Data Privacy & Security

We're serious about keeping your data safe. Our platform and how we work are set up to protect you and your information. We use strong security measures everywhere in our operations and always work to make them even better.

Graft is SOC 2 Type 2 Compliant 

Data Hosting

Infrastructure:

Graft is a SaaS application hosted in Amazon Web Services.

Tenancy:

All customers receive their own data tenancy of the Graft Platform. Each tenant’s data is isolated and remains invisible to other tenants to prevent unauthorized access.

Training:

• Your data is yours. We don't use your data to train our models.
• Any models you train for your own app and use cases are only accessible by your team.

Employee Security Measures 

All of Graft’s employees and contractors are under NDA. Additionally, Graft employees complete security training annually and may only access customer data in the context of a specific support request the customer has made, for example, to debug an issue or get help with the product. Customer data is not accessed as part of routine day-to-day operations of the company or development of the product (testing, releasing updates, etc).

Disk encryption and antivirus software are enabled across all Graft workstations.

Penetration Tests

Graft performs application-layer penetration tests annually.

Secure Software Development 

Graft uses both automated and manual reviews to ensure a secure software development lifecycle. 

Data Security

Data at rest is encrypted using AES-256 encryption; data in transit is encrypted with TLS 1.2.

How to Contact Us 

Please reach out to support@graft.com if you have any questions or want to report any potential issues.

Reports Available Upon Request

• SOC 2 Type 2 (Enterprise tier only, NDA required) 
• Pentest Report (Enterprise tier only, NDA required)

Legal 

• Acceptable Use Policy
• Privacy Policy
• Terms of Service
• Third-Party Data Subprocessors

Privacy Policy‍

Effective as of 1/31/2024.

This Privacy Policy describes how Graft, Inc. ("Graft," "we", “us” or "our") processes personal information that we collect through our digital or online properties or services that link to this Privacy Policy (including as applicable, our website, social media pages, marketing activities, and other activities described in this Privacy Policy (collectively, the “Service”)).

Graft provides a platform for businesses to more easily gain insight into their unstructured data. This Privacy Policy does not apply to information that we process on behalf of our business customers (such as businesses and other organizations) while providing the Graft platform to them. Accordingly, we treat all personal information we collect as pertaining to individuals in their capacities as representatives of the relevant enterprise and not their individual capacities. Our use of information that we process on behalf of our business customers may be governed by our agreements with such customers.

Index

• Personal information we collect
• How we use your personal information
• How we share your personal information
• Your choices
• Other sites and services
• Security
• International data transfers
• Children
• Changes to this Privacy Policy
• How to contact us

Personal information we collect

Information you provide to us. Personal information you may provide to us through the Service or otherwise includes:

1. Contact data, such as your first and last name, salutation, email address, billing and mailing addresses, professional title and company name, and phone number.
2. Commercial Information, such as products or services you have purchased, obtained, or considered, as well as other information related to your purchasing or consuming history.
3. Demographic data, such as your city, state, country of residence, postal code, and age.Profile data, such as information that you add to your account profile.  
4. Communications data based on our exchanges with you, including when you contact us through the Service, social media, chat feature, or otherwise.
5. Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
6. Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Third-party sources. We may combine personal information we receive from you with personal information we obtain from other sources, such as:

• Third-party services, such as other artificial intelligence platforms, data sources, and other third-party services that you link to your Service account. This data may include your API keys, and other information associated with your account on that third-party service that is made available to us based on your account settings on that service.

Automatic data collection. We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your interaction over time with the Service, our communications and other online services, such as:

1. Device data, such as your computer or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.
2. Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.
3. Communication interaction data such as your interactions with our email, text or other communications (e.g., whether you open and/or forward emails) – we may do this through use of pixel tags (which are also known as clear GIFs), which may be embedded invisibly in our emails. ‍

‍Cookies and similar technologies. Some of the automatic collection described above is facilitated by the following technologies:‍

1. ‍Cookies, which are small text files that websites store on user devices and that allow web servers to record users’ web browsing activities and remember their submissions, preferences, and login status as they navigate a site. Cookies used on our sites include both “session cookies” that are deleted when a session ends, “persistent cookies” that remain longer, “first party” cookies that we place and “third party” cookies that our third-party business partners and service providers place. ‍
2. Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data on your device outside of your browser in connection with specific applications. ‍
3. Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked. ‍
4. Chat technologies, such as those provided by HubSpot that [employ cookies and software code] to operate the chat features that you can use to communicate with us through the Service. HubSpot and other third parties may access and use information about webpages visited on our website, your IP address, your general geographic information (e.g., city, state), and other personal information you share through online chats for the purposes described in this Privacy Policy.‍
5. Session-replay technologies, such as those provided by Pendo that employ software code to record users’ interactions with the Services in a manner that allows us to watch video replays of those user sessions. The replays include users’ clicks, mobile app touches, mouse movements, scrolls and keystrokes/key touches during those sessions. These replays help us diagnose usability problems and identify areas for improvement. You can learn more about how Pendo uses your data at https://www.pendo.io/legal/privacy-policy/.

How we use your personal information

We may use your personal information for the following purposes or as otherwise described at the time of collection:

Service delivery and operations. We may use your personal information to:

• provide, operate and improve the Service and our business;
• personalizing the service, including remembering the devices from which you have previously logged in and remembering your selections and preferences as you navigate the Service;
• establish and maintain your user profile on the Service;
• communicate with you about the Service, including by sending Service-related announcements, updates, security alerts, and support and administrative messages;
• understand your needs and interests, and personalize your experience with the Service and our communications; and
• provide support for the Service, and respond to your requests, questions and feedback.

Research and development. We may use your personal information for research and development purposes, including to analyze and improve the Service and our business and to develop new products and services. ‍

Marketing and advertising. We, our service providers and our third-party advertising partners may collect and use your personal information for marketing and advertising purposes:

1. Direct marketing. We may send you direct marketing communications and may personalize these messages based on your needs and interests. You may opt-out of our marketing communications as described in the Opt-out of marketing section below.
2. Interest-based advertising. Our third-party advertising partners may use cookies and similar technologies to collect information about your interaction (including the data described in the automatic data collection section above) with the Service, our communications and other online services over time, and use that information to serve online ads that they think will interest you. This is called interest-based advertising. We may also share information about our users with these companies to facilitate interest-based advertising to those or similar users on other online platforms.  

Service improvement and analytics. We may use your personal information to analyze your usage of the Service, improve the Service, improve the rest of our business, help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails, and to develop new products and services.

Compliance and protection. We may use your personal information to:

1. comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas, investigations or requests from government authorities;
2. protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
3. audit our internal processes for compliance with legal and contractual requirements or our internal policies;
4. enforce the terms and conditions that govern the Service; and
5. prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

With your consent. In some cases, we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.
‍To create aggregated, de-identified and/or anonymized data. We may create aggregated, de-identified and/or anonymized data from your personal information and other individuals whose personal information we collect. We make personal information into de-identified and/or anonymized data by removing information that makes the data identifiable to you. We may use this aggregated, de-identified and/or anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.  
Cookies and similar technologies. In addition to the other uses included in this section, we may use the Cookies and similar technologies described above for the following purposes:

1. ‍Technical operation. To allow the technical operation of the Service, such as by remembering your selections and preferences as you navigate the site, and whether you are logged in when you visit password protected areas of the Service.‍
2. Functionality. To enhance the performance and functionality of our services.‍
3. Advertising. To help our third-party advertising partners collect information about how you use the Service and other online services over time, which they use to show you ads on other online services they believe will interest you and measure how the ads perform.‍
4. Analytics. To help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails. For example, we use HubSpot, Koala Signals, and Google Analytics for this purpose. You can learn more about HubSpot and how to prevent the use of HubSpot relating to your use of our sites here: https://knowledge.hubspot.com/reports/traffic-analytics-faq. You can learn more about Google Analytics and how to prevent the use of Google Analytics relating to your use of our sites here: https://tools.google.com/dlpage/gaoptout?hl=en. You can learn more about Koala Signals here: https://getkoala.com/legal/privacy.

Retention. We generally retain personal information to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for personal information, we may consider factors such as the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.  
When we no longer require the personal information we have collected about you, we may either delete it, anonymize it, or isolate it from further processing.

How we share your personal information

We may share your personal information with the following parties and as otherwise described in this Privacy Policy, in other applicable notices, or at the time of collection.  ‍

Service providers. Third parties that provide services on our behalf or help us operate the Service or our business (such as hosting, information technology, chat service provider, email delivery, marketing, and website analytics). ‍

Payment processors. Any payment card information you use to make a purchase on the Service is collected and processed directly by our payment processors, such as Stripe. Stripe may use your payment data in accordance with its privacy policy, https://stripe.com/privacy. ‍

Advertising partners. Third-party advertising companies for the interest-based advertising purposes described above. ‍

Third parties designated by you. We may share your personal information with third parties where you have instructed us or provided your consent to do so. We will share personal information that is needed for these other companies to provide the services that you have requested. ‍

Linked third-party services. If you link your Service account to another third-party service, we may share your personal information with that third-party service. The third party’s use of the shared information will be governed by its privacy policy and the settings associated with your account with the third-party service.‍

Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.‍

Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the Compliance and protection purposes described above. ‍

Business transferees. We may disclose personal information in the context of actual or prospective business transactions (e.g., investments in Graft, financing of Graft, public stock offerings, or the sale, transfer or merger of all or part of our business, assets or shares), for example, we may need to share certain personal information with prospective counterparties and their advisers. We may also disclose your personal information to an acquirer, successor, or assignee of Graft as part of any merger, acquisition, sale of assets, or similar transaction, and/or in the event of an insolvency, bankruptcy, or receivership in which personal information is transferred to one or more third parties as one of our business assets.

Your choices

Access or update your information. If you have registered for an account with us through the Service, you may review and update certain account information by logging into the account.
Opt-out of communications. You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us. Please note that if you choose to opt-out of marketing-related emails, you may continue to receive service-related and other non-marketing emails.  
Cookies. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Service may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org. You can also configure your device to prevent images from loading to prevent web beacons from functioning.
Blocking images/clear gifs: Most browsers and devices allow you to configure your device to prevent images from loading. To do this, follow the instructions in your particular browser or device settings.
Advertising choices. You may be able to limit use of your information for interest-based advertising through the following settings/options/tools:

1. Browser settings. Changing your internet web browser settings to block third-party cookies.
2. ‍Privacy browsers/plug-ins. Using privacy browsers and/or ad-blocking browser plug-ins that let you block tracking technologies. ‍
3. Platform settings. Google and Facebook offer opt-out features that let you opt-out of use of your information for interest-based advertising. You may be able to exercise that option at the following websites:Google: https://adssettings.google.com/
   Facebook: https://www.facebook.com/about/ads
4. Ad industry tools. Opting out of interest-based ads from companies that participate in the following industry opt-out programs:
   Network Advertising Initiative: http://www.networkadvertising.org/managing/opt_out.asp
   Digital Advertising Alliance: optout.aboutads.info.  
   AppChoices mobile app, available at https://www.youradchoices.com/appchoices, which will allow you to opt-out of interest-based ads in mobile apps served by participating members of the Digital Advertising Alliance.

You will need to apply these opt-out settings on each device and browser from which you wish to limit the use of your information for interest-based advertising purposes.  
We cannot offer any assurances as to whether the companies we work with participate in the opt-out programs described above.
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
Declining to provide information. We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.
Linked third-party platforms. If you choose to connect to the Service through another third-party platform, you may be able to use your settings in your account with that platform to limit the information we receive from it. If you revoke our ability to access information from a third-party platform, that choice will not apply to information that we have already received from that third party.
Delete your content or close your account. You can choose to delete certain content through your account. If you wish to request to close your account, please contact us.

Retention

We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for Compliance and protection purposes.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

When we no longer require the personal information, we have collected about you, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. If we anonymize your personal information (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.

Other sites and services

The Service may contain links to websites, mobile applications, and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.

Security

We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.

International data transfer

We are headquartered in the United States and may use service providers that operate in other countries. Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.  

Children

The Service is not intended for use by anyone under 18 years of age. If you are a parent or guardian of a child from whom you believe we have collected personal information in a manner prohibited by law, please contact us. If we learn that we have collected personal information through the Service from a child without the consent of the child’s parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service or other appropriate means. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Privacy Policy indicates your acknowledging that the modified Privacy Policy applies to your interactions with the Service and our business.

How to contact us

Email: Privacy@graft.com  
Mail: 966 Carolina Street, San Francisco, CA 94107
Phone: 707-653-0263

‍

GRAFT, INC.  TERMS OF SERVICE

Last Updated: 1/31/2024

BY CLICKING ON THE “I ACCEPT” BUTTON , COMPLETING THE ACCOUNT REGISTRATION PROCESS, BROWSING THIS WEBSITE, OR PLACING AN ORDER FOR OR OTHERWISE ACCESSING OR USING ANY OF THE SERVICES, YOU ARE ACCEPTING ALL OF THE TERMS AND CONDITIONS OF THIS AGREEMENT.  IF YOU DO NOT AGREE TO THESE TERMS AND CONDITIONS, YOU MAY NOT USE THE SERVICES.  YOU AGREE THAT THIS AGREEMENT IS ENFORCEABLE LIKE ANY WRITTEN AGREEMENT SIGNED BY YOU.

IF YOU ARE USING THE SERVICES AS AN EMPLOYEE, CONTRACTOR, OR AGENT OF A CORPORATION, PARTNERSHIP OR SIMILAR ENTITY, THEN YOU MUST BE AUTHORIZED TO SIGN FOR AND BIND THE ENTITY IN ORDER TO ACCEPT THE TERMS OF THIS AGREEMENT, AND YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO DO SO.  THE RIGHTS GRANTED UNDER THIS AGREEMENT ARE EXPRESSLY CONDITIONED UPON ACCEPTANCE BY SUCH AUTHORIZED PERSONNEL.

These Terms of Service govern this website and its subdomains (collectively, the “Website”), the information on the Website, and the Services (as defined in Section 13.14). These Terms of Service are entered into by and between Graft, Inc. (“Company”) and the entity or person browsing the Website or placing an order for or accessing the Services (“Customer”).  The agreement between Company and Customer consists of the terms and conditions set forth below and any attachments referenced in these Terms of Service (collectively, the “Agreement”).  This Agreement is effective as of the date of Customer’s initial access to the Services through any online provisioning, registration, or order process (the “Effective Date”).  Capitalized terms will have the meanings set forth in Section 13, or in the section where they are first used.

THIS AGREEMENT AUTOMATICALLY RENEWS FOR ADDITIONAL PERIODS OF THE SAME DURATION AS THE INITIAL TERM AT COMPANY’S THEN-CURRENT FEE FOR SUCH SERVICES until either party DECLINES TO RENEW CUSTOMER’S SUBSCRIPTION IN ACCORDANCE WITH SECTION 11.1 (Term) BELOW.

From time to time, Company may modify this Agreement.  Unless otherwise specified by Company, changes become effective for Customer upon renewal of the then-current Subscription Term (as defined below) after the updated version of this Agreement goes into effect.  Company will use reasonable efforts to notify Customer of the changes through communications via the Company Solution or the email address last provided by Customer to Company.  Customer may be required to click to accept or otherwise agree to the modified Agreement before renewing a Subscription Term, and in any event continued use of the Services after the updated version of this Agreement goes into effect will constitute Customer’s acceptance of such updated version.  If Customer does not agree to the changes, Customer may terminate this Agreement in accordance with Section 11 (Term and Termination).

1. THE SERVICE

1. Access.  Subject to Customer’s payment of the Fees, Company will provide Customer with access to the Company Solution.  On or as soon as reasonably practicable after the Effective Date, the parties will work together to coordinate the necessary passwords, security protocols and policies and network links or connections and Access Protocols to allow Customer and its Authorized Users to access the Company Solution in accordance with the Access Protocols.  User ID’s may only be used by the individual Authorized User to whom it was issued, and Customer will ensure that only Authorized Users with a User ID will access the Company Solution.  Customer is responsible for maintaining the confidentiality of its Access Protocols, and is solely responsible for all activities that occur through the use thereof.  Customer agrees (a) not to allow a third party to use its account, username or password at any time, and (b) to notify Company promptly of any actual or suspected unauthorized use of Customer’s account, username or password.  Company reserves the right to change or update the Access Protocols in Company’s sole discretion from time to time.  Company also reserves the right to suspend or terminate any username and password, or other method of Customer access, that Company reasonably determines may have been used by an unauthorized third party.
2. Support Services.  Subject to the terms and conditions of this Agreement, Company will exercise commercially reasonable efforts to (a) provide support for the use of the Company Solution to Customer, and (b) keep the Company Solution operational and available to Customer (collectively, the “Support Services”), in each case in accordance with its standard policies and procedures associated with Customer’s subscription plan.‍
3. Hosting.  Company will, at its own expense, provide for the hosting of the Company Solution, provided that nothing herein will be construed to require Company to provide, or bear any responsibility with respect to, any telecommunications or computer network hardware required by Customer or any Authorized User to access the Company Solution from the Internet.‍
4. Company Communications. By opting in to receive communications through the Website or Services, you agree to receive communications from Company, including via email or calls. Communications from Company may include but are not limited to: operational communications concerning your Account or the use of the Services, updates concerning new and existing features on the Services, communications concerning promotions run by us or our third-party partners, news concerning the Company and industry developments, and communications about your employment application, if applicable. IF YOU WISH TO OPT OUT OF PROMOTIONAL EMAILS, YOU CAN UNSUBSCRIBE FROM OUR PROMOTIONAL EMAIL LIST BY FOLLOWING THE UNSUBSCRIBE OPTIONS IN THE PROMOTIONAL EMAIL ITSELF. 

2. ACCESS

1. Company Solution.  Subject to the terms and conditions of this Agreement, Company will make the Company Solution available to Customer solely for Customer’s internal business purposes.  Customer can access and use (a) the Company Solution in accordance with the Documentation, and (b) the Documentation solely to support Customer’s use of the Company Solution.  Customer may permit any Authorized Users to access and use the features and functions of the Company Solution as contemplated by this Agreement.  Customer acknowledges and agrees that the Results provided hereunder by Company are purely predictive in nature, are based on the Customer Data and application of the Models thereto, and that Company is not responsible for the consequences of Customer’s actions, decisions or other results based on Customer’s use of the Results.  Customer is solely responsible for its determinations and decisions based thereon.
2. Restrictions.  Customer will not, and will not permit any Authorized User or other party to: (a) allow any third party to access the Company Solution, Website, Results or Documentation, except as expressly allowed herein; (b) modify, adapt, alter or translate the Company Solution, Website, Results or Documentation; (c) sublicense, lease, sell, resell, rent, loan, distribute, transfer or otherwise allow the use of the Company Solution, Website, or Documentation for the benefit of any unauthorized third party; (d) reverse engineer, decompile, disassemble, or otherwise derive or determine or attempt to derive or determine the source code (or the underlying ideas, algorithms, structure or organization) of the Company Solution or Website, except as permitted by law; (e) interfere in any manner with the operation of the Company Solution or Website or the hardware and network used to operate the Company Solution or Website; (f) modify, copy or make derivative works based on any part of the Company Solution, Website, or Documentation; (g) access or use the Company Solution or Website to build a similar or competitive product or service; (h) attempt to access the Company Solution or Website through any unapproved interface; or (i) otherwise use the Company Solution, Website, Results, or Documentation in any manner that exceeds the scope of use permitted under Section 2.1 or in a manner inconsistent with applicable law, the Documentation, or this Agreement.  Customer will not remove, alter, or obscure any proprietary notices (including copyright and trademark notices) of Company or its licensors on the Results or any copies thereof.

3. INTELLECTUAL PROPERTY

1. Company Technology.  The Company Solution, Website, and Documentation, and any and all related and underlying technology, and any derivative works, modifications or improvements of any of the foregoing, including any Feedback that may be incorporated, and all worldwide Intellectual Property Rights in each of the foregoing, are the exclusive property of Company and its suppliers.  All rights in and to the Company Solution, Website, and Documentation not expressly granted to Customer in this Agreement are reserved by Company and its suppliers.  Except as expressly set forth herein, no express or implied license or right of any kind is granted to Customer regarding the Company Solution, Website, or Documentation, or any part thereof.  Notwithstanding anything to the contrary herein, Company may freely use and incorporate into Company’s products and services any suggestions, enhancement requests, recommendations, corrections, or other feedback provided by Customer or by any users of the Services relating to Company’s products or services (“Feedback”).
2. Service Data.  Customer agrees that Company may collect Service Data and use such Service Data to develop, improve, support, and operate its products and services during and after the Term.  This Section does not give Company the right to identify Customer as the source of any Service Data without written permission from Customer, nor change the confidential nature thereof.
3. Marketing.  Company may use and display Customer’s name, logo, trademarks, and service marks on Company’s website and in Company’s marketing materials in connection with identifying Customer as a customer of Company.  Upon Customer’s written request, Company will promptly remove any such marks from Company’s website, and, to the extent commercially feasible, Company’s marketing materials.

4. FEES AND EXPENSES; PAYMENTS

1. Fees. In consideration for the access rights granted to Customer and the Services performed by Company under this Agreement, Customer will be charged on a monthly or annual basis depending on the subscription plan elected by the Customer.  Customer acknowledges and agrees that Customer’s use of the Service may be limited or capped by Company in its sole discretion.  Company reserves the right (in addition to any other rights or remedies Company may have) to discontinue the Company Solution and suspend all Authorized Users’ and Customer’s access to the Services if any Fees are more than thirty (30) days overdue until such amounts are paid in full.  Customer will maintain complete, accurate and up-to-date Customer billing and contact information at all times.
2. ‍Taxes.  The Fees are exclusive of all applicable sales, use, value-added and other taxes, and all applicable duties, tariffs, assessments, export and import fees, or other similar charges, and Customer will be responsible for payment of all such taxes (other than taxes based on Company’s income), fees, duties, and charges and any related penalties and interest, arising from the payment of the fees, the provision of the Services, or the license of the Company Solution to Customer.  Customer will make all payments of Fees to Company free and clear of, and without reduction for, any withholding taxes; any such taxes imposed on payments of Fees to Company will be Customer’s sole responsibility, and Customer will provide Company with official receipts issued by the appropriate taxing authority, or such other evidence as the Company may reasonably request, to establish that such taxes have been paid.‍
3. Interest.  Any amounts not paid when due will bear interest at the rate of one and one half percent (1.5%) per month, or the maximum legal rate if less, from the due date until paid.

5. CUSTOMER DATA

1. Rights.  The Customer Data, and all worldwide Intellectual Property Rights in it, is the exclusive property of Customer.  All rights in and to the Customer Data not expressly granted to Company in this Agreement are reserved by Customer.  Customer is solely responsible for any and all obligations with respect to the completeness, accuracy and quality of Customer Data provided to Company by Customer.  Customer will obtain all third-party licenses, consents and permissions needed for Company to use the Customer Data to provide the Services.  Customer hereby grants Company a non-exclusive, worldwide, royalty-free and fully paid license (a) to use, copy, store, transmit, modify, create derivative works of, and display the Customer Data as necessary for purposes of providing the Services, (b) to use the Customer Data in an aggregated and anonymized form to improve the Company Solution and Services, and Company’s related products and services.
2. Obligations.  Customer will be responsible for providing all Customer Data to Company and will provide such Customer Data in a format consistent with the requirements set forth in the Documentation (or as otherwise specified by Company).  Errors in loading Customer Data into the applicable Service due to defective media, erroneous data or failure to meet such requirements may cause Customer Data to be rejected by the Service and Company will have no responsibility for any related impact on Customer’s ability to access or use the Service.  Customer will ensure that Customer’s use of the Service and all Customer Data is at all times compliant with Customer’s privacy policies and all applicable local, state, federal and international laws, regulations and conventions, including, without limitation, those related to data privacy and data transfer, international communications, and the exportation of technical or personal data.  Customer is solely responsible for the accuracy of all Customer Data and will ensure that it will not violate Company’s Acceptable Use Policy or applicable law; Company may remove any Customer Data from the Company Solution at any time if it reasonably believes it may do so.  Customer represents and warrants to Company that Customer has sufficient rights in the Customer Data to grant the rights granted to Company in Section 5.1 and that the Customer Data does not infringe or violate the intellectual property, publicity, privacy or other rights of any third party.
3. Sharing Data.  Using the Company Solution, Customer may elect to share certain Customer Data or Results with third parties.  Customer acknowledges and agrees that Company is not responsible, and shall bear no liability, for such third party’s access to and use of Customer Data and Results.
4. Data and Security.  Customer and its Authorized Users will be responsible for all changes to and/or deletions of Customer Data and the security of all passwords and other Access Protocols required in order to access the Company Solution.  Customer is encouraged to make its own back-ups of the Results and Customer Data.  Each party shall comply with the Data Processing Addendum located at graft.com/dpa (or such successor URL as may be designated by Company) (“DPA”), which is incorporated herein by this reference.

6. PROFESSIONAL SERVICES

Where the parties have agreed to Company’s provision of professional services related to the Company Solution (“Professional Services”), the details of such Professional Services will be set out in a mutually executed statement of work (“SOW”).  The SOW will include: (a) a description of the Professional Services; (b) the schedule for the performance of the Professional Services; and (c) the Fees applicable for the performance of the Professional Services.  Each will incorporate the terms and conditions of this Agreement.  To the extent that a conflict arises between the terms and conditions of an SOW and the terms of this Agreement, the terms and conditions of this Agreement will govern, except to the extent that the SOW expressly states that it supersedes specific language in this Agreement.

7. WARRANTIES AND DISCLAIMERS

1. Limited Warranty.  Company represents and warrants that it will provide the Services and perform its other obligations under this Agreement in a professional and workmanlike manner substantially consistent with general industry standards.  Provided that Customer notifies Company in writing of the breach within thirty (30) days following performance of the defective Services, specifying the breach in reasonable detail, Company will, as Customer’s sole and exclusive remedy, for any breach of the foregoing, re-perform the Services which gave rise to the breach or, at Company’s option, refund the fees paid by Customer for the Services which gave rise to the breach.  Company further warrants to Customer that Company will use commercially reasonable efforts to operate the Company Solution free from Errors during the Term, provided that such warranty will not apply to failures to conform to the Documentation to the extent such failures arise, in whole or in part, from (a) any use of the Company Solution not in accordance with this Agreement or as specified in the Documentation; (b) any use of the Company Solution in combination with other products, equipment, software or data not supplied by Company; or (c) any modification of the Company Solution by any person other than Company or its authorized agents.  Provided that Customer notifies Company in writing of any breach of the foregoing warranty during the Term, Company will, as Customer’s sole and exclusive remedy, provide the support described in Section 1.2.
2. Disclaimer.  THE LIMITED WARRANTY SET FORTH IN SECTION 7.1 IS MADE FOR THE BENEFIT OF CUSTOMER ONLY.  EXCEPT AS EXPRESSLY PROVIDED IN SECTION 7.1, AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SERVICES, WEBSITE, RESULTS AND DOCUMENTATION ARE PROVIDED “AS IS,” AND COMPANY MAKES NO (AND HEREBY DISCLAIMS ALL) OTHER WARRANTIES, REPRESENTATIONS, OR CONDITIONS, WHETHER WRITTEN, ORAL, EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF SATISFACTORY QUALITY, COURSE OF DEALING, TRADE USAGE OR PRACTICE, SYSTEM INTEGRATION, DATA ACCURACY, MERCHANTABILITY, TITLE, NONINFRINGEMENT, OR FITNESS FOR A PARTICULAR PURPOSE.  COMPANY DOES NOT WARRANT THAT ALL ERRORS CAN BE CORRECTED, OR THAT OPERATION OF THE COMPANY SOLUTION OR WEBSITE WILL BE UNINTERRUPTED OR ERROR-FREE.  COMPANY SHALL NOT BE RESPONSIBLE FOR, AND IS EXPRESSLY RELIEVED OF RESPONSIBILITY FOR ITS REASONABLE RELIANCE ON, ANY INACCURATE OR INCOMPLETE CONTENT PROVIDED TO IT HEREUNDER.  THE COMPANY SOLUTION AND WEBSITE MAY BE SUBJECT TO LIMITATIONS, DELAYS AND OTHER COMMUNICATIONS PROBLEMS INHERENT IN THE USE OF THE INTERNET, AND COMPANY IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES OR OTHER DAMAGES RESULTING FROM SUCH PROBLEMS.

8. LIMITATION OF LIABILITY

1. Types of Damages.  IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY INCIDENTAL, INDIRECT, SPECIAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, REGARDLESS OF THE NATURE OF THE CLAIM, INCLUDING, WITHOUT LIMITATION, LOST PROFITS, COSTS OF DELAY, ANY FAILURE OF DELIVERY, BUSINESS INTERRUPTION, COSTS OF LOST OR DAMAGED DATA OR DOCUMENTATION, OR LIABILITIES TO THIRD PARTIES ARISING FROM ANY SOURCE, EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.  THIS LIMITATION UPON DAMAGES AND CLAIMS IS INTENDED TO APPLY WITHOUT REGARD TO WHETHER OTHER PROVISIONS OF THIS AGREEMENT HAVE BEEN BREACHED OR HAVE PROVEN INEFFECTIVE.  
2. Amount of Damages.  THE MAXIMUM LIABILITY OF EITHER PARTY ARISING OUT OF OR IN ANY WAY CONNECTED TO THIS AGREEMENT WILL NOT EXCEED THE FEES PAID BY CUSTOMER TO COMPANY DURING THE TWELVE (12) MONTHS PRECEDING THE ACT, OMISSION OR OCCURRENCE GIVING RISE TO SUCH LIABILITY.  IN NO EVENT WILL COMPANY’S SUPPLIERS HAVE ANY LIABILITY ARISING OUT OF OR IN ANY WAY CONNECTED TO THIS AGREEMENT.  NOTHING IN THIS AGREEMENT WILL LIMIT OR EXCLUDE CUSTOMER’S OBLIGATION TO PAY FEES OWED TO COMPANY HEREUNDER, OR BREACHES OF SECTION 2.2 OR 9, OR LIABILITY FOR GROSS NEGLIGENCE OR INTENTIONAL MISCONDUCT OF A PARTY OR ITS EMPLOYEES OR AGENTS, OR FOR DEATH OR PERSONAL INJURY.
3. Basis of the Bargain.  The Parties agree that the limitations of liability set forth in this Section 8 will survive and continue in full force and effect despite any failure of consideration or of an exclusive remedy.  The Parties acknowledge that the prices have been set and this Agreement entered into in reliance upon these limitations of liability and that all such limitations form an essential basis of the bargain between the Parties.  

9. CONFIDENTIALITY

1. Confidential Information.  “Confidential Information” means any nonpublic information of a party (the “Disclosing Party”), whether disclosed orally or in written or digital media, that is identified as “confidential” or with a similar legend at the time of such disclosure or that the receiving party (the “Receiving Party”) knows or should have known is the confidential or proprietary information of the Disclosing Party.  The Services, Documentation, and all enhancements and improvements thereto will be considered Confidential Information of Company.  The confidentiality terms set forth herein shall replace and supersede any prior non-disclosure agreement entered into between the Parties or their predecessors.
2. Protection of Confidential Information.  The Receiving Party agrees that it will not use or disclose to any third party any Confidential Information of the Disclosing Party, except as expressly permitted under this Agreement.  The Receiving Party will limit access to the Confidential Information to Authorized Users (with respect to Customer) or to those employees who have a need to know, who have confidentiality obligations no less restrictive than those set forth herein, and who have been informed of the confidential nature of such information (with respect to Company).  In addition, the Receiving Party will protect the Disclosing Party’s Confidential Information from unauthorized use, access, or disclosure in the same manner that it protects its own proprietary information of a similar nature, but in no event with less than reasonable care.  At the Disclosing Party’s request or upon termination or expiration of this Agreement, the Receiving Party will return to the Disclosing Party or destroy (or permanently erase in the case of electronic files) all copies of the Confidential Information that the Receiving Party does not have a continuing right to use under this Agreement, and the Receiving Party will, upon request, certify to the Disclosing Party its compliance with this sentence.
3. Exceptions.  The confidentiality obligations set forth in Section 9.2 will not apply to any information that (a) is at the time of disclosure or becomes generally available to the public through no fault of the Receiving Party; (b) is lawfully provided to the Receiving Party by a third party free of any confidentiality duties or obligations; (c) was already known to the Receiving Party at the time of disclosure free of any confidentiality duties or obligations; or (d) the Receiving Party can demonstrate, by clear and convincing evidence, was independently developed by employees and contractors of the Receiving Party who had no access to the Confidential Information.  In addition, the Receiving Party may disclose Confidential Information to the extent that such disclosure is necessary for the Receiving Party to enforce its rights under this Agreement or is required by law or by the order of a court or similar judicial or administrative body, provided that (to the extent legally permissible) the Receiving Party promptly notifies the Disclosing Party in writing of such required disclosure and cooperates with the Disclosing Party if the Disclosing Party seeks an appropriate protective order.

10. INDEMNIFICATION

1. By Company. Company will defend at its expense any suit brought against Customer, and will pay any settlement Company makes or approves, or any damages finally awarded in such suit, insofar as such suit is based on a claim by any third party alleging that the Company Solution infringes such third party’s patents, copyrights or trade secret rights under applicable laws of any jurisdiction within the U.S.  If any portion of the Company Solution becomes, or in Company’s opinion is likely to become, the subject of a claim of infringement, Company may, at Company’s option: (a) procure for Customer the right to continue using the Company Solution; (b) replace the Company Solution with non-infringing software or services which do not materially impair the functionality of the Company Solution; (c) modify the Company Solution so that it becomes non-infringing; or (d) terminate this Agreement and refund any unused prepaid Fees for the remainder of the Subscription Term then in effect, and upon such termination, Customer will immediately cease all use of the Company Solution and Documentation.  Notwithstanding the foregoing, Company will have no obligation under this Section 10.1 or otherwise with respect to any infringement claim based upon (i) any use of the Company Solution not in accordance with this Agreement or as specified in the Documentation; (ii) any use of the Company Solution in combination with other products, equipment, software or data not supplied by Company; or (iii) any modification of the Company Solution by any person other than Company or its authorized agents (collectively, the “Exclusions” and each, an “Exclusion”).  This Section 10.1 states the sole and exclusive remedy of Customer and the entire liability of Company, or any of the officers, directors, employees, shareholders, contractors or representatives of the foregoing, for infringement claims and actions.
2. By Customer. Customer will defend at its expense any suit brought against Company, and will pay any settlement Customer makes or approves, or any damages finally awarded in such suit, insofar as such suit is based on a claim arising out of or relating to (a) an Exclusion, or (b) Company’s use of Customer Data.  This Section 10.2 states the sole and exclusive remedy of Company and the entire liability of Customer, or any of the officers, directors, employees, shareholders, contractors or representatives of the foregoing, for the claims and actions described herein.
3. Procedure. The indemnifying party’s obligations as set forth above are expressly conditioned upon each of the foregoing: (a) the indemnified party will promptly notify the indemnifying party in writing of any threatened or actual claim or suit; (b) the indemnifying party will have sole control of the defense or settlement of any claim or suit; and (c) the indemnified party will cooperate with the indemnifying party to facilitate the settlement or defense of any claim or suit.

11. TERM AND TERMINATION

1. Term. This Agreement will begin on the Effective Date and continue in full force and effect for the period stated in Customer’s initial order (the “Initial Term”). After expiration of the Initial Term, and again after any subsequent subscription period, this Agreement with automatically renew for an additional term of the same duration as the Initial Term at Company’s then-current price for such subscription (each, a “Renewal Term”, and all Renewal Terms together with the Initial Term, the “Term”).‍
2. Termination for Convenience. Customer may terminate this Agreement for any reason or no reason (a) upon notice to Company if Customer’s subscription renews on a monthly basis; or (b) upon at least sixty (60) days’ notice to Company prior to the expiration of the then-current Initial Term or Renewal Term if Customer’s subscription renews on an annual basis. For the avoidance of doubt, no fees paid by Customer will be refundable in connection with Customer’s termination pursuant to this Section 11.2. Company may terminate this Agreement for any reason or no reason upon thirty (30) days’ prior written notice to Customer.
3. ‍Termination for Breach.  Either party may terminate this Agreement immediately upon notice to the other party if the other party materially breaches this Agreement, and such breach remains uncured more than thirty (30) days after receipt of written notice thereof.
4. ‍Effect of Termination.  Upon termination or expiration of this Agreement for any reason: (a) all licenses granted hereunder will immediately terminate; (b) promptly after the effective date of termination or expiration, each party will comply with the obligations to return all Confidential Information of the other party, as set forth in Section 9; and (c) any amounts owed to Company under this Agreement will become immediately due and payable.  Sections 2.2, 3.2, 4, 7.2, 8, 9, 10, 11.4, 11.5, 12, and 12.12 will survive expiration or termination of this Agreement for any reason.‍
5. Results.  For twenty (20) days after the end of the Term, as applicable, Company will make Results generated during the Term available to Customer through the Company Solution on a limited basis, unless Company is instructed by Customer to delete such data before that period expires.

12. MISCELLANEOUS

1. Governing Law and Venue.  This Agreement and any action related thereto will be governed and interpreted by and under the laws of the State of California, without giving effect to any conflicts of laws principles that require the application of the law of a different jurisdiction.  Customer hereby expressly consents to the personal jurisdiction and venue in the state and federal courts for San Francisco, California for any lawsuit filed there against Customer by Company arising from or related to this Agreement.  The United Nations Convention on Contracts for the International Sale of Goods does not apply to this Agreement.
2. Export.  Customer agrees not to export, reexport, or transfer, directly or indirectly, any U.S. technical data acquired from Company, or any products utilizing such data, in violation of the United States export laws or regulations.
3. Severability.  If any provision of this Agreement is, for any reason, held to be invalid or unenforceable, the other provisions of this Agreement will remain enforceable and the invalid or unenforceable provision will be deemed modified so that it is valid and enforceable to the maximum extent permitted by law.
4. Waiver.  Any waiver or failure to enforce any provision of this Agreement on one occasion will not be deemed a waiver of any other provision or of such provision on any other occasion.
5. No Assignment.  Neither party will assign, subcontract, delegate, or otherwise transfer this Agreement, or its rights and obligations herein, without obtaining the prior written consent of the other party, and any attempted assignment, subcontract, delegation, or transfer in violation of the foregoing will be null and void; provided, however, that either party may assign this Agreement in connection with a merger, acquisition, reorganization or sale of all or substantially all of its assets, or other operation of law, without any consent of the other party.  The terms of this Agreement will be binding upon the Parties and their respective successors and permitted assigns.
6. Compliance with Law.  Customer will always comply with all international and domestic laws, ordinances, regulations, and statutes that are applicable to its purchase and use of the Services, Results and Documentation.
7. Force Majeure.  Any delay in the performance of any duties or obligations of either party (except the payment of Fees owed) will not be considered a breach of this Agreement if such delay is caused by a labor dispute, shortage of materials, fire, earthquake, flood, or any other event beyond the control of such party, provided that such party uses reasonable efforts, under the circumstances, to notify the other party of the cause of such delay and to resume performance as soon as possible.
8. Independent Contractors.  Customer’s relationship to Company is that of an independent contractor, and neither party is an agent or partner of the other.  Customer will not have, and will not represent to any third party that it has, any authority to act on behalf of Company.
9. Notices.  All notices required under this Agreement must be delivered in writing, if to Company, by emailing support@graft.com and if to Customer by emailing the Customer Point of Contact email address listed when creating an account; provided, however, that with respect to any notices relating to breaches of this Agreement or termination, a copy of such notice will also be sent in writing to the other party by courier, by certified or registered mail (postage prepaid and return receipt requested), or by a nationally-recognized express mail service.  Each party may change its email address and/or address for receipt of notice by giving notice of such change to the other party.
10. Counterparts.  This Agreement may be executed in one or more counterparts, each of which will be deemed an original and all of which will be taken together and deemed to be one instrument.
11. Entire Agreement.  This Agreement is the final, complete and exclusive agreement of the Parties with respect to the subject matters hereof and supersedes and merges all prior discussions between the Parties with respect to such subject matters.  No modification of or amendment to this Agreement, or any waiver of any rights under this Agreement, will be effective unless in writing and signed by an authorized signatory of Customer and the Company.  
12. Consumer Complaints. In accordance with California Civil Code §1789.3, you may report complaints to the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs by contacting them in writing at 1625 North Market Blvd., Suite N 112, Sacramento, CA 95834, or by telephone at (800) 952-5210.

13. DEFINITIONS

1. “Acceptable Use Policy” means Company’s acceptable use policy, made available at https://graft.com/aup (as such link may be updated), and which is incorporated herein by this reference.
2. “Access Protocols” means the passwords, access codes, technical specifications, connectivity standards or protocols, or other relevant procedures, as may be necessary to allow Customer or any Authorized Users to access the Company Solution.
3. “Authorized User” means Customer’s employees who are authorized to access the Company Solution pursuant to Customer’s rights under this Agreement.
4. “Company Solution” means the Company software-as-a-service application that allows Authorized Users to access certain features and functions through a web interface.
5. “Customer Data” means any content, information, data and models provided or submitted by, or on behalf of, Customer or its Authorized Users for use with the Services.
6. “Documentation” means the technical materials provided by Company to Customer describing the use and operation of the Company Solution.
7. “Embedding Model” means Company’s machine learning model that produces either a trunk model (e.g., raw text input and dense numeric vector output) or combinator.
8. “Enrichment Model” means Company’s machine learning model that predicts a property from an embedding; e.g., a text embedding input and a numeric sentiment score output.
9. “Error” means a reproducible failure of the Company Solution to correctly apply the applicable Model to the Customer Data and properly record the output in the Results.
10. “Intellectual Property Rights” means any and all now known or hereafter existing (a) rights associated with works of authorship, including copyrights, mask work rights, and moral rights; (b) trademark or service mark rights; (c) trade secret rights; (d) patents, patent rights, and industrial property rights; (e) layout design rights, design rights, and other proprietary rights of every kind and nature other than trademarks, service marks, trade dress, and similar rights; and (f) all registrations, applications, renewals, extensions, or reissues of the foregoing, in each case in any jurisdiction throughout the world.
11. “Models” means, collectively, the Embedding Model and Enrichment Model.
12. “Results” means outputs of Models and the associated metadata generated for Customer through Customer’s use of the Services.
13. “Service Data” means processing and performance metrics and log files; diagnostics information; usage statistics; and other information about Customer’s use of the Service as well as associated metadata.  Service Data does not include Customer Data.
14. “Services” means the Company Solution, the Support Services, and any applicable Professional Services provided by Company to Customer under this Agreement as set forth in an SOW.
15. “User ID” means the unique username and password issued by Company to Customer for use by an Authorized User.