Data Security Policy

Riversand is committed to serving as an integral technology partner in managing your data. We recognize that true partnerships are built through ongoing trust and collaborative communication. To better support your on-demand needs, this Riversand Cloud site has been created to provide you easy access to information for monitoring and maximizing the performance of your Riversand solution. This site is dynamic in nature and will be continuously enhanced as our company grows and our on-demand solution matures. Please check back as this site will expand to include:

  • The Latest Security and Policy Information
  • Cloud Status Information
  • Important Technology Updates
  • Critical Company Announcements
This subscription agreement (“Agreement”) is entered into as of the date of the Subscription Effective Date (the “Effective Date”) between Riversand Technologies, Inc., (“Riversand”), and the entity that has executed the associated Order Form (“Customer”). Concerning the Products and the terms reflected in the Order Form, Riversand and Customer hereby agree as follows:

1.Subscription Service. Subject to the terms and conditions of this Agreement and during the Initial Contract Term (or any Renewal Term) (the “Term”), Riversand shall make the Products available to Customer to be used by Customer’s and its Affiliates’ Users solely for the internal business operations of Customer or such Affiliate (as the case may be). The terms of this Agreement shall also apply to updates, and upgrades subsequently provided by Riversand to Customer for the Product. Riversand shall host the Product and may update the functionality, user interface, usability and other user documentation, training and educational information of, and relating to the Product from time to time in its sole discretion and in accordance with this Agreement as part of its ongoing mission to improve the Product and customers’ use of the Product.

2. Estimates/Order Forms. The Service shall be ordered by Customer or its Affiliates pursuant to Estimates/Order Forms. Each Estimate/Order Form shall include at a minimum a listing ofthe Product and any Support Services and/or Professional Services being ordered and the associated fees. Except as otherwise provided on the Estimate/Order Form or this Agreement, each Estimate/Order Form is non-cancellable and shall be subject to the terms and conditions of this Agreement. For any order by Customer’s Affiliate, the term “Customer” shall refer to Customer and such Affiliate(s).

3. Restrictions. Customer shall only use the Products in compliance with the limitation set forth in the Order Form (e.g., User acounts).

4. Term, Fee, Payment & Taxes
  1. Term. The term of this Agreement shall commence on the Effective Date and shall continue for the length of time referenced in all Estimate/Order Forms for the Products (the “Term”). The initial subscription term of the Product procured by Customer shall continue for the term specified in the applicable Estimate/Order Form. Thereafter, this Agreement shall be renewed and the subscription term of the applicable Service shall be renewed as set forth in subsequent Estimate/Order Forms (each successive renewal term, a “Renewal Term”). Riversand shall provide Customer with a general renewal reminder and a renewal Estimate/Order Form in advance of the end of the thencurrent term. If Customer has not signed and delivered the Estimate/Order Form to Riversand regarding an upcoming Renewal Term prior to the expiration of the then current term, then the subscription term for the applicable Service and Users shall be automatically renewed for successive Renewal Terms of one (1) year each, unless either party provides written notice of non-renewal to the other at least thirty (30) days before such expiration.
  2. Fees and Payment. All fees payable are due within 30 days from the invoice date unless otherwise specified in Customer Estimate/Order Forms. All fees are non-refundable, except as otherwise explicitly stated in the applicable Estimate/Order Form or this Agreement. The fees and the term of use for additional Users and other items procured during an existing subscription term will co-terminate with and be prorated through the end date of the subscription term for the applicable Service. Pricing for subsequent renewal Estimate/Order Forms shall be set at then current Riversand pricing, unless otherwise agreed to by the parties. If the fees for a feature or functionality of the Product are based on usage of the Product, then Riversand may access and use Customer Data as reasonably necessary to determine the fees for the applicable feature or functionality.
  3. . Taxes. Riversand fees do not include any local, state, federal or foreign taxes, levies or duties of any nature, including value-added, sales use or withholding taxes ("Taxes"). Customer is responsible for paying all Taxes, excluding only taxes based on Riversand's net income. If Riversand has the legal obligation to pay or collect Taxes for which Customer is responsible under this Section, the appropriate amount shall be invoiced to and paid by Customer unless Customer provides Riversand with a valid tax exemption certificate authorized by the appropriate taxing authority.
  4. Notice. Any notice required under this Agreement shall be provided to the other party in writing. If Customer has a legal dispute with Riversand or if Customer wishes to provide a notice under the Indemnification Section of this Agreement, or if Customer becomes subject to insolvency or other similar legal proceedings, Customer will promptly send written notice to: Riversand Technologies, Inc., 2929 Briarpark Drive, Suite 200, Houston, Texas 77042, Attention: General Counsel, Legal Department.
5. Limitations of Liability.
  1. Exclusion of Consequential Damages. TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT SHALL EITHER PARTY OR ITS AFFILIATES HAVE ANY LIABILITY TO THE OTHER PARTY OR ITS AFFILIATES ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT FOR ANY LOST PROFITS OR REVENUE OR FOR INCIDENTAL, CONSEQUENTIAL, PUNITIVE, COVER, SPECIAL, RELIANCE OR EXEMPLARY DAMAGES, OR INDIRECT DAMAGES OF ANY TYPE OR KIND HOWEVER CAUSED, WHETHER FROM BREACH OR REPUDIATION OF CONTRACT, BREACH OF WARRANTY, NEGLIGENCE, OR OTHERWISE (AND WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES). CERTAIN STATES AND/OR JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, IN WHICH CASE SUCH DAMAGES SHALL BE SUBJECT TO THE LIMITATIONS SET FORTH IN THIS SECTION BELOW
  2. Limitations on Liability. THE MAXIMUM AGGREGATE LIABILITY OF EITHER PARTY AND ITS AFFILIATES ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, WHETHER SUCH LIABILITY ARISES FROM ANY CLAIM BASED ON BREACH OR REPUDIATION OF CONTRACT, BREACH OF WARRANTY, NEGLIGENCE, OR OTHERWISE, SHALL NOT EXCEED THE TOTAL SUBSCRIPTION FEES PAID FOR THE SERVICE GIVING RISE TO THE LIABILITY DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT OUT OF WHICH THE LIABILITY AROSE.
  3. Acknowledgement; Exceptions. BOTH PARTIES ACKNOWLEDGE THAT THE FEES REFLECT THE ALLOCATION OF RISK SET FORTH IN THIS AGREEMENT AND THAT THE PARTIES WOULD NOT ENTER INTO THIS AGREEMENT WITHOUT THESE LIMITATIONS ON THEIR LIABILITY. THE LIMITATIONS OF LIABILITY SET FORTH IN THIS SECTION SHALL NOT APPLY TO: (A) FEES DUE UNDER THIS AGREEMENT; (B) A BREACH OF SECTION 3 OF THIS AGREEMENT; OR (C) EITHER PARTY’S DEFENSE AND INDEMNITY OBLIGATIONS EXCEPT AS SET FORTH IN THIS SECTION (INDEMNIFICATION). NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS SECTION, NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY TO THE EXTENT SUCH LIABILITY WOULD NOT HAVE OCCURRED BUT FOR THE OTHER PARTY’S FAILURE TO COMPLY WITH THE TERMS OF THIS AGREEMENT.
6. Governing Law and Jurisdiction. This Agreement is governed by the substantive and procedural laws of the State of Texas and each party agrees to submit to the exclusive jurisdiction of, and venue in, the courts in Houston, Harris County Texas in any dispute arising out of or relating to this Agreement. The Uniform Computer Information Transactions Act does not apply to this Agreement or to orders placed under it.

7. Associated Agreements Incorporated. The terms and conditions of the following associated agreements are incorporated into this Agreement as though copied verbatim herein; Service Level Agreement; Support Agreement and Data Policy Agreement.

8. General Provisions.
  1. Integration. This Agreement incorporates by reference all terms (as applicable), Exhibits and Estimate/Order Forms, and this Agreement, together with such referenced items, constitute the entire understanding between Customer and Riversand and are intended to be the final and entire expression of their agreement. The parties expressly disclaim any reliance on any and all prior discussions, emails, RFP’s and/or agreements between the parties. There are no other verbal agreements, representations, warranties undertakings or other agreements between the parties. Under no circumstances will the terms, conditions or provisions of any purchase order, invoice or other administrative document issued by Customer in connection to this Agreement be deemed to modify, alter or expand the rights, duties or obligations of the parties under, or otherwise modify, this Agreement, regardless of any failure of Riversand to object to such terms, provisions, or conditions. The Agreement shall not be modified, or amended, except as expressly set forth herein, or in writing and signed or accepted electronically by the party against whom the modification, amendment or waiver is to be asserted, or by a properly executed Estimate/Order Form. Notwithstanding the above, after execution of this Agreement, and during the electronic provisioning of Customer’s Riversand® Essential™ Subscription Agreement (Rev 3.2019)™ Confidential Page 3 of 3 account, Customer will be presented with the requirement to “agree” to a click through agreement pertaining to “Main Terms of Service” or “Terms of Service” for NetSuite Applications before Customer’s account can be successfully provisioned. Customer acknowledges that any “click-through agreements” found at www.Rivesand.com (or other similar sites) shall apply if optional services or features are subsequently ordered or activated.
  2. Other General Provisions. This Agreement shall inure to benefit and bind the parties hereto, their successors and assigns, but neither party may assign this Agreement without written consent of the other, except that Riversand may assign without consent to a related entity or the successor of all or substantially all of the assignor’s business or assets to which this Agreement relates. There are no third-party beneficiaries to this Agreement. This Agreement does not create any joint venture, partnership, agency, or employment relationship between the parties, although Riversand reserves the right to name Customer as a user of the Product. If any provision is held by a court of competent jurisdiction to be contrary to law, such provision shall be eliminated or limited to the minimum extent necessary so that this Agreement shall otherwise remain in full force and effect. A waiver of any breach under this Agreement should not constitute a waiver of any other breach or future breach. Neither party shall be liable for loss, delay, nonperformance (including failure to meet the service level commitment but excluding payment obligations) to the extent resulting from any force majeure event, including, but not limited to, acts of God, strike, riot, fire, explosion, flood, earthquake, natural disaster, terrorism, act of war, civil unrest, criminal acts of third parties, failure of the Internet, governmental acts or orders or restrictions, failure of suppliers, labor stoppage or dispute (other than those involving Riversand employees), or shortage of materials, provided that such party uses reasonable efforts, under the circumstances, to notify the other party of the circumstances causing the delay and to resume performance as soon as possible and any delivery date shall be extended accordingly. The Section headings used in this Agreement are included for reference purposes only and shall not affect the meaning or interpretation of this Agreement in any way. This Agreement may be executed in counterparts and/or by facsimile or electronic signature and if so executed shall be equally binding as an original copy of this Agreement executed in ink by both parties.

This Service Level Agreement is to be used with the Essential™ product and is governed by the terms of the associated Subscription Agreement between Riversand Technologies, Inc. and Customer. Capitalized terms not defined herein shall have the meanings ascribed to them in the Subscription Agreement.

1. Definitions.

1.1. “Credit Unit” is a representation of a unit of currency, of the same type as that used for payment to Riversand for the applicable Offering. 1.2. “Downtime” means a period of time during the Reference Period in which the Offering is not accessible by Customer (in minutes), less any Excluded Downtime. 1.3. “Excluded Downtime” means a period of time during the Reference Period in which the Offering is not accessible by Customer (in minutes) because of:

1.3.1. a fault or failure of the Internet, of any public telecommunications network, or of hardware, local area networks, or software that is owned or controlled by Customer or a third party; 1.3.2. an intentional shut-down in connection with security procedures or at the direction of Customer; 1.3.3. any Force Majeure event; 1.3.4. Riversand’s inability to deliver resulting from any act or omission of Customer; 1.3.5. critical data model elements being missing or unavailable due to corrupted data; or 1.3.6. Scheduled Downtime.

1.4. “Reference Period” has the meaning provided in Section 2 of this Service Level Agreement. 1.5. “Scheduled Downtime” means the period of time when Riversand schedules routine maintenance or systems upgrades. Riversand shall exercise commercially reasonable efforts to schedule maintenance and system upgrades outside of peak traffic periods. Unless notice is provided, Scheduled Downtime will occur on Saturdays within the twelve hour window between 8:00AM and 8:00PM, United States Central Time Zone. 1.6. “System Availability” means the percentage of time during the Reference Period in which the Offering is accessible to Customer substantially in accordance with the terms of this Service Level Agreement, as measured by Riversand’s monitoring system. System Availability shall be calculated in accordance with the following formula:

A% = (R – D) / (R – E) x 100 Where: R is the Reference Period (in minutes); D is the total Downtime; E is the total Excluded Downtime; and A% is the System Availability.

2. Applicability. Subject to the terms of the Subscription Agreement, Riversand warrants that the Offering (as defined in the Subscription Agreement and described in more detail in the Order Form) will have a System Availability of 99.5%, as calculated over a Reference Period of one calendar year (the “Accessibility Warranty”).

3. Remedy. If the Offering fails to meet the Accessibility Warranty, Riversand will issue to Customer’s account the number of Credit Units resulting from application of the credit formula set forth in Section 4 of this Service Level Agreement. Customer may apply the Credit Units towards any future purchases of Riversand Offerings.

4. Calculation. Credit Units shall be calculated as follows: Credit Unit = (1 – System Availability) x subscription fee received by Riversand attributable to the Reference Period.

5. Notification. In order to obtain Credit Units based on Riversand’s breach of the Availability Warranty, Customer must notify Riversand no later than five (5) days of the event of Downtime for which Customer believes it may be entitled to a Credit Unit. Such notice shall set forth in reasonable detail the duration of the event of Downtime and the circumstances under which Customer was unable to access the Offering. Customer shall be solely responsible for bringing to Riversand’s attention any failure to access the Product.

6. Limitations. EXCEPT FOR THE EXPRESS WARRANTY STATED IN THIS SERVICE LEVEL AGREEMENT, THIS AGREEMENT DOES NOT CREATE ANY OTHER REPRESENTATION OR WARRANTY RELATED TO THE AVAILABILITY, ACCESSIBILITY, OR USABILITY OF THE OFFERING. THE REMEDIES STATED IN THIS SERVICE LEVEL AGREEMENT ARE CUSTOMER’S SOLE AND EXCLUSIVE REMEDIES, AND RIVERSAND’S SOLE LIABILITY, FOR FAILURE OF THE OFFERING’S ACCESSIBILITY, IRRESPECTIVE OF RIVERSAND’S FAULT, NEGLIGENCE, OR ANY OTHER THEORY OF LEGAL LIABILITY, INCLUDING STRICT LIABILITY.

RTI Privacy Statement

RTI offers products and services in the business-to-business market sector. When RTI collects information about an individual ( “Personal Information”), it is generally specifically related to that individual’s role at his/her company, and is not related to him/her as a private person or individual consumer. This document describes RTI policy statement for handling, processing, storing, and otherwise treating Personal Information submitted to certain Solutions (defined below).


RTI Customers shall be referred to as “Customer” and/or “Supplier” herein. . Individual users of the Solutions (whether employees of Customer or Supplier) collectively and individually may be referred to as “User” throughout this document.

Contents

    • Definitions
    • Personal Information Data Handling and Privacy
      • Personal Information
      • Use of Personal Information by RTI
      • Other Corporate Entities
      • Consent
      • Transfer
      • Correcting Account Information (Exercising Your Right to Access Personal Information)
      • Disclosure by RTI to Third Parties
      • Security
      • Data Retention
      • Changes
      • Safe Harbor Program
    • Questions
    • Miscellaneous

Definitions
“Solution” means the RTI service which includes a link to this Privacy Statement, including:
  1. the RTI hosted On-Demand offerings (also called “RTI OnDemand Solutions“, or “RTI Application Services” )
  2. project management, content and data cleansing services provided by RTI’s global services team (“RTI Content Services“), and
  3. RTI Hosting Service(s) (accessible via customer-specific URLs).

“Trading Partner” means an entity with which a Customer or Supplier transacts using the Solution.


Personal Information Handling and Privacy
Personal Information
“Personal Information” is a User’s name and information associated with his or her personal identity as opposed to information associated with a business such as name, business address and/or business email. If User does not want to provide Personal Information to RTI or wishes to have RTI remove User Personal Information from the Solution, User should contact User’s employer RTI Account Administrator to find out if there is an optional way for User to perform applicable business functions without submitting Personal Information.

“Sensitive Personal Information” means government id numbers or financial account numbers associated with individual persons (e.g. U.S. Social Security numbers, driver’s license numbers, or personal credit card or banking account numbers), and medical records or health care claim information associated with individuals, including claims for payment or reimbursement for any type of medical care for an individual.

Use of Personal Information by RTI
RTI will treat Personal Information as confidential and will use it solely to: facilitate operation of the Solution and its related services; enhance use of the Solution and its related web pages; perform internal tracking and Solution improvement; enable RTI to contact User; process requested transactions through the Solution (including use of templates and document creation); and analyze the volume and history of a company’s Solution usage. Some of RTI’s Solution areas utilize cookie technology for these same purposes. User may configure User’s browser to reject cookies, but this may affect User functionality of the Solution . RTIdoes not link the information stored in cookies to Personal Information submitted while using the Solution.

Other Corporate Entities
RTI may share Personal Information with global affiliates, parents, subsidiaries, agents and integrated service providers (“Affiliates”) that cooperate to provide the Solution and related services to User. RTI Affiliates follow practices no less protective of all users of the Solution than RTI practices described in this policy, to the extent allowed by applicable law. If RTI and/or its Affiliates merge with or are acquired by another business entity User agrees RTI may share some or all User Personal Information with the new parent entity. User will receive notice of such an event (if it occurs) and the new combined entity shall follow the practices disclosed in this policy.

Consent
By submitting Personal Information to the Solution, User consents to RTI’s collection, processing, storage, and use of said Personal Information in accordance with this policy. Before submitting Personal Information to the Solution for any third party, User shall obtain said individual’s consent for the collection, transfer, processing, and use of that information in accordance with this policy

Transfer
The Solution is primarily located in and operated from the United States. The Controller of personal data processing through the Solution is RTI, Inc. headquartered at 2929 Briarpark Drive, Houston, TX 77042. By submitting data to the Solution, User consents to having such data transferred to the United States and other Solution operation locations selected by RTI, and RTI’s authorized service providers. RTI Affiliates controlled by RTI, Inc. are located inside and outside the European Economic Area. Any transfer of Personal Information from the European Economic Area to RTI Affiliates located in countries outside the European Economic Area, which may not provide for an adequate level of data protection within the meaning of the European Data Protection Directive, will be subject to a confirmation by RTI that adequate safeguards are in place under the U.S. Department of Commerce Safe Harbor program or a so-called data transfer agreement based on standard contractual clauses, as approved by the European Commission.

Correcting Account Information (Exercising Your Right to Access Personal Information)
User has a right to access and modify User Personal Information and to delete User Personal Information from the Solution subject to constraints identified below. To exercise these rights, RTI has procedures allowing User to update Personal Information in a timely manner. In most Solutions, the administrative contact for User’s company can directly change most contact information by logging on to the Solution and managing User’s account profile directly. For certain Solutions, changes may be requested by calling RTI customer support.
Deletion of User Personal Information may require approval by User’s employer (e.g. expense report data) and may require RTI assistance. Some requests to delete data must be made to RTI through the administrative contact for User’s company.
RTI may refuse to give access to the Solution for legitimate reasons including delinquent payments on the account, a legal dispute, or security concerns. If User is unable to correct, update, or delete User Personal Information due to the fact that User is no longer an employee of the account holder, or User account has been terminated, User may contact the RTI Privacy Coordinator at the address provided below. In each case, RTI will take reasonable measures to accommodate User’s request or respond in writing with the legal basis for denying the request within thirty (30) days.

Disclosure by RTI to Third Parties
RTI does not provide User Personal Information to third parties, except as described elsewhere in this policy and in RTI contracts with Customers, unless (1) User requests or authorizes such disclosure; (2) such disclosure is necessary to process transactions or provide services which User and/or User’s employer have requested; (3) RTI is compelled to do so by a governmental authority, regulatory body, or under subpoena or similar governmental request or to establish or defend a legal claim; or (4) the third party is acting as RTI’s agent or sub-contractor in performing services (e.g., RTI’s use of a third party telecommunications provider).

Security
RTI uses industry standard security measures to protect Personal Information from unauthorized disclosure. RTI takes steps to appropriately safeguard credit card and remittance information using recommended industry encryption methods. RTI has designed RTI’s services so that protected information can only be viewed from within the Solution. We offer User the use of roles to limit access to users with a need to see such information. Please see RTI’s Data Policy for information about the measures RTI takes to address the security of the Solution and the protection of Personal Information

Data Retention
RTI will retain Personal Information in active databases for varying lengths of time depending upon the specific Solution, type of data, and applicable law. The policy regarding data retention for each Solution is set forth in the documentation or terms for each Solution. Consistent with RTI’s backup and storage procedures and due to the close integration of data with the Solution, Personal Information might be stored by RTI in backup logs and files for the duration necessary for legal requirements or the purposes described in this policy. However, RTI makes no commitment to indefinitely store such data. During User’s subscription to the Solution, User will be able to access Personal Information for a certain period based on the particular Solution purchased and the policies for the Solution and RTI suggests that inquiries be directed through the administrative contact for User’s company and directed to the RTI Privacy Coordinator at the address designated below.

Changes to this Policy
From time to time RTI will need to make changes to this policy. Some of the changes will be in response to changes in applicable laws and regulations. In addition, as RTI adds new features and new services to a Solution, RTI will continue to handle Personal Information consistently with this policy, but some changes or clarifications may be required.

If RTI seeks to make a material change to RTI’s policy to allow use of Personal Information for a new, legitimate business purpose, RTI will document the change to this policy, note the date of the last update at the bottom of the policy, and send a notice to the administrative contacts on file with RTI for each Customer. User is encouraged to check this policy occasionally to stay informed of any changes in RTI policies and procedures regarding Personal Information. For substantial and material changes to this policy, RTI will use reasonable efforts to provide notification to all affected users and suggest that such users review the updated policy.

Safe Harbor Program
With regard to the RTI OnDemand Solutions, and the RTI Hosting Service, RTI has formally joined the Safe Harbor Program managed by the U.S. Department of Commerce and has committed to abiding by the Safe Harbor privacy principles for the collection, use, and retention of personal data from the European Union and Switzerland. For more information about Safe Harbor or to access RTI’s certification statement, go to http://www.export.gov/safeharbor/.

Questions
If User has questions about this policy, please send an e-mail to privacy@nullriversand.com attn: RTI Privacy Coordinator, or send written correspondence to RTI Privacy Coordinator, Legal Department, RTI, Inc., 2929 Briarpark Drive, Houston, TX 77042.
If User has questions or concerns regarding the Personal Information Handling and Privacy section of this policy, User should first contact User’s company administrator or the RTI Privacy Coordinator listed above (privacy@nullriversand.com). If Use does not receive acknowledgment of User’s inquiry or said inquiry has not been satisfactorily addressed, User should contact support@nullriversand.com who will then serve as a liaison with the appropriate RTI representative to resolve concerns regarding the handling of Personal Information.

Miscellaneous
The English version of this policy shall govern in the event of any conflict or substantive translation changes into a non-English language.
RTI has other privacy policies. This document is the RTI Privacy Statement and is targeted at individual users of specific RTI products and services. RTI also has an internal Privacy Policy targeted at its employees, contactors, etc., and a separate Privacy Policy for its internet facing marketing websites and community information exchange sites (e.g. www.riversand.com). Certain of RTI subsidiaries also have separate privacy policies. These other policies are separate and distinct from the activities governed by this policy.

This Maintenance and Support Policy shall be used with and governed by the terms of the Subscription Agreement between Riversand Technologies, Inc. and Customer. All capitalized terms not defined in this Maintenance and Support Policy will have the meanings ascribed to them in the Subscription Agreement.

1. Definitions.

  1. “Configurations” means tailoring the UI screens for different roles and user, enabling/disabling some core features and modules etc.
  2. “Incident” refers to an event which is not part of the standard operation of an Offering and which causes or may cause disruption to or a reduction in the quality of services and Customer Such events are typically System Outages or a loss of functionality.
  3. “Incident Reporting Channels” means the agreed methods of communicating and registering Incidents with Riversand, as further described in Section 5 of this Maintenance and Support
  4. “Response Time” means the time between Customer’s report of an Incident through the Incident Reporting Channels and Riversand’s acknowledgement of the existence of the
  5. Restoration” means the successful application of the Support Services to an Incident, and may be achieved by (a) reinstalling software; (b) application of a tested patch or workaround; (b) identification of an Incident’s cause, where a patch may cause unknown or serious problems in the Offering; (c) modification of the Offering to include new features; (d) the inability to reproduce an Incident despite reasonable efforts; (e) Customer’s agreement that the Incident was not caused by a defect or deficiency in the Offering; and (f) for P4 and P5 incidents, fixes or generation of a solution roadmap.
  6. “Scheduled Downtime” means the period of time when Riversand provides routine maintenance or systems upgrades. Riversand shall exercise commercially reasonable efforts to schedule maintenance and system upgrades outside of peak traffic periods. Unless notice is provided, Scheduled Downtime will occur on Saturdays on Saturdays within the twelve-hour window between 8:00AM and 8:00PM United States Central Time
  7. “Support Services” refers to Riversand’s technical support service obligations in view of the Restoration of Incidents. Riversand reserves the right to subcontract the Support Services upon prior written notice to Customer. The Support Services do not include any education services, Configuration, implementation or professional services. Products such as training and onsite services may be purchased in addition to Support Services, at Riversand’s then-current standard services

2. Offerings Supported. This Maintenance and Support Policy covers the Offerings listed in the Order

3. Service and Support Hours (Service Availability). Customer support will be available from 8:00 am to 5:00 pm U.S. Central Standard Time Monday through

4. Performance Monitoring. Riversand shall ensure that performance of the Application Services and Platform Services is monitored and the following measures are made available to Customer in accordance with Section Monitoring should include data center monitoring, point to point monitoring and end user monitoring through automated scripts running at an interval of no less than 15 minutes.

5. Support Languages. All written communication by both parties, including but not limited to documents, email and tickets shall be in

6. Incident Reporting Channels.

  1. The primary Incident Reporting Channel is the support portal available at: http://www.rmtrack.com/riversand/Security/Login.aspx
  2. Email: support@nullriversand.com
  3. Phone:
  • Australia: +61 283173227 Option 1
  • Swiss: +41 445087579 Option 1
  • Germany: +49 32214219911 Option 1
  • UK: +44 2038072242 Option 1
  • USA: +1-713-934-8899 Option 1
  • USA Toll Free: +1-888-234-5933 Option 1

Riversand’s obligation to provide Support Services in response to an Incident is subject to Customer’s support liason(s) reporting the Incident via one of the Incident Reporting Channels. Customer will share his own unique Incident reference ID for each Incident reported. Customer expects this reference ID to be included in any Incident communications between the Parties.

7. Incident Response and Restoration Times. For Incidents requiring Support Services, Riversand agrees to respond to the Incident, and Restore critical functionality of the Offering, in accordance with the following:

PriorityDescriptionRESPONSE TIME(Maximum)RESTORATION TIME(Maximum)
1CRITICAL: The Incident stops most of the Business. The issue is occurring in a production environment.10 minutes2 Hours
2URGENT: The Incident stops a large part of the Business or Major issues to most of the Business.30 minutes8 Hours
3HIGH: One or more users can't follow a key Business process, or a large part of the Business suffers a major issue.2 hours24 Hours
4MEDIUM: One or more users suffer a major issue, or a large part of Business suffers minor difficulty.4 hours72 Hours
5STANDARD: One or more users suffer a minor difficulty.8 hours72 Hours

8. Incident Acknowledgment Priority Matrix. Riversand will acknowledge reports of Incidents via support tickets submitted through Riversand’s support portal. For each Incident, a unique identifier as well as the Customer’s own Incident reference ID will be communicated to Customer. Riversand will be responsible for Incidents reported to Riversand or detected by Riversand’s own monitoring tools. Each support ticket will be prioritized based on the priority of the support ticket. Following the 60-day stabilization period immediately following Customer’s commercial go-live for the Offering, Riversand will prioritize Incidents as follows:

  • P1 (Critical)
  • P2 (Urgent)
  • P3 (High)
  • P4 (Medium)
  • P5 (Standard)
Priority MatrixIMPACT
Multiple Business Areas Multiple UsersSingle Business Area Multiple UsersMultiple Business Areas Single UserSingle Business Area Single User
URGENCYI cannot workP1P2P3P4
I cannot do critical parts of my jobP2P3P4P4
I am able to work but it will become critical within 24hrsP3P3P4P4
I am working with minor inconvenience and disruptionP4P4P5P5

9. Procedure for Maintenance. Riversand shall give at least 48 hours’ advance notice for any Scheduled Downtime. Riversand shall use its best efforts to schedule all downtimes on Saturdays within a twelve-hour maintenance window between 8:00AM and 8:00PM, U.S. Central Time Zone (depending on the production server(s) from which Riversand is providing the Offering). Riversand shall use its best efforts to limit Scheduled Downtime, be it for a major Services release or others, to sixteen (16) hours per month, except in the event of a Force Majeure event or other circumstances beyond Riversand’s reasonable control. Riversand reserves the right to extend or change the times of the maintenance window. Other than in exceptional circumstances (for example, in an emergency response to a security threat), Riversand updates will occur during notified maintenance periods

10. Backup and Disaster Recovery. Riversand ensures site backup at a designated frequency in a third-party location and the backup data is stored in geo-replicated sites. Riversand maintains copies of the data across data centers. Once the initial seeding is complete, only incremental changes are sent to the geo-replicated site at a defined

Riversand will provide details of its disaster recovery procedure and records of last and next planned failover dates. The switchover & recovery process is targeted to take no more than forty-eight (48) hours and the data on the two systems is designed to not be out- of-synch by more than forty-eight (48) hours. Riversand uses automation tools to create disaster recovery plans. Recovery plans can orchestrate recovery of the virtual machines protected for replication to a different data center. This methodology helps in making the recovery consistently accurate, repeatable, and automated. These automated plans can be tested without disrupting the services at the primary location. Riversand typically runs these recovery plans annually to validate the recovery service.

This Data Policy shall be used with and governed by the Subscription Agreement between Riversand Technologies, Inc. and Customer to the exclusion of any terms or conditions appearing on any documents submitted by Customer, except as may otherwise be agreed by the parties in accordance with the Agreement. All capitalized terms not defined in this Data Policy shall have the meanings ascribed to them in the Subscription Agreement.

This Data Policy describes Riversand’s policy for handling, processing, storing, and otherwise treating transactional and other data of Customers, and data associated with Users sent to Riversand as part of Customer’s use of the Offering.

When using the Offering, Riversand collects information that Customer, Customer’s Users, or other data sources send to the Offering (such as internet-protocol addresses, transaction-related data, and user account information).

1. Customer Data Handling and Use. Riversand understands the sensitive nature of the data and information that Customer and Customer’s Users may provide while using the Offering. Riversand will treat Customer Data as Confidential Information in accordance with the Subscription Agreement, subject to the terms of this Data Policy, and will use it only to: facilitate operation of the Offering and its related services; enhance use of the Offering and its related web pages; process Customer transactions; analyze the extent to which Customer uses the Offering (e.g., the volume and history); enable Riversand to contact and communicate with Customer; and perform internal tracking, diagnostics, improvements and corrections of the Offering and related Riversand offerings. In connection with the foregoing, Riversand may collect and analyze Customer Data and other information relating to the provision, access and use of the Offering and related systems and technologies (including, without limitation, Customer metadeta). Customer understands and agrees that, to the extent Customer Data comprises data from Customer’s vendors, Customer hereby consents to Riversand’s usage of unpriced elements of such data for the sole purpose of promoting Riversand’s services to such vendors.

2. Customer Data and Third Parties. In using the Offering, Customer understands Riversand will send Customer’s Transaction Data over Riversand’s network to Riversand service providers in order to facilitate Customer transactions. Riversand may generate and access statistical reports on Customer’s transaction history using Riversand systems and determine Customer usage patterns. In addition, Riversand may generate high level statistical reports relating to the Offering utilizing Customer Data in connection with Riversand’s business, so long as such reports contain only anonymous, aggregated data form so as not to identify Customer or any specific Customer Data. Such anonymized reports may be reported publicly.

3. Riversand Technologies’ Commitment to Data Security. Riversand takes steps to appropriately safeguard and secure all information transmitted between the User and the Solution by using industry-standard 128 Bit Secure Socket Layer (SSL) or greater encryption methods. We’ve designed our services so that User information can only be viewed from within the Offering.