• 1. Definitions. Certain capitalized terms used but not otherwise defined in this Agreement have the meanings set forth in Exhibit A.
• 2. Participation in the Program.The Constellation API is designed to allow for Customer access to Constellation system solely for the purpose of receiving and sending, as applicable and to the extent determined by Constellation, information in connection with Constellation’s products including but not limited to its Carbon Accounting Platform and Virtual Energy Efficiency API.
• 3. Modification. Constellation may modify this Agreement at any time. Constellation will provide notice of the modifications in a manner that Constellation reasonably determines to be appropriate, including providing notice in accordance with Section 17.4. Customer may reject the modifications by, within thirty (30) days after the date of such notice, (a) ceasing all access to and use of the Constellation API, and terminating this Agreement in accordance with Section 11.2, and (b) providing written notice to Constellation of Customer’s rejection, and Customer’s cessation of access and use and termination of this Agreement. If any modification has any adverse effect on Customer or is otherwise unacceptable to Customer in any respect, Customer’s sole recourse is to terminate this Agreement and to cease accessing and using the Constellation API Materials. Customer’s continued access to or use of the Constellation API following any modification to this Agreement will constitute Customer’s binding acceptance to the modified Agreement.
• 4. Constellation Access to the Constellation API Materials.
  • 4.1 Users. Customer will require each of Customer’s Authorized Users and service providers (if any), to be bound by all of the conditions and restrictions of this Agreement. All restrictions on Customer’s access and/or use of the Constellation API Materials or Constellation Materials apply to Customer’s Authorized Users and service provider(s) (if any). Customer will remain solely responsible and liable for (and Constellation has no responsibility to Customer or to any third party for) all acts and omissions (including any loss or damage that Constellation may suffer, including without limitation, arising from any purchases of Constellation Data (e.g., electricity usage), use of any tools, features, and/or capabilities made available through the Constellation API Materials and any other acts and omissions taken in relation to use of the Constellation Data by Customer (including its personnel), Customer’s Authorized Users, employees, contractors, service provider(s), and any other persons who may have access to the Constellation API through Customer (whether or not such access is authorized by Customer or by Constellation ), including any breaches of this Agreement. Any act or omission by Customer’s Authorized Users or service provider(s) amounting to a breach of this Agreement will be deemed a breach by Customer.
  • 4.2 Constellation Data. Customer is responsible for the management, accuracy, veracity and protection of all information, content and data information passed through the Constellation API. Customer has no ownership rights in any information and/or data transmitted through the Constellation API, including the Constellation Data and/or information included in any Constellation API Materials. Customer shall solely use such information in strict accordance with this Agreement and solely for the benefit of Customer in its relationship with Constellation. In addition, Customer is prohibited from any re-use of Constellation Data as well as from combining Constellation Data with any other Customer or third-party data, except solely for providing services to the Constellation API for the Approved Purposes outlined in this Agreement. For clarity, in no event may Customer use Constellation Data for the creation, categorization or re- targeting of data segments or audiences. In addition, Customer may not use any Constellation Data and/or information included in the Constellation API Materials for any benchmarking or other purposes, or for any uses prohibited under applicable Laws.
  • 4.3 Changes to Constellation API Materials. Constellation reserves the right to modify or no longer make available the Constellation API Materials (or any portion thereof) for any or no reason, and Constellation bears no responsibility or liability for such changes. Constellation reserves the right to release subsequent versions of the Constellation API Materials (or any portion thereof) and to require Customer to use the most recent version thereof, and it is Customer’s responsibility to ensure, at Customer’s own cost, that Customer’s access to and use of the Constellation API Materials are compatible with Constellation’s then-current requirements. Without limiting the generality of the foregoing, (a) Constellation may impose or adjust the limit on the number of transactions Customer may send or receive through the Constellation API Materials at any time and (b) Constellation may limit the availability of the Constellation API Materials to any geographical area or any language and make backwards incompatible changes to the Constellation API Materials.
  • 4.4 Monitoring; Enforcement of Terms. Without limiting Section 6, Customer will provide Constellation with any information or materials that Constellation reasonably requests to verify Customer’s compliance with this Agreement, including a copy of each Customer Application and one or more test accounts that will enable Constellation to access each Customer Application in its entirety free of charge. Constellation may monitor Customer’s usage of the Constellation API Materials to verify compliance with this Agreement. Constellation may take enforcement actions against Customer if Constellation determines in its sole judgment that Customer, Customer’s Authorized Users or a Customer Application (a) violates this Agreement, (b) has a security deficiency, or (c) has inappropriately accessed, used, or disclosed Constellation Data or may otherwise threaten or damage the reputation of any Constellation Party. Enforcement actions include, as appropriate: (i) disabling or restricting Customer’s, the Authorized Users’ or the Customer Application’s access to the Constellation API Materials and/or the Sites; (ii) terminating some or all of Constellation’s agreements with Customer; and (iii) performing any other action as Constellation in its reasonable discretion deems appropriate. Constellation will use commercially reasonable efforts to provide appropriate notice to Customer in connection with any enforcement actions that it takes.
• 5. Grant of Rights and Restrictions.
  • 5.1 Constellation API Materials License. Subject to and conditioned on Customer’s compliance with this Agreement, Constellation hereby grants to Customer , under Constellation’s intellectual property rights in and to the Constellation API Materials (in the form made available to Customer by Constellation), a limited, revocable, non-transferable, non-assignable, non-sublicensable, and non- exclusive license during the Term to use and access the Constellation API Materials solely to the extent necessary to develop, test, integrate, operate and support Customer Applications to enable such Customer Applications to interact with Constellation’s databases or Constellation Services, to retrieve information necessary to provide the Customer Offerings “Approved Purposes”). Use of the Constellation API Materials by Customer under this Section 5.1 for purposes other than the Approved Purposes requires Constellation’s prior written consent. Any uses not approved by Constellation as Approved Purposes is grounds for termination by Constellation. Constellation may update the Constellation API Materials from time to time, and Customer will use the current version.
  • 5.2 Sample Code. Subject to and conditioned on Customer’s compliance with this Agreement and if applicable, Constellation hereby grants to Customer , under Constellation’s intellectual property rights in and to the Sample Code (in the form made available to Customer by Constellation via the Constellation API Materials), a limited, revocable, non-transferable, non-assignable, non-sublicensable, and non-exclusive license during the Term to reproduce, modify and make derivative works of Sample Code for the sole purpose of developing an Customer Application only as permitted under Section 5.1 for the Approved Purposes.
  • 5.3 Trademark License. Subject to the terms of this Agreement, Customer grants Constellation a worldwide, nonexclusive, royalty-free license to use Customer Marks, solely to disclose and promote the relationship between the parties to potential customers during the Term. Constellation will comply with Customer’s then-current trademark usage guidelines as made available to Constellation from time to time. Constellation will promptly correct its misuse of any Customer Marks on notice from Customer, and Constellation will cease all use of the Customer Marks if Constellation fails to promptly correct any such misuse or on notice from Customer. All goodwill, rights, and benefits in the Customer Marks that arise from their use under this Agreement will inure solely to Customer. “Customer Marks” means solely the trademarks of Customer specified by Customer for Constellation to use. “Constellation Marks” means solely the name, logos, trademarks, and trade name of Constellation specified by Constellation for Customer to use.
  • 5.4 Restrictions on Access.
    • (a) Limited Access. The Constellation Materials, including the Constellation API Materials, Constellation Data are available to Customer solely for the purpose of providing Customer Offerings to or on behalf of the Sites. Customer will not use or access (nor facilitate or enable others to use or access) the Constellation Materials in any way not expressly permitted under this Agreement. For the avoidance of doubt, and the Constellation API Materials and Constellation Data may not be disclosed and/or used by any third-party, including but not limited to any competitors of Constellation, including by Customer on behalf of any third- party, for the purposes of developing a competitive product. Constellation advertising, Constellation users, Constellation pricing, or Constellation product. In addition, the Constellation API Materials or Constellation Data may not be used for any other purpose (in whole or in part or in the aggregate) than expressly permitted under this Agreement or disclosed to any third- parties, for any reason.
    • (b) Access Keys. Constellation reserves the right to require Customer to create one or more accounts to use the Constellation API Materials. Constellation will provide Customer with access Keys that permit Customer to access the Constellation API Materials. Customer will not share (or permit anyone else to share) any user ID, password or Key, will not allow any third party to use or access Customer’s accounts, and will not do anything else that might jeopardize the security of Customer’s accounts. If Customer becomes aware of any unauthorized use of any of Customer’s passwords, accounts, or Keys, Customer will notify Constellation immediately. The Keys are the property of Constellation and may be revoked if Customer shares them with any third party (other than as expressly allowed under this Agreement). Any information Customer gives to Constellation in connection with Customer’s Constellation accounts (or otherwise in connection with the Constellation API Materials) will always be accurate, correct, and up to date.
    • (c) API Call Limits. The number of Constellation API calls Customer is permitted to make during any given period may be limited. The current call limit will be provided to Customer by Constellation and may be updated by Constellation from time to time. Constellation determines call limits based on various factors, including the ways a Customer Application may be used or the anticipated volume of use associated with a Customer Application. Constellation may, in its sole discretion, charge Customer for API calls that exceed the call limits or suspend, terminate, or revoke Customer’s or a Customer Application’s access to or use of any of the Constellation API (including by revoking or suspending any Key) or other Constellation Materials. Unused API calls will not roll over to the next day, or month, as applicable. If Customer needs a higher rate limit for valid business purposes, please contact Constellation support.
  • 5.5 Restrictions on Use of Toolkit. Except as expressly permitted in this Agreement, Customer will not (nor permit or enable anyone else to): (i) license, sublicense, sell, resell, transfer, assign, rent, loan, lease, disclose, distribute or otherwise commercially exploit or make available to any third party the Constellation Materials, including the Constellation API Materials and Constellation Data, or any other rights granted in this Agreement in any way, or use the Constellation API Materials as a service bureau; (ii) copy, modify, translate, adapt, arrange, make derivative works of or publicly display the Constellation Materials or any part thereof; (iii) distribute, publish or allow access or linking to the Constellation Materials from any location or source other than the applicable Customer Application; (iv) access or use any of the Constellation Materials for the purpose of (A) building or providing a competitive product or service, (B) building or providing a product using similar ideas, features, functions or graphics of the Constellation API Materials, or (C) copying any information, ideas, features, functions or graphics of the Constellation Materials, including, without limitation, the Constellation API Materials; (v) decompile, disassemble or otherwise reverse engineer the Constellation API Materials, or determine or attempt to determine any source code, algorithms, methods, or techniques used or embodied in the Constellation API Materials; (vi) take any action that Constellation determines imposes an unreasonably or disproportionately large burden on Constellation’s (or its designated third parties’) infrastructure (including the Constellation API Materials, or use of the Constellation API Materials in a manner that exceeds reasonable request volume, constitutes excessive or abusive usage or otherwise fails to comply or is inconsistent with any part of the Posted Terms); (vii) attempt to (X) remove, defeat or circumvent any license manager technology or copy protection device provided with the Constellation Materials , or (Y) bypass or delete any functionality or technical limitations of the Constellation Materials or that prevent or inhibit the unauthorized copying or use of the Constellation Materials; (viii) in connection with the Constellation Materials, including the Constellation API Materials, access, collect, or process Personal Information other than as permitted in this Agreement; (ix) knowingly create a Customer Application that may be used to violate any of the Posted Terms or any other Constellation policy or applicable Law; (x) engage in any fraudulent, inappropriate, unlawful activities in connection with use of the Constellation API and Constellation Materials; (xi) generate or otherwise use third parties or software to obtain fraudulent, repetitive or invalid clicks, impressions or other interactions with advertisements placed through the Constellation API and Constellation API Materials; or (xii) otherwise access or use the Constellation’s Materials.
• 6. Customer Applications.
  • 6.1 General. Customer (and not Constellation) will be solely responsible for and will perform all development, testing, distribution, use, and technical and other support of all Customer Offerings including all related costs, expenses, losses and liabilities. For all Customer Offerings, Customer will meet the requirements of the Information Security Addendum and all applicable Constellation technical specifications with respect to all Customer Offerings that Constellation may provide to Customer from time to time. Constellation will not provide or be required to provide (and is not responsible for): (a) any technical or other support services to Customer (including any Authorized Users) or any third party, or (b) monitoring or policing any dispute related to any Customer Offering or its use that may arise between or among Customer, Customer’s Authorized Users, or any other third party. Constellation may provide support and other assistance to Customer in its sole discretion. Constellation expressly disclaims any and all liability with respect to any support or other assistance provided in connection with this Agreement. Constellation makes no guarantee with respect to the availability or uptime of the Sites or the Constellation API Materials. Constellation may conduct maintenance on or stop providing the Constellation API Materials or its Sites at any time with or without notice to Customer Constellation may change the method of access to the Constellation API Materials at any time.
  • 6.2 Application Integration Environment. Notwithstanding anything to the contrary in this Agreement, Customer may only conduct any development activities authorized by this Agreement against Constellation designated application integration environment, as made available by Constellation to Customer for such purposes (such environment, the “AIE”).
  • 6.3 Constellation API Materials. Customer will immediately notify Constellation of any security deficiencies (including any actual or suspected unauthorized access to or acquisition of, theft, loss or misuse of data or actual or suspected vulnerabilities that may result in unauthorized access to or acquisition of, theft, loss or misuse of data) that Customer discovers or suspects in connection with an Customer Application, the Constellation Materials (each, a “Breach”), such notification to be made via the contact information provided on the Sites. In the event of a Breach, Customer will cooperate fully with Constellation to limit the unauthorized access, disclosure or use of data; seek the return of any such data; and assist in providing notice relating to the Breach to individuals or third parties if requested by Constellation .At Constellation’s request, Customer will assist and support Constellation in the event of an investigation by a regulator, if and to the extent that such investigation relates to Constellation information handled by Customer . Customer will not include (or permit to be included), in or in connection with a Customer Application, any spyware, malware, virus, worm, Trojan horse or other malicious or harmful code prior to being downloaded or installed.
  • 6.4 Compliance with Laws. Customer will comply with all applicable Laws related to (a) Customer’s access and use of the Constellation API Materials, Constellation Data, and (b) each Customer Application, including the development, marketing, sale, distribution and use of the Customer Application. Upon Constellation’s request, Customer will promptly provide to Constellation copies of any regulatory approvals or other approvals relating to any Customer Application. Customer will not seek any regulatory permissions or make any determinations that may result in Constellation Parties, the Constellation API Materials (or any part thereof), Constellation Data being deemed regulated or that may impose any obligations or limitations on Constellation Parties.
  • 6.5 No Limitation on Constellation’s Business. Constellation reserves the right to develop and market any technology, products or Constellation API Materials or pursue business opportunities that compete with or are similar to any of Customer’s products, including any Customer Application, and nothing in this Agreement will interfere with or adversely affect such right.
  • 6.6 Security. Customer shall comply with the security procedures Constellation establishes for access to the API and shall maintain commercially reasonable security procedures for the transmission of data to the API as set out at Exhibit B hereto. Each Party must notify the other Party immediately of any suspected security breach regarding transmissions to or from the API. Constellation may suspend Customer’s access to the API temporarily, or temporarily restrict any of the API, if, and so long as, in Constellation’s sole judgment, there is a security risk that may interfere with the proper continued provision of the API.
• 7. Licenses from Customer to Constellation.
  • 7.1 Content License. By submitting, posting, or displaying Customer Content in or through the Constellation API Materials, Customer hereby grants to the Constellation Parties a worldwide, perpetual, royalty-free, and non-exclusive license to access, use, reproduce, adapt, modify, publicly perform, publicly display and distribute Customer Content through the Constellation API Materials for the purpose of enabling Constellation to (a) provide Customer with the Constellation API Materials in accordance with this Agreement; and (b) operate the Sites and Services .
  • 7.2 Feedback. If Customer provides any Constellation Party with Feedback, then such Feedback may be utilized by the Constellation Parties without any limitation or obligation to Customer.
  • 7.3 Authority. Customer represents and warrants to Constellation that Customer has all requisite rights, power and authority necessary to grant the above licenses and rights, and to execute and deliver this Agreement.
• 8. Customer Proprietary Materials.
  • 8.1 Constellation Rights. As between Customer and Constellation, Constellation and its licensors own all right, title, and interest (including patents, copyrights, trademarks, trade secrets, and other intellectual property rights) in and to the Constellation Materials. All rights not expressly granted to Customer under this Agreement are reserved by Constellation and/or its licensors, and Customer does not have (and will not assert) any licenses or other rights (implied or otherwise) except as expressly set forth in this Agreement.
  • 8.2 Customer’s Proprietary Rights. As between Customer and Constellation, Customer retains all right, title and interest in and to Customer Content and any Customer Application, except for Constellation Materials that may be incorporated in, used by, or practiced by Customer Content or such Customer Application. Except for such Constellation Materials, Constellation claims no ownership over Customer Content or any Customer Application, and Customer retain the copyright and any other rights Customer already holds in Customer Content. Customer, and not Constellation, is responsible for Customer Content and any Customer Application and any other materials that Customer or Customer’s Authorized Users upload, post, email, or otherwise transmit using the Constellation API Materials and any Customer Application. Customer represents and warrants that: (a) Customer has and will have the requisite rights to submit, develop, and use Customer Content and any Customer Application in connection with the Constellation API Materials; (b) no Customer Content or Customer Application infringes or misappropriates, and will not infringe or misappropriate, any intellectual property or proprietary right of any third party or violate any applicable Laws; and (c) no Customer Content or Customer Application is subject to any restrictions on disclosure, transfer, download, export or re-export under any applicable Law.
• 9. Privacy Protection.
  • 9.1 Constellation Privacy Policy. By using the Constellation API Materials, Customer consents to the collection, use, and disclosure of Personal Information collected from or about Customer’s Authorized Users as described in the then-current Privacy Policy, including cross-border transfers as described in the Privacy Policy. Customer will ensure that any Authorized User who accesses the Constellation API Materials has been presented with and agrees to the Privacy Policy, and Customer will obtain any consents from Authorized Users necessary to permit Constellation to collect Personal Information from such Authorized Users.
  • 9.2 Compliance with Privacy Laws. At all times, each Customer Application will comply with all applicable Laws, rules, regulations and best practices concerning privacy, data protection and on demand or downloadable software.
    • (a) Collection and Use of Personal Information. Customer’s use of the Constellation API Materials may allow Customer to collect Personal Information from and about Constellation users (provided the collection of any Personal Information from and about Constellation users must be pre-approved by Constellation). Customer’s collection, use and disclosure of any such Personal Information will comply at all times with the Constellation Privacy Policy. Customer’s retention, secure return, and destruction of any Personal Information is subject to the terms of the Information Security Addendum. Without limiting the foregoing, Customer will destroy Personal Information when it is no longer necessary for Customer’s performance of the Agreement or when Developer ceases to access the Constellation API Materials. For the avoidance of doubt, it is not the intention to provide or allow Customer to access or obtain any Personal Information (or unique identifiers) relating to Constellation users, customers, or audiences, in connection with Customer’s access to the Constellation Materials.
    • (b) Without limiting Section 10 below, Customer will not use Personal Information to send or enable sending of unsolicited communications of any type.
  • 9.3 No Sensitive Personal Information. Any data storage functionality associated with the Constellation API Materials is not intended for the storage of Sensitive Personal Information. Customer will not (and will not permit anyone else to) upload or otherwise submit any Sensitive Personal Information in connection with the Constellation API Materials. Constellation Parties will have no responsibility or liability with respect to any such Sensitive Personal Information that is processed, transmitted, disclosed, or stored in connection with the Constellation API Materials.
• 10. Customer’s Use of Electronic Communications.
  • The following prohibitions are in addition to, and not in place of, other prohibitions and restrictions to which Customer is bound, including the Posted Terms. Unless Customer obtains Constellation’s prior express written permission, Customer may not: (i) generate, use or send or deliver to any recipient any Electronic Communication using or containing any Constellation trademarks, or any variation or misspelling thereof, or products, or the Constellation API or URLs provided to Customer as part of the Constellation API Materials; (ii) send or deliver to any recipient any Electronic Communication that in any way suggests or implies (including without limitation, via the return address, subject heading, header information or message contents) that Constellation is the initiator, sender or sponsor of such Electronic Communication or that Constellation procured or induced Customer to send or deliver such Electronic Communication; (iii) forward, redistribute, or otherwise repurpose any Electronic Communication that Constellation sends to its affiliates and/or customers; and (iv) generate or send to any recipient any unsolicited Electronic Communication.
  • Customer will comply with all applicable federal, state and local Laws, rules and regulations, including without limitation, the CAN-SPAM Act of 2003; the Telephone Consumer Protection Act and the Federal Communications Commission’s rules promulgated pursuant to such Act; and the Telemarketing Sales Rule.
• 11. Term and Termination.
  • 11.1 Term. This Agreement will become effective on the Effective Date and the term will extend until it is terminated or expires as described in this Section 11 (the “Term”).
  • 11.2 Termination.
    • (a) Constellation may terminate this Agreement and/or discontinue the Constellation API Materials or any portion or feature for any reason and at any time upon notice to Customer without liability or other obligation to Customer.
  • 11.3 Customer may terminate this Agreement upon ninety (90) days prior written notice to Constellation by (i) removing all Sample Code and the Constellation API Materials (including any code that is based on or uses the Constellation API Materials or implements the API for the Constellation API Materials) from all of Customer’s software and other materials (including any Customer Application) and discontinuing Customer’s access to and use of the Constellation API Materials and (ii) notifying Constellation that Customer has done so.
  • 11.4 Effect of Termination. When this Agreement expires or is terminated, Customer’s Keys will be revoked, all licenses granted under this Agreement immediately terminate, and Customer, any Customer Applications, and Authorized Users must immediately cease accessing or using the Constellation API Materials, Sample Code, Confidential Information, and other Constellation Materials and Customer must immediately destroy any copies of the foregoing in Customer’s (including Customer’s Authorized Users’) possession, custody or control.
  • 11.5 Survival. The following provisions of this Agreement will survive expiration or earlier termination and continue to apply indefinitely: 5.5, 6-10, 9, 11.3, 12-16 and 17.
• 12. Confidential Information.
  • 12.1 Confidential Information. Customer will not (and will not permit anyone else to) (a) use any Confidential Information except as necessary for performance of Customer obligations and exercise of Customer’s rights under this Agreement or (b) disclose any Confidential Information to anyone other than Customer’s Authorized Users who need to know such Confidential Information for such purposes. To safeguard the Confidential Information, Customer will exercise the same degree of care employed by Customer to prevent the unauthorized use and disclosure of Customer’s own confidential information, but in no event employing less than reasonable degree of care. Customer will not disclose this Agreement to any third party without the prior written consent of Constellation, except pursuant to a valid and enforceable order of a court or government agency.
  • 12.2 Exceptions. Confidential Information does not include information which: (a) is rightfully received by Customer from a third party without restriction on use or disclosure; (b) is developed by Customer independently without use of the Confidential Information; or (c) is or becomes generally known to the public other than as result of a breach by Customer of this Agreement (or other obligation of Customer to any Constellation Party). In addition, Customer may disclose Confidential Information to the extent the disclosure has been approved in advance for release by written authorization of Constellation.
  • 12.3Injunctive Relief. Customer’s breach or threatened breach of this Section 12 may cause Constellation irreparable harm and significant injury, the amount of which may be difficult to estimate and ascertain, thus making inadequate any remedy at Law or in damages. Therefore, Constellation is entitled to injunctive relief from any court of competent jurisdiction to enjoin any threatened or actual breach of this Agreement and any other relief that such court deems appropriate, in addition to any other remedy or remedies available at Law or in equity.
• 13. EXCLUSION OF WARRANTIES. THE CONSTELLATION API MATERIALS ARE PROVIDED “AS IS” AND “AS AVAILABLE.” CONSTELLATION PARTIES MAKE NO, AND HEREBY DISCLAIM ALL, REPRESENTATIONS OR WARRANTIES OF ANY KIND TO ANY PARTY, WHETHER EXPRESS, IMPLIED (EITHER IN FACT OR BY OPERATION OF LAW), OR STATUTORY, WITH RESPECT TO THE CONSTELLATION API MATERIALS, INCLUDING ALL WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT, AND ALL WARRANTIES THAT MAY ARISE FROM COURSE OF DEALING, COURSE OF PERFORMANCE, OR USAGE OF TRADE. CONSTELLATION PARTIES DO NOT REPRESENT OR WARRANT THAT THE CONSTELLATION API MATERIALS ARE OR WILL BE APPROPRIATE OR AVAILABLE FOR USE IN ANY PARTICULAR JURISDICTION. THIS SECTION WILL BE ENFORCEABLE TO THE MAXIMUM EXTENT ALLOWED BY APPLICABLE LAW. NO INFORMATION OR ADVICE (WHETHER WRITTEN, ORAL OR OTHERWISE), PROVIDED BY CONSTELLATION PARTIES OR THEIR REPRESENTATIVES WILL CREATE ANY WARRANTY OR IN ANY WAY AFFECT THE DISCLAIMERS OF WARRANTIES OR LIMITATIONS OF LIABILITY EXPRESSLY PROVIDED IN THIS AGREEMENT.
• 14. Limitation of Liability. EXCEPT WITH RESPECT TO INDEMNIFICATION OBLIGATIONS, USE OR DISCLOSURE OF CONFIDENTIAL INFORMATION, INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, TO THE MAXIMUM EXTENT ALLOWED BY APPLICABLE LAW AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY OR LIMITATION OF LIABILITY: (A) IN NO EVENT WILL ANY CONSTELLATION PARTY BE LIABLE FOR SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES (HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, WHETHER DERIVED FROM CONTRACT, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE), OR ANY LOSS OF PROFITS, LOSS OF REVENUE, LOSS OF USE, LOSS OF DATA, BUSINESS INTERRUPTION, COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES OR OTHER COVER, OR ANY OTHER COMMERCIAL OR ECONOMIC LOSS OF ANY KIND, EVEN IF ADVISED OF THE POSSIBILITY THEREOF, NOR WILL THE CONSTELLATION PARTIES BE LIABLE FOR ANY DAMAGES WHATSOEVER RESULTING FROM A FORCE MAJEURE EVENT OR AN ACT OF A THIRD PARTY OR THROUGH NO FAULT ON THEIR BEHALF; AND (B) THE TOTAL CUMULATIVE COLLECTIVE LIABILITY OF THE CONSTELLATION PARTIES, FOR ALL COSTS, LOSSES OR DAMAGES FROM ALL CLAIMS, ACTIONS OR SUITS, HOWEVER CAUSED, ARISING FROM OR RELATING TO THIS AGREEMENT OR THE SUBJECT MATTER HEREOF WILL NOT EXCEED TEN THOUSAND UNITED STATES DOLLARS (USD $10,000).
• 15. Indemnification. Customer will, at Customer’s sole expense and to the fullest extent permitted by Law, indemnify and hold harmless (and, at Constellation’s request, defend) the Constellation Parties against all losses, liabilities, expenses (including reasonable attorneys’ fees) suffered or incurred by the Constellation Parties by reason of any Claim arising out of or relating to (a) any Customer Application or Customer Content, including any assertion that any Customer Application or Customer Content or the use of either or both (i) infringes any copyright, trademark, or other intellectual property of any individual or entity, (ii) misappropriates any individual or entity’s trade secret, (iii) violates the privacy or publicity rights or any individual or entity or fails to comply with the privacy or data protection Laws (including, but not limited to, CAN-SPAM), (iv) contains any libelous, defamatory, disparaging, pornographic, or obscene materials, (v) infringes or violates any other rights of any individual or entity, or (vi) caused death or bodily injury or damage to the real or tangible property of any third party; (b) any breach of, or failure by Customer (including Customer’s Authorized Users), to comply with this Agreement; (c) access to or use of the Constellation API Materials or Constellation Data by Customer (including Customer’s Authorized Users), or anyone who accesses the Constellation API Materials or Constellation Data through Customer (whether or not such access is authorized by Customer or by Constellation); or (d) any breach by Customer of any representations, warranties, covenants, or other provisions in this Agreement. Whether or not Constellation asks Customer to defend a Claim, Customer will not agree to any settlement without the prior written consent of Constellation. If Constellation asks Customer to defend a Claim, Constellation will have the right to participate in the defense of the Claim with counsel of its own choosing. Notwithstanding the foregoing, Customer will have no obligation to indemnify and hold harmless the Constellation Parties against any losses or liabilities suffered or incurred by the Constellation Parties by reason of any determination by a court of competent jurisdiction that the Constellation API Materials as provided by Constellation infringe a copyright, trademark or patent or misappropriate a trade secret of any third party.
• 16. Other Content. The Constellation API Materials may include hyperlinks to other websites, content or resources. Constellation has no control over any web sites, content or resources that are provided by persons or entities other than Constellation. Constellation is not responsible for the availability of any such other websites, content or resources, and does not endorse any advertising, products, or other materials on or available from or through such websites, content or resources.
• 17. General Legal Terms.
  • 17.1 Governing Law and Jurisdiction. This Agreement will be governed by and construed in accordance with the Laws of the State of New York (and, to the extent controlling, the federal Laws of the United States), which will govern without reference to the conflicts-of-Laws rules thereof. The UN Convention on Contracts for the International Sale of Goods and the Uniform Computer Information Transaction Act will not apply to (and are excluded from the Laws governing) this Agreement. In addition, any Claim arising under or relating to this Agreement will be brought exclusively in (and the parties will be subject to the exclusive jurisdiction of) the State of New York.
  • 17.2 Export Control. Customer’s (including Customer’s Authorized Users’) access to and use of the Constellation Materials are subject to compliance with the Export Control Laws. Customer will be solely responsible for Customer’s (including Customer’s Authorized Users’) compliance with the Export Control Laws and monitoring any modifications to them. Customer represents and warrants that: (a) Customer (including all of Customer’s Authorized Users) is not a citizen of, or located within, a nation that is subject to U.S. trade sanctions or other significant trade restrictions; (b) Customer (including Customer’s Authorized Users) is not identified on any U.S. government restricted party lists (including the U.S. Treasury Department’s List of Specially Designated Nationals and Other Blocked Persons, the U.S. Department of Commerce’s Denied Party List, Entity List and Unverified List and the U.S. Department of State’s proliferation-related lists); (c) Customer (including Customer’s Authorized Users) will not, unless otherwise authorized under the Export Control Laws, use the Constellation Materials in any restricted end use, including design, analysis, simulation, estimation, testing, or other activities related to nuclear, chemical/biological weapons, rocket systems or unmanned air vehicles Customer Applications; and (d) no part of Customer Content is subject to any restriction on disclosure, transfer, download, export or re-export under the Export Control Laws. Customer (including Customer’s Authorized Users) will not use the Constellation Materials to disclose, transfer, download, export or re-export, directly or indirectly, Customer Content, third party content or any other content or material to any country, entity or other party which is ineligible to receive such items under the Export Control Laws or under other Laws to which Customer (including any of Customer’s Authorized Users) may be subject.
  • 17.3 General. The parties’ relationship to each other under this Agreement is strictly that of independent contractors and nothing in this Agreement will in any way constitute or be construed as evidence of intent to establish any association, partnership, joint venture or other relationship. Each party is responsible for covering its costs and expenses in performing its duties and exercising its rights under this Agreement, unless expressly provided otherwise in this Agreement. If for any reason a court of competent jurisdiction finds any provision of this Agreement, or any portion thereof, to be unenforceable, that provision will be enforced to the maximum extent permissible so as to affect the intent of this Agreement and the remainder of this Agreement will continue in full force and effect. The section headings used in this Agreement are for convenience only and will not be given any substantive effect. A party may only waive its rights under this Agreement by a written document executed by both parties. Any failure to enforce any provision of this Agreement will not constitute a waiver thereof or of any other provision hereof. Customer may not assign or transfer (by operation of Law or otherwise) any of Customer’s rights or obligations under this Agreement without Constellation’s prior written consent, and any unauthorized assignment or transfer will be void.
  • 17.4 Notices. Notices required or permitted under this Agreement must be in writing and will be deemed effective (1) on personal delivery; (2) on confirmed delivery by courier service; (3) on the first business day after transmission if sent by email with proof of delivery. Customer must ensure that Customer’s email address is current. Customer consents to service of process being effected on Customer by registered mail sent to Customer’s last address known by Constellation, if so permitted by applicable Law.
  • 17.5 Communications. When Customer sends e-mails to Constellation, Customer is communicating with Constellation electronically. For contractual purposes, Customer consents to receive communications electronically from Constellation and Customer agrees that all agreements, notices, disclosures and other communications that Constellation provide to Customer electronically satisfy any legal requirement that such communications be in writing. This condition does not affect Customer’s statutory rights.
  • 17.6 Entire Agreement. This Agreement (including the Posted Terms and any Exhibits hereto) contain the entire agreement between Customer and Constellation with respect to its subject matter and supersedes all prior or contemporaneous communications and proposals, whether electronic, oral or written, between Customer and Constellation with respect to the Constellation API Materials. This Agreement may be amended only as expressly set forth in this Agreement. By signing below, Customer indicates that: (a) Customer has read this Agreement, understands it, and agrees to be legally bound by it; and (b) Customer represents and warrants that Customer has the right, power and authority to enter into this Agreement.

Exhibit A – Definitions

• 1. Definitions.
  • 1.1 “Customer Content” means (a) certain information from a Customer made available through the Constellation API, including any files, data sets, materials, documents, and other content, data and information made available in connection with the foregoing.
  • 1.2 “API” means an applications programming interface for a service or software program (e.g., the requirements for accessing or directing the functions of the service or software program).
  • 1.3 “Authorized Users” means Customer’s individual employees and independent contractors who access and use the Constellation API on Customer’s behalf.
  • 1.4 “Claim” means any legal claim, suit or proceeding.
  • 1.5 “Confidential Information” means any information, data and materials of Constellation (a) designated by Constellation as confidential or proprietary (whether in writing or otherwise); (b) related to Constellation’s business or operations; or (c) received by Customer by virtue of Customer’s relationship with Constellation, including customer information, product plans, product designs, product costs, product prices, product names, finances, marketing plans, business opportunities, personnel, research, development, customer data, or know-how.
  • 1.6 “Constellation” means Constellation Navigator, LLC, on behalf of itself and its affiliates.
  • 1.7 “Constellation API Materials” means the (i) Constellation API; (ii) the requirements provided by Constellation to Customer for interfacing to (e.g., accessing or directing the functions of) the Constellation API; (iii) any other software provided by Constellation under this Agreement; (iv) any related materials or documents related to the foregoing including marketing materials and any reporting or metrics; and (v) any support or other assistance provided by or for Constellation in connection with this Agreement.
  • 1.8 “Constellation API” means the API (that may consist of code, instructions and/or other data and information) provided by Constellation to Customer under this Agreement, that is intended to permit a Customer Application to interface with the Sites in accordance with the terms and conditions hereof.
  • 1.9 “Constellation Data” means any data transmitted to the Customer by means of the Constellation API, including but not limited to, any related information.
  • 1.10 “Constellation Materials” means the Constellation API Materials, Constellation Data, the Sites, the Confidential Information, and any other content, data or materials provided or used in connection with, or generated by, the Constellation API Materials, together with any related intellectual property rights.
  • 1.11 “Constellation Parties” means Constellation and its affiliates, and the respective officers, directors, employees and other agents of Constellation and its affiliates.
  • 1.12 “Customer Application” means a software application or website that uses the Constellation API to facilitate, obtain and/or display Customer Content in conjunction with Constellation Data from the Platform.
  • 1.13 “Customer Content” means any content that Customer provides in a Customer Application or to the Constellation API, including files, information, data, images, videos, or computer programs (including any modules and components, functions and features of a computer program), except that Customer Content does not include the any Constellation Materials.
  • 1.14 “Customer Offerings” means, collectively, any (i) Customer Application(s), (ii) Customer Content, and (iii) services provided by or for Customer in connection with the accessing of the API for internal business purposes (e.g., display or reporting).
  • 1.15 “Customer” means the entity integrated with the API pursuant to this Agreement.
  • 1.16 “Effective Date” means the date the Agreement is last executed by a party.
  • 1.17 “Electronic Communication” includes email messages, phone communications, text messages, and any other form of non-verbal communication occurring without the use of physical mail.
  • 1.18 “Export Control Laws” means United States and other applicable countries’ export control and trade sanctions Laws, including the regulations promulgated by the U.S. Department of Commerce and the U.S. Department of the Treasury.
  • 1.19 “Feedback” means any suggestions, proposals, ideas, contributions, or other information provided by Customer (whether or not or through Customer’s Authorized Users) to Constellation regarding the Constellation API Materials, Constellation Data.
  • 1.20 “Keys” means the confidential alphanumeric or cryptographic keys that are uniquely associated with Customer’s accounts provided by Constellation to Customer for Customer’s use of the Constellation API Materials, including the Customer ID, certificate ID, and application ID.
  • 1.21 “Laws” or “Law” means any declaration, decree, directive, legislative enactment, order, ordinance, regulation, rule, law, or other requirement of or by any governmental authority.
  • 1.22 “Personal Information” has the meaning set forth in the Privacy Policy.
  • 1.23 “Posted Terms” has the meaning set forth in Section 3.1.
  • 1.24 “Privacy Policy” means Constellation’s Privacy Policy, available at Privacy Policy | Constellation_(as may be updated by Constellation from time to time).
  • 1.25 “Sample Code” means source code that is expressly designated by Constellation as eligible to be used for the purposes of developing a Customer Application.
  • 1.26 “Sensitive Personal Information” means social security numbers, credit or debit card numbers, financial account numbers, driver’s license numbers, medical information, health insurance information, sensitive data about personal characteristics such as race, religion, or sexual orientation, or other personal data that may pose a risk of harm to the individual if improperly disclosed.
  • 1.27 “Sites” means (i) the Constellation website or portal which provides access to the Services and related information; (ii) the Constellation websites, including and related applications and websites operated by or for any Constellation subsidiary, (iii) the Constellation website or portal which provides access to the Constellation API Materials and related information; (iv) any other website, device, service, application, feature, or online point of presence through which the Site, any website of any of Constellation’s Affiliates, and/or products or services (including the Services) available thereon are syndicated, offered, merchandised, advertised, or described and/or (v) any other related website or portal designated by Constellation from time to time.
  • 1.28 “Term” has the meaning set forth in Section 11.1.

Exhibit B

Security Exhibit

• 1. Scope

  This Exhibit outlines the information security expectations and requirements between Constellation Navigator, LLC (“Constellation”) and Customer. It describes the technical and organizational security measures that must be implemented by the Customer to secure Constellation Data prior to and during the performance of any part of the Constellation API License Agreement (the “Agreement”). All capitalized terms not defined in this Exhibit have the respective meanings set forth in the Agreement.

• 2. Network Security
  • (A) To maintain network security, Customer will at all times implement: next-generation firewalls, intrusion detection/prevention, advanced threat detection technology, and regular third-party security audits.
  • (B) Customer will maintain network security that conforms to Constellation approved industry standards and best practices. Examples of Constellation approved industry standards and best practices are in Section 5(D) entitled “Industry Standards”.
• 3. Application Security
  • (A) Customer will provide, maintain and support its software, updates, upgrades, and bug fixes such that the software is and remains secure from security vulnerabilities.
  • (B) Customer will perform regular vulnerability scans and conform to the following requirements:
    • i. For vulnerabilities which risk compromising Constellation’s network, system or data and which are considered to be “critical” according to the latest Common Vulnerability Security Score (“CVSS”) guidelines, Customer will repair or mitigate such vulnerabilities within thirty (30) days of patch availability or work around.
    • ii. For vulnerabilities which risk compromising Constellation’s network, system or data and which are considered to be “high” according to the latest CVSS guidelines, Customer will repair or mitigate vulnerabilities within forty-five (45) days of patch availability or workaround.
    • iii. All vulnerabilities discovered as a result of an internal or external security audit will be repaired at Customer’s expense within forty-five (45) days of notification.
  • (C) Customer writing code will conform to one of the following latest industry best practices or its equivalent:
    • i. The Open Web Application Security Project’s (“OWASP”) “Top Ten Project”
    • ii. Common Weakness Enumeration’s Top 25 Programming Errors
    • iii. SANS Institute’s Top 25 Programming Errors
  • (D) Customer will protect application accounts using one or more of the following methods:
    • i. Disable application account after certain number of failed password attempts
    • ii. Implement multi-factor authentication
    • iii. Implement IP address filtering, restricting access to Constellation-approved networks.
    • iv. Monitor and alert for attacks and fraudulent activity

  • 4. Data Security

    Customer will preserve the confidentiality, integrity, and accessibility of Constellation Data with administrative, technical and physical measures that conform to generally recognized industry standards as outlined in Section 5(D) entitled “Industry Standards”. Maintenance of a secure processing environment includes, but is not limited to, the timely application of patches, fixes and updates to operating systems and applications as provided by a service provider or open source support.

    • (A) Data Storage
      • i. Customer will store, process and maintain any and all Constellation Data solely on designated target systems.
      • ii. Customer will not process or transfer any Constellation Data to any portable computing device or any portable storage medium, unless that device or storage medium is:
        • (a) in use as part of the Customer's designated backup and recovery processes, and
        • (b) encrypted in accordance with Section 4(C), entitled “Data Encryption”.
      •  
    • (B) Data Transmission
      • i. Customer will ensure that any and all electronic transmission or exchange of system and application data with Constellation and/or any other parties expressly designated by Constellation will take place via secure means (using HTTPS, SFTP or an equivalent) and solely in accordance with the requirement in Section 4(D) entitled “Data Re-Use”. Email, instant message, text message, File Transfer Protocol (“FTP”), or other similar methods are not a secure means of transmission.
      • ii. Customer will encrypt data as described in Section 4(C) entitled “Data Encryption” before transmitting via insecure means.
    • (C) Data Encryption
      • i. Customer will deploy encryption solutions with no less than a 256-bit key for symmetric encryption and a 1024 (or larger) bit key length for asymmetric encryption.
      • ii. Customer will store all CONSTELLATION backup data as part of its designated backup and recovery processes in encrypted form if tapes or portable media are used, using a commercially supported encryption solution.
      • iii. Customer will encrypt any and all CONSTELLATION Data defined as personally identifiable information under current legislation or regulations stored on any laptop, portable computing device or portable storage medium.
      • iv. Customer will store private keys on a server behind a firewall.
      • v. Customer will implement encryption at rest for any data which includes personally identifiable information.
    • (D) Data Re-Use
      • i. Customer will use all Constellation Data and data exchanged between Constellation and Customer expressly and solely for the purposes enumerated in the current Agreement.
      • ii. Customer will not distribute, repurpose or share Constellation Data across other applications, environments, business units, or with other affiliates of Customer.
      • iii. Customer will not transmit or exchange Constellation Data with other service providers or interested parties except on a case-by-case basis, as specifically agreed to in writing by Constellation.
    • (E) General Data Protection Regulation (“GDPR”) Requirements 
      If Customer stores data that is personally identifiable information from a “data subject” as defined by GDPR, Customer will abide by GDPR’s “Processor” responsibilities and data transfer terms.
    • (F) Compliance with Applicable Laws 
      To the extent Customer receives, processes, transmits or stores data for or on behalf of Constellation, Customer represents and warrants that its information security procedures, processes, and systems will meet or exceed all applicable standards, rules and regulations, including but not limited to those related to data security and privacy.
    • (G) End of Agreement Data Handling
      • i. Upon termination of this Agreement, Customer will transfer Constellation Data in a standard readable format.
      • ii. Customer will additionally erase, destroy, and render unrecoverable all Constellation Data, using one of the following methods:
        • a. Perform a media sanitization in accordance with the standards set by the National Institute of Standards, Guidelines for Media Sanitization, SP800-88; or
        • b. Encrypt Constellation Data and then overwrite the encryption keys (crypto-shredding).
      • iii. Customer will certify in writing that one of the actions in Section 4(G)(ii) have been completed within thirty (30) days of termination of this Agreement or at the request of an authorized agent of Constellation, whichever will come first.
  • 5. Notification, Backup and Audit Requirements
    • (A) Security Breach Notification
      • i. Customer will comply with all applicable laws that require affected individuals to be notified in the event of unauthorized release of their personally identifiable information or any other security event requiring notification.
      • ii. In the event of a breach of any of Customer’s security obligations, or other event requiring notification under applicable law, Customer will:
    • (a) Notify Constellation primary contact by telephone and e-mail as well as Constellation’s Information Security team at: securityoperationscenter@constellation.com of such an event within forty-eight (48) hours of discovery;
    • (b) Assume responsibility for informing all such affected individuals in accordance with applicable law; and
    • (c) Indemnify, hold harmless and defend Constellation and its trustees, officers, and employees from and against any claims, damages, or other harm related to such notification event.
• (B) Audits & Right to Test
  • i. Customer will provide Constellation with any third-party compliance and security audits (e.g., SOC 2 reports, penetration tests, etc.) as they become available and inform Constellation primary contact and Constellation’s Information Security team of any non-compliance, exceptions, and remediation plans.
  • ii. Constellation may perform penetration or vulnerability testing from the Internet provided Constellation informs Customer at least ten (10) business days before the test.
• (C) System Audit Logging
  • i. Customer will log all actions, including date, time, and unique identifiers, and user activity.
  • ii. Customer will centrally manage logs and prevent unauthorized users from accessing the central logging system.
  • iii. Customer will review logs regularly or automatically with SIEM solutions or equivalent
  • iv. Customer logs will be made available to Constellation upon request
• (D) Industry Standards and Best Practices 
  Generally recognized industry standards include, but are not limited to, the following standards or best practices listed at:
  • i. Center for Internet Security - http://www.cisecurity.org
  • ii. National Institute for Standards and Technology - http://csrc.nist.gov
  • iii. Federal Information Security Management Act (“FISMA”) - http://csrc.nist.gov
  • iv. ISO/IEC 27000-series - http://www.iso27001security.com/
  • v. Organization for the Advancement of Structured Information Standards (“OASIS”) - http://www.oasis-open.org/
  • vi. Cloud Security Alliance CCM - https://cloudsecurityalliance.org/group/cloud-controls-matrix/#_overview
  • vii. CIS Controls - https://www.cisecurity.org/controls/
• (E) Administrative Account Management 
  Customer will protect Administrator account management based on controls listed in CIS Controls - Controlled Use of Administrative Privileges (https://www.cisecurity.org/controls/)
• (F) Disaster Recovery and Business Continuity Plans 
  Customer will maintain, adhere to, and share with Constellation a specific, detailed backup plan for systems, files, and data.
• (G) System Uptime 
  For cloud services or third-party providers managing service level agreements, Customer will provide a specific and detailed system uptime that meets Constellation’s 99.999% availability requirements.
• (H) Customer Warranty to Self-Audit
  • i. Customer warrants that the services provided in the Agreement will be in substantial conformity with the information provided in this Exhibit, through one of the following forms of self-audit:
    • (a) Cloud Security Alliance Consensus Assessment Initiative questionnaire,
    • (b) an audit conducted by Statement on System and Organizational Controls (“SOC”) No. 2 or the Payment Card Industry Data Security Standard (“PCI DDS”), or
    • (c) a similar third-party annual audit report.
  • ii. Customer will inform Constellation promptly of any material variation in operational controls from those reflected in the response to Section 5(H)(i); and
  • iii. Any material discrepancy between the requirements in this Exhibit and the response to Section 5(H)(i) will be deemed a material breach of the Agreement.