Memetria Terms of Service

Last Revised on January 16, 2022.

These Memetria Terms of Service (this “Agreement”), effective as of the date of first acceptance (“Effective Date”), are entered into by and between Stovepipe Studios, Inc., a Delaware corporation (“Memetria”), and the customer accepting this Agreement (“Customer”).

The Customer accepts these terms when an individual requests software subscription services (the "Services") from Memetria, by:

  • clicking an "I've read and agree" check box presenting these terms, or
  • submitting an order form incorporating these terms (each an "Order Form"), or
  • adding a Memetria service to a third-party platform referencing these terms.
The individual taking this action (a) acknowledges that they have read and understand this agreement; and (b) represent that they have full authority to legally bind Customer to this agreement.


Please see Section 12 for definitions of certain capitalized terms used in this Agreement.


A. Memetria provides certain software subscription services to enable customers to create, manage and analyze data systems using the Memetria infrastructure or customers' own infrastructure.

B. Customer desires to retain Memetria to provide such services, and Memetria is willing to perform such services under the terms and conditions set forth herein.

NOW, THEREFORE, in consideration of the mutual covenants and agreements set forth herein and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, Memetria and Customer agree as follows:


1. Services

(a) Memetria Services. Memetria agrees to use commercially reasonable efforts to provide the Services to Customer.

(b) Confidential Information. Memetria acknowledges that in performing Services for Customer, it may process Customer Data (as defined below) that identifies or can be used to identify an individual ("Personal Information"). The parties agree to adhere to the Data Processing Addendum attached to this Agreement and herein incorporated by reference as Attachment A with regard to such Personal Information.

(c) Updates. Memetria may, in its sole discretion, issue updates, bug fixes or other changes to the Services (each an “Update”) to the extent such Update does not materially impair Customer's use of the Services. Memetria will use commercially reasonable efforts to notify Customer of an Update that may materially impair Customer's use of the Services.

2. Grant of Rights to Services; Restrictions and Responsibilities

(a) Grant of Rights. As detailed on an Order Form or the Memetria Site, and subject to compliance with this Agreement, Memetria hereby grants to Customer a nonexclusive, nontransferable right, during the term of service requested, to allow users designated by Customer ("Authorized Users") to access and use the Services solely for Customer's internal business use.

(b) Restrictions. Customer shall not use the Services for any purposes beyond the scope of the access granted in this Agreement. Customer shall not, directly or indirectly, and shall not permit Authorized Users or any third party to: (i) copy, modify, or create derivative works of the Services, in whole or in part; (ii) rent, lease, lend, sell, license, sublicense, assign, distribute, publish, transfer, or otherwise make available the Services; (iii) reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas, know-how or algorithms relevant to the Services or any software, documentation or data related to the Services, in whole or in part; (iv) remove any proprietary notices from the Services; (v) use the Services in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right or other right of any person, or that violates any applicable law; or (vi) utilize the Services to create, develop, enhance, or modify any competing product or service. Customer is responsible and liable for all uses of the Services resulting from access provided by Customer, directly or indirectly, whether such access or use is permitted by or in violation of this Agreement. Without limiting the generality of the foregoing, Customer is responsible for all acts and omissions of its Authorized Users, and any act or omission by any such Authorized User that would constitute a breach of this Agreement if taken by Customer will be deemed a breach of this Agreement by Customer.

(c) Suspension. Memetria may suspend Customer's and/or any Authorized User's access to any portion or all of the Services if Memetria reasonably determines that (a) there is a disruption, security risk, threat or attack on the Services or to any other customer or vendor of Memetria; (b) Customer, or any Authorized User, is using the Services for fraudulent or illegal activities; (c) Customer has ceased to continue its business in the ordinary course, made an assignment for the benefit of creditors or similar disposition of its assets, or become the subject of any bankruptcy, reorganization, liquidation, dissolution, or similar proceeding; (d) Memetria's provision of the Services to Customer or any Authorized User is prohibited by applicable law; (e) any vendor of Memetria has suspended or terminated Memetria's access to or use of any third-party services or products required to enable Customer to access the Services; (f) Customer fails to timely pay any undisputed invoices; or (g) Customer is, or any Authorized User is, in breach of this Agreement.

(d) Compliance with Policies. Customer understands and agrees that its Authorized Users are subject to the Memetria Privacy Policy and the Memetria EULA. Customer further understands and agrees that Customer and its Authorized Users will at all times comply with the Acceptable Use Policy. Memetria may update the Memetria Privacy Policy, Memetria EULA, and/or Acceptable Use Policy at any time and Customer agrees that it and its Authorized Users will subject to such updated versions.

3. Payment

(a) Fees. Memetria calculate and bills fees and charges monthly. Memetria may bill Customer more frequently for fees accrued if Memetria suspects Customer account is fraudulent or at risk of non-payment. Customer will pay Memetria the applicable fees and charges for use of the Services as described on the Memetria Site using one of the payment methods Memetria supports.

(b) Late Payments. Except for invoices that Customer disputes in good faith, all late payments shall bear interest at the lesser of the rate of 1.5% per month or the highest rate permissible under applicable law, calculated daily and compounded monthly. Customer shall also reimburse Memetria for all costs incurred in collecting any late payments, including, without limitation, attorneys' fees and expenses.

(c) Taxes. Customer shall be responsible for all sales, use and excise taxes, and any other similar taxes, duties and charges of any kind imposed by any federal, state or local governmental entity on any amounts payable by Customer hereunder; provided that in no event shall Customer pay or be responsible for any taxes on Memetria's income, revenues, gross receipts, personnel, real or personal property, or other assets.

4. Confidential Information and Restrictive Covenants

(a) Nondisclosure. Each party (“Receiving Party”) shall not disclose, publish, or disseminate the Confidential Information (as defined below) of the other party (“Disclosing Party”) to anyone other than such Receiving Party's employees and contractors with a need to know such Confidential Information, and who are bound by a written agreement to protect the confidentiality of such Confidential Information no less protective than the provisions of this Section 4, or as required by applicable law in accordance with this Section 4. Each party agrees to take the same measures used to protect its own Confidential Information of a similar nature, but in no event less than a reasonable degree of care, to prevent any unauthorized use, disclosure, publication, or dissemination of the other party's Confidential Information. Each Receiving Party agrees to use and disclose the Disclosing Party's Confidential Information for the sole purpose of carrying out such Receiving Party's rights and obligations under this Agreement and shall be responsible and liable for all such usage and/or disclosure. Receiving Party may disclose Confidential Information if and to the extent that such disclosure is required by applicable law, regulation, or court order, provided that, as permitted by applicable law, Receiving Party (i) uses reasonable efforts, at Disclosing Party's expense, to limit the disclosure by means of a protective order or a request for confidential treatment and (ii) provides Disclosing Party a reasonable opportunity to review the disclosure before it is made and to interpose its own objection to the disclosure.

(b) "Confidential Information" means information of a party, whether in oral, written, or other form, which should reasonably be deemed to be confidential. Confidential Information does not include information that: (1) is now or subsequently becomes generally available to the public through no fault or breach of the Receiving Party; (2) the Receiving Party can demonstrate to have had rightfully in its possession prior to disclosure by the Disclosing Party; (3) is independently developed by the Receiving Party without the use of any Confidential Information of the Disclosing Party; or (4) the Receiving Party rightfully obtains such information form a third party without a breach of confidentiality.

(c) Return of Confidential Information. In addition to each party's obligations upon the expiration or termination of this Agreement, upon either party's request, the other party shall return all of the requesting party's Confidential Information in its possession or under its control in accordance with the requesting party's directions and shall not thereafter retain any copies of the other party's Confidential Information.

5. Intellectual Property Rights

(a) Customer Data. Except as otherwise set forth in this Agreement, Customer owns all right, title and interest in and to all data or other information made available to Memetria by Customer or Authorized Users (“Customer Data”). By providing Customer Data to Memetria, Customer represents and warrants that it has the right to do so and Memetria has the right to use such Customer Data in the performance of its duties relating to the operation of the Services in accordance with this Agreement without violating and/or infringing upon the rights of any third party. Customer further represents and warrants that Customer Data will not include sensitive data that would require Memetria to maintain additional documentation and/or controls (other than those described in Attachment A), including, but not limited to protected health information (as defined under the Health Insurance Portability and Accountability Act), or other types of sensitive data that require specific protections under applicable law. Customer hereby grants to Memetria a non-exclusive, royalty-free, worldwide license to access, reproduce, distribute, and otherwise use and display Customer Data and perform all acts with respect to Customer Data solely as necessary for Memetria to provide the Services to Customer.

(b) Services. Customer acknowledges and agrees that the Services, and any copies, updates, and/or derivative works thereof, along with the right to make, have made, practice, employ, exploit, use, develop, reproduce, copy, distribute copies, publish, license, and/or create works derivative of any of the foregoing, exclusively belong to and are the property of Memetria. Customer further acknowledges and agrees that: (i) any existing technology, methods, processes, techniques, software (including source code, object code and any portions thereof) content, ideas, information and related intellectual property (including without limitation all patent, copyright, trademark, trade secret and other intellectual-property or proprietary rights therein) of Memetria, any derivatives or improvements to the foregoing created or developed by Memetria (alone or with others), or otherwise any of the foregoing created, developed by or on behalf of Memetria outside of this Agreement, or (ii) generally applicable tools, concepts, processes, models, techniques, software, and the like developed or created by Memetria in connection with the Services without reliance on Customer Confidential Information exclusively belong to and are the property of Memetria (the “Memetria IP”). The parties agree that Memetria will own all right, title and interest in and to the Memetria IP. Except for the limited rights granted to Customer in this Agreement, all other rights, title and interest in the Memetria IP are reserved by Memetria.

(c) Aggregated Statistics and Application Monitoring. Notwithstanding anything to the contrary in this Agreement, Memetria may monitor Customer's and each Authorized User's access and use of the Services and collect and compile meta-data, data and information related to Authorized User's access and use of the Services (“Application Monitoring Data”) that is and can be used by Memetria for Memetria's technology management purposes. Application Monitoring Data may be aggregated and anonymized to compile statistical and performance information related to the provision and operation of the Services (“Aggregated Statistics”). Customer acknowledges that Memetria may compile Aggregated Statistics based on Customer Data and agrees that Memetria may (a) make Aggregated Statistics publicly available in compliance with applicable law, and (b) use Aggregated Statistics to the extent and in the manner permitted under applicable law, provided that such Aggregated Statistics do not identify Customer, any Authorized User, or Customer's Confidential Information. Customer acknowledges and agrees that, as between Customer and each Authorized User on the one hand, and Memetria on the other, Memetria owns all right, title, and interest in and to Aggregated Statistics and Application Monitoring Data.

(d) Feedback. Customer may submit comments or ideas about the Services, including without limitation, how to improve the Services (“Feedback”). Customer understands and agrees that Feedback is Memetria IP and Memetria may use Feedback for any purpose without attribution or compensation to Customer.

6. Indemnification

(a) Customer Indemnification. Customer shall indemnify, defend and hold harmless Memetria, its affiliates, and its and their respective employees, principals, agents, licensors, successors and assigns, from and against any and all costs, damages or losses (including reasonable attorneys' fees and expenses) (collectively “Losses”) arising out of or resulting from a third party claim, demand, suit or proceeding (each, a “Claim”) (i) that the Customer Data, or any use of the Customer Data in accordance with this Agreement infringes or misappropriates such third party's intellectual property rights; or (ii) based on Customer's or any Authorized User's negligence, willful misconduct, violation of law or breach of this Agreement.

(b) Memetria Indemnification. Memetria shall indemnify, defend and hold harmless Customer, its employees, principals and agents, from and against any Losses arising out of or resulting from any Claim (i) that the Services, when used in accordance with the terms of this Agreement, the Memetria Site, and all applicable Order Form(s), infringes or misappropriates such third party's intellectual property rights; or (ii) based on Memetria's negligence, willful misconduct, violation of law, or breach of this Agreement.

7. Warranties and Disclaimer

(a) Mutual Warranties. Each party represents and warrants to the other that; (i) it has the requisite power and authority to execute and deliver this Agreement and perform its obligations herein: (ii) this Agreement has been duly authorized, executed, and delivered by each party, and is a legal, valid, and binding obligation of each party, enforceable against such party in accordance with its terms; (iii) this Agreement does not violate, conflict with, result in a breach of the terms, conditions, or provisions of, or constitutes a default or an event of default under any other agreement to which such party is a party; such party will at all times comply with applicable law and (iv) such party will at all times comply with applicable law.


8. Limitation of Liability



9. Term, Termination and Survival

9.1. Term

This Agreement shall commence as of the Effective Date and remain in effect until terminated under this Section 9. Any notice of termination of this Agreement by Memetria or Customer must include a Termination Date that complies with the notice periods in Section 9.2.

9.2 Termination

(a) Termination for Convenience. Customer may terminate this Agreement for any reason by providing Memetria with notice and closing Customer account for all Services for which an account closing mechanism is provided. Memetria may terminate this Agreement for any reason by providing Customer at least 30 days' advance notice.

(b) Termination for Cause. Either party may terminate this Agreement for cause if the other party is in material breach of this Agreement and the material breach remains uncured for a period of 30 days from receipt of notice by the other party. Memetria may also terminate this Agreement immediately upon notice to Customer if Memetria has the right to suspend under Section 2.c.

(c) Effect of Termination. Upon expiration or termination of this Agreement, Customer shall immediately discontinue all use of the Services and Customer shall pay Memetria all fees accrued through the effective date of termination within thirty (30) days of Memetria's invoice therefor. Payment of this final invoice shall not bar any remedy, legal equitable, or otherwise available to Memetria, and no expiration or termination will affect Customer's obligation to pay all fees that may have become due before such expiration or termination or entitle Customer to any refund.

(d) Post-Termination. For any use of the Services after the Termination Date, the terms of this Agreement will apply and Customer will pay the applicable fees at the rates in Section 3.

10. Changes to the Agreement

(a) Notice of Changes Memetria may make changes to the Agreement from time to time by posting a revised version on the Memetria Site or by otherwise notifying Customer in accordance with Section 11.d.

(b) Notice for Substantive Changes Substantive or adverse changes to the Agreement will be communicated to Customer by email message and will include the effective date on which changes will apply to continued use of the Service.

(c) Notice for Adverse Changes Memetria will provide at least 90 days' advance notice to Customer in accordance with Section 11.d for any adverse changes to the Agreement.

(d) Effective Date of Changes Changes to terms will become effective upon posting, or, if notification is delivered by email, on the date stated in the email message.

(e) Customer's Responsibility Customer is responsible for checking the Memetria Site regularly for modifications to the Agreement, Memetria Privacy Policy, Memetria EULA, and Acceptable Use Policy, each of which includes a date of last modification at its top.

11. General Provisions

(a) Non-Disparagement. Each party agrees and covenants that such party shall not at any time make, publish, or communicate to any person or entity or in any public forum any defamatory or disparaging remarks, comments, or statements concerning the other party or its businesses, or any of its employees, officers, now or in the future.

(b) Order of Precedence. In the event that there is a conflict between the terms of this Agreement and the terms of a separately executed Order Form, the terms of the Order Form shall govern only with respect to such Order Form.

(c) Entire Agreement. This Agreement, including and together with any related Order Forms and the DPA, constitutes the sole and entire agreement of the parties with respect to the subject matter contained herein, and supersedes all prior and contemporaneous understandings, agreements, representations and warranties, both written and oral, regarding such subject matter.

(d) Notice.
(i) To Customer. Memetria may provide any notice to Customer under this Agreement by: (i) posting a notice on the Memetria Site; or (ii) sending a message to the email address associated with the Customer account. Customer is responsible to keep email addresses current and accurate throughout the term of service. Notices provided by posting on the Memetria Site are effective upon posting. Notices provided by email are effective when the email is sent.
(ii) To Memetria. Notices under this Agreement must be in writing and addressed to Memetria by personal delivery, nationally recognized overnight courier or certified or registered mail (in each case, return receipt requested, postage prepaid) to: Stovepipe Studios, Inc. 2130 N Kilpatrick St #17292, Portland OR, 97217. Notices provided by personal delivery or overnight courier will be effective one business day after they are sent. Notices provided by registered or certified mail will be effective three business days after they are sent.

(e) Severability. If any term or provision of this Agreement is found by a court of competent jurisdiction to be invalid, illegal or unenforceable in any jurisdiction, such invalidity, illegality or unenforceability shall not affect any other term or provision of this Agreement or invalidate or render unenforceable such term or provision in any other jurisdiction.

(f) Amendments. No amendment to or modification of this Agreement is effective unless it is in writing and signed by each party.

(g) Waiver. No waiver by any party of any of the provisions of this Agreement shall be effective unless explicitly set forth in writing and signed by the party so waiving. Except as otherwise set forth in this Agreement, no failure to exercise, or delay in exercising, any right, remedy, power or privilege arising from this Agreement shall operate or be construed as a waiver thereof, nor shall any single or partial exercise of any right, remedy, power or privilege hereunder preclude any other or further exercise thereof or the exercise of any other right, remedy, power or privilege.

(h) Assignment. Customer shall not assign, transfer, or delegate any of its rights or delegate any of its obligations under this Agreement without the prior written consent of Memetria. Any purported assignment or delegation in violation of this Section 11 shall be null and void. No assignment or delegation shall relieve Customer of any of its obligations under this Agreement. This Agreement is binding on and inures to the benefit of the parties to this Agreement and their respective permitted successors and permitted assigns.

(i) Relationship of the Parties. The relationship between the parties is that of independent contractors. Nothing contained in this Agreement shall be construed as creating any agency, partnership, joint venture or other form of joint enterprise, employment or fiduciary relationship between the parties, and neither party shall have authority to contract for or bind the other party in any manner whatsoever.

(j) No Third-Party Beneficiaries. This Agreement benefits solely the parties to this Agreement and their respective permitted successors and assigns and nothing in this Agreement, express or implied, confers on any other person any legal or equitable right, benefit or remedy of any nature whatsoever under or by reason of this Agreement.

(k) Choice of Law. This Agreement and all related documents, and all matters arising out of or relating to this Agreement, whether sounding in contract, tort, or statute, are governed by, and construed in accordance with, the laws of the State of Oregon without giving effect to the conflict of laws provisions thereof to the extent such principles or rules would require or permit the application of the laws of any jurisdiction other than those of the State of Oregon.

(l) Dispute Resolution. Except with respect to disputes regarding intellectual property rights, confidentiality, and payment of fees, the parties will first attempt in good faith to promptly resolve any dispute arising under this Agreement by good faith negotiation by senior executives. If such dispute has not been resolved within thirty (30) days of a party's initiation of negotiations, the dispute shall be submitted at the request of such party to final and binding arbitration before a single arbitrator. Such arbitration shall be held in Portland, Oregon and in accordance with the then current rules of the American Arbitration Association applicable to commercial disputes and under the authority of the Federal Arbitration Act. The arbitrator shall have the power to rule on his or her own jurisdiction, including any objections with respect to the existence, scope, or validity of this arbitration provision or to the arbitrability of any claim or counterclaim. This arbitration provision shall be treated as an agreement independent of the other terms of the Agreement. The arbitrator shall have the power to determine the validity of this Agreement. A decision by the arbitrator that this Agreement, or any part thereof, is null and void shall not for that reason alone render this Section 11(l) invalid. The decision of the arbitrator shall be final, conclusive and binding on the parties. Judgment may be entered on the arbitrator's decision in any court of competent jurisdiction. The costs of the arbitration, including the arbitrator's fees, shall be borne equally by the Parties. The arbitrator shall make a final award of legal costs (including reasonable attorneys' fees) and damages, if applicable, to the prevailing Party. Nothing in this Section 11(l) shall prohibit Memetria from seeking equitable relief from a court of competent jurisdiction for Customer's breach of Section 4 or Section 5.


(n) Counterparts. This Agreement may be executed in counterparts, each of which is deemed an original, but all of which together are deemed to be one and the same agreement. Notwithstanding anything to the contrary in Agreement, a signed copy of this Agreement delivered by facsimile, email, or other means of electronic transmission is deemed to have the same legal effect as delivery of an original signed copy of this Agreement.

(o) Force Majeure. Memetria shall not be liable or responsible to Customer, nor be deemed to have defaulted or breached this Agreement, for any failure or delay in fulfilling or performing any term of this Agreement when and to the extent such failure or delay is caused by or results from acts or circumstances beyond the reasonable control of Memetria including, without limitation, acts of God, flood, fire, governmental actions, war or hostilities, terrorist threats or acts, civil unrest, disease, labor disputes, or telecommunication breakdown.

(p) Press Release; Use of Trademarks. Without limiting the confidentiality provisions of this Agreement, the parties agree that Memetria may reasonably publicize the fact of the non-confidential subject matter of this Agreement for ordinary marketing purposes and may use the trademarks, service marks, logo and trade names of Customer solely for that purpose in accordance with the other party's standard trademark guideline and policy.

(q) Survival. Any right or obligation of the parties in this Agreement which, by its nature, should survive termination or expiration of this Agreement, will survive any such termination or expiration of this Agreement.

12. Definitions

"Acceptable Use Policy" means the policy located at (and any successor or related locations designated by Memetria), as may be updated by Memetria from time to time.

"Memetria EULA" means the End User License Agreement located at (and any successor or related locations designated by Memetria), as may be updated by Memetria from time to time.

"Memetria Privacy Policy" means the privacy policy located at (and any successor or related locations designated by Memetria), as may be updated by Memetria from time to time.

"Memetria Site" means and, as may be updated by Memetria from time to time.

Attachment A: Data Processing Addendum

This Data Processing Addendum (“DPA”), forms part of, and is subject to, the Terms of Service (the “Agreement”) between Stovepipe Studios, Inc., a Delaware corporation (“Memetria”), and the customer accepting the Agreement (“Customer”). By entering into the Agreement, the parties enter into this DPA on behalf of themselves and, to the extent required under applicable Data Protection Laws, in the name and on behalf of their affiliates, and this DPA shall be effective on the effective date of the Agreement (“Effective Date”). All capitalized terms not defined in this DPA shall have the meanings set forth in the Agreement.

1. Scope and Applicability

1.1 Scope and Applicability. This DPA applies where and only to the extent that Memetria Processes Customer Personal Data on behalf of Customer as a Data Processor in the course of providing Services pursuant to the Agreement.

2. Roles of the Parties; Details of Processing

2.1 Role of the Parties. If and to the extent that the Services provided by Memetria under the Agreement require Memetria to Process Personal Data, then as between Memetria and Customer, Memetria shall process Customer Personal Data only as a Data Processor acting on behalf of Customer. Customer is either the Data Controller of Customer Personal Data, or in the case that Customer is acting on behalf of a third-party Data Controller, then a Data Processor.

2.2 Customer Processing of Personal Data. Customer represents and warrants to Memetria that Customer: (i) will comply with its obligations under Data Protection Laws in respect of its Processing of Personal Data, including any obligations specific to its role as a Data Controller; (ii) has provided all notices and obtained all consents, assignments, licenses, authorizations, permissions and/or rights necessary under Data Protection Laws for Memetria to lawfully Process Personal Data as contemplated under this Agreement for the Purposes; and (iii) will ensure its Processing instructions are lawful, and that Memetria's Processing of Customer Personal Data in accordance with such instructions will not violate or infringe upon applicable Data Protection Laws or intellectual property, publicity, privacy or other rights governing such Customer Personal Data. If Customer is itself a Data Processor acting on behalf of a third-party Data Controller, Customer further represents and warrants to Memetria that Customer's instructions and actions with respect to that Customer Personal Data, including its appointment of Memetria as another Data Processor, have been authorized by the relevant Data Controller.

2.3 Memetria Processing of Personal Data. Memetria will process Customer Personal Data only to the extent, and in such a manner, as is necessary for the Purposes and in accordance with Customer's documented lawful instructions. Memetria will not, and will ensure its Sub-processors do not, combine Customer Personal Data with any Personal Data from other sources, or which Memetria or its Sub-processor collected on its own behalf, except as permitted by Data Protection Laws, and will not “sell” any Customer Personal Data within the meaning of the CCPA or otherwise.

2.4 Details of Processing. The following describes the details of the Processing to be provided by Memetria to Customer under this DPA.
(a) Subject Matter. The subject matter of the Processing under this DPA is Customer Personal Data.
(b) Duration. The duration of the Processing under this DPA is the Term of the Agreement.
(c) Purposes. The Purposes of the Processing under this DPA is the provision of the Services to Customer.
(d) Nature of Processing. The nature of the Processing under this DPA is the provision of computation, storage and other Services agreed to by Customer and Memetria.
(e) Type of Customer Data. The type of Customer Data to be Processed under this DPA includes Customer Personal Data uploaded to the Services through Customer's Memetria accounts.
(f) Categories of Data Subjects. The data subjects of the Processing under this DPA may include Customer's customers, employees, suppliers, and end users.

2.5 Responsibility for Customer Personal Data. Without limiting anything else herein or in the Agreement, Customer acknowledges and agrees that is it solely responsible and liable for all Customer Personal Data that it submits to the Services and/or directs Memetria to submit to the Services, including, without limitation, any Customer Personal Data which is misattributed, mislabeled, and/or miscategorized. Except as explicitly set forth in the Agreement, Customer is solely responsible (and Memetria hereby disclaims all responsibility) for structuring and managing Customer Personal Data sufficient to meet enable Customer to meet its obligations under Data Protection Laws.

3. Sub-processing

3.1 Authorized Sub-processors. Customer agrees that Memetria may engage Sub-processors to process Customer Personal Data on Customer's behalf. Memetria shall (i) provide an up-to-date list of the Sub-processors it has appointed upon written request from Customer; and (ii) notify Customer if it adds or removes Sub-processors at least fourteen (14) days prior to allowing such Sub-processor to process Customer Personal Data. Customer may object in writing to Memetria's appointment of a new Sub-processor within five (5) calendar days of such notice, provided that such objection is based on reasonable grounds relating to data protection. In such event, the parties will discuss such concerns in good faith with a view to achieving resolution. If Memetria cannot provide an alternative Sub-processor, or the parties are not otherwise able to achieve resolution as provided in the preceding sentence, Customer, as its sole and exclusive remedy may terminate the Agreement (including this DPA) but will not be eligible for any refund and Customer must immediately pay all fees payable under the Agreement. If Customer has not notified Memetria of its objection within the time period set forth in this Section 3.1, then Customer will be deemed to have approved the use of the new Sub-processor.

3.2 Sub-processor Obligations. Memetria will: (i) enter into a written agreement with each Sub-processor imposing data protection terms that require the Sub-processor to Process Customer Personal Data in a manner that is substantially similar to the standards set forth in this DPA, and, to the extent applicable to the Services, to the standard required by Data Protection Laws; and (ii) remain responsible for any acts or omissions of each Sub-processor.

4. Security

4.1 Security Measures. Taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Memetria shall implement and maintain appropriate technical and organizational security measures to protect Customer Personal Data from Security Incidents and to preserve the security and confidentiality of Customer Personal Data Processed by Memetria on behalf of Customer (“Security Measures”).

4.2 Updates to Security Measures. Customer acknowledges that Security Measures are subject to technical progress and development and that Memetria may update or modify Security Measures from time to time provided that such updates and modifications do not result in a material degradation of the overall security of the Services or Customer Personal Data.

4.3 Security Measures by Customer. Customer is responsible for using and configuring the Services in a manner that enables Customer to comply with Data Protection Laws, including (i) structuring or otherwise arranging Customer Personal Data to enable Customer to respond to subjects of Customer Personal Data exercising their rights under Data Protectional Laws, and (ii) implementing appropriate technical and organizational measures.

4.4 Confidentiality of Processing. Memetria shall ensure that any person who is authorized by Memetria to process Customer Personal Data (including its staff, agents and Sub-processors) shall be under an appropriate obligation of confidentiality.

4.5 No Assessment of Customer Data by Memetria. Customer acknowledges that Memetria will not assess the contents of Customer Data in order to identify information subject to any specific legal requirements. Customer is solely responsible for complying with incident notification laws applicable to Customer and fulfilling any third-party notification obligations related to any Security Incidents.

4.6 Customer Responsibilities. Customer agrees that, without prejudice to Memetria's obligations under Section 4.1 (Security Measures) and Section 5.3 (Security Incident Response): (i) Customer is responsible for its use of the Services, including making appropriate use of the Services to ensure a level of appropriate security in respect of Customer Personal Data, securing its account authentication credentials, managing its data back-up strategies, protecting the security of Customer Personal Data when in transit to and from the Services and taking any appropriate steps to pseudonymize, securely encrypt, and/or backup any Customer Personal Data uploaded to the Services; and (ii) Memetria has no obligation to protect Customer Personal Data that Customer elects to store or transfer outside of Memetria's and its Sub-processors' systems (for example, offline or on-premise storage).

5. Security Reports and Audits

5.1 Reports. Customer acknowledges that Memetria is regularly audited by independent third-party auditors and/or internal auditors against Memetria's Security Measures. Upon request, Memetria will supply to Customer (on a confidential basis) a summary of its then-current audit report(s) and any other published materials made available by Memetria, which describe Memetria's principles, programs, and practices regarding information security and privacy, so that Customer can verify Memetria's compliance with this DPA.

5.2 Information requests. Memetria will also provide written responses (on a confidential basis) to all reasonable requests for information made by Customer related to its Processing of Customer Personal Data, including responses to information security and audit questionnaires that are necessary to confirm Memetria's compliance with this DPA, provided that Customer shall not exercise this right more than once per year, except that this right may also be exercised in the event Customer is expressly requested or required to provide this information to a data protection authority, or Memetria has experienced a Security Incident, or other reasonably similar basis.

5.3 Security Incident Response Upon confirming a Security Incident, Memetria shall: (i) notify Customer without undue delay, and in any event such notification shall, where feasible, occur no later than seventy two (72) hours from Memetria confirming the Security Incident; (ii) provide timely information relating to the Security Incident as it becomes known or as is reasonably requested by Customer; and (iii) promptly take reasonable steps to contain, investigate, and mitigate any Security Incident. Memetria's notification of or response to a Security Incident under this Section 5.3 (Security Incident Response) will not be construed as an acknowledgment by Memetria of any fault or liability with respect to the Security Incident.

6. Transfers

6.1 International Processing. Memetria may process Customer Data anywhere in the world where Memetria, its affiliates or its Sub-processors maintain Processing operations. Memetria will at all times provide appropriate safeguards for Customer Personal Data wherever it is processed, in accordance with the requirements of Data Protection Laws.

6.2 EEA Transfers. To the extent Memetria processes any Customer Personal Data protected by applicable Data Protection Laws of the EEA (“EEA Data”), for any transfers of EEA Data from the EEA to Memetria located in a country which does not ensure an adequate level of protection (within the meaning of applicable Data Protection Law) and to the extent such transfers are subject to such Data Protection Laws of the EEA, Memetria agrees to abide by and process EEA Data in compliance with the SCCs. When Customer is acting as a Data Controller, the Controller-to-Processor SCCs will apply to the Processing. When Customer is acting as a Data Processor, the Processor-to-Processor SCCs will apply to the Processing. Considering the nature of the Processing under the Agreement, Customer agrees that it is unlikely that Memetria will know the identity of Customer's Data Controllers because Memetria has no direct relationship with Customer's Data Controllers and therefore, Customer will fulfill Memetria's obligations to Customer's Data Controllers under the Processor-to-Processor SCCs.

7. Deletion of Customer Personal Data

7.1 Deletion by Customer. Memetria will enable Customer to delete Customer Personal Data during the Term in a manner consistent with the functionality of the Services.

7.2 Deletion on Termination. For thirty (30) days following termination or expiration of the Agreement, Customer shall have the option to retrieve any remaining Customer Personal Data in accordance with the Agreement. Thereafter, Customer instructs Memetria to automatically delete all remaining (if any) Customer Personal Data (including copies). Memetria shall not be required to delete Customer Personal Data to the extent (i) Memetria is required by applicable law or order of a governmental or regulatory body to retain some or all of the Customer Personal Data; and/or (ii), Customer Personal Data has been archived on back-up systems, which Customer Personal Data Memetria shall securely isolate and protect from any further Processing, except to the extent required by applicable law.

8. Compliance

8.1 Cooperation. If a law enforcement agency sends Memetria a demand for Customer Personal Data (e.g., a subpoena or court order), Memetria will attempt to redirect the law enforcement agency to request that data directly from Customer. As part of this effort, Memetria may provide Customer's contact information to the law enforcement agency. If compelled to disclose Customer Personal Data to a law enforcement agency, then Memetria will give Customer reasonable notice of the demand to allow Customer to seek a protective order or other appropriate remedy to the extent Memetria is legally permitted to do so.

8.2 Data Subject Access Requests Considering the nature of the Processing, Memetria will (at Customer's request and expense) provide reasonable cooperation to enable Customer to respond to any requests from applicable data protection authorities or a data subject to exercise their rights. The foregoing notwithstanding, Customer understands and agrees that Customer is solely responsible for curating and managing Customer Personal Data to enable Customer to respond to such requests. In the event that any request is made directly to Memetria where such request identifies Customer, Memetria will promptly forward such request to Customer once Memetria has identified that the request is from a data subject for whom Customer is responsible. Customer authorizes on its behalf, and on behalf of its Data Controllers when Customer is acting as a Data Processor, Memetria to respond to any data subject who makes a request to Memetria, to confirm that Memetria has forwarded the request to Customer. Memetria will not engage in any additional communications with Customer data subjects without Customer's prior authorization, unless legally compelled to do so. After being notified of a regulatory or data subject request by Memetria, Customer agrees to respond to the request in accordance with applicable Data Protection Laws. If Memetria is required to respond to such a request, Memetria will promptly notify Customer and provide Customer with a copy of the request unless legally prohibited from doing so.

8.3 Records Customer acknowledges that Memetria may be required under the GDPR or the UK GDPR, as applicable to: (a) collect and maintain records of certain information, including the name and contact details of each Data Processor and/or Data Controller on behalf of which Memetria is acting and, where applicable, of such Data Processor's or Data Controller's local representative and data protection officer; and (b) make such information available to the regulatory authorities. Accordingly, if the GDPR or UK GDPR applies to the Processing of Customer Personal Data, Customer will, where requested, provide such information to Memetria via the Services or other means provided by Memetria, and will ensure that all information provided is kept accurate and up-to-date.

9. Relationship with the Agreement

9.1 Entire Agreement; Conflict. This DPA incorporates the SCCs by reference. The Agreement, including and together with any related Order Forms and this DPA, constitutes the sole and entire agreement of the parties with respect to the subject matter contained herein, and supersedes all prior and contemporaneous understandings, agreements, representations and warranties, both written and oral, regarding such subject matter. If there is any conflict between this DPA and the Agreement, this DPA shall prevail to the extent of the conflict is in connection with the Processing of Customer Personal Data.

9.2 Limitation of Liability. Notwithstanding anything to the contrary in the Agreement or this DPA, the liability of each party and each party's affiliates under this DPA shall be subject to the limitations on liability set out in the Agreement. Without limiting either of the parties' obligations under the Agreement, Customer agrees that any regulatory penalties incurred by Memetria in relation to the Customer Personal Data that arise as a result of, or in connection with, Customer's failure to comply with its obligations under this DPA or any applicable Data Protection Laws shall count toward and reduce Memetria's liability under the Agreement.

9.3 Claims. Any claims against Memetria or its affiliates under this DPA shall only be brought by the Customer entity that is a party to the Agreement against the Memetria entity that is a party to the Agreement.

9.4 Regulatory Authority. In no event shall this DPA or any party restrict or limit the rights of any data subject or of any competent supervisory authority.

9.5 Governing Law. This DPA will be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless required otherwise by applicable Data Protection Laws.

10. Definitions

“Customer Data” means any information or other data (including Personal Data) provided by or on behalf of Customer to Memetria for purposes of the Agreement and/or any related services.

“Customer Personal Data” means any Customer Data that is Personal Data.

“Data Protection Laws” means all data protection and privacy laws applicable to the respective party in its role in the Processing of Personal Data under the Agreement, including, where applicable, GDPR, UK GDPR, the California Consumer Privacy Act (“CCPA”), the California Privacy Rights Act of 2020 (“CPRA”), the Virginia Consumer Data Protection Act of 2021, and the Colorado Privacy Act of 2021.

“Data Controller” means an entity that determines the purposes and means of the Processing of Personal Data.

“Data Processor” means an entity that processes Personal Data on behalf of a Data Controller.

“EU Data Protection Law” means (i) prior to 25 May 2018, Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the Processing of Personal Data and on the free movement of such data (“Directive”) and (ii) on and after 25 May 2018, Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (General Data Protection Regulation) (“GDPR”), and repealing Directive 95/46/EC.

“EEA” means, for the purposes of this DPA, the European Economic Area and/or its member states, United Kingdom and/or Switzerland.

“SCCs” means the European Commission's Standard Contractual Clauses for the transfer of Personal Data from the European Union to processors established in third countries available at and as updated from time to time.

“Personal Data” means information that: (i) identifies or can be used to identify an individual (including, without limitation, names, signatures, addresses, telephone numbers, e-mail addresses and other unique identifiers); (ii) can be used to authenticate an individual (including, without limitation, employee identification numbers, government-issued identification numbers, passwords or PINs, financial account numbers, credit report information, biometric or health data, answers to security questions and other personal identifiers); or (iii) relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with an individual, including inferences about such individual. In the case of subclauses (i) through (iii), this information includes, without limitation, all Sensitive Personal Data. Customer's business contact information is not by itself deemed to be Personal Data. Further, the term “Personal Information” as defined in the CCPA/CPRA shall have the same meaning as Personal Data used herein.

“Processing” has the meaning given to it in the GDPR and “process,” “processes” and “processed” will be interpreted accordingly.

“Purposes” shall mean the data Processing purposes described and defined in Section 2.4 of this DPA.

“Security Incident” means any (a) unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Customer Personal Data, but does not include any Unsuccessful Security Incident.

“Sensitive Personal Data” is a subset of Customer Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the Processing of genetic data, biometric data for the purposes of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. Further, the term “Sensitive Personal Information” as defined in the CPRA shall have the same meaning as Sensitive Personal Data used herein.

“Sub-processor” means any Data Processor engaged by Memetria or its affiliates to assist in fulfilling its obligations with respect to providing the Services pursuant to the Agreement or this DPA. Sub-processors may include third parties or Memetria's affiliates.

“UK GDPR” means the Data Protection Act 2018, as well as the GDPR as it forms part of the law of England, Wales, Scotland and Northern Ireland by virtue of Section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (SI 2019/419).

“Unsuccessful Security Incident” means an unsuccessful attempt or activity that does not compromise the security of Customer Personal Data, including (without limitation) pings and other broadcast attacks of firewalls or edge servers, port scans, unsuccessful log-on attempts, denial of service attacks, packet sniffing (or other unauthorized access to traffic data that does not result in access beyond headers) or similar incidents.