1. Definitions
The following terms used in these Standard Terms and Conditions shall have the following meanings:
“Affiliate” means, for either Party, any entity that directly or indirectly controls, is controlled by, or is under common control with that Party, where “control” means the power to direct the management and policies of an entity, whether through majority ownership of voting securities or by contract.
“AI Inputs” means prompts, instructions, queries, Customer Data, metadata, and other content submitted by or on behalf of the Customer to or used by AI features. System prompts and model configurations maintained by Casepoint are not considered AI Inputs.
“AI Outputs” means content generated by AI features, including summaries, classifications, extracted text, and derived representations.
“Authorized User” means any individual who is an employee of Customer or such other person or entity as may be authorized by an Order (e.g., a third party providing services to Customer), authorized, by virtue of such individual’s relationship to, or permissions from, Customer, to access the Casepoint Software or Services pursuant to Customer’s rights under this Agreement.
“Casepoint Software” (or “Software”) refers to the software, application, solution, platform, add-on, connector, API, portal, or other computer program or operating information provided by Casepoint, including any products, developments, processes, techniques, or other protectable item, designed, developed, sold, or licensed by Casepoint, or using Casepoint Software or proprietary information, including all third-party software under license embedded therein, and including all versions, updates, upgrades, bug fixes, patches, derivatives, and maintenance thereto. For the purposes of this Agreement, Casepoint Software shall also include: a) Casepoint provided Cloud, Software-as-a-Service (“SaaS”), Platform-as-a-Service (“PaaS”), and Infrastructure-as-a-Service (“IaaS”) subscriptions; b) all Documentation and other deliverables provided to Customers in connection with Casepoint Software; and c) all Infrastructure-as-a-Service and network hardware storage, servers, CPUs, and software used by Casepoint or provided to Customer in connection with Casepoint Cloud and Software-as-a-Service. Casepoint Software does not include underlying cloud infrastructure provided by third-parties, unless otherwise expressly referenced.
“Casepoint Services” (or “Services”) includes those professional and/or administrative services offered by Casepoint, including, but not limited to, maintenance, support, training, design, and development, and any services included in an Order.
“Customer Data” includes all data or information processed, generated, or displayed by, stored in, input to, or output from, Casepoint Software by Customer, including, without limitation, sensitive and/confidential data belonging or related to Customer or a third-party (such as personally identifiable information) and AI Inputs and AI Outputs. Customer Data shall also include all proprietary and protected data or information provided by Customer in connection with Casepoint Services, except for items such as enhancement requests, modification suggestions, or other information constituting Casepoint Intellectual Property.
“Documentation” shall mean the user manuals, policies, and guidelines relating to the use of the Software delivered by Casepoint to Customer in printed or electronic form.
“Order” shall mean the combination of this Agreement and any addenda or Statements of Work expressly incorporated and/or signed by both parties.
“Personal Data” means any information received by Casepoint from Customer, or on behalf of Customer, that is sufficient to cause a natural person to be identified, directly or indirectly.
2. License
A. License Grant. Subject to the terms and conditions contained in this Agreement, Casepoint hereby grants to Customer and its Authorized Users a limited, personal, non-exclusive, non-transferable, non-assignable, revocable (in accordance with this Agreement) right to access the features and functions of the software or service set forth in the applicable Order during the applicable access term and solely for its internal purposes. Customer and any Authorized User may only use the software or services in accordance with this Agreement. Each Authorized User must be a single named individual and in no event may passwords or user accounts be shared. Customer may designate any individual as an Authorized User (subject to quantity or service limits in an Order), provided that: (1) Customer advises each Authorized User of the terms of this Agreement, (2) each Authorized User agrees to be bound by the same; and (3) Customer provides reasonable assurances upon request that the requirements of this Agreement have been satisfied. Customer will be responsible for all actions or omissions of its Authorized Users.
B. On-Premises Installation and Third-Party Hosting. Customer may operate and manage Casepoint Software from a Customer or third-party infrastructure (“Alternative Hosting”), provided Customer: (1) notifies Casepoint of the address and name of the entity operating the facility; (2) authorizes Casepoint to share the name and address of such entity with Third-Party Licensors; and (3) such entity agrees to: (a) store and/or load Casepoint Software only on computers and media that are secure from unauthorized access; (b) only operate the Casepoint Software to make it available to Customer over the Internet or other transmission medium and not for any other purpose; (c) not attempt to reverse engineer, disassemble, decompile or otherwise derive the source code or other Casepoint proprietary information from the Casepoint Software, and (d) otherwise comply with the terms and conditions of this Agreement to the same extent as Customer and assist Casepoint in enforcing its terms as applicable (such as terminating or suspending Customer’s access). Except as separately agreed-upon, Casepoint shall have no liability for maintaining any particular service level in connection with any Alternative Hosting described herein. Customer may make one copy of Software installed at an Alternative Host site for backup purposes, only.
3. Services
A. Statement of Work. Casepoint Services, including, but not limited to, Software maintenance, design, development, non-standard support, training, installation, configuration, and data migration services, shall be subject to this Agreement and an agreed-upon Statement of Work (“SOW”) setting forth the scope, level of effort, duration, and other details of the Services to be performed. Casepoint shall have no obligation to provide any Services in excess of the quantity defined in an Order and accompanying SOW. Customer shall be responsible for reasonable expenses incurred by Casepoint in providing Services (including travel and lodging).
B. Standard Help Desk Support. Unless otherwise agreed upon in an SOW or Order, Casepoint Help Desk Support is subject to the following terms and conditions:
1. Availability. The Casepoint Help Desk is available Monday through Friday 8:30 a.m. to 5:30 p.m. ET, excluding U.S. Federal holidays. Help Desk Services are not available for issues related to the following, as determined in Casepoint’s sole and exclusive discretion:
a. Malfunctions of Customer or Customer-provided computer systems or communications networks;
b. Use of the Software contrary to the terms of then current Documentation or any specific Casepoint directives;
c. Modifications, enhancements, or customizations of the Software;
d. Any use of the Software in disregard of any known adverse consequences, including, without limitation, Customer’s failure to make appropriate backups or to follow warning messages and other written instructions;
e. Any version of the Software older than the current and immediately preceding major release; and
f. Any other cause not attributable to Casepoint, regardless of whether such issue was known to Casepoint.
2. Response Times.
|
Issue Severity |
Definition |
Escalation Procedure |
Response* Time Goals |
|---|---|---|---|
|
1 (Critical/Urgent) |
Casepoint is down or not accessible |
Issues will be directed immediately to network operations to assess and resolve the problem. Casepoint management and the assigned project manager will be notified. |
Business Hours: 30 minutes After Hours: 30 minutes |
|
2 (High) |
Serious disruption of a business function that limits the Customer’s ability to conduct some portion of production business |
Issues will be directed immediately to the maintenance team to assess and resolve the problem. The issue will be escalated to the network team if it is a network problem. Casepoint management and the assigned project manager will be notified. |
Business Hours: 2 hours After Hours: 4 hours |
|
3 (Medium) |
The issue does not impact the Customer’s ability to conduct business |
The issue will be directed to the assigned project manager to address during business hours. The project manager will escalate the issue to the appropriate resources based on the root cause. |
Business Hours: 3 hours After Hours: Within 3 hours of the next Business Day |
|
4 (Low) |
- Minor application issue. - Questions and requests for information on the use or implementation of software - Non-critical hardware / software enhancement |
The issue will be directed to the assigned project manager to address during business hours. The project manager will escalate the issue to the appropriate resources based on the root cause. |
Business Hours: 4 hours After Hours: Within 4 hours of the next Business Day |
*A “response” is an acknowledgement of the request and assignment of a case number or ticket identification. Resolution times are dependent upon the nature and severity of the issue raised.
C. Casepoint Hosting.
1. Availability. Casepoint shall use commercially reasonable efforts to provide Customer with access to Software hosted by Casepoint with at least 99.95% uptime of the Hosted Software on a 24 hours per day, 7 days per week, 365 days per year basis.
2. Exclusions. Casepoint is not liable for any hosted Software downtime or inaccessibility caused in whole or in part by any of the following:
a. Scheduled Downtime for Preventative Maintenance. “Preventative Maintenance” includes installation of patches, bug fixes, upgrades to the operating system, hardware, and/or firmware upgrades, and any other measures that Casepoint deems necessary to ensure the proper functioning and security of its data center and Hosted Software, in its sole and exclusive discretion. Customer acknowledges that Casepoint shall have the exclusive right to schedule and implement Preventative Maintenance measures, including those resulting in system and application downtime, rendering the Hosted Software temporarily inaccessible (“Scheduled Downtime”). Casepoint will make commercially reasonable efforts to minimize any impacts on Customer and to provide Customer with advance notice of Scheduled Downtime, except that no notice will be given for Scheduled Downtime that occurs outside Casepoint regular business hours.
b. Customer’s: (1) use of any hardware, software, or services not provided by Casepoint as part of its Hosted Software; (2) use of the Hosted Software in a manner inconsistent with Casepoint’s direction, instruction or guidance; (3) faulty input, instructions, or arguments (such as requests to files that do not exist); (4) actual or threatened breach of any agreement(s) between Casepoint and Customer, including Customer’s excessive and unauthorized use and/or failure to pay associated fees and costs; or (5) failure, negligent or otherwise, to follow appropriate security practices;
c. Any person gaining access to Casepoint’s hosting environment and/or Hosted Software by means of the Customer’s passwords, equipment, or other means of access without Casepoint’s express written approval; or
d. Factors outside Casepoint’s reasonable control, including, but not limited to: (1) network or device failure external to Casepoint’s data center (or leased site), at the Customer’s site, or between Casepoint’s data center and the Customer’s site; or (2) bugs, defects, or changes in infrastructure and software used in connection with the service and not provided by Casepoint (such as operating system software, database software, and content management software).
3. Service Credits. In the event availability falls below 99.95% in a given month, Customer shall receive a credit for the period of unexcused downtime, rounded to the nearest hour, and calculated as follows: Service Credit = (Total Downtime Hours – Scheduled Downtime) * (monthly Software fees / 730). This Service Credit shall be Customer’s sole and exclusive remedy for Software unavailability. Service Credits must be claimed within two months following the end of the month for which Customer may be entitled to such credit or will be forfeited by Customer.
D. Remote Support Access.
1. Purpose and Definition. Casepoint may request remote administrative or support access solely to diagnose or remediate an incident, outage, security event, or support issue for the Customer environment. Casepoint will have no standing, continuous, or default remote access to Customer Data or Customer environments.
2. Customer-Only Enablement. Remote access will be enabled and disabled only by Customer (or Customer’s designated administrators) through Customer-controlled mechanisms. Casepoint may not self-enable, extend, or reactivate remote access.
3. Scope and Least Privilege. Any remote access, when enabled, will be limited to the minimum scope necessary to address the specific support request or incident, and will be restricted to the identified Customer tenant/workspace/matter and systems relevant to the issue.
4. Named Users. Remote access will be granted only to identified, individually named Casepoint support personnel (no shared accounts), authenticated using multi-factor authentication and unique credentials, and subject to least-privilege role-based access controls.
5. Logging and Audits. Casepoint will maintain detailed audit logs of all remote access activities, including: who accessed; when access started/ended; systems and data objects accessed; actions performed; and any exports or configuration changes. Logs will be available to Customer per the standard audit logging framework applicable to all user accounts.
6. Restrictions on Use and Data Handling. Casepoint will not use remote access to access, copy, extract, or disclose Customer Data except as strictly necessary to perform the support activities authorized by Customer. Casepoint will not disable or bypass Customer security controls. Casepoint will not store Customer Data outside the authorized environment except as expressly authorized in writing by Customer.
7. Regulated Data Controls. Remote access will comply with all applicable restrictions in this Agreement relating to regulated or controlled data (including PHI/HIPAA, CJIS, CUI/CDI, and ITAR/EAR). For Export-Controlled Data and CJIS data, remote access will be limited to authorized U.S. Persons (or other permitted personnel) and locations as required by the applicable terms.
8. Support Exclusions. Any delay in Customer’s enablement of remote access will extend support response and resolution times. If Customer fails to provide remote access upon request, and remote access is required to replicate or resolve the support issue, Casepoint shall not be obligated to resolve the issue.
E. Independent Contractor. Casepoint shall perform all services and provide all deliverables (including Casepoint Software), as an independent contractor. Except for individuals identified as “key” under a particular Order or SOW, or as otherwise explicitly agreed-upon for specific services, Casepoint retains sole discretion and full control over the selection, engagement, and supervision of any employees or subcontractors utilized in fulfillment of its obligations under this Agreement. The use of staff augmentation services, arrangements, or agreements shall not be deemed to be the use of subcontractors for any purpose under this Agreement. If Casepoint decides to use subcontractors in the performance of this Agreement, it will provide notice to Customer prior to engaging. Further: (1) Casepoint will be responsible for the direction and coordination of the subcontractors, including ensuring that subcontract agreements include appropriate flow-downs necessary to enable Casepoint to meet its obligations under this Agreement; (2) Casepoint will be liable for all the acts and omissions of the subcontractors; and (3) Customer shall have no obligation to pay or be responsible for, in any way, any payments to any subcontractor. This Agreement does not establish a teaming, joint venture, joint employer, partnership or other business relationship between the Parties. Neither Casepoint nor Customer shall be considered an employee, agent, or representative of the other. Unless explicitly stated, nothing in this agreement grants to either Party the right to make commitments of any kind for, or on behalf of, the other Party.
4. Customer Responsibilities
A. Compliance with Laws. Customer must comply with all applicable laws, rules, and regulations that might apply to its access and usage of the Software. Customer must ensure that it purchases and properly utilizes the appropriate version of Casepoint Software and Services based upon its intended uses and the sensitivity of information it intends to upload, store, transmit, or process utilizing the Casepoint Software or Services. Customer may not use Casepoint Software or Services for the handling of any data in excess of the certifications and security protocols applicable to the purchased Software or Services.
B. Compliance with Order Terms. Customer must comply with the terms of any Order. Customer must make prompt payment to Casepoint for all amounts due. Customer may not withhold any payments claimed by Casepoint pending resolution of any dispute. Customer may not use Casepoint Software or Services in excess of the amount included in an Order.
C. Infrastructure, Training, and Approvals. Customer must provide at least the minimum IT infrastructure (hardware and software) necessary for the proper and secure functioning of the Software, and sufficiently trained and experienced personnel to meet Customer’s requirements in an SOW. Customer agrees to promptly test (as required) and implement and/or allow implementation of, all updates, patches, bug fixes, changes, suggestions, or work-arounds provided by Casepoint. Customer agrees that Casepoint may implement new versions of the Software on behalf of the Customer without seeking or requiring Customer’s prior approval. Users must receive sufficient training to be able to operate the Software in accordance with the Documentation and Casepoint instructions. Customer must make best efforts to obtain all approvals, clearances, or certifications necessary in a timely manner, including personnel badging, authorities-to-operate, and other pre-conditions to Casepoint’s performance under the contract. Delays not attributable to Casepoint require adjustment in scope, schedule, and costs.
D. Controls. Customer must use best security and IT system sharing practices to ensure that Users, including Customer’s employees, vendors, consultants, and contractors, Customers, customers, and other third-party Users, comply with the terms and conditions of this Agreement. Customer agrees to be liable for any breaches of this Agreement by its Users and to implement reasonable controls on access to and use of Casepoint Software in order to comply with this Agreement.
E. Restrictions on Use. Customer may not distribute, disclose, market, rent, lend, lease, sell, resell, or transfer the Software, or any license or Services to any third party without Casepoint’s prior written consent. Customer may not use any Restricted Release licenses or Software to generate revenue or profits. Customer may not use Casepoint Software or Services for any illegal purpose under applicable laws, or for any purpose which may be harmful or detrimental to any other person or entity or otherwise violates any person’s or entity’s rights without a legitimate basis (for instance, to lawfully defend against or enforce legal rights). Casepoint Software should not be used in circumstances where errors or inaccuracies in the content, functionality, services, data or information provided by the Software, or the failure of the Software, could lead to death, personal injury, or severe physical or environmental damage. Customer acknowledges that Casepoint Software and Services, and in particular those which incorporate Artificial Intelligence functionality such as machine learning, Technology Assisted Review and Large Language Models, have limitations which may affect the reliability of the output. These limitations include: (1) variations in the quality and diversity of training data; (2) errors that may be caused or created by human or other machine inputs, including vague prompts or instructions, insufficient guidance or context for complex tasks; (3) inherent variations in the use of natural language to guide software outputs, including nuance, sarcasm, or figurative language; (4) the potential factual inaccuracy of models or datasets; and (5) lack of common sense. Customer should not rely solely on any outputs from Casepoint Software or Services, including from Artificial Intelligence features for any purpose that may have material consequences or which might affect the rights of any person or entity.
F. Prompt Reporting. Customer must promptly report to Casepoint any unauthorized use or access to the Software, or other violation of this Agreement. Customer must promptly report any Software bugs or Software issues to Casepoint and comply with Casepoint’s reasonable requests in connection with bug and Software issue resolution, including by providing Casepoint with timely access to data and Customer personnel. Customer shall be responsible for the accuracy and completeness of all data and information provided to Casepoint in connection with this Agreement.
G. Cooperation. Customer must cooperate fully with the terms of this Agreement. Customer shall support Casepoint in investigating and remedying alleged violations of this Agreement, including validations and audits of Customer’s deployment and use of the Software. Such cooperation may include providing usage logs generated by the Software. Casepoint reserves the right to include and employ means within the Software to monitor and/or limit Customer usage in accordance with this Agreement.
5. Customer Technical Restrictions
A. Copying. Customer shall not cause or permit any copying or reproduction of the Software.
B. Modifications. Customer shall not cause or permit any modifying, adapting, or preparing any derivative works from Casepoint Software, or any part thereof. Subject to Casepoint’s written approval, Customer may add extensions to the Software’s capabilities, including, but not limited to, connectors, components, plug-ins, external system integrations, and expressions (“Extensions”). Customer has sole responsibility for the support of these Extensions, and any errors, malfunctions, or interferences caused in or to Casepoint Software by the Extensions. Extension-related issues are not covered by any other Casepoint support, service level, or warranty requirements.
C. Reverse Engineering. Customer shall not cause or permit any alteration, reverse engineering, recompilation, translation, disassembly, or discovery of the source code of all or any portion of the Software.
D. Interference. Customer shall not cause or permit any (1) transmission of material containing software viruses or other harmful or deleterious computer code, files, scripts, agents, or programs; (2) interference with or disrupt the integrity or performance of the Casepoint Platform or the data contained therein; (3) attempt to gain unauthorized access to the Casepoint Platform, computer systems or networks related to the Casepoint Platform; or (4) interference with another user’s use and enjoyment of the Casepoint Platform.
E. Security Reviews. Except for commercially reasonable security testing subject to coordination and case-by-case approval by Casepoint including agreement upon rules or engagement and prevention of disruptions, Customer shall not permit any technical security integrity review, penetration test, load test, denial-of-service simulation, or vulnerability scan in connection with the Software or Services.
F. Testing Disclosure. Disclosure of the results of Software performance benchmarks to any third-party without Casepoint’s prior written consent.
G. Bots. The use of any software tool designed to automatically emulate the actions of a human user (also known as “robots” or “bots”) in connection with the Software or Services.
H. Open-Source Software. Use of Open Source or any third-party software in connection with Casepoint Software in any manner that might require that the Casepoint Software be disclosed or distributed in source code form, made available free of charge, or modifiable without restriction by recipients.
I. APIs. Use of Application Programming Interfaces (“APIs”), macros, and/or user interfaces not supported by Casepoint that interfere with the Software and/or its data in any respect.
J. Links. Use of any Internet “links” to the Software or other method of “framing” or “mirroring” any content available on the Software on any other server or Internet-based device.
6. Orders and Payments
A. Order Requirements. Orders must include, at a minimum: (1) a defined period of performance; (2) Software and Service descriptions; (3) the quantity purchased by Customer (e.g. number of Users, quantities, or funded hours) and a Statement of Work (as applicable); and (4) final agreed-upon cost per item. The Order may include additional terms and conditions as mutually agreed upon by Casepoint and Customer.
B. Delivery, Acceptance, and Invoicing. Licenses, subscriptions, and help desk services are deemed delivered and accepted upon the beginning of the applicable period of performance. Casepoint shall invoice Customer within thirty days of acceptance, or upon the achievement of certain milestones or billing frequency as detailed in an SOW or Order. Any applicable post-acceptance Customer rights must be exercised within thirty days of delivery.
C. Quantity-Based Invoicing and True-Up. Fees and invoices based upon Customer’s usage (including, but not limited to data storage, processing, or user counts) shall be based upon the greater of either (1) Customer’s maximum actual usage during the applicable period, or (2) the agreed-upon cap or “up-to” amount specified in an Order. Customer agrees to monitor and report its usage as requested by Casepoint.
D. Fees. In consideration for the access rights granted to Customer and the Services performed by Casepoint under this Agreement, Customer will pay to Casepoint, without offset or deduction, all fees required as described in this Agreement when and as specified therein, but in any event no later than thirty days after the date of invoice. All fees will be billed and paid in U.S. dollars. Unpaid invoices shall accrue interest at the rate of the lesser of 1.5% per month from the due date or the maximum allowed by applicable law. Casepoint reserves the right to suspend access to the Casepoint software and services with prior notification to Customer if payments are forty-five or more days past due.
E. Disputed Fees. If Customer disputes any fees, taxes, or other charges billed by Casepoint, Customer shall notify Casepoint, in writing, of the disputed amount and any relevant information regarding the circumstances of the dispute. Casepoint shall acknowledge receipt of the dispute information in writing to Customer. All parties agree to work cooperatively to resolve any such disputed amounts. If the Customer fails to provide Casepoint with a notice of such a disputed amount within twenty business days following receipt of Casepoint’s invoice for such disputed charge, then such amount is deemed undisputed and due to Casepoint.
F. Taxes. Customer will be responsible for payment of any applicable sales, use and other taxes and all applicable export and import fees, customs duties and similar charges (other than taxes based on Casepoint’s income), and any related penalties and interest for the grant of access rights hereunder, or the delivery of related services, if any. If Customer is tax exempt, it shall furnish Casepoint with evidence of its tax-exempt status prior to placing an order for the Casepoint Services. Casepoint shall state separately on invoices taxes excluded from the fees (if any). Customer will make all required payments to Casepoint free and clear of, and without reduction for, any withholding taxes. Any such taxes imposed on payments to Casepoint will be Customer’s sole responsibility, and Customer will, upon Casepoint’s request, provide Casepoint with official receipts issued by appropriate taxing authorities, or such other evidence as Casepoint may reasonably request, to establish that such taxes have been paid.
7. Term and Termination
A. Term and Renewal. The Software license(s), subscriptions, and/or Services described herein terminate upon expiration of the Initial Term specified in Customer’s Order. If no Initial Term is specified, the Initial Term is one year from the date of purchase. This Agreement will automatically renew for successive one-year terms unless either Party provides written notice of its desire not to renew at least sixty days prior to the expiration of the then-current term (the Initial Term, together with any renewal terms, are collectively the “Term”).
B. Suspension. Casepoint may immediately suspend Customer’s License, Service, or Order in whole or in part if Casepoint has reason to believe Customer’s use of Casepoint Software or Services has or will threaten and/or harm the security and/or integrity of the Software or Service or that Customer is otherwise in breach of this Agreement. Such suspension shall be lifted upon remediation of Casepoint’s concerns.
C. Termination for Breach. Either Party may, at its option, terminate this Agreement in the event of a material breach by the other Party. Such termination may be affected only through a written notice to the breaching Party, specifically identifying the breach or breaches on which such notice of termination is based. The breaching Party will have a right to cure such breach or breaches within thirty days of receipt of such notice, and this Agreement will terminate in the event that such cure is not made within such thirty-day period.
D. Termination Upon Bankruptcy or Insolvency. Either Party may, at its option, terminate this Agreement immediately upon written notice to the other Party, in the event (1) that the other Party becomes insolvent or unable to pay its debts when due; (2) the other Party files a petition in bankruptcy, reorganization or similar proceeding, or, if filed against, such petition is not removed within ninety days after such filing; (3) the other Party discontinues it business; or (4) a receiver is appointed or there is an assignment for the benefit of such other Party’s creditors.
E. Effect of Termination or Suspension. Upon termination or suspension of this Agreement, Customer shall immediately cease use of Casepoint’s Software and Services, and Casepoint may immediately deactivate Customer’s account or otherwise prohibit Customer's and any User’s access to Casepoint Software or Services, as applicable. All other terms and conditions shall survive termination and/or suspension. Customer shall remain liable to Casepoint for all fees accrued and/or payable to Casepoint prior to the effective date of termination and suspension. Customer shall not be entitled to a refund of any fees except as otherwise described herein.
F. Return of Casepoint Property. Customer acknowledges and agrees that following termination of Customer’s license, services, and/or this Agreement for any reason, Customer shall return all Casepoint property and proprietary information to Casepoint and that Casepoint may immediately deactivate Customer’s account or otherwise prohibit Customer's access to Casepoint Software.
G. Customer Data Migration and Deletion. Upon termination of a license, Casepoint will provide Customer an opportunity to receive an export of all Customer Data in Casepoint’s possession in a common format of Casepoint’s choosing. Once delivered, or upon the expiration of seven days after notice if Customer does not request export within that timeframe, Casepoint shall have no other obligation to migrate Customer Data to or from Casepoint Software, or to maintain any Customer Data, unless otherwise agreed between the Parties. Casepoint may thereafter delete or destroy all copies of Customer Data in Casepoint systems or otherwise in Casepoint’s possession or control unless legally prohibited and excluding any copies of Customer Data that may be retained on backup media beyond the end of such period pursuant to Casepoint’s then-current back-up procedures.
8. Data Security and Privacy
A. Rights in Data. Except for the limited purposes specified in this Agreement, Customer is the owner of all Customer Data and shall retain all rights and title to Customer Data, as well as all liabilities associated with its collection, processing, and retention.
B. License Grant. Subject to the explicit restrictions in this Agreement, Customer grants to Casepoint a fully-paid, non-exclusive, world-wide, royalty-free, transferable license to collect, store, monitor, process, host, use, display, copy, and transmit Customer usage data and Customer Data to: (1) provide Customer with Software and Services; (2) comply with and enforce the terms of this Agreement; and (3) improve Casepoint’s products and services.
C. Compliance with Laws. Except as described herein, Customer is solely responsible for complying with any and all applicable rules, laws, and regulations applicable to Customer Data, including, but not limited to, the Privacy Act of 1974, the Health Insurance Portability and Accountability Act, the Gramm-Leach-Bliley Act, the California Consumer Privacy Act, Digital Millennium Copyright Act, and the E.U. General Data Protection Regulation. Such liability includes providing legally adequate notices, obtaining necessary consents for the collection, processing and storage of Customer Data, and data belonging to, originating from, or regarding any third-party, and processing such data in accordance with applicable laws and regulatory or contractual obligations. Customer is responsible for handling and processing all requests, demands, and notices sent to Customer (or any Authorized User) by any third-party relating to such party’s rights under applicable laws, and for appropriately responding in accordance therewith. Casepoint will notify Customer in writing if it becomes aware of any breach of Customer Data or any claim in connection with such breach or other claim under applicable laws.
D. Security Controls. Casepoint will maintain reasonable administrative, physical, and technical safeguards for protection of the security and confidentiality of Customer Data and Personal Data, including, but not limited to, measures for preventing unauthorized access, use, modification or disclosure of Customer Data and Personal Data. Casepoint base commercial offering certifications and compliance frameworks include SOC 1, SOC 2, and SOC 3, ISO 9001:2015 and ISO 27001:2022, and NIST 800-53 and NIST 800-171. Unless specified otherwise in an Order, Casepoint’s base commercial offering certifications shall apply. For certain environments and applications, Casepoint also certifies its compliance with, GovRAMP, FedRAMP-Moderate, FedRAMP-High, DOD Impact Levels 4, 5, and 6 (IL4, IL5, and IL6). Customer Data is encrypted in transit and at rest. Additional information regarding Casepoint’s security and data handling practices can be found at https://www.casepoint.com/ediscovery-platform/data-security/.
E. Disaster Recover and Backups. Casepoint has developed a disaster recovery and backup plan, which it reviews and tests annually. Copies of this plan are available upon request.
F. Background Checks. Where permitted by applicable law, Casepoint performs a background check on all of its employees, individual consultants or independent contractors (for purposes of this Section, “Employees”). As such, Casepoint agrees to adhere to the prescreening requirements for the background check as specified herein. The background check shall be performed via state and local databases in which the Employee has resided during the ten years or as far back as allowed by law if less than ten, preceding the commencement of his/her employment with Casepoint. The criminal background check will include cross referencing the name of each Employee against the Office of Foreign Asset Control (OFAC) database. Casepoint will also complete Social Security number checks for the Employee to ensure that his/her name and number match those recorded with the Social Security Administration, an employment verification check and an education verification check to ensure his/her last educational level is as stated.
G. AI Inputs and Outputs.
1. Classification. AI Inputs and AI Outputs are Customer Data and Confidential Information.
2. Purpose Limitation. Casepoint will use AI Inputs and Outputs solely to provide, secure, and support the Services. Casepoint will not use AI Inputs and Outputs for product improvement, analytics unrelated to service delivery, or AI training without Customer approval.
3. Access and Isolation. AI features will enforce Customer’s access controls and matter/workspace permissions, prevent cross-tenant and cross-matter retrieval, and log administrative access to AI Inputs and Outputs.
4. Human Review. Casepoint personnel will not review AI Inputs or Outputs except as necessary to provide support requested by Customer or to address a Security Incident, subject to least-privilege, time-bounded access, and audit logging. Casepoint prioritizes the development and deployment of AI features with human-in-the-loop functionality.
H. Personal Data. Casepoint maintains a Data Processing Agreement (“DPA”) that applies to Personal Data and is available at https://www.casepoint.com/ediscovery-platform/data-security/. In the event of a conflict with this Agreement, the DPA shall control.
I. HIPAA/PHI (Business Associate Terms). This Health Insurance Portability and Accountability Act (“HIPAA”) subsection controls over any conflicting Agreement terms for Protected Health Information (“PHI”).
1. Applicability and Roles. To the extent Casepoint creates, receives, maintains, or transmits PHI on behalf of Customer in connection with the Software or Services, and only with regard to PHI, the parties intend that Casepoint is a “Business Associate” and Customer is a “Covered Entity” or “Business Associate,” as those terms are defined under HIPAA.
2. Permitted Uses and Disclosures. Casepoint may use and disclose PHI only as necessary to perform the Services and as otherwise permitted or required by HIPAA or required by law. Casepoint will not use or disclose PHI in any manner that would violate HIPAA if done by Customer.
3. Safeguards and Security Rule. Casepoint will implement appropriate administrative, physical, and technical safeguards to prevent use or disclosure of PHI other than as permitted by this Agreement. With respect to ePHI, Business Associate will comply with the applicable requirements of 45 C.F.R. Part 164, Subpart C (Security Rule).
4. Reporting. Casepoint will report to Customer any Breach of Unsecured PHI as required by 45 C.F.R. § 164.410, and any covered Security Incident in accordance with 45 C.F.R. § 164.314(a)(2)(i)(C).
5. Access, Amendment, and Accounting. To the extent required by HIPAA and applicable to the Services, Casepoint will (a) make PHI available to Customer to satisfy Customer’s obligations under 45 C.F.R. § 164.524 (access), (b) make PHI available for amendment and incorporate amendments under 45 C.F.R. § 164.526, and (c) make available information required for an accounting of disclosures under 45 C.F.R. § 164.528.
6. Government Access. Casepoint will make its internal practices, books, and records relating to the use and disclosure of PHI available to the Secretary of HHS as required by 45 C.F.R. § 164.504(e).
J. CJIS (CJI/CHRI). This Criminal Justice Information Services (“CJIS”) subsection controls over any conflicting Agreement terms for Criminal Justice Information and Criminal History Record Information (“CJI” and “CHRI”).
1. Compliance with CJIS Security Policy. Where Software and Services involve CJI/CHRI, Casepoint will comply with the FBI CJIS Security Policy in effect as of contract execution and as subsequently updated, to the extent applicable to Casepoint’s role and cloud/service model, and will follow applicable CJIS Systems Agency (CSA) requirements and guidance.
2. CJIS Security Addendum Acknowledgements. Casepoint will ensure personnel with access to CJI/CHRI receive and acknowledge CJIS security obligations as required by the applicable CSA/CJA/NCJA contracting framework, and will maintain evidence of such acknowledgements for audit purposes where required.
3. Personnel Security. Casepoint will perform personnel screening and maintain personnel security controls commensurate with CJIS requirements and any CSA-specific requirements applicable to the Customer’s jurisdiction. Casepoint will restrict CJI access to Authorized Personnel and enforce least privilege, session controls, and audit logging.
4. Encryption and Transmission. Casepoint will protect CJI in transit and at rest using encryption and secure transmission mechanisms consistent with CJIS requirements and CSA guidance.
5. Audits and Compliance Evidence. Upon request and subject to reasonable confidentiality and security procedures, Casepoint will cooperate with Customer and/or the applicable CSA in providing compliance evidence and supporting audits/assessments related to CJIS requirements to the extent Casepoint is responsible for those controls.
6. Incident Reporting. Casepoint will report suspected or known Security Incidents involving CJI/CHRI to Customer without unreasonable delay and will provide the information Customer reasonably needs to meet CSA reporting obligations.
7. No Foreign Access. Where required by the applicable CSA, Casepoint will prevent access to unencrypted CJI/CHRI by Foreign Persons and will implement access controls and administrative procedures to enforce such restrictions.
K. CUI/CDI. This Controlled Unclassified Information (“CUI”) and Controlled Defense Information (“CDI”) subsection controls over any conflicting Agreement terms for the handling of CUI/CDI.
1. CUI Safeguarding Standard. Where Services involve CUI resident in nonfederal systems, Casepoint will implement and maintain safeguards consistent with NIST SP 800-171 (current revision) for the components of Casepoint systems that process, store, or transmit CUI, and will support assessment procedures as reasonably required by Customer.
2. DFARS Alignment. Where Customer is subject to DFARS 252.204-7012 or similar safeguarding clauses for CDI, Casepoint will support Customer compliance by implementing required safeguards for CDI in Casepoint-controlled systems and cooperating with Customer incident reporting and forensic preservation obligations to the extent Casepoint is responsible or within Casepoint’s control.
3. System Security Plan / POA&M. Upon request, Casepoint will make available a summary description of its control implementation for CUI and will provide status of any material remediation plans relevant to Customer’s CUI environment.
L. ITAR/EAR. This International Traffic in Arms Regulations (“ITAR”) and Export Administration Regulations (“EAR”) subsection applies to “Export-Controlled Data” including ITAR “Technical Data,” ITAR-controlled “Defense Articles,” or EAR-controlled “Technology/Software,” whether in tangible or intangible form and controls over any conflicting Agreement terms for the handling of ITAR/EAR information.
1. Export Compliance. Where Services involve Export-Controlled Data, Casepoint will comply with applicable U.S. export control laws and regulations, including ITAR (22 CFR Parts 120-130) and/or EAR (15 CFR Parts 730-774), as applicable to the data.
2. ITAR Technical Data Handling. Casepoint acknowledges that “technical data” and “export” may include release or transfer to a foreign person in the United States (a deemed export). Casepoint will implement controls to prevent unauthorized export, release, or access to ITAR Technical Data.
3. Personnel Restrictions (U.S. Persons). Unless expressly authorized in writing by Customer and supported by required export authorizations, Casepoint will restrict access to Export-Controlled Data to U.S. Persons with a need to know.
4. Location and Data Residency. Unless expressly authorized in writing by Customer, Casepoint will store and process Export-Controlled Data only within the United States in Casepoint-controlled environments, and will not replicate such data to non-U.S. locations.
5. Subprocessors. Casepoint will not permit any subcontractor, cloud provider, OEM, or other third party to access Export-Controlled Data unless (a) approved in writing by Customer, (b) bound by written obligations at least as protective as this section, and (c) compliant with the personnel and location restrictions in this section.
6. Customer Cooperation and Marking. Customer will use commercially reasonable efforts to identify Export-Controlled Data (e.g., through labeling, workspace designation, or written notice). Casepoint will reasonably cooperate with Customer’s export compliance program (e.g., access reporting, audit logs, and incident investigations).
M. Audits. Upon request, Casepoint shall make available copies of third-party audits and Standardized Information Gathering (“SIG”) questionnaire regarding its privacy and security controls. Provided that Customer has paid fees on an annual basis in excess of $250,000, Customer is entitled, at its sole cost and expense and no more than once per calendar year, to monitor and/or audit Casepoint’s compliance with this section during regular business hours at a time to be mutually agreed upon by the Parties and upon not less than thirty days’ advance written notice to Casepoint. Such audit shall be further limited to (1) a sixty minute on-site inspection of Casepoint’s data center and a four-hour visit at Casepoint’s headquarters, and (2) a review of Casepoint’s products with Casepoint personnel.
N. Breach Response. In the event of a validated unauthorized intrusion, use, disclosure, or acquisition by a third party of any Customer Data or Customer’s environment that compromises the security, confidentiality, or integrity of Customer Data or Customer’s environment maintained by Casepoint (“Security Incident”), Casepoint will notify Customer in writing within seventy-two hours and provide periodic updates thereafter that include, to the extent known, details of the cause of the Security Incident, measures being taken to mitigate the effects of the Security Incident, anticipated impact to Customer, and anticipated timeframe for remediation.
9. Confidentiality
A. Definition of Confidential Information. “Confidential Information” includes any and all information provided from one Party to the other that the disclosing Party considers to be confidential, proprietary, non-public business information or a trade secret, in any form whatsoever, including, but not limited to, discoveries, concepts and ideas, regarding: (1) Product or service information, including designs and specifications, development plans, patent applications, and strategy; (2) Marketing information, including lists of potential or existing customers or suppliers, marketing plans, and surveys; (3) Computer software, including codes, flowcharts, algorithms, architectures, menu layouts, routines, report formats, data compilers, and assemblers; (4) Financial information, including sales, and revenue information; (5) sensitive information protected by statute or regulation, such as Attorney Work Product, Attorney-Client Privilege, Personally Identifiable Information and Protected Health Information; and (6) Any other information identified as Confidential by either Party. “Confidential Information” does not include any information that: (7) Is in the public domain at the time of disclosure without any breach of this agreement by the receiving Party; (8) Is already known to the receiving Party at the time of disclosure without any breach of this agreement by the receiving Party; or (9) Becomes available to the receiving Party on a non-confidential basis from a source other than the disclosing Party which the receiving Party has no reasonable basis to believe is prohibited from disclosing such information to the receiving Party.
B. Use of Confidential Information. Each Party agrees that it will treat the other’s Confidential Information with at least the same degree of care that it uses in protecting its own confidential and proprietary information, but in no event less than a reasonable degree of care. Confidential Information of one party disclosed to the other shall be used solely in furtherance of and as described in this Agreement. Neither Party shall copy or reproduce, in whole or in part, any Confidential Information without written consent from the other, except for routine backups and as otherwise described in this Agreement. Except as expressly agreed in writing, Casepoint’s Confidential Information shall not be used by Customer to invent, create, modify, adopt, or manufacture any hardware or software or other products, services, or processes.
C. Disclosure of Confidential Information. Each Party agrees that it will not disclose any of the other’s Confidential Information to any individuals, including employees, except as is necessary for performance under this and any other agreement between the Parties. Neither Party will disclose any Confidential Information to any third-parties without the other’s express written consent. Each Party agrees to advise any individual and/or entity receiving Confidential Information of the limitations on its use and disclosure set forth herein, and to require such individual and/or entity to execute a confidentiality and non-disclosure agreement at least as restrictive as this agreement. Neither Party shall remove any markings on Confidential Information regarding its confidential or proprietary nature. The receiving Party shall be responsible for any unauthorized use and disclosure of Confidential Information by any individual or entity to whom the receiving Party provides Confidential Information, as if committed by the receiving Party. Either Party may disclose Confidential Information as required by any law, regulation, court order, subpoena, or other compulsive legal or administrative process, provided that: (1) the receiving Party immediately notifies the other Party and provides the other Party with any relevant documentation upon request, including, but not limited to, Confidential Information in the receiving Party’s possession that it believes it must disclose; (2) the receiving Party actively resists, restricts, and limits disclosure of Confidential Information, including, but not limited to, by making lawful objections to demands, obtaining confidentiality agreements and protective orders, and using redactions and confidentiality markings; and (3) the receiving Party fully cooperates with any lawful and reasonable efforts by the disclosing Party to protect its Confidential Information from disclosure. This exception from liability does not apply to any disclosure of Confidential Information caused in whole or in part by the receiving Party’s unauthorized conduct.
D. Open Records Laws. To the extent the Freedom of Information Act (5 U.S.C. § 552) or other open records law applies to the Customer, Customer agrees to provide Casepoint with notice and an opportunity to object to the release of any Confidential Information. Customer further agrees to disclose Confidential Information only to the extent strictly necessary to comply with the applicable law.
E. Return and Destruction. Upon written request by either Party, the receiving Party shall promptly: (1) cease and desist from any use or disclosure of the other’s Confidential Information; (2) return all of the disclosing Party’s Confidential Information in its possession or under its control; and (3) upon the disclosing Party’s express direction, destroy any Confidential Information in its possession or under its control and certify its destruction in a manner reasonably agreeable to the disclosing Party.
10. Warranty
A. Authority. Each Party warrants that it has all requisite power and authority to enter into this Agreement and to perform its obligations hereunder.
B. Software and Services Warranty. Casepoint represents and warrants that it will provide the Service and perform its other obligations under this Agreement in a professional and workmanlike manner substantially consistent with general industry standards. Casepoint warrants that the Software and Services will, for a period of sixty days from the date of delivery, perform substantially in accordance with the accompanying Documentation. Casepoint does not warrant that the Software or any deliverable will meet Customer’s requirements, or that the Software or any deliverable will operate in the combinations which Customer may select for use, or that the operation of the Software or any deliverable will be uninterrupted or error-free, or that all Software or deliverable errors will be corrected. Customer acknowledges that the Casepoint Platform contains copyrighted and proprietary products and materials of Casepoint licensors which are obtained under a license from such licensors. Casepoint makes no warranty with respect to any Third Party Software provided under this Agreement. Customer’s sole remedy with respect to such Third Party Software shall be pursuant to the original licensor’s warranty, if any, to Customer, to the extent permitted by the original licensor.
C. DISCLAIMER. EXCEPT AS OTHERWISE STATED HEREIN, EACH PARTY DISCLAIMS ANY AND ALL OTHER WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ANY AND ALL WARRANTIES IMPLIED FROM CUSTOM, USAGE IN TRADE, OR COURSE OF DEALING, TITLE OR NON-INFRINGEMENT. ALL SOFTWARE AND SERVICES ARE DELIVERED AND DEEMED ACCEPTED “AS IS”. CASEPOINT DOES NOT WARRANT THAT THE SOFTWARE OR ANY DELIVERABLE WILL MEET CUSTOMER’S REQUIREMENTS, OR THAT THE SOFTWARE OR ANY DELIVERABLE WILL OPERATE IN THE COMBINATIONS WHICH CUSTOMER MAY SELECT FOR USE, OR THAT THE OPERATION OF THE SOFTWARE OR ANY DELIVERABLE WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT ALL SOFTWARE OR DELIVERABLE ERRORS WILL BE CORRECTED.
11. Limitations and Disclaimers of Liability
A. LIMITATION OF LIABILITY. EXCEPT AS OTHERWISE EXPRESSLY PROVIDED HEREIN, THE AGGREGATE AND CUMULATIVE LIABILITY OF CASEPOINT AND THIRD-PARTY LICENSORS FOR DAMAGES HEREUNDER SHALL IN NO EVENT EXCEED THE AMOUNT OF FEES PAID BY THE CUSTOMER UNDER THE ORDER GIVING RISE TO SUCH LIABILITY IN THE SIX MONTHS PRECEDING THE DATE ON WHICH THE CLAIM AROSE, AND IF SUCH DAMAGES RELATE TO PARTICULAR SOFTWARE, SERVICE, TRAINING, MAINTENANCE, OR OTHER DELIVERABLE, SUCH LIABILITY SHALL BE LIMITED TO FEES PAID IN THE PRECEDING SIX MONTHS FOR THE RELEVANT ITEM GIVING RISE TO THE LIABILITY.
B. EXCLUSIONS AND DISCLAIMER OF LIABILITY. EXCEPT AS OTHERWISE EXPRESSLY PERMITTED HEREIN, IN NO EVENT SHALL CASEPOINT OR THIRD-PARTY LICENSORS BE LIABLE FOR: (1) INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOST OR CORRUPTED DATA, LOST PROFITS, DAMAGED HARDWARE OR EQUIPMENT, OR FOR EXEMPLARY DAMAGES, ARISING FROM, RELATING TO, OR RESULTING FROM (1) THIS AGREEMENT, (2) CUSTOMER’S USE OF OR INABILITY TO USE THE SOFTWARE, OR (3) ANY SERVICES RENDERED WITH RESPECT THERETO, HOWEVER ARISING, WHETHER IN CONTRACT OR TORT OR UNDER ANY OTHER THEORY OF LIABILITY, EVEN IF IT HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES; (4) DELAY OR INABILITY BY CASEPOINT TO PERFORM ITS OBLIGATIONS UNDER THIS AGREEMENT DUE TO ANY CAUSE BEYOND CASEPOINT’S LEGAL CONTROL, INCLUDING DELAYS AND FAILURES CAUSED BY CUSTOMER; (5) CLAIMS MADE SUBJECT OF A LEGAL PROCEEDING AGAINST CASEPOINT MORE THAN ONE YEAR AFTER ANY SUCH CAUSE OF ACTION FIRST AROSE. THE FOREGOING LIMITATION OF LIABILITY SHALL NOT APPLY TO (6) PERSONAL INJURY OR DEATH; (7) FRAUD; OR (8) FOR ANY OTHER MATTER FOR WHICH LIABILITY CANNOT BE EXCLUDED BY LAW; (9) CLAIMS BY ANY THIRD-PARTIES (EXCEPT AS EXPLICITLY REFERENCED HEREIN); AND/OR (10) LOSSES, CLAIMS, OR OTHER LIABILITY CAUSED, IN WHOLE OR IN PART, BY A BREACH OR FAILURE OF SECURITY CONTROLS REGARDING ANY ON-PREMISES DEPLOYMENT OR THIRD-PARTY HOSTING. THIS SECTION DOES NOT APPLY TO BREACHES OF CONFIDENTIALITY, DATA BREACHES, OR EITHER PARTY’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, WHICH LIABILITY SHALL BE SUBJECT TO A CAP OF FIVE TIMES THE ANNUAL FEES PAID TO CASEPOINT IN THE APPLICABLE TERM, PLUS DIRECT DAMAGES.
C. RESTRICTED RELEASES. “RESTRICTED RELEASE” IS ANY VERSION OF THE SOFTWARE MARKED ALPHA, BETA, OR ANY SOFTWARE OTHER THAN CASEPOINT COMMERCIAL RELEASES, AND/OR WHICH IS OTHERWISE DESIGNATED AS A RESTRICTED RELEASE. RESTRICTED RELEASES INCLUDE, BUT ARE NOT LIMITED TO “SANDBOX”, DEMONSTRATION, PROOF OF CONCEPT, TRAINING, AND TESTING VERSIONS AND ENVIRONMENTS. RESTRICTED RELEASE SOFTWARE IS OFFERED ONLY FOR DEVELOPMENT, TESTING, TRAINING, EVALUATION, DEMONSTRATION, OR OTHER LIMITED PURPOSE(S), AS AGREED-UPON BETWEEN CUSTOMER AND CASEPOINT. THE RESTRICTED RELEASE IS FOR EVALUATION ONLY, NOT TO BE USED IN A PRODUCTION ENVIRONMENT, MAY CONTAIN PROBLEMS AND/OR ERRORS, MAY NOT BE RESOLD, AND IS BEING PROVIDED TO CUSTOMER ON AN AS-IS BASIS WITH NO WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. CASEPOINT SHALL NOT BE RESPONSIBLE OR LIABLE TO CUSTOMER FOR ANY LOSSES, CLAIMS, OR DAMAGES OF ANY NATURE, ARISING OUT OF OR IN CONNECTION WITH THE RESTRICTED RELEASE, INCLUDING, WITHOUT LIMITATION, THE LOSS OF CUSTOMER DATA. CASEPOINT SHALL HAVE NO OBLIGATION TO CORRECT ERRORS IN, DELIVER UPDATES TO, OR OTHERWISE SUPPORT A RESTRICTED RELEASE. CUSTOMER WILL PROMPTLY REPORT TO CASEPOINT ANY ERROR DISCOVERED IN THE RESTRICTED RELEASE AND PROVIDE CASEPOINT WITH APPROPRIATE TEST DATA FOR THE RESTRICTED RELEASE IF NECESSARY TO RESOLVE PROBLEMS IN THE RESTRICTED RELEASE ENCOUNTERED BY CUSTOMER.
12. Proprietary Rights, Trademarks, and Publicity
A. Limited Rights. This Agreement is not a sale and does not convey to Customer any rights of title or ownership in or to the Software, or any Derivatives, thereof. All rights not expressly granted to Customer hereunder are reserved by Casepoint (or Third-Party Licensors, as applicable).
B. Casepoint Intellectual Property. Casepoint (or Third-Party Licensors, as applicable) shall retain all right, title, and interest in and to all existing Casepoint or third-party intellectual property, as well as the Software and any copies thereof, including any copies, suggestions, ideas, enhancement requests, feedback, recommendations, translations, modifications, adaptations, derivations, or other information provided by Customer or any other party related to Casepoint’s Software, including any improvement or development thereof, and Casepoint’s performance of any Services hereunder. Customer acknowledges and agrees that such ideas, enhancements, or other information or improvements provided to Customer in connection with this Agreement and/or Casepoint Software or Services shall be owned exclusively by Casepoint, and that any improvements, developments, or other works provided by Casepoint are not “works made for hire” under applicable copyright laws. Customer agrees to assign any such claim of ownership, title, or other interest to Casepoint upon Casepoint’s request.
C. Customer Intellectual Property. Customer shall retain ownership of all Customer Data and pre-existing Customer intellectual property. Customer grants Casepoint a non-exclusive, world-wide, royalty-free, paid-up license to use any Customer Intellectual Property as reasonably necessary for Casepoint to comply with the terms of this Agreement, or as otherwise described herein. If such pre-existing materials are incorporated within or derivative of Casepoint Software, Customer shall grant Casepoint a non-exclusive, transferable, paid up, irrevocable, world-wide license to use, distribute, license, reproduce, modify, and otherwise make use of such materials, in Casepoint’s discretion and/or for Casepoint’s benefit.
D. For U.S. Government Customers and Purchases Subject to the Federal Acquisition Regulations:
1. Commercial Computer Software and Commercial Items. FAR 12.211 Technical Data and FAR 12.212 Computer Software apply. The Software and Services described in this Agreement and accompanying Order are Commercial Items subject to FAR 52.212-4. Casepoint Software products and software deliverables are Commercial Products as defined in FAR 52.227-14, and include Limited Rights Data as defined therein. Any non-Software deliverables provided under this Agreement containing Casepoint’s copyrighted or other protected or proprietary material is provided as Limited Rights Data. Casepoint Services may also include Restricted Computer Software and/or Limited Rights Data.
2. Restricted Computer Software. Restricted Computer Software may be: (a) Used or copied for use with the computer(s) for which it was acquired, including use at any Government installation to which the computer(s) may be transferred; (b) Used or copied for use with a backup computer if any computer for which it was acquired is inoperative; (c) Reproduced for safekeeping (archives) or backup purposes; (d) Modified, adapted, or combined with other computer software, provided that the modified, adapted, or combined portions of the derivative software incorporating any of the delivered, commercial computer software shall be subject to same restrictions set forth in this contract; (e) Disclosed to and reproduced for use by support service Contractors or their subcontractors, subject to the same restrictions set forth in this contract; and (f) Used or copied for use with a replacement computer.
3. Limited Rights Data. Limited Rights Data may be reproduced and used by the Government with the express limitation that the Limited Rights Data will not, without written permission of Casepoint, be used for purposes of manufacture nor disclosed outside the Government; except that the Government may disclose these data outside the Government for pre-approved purposes; provided that the Government makes such disclosure subject to prohibition against further use and disclosure.
4. Custom Software Development. FAR 52.227-14, Alternate IV (Dec 2007), applies to developments or data first produced on behalf of the Government. Upon payment of all amounts due, Customer shall receive unlimited rights to use, reproduce, prepare derivative works from, perform publicly, and display publicly Casepoint’s work product which is specifically developed for the Customer and not otherwise the property of Casepoint as described herein. The ability to access such software or exercise such rights may be subject to the Customer’s continued license of Casepoint Software, if such Software is necessary for its operation and proper functioning. Casepoint reserves the right to use, sell, release to others, reproduce, distribute, or publish any data first produced or specifically used by Casepoint in the performance of the contract.
E. Trademarks. Except as otherwise expressly granted in this Agreement, no license, right, or interest in or to any Casepoint trademark, copyright, trade name, or service mark is granted hereunder. The Casepoint name and logo and the product names associated with the Software are trademarks of Casepoint or third-parties, and no right or license is granted to use them. Where configurable and made available to Customer, Customer may replace Casepoint logos and marks appearing in the Software with the Customer’s marks and logos, provided these marks and logos do not violate the intellectual property rights of Casepoint or any third-party or any other terms of this Agreement. Customer agrees to promptly remove any such logos or marks that Casepoint rejects, in its reasonable discretion. Except as otherwise set forth above, Customer may not remove from the Software, or alter, any of the trademarks, trade names, logos, patent, confidentiality, or copyright notices or markings contained in the Software, or add any other notices or markings to the Software without Casepoint’s express written consent.
F. Publicity. Casepoint may use Customer’s name and logo for the purposes of advertising and publicity. For Federal Government customers, this right shall be granted to Casepoint to the extent permitted by the General Services Acquisition Regulation (GSAR) 552.203-71.
13. Defense and Indemnification
A. Software Copyright Infringement. THIS SECTION STATES CASEPOINT’S SOLE LIABILITY AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY WITH RESPECT TO ANY CLAIM OF INTELLECTUAL PROPERTY INFRINGEMENT.
1. Scope. Casepoint will have the right to intervene to defend Customer at its own expense in any action against Customer alleging that the Software directly infringes any U.S. copyright or misappropriates any trade secret recognized as such under the Uniform Trade Secret Law, and Casepoint will pay those costs and damages finally awarded against Customer in any such action that are specifically attributable to such claim or those costs and damages agreed to in a monetary settlement of such action, provided that (a) Customer notifies Casepoint in writing within thirty days of the claim; (b) Casepoint has control of the defense and all related settlement negotiations; and (c) Customer provides Casepoint with the assistance, information, and authority necessary to perform the above. Reasonable expenses incurred by Customer in providing such assistance may be reimbursed by Casepoint.
2. Exclusions. Casepoint shall have no defense or indemnification obligation or other liability for any claim of infringement based on: (a) Any use of the Software not in accordance with this Agreement or for purposes not intended by Casepoint; (b) Use of a superseded or modified release of the Software, except for such alteration(s) or modification(s) which have been made by Casepoint or under Casepoint’s direction, if such infringement would have been avoided by the use of a current unaltered release of the Software that Casepoint provided or would have provided to Customer at no additional charge beyond applicable service fees; (c) Content or software provided by the Customer or developed for Customer pursuant to written specifications or instructions provided by Customer; and/or (d) The combination, operation, or use of any Software furnished under this Agreement with programs, data, products or hardware not furnished by Casepoint, if such infringement would have been avoided by the use of the Software without such items. Nothing contained herein shall be construed in derogation of the U.S. Department of Justice’s right to defend any claim or action brought against the U.S., pursuant to its jurisdictional statute 28 U.S.C. § 516.
3. Remedies. In the event the Software becomes, or is likely to become, the subject of an infringement or misappropriation claim, Casepoint shall have the option, at its expense, to: (a) Modify the Software to be non-infringing; (b) Obtain for Customer a license to continue using the Software; (c) Substitute the Software with other software reasonably suitable to Customer; or (d) If, in Casepoint’s opinion, none of the foregoing remedies are commercially feasible or practicable, terminate the license for the infringing Software and refund any prepaid license fees covering the remainder of the license term for that Software after the effective date of termination.
B. General Indemnification. Customer will indemnify, defend and hold Casepoint and its subsidiaries and Affiliates harmless against any third-party claim, demand, or action, and any resulting liability, loss, fine, penalty, cost or expense (including, without limitation, reasonable attorney’s fees) to the extent arising from or relating to: (1) any allegation that any Customer Data infringes any copyright, trademark, trade secret, or any other proprietary right of a third party, (2) any Data Breach caused by Customer systems, credentials, configurations, or breach of this Agreement, (3) any allegation that Customer Data or Software of Services usage has violated any laws or regulations; or (4) failure to comply with lawful requests regarding Personal Data, to the extent such claim arises from or relates to Customer’s negligence, recklessness, or willful misconduct. Customer acknowledges that it alone is responsible for its reliance upon or usage of the results or output obtained from its use of Casepoint Software and Services, including without limitation the completeness, accuracy and content of such results.
14. Governing Law and Disputes
A. Disputes. The Parties shall attempt in good faith to resolve through negotiations any dispute, claim or controversy arising out of or relating to this Agreement. In the event such dispute is not resolved within sixty days, the Parties agree to submit to binding arbitration in the District of Columbia, using a recognized, established, alternative dispute resolution framework. The arbitration shall be conducted in accordance with the rules of the American Arbitration Association, unless modified by agreement of the parties. Disputes involving an instrumentality of the U.S. Government shall be resolved according to the Contract Disputes Act.
B. Governing Law, Jurisdiction and Venue. In the event the Parties are unable to mutually agree to arbitration, or upon mutually agreeing to arbitration are unable to agree upon an ADR firm to arbitrate the parties dispute, the Parties agree that the courts of the District of Columbia shall be the exclusive venue for resolution and shall have exclusive jurisdiction over such disputes. Disputes shall be interpreted in accordance with the laws of the District of Columbia, without regard to its conflict of laws provisions. The Uniform Computer Information Transaction Act shall not apply to this Agreement. Notwithstanding the foregoing, in the event either Party seeks to enforce its rights regarding data security or confidential information it may seek immediate injunctive relief in the District of Columbia, without the need for posting surety or bond.
15. Miscellaneous
A. Notices. Any notice or other communication required or permitted to be made or given by either Party pursuant to this Agreement must be in writing, in English, and will be deemed to have been duly given: (1) five business days after the date of mailing if sent by registered or certified U.S. mail, postage prepaid, with return receipt requested; or (2) one business day after being sent by express courier service or by email to a designated notice email address with no bounceback. All notices must be sent to the other Party at its address as set forth on the first page or at such other address as such party will have specified in a notice given in accordance with this Section.
B. Non-Exclusivity. This Agreement shall not preclude Casepoint from providing any products or services to any other individual or entity, or from conducting any other activity not explicitly referenced in this Agreement.
C. Non-Solicitation. During the term of this Agreement and for a period of one year thereafter, Customer shall not actively recruit or otherwise induce Casepoint employees who are involved in the delivery of Software or Services hereunder to accept employment with Customer or to leave the employ of Casepoint. This clause shall not restrict in any way the right of Customer to solicit generally in the media for personnel or restrict any individual from pursuing, on their own initiative, employment opportunities with Customer.
D. Third-Party Beneficiaries. The parties acknowledge that the Software and other deliverables may include software licensed by Casepoint from third-parties (“Third-Party Licensors”). Otherwise, there are no third-party beneficiaries to this Agreement.
E. Headings. The section headings herein are provided for convenience only and have no substantive effect on the construction of this Agreement.
F. Entire Agreement. This Agreement, together with all attachments and relevant Order(s), and any duly executed, express, written, modifications to the same (collectively, “Agreement”), constitutes the entire Agreement between the parties concerning Customer’s possession, access, and use of the Software and Services described herein. Ambiguity between this Agreement and an Order shall be resolved in favor of this Agreement and otherwise in Casepoint’s reasonable discretion. This Agreement replaces and supersedes all prior verbal understandings, written communications, warranties or representations regarding the contents of this Agreement and Customer represents and acknowledges that in entering into this Agreement it is not relying upon any representations or warranties other than those set forth herein.
G. Severability. Each provision of this Agreement is severable. If any provision or any portion of any provision of this Agreement is held to be invalid or unenforceable for any reason by a court of competent jurisdiction, all other provisions shall remain in full force and effect. Any provision or any portion of any provision of this Agreement that is held to be unenforceable shall be modified only to the extent necessary so that it shall be legally enforceable to the fullest extent permitted by law, and in such a way that is consistent with the intent and economic effect of the affected provision.
H. Conflicts. Customer hereby covenants and warrants that it is not aware of any potential or actual conflict of interest or other legal or contractual obligation that would in any way interfere with its ability to perform and uphold its obligations under this agreement.
I. Waivers. Except as otherwise expressly provided in this Agreement, no waiver of any covenant, condition, or provision of this Agreement shall be deemed to have been made unless expressed in writing and signed by the party against whom such waiver has been charged. The failure or delay of any party to insist in any one or more cases upon the performance of any of the provisions, covenants, or conditions of this Agreement or to exercise any option set forth in this Agreement shall not be construed as a waiver or relinquishment for the future of any such provisions, covenants, or conditions. No waiver by Casepoint of one breach of this Agreement shall be construed as or deemed to be a waiver with respect to any other subsequent breach.
J. Amendments. Amendments to this Agreement and any Order by Customer must be made in writing and duly acknowledged by both Parties. Casepoint reserves the right to non-materially amend the terms of this Agreement at any time and to provide commercially reasonable advance notice of such changes to Customer. Customer will be notified of such changes via email or posting on the Casepoint website. Casepoint may make changes to its methods for delivering Software and Services under this Agreement not otherwise subject to explicit agreement, in its sole discretion, so long as the functionality purchased by the Customer is not materially diminished.
K. Open Source Software. Open Source Software may be a component of the Software provided to Customer. Casepoint is required by Open Source Software requirements to inform the end user of certain facts, including the following: “Open Source Software" means various open source software, including GPL software which is software licensed under the GNU General Public License as published by the Free Software Foundation, and components licensed under the terms of applicable open source license agreements included in the materials relating to such software. Open Source Software is composed of individual software components, each of which has its own copyright and its own applicable license conditions. Customer may obtain information (including, if applicable, the source code) regarding the inclusion of Open Source Software in the Software by sending a request, with Customer’s name and address to Casepoint at the address specified in the Order. Customer may redistribute and/or modify the GPL software under the terms of the GPL.
L. Third-Party Software. Software developed by third parties may be integrated or embedded within Casepoint Software or Services or otherwise used or made available to Customer in the course of performance under this Agreement. With regard to such third party software, Casepoint shall: (1) ensure proper licensing and rights; (2) patch critical vulnerabilities; and (3) maintain a list of material third party components and subprocessors.
M. Assignments. This Agreement will be binding upon and inure to the benefit of the Parties, their successors, and permitted assigns. Customer shall not assign or transfer any of its rights or obligations under this Agreement without the prior written consent of Casepoint, which shall not be unreasonably withheld. In the event that Customer should merge with, acquire, or be acquired by another entity, the resulting combined entity may use Casepoint Software or Services within the scope of the Customer’s operations at the time prior to such merger, acquisition, or other combining event upon notice to Casepoint and subject to Casepoint’s approval, which shall not be unreasonably withheld. Nothing herein, whether express or implied, will confer upon any person or entity, other than the Parties, their successors and permitted assigns, any legal or equitable right whatsoever to enforce any provision of this Agreement.
N. Force Majeure. Casepoint shall not be deemed to be in breach or default of this Agreement if its performance of any obligations hereunder is delayed, restricted, unfulfilled, or becomes impossible or impractical by reason of any act or cause beyond Casepoint’s control, including, but not limited to, war, riot, civil disturbance, malicious damage, compliance with a law or governmental order (including rules, regulation or direction), flood, storm, fire, earthquake, strike, epidemic, and/or technical or service interruption not due to Casepoint.