Definitions
"Actual Hours" are the Available Hours minus downtime hours that are not Planned Downtime Hours or External Downtime Hours.
"Affected User" means each User that attempted to access and use the Software and Service during a period of Excessive Downtime and that was unable to access and use the Software and Service during such period.
"Affiliate" means any entity which directly or indirectly controls, is controlled by, or is under common control with the subject entity. "Control," for purposes of this definition, means direct or indirect ownership or control of 50% or more of the voting or ownership interests of the subject entity.
"Available Hours" are the Defined Hours minus the Planned Downtime Hours and External Downtime Hours.
"Business Hours" are 8am-5pm Eastern US Standard Time, Monday through Friday, excluding Federal holidays.
"Defined Hours" are the total days in any given calendar month multiplied by 24 hours.
"eShare Information System(s)" means any eShare systems and/or computers used to Process Your Data.
"eShare Personnel" means eShare’s employees, as well as its permitted affiliates, suppliers, subcontractors, and agents and their respective employees.
"Excessive Downtime" means any calendar month in which Software and Service Availability is less than 99.7%.
"External Downtime Hours" means any hours that Users are unable to access and use the Software and Service due to any cause outside eShare’s reasonable control, including, without limitation, any Company or third-party software, systems, data files, equipment, platforms, or products (including any third-party cloud storage product), or any force majeure event.
"ITAR" means the International Traffic in Arms Regulations, found at 22 C.F.R. §§ 120 – 130.
"Malfunction" means any defect, problem or condition that prevents the Software and Service from performing substantially in accordance with the operating specifications in the then current Documentation.
"Monthly Equivalent" means the annual fee paid by Company to eShare ÷ 12.
"Order Schedule" means the documents for placing orders hereunder, including addenda thereto, that are entered into between You and Us or any of Our Affiliates from time to time. By entering into an Order Schedule hereunder, an Affiliate agrees to be bound by the terms of this Agreement as if it were an original party hereto. Order Schedules shall be deemed incorporated herein by reference.
"Other Cause" means a cause of a malfunction that is outside eShare’s reasonable control, including, without limitation, any Company or third-party software, systems, data files, equipment, platforms, or products (including any third-party cloud storage product), or any force majeure event.
"Planned Downtime Hours" are the planned and published hours that the Software and Service is unavailable due to routine maintenance or other planned outages. Planned Downtime shall not occur during Business Hours. eShare shall give Company at least (8) hours prior notice of Planned Downtime Hours outside of the time period beginning at 12am on Sunday morning and ending at 8am Sunday morning Eastern Time.
"PUPM Equivalent" means the Monthly Equivalent ÷ the total number of Users with active Credentials in a given calendar month (whether or not such Users actually accessed the Software and Service during such month).
"Purchased Software and Service" means Software and Service that You or Your Affiliates purchase under an Order Schedule, as distinguished from those provided pursuant to a free trial.
"Response Time" means the elapsed time between the first contact by a designated support contact to report an issue, and the target time within which eShare’s Customer Support personnel report back to the designated support contact to acknowledge receipt and define an action plan for resolution. Except where Company has purchased Priority Support Services, response times are effective during Support Hours only. A response time is a guarantee of communication timeframes; eShare does not guarantee a problem fix, workaround, or other final disposition within these timeframes.
"Security Incident" is any actual or suspected event in which Your Data is or may have been lost, stolen, improperly altered, improperly destroyed, used for a purpose not permitted under this Agreement, or accessed by any person other than eShare Personnel pursuant to this Agreement.
"Security Notices" are any written communications, notices, filings, press releases, or reports related to any Security Incident.
"Software and Service" means the products and Software and Service that are ordered by You under an Order Schedule and made available by Us online via the customer login link at http://www.eshare.com, http://www.nCryptedCloud.com and/or other web pages designated by Us, including associated offline components. Software and Service exclude Non-eshare.com and Non-nCryptedCloud.com Applications.
"Software and Service Availability" is measured as the number of Actual Hours that Company is able to access and use all features of the Software and Service without material error as a percentage of total Available Hours. This measure includes but is not limited to uninterrupted function of application server hardware, server operating system, application software, and web servers.
"Support Hours" are the same as Business Hours.
"Support Services" consist of (a) reasonable telephone and e-mail support, (b) reasonable efforts to correct Malfunctions to maintain the platform in conformance with the Documentation, and (c) releases, modifications and enhancements made to the Software and Service which are provided to eShares’ general client base at no additional charge beyond Subscription Fees (collectively, the "Refinements"). eShare shall have no obligation to develop Refinements. All Support Services will be delivered in English. Any product that is marketed by eShare as a separate product or as an upgrade for which additional fees are generally charged are not considered Refinements.
"Version" is the generally available release of the Software and Service designated by the number which is immediately to the left or right of the left-most decimal point in Software and Service version number, as follows: (x).x.x or x.(x).x.
"Users" means individuals who are authorized by You to use the Software and Service, for whom subscriptions to the Software and Service have been ordered, and who have been supplied user identifications and passwords by You (or by Us at Your request). Users may include but are not limited to Your employees, consultants, contractors, and agents, and third parties with which You transact business.
"We," "Us" or "Our" means the eShare.
"You", "Your", "Company" means the company or other legal entity for which you are accepting this Agreement, and Affiliates of that company or entity.
"Your Data" means all electronic data or information submitted by You to the Purchased Software and Service.
Data Protection Policy
1. eShare Obligations
a. eShare and its personnel will process and access and Your Data only on a need-to-know basis and only to the extent necessary to perform services under this Master Subscription Agreement or as otherwise instructed by Company in writing.
b. eShare will maintain formal written policies and procedures for the administration of information security throughout its organization.
c. eShare personnel will participate in appropriate information security awareness training prior to obtaining access to Your Data and thereafter on at least an annual basis while such personnel have access to Your Data.
d. eShare will ensure each account through which Your Data may be accessed is attributable to a single individual with a unique ID (not shared) and each account will require authentication (e.g., password) prior to accessing Your Data.
e. eShare will use strong passwords consistent with technology industry practices, including minimum password length, lockout, expiration period, complexity, encryption, changing of default passwords, and usage of temporary passwords. User account credentials (e.g., login ID, password) will not be shared.
f. eShare will implement and maintain controls to detect and prevent unauthorized access, intrusions and computer viruses and other malware. Such controls include network layer security devices (e.g., firewalls and intrusion detection/prevention systems), antivirus programs that include up-to-date antivirus definitions, and installation into production of all critical patches or security updates as soon as possible, but not later than thirty (30) days from the release of any such updates or patches.
g. eShare will perform vulnerability assessments on eShare Information Systems at least annually.
h. eShare Information Systems will have security controls that can detect and prevent attacks by use of network layer firewalls and intrusion detection/prevention Systems (IDS/IPS) in a risk-based manner. IDS/IPS high and critical priority alerts will be continuously monitored and responded to as soon as reasonably practicable.
i. eShare will maintain documented change management procedures that provide a consistent approach for controlling, implementing, and documenting changes (including emergency changes) for eShare Information Systems that includes appropriate segregation of duties.
j. Security Incidents on eShare Information Systems will be logged, reviewed on a periodic basis (minimum quarterly), secured, and maintained for a minimum of twelve (12) months.
k. eShare will maintain an up-to-date incident management plan designed to promptly identify, prevent, investigate, and mitigate any Security Incidents and perform any required recovery actions to remedy the impact.
l. eShare will notify Company within a reasonable period, in no event to exceed seventy-two (72) hours after discovery of any Security Incident experienced by eShare involving Your Data. eShare will report any Security Incidents to such contact information communicated to eShare by Company from time to time. eShare will reasonably cooperate with Company in its investigation of an incident, whether discovered by eShare, Company, or a third party, which shall include providing Company a detailed description of the Security Incident, the type of data that was the subject of the Security Incident, the identity of each affected person as soon as such information can be collected or otherwise becomes available. eShare’s obligation to report or respond to a Security Incident under this section is not an acknowledgement by eShare of any fault or liability with respect to the Security Incident.
i. If subsequent to notification of a Security Incident to Company by eShare, Company determines that ITAR-controlled data may be subject to unauthorized inspection or disclosure, it is Company’s responsibility to notify the appropriate authorities of such event, if Company determines such notification is required under applicable law or regulation or Company’s internal policies.
ii. If Company determines it is necessary or prudent to make a voluntary disclosure to the Directorate of Defense Trade Controls regarding the treatment of ITAR-controlled data in Software and Services, eShare will work in good faith with Company in the development and reporting of any such voluntary disclosure.
m. eShare will monitor the effectiveness of its security program by conducting self-audits and risk assessments of eShare Information Systems against the requirements of written policies no less frequently than every twelve (12) months.
n. eShare will use commercially reasonable efforts to remediate within thirty (30) days any items rated as high or critical (or similar rating indicating similar risk) in any audits or assessments of eShare Information Systems.
Performance Standard Policy
1. Software and Service Availability.
eShare agrees that the Software and Service will be available 99.7% of the time, seven (7) days per week, subject to the exclusions below (the “Software and Service Standard”). The Software and Service Standard will be measured monthly during the subscription term. If eShare does not meet the Software and Service Standard, Company will be entitled to service credits as Company’s sole and exclusive remedy for the performance of Software and Service, as outlined below.
Calculation of the Software and Service Standard shall exclude unavailability of the Software and Service caused by any of the following: scheduled, announced downtime for maintenance or unscheduled downtime for emergency maintenance; failures in the Internet or failure of other items that are outside eShare’s reasonable control; hardware, communication lines or application problems (e.g., Internet, ISDN, DSL, etc.) of Company that prevent/disrupt access; or any downtime the parties agree was caused by the action or inaction of Company.
2. Service Credits.
If eShare fails to meet the 99.7% Software and Service Standard set forth in this Agreement, Company shall have the right, as Company’s sole remedy under this Agreement for such failure, to receive Service Credits.
Metric | Monthly Performance Standard | Service Credit Due Company for Failure to Achieve Up-Time Commitment |
Software and Service Availability | >= 99.7% | For each Affected User, Company shall receive a credit in the amount of a percentage of the PUPM Equivalent as follows: Software and Service Availability | Credit (Percentage of PUPM Equivalent) | < 99.7 ≥ 98% | 5% | < 98 ≥ 95% | 15% | ≤ 95% | 25% |
|
By way of non-limiting example: If the Software and Service Availability for any given calendar month is 97%, the annual license fee is $100,00, Company has 1,000 licensed Users, 100 of which are Affected Users, Company would be entitled to a credit of $125. calculated as follows:
- Monthly Equivalent = $8,333 ($100,000 fee ÷ 12)
- PUPM Equivalent = $8.33 ($8,333 Monthly Equivalent ÷ 1,000 licensed Users)
- Credit = $125 (100 Affected Users X $8.33 PUPM Equivalent X 15% Credit)
Support Policy
1. Maintenance Policy
eShare provides Support Services for (i) its most current Version of the Software and Service (including all Refinements for such Version) and (ii) the immediately preceding the Software and Service for a period of 12 months from the commercial release date of a new Version. eShare shall not provide Support Services for any hardware. eShare does not provide support for third party services or systems, including, without limitation, any cloud storage service used in connection with the Software and Service.
2. Responsibilities
a. Provided Company is in compliance with the Master Subscription Agreement and has paid all applicable fees due with respect to its access and use of the Software and Service (“Subscription Fees”), eShare will provide Company during Support Hours the Support Services described in this Support Policy with respect to the Software and Service. Support Services will be performed in a timely and professional manner by qualified support technicians familiar with the Software and Service and its operation. eShare will provide, upon Company’s request, periodic reports on the status of Support Services requested by Company.
b. eShare will provide to the Company the eShare customer support email address (support@eshare.com), and access to the eShare customer support website.
c. If Company desires Support Services, Company will contact eShare by email (support@eshare.com). eShare’s duly qualified personnel will use commercially reasonable efforts to respond to Company’s initial email with offsite telephone or e-mail consultation, assistance, and advice relating to maintenance of the Software and Service as described in Section 3.4 below, and as to Critical requests for assistance made outside of the Support Hours, within four (4) hours after the start of the Support Hours on the next Business Day.
d. Company can receive support during non-Support Hours exclusively for issues of Critical Priority, with best effort to maintain the same Response Times (i.e., Response Time within 2 hours for Critical Priority). Non-Support Hours Support will be provided exclusively through a dedicated pre-designated email address (support@eshare.com). In the event that eShare determines the Malfunction root cause does is not due to a Software and Service fault or was not deemed to be of Critical Priority by eShare, Company will reimburse eShare for services expended at the rate of $275.00 per hour and eShare will invoice Company for such services.
e. When a suspected Malfunction is reported, eShare will analyze the information provided by Company and will classify the Malfunction. eShare will use commercially reasonable efforts to repair or replace any major inherent Malfunction in Software and Service, in each case excluding any Malfunction caused by Other Causes. The remedy set forth in this Section 3.5 shall be Company’s sole and exclusive remedy with respect to any Malfunction during the Support Term. eShare shall have no obligation to provide Support Services, including, without limitation, any Refinements, with respect to any Malfunctions caused by, related to, or arising out of an Other Cause. eShare’s Customer Support personnel will contact Company’s designated support contact(s), within the timeframes designated below to explore the nature of the Malfunction experienced by Company, determine whether the Malfunction is related to the Software and Service and reasonably assign a priority level to the Malfunction in accordance with definitions in the table below.
PRIORITY | DEFINITION | RESPONSE TIME | ESTIMATED RESOLUTION TIME |
1– Critical | Company reports a malfunction that (i) renders the Software and Service inoperative or intermittently operative causing substantial interruption in the Software and Service; or (ii) causes any material feature to be unavailable or substantially impaired; or (iii) compromises overall system integrity or data integrity when the Software and Service is operated in a production environment (that is, causes a system crash or hang, or causes loss or corruption of data); or (iv) causes a complete failure of the Software and Service. | 2 hours | 24 hours |
2 – High | Company reports a Malfunction that (i) renders a required program or feature of the Software and Service inoperative or intermittently operative; or (ii) substantially degrades performance in a production environment. | 4 hours | 3 business days |
3-Medium | Company reports a Malfunction that (i) renders an optional program of feature inoperative or intermittently operative; or (ii) causes only a minor impact on Company’s use of Software and Service. | 12 hours | 10 business days |
4 -Normal | Company reports a Malfunction (i) that has only a minor effect on Software and Service functionality; or (ii) cosmetic flaws; or (iii) inquiries and questions about configuration and management of the Software and Service. | 24 hours | Next release |
f. Service Levels and Definitions. eShare shall use commercially reasonable efforts to correct any reproducible malfunction in the Software and Service reported to eShare by Company.
3. Customer Responsibilities
a. Before contacting eShare with a suspected malfunction, Company undertakes to: (i) analyze the suspected malfunction to determine if it is the result of Company’s misuse or misunderstanding of Software and Service or any Other Cause, (ii) ascertain that the malfunction can be replicated and (iii) collect and provide to eShare all relevant information relating to the malfunction.
b. If eShare determines that a reported malfunction is caused by an Other Cause, then upon written notice to Company, eShare may charge for employee time expended at eShare’s prevailing time and material rates, plus reasonable out-of-pocket expenses, and eShare will be released from Support Services obligations for any modified portion of the Software and Service to the extent such modifications were made to correct such malfunctions.
4. Support Term; Termination.
Support Services provided to Company are coterminous with the term of Company’s use of the Software and Service. eShare may cancel or suspend Support Services if Company fails to make payment of the fees pursuant to the Master Subscription Agreement.
