Terms of Use and Service

Effective Date: July 1, 2025

These Terms of Use and Service (“Terms”) govern your access to and use of the services provided by Databloid, LLC (“Databloid,” “we,” “us,” or “our”), including but not limited to data analytics, reporting, insights, and related consulting services (collectively, the “Services”). By accessing or using our Services, you (“Client,” “you,” or “your”) agree to be bound by these Terms.

  1. Definitions
    • Client Data. All electronic data, information, or material submitted by Client to the Services, or collected by Databloid on Client’s behalf as part of the Services, including but not limited to operational data, customer data, financial data, and any Personal Data.
    • Personal Data. Any information relating to an identified or identifiable natural person.
    • Processing. Any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
    • Data Controller. The entity that determines the purposes and means of the Processing of Personal Data. For these Terms, Client is the Data Controller of the Personal Data within the Client Data.
    • Data Processor. The entity that Processes Personal Data on behalf of the Data Controller. For the purposes of these Terms, Databloid is the Data Processor of the Personal Data within the Client Data.
    • Applicable Data Protection Laws. All laws, regulations, and industry standards relating to data privacy, data protection, and cybersecurity applicable to the Processing of Client Data under these Terms, including, but not limited to, the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and any specific industry regulations relevant to Client’s operations (e.g., HIPAA for healthcare data).
    • Security Incident. A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Client Data transmitted, stored, or otherwise Processed by Databloid.
    • On-Premise Services. Services where Databloid’s personnel or tools operate directly within Client’s internal systems and infrastructure, and Client Data remains solely within Client’s control and environment.
    • Cloud-Based Services (or Databloid System Services). Services where Client Data is securely transferred to, stored, and processed by Databloid’s proprietary systems, cloud infrastructure, or third-party data processing tools (e.g., Alteryx, SAS, Power BI) hosted and managed by Databloid.
  2. Scope of Services and Service Models
    1. Databloid agrees to provide the Services to Client as mutually agreed upon in a separate Statement of Work (SOW) or service agreement. Each SOW will detail the specific analytical projects, data sources, deliverables, timelines, and fees.
    2. Service Model Selection: The specific Service Model (On-Premise or Cloud-Based) for each engagement will be explicitly defined in the applicable SOW. The obligations and responsibilities regarding data governance, privacy, and security will vary depending on the chosen Service Model as further detailed in these Terms.
    3. Databloid shall process Client Data solely for the purpose of providing the Services as defined in the applicable SOW and in accordance with Client’s documented instructions and these Terms. Databloid will not process Client Data for any other purpose, including for its own business purposes, unless explicitly authorized in writing by the Client or required by law.
  3. Data Governance
    1. Client’s Responsibilities as Data Controller:
      1. Client represents and warrants that it has all necessary rights, consents, permissions, and lawful bases to provide Client Data to Databloid for Processing hereunder, in compliance with all Applicable Data Protection Laws.
      2. Client is solely responsible for the accuracy, quality, integrity, legality, reliability, and appropriateness of all Client Data.
      3. Client shall ensure that its instructions for the Processing of Client Data comply with Applicable Data Protection Laws.
      4. Client is responsible for establishing and enforcing its own internal data governance policies that align with these Terms and Applicable Data Protection Laws.
    2. Databloid’s Responsibilities as Data Processor (General):
      1. Databloid shall implement and maintain a comprehensive data governance framework designed to ensure the availability, usability, integrity, and security of Client Data based on the selected Service Model. This framework includes policies, procedures, and responsibilities for data management throughout its lifecycle.
      2. Data Quality: Databloid will, as part of the Services and as detailed in the SOW, apply commercially reasonable efforts to assess, clean, and prepare Client Data for analysis. However, Databloid is not responsible for the inherent quality of raw Client Data provided by Client. Issues arising from the quality of Client Data may impact the accuracy and completeness of analytical results.
      3. Data Minimization: Databloid shall process only the minimum amount of Client Data necessary to perform the Services.
      4. Access Controls: Databloid shall implement and maintain strict role-based access controls to Client Data, ensuring that access is limited to authorized Databloid personnel who require access to perform their duties in relation to the Services.
    3. Specific Data Governance Considerations by Service Model
      1. For On-Premise Services:
        1. Data Residency: Client Data will at all times remain within Client’s systems and infrastructure. Databloid personnel will access and process Client Data directly within the Client’s environment.
        2. Client System Responsibility: Client is solely responsible for the security, availability, and performance of its internal systems, networks, and infrastructure used for the On-Premise Services. This includes, but is not limited to, hardware, software, network configurations, patching, and internal firewalls.
        3. Client Access Management: Client is responsible for granting and managing Databloid’s access credentials to its systems and ensuring such access is configured with the principle of least privilege.
        4. Data Backup: Client is responsible for backing up Client Data in its environment.
      2. For Cloud-Based Services (Databloid System Services):
        1. Data Residency: Client Data will be transferred to and processed within Databloid’s managed cloud infrastructure, which may utilize third-party cloud providers (e.g., Azure, Google Cloud). The general geographic location of data storage will be specified in the SOW or DPA.
        2. Databloid System Responsibility: Databloid is responsible for the security, availability, and performance of the Databloid systems and infrastructure used to host and process Client Data, subject to the terms of service of any underlying third-party cloud providers.
        3. Data Backup: Databloid will implement commercially reasonable backup and disaster recovery procedures for Client Data stored within Databloid’s systems. These procedures will be outlined in Databloid’s security documentation.
    4. Anonymized/Aggregated Data:
      1. Notwithstanding anything to the contrary in these Terms, Client agrees that Databloid may collect, use, and disclose data derived from the Processing of Client Data that has been de-identified, aggregated, or anonymized such that it cannot reasonably identify Client or any individual (“Aggregated Data”).
      2. Databloid may use Aggregated Data for purposes of improving, maintaining, and operating the Services, developing new services, conducting research and development, and for benchmarking and statistical analysis, provided that such use does not identify Client or any individual. This applies regardless of the Service Model.
  4. Privacy and Confidentiality
    1. Confidentiality Obligations
      1. Databloid shall treat all Client Data as Confidential Information. Databloid shall not disclose Client Data to any third party except as permitted by these Terms, the applicable SOW, Client’s explicit written instructions, or as required by law.
      2. Databloid shall ensure that all its personnel, agents, and subcontractors who have access to Client Data are bound by confidentiality obligations no less stringent than those set forth in these Terms.
    2. Data Processing Addendum (DPA): To the extent that Client Data includes Personal Data subject to Applicable Data Protection Laws (e.g., GDPR, CCPA), the parties agree that Databloid acts as a Data Processor and Client as a Data Controller. The terms of a separate Data Processing Addendum, which is hereby incorporated by reference, shall apply to the Processing of such Personal Data. In case of any conflict between these Terms and the DPA regarding Personal Data Processing, the DPA shall prevail.
    3. Data Subject Rights: Databloid shall, to the extent legally permitted, promptly notify Client of any request received from a data subject regarding their Personal Data contained within Client Data. Databloid will reasonably assist Client in fulfilling Client’s obligations to respond to such requests (e.g., access, rectification, erasure, restriction, data portability, objection) under Applicable Data Protection Laws. Client is solely responsible for responding to data subject requests. This applies to both Service Models.
  5. Security Measures
    1. General Security Measures (Applicable to All Services): Databloid personnel involved in providing Services, regardless of model, will adhere to Databloid’s internal security policies, which include:
      1. Employee Training: Regular security and privacy awareness training for all personnel.
      2. Background Checks: Appropriate background checks on personnel in accordance with industry best practices and applicable law.
      3. Device Security: Ensuring Databloid-owned devices used to access Client Data are secured with encryption, anti-malware, and regular patching.
    2. Specific Security Measures by Service Model:
      1. For On-Premise Services:
        1. Client’s Primary Security Responsibility: Client is primarily responsible for implementing and maintaining technical and organizational security measures to protect Client Data within its own systems, including but not limited to network security (firewalls, intrusion detection), physical security of its data centers, access management (user authentication, authorization), and data encryption at rest and in transit within Client’s network.
        2. Databloid’s Limited Exposure: Databloid’s exposure to Client Data is limited to direct access through Client-provided credentials and within Client-controlled environments. Databloid personnel will adhere to Client’s reasonable security policies and procedures while operating on Client systems, provided such policies are communicated in writing to Databloid.
        3. Client Incident Response: Client is responsible for its own Security Incident detection and response within its systems. Databloid will cooperate and assist Client in investigations to the extent related to Databloid’s activities within Client’s systems.
      2. For Cloud-Based Services (Databloid System Services):
        1. Databloid’s Comprehensive Security:** Databloid shall implement and maintain commercially reasonable technical and organizational security measures for Client Data transferred to and stored within Databloid’s systems. These measures include, but are not limited to:
          • Access Control: Implementing user authentication, authorization, and role-based access to systems and data.
          • Data Encryption: Encrypting Client Data both in transit (e.g., TLS/SSL) and at rest (e.g., AES-256 encryption for stored data).
          • Network Security: Employing firewalls, intrusion detection/prevention systems, and secure network configurations for Databloid’s cloud environment.
          • Security Monitoring: Implementing continuous monitoring and logging of access to sensitive data and systems for auditing and anomaly detection.
          • Vulnerability Management: Regularly conducting vulnerability scans and penetration testing, and promptly addressing identified weaknesses.
          • Physical Security: Relying on the physical security measures provided by the reputable third-party cloud hosting providers for their data centers.
        2. Security Incident Response: Databloid shall notify Client without undue delay upon becoming aware of a confirmed Security Incident affecting Client Data within Databloid’s systems. Databloid will promptly investigate and cooperate with Client as detailed in Section 5.2.
    3. Subprocessors: Databloid may engage third-party subprocessors (including cloud providers like AWS, Azure, or Google Cloud, and data processing tools like Alteryx, SAS, or Power BI when hosted by Databloid) to assist in providing the Services. Databloid shall ensure that any such subprocessors are bound by written agreements that impose data protection obligations no less stringent than those set forth in these Terms and the DPA, and that they implement appropriate technical and organizational measures. Databloid shall remain fully liable for the acts and omissions of its subprocessors. A list of current subprocessors is available upon request [or link to a publicly available list]. Client will be notified of any new subprocessors and given an opportunity to object as per the DPA. This applies particularly to Cloud-Based Services.
  6. Audit Rights
    1. Upon reasonable written notice and no more than once per year (unless a Security Incident has occurred), Client may, at its own expense, audit Databloid’s compliance with its obligations under these Terms concerning data governance, privacy, and security. Such audits shall be conducted during Databloid’s regular business hours and in a manner that does not unreasonably interfere with Databloid’s business operations.
    2. Databloid agrees to provide reasonable cooperation and access to relevant documentation (e.g., security policies, audit reports, training records) as may be reasonably necessary for Client to conduct such an audit. For On-Premise Services, audits will focus on Databloid’s internal processes and personnel conduct relating to Client Data. For Cloud-Based Services, audits may include summaries of Databloid’s security posture and relevant third-party attestations (e.g., SOC 2 reports). Direct access to Databloid’s production systems or facilities will be granted only under exceptional circumstances, subject to prior agreement on scope and security protocols, and may require a non-disclosure agreement.
  7. Data Return and Deletion
    1. Upon termination or expiration of the Services, or at Client’s reasonable written request, Databloid will, at Client’s election, either:
      1. For On-Premise Services: Client will maintain control of its Client Data within its systems. Databloid will securely delete any temporary copies or working files containing Client Data that may have been created on Databloid’s personnel devices during the engagement.
      2. For Cloud-Based Services: Return to Client all Client Data in a commonly used format (e.g., CSV, JSON) and securely delete all remaining copies of Client Data from Databloid’s systems, or securely delete all Client Data from Databloid’s systems.
    2. Databloid will complete such return or deletion within [e.g., 60] days of the termination, expiration, or request, unless otherwise required by law. Databloid may retain a copy of Client Data for a limited period solely for backup, archival, or legal compliance purposes, provided such retention is subject to the same security and confidentiality obligations as set forth herein.
  8. Intellectual Property
    1. Client IP: All Client Data and any pre-existing intellectual property of Client shall remain the sole property of Client.
    2. Databloid IP: Any analytical models, reports, or visualizations generated by Databloid as part of the Services are for Client’s internal business use only. Nothing in these Terms grants Client any rights to Databloid’s intellectual property. Unless explicitly stated in a SOW, Databloid retains all right, title, and interest in and to the Services, its methodologies, tools, software (including any proprietary code developed or used by Databloid, such as workflows, models, or scripts in Alteryx, SAS, or Power BI developed by Databloid), and all intellectual property rights related thereto.
    3. No License to Tools: Unless explicitly stated in a SOW, these Terms do not grant Client any license to use Databloid’s third-party data processing tools (e.g., Alteryx, SAS, Power BI) independently.
  9. Indemnification and Limitation of Liability
    1. Client Indemnification: Client shall indemnify, defend, and hold harmless Databloid, its affiliates, and their respective officers, directors, employees, and agents from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising out of or related to:
      1. Client’s breach of its representations, warranties, or obligations under these Terms or any SOW, including any violation of Applicable Data Protection Laws by Client;
      2. Any third-party claim alleging that the Client Data (or its collection, Processing, or use by Databloid as instructed by Client) infringes or violates the intellectual property rights or privacy rights of a third party, or violates Applicable Data Protection Laws.
      3. Any claims arising from Databloid’s access to or activities within Client’s systems for On-Premise Services, to the extent such claims are not solely due to Databloid’s gross negligence or willful misconduct.
    2. Databloid Indemnification: Databloid shall indemnify, defend, and hold harmless Client, its affiliates, and their respective officers, directors, employees, and agents from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising out of or related to:
      1. Databloid’s material breach of its obligations under Section 4 (Privacy and Confidentiality) or Section 5 (Security Measures) of these Terms;
      2. Any third-party claim alleging that the Services (excluding Client Data or third-party components) infringe or violate any intellectual property rights of a third party;
      3. For Cloud-Based Services, any claims arising solely from a Security Incident due to Databloid’s failure to adhere to its security obligations under these Terms.
    3. Limitation of Liability: To the maximum extent permitted by applicable law, in no event shall either party be liable to the other party or any third party for any indirect, incidental, special, consequential, punitive, or exemplary damages (including, without limitation, damages for lost profits, lost revenues, loss of data, business interruption, or loss of business opportunity), arising out of or in connection with these terms or the services, regardless of the form of action, whether in contract, tort (including negligence), strict liability, or otherwise, even if such party has been advised of the possibility of such damages.

      FURTHER, NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THESE TERMS, DATABLOID’S TOTAL CUMULATIVE LIABILITY TO CLIENT FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THESE TERMS OR THE SERVICES, REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR OTHERWISE, SHALL NOT EXCEED THE TOTAL FEES PAID BY CLIENT TO DATABLOID FOR THE SERVICES IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.
      The limitations of liability in this Section 9.3 shall not apply to:
      1. Damages arising from a party’s gross negligence or willful misconduct;
      2. A party’s indemnification obligations under Sections 9.1 or 9.2 (as applicable, up to any caps within those sections, if specified);
      3. Client’s payment obligations hereunder; or
      4. Liabilities that cannot be limited by applicable law (e.g., fraud or certain statutory liabilities).
  10. Governing Law and Dispute Resolution
    1. Governing Law: These Terms and any disputes or claims arising out of or in connection with them (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of the State of Texas, without regard to its conflict of laws principles.
    2. Dispute Resolution:
      1. Informal Resolution: The parties agree to use their best efforts to resolve any dispute, claim, or controversy arising out of or relating to these Terms or the Services through good-faith negotiations between senior representatives of each party.
      2. Mediation (Optional Step): If the parties are unable to resolve the dispute through informal negotiations within [e.g., thirty (30)] days, either party may, by written notice to the other, request that the dispute be submitted to non-binding mediation. The mediation shall be conducted by a mutually agreed-upon mediator in [e.g., McKinney, Texas] or remotely, with the costs shared equally between the parties.
      3. Arbitration (Recommended for Commercial Contracts): If the dispute is not resolved through informal negotiations (and mediation, if elected) within (e.g., sixty) days of the initial notice of dispute (or conclusion of mediation), any unresolved dispute, claim, or controversy arising out of or relating to these Terms or the Services shall be finally settled by binding arbitration administered by the American Arbitration Association (AAA) in accordance with its Commercial Arbitration Rules, and judgment on the award rendered by the arbitrator(s) may be entered in any court having jurisdiction thereof. The arbitration shall take place in McKinney, Texas, and shall be conducted by one (1) arbitrator. The language of the arbitration shall be English.
      4. Waiver of Jury Trial and Class Action: THE PARTIES HEREBY IRREVOCABLY WAIVE THEIR RESPECTIVE RIGHTS TO A JURY TRIAL OF ANY CLAIM OR CAUSE OF ACTION BASED UPON OR ARISING OUT OF THESE TERMS OR THE TRANSACTIONS CONTEMPLATED HEREBY. FURTHER, THE PARTIES AGREE THAT ANY DISPUTES MUST BE BROUGHT IN THE PARTIES’ INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIAL OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING.
      5. Injunctive Relief: Notwithstanding the foregoing, nothing in this Section 10.2 shall prevent either party from seeking injunctive relief in a court of competent jurisdiction to prevent irreparable harm or to protect its intellectual property rights.