Last Updated: July 2, 2024


Last Updated: July 2, 2024




This EarnUp@work Service General Services Agreement (the “Agreement”) is effective as of the order form effective date (the “Effective Date”) between EarnUp Inc., a Delaware corporation, having its principal place of business at 2370 Market Street, Suite 203, San Francisco, CA 94114 (“EarnUp”) and the customer as listed on the order form (“Customer”).  Each of EarnUp and Customer are referred to as a “Party” and collectively, as the “Parties.”

Customer desires to obtain EarnUp@work Service from EarnUp, for use by Customer’s End Users, as designated on an order form (“Order Form”) that is executed by Customer and EarnUp from time to time and governed by this Agreement.

In consideration of the foregoing, and of the mutual covenants and agreements set forth in this Agreement, EarnUp and Customer agree enter into this Agreement as follows:


1.                DEFINITIONS.  As used in this Agreement:

1.1             “Customer Marks” means Customer names, trademarks, trade names, services names, and logos including those provided by Customer to EarnUp to use in connection with the provision of the EarnUp@work Service.

1.2             “EarnUp Marks” means EarnUp names, trademarks, trade names, services names, and logos including those provided by EarnUp to Customer to use in connection with the marketing of the EarnUp@work Service.

1.3             “EarnUp@work Service” means, as applicable, the service that EarnUp may provide, for use by Customer and Customer’s End Users, in the Territory, pursuant to this Agreement as specifically set forth in an Order Form executed by the Parties and governed by this Agreement.


1.5             “End User” means an individual employee of the Customer who is over the age of eighteen (18), is authorized by Customer to use the EarnUp@work Service listed in an Order Form and that has created an EarnUp account to access and use the EarnUp@work Service.

1.6             “Intellectual Property Rights” means all present and future worldwide copyrights, trademarks, trade secrets, patents, patent applications, mask work rights, moral rights, and other proprietary rights recognized by the laws of any country.


1.8             “Open Source Components” has the meaning given in Section 2.3.

1.9             “Territory” means the United States.

1.10          “Term” has the meaning given in Section 11.1 and as set forth in the Order Form.

1.11          “User Documentation” means, as applicable, any user documentation furnished to Customer by EarnUp.

2.                EARNUP@WORK SERVICE.

2.1             Right to Use the EarnUp@work Service.  Subject to the terms and conditions of this Agreement EarnUp shall provide the EarnUp@work Service to Customer and Customer’s End Users during the Term as set forth in an applicable Order Form.

2.2             Restrictions. Customer acknowledges that the EarnUp@work Service and its structure, organization, and source code constitute valuable trade secrets of EarnUp and its licensors.  Accordingly, Customer will not, directly or indirectly, or permit any third party, including any of Customer’s End Users to: (a) modify, adapt, alter, translate, or create derivative works based on any EarnUp@work Service or User Documentation; (b) assign, distribute or otherwise transfer its rights to access or use the EarnUp@work Service or User Documentation to any third party (except to assign its rights in accordance with Section 13.7); (c) provide unauthorized access to or use of the EarnUp@work Service or User Documentation to any third party (except as may be expressly authorized under an applicable Order Form.); (d) reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code,  algorithms, or other configurations or components of the EarnUp@work Service; (e) remove any proprietary notices from the EarnUp@work Service, User Documentation, or any other materials furnished or made available hereunder, except as expressly permitted herein; (f) use the EarnUp@work Service for timesharing or service bureau purposes; or (g) use the EarnUp@ Service or User Documentation for any other purpose other than as permitted under this Agreement, including using any EarnUp@work Service in any way to create products or services similar to or competitive with the EarnUp@work Service or, without EarnUp’s prior written consent, publicly disclosing any benchmarking or competitive review of EarnUp@work Service.  Customer must reproduce, on all copies made by or for Customer, and must not remove, alter, or obscure in any way all proprietary rights notices (including copyright notices) of EarnUp or its licensors on or within the copies of the User Documentation furnished by EarnUp to Customer.

2.3             Open Source Components.  Certain open source components provided in or with the EarnUp@work Service (“Open Source Components”) are subject to various “open source” or “free software” licenses. EarnUp may supplement such Open Source Components from time to time for any updates or upgrades to the EarnUp@work Service that EarnUp provides as maintenance.  Customer’s and Customer’s End User’s use of the Open Source Components is subject to and governed by the license that accompanies the Open Source Component and is not subject to the terms and conditions of this Agreement, except that Sections 2.2, 8.2, and 10 of this Agreement also govern the use of the Open Source Components.  Nothing in this Agreement grants Customer rights that supersede the terms and conditions of any applicable license for the Open Source Component. Customer agrees to comply with the terms and conditions contained in all such Open Source Component licenses.

2.4             Customer Trademark License. Customer hereby grants to EarnUp a limited, non-exclusive, and royalty-free right and license to use, reproduce, display and distribute the Customer Marks during the Term solely in connection with providing the EarnUp@work Service as described in this Agreement or an applicable Order Form, and as permitted under Section 13.2, below.  Customer grants no rights in the Customer Marks other than those expressly granted in this Section 2.4 and EarnUp acknowledges Customer’s exclusive ownership of Customer Marks.  EarnUp agrees not to take any action inconsistent with such ownership.

3.                SECURITY.  The Parties agree to comply with the industry standard data security requirements with respect to any receipt, storage or access of Personal Information pursuant to Exhibit A of this Agreement.

4.                FEES AND PAYMENT.

4.1             Fees.  Customer will pay to EarnUp the fees specified in the applicable Order Form.  All fees are in United States dollars and are non-refundable.

4.2             Payments.  Customer will pay EarnUp all amounts due under this Agreement within thirty (30) days after the date of the invoice therefor.  Any amount that is not paid when due will accrue interest at one and a half percent (1.5%) per month or the maximum rate permitted by applicable law, whichever is less, from the due date until paid. 

4.3             Taxes.  Customer will be responsible for and will indemnify and hold EarnUp harmless from payment of all taxes (other than taxes based on EarnUp’s income), fees, duties, and other governmental charges, and any related penalties and interest, arising from the payment of fees to EarnUp under this Agreement.  Customer will make all payments of fees to EarnUp free and clear of, and without reduction for, any withholding taxes.

5.                RECORDS AND AUDITS.

5.1             Records.  During the Term and for two (2) years thereafter, Customer will maintain at its principal place of business complete and accurate records with respect to Customer’s activities pursuant to this Agreement, including all data needed for verification of compliance with this Agreement and amounts paid and payable to EarnUp under this Agreement. Customer may meet the requirements of this Section 5.1 by hosting such records in a “cloud” or other secure online service.

5.2             Audits.  EarnUp will have the right, during the Term and for two (2) years thereafter, normal business hours to audit or have an independent audit firm selected by EarnUp audit Customer’s records relating to Customer’s activities pursuant to this Agreement in order to verify that Customer has paid to EarnUp the correct amounts owed under this Agreement and otherwise complied with the terms of this Agreement.  The audit will be conducted at EarnUp’s expense, unless the audit reveals that Customer has underpaid the amounts owed to EarnUp by five percent (5%) or more during the audited period, in which case Customer will reimburse EarnUp for all reasonable costs and expenses incurred by EarnUp in connection with such audit.  Customer will promptly (but in no event more than ten (10) business days) pay to EarnUp any amounts shown by any such audit to be owing plus interest as provided in Section 4.2. 

6.                CUSTOMER OBLIGATIONS.

6.1             Marketing and Sales Representations. Customer will not make or publish any false or misleading representations, warranties, or guarantees on behalf of EarnUp or its licensors concerning the EarnUp@work Service that are inconsistent with any warranties made by EarnUp.

6.2             Insurance.  During the Term and for two (2) years thereafter, Customer will maintain, at its sole cost and expense, (i) insurance coverage in the event of its loss of confidential data, including End User’s personal data, with limits of not less than three million US dollars ($3,000,000) per occurrence and (ii) appropriate and comprehensive general liability insurance with limits of not less than three million US dollars ($3,000,000). The insurance required by this Section 6.2 will be maintained with reputable insurance companies with an AM Best Rating of A-VII or better that is duly licensed to conduct business. Customer will provide its certificate of insurance to EarnUp upon request. Customer will give EarnUp at least thirty (30) days’ prior written notice if any policy materially changes or is cancelled.

7.                CONFIDENTIALITY.

7.1             Confidential Information.  Each Party (the “Disclosing Party”) may from time to time during the Term disclose to the other Party (the “Receiving Party”) certain information regarding the Disclosing Party’s business, including technical, marketing, financial, employee, planning, and other confidential or proprietary information (“Confidential Information”).  The Disclosing Party will mark all Confidential Information in tangible form as “confidential” or “proprietary” or with a similar legend.  The Disclosing Party will identify all Confidential Information disclosed orally as confidential at the time of disclosure.  Regardless of whether so marked or identified, however, any information that the Receiving Party reasonable knew or should have known, under the circumstances, was considered confidential or proprietary by the Disclosing Party, will be considered Confidential Information of the Disclosing Party.

7.2             Protection of Confidential Information.  The Receiving Party will not use any Confidential Information of the Disclosing Party for any purpose not expressly permitted by this Agreement and will disclose the Confidential Information of the Disclosing Party only to the employees of the Receiving Party who have a need to know such Confidential Information for purposes of this Agreement and who are under a duty of confidentiality no less restrictive than the Receiving Party’s duty hereunder.  The Receiving Party will protect the Disclosing Party’s Confidential Information from unauthorized use, access, or disclosure in the same manner as the Receiving Party protects its own confidential or proprietary information of a similar nature and with no less than reasonable care.

7.3             Exceptions.  The Receiving Party’s obligations under Section 7.2 above with respect to any Confidential Information of the Disclosing Party will not apply if the Receiving Party can document that such information: (a) was already lawfully known to the Receiving Party at the time of disclosure by the Disclosing Party; (b) is or was disclosed to the Receiving Party by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of the Receiving Party has become, generally available to the public; or (d) is or was independently developed by the Receiving Party without access to, or use of, the Disclosing Party’s Confidential Information.  In addition, the Receiving Party will be allowed to disclose Confidential Information of the Disclosing Party to the extent that such disclosure is (i) approved in writing by the Disclosing Party, (ii) necessary for the Receiving Party to enforce its rights under this Agreement in connection with a legal proceeding, or (iii) required by law or by the order or a court or similar judicial or administrative body, provided that the Receiving Party notifies the Disclosing Party of such required disclosure promptly and in writing and cooperates with the Disclosing Party, at the Disclosing Party’s reasonable request and expense, in any lawful action to contest or limit the scope of such required disclosure.

7.4             Destruction of Confidential Information.  The Receiving Party will destroy all Confidential Information of the Disclosing Party in the Receiving Party’s possession or control, and permanently erase all electronic copies of such Confidential Information promptly upon the written request of the Disclosing Party or the expiration or termination of this Agreement, whichever comes first.  At the Disclosing Party’s request, the Receiving Party will certify in writing signed by an officer of the Receiving Party that it has fully complied with its obligations under this Section 7.4.

7.5             Confidentiality of Agreement.  Neither Party will disclose any terms of this Agreement to anyone other than its attorneys, accountants, and other professional advisors under a duty of confidentiality except (a) as required by law, or (b) pursuant to a mutually agreeable press release, or (c) in connection with a proposed merger, financing, or sale of such Party’s business (provided that any third party to whom the terms of this Agreement are to be disclosed signs a confidentiality agreement reasonably satisfactory to the other Party to this Agreement).


8.1             Mutual Representations and Warranties.  Each Party represents and warrants that (i) it is duly organized, validly existing, and in good standing under the laws of its jurisdiction of formation, (ii) it has the corporate and legal authority and power to enter into this Agreement and to perform the obligations set forth herein, (iii) no authorization or approval from any other person is required in connection with such party’s execution, delivery, or performance of this Agreement, (iv) the execution, delivery, and performance of this Agreement does not violate the terms or conditions of any other agreement to which it is a party or by which it is otherwise bound, (v) there is no pending, nor to the knowledge of such party, threatened, suit, action, arbitration or other proceedings of a legal, administrative or regulatory nature, or any governmental investigation, against such party or any of its Affiliates or any officer, director or employee which has not been previously disclosed to the other party in writing and which would materially and adversely affect such Party’s ability to perform its obligations under this Agreement, and (vi) each Party has registered for and obtained and will maintain all required licenses and permits from all regulatory authorities for it to lawfully engage in the business in which it is engaged, including without limitation, any required for it to complete its obligations under this Agreement; and (vii)  it will at all times comply with all applicable laws, rules and regulations. For purposes of this Agreement, “Affiliate(s)” means an entity that, directly or indirectly, owns, is owned by or is under common ownership with a Party. As used herein, “ownership” means the beneficial ownership of fifty percent (50%) or more of the voting equity securities or other equivalent voting interests of such Party.


9.                INDEMNIFICATION.

9.1             Indemnification by Customer.  Customer agrees to defend EarnUp, its Affiliates and their respective officers, directors, employees, and representatives from and against any claim, suit or proceeding brought by a third party (“Claim”) relating to: (a) any representations, warranties, guarantees, or other written or oral statements made by or on behalf of Customer relating to the EarnUp@work Service other than as authorized by EarnUp in writing or made in the User Documentation, (b) a security breach of Customer; or (c) Customer’s performance of its obligations hereunder and under any applicable Order Form (including without limitation any breach by Customer of Sections 2.1, 2.2, 3, 4.2, 5, 7, or 8).  Customer will indemnify and hold EarnUp harmless against those costs and damages finally awarded against EarnUp in any such Claim (including reasonable attorneys’ fees) or those costs and damages agreed to in a monetary settlement of such Claim.

9.2             Indemnification by EarnUp.  EarnUp agrees to defend Customer and its officers, directors, employees, and representatives from and against any third-party Claim that the EarnUp@work Service infringe any U.S. patents or copyrights and EarnUp will indemnify and hold Customer harmless against those costs and damages finally awarded against Customer in any such Claim (including reasonable attorneys’ fees) or those costs and damages agreed to in a monetary settlement of such Claim. If the EarnUp@work Service becomes, or in EarnUp’s opinion is likely to become, the subject of an infringement claim, EarnUp may, at its option and expense, either (a) procure for Customer the right to continue exercising the rights granted to Customer in this Agreement, (b) replace or modify the EarnUp@work Service so that it becomes non-infringing and remains functionally equivalent, or (c) provide a pro rata refund to Customer of any prepaid fees for the EarnUp@work Service not yet rendered, and terminate this Agreement.  Notwithstanding the foregoing, EarnUp will have no obligation under this Section 9.2 or otherwise with respect to any infringement claim arising due to (i) any unauthorized use, reproduction, or distribution of the EarnUp@work Service by Customer or any Customer’s End Users, (ii) the combination of the EarnUp@work Service with other products, equipment, software, or data not supplied by EarnUp (including if applicable a Customer data source identified in an applicable Order Form), (iii) any use, reproduction, or distribution of any release of the EarnUp@work Service other than the most current release made available to Customer, or (iv) any modification of the EarnUp@work Service by any person other than EarnUp or its authorized agents or contractors.  This Section 9.2 states EarnUp’s entire liability and Customer’s sole and exclusive remedy for infringement claims and actions.

9.3             Procedures.

Promptly after receipt by an indemnified Party under subsections 9.1 or 9.2 above of written notice of the start of any action, the indemnified Party will, if the Claim is to be made against the indemnifying Party under subsections 9.1 or 9.2 above, notify the indemnifying Party of the action, and if the indemnified Party does not so notify the indemnifying Party within thirty (30) days following receipt of any such notice by the indemnified Party, the indemnifying Party will have no further liability under subsections 9.1 or 9.2 above to the indemnified Party unless the indemnifying Party has received other notice addressed and delivered according to Section 13.10 of this Agreement.  However, the failure to notify the indemnifying Party will not relieve it from any liability which it may have to any indemnified Party. If any such action is brought against any indemnified Party and it notifies the indemnifying Party of the start of the action, the indemnifying Party will be entitled to participate in the action and, may, jointly with any other indemnifying Party, assume the defense of the action, with counsel reasonably satisfactory to the indemnified Party.  After notice from the indemnifying Party to the indemnified Party of its election to assume the defense of the action, the indemnifying Party will not be liable to the indemnified Party under subsections 9.1 or 9.2 above, as applicable, for any legal or other expenses subsequently incurred by the indemnified Party in connection with the defense of the action other than reasonable expenses for investigation. No indemnifying Party will, without the prior written consent of the indemnified Party, effect any settlement of any pending or threatened action for which any indemnified Party is or could have been a party if indemnity could have been claimed under this Agreement by the indemnified Party unless the settlement includes (i) an unconditional release of the indemnified Party from all liability on any claims in the action and (ii) does not include a statement or an admission of fault, culpability or a failure to act by or on behalf of the indemnified Party.



11.             TERM AND TERMINATION.

11.1          Term.  Unless earlier terminated pursuant to this Agreement, the term of this Agreement will begin on the Effective Date and will continue until terminated as set forth in Section 11.2, or until any Order Forms issued pursuant to this Agreement have either terminated or expired (such term of this Agreement, the “Term”). Termination of an Order Form shall not terminate this Agreement. Termination of this Agreement shall terminate all Order Forms issued pursuant to this Agreement.

11.2          Termination.

(a)             Termination for Breach or Insolvency.  Either Party (the “Non-breaching Party”) may terminate this Agreement, effective immediately upon written notice to the other Party (the “Breaching Party”), if the breach is a material breach and it is either incurable or the Breaching Party does not cure the breach within thirty (30) days after receiving written notice thereof from the Non-breaching Party.  Further, to the extent permitted by law, either Party may immediately terminate this Agreement in the event of: (i) an assignment for the benefit of creditors by the other Party or the voluntary appointment (at the request of the other Party or with the consent of the other Party) of a receiver, custodian, liquidator or trust in bankruptcy of the other party’s property or the filing by the other party of a petition in bankruptcy or other similar proceeding under any law for relief of debtors; (ii) the filing against the other Party of a petition in bankruptcy or other similar proceeding under any law for relief of debtors, or the involuntary appointment of a receiver, custodian, liquidator or trustee in bankruptcy of the other party’s property, where such petition or appointment is not vacated or discharged within sixty (60) days after the filing or making thereof; or (iii) the other Party liquidates, dissolves, or otherwise ceases business operations.

(b)             Termination for Regulatory Changes.  EarnUp will have the right to terminate this Agreement or any applicable Order Form in writing immediately if EarnUp determines in its sole discretion that EarnUp’s provision of, and/or Customer’s use of, the EarnUp@work Service and the EarnUp Marks in accordance with this Agreement or an applicable Order Form is prohibited by applicable law, rule, regulation or licensing agreement, would place EarnUp in material breach of an agreement with its licensors, or would cause compliance with applicable law, rule, or regulation to be, in EarnUp’s sole discretion, excessively burdensome to EarnUp.

11.3          Effects of Termination. Upon termination or expiration of this Agreement for any reason, any amounts owed to EarnUp under this Agreement before such termination or expiration will be immediately due and payable, all rights to access or use the EarnUp@work Service granted in this Agreement by EarnUp to Customer will immediately cease to exist, Customer must promptly discontinue all use of the EarnUp Marks and the EarnUp@work Service, and Confidential Information will be destroyed pursuant to Section 7.4.  Sections 1, 2.2, 3, 4, 6, 7, 8, 9, 10, 11.3, 12, and 13 will survive expiration or termination of this Agreement for any reason.

12.             OWNERSHIP.

12.1          EarnUp@work Service. The EarnUp@work Service and User Documentation if any, including all upgrades, updates, improvements, and enhancements thereto, and all worldwide Intellectual Property Rights therein, are the exclusive property of EarnUp and its licensors.  All rights in and to the EarnUp@work Service not expressly granted to Customer in this Agreement are reserved by EarnUp and its licensors.

12.2          Feedback. During the Term, Customer may provide EarnUp with feedback regarding the EarnUp@work Service, including product features, user experience, implementation, pricing, and business terms. Customer acknowledges and agrees that such feedback will be considered EarnUp’s Confidential Information and EarnUp may use such feedback for any reason without obligation or compensation to, or approval of, Customer.

13.             GENERAL.

13.1          Governing Law and Venue.  This Agreement and any action related thereto will be governed and interpreted by and under the laws of the State of California, without giving effect to any conflicts of laws principles that require the application of the law of a different state.  Customer hereby expressly consents to the personal jurisdiction and venue in the state and federal courts for the county in which EarnUp’s principal place of business is located for any lawsuit filed there against Customer by EarnUp arising from or related to this Agreement.  The United Nations Convention on Contracts for the International Sale of Goods does not apply to this Agreement.

13.2          Publicity. Customer agrees EarnUp may refer to Customer as a customer of EarnUp in its public-facing website and promotional or sales materials, and grants a limited license to EarnUp to use Customer’s name, logo, trademarks and service marks for the foregoing purposes in accordance with Customer’s trademark usage guidelines provided to EarnUp by Customer.

13.3          Export.  Customer agrees not to export, reexport, or transfer, directly or indirectly, any U.S. technical data acquired from EarnUp, or any products utilizing such data, in violation of United States export laws or regulations.

13.4          Severability.  If any provision of this Agreement is, for any reason, held to be invalid or unenforceable, the other provisions of this Agreement will remain enforceable, and the invalid or unenforceable provision will be deemed modified so that it is valid and enforceable to the maximum extent permitted by law.

13.5          Waiver.  Any waiver or failure to enforce any provision of this Agreement will not be deemed a waiver of any other provision or of such provision on any other occasion.

13.6          Remedies.  Customer acknowledges that the EarnUp@work Service contains valuable trade secrets and proprietary information of EarnUp, that any actual or threatened breach of Sections 2.2 or 7 or any other breach of (i) Customer’s obligations with respect to use of the EarnUp@work Service the Intellectual Property Rights of EarnUp in this Agreement or any applicable Order Form or (ii) Customer’s confidentiality obligations in this Agreement will constitute immediate, irreparable harm to EarnUp for which monetary damages would be an inadequate remedy, and that injunctive relief may be an appropriate remedy for such breach.  If Customer continues to distribute the EarnUp@work Service after its right to do so has terminated or expired, EarnUp will be entitled to seek immediate injunctive relief without the requirement of posting bond.  If any legal action is brought to enforce this Agreement, the prevailing Party will be entitled to receive its reasonable attorneys’ fees, court costs, and other collection expenses, in addition to any other relief it may receive.

13.7          No Assignment.  This Agreement, and each Party’s rights and obligations herein, may not be assigned, subcontracted, delegated, or otherwise transferred by a Party without the other Party’s prior written consent, and any attempted assignment, subcontract, delegation, or transfer in violation of the foregoing will be null and void. Notwithstanding the foregoing, either Party may assign this Agreement to its successor in the event of a merger, acquisition, reincorporation or reorganization of such Party or a sale involving all or substantially all of such Party’s equity or assets relating to this Agreement without the consent of the other Party.  The terms of this Agreement will be binding upon successors and assigns.

13.8          Force Majeure.  Any delay in the performance of any duties or obligations of either Party (except the payment of money owed) will not be considered a breach of this Agreement if such delay is caused by a pandemic, epidemic, civil unrest, labor dispute, shortage of materials, fire, earthquake, flood, or any other event beyond the control of such Party; provided, that such Party uses reasonable efforts, under the circumstances, to notify the other Party of the circumstances causing the delay and to resume performance as soon as possible.

13.9          Independent Contractors. Customer’s relationship to EarnUp is that of an independent contractor, and neither Party is an agent or partner of the other.  Customer will not have, and will not represent to any third party that it has, any authority to act on behalf of EarnUp.

13.10       Notices.  Each Party must deliver all notices or other communications required or permitted under this Agreement in writing to the other Party at the address listed on the signature page by courier, by certified or registered mail (postage prepaid and return receipt requested), email, or by a nationally-recognized express mail service.  Notice will be effective upon confirmation of delivery, receipt or refusal of delivery.  If delivered by certified or registered mail, any such notice will be considered to have been given five (5) business days after it was mailed, as evidenced by the postmark.  If delivered by courier, email or express mail service, any such notice will be considered to have been given on the delivery date reflected by the courier or express mail service receipt or electronic transmission. Each Party may change its address for receipt of notice by giving written notice of such change to the other Party.

13.11       Interpretation. Headings are for reference purposes only and do not define or limit the scope of any provision in this Agreement. References to “including” in this Agreement will be interpreted to mean “including without limitation”.

13.12       Counterparts.  This Agreement may be executed in one or more counterparts, each of which will be deemed an original and all of which will be taken together and deemed to be one instrument.

13.13       Entire Agreement.  This Agreement is the final, complete and exclusive agreement of the Parties with respect to the subject matter hereof and supersedes and merges all prior discussions between the Parties with respect to such subject matter. No modification of or amendment to this Agreement, or any waiver of any rights under this Agreement, will be effective unless in writing and signed by an authorized representative of each Party. Any pre-printed terms on any quote, order, or other similar document will have no effect and will be null and void.



1)     Data Protection

2)     Definitions:  In this Clause, the following terms shall have the following meanings:

a)                “controller”, “processor”, “data subject”, “personal data”, “Personal Information”, “processing” (and “process”) and “special categories of personal data”, “Business”, “Consumer”, “Delete”, “Request to Delete”, “Request to Know”, and “Sell” shall have the meanings given in Applicable Data Protection Law; and

b)               “Applicable Data Protection Law” shall mean: (i) prior to 25 May 2018, the EU Data Protection Directive (Directive 95/46/EC); and (ii) on and after 25 May 2018, the EU General Data Protection Regulation (Regulation 2016/679), and the California Consumer Privacy Act of 2018 as amended (“CCPA”), and any other state or federal data privacy laws in the United States; and

c)                “Services” means performance of the services and activities provided pursuant to or in connection with the Agreement.

d)               “Data”, as used herein, shall be deemed to include personal data and Personal Information.

3)     Relationship of the parties:  EarnUp (the controller) appoints Vendor as a processor to process the Personal Infor that is the subject of this Agreement (the “Data”).  Each party shall comply with the obligations that apply to it under Applicable Data Protection Law.

4)     Purpose limitation:  Vendor shall process the Data as a processor as necessary to perform its obligations under this Agreement and strictly in accordance with the documented instructions of EarnUp (the “Permitted Purpose”), except where otherwise required by any EU (or any EU Member State) law applicable to EarnUp.  In no event shall Vendor process the Data for its own purposes or those of any third party.

5)     International transfers:   Vendor shall not transfer the Data (nor permit the Data to be transferred) outside of the European Economic Area (“EEA”) unless (i) it has first obtained EarnUp’s prior written consent; and (ii) it takes such measures as are necessary to ensure the transfer is in compliance with Applicable Data Protection Law.

6)     Prohibited Use: Vendor shall not Sell EarnUp’s Personal Information. Vendor further agrees not to retain, use or disclose Personal Information obtained from EarnUp: (i) outside the direct relationship between EarnUp and Vendor, and (ii) for any purposes other than for the specific purposes of performing the Services specified in the Agreement.

7)     Confidentiality of processing:  Vendor shall ensure that any person that it authorises to process the Data (including Vendor’s staff, agents and subcontractors) (an “Authorised Person”) shall be subject to a strict duty of confidentiality (whether a contractual duty or a statutory duty), and shall not permit any person to process the Data who is not under such a duty of confidentiality. Vendor shall ensure that all Authorised Persons process the Data only as necessary for the Permitted Purpose.

8)     Security:  The processor shall implement appropriate technical and organizational measures to protect the Data (i) from accidental or unlawful destruction, and (ii) loss, alteration, unauthorized disclosure of, or access to the Data (a “Security Incident”). Such measures shall have regard to the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. Such measures shall include, as appropriate:

a)                Encryption of personal data;

b)               The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

c)                The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;

d)               A process for regularly assessing the effectiveness of technical and organizational security measures;

e)                Annual security training of all personnel, including training on compliance with Client’s Acceptable Use Policy for all Vendor personnel accessing EarnUp Data, including Personal Information, systems, facilities, or hardware;

f)                Project/role based access control;

g)               Performance of routine phishing tests;

h)               Use of strong passwords with a minimum of 12 characters;

i)                 Prohibitions against sharing of passwords or login credentials;

j)                 Multi-factor authentication;

k)               Secure system configuration;

l)                 Use of malware prevention tools;

m)              Use of vulnerability management, SEIM, incident detection tools; and

n)               Encryption of EarnUp Data at rest and in transit.

14.             SOC-2/ISO 27001:  Vendor will maintain an internal security controls program, which shall include an internal audit process, including annual SOC-2 or ISO 27001 audits.  Vendor shall provide copies of such reports to EarnUp on an annual basis.

15.             Subprocessing:  Vendor shall not subcontract any processing of the Data to a third party subprocessor without the prior written consent of EarnUp. Notwithstanding this, EarnUp consents to Vendor engaging third party subprocessors to process the Data provided that: (i) Vendor imposes data protection terms on any subprocessor it appoints that protect the Data to the same standard provided for by this Clause; and (ii) Vendor remains fully liable for any breach of this Clause that is caused by an act, error or omission of its subprocessor.  Notwithstanding the foregoing consent, if EarnUp reasonably believes any such subprocessing or subprocessor is not reasonably able to protect the Data to the same standard provided for by this Clause, then EarnUp may revoke its consent and Vendor will not appoint the subprocessor or EarnUp may elect to suspend or terminate this Agreement without penalty.

16.             Cooperation and data subjects’ rights:  Vendor shall provide all reasonable and timely assistance (including by appropriate technical and organisational measures) to EarnUp (at its own expense) to enable EarnUp to respond to: (i) any request from a data subject to exercise any of its rights under Applicable Data Protection Law (including its rights of access, correction, objection, erasure and data portability, as applicable); and (ii) any other correspondence, enquiry or complaint received from a data subject, regulator or other third party in connection with the processing of the Data.   In the event that any such request, correspondence, enquiry or complaint is made directly to Vendor, Vendor shall promptly inform EarnUp providing full details of the same. Likewise, per CCPA, Vendor agrees to provide all necessary assistance to, and comply with all of the instructions from, EarnUp related to privacy, Personal Information and security, including, without limitation, regarding Consumer requests. If Vendor receives a Request to Know or Request to Delete from a Consumer, Vendor shall promptly notify, and forward such request to, EarnUp. Vendor shall not make any statement or admission without EarnUp’s prior written consent.

17.             Data Protection Impact Assessment:  If Vendor believes or becomes aware that its processing of the Data is likely to result in a high risk to the data protection rights and freedoms of data subjects, it shall promptly inform EarnUp and provide EarnUp with all such reasonable and timely assistance as EarnUp may require in order to conduct a data protection impact assessment and, if necessary, consult with its relevant data protection authority.

18.             Security incidents:  Upon becoming aware of a Security Incident, Vendor will immediately and without undue delay, which shall be within forty-eight (48) hours of the discovery of any Security Incident, notify EarnUp of the discovery of any breach of EarnUp’s Data.  Vendor shall cooperate with EarnUp in the event that any notification to EarnUp’s customers, regulatory authorities, or third party is required pursuant to applicable Data Protection Legislation. Vendor shall be responsible for all costs arising out of a Security Incident, including any requirement to provide credit monitoring.

19.             Deletion or return of Data:  Upon termination or expiry of this Agreement, Vendor shall (at EarnUp’s election) destroy or return to EarnUp all Data and Personal Information (including all copies of the Data) in its possession or control (including any Data subcontracted to a third party for processing).  This requirement shall not apply to the extent that Vendor is required by any EU (or any EU Member State) law to retain some or all of the Data, in which event Vendor shall isolate and protect the Data from any further processing except to the extent required by such law.

20.             Audit:  Vendor shall permit EarnUp (or its appointed third party auditors) to audit Vendor’s compliance with this Clause, and shall make available to EarnUp all information, systems and staff necessary for EarnUp (or its third party auditors) to conduct such audit. Vendor acknowledges that EarnUp (or its third party auditors) may enter its premises for the purposes of conducting this audit, provided that EarnUp gives it reasonable prior notice of its intention to audit, conducts its audit during normal business hours, and takes all reasonable measures to prevent unnecessary disruption to Vendor’s operations.  EarnUp will not exercise its audit rights more than once in any twelve (12) calendar month period, except (i) if and when required by instruction of a competent data protection authority; or (ii) EarnUp believes a further audit is necessary due to a Security Incident suffered by Vendor. Vendor shall also respond to any written audit questions submitted to it by EarnUp, provided that EarnUp shall not exercise this right more than once per year.   

21.             Indemnity:  Each party (the “Indemnifying Party”) shall indemnify the other (the “Indemnified Party”) from and against all loss, cost, harm, expense (including reasonable legal fees), liabilities or damage (“Damage”) suffered or incurred by the Indemnified Party as a result of the Indemnifying Party’s breach of the data protection provisions set out in this Clause, and provided that: (i) the Indemnified Party gives the Indemnifying Party prompt notice of any circumstances of which it is aware that give rise to an indemnity claim under this Clause; and (ii) the Indemnified Party takes reasonable steps and actions to mitigate any ongoing Damage it may suffer as a consequence of the Indemnifying Party’s breach.

Enforceability: Any provision of this Exhibit B that is prohibited or unenforceable under the applicable Data Protection Legislation shall be ineffective to the extent of such prohibition or unenforceability without invaliding the remaining provisions hereof. The parties will attempt to agree upon a valid and enforceable provision that is a reasonable substitute and shall then incorporate such substitute provision into this Addendum.