Last Updated November 7, 2022
1. Customer’s Services Subscription. Locance, an authorized reseller and licensee of ThreatMetrix, Inc. (“ThreatMetrix”) ThreatDefender services enumerated on the Order Form as Device Profile services, and as may be included in Compliance services also enumerated thereon, (the “Device Profile Services”), grants Customer a limited, revocable, non-exclusive, nontransferable right to use the Device Profile Services, and any other materials or intellectual property Locance and/or its licensors provide to Customer in connection with the Device Profile Services (the “Device Profile Materials”), solely for Customer’s own internal business purposes, after implementation and configuration of Customer’s website(s), and subject to the terms and conditions of this Agreement. Customer shall not: (i) interfere with or disrupt the integrity or performance of the Device Profile Services or the Device Profile Services Data contained therein; or (ii) attempt to gain unauthorized access to the Device Profile Services or their related systems or networks. “Device Profile Services Data” shall include the following: any technology embodied or implemented in the Device Profile Services or Device Profile Materials; any associated computer code provided by Locance for Customer’s website or computer network; any hosting environment made accessible by Customer for purposes of obtaining the Device Profiling Services; any suggestions, ideas, enhancement requests, or feedback related to the Device Profiling Services; any user device data, Internet Protocol (IP) addresses, anonymous device information, machine learning data, user data persistent in the Locance and/or the ThreatMetrix network, device reports, or transaction histories; and any corollaries, associations, and conclusions pertaining to or arising out of any of the foregoing. Customer will provide Device Profile Services Data to Locance and ThreatMetrix as may be necessary for Locance to provide to Customer the Device Profile Services. Customer will take such actions as may be legally and technically necessary to allow Locance or ThreatMetrix to collect Device Profile Services Data Customer decides to receive in connection with the Device Profile Services.
2. Legal Compliance. Customer will use, and Customer will require that its Clients use, the Device Profile Services in compliance with applicable law including, without limitation, those laws related to data privacy, international communications, and the transmission of technical or personal data. Without limiting the generality of the foregoing, Customer will be responsible for any notifications or approvals required from its Clients or, if applicable, customers of its Clients, arising out of any use of the Device Profile Services including, without limitation, those relating to any computer code deposited on any device and any information secured from such customers or clients (or their respective devices). Customer also will be responsible for compliance with laws and regulations in all applicable jurisdictions concerning the data of its Clients or customers of its Clients.
3. Ownership. As against Customer, Locance (and its licensors, where applicable) owns all right, title and interest, including all related intellectual property rights, in and to the Device Profile Services and Device Profile Materials, any software delivered to Customer, any hosting environment made accessible by Customer, any technology embodied or implemented in the Device Profile Services and Device Profile Materials, any computer code provided by Locance for Customer’s particular website and computer network, and any Device Profile Services Data. The ThreatMetrix name, the ThreatMetrix logo, and the product names associated with the Device Profile Services are trademarks of ThreatMetrix or third parties, and no right or license is granted to use them. All rights not expressly granted to Customer are reserved by Locance and its licensors, and Customer shall have no rights which arise by implication or estoppel.
4. Limitations. The Device Profile Services analyze the activities and other attributes of devices used in transactions, and provide information, including device reports generated by the Device Profile Services (“Device Reports”), based on the data analyzed and the policies Customer defines. The Device Profile Services provide information as to whether a device contains attributes which correlate to a device(s) used in a fraudulent transaction, but do not determine the eligibility of any individual for credit. Customer acknowledges and agrees that neither Locance nor its licensors intend that the Device Reports, or any Device Profile Materials, be considered consumer reports subject to the federal Fair Credit Reporting Act (“FCRA”). Customer represents that it will not use the Device Reports (or any other data provided by Locance or ThreatMetrix) for making credit eligibility decisions or for any other impermissible purpose listed in Section 604 of the FCRA (15 U.S.C. 1681b). In addition, Customer shall not, and shall not permit any representative or third party to: (a) copy all or any portion of any Device Profile Materials; (b) decompile, disassemble or otherwise reverse engineer (except to the extent expressly permitted by applicable law, notwithstanding a contractual obligation to the contrary) the Device Profile Services or Device Profile Materials, or any portion thereof, or determine or attempt to determine any source code, algorithms, methods, or techniques used or embodied in the Device Profile Services or any Device Profile Materials or any portion thereof; (c) modify, translate, or otherwise create any derivative works based upon the Device Profile Services or Device Profile Materials; (d) distribute, disclose, market, rent, lease, assign, sublicense, pledge, or otherwise transfer the Device Profile Services or Device Profile Materials, in whole or in part, to any third party; or (e) remove or alter any copyright, trademark, or other proprietary notices, legends, symbols, or labels appearing on the Device Profile Services or in any Device Profile Materials.
5. Indemnification. Customer shall indemnify and hold harmless Locance and its licensors, and each of their respective officers, directors, employees, attorneys and agents from and against any and all claims, costs, damages, losses, liabilities and expenses (including attorneys’ fees and costs) arising out of or in connection with: (i) any claim alleging that use of any information or data provided by Customer, any of its Clients, or any individual or entity whose information Customer has indicated should be used in connection with the Device Profile Services, infringes the rights of, or has caused harm to, a third party; (ii) any refusal to process any action requested by a user of a device based on Customer’s use of any Device Reports provided to Customer by the Device Profile Services or Customer’s use of the Device Profile Services; or (iii) Customer’s failure to provide data to Locance or ThreatMetrix in the format prescribed by them.
6. Limitation of Liability. THE DEVICE PROFILE SERVICES INCLUDING, WITHOUT LIMITATION, THE DEVICE REPORTS, AND ANY OTHER SERVICES, ARE PROVIDED AS IS. LOCANCE (INCLUDING ITS LICENSORS) HEREBY DISCLAIM ALL OTHER REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF ANY KIND, WHETHER EXPRESS, IMPLIED (EITHER IN FACT OR BY OPERATION OF LAW), OR STATUTORY, WITH RESPECT TO THE DEVICE PROFILE SERVICES AND DEVICE PROFILE MATERIALS INCLUDING, WITHOUT LIMITATION, ALL WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT, AND ALL WARRANTIES THAT MAY ARISE FROM A COURSE OF DEALING, COURSE OF PERFORMANCE, OR TRADE PRACTICE. NOTWITHSTANDING THE FOREGOING, IN NO EVENT SHALL LOCANCE’S OR AND/OR ITS LICENSORS’ AGGREGATE LIABILITY FOR ANY CLAIM OR COMBINATION OF CLAIMS EXCEED ONE HUNDRED DOLLARS ($100). IN NO EVENT SHALL LOCANCE AND/OR ITS LICENSORS BE LIABLE TO ANYONE FOR ANY INDIRECT, PUNITIVE, SPECIAL, EXEMPLARY, INCIDENTAL, CONSEQUENTIAL OR OTHER DAMAGES OF ANY TYPE OR KIND (INCLUDING, BUT NOT LIMITED TO, LOSS OF DATA, REVENUE, PROFITS, USE OR OTHER ECONOMIC ADVANTAGE) ARISING OUT OF, OR IN ANY WAY CONNECTED WITH THE DEVICE PROFILE SERVICES, DEVICE PROFILE MATERIALS, OR SUPPORT SERVICES INCLUDING, BUT NOT LIMITED TO, THE USE OR INABILITY TO USE THE DEVICE PROFILE SERVICES, DEVICE PROFILE MATERIALS, OR SUPPORT SERVICES, ANY INTERRUPTION, INACCURACY, ERROR OR OMISSION, REGARDLESS OF CAUSE, EVEN IF LOCANCE AND/OR ITS LICENSORS HAVE BEEN PREVIOUSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
7. Restricted Rights of Government Users. If Customer is, or Customer is entering the Agreement on behalf of, an agency, department, or other entity of the United States Government (the “U.S. Government”), then use, duplication, reproduction, release, modification, disclosure, or transfer of the Locance Assets, including the Device Profile Services or Device Profile Materials, may be restricted in accordance with Federal Acquisition Regulation 12.211 or 12.212 for civilian agencies and Defense Federal Acquisition Regulation Supplement 227.7015 or 227.7202 for military agencies, and their successors. The same restrictions shall apply to similar laws and regulations applicable to governmental and regulatory bodies outside of the United States (“Other Governments”). The Locance Assets, including the Device Profile Services and Device Profile Materials, contain technical data and are commercial computer software and commercial computer software documentation. Any use, modification, reproduction, release, performance, display or disclosure of the Locance Assets, including the Device Profile Services or Device Profile Materials, by the U.S. Government or Other Governments shall be governed solely by the terms of this Agreement and shall be prohibited except to the extent expressly permitted by the terms of this Agreement. In the event of a sale of any Services to the U.S. Government or Other Governments, Customer shall affix the following legend to all related documentation: “Use, duplication, reproduction, release, modification, disclosure, or transfer of the Services is restricted by a license agreement and, in the United States, is further restricted in accordance with FAR 12.212 and DFARS 227.7202. The contractor is Locance, Inc., located at 5857 Owens Ave, Suite 300, Carlsbad, CA 92008, U.S.A.”
8. Acceptable Use. Customer shall use the Device Profile services solely for its own internal legitimate business purposes, namely: (i) identity verification; (ii) mitigation of financial and business risk; (iii) detection, investigation, assessment, monitoring and prevention of fraud and other crime; and/or (iv) compliance with anti-money laundering (AML), counter-terrorism financing (CTF), anti-bribery and corruption (ABC) and similar laws. Customer also will be responsible for compliance with laws and regulations in all applicable jurisdictions concerning the data of its customers or clients and for any decisions and actions Customer takes concerning such data. ThreatMetrix will comply with the ThreatMetrix data processing addendum at https://risk.lexisnexis.com/group/dpa/data-processing-addendum-en. Customer understands and agrees that, in order to ensure compliance with state or federal laws, regulations or rules, regulatory agency requirements of this Agreement, ThreatMetrix’s obligations under its contracts with its data providers, and ThreatMetrix’s internal policies, ThreatMetrix may conduct periodic usage reviews of Customer use of the Device Profile services. Customer agrees to cooperate fully with any and all usage reviews and to respond to any such inquiry within ten (10) business days, unless an expedited response is required. Violations discovered in any review and/or audit by ThreatMetrix will be subject to immediate action including, but not limited to, suspension or termination of the license to use the services, reactivation fees, legal action, and/or referral to federal or state regulatory agencies.