TERMS OF SERVICE, v1.1

1. Introduction

1.1 Bryntum AB (“BAB”) is a developer of software products and has developed the RootCause SaaS service which enables the recording of events on a web page or application for use in diagnostic purposes and error reporting, as further described on www.therootcause.io, (the “Service”).

1.2 These BAB terms and conditions governing the Service (the “Terms and Conditions”) together with the content of the order form where the Customer has chosen subscription (the “Order”) shall jointly govern the Customer’s purchase and use of the Service (the “Agreement”). “Customer” means the natural person or legal entity entering into the Agreement with BAB. BAB and the Customer are jointly referred to as the "Parties" or either one of them as a "Party".

2. BAB undertakings

2.1 BAB will provide the Service to the Customer from the Effective Date and during the Term in accordance with these Terms and Conditions and the Order. All information necessary for the Customer to initiate the Service can be found at www.therootcause.io.

2.2 BAB may use a subcontractor for the performance of its undertakings, in whole or in part, according to these Terms and Conditions. BAB is liable for the performance of any subcontractor as if performed by BAB itself.

3. Use of the Service

3.1 The Customer is granted the right to use the Service for its own business only. The Customer’s right to use the Service with regards to the number of Team Members, web pages/applications, time period for data retention, number of Events stated and chosen by the Customer’s Order. In this regard, “Events” shall mean the number of unique incoming log requests to the Service and “Team Member” shall mean a Customer employee or contractor with access to the Service.

3.2 The Service can store many different kinds of data and information generated by the interaction with a web page and/or an application. It is the Customer’s responsibility to configure the Service in accordance with the Customer’s preferences with regard to the Customer’s configuration and selections with respect to the Service’s collection and saving of data and information occurring at web pages and/or the application(s) (the “Customer Data”).

4. Maintenance and Support

4.1 The Customer is aware that the Service is subject to maintenance activities during which parts of the Service, or the Service in its entirety, might be down.

4.2 For customers that have selected the commercial plans “Business” or “Enterprise” in the Order, premium forum support is available at: www.therootcause.io. BAB will make its best efforts to speedily answer any support-related questions posted in the support forum.

4.3 Customers who have selected the commercial plan “Free” or “Startup” are referred to the community forum support available at: www.therootcause.io. BAB does not undertake to answer any questions posted, and does not take responsibility for any answers provided by any party in the community forum.

5. Fees and terms of payment

5.1 The Services are provided on a subscription basis with payment in advance for the entire Initial Term or Renewal Term. Customer shall pay all such Subscription Fees via the payment method set forth in the Order.

5.2 BAB may suspend access to the Service or any portion thereof if Customer is late in making any payment when due. Late payments will bear interest at the rate of 1.5% per month (or the highest rate allowed by applicable law, whichever is lower) until paid. All amounts paid hereunder are non-refundable and non-creditable.

5.3 Customer is responsible for withholding, filing, and reporting all taxes, duties, and other governmental assessments associates with its activity in connection with the Service.

6. Customer’s undertakings

6.1 The Customer is responsible to inform itself of any hardware and software requirements pertaining to the Service, and if in doubt, consult with BAB. BAB is not liable for the performance, faults, or defects of the Customer’s hardware or any software developed and licensed by a party other than BAB.

6.2 The Customer is responsible for ensuring the safe-keeping of any login details pertaining to the Service. Login details shall be provided only to the Customer’s designated Team Members and shall be treated as Confidential Information.

6.3 The Customer is responsible to ensure that the Customer Data is free from any viruses, malware, trojans, worms or the like.

6.4 The Customer is further responsible for ensuring that the Customer’s use of the Service always is in accordance with all applicable laws and regulations.

6.5 The Customer shall notify BAB without delay in the event of (i) the presence of such malicious software in the Customer Data as describes in section 6.3, (ii) unauthorized access to login details according to section 6.2 or (iii) if Customer is made aware of any infringements or attempted infringements that might affect the Service.

6.6 The Customer shall adhere to any written instructions regarding the access and/or use of the Service issued by BAB at any time.

7. Personal data

7.1 BAB processes all Customer Data, including any personal data contained therein, solely for the Customer’s purposes and according to the Customer’s written instructions. BAB acts as data processor with regards to the processing of Customer Data in relation to the Customer which acts as the data controller.

7.2 BAB will take any technical and organizational measure to protect Customer Data as required by law.

8. Changes to the Service

8.1 BAB is permitted to, without prior notice to the Customer, make any changes to the Service that will not adversely affect the Customer’s use of the Service.

9. Intellectual property rights

9.1 Subject to the rights of use granted to Customer hereunder, all rights, title and interest in and to the Service, including its code, sequence, logic, structure and screens, and documentation, and to any improvements, enhancements, updates or upgrades to them, including the concepts and technology inherent in the Service, are, and at all times shall remain, the sole and exclusive property of BAB. Except for the express rights of use granted herein, nothing contained in this Agreement shall directly or indirectly be construed to assign or grant to Customer any right, title or interest in and to the trademarks, copyrights, patents or trade secrets of BAB or any ownership rights in or to the Service or software contained therein.

9.2 The Customer may not copy, disseminate or try to decompile any software that forms a part of the Service, or try to re-create the Service or offer a competing service, or enable anyone not designated as Team Member to access and use the Service.

10. Term and termination, suspension

10.1 The Agreement shall be effective upon Customer’s acceptance of the Terms and Conditions and, if applicable, BAB’s receipt of full payment from Customer according to the Order (the “Effective Date”) and continue in force for an initial period of one (1) year unless earlier terminated as described in this section 10 (the“ Initial Term”). The Term shall automatically be renewed in additional one (1) year periods (“Renewal Term”) unless either Party terminates the Agreement with thirty (30) days written notice. Initial Term and Renewal Terms shall jointly be referred to as the “Term”.

10.2 Either Party may terminate this Agreement for a Party’s material breach of this Agreement, upon fifteen days’ prior written notice to the other Party (provided such breach remains uncured at the end of such fifteen (15) days period). BAB may terminate this Agreement for BAB’s convenience upon thirty days’ prior written notice to Customer. Upon BAB’s termination for BAB’s convenience, the Customer shall be refunded the fee paid pro-rata according to the period left of the Term.

10.3 Upon expiration or termination of this Agreement, Customer’s right to use the Services will immediately cease. The following Sections shall survive any termination of this Agreement: Section9-17 .

11. Confidentiality

11.1 As used herein, “Confidential Information” means all confidential information of one Party (“Disclosing Party”) in the possession of the other (“Receiving Party”), whether or not authorized, whether disclosed orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of its disclosure. BAB acknowledges that you may disclose non-public, confidential information to BAB under this Agreement and the Customer acknowledges that the Service is confidential and proprietary to BAB. Each Party agrees to take all reasonably necessary action, including appropriate instructions and agreements with employees and agents, to protect such Confidential Information of the other Party from unauthorized disclosure. In the event of any breach of this section, each Party acknowledges that the non-breaching party would suffer irreparable harm and shall therefore, if applicable, be entitled to seek injunctive relief without the necessity of posting bond. The Customer also acknowledges that infringement or unauthorized copying of the intellectual property of BAB would cause irreparable harm to BAB.

12. Disclaimer of warranties

12.1 TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, EXCEPT AS EXPRESSLY PROVIDED FOR IN THIS AGREEMENT, THE SERVICE IS BEING PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTY OF ANY KIND. BAB DOES NOT WARRANT THAT THE SERVICE WILL MEET CUSTOMER’S REQUIREMENTS. BAB HEREBY DISCLAIMS ALL WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING, WITHOUT LIMITATION, ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES AS TO NON-INFRINGEMENT. BAB DOES NOT GUARANTEE THAT THE OPERATION OF THE SERVICE WILL BE UNINTERRUPTED OR ERROR-FREE, AND CUSTOMER ACKNOWLEDGES THAT IT IS NOT TECHNICALLY PRACTICABLE FOR BAB TO DO SO.

13. Limitation of liability

13.1 BAB’S ENTIRE LIABILITY UNDER, FOR BREACH OF, OR ARISING OUT OF THIS AGREEMENT AND/OR RELATED TO THIS AGREEMENT AND SERVICE, IS LIMITED TO THE PAYMENTS ACTUALLY MADE BY THE CUSTOMER FOR THE SERVICE DURING THE TWELVE (12) MONTHS PRIOR TO THE DATE OF THE EVENT GIVING RISE TO ANY LIABILITY. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, TORT, CONTRACT, OR OTHERWISE, SHALL BAB BE LIABLE TO YOU OR ANY OTHER PERSON OR ENTITY FOR ANY INDIRECT, SPECIAL INCIDENTAL, EXEMPLARY, PUNITIVE OR CONSEQUENTIAL DAMAGES OF ANY KIND, INCLUDING WITHOUT LIMITATION, LOST PROFITS, LOSSES OR EXPENSES, WHETHER OR NOT BAB WAS ADVISED OF, KNEW OF SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE.

14. Indemnity

14.1 The Customer agrees to indemnify and hold BAB, its subsidiaries, affiliates, officers, agents, and other partners and employees, harmless from any loss, liability, claim, or demand, including reasonable attorney’s fees, made by any third party due to or arising out of its use of the Service in violation of this Terms of Service or your violation of any law or the rights of a third party.

15. Assignment

15.1 Neither Party shall be entitled to assign nor transfer all or any of its rights, benefits and obligations under this Agreement without the prior written consent of the other Party. However, BAB shall be entitled to assign this Agreement to an entity owned wholly or partially by BAB.

16. Changes to these Terms and Conditions

16.1 BAB is permitted to make any changes to these Terms and Conditions, which do not materially or adversely affect the Customer’s use of the Service. Updated Terms and Conditions will be notified at www.therootcause.io. If the Customer does not accept such amended Terms and Conditions, then the Customer is entitled to terminate this Agreement as of the date such material changes are implemented. If the Customer terminates the Agreement with reference to this section 16.1, the Customer shall be refunded the fee paid pro-rata according to the period left of the Term, provided that the amendments of the Terms and conditions materially or adversely affect the Customer’s use of the Service.

17. Governing law and disputes

17.1 This Agreement shall be construed in accordance with and be governed by the substantive laws of Sweden. Any dispute, controversy or claim arising out of or in connection with the Agreement, or the breach, termination or invalidity thereof, shall, with the exclusion of any other courts, be settled at the District Court of Malmö, Sweden.


Download as PDF

Data Processing Agreement

This Data Processing Agreement ("DPA") reflects the requirements of the European Data Protection Regulation ("GDPR") and comes into effect on May 25, 2018.

1. Introduction

This DPA is an amendment to the Terms of Service ("Agreement") between Bryntum AB ("BAB") and the Customer ("Customer"). Capitalized terms not defined in this DPA are defined in the general Terms of Service. The parties agree that with regard to the Processing of Personal Data, Customer is the Data Controller, BAB is a Data Processor and that BAB will engage Subprocessors as part of providing the Service to Customer, as set forth in Section 5.

2. Definitions

2.1. Data Protection Laws means all laws and regulations, including laws and regulations of the European Union, the European Economic Area and their member states, Switzerland and the United Kingdom, applicable to the Processing of Personal Data under this DPA.

2.2. Personal Data means any information that identifies a natural person.

2.3. Special Data means sensitive Personal Data as defined by GDPR which reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, health or sex life, unique identity of a person by processing biometric or genetic data and criminal convictions and offences.

3. Responsibilities of BAB

3.1. By entering into this DPA, the Customer is instructing BAB to process Personal Data; (a) for the purpose of providing the Service offered by BAB, i.e. trouble shooting of web application software errors, (b) in a manner that complies with applicable laws and regulations, (c) to fulfil its duties under the terms of the Agreement, (d) as outlined in this DPA.

3.2. To the best of BAB's knowledge, there is no legislation that prevents BAB from following the instructions set forth in 3.1. In case BAB is notified of the contrary, BAB shall notify Customer about any instructions or Data Processing that violates applicable data protection laws.

3.3. BAB warrants that it will treat Personal Data as confidential information and shall implement adequate security measures and use established industry best practices to protect the Personal Data.

3.4. BAB will reasonably assist Customer with fulfilling its obligations as Data Controller, to respond to requests from its end users exercising their rights to their Personal Data, to the extent BAB is legally permitted to do so. Such rights include correcting, deleting or otherwise accessing the Personal Data. Any cost arising out of this assistance shall be borne fully by Customer. The cost of BAB's assistance is based on BAB's current hourly rate for such work.

4. Responsibilities of Customer

4.1. By entering into this DPA, Customer confirms that by using the Service provided by BAB, Customer will not violate applicable data protection laws as part of processing Personal Data.

4.2. Customer warrants that it is legally†authorized to process and share the Personal Data with BAB (including any Subprocessors engaged by BAB).

4.3. Customer acknowledges that it bears sole responsibility for the correctness, integrity and content of the Personal data submitted to BAB.

4.4. Customer warrants that it complies with all regulatory requirements and obligations set forth by relevant authorities in relation to the processing of Personal Data.

4.5. Customer warrants that it has fulfilled its duties under the applicable data protection laws and that it has notified relevant authorities about Customerís processing of Personal Data.

4.6. Customer explicitly agrees to not transfer any Special Data as defined in this DPA to BAB. If a transfer of Special Data is made, BAB cannot be held accountable for any wrongful processing of such Special Data.

4.7. Customer shall maintain an up to date register of the types and categories of Personal Data it processes.

5. Subprocessors; Data transfer

5.1. By entering into this DPA, Customer consents to BAB's use of Subprocessors and also acknowledges that BAB may add, remove or replace any such listed Subprocessor at its discretion. BAB warrants that the Subprocessors engaged meet the same requirements as BAB does in its role as Data Processor as set forth in this DPA.

5.2. The current list of Subprocessors with access to the Personal Data are documented at https://therootcause.io/privacy-policy/

5.3. Customer may at any request a detailed description of the subprocessors used by BAB in providing the Service. 5.4. If a BAB Subprocessor is located outside the European Economic Area, BAB shall ensure that any involved data transfer complies with the Data Protection Laws. Customer hereby authorizes BAB to transfer Personal Data outside the European Economic Area and to enter into standard agreements for data processing with its Subprocessors, and to transfer Personal Data in accordance with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.

6. Security

6.1. BAB shall perform organizational and technical measures, as described in Appendix A, to guarantee an adequate security level, taking into account cost of implementation relative to the risk of the data processing and the types of Personal Data processed.

6.2. BAB will promptly notify Customer after BAB becomes aware of any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unlawful access to any Customerís Personal Data that is transmitted, stored or otherwise Processed by BAB or its Subprocessors ("Security Breach"). BAB will use reasonable efforts to identify the cause of such Security Breach and shall: (a) investigate the Security Breach and provide Customer with information about the Security Breach, including if applicable, such information a Data Processor must provide to a Data Controller under Article 33(3) of the GDPR to the extent such information is reasonably available; and (b) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Breach to the extent the remediation is within BAB's reasonable control. The obligations herein shall not apply to any breach that is caused by Customer or its Team Members. Notification will be sent to Customer in accordance with Section 6.4.

6.3. BAB's obligation to report or respond to a Security Breach under this Section is not and will not be construed as an acknowledgement by BAB of any fault or liability with respect to the Security Breach.

6.4. Notifications of Security Breaches will be delivered to one or more of Customerís email addresses. It is Customerís sole responsibility to ensure the email addresses entered into the Service are correct and up to date.

7. Auditing

No more often than once per year (unless required by law), upon 30 days advanced notice by Customer, BAB shall provide Customer with reasonable assistance as needed to fulfil Customerís obligation to carry out a data protection impact assessment related to Customerís use of the Service. BAB will provide such assistance upon Customerís reasonable request. In the event of an audit, BAB reserves the right to appoint a neutral party to perform the audit. Any and all costs arising from such audit shall be borne by Customer, to the extent legally permitted.

8. Categories of Personal Data processed by BAB

8.1. The categories of Personal Data processed by BAB in connection with using the Service is documented in BAB's privacy policy at https://therootcause.io/privacy-policy/

8.2. By using the Service, Customerís Team Members and its end users are able to submit any type of data for processing by BAB, and it is therefore not possible for BAB to document which categories of Personal Data it processes.

8.3. Customer agrees to not transfer any Special Data to BAB. If a transfer of Special Data is made, BAB cannot be held accountable for any wrongful processing of such Special Data.

9. Term

The terms of this DPA are in effect during the tenure of the general Agreement.

10. Data Protection Officer

BAB has appointed a Data Protection Officer that can be reached at dpa@bryntum.com

11. Liability

In the event of a breach of the terms in this DPA, any liabilities are governed by the general Agreement between Customer and BAB.

12. Jurisdiction

This DPA shall be construed in accordance with and be governed by the substantive laws of Sweden. Any dispute, controversy or claim arising out of or in connection with the DPA, or the breach, termination or invalidity thereof, shall, with the exclusion of any other courts, be settled at the District Court of Malmˆ, Sweden.

Appendix A - Subprocessors

BAB's list of Subprocessors can be found as part of BAB's privacy policy. https://therootcause.io/privacy-policy/

Appendix B - Security Measures

The following Security Measures relating to the Service have been implemented by BAB.

Access Control

The servers and data center used by BAB for the Service is provided by Digital Ocean in the Netherlands, whose security measures can be found at https://www.digitalocean.com/security/gdpr/data-processing-agreement

System Access Control

The Service and any data in it may not be used without authorization.

BAB has implemented the following measures:

  • Ensured that all parts of the Service that processes personal data require a password, in order to prevent unauthorized access to any Personal Data.
  • The Service has a password policy that requires all users to use a strong password
  • Passwords are stored in an encrypted form
  • Ensured it is possible to delete a user of the Service completely
  • Only members of BAB's operations team can access the Service servers
  • BAB's operations team use SSH keys for any direct server access, and no standard port numbers are used.

Data Transmission Control

Personal Data may not be accessed in any way without authorization during transfer or storage.

BAB has implemented the following measures:

  • All web traffic to and from the Service uses SSL and is encrypted with 2048 bit keys.
  • Any internal inter-server Service traffic is encrypted using SSH

Availability Control

Personal Data shall be protected against accidental or unauthorized destruction or loss.

BAB has implemented the following measures:

  • Ensured that the data of the Service is backed up on a regular basis to a separate secured server.
  • Ensured that backups are encrypted and password protected

Organizational Requirements

BAB's employees and subcontractors will comply with all requirements relating to data protection.

BAB has implemented the following measures:

  • Designated a data protection offer (DPO)

  • All Bryntum employees and subcontractors have signed NDA agreements to maintain confidentiality

  • Trained staff on data privacy and data security, and on security incident protocols Bryntum AB

Download as PDF