Last Updated: August 23, 2022
WHEN ACCEPTING THIS TRIAL USE AGREEMENT (THE “AGREEMENT”) BY SELECTING “I AGREE” AS PART OF LOGGING TO THE PLATFORM TO ACCESS THE ALATION SOFTWARE OR ALATION CLOUD, YOU AGREE TO FOLLOW AND BE BOUND BY THE TERMS AND CONDITIONS OF THIS AGREEMENT. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY TO THE TERMS AND CONDITIONS OF THIS AGREEMENT AND, IN SUCH EVENT, “LICENSEE” AS USED IN THIS AGREEMENT SHALL REFER TO SUCH ENTITY.
This Agreement is effective as of the date of your first login to the Alation Software or Alation Cloud (“Effective Date”). As used in this Agreement, “Party” means either Alation or Licensee, as appropriate, and “Parties” means both Alation and Licensee.
1.1 License Grant. Subject to all the terms and conditions of this Agreement, Alation grants to Licensee a personal, royalty-free, non-sublicensable, nontransferable, nonexclusive license to Use the Alation Software or the Alation Cloud, as applicable, solely and specifically for testing and evaluation purposes during the Term (the “License”), together with documentation generally provided with the Alation Software or Alation Cloud, as revised from time to time, which may include end user manuals, operation instructions, installation guides, release notes and online help files regarding use of the Alation Software or Alation Cloud (collectively, the “Documentation”). “Use” of the Alation Software means that Licensee may install on computers owned or controlled by Licensee, run, access or otherwise interact with one each of backup and test instances of the Alation Software and “Use” of the Alation Cloud means that Licensee may access, utilize or otherwise interact with the Alation Cloud, each by up to the number of users indicated by Alation and for which Alation provides license key (“Named Users“).
1.2 Named Users and Licensee Requirements. A Named User is a specific individual authorized by Licensee to use the Alation Software or Alation Cloud, as applicable, regardless of whether or not such individual is using the Alation Software or Cloud at any given time and includes both “Viewers” and “Creators”. A “Viewer” is a Named User that may benefit from the occasional ability to search and browse datasets and collaborate through the Alation Software or Cloud. A “Creator” is a Named User that may generate content, curate data elements, run queries, configure the Alation Software or Cloud, and manage other Named User accounts. Each such individual shall be assigned a unique Named User identification and multiple individuals may not share the same Named User identification. In addition to all individual Named Users, all users of a non-human operated device shall be counted as Named Users if such device has access to the Alation Software or Cloud. Licensee is responsible for activity occurring under its Named User accounts and shall ensure that it and its Named Users abide by all local, state, national and foreign laws, treaties and regulations applicable to Licensee’s use of the Alation Software or Cloud. Licensee shall: (i) notify Alation promptly of any unauthorized use of any password or account or any other known or suspected breach of security; (ii) notify Alation promptly and use reasonable efforts to promptly stop any unauthorized use, copying, or distribution of the Alation Software or Cloud that is known or suspected by Licensee or its Named Users; (iii) not impersonate another Alation user or provide false identity information to gain access to or use the Alation Software or Cloud. Alation Software and Documentation will be delivered electronically from Alation’s FTP site.
1.3 License Restrictions. Licensee agrees to use the Alation Software or Cloud, as applicable, in accordance with the Documentation, only in the ordinary course of testing and evaluating the Alation Software or Cloud, and except as expressly permitted herein, shall not reproduce, distribute, deploy, publicly display or modify the Alation Technology or any portion thereof. Except to the extent that the following restriction is prohibited by applicable law, Licensee shall not, directly or indirectly, and shall not authorize any third party to (i) decompile, disassemble, reverse engineer or attempt to reconstruct or discover any source code, algorithms, architecture or other elements of; (ii) translate, adapt, or modify; (iii) write or develop any program based upon; (iv) use for benchmarking or ‘service bureau’ purposes; (v) sell, sublicense, transfer, or otherwise assign or grant to third party any rights in; (vi) allow access to unauthorized persons to; or (vii) otherwise use except as expressly permitted hereunder, in each case of (i) – (vii), the Alation Software, Alation Cloud, Documentation, and Alation’s Confidential Information, as applicable (collectively, “Alation Technology”).
1.4 Ownership. Alation Technology is licensed and not sold. As between Alation and Licensee, Alation hereby retains all right, title and interest, including all intellectual property rights, in and to the Alation Technology, all copies and portions thereof, and all improvements, enhancements, modifications and derivative works thereof, and all intellectual property rights therein. As a condition of the License, Licensee must retain all proprietary, copyright and other attribution legends on all copies of the Alation Technology. Licensee agrees that Alation shall have the right to use in any manner and for any purpose the Feedback as set out in Section 2 below.
1.5 Licensee Data. “Licensee Data” is defined as any data that the Licensee or its Named Users submit to the Alation Software or Cloud. As between Licensee and Alation, Licensee exclusively owns all rights, title and interest in and to all Licensee Data. Licensee shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness, and intellectual property ownership of and right to use all Licensee Data, and hereby warrants that that it has and will have all rights and consents necessary to allow Alation to use all such data as contemplated by this Agreement and discharges Alation from any claims regarding such Licensee Data. If Licensee is testing the Alation Cloud, Licensee hereby grants to Alation a royalty-free, fully-paid, non-exclusive, non-transferable (except as set forth herein), non-sub-licensable, worldwide right to use and process Licensee Data to provide Licensee the Alation Cloud, develop, test and improve the Alation Technology and any other activities expressly agreed to by Licensee.
1.6 Security and Data Privacy. Alation shall maintain a written information security program of policies, procedures and controls governing the processing, storage, transmission and security of Licensee Data submitted to the Alation Cloud, as described in Exhibit A: Security Policy, attached hereto (“Security Program”). The Security Program shall include industry standard practices designed to protect Licensee Data from unauthorized access, acquisition, use, disclosure, or destruction. Alation may periodically review and update the Security Program to address new and evolving security technologies, changes to industry standard practices, and changing security threats, provided that any such update does not materially reduce the overall level of security provided to Licensee as described herein. If Alation processes Personal Data on Licensee’s behalf, it will do so according to the terms of the Alation Data Privacy Addendum available here https://www.alation.com/online-dpa/ and incorporated by reference, as applicable.
Licensee agrees to provide Alation with an assessment of the Alation Software or Cloud after conclusion of the testing and evaluation. Any results of the testing or evaluation of the Alation Software or Cloud, including without limitation the assessment, any feedback or suggestions which Licensee provides to Alation (the “Feedback”) shall be deemed proprietary information of Alation and Licensee hereby assigns to Alation any and all right, title and interest in and to the Feedback.
3.1 Definition. “Confidential Information” means: (i) any information disclosed, directly or indirectly, by one Party (“Disclosing Party”) to the other Party (“Receiving Party”) pursuant to this Agreement that is designated as “confidential”, or in some other manner to indicate its confidential nature; and (ii) information otherwise reasonably expected to be treated in a confidential manner under the circumstances of disclosure or by the nature of the information itself. Without limiting the foregoing, the Alation Technology and the terms (including the existence) of this Agreement are the Confidential Information of Alation. However, Confidential Information does not include any information which (a) is or becomes generally known and available to the public through no act or omission of the Receiving Party; (b) was already in the Receiving Party’s possession at the time of disclosure by the Disclosing Party, as shown by the Receiving Party’s contemporaneous records; (c) is lawfully obtained by the Receiving Party from a third party who has the express right to make such disclosure; or (d) is independently developed by the Receiving Party without use of, or reference to, the Disclosing Party’s Confidential Information.
3.2 Limited Use; Protection. Neither Party shall use the Confidential Information of the other Party for any purpose except to exercise its rights and perform its obligations under this Agreement. Neither Party shall disclose, or permit to be disclosed, either directly or indirectly, any Confidential Information of the other Party, except to employees or contractors of the Receiving Party with a need to know, or to its advisors, or prospective investors or purchasers, each subject to an obligation of confidentiality. Each Party will take reasonable measures to protect the secrecy of, and avoid disclosure and unauthorized use of, the Confidential Information of the other party, and will take at least those measures that it takes to protect its own most highly confidential information.
3.3 Compelled Disclosure. If a Receiving Party is compelled by law or a court of competent jurisdiction to disclose the Disclosing Party’s Confidential Information, the Receiving Party will promptly notify the Disclosing Party in writing and will cooperate with Disclosing Party in seeking a protective order or other appropriate remedy at the Disclosing Party’s expense. If disclosure is ultimately required, the Receiving Party will furnish only that portion of Confidential Information that is legally required and will exercise reasonable efforts to obtain assurance that it will receive confidential treatment.
4. TERM AND TERMINATION
4.1 Term. This Agreement commences on the Effective Date and will continue for fifteen (15) days (the “Term”). This Agreement may be renewed upon execution of an amendment.
4.2 Termination. This Agreement may be terminated by either Party for convenience by providing ten (10) days’ prior written notice to the other Party.
4.3 Effect of Termination. Upon the effective date of expiration or termination of this Agreement for any reason, Alation will disable the access keys and Licensee must cease use of the Alation Technology and will have no further rights to the Alation Technology. Each Party must promptly return or certify the destruction of all tangible embodiments of the other Party’s Confidential Information (including Licensee’s deletion of all instances of the Alation Technology from Licensee’s systems and certifying such deletion in writing within three (3) days of Alation’s request). Sections 1.3 (“License Restrictions”), 1.4 (“Ownership”), 3 (“Confidentiality”), 4.3 (“Effect of Termination”), 5 (“Warranty Disclaimer”), 6 (“Limitation of Liability”), 7 (“General Provisions”) will survive expiration or termination of this Agreement.
5. WARRANTY DISCLAIMER
THE ALATION TECHNOLOGY IS PROVIDED “AS-IS” WITHOUT REPRESENTATION OR WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED OR STATUTORY. ALATION HEREBY DISCLAIMS ANY AND ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM CONDUCT OR COURSE OF DEALING. ALATION DOES NOT WARRANT THAT THE ALATION TECHNOLOGY WILL BE ERROR-FREE OR WILL WORK WITHOUT INTERRUPTIONS, AND LICENSEE RELIES ON THE ALATION TECHNOLOGY AT LICENSEE’S OWN RISK. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN WARRANTIES IN CERTAIN CIRCUMSTANCES. ACCORDINGLY, THE LIMITATIONS SET FORTH ABOVE APPLY TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.
6. EXCLUSION OF CERTAIN DAMAGES; LIMITATION OF LIABILITY
IN NO EVENT WILL EITHER PARTY BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, EXEMPLARY, PUNITIVE, TREBLE OR CONSEQUENTIAL DAMAGES (INCLUDING, WITHOUT LIMITATION, LOSS OF BUSINESS, REVENUE, PROFITS, GOODWILL, DATA OR OTHER ECONOMIC ADVANTAGE) ARISING OUT OF OR RELATING TO THIS AGREEMENT, HOWEVER CAUSED AND BASED ON ANY THEORY OF LIABILITY, WHETHER BREACH OF CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, EVEN IF THE OTHER PARTY IS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. EACH PARTY’S TOTAL LIABILITY (INCLUDING ATTORNEYS’ FEES) ARISING OUT OF OR RELATED TO THIS AGREEMENT WILL NOT EXCEED TEN THOUSAND US DOLLARS ($10,000.00 USD).
7. GENERAL PROVISIONS
7.1 Compliance with Laws and Export Control. Each Party shall comply with all applicable laws and government regulations, including, if applicable, the export laws and regulations of the United States and other applicable jurisdictions, in connection with providing and using the Alation Technology. Without limiting the foregoing, (i) each Party represents that is not named on any government list of persons or entities prohibited from receiving exports, and (ii) Licensee shall not, and shall ensure that Named Users do not violate any export embargo, prohibition, restrictions or other similar law in connection with this Agreement.
7.2 Assignment. Neither Party may assign this Agreement nor any of its rights or obligations under it without the prior written consent of the other Party, except in the case of an assignment due to corporate reorganization, upon a change of control, consolidation, merger, reincorporation, sale of all or substantially all of its assets related to this Agreement or a similar transaction or series of transactions by either Party, which may occur without written consent. Subject to the foregoing, this Agreement will be binding upon and inure to the benefit of the Parties and their respective permitted successors and assigns.
7.3 Governing Law. This Agreement shall be governed by and construed under the laws of the State of California without reference to conflict of laws principles. The application of the United Nations Convention of Contracts for the International Sale of Goods is expressly excluded. All disputes arising out of or related to this Agreement will be subject to the exclusive jurisdiction of the state courts located in San Mateo County and the federal courts located in the City and County of San Francisco, California. If either Party breaches or threatens to breach the provisions of Sections 1.3, 1.4, or 3, each Party agrees that the non-breaching Party may have no adequate remedy at law and is therefore entitled to seek immediate injunctive and other equitable relief, without bond and without the necessity of showing actual money damages.
7.4 Entire Agreement; Amendments. This Agreement is the sole agreement of the Parties concerning the subject matter hereof, and it supersedes all prior agreements and understandings with respect to said subject matter. Any ambiguity in this Agreement shall be interpreted without regard to which Party drafted it. This Agreement may only be amended by a writing signed by the Parties. The headings in this Agreement are inserted for convenience and are not intended to affect the interpretation of this Agreement.
7.5 Notices. Any required notice shall be given in writing by customary means with receipt confirmed at the address of each Party set forth below, or to such other address as either Party may substitute by written notice to the other, or by electronic transmission to an email address. Alation’s email address for notices is: email@example.com. Notices will be deemed to have been given at the time of actual delivery in person, one day after delivery to an overnight courier service, three days after deposit in the Party’s local mail or upon acknowledgement of receipt of electronic transmission.
7.6 Waiver; Severability. Waiver of any term of this Agreement or forbearance to enforce any term by either Party shall not constitute a waiver as to any subsequent breach or failure of the same term or a waiver of any other term of this Agreement. Any provision found to be unlawful, unenforceable or void shall be severed from the remainder of this Agreement, and the Agreement will continue in full force and effect without said provision.
EXHIBIT A: SECURITY POLICY, ALATION CLOUD
1. Data Security Procedures.
Alation shall maintain reasonable operating standards and security procedures and shall use their best efforts to secure Personal Data and Confidential Information (collectively, “Confidential Data”) through the use of appropriate administrative, physical, and technical safeguards including, but not limited to, appropriate network security and encryption technologies. Such security measures shall also include the following:
- (i) Implementation of controls to manage access to Confidential Data, including:
- (a) Restricting access privileges to only those Alation personnel that must access Confidential Data to deliver the Alation Cloud;
- (b) Immediately terminating access privileges to Confidential Data for any Alation personnel that no longer need such access, and conducting quarterly reviews of access lists to ensure that access privileges have been appropriately provisioned and terminated;
- (c) Requiring the use of multi-factor authentication to access Confidential Data; and
- (d) Providing regular training on data security to all Alation personnel that may have access to Confidential Data;
- (ii) Maintenance of firewalls to segregate Alation’s internal networks from the internet, and employing appropriate intrusion detection, monitoring, and logging capabilities to enable detecting and responding to potential security breach attempts;
- (iii) Conducting of regular network vulnerability assessments;
- (iv) Application of all manufacturer-recommended security updates to all systems, devices, or applications storing, processing or transiting Confidential Data in a timely manner that aligns with industry best practices.
- (v) Maintenance and enforcement of policies and procedures to ensure that all of the following requirements are met:
- (a) up-to-date virus protection software shall be installed on all computer systems attached to Alation’s networks;
- (b) access to Alation’s computer resources and networks (including wireless networking and remote access) shall be limited to approved configurations utilizing appropriate identification and authentication methods, including the following minimum password requirements, which shall be automatically enforced by the operating system used by Alation:
- (1) passwords shall be a minimum of eight (8) characters in length, and shall contain characters from four (4) of the following four categories: uppercase letters, lowercase letters, numeric (0-9), and special (!@#$%^&*);
- (2) the operating system shall enable a dictionary check to reject commonly used passwords, and shall lock out the user account for fifteen (15) minutes upon ten (10) failed authentication attempts; and
- (3) Alation shall implement measures to ensure that credentials are not shared between users and accounts; where shared credentials are necessary, the shared password shall be updated every thirty (30) days, and the new password may not be any of the previous ten (10) passwords used for that account.
Alation shall implement such additional password requirements as may be communicated to Alation by Customer from time to time.
- (c) Confidential Data shall be stored only on devices located within Alation’s secure facilities, shall only be used for the purposes of performing Alation’s obligations under this Agreement, and shall not be distributed, repurposed, or shared with third parties or Alation’s business units without Customer’s prior written approval;
- (d) Confidential Data shall at all times be encrypted in accordance with the Encryption Standards described below, regardless of whether such Confidential Data is at rest or in transit;
- (e) All encryption shall be accomplished with AES 256-bit or stronger key, or RSA with a 2048-bit or stronger key, and in accordance with industry standards for secure key and protocol negotiation and key management (collectively, the “Encryption Standards”);
- (f) Confidential Data shall not be transmitted outside of Alation’s secure facilities (which include its cloud hosting environment, currently AWS), transmitted on networks other than those owned by Customer or Alation, or stored on any portable storage device, including but not limited to laptops, tablets, smartphones, flash drives, or removable media, unless, in each instance such information has been encrypted in accordance with the Encryption Standards;
- (g) All documents and electronic media containing Confidential Data shall be protected in accordance with Alation’s obligations under Section 5 (Confidentiality) of the Agreement, and if disposal is permitted by the Agreement, shall be disposed of in a secure manner;
(vii) Ensuring that all electronic mail (email) communications pertaining to the Services or any Confidential Data are conducted to and from an email domain that is owned by Alation, and, upon Alation’s request, providing Alation with domain registration documents or other documentation as reasonably required to confirm Alation’s ownership of such email domain;
If requested by Customer at any time during the Term of the Agreement, Alation shall provide Customer with a copy of the then-current information security policy maintained by Alation.
2. Information Security Breach; Other Investigations. Alation shall promptly notify Customer if Alation knows or has reason to believe there has been any misuse, compromise, loss, or unauthorized disclosure or acquisition of, or access to, Confidential Data (“Information Security Breach”). Upon any discovery of an Information Security Breach, Alation will notify the Customer of the Information Security Breach, investigate, remediate, and mitigate the effects of the Information Security Breach, and provide Customer with assurances that such Information Security Breach will not recur. Alation shall provide at Customer’s request information related to any such Information Security Breach, including but not limited to, vulnerabilities or flaws, start or end date, date of discovery, and specific actions taken to contain and/or mitigate. If any Information Security Breach occurs as a result of an act or omission of Alation, Alation will, at Alation’s sole expense (but subject to Section 8 of the Agreement), undertake remedial measures (including notice, credit monitoring services, fraud insurance, reputation loss, and the establishment of a call center to respond to customer inquiries) in accordance with Customer’s instructions.
3. Assistance. Alation shall provide Customer with reasonable assistance and support and shall act solely at Customer’s direction in (i) responding to an investigation or cooperation request by a data protection regulator or similar authority; (ii) providing notice of an Information Security Breach to any third party where required or requested by Customer; (iii) conducting legally required privacy, security, or data protection impact assessments; and (iv) consulting with the relevant authorities when required in relation to such impact assessments.
4. Return or Destruction of Confidential Data. Upon termination of this Agreement for any reason, Alation shall promptly contact Customer for instructions regarding the secure return, destruction or other appropriate action with regard to Confidential Data. Upon termination of this Agreement for any reason, or at any time at the request of Customer, Alation shall: (i) return all Confidential Data to Customer, including but not limited to all paper and electronic files, materials, documentation, notes, plans, drawings, and all copies thereof, and ensure that all electronic copies of such Confidential Data are rendered unrecoverable from Alation’s (and where applicable, its Subcontractors’) systems; or (ii) if requested by Customer in writing, promptly destroy, delete and render unrecoverable all tangible and electronic instances of Confidential Data from Alation’s (and where applicable, its Subcontractors’) systems, all in accordance with the National Institute of Standards and Technology (NIST) Guidelines for Media Sanitization. If requested by Customer, Alation shall provide Customer with written confirmation of its compliance with the requirements of this Section.
5. Notification of Non-Compliance. If Alation is unable to comply with the obligations stated in this Exhibit, Alation shall promptly notify Customer, and Customer may take any one or more of the following actions: (i) suspend the transfer of Confidential Data to Alation; (ii) require Alation to cease processing Confidential Data; (iii) demand the secure return or destruction of Confidential Data; and/or (iv) immediately terminate this Agreement.
6. Verification. Alation shall make available to Customer such information reasonably necessary to demonstrate compliance with the obligations of this Exhibit A and all applicable laws, regulations, and international accords or treaties pertaining to Personal Data.