Last Updated: August 2021
Thank you for using MergeBase products and services. These Terms of Service (the “Terms”) constitute a binding agreement between you and MergeBase Software, Inc.
1 – Background
MergeBase provides continuous monitoring of real-time risk, detection of known vulnerability in external or third-party application components and libraries and the ability to stop access to vulnerable libraries using proprietary software which can embed into client’s systems with minimal scanning or operational interference while providing fully documented risk assessments and action plans through a dashboard.
Acceptance of Terms
We may amend these Terms at any time by posting an amended version of these Terms on our website. You can determine when these Terms were last modified by checking the “Last updated” notice on the top of this page. Your continued use of the Platform shall constitute your consent to any changes made. If you do not agree to the new or different terms, you should not use the Platform.
2 – Definition
The following terms have the following meanings. All capitalized terms not set out in this section have the meaning as set out in the section of this Agreement in which they are defined.
- “Applicable Laws” means any local, state, provincial, federal and foreign laws or orders of any governmental or regulatory authority applicable to the Services and the Client’s use thereof, including without limitation all privacy laws, laws for the protection of Personal Information, Anti-Spam Legislation, the Personal Information Protection and Electronic Documents Act, and Regulation (EU) 2016/679 (General Data Protection Regulation), to the extent applicable.
- “Business Day” means any day except Saturdays, Sundays or statutory holidays in British Columbia.
- “Fees” means the fees payable by the Client to MergeBase for the Services and all applicable duties, levies, taxes, or similar governmental assessments of any nature, including but not limited to value added, sales and use, or withholding taxes, assessable by any local, state, provincial, federal, or foreign jurisdiction, if any
- “Intellectual Property” means all systems, applications, software code (in any form, including source code, executable or object code), original works of authorship, algorithms, tool-kits, technology, widgets, formulae, programs, concepts, work-arounds, databases, designs, diagrams, documentation, drawings, charts, ideas, inventions (whether or not such inventions are patentable), know-how, trademarks (whether registered or not), brand names, logos, slogans, methods, techniques, models, procedures, and processes.
- “Intellectual Property Rights” means all: (a) copyrights, (b) moral rights, (c) rights associated with works of authorship, (d) trademark rights, (e) trade name rights, (f) trade secret rights, (g) patent and industrial property rights (whether registered or not), and (h) other proprietary rights, in Intellectual Property.
- “Services” means: i) MergeBase’s software application currently described as “MergeBase”, including any updates, upgrades, patches, technology, material, modifications, bug fixes, enhancements, data, features, related website, related technologies, and contents, as it may be added or removed by MergeBase from time to time and including all written information, documentation, and materials provided to the Client in respect of same; and ii) any software, materials or content made available in connection with the Services.
3 – Provision of Services
- MergeBase’s Obligations. MergeBase will provide the Services to the Client in accordance with high industry standards and this Agreement.
- Proposal. Any Proposal in relation to this Agreement must: (a) be in writing; (b) signed by the parties; and (c) set out the nature of the Services, such cost and terms specific to the Client as set out herein. In the event of conflict between the any Proposal and these Terms and Conditions, the Proposal will govern, except with respect to sections 5, 6, and 9, in which case the Terms and Conditions will govern.
- Client Responsibilities. The individual entering into this Agreement on behalf of the Client represents and warrants that they are authorized to enter into the Agreement on behalf of the Client. The Client will, at no cost to MergeBase:
- provide MergeBase with access to the Client’s systems, data, and documentation, as may reasonably be required by MergeBase to facilitate the provision of the Services;
- provide appropriate direction, as requested by MergeBase;
- perform appropriate and timely testing as reasonably required by MergeBase;
- not modify, copy, create derivative works from, reverse engineer, decompile or disassemble any Intellectual Property contained in the Services;
- comply with all Applicable Laws;
- take reasonable actions to prevent unauthorized access to, or use of, the Services, and promptly notify MergeBase of any such unauthorized access or use (the Client agrees that MergeBase is not liable for any loss or damage arising from unauthorized access to, or use of, the Services from the Client’s account);
- not attempt to gain unauthorized access to the Services;
- not use the Services to store or transmit any viruses or other computer programming routines or code that may damage or detrimentally interfere with the Services or any data maintained on or in connection with the Services; and
- be solely responsible for (1) all hardware devices needed to access or use the Services; and (2) internet access to such devices.
4 – Support
MergeBase will provide reasonable telephone, web-based, and / or e-mail technical support to the Client during normal business hours (Pacific Standard Time) on such terms and conditions as MergeBase reasonably determines and as set out in Schedule A herein. MergeBase will make reasonable efforts to respond to support queries within one business day of MergeBase’s receipt of a support query. In the event the Client request services that extend beyond usual support for the use of the Services, as decided by MergeBase (“Extended Support“), then MergeBase will have the option to provide Extended Support and in such a case, the parties will enter into an Extended Support agreement on terms and conditions reasonably satisfactory to the parties. Such Extended Support agreement will include terms and conditions customary for Extended Support, including fees or method of calculating fees, specifications of Extended Support, exclusions (if any), and method and manner of providing Extended Support.
5 – Intellectual Property
- All Intellectual Property contained in the Services or otherwise made available to the Client (collectively, “MergeBase Intellectual Property”), and all Intellectual Property Rights in MergeBase Intellectual Property is and will remain the sole and exclusive property of MergeBase and except for the limited license to use MergeBase Intellectual Property pursuant to these Terms and Conditions, the Client is granted no right, title, or interest in the MergeBase Intellectual Property.
- MergeBase grants to the Client a non-exclusive royalty free license to use MergeBase Intellectual Property solely for the Client’s internal business purposes in the provision of the Services during the Term. Other than the foregoing, no ownership or license in any MergeBase Intellectual Property is granted to the Client and the Client is not granted any rights to license, sub-license, sell, assign, transfer, or grant MergeBase Intellectual Property to any third parties without the prior express written consent of MergeBase.
- All Intellectual Property that was owned by or developed by or acquired by the Client separate from this Agreement and without any use of the Services or MergeBase Intellectual Property (collectively, “Client Intellectual Property”) will remain the exclusive property of the Client. No rights of any kind will be granted to MergeBase in Client Intellectual Property or any Confidential Information (defined below) belonging to the Client.
6 – Confidential Information
- For the purposes of these Terms and Conditions, “Confidential Information” means any information that is disclosed by one party (the “Disclosing Party”) to the other party (the “Receiving Party”) in the course of MergeBase providing the Services to the Client and that a reasonable person would consider to be confidential in the circumstances. Confidential Information includes, but is not limited to, the parties’ business information, customer information, trade secrets, software vulnerabilities, and personal information of the parties’ employees, contractors and customers. Confidential Information does not include any information that is disclosed by one party to another party if that information: (a) is at the time of disclosure in the possession of the Receiving Party and was obtained without an obligation of confidence; (b) is independently developed by the Receiving Party without any use of or reference to the Confidential Information; (c) is or becomes publicly available without breach of any obligation of confidence; (d) is acquired by the Receiving Party from a third party who provided the information without breaching any express or implied obligations or duties to the Disclosing Party; or (e) is intentionally released for disclosure by the Disclosing Party or with the Disclosing Party’s prior written consent.
- Each of MergeBase and the Client agree with the other that it will:
- take all reasonable steps to maintain the confidentiality of the other party’s Confidential Information;
- not copy the Confidential Information except as may reasonably be required by MergeBase in the provision of the Services;
- not use the Confidential Information on its own behalf;
- reasonably safeguard all documents and files containing Confidential Information against theft, damage or access by unauthorized persons;
- use the same degree of care with respect to the Confidential Information as it employs with respect to its own proprietary or confidential information of like importance; and
- except as required by law or a valid court order, and subject to the Receiving Party informing the Disclosing Party of such legal requirement (if permitted by Applicable Laws), the Receiving Party will only disclose such Confidential Information to those directors, officers, employees or agents who reasonably need to know in order to perform their obligations under this Agreement. The Receiving Party will ensure that those people who reasonably need to know the Confidential Information agree to maintain the confidentiality of such Confidential Information on terms no less stringent than the terms of these confidentiality provisions.
- Unless otherwise expressly set out, MergeBase may use the name, logo, and identifying description of the Client in its list of customers and MergeBase may generally make known the relationship between MergeBase and the Client, provided that MergeBase does not disclose any Confidential Information or proprietary details of the Services. In the event the Client has brand guidelines and notifies MergeBase of those brand guidelines, MergeBase will only use the Client’s name and logo in accordance with the Client’s brand guidelines.
7 – Payment Terms
Terms of Payment. The Client will pay all Fees in accordance with the payment terms as set out in these Terms and Conditions or the applicable Proposal. Unless otherwise provided in the relevant Proposal, the Client will pay all Fees in advance, promptly when due in accordance with the following:
- all Fees will be billed monthly or yearly, based on a subscription model, on the first day of the month or the year, as applicable, of the subscription term;
- Fees are based on the subscription package selected by the Client from the packages available, as they may be updated from time to time;
- failure to pay Fees constitutes a material breach of this Agreement;
- all outstanding amounts owing under this Agreement will incur interest at a rate of 1.5 percent per month (or if such interest rate is not permitted by Applicable Law, then the maximum interest rate permitted by Applicable Laws), commencing on the due date, calculated monthly, until such time as they are paid in full;
- the Client is solely responsible for payment of any goods and services taxes, sales taxes, value added taxes, and excise taxes, as applicable (but excluding any taxes attributable to MergeBase’s income), resulting from the Client’s use of the Services; and
- except where otherwise expressly provided, all monetary amounts in this Agreement are stated and shall be paid in Canadian Dollars (CAD).
8 – Term and Termination.
- The Term commences on the Effective Date (the “Commencement Date“), and will continue for the duration set out in the Basic Terms or the Proposal. If no duration was set out in the Basic Terms or the Proposal Term will be for one year (the “Initial Term“), unless otherwise terminated earlier by either party pursuant to this Agreement. Unless otherwise agreed to between the parties in writing, at the end of the Initial Term (and each renewal term thereafter), this Agreement will automatically renew for additional consecutive periods of same length as the Initial Term;
- At the end of the Initial Term, either party may terminate this Agreement without cause upon providing no less than thirty (30) days written notice to the other.
- Either party may terminate this Agreement for cause immediately upon a material breach of this Agreement by the other party. Failure to pay Fees is a material breach. Except in the case of termination by the Client for cause, termination under this part shall not relieve the Client of its obligation to pay any Fees accrued or payable to MergeBase under the terms of this Agreement and the Client remains obligated to pay all Fees owed for the remainder of any subscription term(s) for the Services, all of which Fees shall become immediately due and payable in full.
- Upon the termination or expiration of this Agreement, the Client must immediately discontinue use of the Services and must delete or destroy all copies of the Services in its possession or control. Upon the Client’s request, provided such request is made within 30 days of the date of termination of this Agreement, MergeBase will make available a CSV extract of the Client’s data used by the Services, that is in MergeBase’s possession or control and at the end of that period, MergeBase will have no obligation to maintain or provide any of the Client’s data, and MergeBase may, at its option, delete or destroy all copies of the Client’s data in its possession or control.
9 – Disclaimer, Limitation of Liability, and Indemnity
- EXCEPT AS MAY BE OTHERWISE SPECIFICALLY PROVIDED IN THESE TERMS AND CONDITIONS: (1) THE SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTY OF ANY KIND; AND (2) TO THE MAXIMUM EXTENT PERMITTED BY LAW, MERGEBASE EXPRESSLY DISCLAIM ALL WARRANTIES, CONDITIONS, REPRESENTATIONS, AND GUARANTEES WITH RESPECT TO THE SERVICES, WHETHER EXPRESS OR IMPLIED, ARISING BY LAW, CUSTOM, PRIOR ORAL OR WRITTEN STATEMENTS, OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, ANY WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT. THE CLIENT AGREES THAT ITS USE OF THE SERVICES IS AT ITS OWN RISK.
- EXCLUDING GROSS NEGLIGENCE OR BREACH OF ITS CONFIDENTIALITY OBLIGATIONS, UNDER NO CIRCUMSTANCES WILL EITHER PARTY TO THIS AGREEMENT (OR THEIR OFFICERS, DIRECTORS, AGENTS, OR EMPLOYEES) BE LIABLE TO THE OTHER PARTY FOR ANY DAMAGES OR LOSSES WHATSOEVER (INCLUDING DIRECT, INDIRECT, OR SPECIAL DAMAGES), INCLUDING LOSS OF MONEY, REPUTATION OR GOODWILL, LOSS OF DATA, UNDETECTED VULNERABILITY, OR FOR ANYTHING DIRECTLY OR INDIRECTLY RELATED TO THE SERVICES OR THIS AGREEMENT. IF, FOR SOME REASON, MERGEBASE IS FOUND TO BE LIABLE TO THE CLIENT IN ANY WAY, THEN MERGEBASE’S TOTAL LIABILITY WILL BE LIMITED TO THE AMOUNT OF FEES THAT THE CLIENT PAID MERGEBASE IN THE YEAR IN WHICH THE CLAIM AROSE. IN THE CASE OF GROSS NEGLIGENCE OR BREACH OF ITS CONFIDENTIALITY OBLIGATIONS, MERGEBASE’S TOTAL LIABILITY WILL BE LIMITED TO DIRECT DAMAGES ONLY AND TO A MAXIMUM OF $1,000,000 DOLLARS.
- Outage Policy. THE CLIENT ACKNOWLEDGES THAT THE SERVICES WILL NOT BE UNINTERRUPTED OR ERROR FREE AND THAT MERGEBASE MAY OCCASIONALLY EXPERIENCE DISRUPTION DUE TO INTERNET DISRUPTIONS OR DISRUPTIONS THAT ARE NOT WITHIN ITS CONTROL. ANY SUCH DISRUPTION WILL NOT BE CONSIDERED A BREACH OF THIS AGREEMENT.
- Indemnification. The Client will defend, indemnify, and hold MergeBase and its directors, shareholders, officers, agents, and employees harmless against any loss, damage, or cost (including reasonable attorneys’ fees) incurred in connection with any claim, demand, damage or loss, including legal fees on a solicitor-client basis, alleging that the Client’s use of the Services has harmed a third party, is in violation or alleged violation of any Applicable Laws, or arises out of the Client’s breach of this Agreement. MergeBase shall indemnify the Client against any and all costs, claims, judgments or any other expenses (including legal fees) arising as a result of damages occasioned by the MergeBase’s negligence or failure to perform the MergeBase’s obligations under this Agreement.
10 – Changes.
MergeBase reserves the right to modify these Terms and Conditions at any time, which will supersede prior versions, subject to the limitations herein. Unless otherwise provided, any modifications or material changes will be subject to review by the Client upon 14 days’ written notice given by MergeBase and shall be effective after the Client has approved such modified Terms and Conditions. Should the Client elect not to agree to such modifications or material changes, the Client’s sole remedy will be to terminate this Agreement in accordance with its terms; however, in such case, MergeBase will give the Client a pro rata refund of any Fees paid for any unused portion of the Term.
11 – Force Majeure
Neither party to this Agreement shall be liable for any failure to comply with its obligations under this Agreement (other than any obligation to pay Fees) if the failure to comply is caused by or results from conditions or causes beyond its reasonable control including, but not limited to: shortage of water, power, facilities, materials and supplies, breakdowns in or the loss of production, acts of God, war, terrorism, mobilization, strikes, lockouts, labour controversies, riots, fire, flood, explosion, governmental controls or regulations, embargoes, wrecks or delays in transportation, labour disputes, civil insurrection, civil or military authority, inability to obtain necessary labour, materials of manufacturing faculties due to such causes or delays of subcontractors or supplies of each party in furnishing materials or supplies due to one or more of the foregoing causes. In an event of a force majeure, each party shall be allowed a reasonable period of time to fulfill the obligations under this Agreement having regard to the applicable circumstances.
- Survival. Sections 5, 6, 9, and this 12.1 will survive the termination or expiry of this Agreement.
- Headings. The headings used in the Agreement are for convenience and reference only and shall not affect the construction or interpretation of this Agreement. The term “this part” when used herein shall mean the entire part, including sections and subsections within that part, unless inconsistent with the context of such use.
- Currency. Except where otherwise expressly provided, all monetary amounts in this Agreement are stated and shall be paid in U.S. currency.
- Relationship of the Parties. The parties are independent contractors. This Agreement shall not be construed as creating any partnership, joint venture, or agency among the parties and no party shall be deemed to be the legal representative of any other party for the purposes of this Agreement. No party shall have and shall not represent itself as having, any authority to act for, to undertake any obligation on behalf of any other party, except as expressly provided in this Agreement.
- Conflict of Interest. MergeBase represents and warrants the following:
- No Current or Prior Conflict of Interest. That the MergeBase has no business, professional, personal, or other interest, including, but not limited to, the representation of other clients, that would conflict in any manner or degree with the performance of the MergeBase’s obligations under this Agreement.
- Notice of Potential Conflict. If any such actual or potential conflict of interest arises under this Agreement, the MergeBase shall immediately inform Payments Canada in writing of such conflict.
- Termination for Material Conflict. If, in the reasonable judgment of Payments Canada, such conflict poses a material conflict to and with the performance of the MergeBase’s obligations under this Agreement, then Payments Canada may terminate the Agreement immediately upon written notice to the MergeBase; such termination of the Agreement shall be effective upon the receipt of such notice by the MergeBase.
- Gender, Plural and Singular. In this Agreement, unless the context otherwise requires, the masculine includes the feminine and the neuter genders and the plural includes the singular and vice versa, “or” is not exclusive and “including” is not limiting, whether or not such non-limiting language (such as “without limitation” or “but not limited to” is used with reference to it, and modifications to the provisions of this Agreement may be made accordingly as the context requires.
- Alterations. No alteration or amendment to this Agreement shall take effect unless it is in writing duly executed by each of the parties.
- Proper Law of Agreement. This Agreement shall be governed by and construed in accordance with the laws of the Province of British Columbia and the laws of Canada applicable therein, and the parties agree to attorn to the exclusive jurisdiction of British Columbia.
- Invalidity. The invalidity or unenforceability of any provision of this Agreement shall not affect the validity or enforceability of any other provision and any such invalid or unenforceable provision shall be deemed to be severable.
- 12.10 Notices. Any notice, payment or other communication required or permitted to be given or served pursuant to this Agreement shall be in writing and shall be delivered personally or forwarded by registered mail to the party concerned at the address specified on page one of this Agreement entitled Master Services Agreement and upon which the Basic Terms are contained, or to any other address as may from time to time be notified in writing by any of the parties. Any notice, payment or other communication shall be deemed to have been given on the day delivered, if delivered by hand, and within four Business Days following the date of posting, if mailed; provided that if there shall be at the time or within four Business Days of mailing a mail strike, slow-down or other labour dispute that might affect delivery by mail, then the notice, payment or other communication shall be effective only when actually delivered.
- Entire Agreement. The provisions of this Agreement constitute the entire agreement between the parties and supersede all previous communications, representations and agreements, whether oral or written, between the parties with respect to the subject matter of this Agreement.
- No Strict Construction. The language in all parts of this Agreement shall in all cases be construed as a whole and neither strictly for not strictly against any of the parties to this Agreement.
- Assignment. Except with written consent of the other party, neither party may assign any of their respective benefits, obligations or liabilities under or in respect of this Agreement party shall notify the other party promptly after becoming aware of any occurrence of, or plan or proposal for, any of the following:
- any Change of Control of a party, either in whole or in part; or
- any other Change of Ownership, either in whole or in part, other than a change of ownership of the securities of a Person whose securities are publicly traded under a recognized securities regime which does not result in the cumulative aggregate change in ownership (compared to the ownership in existence on the date of this Agreement) of more than 10% of any class of such securities.
- Enurement. This Agreement shall enure to the benefit of and be binding upon the parties and, except as otherwise provided or as would be inconsistent with the provisions of this Agreement, their respective heirs, executors, administrators, successors and permitted assigns.
- Counterparts. This Agreement may be signed by the parties in as many counterparts as may be necessary, each of which so signed shall be deemed to be an original and such counterparts together shall constitute one and the same instrument. This Agreement may be executed and delivered by facsimile or electronic mail. An executed copy of this Agreement delivered by facsimile or electronic mail will constitute valid execution and delivery.