Terms of Service and Privacy Policy

Mend – Terms of Service

Last Updated: May 2022

Welcome to Mend! Thank you for using our products and services. These Terms of Service (the “Terms”) constitute a binding agreement between us and shall govern your use of the products and services made available to you on our websites and any other sub-domain operated by us as more specifically agreed in an order form or statement of work (the “Service(s)”), as well as all information and data made available to you in connection with the Services (“Data”, and together with the Services, the “Platform”).

  1. Acceptance of Terms

By using or accessing any part of the Platform, you expressly acknowledge and agree to these Terms, our privacy policy (available at: https://www.mend.io/privacy-policy/ (the “Privacy Policy”)) and any and all other applicable policies and notices, as are made available to you from time to time. In addition, if you are entering into these Terms on behalf of a company or other legal entity, you hereby warrant that you have authority to bind such entity to these Terms, in which case the terms “you” or “your” shall refer to such entity. You hereby waive any applicable rights to require an original (non-electronic) signature or delivery or retention of non-electronic records, to the extent not prohibited under applicable law. If you do not agree to these Terms or you do not have authority to enter into these Terms, you must not accept these Terms and may not use any part of the Platform.

We may amend these Terms at any time by posting an amended version of these Terms on our website. You can determine when these Terms were last modified by checking the “Last updated” notice at the top of this page. Your continued use of the Platform shall constitute your consent to any changes made. If you do not agree to the new or different terms, you should not use the Platform.

  1. Accounts: Security

You may need to set up an account in order to use the Platform (an “Account”). When you are setting up your Account, you must give us accurate and complete information. Opening an Account will require us to obtain information such as your name, e-mail address, and, in certain instances, your country location and/or company. Our use of any personal data you provide to us as part of the Account registration process is governed by the terms of our Privacy Policy. You may not use someone else’s Account without permission. This means that you cannot set up an Account using someone else’s name or contact information, or a phony name or phony contact information. You are solely responsible for the activity that occurs in your Account, and you must keep your Account password secured. You must let us know immediately in case of suspected unauthorized access to, or activity within your Account. You may not transfer your Account to someone else. We are not liable for any damages or losses caused by someone using your Account without your permission.

  1. License to Use our Platform: Restrictions on Use

You may use the Platform in accordance with these Terms, provided that:

  • you are over 18 years old; and
  • you do not copy or modify the Platform or any part thereof, including without limitation, any features, functions, graphics, data or information; and
  • you follow all the rules and restrictions set forth in these Terms and our Privacy Policy.

We grant you a non-exclusive, non-sublicensable, non-assignable, non-transferable, revocable right to use the Platform solely for your internal business operations, during your subscription term as set forth under the applicable order form or statement of work and in accordance with the documentation and these Terms.  the “documentation” may include implementation manuals, fair use policy, retention and backup policy, and other policies and instructions relating to the use and operation of the Services and the Platform as may be made available by us from time to time (including via the Platform).

You agree not to, and shall not permit any third party to: (i) access any part of the Platform without our consent, (ii) modify, translate, broadcast, transfer (by sale, resale, license, sublicense, download or otherwise), reverse engineer, decompile, disassemble, create derivative works of or copy any part of the Platform or otherwise seek to obtain or use the source code or non-public APIs of any part of the Platform, except to the extent expressly permitted by applicable law (and then only upon advance written notice to Mend), (iii) remove, alter or obscure any proprietary notices, labels or marks on any component or portion of the Platform, (iv) market, sell, resell, rent, reproduce, display, distribute or lease any part of the Platform, (v) interfere with or disrupt the integrity or performance of any part of the Platform, (vi) use any part of the Platform for the benefit of any unauthorized third party including use of the Platform to operate as a service bureau, or hosting service, (vii) take any action that imposes or may impose, at our sole discretion, a disproportionately large load on our infrastructure (such as DDoS) or any other interference or attempt to interfere with the integrity or proper working of the Services or Platform, (viii) use the Platform in such a manner that causes violation of these Terms or exceeds the license limitations set forth under the applicable order form or statement of work, (ix) attempt to gain unauthorized access to any part of the Platform, or their related systems or networks; (x) breach any applicable local, national or international law, rule or regulation; (xi) perform or disclose any performance tests or benchmark on the Platform or any security testing, including without limitation, penetration testing, vulnerability scanning and any and all actions not specifically permitted under the documentation, of the Platform, including on our software/servers and associated databases, software media and downloaded files, or (xii) transmit to the Platform any data, or send or upload any materials to the Platform that contain viruses, Trojan horses, worms, time-bombs, keystroke loggers, spyware, adware or any other harmful programs or similar computer code designed to adversely affect the operation of any computer software or hardware.

Further, without our prior written consent, you may not access or use any part of the Platform if you are a competitor of ours, or for the purpose of developing a competitive product or service to those provided by Mend or for any benchmarking or other competitive purposes.

This license shall remain in effect until and unless these Terms are terminated by you or us (see section ‎10 for information about termination).

  1. Proprietary Rights

The Platform is licensed and not sold to you under these Terms and you acknowledge that Mend and its licensors retain all right, title, and interest (including all copyright, trade secret, trademark, patent, and other intellectual property rights) in and to the Services, Platform, documentation, Analysis Data, the underlying technology, template forms and designs of the Reports and all technology utilized by us to provide the Services (“Mend IP”), and including all modifications, upgrades, customizations and derivative works made to the Mend IP, in and to the Platform anywhere in the world (even after installation onto a computer owned by you or integration into your system), and that you have no rights in or to any part of the Platform other than the right to use in accordance with these Terms.

If you give us feedback, suggestions, comments, ideas or any other information relating to the Platform, for example recommendations for improvements or features (“Feedback”), that Feedback is solely owned by us and may become part of the Platform without any obligation or payment to you or restriction of any kind; provided that any such Feedback may not include a reference to you or to any other individual. We reserve all rights in and to the Platform unless we expressly state otherwise. The Platform contains proprietary and confidential information that is protected by applicable intellectual property and other laws.

In the event that you breach the terms of the license granted to you herein and such breach results in the creation of derivative works of any part of the Platform (“Derivative Works”), you hereby assign with full right and title guarantee all such Derivative Works to us. Such assignment does not preclude us from taking any legal or other action against you for contravention of these Terms, including for infringement of our intellectual property rights.

The content on the Platform is provided to you “as is” for your internal business use only and may not be exploited for any other purposes whatsoever without our prior written consent. If you download or print a copy of the content from our Platform, you must retain all copyright and other proprietary notices contained therein.

All brand, product, and service names used in the Platform which identify Mend or our licensors and our or their proprietary products and services are the trademarks or service marks of Mend or our licensors. Nothing in the Platform shall be deemed to confer on any person any license or right on the part of Mend or such Platform with respect to any such image, logo, or name. We reserve all rights not expressly granted herein to the Platform.

  1. Project Data and Rights you give us

We claim no intellectual property rights in and to your applications, project, code, software, products, or any material you provide or otherwise transmit to us via the Platform and the Reports displaying Your Data as generated through the Platform (except the underlying technology, template forms and designs of the Reports) (“Customer IP”). We grant you an exclusive, perpetual, sublicensable, assignable, transferable, non-revocable, worldwide right to use and copy the Reports, including any Mend IP incorporated therein, for your internal business use only. For the avoidance of doubt, as between the parties, Customer retains full ownership of the Customer IP. You will be solely responsible for the accuracy, quality, and legality of the information transmitted to us via the Platform.

To enable your use of the Platform for Software as a Service subscription, we need to inspect portions of your project and send parts of it to our servers. This information includes, but is not limited to, information relating to the project (such as the project name and metadata), information on dependencies, how the dependencies are being used and how they are referenced by the project and Mend -related files and environmental information (“Project Information”). We may also collect Project Information for each of the project’s dependencies (“Dependency Information”). If you are using our Static Code Analysis Services, the information may include portions of your application files (source or byte code) (the “Application Information” and together with the Project Information and Dependency Information and any other materials uploaded by you via the Platform: “Your Data”). For these purposes, we require, and you hereby grant us, a worldwide, non-exclusive, royalty-free license to store, use, reproduce, display and transmit Your Data to the extent necessary to enable your use of the Platform, including monitoring your usage of the services. This license shall remain in effect for as long as you have access to the Platform.

In addition, we may (i) compile statistical and other information related to the performance, operation, and use of the Platform based, inter alia, on Your Data for our internal business use (e.g., monitor usage), and (ii) use data from the Platform cloud environment in an aggregated and anonymized form to create statistical analyses, for research and development purposes and to improve and market the Services (collectively, the “Analysis Data”). We may make Analysis Data available in a form that does not identify you or any other individual. You understand and acknowledge that certain portions of the Platform may contain a feature that sends Analysis Data along with other technical information regarding the operation of the Platform to Mend. For the avoidance of doubt, this license granted to us will not expire upon termination of these Terms, or where you delete the relevant project from the Platform.

  1. Confidentiality

Either party hereunder (a “Disclosing Party“) may disclose to the other party (a “Receiving Party“) certain confidential information regarding its technology and business, including these Terms and its pricing (“Confidential Information”). Confidential Information shall not include any information that was: (a) already in the possession of the Receiving Party without an obligation of confidentiality; (b) developed independently by the Receiving Party, as demonstrated by the Receiving Party, without the use of, or reference to, the Disclosing Party’s Confidential Information; (c) obtained from a source other than the Disclosing Party without an obligation of confidentiality; or (d) publicly available when received, or thereafter became publicly available (other than through any unauthorized disclosure by the Receiving Party).

The Receiving Party agrees to hold all Confidential Information in strict confidence and not to disclose such Confidential Information to third parties other than its affiliates, employees, agents, consultants, or subcontractors who have a need to know in connection with these Terms and will not use such Confidential Information for any purposes whatsoever other than the performance of these Terms. The Receiving Party agrees to advise and require its respective employees, agents, and subcontractors of their obligations to keep all Confidential Information confidential and shall remain responsible at all times for any breach of this Section 6 by any of its employees, agents, and subcontractors as if such breach was made by Receiving Party directly. The Receiving Party agrees to treat the Confidential Information it receives with the same degree of care as it treats its own Confidential Information and in any event no less than a reasonable degree of care.

In addition, the Receiving Party may disclose Confidential Information if legally compelled by a court or other competent authority to disclose Confidential Information, provided that the Receiving Party gives the Disclosing Party reasonable prior written notice of such requirement prior to such disclosure and reasonable assistance in obtaining an order protecting the information from disclosure and discloses only such minimal portion of the Confidential Information required to be disclosed.

The provisions of this Section 6 shall survive the termination or expiration of these Terms for a period of 5 (five) years, except that trade secrets shall be protected according to the applicable law.

  1. Warranty: Disclaimer of Warranties

7.1.     Each party represents and warrants that: (i) it is duly organized under applicable law and has sufficient authority to enter into these Terms; (ii) it shall comply with applicable federal, state, local, or other laws and regulations applicable to the performance by it of its obligations under these Terms and shall obtain all applicable permits, consents, and licenses required of it in connection with its obligations under these Terms. Mend further represents and warrants that its Platform does not, to its actual knowledge, infringe the intellectual property rights of any third party.

7.2. EXCEPT AS EXPRESSLY SET FORTH HEREIN, YOUR USE OF AND RELIANCE ON THE PLATFORM IS AT YOUR OWN RISK. THE PLATFORM IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. MEND AND ITS AFFILIATES, SUPPLIERS, AND PARTNERS EXPRESSLY DISCLAIM TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT AND THOSE ARISING BY STATUTE OR FROM A COURSE OF DEALING OR USAGE OF TRADE.

MEND AND ITS AFFILIATES, LICENSORS AND PARTNERS MAKE NO WARRANTY THAT (I) THE SERVICES OR ANY PRODUCTS PURCHASED THROUGH THE PLATFORM WILL MEET YOUR REQUIREMENTS; (II) THE PLATFORM WILL BE UNINTERRUPTED OR ERROR-FREE; (III) THAT THERE WILL BE NO ERRORS IN THE PLATFORM OR THAT MEND WILL FIX ANY ERRORS; (IV) THE PLATFORM WILL BE ABLE TO FIND AND MONITOR ALL VULNERABILITIES IN YOUR CODE OR IN ALL DEPENDENCIES (INCLUDING ALL OPEN SOURCE DEPENDENCIES) INCLUDED OR USED IN YOUR APPLICATION OR THAT ANY VULNERABILITIES IDENTIFIED BY THE PLATFORM ARE TRUE AND ACCURATE; OR (V) WE HAVE THE ABILITY TO FIX ALL VULNERABILITIES DISCOVERED USING THE PLATFORM. MEND WILL NOT BE LIABLE OR RESPONSIBLE FOR: (A) ANY TECHNICAL PROBLEMS OF THE INTERNET (INCLUDING WITHOUT LIMITATION SLOW INTERNET CONNECTIONS OR OUTAGES); AND/OR (B) ANY ISSUE THAT IS ATTRIBUTABLE TO YOUR HARDWARE OR SOFTWARE OR YOUR INTERNET OR DATA SERVICE PROVIDER.

ANY MATERIALS OBTAINED THROUGH THE USE OF THE PLATFORM ARE OBTAINED AT YOUR OWN DISCRETION AND RISK AND MEND SHALL NOT BE RESPONSIBLE FOR ANY DAMAGE CAUSED TO YOUR COMPUTER OR DATA RESULTING FROM THE USE OF THE PLATFORM OR ANY CONTENT OBTAINED FROM THE PLATFORM OR IN CONNECTION WITH YOUR IMPLEMENTATION OF ANY REMEDIATION STEPS SUGGESTED BY US, INCLUDING THROUGH THE PLATFORM.

YOU FURTHER ACKNOWLEDGE THAT MEND DOES NOT OFFER A WARRANTY OR MAKE ANY REPRESENTATION REGARDING ANY CONTENT, REPORTS, INFORMATION, OR RESULTS THAT YOU OBTAIN THROUGH THE USE OF OUR PLATFORM (“COLLECTIVELY, “REPORTS”), OR THAT THE REPORTS ARE COMPLETE OR ERROR-FREE. THE REPORTS DO NOT CONSTITUTE LEGAL OR ANY OTHER PROFESSIONAL ADVICE AND WE DO NO NOT GUARANTEE IT IS A COMPLETE SOURCE OF ALL VULNERABILITIES AND LICENSE ISSUES FOR ALL DEPENDENCIES OR THAT IT IS RELEVANT OR SUITED TO ALL THE DEPENDENCIES INCLUDED OR USED BY YOUR APPLICATION, AND YOU UNDERSTAND THAT ANY DETERMINATION REGARDING THE SUBJECT MATTER OF ANY REPORT AND/OR ANY SOFTWARE COMPONENT THAT YOU USE OR ARE CONSIDERING TO USE SHALL BE MADE IN YOUR SOLE DISCRETION. YOU FURTHER ACKNOWLEDGE THAT THE SUGGESTIONS MADE BY US IN RELATION TO FIXES (WHETHER FOR UPDATES, PATCHES, OR MONITORING SERVICES) ARE NOT INTENDED TO AMOUNT TO ADVICE ON WHICH YOU SHOULD SOLELY RELY. WE WILL NOT BE LIABLE TO YOU FOR OUR FAILURE TO FIND, FIX AND MONITOR LICENSING ISSUES OR VULNERABILITIES IN YOUR CODE OR IN THE DEPENDENCIES OR FOR INCORRECTLY IDENTIFYING THE SAME, OR FOR ANY DAMAGE OR LOSS SUFFERED AS A RESULT OF A FIX DEPLOYED. THIS SECTION APPLIES WHETHER OR NOT THE SERVICES PROVIDED TO YOU UNDER THE PLATFORM ARE FREE OF CHARGE.

SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU. YOU MAY ALSO HAVE OTHER LEGAL RIGHTS, WHICH VARY AMONG JURISDICTIONS.

  1. Limitation of Liability

TO THE FULLEST EXTENT PERMITTED UNDER APPLICABLE LAW, MEND AND ITS AFFILIATES, SUPPLIERS, AND PARTNERS HAVE NO OBLIGATION OR LIABILITY (WHETHER ARISING IN CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY, OR OTHERWISE) FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR LIABILITIES (INCLUDING, BUT NOT LIMITED TO, LIABILITY CONCERNING ANY LOSS OF DATA, REVENUE OR PROFIT), ARISING FROM OR RELATED TO THESE TERMS OR YOUR USE OF THE PLATFORM, DOCUMENTATION OR DATA, OR ANY REPORT OR CONTENT PROVIDED BY OR THROUGH THE PLATFORM, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE. THE FOREGOING LIMITATION APPLIES TO DAMAGES ARISING FROM (I) YOUR USE OR INABILITY TO USE OUR PLATFORM; (II) COST OF PROCUREMENT OF SUBSTITUTE SERVICES RESULTING FROM ANY SERVICES PURCHASED THROUGH OR FROM OUR PLATFORM; (III) THIRD PARTY CONTENT MADE AVAILABLE TO YOU THROUGH THE PLATFORM; OR (IV) ANY OTHER MATTER RELATING TO THE PLATFORM. SOME JURISDICTIONS MAY NOT ALLOW THE LIMITATION OR EXCLUSION OF INCIDENTAL, CONSEQUENTIAL OR OTHER TYPES OF DAMAGES, SO SOME OF THE ABOVE LIMITATIONS MAY NOT APPLY.

NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED HEREIN, TO THE FULLEST EXTENT PERMITTED UNDER APPLICABLE LAW, NEIGTHER PARTY’S LIABILITY AND THE LIABILITY OF EACH OF ITS OFFICERS, DIRECTORS, INVESTORS, EMPLOYEES, AGENTS, ADVERTISERS, LICENSORS, SUPPLIERS, SERVICE PROVIDERS AND OTHER CONTRACTORS TO THE OTHER PARTY OR ANY THIRD PARTIES UNDER ANY CIRCUMSTANCE SHALL EXCEED THE HIGHER OF(i) THE AMOUNT OF FEES ACTUALLY PAID BY YOU TO US IN CONNECTION WITH THE TWELVE (12) MONTHS PERIOD PRECEDING THE EVENT GIVING RISE TO THE CLAIM, OR (ii) $100.

  1. Indemnity

9.1. By Mend. Mend will indemnify, defend and hold you and your officers, directors, agents, and employees harmless from and against any damages losses, expenses, and fines (including reasonable attorneys’ fees, costs, and expenses) (“Damages”) awarded against you by a court of competent jurisdiction, or paid in settlement (subject to Section 9.3 below), in connection with a claim suit or proceeding by a third party (“Claim”) that the Platform, as used by you in accordance with these Terms, infringes any copyright, patent, trade secret or any other intellectual property right of a third party; provided, however, that Mend’s indemnification obligations shall not extend to claims based on: (i) an unauthorized modification or use of the Platform made by any third party other than Mend, where the Platform, without such modification or unauthorized use, would not be infringing; (ii) the combination of the Platform with any other software, data or program(s) not supplied by Mend, where the Platform, without such combination, would not be infringing; or (iii) the use by you of any version of the Platform which is not the latest available version of the Platform that was made available by Mend. If any Claims of infringement arise, or Mend believes a Claim of infringement is possible, Mend shall have the right at its sole option and expense to: (a) obtain for you the right to continue the use of the Platform; (b) replace or modify the allegedly infringing part of the Platform so that it becomes non-infringing while giving a substantially equivalent performance; or (c) if Mend determines that the foregoing remedies are not commercially reasonable, terminate these Terms and you will be refunded of any prepaid fees on a pro-rata basis. The Indemnification as stated in this Section, shall be considered as our entire liability and your exclusive remedy for infringement.

9.2. By You. You will indemnify, defend and hold harmless Mend and its officers, directors, agents, and employees from and against any Damages in connection with a third party Claim (i) alleging that use of Your Data or your application, software or code, as used by us in accordance with these Terms or by you through our Platform and Services infringes or misappropriates any intellectual property or privacy rights of a third party, or (ii) arising from your unauthorized use of the Platform, unless such use is otherwise agreed to in writing by the parties.

9.3. If a party hereunder is entitled to indemnification pursuant to this Section 9 (the “Indemnified Party”), the Indemnified Party shall give the other party (the “Indemnifying Party”) prompt written notice and provide the Indemnifying Party, at Indemnifying Party’s option, control of the defense against the Claim at its own expense, and by counsel reasonably satisfactory to the Indemnified Party. The Indemnified Party shall cooperate, at the expense of the Indemnifying Party, with the Indemnifying Party and its counsel in the defense and the Indemnified Party shall have the right to participate fully, at its own expense, in the defense of such Claim. Any compromise or settlement of a Claim shall require the prior written consent of both parties hereto, such consent not to be unreasonably withheld or delayed.

  1. Suspension and Termination

10.1. We may suspend your permission to use the Platform or block any IP Address, without notice upon any material or persistent violation of these Terms, if required to avoid harm to Mend or any third party, upon your failure to pay any fees when due (subject to prior written notice in such case), upon the request of law enforcement or government agencies, or for engagement by you in fraudulent or illegal activities.

10.2. We may further terminate your use of and access to the Platform and your Account for material breach of these Terms, in which case we will not refund any fees you may have paid for access to the Platform (if applicable).

Upon any termination, (i) all rights granted to you under these Terms, including the license in Section ‎3, shall terminate, (ii) you must immediately uninstall, permanently delete or remove from all computer equipment, servers, software and premises in your possession or control, and destroy or return to us all copies of, any of the documentation, data, our software/servers and associated databases, software media and downloaded files copies and refrain from invoking/using the Mend Cloud APIs/endpoints belonging to us as and to the extent used in the provision of the Platform and upon our request, you shall certify in writing that this has been completed, and (iii) (for SaaS-based subscription) we will delete your Account, disable your passwords and will bar you from further use of the Platform. You agree that we will have no liability to you or any third party for termination of your Account or access to the Platform. Upon your written request, we may provide you with limited access to your Account for 30 additional days following termination to allow you to download your data from the Platform. Any data contained in your Account thereafter shall be deleted. Any outstanding balance through the date of termination and other unpaid fees will become immediately due and payable in full (subject to Section 10.3. below).

10.3. You may terminate these Terms in case of our material breach of these Terms by providing us with a 30-day prior written notice to allow us to cure any such material breach. In case of termination by you pursuant to this Section 10.3, we shall refund to you all prepaid amounts on a pro-rata basis. Except as specified in this Section 10.3. all fees are non-refundable.

  1. Third Party Terms

Certain portions of the Platform may utilize the services and/or products as well as links to other websites of third-party vendors and business partners, which services and/or products may include software, information, data or other services. Some of these vendors and partners require users who utilize such features to agree to additional terms and conditions. Your use of such features constitutes your agreement to be bound by those additional terms and conditions. Those third-party terms are subject to change at such third party’s discretion.

You must use your own discretion when you go to other websites or use third parties’ products or services.

  1. Additional Third-Party Terms for Deliverables

The following paragraph shall apply in case of downloadable Services or products from our website or in connection with on-premise installation of the Platform only (Deliverables).

The Platform may contain or may be provided in conjunction with Open Source Software, including some or all of those detailed in the notices file provided with the Platform. To the extent so indicated by an Open Source License referenced in such notices file, the Open Source Software corresponding to such Open Source License, is licensed directly to you by its respective licensors and is subject to its respective Open Source License, and not to these Terms. Any terms included in such Open Source License shall be deemed to be imposed by reference herein and shall supersede any conflicting provisions herein, solely with respect to the corresponding Open Source Software which is governed by such Open Source License.

If, and to the extent, an Open Source License detailed in the notices file requires that the source code of its corresponding Open Source Software be made available to you, and such source code was not delivered to you with the Platform, then only during the period prescribed in such Open Source License you can request to obtain from Mend such source code by contacting us at the email address: Product@mend.io. You are solely responsible to flow-down the foregoing provisions on Open Source Software to any additional end-user to which Mend provides the Platform.

  1. Independent Contractors

You and Mend are independent contractors. Nothing in these Terms creates a partnership, joint venture, agency, or employment relationship between you and Mend. You must not under any circumstances make, or undertake, any warranties, representations, commitments or obligations on behalf of Mend.

  1. Additional Features and Products: Updates and Upgrades

These Terms will apply to any new services, features or functionality (including Revisions as defined below) as may be offered by us from time to time, unless they come with separate or additional terms, in which case you will be required to agree to such separate or additional terms before being permitted to use the new services, features or functionality.

We may from time to time offer features and services for free, including as part of a preview program or beta tester program (“Free Services”), but we may add paid subscription plans to the Free Services in the future either in addition to the free option or instead of it.

NOTWITHSTANDING ANYTHING HEREIN TO THE CONTRARY, IT SHALL BE CLARIFIED THAT YOUR USE OF THE FREE SERVICES IS AT YOUR OWN RISK AND THAT ANY WARRANTY, INDEMNITY, SUPPORT WILL NOT APPLY IN CONNECTION WITH THE FREE SERVICES. THE FREE SERVICES ARE PROVIDED “AS-IS” AND WE EXPRESSLY DISCLAIM ANY AND ALL LIABILITY WITH RESPECT TO, OR IN CONNECTION WITH YOUR USE OF THE FREE SERVICES.

You are responsible for monitoring your use of the Free Services in accordance with your subscription plan. Any paid subscription plan may be accompanied by additional licenses, terms of sale and warranty provisions. If at any time you exceed the limit of your subscription plan, we reserve the right to charge you for the relevant fees owed as a result of your use outside the scope of your plan.

We may from time to time provide updates or upgrades to the Platform (each a “Revision”), but are not under any obligation to do so. Such Revisions will be supplied according to our then-current policies, which may include automatic updating or upgrading without any additional notice to you. You consent to any such automatic updating or upgrading of the Platform.

  1. Assignment

Neither party will assign or transfer any rights, licenses or obligations under these Terms without the prior written consent of the other party, provided, however, that Mend may assign these Terms (i) pursuant to a merger or sale of all or substantially all of its assets or capital stock; or (ii) to any successor or assignee of all or substantially all of Mend’s business. Subject to the foregoing conditions, these Terms shall be binding upon and inure to the benefit of each party and its respective successors and assigns. Except as permitted by the foregoing, any attempted assignment or transfer shall be null and void.

  1. Governing Law & Jurisdiction

These Terms shall be (i) construed and governed in accordance with the laws of the State of New York (except for conflict of law provisions) and competent courts of New York, New York, USA shall have jurisdiction in any conflict or dispute arising out of these Terms if you are an entity incorporated under the laws of the United States or Canada; or (ii) construed and governed in accordance with the laws of England and Wales (except for conflict of law provisions) and competent courts of London, United Kingdom shall have jurisdiction in any conflict or dispute arising out of these Terms if you are incorporated outside of the US and Canada; provided that Mend may, in any event, seek injunctive relief in any court of competent jurisdiction. The application of the United Nations Convention of Contracts for the International Sale of Goods is expressly excluded. The failure of either party to enforce any rights granted hereunder or to take action against the other party in the event of any breach hereunder shall not be deemed a waiver by that party as to subsequent enforcement of rights or subsequent actions in the event of future breaches.

  1. General

Any reference to “Mend”, “us”, “our” or “we” under these Terms shall mean WhiteSource Software, Inc., doing business as Mend, if you are an entity incorporated under the laws of the United States or Canada, or between you and White Source Ltd., doing business as Mend in any other case. These Terms shall constitute the entire agreement between you and Mend concerning your use of the Platform. If any provision of these Terms is deemed invalid by a court of competent jurisdiction, the invalidity of such provision shall not affect the validity of the remaining provisions of these Terms, which shall remain in full force and effect. Any terms and conditions that may be included in your purchase order, including any electronic invoicing portals and vendor registration processes, shall be deemed to be solely for administrative purposes and shall have no legal effect. No waiver of any term of these Terms shall be deemed a further or continuing waiver of such term or any other term, and a party’s failure to assert any right or provision under these Terms shall not constitute a waiver of such right or provision. YOU AGREE THAT ANY CAUSE OF ACTION THAT YOU MAY HAVE ARISING OUT OF OR RELATED TO THE PLATFORM MUST COMMENCE WITHIN ONE (1) YEAR AFTER BECOMING AWARE OF THE CAUSE OF ACTION. OTHERWISE, SUCH CAUSE OF ACTION IS PERMANENTLY BARRED.

Mend – Privacy Policy

Last Updated: May 2022

Welcome to Mend! This privacy policy (“Privacy Policy”) provides information on how we – White Source Ltd., Ariel Sharon 4 Street, Givatayim, Israel, 532004, doing business as Mend (“Mend” “we”, “our” or “us”) process your personal data as the responsible party (i.e. the “data controller”) if:

  • you visit our website (see 1.1.)
  • you contact us through our website or fill-in any form through our website (see 1.2.)
  • you subscribe to a newsletter (see 1.3.)
  • you are the person who subscribes to a contract on behalf of our Customer or who download and use the Services offered free of charge on our website (see 1.4.)
  • you are a Contributing Developer (see 1.5.)
  • you are a User of our Services (see 1.6.)
  • we use your data for marketing purposes (see 1.7.)

In addition, this Privacy Policy contains general information about your rights related to the processing of your data (see 7).

Should you still have questions or concerns after you have read this Privacy Policy, please contact us at privacy@mend.io.

Personal Data” means any information that can be used, alone or together with other data, to identify any living human being.

Please note that this is a master privacy policy and some of its provisions only apply to individuals in certain jurisdictions.      For example, the legal basis in the table below is only relevant for individuals who are located in the EU or the EEA and therefore are protected by EU Regulation 2016/79 (General Data Protection Regulation – GDPR).      This policy applies whenever you visit our website, use our services or otherwise interact with us and will not apply with respect to any data relating to a non-human entity, subject to applicable law.

This Privacy Policy may be updated from time to time and therefore we ask you to check back periodically for the latest version of the Privacy Policy, as indicated below. If there will be any significant changes made to the use of your Personal Data in a manner different from that stated at the time of collection, we will notify you by posting a notice on our Website or by other means.

  1. WHAT PERSONAL DATA WE COLLECT, WHY WE COLLECT IT, AND HOW IT IS USED
    • Personal Data of visitors of our website.

When you visit our website, our servers will automatically store various data about your usage of our website, including in particular the type/version of your browser and operating system, the website from which you arrive at our website, the pages of our website you visit, date and time of your access, your IP address and similar data. The legal basis for processing personal user data is our legitimate interest. We use such data to be able to make the website accessible, to detect and resolve any technical problems, and to prevent and, if necessary, prosecute any misuse of the website. In addition, we use these data in anonymous form, i.e. without the possibility of identifying the user, for statistical purposes and to improve the website. For our website’s use of cookies please see cf. section 8 below.

  • Data entered into a contact form on our website.

The website of Mend allows you to contact us by using a contact form. To do so, you may be required to provide your work email address, the country you are located in and purpose of your request. Personal data transmitted to Mend in this connection will be used exclusively to process your request. The legal basis for processing this personal data is our legitimate interest to answer your request.

  • Data processing in connection with your subscription to our newsletter.

On the website of Mend you may subscribe to our newsletter. To do so, you must provide your email address. Additional information may be provided on a voluntary basis. This information will be used exclusively to send out the newsletter and will not be transferred to any third parties. The legal basis for data processing is your consent. You have the right to revoke your consent at any time by clicking the unsubscribe button in the newsletter, without thereby affecting the lawfulness of data processing that has occurred up until consent is revoked. If consent is revoked, then you will no longer receive the newsletter.

When you subscribe to our newsletter, your IP address and the date and time of subscription and email verification will be collected. These data will be processed exclusively for the purpose of allowing us to reconstruct any possible misuse of your email address. The legal basis for processing of the aforementioned data is a legitimate interest.

Our newsletter contains a so-called “tracking pixel”. A tracking pixel is a miniature image file that is embedded in emails in HTML format. The embedded tracking pixel allows Mend to recognize whether and, if so, when you open the newsletter and on which of the links in the newsletter you click. Data collected via tracking pixels in our newsletters are stored and processed for statistical purposes to optimize distribution of our newsletter and to tailor the content of future newsletters even more to the interests of the recipient.

  • Data processing in connection with subscriptions or registrations to our Service.

Mend offers Business-to-Business Services. Data relating to our business customers that we process for the conclusion, performance and termination of our contract with a Customer (e.g., business name and address, payment information), therefore, are not considered as Personal Data. However, we process certain Personal Data of those individuals who subscribe to a contract or register for our free Service on behalf of a Customer, in particular a work email address.

  • Data of Contributing Developers.

Mend collects pseudonymized email addresses of a Customer’s Contributing Developers to verify compliance with the licence terms agreed with the Customers. The email addresses are processed solely to determine the number of Contributing Developers attributable to a Customer. The legal basis for processing of this personal data is our legitimate interest.

  • Data of Users of the Services.

The website of Mend allows individuals who have been designated by our Customers as users of our Services (“Users”) to create an account and to use our Services, e.g. work in our platforms. If you are a User, to do so, you must provide your first name and last name, your user name, password and work email address to create an account. When you log into your account on our Platform, our systems collect certain information about your activities, such as the time you log in and out, the Services you use and the actions you take on the Services. In the event of a support issue, such as a planned or emergency outage, we may send a notification to your work email address. Some of the actions may be visible in the Mend Dashboard to other users from your organisation. The sole purpose of the processing of these Personal Data is to provide our Customers with the Services of Mend. The legal basis for processing this personal data is our legitimate interest to be able to provide our Customers with our Services.

Please be aware that if you access our Services through connected third party applications (such as Google, GitHub, GitLab, AWS or Microsoft), we will receive certain information (including personal data, as described above) about you from the provider of such third party applications. The scope of information we receive depends on your third party application privacy settings and the information you shared with such third party. Such third parties are beyond our control and are not covered by our privacy policy. Please review the privacy policies of the third parties before providing your personal data.

  • Data processing for marketing purposes.

If you subscribe to our Services on behalf of a Customer or if you are a User of our Services, we will also use your email address to inform you periodically about other interesting offers from Mend. If you do not wish to receive such information, you can easily opt-out free of charge by clicking on the unsubscribe link here or at the bottom of any message containing product information from Mend. The legal basis for processing this personal data is our legitimate interest.

  1. PERIOD OF STORAGE OF COLLECTED INFORMATION
    • Your Personal Data (as described above) will be retained until: (i) it is no longer reasonably necessary for the purposes described in this Privacy Policy, unless a longer storage period is required by applicable law or by our Customer; or (ii) you send a valid deletion request.
    • Data collected when visiting our website is regularly stored for a period of 365   Cookies (see section 11) are stored for 365 days. You can also delete cookies earlier on your own. You can read more in our cookie policy (available here: https://www.mend.io/cookies-policy/).

If you have any questions about our Data Retention Policy, please contact us by email at privacy@mend.io. Additional information about our Data Retention Policy (including non-Personal Data retention) can be found at: https://www.mend.io/data-retention-and-archiving-policy/.

  1. DATA LOCATION
    • Your Personal Data may be maintained, processed and stored by us and by our authorized affiliates and service providers (defined below) in the U.S., the State of Israel, the UK and other jurisdictions, including the European Union, as necessary for the proper delivery of our Services, or as may be required by applicable law.
    • Customers’ data may be stored either in our third-party data hosting facilities located in the U.S. or in the EU based on Customer’s location and preference.
    • We have operations in Israel, which offers an adequate level of protection for the Personal Data of EU Member State residents.
    • We may transfer Personal Data to countries other than the country in which the data originated. Any such transfers shall be done in compliance with all applicable laws. While privacy laws may vary between jurisdictions, we, our affiliates and Service Providers are each committed to protect Personal Data in accordance with this Privacy Policy and customary industry standards, regardless of any lesser legal requirements that may apply in the applicable jurisdiction.
  1. HOW WE PROTECT YOUR PERSONAL DATA
  2. We have implemented appropriate technical, organizational security measures. However, please note that regardless of the measures implemented, we cannot and do not guarantee the absolute protection and security of any Personal Data stored with or accessed by us or any third party with whom we share your Personal Data as described under Section 1 below. Nevertheless, we make commercially reasonable efforts to make the collection and security of such information consistent with this Privacy Policy and all applicable laws and regulations. As the security of information depends in part on the security of the computer, device or network you use to communicate with us and the security measures you use to protect your user IDs and passwords, please make sure to take appropriate measures to protect this information.

  1. CHANGE OF OWNERSHIP AND CHANGE OF CONTROL

If, in the future, we sell or transfer some or all of our business or assets to a third party, we will (to the minimum extent required) disclose information to a potential or actual third-party purchaser of our business or assets, or in the event of bankruptcy or a comparable event, we reserve the right to transfer or assign Personal Data in connection with the foregoing events. If such an event occurs, the legal basis for processing your Personal Data in this context is either your consent, contract performance or legitimate interests.

  1. HOW WE SHARE YOUR PERSONAL DATA 
    • For certain technical data processing tasks, Mend is assisted by third-party service providers who will receive access to your personal data to provide such services. Those service providers have been carefully selected and meet high data privacy and data security standards. They are subject to strict duties of confidentiality and process data only on behalf and in accordance with the instructions of Mend.
    • Except as stated in this Privacy Policy, we will not transfer your data to any third parties without your express consent, unless Mend is required to do so by law, regulatory directive, or court order. PLEASE NOTE THAT IN SUCH CASE WE WILL TAKE ADEQUATE MEASURES TO PREVENT INSPECTION BY NON-EU AUTHORITIES OF YOUR PERSONAL DATA AND PROVIDE NOTICE TO THE EXTENT NOT PROHIBITED.
  1. DATA WE COLLECT AND RECEIVE FROM THIRD PARTIES
  2. We may receive your contact and professional details (e.g. business address and position, work email address) from our business partners and third party services provides and tools commonly used to connect individuals and entities to explore potential business and employment opportunities (e.g., LinkedIn). The purpose as well as the legal basis for the processing of this personal data results in principle from the respective context of the communication or cooperation. Such contexts and the corresponding legal bases are described in this Privacy Policy in sections 1.1. to 1.7.

  1. LINKS TO AND INTERACTION WITH THIRD PARTY PRODUCTS

The Website may enable you to interact with or contain links to your third party account and other third party websites (each, a “Third Party Service”). Such third parties are beyond our control and are not covered by our privacy policy. We are not responsible for the privacy practices or the content of such Third Party Services. Please be aware that Third Party Services may collect Personal Information from you. Accordingly, we encourage you to read the terms and conditions and privacy policy of each Third Party Service that you choose to use or interact with.

  1. ADDITIONAL INFORMATION REGARDING TRANSFERS OF PERSONAL DATA
    • Internal transfers: We ensure transfers with our approved affiliates are covered by a data protection agreement, which contractually obliges each approved affiliate to ensure that personal data receives an adequate and consistent level of protection wherever it is transferred to. Please find information about the group companies that we share your personal data with here https://www.mend.io/mend-group-companies/
    • External transfers: (for data subjects protected under the GDPR or the UK GDPR) Where we transfer your Personal Data outside of the EU/EEA or the UK respectively to countries for which no adequacy decision of the EU Commission exists, for example to approved affiliates or third parties who help provide our products and services, we will obtain contractual commitments and or assurances from them on the basis of the EU Standard Contractual Clauses Link and or the UK Standard Contractual Clauses to protect your Personal Data.

Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal data is disclosed (see additional information under Section 1 above).

  1. YOUR RIGHTS; HOW TO DELETE YOUR ACCOUNT
    • Rights. The following rights shall apply to individuals who are protected by the GDPR or the UK GDPR. Some of these rights may also apply under your applicable law.
    • You have a right to access personal data held about you. Your right of access may normally be exercised free of charge, however we reserve the right to charge an appropriate administrative fee where permitted by applicable law;
    • You have the right to request that we rectify any personal data we hold that is inaccurate or misleading;
    • You have the right to request the erasure/deletion of your personal data (e.g., from our records). Please note that there may be circumstances in which we are required to retain your personal data, for example for the establishment, exercise or defense of legal claims or for the provision of Services to our Customers;
    • You have the right to object, to or to request restriction, of the processing;
    • You have the right to data portability. This means that you may have the right to receive your Personal Data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller;
    • You have the right to withdraw your consent at any time. Please note that there may be circumstances in which we are entitled to continue processing your Personal Data, in particular if the processing is required to meet our legal and regulatory obligations. Also, please note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
    • You have a right to lodge a complaint with your local data protection supervisory authority We ask that you please attempt to resolve any issues with us before you contact your local supervisory authority and/or relevant institution.
    • You can exercise your rights by contacting us at privacy@mend.io. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly or inform you if we require further information in order to fulfill your request. When processing your request, we may ask you for additional information to confirm your identity and for security purposes, before disclosing the Personal Data requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. In the event that your request would adversely affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than initially requested, we will address your request to the maximum extent commercially reasonably possible, all in accordance with applicable law.
    • Deleting your account. If you ever decide to delete your Account, you may do so by emailing privacy@mend.io. If you terminate your Account, any association between your Account and information we store will no longer be accessible through your Account. However, in certain portions of the Services, any public activity on your Account relating to such Services will remain stored on our servers (or on third party servers) prior to deletion and will remain accessible to the public.
  1. COOKIES AND ANALYTIC TOOLS

Mend’s website uses cookies. Cookies are small text files that are stored on the hard drive of the user to exchange certain settings and data with the systems of Mend via the browser. A cookie generally contains the name of the domain from which the cookie data were sent, as well as information on the age of the cookie and an alphanumeric identifier. Information stored in cookies are not used to identify users and are not merged with any other stored personal data about users.

Cookies can be blocked or restricted by changing the settings of your browser. Cookies that have already been stored may be deleted at any time. This can also be done automatically. If cookies for the Mend’s website are blocked, then you may no longer be able to fully use all functions of the website.

Cookies are only stored and used to process personal data with your consent and for the purpose of gathering information on how you use our website in order to measure the reach and effectiveness of our services.

Mend also uses web analytics service (“Analytics Tools”). The Analytics Tools collect information such as how often users visit this site, what pages they visit when they do so, and what other sites they used prior to coming to this Website. We use the information we get from the Analytics Tools to maintain and improve the Website and our products and to improve our Customers’ and Visitors’ experience.

Additional information may be found under our Cookie Management on our website.

  1. SPECIFIC PROVISIONS APPLICABLE UNDER CALIFORNIA LAW
    • No sale of personal information We do not sell your personal information for the intents and purposes of the California Consumer Privacy Act (CCPA).
    • Access Requests. California Civil Code Section 1798.83 (and other, similar state statutes) permits our customers who are California residents (or residents of states with similar statutes) to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@mend.io. Please note that we are only required to respond to one request per customer each year.
    • Deletion Of Content From California Residents. If you are a California resident under the age of 18 and a registered user, California Business and Professions Code Section 22581 permits you to remove content or Personal Data you have publicly posted. If you wish to remove such content or Personal Data and you specify which content or Personal Data you wish to be removed, we will do so in accordance with applicable law.  Please be aware that after removal you will not be able to restore removed content. In addition, such removal does not ensure complete or comprehensive removal of the content or Personal Data you have posted and that there may be circumstances in which the law does not require us to enable removal of content.
    • Our California Do Not Track Notice. We do not currently respond or take any action with respect to web browser “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personal information about an individual consumer’s online activities over time and across third-party web sites or online services. We may allow third parties, such as companies that provide us with analytics tools, to collect personal information, subject to applicable law, about an individual consumer’s online activities over time and across different web sites when a consumer uses the Services.
  1. USE BY CHILDREN 

We do not offer our products or services for use by children. If you are under 18, you may not use the Website, or provide any information to the Website without the involvement of a parent or a guardian. We do not knowingly collect information from, and/or about children.