Hey there. Below are our standard Terms of Business. Alternative terms with higher indemnity levels  are available for Enterprise clients.

Terms & Conditions - August 21 2024

safedrop is a secure file sharing service run by OD Consultancy Ltd in the UK.

By clicking the “Place order” button,  using a free account,  or signing an Order Form that references these SaaS terms and conditions, you accept that you will be bound by the terms of the Order Form, these SaaS terms and conditions and any Schedules that govern your use of OD Consultancy Limited’s software and online service (“safedrop”)(“Agreement”).

If you are entering in to the Agreement on behalf of a company or other legal entity, any acceptance of these SaaS terms and conditions will be considered a representation by you that you have the authority to bind such entity to these SaaS terms and conditions and the Agreement overall, in which case the terms “Customer”, “you” or “your” shall refer to such entity. If you do not have such authority, or if you do not agree with these SaaS terms and conditions and the Agreement overall, you may not proceed and we will be unable to provide our Services to you.

We, the Supplier, and you, the Customer, agree to the following terms.

Definitions

“Agreement” means these SaaS terms and conditions that govern the provision of the Services, any Schedules, the Order Form and any mutually agreed written amendments to the SaaS terms and conditions, its Schedules and the Order Form from time to time;
“Authorised User” is a person or persons who are authorised by the Customer to use the Services and the Documentation;
“Business Day” means any weekday other than a bank or public holiday in England;
“Business Hours” means the hours of 09:00 to 17:30 GMT/BST on a Business Day;
“Commencement Date” means the earlier of: a) the date that we receive the payment in full in relation to the Order Form; or b) the Customer executing the Order Form;
“Confidential Information” means all confidential information (however recorded, preserved or disclosed and whether marked as confidential or not) disclosed by a party or its representatives to the other party (whether before or after the Commencement Date), any information that would be regarded as sensitive by a responsible business person and any information derived or analysis derived from Confidential Information. For the avoidance of doubt this will not include any information that is in the public domain, was available to the recipient on a non-confidential basis and was lawfully in the possession of the recipient;
“Customer”, “you”, “your” means the person subscribing to the services to whom the Supplier has agreed to provide the Services (Project Fusion) to in accordance with these SaaS terms and conditions;
“Customer Data” the data inputted by the Customer, Authorised Users, or the Supplier on behalf of the Customer for the purpose of using the Services or facilitating the Customer’s use of the Services;
“Data Protection Legislation” unless and until the General Data Protection Regulation (EU) 2016/679 (GDPR) is no longer directly applicable in the UK, (i) the GDPR and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then (ii) any successor legislation to the GDPR or the Data Protection Act 1998;
“Documentation” the documents made available to the Customer by the Supplier online via https://www.safedrop.com or such other web address notified by the Supplier to the Customer from time to time which sets out the user instructions for the Services;
“Environmental Information Regulations” the Environmental Information Regulations 2004 together with any guidance and/or codes of practice issued by the Information Commissioner or relevant government department in relation to such regulations;
“Fees” shall mean the fees payable by the Customer to the Supplier as defined in the Order Form or any other fees as notified by the Supplier from time to time, pursuant to these SaaS terms and conditions;
“FOIA” the Freedom of Information Act 2000;
“Information” has the meaning given under Section 84 of the FOIA;
“Information Security Management System” means Supplier policies and procedures for systematically managing sensitive data, as specified by ISO 27001;
“Initial Subscription Term” has the meaning assigned to it in Schedule 1;
“Month” means calendar month;
“Order Form” means the order form submitted via the Supplier’s website [www.safedrop.com] that describes the specific Services the Customer is purchasing, User Subscriptions and applicable Fees;
“Personal Data” has the meaning given to it under the Data Protection Legislation;
“Process (and Processing)” has the meaning given to it under the Data Protection Legislation;
“Renewal Period” has the meaning assigned to it in Schedule 1;
“Request for Information” shall have the meaning set out in the FOIA or the Environmental Information Regulations as relevant (where the meaning set out for the term “Request” shall apply);
“Supplier Software” means the software applications provided by the Supplier as part of the Services, including any new releases, updates, patches and any other associated object code versions of the software provided by the Supplier from time to time, all HTML code generated by the Supplier Software, as well as any associated media and online or electronic documentation made available by the Supplier from time to time;
“Services” means any services that the Supplier provides to the Customer, or has an obligation to provide to the Customer, under the Agreement;

“Set-up Fee” means any applicable set-up fees as shown on the Order Form;
“Standard Support Hours” means 0900hrs ‑ 1700hrs GMT, Monday ‑ Friday;
“Supplier”, “us”, “ours” means us, OD Consultancy Limited, a company registered in England with its registered number 3389226 and its registered office at Innovation Reception Innovation Way, Discovery Park, Sandwich, Kent, England, CT13 9FF;
“Term” has the meaning assigned to it in Schedule 1;
“Third Party Content” consists of all third party information and/or software applications offered as part of Project Fusion (including templates, documents, text, pictures, sound, graphics, video, software applications, best practices, and other data) that may be contained on Project Fusion or linked to from Project Fusion. Third Party Content specifically excludes Supplier Software;
“Uptime” means all times when Project Fusion is available to be accessed by Users; and
“User Subscriptions” shall mean the user subscriptions purchased by the Customer which entitle Authorised Users to access and use the Services in accordance with these SaaS terms and conditions.

Interpretation

In these conditions unless there is something in the subject or context which is inconsistent therewith:
words importing the masculine gender only shall include the feminine gender and vice versa;
words importing the singular number only shall include the plural number and vice versa;
words importing persons include corporations and vice versa;
the word “including”, unless the context otherwise requires, shall mean “including without limitation”;
any reference to an Act of Parliament shall include any modification extension or re-enactment thereof for the time being in force and shall also include all instruments orders plans regulations permissions and directions for the time being made issued or given thereunder or deriving validity therefrom;
any covenant by the Customer not to do any act or thing shall be deemed to include an obligation not to permit such act or thing to be done and to use its best endeavours to prevent such act or thing being done by a third party;
the paragraph headings do not form part of this Agreement and shall not be taken into account in its construction or interpretation.
any reference in these SaaS terms and conditions to “writing” or cognate expressions includes a reference to email or comparable means of communication.

1. User Subscriptions

1.1. The Supplier hereby grants to the Customer a non-exclusive, non-transferable right to permit the Authorised Users to use the Services and the Documentation for the duration of the Agreement and solely for the Customer’s internal business operations.
1.2. In relation to the Authorised Users, the Customer undertakes that:
1.2.1. the maximum number of Authorised Users that it authorises to access and use the Services shall not exceed the number of User Subscriptions it has purchased from time to time;
1.2.2. it will not allow or suffer any User Subscription to be used by more than one individual Authorised User unless it has been reassigned in its entirety to another individual Authorised User, in which case the prior Authorised User shall no longer have any right to access or use the Services and/or Documentation;
1.3. The rights provided under this clause 1 are granted to the Customer only and shall not be considered granted to any subsidiary or holding company of the Customer.

2. Services

2.1. The Supplier will supply the following services to the Customer (the “Services”): use of the Service (set out on the Order Form and/or Schedule 1); and Support (set out on the Order Form and/or Schedule 2).
2.2. The Supplier shall, during the Term, provide the Services to the Customer on and subject to the terms of the Agreement.
2.3. These SaaS terms and conditions, the Order Form and any Schedules constitute the entire agreement between the parties, supersede any previous agreement or understanding and shall apply to all services supplied by the Supplier to the Customer. In case of inconsistency between the terms of these SaaS terms and conditions, the Schedules and the Order Form, the following order of precedence shall apply: 1) Order Form; 2) the Schedules; and 3) these SaaS terms and conditions.

3. Customer Data

3.1 In so far as required, both parties agree that they will comply with all applicable requirements of the Data Protection Legislation. This clause 3 is in addition to, and does not relieve, remove or replace, a party’s obligations under the Data Protection Legislation.
3.2 The parties acknowledge that for the purposes of the Data Protection Legislation, the Customer is the data controller and the Supplier is the data processor (where Data Controller and Data Processor have the meanings as defined in the Data Protection Legislation). Schedule 3 sets out the scope, nature and purpose of processing by the Supplier, the duration of the processing and the types of personal data (as defined in the Data Protection Legislation, Personal Data) and categories of Data Subject.
3.3 Without prejudice to the generality of clause 3.1, the Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to the Supplier for the duration and purposes of this Agreement.
3.4 Without prejudice to the generality of clause 3.1, the Supplier warrants and undertakes that it shall, in relation to any Personal Data processed in connection with the performance by the Supplier of its obligations under this Agreement:
3.4.1 process that Personal Data only on the written instructions of the Customer unless the Supplier is required by the laws of any member of the European Union or by the laws of the European Union applicable to the Supplier to process Personal Data (Applicable Laws). Where the Supplier is relying on laws of a member of the European Union or European Union law as the basis for processing Personal Data, the Supplier shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Supplier from so notifying the Customer;
3.4.2 ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the Customer, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);
3.4.3 ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; and
3.4.4 not transfer any Personal Data outside of the European Economic Area unless the prior written consent of the Customer has been obtained and the following conditions are fulfilled:
3.4.4.1 the Customer or the Supplier has provided appropriate safeguards in relation to the transfer;
3.4.4.2 the data subject has enforceable rights and effective legal remedies;
3.4.4.3 the Supplier complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and
3.4.4.4 the Supplier complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the Personal Data;
(a) assist the Customer, at the Customer’s cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
(b) notify the Customer without undue delay on becoming aware of a Personal Data breach;
(c) at the written direction of the Customer, delete or return Personal Data and copies thereof to the Customer on termination of the agreement unless required by Applicable Law to store the Personal Data; and
(d) maintain complete and accurate records and information to demonstrate its compliance with this clause 3 (and allow for audits by the Customer or the Customer’s designated auditor).
3.5 The Customer consents to the Supplier appointing the current third-party processors of Personal Data under this Agreement listed at [www.projectfusion.com/resources/sub-processors ] and any other additional third-party processors appointed by the Supplier from time to time, provided that the Supplier will give to the Customer a prior written 60 days’ notice to advise of any such additional third-party processors and the Customer does not object to the appointment of any such additional third-party processors during the 60 days’ notice period. Should the Customer object in writing to any such additional third-party processors being appointed by the Supplier during the 60 days’ notice period, it will have the right to terminate this Agreement upon giving the Supplier at least 30 days’ prior written notice in which case the Customer shall be entitled to the refund of the paid Fee proportionate to the number of full months left from the then current Initial Subscription Term or a Renewal Period from the termination date until the end of the applicable Subscription Term or a Renewal Period, which shall be the Customer’s sole and exclusive remedy if the Customer objects to any new third-party processor. The Supplier confirms that it has entered or (as the case may be) will enter with each of the third-party processors into a written agreement substantially on that third party’s standard terms of business incorporating terms which are substantially similar to those set out in this clause 3. As between the Customer and the Supplier, the Supplier shall remain fully liable for all acts or omissions of any third-party processor appointed by it pursuant to this clause 3.
3.6 The parties may by mutual agreement revise this clause 3 by replacing it with any applicable controller to processor standard clauses or similar terms forming party of an applicable certification scheme.
3.7 The Customer agrees to indemnify and keep indemnified the Supplier and defend it at its own expense against all costs, claims, damages or expenses incurred by the Supplier or for which the Supplier may become liable due to any failure by the Customer or its employees or agents to comply with any of the Customer’s obligations under this clause 3.
3.8 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
3.9 The Supplier shall, in providing the Services, comply with its Information Security Management System relating to the privacy and security of the Customer Data.
3.10 The Supplier will comply with ISO27001:2013 and will be audited annually by a United Kingdom Accreditation Service accredited certification body to confirm adherence. Details available at www.projectfusion.com/security/.

4. Freedom of Information

4.1 The Supplier acknowledges that the Customer may be subject to the requirements of the FOIA and the Environmental Information Regulations and shall assist and cooperate with the Customer to enable the Customer to comply with its Information disclosure obligations.
4.2 The Supplier shall:
(a) transfer to the Customer all Requests for Information that it receives as soon as practicable and in any event within two Business Days of receiving a Request for Information;
(b) provide the Customer with a copy of all Information in its possession, or power within five Business Days (or such other period as the Customer may specify) of the Customer’s request; and
(c) provide all necessary assistance as reasonably requested by the Customer to enable the Customer to respond to the Request for Information within the time for compliance set out in section 10 of the FOIA or regulation 5 of the Environmental Information Regulations.
4.3 The Customer shall be responsible for determining in its absolute discretion and notwithstanding any other provision in this Agreement or any other agreement whether the Commercially Sensitive Information and/or any other Information is exempt from disclosure in accordance with the provisions of the FOIA or the Environmental Information Regulations.
4.4 In no event shall the Supplier respond directly to a Request for Information unless expressly authorised to do so by the Customer.
4.5 The Supplier acknowledges that the Customer may, acting in accordance with the Secretary of State for Constitutional Affairs Code of Practice on the Discharge of the Functions of Public Authorities under Part 1 of the Freedom of Information Act 2000 (“the Code”), be obliged under the FOIA, or the Environmental Information Regulations to disclose information concerning the Supplier or the Services:
(a) in certain circumstances without consulting the Supplier; or
(b) following consultation with the Supplier and having taken their views into account;
(c) provided always that where clause 4.2 applies the Customer shall, in accordance with any recommendations of the Code, take reasonable steps, where appropriate, to give the Supplier advanced notice, or failing that, to draw the disclosure to the Supplier’s attention after any such disclosure.

5. Third Party Suppliers

5.1. The Customer acknowledges that the Services may enable or assist it to access the website content of, correspond with, and purchase products and services from, third parties via third-party websites and that it does so solely at its own risk. The Supplier makes no representation or commitment and shall have no liability or obligation whatsoever in relation to the content or use of, or correspondence with, any such third-party website, or any transactions completed, and any contract entered into by the Customer, with any such third party. Any contract entered into and any transaction completed via any third-party website is between the Customer and the relevant third party, and not the Supplier. The Supplier recommends that the Customer refers to the third party’s website terms and conditions and privacy policy prior to using the relevant third-party website and does not endorse or approve any third-party website nor the content of any of the third-party website made available via the Services.

6. Support

6.1. For the duration of this Agreement, The Supplier shall provide to the Customer support according to the Order Form and Schedule 2.

7. The Customer’s Obligations

7.1. The Customer shall be responsible and entirely liable for all content, including accessing, storing, distributing or transmitting any kind of virus, or any material during the course of its use of the Services that:

7.1.1. is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive;

7.1.2. facilitates illegal activity;

7.1.3. depicts sexually explicit images;

7.1.4. is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability; or

7.1.5. in a manner that is otherwise illegal or causes damage or injury to any person or property;
and the Supplier reserves the right, without liability or prejudice to its other rights to the Customer, to disable the Customer’s access to any material that breaches the provisions of this clause.
7.2. The Customer shall not:
7.2.1. except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties and except to the extent expressly permitted under this Agreement, attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Supplier Software and/or Documentation (as applicable) in any form or media or by any means;
7.2.2. attempt to reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Supplier Software; or
7.2.3. transfer, assign, rent or lease the Supplier Software, the Third Party Content or any of the rights granted in this Agreement to any third party without the prior written consent of the Company, which shall not be unreasonably withheld.
7.3. The Customer shall:
7.3.1. provide the Supplier with:
7.3.1.1. all necessary co-operation in relation to this Agreement; and
7.3.1.2. all necessary access to such information as may be required by the Supplier;
in order to provide the Services, including but not limited to Customer Data, security access information and configuration services;

7.3.2. comply with all applicable laws and regulations with respect to its activities under this Agreement;
7.3.3. be solely responsible for procuring and maintaining its network connections and telecommunications links from its systems to the Supplier’s data centres, and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to the Customer’s network connections or telecommunications links or caused by the internet
7.3.4. use all reasonable endeavours to prevent any unauthorised access to, or use of, the Services and/or the Documentation and, in the event of any such unauthorised access or use, promptly notify the Supplier. The rights provided under this clause 7 are granted to the Customer only, and shall not be considered granted to any subsidiary or holding company of the Customer.

8. The Supplier’s Obligations

8.1. The Supplier undertakes that the Services will be performed substantially in accordance with this Agreement and with reasonable skill and care.
8.2. The undertaking at clause 8.1 shall not apply to the extent of any non-conformance which is caused by use of the Services contrary to the Supplier’s written instructions, or modification or alteration of the Services by any party other than the Supplier or the Supplier’s duly authorised contractors or agents. If the Services do not conform with the foregoing undertaking, the Supplier will, at its expense, use all reasonable commercial endeavours to correct any such non-conformance promptly, or provide the Customer with an alternative means of accomplishing the desired performance. Notwithstanding the foregoing, The Supplier:
8.2.1. does not warrant that the Customer’s use of the Services will be uninterrupted or error-free; or that the Services, Documentation and/or the information obtained by the Customer through the Services will meet the Customer’s requirements; and
8.2.2. is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the Customer acknowledges that the Services and Documentation may be subject to limitations, delays and other problems inherent in the use of such communications facilities.

8.3. This Agreement shall not prevent the Supplier from entering into similar agreements with third parties, or from independently developing, using, selling or licensing documentation, products and/or services which are similar to those provided under this Agreement.

9. Fees and Payment Terms

9.1. The Supplier will invoice the Customer for the Fees as described in the Order Form.
9.2. Unless otherwise is stated in the Order Form, the Customer will pay each of the Supplier’s invoices within 7 days from the date of each of the invoices.
9.3. If the Customer fails to pay an invoice by the date it is due to be paid, the Supplier may charge interest on the unpaid amount until payment (whether payment happens before or after any court judgment). The interest rate is 4% above the base rate of the Bank of England from time to time.
9.4 If the Supplier has not received payment within 1 day after the due date, and without prejudice to any other rights and remedies of the Supplier, the Supplier may, without liability to the Customer, disable the Customer’s password, account and access to all or part of the Services and the Supplier shall be under no obligation to provide any or all of the Services while the invoice(s) concerned remain unpaid.

9.5 The Supplier may increase its fees on any annual anniversary date of this Agreement in line with the percentage increase in the Consumer Prices Index in the preceding 12 month period and shall be based on the latest available figure for the percentage increase in the Consumer Prices Index at the beginning of the last month of the previous contract year by giving the Customer written notice of the increase at least 3 months before that date.

10. Non Solicitation

10.1. Neither party shall (except with the prior written consent of the other party) directly or indirectly solicit or entice away (or attempt to solicit or entice away) from the employment of the other party any person employed or engaged by such other party in the provision of the Services at any time during the term of this Agreement or for a further period of 12 months after the termination of this Agreement other than by means of a national advertising campaign for recruitment and not specifically targeted at any of the staff of the other party.

11. Intellectual Property Rights

11.1. The Supplier shall own all rights, title and interest in and to all of its intellectual property rights and the Customer acknowledges and agrees that the Supplier and/or its licensors own all intellectual property rights in the Services and the Documentation. Except as expressly stated herein, this Agreement does not grant the Customer any rights to, or in, patents, copyright, database right, trade secrets, trade names, trademarks (whether registered or unregistered), or any other rights or licences in respect of the Services or the Documentation.

11.2. Any pre-existing Intellectual Property Rights that belong to any third party will be the absolute property of and will vest and remain vested in the third party proprietor.

11.3. The provisions of this clause 11 shall survive the termination of this Agreement.

12. Intellectual Property Rights Indemnities

12.1. The Supplier shall indemnify and keep indemnified the Customer from and against all costs, claims, demands, liabilities, expenses, damages or losses of whatever nature (including but not limited to legal and other professional costs and expenses) arising out of or from, or incurred by reason of, any claim by any third party of any infringement or alleged infringement of any Intellectual Property Rights as a result (direct or indirect) of the provision, receipt, use, or possession of any intellectual property and/or Services provided by or on behalf of The Supplier provided that:

12.1.1. The Customer is given prompt notice of any such claim;

12.1.2. The Supplier provides reasonable co-operation to the Customer in the defence and settlement of such claim, at the Customer’s expense; and
12.1.3. the Customer is given sole authority to defend or settle the claim.
12.2. The Supplier shall have no liability under clause 12.1 to the extent that the alleged infringement arises out of or as a result of:
12.2.1. infringing Customer materials or third party materials;
12.2.2. the use of any of the Supplier Software in combination with other software, materials, equipment or services which are not supplied by the Supplier or the subject of any of the Services provided pursuant to this Agreement, but only to the extent that to the extent that the claim would not have arisen but for such combination or use;
12.2.3. alterations or amendments made to any of the Supplier Software which is not made by or on behalf of The Supplier.
12.3. The Customer shall indemnify, defend and hold harmless the Supplier against any liability, loss or damage that it incurs, suffers or for which it becomes liable however so arising as a result of or in connection with this Agreement, of any infringement of the Supplier Software or if the Customer infringes the Intellectual Property Rights of any third party provided that such infringement isn’t as a result of intellectual property and/or Services provided by or on behalf of the Supplier.

13. Confidentiality

13.1. Each party may be given access to Confidential Information from the other party in order to perform its obligations under this Agreement.

13.2. Each party shall hold the other’s Confidential Information in confidence using the same degree of care that it uses to protect the confidentiality of its own confidential information and, unless required by law, not make the other’s Confidential Information available to any third party, or use the other’s Confidential Information for any purpose other than the implementation of this Agreement.

13.3. Each party shall take all reasonable steps to ensure that the other’s Confidential Information to which it has access is not disclosed or distributed by its employees or agents in violation of the terms of this Agreement.

13.4. Each party shall keep any Confidential Information received from or belonging to the other party secret (using such measures as is necessary in accordance with good industry practice to protect commercially sensitive and confidential information) and not disclose such Confidential Information to anyone (except on a need to know basis for internal use only where necessary to perform its obligations under this Agreement to its employees or full time contractors bound (in the case of the Supplier) by express written secrecy obligations) or use such Confidential Information other than to perform its obligations under this Agreement without the prior written consent of the relevant disclosing party. The Supplier acknowledges and agrees that it does not require any access to or use of any Customer data in order to perform its obligations under this Agreement.
13.5. Neither party shall be responsible for any loss, destruction, alteration or disclosure of Confidential Information caused by any third party.

13.6. The Customer acknowledges that details of the Services, and the results of any performance tests of the Services, constitute the Supplier’s Confidential Information.

13.7. The Supplier acknowledges that the Customer Data is the Confidential Information of the Customer.

13.8. This clause 13 shall survive termination of this Agreement, however so arising.

14. Term and Termination

14.1. This Agreement starts on the date shown in the Order Form and will continue for the Term unless it is ended earlier under this clause 14.
14.2. Without affecting any other right or remedy available to it, either party may terminate this Agreement with immediate effect by giving written notice to the other party if:
14.2.1. the other party fails to pay any amount due under this Agreement on the due date for payment and remains in default not less than thirty (30) days after being notified in writing to make such payment;
14.2.2. the other party commits a material breach of any other term of this Agreement which breach is irremediable or (if such breach is remediable) fails to remedy that breach within a period of fourteen (14) days after being notified in writing to do so;
14.2.3. the other party repeatedly breaches any of the terms of this Agreement in such a manner as to reasonably justify the opinion that its conduct is inconsistent with it having the intention or ability to give effect to the terms of this Agreement;
14.2.4. the other party suspends, or threatens to suspend, payment of its debts or is unable to pay its debts as they fall due or admits inability to pay its debts or is deemed unable to pay its debts within the meaning of section 123 of the Insolvency Act 1986;
14.2.5. the other party commences negotiations with all or any class of its creditors with a view to rescheduling any of its debts, or makes a proposal for or enters into any compromise or arrangement with its creditors other than for the sole purpose of a scheme for a solvent amalgamation of that other party with one or more other companies or the solvent reconstruction of that other party;
14.2.6. a petition is filed, a notice is given, a resolution is passed, or an order is made, for or in connection with the winding up of that other party other than for the sole purpose of a scheme for a solvent amalgamation of that other party with one or more other companies or the solvent reconstruction of that other party;
14.2.7. an application is made to court, or an order is made, for the appointment of an administrator, or if a notice of intention to appoint an administrator is given or if an administrator is appointed, over the other party;
14.2.8. the holder of a qualifying floating charge over the assets of that other party has become entitled to appoint or has appointed an administrative receiver;
14.2.9. a person becomes entitled to appoint a receiver over the assets of the other party or a receiver is appointed over the assets of the other party;
14.2.10. a creditor or encumbrancer of the other party attaches or takes possession of, or a distress, execution, sequestration or other such process is levied or enforced on or sued against, the whole or any part of the other party’s assets and such attachment or process is not discharged within 14 days; or
14.2.11. in accordance with clause 3.5.

14.3. The Customer may also terminate this Agreement by giving the Supplier 2 months’ written notice in the event that significant technical issues materially impact Uptime and are not remedied by the Supplier within 28 days of such technical issues being notified to the Supplier in writing.
14.4. On termination of this Agreement for any reason:
14.4.1. all licences granted under this Agreement shall immediately terminate
14.4.2. each party shall return and make no further use of any equipment, property, Documentation and other items (and all copies of them) belonging to the other party;
14.4.3. the Supplier may destroy or otherwise dispose of any of the Customer Data in its possession unless the Supplier receives, no later than five Days after the effective date of the termination of this Agreement, a written request for the delivery to the Customer of the then most recent back-up of the Customer Data. The Supplier shall use reasonable commercial endeavours to deliver the back-up to the Customer within 30 days of its receipt of such a written request, provided that the Customer has, at that time, paid all fees and charges outstanding at and resulting from termination (whether or not due at the date of termination). The Customer shall pay all reasonable expenses incurred by the Supplier in returning or disposing of Customer Data; and
14.4.4. any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of the agreement which existed at or before the date of termination shall not be affected or prejudiced.

15. Limitation of Liability

15.1. This clause 15 sets out the entire financial liability of the Supplier (including any liability for the acts or omissions of its employees, agents and sub-contractors) to the Customer:
15.1.1. arising under or in connection with this Agreement;
15.1.2. in respect of any use made by the Customer of the Services and Documentation or any part of them; and
15.1.3. in respect of any representation, statement or tortious act or omission (including negligence) arising under or in connection with this Agreement.
15.2. Except as expressly and specifically provided in this Agreement:
15.2.1. the Customer assumes sole responsibility for results obtained from the use of the Services and the Documentation by the Customer, and for conclusions drawn from such use. The Supplier shall have no liability for any damage caused by errors or omissions in any information, instructions or scripts provided to the Supplier by the Customer or the Customer by the Supplier in connection with the Services, or any actions taken by the Supplier at the Customer’s direction;
15.2.2. all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from this Agreement; and
15.2.3. the Services and the Documentation are provided to the Customer on an “as is” basis.
15.3. Nothing in this Agreement excludes the liability of either party:
15.3.1. for death or personal injury caused by the other party’s negligence; or
15.3.2. for fraud or fraudulent misrepresentation.
15.3.3. for any other liability to the extent that the same may not be excluded or limited as a matter of applicable law
15.4. Subject to clauses 15.1, 15.2 and 15.3:
15.4.1. the Parties shall not be liable whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise for any loss of profits, loss of business, depletion of goodwill and/or similar losses or loss or corruption of data or information, or pure economic loss, or for any special, indirect or consequential loss, costs, damages, charges or expenses however arising under this Agreement; and
15.4.2. Save as any liability by the Customer for the Fees, each Party’s total aggregate liability in contract (including in respect of the indemnities at clause 12), tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of this Agreement shall be limited to two (2) times the amount of fees actually paid by the customer during the twelve (12) months prior to the event giving rise to the liability, save for any breaches of data protection or infringement of intellectual property pursuant to this Agreement, in which case the liability shall be limited to a maximum £100,000.
15.5. The Supplier shall not be liable to the Customer or be deemed to be in breach of this Agreement by reason of any delay in performing, or any failure to perform, any of the Supplier’s obligations in relation to this Agreement, if the delay or failure was due to an Event of Force Majeure (as hereinafter defined).

16. Use of Customer’s Name and Company Name

16.1. The Supplier reserves the right to use the Customer’s name as a reference for marketing or promotional purposes on the safedrop.com website and in other communication with existing or potential customers. To decline the Supplier this right please email support@projectfusion.com stating that you do not wish to be used as a reference. We will always advise you and seek approval before using your name as a reference.

17. Force Majeure

17.1. The Supplier shall have no liability to the Customer under this Agreement if it is prevented from or delayed in performing its obligations under this Agreement, or from carrying on its business, by acts, events, omissions or accidents beyond its reasonable control, including, without limitation, strikes, lock-outs or other industrial disputes (whether involving the workforce of the Supplier or any other party), failure of a utility service or transport or telecommunications network, act of God, war, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm or default of the Supplier’s or sub-contractors, provided that the Customer is notified of such an event and its expected duration.

18. Waiver

18.1. No failure or delay by a party to exercise any right or remedy provided under this Agreement or by law shall constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy shall prevent or restrict the further exercise of that or any other right or remedy.

19. Notices

19.1. Any notice required to be given under this Agreement shall be in writing and shall be delivered by hand or sent by pre-paid first-class post or recorded delivery post to the other party at its address set out in this Agreement, or such other address as may have been notified by that party for such purposes or sent by fax to the other party’s fax number as set out in this Agreement.
19.2. A notice delivered by hand shall be deemed to have been received when delivered (or if delivery is not in business hours, at 9 am on the first business day following delivery). A correctly addressed notice sent by pre-paid first-class post or recorded delivery post shall be deemed to have been received at the time at which it would have been delivered in the normal course of post. A notice sent by fax shall be deemed to have been received at the time of transmission (as shown by the timed printout obtained by the sender). A notice sent by email shall be deemed to have been received at 9am next Business Day.

20. Warranties

The Supplier warrants to the Customer that
20.1. It has the legal right and authority to enter into this Agreement and to perform its obligations under this Agreement;
20.2. it will comply with all applicable legal and regulatory requirements applying to the exercise of the Supplier’s rights and the fulfilment of the Supplier’s obligations under this Agreement;
20.3. it has or has access to all necessary know-how, expertise and experience to perform its obligations under this Agreement;
20.4. it has obtained and will maintain for the duration of the Agreement all permissions, licences and consents necessary to provide the Services and the Supplier Software;
20.5. The Service will conform with the Technical Specifications (set out in schedule 4). If the System does not so conform, the Supplier shall, for no additional charge, promptly ensure that the System complies with the terms of this Clause 20.5;
20.6. it will comply with all applicable laws, enactments, orders, regulations and other similar instruments (including those relating to health and safety, data protection and privacy, non-discrimination, telecommunications, electrical goods and supplies, occupation and use of premises); and
20.7. it will use all reasonable measures including training on confidentiality and data protection to ensure that its staff keep the Customer Data and other information confidential and will keep the same confidential pursuant to this Agreement.

21. Insurance

21.1. The Supplier shall maintain in force the Insurance Policies (as set out in Schedule 5) for the term of this Agreement and for a period of 2 years after the end of this Agreement. The Supplier shall, at the request of the Customer, provide to it copies of the Insurance Policies and evidence that premiums have been paid in full.
21.2. The Supplier shall, during this Agreement, and for a period of 2 years after the end of this Agreement:
21.2.1. administer the Insurance Policies and the Supplier’s relationship with its insurers at all times to preserve the benefits for the Customer as set out in this Agreement;
21.2.2. not do anything to invalidate any Insurance Policy or to prejudice the Customer’s entitlement under any such Insurance Policy; and
21.2.3. procure that the terms of the policies are not altered in any way so as to diminish the benefit to the Customer of the Supplier having the Insurance Policies in place.

22. Invalidity and severability

22.1. If any provision of this Agreement shall be found by any court or administrative body of competent jurisdiction to be invalid or unenforceable the invalidity or unenforceability of such provision shall not affect the other provisions of this Agreement and all provisions not affected by such invalidity or unenforceability shall remain in full force and effect. The parties hereby agree to attempt to substitute for any invalid or unenforceable provision a valid or enforceable provision that achieves to the greatest extent possible the economic legal and commercial objectives of the invalid or unenforceable provision.

23. Entire agreement

23.1. This Agreement, and any documents referred to in it, constitute the whole agreement between the parties and supersede any previous arrangement, understanding or agreement between them relating to the subject matter they cover. If there are any inconsistencies between these SaaS terms and conditions, the Schedules and the Order Form, the following precedence shall apply: 1) Order Form; 2) Schedules; and 3) these SaaS terms and Conditions.
23.2. Each of the parties acknowledges and agrees that in entering into this Agreement it does not rely on any undertaking, promise, assurance, statement, representation or understanding (whether in writing or not) of any person (whether party to this Agreement or not) relating to the subject matter of this Agreement, other than as expressly set out in this Agreement.

24. Successors

24.1. This Agreement shall be binding upon and endure for the benefit of the successors in title of the parties hereto

25. Assignment

25.1. The Customer shall not, without the prior written consent of The Supplier, assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this Agreement.
25.2. The Supplier may at any time assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this Agreement.

26. General

26.1. Nothing in this Agreement is intended to or shall operate to create a partnership between the parties, or authorise either party to act as agent for the other, and neither party shall have the authority to act in the name or on behalf of or otherwise to bind the other in any way (including, but not limited to, the making of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power).
26.2. This Agreement does not confer any rights on any person or party (other than the parties to this Agreement and, where applicable, their successors and permitted assigns) pursuant to the Contracts (Rights of Third Parties) Act 1999.

27. Law

27.1. This Agreement shall be governed by and construed in accordance with English law and the parties hereto agree to submit to the exclusive jurisdiction of the English courts.

SCHEDULE 1 ‑ Services & Term

1. Service

1.1. The Supplier will provide a licence to the Customer under this Agreement, to access and use services defined on the order form.

1.2. Initial Subscription Term

The Initial Subscription Term is the term in calendar months specified on the Order Form or, if none is specified on the Order Form – 12 calendar months from the Commencement Date.

1.3. Renewal Period

The Renewal Period is the period stated on the Order Form, or, if not specified on the Order Form, 12 months.

2. Term

2.1. This agreement shall, unless otherwise terminated as provided in this Schedule 1, commence on the Commencement Date and shall continue for the Initial Subscription Term and, thereafter, this agreement shall be automatically renewed for successive periods of one Renewal Period, unless:
(a) either party notifies the other party of termination, in writing. If the termination is notified 30 days before the end of the Initial Subscription Term or any Renewal Period, this agreement shall terminate upon the expiry of the applicable Initial Subscription Term or Renewal Period. Upon termination, there shall be no refund of fees paid; or
(b) otherwise terminated in accordance with the provisions of this agreement;

and the Initial Subscription Term together with any subsequent Renewal Periods shall constitute the Subscription Term.

3. Supplier Termination

3.1. After a period of 12 months from the Commencement Date and provided that it can demonstrably prove that it is to cease doing business or offering services similar to the Services, the Supplier will be entitled to terminate this Agreement on not less than 3 month’s written notice. The Supplier shall refund to the Client any unused fees and any service credits due on a pro-rated basis within 30 days of such termination.
4. Paragraphs 2 and 3 above are in addition to the provisions of clause 14 of this Agreement “Term and Termination”.

4. Sites

4.1 All services to be hosted in the EU unless otherwise specified in the order form.

4.2 Monthly Bandwidth: For EU or USA cloudflare hosting – 10x your storage allowance. EU and other hosting locations with Amazon or Wasabi hosting,  1x your hosting allowance.  

Example: if your allowance is 1TB, In the UK, every month, up to 1TB can be downloaded. Egress overages charged at £10 per 100Gb. EU is cheaper as we can use lower cost Cloudflare storage there.

SCHEDULE 2 ‑ Support

The following definitions shall apply to this Schedule:
“Business support” means the right to contact the Supplier directly during Business Hours.
“Fault” means that the Service is not performing in according with Schedule 4.
“Premium support” means the right to contact The Supplier directly at any time.
“Problem Resolved” means the identification of the cause or failure in the System, and subsequent application of any necessary permanent correction or change in procedure necessary to achieve a permanent solution. This may include a temporary fix or work around which will mean the problem is still not resolved and therefore not closed as a problem. The Supplier will use reasonable endeavours to investigate and resolve the Fault concerned within the time specified in Schedule 2 Table 1, except for the events described “Severity 1 Exceptions”.
“Response” means categorising a problem/query and making a meaningful action and/or telephone communication, (including the action being taken and estimated resolution time with the appropriate group), in respect of a specific event that has occurred or is occurring (e.g. server problem).

1. Severity Levels

The Supplier will assign each Fault a Severity Level, which determines the response level to each reported incident, on the following basis:

Table 1

Severity

1

Response

Within 15 minutes during Business Hours

Response (Premium Support)

Within 15 minutes

Problem resolved (Business support)

4 hours during Business Hours

Problem resolved (Premium support)

4 hours

2Within 15 minutes during Business HoursWithin 15 minutes8 hours during Business Hours8 hours during Business Hours
3Within 15 minutes during Business HoursWithin 15 minutes5 Business Days5 Business Days

Severity Levels are as follows:

Severity 1 ‑ Critical
The System is restricted from full functionality, which is having a significant effect upon users ability to download or view Customer Data. This does not include faults based on uploading content or adding users. Support engineer will work out of normal hours, 7 days a week.

Severity 2 ‑ High
The System is restricted from full functionality, which is having a significant effect upon a user who is able to add Customer Data to The Services, or add Authorised users to the Services . This includes features like the ability to upload or add users. Support engineer will work during normal hours of cover.

Severity 3 ‑ General
A problem is causing light or medium impact to a user’s use of the System and circumvention has been implemented. Support engineer will work during normal hours of cover.

2. Severity 1 Exceptions
2.1. In the event of a Severity 1 problem caused by an Act of God or a bombing incident, or other incidents as defined in “Force Majeure” the Supplier will have up to 24 hours to resolve the problem.
2.2. In the event of a Severity 1 problem caused by a hardware failure, the Supplier will have up to 12 hours to resolve the problem.

3. 24×7 365 Monitoring

Servers used to provide the Service are automatically monitored every 3 minutes for up time. In the case of a Severity 1 – Critical failure, where the Service is not responding or accessible from any network, the Supplier will attempt to solve the problem using reasonable endeavours within 30 minutes of initial contact or notification by monitoring system.

4. Training

Up to 2 online training sessions per year will be provided by The Supplier. Each session can have up to 10 attendees.

5. Disaster recovery/business continuity;

The supplier will maintain a Business Continuity plan. This will be available for review by The Customer on request at all times, and is part of the suppliers ISO27001 accredited Information Security Management System.

6. Not used

7. Customer Security Requirements

The Supplier will inform the Customer within 72 hours in the event of a data breach.

SCHEDULE 3 DATA PROTECTION

Processing, Personal Data and Data Subjects

1. Processing by the Supplier

Schedule 2 Scope

The Supplier will process the Customer Data strictly in accordance with this Agreement for the purpose of providing the Services to the Customer under this Agreement.

Schedule 3 Nature

Any Customer Data provided by the Customer, including non-sensitive personal data and, potentially, special categories of personal data, at the discretion of the Customer.

Schedule 4 Purpose of processing

To carry out the Services within and outside the EEA as directed by the Customer.

Schedule 5 Duration of the processing

For as long as is necessary to comply with this Agreement for the provision of Services by the Supplier to the Customer, and to comply with the Supplier’s statutory obligations, if applicable.

1. Types of personal data

As may be provided by the Customer from time to time, including but not limited to:
• Names
• Surnames
• Addresses
• Email addresses
• Telephone numbers
• Date of birth
• Marital status
• Occupation
As well as other types of Personal Data as may be submitted by the Customer to the Supplier from time to time to enable the Supplier to provide the Services under this Agreement.

2. Categories of data subject

Some special categories of Personal Data may be processed from time to time, as directed by the Customer to the Supplier.

SCHEDULE 4 technical specification

1. Core features
Core features
• Web based service delivered over port 443.
• Users can login to the service over an API or through a web site.
• Authorised Users are able to send of files up to 1Gb in size to up to 25 recipients.
• Recipents are able to download or view files.
• Files may have extra security applied, including limited number of downloads and expiration dates.
• Encryption of content in transit.
• Auditing of all actions
• Emailed ‘read receipts’ and proof of delivery

Uptime and responsiveness
• The Services shall maintain a 99.99% uptime
• The Services html pages for viewing lists of files shall load in < 5 seconds on a European based broadband connection.
• Downloading a file shall commence within 5 seconds of clicking the download button

Supported Browsers:
• Microsoft Internet Explorer ‑ version 11 or higher.
• Mozilla Firefox ‑ Latest two versions
• Apple Safari ‑ Latest two versions
• Google Chrome ‑ Latest two versions

SCHEDULE 5 Insurance Policies

The Supplier shall obtain and maintain the following insurances in accordance with the terms of this Agreement: The Customer shall have the right to request copies of all Insurance documentation described below if reasonably required to do so, and the Supplier shall provide this on request.
• Employer’s Liability Insurance: limit of at least £5 million per claim/occurrence;
• Public Liability Insurance: limit of at least £5 million per claim/occurrence;
• Product Liability Insurance: limit of at least £5 million per claim/occurrence (in the annual aggregate); and
Professional Indemnity Insurance: limit of at least £2 million per claim. Applicable courts: Worldwide excluding claims brought in USA/Canada.By clicking the “Place order” button or signing an Order Form that references these SaaS terms and conditions, you accept that you will be bound by the terms of the Order Form, these SaaS terms and conditions and any Schedules that govern your use of OD Consultancy Limited’s software and online service (“safedrop”)(“Agreement”).

If you are entering in to the Agreement on behalf of a company or other legal entity, any acceptance of these SaaS terms and conditions will be considered a representation by you that you have the authority to bind such entity to these SaaS terms and conditions and the Agreement overall, in which case the terms “Customer”, “you” or “your” shall refer to such entity. If you do not have such authority, or if you do not agree with these SaaS terms and conditions and the Agreement overall, you may not proceed and we will be unable to provide our Services to you.

We, the Supplier, and you, the Customer, agree to the following terms.