EFFECTIVE DAY Friday, April 11, 2025
These WeConvene Terms of Service (the “Agreement”) are entered into by and between the WeConvene entity set forth below (“WeConvene”) and the entity or person placing an order for, or accessing, any Services (“Customer” or “you”). If you are accessing or using the Services on behalf of your company, you represent that you are authorized to accept this Agreement on behalf of your company, and all references to “you” or “Customer” reference your company.
This Agreement permits Customer to purchase subscriptions to online software as-a-service products and other services from WeConvene pursuant to Enterprise Agreement(s) (defined herein) and sets forth the terms and conditions under which those products and services will be provided. This Agreement includes the Additional Product Terms, incorporated by reference herein.
The “Effective Date” of this Agreement is the date that is the earlier of: (a) Customer’s initial access to any Services (as defined below) through any online registration or order process or (b) the effective date of the first Enterprise Agreement referencing this Agreement.
As used in this Agreement, “WeConvene” means (a) WeConvene, Inc., a Delaware corporation with offices at 99 Wall Street, Ste. 5353, New York, NY 10005, USA.
Modifications to this Agreement: From time to time, WeConvene may modify this Agreement. Unless otherwise specified by WeConvene, changes become effective for Customer upon renewal of Customer’s current Subscription Term (as defined below), or entry into a new Enterprise Agreement. WeConvene will use reasonable efforts to notify Customer of the changes through communications via Customer’s account, email or other means. Customer may be required to click to accept or otherwise agree to the updated Agreement before renewing a Subscription Term or entering
into a new Enterprise Agreement, but in any event continued use of the Services after the updated version of this Agreement will constitute Customer’s acceptance of such updated version.
By indicating your acceptance of this agreement or accessing or using any services, you agree to be bound by all terms, conditions, and notices contained or referenced in this agreement. If you do not agree to this agreement, please do not use any services. For clarity, each party expressly agrees that this agreement is legally binding upon it. This agreement contains mandatory arbitration provisions that require the use of arbitration to resolve disputes, rather than jury trials.
1. Definitions
“Affiliate” means any entity under the control of Customer where “control” means ownership of or the right to control greater than 50% of the voting securities of such entity.
“AUP” means WeConvene’s Acceptable Use Policy, available at https://WeConvene.com/acceptable-use-policy or a successor URL, incorporated into these terms by this reference.
“Contractor” means an independent contractor or consultant.
“Customer Data” means any data, content or other information of any type that is submitted to the Services by or on behalf of Customer, including without limitation: (a) data, content or other information submitted, uploaded, instructed to be used for or imported to the Services by Customer (including from Third Party Platforms) and (b) data, content or other information provided by or about People (including support chat logs) that are collected from the Customer Properties using the Services.
“Dashboard” means WeConvene’s user interface for accessing and administering the Services that Customer may access via the web.
“Documentation” means the technical user documentation provided with the Services.
“Feedback” means comments, questions, suggestions or other feedback relating to any WeConvene product or service, including, without limitation, integrations with Third Party Apps. Feedback does not include any Customer Data.
“Intellectual Property Rights” include all valid patents, trademarks, copyrights, trade secrets, moral rights, and other intellectual property rights, as may exist now or hereafter come into existence, and all renewals and extensions thereof, and all improvements to any of the foregoing, regardless of whether any such rights arise under the laws of any state, country or other jurisdiction.
“WeConvene Apps” means any integrations and applications created or developed by WeConvene or its Affiliates that are made available in WeConvene’s App.
“WeConvene Code” means certain any software programming code, software development kits (SDKs), application programming interfaces (APls), other code or libraries provided by WeConvene for deployment by Customer as part of the use of the Services.
“Laws” means all applicable local, state, federal and international laws, regulations and conventions, including, without limitation, those related to data privacy and data transfer, international communications, and the exportation of technical or personal data.
“Enterprise Agreement” means a written or electronic form referencing this Agreement that is used to order the Services. The Enterprise Agreement may contain details about your order, the applicable service plan, contracted usage quantity (e.g. usage quantity metric identified in the Enterprise Agreement) and Subscription Term. Upon execution by the parties, each Enterprise Agreement will be subject to the terms and conditions of this Agreement.
“People” (in the singular, “Person”) means Customer’s end user customers, potential end user customers, and other users of and visitors to Customer Properties.
“Permitted User” means an employee or Contractor of Customer or its Affiliate who is authorized to access the Service.
“Sensitive Personal Information” means any of the following: (i) credit, debit or other payment card data subject to the Payment Card Industry Data Security Standards (“PCI DSS”); or (ii) any other personal data of an EU citizen deemed to be in a “special category” (as identified in EU General Data Protection Regulation or any successor directive or regulation).
“Services” means WeConvene’s proprietary software-as-a-service solution(s), including the Web App, Public API, WeConvene Code, Invitations and Tokenized Web Pages and, if applicable, those services and features covered by the Additional Product Terms, as described in the applicable Enterprise Agreement.
“Taxes” means any sales, use, GST, value-added, withholding, or similar taxes or levies, whether domestic or foreign, other than taxes based on the income of WeConvene.
“Third Party Messaging App(s)” means a separate, stand-alone application or service accessible apart from the generally available Services to which Customer subscribes. A Third Party Messaging App allows Customer to integrate Customer’s WeConvene App account(s) with Customer’s Third-Party Messaging App services account(s) including but not limited to Intercom, OpenExchange, Zoom.
“Third-Party Platform(s)” means any software, software-as-a-service, data sources or other products or services not provided by WeConvene that are integrated with or otherwise accessible through the Services.
2. WeConvene Services
2.1. Services Overview. WeConvene’s Services are a suite of event management-oriented software-as-a-service solutions offered through an online platform. The Services are designed to enable Customer to create, manage, promote, schedule and execute a broad range of event types. Including also the ability to manage engagement with attendees and participants throughout the entire event lifecycle and manage an ongoing relationship through the platform’s CRM capabilities.
2.2. Provision of Services. Each Service is provided on a subscription basis for a set term designated on the Enterprise Agreement (each, a “Subscription Term”). Customer will purchase and WeConvene will provide the specific Services as specified in the applicable Enterprise Agreement.
Some Services may be subject to Additional Product Terms. By accessing or using a product or feature covered by the Additional Product Terms, Customer hereby agrees that their use of those Services is governed by the applicable Additional Product Terms.
2.3. Access to Services. Customer may access and use the Services solely for its own benefit (and for the benefit of People) and in accordance with the terms and conditions of this Agreement, the Documentation and any scope of use restrictions designated in the applicable Enterprise Agreement (including, without limitation, the usage quantity tracked). Use of and access to the Services is permitted only by Permitted Users. If Customer is given API keys or passwords to access the Services on WeConvene’s systems, Customer will require that all Permitted Users keep API keys, user ID and password information strictly confidential and not share such information with any unauthorized person. User IDs and related credentials are granted to individual, named persons and may not be shared. If Customer is accessing the Services using credentials provided by a third party (e.g., SSO), then Customer will comply with all applicable terms and conditions of such third-party regarding provisioning and use of such credentials. Customer will be responsible for any and all actions taken using Customer’s accounts and passwords. If any Permitted User who has access to a user ID is no longer an employee (or Contractor, as set forth below) of Customer, then Customer will promptly delete such user ID and otherwise terminate such Permitted User’s access to the Service. WeConvene reserves the right to suspend access to any Services or features (including, without limitation, in-app messaging and integrations with Third Party Platforms and Third Party Apps) if Customer has exceeded applicable usage limits (if any) or if WeConvene otherwise determines, in its sole discretion, that Customer is using the applicable Service in a manner that has become excessive, including, but not limited to, storage and bandwidth consumption) and/or negatively impacts the operability, integrity, or security of the Service until usage is reduced to reasonable levels, as determined by WeConvene and/or such impact is resolved to WeConvene’s satisfaction. We may change usage limits at any time, in our sole discretion, without notice.
2.4. WeConvene Apps. To the extent WeConvene provides WeConvene Apps for use with the Services, subject to all of the terms and conditions of this Agreement (unless otherwise indicated in the specific WeConvene App), WeConvene grants to Customer a limited, non-transferable, non-sublicensable, non-exclusive license during any applicable Subscription Term to use the object code form of the WeConvene Apps internally, but only in connection with Customer’s use of the Service and otherwise in accordance with the Documentation and this Agreement.
2.5. WeConvene Code. The right to use the Services includes the right to deploy WeConvene Code within on Customer applications and systems to enable various integrations (email, CRM, etc.) for use with the Services as further described herein. Subject to all of the terms and conditions of this Agreement, WeConvene grants to Customer a limited, non-transferable, non-sublicensable, non-exclusive license during any applicable Subscription Term to implement the WeConvene Code in the form provided by WeConvene in Customer applications and systems solely to support Customer’s use of the Service and otherwise in accordance with the Documentation and this Agreement. Where Customer must implement WeConvene Code to utilize the relevant features of the Services, Customer will implement all necessary WeConvene Code in strict accordance with
the Documentation and other instructions provided by WeConvene. Customer acknowledges that any changes made to the Customer applications and systems after initial implementation of WeConvene Code may cause the Services to cease working or to function improperly and that WeConvene will have no responsibility for the impact of any such Customer changes.
2.6. Contractors and Affiliates. Customer may permit its employees and Contractors and its Affiliates’ employees and Contractors to serve as Permitted Users, provided Customer remains responsible for compliance by such individuals with all of the terms and conditions of this Agreement and any use of the Services by such Permitted Users is for the sole benefit of Customer.
2.7. General Restrictions. Customer will not (and will not permit any third party to): (a) rent, lease, provide access to or sublicense the Services to a third party; (b) use the Services to provide, or incorporate the Services into, any product or service provided to a third party other than the Customer applications; (c) reverse engineer, decompile, disassemble, or otherwise seek to obtain the source code or non-public APls to the Services, except to the extent expressly permitted by applicable law (and then only upon advance notice to WeConvene); (d) copy or modify the Services or any Documentation, or create any derivative work from any of the foregoing; (e) remove or obscure any proprietary or other notices contained in the Services and/or on any reports or data printed from the Services (unless otherwise expressly permitted by WeConvene in advance); (f) publicly disseminate information regarding the performance of the Services; (g) use the Services for competitive analysis purposes; or (h) otherwise violate our AUP.
2.8. WeConvene APls. If WeConvene makes access to any APls available as part of the Services, WeConvene reserves the right to place limits on access to such APls (e.g., limits on numbers of calls or requests). Further, WeConvene may monitor Customer’s usage of such APls and limit the number of calls or requests Customer may make if WeConvene believes that Customer’s usage is in breach of this Agreement or may negatively affect the security, operability, or integrity of the Services (or otherwise impose liability on WeConvene).
2.9. Trial Subscriptions. If Customer receives free access or a trial or evaluation subscription to the Service (a “Trial Subscription”), then Customer may use the Services in accordance with the terms and conditions of this Section (and any other supplemental trial terms agreed by Customer) for a period of fourteen (14) days or such other period granted by WeConvene (the “Trial Period”). Trial Subscriptions are permitted solely for Customer’s evaluation to determine whether to purchase a paid subscription to the Services or an upgrade to a service plan. Trial Subscriptions may not include all functionality and features accessible as part of a paid Subscription Term and may be subject to usage limits. If Customer does not enter into a paid Subscription Term prior to the expiration of the Trial Period, this Agreement and Customer’s right to access and use the Services will terminate at the end of the Trial Period, except as otherwise set forth herein. If stated in the Enterprise Agreement for a specific Service or otherwise communicated in advance by WeConvene to Customer, a paid Subscription Term will commence automatically once the Trial Period expires, and Customer will be charged for any continued use of the Services. WeConvene has the right to terminate a Trial Subscription at any time for any reason.
Notwithstanding anything to the contrary in this agreement, WeConvene will have no warranty, indemnity, support, service level agreement (“SLA”), or other obligations with respect to trial subscriptions.
3. Customer Data and Customer Obligations
3.1. Data Processing by WeConvene. All data processing activities carried out as part of the Services will be governed by the Data Processing Addendum (“DPA”) incorporated by reference herein.
3.2. Rights in Customer Data. As between the parties, Customer will retain all of Customer’s Intellectual Property Rights in and to the Customer Data provided to WeConvene. Subject to the terms of this Agreement, Customer hereby grants to WeConvene a non-exclusive, worldwide, royalty-free right to access, use and display the Customer Data to provide the Services to Customer.
3.3. Storage of Customer Data. WeConvene does not provide an archiving service. WeConvene agrees only that it will not intentionally delete any Customer Data from the Services prior to termination of Customer’s applicable Subscription Term and expressly disclaims all other obligations with respect to storage, except where for regulatory reasons WeConvene is required to retain data, where such retention will not be less than seven (7) years.
3.4. Usage Data and Anonymized Data. In addition to the rights contained in Section 3.2, Customer agrees that WeConvene may use certain technical and other data about Customer’s and People’s use of the Services (“Usage Data”) and/or Customer Data, which is anonymized to remove any personal data of People (“Anonymized Data”) to analyze, improve, support and operate our Services during and after the term of this Agreement, and Customer agrees that WeConvene is permitted to anonymize Customer Data to use for the aforementioned purposes. WeConvene retains all ownership in and to Usage Data and Anonymized Data.
3.5. Customer Obligations.
a. In General. Customer is solely responsible for the accuracy, content and legality of all Customer Data. Customer represents and warrants to WeConvene that Customer has all necessary rights, consents and permissions to collect, share and use all Customer Data as contemplated in this Agreement (including granting WeConvene the rights under Section 3) and that no Customer Data will violate or infringe: (i) any third party Intellectual Property Rights or, publicity, privacy, or other rights, (ii) any Laws, or (iii) any terms of service, privacy or other policies and/or any other agreements governing the Customer Properties or Customer’s accounts with any Third-Party Platforms. Customer will be fully responsible for any Customer Data submitted to the Services by any Person as if it was submitted by Customer.
b. No Sensitive Personal Information. Except as otherwise expressly agreed between the Parties, Customer specifically agrees not to use the Services to collect, store, process or transmit any Sensitive Personal Information. Customer acknowledges that WeConvene is not a payment card processor and that the Services are not PCI DSS compliant. Except for WeConvene’s obligations under any business associate agreement entered into with Customer, Customer shall be responsible for any Sensitive Personal Information it submits to the Service, and Customer acknowledges that WeConvene is not subject to any additional obligations that may apply to any Sensitive Personal Information submitted to the Services.
c. Compliance with Laws. Customer agrees to comply with all applicable Laws in its use of the Services. Without limiting the generality of the foregoing, Customer will not engage in any unsolicited advertising, marketing, or other activities using the Services, including, without limitation, any activities that, to the extent applicable, violate the Telephone Consumer Protection Act of 1991, CAN-SPAM Act of 2003 or any other applicable anti-spam laws and regulations.
d. Disclosures on Customer Applications and Systems. Customer acknowledges that the WeConvene Code may in certain circumstances cause a unique cookie ID to be associated with each Person who accesses the Customer Properties. Where utilized this cookie ID is necessary for WeConvene to provide the Services. Customer acknowledges that where such cookies are utilized as part of the services it will not remove any links to WeConvene’s privacy policy that discloses use of third-party tracking technology to collect data about People and how, and for what purposes, the data collected will be used or shared with third parties where such activity occurs in connection with the Services and as required by applicable Laws. Further, as between Customer and WeConvene, if links to WeConvene’s Privacy Policy are removed by Customer then Customer will be solely responsible for obtaining the necessary clearances, consents and approvals from People under all applicable Laws. Customer can find information about how cookies and similar web technologies are used within the Services in the Privacy Policy. Customer acknowledges that they have read and understand the information in our Privacy Policy, which is hereby incorporated by reference.
3.6 Indemnification by Customer. Customer will indemnify, defend and hold harmless WeConvene from and against any and all third party (including, without limitation, People) claims, costs, damages, losses, liabilities and expenses (including reasonable attorneys’ fees and costs) arising from or relating to any Customer Data, Customer’s use of a Third-Party Platform or breach or alleged breach by Customer of Section 3.5 (Customer Obligations). This indemnification obligation is subject to Customer receiving (i) prompt written notice of such claim (but in any event notice in sufficient time for Customer to respond without prejudice); (ii) the exclusive right to control and direct the investigation, defense, or settlement of such claim; and (iii) all necessary cooperation of WeConvene at Customer’s expense. Notwithstanding the foregoing sentence, (a) WeConvene may participate in the defense of any claim by counsel of its own choosing, at its cost and expense and (b) Customer will not settle any claim without WeConvene’s prior written consent, unless the settlement fully and unconditionally releases WeConvene and does not require WeConvene to pay any amount, take any action, or admit any liability.
4. Security
WeConvene agrees to use commercially reasonable technical and organizational measures designed to prevent unauthorized access to or use of the Services, as described in WeConvene’s Security Policy attached as Schedule 2 to the DPA. However, WeConvene will have no responsibility for errors in transmission, unauthorized third-party access or other causes beyond WeConvene’s control.
5. Third-Party Platforms and Third-Party Apps
5.1. Integration with Third Party Platforms. The Services may support and or offer integrations with certain Third-Party Platforms. Customer may import and export Customer Data between the Services and certain Third-Party Platforms through supported integrations. For the Services to communicate with such Third Party Platforms, Customer may be required to input credentials for the Services to access and receive relevant information from such Third-Party Platforms. By enabling use of the Services with any Third-Party Platform, Customer authorizes WeConvene to access Customer’s accounts with such Third Party Platform for the purposes described in this Agreement. Customer is solely responsible for complying with any relevant terms and conditions of the Third Party Platforms and maintaining appropriate accounts in good standing with the providers of the Third-Party Platforms. Customer acknowledges and agrees that WeConvene has no responsibility or liability for any Third-Party Platform, including, without limitation, any beta releases or pre-release features of a Third-Party Platform, or how a Third-Party Platform uses or processes Customer Data after it is exported to such Third-Party Platform. WeConvene does not guarantee that the Services will maintain integrations with any Third-Party Platform, and WeConvene may disable integrations of the Services with any Third-Party Platform at any time with or without notice to Customer. For clarity, this Agreement governs Customer’s use of and access to the Services, even if accessed through an integration with a Third-Party Platform.
6. Ownership
6.1. WeConvene Technology. This is a subscription agreement for access to and use of the Services. Customer acknowledges that it is obtaining only a limited right to the Services and that irrespective of any use of the words “purchase”, “sale” or like terms in this Agreement, no ownership rights are being conveyed to Customer under this Agreement. Customer agrees that WeConvene or its suppliers retain all right, title and interest (including all Intellectual Property Rights) in and to the Services and all Documentation, integrations with the Services, and any and all related and underlying technology and documentation and any derivative works, modifications or improvements of any of the foregoing, including any Feedback (collectively, “WeConvene Technology”). Except as expressly set forth in this Agreement, no rights in any WeConvene Technology are granted to Customer.
6.2. Feedback. Customer, from time to time, may submit Feedback to WeConvene. WeConvene may freely use or exploit Feedback in connection with the Services and WeConvene Technology. Customer hereby grants to WeConvene a perpetual, non exclusive, transferable, irrevocable, worldwide, royalty-free license (with rights to sublicense) to make, use, sell, offer to sell, reproduce, modify, distribute, make available, publicly display and perform, disclose and otherwise commercially exploit the Feedback.
7. Subscription Term, Fees & Payment
7.1. Subscription Term and Renewals.
a. Monthly Subscription Term. For a month-to-month subscription, the Subscription Term will automatically renew on a monthly basis. Each successive contract month will be considered a “renewal term.” Customer may cancel a month-to-month subscription at any time by contacting support@weconvene.com.
b. Yearly or Multi-Year Subscription Term. For a yearly or multi-year subscription, the initial Subscription Term is set forth in the Enterprise Agreement. The Subscription Term will automatically renew for additional, successive twelve-month periods (each, a “renewal term”), unless either party gives the other written notice of intent not to renew at least ninety (90) days prior to expiration of the initial Subscription Term or then-current renewal term. Customer must send written notice of intent not to renew to ar@weconvene.com.
7.2. Fees and Payment. All fees are set forth in the applicable Enterprise Agreement and will be paid by Customer within thirty (30) days of invoice, unless (a) Customer is paying via a Recurring Payment Method (as defined below) or (b) otherwise specified in the applicable Enterprise Agreement. WeConvene reserves the right to adjust pricing for any service plan and/or any Services to the then-current list price upon the start of any renewal term.
a. Baseline Fee (non-Enterprise Agreement). WeConvene will charge Customer the applicable subscription fee in advance of each billing period. The monthly subscription fee will be based on the contracted quantity of licenses purchased for the applicable service plan plus any upgrades (e.g., Conference functionality), if applicable. Customer’s invoice will also include any fees for one-time services (e.g., additional onboarding services) ordered by Customer.
b. Changes to Contracted Usage (non-Enterprise Agreement). If the contracted usage quantity (e.g., number of licenses, type of license) or service plan is changed during a billing period, Customer’s monthly subscription fee will be prorated accordingly as of the effective date of the change.
c. Services (non-Enterprise Agreement). For any Services that are subject to additional usage charges, the applicable charges will be calculated based on the actual amount of usage of each Service in the given contract month. These additional usage charges will be billed in arrears in the next invoice that Customer receives following the date when the charges were incurred.
d. Licenses (non-Enterprise Agreement). With respect to charges for licenses specifically, if Customer exceeds the originally contracted quantity, the additional licenses activated by Customer will be billed as additional usage charges. In the month the additional licenses are activated, these charges will be prorated as of the effective date of the change and included in the next invoice that Customer receives. Thereafter, these additional usage charges will be pre-billed for each month so that the additional licenses remain activated. At any time, Customer may reduce the then-current full license quantity (but no lower than the originally contracted quantity).
e. Taxes. Except as expressly set forth in this Agreement, all fees are non-refundable. Customer is responsible for paying all Taxes, and all taxes are excluded from any fees set forth in the applicable Enterprise Agreement. WeConvene will invoice Customer for Taxes as well as any legally required fees arising from Customer’s use of Services if WeConvene believes it has a legal obligation to do so, and Customer will pay such Taxes and fees if invoiced. If Customer is required by Law to withhold any Taxes from Customer’s payment, the fees payable by Customer will be increased as necessary so that after making any required withholdings, WeConvene receives and retains (free from any liability for payment of Taxes) an amount equal to the amount it would have received had no such withholdings been made. Any late payments will be subject to a service charge equal to 1.5% per month of the amount due or the maximum amount allowed by law, whichever is less.
7.3. Payment Via Recurring Payment Method. If you are purchasing the Services via credit card, debit card or any other recurring payment method accepted by WeConvene (“Recurring Payment Method”), the following terms apply:
a. Recurring Billing Authorization. By providing Recurring Payment Method information and agreeing to purchase any Services, Customer hereby authorizes WeConvene (or its designee) to automatically charge Customer’s Recurring Payment Method on the same date of each calendar month (or the closest prior date, if there are fewer days in a particular month) during the Subscription Term for all fees accrued as of that date (if any) in accordance with the applicable Enterprise Agreement. Customer acknowledges and agrees that the amount billed and charged each month may vary depending on Customer’s usage of the Services and may include adjustments to monthly subscription fee, upgrade fees, one-time service fees, additional usage charges, taxes and other fees as described above.
b. Foreign Transaction Fees. Customer acknowledges that for certain Recurring Payment Methods, the provider/issuer may charge a foreign transaction fee or other charges.
c. Invalid Payment. If a payment is not successfully settled due to expiration of a Recurring Payment Method, insufficient funds, or otherwise, Customer remains responsible for any amounts not remitted to WeConvene and WeConvene may, in its sole discretion, either (i) invoice Customer directly for the deficient amount, (ii) continue billing the Recurring Payment Method once it has been updated by Customer (if applicable) or (iii) terminate this Agreement.
d. Changing Recurring Payment Method Information. At any time, Customer may change its Recurring Payment Method information by entering update information via the “Settings” page on the Dashboard.
e. Payment of Outstanding Fees. Upon any termination or expiration of the subscription, WeConvene will charge Customer’s Recurring Payment Method (or invoice Customer directly) for any outstanding fees for Customer’s use of the Services during the Subscription Term, after which payment, WeConvene will not charge Customer’s Recurring Payment Method for any additional fees.
7.4. Suspension of Service. If Customer’s account is fifteen (15) days or more overdue, in addition to any of its other rights or remedies (including but not limited to any termination rights set forth herein), WeConvene reserves the right to suspend Customer’s access to the applicable Service (and any related services) without liability to Customer until such amounts are paid in full. WeConvene also reserves the right to suspend Customer’s access to the Services, without liability, if Customer’s use of the Services is in violation of the AUP or this Agreement.
8. Term and Termination
8.1. Term. This Agreement is effective as of the Effective Date and expires on the date of the last to expire Subscription Term under any Enterprise Agreement, unless earlier terminated as set forth herein.
8.2. Termination for Cause. Either party may terminate this Agreement (including all related Enterprise Agreements) if the other party (a) fails to cure any material breach of this Agreement (including a failure to pay fees) within thirty (30) days after written notice; (b) ceases operation without a successor; or (c) seeks protection under any bankruptcy, receivership, trust deed, creditors’ arrangement, composition, or comparable proceeding, or if any such proceeding is instituted against that party (and not dismissed within sixty (60) days thereafter).
8.3. Effect of Termination. Upon any expiration or termination of this Agreement, Customer will immediately cease any and all use of and access to all Services (including any and all related WeConvene Technology) and delete (or, at WeConvene’s request, return) any and all copies of the Documentation, any WeConvene passwords or access codes and any other WeConvene Confidential Information in its possession. Customer acknowledges that after termination, it will have no further access to any Customer Data input into any Service, and that WeConvene may delete any such data as may have been stored by WeConvene at any time. Except where an exclusive remedy is specified, the exercise by either party of any remedy under this Agreement, including termination, will be without prejudice to any other remedies it may have under this Agreement, by law or otherwise.
8.4. Survival. The following Sections will survive any expiration or termination of this Agreement: 2.7 (General Restrictions), 2.9 (Trial Subscriptions), 2.10 (Beta Offerings), 3.3 (Storage of Customer Data), 3.4 (Anonymized Data), 3.6 (Indemnification by Customer), 6 (Ownership), 7.2 (Fees and Payment), 7.3 (Payment Via Recurring Payment Method), 8.3 (Effect of Termination), 8.4 (Survival), 9.2 (Warranty Disclaimer), 12 (Limitation of Liability), 13 (Indemnification), 14 (Confidential Information) and 16 (General Terms).
9. Limited Warranty
9.1. Limited Warranty. WeConvene warrants, for Customer’s benefit only, that each Service will operate in substantial conformity with the applicable Documentation. WeConvene’s sole liability (and Customer’s sole and exclusive remedy) for any breach of this warranty will be, at no charge to Customer, for WeConvene to use commercially reasonable efforts to correct the reported non-conformity, or if WeConvene determines such remedy to be impracticable, either party may terminate the applicable Subscription Term and Customer will receive as its sole remedy a refund of any fees Customer has pre-paid for use of such Service for the terminated portion of the applicable Subscription Term. The limited warranty set forth in this Section 9.1 will not apply: (i) unless Customer makes a claim within thirty (30) days of the date on which Customer first noticed the non-conformity, (ii) if the error was caused by misuse, unauthorized modifications or third-party hardware, software or services, or (iii) if Services are provided to Customer to use on a no-charge, trial, beta or evaluation basis.
9.2. Warranty Disclaimer. Except for the limited warranty in section 9.1, all services are provided “as is”. Neither WeConvene nor its suppliers make any other warranties, express or implied, statutory or otherwise, including but not limited to warranties of merchantability, title, fitness for a particular purpose or non-infringement. WeConvene does not warrant that customers’ use of the services will be uninterrupted or error free, nor does weconvene warrant that it will review the customer data for accuracy. WeConvene shall not be liable for the results of any communications sent or any communications sent or any communications that failed to be sent using the services. WeConvene shall not be liable for delays, interruptions, service failures or other problems inherent in use of the internet and electronic communications, third-party platforms, third party apps, or other systems outside the reasonable control of weconvene. Customer may have other statutory rights, but the duration of statutorily required warranties, if any, shall be limited to the shortest period permitted by law.
10. Availability
10.1. The Services are available subject to WeConvene’s Service Level Agreement (“SLA”).
11. Support
11.1. During the Subscription Term of each Service, WeConvene will provide end user support in accordance with WeConvene’s Support Policy (“Support Policy”).
12. Limitation of Liability
12.1. Consequential Damages Waiver. Except for excluded claims (defined below), neither party (nor its suppliers) shall have any liability arising out of or related to this agreement for any loss of use, lost data, lost profits, failure of security mechanisms, interruption of business, or any indirect, special, incidental, reliance, or consequential damages of any kind, even if informed of the possibility of such damages in advance.
12.2. Liability Cap. Except for excluded claims (defined below), each party’s entire liability to the other arising out of or related to this agreement shall not exceed the amount actually paid or payable by customer to weconvene under the agreement giving rise to the liability in the twelve (12) months immediately preceding the claim.
12.3. Excluded Claims. means any claim arising (a) from Customer’s breach of Section 2.7 (General Restrictions); (b) under Section 3.5 (Customer Obligations) or 3.6 (Indemnification by Customer); or (c) from a party’s breach of its obligations in Section 14 (Confidential Information) (but excluding claims arising from operation or non-operation of any Service or relating to Customer Data).
12.4. Nature of Claims and Failure of Essential Purpose. The parties agree that the waivers and limitations specified in this Section 12 apply regardless of the form of action, whether in contact, tort (including negligence), strict liability or otherwise and will survive and apply even if any limited remedy specified in this Agreement is found to have failed of its essential purpose.
12.5. Applicable Law. The limitations on liability under this Section 12 will not apply to the extent such liability cannot be limited under applicable law.
13. Indemnification
WeConvene will defend Customer from and against any claim by a third party alleging that a Service when used as authorized under this Agreement infringes any Intellectual Property Rights and will indemnify and hold harmless Customer from and against any damages and costs finally awarded against Customer or agreed in settlement by WeConvene (including reasonable attorneys’ fees) resulting from such claim, provided that WeConvene will have received from Customer: (i) prompt written notice of such claim (but in any event notice in sufficient time for WeConvene to respond without prejudice); (ii) the exclusive right to control and direct the investigation, defense and settlement (if applicable) of such claim; and (iii) all reasonable necessary cooperation of Customer. If Customer’s use of a Service is (or in WeConvene’s opinion is likely to be) enjoined, if required by settlement or if WeConvene determines such actions are reasonably necessary to avoid material liability, WeConvene may, in its sole discretion: (a) substitute substantially functionally similar products or services; (b) procure for Customer the right to continue using such Service; or if (a) and (b) are not commercially reasonable, (c) terminate this Agreement and refund to Customer the fees paid by Customer for the portion of the Subscription Term that was paid by Customer but not rendered by WeConvene. The foregoing indemnification obligation of WeConvene will not apply: (1) if such Service is modified by any party other than WeConvene, but solely to the extent the alleged infringement is caused by such modification; (2) if such Service is combined with products or processes not provided by WeConvene, but solely to the extent the alleged infringement is caused by such combination; (3) to any unauthorized use of such Service; (4) to any action arising as a result of Customer Data or any third-party deliverables or components contained within such Service; (5) to any action arising from Customer’s use of Third Party Apps or Third-Party Platforms; or (6) if Customer settles or makes any admissions with respect to a claim without WeConvene’s prior written consent. This section 13 sets forth intercom’s and its suppliers’ sole liability and customer’s sole and exclusive remedy with respect to any claim of intellectual property infringement.
14. Confidential Information
Each party (as “Receiving Party”) agrees that all code, inventions, know-how, business, technical and financial information it obtains from the disclosing party (“Disclosing Party”) constitute the confidential property of the Disclosing Party (“Confidential Information”), provided that it is identified as confidential at the time of disclosure or should be reasonably known by the Receiving Party to be confidential or proprietary due to the nature of the information disclosed and the circumstances surrounding the disclosure. Any WeConvene Technology, performance information relating to any Service, and the terms and conditions of this Agreement will be deemed Confidential Information of WeConvene without any marking or further designation. Except as expressly authorized herein, the Receiving Party will (1) hold in confidence and not disclose any Confidential Information to third parties and (2) not use Confidential Information for any purpose other than fulfilling its obligations and exercising its rights under this Agreement. The Receiving Party may disclose Confidential Information to its employees, agents, contractors and other representatives having a legitimate need to know (including, for WeConvene, the subcontractors referenced in Section 16.8 (Subcontractors)), provided that such representatives are bound to confidentiality obligations no less protective of the Disclosing Party than this Section 14 and that the Receiving Party remains responsible for compliance by any such representative with the terms of this Section 14. The Receiving Party’s confidentiality obligations will not apply to information that the Receiving Party can document: (i) was rightfully in its possession or known to it prior to receipt of the Confidential Information; (ii) is or has become public knowledge through no fault of the Receiving Party; (iii) is rightfully obtained by the Receiving Party from a third party without breach of any confidentiality obligation; or (iv) is independently developed by employees of tne receiving Party who has no access to such information. The Receiving Party may make disclosures to the extent required by law or court order, provided the Receiving Party notifies the Disclosing Party in advance and cooperates in any effort to obtain confidential treatment. The Receiving Party acknowledges that disclosure of Confidential Information would cause substantial harm for which damages alone would not be a sufficient remedy, and therefore that upon any such disclosure by the Receiving Party the Disclosing Party will be entitled to seek appropriate equitable relief in addition to whatever other remedies it might have at law.
15. Publicity
WeConvene may, upon Customer’s prior written consent, use Customer’s name to identify Customer as an WeConvene customer of the Services, including on WeConvene’s public website. WeConvene agrees that any such use shall be subject to WeConvene complying with any written guidelines that Customer may deliver to WeConvene regarding the use of its name and shall not be deemed Customer’s endorsement of the Services.
16. General Terms
16.1. Assignment. This Agreement will bind and inure to the benefit of each party’s permitted successors and assigns. Neither party may assign this Agreement without the advance written consent of the other party, except that either party may assign this Agreement in connection with a merger, reorganization, acquisition or other transfer of all or substantially all of such party’s assets or voting securities. Any attempt to transfer or assign this Agreement except as expressly authorized under this Section 16.1 will be null and void.
16.2. Severability. If any provision of this Agreement will be adjudged by any court of competent jurisdiction to be unenforceable or invalid, that provision will be limited to the minimum extent necessary so that this Agreement will otherwise remain in effect.
16.3. Governing Law; Dispute Resolution.
a. Direct Dispute Resolution. In the event of any dispute, claim, question, or disagreement arising from or relating to this agreement, whether arising in contract, tort or otherwise, (“Dispute”), the parties shall first use their best efforts to resolve the Dispute. If a Dispute arises, the complaining party shall provide written notice to the other party in a document specifically entitled “Initial Notice of Dispute,” specifically setting forth the precise nature of the dispute (“Initial Notice of Dispute”). If an Initial Notice of Dispute is being sent to WeConvene it must be emailed to support@weconvene.com.
Following receipt of the Initial Notice of Dispute, the parties shall consult and negotiate with each other in good faith and, recognizing their mutual interest, attempt to reach a just and equitable solution of the Dispute that is satisfactory to both parties (“Direct Dispute Resolution”). If the parties are unable to reach a resolution of the Dispute through Direct Dispute Resolution within thirty (30) days of the receipt of the Initial Notice of Dispute, then the Dispute may subsequently be resolved in a court of law as set forth below.
b. Choice of Law and Jurisdiction. For any claim which is not subject to this dispute resolution provision, customer agrees to submit and consent to the personal and exclusive jurisdiction in, and the exclusive venue of, the state and federal courts located within New York county, New York. In any dispute, New York law shall apply.
16.4. Counterparts. This Agreement may be executed in counterparts, each of which will be deemed an original and all of which together will be considered one and the same agreement.
EFFECTIVE DAY Tuesday, April 15, 2025
1. PURPOSE AND SCOPE
1.1 At WeConvene, we respect your privacy and data protection rights and recognize the importance of protecting the personal data we collect and process. This Privacy Policy is designed to help you to understand what personal data we collect about you and how we use and share it.
1.2 When we refer to WeConvene, we mean WeConvene Group Limited (Cayman) and WeConvene Inc, with its address at 99 Wall Street, Ste 5353, New York, NY, 10005.
1.3 This Privacy Policy applies to you if you:
• interact with any of WeConvene’s websites (including www.weconvene.com and www.app.weconvene.com or our social media pages (collectively, the “Sites”) (“website users”);
• visit any of WeConvene’s premises (“office visitors”);
• attend any WeConvene events or any events which WeConvene sponsors (“event attendees”);
• use WeConvene’s communication and messaging products, and our other applications and services (collectively, the “WeConvene Services”) (“customers”)
• are a prospect, who is anyone whose data WeConvene processes for the purposes of assessing customer eligibility (“prospect”); or
• receive marketing communications from WeConvene.
Our Privacy Policy applies to you irrespective of where you are based. There are certain additional parts of the Privacy Policy that will apply to you where you are a resident of the EEA, UK, Switzerland, or California. These additional parts do not apply to everyone.
1.4 For the purposes of the General Data Protection Regulation (or any successor or equivalent legislation in the UK) (“GDPR”), either WeConvene Group Limited or WeConvene, Inc., WeConvene Australia Pty Ltd, or any other WeConvene group company from time to time, is the controller of your personal data.
2. PERSONAL DATA COLLECTED BY WECONVENE
2.1 PERSONAL DATA WE COLLECT AND RECEIVE
The personal data that we collect about you broadly falls into the categories set out in the following table. Some of this information you provide voluntarily when you interact with the WeConvene Services and Sites, or when you attend an event or visit our premises. Other types of information may be collected automatically from your device, such as device data and service data. From time to time, we may also receive personal data about you from third party sources (as further described in the table).
We may collect the following personal data about:
1. our website and application users;
2. recipients of marketing communications; and
3. relevant prospects.
Registration, contact, and company information:
• first and last names;
• email addresses;
• phone numbers;
• avatars;
• company name;
• your role in your company.
Device data:
• operating system type and version number, manufacturer and model;
• browser type;
• screen resolution;
• IP address;
• unique device identifiers.
Service data:
• the website you visited before browsing to the WeConvene Services;
• how long you spend on a page or screen;
• how you interact with our emails;
• navigation paths between pages or screens;
• date and time;
• pages viewed;
• links clicked.
We may collect the following personal data about event attendees:
Registration, contact and company information:
• first and last names;
• email addresses;
• phone numbers;
• company name;
• your role in your company.
We may collect the following personal data about our customers and end-users (to the extent applicable):
Registration and contact information:
• first and last names;
• email addresses;
• phone numbers;
• mailing addresses;
• company name;
• your role in your company.
Device data:
• operating system type and version number, manufacturer and model;
• browser type and language;
• screen resolution;
• IP address;
• unique device identifiers.
Service data:
• the website you visited before browsing to the services;
• how long you spend on a page or screen;
• navigation paths between pages or screens;
• session date and time;
• activity status (including first seen, last seen, last heard from – and last contacted);
• pages viewed;
• links clicked;
• language preferences
• tags applied within customer accounts
• WeConvene assigned user identifier.
2.2 COOKIES AND OTHER TRACKING TECHNOLOGIES
Some device data, service data and third-party source data is collected through the use of first or third party cookies and similar technologies. The WeConvene Support Chat service does not collect, retain, or share data regarding a particular user’s activity across multiple websites or applications that are not owned by WeConvene. WeConvene does assign each user a unique user ID within the scope of an individual website but does not collect or retain IP or any information that would allow WeConvene to identify the same user on more than one website. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals.
3. HOW AND WHY, WE USE YOUR PERSONAL DATA
3.1 We only collect and process your personal data from your sign-up and registration or onboarding (for enterprise clients) we do not process or use your personal data where it is added to the platform by one of our enterprise customers for their own use. The data that we do collect and process we do so for the following purposes and, if you are from the European Economic Area (EEA), the UK or Switzerland, on the following legal bases:
• Providing and facilitating delivery of WeConvene Services and Sites: We process your personal data to perform our contract with you for use of our Services and Sites and to fulfill our obligations under applicable terms of service. Where we have not entered into a contract with you, we process your personal data in reliance on our legitimate interests to operate and administer the WeConvene Services and Sites. For example, to create, administer and manage your account.
• Communicating with you about WeConvene Services and providing customer support: We may send you service, technical and other administrative messages in reliance on our legitimate interests in administering the WeConvene Services. For example, we may send you messages about the availability or security of the WeConvene Services. We also process your personal data to respond to your comments and questions and to provide customer care and support. When we have entered into an agreement with you, we will process your personal data as necessary to meet our contractual obligations to you.
• Improving WeConvene Services and Sites: We process your personal data to improve and optimize WeConvene Services and Sites and to understand how you use WeConvene Services and Sites, including monitor usage or traffic patterns and to analyze trends and to develop new products, services, features and functionality in reliance on our legitimate interests or, where necessary, to the extent you have provided your consent.
• Sending marketing communications: We process your personal data to send you marketing communications via email about our products, services and upcoming events that might interest you in reliance on our legitimate interests or where we seek your consent. Please see the “Your Privacy Rights and Choices” section below to learn how you can control your marketing preferences.
• Managing event registrations and attendance: We process your personal data to plan and host events for which you have registered or that you attend, including sending related communications to you. This processing is based on our legitimate interest in ensuring the successful organization of the event, as well as providing you with relevant information regarding your participation.
• Maintaining security of WeConvene Services and Sites: We process your personal data to control unauthorized use or abuse of WeConvene Services and Sites, or otherwise detect, investigate or prevent activities that may violate WeConvene policies or applicable laws, in reliance on our legitimate interests to maintain and promote the safety and security of the WeConvene Sites and Services.
• Displaying personalized Events: We process your personal data to advertise to you and to provide personalized information, including by serving and managing Events on our Sites and on third party sites.
• Carrying out other legitimate business purposes: including invoicing, audits, fraud monitoring and prevention. This processing is based on our legitimate interest in ensuring efficient business operations and on the necessity to comply with legal obligations.
• Complying with legal obligations: We process your personal data when cooperating or complying with public and government authorities, courts or regulators in accordance with our obligations under applicable laws and to protect against imminent harm to our rights, property or safety, or that of our users or the public, as required or permitted by law.
3.2 In certain circumstances, we may collect your personal data on a different legal basis. If we do, or if we use your personal data for purposes that are not compatible with, or are materially different than, the purposes described in this notice or the point of collection, we will explain how and why we use your personal data in a supplementary notice at or before the point of collection. Where we refer to legal bases in this section, we mean the legal grounds on which organizations can rely when processing personal data.
3.3 Please note these legal bases only apply to you if you are resident in the EEA, the UK or Switzerland.
3.4 If you have any questions about our legal bases for processing your personal data, please contact us through support@weconvene.com.
4. SHARING YOUR PERSONAL DATA
4.1 We may disclose some or all of the personal data we collect to the following third parties:
To WeConvene Group Companies:
• WeConvene Inc.;
• WeConvene Group Limited;
• WeConvene Australia Pty Ltd;
• Any such other group companies, as may be added to this list from time to time.
Service Providers:
• Consultants and vendors engaged by us to support our provision of the WeConvene Services and Sites and the operation of our business;
• Any such other Service Providers, as may be added to the Subprocessor list, from time to time.
Professional Advisors:
• Professional advisors, such as lawyers, auditors and insurers, in the course of the professional services that they render to us.
Compliance with Law Enforcement:
• Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
• Protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
• Enforce the terms and conditions that govern the Services; and
• Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
Business Transfers:
• Parties to transactions or potential transactions (and their professional advisors) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business, assets, or equity interests of WeConvene Group Companies (including, as part of a bankruptcy or similar proceeding).
4.2 Aggregated or anonymized information. We may also share aggregated or anonymized information with third parties for other purposes. Such information does not identify you individually, but may include usage, viewing and technical information, and performance metrics related to the use of our website and application which we collect through our technology, products and services. If we are required under applicable law to treat such information as personal data, then we will only disclose it as described above. Otherwise, we may disclose such information for any reason.
4.3 Third party websites. WeConvene Services may also contain links to third party websites. This Privacy Policy applies solely to information processed by us. You should contact the relevant third-party websites for more information about how your personal data is processed by them.
5. RETENTION OF YOUR PERSONAL DATA
5.1 We retain your personal data only for as long as necessary to fulfill the purposes set out in this Privacy Policy.
5.2 Note that content you post may remain on the Sites even if you cease using the Sites or we terminate access to the Sites.
6. TRANSFERS OF YOUR PERSONAL DATA
6.1 WeConvene Services and Sites, and our extended domains are provided and hosted in the United States. If you are located outside the United States, we may transfer, and process, your personal data outside of the country in which you are resident to other WeConvene Group Companies and our EU based service providers and other such countries as we deem appropriate from time to time. These countries may not have equivalent privacy and data protection laws (and, in some cases, may not be as protective). We will protect your personal data in accordance with this Privacy Policy wherever it is processed.
6.2 Certain recipients (our service providers and other companies) who process your personal data on our behalf may also transfer personal data outside the country in which you are resident. Where such transfers occur, we will make sure that an appropriate transfer agreement is put in place to protect your personal data.
6.3 If you are a resident of the EEA, the UK or Switzerland, we will protect your personal data when it is transferred outside of the EEA, the UK or Switzerland by processing it in a territory which the European Commission has determined provides an adequate level of protection for personal data; or otherwise ensuring appropriate safeguards are in place to protect your personal data. For transfers of your personal data to:
• WeConvene Group Companies based in the US, we rely on the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF (“UK-U.S. DPF”), and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, visit htps://www.dataprivacyframework.gov/;
• other WeConvene Group Companies based outside of the US, we rely on the EU Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA); and
• recipients who are located outside of the EEA, the UK or Switzerland, we rely on the EU-U.S. DPF, UK-U.S. DPF or Swiss-U.S. DPF where those recipients are located in the US or for onward transfers from the US, and otherwise we rely on the EU Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA).
6.4 WeConvene, Inc. complies with the EU-U.S. DPF, the UK-U.S. DPF, and the Swiss-U.S. DPF as set forth by the U.S. Department of Commerce. WeConvene, Inc. has certified to the U.S. Department of Commerce that it adheres to (i) the EUU.S. DPF Principles with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK-U.S. DPF and (ii) the Swiss-U.S. DPF Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
6.5 In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, WeConvene, Inc. commits to resolve DPF Principles-related complaints about our collection and use of your Personal Information. EU, UK and Swiss individuals with inquiries or complaints regarding our handling of Personal Information received in reliance on the EU-U.S. DPF, the UK Extension to the EUU.S. DPF or the Swiss-U.S. DPF should first contact WeConvene through support@weconvene.com.
6.6 In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, WeConvene, Inc. commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (“DPAs”), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. Under certain conditions, it may be possible to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms, see here for additional information.
WeConvene Inc. remains responsible if its service provider, when acting on its behalf, processes personal data in a manner inconsistent with the DPFPrinciples, unless it is not responsible for the event, giving rise to the damage.
The Federal Trade Commission has jurisdiction over WeConvene, lnc.’s compliance with the EU-U.S. Data Privacy Framework EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
7. HOW WE STORE AND SAFEGUARD PERSONAL DATA
We care about protecting personal data. That is why we put in place appropriate measures that are designed to secure your personal data. You can find out more about our technical and organizational safeguards on our Security page: https://www.WeConvene.com/security.
8. YOUR PRIVACY RIGHTS AND CHOICES
8.1 Depending on your location and subject to applicable laws, you may have certain data protection rights. If you are a resident of the EEA or the UK, you have the following data protection rights:
• If you wish to access, correct, update or request deletion of your personal data, you can do so at any time.
• You can object to processing your personal data, ask us to restrict processing of your personal data or request portability of your personal data.
• You have the right to opt-out of marketing communications we send you at any time. If you no longer wish to receive our newsletter and promotional communications, you may opt-out of receiving them by clicking on the “unsubscribe” or “opt-out” link in the communications we send you. Please note, however, that it may not be possible to opt-out of certain service related communications. You can let us know at any time if you do not wish to receive marketing messages by contacting us using the contact details below.
• Similarly, if we have collected and processed your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
• You have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority.
8.2 You can exercise any of these rights by submitting a request via support@weconvene.com
9. CHILDREN’S PRIVACY
Our Services and Sites are not intended for use by anyone under the age of 16. WeConvene does not knowingly collect personal data from anyone under the age of 16. If you are under 16, you may not attempt to register for our Services or send any information about yourself to us, including your name, address, telephone number, or email address. If we become aware that we have collected personal data from someone under the age of 16 without verification of parental consent, we will delete that information promptly. If you are a parent or legal guardian of a child under 16 and believe that a child has provided us with their personal data, please contact us through our Privacy Request Form.
10. CHANGES TO THIS NOTICE AND QUESTIONS
10.1 We may amend this Privacy Policy from time to time in response to changing legal, technical or business developments. When we update it, we will take appropriate measures to inform you consistent with the significance of the changes we make. If we make material updates to this Privacy Policy, we will update the effective date at the top of the Privacy Policy.
10.2 We have appointed a Data Protection Officer responsible for managing and addressing inquiries related to this Privacy Policy. If you have any questions, comments or concerns about this Privacy Policy or the way your personal data is being used or processed by WeConvene, please contact us through our Privacy Request Form or by using the Contact Us link in the footer of this page.
11. COLLECTION AND USE OF PERSONAL DATA OF CALIFORNIA RESIDENTS
11.1 Except as otherwise provided, this Section 11 applies only if you are a California resident. For purposes of this section, “Personal Information” has the meaning given in the California Consumer Privacy Act (“CCPA”), the California Privacy Rights Act of 2020 (“CPRA”), and any regulations promulgated under either law, in each case, as amended from time to time.
Section 11 does not apply to;
• information exempted from the scope of the CCPA;
• activities governed by a different privacy notice, such as notices we give to California personnel or job candidates; or
• Personal Information we collect, use, and share on behalf of our customers as a “service provider” under the CCPA.
11.2 YOUR CALIFORNIA PRIVACY RIGHTS
• Right to Information/Know You can request whether we have collected your Personal Information, and in certain cases, the following information about how we have collected and used your Personal Information during the past 12 months:
• The categories of Personal Information we have collected.
• The categories of sources from which we collected Personal Information.
• The business or commercial purpose for collecting, sharing, and/or selling Personal Information.
• The categories of Personal Information that we sold or disclosed for a business purpose.
• The categories of third parties to whom Personal Information was sold, shared, or disclosed for a business purpose.
• Right to Access. You can request a copy of the Personal Information that we have collected about you during the past 12 months.
• Right to Correction. You can request that we correct inaccurate Personal Information that we have collected about you.
• Right to Deletion. You can ask us to delete the Personal Information that we have collected from you.
• Right to Opt-Out of Tracking for Targeted Advertising Purposes. While we do not sell Personal Information for money, like many companies, we use services that help deliver targeted ads (also known as interest-based ads) to you, as we have described in the “How and Why We Use Your Personal Data” section above. The CCPA classifies our use of some of these services as “sharing” your Personal Information with the advertising partners that provide the services from which you have the right to opt-out.
• Right to Nondiscrimination. You are entitled to exercise the rights described above free from discrimination prohibited by the CCPA.
11.3 HOW TO EXERCISE YOUR RIGHTS
• Right to Information/Know, Access, Correction, and Deletion. You can exercise any of these rights by submitting a request through support@weconvene.com
Security Policy
Effective day Tuesday, April 22, 2025
Overview
All members of the WeConvene team take the protection of customer data extremely seriously. This WeConvene Security Policy describes the organizational and technical measures WeConvene implements across its entire application ecosystem and company infrastructure designed to prevent unauthorized access, use, alteration or disclosure of customer data. WeConvene services operate on Amazon Web Services (“AWS”); this policy describes activities of WeConvene within its instance on AWS unless otherwise specified. As you continue to learn more about WeConvene we recommend you also review our Terms of Service and Privacy Policy.
Best Practices
Incident Response Plan
• We have implemented a formal procedure for security events and have educated all our staff on our policies.
• When security events are detected, they are escalated to our executive team, development teams are notified and assembled to rapidly address the event.
• After a security event is fixed, we write up a post-mortem analysis.
• The analysis is reviewed in person, distributed across the company and includes action items that will make the detection and prevention of a similar event easier in the future.
• WeConvene will promptly notify you in writing upon verification of a security breach of the WeConvene services that affects your data. Notification will describe the breach and the status of WeConvene’s investigation.
Build Process Automation
• We have functioning, frequently used automation in place so that we can safely and reliably rollout changes to both our application and operating platform within minutes.
Infrastructure
• All of our services run in the cloud. WeConvene does not run our own routers, load balancers, DNS servers, or physical servers.
• All of our services and data are hosted in AWS facilities and protected by AWS security, as described at http://aws.amazon.com/security/sharing-the security-responsibility. WeConvene services have been built with disaster recovery in mind.
• All of our infrastructure is spread across 2 AWS data centers and is designed to continue to work should any one of those data centers fail unexpectedly. Amazon does not disclose the location of its data centers. As such, WeConvene builds on the physical security and environmental controls provided by AWS. See http://aws.amazon.com/security for details of AWS security infrastructure.
• All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACL’s) that prevent unauthorized requests getting to our internal network.
• WeConvene uses a backup solution for datastores that contain customer data.
• Customer data is stored in multi-tenant datastores; we do not have individual datastores for each customer. However strict privacy controls exist in our application code that are designed to ensure data privacy and to prevent one customer from accessing another customer’s data (i.e., logical separation). We have many unit and integration tests in place to ensure these privacy controls work as expected. These tests are run every time our codebase is updated and even one single test failing will prevent new code being shipped to production.
• Each WeConvene system used to process customer data is using commercially reasonable methods according to industry-recognized system-hardening standards.
• WeConvene engages certain sub processors to process customer data. These sub processors are listed at https://www.WeConvene.com/security-third-parties, as may be updated by WeConvene from time to time.
Data Transfer
• All data sent to or from WeConvene is encrypted in transit using 256-bit encryption.
• Our API and application endpoints are TLS/SSL only and score an “A+” rating on SSL Labs’ tests. This means we only use strong cipher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled.
• We also encrypt data at rest using an industry-standard AES-256 encryption algorithm.
Authentication
• WeConvene is served 100% over https. WeConvene runs a zero-trust corporate network.
• There are no corporate resources or additional privileges from being on WeConvene’s network.
• We have two-factor authentication (2FA) and strong password policies on AWS, WeConvene and all other third-party applications used by WeConvene to ensure access to cloud services are protected.
Permissions and Administrative Controls
• WeConvene enables permission levels to be set for any employees with access to WeConvene.
• Permissions and access can be set to include app settings, billing, user data, or the ability to send/edit manual messages and auto messages.
Application Monitoring
• On an application level, we produce audit logs for all activity.
• All access to WeConvene applications is logged and audited.
• All actions taken on production consoles or in the WeConvene application are logged.
Security Audits and Certifications
• We annually engage with well-regarded third-party auditors to audit our code-base, and work with them to resolve potential issues.
• We use technologies to provide an audit trail over our infrastructure and the WeConvene application. Auditing allows us to do ad-hoc security analysis, track changes made to our setup and audit access to every layer of our stack.
• Information about AWS security certifications and obtaining copies of security reports from AWS is available at http://aws.amazon.com/compliance/pci-data-privacy-protection-hipaa-socfedramp-faqs/
Payments
All payment instrument processing for purchase of the WeConvene services is performed by Stripe. For more information on Stripe’s security practices, please see https://stripe.com/docs/security/stripe.
Customer Responsibilities
• Managing your own user accounts and roles from within WeConvene services.
• Protecting your own account and user credentials by using two-factor authentication for all of your employees accessing WeConvene services.
• Compliance with the terms of your services agreement with WeConvene, including with respect to compliance with laws.
• Promptly notify WeConvene if a user credential has been compromised or if you suspect possible suspicious activities that could negatively impact security of the WeConvene services or your account.
• You may not perform any security penetration tests or security assessment activities without the express advance written consent of WeConvene.
Effective day April 23, 2025
Security, Privacy and Compliance Information for WeConvene
WeConvene is a data processor and engages certain onward sub processors that may process personal data submitted to WeConvene’s services by the controller. These sub processors are listed below, with a description of the service and the location where data is hosted. By default, hosting occurs in the United States. For WeConvene’s regional data hosting services that customers may have elected to use, scroll further down the page to see the specific sub processors list for the designated region. These lists may be updated by WeConvene from time to time in accordance with the terms of the Data Processing Addendum.
| Third Party Sub- Processor | Purpose | Applicable Service | US Data Center Sub- Processor Location | EU Data Center Sub-Processor Location |
|---|---|---|---|---|
|
Amazon Web Services, Inc. |
Hosting & Infrastructure |
Used for cloud computing platforms and APIs |
United States |
UK |
|
Twilio Inc. |
Email distribution |
Email delivery |
United States |
NA |
|
Bloomberg LLP |
Content distribution |
WeConvene to Bloomberg (Optional for clients) |
United States* |
NA |
|
OpenExchange Inc. |
Integrated service |
Schedule feed |
United States* |
NA |
|
Intercom |
Engagement tool |
Customer engagement |
United States |
NA |
|
Mix Panel |
Analytics |
Analytics |
United States |
NA |
|
Zendesk |
Customer Support |
Customer Support |
United States |
NA |
Last updated: Thursday, April 24, 2025
This WeConvene Data Processing Agreement and its Annexes (“DPA”) reflects the parties’ agreement with respect to the Processing of Personal Data by us on behalf of you in connection with the WeConvene Enterprise SaaS Agreement between you and us (also referred to in this DPA as the “Agreement”) and general the provisions included in the Terms Of Service.
This DPA is supplemental to, and forms an integral part of, the Agreement and is effective upon its incorporation into the Agreement, which may be specified in the Agreement, an Order or an executed amendment to the Agreement. In case of any conflict or inconsistency with the terms of the Agreement, this DPA will take precedence over the terms of the Agreement to the extent of such conflict or inconsistency.
We update these terms from time to time. If you have an active WeConvene subscription, we will let you know when we do via email.
The term of this DPA will follow the term of the Agreement. Terms not otherwise defined in this DPA will have the meaning as set forth in the Agreement.
Annex 1 – Details of Processing
Annex 2 – Security Measures
Annex 3 – List of Sub-Processors
Annex 4 – Standard Contractual Clauses
“California Personal Information” means Personal Data that is subject to the protection of the CCPA.
“CCPA” means California Civil Code Sec. 1798.100 et seq. (also known as the California Consumer Privacy Act of 2018).
“Consumer”, “Business”, “Sell” and “Service Provider” will have the meanings given to them in the CCPA.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
“Data Protection Laws” means all applicable worldwide legislation relating to data protection and privacy which applies to the respective party in the role of Processing Personal Data in question under the Agreement, including without limitation European Data Protection Laws, the CCPA and the data protection and privacy laws of Australia and Singapore; in each case as amended, repealed, consolidated or replaced from time to time.
“Data Subject” means the individual to whom Personal Data relates.
“Europe” means the European Union, the European Economic Area and/or their member states, Switzerland and the United Kingdom.
“European Data” means Personal Data that is subject to the protection of European Data Protection Laws.
“European Data Protection Laws” means data protection laws applicable in Europe, including: (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (“GDPR”); (ii) Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector; and (iii) applicable national implementations of (i) and (ii); or (iii) GDPR as it forms part of the United Kingdom domestic law by virtue of Section 3 of the European Union (Withdrawal) Act 2018 (“UK GDPR”); and (iv) Swiss Federal Data Protection Act on 19 June 1992 and its Ordinance (“Swiss DPA”); in each case, as may be amended, superseded or replaced.
“Instructions” means the written, documented instructions issued by a Controller to a Processor, and directing the same to perform a specific or general action with regard to Personal Data (including, but not limited to, depersonalizing, blocking, deletion, making available).
“Permitted Affiliates” means any of your Affiliates that (i) are permitted to use the Subscription Services pursuant to the Agreement, but have not signed their own separate agreement with us and are not a “Customer” as defined under the Agreement, (ii) qualify as a Controller of Personal Data Processed by us, and (iii) are subject to European Data Protection Laws.
“Personal Data” means any information relating to an identified or identifiable individual where such information is contained within Customer Data and is protected similarly as personal data, personal information or personally identifiable information under applicable Data Protection Laws.
“Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed by us and/or our Sub-Processors in connection with the provision of the Subscription Services.
“Personal Data Breach” will not include unsuccessful attempts or activities that do not compromise the security of Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems.
“Privacy Shield” means the EU-U.S. and Swiss-US Privacy Shield self-certification program operated by the U.S. Department of Commerce and approved by the European Commission pursuant to its Decision of July, 12 2016 and by the Swiss Federal Council on January 11, 2017 respectively; as may be amended, superseded or replaced.
“Privacy Shield Principles” means the Privacy Shield Principles (as supplemented by the Supplemental Principles) contained in Annex II to the European Commission Decision of July, 12 2016; as may be amended, superseded or replaced.
“Processing” means any operation or set of operations which is performed on Personal Data, encompassing the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction or erasure of Personal Data. The terms “Process”, “Processes” and “Processed” will be construed accordingly.
“Processor” means a natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of the Controller.
“Standard Contractual Clauses” means the standard contractual clauses annexed to the European Commission’s Decision
(EU) 2021/914 of 4 June 2021, in the form set out at Annex 4; as may be amended, superseded or replaced.
“Sub-Processor” means any Processor engaged by us or our Affiliates to assist in fulfilling our obligations with respect to the provision of the Subscription Services under the Agreement. Sub-Processors may include third parties or our Affiliates but will exclude any WeConvene employee or consultant.
The Subscription Service provides you with a number of controls that you can use to retrieve, correct, delete or restrict Personal Data, which you can use to assist it in connection with its obligations under Data Protection Laws, including your obligations relating to responding to requests from Data Subjects to exercise their rights under applicable Data Protection Laws (“Data Subject Requests”).
To the extent that you are unable to independently address a Data Subject Request through the Subscription Service, then upon your written request we will provide reasonable assistance to you to respond to any Data Subject Requests or requests from data protection authorities relating to the Processing of Personal Data under the Agreement. You shall reimburse us for the commercially reasonable costs arising from this assistance.
If a Data Subject Request or other communication regarding the Processing of Personal Data under the Agreement is made directly to us, we will promptly inform you and will advise the Data Subject to submit their request to you. You will be solely responsible for responding substantively to any such Data Subject Requests or communications involving Personal Data.
You agree that we may engage Sub-Processors to Process Personal Data on your behalf. We have currently appointed, as Sub-Processors, the WeConvene Affiliates and third parties listed in Annex 3 to this DPA. We will notify you if we add or replace any Sub-Processors listed in Annex 3 prior to any such changes at least 30 days prior to any such changes.
Where we engage Sub-Processors, we will impose data protection terms on the Sub-Processors that provide at least the same level of protection for Personal Data as those in this DPA (including, where appropriate, the Standard Contractual Clauses), to the extent applicable to the nature of the services provided by such Sub-Processors. We will remain responsible for each Sub-Processor’s compliance with the obligations of this DPA and for any acts or omissions of such Sub-Processor that cause us to breach any of its obligations under this DPA.
You acknowledge and agree that we may access and Process Personal Data on a global basis as necessary to provide the Subscription Service in accordance with the Agreement, and in particular that Personal Data may be transferred to and Processed by WeConvene, Inc. in the United States and to other jurisdictions where WeConvene Affiliates and Sub-Processors have operations. Wherever Personal Data is transferred outside its country of origin each party will ensure such transfers are made in compliance with the requirements of Data Protection Laws.
Such measures may include (without limitation) transferring such data to a recipient that is covered by a suitable framework or other legally adequate transfer mechanism recognized by the relevant authorities or courts as providing an adequate level of protection for Personal Data, to a recipient that has achieved binding corporate rules authorization in accordance with European Data Protection Laws, or to a recipient that has executed appropriate standard contractual clauses in each case as adopted or approved in accordance with applicable European Data Protection Laws.
Name: The Customer, as defined in the WeConvene Terms of Service (on behalf of itself and Permitted Affiliates)
Address: The Customer’s address, as set out in the Order Form/Enterprise Agreement.
Contact person’s name, position and contact details: The Customer’s contact details, as set out in the Order Form.
Activities relevant to the data transferred under these Clauses: Processing of Personal Data in connection with Customer’s use of the WeConvene Subscription Services under the WeConvene Customer Terms of Service
Role (controller/processor): Controller
Name: WeConvene, Inc.
Address: 99 Wall St, Ste 5353, New York, NY, 10005, USA
Contact person’s name, position and contact details: support@weconvene.com
Activities relevant to the data transferred under these Clauses: Processing of Personal Data in connection with Customer’s use of the WeConvene Subscription Services under the WeConvene Customer Terms of Service
Role (controller/processor): Processor
Categories of Data Subjects whose Personal Data is Transferred
You may submit Personal Data while using the Subscription Service, the extent of which is determined and controlled by you in your sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of Data Subjects:
Your Contacts and other end users including your employees, contractors, collaborators, customers, prospects, suppliers and subcontractors. Data Subjects may also include individuals attempting to communicate with or transfer Personal Data to your end users.
You may submit Personal Data to the Subscription Services, the extent of which is determined and controlled by you in your sole discretion, and which may include but is not limited to the following categories of Personal Data:
The parties do not anticipate the transfer of sensitive data.
Continuous
Personal Data will be Processed in accordance with the Agreement (including this DPA) and may be subject to the following Processing activities:
We will Process Personal Data as necessary to provide the Subscription Services pursuant to the Agreement, as further specified in the Order Form, and as further instructed by you in your use of the Subscription Services.
Subject to the ‘Deletion or Return of Personal Data’ section of this DPA, we will Process Personal Data for the duration of the Agreement, unless otherwise agreed in writing and/or in accordance with Federal, State and International Laws.
For the purposes of the Standard Contractual Clauses, the supervisory authority that shall act as competent supervisory authority is either:
Annex 2 – Security Measures
This Annex forms part of the DPA.
We currently observe the Security Measures described in this Annex 2. All capitalized terms not otherwise defined herein shall have the meanings as set forth in the Master Terms.
Outsourced processing: We host our Service with AWS. Additionally, we maintain contractual relationships with vendors in order to provide the Service in accordance with our DPA. We rely on contractual agreements, privacy policies, and vendor compliance programs to protect data where it is processed or stored by these vendors.
Physical and environmental security: We host our product infrastructure with multi-tenant, outsourced infrastructure providers. Who attest to physical and environmental security controls which are audited for SOC 2 Type II and ISO 27001 compliance.
Authentication: We implement a uniform password policy for our customer products. Customers who interact with the products via the user interface must authenticate before accessing non-public customer data. We also provide optional Multi Factor Authentication and SSO for all our customers.
Authorization: Customer Data is stored in multi-tenant storage systems accessible to Customers via only application user interfaces and application programming interfaces. Customers are not allowed direct access to the underlying application infrastructure.
The authorization model in each of our products is designed to ensure that only the appropriately
assigned individuals can access relevant features, views, and customization options (logical separation). Authorization to data sets is performed through validating the user’s permissions against the attributes associated with each data set.
Application Programming Interface (API) access: Public product APIs may be accessed using an API key.
We implement industry standard access controls and detection capabilities for the internal networks that support its products.
Access controls: Network access control mechanisms are designed to prevent network traffic using unauthorized protocols from reaching the product infrastructure.
Penetration testing: We maintain relationships with industry recognized penetration testing service providers for annual penetration tests. The intent of the penetration tests is to identify and resolve foreseeable attack and potential abuse scenarios.
Product access: A subset of our employees have access to the products and to customer data via controlled interfaces. The intent of providing access to a subset of employees is to provide effective customer support, to troubleshoot potential problems, to detect and respond to security incidents and implement data security. Access is enabled through “timed” requests for access; all such requests are logged. Employees are granted access by role.
Background checks: All WeConvene employees undergo a third-party background check prior to being extended an employment offer, in accordance with and as permitted by the applicable laws. All WeConvene employees are required to conduct themselves in a manner consistent with company guidelines, Non-Disclosure requirements, and ethical standards.
In-transit: We make HTTPS encryption (also referred to as SSL or TLS) available on every one of the interfaces of the WeConvene Service. Our HTTPS implementation uses industry standard algorithms and certificates.
At-rest: We store user passwords following policies that follow industry standard practices for security. We have implemented technologies to ensure that stored data is encrypted at rest.
Detection: We designed our infrastructure to log extensive information about the system behavior, traffic received, system authentication, and other application requests. Internal
systems aggregated log data and alert appropriate employees of malicious, unintended, or anomalous activities. Our personnel, including security, operations, and support personnel, are responsive to known incidents.
Response and tracking: We maintain a record of known incidents that includes description, dates and times of relevant activities, and incident disposition. Suspected and confirmed security incidents are investigated relevant personnel; and appropriate resolution steps are identified and documented. For any confirmed incidents, we will take appropriate steps to minimize product and Customer damage or unauthorized disclosure. Notification to you will be in accordance with the terms of the Agreement.
Infrastructure availability: We use commercially reasonable efforts to ensure a minimum of 99.99% uptime. Our infrastructure providers maintain a minimum of N+1 redundancy to power, network, and HVAC services.
Fault tolerance: Backup and replication strategies are designed to ensure redundancy and fail-over protections during a significant processing failure. Customer data is backed up to multiple durable data stores and replicated across multiple availability zones.
Online replicas and backups: Where feasible, production databases are designed to replicate data between no less than 1 primary and 1 secondary database. All databases are backed up and maintained using at least industry standard methods.
Third Party Sub- Processor | Purpose | Applicable Service | US Data Center Sub- Processor Location: United States | EU Data Center Sub-Processor Location: EU or Other |
Amazon Web Services, Inc. | Hosting & Infrastructure | Used for cloud computing platforms and APIs | United States | UK |
Twilio Inc. (SendGrid) | Email functionality | Email delivery | United States | NA |
Bloomberg LLP | Content Distribution | Event feed from WeConvene to Bloomberg (Optional for clients) | United States* | NA |
OpenExchange Inc. | Integrated service partner | Schedule feed | United States* | NA |
Intercomm | Engagement tool | Customer engagement | United States | NA |
Mix Panel | Analytics | Analytics | United States | NA |
Zendesk | Customer Support | Customer Support | United States | NA |
*You may choose not to use the functionality provided by certain Sub-Processors
SECTION I
Clause 1
Clause 2
Clause 3
Clause 4
Clause 5
In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties, existing at the time these Clauses are agreed or entered into thereafter, these Clauses shall prevail.
Clause 6
The details of the transfer(s), and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred, are specified in Annex I.B.
Clause 7
Clause 8
The data exporter warrants that it has used reasonable efforts to determine that the data importer is able, through the implementation of appropriate technical and organizational measures, to satisfy its obligations under these Clauses.
The data importer shall process the personal data only for the specific purpose(s) of the transfer, as set out in Annex I.B, unless on further instructions from the data exporter.
On request, the data exporter shall make a copy of these Clauses, including the Appendix as completed by the Parties, available to the data subject free of charge. To the extent necessary to protect business secrets or other confidential information, including the measures described in Annex II and personal data, the data exporter may redact part of the text of the Appendix to these Clauses prior to sharing a copy, but shall provide a meaningful summary where the data subject would otherwise not be able to understand its content or exercise his/her rights. On request, the Parties shall provide the data subject with the reasons for the redactions, to the extent possible without revealing the redacted information. This Clause is without prejudice to the obligations of the data exporter under Articles 13 and 14 of Regulation (EU) 2016/679.
If the data importer becomes aware that the personal data it has received is inaccurate, or has become outdated, it shall inform the data exporter without undue delay. In this case, the data importer shall cooperate with the data exporter to erase or rectify the data.
Processing by the data importer shall only take place for the duration specified in Annex I.B. After the end of the provision of the processing services, the data importer shall, at the choice of the data exporter, delete all personal data processed on behalf of the data exporter and certify to the data exporter that it has done so, or return to the data exporter all personal data processed on its behalf and delete existing copies. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit return or deletion of the personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process it to the extent and for as long as required under that local law. This is without prejudice to Clause 14, in particular the requirement for the data importer under Clause 14(e) to notify the data exporter throughout the duration of the contract if it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under Clause 14(a).
Where, and in so far as, it is not possible to provide all information at the same time, the initial notification shall contain the information then available and further information shall, as it becomes available, subsequently be provided without undue delay.
Where the transfer involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation, or data relating to criminal convictions and offences (hereinafter “sensitive data”), the data importer shall apply the specific restrictions and/or additional safeguards described in Annex I.B.
The data importer shall only disclose the personal data to a third party on documented instructions from the data exporter. In addition, the data may only be disclosed to a third party located outside the European Union (in the same country as the data importer or in another third country, hereinafter “onward transfer”) if the third party is or agrees to be bound by these Clauses, under the appropriate Module, or if:
Any onward transfer is subject to compliance by the data importer with all the other safeguards under these Clauses, in particular purpose limitation.
Clause 9
Clause 10
Clause 11
Clause 12
Clause 13
Clause 14
appropriate safeguards for such transfer can be ensured, or if instructed by the competent supervisory authority to do so. In this case, the data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses. If the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. Where the contract is terminated pursuant to this Clause, Clause 16(d) and (e) shall apply.
Clause 15
Obligations of the data importer in case of access by public authorities
and principles of international comity. The data importer shall, under the same conditions, pursue possibilities of appeal. When challenging a request, the data importer shall seek interim measures with a view to suspending the effects of the request until the competent judicial authority has decided on its merits.
It shall not disclose the personal data requested until required to do so under the applicable procedural rules. These requirements are without prejudice to the obligations of the data importer under Clause 14(e).
Clause 16
In these cases, it shall inform the competent supervisory authority such non-compliance. Where the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise.
In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.
Clause 17
These Clauses shall be governed by the laws of the Republic of Ireland, provided such law allows for third-party beneficiary rights. The Parties agree that these Clauses shall be governed in accordance with the ‘Contracting Entity; Applicable Law; Notice’ section of the Jurisdiction Specific Terms. (Without reference to conflicts of law principles)
Clause 18
Appendix – Additional Safeguards Addendum
By this Additional Safeguards Addendum to the DPA (this “Addendum”), WeConvene provides additional safeguards to Customer for the processing of personal data, within the scope of the GDPR, by WeConvene on behalf of Customer and additional redress to the data subjects to whom that personal data relates.
This Addendum supplements and is made part of, but is not in variation or modification of, the DPA.
If, after the steps described in a. through c. above, WeConvene or any of its affiliates remains compelled to disclose personal data, WeConvene will disclose only the minimum amount of that data necessary to satisfy the order for compelled disclosure.
For purpose of this section, lawful efforts do not include actions that would result in civil or criminal penalty such as contempt of court under the laws of the relevant jurisdiction.
Effective Day April 23, 2025
This Acceptable Use Policy (“Policy”) is incorporated into, and forms part of, the WeConvene’s Terms of Service or WeConvene Enterprise SaaS Agreement between Customer and WeConvene (as applicable, the “Agreement”). Capitalized terms not defined herein have the meaning given to them in the Agreement. This Policy applies to all Customers, Permitted Users and People who use the Services. In the event of a conflict with this Policy and any other terms that apply to you when using a WeConvene Service, this Policy will control to the extent of the conflict.
General
Remedies
A violation of this Policy is a violation of the Agreement. Without affecting any other remedies available to us, WeConvene may permanently or temporarily terminate or suspend a user’s account or access to the Services without notice or liability if WeConvene (in its sole discretion) determines that a user has violated this Acceptable Use Policy.
Effective day April 23, 2025
This page includes information relevant to the EU Digital Services Act (Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC) (the “DSA”).
Compliance with the Digital Services Act
WeConvene complies with the DSA to ensure a safe and transparent online environment. We are committed to protecting user rights and data, adhering to the DSA’s requirements and cooperating with EU authorities.
Designated Point of Contact
Pursuant to Articles 11 and 12 of the DSA, the following alias has been designated as WeConvene’s single point of contact for communications with Member State authorities, the European Commission, the European Board for Digital Services, and recipients of the WeConvene Service.
Communications should be in English.
Report WeConvene Services content
WeConvene Services customers in the European Union and other countries are able to report prohibited or illegal content directly from within their WeConvene account.
WeConvene is committed to addressing concerns promptly and ensuring that all content adheres to our terms and policies.
We will assess reported content and take action, including removal, if it violates our terms and policies or applicable laws.
Transparency reports
In accordance with Article 15 DSA, we are obliged to publish an annual transparency report on any content moderation in which we engage. Such reports will be available here on request from support@weconvene.com.
