether disclosed in writing, orally, electronically, or by other means, and whether or not identified as confidential. . For the avoidance of doubt, any non-public aspect of the Service will be considered the Confidential Information of Bridge. Confidential Information shall not include information that: (i) is or becomes a matter of public knowledge through no fault of the Receiving Party; (ii) is rightfully received by the Receiving Party by a third party without a duty of confidentiality; (iii) is independently developed by the Receiving Party without the use of any Confidential Information of the Disclosing Party; or (iv) is identified by the Disclosing Party in writing as no longer confidential and proprietary. Notwithstanding the restrictions above, the Receiving Party may disclose the Confidential Information pursuant to law, regulation, subpoena or court orders, provided that the Receiving Party promptly notifies the Disclosing Party in writing prior to making any such disclosure to permit the Disclosing Party an opportunity to prevent disclosure or seek an appropriate remedy from the proper authority. The Receiving Party agrees to cooperate with the Disclosing Party in seeking such order or other remedy. The Receiving Party further agrees that if the Disclosing Party is not successful in precluding the requesting legal body from requiring the disclosure of the Confidential Information, it will furnish only that portion of the Confidential Information which is legally required (based on the advice of counsel) and will exercise all reasonable efforts to obtain reliable assurances that confidential treatment will be afforded the Confidential Information. Further, any information obtained by monitoring, reviewing, or recording is subject to review by law enforcement organizations in connection with investigation or prosecution of possible criminal or unlawful activity on the Service as well as to disclosures required by or under applicable law or related government agency actions. Bridge will also comply with all court orders or subpoenas involving requests for such information.

16.        Proprietary Rights. As between Customer and Bridge, the Bridge Intellectual Property is, and shall at all times remain the sole and exclusive property of Bridge. Bridge shall have the right, in its sole discretion, to modify the Bridge Intellectual Property. “Bridge Intellectual Property” means: (a) the Service; (b) all improvements, changes, enhancements, and components thereof; (c) all other proprietary materials of Bridge and/or its licensors; and (d) all other intellectual property owned by Bridge including, but not limited to, all copyrights, patents, trademarks and trade names, trade secrets, specifications, methodologies, documentation, algorithms, criteria, designs, report formats, and know-how, as well as any underlying source code and object code related thereto.

17.        Term and Termination. The term of this Agreement is specified in the Order Form (“Term”) and shall continue for its full duration unless earlier terminated by a party in accordance with this Section 17. In addition to any other rights and remedies that may be available, either party may terminate this Agreement: (a) for a material breach of any provision of this Agreement by the other party if such material breach remains uncured for thirty (30) days after receipt of written notice of such breach from the non-breaching party; or (b) immediately upon written notice if the other party files for bankruptcy, becomes the subject of any bankruptcy proceeding or becomes insolvent. In the event the Agreement is terminated, all Order Forms are simultaneously terminated. Upon any termination, except termination by Customer under section 17(a) above, Customer shall promptly pay all unpaid fees due through the end of the term of any applicable Order Form or SOW. Upon expiration or any termination, Customer shall immediately cease use of the Service and remove Customer Data using the existing functionality in the Service. If Customer requires Bridge’s assistance, the parties will agree to the fees, format and timeline for delivery of such Customer Data.  Bridge will disable access to the applicable Service upon termination or expiration of the related Order Form or Agreement. Bridge will destroy all Customer Data within thirty (30) days after the expiration or termination of the related Order Form; provided, that Bridge may retain backup copies of Customer Data for a limited period of time in accordance with Bridge’s then-current backup policy.

18.        Suspension of Service. Bridge may suspend a User’s access to the Service for a violation of Section 5 of this Agreement, any applicable law, or third-party rights to the extent and for the duration necessary to address any such violation. Bridge will use commercially reasonable efforts to provide notice to Customer in advance of any suspension unless such violation may cause direct harm to the Service or may result in liability to Bridge. Customer agrees that Bridge will not be liable to Customer or a User if Bridge exercises its suspension rights as permitted by this Section 18.

19.        Indemnification.

a.         Bridge will indemnify and defend Customer from and against any and all losses, liabilities, and claims (including reasonable attorneys’ fees) arising out of any claim by a third party alleging that the Service infringes or misappropriates the intellectual property rights of that third party. Notwithstanding the foregoing, Bridge shall not be obligated to indemnify Customer if such infringement or misappropriation claim arises from: (a) the Customer Data; (b) Customer’s or User’s misuse of the Service; or (c) Customer’s or User’s use of the Service in combination with any products, services, or technology not provided by Bridge. If a claim of infringement or misappropriation is made, Bridge may, in its sole discretion: (i) modify the Service so that it becomes non-infringing; (ii) obtain a license permitting continued use of the Service; or (iii) terminate the Agreement with no liability to Customer, other than Bridge’s obligation to indemnify hereunder, and return the unused portion of any prepaid Fees.

b.         Customer will indemnify and defend Bridge from and against any and all losses, liabilities, and claims (including reasonable attorneys’ fees) arising out of any claim by a third party alleging: (a) the Customer Data infringes or misappropriates the intellectual property rights of that third party; or (b) use of the Service by Customer or any User in violation of this Agreement or the AUP.

C.         The party seeking indemnification (the “Indemnified Party“) shall provide the other party (the “Indemnifying Party“) with prompt written notice upon becoming aware of any claim subject to indemnification hereunder and shall provide reasonable cooperation to the Indemnifying Party in the defense or investigation of any claim, suit or proceeding. The Indemnifying Party, at its option, will have sole control of such defense, provided that the Indemnified Party is entitled to participate in its own defense at its sole expense. The Indemnifying Party shall not enter into any settlement or compromise of any such claim, suit, or proceeding without the Indemnified Party’s prior written consent, except that the Indemnifying Party may without such consent enter into any settlement of a claim that resolves the claim without liability to the Indemnified Party and without impairment to any of the Indemnified Party’s rights or requiring the Indemnified Party to make any admission of liability.

20.        Notice. Any legal notice by a party under this Agreement shall be in writing and either personally delivered, delivered by email or reputable overnight courier (such as Federal Express) or certified mail, postage prepaid and return receipt requested, addressed to the other party at the address specified in the Order Form or such other address of which either party may from time to time notify the other in accordance with this Section 20. A copy of all notices to Bridge shall be sent to: getBridge, LLC, 434 Fayetteville Street, 9th Floor, Raleigh, NC 27601, Attention: General Counsel and, if by email, to internallegal@ltgplc.com. For purposes of service messages and notices about the Service, Bridge may place a banner notice or send an email to the current email address associated with an account and all notices shall be in English and deemed effective upon receipt.

21.        Force Majeure. If Bridge is unable to perform its obligations under this Agreement due to circumstances beyond its reasonable control, including, but not limited to, acts of God, earthquakes, hacker attacks, actions or decrees of governmental bodies, changes in applicable laws, or communication or power failures (a “Force Majeure Event”), such obligations will be suspended so long as those circumstances persist.

22.        Governing Law. This Agreement shall be interpreted, governed, and construed by the laws of the State of Delaware without regard to principles of conflict of laws. EACH OF THE PARTIES HERETO HEREBY IRREVOCABLY WAIVES ANY AND ALL RIGHT TO TRIAL BY JURY IN ANY LEGAL PROCEEDING ARISING OUT OF OR RELATED TO THIS AGREEMENT OR THE TRANSACTIONS CONTEMPLATED HEREBY.

23.        Independent Contractors. The parties are independent contractors and not agents or partners of, or joint venturers with, the other party for any purpose. Neither party shall have any right, power, or authority to act or create any obligation, express or implied, on behalf of the other party

24.        Amendment; Entire Agreement. Precedence.  If any term of this Agreement is invalid or unenforceable, the other terms remain in effect and the invalid or unenforceable provision will be deemed modified so that it is valid and enforceable to the maximum extent permitted by law. Amendments to this Agreement must be made in writing and signed by both parties. The parties agree that: (a) this Agreement constitutes the entire agreement between the parties with respect to the subject matter thereof, and any prior representations, statements, and agreements relating thereto are superseded by the terms of this Agreement; and (b) Customer may use purchase orders or similar documents only as proof of acceptance of each Order Form and for convenience only, and all terms and conditions (preprinted or otherwise and regardless of how referenced) shall be void and of no effect.

25.        Assignment; Subcontracting. Neither party may assign this Agreement, in whole or in part, without the prior written consent of the other, which shall not be unreasonably withheld. However, either party may assign this Agreement to any Affiliate, or to a person or entity into which it has merged or which has otherwise succeeded to all or substantially all of its business or assets to which this Agreement pertains, by purchase of stock, assets, merger, reorganization or otherwise, and which has assumed in writing or by operation of law its obligations under this Agreement, provided that Customer shall not assign this Agreement to a direct competitor of Bridge. Any assignment or attempted assignment in breach of this Section shall be void. This Agreement shall be binding upon and shall inure to the benefit of the parties’ respective successors and assigns. Bridge may subcontract any part of this Agreement or an underlying Order Form or SOW to any Affiliate or third party, provided that it shall remain responsible for the actions and omissions of the relevant Affiliate or third party in accordance with this Agreement.

26.        Non-Waiver, Invalidity. Any failure by either party to enforce the other party’s strict performance of any provision of this Agreement will not constitute a waiver of its right to subsequently enforce such provision or any other provision of this Agreement.

27.        Consent to use Customer Name.  Customer agrees to allow Bridge to use its name, logo, and non-competitive use details in both text and pictures in its various marketing communications and materials, in accordance with Customer’s trademark guidelines and policies.

28.        Survival. Any terms that by their nature survive termination or expiration of this Agreement will survive. No modification of, amendment or addition to this Agreement is valid or binding unless set forth in writing and executed by authorized representatives of Bridge and Customer. This Agreement, including each relevant Order Form, SOW, and documents attached (t)hereto or incorporated herein by reference, constitutes the complete and exclusive statement of the parties’ agreement as to the subject matter hereof and supersedes all proposals, requirements documents, discussions, presentations, responses to questions, or prior agreements, commitments or promises, oral, electronic or written, between the parties or provided by one party to another,  relating to the subject matter hereof. Each of the parties acknowledges and agrees that in entering into this Agreement it does not rely on and shall have no remedy or right of action with respect to any statement, undertaking, promise, assurance, warranty, understanding or any representation or misrepresentation (whether contractual or non-contractual and whether negligently or innocently made) relating to the subject matter of this agreement and other than as expressly set out in this agreement as a warranty, in writing or not and made by or to any person. Nothing in this section shall, however, operate to limit or exclude any liability for fraud. Each Order Form and SOW is governed by the terms of this Agreement and in the event of a conflict or discrepancy between the terms of an Order Formor SOW and the terms of this Agreement, the Order Form or SOW shall govern. Bridge objects to and rejects any additional or different terms proposed by Customer, including those contained in Customer’s purchase order, acceptance, vendor portal or website. Neither Bridge’s acceptance of Customer’s purchase order nor its failure to object elsewhere to any provisions of any subsequent document, website, communication, or act of Customer shall be deemed acceptance thereof or a waiver of any of the terms hereof. The party’s obligations hereunder are neither contingent on the delivery of any future functionality or features of the Service nor dependent on any oral or written public comments made by Bridge regarding future functionality or features of the Service. No right or cause of action for any third party is created by this Agreement or any transaction under it.

29. Actions Permitted.  Except for actions for nonpayment or breach of a party’s proprietary rights, no action, regardless of form, arising out of or relating to the Agreement may be brought by either party more than one year after the cause of action has accrued.

 

 

EXHIBIT A

Technical and Organizational Security Measures

 

Bridge will only use Customer Data for the purposes of fulfilling its obligations under the Agreement. Bridge will maintain and enforce physical and logical security procedures with respect to its access and maintenance of Customer Data contained on Bridge servers.

 

Bridge will use reasonable measures to secure and defend its location and equipment against “hackers” and others who may seek to modify or access the Bridge servers or the information found therein without authorization. Bridge will test its systems for potential security vulnerabilities at least annually.

 

Bridge has a written information security program (“Information Security Program”) that includes administrative, technical, and physical safeguards that protect against any reasonably anticipated threats or hazards to the confidentiality of the Customer Data, and protect against unauthorized access, use, disclosure, alteration, or destruction of the Customer Data. In particular, the Bridge’s Information Security Program shall include, but not be limited, to the following safeguards where appropriate or necessary to ensure the protection of Confidential Information and Personal Data:

 

Access Controls – policies, procedures, and physical and technical controls: (i) to limit physical access to its information systems and the facility or facilities in which they are housed to properly authorized persons and (ii) to authenticate and permit access only to authorized individuals.

 

Security Incident Procedures – policies and procedures to detect, respond to, and otherwise address security incidents, including procedures to monitor systems and to detect actual and attempted attacks on or intrusions into Customer Data or information systems relating thereto, and procedures to identify and respond to validated security incidents, mitigate harmful effects of security incidents, and document security incidents and their outcomes.

 

Contingency Planning – policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages Customer Data or systems that contain Customer Data, including a data backup plan and a disaster recovery plan.

 

Device and Media Controls – policies and procedures that govern the receipt and removal of hardware and electronic media that contain Customer Data into and out of a Bridge data center, and the movement of these items within a Bridge data center, including policies and procedures to address the final disposition Customer Data.

 

Audit controls – hardware, software, and/or procedural mechanisms that record activity in information systems that contain or use Customer Data.

 

Data Integrity – policies and procedures to guard against the unauthorized disclosure, improper alteration, or unauthorized destruction of Customer Data.

 

Transmission Security – encryption of electronic information while in transit to guard against unauthorized access to Customer Data that is being transmitted over public communications network.

 

Secure Disposal – policies and procedures regarding the disposal of Customer Data, taking into account available technology that can be used to sanitize storage media such that stored data cannot be practicably read or reconstructed.

 

Testing – Bridge shall regularly test the key controls, systems and procedures of its Information Security Program to verify that they are properly implemented and effective in addressing the threats and risks identified. Tests will be conducted or reviewed

in accordance with recognized industry standards (e.g. ISO27001 or SSAE18 and their successor audit standards, or similar industry recognized security audit standards).

 

Adjust the Program – Bridge shall monitor, evaluate, and adjust, as it deems necessary, the Information Security Program in light of any relevant changes in technology or industry security standards, the sensitivity of Customer Data, and internal or external threats to Bridge or the Customer Data.

 

Security Training – Bridge shall provide annual security awareness and data privacy training for its employees that will have access to Customer Data.