Terms of Service
Payso Inc. (“Payso” or “Finn AI” or the “Vendor”) provides a conversational AI built for banking (“Service”) more fully described on the website finn.ai (“Website”). The Service is provided on a subscription basis as further described under specific subscription plans offered by Vendor from time to time. This Agreement applies to anyone (“You”/”Customer”) who subscribes for the Services through an Order Form or similar.
THESE TERMS (WHICH TOGETHER WITH THE ORDER FORM ARE COLLECTIVELY REFERRED TO AS THE “AGREEMENT”) CONTAINS IMPORTANT LIMITATIONS ON REPRESENTATIONS, WARRANTIES, CONDITIONS, REMEDIES AND LIABILITIES THAT ARE APPLICABLE TO THE SERVICES SO YOU SHOULD READ IT CAREFULLY BEFORE USING THE SERVICES. EITHER BY CLICKING A BOX INDICATING YOUR ACCEPTANCE OR BY EXECUTING AN ORDER FORM THAT REFERENCES THIS AGREEMENT, YOU AGREE TO THE TERMS HEREOF. IF YOU ARE AN AGENT OR EMPLOYEE OF AN ENTITY YOU REPRESENT AND WARRANT THAT (I) THE INDIVIDUAL ACCEPTING THIS AGREEMENT IS AUTHORIZED TO ACCEPT THIS AGREEMENT ON SUCH ENTITY’S BEHALF AND TO BIND SUCH ENTITY, AND (II) SUCH ENTITY HAS FULL POWER, CORPORATE OR OTHERWISE, TO ENTER INTO THIS AGREEMENT AND PERFORM ITS OBLIGATIONS HEREUNDER. IF YOU DO NOT ACCEPT THESE TERMS, THEN DO NOT USE THE WEBSITE OR ANY OF ITS CONTENT OR SERVICES.
These terms and conditions govern your access to and use of the products and services offered by.
In this Subscription Agreement:
- Terms defined in the Order Form shall have the same meaning in this Agreement unless the context indicates otherwise.
- “Agent” means a human Customer Care agent.
- “Agreement” or “Subscription Agreement” means this Agreement, including any Order Form.
- “Anonymized Information” is information that has been fully, permanently and irreversibly anonymized such that: (a) it is not capable of identifying or being associated with any End User, whether on its own or when combined with other information (whether or not such other information is in Vendor’s possession); and (b) is not regulated by any applicable Privacy Law.
- “Bot” means the Vendor’s proprietary conversational, artificial intelligence powered virtual banking assistant as described in the applicable Order Form ‘Finn AI Banking Chatbot’, which can access End User Data and be deployed through the Channel.
- “Customer” means the customer as defined in the Order Form.
- “Channel” means the communication or messaging channel(s) specified in the Order Form.
- “Data Breach” means an event such as a security breach that Vendor knows or reasonably believes has led to the personal information of End Users being accidentally, unlawfully or without authorization disclosed to or accessed, altered or deleted by a third party.
- “Emergency Maintenance” Emergency Maintenance” means any critical system changes that cannot be postponed until the Scheduled Maintenance or any other system suspension required or prudent in the event of an emergency, suspected fraud, or temporary enforcement by external authorities of an applicable regulatory requirement.
- “End User” means customers of Customer who access the Software Services through the Channel.
- “End User Data” means any data relating to End Users which Customer receives, procures, gathers, stores, processes or has access to, including but not limited to:
a) financial account details (including by way of example and without limitation account number, type, currency, balance); and
b) transactions details (including by way of example and without limitation transaction amount, date, description, currency).
- “Engagement” means a single instance of a conversation between any End User and the Bot on any Channel. For the avoidance of doubt, each new or renewed conversation between any End User and the Bot on any Channel (even the same channel) shall be a separate Engagement.
- “Initial Term” has the meaning given to it in Section 10.1.
- “Intellectual Property Rights” means all industrial and other intellectual property rights comprising or relating to: (a) patents; (b) trade-marks; (c) Internet domain names, whether or not trademarks, registered by any authorized private registrar or governmental authority, web addresses, web pages, website and URLs; (d) works of authorship, expressions, designs and industrial design registrations, whether or not copyrightable, including copyrights and copyrightable works, software and firmware, application programming interfaces, architecture, files, records, schematics, data, data files, and databases and other specifications and documentation; (e) trade secrets; and (f) all industrial and other intellectual property rights, and all rights, interests and protections that are associated with, equivalent or similar to, or required for the exercise of, any of the foregoing, however arising, in each case whether registered or unregistered and including all registrations and applications for, and renewals or extensions of, such rights or forms of protection under the laws of any jurisdiction in any part of the world.
- “Order Form” means a form signed by Customer and Finn AI or its authorized resellers subscribing for the Service which are governed by this Subscription Agreement.
- “Pattern Data” means non-personally identifiable information, data and reports derived from or compiled through the Service, including but not limited to demographics data, mobility patterns, location data and trend data such as aggregated data and statistics indicating frequency of use and popularity of the services. For greater certainty, Pattern Data is data that does not identify a specific Customer or its end users and is data which does not relate to a specific Customer’s business (including data relating to a specific Customer’s locations that receive the Services).
- “Machine Learnings” means fully anonymized conversation logs (from which all personally identifiable information and any information which could identify End User has been irrevocably removed) derived from Customer Data.
- “Social Network Platform” or “SNP” means any social network platform or messaging platform or service (including by way of example but without limitation the Facebook and Facebook Messenger platforms) which is listed as a Channel in the Order Form.
- “SNP Data” means any data in respect of an End User provided by or through an SNP.
- “Software Services” has the meaning given to it in Section 3.1.
- “Software Service API” means the API that enables access to the Software Services.
- “Support Services” means the support and maintenance services set out in Schedule 1.
- “Term” means the period of the Initial Term and any subsequent Renewal Term.
- “Territory” means the geographical region(s) specified in the Order Form.
- “Renewal Term” has the meaning given to it in Section 10.2.
- License Grant: The Software Services are protected by copyright, trade secret, and other intellectual property laws. Vendor hereby grants Customer a limited, non-exclusive, non-transferable right and license to use the Software Services during the Term of this Subscription Agreement in accordance with the terms and conditions of this Subscription Agreement. Except for rights expressly granted to Customer hereunder, Vendor reserves all other rights, title and interest in and to the Software Services and the underlying technology used to provide the Software Services. Customer acknowledges that only Vendor shall have the right to maintain, enhance or otherwise modify the Software Services and the Vendor technology unless specific permissions are granted to Customer in a separate agreement with Vendor.
- Software Services Restrictions: Customer shall use the Software Services solely as contemplated in this Subscription Agreement and shall not directly or indirectly license, sublicense, sell, resell, lease, transfer, assign, distribute, time share or, save as expressly permitted by this Subscription Agreement, otherwise make the Software Services available to any third party including making the Software Services available through any file-sharing method or any application hosting service. Customer shall not, except to the extent expressly agreed upon in writing by Vendor with Customer:
a) modify, translate, reverse engineer, decompile, disassemble, or create derivative works based on Vendor technology except to the extent expressly agreed upon in writing by Vendor with Customer or to the extent that enforcement is prohibited by applicable law notwithstanding a contractual provision to the contrary;
b) circumvent any user limits or other use restrictions that are built into the Software Services;
c) remove any proprietary notices, labels, or marks from the Software Services or Vendor technology;
d) access the Software Services in order to (i) build a competitive product or service; or (ii) copy any ideas, features, functions or graphics of the Software Services; or
e) use the Services in a manner that:
i) Infringes or violates the intellectual property rights or any other rights of anyone else (including Vendor);
ii) Violates any law or regulation, including any applicable export control laws;
iii) Is harmful, fraudulent, deceptive, threatening, harassing, defamatory, obscene, or otherwise objectionable;
iv) Attempts, in any manner, to obtain the password, account, or other security information from any other user;
v) Violates the security of any computer network, or cracks any passwords or security encryption codes; or
vi) Runs any form of auto-responder or “spam” on the Services, or any processes that run or are activated while Customer are not logged into the Services, or that otherwise interfere with the proper working of the Services (including by placing an unreasonable load on the Services’ infrastructure).
3. Third-Party Software. The technology underlying the Software Service may incorporate and embed software and other technology owned and controlled by third parties. Any such third-party software or technology that is incorporated in the Software Service falls under the scope of this Subscription Agreement. Such third-party software is licensed; not sold and will be provided to Customer on the license terms of this Agreement unless additional or separate license terms apply as indicated at the time of account access.
1. Software Services: During the Term of this Subscription Agreement, the Vendor shall provide the following services (“Software Services”) to Customer in accordance with and subject to the terms and conditions set forth in this Subscription Agreement and as further described in this Subscription Agreement:
a) Customer-branded responses to End-User queries in respect of accounts opened in the Territory using the Bot through the Channels in the Language, as more fully described in the Order Form;
b) Financial data integration services made available via the Software Service that enables the Software Service to access End User Data for the purpose of responding to End-User Queries (“Integration Service”); and
c) Such other related services as may be expressly agreed between Customer and Vendor from time to time as set out in the Order Form or as otherwise by signing supplemental Order Forms .
2. Support Services: During the Term of this Subscription Agreement, the Vendor shall provide the Support Services to Customer in accordance with and subject to the terms and conditions set forth in this Subscription Agreement.
3. Restrictions: Without limiting any other provision of this Subscription Agreement, Customer agrees that Customer will not (and will not allow any third party to), either directly or indirectly:
a) disseminate, market, license, sublicense, let, rent, give somebody the loan of, or sub-authorize any element of the Software Service API to any third party save as otherwise expressly provided in this Subscription Agreement;
b) reverse engineer, decrypt, decompile, decode, disassemble, or in any other way try to procure the human decipherable form of the Software Service; undertake any benchmark trials using all or any part of the Software Service API; remove any copyright notices, ownership labels or classified legends placed upon or found within the Software Service; or
c) indulge in any action with the Software Service API that meddles with, disturbs, destroys, or accesses in an unlawful way the server networks, connections, records, or other assets and tools or services of Vendor or any related third party.
4. End User Data Terms: To the extent an End User receives, procures, gathers, stores, processes or has access to any End User Data via the Software Services, Customer is solely responsible for obtaining the requisite permission from End Users for use of their End User Data in connection with the Software Services.
5. Accuracy of End User Data: Vendor does not represent, warrant or undertake that the End User Data available through the Software Services will at all times be accurate, error-free, up-to-date or complete.
4. SOCIAL NETWORK PLATFORMS AND CHANNELS
- Appointment as agent: Customer hereby appoints Vendor as its agent for the purpose of providing the Service through each Channel. Customer undertakes to take all such actions (if any) as may be required by each Channel and SNP in order to have Vendor appointed as Customer’s agent and to validate Vendor’s actions as Customer’s agent in respect of the provision of the Services under the terms of this Agreement.
- Compliance with SNP Terms: Customer expressly acknowledges that the provision of the Services through any SNP shall be subject to the SNP Terms of such SNP. Accordingly, Customer covenants and undertakes to comply with the terms of such SNP Terms, and not to use the Service in such a manner as shall breach such SNP Terms. Customer further acknowledges that in the event any SNP Terms prohibit or restrict the provision of any part of the Service through such SNP then, notwithstanding the terms of this Agreement, Vendor shall not provide such part of the Service through such SNP.
- SNP Data: Each of Customer and Vendor shall receive SNP Data in the course of the provision of the Services. Each of Customer and Vendor covenant and undertake to each other to comply with the applicable SNP Terms that may apply to any SNP Data received by them. Subject to the foregoing, Customer acknowledges that Vendor shall (and to the extent that it is in its power to do so grants Vendor a worldwide, royalty-free, and non-exclusive license during the term of Customer’s subscription to) access and store SNP Data in order to: (i) provide the Services, including storing, hosting and management of such content; (ii) create Pattern Data and Machine Learnings; and (iii) otherwise use anonymized SNP Data (including without limitation the content of End User interactions with Customer through Service) for the purpose of improving the Service.
Vendor reserves the right at any time to modify or update the Software Services with notice. Vendor will inform Customer of any planned changes or upgrades to its Software Service API or Software Services by sending an email notification at least 48 hours prior to the changes coming into effect. In case of any emergency or other unplanned modifications or updates to its Software Service API or Software Services, Vendor will send Customer a notification by email as soon as time permits informing Customer of the date when such changes or updates become effective. In the event of a discontinuation of a Software Service, any pre-paid software service fees will be refunded on a prorated basis.
6. PROPRIETARY RIGHTS
- Reservation of Rights: All right, title and interest in and to the Software Services (including without limitation the Software Service API), including all Intellectual Property Rights therein are and will remain with Vendor and its licensors. Customer acknowledges and agrees that it has no right, license or authorization with respect to any of the Software Services (including any Intellectual Property Rights therein) except as expressly set forth in this Subscription Agreement. All other rights in and to the Software Services are expressly reserved by Vendor and its licensors.
- Feedback: Vendor may freely use any suggestions, feedback or ideas Customer may provide. By providing any feedback to Vendor, Customer grants Vendor a perpetual, worldwide, fully transferable, sublicensable, non-revocable, royalty free, license to use the feedback that Customer provides. Vendor may put Customer’s provided feedback in various uses that may include but not limited to modifying and improving the Software Services, Vendor’s other current and future services/products, services advertising or marketing materials.
- Customer Data. As between Customer and Vendor, Customer owns and retains ownership of Customer content that Customer provides, stores or processes through the Service including End User Data and any other personal information Customer provides about Customer’s End Users (“Customer Data”). Customer hereby grants Vendor a perpetual, worldwide, royalty-free, and non-exclusive license to access Customer Data in order to: (i) provide the Software Services; (ii) create Pattern Data and Machine Learnings and (iii) otherwise use anonymized Customer Data (including without limitation the content of End User and Agent interactions with Customer through Service) for the purpose of improving the Service. Together with Sections 6.3(i), (ii) and (iii) constitute the “Content License”. Customer understands that Vendor, in performing the required technical steps to provide the Software Services, may (a) transmit or distribute Customer Data over various public or private networks and in various media; and (b) make such changes to Customer Data as are necessary to conform and adapt that Customer Data to the technical requirements of connecting networks, devices, Services or media. Customer confirms and warrants to Vendor that Customer has all the rights, power and authority necessary to grant the above Content License and that use of the Content in the manner contemplated will not breach the rights of any third party. For the avoidance of doubt, any End User Data that comes into Customer’s possession through any SNP as part of the Service shall be subject to the SNP Terms.
- Content Responsibilities. Customer is responsible for any and all content provided hereunder and for compliance with this Subscription Agreement including obtaining all necessary licenses, permissions and consents to enable all material comprising Customer Data to be made available to Vendor for Vendor to transmit, host and store. For greater certainty, Customer shall: (i) have sole responsibility for the accuracy, quality, integrity, legality, reliability, and appropriateness of all Customer Data; (ii) use commercially reasonable efforts to prevent unauthorized access to, or use of, the Service and notify Vendor promptly of any such unauthorized access or use.
- Use of Logo. Customer hereby grants to Finn AI the express right to use Customer’s company logo in marketing, sales, financial, and public relations materials and other communications solely to identify Customer as a Finn AI customer. Finn AI hereby grants to Customer the express right to use the Finn AI logo solely to identify Finn AI as a provider of services to Customer. Other than as expressly stated herein, neither party shall use the other party’s marks, codes, drawings or specifications without the prior written permission of the other party.
- Co-Marketing. Customer hereby grants to Finn AI consideration to participate in co-marketing activities led by Finn AI, including but not limited to shared case studies, blog posts, references, endorsements, media interviews, and other marketing initiatives. Finn AI hereby grants to Customer the same consideration to participate in similar activities led by the Customer. Both parties have the right to refuse any proposed activity at any time.
7. PRICE AND PAYMENT
- Software Services Fees: the Software Service Fees are those fees as described in the Order Form.
- Invoices and payment: Invoices will be sent and payment will be due in accordance with the terms of the Agreement. Invoice frequency is as set out in the Order Form.
8. AVAILABILITY, SECURITY AND STABILITY
- SLA: Vendor shall provide its Software Services and the Support Services in compliance with the terms specified in the Schedule 1 – Service Level Agreement (SLA) attached to this Subscription Agreement.
- Temporary Suspension: It is in the best interests of both Parties that Vendor maintain a secure and stable environment. In the event of degradation or instability of the Software Services resulting in Emergency Maintenance, Vendor may, in its sole discretion, temporarily suspend Customer’s access to the Software Services provided under this Subscription Agreement. Vendor shall have no responsibility or liability for any liabilities, losses, lost profits, potential lost business opportunities, or damages that might arise in relation to Vendor’s suspension of access to the Software Services provided under this Subscription Agreement.
- Performance: The Software Services depend on Internet availability, including networks, cabling facilities and equipment that is not in Vendor’s control. Accordingly:
a) notwithstanding anything to the contrary in the Subscription Agreement and without limiting any other provision of this Subscription Agreement, any representation made by Vendor regarding access, performance, speed, reliability, availability, use or consistency of the Software Services is based on a commercially reasonable effort basis; and
b) no guarantee is given in respect of any minimum level regarding such access, performance, speed, reliability, availability, use or consistency of the Software Service API or Software Services in respect of Internet availability, including networks, cabling facilities and equipment that is not in Vendor’s control, but Vendor agrees it will use commercially reasonable efforts to restore such availability where it is within its power to do so.
- Definition of Confidential Information: As used herein, “Confidential Information” means all confidential and proprietary information of a party (the “Disclosing Party”) disclosed to the other party (the “Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure, including the terms and conditions of this Agreement, the Customer Data, the Service, business and marketing plans, technology and technical information, product designs, and business processes. Confidential Information shall not include any information that: (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party; (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party; (iii) was independently developed by the Receiving Party without breach of any obligation owed to the Disclosing Party; or (iv) is received from a third party without breach of any obligation owed to the Disclosing Party.
- Confidentiality: The Receiving Party shall not disclose or use any Confidential Information of the Disclosing Party for any purpose outside the scope of or otherwise permitted by this Agreement, except with the Disclosing Party’s prior written permission.
- Protection: Each party agrees to protect the confidentiality of the Confidential Information of the other party in the same manner that it protects the confidentiality of its own proprietary and confidential information of like kind (but in any event using not less than reasonable care).
- Compelled Disclosure: If the Receiving Party is compelled by law to disclose Confidential Information of the Disclosing Party, it shall provide the Disclosing Party with prior notice of such compelled disclosure (to the extent legally permitted) to give Disclosing Party the opportunity, at the Disclosing Party’s cost, to contest the disclosure if it so wishes.
- Remedies: If the Receiving Party discloses or uses (or threatens to disclose or use) any Confidential Information of the Disclosing Party in breach of the confidentiality requirements in this Agreement, the Disclosing Party shall have the right, in addition to any other remedies available to it, to seek injunctive relief to enjoin such acts, it being specifically acknowledged by the parties that any other available remedies may be inadequate.
10. TERM AND TERMINATION
- Term: This Subscription Agreement comes into effect on the Subscription Commencement Date set out in the Order Form for an initial period defined by the Subscription Term Length (“Initial Term”) set out in the Order Form, unless terminated sooner in accordance with this Subscription Agreement.
- Renewal: This Subscription Agreement will automatically renew for additional one (1) year terms (each a “Renewal Term”) unless either Party sends advance written notice to the other Party, at least ninety (90) days prior to a new term starting, stating its intention not to renew the same.
- Termination: Either Party may terminate this Subscription Agreement immediately on written notice if the other:
a) Commits a material breach of this Subscription Agreement, which is capable of remedy, and the Party in breach fails to remedy the breach within thirty (30) days of written notice requiring the breaching Party to remedy the breach; or
b) Commits a material breach of this Subscription Agreement which cannot be remedied; or
c) Is repeatedly in breach of this Subscription Agreement and has been given prior notice in writing that a further breach of this Subscription Agreement will result in its termination; or
d) Is the subject of a bankruptcy order, or becomes insolvent, or makes any arrangement or composition with or assignment for the benefit of its creditors, or if it goes into either voluntary (other than for reconstruction or amalgamation) or compulsory liquidation or a receiver or administrator is appointed over its assets, or if the equivalent of any such events under the laws of any of the relevant jurisdictions occurs; or
e) Is unable, as a result of Force Majeure or for any other reason, to comply with a material portion of this Subscription Agreement for a continuous period of not less than sixty (60) days.
- Suspension or Termination in Emergency: The Vendor shall have right to suspend or terminate this Subscription Agreement immediately in the event of an emergency, suspected fraud, enforcement by external authorities or regulatory requirement or on provision of at least ten (10) days prior written notice to Customer of all other suspensions or terminations where practicable.
- Effect of Termination:
a) Any termination of this Subscription Agreement (however occasioned) shall not affect any accrued rights or liabilities of either Party nor shall it affect the coming into force or the continuance in force of any provision hereof which is expressly or by implication intended to come into or continue in force on or after such termination.
b) Upon termination of this Subscription Agreement, Customer shall, at Vendor’s choice, return all Confidential Information of Vendor (including without limitation all End User Data) and any copies thereof or destroy or permanently delete all such Confidential Information and provide written certification that it has done so.
c) Upon termination of this Subscription Agreement, Vendor shall destroy or permanently delete all Confidential Information of Customer(including without limitation all End User Data) and any copies thereof.
d) Notwithstanding anything to the contrary herein, the obligation to return, destroy or permanently delete all copies of the Confidential Information of the other Party (including without limitation End User Data) does not extend to (i) automatically generated computer backups or archival copies on Parties’ automatic backup systems, provided that such copies are held in accordance with the provisions of this Subscription Agreement for so long as they are retained; and (ii) anonymized and aggregate Protected Information in each Party’s possession.
- Surviving Provisions: The following provisions shall survive any termination or expiration of this Subscription Agreement: Sections 2.2, 3.4, 3.5, 6, 7, 9, 10, 11, 12, 13 and 14.
11. FORCE MAJEURE
- Neither Party will be liable for incomplete fulfillment or non-fulfillment of their obligations under this Subscription Agreement and losses occurred due to force majeure circumstances. Force majeure circumstances are any circumstances that the Parties could not foresee and are beyond Parties’ reasonable control and directly affect the Subscription Agreement activities: normative acts issued by the state and government institutions and binding for the Parties, strikes, natural disasters, war or any kind of military operations, blockade, epidemics, etc., but excluding any payment obligations.
- The Party that cannot fulfill its obligations as a result of force majeure circumstances shall immediately inform the other Party of occurrence of such circumstances and their possible period, as well as confirm such notice in writing not later that within seven (7) calendar days from the date of occurrence of force majeure circumstances. Failure to inform or untimely information does not give the Party that has failed to inform or has informed untimely the right to refer to any force majeure circumstances as to the grounds for release from liability for incomplete fulfillment or non-fulfillment of its obligations.
- In case of occurrence of force majeure circumstances, fulfillment of Parties’ obligations is suspended until the end of such circumstances, but if the situation remains unresolved for sixty (60) days or more, either Party may elect to terminate this Subscription Agreement without liability to the other.
12. WARRANTIES, DISCLAIMERS AND INDEMNIFICATION
- Mutual Warranties: Each Party represents, warrants to the other Party that: (i) it is a corporation, duly organized, validly existing and in good standing under the laws of its jurisdiction of incorporation; (ii) it has all requisite power and authority and approvals to execute, deliver and perform its obligations under this Subscription Agreement; (iii) the execution and delivery of this Subscription Agreement and the performance of its obligations hereunder have been duly authorized by it and any necessary third parties; and (iv) it will perform its duties and obligations hereunder in a careful, diligent, professional, proper, efficient and businesslike manner.
- Vendor Warranties: Vendor represents and warrants to Customer that during the Term of this Subscription Agreement it will provide the Software Services and Support Services in a manner consistent with any service levels or terms set out in this Subscription Agreement. Vendor does not warrant that use of the Software Services will be error-free, uninterrupted or secure.
- Disclaimer: EXCEPT AS SPECIFICALLY SET OUT HEREIN THE SOFTWARE SERVICES ARE PROVIDED “AS IS”, WITHOUT ANY REPRESENTATION AND/OR WARRANTY OF ANY KIND. VENDOR AND ITS LICENSORS AND/OR SUPPLIERS MAKE NO OTHER REPRESENTATIONS AND GIVE NO OTHER WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE REGARDING THE SERVICES PROVIDED UNDER THIS AGREEMENT AND VENDOR SPECIFICALLY DISCLAIMS ANY AND ALL STATUTORY REPRESENTATIONS AND/OR WARRANTIES AGAINST NON-INFRINGEMENT AND ANY AND ALL IMPLIED REPRESENTATIONS AND/OR WARRANTIES OF MERCHANTABILITY, DURABILITY, TITLE AND FITNESS FOR A PARTICULAR PURPOSE TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.
- MUTUAL INDEMNIFICATION: EACH PARTY AGREES TO INDEMNIFY, DEFEND AND HOLD THE OTHER PARTY AND ITS REPRESENTATIVES HARMLESS FROM ALL LOSSES ARISING OUT OF ITS GROSS NEGLIGENCE OR WILLFUL MISCONDUCT (INCLUDING, WITHOUT LIMITATION, FRAUD OR ANY OTHER UNLAWFUL ACT) IN PERFORMING ITS OBLIGATIONS PURSUANT TO THIS AGREEMENT OR, IN THE CASE OF CUSTOMER, IN ITS USE OF THE SERVICES.
- INDEMNITY FOR END USER CLAIMS: Customer SHALL KEEP VENDOR, BOTH DURING THE TERM AND AFTER EXPIRATION OF THIS AGREEMENT, FULLY AND EFFECTIVELY INDEMNIFIED AGAINST ALL LOSSES, CLAIMS, DAMAGES, LIABILITIES, COSTS AND EXPENSES INCURRED BY OR IMPOSED UPON VENDOR AS A CONSEQUENCE OF ANY AWARD OR JUDGMENT IN FAVOUR OF AN END USER OF Customer ARISING IN CONNECTION WITH THE SOFTWARE SERVICES (SAVE WHERE SUCH CLAIM WOULD OTHERWISE BE INDEMNIFIED BY VENDOR UNDER SECTION 12.4 OR 12.6).
- INDEMNITY FOR SECURITY BREACH CLAIMS: EACH PARTY (THE “INDEMNIFYING PARTY“) SHALL KEEP THE OTHER PARTY (THE “INDEMNIFIED PARTY“) FULLY AND EFFECTIVELY INDEMNIFIED AGAINST ALL DIRECT LOSSES, CLAIMS, DAMAGES, LIABILITIES, COSTS AND EXPENSES INCURRED BY OR IMPOSED UPON THE INDEMNIFIED PARTY ARISING OUT OF THE DISCLOSURE TO OR ACCESS BY AN UNAUTHORIZED THIRD PARTY OF END USER DATA (A “SECURITY BREACH”) AS A RESULT OF A BREACH OF THE TERMS OF THIS AGREEMENT BY THE INDEMNIFYING PARTY OR OTHERWISE DUE TO THE INDEMNIFYING PARTY’S WILFUL MISCONDUCT OR GROSS NEGLIGENCE.
- Indemnity by Vendor: Vendor shall defend Customer against any claim, demand, suit, or proceeding made or brought against Customer by a third party alleging that the use of the Software Services as permitted hereunder infringes or misappropriates the Intellectual Property Rights of a third party, and shall indemnify Customer for any damages finally awarded against, and for reasonable attorney’s fees incurred by, Customer in connection with any such claim; provided that Customer(a) promptly gives Vendor written notice of the claim; (b) gives Vendor sole control of the defense and settlement of the claim; and (c) provides to Vendor all reasonable assistance, at Vendor‘s expense.
13. LIMITATION OF LIABILITY
- LIMITATION ON INDIRECT LIABILITY: THE VENDOR SHALL NOT BE RESPONSIBLE FOR ANY OTHER PERSON’S OR ENTITY’S ERRORS, ACTS, OMISSIONS, FAILURES TO ACT, NEGLIGENCE OR INTENTIONAL CONDUCT, INCLUDING WITHOUT LIMITATION ENTITIES SUCH AS VENDOR’S AFFILIATES, SUBSIDIARIES, AGENTS OR SUBCONTRACTORS. IN NO EVENT SHALL VENDOR BE LIABLE TO CUSTOMER FOR ANY CONSEQUENTIAL, INCIDENTAL, PUNITIVE OR SPECIAL DAMAGES WHICH CUSTOMER OR ITS END USERS, AFFILIATES, PARENT COMPANIES, ASSOCIATES, AGENTS, OFFICERS, DIRECTORS OR EMPLOYEES MAY INCUR OR SUFFER IN CONNECTION WITH THIS AGREEMENT, RESULTING FROM VENDOR’S ACTS OR OMISSIONS PURSUANT TO THIS AGREEMENT.
- LIMITATION ON AMOUNT OF LIABILITY: TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EACH PARTY’S AGGREGATE LIABILITY FOR ALL CLAIMS RELATING TO THIS AGREEMENT SHALL NOT EXCEED THE EQUIVALENT OF THE FEES PAID BY CUSTOMER TO VENDOR IN THE PREVIOUS SIX (6) MONTHS PRECEDING THE CLAIM.
- Exceptions to Limitations: These limitations of liability do not apply to breaches of confidentiality obligations set out in Section 9, violations of a Party’s Intellectual Property Rights by the other Party, or to the indemnification obligations set out in Sections 12.4, 12.5, 12.6 and 12.7.
- Support: Vendor will provide support to Customer in accordance with the terms in Schedule 1 – Service Level Agreement. Customer is solely responsible for providing all support and technical assistance to its End Users with respect to the Software Services. Customer acknowledges and agrees that the Vendor has no obligation to provide support or technical assistance directly to the End Users of Software Services and Customer shall not represent to any such End Users that Vendor is available to provide such support. Customer agrees to use commercially reasonable efforts to provide reasonable support to End Users of the Software Services.
- Interpretation – For all purposes of this Subscription Agreement, except as otherwise expressly provided or unless the context otherwise requires:
a) All references in this Agreement to designated “sections”, “paragraphs” and other subdivisions are references to the designated sections, paragraphs and other subdivisions of this Agreement;
b) The words “herein”, “hereof” and “hereunder”, and other words of similar import, refer to this Agreement as a whole and not to any particular section, paragraph or other subdivision;
c) The headings are for convenience only and do not form a part of this Agreement, nor are they intended to interpret, define or limit the scope, extent or intent of this Agreement, or any of its provisions;
d) Where the words “include”, “includes” or “including” are used in this Agreement, they shall be deemed to be followed by the words “without limitation”, and the words following “include”, “includes” or “including”, as the case may be, shall not be considered to set forth an exhaustive list;
e) Unless otherwise stated, all references to currency shall mean United States currency;
f) Any reference to any Person shall include and shall be deemed to be a reference to any entity that is a successor to such entity;
g) Words importing gender include all genders, and words importing the singular include the plural, and vice versa.
- Governing Law and Jurisdiction – This Subscription Agreement shall be construed and enforced in accordance with, and the rights of the Parties shall be governed by, the laws of (i) the Province of British Columbia, where the Customer is incorporated within Canada; or (ii) the State of Delaware where the Customer is incorporated outside of Canada, in each case without reference to its choice of law rules. Each of the Parties hereto hereby attorns to the non-exclusive jurisdiction of the courts of (i) the Province of British Columbia, where the Customer is incorporated within Canada; or (ii) the State of Delaware where the Customer is incorporated outside of Canada.
- Set-Off – Customer shall have the right of set-off against any monies owed to the Vendor under this Subscription Agreement, any amount, merchandise or service that may be due as a result of an overpayment from Customer to the Vendor; and whether such monies are owed pursuant to this Agreement or any other agreement, understanding or arrangement Customer may have with the Vendor, or relating to the Services herein or any other services, projects or materials.
- Notices – Any notice or other communication in respect of this Agreement must reference the Customer Contract #, may be given in any manner described below to the address or number set out in the Order Form and will be deemed effective as indicated:
a) if in writing and delivered in person or by courier, on the first (1st) Business Day following its delivery; and
b) if in writing and sent by regular mail, on the seventh (7th) Business Day following the date of its mailing;
Either Party may by notice to the other change the address or number at which notices or other communications are to be given to it.
- Counterparts and Facsimile – This Subscription Agreement (and each amendment, modification and waiver in respect of it) may be executed and delivered in counterparts (including by facsimile transmission and electronic mail) each of which will be deemed an original.
- Entire Agreement – This Subscription Agreement, together with the Order Form (and any agreement referenced in the Order Form) constitutes the entire agreement between the Parties with respect to its subject matter and supersedes all prior written and oral communication with respect thereto.
- No Assignment – Subject to the Vendor’s right to engage subcontractors, neither party shall assign, subcontract or otherwise dispose of any of its rights, obligations, or interests in this Subscription Agreement without first obtaining the written approval of the other Party, which approval shall not be unreasonably withheld.
- Binding Nature of Agreement – This Subscription Agreement shall enure to the benefit of and shall be binding upon the Parties hereto together with their successors and permitted assigns.
- Amendments, Waiver – Any amendment, modification or waiver in respect of this Subscription Agreement will only be effective if in writing (including a writing evidenced by facsimile or electronic mail) and executed by the Parties.
- Further Assurances – The Parties covenant and agree to do such things and execute such further documents, agreements and assurances as may be necessary or advisable from time to time in order to carry out the terms and conditions of this Subscription Agreement in accordance with their true intent.
- Provisions Severable – If any provision of this Agreement is held to be invalid, unenforceable or illegal, such provision shall be deemed to be independent and severable from the remaining provisions of this Subscription Agreement, and the remaining provisions of this Agreement shall not be affected and shall be valid and enforceable to the full extent permitted by law.
- Rights and Remedies Cumulative – Except as provided in this Agreement, the rights, powers, remedies and privileges provided in this Subscription Agreement are cumulative and not exclusive of any rights, powers, remedies and privileges provided by law.
- Survival of Obligations – The obligations and remedies of the Parties and all rights and obligations of either Party that may have arisen or accrued prior to termination or expiry of this Subscription, survive termination or expiry of this Subscription Agreement.
15. ADDITIONAL EXPENSES
- Travel Expenses – Finn AI may seek reimbursement of travel, accommodation and incidental expenses necessarily incurred in the performance of services required for the fulfilment of this Agreement, provided: Finn AI obtains The Customer’s written approval before the Expenses are incurred; Finn AI complies with any applicable travel policies notified by The Customer; and Finn AI provides any documentation or other supporting evidence requested by The Customer to verify the Expenses.
Schedule 1 – Service Level Agreement (SLA)
Capitalized words not defined in this Schedule shall have the meaning ascribed to such words in the Subscription Agreement.
- “Actual Availability” means system Availability, as measured and monitored from Finn AI’s facilities.
- “Availability” means the Software Service is accessible to the End User or is responding to requests via Software Service APIs, as measured by the continuous monitoring service.
- “Business Days” means Monday to Friday inclusive, excluding Statutory holidays, in British Columbia, Canada.
- “Business Hours” means 9:00am to 5:00pm Pacific Time on Business Days.
- “Content” means any text or images which form a response to any end-user input.
- “Customer Software Systems” means any software system provided by the Customer (or a 3rd-party under contract with the Customer) which are required for normal operation of the Software Services.
- “Downtime” means the period of time (measured in minutes) during which the service is unavailable.
- “Regulator” means a governmental agency responsible for the application of regulations in a jurisdiction associated to Finn AI or Customer’s business.
- “Release” means a release of the software for the Software Service that corrects a defect, adds functionality, or adds new features.
- “Resolution” means provision of some form of solution to a Software Error, including a fix, patch or workaround. Final resolution to any support call depends on the nature of the Software Error and cannot be guaranteed.
- “Scheduled Downtime for Maintenance” means any system, software and/or Software Services maintenance that is scheduled and may involve downtime.
- “Software Error” means an error, malfunction or defect in the software of the Software Service that causes the Software Service to not function or to fail to perform according to the documentation and the applicable Statement of Work.
- “Service Level Failure” means an instance where System Availability during any given month falls below the target performance rates.
- “Severity Level” means the priority level assigned to each Software Error set out in this document.
- “Software Services Uptime” the proportion as a percentage calculated on a monthly basis using the following formula: [(Actual Availability divided by Total Scheduled Availability) multiplied by 100%].
- “Support Request” means a maintenance or support request related to a Software Error.
- “Total Scheduled Availability” means the total number of minutes in the relevant month less any periods of (i) Scheduled Downtime for Maintenance, (ii) Emergency Maintenance, and (iii) Downtime caused by services and systems not under Finn AI control.
2. SUPPORT HOURS:
Finn AI provides a number of Support Hours to the Customer as outlined in the applicable Order Form (this excludes hours provided for resolving Software Errors as defined in later sections of this document).
3. PERFORMANCE RATES:
Finn AI shall use commercially reasonable efforts to ensure the below target performance rates for the production instance of the Bot. Maintenance and Downtime shall be regulated by the following:
- Finn AI shall notify Customer at least 48 hours prior to any Scheduled Downtime for Maintenance;
- Scheduled Downtime for Maintenance, in most cases, shall not exceed 4 (four) consecutive Downtime hours and 16 (sixteen) cumulative Downtime hours in any given month;
- Standard Scheduled Downtime for Maintenance sessions are scheduled to be performed Monday to Thursday 1am to 5am UTC. Clients on Standard and Enterprise plans may negotiate other maintenance windows.
- On occasion, Emergency Maintenance may be required. In such cases, Finn AI shall provide Customer with a Downtime notification as soon as reasonable.
|Public Bot||Concierge Bot||Virtual Banking Assistant|
|Software Services Uptime per year of the production instance of the Bot.||99.5%||99.5%||99.5%|
4. SOFTWARE UPDATES AND UPGRADES:
Finn AI may, at its discretion, develop updates to its software systems to add features, improve or optimize performance, correct defects, or other miscellaneous non-specific changes. Upcoming updates will be communicated in scheduled communications or upon Customer’s request. Should any updates require downtime, the efforts will follow the planned scheduled downtime procedures (in Section 3).
5. SERVICE AVAILABILITY AND SERVICE CREDIT:
- The table below indicates the Service Levels Finn AI commits to achieve. If the System Availability during any given year falls below the target performance rates (“Service Level Failure”), Finn AI will provide Customer with a SLA Credit equal to the percentage of the total yearly Platform Fee applicable to the year in which the Service Level Failure occurred corresponding to the Software Services Uptime set forth in the chart below. The parties agree that any SLA Credits are not damages nor are they intended to be punitive in nature. SLA Credits will, at Customer’s option either (i) be refunded to Customer, or (ii) be credited by Finn AI to Customer in each case as follows:
|Software Services Uptime||SLA Credit|
|97% – Target Performance Rates (as laid out in Section 3)||5% of total yearly platform fee applicable to the year in which failure occurred|
|95 – 97%||10% of total yearly platform fee applicable to the year in which failure occurred|
|< 95%||20% of total yearly platform fee applicable to the year in which failure occurred|
6. SUPPORT REQUEST RESPONSE HOURS:
Finn AI will provide maintenance and support services seven days per week, 24 hours per day to Customer (and not to Customer’s end users) for Software Errors originating within the Software Service. During Support Request Response Hours, Customer may log issues and requests for maintenance or support in the following manner:
- Telephone: Customer may request maintenance and support services by calling the telephone number provided by Finn AI. All Severity 1 and Severity 2 (defined in Section 7 and 8 below) issues should be logged via telephone:
Toll Free: +1-844-691-3166 extension 88
- Email: Customer may request maintenance and support services by sending an email to [email protected]. Email is reserved for submitting Customer Severity 3 and Severity 4 issues. Email should not be used for alerting of Customer Severity 1 and Severity 2 issues
- During regular Business Hours, Finn AI will also provide Customer with such technical advice by telephone or email as will be necessary to resolve Customer’s difficulties and queries in using the Software Service. However, Customer acknowledges that Finn AI cannot guarantee that such advice and information will be free from error as such advice and information is dependent upon Customer’s interpretation of the support needed as well as complete disclosure of the circumstances preceding the request. Accordingly, Finn AI will not be liable (except for gross negligence or willful misconduct) for any damages sustained as a result of incorrect or inaccurate advice by Finn AI or its subcontractors.
- Telephone: Customer may request maintenance and support services by calling the telephone number provided by Finn AI. All Severity 1 and Severity 2 (defined in Section 7 and 8 below) issues should be logged via telephone:
7. CUSTOMER REQUIREMENTS:
For Finn AI to meet the service levels outlined in this document, the Customer must adhere to the following requirements:
- Customer must provide clear information about any maintenance/support request including: (a) a complete description of the issue including the affected individuals and their unique identification or account numbers, their roles within the system (i.e. user, administrator, store staff, etc.), order identification numbers and other relevant pieces of information, (b) clear steps to replicate the issue and the circumstances or environmental properties that has led to the occurrence of the issue, and (c) the accurate estimated severity of the issue and the magnitude of the impact on Customer’s business.
- Customer shall manage and conduct any and all communication with its End Users. Finn AI shall at no time be expected to communicate directly with End Users.
- Customer shall provide Finn AI with at least 20 Business Days written notice of any changes to any Customer Software System if such change will require Finn AI to make any modification to the setup or configuration of the Software Services.
- Customer shall provide Finn AI with at least 2 Business Days written notice of any Downtime of any Customer Software System
- Customer shall add Finn AI ([email protected]) to the notification list for Downtime or security incidents of any third party.
8. SEVERITY LEVELS (SOFTWARE ERRORS):
Upon receiving a Support Request where the issue being experienced by Customer is, in Finn AI’s reasonable assessment, clearly a Software Error, Finn AI will assign a severity level to the issue based on information provided by Customer to Finn AI fully describing the Software Error. Finn AI will then respond to the issue according to the following schedule:
|Severity Level||Description||Initial Response Time||Resolution Time|
|Public Bot||Concierge bot||Virtual Banking Assistant||Public Bot||Concierge bot||Virtual Banking Assistant|
|1||A Software Error in a production environment that results in a complete loss of usage of the solution; no workaround is available.||4 Business Hours||4 hours||4 hours||Finn AI will commit the necessary resources around the clock for problem resolution to solve, obtain workaround or reduce the severity of the error.|
|2||A reported defect in one or more key features or functions for the majority of users, required to perform necessary business functions but does not completely restrict the use of the solution; no workaround is available.||2 Business Days||8 hours||4 hours||Finn AI will commit the necessary resources and issue a resolution or obtain a workaround within 2 Business Days||Finn AI will commit the necessary resources and issue a resolution or obtain a workaround within 24 hours, or reduce the severity of the error.|
|3||A reported minor defect in one or more key features or functions of the solution but the failing does not have a critical or severe impact on customer’s business operations.||n/a||2 Business Days||8 Business Hours||As agreed upon with the Customer – case by case; may not be resolved||Next release of the software or within 8 weeks, whichever is sooner.|
|4||Enhancement request; feature is working, but not as expected by the customer; no detriment to solution.
Support team request not related to a defect or enhancement (e.g., “how do I” questions)
|n/a||5 Business Days||2 Business Days||As agreed upon with the Customer – case by case; may not be resolved|
|Resolution of any Software Error depends on the nature of the Software Error and cannot be guaranteed. However, Finn AI will use all commercially reasonable efforts to provide Resolution to all submitted issues in a timely manner and within the resolution times indicated in this table.|
9. SEVERITY LEVELS (CONTENT):
Upon receiving a support request where the issue being experienced by Customer is, in Finn AI’s reasonable assessment, a Content update, Finn AI will assign a severity level to the issue based on information provided by Customer to Finn AI fully describing the issue. Finn AI will then respond to the issue according to the following schedule:
|Severity Level||Description||Initial Response Time||Resolution Time|
|Public Bot||Concierge bot||Virtual Banking Assistant||Public Bot||Concierge bot||Virtual Banking Assistant|
|1 / 2||Content is materially wrong in such a way which exposes Customer to significant legal or reputation risk due to Finn AI error.||2 Business Days||4 Business Hours||2 Business Hours||10 Business Days||2 Business Days||Engineers will be working on the issue continuously until a solution is found. Typical resolution time is within 4 hours.|
|3||Content is incorrect; however, there is no legal risk to Customer or reputation risk is minimal.||5 Business Days||8 Business Hours||4 Business Hours||Next release of the software or within 8 weeks|
|4||Standard, planned content updates.||10 Business Days||5 Business Days||2 Business Days||As agreed upon with the Customer.|
10. SEVERITY LEVELS (REGULATORY):
Upon receiving a request from the Customer related to fulfilling a regulatory request made to the Customer by a Regulator the Finn AI will respond to the issue according to the following schedule.
|Severity Level||Description||Initial Response Time||Resolution Time|
|Public Bot||Concierge bot / Virtual banking Assistant|
|3||Request is related to an imminent or reasonably suspected to be imminent regulatory or compliance issue.||2 Business Days||10 Business Days||2 Business Days|
|4||All other requests.||5 Business Days||As agreed upon with the Customer.||As agreed upon with the Customer.|
11. SUPPORT ESCALATION PROCESS:
After a maintenance or support request has been made or a Software Error reported, it will go through the support levels outlined below until resolved:
Tier 1: Customer Support Team. The Support Team is tasked with determining the Severity Level of any Support Request and with starting the resolution of the same unless its Severity level warrants escalation to the Development Team.
Tier 2: Development Team. Any Support Request of a higher priority and/or which may require more in depth technical knowledge of the Software Service will be escalated by the customer support team to the development team.
Tier 3: Finn AI Executive Team. If any Support Request cannot be resolved by Tier 1 or Tier 2, the Development Team will escalate it to the management level/executive for resolution.
Finn AI will not be obligated to provide maintenance or support if: (a) Customer fails to provide Finn AI with all information or technical assistance required under Section 7 ; (b) the Software Service is not used in accordance with the documentation and specifications; (c) any issue is found by Finn AI to be due to a non-Finn AI supported third party or due to a modification made on non-Finn AI software systems without any prior communication to Finn AI; or (d) the Software Error cannot be reproduced. If any non-Software error, malfunction, or defect may reasonably be corrected by Finn AI, Finn AI shall use its commercially reasonable efforts to correct it at Customer’s request, subject to resource availability, and subject to Customer’s agreement to pay for such support on a time and materials basis.
13. WARRANTY AND DISCLAIMER:
Finn AI warrants that maintenance and support services will be provided by qualified personnel and in a good, workmanlike manner using commercially reasonable efforts to resolve any Software Errors. Finn AI may subcontract maintenance and support to a party designated by Finn AI; however, Finn AI will remain liable to Customer for any and all performance required under this Schedule. THERE ARE NO OTHER WARRANTIES, EXPRESS OR IMPLIED, AND NO WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE PROVIDED BY FINN AI IN RELATION TO THE MAINTENANCE OR SUPPORT SERVICES UNDER THIS SCHEDULE.
Schedule 2 – Security
Capitalized words not defined in this Schedule shall have the meaning ascribed to such words in the Subscription Agreement.
- “Multi-Tenancy” means that a single instance of the software and its supporting infrastructure serves multiple customers. Each customer may share some parts of the software solution and database runtime instances, while each tenant’s data is isolated and remains invisible to other tenants.
- “PII / Personally Identifiable Information” is information that can uniquely identify an End User or a combination of information that could reasonably identify a single End User.
- “Software Development Life-Cycle / SDLC” means the standardized process Finn AI follows to develop or customize features, improvements or changes to the Finn AI Software Services.
- “Utterance” means a text or voice statement entered by an End User into the Software Services.
- “Data Center” means a virtual computer cluster that Finn AI establishes at strategic global locations to host Finn AI Software Services.
- “Bot Instance” means a subset of the Software logically dedicated to a customer.
- “Central Services” means a subset of the Software shared by all customers.
- “Tenant” means the combination of Bot Instance and Central Services that form a logically dedicated Software service, separated by logical access controls that only the owner customer and Finn AI can access.
Finn AI’s Software Services are hosted on Amazon Web Services (AWS). Finn AI will deploy a Bot Instance as part of the Software Services to the specific Finn AI Data Center in the AWS region(s) requested by the Customer to comply with restrictions and ensure performant delivery of the Software Services. The Central Services are hosted at the Finn AI global Data Center in the USA, unless separately specified. All customer data is transferred over encrypted channels and stored at rest in encrypted mediums. Finn AI reserves the right to host the Customer’s Bot instance in a logically separated Multi-Tenant environment.
The following geographic locations are utilized for the purposes of delivering Finn AI’s Software Services to the Customer.
|N.Virginia (North America)||Primary AWS region for customer instances, contains data processing and storage for Finn AI’s Software Services.||Encrypted, in transit and at rest.|
|Finn AI Offices (Vancouver, Canada)||PII-expunged conversation data for machine learning models. Access to AWS environments to provide support.||All data PII-expunged.|
|AWS us-east-1 (North Virginia, USA)||NLP processing services for machine learning models.
Centralized logs for analytics services and customer support.
|All data PII-expunged.|
|Google DLP Service (processing: worldwide; storage:
N.Virginia (North America)
|Secondary PII redaction.||Partially PII-expunged data. Encrypted in transit. No data stored at rest.|
|Airtable (Servers in the USA)||Content management tool for configuration.||N/A. No end user data.|
|For information on AWS regions see aws.amazon.com/about-aws/global-infrastructure/
For information on Google data secure handling compliance, see cloud.google.com/security/compliance/
4. DATA HANDLING:
Finn AI secures data with access controls, within encrypted storage, with encrypted backups, over encrypted connections. Finn AI requires all incoming data from customer integrations to be transmitted via secure method, such as HTTPS.
All data Finn AI receives will only be for the sole purpose of providing the Software Service, and to improve the performance of the Software Service for all Finn AI Customers, including for analytics, system logging, and AI model training. All Utterance data is anonymized and removed of PII before it is used for this purpose.
Finn AI does not recognize personally identifiable financial data or user profile data for any purpose other than providing the Software Service. Any data transmitted to and received by Finn AI of personal financial nature are coincidental and are discarded as soon as they are no longer needed by the user. They are not stored in Finn AI systems. Any PII is only stored in secured customer-specific instances and is maintained and used only as required by specific features offered by Finn AI and used by the Customer.
5. PERSONALLY IDENTIFIABLE INFORMATION:
Finn AI’s philosophy is to reduce, redact and review data that is stored and collected. Finn AI only requests or stores PII that is required to support the requested functionality. In instances where Finn AI does need to use or store PII, end-user identifiable elements are removed through a process of redaction and anonymization. Training logs are anonymized before storage.
PII-redaction is achieved through a two-stage system. Stage one utilizes Finn AI’s proprietary logic to remove specific PII information. Stage two utilizes Google DLP to redact multiple types of general PII information.
6. ACCOUNT AUTHENTICATION:
When the End User first attempts to perform a privileged action with the Software Services, they will be directed to an identity provider (“IdP”), hosted or authorized by the Customer. The End User will authenticate their account on that secure site and the IdP exchanges a security token with the Finn AI Software Services. End User banking login credentials are not stored or accessible by Finn AI or any third-party channels provider (e.g. Facebook, Twitter).
7. CHANNEL SECURITY:
7.1. Facebook Messenger / Facebook Messenger Lite
Everything that is posted on Facebook messenger is encrypted, but is potentially viewable by Facebook. Chat history is persisted between user sessions and secured with the user’s Facebook account.
7.2. Finn AI Native App SDK
For SDK-powered channels, no third-party has built-in access to End User Data in Finn SDK. Access is secured between the End Users’ device and the Finn AI Software Services Backend and between the Finn AI Software Services and the Customer systems, as long as the data is accessed and transmitted through Finn AI SDK. No end user data is stored on the device. The Native App SDK is available for iOS and Android.
7.3. Finn AI Web SDK
For web-powered channels, no third-party has built-in access to End User Data in Finn AI SDK. End User Data submitted is sent securely to the Finn AI Software Services Backend and from the Finn AI Software Services to the Customer systems, as long as the data is accessed and transmitted through Finn SDK. Limited End User data may be cached in the End User’s browser for the sole purpose of locally displaying the conversation in the same browser for the chat session. This cached data is encrypted and deleted after 24 hours. Other End User Data content may be accessible to other scripts allowed to run on the same page from the Customer’s domain and from End User’s installed browser extensions. The security of the access and storage on local browser cache or memory in the parent webapp or webpage, is outside of the control of Finn AI.
System & Organization Control (SOC) 2 Type II
Obtained: May 21st 2020
Auditor: Deloitte LLP
(SOC) 2 Type II report can be provided on request and acceptance of mutual non-disclosure agreement.