COPYRIGHT | TEPPEN -Official Site-

© GungHo Online Entertainment, Inc. All Rights Reserved.
© CAPCOM CO., LTD. ALL RIGHTS RESERVED.
© CAPCOM U.S.A., INC. ALL RIGHTS RESERVED.
© MOTO KIKAKU.

And this software includes the following licenses.

------------------------------------------------------------------

Ionic.Zlib.CF

------------------------------------------------------------------

Microsoft Public License (Ms-PL)

This license governs use of the accompanying software, the DotNetZip library ("the software"). If you use the software, you accept this license. If you do not accept the license, do not use the software.

1. Definitions

The terms "reproduce," "reproduction," "derivative works," and "distribution" have the same meaning here as under U.S. copyright law.

A "contribution" is the original software, or any additions or changes to the software.

A "contributor" is any person that distributes its contribution under this license.

"Licensed patents" are a contributor's patent claims that read directly on its contribution.

2. Grant of Rights

(A) Copyright Grant- Subject to the terms of this license, including the license conditions and limitations in section 3, each contributor grants you a non-exclusive, worldwide, royalty-free copyright license to reproduce its contribution, prepare derivative works of its contribution, and distribute its contribution or any derivative works that you create.

(B) Patent Grant- Subject to the terms of this license, including the license conditions and limitations in section 3, each contributor grants you a non-exclusive, worldwide, royalty-free license under its licensed patents to make, have made, use, sell, offer for sale, import, and/or otherwise dispose of its contribution in the software or derivative works of the contribution in the software.

3. Conditions and Limitations

(A) No Trademark License- This license does not grant you rights to use any contributors' name, logo, or trademarks.

(B) If you bring a patent claim against any contributor over patents that you claim are infringed by the software, your patent license from such contributor to the software ends automatically.

(C) If you distribute any portion of the software, you must retain all copyright, patent, trademark, and attribution notices that are present in the software.

(D) If you distribute any portion of the software in source code form, you may do so only under this license by including a complete copy of this license with your distribution. If you distribute any portion of the software in compiled or object code form, you may only do so under a license that complies with this license.

(E) The software is licensed "as-is." You bear the risk of using it. The contributors give no express warranties, guarantees or conditions. You may have additional consumer rights under your local laws which this license cannot change. To the extent permitted under your local laws, the contributors exclude the implied warranties of merchantability, fitness for a particular purpose and non-infringement.

websocket-sharp

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Photoshop PSD FileType Plugin for Paint.NET

/////////////////////////////////////////////////////////////////////////////////

Photoshop PSD FileType Plugin for Paint.NET

www.psdplugin.com/

MIT License: opensource.org/licenses/mit-license.php

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

/////////////////////////////////////////////////////////////////////////////////

Portions of the software have been adapted from Yet Another PSD Parser:

www.codeproject.com/Articles/15905/Yet-Another-PSD-Parser

These portions are provided under the BSD License:

opensource.org/licenses/BSD-3-Clause

----

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

* Neither the name of Jonas Beckeman nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY JONAS BECKEMAN AND CONTRIBUTORS ''AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JONAS BECKEMAN AND CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

/////////////////////////////////////////////////////////////////////////////////

unity-webview

The zlib License

-------------------------------------

This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software.

Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions:

1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required.

2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software.

3. This notice may not be removed or altered from any source distribution.

Spine Runtimes

Spine Runtimes Software License v2.5

You are granted a perpetual, non-exclusive, non-sublicensable, and non-transferable license to use, install, execute, and perform the Spine Runtimes software and derivative works solely for personal or internal use. Without the written permission of Esoteric Software (see Section 2 of the Spine Software License Agreement), you may not (a) modify, translate, adapt, or develop new applications using the Spine Runtimes or otherwise create derivative works or improvements of the Spine Runtimes or (b) remove, delete, alter, or obscure any trademarks or any copyright, trademark, patent, or other intellectual property or proprietary rights notices on or in the Software, including any copy thereof. Redistributions in binary or source form must include this license and terms.

THIS SOFTWARE IS PROVIDED BY ESOTERIC SOFTWARE "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ESOTERIC SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, BUSINESS INTERRUPTION, OR LOSS OF USE, DATA, OR PROFITS) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

MessagePack for C#

MIT License

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

---

lz4net

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

MiniJSON

Based on the JSON parser by Patrick van Bergen

http://techblog.procurios.nl/k/618/news/view/14605/14863/How-do-I-write-my-own-parser-for-JSON.html

Simplified it so that it doesn't throw exceptions and can be used in Unity iPhone with maximum code stripping.

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

ClosedXML

MIT License

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

ParticleEffectForUGUI

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

Parse

BSD License

For Parse .NET SDK software

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

* Neither the name Parse nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

Sharpen

Sharpen is released under the MIT license:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

Firebase Data Processing and Security Terms

Terms last modified: June 1, 2023

The customer agreeing to these terms ("Customer"), and Google LLC (formerly known as Google Inc.), Google Ireland Limited, Google Asia Pacific Pte. Ltd., or any other entity that directly or indirectly controls, is controlled by, or is under common control with Google LLC (as applicable, "Google"), have entered into an agreement under which Google has agreed to provide Firebase Services (as described at firebase.google.com/terms) which specifically reference the Firebase Data Processing and Security Terms (as amended from time to time, the "Agreement").

These Firebase Data Processing and Security Terms, including their appendices, (the "Terms") are incorporated into the Agreement. These Terms will be effective and replace any previously applicable data processing and security terms as from the Terms Effective Date (as defined below). ?With respect to the Firebase Crashlytics and Firebase App Distribution Terms of Service under which Google has agreed to provide Firebase Crashlytics and Firebase App Distribution Services, these Terms were formerly known as the "Crashlytics and App Distribution Data Processing and Security Terms."

1. Introduction

These Terms reflect the parties' agreement with respect to the terms governing the processing and security of Customer Data under the Agreement.

2. Definitions

2.1 Capitalized terms used but not defined in these Terms have the meanings set out in the Agreement. In these Terms, unless stated otherwise:

・Account has the meaning given in the Agreement or, if no such meaning is given, means Customer's account for the Services.

・Additional Product means a product, service or application provided by Google or a third party that: (a) is not part of the Services; and (b) is accessible for use within the user interface of the Services or is otherwise integrated with the Services.

・Additional Security Controls means security resources, features, functionality and/or controls that Customer may use at its option and/or as it determines, including the Admin Console and other features and/or functionality of the Services such as logging and monitoring and identity and access management.

・Adequate Country means:

(a) for data processed subject to the EU GDPR: the EEA, or a country or territory recognized as ensuring adequate data protection under the EU GDPR;

(b) for data processed subject to the UK GDPR: the UK or a country or territory recognized as ensuring adequate data protection under the UK GDPR and the Data Protection Act 2018; and/or

(c) for data processed subject to the Swiss FDPA: Switzerland, or a country or territory that is (i) included in the list of the states whose legislation ensures adequate protection as published by the Swiss Federal Data Protection and Information Commissioner, or (ii) recognized as ensuring adequate data protection under the Swiss FDPA,

in each case, other than on the basis of an optional data protection framework.

・Admin Console has the meaning given in the Agreement or, if no such meaning is given, means the online console(s) and/or tool(s) provided by Google to Customer for administering the Services.

・Affiliate has the meaning given in the Agreement or, if no such meaning is given, means any entity that directly or indirectly controls, is controlled by, or is under common control with, a party.

・Alternative Transfer Solution means a solution, other than SCCs, that enables the lawful transfer of personal data to a third country in accordance with European Data Protection Law, for example a data protection framework recognized as ensuring that participating local entities provide adequate protection.

・Audited Services means the then-current Services indicated as being in-scope for the relevant certification or report at firebase.google.com/support/privacy/#certifications, as may be updated by Google from time to time.

・Customer Data has the meaning given in the Agreement or, if no such meaning is given, has the meaning given to "Developer Data" in the Agreement, or if no such meaning is given, means data provided by or on behalf of Customer or Customer End Users via the Services (except TSS and any other support services, if applicable) under the Account.

・Customer End Users means the individuals who are permitted by Customer to use the Services. For clarity, Customer End Users may include employees of Customer Affiliates and other authorized third parties.

・Customer Personal Data means the personal data contained within the Customer Data, including any special categories of personal data defined under European Data Protection Law.

・Customer SCCs means the SCCs (Controller-to-Processor), the SCCs (Processor-to-Processor), and/or the SCCs (Processor-to-Controller), as applicable.

・Data Incident means a breach of Google's security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data on systems managed by or otherwise controlled by Google.

・European Data Protection Law means, as applicable: (a) the GDPR; and/or (b) the Swiss FDPA.

・EEA means the European Economic Area.

・EU GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

・European Law means, as applicable: (a) EU or EU Member State law (if the EU GDPR applies to the processing of Customer Personal Data); and (b) the law of the UK or a part of the UK (if the UK GDPR applies to the processing of Customer Personal Data).

・GDPR means, as applicable: (a) the EU GDPR; and/or (b) the UK GDPR.

・Google's Third Party Auditor means a Google-appointed, qualified and independent third party auditor, whose then-current identity Google will disclose to Customer.

・Instructions has the meaning given in Section 5.2.1 (Customer’s Instructions).

・ISO 27001 Certification means an ISO/IEC 27001:2013 certification or a comparable certification for the Audited Services.

・Non-European Data Protection Law means data protection or privacy laws in force outside the EEA, Switzerland, and the UK.

・Notification Email Address means the email address(es) designated by Customer in the Admin Console to receive certain notifications from Google. Customer is responsible for using the Admin Console to ensure that its Notification Email Address remains current and valid.

・SCCs means the Customer SCCs and/or SCCs (Processor-to-Processor, Google Exporter), as applicable.

・SCCs (Controller-to-Processor) means the terms at: firebase.google.com/terms/firebase-sccs-eu-c2p

・SCCs (Processor-to-Controller) means the terms at: firebase.google.com/terms/firebase-sccs-eu-p2c

・SCCs (Processor-to-Processor) means the terms at: firebase.google.com/terms/firebase-sccs-eu-p2p

・SCCs (Processor-to-Processor, Google Exporter) means the terms at: firebase.google.com/terms/firebase-sccs-eu-p2p-google-exporter

・Security Documentation means all documents and information made available by Google under Section 7.5.1 (Reviews of Security Documentation).

・Security Measures has the meaning given in Section 7.1.1 (Google's Security Measures).

・Services has the meaning given to "Paid Services", "APIs" or "Services" (as applicable) in the Agreement.

・SOC 2 Report means a confidential Service Organization Control (SOC) 2 report (or a comparable report) on Google's systems examining logical security controls, physical security controls, and system availability, as produced by Google's Third Party Auditor in relation to the Audited Services.

・Subprocessor means a third party authorized as another processor under these Terms to have logical access to and process Customer Data in order to provide parts of the Services and TSS (if applicable).

・Supervisory Authority means, as applicable: (a) a "supervisory authority" as defined in the EU GDPR; and/or (b) the "Commissioner" as defined in the UK GDPR and/or the Swiss FDPA.

・Swiss FDPA means the Federal Data Protection Act of 19 June 1992 (Switzerland).

・Term means the period from the Terms Effective Date until the end of Google's provision of the Services, including, if applicable, any period during which provision of the Services may be suspended and any post-termination period during which Google may continue providing the Services for transitional purposes.

・Terms Effective Date means the date on which Customer accepted, or the parties otherwise agreed to, these Terms.

・TSS means technical support services that Google has agreed to provide to Customer under an agreement that incorporates the Firebase Technical Support Services Guide available at cloud.google.com/terms/tssg/firebase/.

・UK GDPR means the EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018, and applicable secondary legislation made under that Act.

2.2 The terms "personal data", "data subject", "processing", "controller", and "processor" as used in these Terms have the meanings given in the GDPR, irrespective of whether European Data Protection Law or Non-European Data Protection Law applies.

3. Duration

Regardless of whether the Agreement has terminated or expired, these Terms will remain in effect until, and automatically expire when Google deletes all Customer Data as described in these Terms.

4. Scope of Data Protection Law

4.1 Application of European Law. The parties acknowledge that European Data Protection Law will apply to the processing of Customer Personal Data, if, for example:

a. the processing is carried out in the context of the activities of an establishment of Customer in the territory of the EEA or the UK; and/or

b. the Customer Personal Data is personal data relating to data subjects who are in the EEA or the UK and the processing relates to the offering to them of goods or services in the EEA or the UK or the monitoring of their behaviour in the EEA or the UK.

4.2 Application of Non-European Law. The parties acknowledge that Non-European Data Protection Law may also apply to the processing of Customer Personal Data.

4.3 Application of Terms. Except to the extent these Terms state otherwise, these Terms will apply irrespective of whether European Data Protection Law or Non-European Data Protection Law applies to the processing of Customer Personal Data.

5. Processing of Data

5.1 Roles and Regulatory Compliance; Authorization.

5.1.1 Processor and Controller Responsibilities. If European Data Protection Law applies to the processing of Customer Personal Data:

a. the subject matter and details of the processing are described in Appendix 1;

b. Google is a processor of that Customer Personal Data under European Data Protection Law;

c. Customer is a controller or processor, as applicable, of that Customer Personal Data under European Data Protection Law; and

d. each party will comply with the obligations applicable to it under European Data Protection Law with respect to the processing of that Customer Personal Data.

5.1.2 Processor Customers. If European Data Protection Law applies to the processing of Customer Personal Data and Customer is a processor:

a. Customer warrants on an ongoing basis that the relevant controller has authorized: (i) the Instructions, (ii) Customer’s appointment of Google as another processor, and (iii) Google’s engagement of Subprocessors as described in Section 11 (Subprocessors);

b. Customer will immediately forward to the relevant controller any notice provided by Google under Sections 5.2.3 (Instruction Notifications), 7.2.1 (Incident Notification), 9.2.1 (Responsibility for Requests), 11.4 (Opportunity to Object to Subprocessor Changes) or that refers to any SCCs; and

c. Customer may:

i. request access for the relevant controller to the SOC 2 Report in accordance with Section 7.5.3(a); and

ii. make available to the relevant controller any other information made available by Google under Sections 10.4 (Supplementary Measures and Information), 10.3 (Data Centre Information) and 11.2 (Information about Subprocessors).

5.1.3 Responsibilities under Non-European Law. If Non-European Data Protection Law applies to either party’s processing of Customer Personal Data, the relevant party will comply with any obligations applicable to it under that law with respect to the processing of that Customer Personal Data.

5.2 Scope of Processing.

5.2.1 Customer's Instructions. Customer instructs Google to process Customer Personal Data in accordance with applicable law only: (a) to provide, secure and monitor the Services and TSS (if applicable); (b) as further specified via Customer's use of the Services (including the Admin Console and other functionality of the Services) and TSS (if applicable); (c) as documented in the form of the Agreement (including these Terms); and (d) as further documented in any other written instructions given by Customer and acknowledged by Google as constituting instructions for purposes of these Terms (collectively, the "Instructions").

5.2.2 Google's Compliance with Instructions. Google will comply with the Instructions unless prohibited by European Law.

5.2.3 Instruction Notifications. Without prejudice to Google’s obligations under Section 5.2.1 (Customer’s Instructions) or any other rights or obligations of either party under the Agreement, Google will immediately notify Customer if, in Google’s opinion, (a) European Law prohibits Google from complying with an Instruction; (b) an Instruction does not comply with European Data Protection Law; or (c) Google is otherwise unable to comply with an Instruction, in each case unless such notice is prohibited by European Law.

5.3 Additional Products. If Customer uses any Additional Product, the Services may allow that Additional Product to access Customer Personal Data as required for the interoperation of the Additional Product with the Services. For clarity, these Terms do not apply to the processing of personal data in connection with the provision of any Additional Product used by Customer, including personal data transmitted to or from that Additional Product.

6. Data Deletion

6.1 Deletion by Customer. Google will enable Customer to delete Customer Data during the Term in a manner consistent with the functionality of the Services. If Customer uses the Services to delete any Customer Data during the Term and that Customer Data cannot be recovered by Customer, this use will constitute an Instruction to Google to delete the relevant Customer Data from Google's systems in accordance with applicable law. Google will comply with this Instruction as soon as reasonably practicable and within a maximum period of 180 days, unless European Law requires storage.

6.2 Return or Deletion at the end of the Term. If Customer wishes to retain any Customer Data after the end of the Term, it may instruct Google in accordance with Section 9.1 (Access; Rectification; Restricted Processing; Portability) to return that data during the Term. Customer instructs Google to delete all remaining Customer Data (including existing copies) from Google’s systems at the end of the Term in accordance with applicable law. After a recovery period of up to 30 days from that date, Google will comply with this Instruction as soon as reasonably practicable and within a maximum period of 180 days, unless European Law requires storage.

7. Data Security

7.1 Google's Security Measures, Controls and Assistance.

7.1.1 Google's Security Measures. Google will implement and maintain technical, organizational and physical measures to protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access as described in Appendix 2 (the "Security Measures"). The Security Measures include measures to encrypt personal data; to help ensure ongoing confidentiality, integrity, availability and resilience of Google's systems and services; to help restore timely access to personal data following an incident; and for regular testing of effectiveness. Google may update the Security Measures from time to time provided that such updates do not result in a material reduction of the security of the Services.

7.1.2 Access and Compliance. Google will (a) authorize its employees, contractors and Subprocessors to access Customer Personal Data only as strictly necessary to comply with Instructions; (b) take appropriate steps to ensure compliance with the Security Measures by its employees, contractors and Subprocessors to the extent applicable to their scope of performance and (c) ensure that all persons authorized to process Customer Personal Data are under an obligation of confidentiality.

7.1.3 Additional Security Controls. Google will make Additional Security Controls available to: (a) allow Customer to take steps to secure Customer Data; and (b) provide Customer with information about securing, accessing and using Customer Data.

7.1.4 Google's Security Assistance. Google will (taking into account the nature of the processing of Customer Personal Data and the information available to Google) assist Customer in ensuring compliance with its (or, where Customer is a processor, the relevant controller’s) obligations under Articles 32 to 34 of the GDPR, by:

a. implementing and maintaining the Security Measures in accordance with Section 7.1.1 (Google's Security Measures);

b. making Additional Security Controls available to Customer in accordance with Section 7.1.3 (Additional Security Controls);

c. complying with the terms of Section 7.2 (Data Incidents); and

d. providing Customer with the Security Documentation in accordance with Section 7.5.1 (Reviews of Security Documentation) and the information contained in the Agreement (including these Terms).

7.2. Data Incidents.

7.2.1 Incident Notification. Google will notify Customer promptly and without undue delay after becoming aware of a Data Incident, and promptly take reasonable steps to minimize harm and secure Customer Data.

7.2.2 Details of Data Incident. Google’s notification of a Data Incident will describe: the nature of the Data Incident including the Customer resources impacted; the measures Google has taken, or plans to take, to address the Data Incident and mitigate its potential risk; the measures, if any, Google recommends that Customer take to address the Data Incident; and details of a contact point where more information can be obtained. If it is not possible to provide all such information at the same time, Google’s initial notification will contain the information then available and further information will be provided without undue delay as it becomes available.

7.2.3 Delivery of Notification. Notification(s) of any Data Incident(s) will be delivered to the Notification Email Address or, at Google's discretion, by direct communication (for example, by phone call or an in-person meeting). Customer is solely responsible for ensuring that the Notification Email Address is current and valid.

7.2.4 No Assessment of Customer Data by Google. Google has no obligation to assess Customer Data in order to identify information subject to any specific legal requirements.

7.2.5 No Acknowledgement of Fault by Google. Google's notification of or response to a Data Incident under this Section 7.2 (Data Incidents) will not be construed as an acknowledgement by Google of any fault or liability with respect to the Data Incident.

7.3 Customer's Security Responsibilities and Assessment.

7.3.1 Customer's Security Responsibilities. Without prejudice to Google's obligations under Sections 7.1 (Google's Security Measures, Controls and Assistance) and 7.2 (Data Incidents), and elsewhere in the Agreement, Customer is responsible for its use of the Services and its storage of any copies of Customer Data outside Google’s or Google’s Subprocessors’ systems, including:

a. using the Services and Additional Security Controls to ensure a level of security appropriate to the risk to the Customer Data;

b. securing the account authentication credentials, systems and devices Customer uses to access the Services; and

c. backing up or retaining copies of its Customer Data as appropriate.

7.3.2 Customer's Security Assessment. Customer agrees that the Services, Security Measures implemented and maintained by Google, Additional Security Controls and Google’s commitments under this Section 7 (Data Security) provide a level of security appropriate to the risk to Customer Data (taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Customer Personal Data as well as the risks to individuals).

7.4 Security Certifications and Reports. Google will maintain at least the following in order to evaluate the continued effectiveness of the Security Measures: (a) the ISO 27001 Certification; and (b) the SOC 2 Report, based on an audit performed at least once every 18 months. Google may add standards at any time. Google may replace the ISO 27001 Certification or the SOC 2 Report with an equivalent or enhanced alternative.

7.5 Reviews and Audits of Compliance.

7.5.1 Reviews of Security Documentation. Google will make the ISO 27001 Certification and the then-current SOC 2 Report available for review by Customer to demonstrate compliance by Google with its obligations under these Terms.

7.5.2 Customer's Audit Rights.

a. If European Data Protection Law applies to the processing of Customer Personal Data, Google will allow Customer or an independent auditor appointed by Customer to conduct audits (including inspections) to verify Google's compliance with its obligations under these Terms in accordance with Section 7.5.3 (Additional Business Terms for Reviews and Audits). During an audit, Google will make available all information necessary to demonstrate such compliance and contribute to the audit as described in Section 7.4 (Security Certifications and Reports) and this Section 7.5 (Reviews and Audits of Compliance).

b. If Customer SCCs apply as described in Section 10.2 (Restricted European Transfers), Google will allow Customer (or an independent auditor appointed by Customer) to conduct audits as described in the SCCs and, during an audit, make available all information required by the SCCs, both in accordance with Section 7.5.3 (Additional Business Terms for Reviews and Audits).

c. Customer may conduct an audit to verify Google's compliance with its obligations under these Terms by reviewing the Security Documentation (which reflects the outcome of audits conducted by Google's Third Party Auditor).

7.5.3 Additional Business Terms for Reviews and Audits.

a. Customer must send any requests for reviews of the SOC 2 Report under Section 5.1.2(c)(i) or 7.5.1, or any audits under Section 7.5.2(a) or 7.5.2(b), via firebase.google.com/support/privacy/dpo as described in Section 12 (Firebase Data Protection Team; Processing Records).

b. Following receipt by Google of a request under Section 7.5.3(a), Google and Customer will discuss and agree in advance on: (i) the reasonable date(s) of and security and confidentiality controls applicable to any review of the SOC 2 Report under Section 5.1.2(c)(i) or 7.5.1; and (ii) the reasonable start date, scope and duration of and security and confidentiality controls applicable to any audit under Section 7.5.2(a) or 7.5.2(b).

c. Google may charge a fee (based on Google's reasonable costs) for any audit under Section 7.5.2(a) or 7.5.2(b). Google will provide Customer with further details of any applicable fee, and the basis of its calculation, in advance of any such audit. Customer will be responsible for any fees charged by any auditor appointed by Customer to execute any such audit.

d. Google may object in writing to an auditor appointed by Customer to conduct any audit under Section 7.5.2(a) or 7.5.2(b) if the auditor is, in Google's reasonable opinion, not suitably qualified or independent, a competitor of Google, or otherwise manifestly unsuitable. Any such objection by Google will require Customer to appoint another auditor or conduct the audit itself.

e. Nothing in these Terms will require Google either to disclose to Customer or its third party auditor, or to allow Customer or its third party auditor to access:

i. any data of any other customer of Google or its Affiliates;

ii.Google or its Affiliates' internal accounting or financial information;

iii. any trade secret of Google or its Affiliates;

iv. any information that, in Google's reasonable opinion, could: (A) compromise the security of any of Google or its Affiliates' systems or premises; or (B) cause Google or its Affiliates to breach obligations under European Data Protection Law or its security and/or privacy obligations to Customer or any third party; or

v. any information that Customer or its third party auditor seeks to access for any reason other than the good faith fulfilment of Customer's obligations under European Data Protection Law.

8. Impact Assessments and Consultations

Google will (taking into account the nature of the processing and the information available to Google) assist Customer in ensuring compliance with its (or, where Customer is a processor, the relevant controller’s) obligations under Articles 35 and 36 of the GDPR, by:

a. providing Additional Security Controls in accordance with Section 7.1.3 (Additional Security Controls) and the Security Documentation in accordance with Section 7.5.1 (Reviews of Security Documentation);

b. providing the information contained in the Agreement including these Terms; and

c. providing or otherwise making available, in accordance with Google’s standard practices, other materials concerning the nature of the Services and the processing of Customer Personal Data (for example, help center materials).

9. Access etc.; Data Subject Rights; Data Export

9.1 Access; Rectification; Restricted Processing; Portability. During the Term, Google will enable Customer, in a manner consistent with the functionality of the Services, to access, rectify and restrict processing of Customer Data, including via the deletion functionality provided by Google as described in Section 6.1 (Deletion by Customer), and to export Customer Data. If Customer becomes aware that any Customer Personal Data is inaccurate or outdated, Customer will be responsible for using such functionality to rectify or delete that data if required by applicable European Data Protection Law.

9.2 Data Subject Requests.

9.2.1 Responsibility for Requests. During the Term, if Google receives a request from a data subject via firebase.google.com/support/privacy/dpo that relates to Customer Personal Data and identifies Customer, Google will (a) advise the data subject to submit their request to Customer, (b) promptly notify Customer upon the data subject’s request, provided the data subject has identified Customer; and (c) not otherwise respond to that data subject’s request without authorization from Customer. Customer will be responsible for responding to any such request including, where necessary, by using the functionality of the Services.

9.2.2 Google's Data Subject Request Assistance. Google will (taking into account the nature of the processing of Customer Personal Data) assist Customer in fulfilling its (or, where Customer is a processor, the relevant controller’s) obligations under Chapter III of the GDPR to respond to requests for exercising the data subject's rights by:

a. providing Additional Security Controls in accordance with Section 7.1.3 (Additional Security Controls);

b. complying with Sections 9.1 (Access; Rectification; Restricted Processing; Portability) and 9.2.1 (Responsibility for Requests); and

c. providing the functionality of the Services.

10. Data Transfers

10.1 Data Storage and Processing Facilities. Subject to Google’s data location commitments in the Agreement (if applicable) and to the remainder of this Section 10 (Data Transfers), Customer Data may be processed in any country in which Google or its Subprocessors maintain facilities.

10.2 Restricted European Transfers. The parties acknowledge that European Data Protection Law does not require SCCs or an Alternative Transfer Solution in order for Customer Personal Data to be processed in or transferred to an Adequate Country. If Customer Personal Data is transferred to any other country, and European Data Protection Law applies to the transfers ("Restricted European Transfers"), then:

a. if Google has adopted an Alternative Transfer Solution for any Restricted European Transfers, then Google will inform Customer of the relevant solution and ensure that such Restricted European Transfers are made in accordance with that solution; and/or

b. if Google has not adopted, or has informed Customer that Google is no longer adopting, an Alternative Transfer Solution for any Restricted European Transfers, then:

i. if Google’s address is in an Adequate Country:

A. the SCCs (Processor-to-Processor, Google Exporter) will apply with respect to such Restricted European Transfers from Google to Subprocessors; and

B. in addition, if Customer’s address is not in an Adequate Country, the SCCs (Processor-to-Controller) will apply (regardless of whether Customer is a controller and/or processor) with respect to Restricted European Transfers between Google and Customer; or

ii. if Google’s address is not in an Adequate Country, the SCCs (Controller-to-Processor) and/or SCCs (Processor-to-Processor) will apply (according to whether Customer is a controller and/or processor) with respect to such Restricted European Transfers between Customer and Google.

10.3 Data Centre Information. Information about the locations of Google data centers is available at: www.google.com/about/datacenters/inside/locations/index.html (as may be updated by Google from time to time).

10.4 Supplementary Measures and Information. Without prejudice to any further supplementary measures and information Google may provide to Customer from time to time, Google will provide Customer with information relevant to Restricted European Transfers, including information about Additional Security Controls and other supplementary measures to protect Customer Personal Data:

a. as described in Section 7.5.1 (Reviews of Security Documentation);

b. in the documentation for the Services, available at firebase.google.com/docs; and

c. in the Firebase Privacy and Security website, available at firebase.google.com/support/privacy.

10.5 Termination. If Customer concludes, based on its current or intended use of the Services, that the Alternative Transfer Solution and/or SCCs, as applicable, do not provide appropriate safeguards for Customer Personal Data, then Customer may immediately terminate the Agreement for convenience by notifying Google.

11. Subprocessors

11.1 Consent to Subprocessor Engagement. Customer specifically authorizes the engagement as Subprocessors of those entities listed as of the Terms Effective Date at the URL specified in Section 11.2 (Information about Subprocessors). In addition, without prejudice to Section 11.4 (Opportunity to Object to Subprocessor Changes), Customer generally authorizes the engagement of any other third parties as Subprocessors ("New Subprocessors").

11.2 Information about Subprocessors. Information about Subprocessors, including their names, locations and activities, is available at: firebase.google.com/terms/subprocessors (as may be updated by Google from time to time in accordance with these Terms).

11.3 Requirements for Subprocessor Engagement. When engaging any Subprocessor, Google will:

a. ensure via a written contract that:

i. the Subprocessor only accesses and uses Customer Data to the extent required to perform the obligations subcontracted to it, and does so in accordance with the Agreement (including these Terms); and

ii. if the processing of Customer Personal Data is subject to European Data Protection Law, the data protection obligations described in these Terms (as referred to in Article 28(3) of the GDPR, if applicable) are imposed on the Subprocessor; and

b. remain fully liable for all obligations subcontracted to, and all acts and omissions of, the Subprocessor.

11.4 Opportunity to Object to Subprocessor Changes.

a. When any New Subprocessor is engaged during the Term, Google will, at least 30 days before the New Subprocessor starts processing any Customer Data, notify Customer of the engagement (including the name, location and activities of the New Subprocessor).

b. Customer may, within 90 days after being notified of the engagement of a New Subprocessor, object by immediately terminating the Agreement for convenience by notifying Google.

12. Firebase Data Protection Team; Processing Records

12.1 Google's Representative. Customer may contact a Google representative in relation to the exercise of its rights under these Terms via the methods described at firebase.google.com/support/privacy/dpo (and/or via such other means as Google may provide from time to time). Such representative will provide prompt and reasonable assistance with any Customer queries related to processing of Customer Personal Data under the Agreement.

12.2 Google's Processing Records. Google will keep appropriate documentation of its processing activities as required by the GDPR. Customer acknowledges that Google is required under the GDPR to: (a) collect and maintain records of certain information, including (i) the name and contact details of each processor and/or controller on behalf of which Google is acting and (if applicable) of such processor's or controller's local representative and data protection officer, (ii) if applicable under the Customer SCCs, Customer’s Supervisory Authority; and (b) make such information available to the Supervisory Authorities. Accordingly Customer will, where requested and as applicable to Customer, provide such information to Google via the Admin Console or via such other means as may be provided by Google, and will use the Admin Console or such other means to ensure that all information provided is kept accurate and up-to-date.

12.3 Controller Requests. During the Term, if Google receives a request or instruction via the methods described in Section 12.1 (Google’s Representative), or any other method, from a third party purporting to be a controller of Customer Personal Data, Google will advise the third party to contact Customer.

13. Liability

13.1 Liability Cap. If the Agreement is governed by the laws of:

a. a state of the United States of America, then, notwithstanding anything else in the Agreement, the total liability of either party towards the other party under or in connection with these Terms will be limited to the maximum monetary or payment-based amount at which that party's liability is capped under the Agreement (and therefore, any exclusion of indemnification claims from the Agreement's limitation of liability will not apply to indemnification claims under the Agreement relating to European Data Protection Law or Non-European Data Protection Law); or

b. a jurisdiction that is not a state of the United States of America, then the liability of the parties under or in connection with these Terms will be subject to the exclusions and limitations of liability in the Agreement.

14. Interpretation

14.1 Precedence. Notwithstanding anything to the contrary in the Agreement, to the extent of any conflict or inconsistency between:

a. these Terms and the remainder of the Agreement, these Terms will prevail; and

b. any Customer SCCs (which are incorporated by reference into these Terms) and the remainder of the Agreement (including these Terms), the Customer SCCs will prevail.

14.2 Legacy UK SCCs. The supplementary terms for UK GDPR transfers in the SCCs will, as of 21 September 2022, supersede and terminate any standard contractual clauses approved under the UK GDPR or Data Protection Act 2018 and previously entered into by Customer and Google ("Legacy UK SCCs"). This Section 14.2 will not affect either parties’ rights, or any data subject’s rights, that may have accrued under the Legacy UK SCCs while they were in force.

14.3 No Modification of SCCs. Nothing in the Agreement (including these Terms) is intended to modify or contradict any SCCs or prejudice the fundamental rights or freedoms of data subjects under European Data Protection Law.

15. Changes to these Terms

15.1 Changes to URLs. From time to time, Google may change any URL referenced in these Terms and the content at any such URL, except that Google may only change the SCCs in accordance with Sections 15.2(b) - 15.2(d) (Changes to these Terms) or to incorporate any new version of the SCCs that may be adopted under European Data Protection Law, in each case in a manner that does not affect the validity of the SCCs under European Data Protection Law.

15.2 Changes to these Terms. Google may change these Terms if the change:

a. is expressly permitted by these Terms, including as described in Section 15.1 (Changes to URLs);

b. reflects a change in the name or form of a legal entity;

c. is required to comply with applicable law, applicable regulation, a court order or guidance issued by a governmental regulator or agency, or reflects Google’s adoption of an Alternative Transfer Solution; or

d. does not: (i) result in a material reduction of the security of the Services; (ii) expand the scope of, or remove any restrictions on, Google's processing of Customer Personal Data, as described in Section 5.2 (Scope of Processing); and (iii) otherwise have a material adverse impact on Customer's rights under these Terms, as reasonably determined by Google.

15.3 Notification of Changes. If Google makes a material change to these Terms in accordance with Section 15(c) or (d), Google will post the change at the webpage containing the Terms. If Customer does not agree to the revised Terms, Customer may immediately terminate the Agreement for convenience by giving written notice to Google within 90 days of Google posting such change.

Appendix 1: Subject Matter and Details of the Data Processing

Subject Matter

Google's provision of the Services and TSS (if applicable) to Customer.

Duration of the Processing

The Term plus the period from the end of the Term until deletion of all Customer Data by Google in accordance with these Terms.

Nature and Purpose of the Processing

Google will process Customer Data for the purposes of providing the Services and TSS (if applicable) to Customer in accordance with these Terms.

Categories of Data

Data relating to individuals provided to Google via the Services, by (or at the direction of) Customer or by Customer End Users.

Data Subjects

Data subjects include the individuals about whom data is provided to Google via the Services by (or at the direction of) Customer or by Customer End Users.

Appendix 2: Security Measures

As from the Terms Effective Date, Google will implement and maintain the Security Measures described in this Appendix 2.

1. Data Center and Network Security

(a) Data Centers.

Infrastructure. Google maintains geographically distributed data centers. Google stores all production data in physically secure data centers.

Redundancy. Infrastructure systems have been designed to eliminate single points of failure and minimize the impact of anticipated environmental risks. Dual circuits, switches, networks or other necessary devices help provide this redundancy. The Services are designed to allow Google to perform certain types of preventative and corrective maintenance without interruption. All environmental equipment and facilities have documented preventative maintenance procedures that detail the process for and frequency of performance in accordance with the manufacturer's or internal specifications. Preventative and corrective maintenance of the data center equipment is scheduled through a standard change process according to documented procedures.

Power. The data center electrical power systems are designed to be redundant and maintainable without impact to continuous operations, 24 hours a day, 7 days a week. In most cases, a primary as well as an alternate power source, each with equal capacity, is provided for critical infrastructure components in the data center. Backup power is provided by various mechanisms such as uninterruptible power supplies (UPS) batteries, which supply consistently reliable power protection during utility brownouts, blackouts, over voltage, under voltage, and out-of-tolerance frequency conditions. If utility power is interrupted, backup power is designed to provide transitory power to the data center, at full capacity, for up to 10 minutes until the backup generator systems take over. The backup generators are capable of automatically starting up within seconds to provide enough emergency electrical power to run the data center at full capacity typically for a period of days.

Server Operating Systems. Google servers use a Linux based implementation customized for the application environment. Data is stored using proprietary algorithms to augment data security and redundancy. Google employs a code review process to increase the security of the code used to provide the Services and enhance the security of products in production environments.

Businesses Continuity. Google replicates data over multiple systems to help to protect against accidental destruction or loss. Google has designed and regularly plans and tests its business continuity planning/disaster recovery programs.

(b) Networks and Transmission.

Data Transmission. Data centers are typically connected via high-speed private links to provide secure and fast data transfer between data centers. This is designed to prevent data from being read, copied, altered or removed without authorization during electronic transfer or transport or while being recorded onto data storage media. Google transfers data via Internet standard protocols.

External Attack Surface. Google employs multiple layers of network devices and intrusion detection to protect its external attack surface. Google considers potential attack vectors and incorporates appropriate purpose built technologies into external facing systems.

Intrusion Detection. Intrusion detection is intended to provide insight into ongoing attack activities and provide adequate information to respond to incidents. Google's intrusion detection involves:

1. tightly controlling the size and make-up of Google's attack surface through preventative measures;

2. employing intelligent detection controls at data entry points; and

3. employing technologies that automatically remedy certain dangerous situations.

Incident Response. Google monitors a variety of communication channels for security incidents, and Google's security personnel will react promptly to known incidents.

Encryption Technologies. Google makes HTTPS encryption (also referred to as SSL or TLS connection) available. Google servers support ephemeral elliptic curve Diffie-Hellman cryptographic key exchange signed with RSA and ECDSA. These perfect forward secrecy (PFS) methods help protect traffic and minimize the impact of a compromised key, or a cryptographic breakthrough.

2. Access and Site Controls

a. Site Controls.

On-site Data Center Security Operation. Google's data centers maintain an on-site security operation responsible for all physical data center security functions 24 hours a day, 7 days a week. The on-site security operation personnel monitor closed circuit TV (CCTV) cameras and all alarm systems. On-site security operation personnel perform internal and external patrols of the data center regularly.

Data Center Access Procedures. Google maintains formal access procedures for allowing physical access to the data centers. The data centers are housed in facilities that require electronic card key access, with alarms that are linked to the on-site security operation. All entrants to the data center are required to identify themselves as well as show proof of identity to on-site security operations. Only authorized employees, contractors and visitors are allowed entry to the data centers. Only authorized employees and contractors are permitted to request electronic card key access to these facilities. Data center electronic card key access requests must be made through e-mail, and require the approval of the requestor's manager and the data center director. All other entrants requiring temporary data center access must: (i) obtain approval in advance from the data center managers for the specific data center and internal areas they wish to visit; (ii) sign in at on-site security operations; and (iii) reference an approved data center access record identifying the individual as approved.

On-site Data Center Security Devices. Google's data centers employ a dual authentication access control system that is linked to a system alarm. The access control system monitors and records each individual's electronic card key and when they access perimeter doors, shipping and receiving, and other critical areas. Unauthorized activity and failed access attempts are logged by the access control system and investigated, as appropriate. Authorized access throughout the business operations and data centers is restricted based on zones and the individual's job responsibilities. The fire doors at the data centers are alarmed. CCTV cameras are in operation both inside and outside the data centers. The positioning of the cameras has been designed to cover strategic areas including, among others, the perimeter, doors to the data center building, and shipping/receiving. On-site security operations personnel manage the CCTV monitoring, recording and control equipment. Secure cables throughout the data centers connect the CCTV equipment. Cameras record on site via digital video recorders 24 hours a day, 7 days a week. The surveillance records are retained for up to 30 days based on activity.

b. Access Control.

Infrastructure Security Personnel. Google has, and maintains, a security policy for its personnel, and requires security training as part of the training package for its personnel. Google's infrastructure security personnel are responsible for the ongoing monitoring of Google's security infrastructure, the review of the Services, and responding to security incidents.

Access Control and Privilege Management. Customer's administrators and Customer End Users must authenticate themselves via a central authentication system or via a single sign on system in order to administer the Services.

Internal Data Access Processes and Policies - Access Policy. Google's internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to systems used to process Customer Personal Data. Google designs its systems to (i) only allow authorized persons to access data they are authorized to access; and (ii) ensure that Customer Personal Data cannot be read, copied, altered or removed without authorization during processing, use and after recording. The systems are designed to detect any inappropriate access. Google employs a centralized access management system to control personnel access to production servers, and only provides access to a limited number of authorized personnel. Google's authentication and authorization systems utilize SSH certificates and security keys, and are designed to provide Google with secure and flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and configuration information. Google requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimize the potential for unauthorized account use. The granting or modification of access rights is based on: the authorized personnel's job responsibilities; job duty requirements necessary to perform authorized tasks; and a need to know basis. The granting or modification of access rights must also be in accordance with Google's internal data access policies and training. Where passwords are employed for authentication (e.g., login to workstations), password policies that follow at least industry standard practices are implemented. These standards include restrictions on password reuse and sufficient password strength. For access to extremely sensitive information, Google uses hardware tokens.

3. Data

a. Data Storage, Isolation and Logging. Google stores data in a multi-tenant environment on Google-owned servers. Google also logically isolates the Customer's data. Customer will be given control over specific data sharing policies. Those policies, in accordance with the functionality of the Services, will enable Customer to determine the product sharing settings applicable to Customer End Users for specific purposes. Customer may choose to use logging functionality that Google may make available via the Services.

b. Decommissioned Disks and Disk Erase Policy. Disks containing data may experience performance issues, errors or hardware failure that lead them to be decommissioned ("Decommissioned Disk"). Every Decommissioned Disk is subject to a series of data destruction processes (the "Disk Erase Policy") before leaving Google's premises either for reuse or destruction. Decommissioned Disks are erased in a multi-step process and verified complete by at least two independent validators. The erase results are logged by the Decommissioned Disk's serial number for tracking. Finally, the erased Decommissioned Disk is released to inventory for reuse and redeployment. If, due to hardware failure, the Decommissioned Disk cannot be erased, it is securely stored until it can be destroyed. Each facility is audited regularly to monitor compliance with the Disk Erase Policy.

4. Personnel Security

Google personnel are required to conduct themselves in a manner consistent with the company's guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. Google conducts reasonably appropriate background checks to the extent legally permissible and in accordance with applicable local labor law and statutory regulations.

Personnel are required to execute a confidentiality agreement and must acknowledge receipt of, and compliance with, Google's confidentiality and privacy policies. Personnel are provided with security training. Personnel handling Customer Data are required to complete additional requirements appropriate to their role (eg., certifications). Google's personnel will not process Customer Data without authorization.

5. Subprocessor Security

Before onboarding Subprocessors, Google conducts an audit of the security and privacy practices of Subprocessors to ensure Subprocessors provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide. Once Google has assessed the risks presented by the Subprocessor, then subject to the requirements described in Section 11.3 (Requirements for Subprocessor Engagement) of these Terms, the Subprocessor is required to enter into appropriate security, confidentiality and privacy contract terms.

Appendix 3: Additional Terms for Non-European Data Protection Law

The following Additional Terms for Non-European Data Protection Law supplement these Data Processing Terms:

・U.S. State Privacy Laws Addendum at terms/usa-privacy-addendum

GOOGLE ANALYTICS FOR FIREBASE TERMS OF SERVICE

Terms last modified: April 17, 2019

These Google Analytics for Firebase Terms of Service are entered into by the entity or individual using the Service ("You") and:

(A) if Your address is in any country within Europe, the Middle East, or Africa: Google Ireland Limited ("Google"), with offices at Gordon House, Barrow Street, Dublin 4, Ireland;

(B) if Your address is in a country within the Asia Pacific region: Google Asia Pacific Pte. Ltd. ("GAP"), of 70 Pasir Panjang Road, #03-71, Mapletree Business City II, Singapore 117371, unless Your address is in one of the following countries, in which case the specified entity as a reseller:

• Australia: Google Australia Pty Ltd of Level 5, 48 Pirrama Road, Pyrmont 2009, NSW, Australia
• New Zealand: Google New Zealand Limited of PWC Tower, Level 27, 188 Quay Street, Auckland, New Zealand 1010
• Japan: Google Japan G.K. of Roppongi Hills Mori Tower, 6-10-1, Roppongi, Minato-ku, Tokyo, Japan ("Google Reseller") and references to "Google" mean Google LLC, GAP, Google Reseller, and/or their affiliates, depending on the context; or

(C) if Your address is anywhere else in the world: Google LLC ("Google"), with offices at 1600 Amphitheatre Parkway, Mountain View, California 94043.

This Agreement (as defined below) governs Your use of Google Analytics for Firebase (the "Service"). BY CLICKING THE "I ACCEPT" BUTTON, COMPLETING THE REGISTRATION PROCESS, OR USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU 　HAVE REVIEWED AND ACCEPT THIS AGREEMENT AND ARE AUTHORIZED TO ACT ON BEHALF OF, AND BIND TO THIS AGREEMENT, THE OWNER OF THIS ACCOUNT. You confirm that you will comply with the Google Analytics for Firebase Policies and that you have separately entered the Google API Terms of Service with Google LLC (which, along with the Google Analytics for Firebase Terms of Service and the Google Analytics for Firebase Policies, mean the "Agreement"). The parties agree as follows:

1. Definitions.

"Account" refers to the account for the Service.

"Affiliate(s)" means in relation to each of the parties: (a) any parent company of that party; and (b) any corporate body of which that party directly or indirectly has control or which is directly or indirectly controlled by the same person or group of persons as that party.

"Confidential Information" includes any proprietary data and any other information disclosed by one party to the other in writing and marked "confidential" or disclosed orally and, within five business days, reduced to writing and marked "confidential". However, Confidential Information will not include any information that is or becomes known to the general public, which is already in the receiving party's possession prior to disclosure by a party or which is independently developed by the receiving party without the use of Confidential Information.

"Customer Data" means the data You collect, process or store using the Service concerning the characteristics and activities of Users.

"Documentation" means any accompanying documentation made available to You by Google for use with the Processing Software, including any documentation available online.

"SDK" means the Firebase Software Development Kit, which is used or incorporated in an App for the purpose of collecting Customer Data, together with any fixes, updates and upgrades provided to You.

"Processing Software" means the Google server-side software and any upgrades, which analyzes the Customer Data and generates the Reports.

"App" means any app or other resource that sends data to the Service. Each App must be under Your control.

"Privacy Policy" means the privacy policy on an App.

"Report" means the resulting analysis made available to You.

"Servers" means the servers controlled by Google or its Affiliates on which the Processing Software and Customer Data are stored.

"Software" means the SDK and the Processing Software.

"Third Party" means any third party (i) to which You provide access to Your Account or (i) for which You use the Service to collect information on the third party's behalf.

"Users" means users of Your Apps.

The words "include" and "including" mean "including but not limited to."

2. Fees and Service.

Google and its Affiliates may change its fees and payment policies for the Service from time to time. The changes to the fees or payment policies are effective upon Your acceptance of those changes which will be posted at firebase.google.com/terms/analytics. Unless otherwise stated, all fees are quoted in U.S. Dollars. Any outstanding balance becomes immediately due and payable upon termination of this Agreement and any collection expenses (including attorneys' fees) incurred by Google and its Affiliates will be included in the amount owed, and may be charged to the credit card or other billing mechanism associated with Your AdWords account.

3. Member Account, Password, and Security.

To register for the Service, You must be acting in the course of business, complete the registration process by providing Google with current, complete and accurate information as prompted by the registration form, including Your e-mail address (username) and password. You will protect Your passwords and take full responsibility for Your own, and third party, use of Your accounts. You are solely responsible for any and all activities that occur under Your Account. You will notify Google immediately upon learning of any unauthorized use of Your Account or any other breach of security. Google or its Affiliates' support staff may, from time to time, log in to the Service under Your Account in order to maintain or improve service, including to provide You assistance with technical or billing issues. By creating Your Account you agree to receive electronic statements from Google and its Affiliates.

4. Nonexclusive License.

Subject to the terms and conditions of this Agreement, (a) Google grants You a limited, revocable, non-exclusive, non-sublicensable license to install, copy and use the SDK solely as necessary for You to use the Service on Your Apps or Third Parties Apps; and (b) You may remotely access, view and download Your Reports. You will not (and You will not allow any third party to) use data labeled as belonging to a third party in the Service for purposes other than generating, viewing, and downloading Reports. You will comply with all applicable laws and regulations and Your agreements with third parties in Your use of and access to the Documentation, Software, Service and Reports.

5. Confidentiality.

Neither party will use or disclose the other party's Confidential Information without the other's prior written consent except for the purpose of performing its obligations under this Agreement or if required by law, regulation or court order; in which case, the party being compelled to disclose Confidential Information will give the other party as much notice as is reasonably practicable prior to disclosing the Confidential Information if permitted by law.

6. Information Rights and Publicity.

Google and its Affiliates may retain and use, subject to the terms of its privacy policy (located at www.google.com/privacy.html), information collected in Your use of the Service. Google will not share Your Customer Data or any Third Party's Customer Data with any third parties unless Google (i) has Your consent for any Customer Data or any Third Party's consent for the Third Party's Customer Data; (ii) concludes that it is required by law or has a good faith belief that access, preservation or disclosure of Customer Data is reasonably necessary to protect the rights, property or safety of Google, its users or the public; or (iii) provides Customer Data in certain limited circumstances to third parties to carry out tasks on Google's behalf (e.g., billing or data storage) with strict restrictions that prevent the data from being used or shared except as directed by Google. When this is done, it is subject to agreements that oblige those parties to process Customer Data only on Google's instructions and in compliance with this Agreement and appropriate confidentiality and security measures.

7. Privacy.

You will not, and will not assist or permit any third party to, pass information to Google that Google could use or recognize as personally identifiable information. You will have and abide by an appropriate Privacy Policy and will comply with all applicable laws, policies, and regulations relating to the collection, usage and sharing of information from Users. You must post a Privacy Policy and that Privacy Policy must provide notice of Your use of cookies, identifiers for mobile devices (e.g., Android Advertising Identifier or Advertising Identifier for iOS) or similar technology that are used to collect data. You must disclose the use of the Service, and how it collects and processes data. This can be done by displaying a prominent link to the site "How Google uses data when you use our partners' sites or apps", (located at www.google.com/policies/privacy/partners/, or any other URL Google may provide from time to time). You will use commercially reasonable efforts to ensure that a User is provided with clear and comprehensive information about, and consents to, the storing and accessing of cookies or other information on the User's device where such activity occurs in connection with the Service and where providing such information and obtaining such consent is required by law.

You must not circumvent any privacy features that are part of the Service.

Your access to and use of any other DoubleClick or Google service is subject to the applicable terms between You and Google regarding that service.

8. Indemnification.

To the maximum extent permitted by applicable law, You will indemnify, hold harmless and defend Google and its Affiliates, at Your expense, from any and all third-party claims, actions, proceedings, and suits brought against Google or any of its officers, directors, employees, agents or Affiliates, and all related liabilities, damages, settlements, penalties, fines, costs or expenses (including, reasonable attorneys' fees and other litigation expenses) incurred by Google or any of its officers, directors, employees, agents or Affiliates, arising out of or relating to (i) Your breach of any term or condition of this Agreement, (ii) Your use of the Service, (iii) Your violations of applicable laws, rules or regulations in connection with the Service, (iv) any representations and warranties made by You concerning any aspect of the Service, the Software or Reports to any Third Party; (v) any claims made by or on behalf of any Third Party pertaining directly or indirectly to Your use of the Service, the Software or Reports; (vi) violations of Your obligations of privacy to any Third Party; and (vii) any claims with respect to acts or omissions of any Third Party in connection with the Service, the Software or Reports. Google will provide You with written notice of any claim, suit or action from which You must indemnify Google and its Affiliates. You will cooperate as fully as reasonably required in the defense of any claim. Google and its Affiliates reserve the right, at their own expense, to assume the exclusive defense and control of any matter subject to indemnification by You.

9. Third Parties.

If You use the Service on behalf of a Third Party or a Third Party otherwise uses the Service through Your Account, whether or not You are authorized by Google to do so, then You represent and warrant that (a) You are authorized to act on behalf of, and bind to this Agreement, the Third Party to all obligations that You have under this Agreement, (b) Google and its Affiliates may share with the Third Party any Customer Data that is specific to the Third Party's Apps, and (c) You will not disclose Third Party's Customer Data to any other party without the Third Party's consent.

10. DISCLAIMER OF WARRANTIES.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EXCEPT AS EXPRESSLY PROVIDED FOR IN THIS AGREEMENT, GOOGLE MAKES NO OTHER WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR USE AND NON-INFRINGEMENT. THE SERVICE IS PROVIDED "AS IS".

11. LIMITATION OF LIABILITY.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, GOOGLE WILL NOT BE LIABLE FOR YOUR LOST PROFITS (WHETHER DIRECT OR INDIRECT) OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE LOSSES OR DAMAGES (WHETHER OR NOT FORESEEABLE OR CONTEMPLATED BY THE PARTIES), EVEN IF GOOGLE OR ITS AFFILIATES HAVE BEEN ADVISED OF, KNEW OR SHOULD HAVE KNOWN THAT SUCH DAMAGES WERE POSSIBLE AND EVEN IF DIRECT DAMAGES DO NOT SATISFY A REMEDY. GOOGLE AND ITS AFFILIATES' TOTAL CUMULATIVE LIABILITY TO YOU OR ANY OTHER PARTY FOR ANY LOSS OR DAMAGES RESULTING FROM CLAIMS, DEMANDS, OR ACTIONS ARISING OUT OF OR RELATING TO THIS AGREEMENT WILL NOT EXCEED $500 (USD).

12. Proprietary Rights Notice.

The Service, which includes the Software and all intellectual property rights therein are, and will remain, the property of Google and its Affiliates. All rights in and to the Software not expressly granted to You in this Agreement are reserved and retained by Google, its Affiliates, and its licensors without restriction, including, Google's (and its Affiliates') right to sole ownership of the Software and Documentation. Without limiting the generality of the foregoing, You agree, to the maximum extent permitted by applicable law, not to (and not to allow any third party to): (a) sublicense, distribute, or use the Service or Software outside of the scope of the license granted in this Agreement; (b) copy, modify, adapt, translate, prepare derivative works from, reverse engineer, disassemble, or decompile the Software or Documentation or otherwise attempt to discover any source code or trade secrets related to the Service; (c) rent, lease, sell, assign or otherwise transfer rights in or to the Software, the Documentation or the Service; (d) use, post, transmit or introduce any device, software or routine which interferes or attempts to interfere with the operation of the Service or the Software; (e) use the trademarks, trade names, service marks, logos, domain names and other distinctive brand features or any copyright or other proprietary rights associated with the Service for any purpose without the express written consent of Google and its Affiliates ; (f) register, attempt to register, or assist anyone else to register any trademark, trade name, serve marks, logos, domain names and other distinctive brand features, copyright or other proprietary rights associated with Google or its Affiliates other than in the name of Google (or its Affiliates as the case may be); (g) remove, obscure, or alter any notice of copyright, trademark, or other proprietary right appearing in or on any item included with the Service or Software or (h) seek, in a proceeding filed during the term of this Agreement or for one year after such term, an injunction of any portion of the Service based on patent infringement.

13. U.S. Government Rights.

If the use of the Service is being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the Government's rights in the Software, including its rights to use, modify, reproduce, release, perform, display or disclose the Software or Documentation, will be subject in all respects to the commercial license rights and restrictions provided in this Agreement.

14. Term and Termination.

Either party may terminate this Agreement at any time with notice. Upon any termination of this Agreement, Google will stop providing, and You will stop using the Service. In the event of any termination (a) You will not be entitled to any refunds of any usage fees or any other fees, and (b) any outstanding balance for Service rendered through the date of termination will be immediately due and payable in full and (c) all of Your historical Report data will no longer be available to You.

15. Modifications to Terms of Service and Other Policies.

Google may modify these terms or any additional terms that apply to the Service to, for example, reflect changes to the law or changes to the Service. You should look at the terms regularly. Google will post notice of modifications to these terms at firebase.google.com/terms/analytics,the Google Analytics for Firebase Policies at firebase.google.com/policies/analytics, or other policies referenced in these terms at the applicable URL for such policies. Changes will not apply retroactively and will become effective no sooner than 14 days after they are posted. If You do not agree to the modified terms for the Service, You should discontinue Your use of the Service. No amendment to or modification of this Agreement will be binding unless (i) in writing and signed by a duly authorized representative of Google, (ii) You accept updated terms online, or (iii) You continue to use the Service after Google has posted updates to the Agreement or to any policy governing the Service.

16. Applicable Law and Venue.

(a) Except as set forth in Sections 16(b) and (c) below, all claims arising out of or relating to this Agreement or the Services ("Disputes") will be governed by California law, excluding California's conflict of laws rules, and all Disputes will be litigated exclusively in the federal or state courts of Santa Clara County, California, USA, and You and Google consent to personal jurisdiction in those courts.

(b) If Your principal place of business (for entities) or place of residence (for individuals) is in any country within APAC (other than Australia, Japan, New Zealand or Singapore) or Latin America, this Section 16(b) will apply instead of Section 16(a) above. ALL DISPUTES (AS DEFINED ABOVE) WILL BE GOVERNED BY CALIFORNIA LAW, EXCLUDING CALIFORNIA'S CONFLICT OF LAWS RULES. The parties will try in good faith to settle any Dispute within 30 days after the Dispute arises. If the Dispute is not resolved within 30 days, it must be resolved by arbitration by the American Arbitration Association's International Centre for Dispute Resolution in accordance with its Expedited Commercial Rules in force as of the date of this Agreement ("Rules"). The parties will mutually select one arbitrator. The arbitration will be conducted in English in Santa Clara County, California, USA. Either party may apply to any competent court for injunctive relief necessary to protect its rights pending resolution of the arbitration. The arbitrator may order equitable or injunctive relief consistent with the remedies and limitations in this Agreement. Subject to the confidentiality requirements in Section 5, either party may petition any competent court to issue any order necessary to protect that party's rights or property; this petition will not be considered a violation or waiver of this governing law and arbitration section and will not affect the arbitrator's powers, including the power to review the judicial decision. The parties stipulate that the courts of Santa Clara County, California, USA, are competent to grant any order under this subsection. The arbitral award will be final and binding on the parties and its execution may be presented in any competent court, including any court with jurisdiction over either party or any of its property. Any arbitration proceeding conducted in accordance with this section will be considered Confidential Information under this Agreement's confidentiality section, including (i) the existence of, (ii) any information disclosed during, and (iii) any oral communications or documents related to the arbitration proceedings. The parties may also disclose the information described in this section to a competent court as may be necessary to file any order under this section or execute any arbitral decision, but the parties must request that those judicial proceedings be conducted in camera (in private). The parties will pay the arbitrator's fees, the arbitrator's appointed experts' fees and expenses, and the arbitration center's administrative expenses in accordance with the Rules. In its final decision, the arbitrator will determine the non-prevailing party's obligation to reimburse the amount paid in advance by the prevailing party for these fees. Each party will bear its own lawyers' and experts' fees and expenses, regardless of the arbitrator's final decision.

(c) If Your principal place of business (for entities) or place of residence (for individuals) is in Greece, all Disputes (as defined above) will be governed by Greek law and the parties submit to the exclusive jurisdiction of the courts of Athens in relation to any Dispute.

17. Miscellaneous

Google and its Affiliates will be excused from performance in this Agreement to the extent that performance is prevented, delayed or obstructed by causes beyond its reasonable control. This Agreement (including any amendment agreed upon by the parties in writing) represents the complete agreement between You and Google concerning its subject matter, and supersedes all prior agreements and representations between the parties. If any provision of this Agreement is held to be unenforceable for any reason, such provision will be reformed to the extent necessary to make it enforceable to the maximum extent permissible so as to effect the intent of the parties, and the remainder of this Agreement will continue in full force and effect. Certain laws of the jurisdiction in which you reside may confer rights and remedies and imply terms into this Agreement that cannot be excluded. Those rights, remedies, and implied terms are not excluded by this Agreement. To the extent that the relevant laws permit Google to limit their operation, Google's liability under those laws will be limited at its option, to the supply of the services again, or payment of the cost of having the services supplied again. The United Nations Convention on Contracts for the International Sale of Goods and the Uniform Computer Information Transactions Act do not apply to this Agreement. The Software is controlled by U.S. Export Regulations, and it may be not be exported to or used by embargoed countries or individuals. Any notices to Google must be sent to: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, with a copy to Legal Department, via first class or air mail or overnight courier, and are deemed given upon receipt. A waiver of any default is not a waiver of any subsequent default. You may not assign or otherwise transfer any of Your rights in this Agreement without Google's prior written consent, and any such attempt is void. Google may assign or otherwise transfer this Agreement to any of its Affiliates. The relationship between Google and You is not one of a legal partnership relationship, but is one of independent contractors. This Agreement will be binding upon and inure to the benefit of the respective successors and assigns of the parties hereto. The following sections of this Agreement will survive any termination thereof: 1, 4, 5, 6 , 7, 8, 9, 10, 11, 12, 14, 16 and 17.

Google Ads Data Processing Terms

Google and the counterparty agreeing to these terms (“Customer”) have entered into an agreement for the provision of the Processor Services (as amended from time to time, the “Agreement”).

These Google Ads Data Processing Terms (including the appendices, “Data Processing Terms”) are entered into by Google and Customer and supplement the Agreement. These Data Processing Terms will be effective, and replace any previously applicable terms relating to their subject matter (including any data processing amendment or data processing addendum relating to the Processor Services), from the Terms Effective Date.

If you are accepting these Data Processing Terms on behalf of Customer, you warrant that: (a) you have full legal authority to bind Customer to these Data Processing Terms; (b) you have read and understand these Data Processing Terms; and (c) you agree, on behalf of Customer, to these Data Processing Terms. If you do not have the legal authority to bind Customer, please do not accept these Data Processing Terms.

1. Introduction

These Data Processing Terms reflect the parties' agreement on the terms governing the processing and security of Customer Personal Data in connection with the Data Protection Legislation.

2. Definitions and Interpretation

2.1 In these Data Processing Terms:

"Additional Product" means a product, service or application provided by Google or a third party that: (a) is not part of the Processor Services; and (b) is accessible for use within the user interface of the Processor Services or is otherwise integrated with the Processor Services.

"Additional Terms for Non-European Data Protection Legislation" means the additional terms referred to in Appendix 3, which reflect the parties' agreement on the terms governing the processing of certain data in connection with certain Non-European Data Protection Legislation.

“Affiliate" means an entity that directly or indirectly controls, is controlled by, or is under common control with, a party.

"Customer Personal Data" means personal data that is processed by Google on behalf of Customer in Google's provision of the Processor Services.

"Data Incident" means a breach of Google's security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Customer Personal Data on systems managed by or otherwise controlled by Google. “Data Incidents” will not include unsuccessful attempts or activities that do not compromise the security of Customer Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems.

"Data Subject Tool" means a tool (if any) made available by a Google Entity to data subjects that enables Google to respond directly and in a standardised manner to certain requests from data subjects in relation to Customer Personal Data (for example, online advertising settings or an opt-out browser plugin).

"EEA" means the European Economic Area.

"EU GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

"European Data Protection Legislation" means, as applicable: (a) the GDPR; and/or (b) the Federal Data Protection Act of 19 June 1992 (Switzerland).

"European or National Laws" means, as applicable: (a) EU or EU Member State law (if the EU GDPR applies to the processing of Customer Personal Data); and/or (b) the law of the UK or a part of the UK (if the UK GDPR applies to the processing of Customer Personal Data).

"GDPR" means, as applicable: (a) the EU GDPR; and/or (b) the UK GDPR.

"Google" means the Google Entity that is party to the Agreement.

"Google Affiliate Subprocessors" has the meaning given in Section 11.1 (Consent to Subprocessor Engagement).

"Google Entity" means Google LLC (formerly known as Google Inc.), Google Ireland Limited or any other Affiliate of Google LLC.

"ISO 27001 Certification" means ISO/IEC 27001:2013 certification or a comparable certification for the Processor Services.

"Model Contract Clauses" means the terms at privacy.google.com/businesses/processorterms/mccs, which are standard data protection clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection, as described in Article 46 of the EU GDPR.

"Non-European Data Protection Legislation" means data protection or privacy laws in force outside the EEA, Switzerland and the UK.

"Notification Email Address" means the email address (if any) designated by Customer, via the user interface of the Processor Services or such other means provided by Google, to receive certain notifications from Google relating to these Data Processing Terms.

"Processor Services" means the applicable services listed at privacy.google.com/businesses/adsservices.

"Security Documentation" means the certificate issued for the ISO 27001 Certification and any other security certifications or documentation that Google may make available in respect of the Processor Services.

"Security Measures" has the meaning given in Section 7.1.1 (Google's Security Measures).

"Subprocessors" means third parties authorised under these Data Processing Terms to have logical access to and process Customer Personal Data in order to provide parts of the Processor Services and any related technical support.

"Supervisory Authority" means, as applicable: (a) a “supervisory authority” as defined in the EU GDPR; and/or (b) the “Commissioner” as defined in the UK GDPR.

"Term" means the period from the Terms Effective Date until the end of Google's provision of the Processor Services under the Agreement.

"Terms Effective Date" means, as applicable:

(a) 25 May 2018, if Customer clicked to accept or the parties otherwise agreed to these Data Processing Terms before or on such date; or

(b) the date on which Customer clicked to accept or the parties otherwise agreed to these Data Processing Terms, if such date is after 25 May 2018.

"Third Party Subprocessors" has the meaning given in Section 11.1 (Consent to Subprocessor Engagement).

"UK GDPR" means the EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018, if in force.

2.2 The terms "controller", "data subject", "personal data", "processing" and "processor" as used in these Data Processing Terms have the meanings given in the GDPR, and the terms “data importer” and “data exporter” have the meanings given in the Model Contract Clauses.

2.3 The words "include" and "including" mean "including but not limited to". Any examples in these Data Processing Terms are illustrative and not the sole examples of a particular concept.

2.4 Any reference to a legal framework, statute or other legislative enactment is a reference to it as amended or re-enacted from time to time.

2.5 If these Data Processing Terms are translated into any other language, and there is a discrepancy between the English text and the translated text, the English text will govern.

3. Duration of these Data Processing Terms

These Data Processing Terms will take effect on the Terms Effective Date and, notwithstanding expiry of the Term, remain in effect until, and automatically expire upon, deletion of all Customer Personal Data by Google as described in these Data Processing Terms.

4. Application of these Data Processing Terms

4.1 Application of European Data Protection Legislation. Sections 5 (Processing of Data) to 12 (Contacting Google; Processing Records) (inclusive) will only apply to the extent that the European Data Protection Legislation applies to the processing of Customer Personal Data, including if:

(a) the processing is in the context of the activities of an establishment of Customer in the EEA or the UK; and/or

(b) Customer Personal Data is personal data relating to data subjects who are in the EEA or the UK and the processing relates to the offering to them of goods or services or the monitoring of their behaviour in the EEA or the UK.

4.2 Application to Processor Services. These Data Processing Terms will only apply to the Processor Services for which the parties agreed to these Data Processing Terms (for example: (a) the Processor Services for which Customer clicked to accept these Data Processing Terms; or (b) if the Agreement incorporates these Data Processing Terms by reference, the Processor Services that are the subject of the Agreement).

4.3 Incorporation of Additional Terms for Non-European Data Protection Legislation. The Additional Terms for Non-European Data Protection Legislation supplement these Data Processing Terms.

5. Processing of Data

5.1 Roles and Regulatory Compliance; Authorisation.

5.1.1 Processor and Controller Responsibilities. The parties acknowledge and agree that:

(a) Appendix 1 describes the subject matter and details of the processing of Customer Personal Data;

(b) Google is a processor of Customer Personal Data under the European Data Protection Legislation;

(c) Customer is a controller or processor, as applicable, of Customer Personal Data under the European Data Protection Legislation; and

(d) each party will comply with the obligations applicable to it under the European Data Protection Legislation with respect to the processing of Customer Personal Data.

5.1.2 Authorisation by Third Party Controller. If Customer is a processor, Customer warrants to Google that Customer's instructions and actions with respect to Customer Personal Data, including its appointment of Google as another processor, have been authorised by the relevant controller.

5.2 Customer's Instructions. By entering into these Data Processing Terms, Customer instructs Google to process Customer Personal Data only in accordance with applicable law: (a) to provide the Processor Services and any related technical support; (b) as further specified via Customer's use of the Processor Services (including in the settings and other functionality of the Processor Services) and any related technical support; (c) as documented in the form of the Agreement, including these Data Processing Terms; and (d) as further documented in any other written instructions given by Customer and acknowledged by Google as constituting instructions for purposes of these Data Processing Terms.

5.3 Google's Compliance with Instructions. Google will comply with the instructions described in Section 5.2 (Customer's Instructions) (including with regard to data transfers) unless European or National Laws to which Google is subject require other processing of Customer Personal Data by Google, in which case Google will inform Customer (unless any such law prohibits Google from doing so on important grounds of public interest).

5.4 Additional Products. If Customer uses any Additional Product, the Processor Services may allow that Additional Product to access Customer Personal Data as required for the interoperation of the Additional Product with the Processor Services. For clarity, these Data Processing Terms do not apply to the processing of personal data in connection with the provision of any Additional Product used by Customer, including personal data transmitted to or from that Additional Product.

6. Data Deletion

6.1 Deletion During Term.

6.1.1 Processor Services With Deletion Functionality. During the Term, if:

(a) the functionality of the Processor Services includes the option for Customer to delete Customer Personal Data;

(b) Customer uses the Processor Services to delete certain Customer Personal Data; and

then Google will delete such Customer Personal Data from its systems as soon as reasonably practicable and within a maximum period of 180 days, unless European or National Laws require storage.

6.1.2 Processor Services Without Deletion Functionality. During the Term, if the functionality of the Processor Services does not include the option for Customer to delete Customer Personal Data, then Google will comply with:

(a) aany reasonable request from Customer to facilitate such deletion, insofar as this is possible taking into account the nature and functionality of the Processor Services and unless European or National Laws require storage; and

(b) the data retention practices described at policies.google.com/technologies/ads.

Google may charge a fee (based on Google's reasonable costs) for any data deletion under Section 6.1.2(a). Google will provide Customer with further details of any applicable fee, and the basis of its calculation, in advance of any such data deletion.

6.2 Deletion on Term Expiry. On expiry of the Term, Customer instructs Google to delete all Customer Personal Data (including existing copies) from Google's systems in accordance with applicable law. Google will comply with this instruction as soon as reasonably practicable and within a maximum period of 180 days, unless European or National Laws require storage.

7. Data Security

7.1 Google's Security Measures and Assistance.

7.1.1 Google's Security Measures. Google will implement and maintain technical and organisational measures to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access as described in Appendix 2 (the “Security Measures”). As described in Appendix 2, the Security Measures include measures: (a) to encrypt personal data; (b) to help ensure the ongoing confidentiality, integrity, availability and resilience of Google's systems and services; (c) to help restore timely access to personal data following an incident; and (d) for regular testing of effectiveness. Google may update or modify the Security Measures from time to time, provided that such updates and modifications do not result in the degradation of the overall security of the Processor Services.

7.1.2 Security Compliance by Google Staff. Google will take appropriate steps to ensure compliance with the Security Measures by its employees, contractors and Subprocessors to the extent applicable to their scope of performance, including ensuring that all persons authorised to process Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

7.1.3 Google's Security Assistance. Customer agrees that Google will (taking into account the nature of the processing of Customer Personal Data and the information available to Google) assist Customer in ensuring compliance with any obligations of Customer in respect of security of personal data and personal data breaches, including (if applicable) Customer's obligations pursuant to Articles 32 to 34 (inclusive) of the GDPR, by:

(a) implementing and maintaining the Security Measures in accordance with Section 7.1.1 (Google's Security Measures);

(b) complying with the terms of Section 7.2 (Data Incidents); and

(c) providing Customer with the Security Documentation in accordance with Section 7.5.1 (Reviews of Security Documentation) and the information contained in these Data Processing Terms.

7.2 Data Incidents.

7.2.1 Incident Notification. If Google becomes aware of a Data Incident, Google will: (a) notify Customer of the Data Incident promptly and without undue delay; and (b) promptly take reasonable steps to minimise harm and secure Customer Personal Data.

7.2.2 Details of Data Incident. Notifications made under Section 7.2.1 (Incident Notification) will describe, to the extent possible, details of the Data Incident, including steps taken to mitigate the potential risks and steps Google recommends Customer take to address the Data Incident.

7.2.3 Delivery of Notification. Google will deliver its notification of any Data Incident to the Notification Email Address or, at Google's discretion (including if Customer has not provided a Notification Email Address), by other direct communication (for example, by phone call or an in-person meeting). Customer is solely responsible for providing the Notification Email Address and ensuring that the Notification Email Address is current and valid.

7.2.4 Third Party Notifications. Customer is solely responsible for complying with incident notification laws applicable to Customer and fulfilling any third party notification obligations related to any Data Incident.

7.3 Customer's Security Responsibilities and Assessment.

7.3.1 Customer's Security Responsibilities. Customer agrees that, without prejudice to Google's obligations under Sections 7.1 (Google's Security Measures and Assistance) and 7.2 (Data Incidents):

(a) Customer is responsible for its use of the Processor Services, including:

(i) making appropriate use of the Processor Services to ensure a level of security appropriate to the risk in respect of Customer Personal Data; and

(ii) securing the account authentication credentials, systems and devices Customer uses to access the Processor Services; and

(b) Google has no obligation to protect Customer Personal Data that Customer elects to store or transfer outside of Google's and its Subprocessors' systems.

7.3.2 Customer's Security Assessment. Customer acknowledges and agrees that (taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Customer Personal Data as well as the risks to individuals) the Security Measures implemented and maintained by Google as set out in Section 7.1.1 (Google's Security Measures) provide a level of security appropriate to the risk in respect of Customer Personal Data.

7.4 Security Certification. To evaluate and help ensure the continued effectiveness of the Security Measures, Google will maintain the ISO 27001 Certification.

7.5 Reviews and Audits of Compliance.

7.5.1 Reviews of Security Documentation. To demonstrate compliance by Google with its obligations under these Data Processing Terms, Google will make the Security Documentation available for review by Customer.

7.5.2 Customer's Audit Rights.

(a) Google will allow Customer or a third party auditor appointed by Customer to conduct audits (including inspections) to verify Google's compliance with its obligations under these Data Processing Terms in accordance with Section 7.5.3 (Additional Business Terms for Audits). Google will contribute to such audits as described in Section 7.4 (Security Certification) and this Section 7.5 (Reviews and Audits of Compliance).

(b) If the Model Contract Clauses apply under Section 10.2 (Transfers of Data), Google will allow Customer or a third-party auditor appointed by Customer to conduct audits as described in the Model Contract Clauses in accordance with section 7.5.3 (Additional Business Terms for Audits).

(c) Customer may also conduct an audit to verify Google's compliance with its obligations under these Data Processing Terms by reviewing the certificate issued for the ISO 27001 Certification (which reflects the outcome of an audit conducted by a third party auditor).

7.5.3 Additional Business Terms for Audits.

(a) Customer will send any request for an audit under Section 7.5.2(a) or 7.5.2(b) to Google as described in Section 12.1 (Contacting Google).

(b) Following receipt by Google of a request under Section 7.5.3(a), Google and Customer will discuss and agree in advance on the reasonable start date, scope and duration of, and security and confidentiality controls applicable to, any audit under Section 7.5.2(a) or 7.5.2(b).

(c) Google may charge a fee (based on Google's reasonable costs) for any audit under Section 7.5.2(a) or 7.5.2(b). Google will provide Customer with further details of any applicable fee, and the basis of its calculation, in advance of any such audit. Customer will be responsible for any fees charged by any third party auditor appointed by Customer to execute any such audit.

(d) Google may object to any third party auditor appointed by Customer to conduct any audit under Section 7.5.2(a) or 7.5.2(b) if the auditor is, in Google's reasonable opinion, not suitably qualified or independent, a competitor of Google or otherwise manifestly unsuitable. Any such objection by Google will require Customer to appoint another auditor or conduct the audit itself.

(e) Nothing in these Data Processing Terms will require Google either to disclose to Customer or its third party auditor, or to allow Customer or its third party auditor to access:

(i) any data of any other customer of a Google Entity;

(ii) any Google Entity's internal accounting or financial information;

(iii) any trade secret of a Google Entity;

(iv) any information that, in Google's reasonable opinion, could: (A) compromise the security of any Google Entity's systems or premises; or (B) cause any Google Entity to breach its obligations under the European Data Protection Legislation or its security and/or privacy obligations to Customer or any third party; or

(v) any information that Customer or its third party auditor seeks to access for any reason other than the good faith fulfilment of Customer's obligations under the European Data Protection Legislation.

7.5.4 No Modification of Model Contract Clauses. If the Model Contract Clauses apply under Section 10.2 (Transfers of Data), nothing in this Section 7.5 (Reviews and Audits of Compliance) varies or modifies any rights or obligations of Customer or Google LLC under the Model Contract Clauses.

8. Impact Assessments and Consultations

Customer agrees that Google will (taking into account the nature of the processing and the information available to Google) assist Customer in ensuring compliance with any obligations of Customer in respect of data protection impact assessments and prior consultation, including (if applicable) Customer's obligations pursuant to Articles 35 and 36 of the GDPR, by:

(a) providing the Security Documentation in accordance with Section 7.5.1 (Reviews of Security Documentation);

(b) providing the information contained in these Data Processing Terms; and

(c) providing or otherwise making available, in accordance with Google's standard practices, other materials concerning the nature of the Processor Services and the processing of Customer Personal Data (for example, help centre materials).

9. Data Subject Rights

9.1 Responses to Data Subject Requests. If Google receives a request from a data subject in relation to Customer Personal Data, Google will:

(a) if the request is made via a Data Subject Tool, respond directly to the data subject's request in accordance with the standard functionality of that Data Subject Tool; or

(b) if the request is not made via a Data Subject Tool, advise the data subject to submit his/her request to Customer, and Customer will be responsible for responding to such request.

9.2 Google's Data Subject Request Assistance. Customer agrees that Google will (taking into account the nature of the processing of Customer Personal Data and, if applicable, Article 11 of the GDPR) assist Customer in fulfilling any obligation of Customer to respond to requests by data subjects, including (if applicable) Customer's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR, by:

(a) providing the functionality of the Processor Services;

(b) complying with the commitments set out in Section 9.1 (Responses to Data Subject Requests); and

10. Data Transfers

10.1 Data Storage and Processing Facilities. Customer agrees that Google may, subject to Section 10.2 (Transfers of Data), store and process Customer Personal Data in any country in which Google or any of its Subprocessors maintains facilities.

10.2 Transfers of Data Out of the EEA and Switzerland. If the storage and/or processing of Customer Personal Data. involves transfers of Customer Personal Data from the EEA, Switzerland or the UK to any third country that is not subject to an adequacy decision under the European Data Protection Legislation:

(a) Customer (as data exporter) will be deemed to have entered into the Model Contract Clauses with Google LLC (as data importer);

(b) the transfers will be subject to the Model Contract Clauses; and

(c) Google will ensure that Google LLC complies with its obligations under such Model Contract Clauses in respect of such transfers.

10.3 Data Centre Information. Information about the locations of Google data centres is available at www.google.com/about/datacenters/locations/.

11. Subprocessors

11.1 Consent to Subprocessor Engagement. Customer specifically authorises the engagement of Google's Affiliates as Subprocessors ("Google Affiliate Subprocessors"). In addition, Customer generally authorises the engagement of any other third parties as Subprocessors ("Third Party Subprocessors"). If the Model Contract Clauses apply under Section 10.2 (Transfers of Data), the above authorisations constitute Customer's prior written consent to the subcontracting by Google LLC of the processing of Customer Personal Data.

11.2 Information about Subprocessors. Information about Subprocessors is available at privacy.google.com/businesses/subprocessors.

11.3 Requirements for Subprocessor Engagement. When engaging any Subprocessor, Google will:

(a) ensure via a written contract that:

(i) the Subprocessor only accesses and uses Customer Personal Data to the extent required to perform the obligations subcontracted to it, and does so in accordance with the Agreement (including these Data Processing Terms) and, if applicable under Section 10.2 (Transfers of Data), the Model Contract Clauses; and

(ii) if the GDPR applies to the processing of Customer Personal Data, the data protection obligations set out in Article 28(3) of the GDPR are imposed on the Subprocessor; and

(b) remain fully liable for all obligations subcontracted to, and all acts and omissions of, the Subprocessor.

11.4 Opportunity to Object to Subprocessor Changes.

(a) When any new Third Party Subprocessor is engaged during the Term, Google will, at least 30 days before the new Third Party Subprocessor processes any Customer Personal Data, inform Customer of the engagement (including the name and location of the relevant subprocessor and the activities it will perform) by sending an email to the Notification Email Address.

(b) Customer may object to any new Third Party Subprocessor by terminating the Agreement immediately upon written notice to Google, on condition that Customer provides such notice within 90 days of being informed of the engagement of the new Third Party Subprocessor as described in Section 11.4(a). This termination right is Customer's sole and exclusive remedy if Customer objects to any new Third Party Subprocessor.

12. Contacting Google; Processing Records

12.1 Contacting Google. Customer may contact Google in relation to the exercise of its rights under these Data Processing Terms via the methods described at privacy.google.com/businesses/processorsupport or via such other means as may be provided by Google from time to time.

12.2 Google's Processing Records. Customer acknowledges that Google is required under the GDPR to: (a) collect and maintain records of certain information, including the name and contact details of each processor and/or controller on behalf of which Google is acting and (if applicable) of such processor's or controller's local representative and data protection officer; and (b) make such information available to any Supervisory Authority. Accordingly, Customer will, where requested and as applicable to Customer, provide such information to Google via the user interface of the Processor Services or via such other means as may be provided by Google, and will use such user interface or other means to ensure that all information provided is kept accurate and up-to-date.

13. Liability

13.1 If the Agreement is governed by the laws of:

(a) a state of the United States of America, then, notwithstanding anything else in the Agreement, the total liability of either party towards the other party under or in connection with these Data Processing Terms will be limited to the maximum monetary or payment-based amount at which that party's liability is capped under the Agreement (for clarity, any exclusion of indemnification claims from the Agreement's limitation of liability will not apply to indemnification claims under the Agreement relating to the European Data Protection Legislation or the Non-European Data Protection Legislation); or

(b) a jurisdiction that is not a state of the United States of America, then the liability of the parties under or in connection with these Data Processing Terms will be subject to the exclusions and limitations of liability in the Agreement.

13.2 Liability if the Model Contract Clauses Apply. If the Model Contract Clauses apply under Section 10.2 (Transfers of Data), the total combined liability of:

(a) Google LLC and Google towards Customer; and

(b) Customer towards Google LLC and Google,

under or in connection with the Agreement and the Model Contract Clauses combined will be subject to Section 13.1 (Liability Cap).

14. Third-Party Beneficiary

Where Google LLC is not a party to the Agreement and the Model Contract Clauses apply under Section 10.2 (Transfers of Data), Google LLC will be a third-party beneficiary of Sections 6.2 (Deletion on Term Expiry), 7.5 (Reviews and Audits of Compliance), 9.1 (Responses to Data Subject Requests), 10.2 (Transfers of Data), 11.1 (Consent to Subprocessor Engagement), and 13.2 (Liability if the Model Contract Clauses Apply). To the extent this Section 14 (Third-Party Beneficiary) conflicts or is inconsistent with any other clause in the Agreement, this Section 14 (Third-Party Beneficiary) will apply.

15. Effect of these Data Processing Terms

If there is any conflict or inconsistency between the Model Contract Clauses, the Additional Terms for Non-European Data Protection Legislation, and the remainder of these Data Processing Terms and/or the remainder of the Agreement, then the following order of precedence will apply:

(a) the Model Contract Clauses;

(b) the Additional Terms for Non-European Data Protection Legislation;

(d) the remainder of the Agreement.

Subject to the amendments in these Data Processing Terms, the Agreement remains in full force and effect.

16. Changes to these Data Processing Terms

16.1 Changes to URLs. From time to time, Google may change any URL referenced in these Data Processing Terms and the content at any such URL, except that:

(a) Google may only change the Model Contract Clauses in accordance with Sections 16.2(b) - 16.2(d) (Changes to Data Processing Terms) or to incorporate any new version of the Model Contract Clauses that may be adopted under the European Data Protection Legislation, in each case in a manner that does not affect the validity of the Model Contract Clauses under the European Data Protection Legislation; and

(b) Google may only change the list of potential Processor Services at privacy.google.com/businesses/adsservices: (i) to reflect a change to the name of a service; (ii) to add a new service; or (iii) to remove a service where either: (x) all contracts for the provision of that service are terminated; or (y) Google has Customer's consent.

16.2 Changes to Data Processing Terms. Google may change these Data Processing Terms if the change:

(a) is expressly permitted by these Data Processing Terms, including as described in Section 16.1 (Changes to URLs);

(b) reflects a change in the name or form of a legal entity;

(c) is required to comply with applicable law, applicable regulation, a court order or guidance issued by a governmental regulator or agency; or

(d) does not: (i) result in a degradation of the overall security of the Processor Services; (ii) expand the scope of, or remove any restrictions on, (x) in the case of the Additional Terms for Non-European Data Protection Legislation, Google's rights to use or otherwise process the data in scope of the Additional Terms for Non-European Data Protection Legislation or (y) in the case of the remainder of these Data Processing Terms, Google's processing of Customer Personal Data, as described in Section 5.3 (Google's Compliance with Instructions); and (iii) otherwise have a material adverse impact on Customer's rights under these Data Processing Terms, as reasonably determined by Google.

16.3 Notification of Changes. If Google intends to change these Data Processing Terms under Section 16.2(c) or (d), Google will inform Customer at least 30 days (or such shorter period as may be required to comply with applicable law, applicable regulation, a court order or guidance issued by a governmental regulator or agency) before the change will take effect by either: (a) sending an email to the Notification Email Address; or (b) alerting Customer via the user interface for the Processor Services. If Customer objects to any such change, Customer may terminate the Agreement by giving written notice to Google within 90 days of being informed by Google of the change.

Appendix 1: Subject Matter and Details of the Data Processing

Subject Matter

Google's provision of the Processor Services and any related technical support to Customer.

Duration of the Processing

The Term plus the period from expiry of the Term until deletion of all Customer Personal Data by Google in accordance with these Data Processing Terms.

Nature and Purpose of the Processing

Google will process (including, as applicable to the Processor Services and the instructions described in Section 5.2 (Customer's Instructions), collecting, recording, organising, structuring, storing, altering, retrieving, using, disclosing, combining, erasing and destroying) Customer Personal Data for the purpose of providing the Processor Services and any related technical support to Customer in accordance with these Data Processing Terms.

Types of Personal Data

Customer Personal Data may include the types of personal data described at privacy.google.com/businesses/adsservices.

Categories of Data Subjects

Customer Personal Data will concern the following categories of data subjects:

• data subjects about whom Google collects personal data in its provision of the Processor Services; and/or
• data subjects about whom personal data is transferred to Google in connection with the Processor Services by, at the direction of, or on behalf of Customer.

Depending on the nature of the Processor Services, these data subjects may include individuals: (a) to whom online advertising has been, or will be, directed; (b) who have visited specific websites or applications in respect of which Google provides the Processor Services; and/or (c) who are customers or users of Customer's products or services.

Appendix 2: Security Measures

As from the Terms Effective Date, Google will implement and maintain the Security Measures set out in this Appendix 2. Google may update or modify such Security Measures from time to time, provided that such updates and modifications do not result in the degradation of the overall security of the Processor Services.

1. Data Centre & Network Security

(a) Data Centres.

Infrastructure. Google maintains geographically distributed data centres. Google stores all production data in physically secure data centres.

Redundancy. Infrastructure systems have been designed to eliminate single points of failure and minimise the impact of anticipated environmental risks. Dual circuits, switches, networks or other necessary devices help provide this redundancy. The Processor Services are designed to allow Google to perform certain types of preventative and corrective maintenance without interruption. All environmental equipment and facilities have documented preventative maintenance procedures that detail the process for and frequency of performance in accordance with the manufacturer's or internal specifications. Preventative and corrective maintenance of the data centre equipment is scheduled through a standard process according to documented procedures.

Power. The data centre electrical power systems are designed to be redundant and maintainable without impact to continuous operations, 24 hours a day, and 7 days a week. In most cases, a primary as well as an alternate power source, each with equal capacity, is provided for critical infrastructure components in the data centre. Backup power is provided by various mechanisms such as uninterruptible power supply (UPS) batteries, which supply consistently reliable power protection during utility brownouts, blackouts, over voltage, under voltage, and out-of-tolerance frequency conditions. If utility power is interrupted, backup power is designed to provide transitory power to the data centre, at full capacity, for up to 10 minutes until the diesel generator systems take over. The diesel generators are capable of automatically starting up within seconds to provide enough emergency electrical power to run the data centre at full capacity typically for a period of days.

Server Operating Systems. Google servers use hardened operating systems which are customised for the unique server needs of the business. Data is stored using proprietary algorithms to augment data security and redundancy. Google employs a code review process to increase the security of the code used to provide the Processor Services and enhance the security products in production environments.

(b) Networks & Transmission.

Data Transmission. Data centres are typically connected via high-speed private links to provide secure and fast data transfer between data centres. Further, Google encrypts data transmitted between data centres. This is designed to prevent data from being read, copied, altered or removed without authorisation during electronic transport. Google transfers data via Internet standard protocols.

Intrusion Detection. Intrusion detection is intended to provide insight into ongoing attack activities and provide adequate information to respond to incidents. Google's intrusion detection involves:

1. Tightly controlling the size and make-up of Google's attack surface through preventative measures;

2. Employing intelligent detection controls at data entry points; and

3. Employing technologies that automatically remedy certain dangerous situations.

Incident Response. Google monitors a variety of communication channels for security incidents, and Google's security personnel will react promptly to known incidents.

Encryption Technologies. Google makes HTTPS encryption (also referred to as TLS connection) available. Google servers support ephemeral elliptic curve Diffie Hellman cryptographic key exchange signed with RSA and ECDSA. These perfect forward secrecy (PFS) methods help protect traffic and minimise the impact of a compromised key, or a cryptographic breakthrough.

2. Access and Site Controls

(a) Site Controls.

On-site Data Centre Security Operation. Google's data centres maintain an on-site security operation responsible for all physical data centre security functions 24 hours a day, 7 days a week. The on-site security operations personnel monitor Closed Circuit TV ("CCTV") cameras and all alarm systems. On-site security operation personnel perform internal and external patrols of the data centre regularly.

Data Centre Access Procedures. Google maintains formal access procedures for allowing physical access to the data centres. The data centres are housed in facilities that require electronic card key access, with alarms that are linked to the on-site security operation. All entrants to the data centre are required to identify themselves as well as show proof of identity to on-site security operations. Only authorised employees, contractors and visitors are allowed entry to the data centres. Only authorised employees and contractors are permitted to request electronic card key access to these facilities. Data centre electronic card key access requests must be made in advance and in writing, and require the approval of authorised data centre personnel. All other entrants requiring temporary data centre access must: (i) obtain approval in advance from authorised data centre personnel for the specific data centre and internal areas they wish to visit; (ii) sign in at on-site security operations; and (iii) reference an approved data centre access record identifying the individual as approved.

On-site Data Centre Security Devices. Google's data centres employ an electronic card key and biometric access control system that is linked to a system alarm. The access control system monitors and records each individual's electronic card key and when they access perimeter doors, shipping and receiving, and other critical areas. Unauthorised activity and failed access attempts are logged by the access control system and investigated, as appropriate. Authorised access throughout the business operations and data centres is restricted based on zones and the individual's job responsibilities. The fire doors at the data centres are alarmed. CCTV cameras are in operation both inside and outside the data centres. The positioning of the cameras has been designed to cover strategic areas including, among others, the perimeter, doors to the data centre building, and shipping/receiving. On-site security operations personnel manage the CCTV monitoring, recording and control equipment. Secure cables throughout the data centres connect the CCTV equipment. Cameras record on-site via digital video recorders 24 hours a day, 7 days a week. The surveillance records are retained for at least 7 days based on activity.

(b) Access Control.

Access Control and Privilege Management. Customer's administrators and users must authenticate themselves via a central authentication system or via a single sign on system in order to use the Processor Services.

Internal Data Access Processes and Policies – Access Policy. Google's internal data access processes and policies are designed to prevent unauthorised persons and/or systems from gaining access to systems used to process personal data. Google aims to design its systems to: (i) only allow authorised persons to access data they are authorised to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without authorisation during processing, use and after recording. The systems are designed to detect any inappropriate access. Google employs a centralised access management system to control personnel access to production servers, and only provides access to a limited number of authorised personnel. LDAP, Kerberos and a proprietary system utilising digital certificates are designed to provide Google with secure and flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and configuration information. Google requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimise the potential for unauthorised account use. The granting or modification of access rights is based on: the authorised personnel's job responsibilities; job duty requirements necessary to perform authorised tasks; and a need to know basis. The granting or modification of access rights must also be in accordance with Google's internal data access policies and training. Approvals are managed by workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g. login to workstations), password policies that follow at least industry standard practices are implemented. These standards include restrictions on password reuse and sufficient password strength.

3. Data

(a) Data Storage, Isolation & Authentication.

Google stores data in a multi-tenant environment on Google-owned servers. Data, the Processor Services database and file system architecture are replicated between multiple geographically dispersed data centres. Google logically isolates each customer's data. A central authentication system is used across all Processor Services to increase uniform security of data.

(b) Decommissioned Disks and Disk Destruction Guidelines.

Certain disks containing data may experience performance issues, errors or hardware failure that lead them to be decommissioned ("Decommissioned Disk"). Every Decommissioned Disk is subject to a series of data destruction processes (the "Data Destruction Guidelines") before leaving Google's premises either for reuse or destruction. Decommissioned Disks are erased in a multi-step process and verified complete by at least two independent validators. The erase results are logged by the Decommissioned Disk's serial number for tracking. Finally, the erased Decommissioned Disk is released to inventory for reuse and redeployment. If, due to hardware failure, the Decommissioned Disk cannot be erased, it is securely stored until it can be destroyed. Each facility is audited regularly to monitor compliance with the Data Destruction Guidelines.

4. Personnel Security

Personnel are required to execute a confidentiality agreement and must acknowledge receipt of, and compliance with, Google’s confidentiality and privacy policies. Personnel are provided with security training. Personnel handling Customer Personal Data are required to complete additional requirements appropriate to their role. Google’s personnel will not process Customer Personal Data without authorisation.

5. Subprocessor Security

Before onboarding Subprocessors, Google conducts an audit of the security and privacy practices of Subprocessors to ensure Subprocessors provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide. Once Google has assessed the risks presented by the Subprocessor, the Subprocessor is required to enter into appropriate security, confidentiality and privacy contract terms, subject to the requirements set out in Section 11.3 (Requirements for Subprocessor Engagement).

Appendix 3: Additional Terms for Non-European Data Protection Legislation

The following Additional Terms for Non-European Data Protection Legislation supplement these Data Processing Terms:

• CCPA Service Provider Addendum at privacy.google.com/businesses/processorterms/ccpa (dated 1 January 2020)
• LGPD Processor Addendum at privacy.google.com/businesses/processorterms/lgpd/ (dated 16 August 2020)

Google Ads Data Processing Terms, Version 2.1

16 August 2020

GooglePlayService

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.

You may obtain a copy of the License at

www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

See the License for the specific language governing permissions and limitations under the License.

Apache License

Version 2.0, January 2004

www.apache.org/licenses/

TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION

1. Definitions.

"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.

"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.

"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.

"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.

"Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.

"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.

"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).

"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.

"Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."

"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.

2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.

3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.

4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:

a. You must give any other recipients of the Work or Derivative Works a copy of this License; and

b. You must cause any modified files to carry prominent notices stating that You changed the files; and

c. You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and

d. If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.

You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.

5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.

6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.

7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.

8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.

9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.

PlayServicesResolver

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.

You may obtain a copy of the License at

www.apache.org/licenses/LICENSE-2.0

See the License for the specific language governing permissions and limitations under the License.

UniAndroidPermission

The MIT License (MIT)

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

Prime31

PLEASE READ THIS DOCUMENT CAREFULLY BEFORE DOWNLOADING OR USING THIS LICENSED APPLICATION. THIS LICENSE PROVIDES IMPORTANT INFORMATION CONCERNING THE LICENSED APPLICATION AND PROVIDES YOU WITH A LICENSE TO USE THE LICENSED APPLICATION AND CONTAINS WARRANTY AND LIABILITY INFORMATION. BY USING THE LICENSED APPLICATION, YOU ARE ACCEPTING THE LICENSED APPLICATION "AS IS" AND AGREEING TO BE BOUND BY THE TERMS OF THIS LICENSE AGREEMENT. IF YOU DO NOT WISH TO BE SO BOUND, DO NOT DOWNLOAD OR USE THE LICENSED APPLICATION.

Scope of License. The Software available for license hereunder is plugins for game developers, that may include artwork and code, or a combination of the two, ("referred to herein as the Licensed Application"). The Licensed Application is available for you for use only under the terms of this License. You acknowledge that this License Application and End User License Agreement is concluded between You and prime31 only.

End User License Terms

Single Copy Media License

This media is copyrighted and protected by law and international treaty. You may download this media onto any computer that you own and operate for use in the creation of video game products. This is a license, not a transfer of title, and you may not create derivative works based on this media for retail sale or distribution by any means other than as provided by this agreement; transfer this media or the documentation in whole or in part to another person without prime31 permission; remove any copyright or other prime31 proprietary notices; transfer this media to another person. You agree to prevent any copying of this media that you download for your use from the prime31 web site.

Restrictions of this License

This product is intended to be used by ONE individual - the license owner. This license is non transferable without the permission of prime31. This license is valid for 2 years from the date of purchase after which use of the Licensed Application is prohibited.

Ownership

This media and all prime31 information on the prime31 web site is proprietary material of prime31 and except as provided for by this agreement, may not be copied, reproduced, published, uploaded, posted, transmitted, or distributed in any way, without prime31 prior written permission. Except as expressly provided here in, prime31 and its suppliers do not grant any express or implied right to you under any patents, copyrights, trademarks, or trade secret information of prime31 or its suppliers.

Support

prime31 may provide you with support services related to the Licensed Application. Any supplemental updates provided to you as part of the support service shall be considered part of the Licensed Application and subject to the terms and conditions of this EULA. The license owner will be entitled to maintenance upgrades and bug fixes at no additional cost for a period of at least twelve months from the date of purchase.

Termination of this License

prime31 may terminate this license at any time if you are in breach of the terms and conditions of use. Upon such termination you must immediately destroy all copies of this media and all of its accompanying documentation.

Disclaimer and Warranty

prime31 provides the products related to this agreement "AS IS" without warranty of any kind. prime31 makes no warranties either express or implied in conjunction with any content published at prime31. Should the media prove defective in any respect, the licensee not the licensor or its suppliers or resellers assumes the entire cost of any service and repair.

Use of Licensed Application

You may use the Licensed Application for the purposes of development of digital games. You shall not copy (except as expressly permitted by this License), decompile, reverse engineer, disassemble, include in other software, or translate the Licensed Application, or use the Licensed Application in any manner not authorized by this Agreement. You shall not modify, alter, change, or otherwise make any modification to the Licensed Application or create derivative works based upon the Licensed Application. You shall not rent, lease, resell, sublicense, assign, redistribute, export, or otherwise transfer the Licensed Application or this License. Any attempt to do so shall be void and of no effect. If You breach this restriction, You may be subject to prosecution and damages.

AppsFlyer

MASTER SERVICES AGREEMENT

Last updated November 5, 2023

THIS MASTER SERVICES AGREEMENT (“MSA”) TOGETHER WITH ANY ORDER FORMS, THE DPA AND ANY OTHER EXHIBITS, APPENDIXES, OR SCHEDULES ATTACHED THERETO OR WHICH REFERENCES THE MSA (COLLECTIVELY, THE “AGREEMENT”) SET FORTH THE TERMS UNDER WHICH CUSTOMER MAY ACCESS AND USE APPSFLYER’S SERVICES.

BY ACCEPTING THIS MSA OR AGREEMENT, EXECUTING ANY ORDER FORM REFERENCING THIS MSA OR AGREEMENT, OR BY USING THE SERVICES (INCLUDING UNDER A FREE TRIAL), CUSTOMER ACKNOWLEDGES THAT IT HAS READ AND AGREES TO BE BOUND BY THE TERMS AND CONDITIONS OF THE AGREEMENT AND THAT IT HAS THE FULL AUTHORITY TO ENTER INTO AND BIND THE CUSTOMER TO THE AGREEMENT. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT IS DOING SO ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, SUCH INDIVIDUAL REPRESENTS AND WARRANTS THAT THEY HAVE THE AUTHORITY TO BIND SUCH COMPANY OR ENTITY TO THIS AGREEMENT. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT DOES NOT HAVE SUCH AUTHORITY, OR DOES NOT AGREE WITH THIS AGREEMENT, SUCH INDIVIDUAL MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICES.

THIS MSA WAS LAST UPDATED ON NOVEMBER 5, 2023 AND IS EFFECTIVE BETWEEN APPSFLYER AND CUSTOMER AS OF THE DATE CUSTOMER ACCEPTS THE AGREEMENT AS AFOREMENTIONED (THE “EFFECTIVE DATE”).

1. Definitions

Capitalized terms not otherwise defined in the Agreement shall have the meaning specified in this Section 1.

a. “Account” shall mean Customer’s account with AppsFlyer that is opened to enable Customer to use the Services.

b. “Affiliate” shall mean any entity that, directly or indirectly, controls, is controlled by, or is under common control with a party to this Agreement, where control means the power to direct the affairs or management of such entity, whether through the ownership of at least 51% (fifty-one percent) of the voting securities, by contract, as trustee or executor.

c. “Aggregated and De-Identified Data” shall mean Customer Data that has been aggregated and de-identified so that the data cannot be identified with any individual and/or the Customer and cannot be reversed in such manner so as to enable such identification.

d. “Applications” shall mean Customer’s or its Affiliates’ (subject to Section 2(c)) or its Agency Client’s (subject to Section ‎2(f)) products, services, websites, advertisements, mobile applications and/or other technology for which the Developer Tools may be used and the Services may be provided.

e. “AppsFlyer” shall mean the AppsFlyer entity described in the “AppsFlyer Contracting Entity” section below.

f. “AppsFlyer Properties” shall mean the Services, the Developer Tools and all other technology utilized by AppsFlyer to provide the Services, including any and all patents, copyrights, trademarks, trade names, trade secrets and other intellectual property rights relating to, embodied by, or incorporated in any of the foregoing, and including any updates, upgrades, enhancements, modifications, improvements to, or derivatives of any of the foregoing, but excluding any Customer Properties therein.

g. "Children” shall mean individuals under such age as determined by any laws and/or regulations applicable to Customer.

h. “Confidential Information” shall mean any and all information disclosed by one party (the “Disclosing Party”) to the other party (the “Receiving Party”), including, but not limited to, technical information, non-technical information, product information, plans and pricing, financial information, marketing plans, business strategies, research and development, software and hardware, APIs, specifications, designs, source codes, object codes, records, methods, techniques, processes, legal documents, that: (a) has been marked “confidential” or with words of similar meaning, at the time of disclosure by such party; or (b) should reasonably be recognized as confidential information of the Disclosing Party due the nature of the information. AppsFlyer’s Confidential Information includes, without limitation, the pricing under this Agreement.

i. “Customer” shall mean: (i) the company or legal entity accepting this Agreement and/or executing an Order Form and in the event of an individual accepting this Agreement or executing an Order Form on behalf of a company or other legal entity, then such company or other legal entity; or (ii) in the event of an individual accepting this Agreement and/or executing an Order Form on his or her own behalf, then such individual.

j. “Customer Content” shall mean any Customer materials, images, texts, videos, music, logos, trademarks, active URLs, campaign and advertising creative, and/or other content uploaded, stored or provided by the Customer to the Service.

k. “Customer Data” shall mean End User Data, Customer Content and Campaign and Analytics Data (as defined in Section ‎10) but excludes Aggregated and De-identified Data.

l. "Customer Properties" shall mean collectively Customer’s Applications, Customer Data, and Reports, but excluding any AppsFlyer Properties therein.

m. “Developer Tools” shall mean any tags, SDKs, APIs, JavaScript, pixels, attribution or redirect links, cookies or other similar technologies used or made available by AppsFlyer to Customer to support the provision of Services by AppsFlyer.

n. “Documentation” shall mean implementation manuals and other policies and instructions relating to the use and operation of the Developer Tools and Services whether in printed form, electronic form, available online (including at: dev.appsflyer.com and support.appsflyer.com) or in any other format otherwise supplied by AppsFlyer.

o. “DPA” means AppsFlyer’s Data Processing Addendum available at www.appsflyer.com/legal/dpa/.

p. “End User(s)” shall mean any end users of the Applications or those who have interacted with the Applications.

q. “End User Data” shall mean data related to End Users: (i) collected by Customer through implementation and use of the Developer Tools, (ii) received by Customer from its Integrated Partners, and/or (iii) uploaded or stored by Customer to the Services.

r. “Feedback” shall mean any suggestions, enhancement request, recommendation, correction or other feedback provided by Customer to AppsFlyer relating to the Services or any part thereof.

s. “Integrated Partner(s)” shall mean certain third parties that Customer works with and selects to integrate with via the Services, such as advertising networks, publishers, and analytics providers.

t. "Order Form” shall mean any order form or similar document (e.g., statement of work, insertion order, purchase order etc.) that contains the terms of the Subscription Package, or any online order of Services, between AppsFlyer and Customer that was executed or approved (e.g. online submission) by Customer.

u. “Permitted End User Data” shall mean the End User Data that the Service is designed to process in order to perform the Services and which may include technical information about End User devices (e.g. type, model, OS, language), identifiers (e.g. advertising ID’s, device ID’s), network information (e.g. IP address), and engagement information (e.g. advertisements clicked and viewed, in app events and purchases), subject to Section 9(a) below, all as further described in Annex 1 of the DPA.

v. “Reports” shall mean any reports or output generated through the Services, whether manually or automatically, derived from Customer Data.

w. “Restricted Data” shall mean: (i) precise location data (e.g. addresses, precise GPS data); (ii) financial information (e.g. bank account numbers, credit/debit card information ); (iii) any health or medical information; (iv) government IDs (e.g. driver’s license, passport, national ID, social security, TIN or EIN numbers); (v) any special or sensitive categories of data as defined under applicable law (e.g. biometric or genetic data, information about ones religious beliefs, race, sex life or orientation); or (vi) any information other than Permitted End User Data that can directly identify an individual.

x. “Services” shall mean the products and services made available by AppsFlyer that are ordered by Customer under an Order Form or online via AppsFlyer’s website, including if provided to Customer free of charge (as applicable) or under a free trial.

y. “Service User” shall mean such individuals who are authorized by Customer to use the Services and to whom Customer (or AppsFlyer at Customer’s request) has supplied user credentials, including employees, contractors or other authorized agents of Customer.

z. “Subscription Package” shall mean the package of specific Services to which Customer has subscribed and their corresponding fees, features, and usage and quantity limits all as further described in an Order Form.

aa. “Subscription Package Term” shall mean the period of time for which Customer has purchased the Subscription Package pursuant to an Order Form.

ab. “Third Party Content” shall mean any content, materials or images provided by a third party that is contained in the Service.

ac. “Third Party Sites” shall mean third party websites, advertisements and/or any third party services.

2. Account and Access to Services.

a. Order Form. Subject to the terms and conditions hereof, AppsFlyer will make the Services available to Customer pursuant to the terms of the Agreement and in accordance with the Subscription Package and the Documentation.

b. Account and Service Users. In order to access and use the Services, Customer will be required to set up an Account. Customer must ensure that all Account registration information (e.g. company name, address, contact details, billing details) is accurate and up to date. Customer shall promptly update and/or notify AppsFlyer if there is any change in its registration and/or billing information. Customer may set up Service Users under its Account, provided that the number of Service Users that Customer may set up shall be limited to such number provided in the Subscription Package. Service User credentials cannot be shared by more than 1 (one) person but may be re-assigned to new Service Users. Customer and Service Users will be required to choose appropriate log-in credentials and passwords in order to secure the Account. Customer and Services Users shall take appropriate measures to protect the Account access credentials. Customer shall promptly notify AppsFlyer if Customer becomes aware of any security breach of the Account or the compromise of any Account access credentials. Customer shall be responsible for managing its Service Users, including removing and/or updating Service User contact information and credentials. Customer shall be responsible and liable for ensuring its Service Users’ compliance with the terms and conditions of this Agreement.

c. Affiliates. A Customer Affiliate shall have the right to order Services under this Agreement covering its own Applications by executing a separate Order Form. In such case, the Affiliate executing such Order Form shall be deemed the Customer pursuant to this Agreement and shall be solely responsible and liable for its actions and/or omissions under this Agreement. Customer may not utilize its Subscription Package and use the Services for the benefit of any Customer Affiliate Applications, unless expressly stated otherwise in an Order Form or expressly approved in writing by AppsFlyer.

d. Applications. Customer may use the Services only in connection with its own Applications, up to such Application limits provided under the Subscription Package. If Customer is authorized to manage or otherwise operate third party Applications, then the terms of Section 2(f) below (Agencies) shall apply. If during the Subscription Package Term, Customer acquires new Applications from a third party or Affiliate (that were not under Customer’s ownership or management as of the Effective Date) and wishes to use the Services with respect to such new Applications under its existing Subscription Package, Customer shall be required to notify AppsFlyer and obtain AppsFlyer’s prior written approval. AppsFlyer may subject the inclusion of such newly acquired Applications under its existing Subscription Package to additional fees.

e. Fair Usage Policy. Use of and consumption of any feature or functionality of the Service that is provided on an ‘Unlimited’, ‘free’ or similar basis, is subject to fair and reasonable use. If AppsFlyer reasonably determines that Customer has made unfair or unreasonable use of the Services or has otherwise used the Service in a manner that creates an excess burden on the Services, AppsFlyer shall have the right to: (i) limit, restrict or suspend access or use of such Service upon providing prior notice to Customer until such time that Customer agrees to correct its usage or upgrade its Subscription Package; and/or (ii) apply any charges for excess use in accordance with the terms specified in the Order Form, if applicable.

f. Agencies. If Customer is an agency or is otherwise managing third party Applications or providing services for the benefit of a third party (“Agency Client”), Customer shall be required to notify AppsFlyer prior to execution of an Order Form to ensure an appropriate Subscription Package and Account are created. Customers acting in such agency capacity represent and warrant that Customer is authorized to: (i) act on behalf of the Agency Client; (ii) use the Services with respect to the Agency Client Applications; and (iii) collect and view data (including End User Data) belonging to the Agency Client in connection with Customer’s use of the Services. Customer shall ensure that each Agency Client agrees to comply with the terms of this Agreement, provided however, that as between AppsFlyer and Customer, Customer shall remain liable for any acts, omissions, or breaches of this Agreement by such Agency Client. AppsFlyer reserves the right to refuse to provide the Services to, or on behalf of, any Agency Client for any reason in its sole discretion. AppsFlyer shall notify Customer of any such objection. Customer shall indemnify, defend and hold harmless AppsFlyer from and against any claims or actions by an Agency Client.

3. SLA and Support.

AppsFlyer shall use commercially reasonable efforts to make the Services available 24 hours a day, 7 days a week, except for downtime resulting from scheduled maintenance and events beyond AppsFlyer’s reasonable control, such as any downtime: (a) caused by outages to any public or third party Internet backbones, networks or servers; (b) caused by any failures of Customer’s Application, equipment, systems or local access services; or (c) strikes, riots, insurrection, fires, floods, explosions, war, governmental action, labor conditions, earthquakes or natural disasters or other acts of God. AppsFlyer shall provide its standard support for the Services (except where any upgraded support is provided under a Subscription Package, as specified in an Order Form).

4. Access and Restrictions.

a. Access Rights. Subject to the terms of this Agreement, AppsFlyer grants Customer (and any applicable Affiliates subject to Section ‎2(c) above) a worldwide, limited, non-exclusive, non-transferable (except as permitted under the Agreement) right, for the duration of the Subscription Package Term, to: (i) access and use the Services through the interface made available by AppsFlyer; and (ii) use the Developer Tools, in each case, in accordance with the Documentation and solely for Customer’s internal business needs.

b. Restrictions. Customer represents and warrants that it shall not, and shall not permit any third party to: (a) except to the extent permitted by applicable law, disassemble, reverse engineer, decompile the Developer Tools or Services or attempt to find the underlying code of the Services or any part thereof; (b) copy, modify, adapt, translate or otherwise create derivative works of the Developer Tools or Services or any part thereof; (c) rent, lease, sell, resell, time-share, license, sublicense, assign, or otherwise transfer rights in the Developer Tools or Services to any third party; (d) remove any proprietary notices or bypass any security measure of AppsFlyer with respect to the Developer Tools or Services; (e) send, upload, transmit, or store any infringing, fraudulent, threatening, libelous, defamatory, or otherwise unlawful or tortuous material or Customer Content, including material or Customer Content that violates third party rights or otherwise use the Services or any Developer Tools to link to or redirect to any such materials or Customer Content; (f) send material or Customer Content containing software viruses, worms, trojan horses, or other harmful or malicious computer code, files, scripts, agents, or programs; (g) attempt to gain unauthorized access to the Service or its related systems or networks; (h) distribute or use the Developer Tools or Services or any part thereof in any manner not authorized under this Agreement or the Documentation or that violates any applicable laws; or (i) use or access the Services or any Developer Tools to build any competitive product, to evaluate the Services or Developer Tools for any competitive or benchmarking purposes, or to copy any ideas, features, functions or content (including images) of the Services or Developer Tools.

5. Free Subscription Package and Account.

AppsFlyer may offer, from time to time, a free Subscription Package. Any use of AppsFlyer’s Services under a free Subscription Package and Account is subject to, and governed by, the terms of this Agreement and the following terms and conditions. Such free Subscription Package may not provide the full functionality of the Services as made available with the various paid Subscription Packages. Customer acknowledges and agrees that AppsFlyer shall have the full right and authority to cease providing the free Subscription Package and Account to Customer, at any time, and for any and no reason whatsoever, and to make any modifications to, or remove, any features and functionalities of the Service, including, without limitation, limiting the amount of usage or other parameters available to Customer during any given period and/or ceasing to provide certain reports or any other functionality or features available through the Service, with or without notice. AppsFlyer shall not be responsible, or liable to Customer or any third party, for any loss of data, including any Reports, analysis or Customer Data resulting from such cessation or modification of the free Subscription Package and Account. Customer is strictly prohibited from using more than 1 (one) free Account. Furthermore, any technical support or account management shall be provided (if at all) at AppsFlyer’s sole discretion. Without derogating from AppsFlyer’s termination rights pursuant to this Agreement, it is hereby clarified that if Customer has registered for a free Subscription Package and has not accessed the Services or performed any activity within the Services for a period of 60 (sixty) days, AppsFlyer may terminate Customer’s subscription, cease data collection and/or permanently remove its Account including, any Customer Data or other data associated with its Account with or without any prior notice to Customer and without any liability to AppsFlyer.

6. Beta Services.

From time to time, AppsFlyer may make certain services or functionalities available to Customer to try at its option, at no additional charge, prior to their official release and that are designated as alpha, beta, pilot, limited release, developer preview, non-production, evaluation, or similar pre-release designation (“Beta Services”). Customer may elect to try such Beta Services in its sole discretion. Beta Services may be subject to additional terms and conditions, which AppsFlyer will provide to Customer prior to its use of the Beta Services. Without limiting the generality of the foregoing, AppsFlyer: (a) makes no representations or warranties that the Beta Services will function as intended, or at all, or will be fit for Customer’s intended use; (b) may discontinue the Beta Services at any time in its sole discretion or not release updates to, or a final version of, a Beta Service; (c) will have no liability for any damages arising out of, or in connection with, Customer’s use of a Beta Service.

7. Third Party Websites and Content.

The Services may link or direct to Third Party Sites or contain Third Party Content. Customer hereby acknowledges and agrees that AppsFlyer has no control over such Third Party Sites and Third Party Content and that AppsFlyer is not responsible for the availability, accuracy, and/or correctness of Third Party Sites or Third Party Content, and does not endorse and is not responsible or liable for any service, content, advertisements, products, or any materials available by third parties or on and/or through such Third Party Sites. Customer further acknowledges and agrees that AppsFlyer shall not be responsible or liable, directly or indirectly, for any damage or loss whatsoever caused, or alleged to be caused, by or in connection with the use of, or reliance on, any such Third Party Content, or service or products made available by third parties or available on or through any Third Party Sites. Most Third Party Sites provide legal documents, including terms of use and privacy policies, governing the use of each such Third Party Sites. It is advisable and AppsFlyer encourages Customer to read these legal documents carefully before using any such Third Party Sites or any third party services.

8. Fees and Payment.

a. Fees, Invoicing and Payment Customer shall pay AppsFlyer all fees due and payable under an Order Form. Unless different payment terms are specified in an Order Form: (a) all fees due shall be payable within 30 (thirty) days of AppsFlyer’s issuance of the applicable invoice; and (b) all fees shall be made in advance, either annually or in accordance with any different billing frequency set forth in the Order Form, except for Services consumed per usage (including any overage fees), which are due and payable monthly in arrears.

b. Third Party Payor. If Customer authorizes a third party or Affiliate to pay AppsFlyer the fees due hereunder on Customer’s behalf (“Third Party Payor”), then Customer agrees that: (a) it shall immediately notify AppsFlyer of such Third Party Payor and provide all required details of the Third Party Payor; (ii) assumption of the payment obligations by the Third Party Payor shall not in any way release Customer from any of Customer’s obligations under the Agreement; (c) any failure by the Third Party Payor to pay the fees shall entitle AppsFlyer to any remedy against Customer set forth in the Agreement or available to AppsFlyer by law, including, suspension or termination of the Services; (d) it shall indemnify and hold harmless AppsFlyer from and against any claims in connection with such Third Party Payor paying the fees instead of Customer. AppsFlyer may refuse any payment by a Third Party Payor in its sole and absolute discretion, in which case Customer shall be required to pay AppsFlyer any and all due fees directly.

c. Late and Overdue Payments. Without limiting AppsFlyer’s rights or remedies, if Customer fails to pay any fees by their due date: (i) such fees may bear interest at the rate of one percent (1%) per month of the outstanding balance (or the maximum amount permitted by applicable law, whichever is less); and (ii) AppsFlyer shall have the right to suspend or cease providing the Services or terminate the Agreement if such fees are not paid within 10 (ten) days of notice by AppsFlyer of its intention to terminate the Agreement or suspend or cease providing the Services until the debt is paid. AppsFlyer shall not apply such late interest, terminate the Agreement, or suspend provision of the Services if Customer has notified AppsFlyer prior to the due date that it believes the invoice is incorrect, has a reasonable good faith basis for such determination and cooperates with AppsFlyer in good faith to resolve the issue. If the parties do not resolve such issue amicably within 30 (thirty) days following the receipt of the notice from Customer, AppsFlyer shall have the right to exercise any of its abovementioned rights.

d. Taxes. Unless expressly stated otherwise under an Order Form, all fees are exclusive of any local, state, or federal sales, use, excise, with holding, VAT or other similar taxes or duties, and any such taxes, to the extent legally applicable, shall be borne and paid by Customer (except for any taxes based on AppsFlyer’s net income).

9. Customer Data and Privacy.

a. Restricted Data. AppsFlyer strictly prohibits using the Services or any Developer Tools to collect, store, upload, process or transmit to AppsFlyer, or through the Services to any third party, any Restricted Data. Customer shall not configure the Services or Developer Tools to enable the collection, transmission, or storage of Restricted Data on or through the Services.

b. Children. Customer shall configure the Developer Tools and Services appropriately to ensure compliance with applicable Children data protection and privacy laws and any platform policies or third party agreements with Integrated Partners that Customer is subject to. Without derogating from the generality of the foregoing, Customer shall configure the Services to ensure that End User Data from Children is not transmitted to any Integrated Partner except where both the Integrated Partner’s service is specifically tailored to support and process End User Data from Children and the Integrated Partner permits Customer to transmit such End User Data related to Children to such Integrated Partner. For more information, Customer should review and implement the appropriate controls as provided in the AppsFlyer Kids App Implementation Guide.

c. AppsFlyer Responsibilities. AppsFlyer shall process Customer Data in compliance with applicable data protection and privacy laws and regulations pursuant to the terms set forth in the Agreement including, to the extent any such Customer Data contains Personal Data, the DPA. AppsFlyer shall implement and use appropriate physical, technical, administrative, and organizational measures that are designed to protect against any anticipated threats or hazards to the security or integrity of the Customer Data, as further specified in our Security Measure Commitments.

d. Customer Responsibilities. Customer shall: (i) collect, use and process Customer Data in compliance with applicable data protection and privacy laws and regulations; (ii) provide appropriate notice to End Users that clearly and accurately discloses its privacy practices, including with respect to its use of services such as the Services; and (iii) ensure it has or obtains all necessary rights, lawful basis, and, where required by law, consents (including parental consent in the case of any End User Data related to Children) to: (a) collect and use the End User Data; (b) enable the processing of End User Data by AppsFlyer as per the terms of the Agreement; (c) place any cookies or similar technologies (including by AppsFlyer) on End Users’ browsers or mobile devices; and (d) configure the Services and Developer Tools in such a manner that ensures compliance with any platform policies and terms (e.g. Apple and Google Store) applicable to Customer.

e. Personal Data. To the extent any End User Data is deemed Personal Data as such term is defined under the DPA, the terms and conditions set forth in the DPA shall apply to the use and processing of such Personal Data and shall be deemed incorporated by reference into this Agreement.

f. Remedy. Without limiting any remedies available to AppsFlyer under this Agreement or applicable law, AppsFlyer reserves the right to cease or suspend performance of the Services if it reasonably deems that Customer has not fulfilled any of its obligations under Section 9 and any of its sub-sections.

10. Integrated Partner.

The Services enable Customer to connect and/or integrate with Integrated Partners in order to facilitate the upload, storage and sending of certain data (e.g. data or content related to Customer’s marketing campaigns, conversion results, creatives, End User Data, events) between Customer and its Integrated Partners (“Campaign and Analytics Data”). Customer acknowledges and agrees: (i) that once the Services are configured by Customer to connect to an Integrated Partner, Customer Campaign and Analytics Data will be sent to the Integrated Partner and/or received from the Integrated Partner, unless otherwise configured by Customer in accordance with the Documentation; (ii) to only send Integrated Partners such Campaign and Analytics Data (including End User Data) that the Integrated Partner permits pursuant to any terms or agreements between Integrated Partner and Customer; (iii) the sending of any Campaign and Analytics Data (or any specific data parameter) shall be enabled only to the extent supported by the Integrated Partner and AppsFlyer; (iv) any use of the Campaign and Analytics Data by an Integrated Partner shall be subject to Customer’s own agreements with Integrated Partner and AppsFlyer is not responsible for Integrated Partner’s use of the Campaign and Analytics Data; and (v) any use or processing of Campaign and Analytics Data received from an Integrated Partner for processing by the Services may be subject to certain limitations and restrictions imposed by Integrated Partners on AppsFlyer directly, including, without limitation, requirements by Integrated Partners to delete such data after a certain period of time or disclosing to Customers only certain Campaign and Analytics Data parameters or in a specific form (e.g. in aggregated form only). Pursuant to the foregoing, Customer hereby instructs AppsFlyer to: (i) send Campaign and Analytics Data to Integrated Partners in accordance with Customer’s configurations of the Service; (ii) and to process Campaign and Analytics Data from Integrated Partners in order to perform the Services.

11. Confidentiality

a. Definition. During the Term, each party may disclose to the other party Confidential Information. Confidential Information shall not include information that Receiving Party can show: (a) was already lawfully known to, or independently developed by, Receiving Party without access to, or use of, Confidential Information, (b) was received by Receiving Party from any third party without restrictions, (c) is publicly and generally available, free of confidentiality and non-use restrictions; (d) is required to be disclosed in order to provide the Services, in accordance with the terms of this Agreement; or (e) is required to be disclosed by law, regulation or is requested in the context of a law enforcement investigation, provided that, to the extent permitted by applicable law, the Receiving Party provides the Disclosing Party with prompt notice of such requirement and reasonably cooperates with Disclosing Party to obtain an order protecting the information from disclosure and discloses only such minimal portion of the Confidential Information required to be disclosed. In addition, the terms of this Agreement may not be disclosed by either party, without the other party's prior written consent, except during due diligence in the course of a merger, acquisition, investment or sale of all or substantially all of a party’s shares or assets.

b. Duty of Care. The parties agree to hold all Confidential Information in strict confidence and not to disclose such Confidential Information to third parties other than Affiliates, employees, agents, consultants or subcontractors of a party who have a need to know in connection with this Agreement or to use such Confidential Information for any purposes whatsoever other than the performance of this Agreement. The parties agree to advise and obtain undertakings from their respective Affiliates, employees, agents, consultants and subcontractors of their obligations to keep all Confidential Information confidential and each party shall remain liable for any breach of confidentiality and non-use obligations by any of the foregoing. Each party agrees to treat the Confidential Information it receives with the same degree of care as it treats its own Confidential Information and in any event, with no less than a reasonable degree of care. As between the parties, each party retains all ownership rights in and to its Confidential Information.

c. Remedies. Each party acknowledges that breach of its obligation of confidentiality may give rise to irreparable injury to the other party, which damage may be inadequately compensable in the form of monetary damages. Accordingly, a party may seek and obtain injunctive relief against the breach or threatened breach of the foregoing undertakings.

d. Return of Data. Upon termination or expiration of this Agreement, each party shall, within thirty (30) calendar days from the date of termination, return or destroy all Confidential Information received from the other party, or created or received by a party on behalf of the other party, which are in such party’s possession. The non-disclosure and non-use obligations set forth in this Section 11 shall survive the termination or expiration of this Agreement for a period of 5 (five) years except that any trade secrets (including, but not limited to source codes, technology, algorithms, and protocols) shall be deemed and treated as Confidential Information for as long as such information continues to be protectable as trade secret information under applicable laws.

12. Intellectual Property.

a. Customer Property. Customer shall retain all right, title and interest in and to the Customer Properties. Nothing herein shall be interpreted to provide AppsFlyer any rights in the Customer Properties except the limited rights explicitly set forth herein. Customer hereby grants AppsFlyer a non-exclusive, royalty-free, non-transferable, sub-licensable, worldwide license to upload, store, display, publish, publicly perform, reproduce, modify, create derivative works of, distribute, transfer, make available, and otherwise access and process the Customer Data solely for and to the extent required to provide, support, and maintain the Services. Without derogating from the foregoing, AppsFlyer confirms that it shall not make any changes, alterations, edits, or modifications to the Customer Content itself without the prior written consent of Customer.

b. AppsFlyer Property. As between the parties, AppsFlyer shall retain all right, title and interest in and to the AppsFlyer Properties. Nothing herein shall be interpreted to provide Customer any rights in the AppsFlyer Properties except the limited rights explicitly set forth herein.

c. Feedback and Aggregated and De-Identified Data. If Customer provides AppsFlyer with any Feedback, then, Customer hereby grants AppsFlyer and its Affiliates a worldwide, perpetual, irrevocable, royalty-free license to use, distribute, disclose, and incorporate into its Services such Feedback. Customer acknowledges and agrees that AppsFlyer may use all such Feedback without restriction. Additionally, Customer acknowledges and agrees that AppsFlyer may use Aggregated and De-Identified Data to improve the service, perform market research and benchmarking.

13. Warranties.

a. Mutual Warranties. Each party represents and warrants that: (a) it is duly organized under applicable law and has sufficient authority to enter into this Agreement; (b) the person entering into this Agreement is authorized to sign this Agreement on behalf of such party; (c) the execution and performance under this Agreement does not conflict with any contractual obligations such party has to any third party; (d) it will not knowingly introduce into the other party’s systems any worms, viruses, spyware, adware or other malicious or intrusive software; and (e) it shall comply with all applicable federal, state, local, or other laws and regulations applicable to its obligations under this Agreement.

b. Customer Warranties. The Customer represents and warrants that: (i) the Customer Properties do not, to the best of its knowledge, infringe the intellectual property rights or privacy rights of any third party; (ii) it owns, or has all appropriate rights and/or licenses to, the Applications; and (iii) it has all permissions, authority, licenses, and consents required to enable the Services to access, download and/or upload Customer Data to Customer’s Account for the purpose of providing the Service in accordance with the terms of this Agreement.

c. AppsFlyer Warranties. AppsFlyer warrants that the Services shall conform to, and operate in all material respects in accordance with, the Documentation and such other descriptions and materials as are attached, described and/or provided under this Agreement. For any breach of this warranty, Customer’s exclusive remedy shall be to terminate the Agreement pursuant to Section 16(b) below.

d. Disclaimer of Warranties. EXCEPT AS EXPRESSLY PROVIDED HEREIN, NEITHER PARTY MAKES ANY WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND EACH PARTY SPECIFICALLY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. CUSTOMER ACCEPTS AND ACKNOWLEDGES THAT THE DEVELOPER TOOLS, SERVICES, AND REPORTS ARE PROVIDED “AS IS” AND “AS AVAILABLE”, EXCEPT AS EXPRESSLY PROVIDED HEREIN. APPSFLYER FURTHER DISCLAIMS ANY WARRANTY THAT THE SERVICES, DEVELOPER TOOLS OR REPORTS WILL MEET CUSTOMER’S NEEDS, BE ERROR FREE, OR THAT THE OPERATION OF THE SERVICE WILL BE UNINTERRUPTED. IN ADDITION, THE SERVICES, DEVELOPER TOOLS, AND REPORTS PROVIDED UNDER A FREE SUBSCRIPTION PACKAGE, FREE TRIAL OR BETA SERVICES ARE EXCLUSIVE OF ANY WARRANTY AND REPRESENTATIONS WHATSOEVER. THE FOREGOING EXCLUSIONS AND DISCLAIMERS ARE AN ESSENTIAL PART OF THIS AGREEMENT AND FORM THE BASIS FOR DETERMINING THE PRICE CHARGED FOR THE SERVICES. TO THE EXTENT THAT APPSFLYER CANNOT DISCLAIM ANY WARRANTY AS A MATTER OF APPLICABLE LAW, THE SCOPE AND DURATION OF SUCH WARRANTY SHALL BE THE MINIMUM REQUIRED UNDER SUCH LAW.

14. Indemnification.

a. AppsFlyer Indemnification. AppsFlyer shall defend, indemnify and hold harmless Customer (and its Affiliates, officers, directors and employees) from and against any and all direct damages, costs, losses, liabilities or expenses (including reasonable court costs and reasonable attorneys’ legal fees) which Customer may suffer or incur in connection with any claim, demand, action or other proceeding by any third party arising from the Developer Tools and/or Services infringing the intellectual property rights of a third party. If the Services are the subject of an infringement claim, or AppsFlyer reasonably believes that the Services shall be the subject of an infringement claim, AppsFlyer may terminate this Agreement upon written notice if modification of the Services to be non-infringing is not reasonably practical (in which case Customer shall be entitled to a pro-rated refund of any prepaid fees). This Section 14(a) sets forth AppsFlyer’s sole obligations and Customer’s sole remedies for any claim that the Developer Tools and/or Services infringe the intellectual property rights of a third party. Notwithstanding the foregoing, AppsFlyer shall have no responsibility or liability for any claim to the extent resulting from or arising out of Customer’s: (a) use or modification of the Developer Tools or Services not in compliance with this Agreement, the Documentation or applicable law; (b) combination of the Developer Tools or Services with any code, platform or services not provided or authorized by AppsFlyer; or (c) if AppsFlyer has provided notice of a requirement to update any script, SDK, API, or other code provided as part of the Developer Tools, Customer continues to use such parts of the Developer Tools that are not the most up-to-date.

b. Customer Indemnification. Customer shall defend, indemnify and hold harmless AppsFlyer (and its Affiliates, officers, directors and employees) from and against any and all direct damages, costs, losses, liabilities or expenses (including court costs and reasonable attorneys’ legal fees) which AppsFlyer may suffer or incur in connection with any claim, demand, action or other proceeding by any third party arising from: (a) Customer’s breach of its representation and warranties hereunder; (b) breach of Customer’s obligations under Section 9 (Customer Data and Privacy) of this MSA; and/or (c) a breach by Customer of Section 10(ii) of this MSA (Integrated Partners).

c. Procedure. In the event of a claim that falls under the Indemnification obligations of either party, as abovementioned, the indemnified party shall: (i) provide the indemnifying party with prompt written notice of any claim for which indemnification is sought (provided that the indemnified party’s failure to notify the indemnifying party will not diminish the indemnifying party’s obligations under this Section 14, except to the extent that the indemnifying party is materially prejudiced as a result of such failure); (ii) cooperate fully with the indemnifying party (at the indemnifying party’s expense); and (iii) allow the indemnifying party to control the defense (except where unreasonable) and settlement of such claim, provided that no settlement may be entered into without the consent of the indemnified party if such settlement would require any or admission of liability or action on the part of the indemnified party other than to cease using any allegedly infringing or illegal content or services. An indemnified party will, at all times, have the option to participate in any matter or litigation through counsel of its own selection at its own expense.

15. Liability.

a. Exclusions. IN NO EVENT SHALL EITHER PARTY NOR ITS DIRECTORS, OFFICERS, AFFILIATES OR AGENTS BE LIABLE FOR ANY CONSEQUENTIAL, INDIRECT, SPECIAL OR PUNITIVE DAMAGES OR FOR ANY LOSS OF PROFITS, REVENUE OR GOODWILL ARISING OUT OF, OR RELATING TO, THE SERVICES, THIS AGREEMENT OR THE ARRANGEMENTS CONTEMPLATED HEREIN REGARDLESS OF WHETHER SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF, OR COULD HAVE FORESEEN, SUCH DAMAGES.

b. Limitations of Liability. IN ANY EVENT, EACH PARTY’S AGGREGATE LIABILITY ARISING OUT OF, OR RELATED TO, THIS AGREEMENT SHALL NOT EXCEED THE AMOUNT OF FEES PAID OR PAYABLE BY CUSTOMER TO APPSFLYER IN THE 12 (TWELVE) MONTHS PRECEDING THE CLAIM. THE FOREGOING EXCLUSIONS AND LIMITATIONS SET FORTH THE ENTIRE LIABILITY OF ONE PARTY TO THE OTHER UNDER THIS AGREEMENT, INCLUDING LIABILITY RESULTING FROM A BREACH OF AGREEMENT, TORT, OR ANY OTHER THEORY OF LIABILITY, BUT IN NO WAY SHALL LIMIT CUSTOMER’S PAYMENT OBLIGATIONS HEREUNDER. NOTWITHSTANDING THE FOREGOING, THE LIMITATIONS SET FORTH UNDER THIS SECTION 15(b) SHALL NOT APPLY TO EACH PARTY’S INDEMNIFICATION OBLIGATIONS AND TO THE EXTENT PROHIBITED UNDER APPLICABLE LAW. NOTWITHSTANDING ANYTHING TO THE CONTRARY UNDER THIS AGREEMENT, APPSFLYER SHALL HAVE NO LIABILITY WHATSOEVER FOR THE SERVICES AND THE DEVELOPER TOOLS PROVIDED UNDER A FREE SUBSCRIPTION PACKAGE, FREE TRIAL OR BETA SERVICES, UNLESS SUCH EXCLUSION OF LIABILITY IS NOT ENFORCEABLE UNDER APPLICABLE LAW IN WHICH CASE APPSFLYER’S AGGREGATE LIABILITY SHALL NOT EXCEED $1,000.00.

16. Term and Termination.

a. Term. The term of this Agreement shall commence on the Effective Date and shall continue until all Order Forms have expired or terminated. Each Subscription Package under an Order Form shall commence on the start date and end on the end date specified in the Order Form, unless earlier terminated or renewed pursuant to the terms of the Agreement. Unless otherwise specified in the Order Form, each Subscription Package shall automatically renew for additional periods equal to the then expiring Subscription Package Term, unless either party provides the other party with written notice of its intent not to renew the Subscription Package at all or under the same terms at least 30 (thirty) days prior to the end of the then applicable Subscription Package term. The fees for each of the Services under a renewed Subscription Package shall be charged at the standard fees charged by AppsFlyer for such Services at the time of renewal; provided, that if such fees exceed 7% (seven percent) of the fees charged in the immediately preceding Subscription Package Term, AppsFlyer shall provide Customer with notice of such increase at least 30 (thirty) days prior to the renewal. The Subscription Package Term for any additional Services ordered during the Subscription Package Term of an existing Subscription Package shall be adjusted to be in alignment with the existing Subscription Package and the fees for such additional Services shall be prorated accordingly.

b. Termination for Cause. Each party may terminate the Agreement upon written notice if the other party is in material breach of this Agreement and such breach is not curable or is not cured within 30 (thirty) days from the receipt of written notice of such breach. In addition, either party shall have the right to terminate this Agreement upon 30 (thirty) days’ written notice to the other party pursuant to section 6.3 of the DPA.

c. Termination for Liquidation. Either party may terminate the Agreement immediately upon written notice if the other party: (i) voluntarily or involuntarily becomes the subject of a petition in bankruptcy or of any proceeding relating to insolvency, receivership, liquidation, or composition for the benefit of creditors that is not dismissed or discharged within sixty (60) days after being commenced; (ii) admits in writing its inability to pay its debts generally as they become due, or takes any corporate action tantamount to such admission; (iii) makes an assignment for the benefit of its creditors; or (iv) ceases to do business as a going concern.

d. Effects of Termination. Upon any termination or expiration of this Agreement, AppsFlyer will cease providing the Services and any fees due under an Order Form shall be required to be paid immediately. All fees due under an Order Form are non-cancellable and non-refundable except in the case of termination by Customer pursuant to Section 16(b) or termination by AppsFlyer pursuant to Section 14(a), in which case Customer shall be entitled to a pro-rated refund of any prepaid fees for Services not yet rendered up to the date of termination. Any obligations of the parties that by their nature are intended to survive the termination or expiration of this Agreement, including the obligations of the parties in Sections 1, 2(f), 7-10, 11-15, 16(d), and 17-21 of this Agreement, shall survive any termination or expiration thereof.

17. Publicity.

Customer agrees that AppsFlyer may refer to Customer as a customer of AppsFlyer, including by displaying Customer’s name and logo on AppsFlyer’s website and other marketing materials.

18. Anti-Corruption.

The parties hereto shall comply with all anti-bribery and anti-corruption laws applicable to this Agreement. Neither party, to the best of its knowledge, has taken or has received or will take or receive any payment, property, gifts or anything else of value in connection with this Agreement (excluding reasonable gifts and entertainment in the ordinary course of business).

19. Trade Sanctions.

Each party represents that it (or any related/controlling company or controlling shareholder individual) is not the subject of any US, UK, EU or UN sanctions and are not named on any restricted party or similar sanctions list. Customer will not, and will not permit any Service User to, access or use any Services in a U.S.-embargoed or sanctioned country or region (currently Cuba, Iran, North Korea, Syria, Crimea, Luhansk, Donetsk). AppsFlyer reserves the right to restrict access to the Services from other countries where AppsFlyer is not permitted to offer or provide the Services due to regulations applicable to it or to terminate the Agreement to the extent any Customer comes under sanctions during the Subscription Package Term.

20. Codes of Conduct.

Each party shall conduct its business in an ethical manner in accordance with terms that are substantially similar to the terms set forth in AppsFlyer’s Codes of Conduct available here.

21. Miscellaneous.

a. Entire Agreement. This Agreement represents the entire agreement between the parties regarding the subject matter hereof and supersedes any and all other agreements between the parties, whether written or oral, regarding the subject matter hereof. For clarity, the provisions of this Agreement supersede any earlier non-disclosure or confidentiality agreements between the parties. Any other terms contained or referenced in any of Customer's ordering documents, purchase orders, “click-wrap”, “browse-wrap”, codes of conduct or similar document shall have no force or effect between the parties. This Agreement may be executed in two or more counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument. The parties agree that any electronic signature shall have the same legal validity and enforceability as a manually executed signature to the fullest extent permitted by applicable law.

b. Amendment. AppsFlyer may amend this Agreement from time to time, in which case the new Agreement will supersede prior versions. AppsFlyer will provide notice (through the AppsFlyer dashboard or by email to the Account admin email on record) of its intended amendment not less than thirty (30) days prior to the effective date of any such amendment. Customer’s continued use of the Services following the effective date shall be deemed as Customer’s consent to any such amendment.

c. Relationship of the Parties. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the parties. There are no third-party beneficiaries to this Agreement.

d. Third Party Service Providers. Customer acknowledges and agrees that AppsFlyer may use third party service providers for storing and processing the Customer Data, all in furtherance of enabling AppsFlyer to provide the Services for the Customer. AppsFlyer shall ensure any such third party is subject to confidentiality obligations no less stringent than those in this Agreement and that they maintain appropriate controls to protect the Customer Data. AppsFlyer shall remain liable for any breaches of this Agreement arising from the actions or omissions of such third parties. For the avoidance of doubt, any such third party provider used to process Customer Data that is Personal Data shall additionally be subject to the procedures for subprocessors set forth in the DPA.

e. No Waiver. All waivers must be in writing. A waiver of any default hereunder or of any of the terms and conditions of this Agreement shall not be deemed to be a continuing waiver or a waiver of any other default or of any other term or condition but shall apply solely to the instance to which such waiver is directed. AppsFlyer may provide Customer with notices required hereunder by contacting Customer at any email address Customer provided, including in its registration information.

f. Assignment. Neither party may assign any of its rights and/or obligations under this Agreement without the prior written consent of the other party, such consent not to be required in the event of an assignment by AppsFlyer to an Affiliate or a purchaser of all or substantially all of AppsFlyer’s assets or share capital. Subject to the foregoing, this Agreement shall be binding upon and inure to the benefit of the respective successors and assigns of the parties hereto.

g. Validity. If any part of this Agreement shall be invalid or unenforceable, such part shall be interpreted to give the maximum force possible to such terms under applicable law and such invalidity or unenforceability shall not affect the validity or enforceability of any other part or provision of this Agreement which shall remain in full force and effect.

h. Notices. All notices under this Agreement shall be in writing and shall be deemed to have been received by the other Party within seven (7) days from the time it was sent in registered mail. If the message was sent by electronic mail, it shall be deemed to have been received within one (1) business day from the time it was sent. The addresses to which the parties should direct notices under the Agreement are set forth in the applicable Order Form.

i. AppsFlyer Contracting Entity. The AppsFlyer entity entering into the Agreement shall be the entity stated in the applicable Order Form and if ordering Services online then the AppsFlyer entity shall be dependent on the Customer’s domicile. It is further clarified that any Affiliate of AppsFlyer may provide certain services to support the provision of Services under this Agreement, including billing and payment collection services

j. Governing Law. This Agreement shall be governed by and construed under the laws of New York, USA without reference to its conflict of law principles. Each party agrees to submit to the exclusive and personal jurisdiction of the courts located in New York City, New York, USA. Notwithstanding the foregoing, in the event the AppsFlyer contracting entity is AppsFlyer UK Ltd., the Agreement shall be governed by and construed under the laws of England and Wales without reference to its conflict of law principles and each party agrees to submit to the exclusive and personal jurisdiction of the courts located in London, England.

unity-reference-viewer

MIT License

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

NPOI / Apache License 2.0

Licensed under the Apache License, Version 2.0 (the "License");

you may not use this file except in compliance with the License.

You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software

distributed under the License is distributed on an "AS IS" BASIS,

WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

See the License for the specific language governing permissions and

limitations under the License.

© GungHo Online Entertainment, Inc. All Rights Reserved.© CAPCOM CO., LTD. ALL RIGHTS RESERVED.© CAPCOM U.S.A., INC. ALL RIGHTS RESERVED.© MOTO KIKAKU.

Ionic.Zlib.CF

Microsoft Public License (Ms-PL)

websocket-sharp

Photoshop PSD FileType Plugin for Paint.NET

unity-webview

Spine Runtimes

MessagePack for C#

MiniJSON

ClosedXML

ParticleEffectForUGUI

Parse

Sharpen

Firebase Data Processing and Security Terms

1. Introduction

2. Definitions

3. Duration

4. Scope of Data Protection Law

5. Processing of Data

6. Data Deletion

7. Data Security

8. Impact Assessments and Consultations

9. Access etc.; Data Subject Rights; Data Export

10. Data Transfers

11. Subprocessors

12. Firebase Data Protection Team; Processing Records

13. Liability

14. Interpretation

15. Changes to these Terms

Appendix 1: Subject Matter and Details of the Data Processing

Subject Matter

Duration of the Processing

Nature and Purpose of the Processing

Categories of Data

Data Subjects

Appendix 2: Security Measures

1. Data Center and Network Security

2. Access and Site Controls

3. Data

4. Personnel Security

5. Subprocessor Security

Appendix 3: Additional Terms for Non-European Data Protection Law

GOOGLE ANALYTICS FOR FIREBASE TERMS OF SERVICE

1. Definitions.

2. Fees and Service.

3. Member Account, Password, and Security.

4. Nonexclusive License.

5. Confidentiality.

6. Information Rights and Publicity.

7. Privacy.

8. Indemnification.

9. Third Parties.

10. DISCLAIMER OF WARRANTIES.

11. LIMITATION OF LIABILITY.

12. Proprietary Rights Notice.

13. U.S. Government Rights.

14. Term and Termination.

15. Modifications to Terms of Service and Other Policies.

16. Applicable Law and Venue.

17. Miscellaneous

Google Ads Data Processing Terms

1. Introduction

2. Definitions and Interpretation

3. Duration of these Data Processing Terms

4. Application of these Data Processing Terms

5. Processing of Data

6. Data Deletion

7. Data Security

8. Impact Assessments and Consultations

9. Data Subject Rights

10. Data Transfers

11. Subprocessors

12. Contacting Google; Processing Records

13. Liability

14. Third-Party Beneficiary

15. Effect of these Data Processing Terms

16. Changes to these Data Processing Terms

Appendix 1: Subject Matter and Details of the Data Processing

Subject Matter

Duration of the Processing

© GungHo Online Entertainment, Inc. All Rights Reserved.
© CAPCOM CO., LTD. ALL RIGHTS RESERVED.
© CAPCOM U.S.A., INC. ALL RIGHTS RESERVED.
© MOTO KIKAKU.