Customer Terms and Conditions

Last Updated: Feb 28, 2024

FINDIGS INC. (“FINDIGS”) PROVIDES THE SERVICES (AS DEFINED BELOW) SOLELY ON THE TERMS AND CONDITIONS SET FORTH IN THIS TERMS & CONDITIONS (THIS “AGREEMENT”) AND ON THE CONDITION THAT CUSTOMER (“YOU” OR “CUSTOMER”) ACCEPTS AND COMPLIES WITH SUCH TERMS AND CONDITIONS. PLEASE READ THIS AGREEMENT CAREFULLY. BY CLICKING “I ACCEPT” ON AN ORDER FORM, BY EXECUTING OR SUBMITTING ANY ORDER FORM (AS DEFINED BELOW), OR BY ACCESSING OR USING THE SERVICES IN ANY MANNER, YOU: (A) ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTAND, AND AGREE TO BE BOUND BY ANY SUCH ORDER FORM, BY THIS AGREEMENT AND BY SUCH OTHER TERMS, CONDITIONS, POLICIES, AND DOCUMENTS THAT MAY BE INCORPORATED HEREIN BY REFERENCE; (B) AFFIRM THAT YOU ARE AT LEAST 18 YEARS OF AGE (OR HAVE REACHED THE AGE OF MAJORITY IN THE JURISDICTION WHERE YOU RESIDE); AND (C) IF YOU ARE ACCEPTING THESE TERMS ON BEHALF OF A COMPANY OR OTHER ORGANIZATION, REPRESENT AND WARRANT THAT YOU HAVE THE ORGANIZATIONAL AND LEGAL AUTHORITY TO ACCEPT THESE TERMS ON SUCH COMPANY’S OR OTHER ORGANIZATION’S BEHALF AND TO BIND SUCH COMPANY OR ORGANIZATION.

Definitions

The following terms have the following meanings when used in the Agreement:

“Applicant” means any prospective applicant, applicant, or current renter using Findigs Services in connection with a property owned or managed by Customer.

“Applicant Data” means all data submitted by or about Applicant to Findigs.

“Applicant Screening Reports” or “Reports” means any reports provided to Customer through provision of the Services for the purpose of screening and verification of Applicants to rent a property owned or managed by Customer.

“Documentation” means any manuals, documentation, and other supporting materials related to the Services that Findigs provides to Customer or that Customer can access under this Agreement. Documentation is considered part of the Services.

“Effective Date” means the date specified in the applicable Order Form.

“Findigs Data” means all data collected by Findigs through or related to the operation of the Services, Applicant Data, Applicant Screening Reports, and Applicant’s and Customer’s use thereof, including but not limited to performance and usage metrics and analysis.

“Findigs Screening” means Findigs’ Applicant screening service, including the Property Manager Dashboard and application experience provided to Applicants on behalf of Customer in accordance with the SOP that must provided by Customer during onboarding.

“Findigs Fees” means Findigs’ Applicant screening service, including the Property Manager Dashboard and application experience provided to Applicants on behalf of Customer in accordance with the SOP that must provided by Customer during onboarding.

“Property Manager Dashboard” means the online Findigs portal and related tools that Findigs makes available to Customer to access Customer Services and manage Applicant workflow processes.

"Services" means the online services related to Applicant screening and Applicant workflow management provided by Findigs to or on behalf of Customer as provided for in an Order Form, together with any applicable Documentation. For the avoidance of doubt, “Services'' includes, without limitation, Applicant Screening Reports, Findigs Screening, the Property Manager Dashboard, DecisionAssist, Pet Verification, and SDA, each as described herein.

SOP means a set of rules provided to Findigs by the Customer that controls how the Report content, including, but not limited to credit and criminal records, is filtered, categorized, and/or displayed on a Report.

“Authorized User” means an individual who is authorized by Customer to use the Services, for whom Customer has ordered the Services, as specified in the Order Form, or who signs up for the Services using a Customer email address.

1. Services

This Agreement shall be incorporated into and form a part of each Order Form upon mutual execution of such Order Form. For each Order Form, Findigs grants Customer a nonexclusive, limited, nonsublicensable, nontransferable right and license to access and use the Findigs Services during the applicable Order Form Term, as defined in the Order Form, solely for Customer’s internal business purposes only as provided in this Agreement or an applicable Order Form.

1.1 • Customer Services

Some of the Services may be provided by third parties ("Third Party Service Providers"). These Services may be subject to additional terms entered into between Customer and the Third Party Service Provider. Findigs will have no liability to Customer for the provision of Services by Third Party Service Providers.

1.1.1 • Findigs Screening

If Customer enables Findigs Screening pursuant to an applicable Order Form, the maintenance of Applicant screening criteria and determinations about an Applicant’s eligibility shall be made in accordance with Customer’s SOP. Findigs Screening may include, as applicable and only in accordance with the direction provided by Customer, remittance of adverse action notices, an individualized assessment, and consideration of any mitigating information or appeals presented by or on behalf of an Applicant as req. Findigs is acting as an intermediary reseller and is solely requesting consumer reports at the direction of, on behalf of, and as an agent of Customer. For the avoidance of doubt, Customer is responsible for all final decision making regarding Applicants.

1.1.2 • DecisionAssist

If Customer enables DecisionAssist (“DecisionAssist”), Customer delegates to Findigs, and Findigs shall provide to Customer, automated workflow services for an Applicant in accordance with Customer’s SOP to enhance Findigs Screening. For the avoidance of doubt, Customer is responsible for all final decision making regarding Applicants.

1.1.3 • Pet Verification

If Customer enables Pet Verification service, Findigs will use commercially reasonable efforts to collect and verify the required information from or concerning the prospective Applicant’s animal in accordance with Customer’s SOP and applicable laws and industry practices.

1.1.4 • Reporting

Findigs will provide standard analytics information for Customer as part of the Services as defined in Findigs standard data feed. If Customer requires additional reporting, Findigs and Customer may review Customer’s requirements and mutually agree upon the provision of additional reports at an additional charge.

1.2 • Renter Services

Findigs may facilitate certain other services provided directly to Applicants through third-parties ("Renter Services"), including but not limited to credit reporting and identity verification services. Renter Services may be subject to additional terms entered into by Findigs and/or such third parties and the Applicant. Findigs reserves the right to offer Renter Services directly to Applicants. Findigs will have no liability to Customer for the provision of Renter Services.

2. Customer's Use of the Services

2.1 • Account Creation

In addition to entering into this Agreement and an associated Order Form, each Authorized User must create an account before accessing the Property Manager Dashboard. The Order Form will specify the fees and Services that apply.

2.2 • Customer’s Responsibilities

Customer will (a) be responsible for Authorized Users’ compliance with this Agreement, including Exhibit A which is incorporated herein by reference, (b) use commercially reasonable efforts to prevent unauthorized access to or use of the Services and notify Findigs promptly of any such unauthorized access or use, (c) use the Services only in accordance with the Documentation and all applicable laws and regulations, including, without limitation, applicable export control laws and regulations of the United States and other jurisdictions, and (d) maintain a website privacy policy in compliance with all applicable laws and regulations. Additionally, Customer represents, warrants and covenants that it will not use Applicant Data for any purpose other than screening potential Applicants for renting a property owned or managed by Customer. Customer is responsible for all activities conducted on its account or its Authorized Users’ accounts. Customer hereby consents to provide to Findigs any relevant books and records as needed to comply with (a) upstream consumer reporting agency requirements, (b) Findigs’ requirements, or (c) applicable law, within ten (10) business days of Findig’s request, unless an expedited response is required by Findigs. No more than once per calendar year, Customer shall be subject to remote and / or onsite assessments of its information security controls and compliance by Findigs or its agent; provided, however that (a) Findigs provides reasonable prior notice of any such request for an audit and such inspection shall not be unreasonably disruptive to Customer’s business; (b) such assessment shall only be performed during business hours and occur no more than once per calendar year; and (c) such audit shall be restricted to data relevant to Findigs. Customer further acknowledges that access requirements may change from time to time and Customer agrees that its continued compliance with such updated requirements may be a condition precedent for continued service to Customer. Findigs will have no liability to Customer or to any Applicant or other person or entity regarding: (i) the decision of whether or not to rent property to a particular Applicant, provided that if the Services specified in an Order Form include DecisionAssist, Findigs shall perform such Services in material accordance with the SOP; (ii) any rental or failure to rent, to any Applicant; (iii) the terms of such rental, or (iv) the accuracy or results of the Pet Verification service.

2.3 • Unit Count

Customer represents and warrants that the number of units specified in the applicable Order Form (“Unit Count”) is accurate as of the beginning of each Term. In the event Customer’s Unit Count increases during the Term, Customer will be responsible for any additional fees associated with such increase.

2.4 • Restrictions

Customer will not, directly or indirectly, itself or through an agent, Authorized User, or third party (a) make the Services available to, or use the Services for the benefit of, anyone other than Customer, Applicants, or Authorized Users, (b) sell, resell, license, sublicense, distribute, rent, or lease the Services, or include the Services in a service bureau or outsourcing offering, (c) use the Services to store or transmit infringing, libelous, unlawfully threatening or harassing, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights, (d) use the Services to store or transmit malicious code, (e) interfere with or disrupt the integrity or performance of the Services or any third-party data contained therein, (f) attempt to gain unauthorized access to the Services or any related systems or networks, (g) permit direct or indirect access to or use of the Services in a way that circumvents a contractual usage limit, (h) copy the Services or any part, feature, function, or user interface thereof, (i) frame or mirror any part of the Services, other than framing on Customer’s own intranets or otherwise for Customer’s own internal business purposes or as permitted in the Documentation, (j) access the Services in order to build a competitive product or service, (k) reverse engineer, disassemble, or decompile the Services, (l) use or store the Services outside of the United States, or (m) allow access to the Services through terminals located outside of Customer’s operations.

2.5 • Updates

From time to time, Findigs may provide upgrades, patches, enhancements, or fixes for the Services to its customers generally without additional charge (“Updates”), and such Updates will become part of the Services and subject to this Agreement; provided that Findigs shall have no obligation under this Agreement or otherwise to provide any such Updates. Customer understands that Findigs may make improvements and modifications to the Services at any time in its sole discretion.

2.6 • Third Party Services

Customer acknowledges and agrees that the Service may operate on, with or using application programming interfaces (APIs) and/or other services operated or provided by third parties (“Third Party Services”), including without limitation through integrations or connectors to such Third Party Services that are provided by Findigs. Findigs is not responsible for the operation of any Third Party Services nor the availability or operation of the Services to the extent such availability and operation is dependent upon Third Party Services. Customer is solely responsible for procuring any and all rights necessary for it to access Third Party Services (including any Applicant Data, Customer Data, or other information relating thereto) and for complying with any applicable terms or conditions thereof. Findigs does not make any representations or warranties with respect to Third Party Services or any third party providers. Any exchange of data or other interaction between Customer and a third party provider is solely between Customer and such third party provider and is governed by such third party’s terms and conditions.

3. Customer Certifications and Acknowledgements

3.1 • Use of Applicant Screening Reports

Customer represents and warrants that it will not use Applicant Screening Reports made available through Findigs for any purpose other than screening potential Applicants for renting a property owned or managed by Customer. Neither Customer nor its Authorized Users, employees, or agents will request Reports relating to themselves, their families, friends, or associates or request Reports on other persons other than in the exercise of their official duties and as permitted by this Agreement and applicable law. Customer is responsible for initiating or directing the remittance of an adverse action notice and any other notice required by applicable laws and regulations resulting from its use of Applicant Screening Reports. Customer acknowledges and agrees that all decisions of whether or not to rent property to a particular Applicant, as well as the terms of any such rental, maintenance of screening criteria, matching of Applicant identity to report information before taking adverse action, application of individualized assessments, and consideration of appeals or mitigating information will be made by Customer.

3.2 • Customer Certifications and Acknowledgements

Customer acknowledges it has received and understands its obligations under the Notice to Users of Consumer Reports, Obligations of Users, Summary of Your Rights Under the Fair Credit Reporting Act, and the Identity Theft Summary of Rights.

3.3 • California Customers

3.3.1

Customer represents, warrants, and certifies it will comply with all applicable provisions of the California Credit Reporting Agencies Act and the California Investigative Consumer Reporting Agencies Act as applicable, including but not limited to, providing a disclosure to the consumer that an investigative consumer report may be obtained about them, obtaining the consumer’s written authorization to do so prior to requesting any Services, and providing a conforming Adverse Action Notice where required.

3.3.2

Customer represents, warrants, and certifies that (a) Customer is NOT a “retail seller” (as defined in Section 1802.3 of the California Civil Code), and (b) Customer does NOT issue credit to California residents who appear in person on the basis of applications for credit submitted in person. Customer further certifies that it will notify Findigs in writing 30 days PRIOR to becoming a retail seller or engaging in point of sale transactions with respect to California residents.

3.4 • Massachusetts Customers

To the extent Customer is requesting Massachusetts iCORI information: (i) Customer notified the Consumer in writing of, and received permission via a separate authorization for Findigs to obtain and provide CORI information to Customer; (ii) Customer is in compliance with all federal and state credit reporting statutes; and (iii) Customer will not misuse any CORI information provided in violation of federal or state equal employment opportunity laws or regulations.

3.5 • Vermont Customers

Customer certifies that, in accordance with the Vermont Fair Credit Reporting Statute, 9 V.S.A. § 2480a (2016), as amended (the “VFCRA”), it will comply with applicable provisions under Vermont law. In particular, Customer certifies that it will order information services relating to Vermont residents, that are credit reports as defined by the VFCRA, only after Customer has received prior consumer consent in accordance with VFCRA § 2480e and applicable Vermont Rules. Customer further certifies that a copy of VFCRA § 2480e was received during Customer Onboarding.

3.6 • Workflow Design Certification

Customer expressly acknowledges and agrees that it is responsible for determining if its use of the system, Services, Reports, and data offered by and through the Services is compliant with Customer’s responsibilities under all applicable federal and state laws, regulations, and ordinances, including but not limited to the Gramm-Leach-Bliley Act, (P.L. 106-102 Title V, Subtitle A) and the Federal Fair Credit Reporting Act, 15 U.S.C. 1681 et. seq., as amended (the “FCRA”), including the timing of any request for, and use of, information contained in Reports delivered by Findigs, and that Findigs makes no representation that Customer’s use of the Services is compliant with such applicable laws.

3.7 • Criminal and Eviction History Information

Due to the nature of public records, Customer acknowledges there will be instances where, either: (1) no identifying information is reported to match the Applicant on which a Report is sought, but the Applicant does in fact have public record information; or (2) identifying information appears to match the Applicant on which a Report is sought, but such information may not pertain to the Applicant. Customer certifies that Customer shall conduct an independent verification of the information contained in any Report provided to ensure that the Report pertains to the Applicant before Customer takes any adverse action against the Applicant.

3.8 • Customer Adjudications

Customer acknowledges and agrees that any messages to be returned on Reports (whether by default or otherwise) regarding criminal records, including but not limited to when arrest records are found that do not meet the criteria established by the Customer, are the outcome of Customer’s screening requirements and policy. Customer is solely responsible for any decisions it makes based on such requirements and policy as well as any Reports provided by Findigs and/or its affiliates to the extent based on such message. Any communication with the Applicant concerning Customer’s decision to decline the application (1) shall state that the decision is a consequence of the Applicant not meeting Customer’s internal policy rules and (2) shall not name Findigs as a source for implementation of Customer’s internal policy rules. Any claim made against Findigs and/or any of its affiliates related to any screening outcome provided by Findigs based upon Customer’s screening requirement or policy and/or any decision by Customer regarding the provision of housing services shall be subject to the Customer’s indemnification obligations set forth in in Section 8.2 below.

3.9 • General Obligations on the Use of Reports

Customer agrees that it shall use the Reports for a one-time use, shall hold the report in strict confidence, and will not disclose it to any third parties that are not involved in an Applicant screening decision, except if required by law or other legal responsibility. Customer may share the Report or portions thereof with a third party for legal, contractual or audit requirements, provided Customer first obtains a written certification from the third party that the third party will comply with applicable laws and any data, storage or confidentiality provisions contained herein prior to disclosing the Report, except where such sharing is required under applicable portability law.

3.10 • Retention of Documents

All written consumer authorizations required by this Agreement or by applicable law, along with all adverse action letters provided to consumers, consumer applications, and copies of government-issued identification needed to verify the identity of the Applicant, shall be retained by Customer for a reasonable period of time, but not less than five (5) years, and evidence of such documents shall be made available for inspection by Findigs, its third-party data vendors, or its designee upon demand.

3.11 • Security and Incident Notification

Customer shall implement and maintain a comprehensive information security program written in one or more readily accessible parts and that contains administrative, technical, and physical safeguards that are appropriate to the Customer’s size and complexity, the nature and scope of its activities, and the sensitivity of the information provided to the Customer by Findigs. Such safeguards shall include the elements set forth in 16 C.F.R. § 314.4 and shall be reasonably designed to (i) insure the security and confidentiality of the information provided through Findigs, (ii) protect against any anticipated threats or hazards to the security or integrity of such information, and (iii) protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any consumer. In the event of a suspected reportable security incident, Customer shall immediately notify Findigs in writing and comply with all compliance requirements of applicable law. Furthermore, in the event of a reportable security incident involving Findigs Reports due to the fault or negligence of Customer’s Authorized Users, employees, agents and/or representatives, Customer shall directly notify the affected consumers and the appropriate authorities and/or agencies and provide free credit monitoring to the consumers that were affected by such breach. Findigs reserves the right to step in and take over Customer’s obligations under this paragraph and Customer agrees to indemnify Findigs for the undertaking of such obligations. Findigs shall implement and maintain a comprehensive security program in accordance with the Exhibit B, attached hereto and incorporated herein by reference.

3.12 • NOTICE OF PENALTY UNDER THE FCRA

The FCRA and Title 18 of the U.S. Code impose criminal penalties – including a fine, up to two years in prison, or both – against anyone who knowingly and willfully obtains information on a consumer from a consumer reporting agency under false pretenses, and other penalties for anyone who obtains such consumer information without a permissible purpose.

3.13 • Title

Findigs and its licensors own all rights, title, and interest in and to the Services, including accounts established by or for Applicants, whether in operation as of the date of this agreement or later developed. Customer’s rights to the Services are limited to the rights expressly granted to Customer in Section 2 of this Agreement. If Customer provides any ideas, feedback, or suggestions regarding any of Findigs’ products or Services (“Feedback”) Customer shall, and hereby does, grant to Findigs a nonexclusive, worldwide, perpetual, irrevocable, transferable, sublicensable, royalty-free, fully paid up license to use and exploit the Feedback for any purpose. Findigs reserves all rights not expressly granted in this Agreement.

4. Term and Termination

4.1 • Term

This Agreement is effective as of the Effective Date and will continue for a 12-month period (“Initial Term”) unless otherwise specified in an applicable Order Form. The Agreement will auto-renew for successive twelve (12) month periods (each a “Renewal Term” and the Initial Term and Renewal Terms together, the “Term”) unless terminated in accordance with this section.

4.2 • Termination

4.2.1 • Termination for Convenience

Either party may terminate this Agreement and any Order Forms or Statements of Work by providing written notice to the other party at least sixty (60) days prior to the effective date of such termination (“Transition Period”).

4.2.2 • Termination for Breach

Either party may immediately terminate this Agreement if the other party breaches any material term of this Agreement and, if such breach is capable of cure, the breaching party fails to cure such breach within twenty (20) days of written notice thereof.

4.2.3 • Effect of Termination

Upon termination or expiration of this Agreement (a) the Initial or Renewal Term and any applicable Order Form Term(s) shall end; (b) all rights to use the Services granted to Customer hereunder shall immediately terminate. Customer may download applicable Customer Data and Applicant Screening Reports from the Findigs Portal during the Transition Period; (c) Findigs will disable Customer and all Authorized User access to the Services and may delete Customer Data and Applicant Screening Reports as of the date of termination; and (d) any ongoing assistance that Customer requires following the termination of this Agreement will be subject to additional fees and terms and conditions. Notwithstanding the foregoing, Customer acknowledges and agrees that within sixty (60) days’ of the date of termination (the “Export Period”), Customer may export Customer Data and Applicant Screening Reports from the Property Manager Dashboard and, following the expiration of the Export Period, Findigs shall have no obligation to provide any export of Customer Data and Applicant Screening Reports. Those provisions of this Agreement that by their terms or sense are intended to survive termination or expiration of this Agreement will survive and remain in full force and effect, including, without limitation, Sections 1, 3, 4, 5, 6, 7, 8, 9, 10, 12, and 13.

4.3 • Change of Address or Ownership

Customer shall provide notice within ten (10) business days of any change in its mailing address or physical location(s). Customer represents and warrants that it has the full power and authority to bind itself to every obligation of Customer under this Agreement, and Customer shall abide by, and be subject to, this Agreement and any amendment thereto. Notwithstanding the foregoing, Customer shall provide thirty (30) days’ written notification to Findigs in the event of any anticipated change in ownership or control (including any change in control pursuant to a management contract) of Customer authorized to receive Services hereunder. Notwithstanding any change of ownership or control, Customer agrees to remain fully liable for the use of the Services and for all fees incurred in connection with the Services accessed under Customer’s authorized access, including access through Authorized Users’ accounts, until written notification is provided to Findigs and Findigs provides written confirmation of receipt. Customer understands that Customer may be required to credential any new entity, owners, or control persons of such new entity and that Services are not guaranteed to be made available by Findigs to any successor.

5. Fees

5.1 • Application Fee

Customer appoints Findigs as its agent to accept payments by or on behalf of Applicant in conjunction with the Services (“Application Fee”) as set forth in the applicable Order Form. Customer is responsible for compliance related to fee-related disclosures, refunds, and calculations for the Application Fee. Findigs will retain the Findigs Fees as set forth in the Order Form and shall remit the balance of the Application Fee to Customer (“Customer Fee”). In the event that the Application Fee established by Customer is less than the fee charged to Applicant, Findigs shall invoice Customer for the difference and Customer shall pay in accordance with Section 5.5 of the Agreement.

5.2 Additional Applicant Screening Reports

In the event that Customer exceeds the number of subscribed Applicant Screening Reports (as set forth in the Order Form), Findigs shall remit an invoice to Customer for the additional Applicant Screening Reports and Customer shall pay in accordance with Section 5.5 of the Agreement.

5.3 • Implementation Fee.

If agreed upon by Customer and Findigs in an applicable Order Form, Customer will pay Findigs an implementation fee. Findigs shall remit an invoice to Customer as set forth in the Order Form and Customer shall pay in accordance with Section 5.5 of the Agreement.

5.4 • Pet Verification Fee.

If Customer has enabled Pet Verification, Findigs will charge Applicant the applicable Pet Verification fee set forth in the Order Form. Findigs may change the Pet Verification fee at any time in its sole discretion.

5.5 • Customer Payment Obligations.

Customer agrees to pay all Findigs Fees set forth in the applicable Order Form or any applicable invoice in accordance with the payment terms therein. Customer will send payment thirty (30) days from receipt of invoice. If Findigs cannot charge Customer’s selected payment method for any reason (such as expiration or insufficient funds), Customer remains responsible for any undisputed uncollected amounts. If Customer fails to make any payment when due, late charges will accrue at the rate of 1.5% per month or, if lower, the highest rate permitted by applicable law and Findigs may suspend the Services until all payments are made in full. Customer will reimburse Findigs for all reasonable costs and expenses incurred (including reasonable attorneys’ fees) in collecting any late payments or interest.

6. Confidentiality

For the purposes of this Agreement, “Confidential Information” means any business or technical information that either party discloses to the other party, in writing, orally, or by any other means, that should reasonably have been understood by the receiving party due to “confidential” and similar markings, the circumstances of disclosure, or the nature of the information itself, to be proprietary and confidential to the other party, including, without limitation, computer programs, code, algorithms, data, know-how, formulas, processes, ideas, inventions (whether patentable or not), schematics and other technical, business, financial, and product development plans, names and expertise of employees and consultants, and customer lists. Neither party will use the other party’s Confidential Information, except as permitted under this Agreement. Each party agrees to maintain in confidence and protect the other party’s Confidential Information using at least the same degree of care as such party uses for its own information of a similar nature, but in all events at least a reasonable degree of care. Each party agrees to take all reasonable precautions to prevent any unauthorized disclosure of the other’s Confidential Information, including, without limitation, disclosing Confidential Information only to such party’s employees, independent contractors, consultants and legal and financial advisors (collectively, “Representatives”) (a) with a need to know such information, (b) who are parties to appropriate agreements sufficient to comply with this Section 6, and (c) who are informed of the nondisclosure obligations imposed by this Section 6. Each party will be responsible for all acts and omissions of its Representatives. The foregoing obligations will not restrict either party from disclosing Confidential Information of the other party pursuant to the order or requirement of a court, administrative agency or other governmental body, provided that the party required to make such a disclosure gives reasonable notice to the other party to enable them to contest such order or requirement. The restrictions set forth in this Section 6 shall remain in effect during the Term, and for 5 years thereafter. The restrictions set forth in Section 6 will not apply with respect to any Confidential Information that: (i) was or becomes publicly known through no fault of the receiving party; (ii) was rightfully known or becomes rightfully known to the receiving party without confidential or proprietary restriction from a source other than the disclosing party who has a right to disclose it; (iii) is approved by the disclosing party for disclosure without restriction in a written document which is signed by a duly authorized officer of such disclosing party; or (iv) the receiving party independently develops without access to or use of the other party’s Confidential Information.

7. Data

7.1 • Findigs Data

Findigs owns all right, title and interest in and to all Findigs Data; provided, however, that Customer shall retain all right, title and interest in and to the Customer Data in accordance with Section 7.2.

7.2 • Customer Data

“Customer Data” means all property data or information submitted by Customer to Findigs through the Services. Customer grants Findigs a nonexclusive, fully paid-up, royalty free, sublicensable, transferable right and license to use, display, modify, copy, translate, transcribe, reproduce, distribute, create derivative works, and process Customer Data during the applicable Order Form Term in connection with the Services and Findigs’ business. Customer, not Findigs, shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness, and intellectual property ownership or right to use of all Customer Data and Customer acknowledges and agrees that Findigs shall have no liability with respect to the foregoing. Customer represents and warrants that it has all rights necessary to provide the Customer Data to Findigs as contemplated hereunder, in each case without any infringement, violation or misappropriation of any third party rights (including, without limitation, intellectual property rights and rights of privacy). Findigs is not responsible to Customer for unauthorized access to Customer Data or the unauthorized use of the Services. Customer is responsible for the use of the Services by any person to whom Customer has given access to the Services, even if Customer did not authorize such use. Except as provided for in this Agreement or an applicable Order Form, Findigs will not disclose Customer Data to any third party in a manner that identifies Customer without Customer’s consent other than (i) to Findigs’ third party service providers who use it for the benefit of Findigs or as required to provide Customer the Services; or (ii) as may be required by applicable law or legal process. Notwithstanding anything to the contrary, Customer acknowledges and agrees that Findigs may (a) internally use and modify (but not disclose) Customer Data for the purposes of generating Aggregated De-Identified Data (as defined below), and (b) freely use, retain and make available Aggregated De-Identified Data for Findigs’ business purposes (including without limitation, for purposes of improving, testing, operating, promoting and marketing Findigs’ products and services). “Aggregated De-Identified Data” means data submitted to, collected by, or generated by Findigs in connection with Customer’s use of the Service, but only in aggregate, de-identified form which does not identify Customer.

8. Indemnification

8.1 • Mutual Indemnification Obligation

Each party (the “Indemnifying Party”) shall indemnify, defend and hold harmless the other party and its parent companies, subsidiaries, affiliates, shareholders, member, manager, officers, directors, employees, agents and representatives (as applicable, the “Indemnified Parties”) from and against any and all third party claims, costs, proceedings, demands, losses, damages, and expenses (including, without limitation, reasonable attorney’s fees and legal costs, which will be reimbursed as incurred) of any kind or nature (“Losses”), arising from or relating to, any actual or alleged breach of any of the Indemnifying Party’s representations, warranties or covenants in this Agreement or the Indemnifying Party’s negligence or misconduct. For the avoidance of doubt, the indemnification obligations under this section do not apply to the Services provided in connection with DecisionAssist unless Findigs has acted in clear violation of Customer’s applicable SOP.

8.2 • Customer's Indemnification Obligation

Customer shall indemnify, defend and hold harmless the Findigs Indemnified Parties from and against any and all third party Losses arising from or relating to, (a) Customer’s violation of this Agreement; (b) an allegation of Customer’s non-compliance with applicable laws, including but not limited to, consumer reporting and Applicant screening laws, the FCRA, Americans with Disabilities Act and the Fair Housing Act; (c) Customer Data or Applicant Data provided by or on behalf of Customer; or (d) (i) Customer’s decision of whether or not to rent property to a particular Applicant; (ii) any rental or failure to rent, to any Applicant; or (iii) the terms of such rental.

8.3 • Findigs' Indemnification Obligation

Findigs shall indemnify, defend and hold harmless the Customer Indemnified Parties from and against any and all third party Losses arising from or relating to an allegation that Customer’s use of the Services as permitted under this Agreement infringes a patent, copyright, or trademark or misappropriates a trade secret of any third party (each, an “Infringement Claim”).

8.3.1 • Exclusions

Customer understands that Findigs has no obligation to indemnify Customer for any Infringement Claim that is based on (a) modification of the Services by any party other than Findigs; (b) Customer’s use of the Services other than as authorized by this Agreement and the Documentation; (c) Customer’s failure to use updated or modified Services that Findigs makes available to Customer that would have avoided or mitigated the Infringement Claim; (d) Customer’s failure to stop using the Services after receiving written notice to do so from Findigs in order to avoid further infringement or misappropriation; or (e) the combination, operation, or use of the Services with equipment, devices, software, systems, or data that Findigs did not supply.

8.3.2 • Right to Ameliorate Damages

If Customer’s use of the Services is, or in Findigs’ reasonable opinion is likely to be, subject to an Infringement Claim under Section 8.3, Findigs may, at its sole option and at no charge to Customer (and in addition to Findigs’ indemnity obligation to Customer in Section 8.3): (a) procure for Customer the right to continue using the Services; (b) replace or modify the Services so that it is non-infringing and substantially equivalent in function to the original Services; or (c) if options (a) and (b) above are not commercially practicable in Findigs’ reasonable estimation, Findigs can terminate this Agreement and all licenses granted hereunder (in which event, Customer will immediately stop using the Services) and refund the fees for the Services that Customer pre-paid for the remainder of the then-current Term.

8.3.3 • Sole Remedy

This Section 8 sets forth Findigs’ sole and exclusive obligations, and Customer’s sole and exclusive remedies, with respect to claims of infringement or misappropriation of third party intellectual property rights.

8.4 • Indemnification Procedure

The Indemnifying Party may not settle any indemnified claim against the Indemnified Parties unless the settlement unconditionally releases Indemnified Parties of all liability. The Indemnified Parties, at the Indemnified Parties’ expense, may undertake and control the defense of any indemnified claim in the event of the material failure of the Indemnifying Party to undertake and control the same. Subject to Section 10, the Indemnifying Party will pay all damages and costs (including reasonable legal fees) finally awarded by a court of final appeal attributable to such indemnified claim, provided that the Indemnified Parties notify the Indemnifying Party in writing of any such indemnified claim as soon as reasonably practicable and allows the Indemnifying Party to control, and reasonably cooperates with Indemnifying Party in the defense of, any such indemnified claim and related settlement negotiations.

9. Representations and Warranties; Disclaimer

9.1 • Findigs Representations and Warranties

Findigs represents and warrants that the Services will be performed in a good, workmanlike manner in accordance with generally accepted industry standards. For any breach of the foregoing warranty, Customer’s exclusive remedy and Findigs’ entire liability shall be, at Findigs’ discretion, as applicable: (a) reperformance of the Services; or (b) if Findigs cannot substantially correct such breach, Findigs may terminate the relevant Order Form and refund to Customer any fees Customer has paid to Findigs for the deficient Services.

9.2 • Mutual Representations and Warranties

Each party represents and warrants that (a) it has the legal right and authority to enter into this Agreement and to perform its obligations under this Agreement; and (b) it will comply with all applicable laws and regulations in its performance, in the case of Findigs, and use, in the case of Customer, of the Services.

9.3 • Disclaimer

EXCEPT AS EXPRESSLY SET FORTH HEREIN, FINDIGS PROVIDES THE SERVICES ON AN “AS IS”, “AS AVAILABLE” BASIS. TO THE EXTENT PERMITTED BY LAW, FINDIGS AND ITS SUPPLIERS AND LICENSORS DISCLAIM ALL OTHER REPRESENTATIONS AND WARRANTIES OF ANY KIND, EXPRESS, STATUTORY OR IMPLIED, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, CUSTOM, TRADE, COURSE OF DEALING, QUIET ENJOYMENT, NONINFRINGEMENT, AVAILABILITY OR ACCURACY OF INFORMATION. FINDIGS DOES NOT WARRANT THAT THE SERVICES WILL BE AVAILABLE, WILL MEET CUSTOMER’S REQUIREMENTS OR WILL OPERATE IN AN UNINTERRUPTED, ERROR-FREE OR COMPLETELY SECURE MANNER OR THAT ERRORS OR DEFECTS WILL BE CORRECTED. FINDIGS DOES NOT MAKE ANY REPRESENTATIONS, WARRANTIES, OR CONDITIONS REGARDING THE USE OR THE RESULTS OF THE USE OF THE SERVICES, IN TERMS OF THEIR ACCURACY, RELIABILITY, TIMELINESS, COMPLETENESS, OR OTHERWISE. FINDIGS MAKES NO REPRESENTATIONS OR WARRANTIES ABOUT THE LEGALITY OR PROPRIETY OF THE USE OF THE SERVICES IN ANY GEOGRAPHIC AREA. IN NO EVENT WILL FINDIGS HAVE ANY LIABILITY FOR EVENTS OR CAUSES BEYOND ITS REASONABLE CONTROL.

10. Limitation of Liability

TO THE EXTENT PERMITTED BY LAW, IN NO EVENT SHALL EITHER PARTY OR ANY OF THEIR SUPPLIERS OR LICENSORS HAVE ANY LIABILITY TO THE OTHER PARTY FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING FOR LOSS OF PROFIT, REVENUE, OR DATA) ARISING OUT OF OR IN CONNECTION WITH THE SERVICES OR THIS AGREEMENT, HOWEVER CAUSED, AND UNDER WHATEVER CAUSE OF ACTION OR THEORY OF LIABILITY BROUGHT (INCLUDING UNDER ANY CONTRACT, NEGLIGENCE, OR OTHER TORT THEORY OF LIABILITY) EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. TO THE EXTENT PERMITTED BY APPLICABLE LAW, FINDIGS’ TOTAL CUMULATIVE LIABILITY TO CUSTOMER OR ANY THIRD PARTY ARISING OUT OF OR IN CONNECTION WITH THE SERVICES OR THIS AGREEMENT, FROM ALL CAUSES OF ACTION AND ALL THEORIES OF LIABILITY, WILL BE LIMITED TO AND WILL NOT EXCEED LESSER OF (I) THE FEES PAID OR PAYABLE BY CUSTOMER TO FINDIGS FOR THE 2 MONTHS PRECEDING THE CLAIM OR (II) FIVE-THOUSAND DOLLARS ($5,000). THE PARTIES AGREE THAT THIS SECTION 10 REPRESENTS A REASONABLE ALLOCATION OF RISK.

11. Marketing

Findigs may reproduce and use Customer's name and/or logo for the sole purpose of indicating the existence of a customer relationship between Customer and Findigs. Any other use of Customer's name or logo will require Customer's prior written consent.

12. Governing Law and Arbitration

This Agreement shall be governed by and construed in accordance with the laws of the State of New York, excluding its conflicts of law rules. Any controversy or claim arising out of or relating to this contract, or the subject matter or breach thereof, shall be settled by arbitration administered in English and in New York, New York, in accordance with the Streamlined Arbitration Rules and Procedures of Judicial Arbitration and Mediation Services, Inc. (“JAMS”) then in effect, by one commercial arbitrator with substantial experience in resolving intellectual property and commercial contract disputes, who shall be selected from the appropriate list of JAMS arbitrators in accordance with such Rules. Judgment on the award rendered by the arbitrator may be entered in any court having jurisdiction thereof. Notwithstanding the foregoing obligation to arbitrate disputes and regarding exclusive jurisdiction and venue, Findigs shall have the right to pursue injunctive or other equitable relief any time, from any court of competent jurisdiction.

13. Miscellaneous

13.1 • Relationship of the Parties

The parties shall at all times perform their respective obligations pursuant to this Agreement as independent contractors. The parties acknowledge that this is a business relationship based on express provisions of this Agreement and no partnership, joint venture, employment, agency, fiduciary, or other similar relationship is intended or created by this Agreement. Neither party is the legal representative or agent of, nor has the power or right to obligate, direct, or supervise the daily affairs of the other party, nor shall either party act or represent or hold itself out as such. The rights, duties, obligations, and liabilities of the parties shall be several and not joint, each party being individually responsible only for its obligations as set forth in this Agreement.

13.2 • Assignment

Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other party (not to be unreasonably withheld). Notwithstanding the foregoing, either party may assign this Agreement in its entirety, without consent of the other party, in connection with a merger, acquisition, corporate reorganization, financing in whole or in part, or sale of all or substantially all of its assets or equity. Subject to the foregoing, this Agreement shall bind and inure to the benefit of the parties, their respective successors and permitted assigns.

13.3 • Amendment; Waiver

No modification, amendment or waiver of any provision of this Agreement shall be effective unless in writing and signed or issued by Findigs. No failure or delay by either party in exercising any right, power or remedy under this Agreement, except as specifically provided herein, shall operate as a waiver of any such right, power or remedy.

13.4 • Force Majeure

Neither party will be responsible for any failure or delay in its performance under this Agreement due to causes beyond its reasonable control, including, without limitation, acts of God, strikes, lockouts, riots, acts of war, epidemics, government action, communication line failure, and power failures and any other similar or dissimilar causes.

13.5 • Notices

All notices between the parties shall be in writing and shall be deemed to have been given if personally delivered or sent by certified mail (return receipt requested), electronic mail or facsimile, to the other party’s current or last known address. Notices shall be deemed effective upon receipt if personally delivered, 3 business days after it was sent if by certified mail, or 1 business day after it was sent if by electronic mail or facsimile.

13.6 • Severability

If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, such provision shall be changed and interpreted so as to best accomplish the objectives of the original provision to the fullest extent allowed by law and the remaining provisions of this Agreement shall remain in full force and effect.

13.7 • Complete Understanding

This Agreement, including properly incorporated Order Form(s) and Documentation, constitutes the entire agreement and understanding of the parties with respect to the subject matter of this Agreement, and supersedes any and all prior understandings and agreements, whether oral or written, between the parties with respect to the subject matter of this Agreement.

13.8 • Electronic Signature

Each party agrees that the electronic signatures, whether digital or encrypted, of the parties included in this Agreement, if any, are intended to authenticate this writing and to have the same force and effect as manual signatures.

Exhibit A: Passthrough Terms

  1. Customer acknowledges that reports may contain information from the Death Master File as issued by the Social Security Administration. Because use of deceased flags or similar indicia is restricted to legitimate fraud prevention or business purposes, Customer will not take any adverse action against any consumer without further investigation to verify the information from the deceased flags or other indicia.
  2. Customer certifies that it will not use any of the identity verification product it receives through the One Footprint Inc. Services via LexisNexis to determine, in whole or in part an individual’s eligibility for rental housing. Customer may use such information to verify or authenticate an individual’s identity, or to prevent or detect fraud or other unlawful act.
  3. Customer acknowledges and understands that Findigs will only allow Customer access to the Services if Customer successfully fulfills any credentialing requirements.
  4. The parties agree that Incode will process Applicant Data in connection with the Services solely to perform its obligations under this Agreement. Notwithstanding the foregoing, Customer acknowledges and agrees that Incode may use the Applicant Data to (i) provide the Services and (ii) generate Incode Aggregated Anonymous Data for Incode’s business purposes (including without limitation, for purposes of improving, testing and operating Incode’s products and services). “Incode Aggregated Anonymous Data” means data submitted directly to, collected directly by, or generated by Incode in connection with Customer’s use of the Service that is aggregated and anonymized such that it cannot be reasonably linked to, or reasonably capable of being associated with, directly or indirectly, any individual person. Customer shall be solely responsible for requesting individuals the end-users’ consent for these purposes.

Exhibit B: Information Security Addendum

A. General

Findigs (“Company” “we” or “our”) believes that information is an extremely valuable asset that must be protected. Therefore, we have created and implemented an Information Security Program (the “Program”), as further described in this Information Security Addendum (the “Addendum”). The objective of the Program is the effective protection of personally identifiable and other sensitive information relating to Company’s company, customers, and business partners (collectively, “Sensitive Information”).

B. Definitions

For the purposes of this Addendum, the terms below have the following meanings whenever capitalized:

“Data Incident” means any unauthorized access to or acquisition, disclosure, use, or loss of Sensitive Information resulting from breach or compromise of Company Systems.

“Privacy and Security Requirements” means, to the extent applicable: (i) legal requirements (federal, state, local, and international laws, rules and regulations, and governmental requirements) related to the storage and collection of Sensitive Information; and (ii) generally accepted industry standards concerning privacy, data protection, confidentiality, or security of Sensitive Information.

“Security Coordinator” means a manager-level employee who is responsible for implementing, coordinating, and maintaining the Program, including without limitation the training of personnel, regular testing of the Program’s safeguards, and evaluation of third party service providers.

“Company Systems” means Company’s information technology systems and devices that store, process, and/or transmit Sensitive Information, including without limitation Company’s network, databases, computers, and mobile devices, to the extent applicable.

C. Sensitive Information

For clarity, Sensitive Information includes:

  1. Any information that personally identifies an individual (including, but not limited to, name, postal address, email address, telephone number, date of birth, Social Security number, driver’s license number, other government-issued identification number, financial account number, or credit or debit card number).
  2. All financial, business, legal, and technical information which is developed, collected, learned, or obtained by Company in the course of its business activities that would reasonably be understood to be confidential, including information belong to or pertaining to Company’s customers.

D. Security Program

Company shall create, implement, and maintain the Program to include reasonably appropriate administrative, technical, and physical safeguards to protect the confidentiality and security of Sensitive Information. Company shall also periodically review and update the Program, paying attention to developments in technology, Privacy and Security Requirements, and industry standard practices. Currently, protection for Company Systems includes:

  1. Authorized User authentication controls, including secure methods of assigning, selecting, and storing access credentials, restricting access to Authorized Users, and blocking access after a reasonable number of failed authentication attempts.
  2. Access controls and physical facility security measures, including controls that limit access to Sensitive Information to individuals that have a demonstrable genuine business need-to-know, supported by appropriate policies, protocols, and controls to facilitate access authorization, establishment, modification, and termination.
  3. Regular monitoring of Company Systems to prevent loss or unauthorized access to, or acquisition, use, or disclosure of, Sensitive Information.
  4. Technical security measures such as firewall protection, antivirus protection, security patch management, and intrusion detection.
  5. Ongoing training and awareness programs designed to ensure workforce members and others acting on Company’s behalf are aware of and adhere to the Program’s policies, procedures, and protocols.
  6. Ongoing adjustments to the Program based on periodic risk assessments, comprehensive evaluations (such as third-party assessments) of the Program, and monitoring and regular testing of the effectiveness of safeguards. Such review shall occur at least annually with additional review occurring whenever there is a material change in Company’s technical environment or business practices that implicate the security of Company Systems.

E. Access Control

  1. Company management provides guidance in creating a secure access environment by establishing access management policies, approving roles and responsibilities, and providing consistent coordination of security efforts across the company.
  2. Rights to use and access Company Systems are based on each Authorized User’s access privileges. Access privileges are granted on the basis of specific business need (i.e. a “need to know” basis) and are restricted to only those personnel who require such access to perform their job functions as determined by Company management.
  3. All Company resources, systems, and applications have access controls unless specifically designated as a public access resource.
  4. Physical access to locations where Sensitive Information is stored is restricted to personnel and service providers who require access in order to perform their designated job functions or services. Where possible, storage areas containing Sensitive Information are protected against potential destruction or damage from physical hazards such as fire or floods.
  5. Company’s employees, temps, contractors, consultants, and other workers including all personnel affiliated with third parties, are responsible for participating in maintaining secure access to Company Systems and for ensuring that Company adheres to its posted Privacy Policy.

F. System Monitoring and Protection

  1. Company reasonably monitors Company Systems for unauthorized use of or access to Sensitive Information.
  2. Company retains, either in-house or on a consultant basis, at least one technician to provide support and routine maintenance of Company Systems and to report any actual or attempted attacks or intrusions to Company.
  3. Malware protection software is installed on all computers storing Sensitive Information. At least once per year, all operating systems and applications are upgraded with any currently available security patches or other security-related enhancements available from their providers. To the extent that any personnel use home computers or remote access devices to conduct business, malware protection software is installed on such home computers or remote access devices.
  4. To the extent that personnel are supplied with remote access devices such as laptops and handheld wireless access devices, Company labels them and take inventory at least once per year.
  5. Sensitive Information stored on Company Systems is backed up on a regular basis.

G. Evaluation and Adjustment of the Program

  1. Company management shall periodically re-assess the reasonably foreseeable internal and external risks to the security and confidentiality of Sensitive Information.
  2. Company reserves the right to revise the conditions of this Program at any time. Adequate notification of updates will be provided to all personnel. Personnel are responsible for understanding or seeking clarification of any rules outlined in this document and for familiarizing themselves with the most current version of this Program.
  3. Company management will periodically evaluate and adjust the Program as appropriate to address: (a) the current risk assessment, management and control activities; (b) new risks or vulnerabilities identified by Company top management using the standards set forth above; (c) technology changes that may affect the protection of Sensitive Information; (d) material changes to Company’s business, including to the size, scope and type of Company’s business; (v) the amount of resources available to Company; (vi) the amount of Sensitive Information stored or held by Company; (vii) any increased need for security and confidentiality of Sensitive Information; and (viii) any other circumstances that Company management believes may have a material impact on the Program.

H. Personnel and Service Providers

  1. Company shall exercise necessary and reasonably appropriate supervision over its employees and others acting on its behalf to maintain confidentiality and security of Sensitive Information.
  2. Prior to engaging any third-party service provider who may receive Sensitive Information, Company will take reasonable steps to select and retain third-party service providers that are capable of maintaining appropriate security measures to protect the Sensitive Information.
  3. Company shall terminate an individual’s access to Company Systems as soon as reasonably practicable after such individual is no longer employed or engaged by Company. Terminated personnel are required to surrender all keys, IDs, access codes, badges, business cards and the like that permit access to Company’s premises and/or systems.

I. Data Incidents

  1. In the event of a Data Incident, the Security Coordinator will conduct a post-incident review of events and decide the appropriate actions to take to minimize the Data Incident and mitigate the consequences.
  2. The Security Coordinator shall be in charge of assembling a qualified incident response team, which will be responsible for handling matters related to the Data Incident.
  3. If necessary, the Security Coordinator shall make changes in business practices relating to protection of Sensitive Information following a Data Incident.
  4. The Security Coordinator shall document the foregoing and provide a report to management.

J. Secure Return or Dispositions

Company shall return or dispose of Sensitive Information, whether in paper or electronic form, in a secure manner.