Partner API Agreement

SCOPE.

Onfleet desires to share with Developer data and information from its software service offerings as allowed by the Onfleet application-programming interface, software development kit, and instructions (collectively, API).

API LICENSE.

API Grant. Onfleet grants Developer and its Affiliates (defined below) during the term of this agreement, a non-exclusive, non-transferable license to interact with the API for purposes of this agreement. Any software development kit code made available by Onfleet for use with the API is governed by the applicable open-source license agreement referenced with such code.
Data License Grant. The API will operate in a bidirectional manner regarding data transfers. Each party grants the other party an irrevocable, perpetual, non-exclusive, royalty-free license to: (i) display all data and information (Data) transmitted through the API to the other party’s customers; and (ii) to store and generally make the Data available within the other party’s software services for use, analytics, copying, printing, and exporting by its customers. Each party must use such data and information received from the other party in accordance with its contract with its customers, its privacy policy and in compliance with applicable law.
Changes. Onfleet may change or remove existing endpoints or fields in its API upon at least 30 days’ notice to the other party, but such party will use commercially reasonable efforts to support the previous version of the API for at least 6 months. Onfleet may add new endpoints or fields in API results without prior notice to Developer. Developer may not, nor attempt to, violate any API or service limitation (such as using non-API calls), even if workarounds are possible, including limitations on the frequency of access and types of calls.
Restrictions. Developer may not nor attempt to: (i) interfere with, modify, or disable any features or functionality of the APIs or services, including any mechanisms used to restrict or control such APIs or services, such as anti-circumvention measures; (ii) reverse engineer, decompile, disassemble, or derive source code, underlying ideas, algorithms, structure, or organizational form of the APIs or services; (iii) allow any third party to access or use the API, except as otherwise provided in this agreement; (iv) sublicense, lease, rent, assign, distribute, resell, or otherwise transfer or disclose the API or solution to any third party, except as otherwise allowed under this agreement; (v) violate any API or service limitation (such as using non-API calls), even if workarounds are possible, including limitations on the frequency of access and types of calls; or (vi) use the API in a manner that exceeds usage guidelines call volume limits, or otherwise constitutes excessive or abusive usage, as determined solely by Onfleet.
Security. Developer may not disclose to any third party, other than Affiliates and contractors, any API keys or other access credentials it has been issued to access the API, and Developer must promptly notify Onfleet if Developer’s API key or credentials have been disclosed to any third party or otherwise compromised.
Fees. Onfleet provides access to its API as part of the software services for no additional fee.
Affiliates and Contractors Use and Access to the API. Developer may allow its Affiliates and contractors to use the API under these terms and solely for the benefit of Developer, provided that Developer is responsible for their compliance with the terms of this agreement. Affiliate means any company controlled by or under common control with the subject entity, directly or indirectly, with an ownership interest of at least 50%.
Disclaimer. The API is provided on an AS IS and WHEN AVAILABLE basis, and Onfleet is not liable for any fees or costs incurred by Developer as a result of any changes to the API or any endpoints.

TECHNICAL SUPPORT.

Developer must provide technical support to its own users.

WARRANTY AND DISCLAIMER.

ONFLEET MAKES NO WARRANTIES OR REPRESENTATIONS AS TO ITS API OR THE ACCURACY OF ITS DATA. ALL IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ONFLEET DISCLAIMS ANY WARRANTY THAT THE API WILL BE ERROR-FREE OR OPERATE WITHOUT TEMPORARY INTERRUPTION.

MUTUAL CONFIDENTIALITY.

Definition of Confidential Information. Confidential Information means all non-public information disclosed by a party (Discloser) to the other party (Recipient), whether orally, visually, or in writing, (Confidential Information). The Confidential Information includes, without limitation, the API, the Data of Discloser, and Personal Information (defined below).
Protection of Confidential Information. Recipient must use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but not less than reasonable care) to: (i) not use any Confidential Information of Discloser for any purpose outside the scope of this agreement; and (ii) limit access to Confidential Information of Discloser to those of its and its Affiliates’ employees and contractors who need that access for purposes consistent with this agreement and who have signed confidentiality agreements with Recipient containing protections not materially less protective of the Confidential Information than those in this agreement.
Exclusions. Confidential Information excludes information that: (i) is or becomes generally known to the public without breach of any obligation owed to Discloser; (ii) was known to Recipient before its disclosure by Discloser without breach of any obligation owed to Discloser; (iii) is received from a third party without breach of any obligation owed to Discloser; or (iv) is independently developed by Recipient without the use of or access to the Confidential Information. Recipient may disclose Confidential Information to the extent required by law or court order but will provide Discloser with advance notice to seek a protective order.

DATA PROCESSING.

This section applies to each party regarding Personal Information (defined below) to the extent the California Privacy Rights Act, Virginia Consumer Data Protection Act, Colorado Privacy Act, Connecticut Data Privacy Act, and Utah Consumer Privacy Act (collectively, State Data Protection Laws) apply.

Limitations on Use of Personal Information

As Part of Performing Services. Recipient may receive Personal Information from or on behalf of Discloser for the purpose of Recipient performing services on behalf of Discloser as described in the Agreement.

Personal Information means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, or any information that is linked or reasonably linkable to an identifiable natural person or an identified or identifiable individual.

General Limits. Recipient will limit Personal Information collection, use, retention, and disclosure to activities reasonably necessary and proportionate to achieve the services.
Specific Limits. Recipient may not:

Retain, use, or disclose any Personal Information provided by or on Discloser’s behalf or collected by Recipient on Discloser’s behalf for any purpose other than (i) providing the services as directed by Discloser under the terms of the Agreement; (ii) verifying or maintaining the quality of the services, and improving, upgrading, or enhancing the services; (iii) complying with Recipient’s legal obligations; or (iv) as allowed by applicable State Data Protection Laws,
Sell or share Personal Information, and
Combine Personal Information with any Personal Information it receives from another entity or collects on its own.

Non-Compliance Notice. Recipient will advise Discloser if Recipient determines it can no longer meet its obligations under the applicable State Data Protection Laws.

Recipient Obligations

Confidentiality. Recipient will ensure through a nondisclosure agreement that any persons accessing or processing Personal Information are subject to a duty of confidentiality with respect to the Personal Information.
Subprocessors. Discloser authorizes Recipient to disclose or transfer Personal Information to or allow access to Discloser’s Personal Information by Subprocessors (i.e., subcontractors) solely for purposes of providing the services under the Agreement. Subprocessor means any third party (including Recipient Affiliates) engaged by Recipient to process Personal Information under the Agreement.

Flow down. Prior to any disclosure, Recipient will impose on the Subprocessor, in writing, obligations concerning Personal Information as required by the State Data Protection Laws.
New Subprocessors and Objections. Upon request, Recipient will give Discloser a list of each Subprocessor used. Discloser may object to Recipient’s use of a new Subprocessor by notifying Recipient in writing within 30 days after receipt of a notice from Recipient regarding any new Subprocessor.

Assistance. To the extent Discloser, in its use of the services, cannot address a consumer's request from within the Service, Recipient must, upon Discloser’s request, and to the extent possible, provide commercially reasonable efforts to assist Discloser in responding to such consumer request, to the extent Recipient is legally permitted to do so and the response to such consumer request is required under State Data Protection Laws.

Discloser Obligations

Compliance. Discloser represents and warrants, in its use of the services, that it will comply with applicable State Data Protection Laws, including any applicable requirements to provide notice to or obtain consent from consumers for processing by Recipient. All Affiliates of Discloser who use the services will comply with the obligations of Discloser set out in this agreement.
Quality, Legality, and Accuracy of Personal Information. Discloser represents and warrants that, as having sole responsibility for the quality, legality, and accuracy of Personal Information, has obtained all necessary permissions and authorizations necessary to permit Recipient, its Affiliates, and Subprocessors, to execute their rights or perform their obligations under this agreement.

Notification of Security Breach

Security Measures. In order to protect Discloser’s Personal Information, Recipient will (i) implement and maintain all reasonable security measures appropriate to the nature of the Personal Information including without limitation, technical, physical, administrative and organizational controls, and will maintain the confidentiality, security and integrity of such Personal Information; (ii) implement and maintain industry standard systems and procedures for detecting, preventing and responding to attacks, intrusions, or other systems failures and regularly test or otherwise monitor the effectiveness of the safeguards’ key controls, systems, and procedures; (iii) designate an employee or employees to coordinate implementation and maintenance of its security measures; and (iv) identify reasonably foreseeable internal and external risks to the security, confidentiality and integrity of Discloser’s Personal Information that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromise of such information, and assess the sufficiency of any safeguards in place to control these risks.
Notice of Data Breach. If Recipient knows or has a confirmed suspicion that Discloser Personal Information has been accessed, disclosed, or acquired without proper authorization and contrary to the terms of this agreement, Recipient will alert Discloser of any such data breach within 2 business days, and immediately take such actions as may be necessary to preserve forensic evidence and eliminate the cause of the data breach. Recipient will give the highest priority to immediately correcting any data breach and devote such resources as may be required to accomplish that goal. Recipient will provide Discloser with all information necessary to enable Discloser to fully understand the nature and scope of the data breach. To the extent that Discloser, in its sole reasonable discretion, deems warranted, Discloser may provide notice to any or all parties affected by any data breach. In such case, Recipient will consult with Discloser in a timely fashion regarding appropriate steps required to notify third parties. Recipient will provide Discloser with information about what Recipient has done or plans to do to minimize any harmful effect or the unauthorized use or disclosure of, or access to, Personal Information.

Audit

Cooperation Regarding Assessments. Recipient will allow, and cooperate with, reasonable assessments by Discloser or Discloser’s designated assessor. Alternatively, if required by the applicable State Data Protection Laws, Recipient may arrange for a qualified and independent assessor to assess Recipient’s policies and technical and organizational measures in support of Recipient’s privacy obligations under State Data Protection Laws using appropriate and accepted control standard or framework and assessment procedure for such assessments.
Method. Any audit conducted under this agreement by Discloser will consist of an examination of the most recent reports, certificates, or extracts prepared by an independent auditor. If this is not sufficient in the reasonable opinion of Discloser, Discloser may conduct a more extensive audit which will be: (i) at Discloser’s expense; (ii) limited in scope to matters specific to Discloser and agreed in advance; (iii) carried out during Recipient’s business hours and upon reasonable notice which must be not less than 4 weeks unless an identifiable material issue has arisen; and (iv) conducted in a way which does not interfere with Recipient’s day-to-day business. Any such audit must be conducted remotely, except Discloser or its regulatory agency, or both may conduct an on-site audit at Recipient’s premises if required by the State Data Protection Laws. In no event will any audit of a Subprocessor, beyond a review of reports, certifications, and documentation made available by the Subprocessor, be permitted without the Subprocessor’s consent.
Frequency. Discloser may not perform an audit more than once in any 12-month period.

Deletion and Return of Personal Information.

Destroy or Return Prior to Termination. At Discloser’s request prior to termination, Recipient will delete or make available for return all Personal Information to Discloser as described in the Agreement, unless retention of the Personal Information is required by a law applicable to Recipient. Where any Personal Information is retained beyond the termination, Personal Information must be treated as confidential and will no longer be actively processed.

PROPRIETARY RIGHTS.

Each party retains all rights, titles, and interests to its Data and in the case of Onfleet its API, including all intellectual property rights embodied therein. A party may not remove or modify any proprietary marking or restrictive legends in the API, the technical documentation, or the Data of the other party. Each party reserves all rights not expressly granted in this agreement.

TERM AND TERMINATION.

Term. This agreement will continue in effect for one year from the effective date. This agreement will automatically renew for additional one-month periods unless a party notifies the other party in writing (email will suffice) of its intention to terminate within 30 days prior to a monthly renewal date.
Mutual Termination for Material Breach. If either party is in material breach of this agreement, the other party may terminate this agreement at the end of a written 30-day notice/cure period, if the breach has not been cured.

LIABILITY LIMIT.

EXCLUSION OF INDIRECT DAMAGES. TO THE MAXIMUM EXTENT ALLOWED BY LAW, NEITHER PARTY IS LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT (INCLUDING, WITHOUT LIMITATION, COSTS OF DELAY; LOSS OF OR UNAUTHORIZED ACCESS TO DATA OR INFORMATION; AND LOST PROFITS, REVENUE, OR ANTICIPATED COST SAVINGS), EVEN IF IT KNOWS OF THE POSSIBILITY OR FORESEEABILITY OF SUCH DAMAGE OR LOSS.
TOTAL LIMIT ON LIABILITY. TO THE MAXIMUM EXTENT ALLOWED BY LAW, THE TOTAL LIABILITY OF ONFLEET ARISING OUT OF OR RELATED TO THIS AGREEMENT (WHETHER IN CONTRACT, TORT, OR OTHERWISE) DOES NOT EXCEED $500.
EXCLUSIONS. NOTHING IN THIS SECTION 9 LIMITS OR RESTRICTS A PARTY’S LIABILITY FOR BREACH OF SECTIONS 2(d) or 5.

GOVERNING LAW AND FORUM.

This agreement is governed by the laws of the State of California (without regard to conflicts of law principles) for any dispute between the parties or relating in any way to the subject matter of this agreement. Any suit or legal proceeding must be exclusively brought in the federal or state courts for San Francisco County, California, and each party submits to this personal jurisdiction and venue. Nothing in this agreement prevents either party from seeking injunctive relief in a court of competent jurisdiction. The prevailing party in any litigation is entitled to recover its attorneys’ fees and costs from the other party.

OTHER TERMS.

Entire Agreement and Changes. This agreement constitutes the entire agreement between the parties and supersedes any prior or contemporaneous negotiations or agreements, whether oral or written, related to this subject matter. Developer is not relying on any representation concerning this subject matter, oral or written, not included in this agreement. No representation, promise, or inducement not included in this agreement is binding. No modification or waiver of any term of this agreement is effective unless both parties sign it.
No Assignment. Neither party may assign or transfer this agreement to a third party, except that the agreement and all orders may be assigned without the consent of the other party as part of a merger or sale of all or substantially all a party’s businesses, assets of a party, not involving a competitor of the other party, or at any time to an Affiliate.
Independent Contractors. The parties are independent contractors with respect to each other, and neither party is an agent, employee, or partner of the other party or the other party's affiliates.
Enforceability and Force Majeure. If any term of this agreement is invalid or unenforceable, the other terms remain in effect. Neither party is liable for its non-performance due to events beyond its reasonable control and whether foreseeable or not, including but not limited to natural weather events and disasters, labor disruptions, and disruptions in the supply of utilities.
Money Damages Insufficient. Any breach by a party of this agreement or violation of the other party’s intellectual property rights could cause irreparable injury or harm to the other party. The other party may seek a court order to stop any breach or avoid any future breach of this agreement.
Survival of Terms. Any terms, that by their nature survive termination of this agreement for a party to assert its rights and receive the protections of this agreement, will survive (including, without limitation, the confidentiality terms). The UN Convention on Contracts for the International Sale of Goods does not apply.
Feedback. If Developer provides feedback or suggestions about the API, then Onfleet (and those it allows to use its technology) may use such information without obligation to Developer.