Exhibit A
Client Pass-Through Addendum
Pursuant to Section 2.5 of the Agreement, this Addendum describes the obligations that Customer shall impose on its Clients via an agreement executed by Client and Customer before (i) allowing such Clients to access the Sift Services or (ii) using the Sift Services on behalf of such Clients. Any capitalized term not defined in this Addendum will have the meaning given it in the main body of the Agreement.
1. Proprietary Rights. Customer shall include the following (or substantially similar) terms regarding proprietary rights in each Client agreement:
1.1 Ownership of and Limited License to Customer Data. [CLIENT] grants to [CUSTOMER] a limited, royalty-free, non-exclusive, worldwide right and license to access, collect, use, process, and store Customer Data only to use the Sift Services on behalf of [CLIENT] as set forth in this Agreement. [CLIENT] grants to Sift a limited, royalty-free, non-exclusive, worldwide right and license to access, collect, use, process, store, copy, and create derivative works from the Customer Data only to provide, maintain, and improve the Sift Services.
1.2 Use of Customer Data. [CLIENT] acknowledges and agrees that Sift may use the Customer Data in accordance with the Sift service privacy notice for as long as reasonably necessary for the limited purpose of providing, maintaining, and improving the Sift Services, which includes improving its machine learning algorithms and data models as necessary to support such uses (the “Permitted Purpose”). [CLIENT] further acknowledges and agrees that, in connection with the Permitted Purpose, Customer Data will be commingled with data received from other customers of the Sift Service; provided, that (a) the Customer Data shall not itself be made available to any other customer, and (b) Customer will not be identified to the extent the Customer Data contributes to the analytical results provided to other customers of the Sift Services.
1.3 Feedback and Labels. If [CLIENT] provides [CUSTOMER] or Sift any feedback (referred to as “labels”) in connection with the Sift Services about whether a transaction or event on a Customer Property is associated with fraud, abuse or other illegal actiity, [CLIENT] shall use reasonable efforts to ensure the accuracy of such feedback and grants to Sift an unlimited, irrevocable, perpetual, sublicensable, royalty-free license to use any such feedback or labels for any purpose without any obligation or compensation to [CLIENT]. Sift may label transactions or events on behalf of [CLIENT] in order to improve the accuracy of the Sift Services for [CLIENT].
1.4 Aggregated Data. [CLIENT] acknowledges and agrees that Sift may use data derived from Customer Data about Customer’s use of the Sift Services that is aggregated with data received from other customers (“Aggregated Data”) for internal purposes such as operating, maintaining, and improving the Sift Services and distribution in general benchmarking or industry-related reports.
2. Customer Commitments. Customer shall commit to the following obligations in each Client agreement:
2.1 Security. [CUSTOMER] will maintain a security program with reasonable and appropriate administrative, technical, organizational and physical security measures designed to protect Customer Data against unauthorized access, disclosure and loss.
2.2 Deletion of Data. Upon termination of [the CLIENT AGREEMENT] or [this Agreement], [CLIENT] may request deletion of the Customer Data. To the extent the Customer Data is in [CUSTOMER]’s possession, custody, or control, [CUSTOMER] will perform such deletion within ninety (90) days and where requested by [CLIENT], certify the same in writing. To the extent the Customer Data is in Sift’s possession, custody, or control, [CUSTOMER] will communicate such request to Sift.
3. Client Commitments. Customer shall require each Client to commit to the following obligations in each Client agreement:
3.1 Compliance with Applicable Law. [CLIENT] will comply with all Applicable Laws in connection with the use of the Sift Services, including the provision of the Customer Data to [CUSTOMER].
3.2 Client Responsibilities. [CLIENT] will use the Sift Services (which, for clarity, include the Analytical Results), only: (a) for the purpose of detecting and preventing fraud, security threats or other illegal or malicious behavior, risk management, and/or managing and responding to chargebacks, if applicable; (b) in accordance with the terms of this Agreement and the Acceptable Use Policy; and (c) in compliance with Applicable Laws and any contractual or other obligation [CLIENT] has to any third party. [CLIENT] is solely responsible for ensuring that its use of the Sift Services, including its provision of the Customer Data and use of Analytical Results, does not violate any Applicable Laws.[CLIENT] is solely responsible for any actions or decisions it makes in connection with its use of the Sift Services and Sift does not assume any responsibility or liability for such actions or decisions.
3.3 Usage Restrictions. [CLIENT] shall not provide to [CUSTOMER] any Customer Data that contains Sensitive Personal Information. [CLIENT] shall not use the Sift Services for any purposes not contemplated by this Agreement, including but not limited to purposes prohibited under the Fair Credit Reporting Act (FCRA) (as further described below) and the Equal Credit Opportunity Act (ECOA), such as a factor in establishing an individual’s creditworthiness or eligibility for credit, insurance, housing, or employment, or in any way that facilitates discrimination, or in any other way that may violate or may cause [CLIENT], [CUSTOMER], or Sift to violate any Applicable Law. For clarity, the foregoing limitations apply to the Analytical Results and any other information derived from use of the Sift Services, as well as the Sift Service itself.
3.4 IMPORTANT FCRA RESTRICTIONS. [CLIENT] acknowledges that Sift is not a consumer-reporting agency (“Consumer Reporting Agency”) as defined by the Fair Credit Reporting Act, 15 U.S.C. § 1681 et seq. (“FCRA”) and the Analytical Results do not constitute “Consumer Reports”, as that term is defined in the FCRA. Customer will not use the Sift Services (including the Analytical Results) for any purposes enumerated in the FCRA in lieu of obtaining a Consumer Report. In particular, [CLIENT] will not use the Sift Services (including the Analytical Results): (i) in connection with establishing a Consumer’s (as such term is defined in the FCRA) eligibility for credit or insurance to be used primarily for personal, family or household purposes, or in connection with assessing risks associated with existing credit obligations of a Consumer; (ii) for the purpose of evaluating a Consumer for employment, promotion, reassignment or retention as an employee; (iii) for any tenancy verification or in connection with any application to rent real property; (iv) in connection with a determination of a consumer’s eligibility for a license or other benefit that depends on an applicant’s financial responsibility or status; (v) as a potential investor or servicer, or current insurer, in connection with a valuation of, or assessment of credit or prepayment risks associated with, an existing credit obligation; (vi) in connection with any information, service or product sold or delivered to a Consumer that constitutes or is derived in substantial part from a Consumer Report; or (vii) for any other purpose under the FCRA. [CLIENT] also will not use the Sift Services (including the Analytical Results) for the preparation of a Consumer Report or in such a manner that may cause such Analytical Results to be characterized as a Consumer Report. [CLIENT] agrees that it will not take any “Adverse Action” (as that term is defined in the FCRA), which is based in whole or in part on the Sift Services (including Analytical Results) against any Consumer.
3.5 Data, Notice, and Consent. [CLIENT] is responsible for the accuracy of Customer Data that it transfers to [CUSTOMER] and shall ensure it has the right to transfer (or provide or authorize access to) Customer Data for the purposes contemplated in this Agreement (and has obtained any necessary consents or authorizations to do so). [CLIENT] will include on each [CLIENT] service and digital application or property (e.g., webpages, apps, endpoints) from which it collects Customer Data a readily accessible privacy policy that includes accurate disclosures concerning the processing activities undertaken in connection with this Agreement that complies with Applicable Laws, including: (i) the collection and processing of Customer Data for the purposes contemplated in this Agreement; (ii) the disclosure of personal information to a third party service provider for detection and prevention of fraud, security threats or other illegal or malicious behavior or managing disputes if applicable; and (iii) if applicable, the use of Snippets to collect and use Customer Data as described in this Agreement. For clarity, as between the parties, [CLIENT] is solely responsible for obtaining any necessary consents, permissions and approvals from and providing any notices to end users required by Applicable Laws and this Agreement in connection with the activities described in this Agreement. The parties will provide reasonable assistance and reasonably cooperate with each other to assist with each party’s compliance with Applicable Laws and this Section.
3.6 Due Diligence and Remedial Action. [CLIENT] will cooperate with [CUSTOMER] in conducting reasonable due diligence into any complaint [CLIENT] or [CUSTOMER] receives relating to the use of the Sift Services, including with respect to any decisions made based on the Sift Services. [CLIENT] will cooperate with [CUSTOMER] to ensure appropriate action is taken in response to such complaints where necessary.