Data Processing Policy

This Data Processing Addendum (“DPA”) is deemed to include Sections 1 through 9 below, including the attached Appendix 1, and the Data Security Guide, all of which are expressly deemed incorporated in the Agreement by this reference. In the event of any conflict between the terms of this DPA and the terms of the Agreement with respect to the subject matter herein, this DPA shall control. Any data processing agreements that may already exist between parties as well as any earlier version of the Data Security Guide to which the parties may have agreed are superseded and replaced by this DPA in their entirety. All capitalized terms not defined in this DPA will have the meaning given to them in other parts of the Agreement.

  1. DEFINITIONS
    1. “Affiliates” means any person or entity directly or indirectly Controlling, Controlled by or under common Control with a party to the Agreement, where “Control” means the legal power to direct or cause the direction of the general management of the company, partnership, or other legal entity.
    2. “Agreement” means the Order Form or Use Authorization or other signed ordering document, as applicable, between BugZero and Customer and the signed master agreement (if any) for the purchase of the Subscription Service.
    3. “Data Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of Processing of Personal Data. For purposes of this DPA, Data Controller is Customer and, where applicable, its Affiliates either permitted by Customer to submit Personal Data to the Subscription Service or whose Personal Data is Processed in the Subscription Service.
    4. “Data Processor” means the natural or legal person, public authority, agency, or other body which Processes Personal Data on behalf of the Data Controller. For purposes of this DPA, Data Processor is the BugZero entity that is a party to the Agreement.
    5. training; or
    6. assistance with administrative functions.
  2. UPGRADES AND UPDATES

    BugZero will provide upgrades and updates to the Subscription Service as described in Exhibit A.3 Upgrades and Updates attached to this Subscription Service Guide and incorporated herein by reference. The Upgrade and Update exhibit may be updated periodically.

  3. DATA PROCESSING ADDENDUM

    The parties’ agreement with respect to the processing of personal information submitted to the Subscription Service is described in the Data Processing Addendum attached to this Subscription Service Guide as Exhibit A.4 and incorporated herein by reference. The Data Processing Addendum may be updated periodically.

  4. DATA SECURITY GUIDE

    BugZero will implement and maintain security procedures and practices appropriate to information technology service providers designed to protect Customer Data from unauthorized access, destruction, use, modification, or disclosure, as described in the Data Security Guide attached to this Subscription Service Guide as Exhibit A.5 and incorporated herein by reference. The Data Security Guide may be updated periodically.

  5. AVAILABILITY SERVICE LEVEL
    1. Definitions:
      1. “Available” means that the Subscription Service can be accessed by authorized users.
      2. “Excused Downtime” means: (a) Maintenance Time of up to two hours per week; and (b) any time the Subscription Service is not Available due to circumstances beyond BugZero’s control, including modifications of the Subscription Service by any person other than BugZero or a person acting at BugZero’s direction, a Force Majeure Event, general Internet outages, failure of Customer’s infrastructure or connectivity (including direct connectivity and virtual private network (“VPN”) connectivity to the Subscription Service), computer and telecommunications failures and delays, and network intrusions or denial-of-service or other criminal attacks.
      3. “Infrastructure Modification” means any repairs, maintenance, improvements, or changes to the cloud infrastructure used by BugZero to operate and deliver the Subscription Service.
      4. “Maintenance Time” means the time the Subscription Service is not Available due to an Infrastructure Modification, Upgrade, and Update.
      5. “Availability SLA” means that the production instances of the Subscription Service will be Available at least 99% of the time during a calendar month, excluding Excused Downtime.
    2. AVAILABILITY. If Customer’s production instances of the Subscription Service fall below the Availability SLA during a calendar month, Customer’s exclusive remedy for failure of the Subscription Service to meet the Availability SLA is to request that: the affected Subscription Term be extended for the number of minutes the Subscription Service was not Available in the month in accordance with the Availability SLA.
    3. REQUESTS. Customer must request all service credits or extensions in writing to BugZero within 30 days of the end of the month in which the Availability SLA was not met, identifying the support requests relating to the period Customer’s production instances of the Subscription Service was not Available.
    4. NOTICE. BugZero will give Customer 1 day prior notice of an Infrastructure Modification if BugZero, in its reasonable judgment, believes that the Infrastructure Modification will impact Customer’s use of its production instances of the Subscription Service, unless, in the reasonable judgment of BugZero, the Infrastructure Modification is necessary to: (a) maintain the availability, security, or performance of the Subscription Service; (b) comply with Law; or (c) avoid infringement or misappropriation of third-party Intellectual Property Rights.