Last updated: March 10, 2021 (see previous version).
PLEASE READ THE FOLLOWING TERMS AND CONDITIONS CAREFULLY BEFORE ACCESSING OR USING THE SUBSCRIPTION SERVICES (DEFINED BELOW).
THE TERMS AND CONDITIONS OF THIS AGREEMENT (DEFINED BELOW) GOVERN USE OF THE SUBSCRIPTION SERVICES UNLESS YOU AND METABASE, INC. (“METABASE”) HAVE EXECUTED A SEPARATE AGREEMENT GOVERNING USE OF THE SUBSCRIPTION SERVICES.
Metabase is willing to provide the Subscription Services to you only upon the condition that you accept all the terms contained in this Agreement. By clicking on the checkbox marked “Subscribe” on the registration page or by accessing or using the Subscription Services, you have indicated that you understand this Agreement and accept all of its terms. If you are accepting the terms of this Agreement on behalf of a company or other legal entity, you represent and warrant that you have the authority to bind that company or other legal entity to the terms of this Agreement, and, in such event, “you” and “your” will refer to that company or other legal entity. If you do not accept all the terms of this Agreement, then you must not accept this Agreement and you may not use the Subscription Services.
“Agreement” means this Subscription Services Agreement, together with the Data Processing Addendum attached as Exhibit A.
“Customer Application Data” means data input into the Subscription Services by you and your Authorized Users. Customer Application Data includes the log-in credentials for each Authorized User and queries submitted by your Authorized Users.
“Customer Business Data” means the data on your external databases that you and your Authorized Users retrieve or access in the course of using the Subscription Services.
“Customer Data” means, collectively, the Customer Application Data, the Customer Business Data and the Customer Metadata.
“Customer Metadata” means data that describes the Customer Data. Customer Metadata may include data such as the number of datasets in a database, the average data size of a dataset, what database software a user connects to or Metabase-generated descriptions of a given dataset.
“Order” means the order schedule presented to you at the time you purchase your initial subscription to the Subscription Services or the payment confirmation furnished to you at the time of each renewal, as applicable.
“Subscription Services” means Metabase’s cloud-based business intelligence and analytics platform as specified in an Order.
2.1 Subscription Services. Subject to your compliance with the terms and conditions of this Agreement, during the Subscription Term (as defined below): (i) Metabase will: provide you with Subscription Services, and you may access and use the Subscription Services solely for your internal business purposes within the usage limits specified in the applicable Order; and (ii) Metabase will provide the support services applicable to the service tier that you have subscribed to, in accordance with Metabase’s policies from time to time.
2.2 Authorized Users. The Subscription Services may only be accessed and used by your employees and independent contractors, who may only access and use the Subscription Services for the sole purpose of performing their job functions or services (as applicable) for you (“Authorized Users”), and only up to the number of Authorized Users specified in the applicable Order. The log-in credentials for each Authorized User are for a single individual only and cannot be shared or used by more than 1 person. You are responsible for all actions taken under an Authorized User’s account, whether or not such action was taken or authorized by the Authorized User.
2.3 Restrictions. You, on behalf of yourself and your Authorized Users, agree not to: (1) copy, modify, alter, decompile or reverse engineer the Subscription Services (including the source code, object code, and underlying structure and algorithms thereof); (2) resell or otherwise make the Subscription Services available to any third party; (3) use the Subscription Services either directly or indirectly to support any activity that is illegal or that violates the proprietary rights of others; (4) interfere with or disrupt the Subscription Services or attempt to gain access to any systems or networks that connect thereto (except as required to access and use the Subscription Services); (5) deactivate, impair, or circumvent any security or authentication measures of the Subscription Services; (6) use the Subscription Services or its output to train, calibrate, or validate, in whole or in part any other systems, programs or platforms, or for benchmarking, software-development, or other competitive purposes; or (7) permit any third parties to do any of the above. You are responsible for the use of the Subscription Services by your Authorized Users, and their compliance with this Agreement.
3. Customer Data.
3.2 Security; Backup. Metabase will maintain (and will require its third party service providers to maintain) reasonable administrative, physical and technical safeguards intended to protect the Customer Data against accidental loss and unauthorized access or disclosure, in accordance with applicable industry standards. Metabase will follow its standard archival procedures for Customer Data. In the event of any loss or corruption of Customer Data, Metabase will use its commercially reasonable efforts to restore the lost or corrupted Customer Data from the latest backup of such Customer Data maintained by Metabase. Metabase will not be responsible for any loss, destruction, alteration, unauthorized disclosure or corruption of Customer Data caused by you or by any Authorized User or third party. METABASE’S EFFORTS TO RESTORE LOST OR CORRUPTED CUSTOMER DATA PURSUANT TO THIS SECTION 3.2 WILL CONSTITUTE METABASE’S SOLE LIABILITY AND YOUR SOLE AND EXCLUSIVE REMEDY IN THE EVENT OF ANY LOSS OR CORRUPTION OF CUSTOMER DATA IN CONNECTION WITH THE SUBSCRIPTION SERVICES.
4. Subscription Fees & Payment.
4.1 Subscription Fees. You will pay the fees and charges stated in the Order (“Subscription Fees”) for use of the Subscription Services. The base Subscription Fee for each Subscription Term will be specified in the Order (“Base Subscription Fee”) and is payable and charged at the beginning of each Subscription Term.
4.2 Verification; True-Up. If specified in the Order, Subscription Fees will be calculated based on units of use of the Subscription Services such as number of users or amount of data processed (each, a “Unit”). Where applicable, the Base Subscription Fee includes the number of Units specified in the Order for each Subscription Term. Metabase may create and maintain logs reflecting usage of the Subscription Services under your account. Metabase may access and review such logs from time to time to verify your compliance with applicable usage limitations and other terms of this Agreement, and Metabase may use such logs to prevent or limit unauthorized use of the Subscription Services. Without limiting any of Metabase’s other rights or remedies, if your actual usage of the Subscription Services exceeds the Units covered by the Base Subscription Fee prepaid by you for a Subscription Term, Metabase will charge you for the difference between the Units covered by the Base Subscription Fee and the number of Units actually used by you during that Subscription Term (“Additional Units Fee”).
4.3 Payment Terms. If you have provided us with credit card details, we will charge that credit card: (i) at the start of each Subscription Term, for the Base Subscription Fee; and (ii) within thirty (30) days of our invoice for any Additional Units Fee payable by you (if any). We will issue a payment confirmation to you with respect to any charges we have made to your credit card. If we issue an invoice to you, all invoices are payable as specified in the Payment Terms section of the Order (or if not so specified, within thirty (30) days of receipt). All amounts are stated and shall be paid in US dollars and are exclusive of taxes, duties, levies, tariffs, and other governmental charges (collectively, “Taxes”). You are responsible for payment of all Taxes and any related interest and/or penalties resulting from any payments made to us, other than any taxes based on Metabase’s net income. All past due amounts will incur interest at a rate of 1% per month or the maximum rate permitted by law, whichever is less. Except as expressly set forth in this Agreement, all payments, once paid, are non-refundable.
5. TERM AND TERMINATION
5.1 Subscription Term. This Agreement will commence on the date you accept it and, unless terminated earlier by either party in accordance with the terms of this Agreement, will continue for the initial subscription term specified in the Order. At the end of such initial subscription term and each renewal subscription term thereafter, subject always to timely payment of the Subscription Fees, this Agreement will automatically renew for additional renewal subscription terms having the duration specified in the Order (or if no renewal term length is stated in the Order, having the same duration as the Initial Subscription Term), unless either party provides 15 days’ prior written notice of non-renewal. Such initial subscription term and each renewal subscription term are each individually referred to herein as a “Subscription Term.”
5.2 Termination for Breach. Each party will have the right to terminate this Agreement if the other party breaches this Agreement and fails to cure such breach within 10 days after written notice thereof. If you terminate this Agreement for breach, Metabase will refund the unused portion of the Subscription Fees that you had paid for the Subscription Services for the remainder of the then-current Subscription Term (if any).
5.3 Additional Remedies. Without limiting other available remedies, Metabase reserves the right to suspend or disable your and your Authorized Users’ access to the Subscription Services if any undisputed amounts payable under this Agreement more than 30 days past due. Metabase also reserves the right to suspend or disable access to the Subscription Services if Metabase determines (in its discretion) that: (1) your or any Authorized User’s use of the Subscription Services disrupts, harms, or poses a security risk, or may cause harm, in each case to Metabase, the Subscription Services or any third party; or (2) you or any Authorized User has used, or is using, the Subscription Services in breach of this Agreement.
5.4 Effect of Termination. Upon any expiration or termination of this Agreement, your (and your Authorized Users’) right to access and use the Subscription Services will automatically terminate, except that the Authorized Users will be permitted to access the Subscription Services for 30 days following termination solely to download any Customer Data stored thereon. Metabase will have no liability for any costs, losses, damages, or liabilities arising out of or related to Metabase’ exercise of its termination rights under this Agreement. Any payment obligations as of the expiration or termination will remain in effect. The obligations and provisions of Sections 2.3, 3, 4, 5.4 and Sections 6 through 12 (inclusive) will survive any expiration or termination of this Agreement.
6. Confidentiality. Each party understands that the other party may need to disclose certain non-public information relating to the disclosing party’s business that is marked or identified as “confidential” at the time of disclosure, or that is of any nature described in this Agreement as confidential (“Confidential Information”) in connection with the use and/or performance of the Subscription Services. Metabase Confidential Information includes the non-public portions of the Subscription Services and any related documentation and pricing information. During the term of this Agreement and for three (3) years thereafter, each party agrees to take reasonable precautions to protect the disclosing party’s Confidential Information from unauthorized disclosure, not to use such Confidential Information except as authorized or as necessary to perform its obligations under this Agreement and to not disclose (without the disclosing party’s prior authorization, including any such authorization given under this Agreement) to any third person any such Confidential Information (other than on a need to know basis to the receiving party’s employees, consultants and service providers who are subject to confidentiality obligations that are at least as protective of the disclosing party’s Confidential Information as this Agreement) or as specifically permitted under this Agreement. Confidential Information does not include any information that the receiving party can show: (1) through no fault of the receiving party, is or becomes generally available to the public, or (2) was in its possession or was known prior to receipt from the disclosing party, or (3) was rightfully disclosed to it without restriction by a third party, or (4) was independently developed without use of any Confidential Information of the disclosing party. The receiving party may disclose Confidential Information if the disclosure is necessary to comply with a valid court order or subpoena (in which case the receiving party will, unless prohibited by law or legal process, promptly notify the disclosing party and cooperate with the disclosing party if the disclosing party chooses to contest the disclosure requirement, seek confidential treatment of the information to be disclosed, or to limit the nature or scope of the information to be disclosed). Upon termination of this Agreement will promptly return to the disclosing party or destroy all copies of the disclosing party’s Confidential Information in its possession or control, except that the receiving party may retain one (1) copy of the disclosing party’s Confidential Information for the sole purpose of monitoring its compliance under this Agreement. Notwithstanding the foregoing, upon termination, Metabase will not retain the Customer Data except as necessary to comply with Section 5.4.
7.1 Metabase IP. As between Metabase and you, Metabase owns all worldwide right, title and interest in and to the Subscription Services and the Usage Data, including all Intellectual Property Rights therein. For purposes of this Agreement, “Intellectual Property Rights” means patent rights (including patent applications and disclosures), copyrights, trade secrets, know-how and any other intellectual property rights recognized in any country or jurisdiction in the world.
7.2 Feedback. If you provide any ideas, suggestions, or recommendations regarding the Subscription Services (“Feedback”), Metabase will be free to use, disclose, reproduce, license or otherwise distribute, and exploit such Feedback as it sees fit, entirely without obligation or restriction of any kind. By providing Feedback, you grant to Metabase a worldwide, perpetual, irrevocable, fully-paid, royalty-free, nonexclusive license to use and exploit in any manner such Feedback.
7.3 Usage Data. You acknowledge and agree that Metabase may generate de-identified data with respect to the use and performance of the Subscription Services and may retain and use such de-identified usage and performance data for its internal business purposes, such as developing and improving Metabase’s products and services (including the Subscription Services).
8. NO WARRANTY. THE SUBSCRIPTION SERVICES ARE PROVIDED AS “AS IS,” WITHOUT WARRANTY OF ANY KIND. METABASE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT, AND ANY WARRANTIES ARISING OUT OF COURSE OF DEALING OR USAGE OF TRADE. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM METABASE OR ELSEWHERE WILL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THIS AGREEMENT. METABASE DISCLAIMS ANY WARRANTY THAT THE SUBSCRIPTION SERVICES WILL BE ERROR-FREE OR UNINTERRUPTED OR THAT ALL ERRORS WILL BE CORRECTED. You assume sole responsibility and liability for results obtained from the use of the Subscription Services and for conclusions drawn from such use. Metabase will have no liability for any claims, losses, or damages caused by errors or omissions in any Customer Data or any results produced by the Subscription Services based upon Customer Data.
9. Limitation of Liability. IN NO EVENT WILL METABASE BE LIABLE FOR ANY SPECIAL, INCIDENTAL, EXEMPLARY, PUNITIVE OR CONSEQUENTIAL DAMAGES, OR FOR ANY LOSS OF USE, LOSS OF DATA, LOSS OF PROFITS OR LOSS OF GOODWILL, OR THE COSTS OF PROCURING SUBSTITUTE PRODUCTS, WHETHER OR NOT FORESEEABLE, ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR THE USE OR PERFORMANCE OF THE SUBSCRIPTION SERVICES, WHETHER SUCH LIABILITY ARISES FROM ANY CLAIM BASED UPON CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, AND WHETHER OR NOT METABASE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. METABASE’S TOTAL AGGREGATE LIABILITY ARISING UNDER THIS AGREEMENT, FROM ALL CAUSES OF ACTION AND ALL THEORIES OF LIABILITY, WILL NOT EXCEED THE AMOUNTS PAID TO METABASE BY YOU FOR THE SUBSCRIPTION SERVICES DURING THE 12 MONTH PERIOD PRIOR TO THE FIRST CLAIM FOR LIABILITY HEREUNDER. The parties agree that the limitations and exclusions contained in this Section 9 and elsewhere in this Agreement will survive and apply even if any exclusive remedy specified in this Agreement is found to have failed of its essential purpose.
10. U.S. Government End Users. The Subscription Services are “commercial computer software” and “commercial computer software documentation,” respectively, as such terms are used in FAR 12.212 and DFARS 227.7202. If access to the Subscription Services is being acquired by or on behalf of the U.S. Government, then, as provided in FAR 12.212 and DFARS 227.7202-1 through 227.7202-4, as applicable, the U.S. Government’s rights in the Subscription Services will be only those specified in this Agreement.
11. Force Majeure. Metabase will not be in breach of this Agreement if its performance is prevented or delayed for circumstances beyond its reasonable control, including but not limited to acts of God, inclement weather, flood, lightning or fire, strikes or other labor disputes or industrial action, act or omission of government or other competent authority, terrorism, war, riot, or civil commotion, unavailability of supply or power outage, hackers, viruses, disruption in transmission, or disruption in telecommunications services.
12. General. This Agreement will be governed by and construed in accordance with the laws of the State of California, without regard to or application of conflict of laws rules or principles. The United Nations Convention on Contracts for the International Sale of Goods will not apply. Any legal action or proceeding arising under this Agreement will be brought exclusively in the federal or state courts located in the Northern District of California and each party irrevocably consents to the personal jurisdiction thereof and venue therein. You may not assign or transfer this Agreement, or any rights granted hereunder, by operation of law or otherwise, without Metabase’s prior written consent, and any attempt by you to do so, without such consent, will be void. Metabase may freely assign this Agreement. Except as expressly set forth in this Agreement, the exercise by either party of any of its remedies under this Agreement will be without prejudice to its other remedies under this Agreement or otherwise. All notices or approvals required or permitted under this Agreement will be in writing and delivered by confirmed email transmission, by overnight delivery service, or by certified mail, and in each instance will be deemed given upon receipt. All notices or approvals will be sent to the addresses set forth in the applicable Order or to such other address as may be specified by either party to the other in accordance with this Section. The failure by either party to enforce any provision of this Agreement will not constitute a waiver of future enforcement of that or any other provision. Any waiver, modification or amendment of any provision of this Agreement will be effective only if in writing and signed by authorized representatives of both parties. If any provision of this Agreement is held to be unenforceable or invalid, that provision will be enforced to the maximum extent possible, and the other provisions will remain in full force and effect. This Agreement, together with the Orders, is the complete and exclusive understanding and agreement between the parties regarding its subject matter, and supersedes all proposals, understandings or communications between the parties, oral or written, regarding its subject matter, unless you and Metabase have executed a separate agreement governing use of the Subscription Services. Any terms or conditions contained in any purchase order or other ordering document that are inconsistent with or in addition to the terms and conditions of this Agreement are hereby rejected by Metabase and will be deemed null. The parties to this Agreement are independent contractors and this Agreement will not establish any relationship of partnership, joint venture, employment, franchise, or agency between the parties. Neither party will have the power to bind the other or incur obligations on the other’s behalf without the other’s prior written consent.
13. Contact Information. If you have any questions regarding this Agreement, you may contact Metabase at firstname.lastname@example.org.
1. Exhibit A
Data Processing Addendum
This Data Processing Addendum (“DPA”) forms part of the attached Subscription Services Agreement (the “Agreement”) between you (“Customer”) and Metabase.
1. Subject Matter and Duration.
1.1 Subject Matter. This DPA reflects the parties’ commitment to abide by Data Protection Laws concerning the Processing of Customer Personal Data in connection with Metabase’s performance of its obligations under the Agreement. All capitalized terms that are not expressly defined in this DPA will have the meanings given to them in the Agreement. If and to the extent language in this DPA conflicts with the Agreement, this DPA shall control.
1.2 Duration and Survival. This DPA will become legally binding upon the effective date of the Agreement. Metabase will Process Customer Personal Data until the relationship terminates as specified in the Agreement. Metabase’s obligations and Customer’s rights under this DPA will continue in effect so long as Metabase Processes Customer Personal Data.
2.1 “Customer Personal Data” means Personal Data within Customer Business Data Processed by Metabase on behalf of Customer.
2.2 “Data Protection Laws” means all applicable data privacy, data protection, and cybersecurity laws, rules and regulations to which the Customer Personal Data are subject. “Data Protection Laws” shall include, but not be limited to, the California Consumer Privacy Act of 2018 (“CCPA”) and the EU General Data Protection Regulation 2016/679 (“GDPR”); in each case, to the extent applicable.
2.3 “Personal Data” shall have the meaning assigned to the terms “personal data” and/or “personal information” under Data Protection Laws.
2.4 “Process” or “Processing” means any operation or set of operations which is performed on Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
2.5 “Security Incident(s)” means the breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data attributable to Metabase.
2.6 “Services” means any and all services that Metabase performs under the Agreement.
2.7 “Third Party(ies)” means Metabase’s authorized contractors, agents, vendors and third-party service providers (i.e., sub-processors) that Process Customer Personal Data.
3.1 Documented Instructions. Metabase and its Third Parties shall Process Customer Personal Data only in accordance with the documented instructions of Customer or as specifically authorized by this DPA, the Agreement, or any applicable Order. Metabase will, unless legally prohibited from doing so, inform Customer in writing if it reasonably believes that there is a conflict between Customer’s instructions and applicable law or otherwise seeks to Process Customer Personal Data in a manner that is inconsistent with Customer’s instructions.
3.2 Authorization to Use Third Parties. To the extent necessary to fulfill Metabase’s contractual obligations under the Agreement, Customer hereby authorizes (i) Metabase to engage Third Parties and (ii) Third Parties to engage sub-processors.
3.3 Metabase and Third-Party Compliance. Metabase agrees to (i) enter into a written agreement with Third Parties regarding such Third Parties’ Processing of Customer Personal Data that imposes on such Third Parties data protection and security requirements for Customer Personal Data that are compliant with Data Protection Laws; and (ii) remain responsible to Customer for Metabase’s Third Parties’ failure to perform their obligations with respect to the Processing of Customer Personal Data.
3.4 Right to Object to Third Parties. Where required by Data Protection Laws, Metabase will notify Customer prior to engaging any new Third Parties that Process Customer Personal Data by updating its subprocessor list at: metabase.com/hosting/subprocessors and allow Customer ten (10) days to object. If Customer has legitimate objections to the appointment of any new Third Party related to privacy or data protection, the Parties will work together in good faith to resolve the grounds for the objection for no less than thirty (30) days.
3.5 Confidentiality. Any person or Third Party authorized to Process Customer Personal Data must contractually agree to maintain the confidentiality of such information or be under an appropriate statutory obligation of confidentiality.
3.6 Personal Data Inquiries and Requests. Where required by Data Protection Laws, Metabase agrees to provide reasonable assistance and comply with reasonable instructions from Customer related to any requests from individuals exercising their rights in Customer Personal Data granted to them under Data Protection Laws (e.g., access, rectification, erasure, data portability, etc.). If a request is sent directly to Metabase, Metabase shall notify Customer without undue delay.
3.7 Sale of Customer Personal Data Prohibited. Metabase shall not sell Customer Personal Data as the term “sell” is defined by the CCPA. Metabase shall not disclose or transfer Customer Personal Data to a Third Party or other parties that would constitute “selling” as the term is defined by the CCPA.
3.8 Data Protection Impact Assessment and Prior Consultation. Where required by Data Protection Laws, Metabase agrees to provide reasonable assistance at Customer’s expense to Customer where, in Customer’s judgement, the type of Processing performed by Metabase requires a data protection impact assessment and/or prior consultation with the relevant data protection authorities.
3.9 Demonstrable Compliance. Metabase agrees provide information that is reasonably necessary to demonstrate compliance with this DPA upon reasonable request.
Information Security Program. Metabase agrees to implement commercially reasonable technical and organizational measures designed to protect Customer Personal Data consistent with Data Protection Laws.
Security Incidents. Upon becoming aware of a Security Incident, Metabase agrees to provide written notice without undue delay and within the time frame required under Data Protection Laws to Customer by email to the email address associated with your account. Where possible, such notice will include all available details required under Data Protection Laws for Customer to comply with its own notification obligations to regulatory authorities or individuals affected by the Security Incident.
Audits. Where Data Protection Laws afford Customer an audit right, Customer (or its appointed representative) may, not more than once annually, carry out an audit of Metabase’s Processing of Customer Personal Data by having Metabase complete a data protection questionnaire of reasonable length. Any such audit shall be subject to Metabase’s security and confidentiality terms and guidelines.
Data Deletion. At the expiry or termination of the Agreement, Metabase will, at Customer’s option, delete or return all Customer Personal Data (excluding any back-up or archival copies which shall be deleted in accordance with Metabase’s data retention schedule), except where Metabase is required to retain copies under applicable laws, in which case Metabase will isolate and protect that Customer Personal Data from any further Processing except to the extent required by applicable laws.
8. Processing Details.
Subject Matter: The subject matter of the Processing is the Services pursuant to the Agreement.
Duration: The Processing will continue until the expiration or termination of the Agreement.
Categories of Data Subjects: Data subjects whose Personal Data will be Processed pursuant to the Agreement.
Nature and Purpose of the Processing: The purpose of the Processing of Customer Personal Data by Metabase is the performance of the Services.
Types of Customer Personal Data: Customer Personal Data that is Processed pursuant to the Agreement.