BoardMetrix Legals

  Effective Date: January 1^st 2017.   Thanks for using BoardMetrix’s products and services (“Services”).   These Terms of Use (“TOU”) contain the terms under which BoardMetrix and its affiliates provide their Services to you and describe how the Services may be accessed and used.   Summary: BoardMetrix uses the SurveyMonkey API to collect data about board performance. The data is processed into a report. The data is anonymous. The aggregated data (without reference to individuals or individual entities) is used to provide peer ranking.  

1. Fees and Payments

1.1. Fees for Services.

•  You agree to pay to BoardMetrix any fees for each Service you purchase or use, in accordance with the pricing and payment terms presented to you for that Service. Fees paid by you are non-refundable, except as provided in these Terms or when required by law. Some of BoardMetrix’s services are provided FREE OF CHARGE. These free services are provided without any warranty, guarantee or recourse to the company.

1.2. Subscriptions.

•  Some of our Services are billed on a subscription basis (we call these “

Subscriptions

• ”). This means that you will be billed in advance on a recurring, periodic basis (each period is called a “

billing cycle

• ”). Billing cycles are typically monthly or annual, depending on what subscription plan you select when purchasing a Subscription.

Your Subscription will automatically renew at the end of each billing cycle unless you cancel auto-renewal by contacting the support team.

•  While we will be sad to see you go, you may cancel auto-renewal on your Subscription at any time, in which case your Subscription will continue until the end of that billing cycle before terminating. You may cancel auto-renewal on your Subscription immediately after the Subscription starts if you do not want it to renew.

1.3. Taxes.

•  Unless otherwise stated, you are responsible for any taxes (other than BoardMetrix’s income tax) or duties associated with the sale of the Services, including any related penalties or interest (collectively, “

Taxes

• ”). You will pay BoardMetrix for the Services without any reduction for Taxes. If BoardMetrix is obliged to collect or pay Taxes, the Taxes will be invoiced to you, unless you provide BoardMetrix with a valid tax exemption certificate authorized by the appropriate taxing authority or other documentation providing evidence that no tax should be charged.

1.4. Price Changes. BoardMetrix may change the fees charged for the Services at any time, provided that, for Services billed on a subscription basis, the change will become effective only at the end of the then-current billing cycle of your Subscription. BoardMetrix will provide you with reasonable prior written notice of any change in fees to give you an opportunity to cancel your Subscription before the change becomes effective.

2. Privacy

2.1. Privacy.

•  In the course of using the Services, you may submit content to BoardMetrix (including your personal data and the personal data of others) or third parties may submit content to you through the Services (your “

Content

• ”).

We know that by giving us your Content, you are trusting us to treat it appropriately. BoardMetrix’s Privacy Policy, together with any Service-specific data use policies, privacy statements and privacy notices (collectively, “privacy policies”), detail how we treat your Content and personal data and we agree to adhere to those privacy policies. You in turn agree that BoardMetrix may use and share your Content in accordance with our privacy policies. 2.2. Confidentiality. BoardMetrix will treat your Content as confidential information and only use and disclose it in accordance with these Terms (including our privacy policies). However, your Content is not regarded as confidential information if such Content: (a) is or becomes public (other than through breach of these Terms by BoardMetrix); (b) was lawfully known to BoardMetrix before receiving it from you; (c) is received by BoardMetrix from a third party without knowledge of breach of any obligation owed to you; or (d) was independently developed by BoardMetrix without reference to your Content. BoardMetrix may disclose your Content when required by law or legal process, but only after BoardMetrix, if permitted by law, uses commercially reasonable efforts to notify you to give you the opportunity to challenge the requirement to disclose. 2.3. Security. BoardMetrix will store and process your Content in a manner consistent with industry security standards. BoardMetrix has implemented appropriate technical, organizational, and administrative systems, policies, and procedures designed to help ensure the security, integrity, and confidentiality of your Content and to mitigate the risk of unauthorized access to or use of your Content.

3. Your Content

3.1. You Retain Ownership of Your Content.

•  You retain ownership of all of your intellectual property rights in your Content. BoardMetrix does not claim ownership over any of your Content, except to provided anonymised peer ranking data as part of our board evaluation algorithm.

3.2. Limited License to Your Content.

•  You grant BoardMetrix a worldwide, royalty free license to use, reproduce, distribute, modify, adapt, create derivative works, make publicly available, and otherwise exploit your Content, but only for the limited purposes of providing the Services to you and as otherwise permitted by BoardMetrix’s privacy policies. This license for such limited purposes continues even after you stop using our Services, with respect to aggregate and de-identified data derived from your Content and any residual backup copies of your Content made in the ordinary course of BoardMetrix’s business. This license also extends to any trusted third parties we work with to the extent necessary to provide the Services to you. If you provide BoardMetrix with feedback about the Services, we may use your feedback without any obligation to you.

3.3. Customer Lists. 

 BoardMetrix may identify you (by name and logo) as a BoardMetrix customer on BoardMetrix’s website and on other promotional materials. Any goodwill arising from the use of your name and logo will inure to your benefit.

 

4. BoardMetrix IP

4.1. BoardMetrix IP.

 Neither these Terms nor your use of the Services grants you ownership in the Services or the content you access through the Services (other than your Content).These Terms do not grant you any right to use BoardMetrix’s trademarks or other brand elements.

5. User Content

5.1. User Content.

•  The Services display content provided by others that is not owned by BoardMetrix. Such content is the sole responsibility of the entity that makes it available. Correspondingly, you are responsible for your own Content and you must ensure that you have all the rights and permissions needed to use that Content in connection with the Services. BoardMetrix is not responsible for any actions you take with respect to your Content, including sharing it publicly. Please do not use content from the Services unless you have first obtained the permission of its owner, or are otherwise authorized by law to do so.

5.2. Content Review.

•  You acknowledge that, in order to ensure compliance with legal obligations, BoardMetrix may be required to review certain content submitted to the Services to determine whether it is illegal or whether it violates these Terms (such as when unlawful content is reported to us). We may also modify, prevent access to, delete, or refuse to display content that we believe violates the law or these Terms. However, BoardMetrix otherwise has no obligation to monitor or review any content submitted to the Services.

5.3. Third Party Resources.

 BoardMetrix may publish links in its Services to internet websites maintained by third parties. BoardMetrix does not represent that it has reviewed such third party websites and is not responsible for them or any content appearing on them. Trademarks displayed in conjunction with the Services are the property of their respective owners.

6. Account Management

6.1. Keep Your Password Secure.

•  If you have been issued an account by BoardMetrix in connection with your use of the Services, you are responsible for safeguarding your password and any other credentials used to access that account. You, and not BoardMetrix, are responsible for any activity occurring in your account (other than activity that BoardMetrix is directly responsible for which is not performed in accordance with your instructions), whether or not you authorized that activity. If you become aware of any unauthorized access to your account, you should notify BoardMetrix immediately. Accounts may not be shared.

6.2. Keep Your Details Accurate.

•  BoardMetrix occasionally sends notices to the email address registered with your account. You must keep your email address and, where applicable, your contact details and payment details associated with your account current and accurate. Accounts are controlled by the entity whose email address is registered with the account.

6.3. Remember to Backup.

•  To the extent permitted by applicable law, BoardMetrix will not be liable for any failure to store, or for loss or corruption of, your Content.

6.4. Account Inactivity.

•  BoardMetrix may terminate your account and delete any content contained in it if there is no account activity (such as a log in event or payment) for over 12 months. However, we will attempt to warn you by email before terminating your account to provide you with an opportunity to log in to your account so that it remains active.

6.5. Customer Success.

•  BoardMetrix may assign you a customer success manager (“

CSM

”). The CSM may review your use of the Services to help you to more effectively use the Services.

7. User Requirements

7.1. Legal Status.

 If you are an individual, you may only use the Service if you have the power to form a contract with BoardMetrix. None of the Services are intended for use by individuals less than 18 years old. If you are under 18 years old or do not have the power to form a contract with BoardMetrix, you may not use the Services. If you are not an individual, you warrant that you are validly formed and existing under the laws of your jurisdiction of formation, that you have full power and authority to enter into these Terms, and that you have duly authorized your agent to bind you to these Terms. You represent and warrant that you will comply with all laws and regulations applicable to your use of the Services.

8. Acceptable Uses

8.1. Legal Compliance.

•  You must use the Services in compliance with, and only as permitted by, applicable law.

8.2. Your Responsibilities.

•  You are responsible for your conduct, Content, and communications with others while using the Services. You must comply with the following requirements when using the Services:

• (a) You may not purchase, use, or access the Services for the purpose of building a competitive product or service or for any other competitive purposes.

• (b) You may not misuse our Services by interfering with their normal operation, or attempting to access them using a method other than through the interfaces and instructions that we provide.

• (c) You may not circumvent or attempt to circumvent any limitations that BoardMetrix imposes on your account (such as by opening up a new account to conduct a survey that we have closed for a Terms violation).

• (d) Unless authorized by BoardMetrix in writing, you may not probe, scan, or test the vulnerability of any BoardMetrix system or network.

• (e) Unless authorized by BoardMetrix in writing, you may not use any automated system or software to extract or scrape data from the websites or other interfaces through which we make our Services available.

• (f) Unless permitted by applicable law, you may not deny others access to, or reverse engineer, the Services, or attempt to do so.

• (g) You may not transmit any viruses, malware, or other types of malicious software, or links to such software, through the Services.

• (h) You may not engage in abusive or excessive usage of the Services, which is usage significantly in excess of average usage patterns that adversely affects the speed, responsiveness, stability, availability, or functionality of the Services for other users. BoardMetrix will endeavor to notify you of any abusive or excessive usage to provide you with an opportunity to reduce such usage to a level acceptable to BoardMetrix.

• (i) You may not use the Services to infringe the intellectual property rights of others, or to commit an unlawful activity.

• (j) Unless authorized by BoardMetrix in writing, you may not resell or lease the Services.

(k) If your use of the Services requires you to comply with industry-specific regulations applicable to such use, you will be solely responsible for such compliance, unless BoardMetrix has agreed with you otherwise. You may not use the Services in a way that would subject BoardMetrix to those industry-specific regulations without obtaining BoardMetrix’s prior written agreement.

9. Suspension and Termination of Services

9.1. By You.

•  If you terminate a Subscription in the middle of a billing cycle, you will not receive a refund for any period of time you did not use in that billing cycle unless you are terminating these Terms for any of the following reasons: (a) we have materially breached these Terms and failed to cure that breach within 30 days after you have so notified us in writing; or (b) a refund is required by law.

9.2. By BoardMetrix.

•  BoardMetrix may terminate your Subscription at the end of a billing cycle by providing at least 30 days’ prior written notice to you. BoardMetrix may terminate your Subscription for any reason by providing at least 90 days’ written notice to you and will provide a pro rata refund for any period of time you did not use in that billing cycle. BoardMetrix may suspend performance or terminate your Subscription for any of the following reasons: (a) you have materially breached these Terms and failed to cure that breach within 30 days after BoardMetrix has so notified you in writing; (b) you cease your business operations or become subject to insolvency proceedings and the proceedings are not dismissed within 90 days; or (c) you fail to pay fees for 30 days past the due date. Additionally, BoardMetrix may limit or suspend the Services to you if you fail to comply with these Terms, or if you use the Services in a way that causes legal liability to us or disrupts others’ use of the Services. BoardMetrix may also suspend providing the Services to you if we are investigating suspected misconduct by you. If we limit, suspend, or terminate the Services you receive, we will endeavor to give you advance notice and an opportunity to export a copy of your Content from that Service. However, there may be time sensitive situations where BoardMetrix may decide that we need to take immediate action without notice. BoardMetrix will use commercially reasonable efforts to narrow the scope and duration of any limitation or suspension under this Section as is needed to resolve the issue that prompted such action. BoardMetrix has no obligation to retain your Content upon termination of the applicable Service.

9.3. Further Measures.

 If BoardMetrix stops providing the Services to you because you repeatedly or egregiously breach these Terms, BoardMetrix may take measures to prevent the further use of the Services by you, including blocking your IP address.

10. Changes and Updates

10.1. Changes to Terms.

•  BoardMetrix may change these Terms at any time for a variety of reasons, such as to reflect changes in applicable law or updates to Services, and to account for new Services or functionality. The most current version will always be posted on the BoardMetrix website. If an amendment is material, as determined in BoardMetrix’s sole discretion, BoardMetrix will notify you by email. Notice of amendments may also be posted to BoardMetrix’s blog or upon your login to your account. Changes will be effective no sooner than the day they are publicly posted. In order for certain changes to become effective, applicable law may require BoardMetrix to obtain your consent to such changes, or to provide you with sufficient advance notice of them. If you do not want to agree to any changes made to the terms for a Service, you should stop using that Service, because by continuing to use the Services you indicate your agreement to be bound by the updated terms.

10.2. Changes to Services.

 BoardMetrix constantly changes and improves the Services. BoardMetrix may add, alter, or remove functionality from a Service at any time without prior notice. BoardMetrix may also limit, suspend, or discontinue a Service at its discretion. If BoardMetrix discontinues a Service, we will give you reasonable advance notice to provide you with an opportunity to export a copy of your Content from that Service. BoardMetrix may remove content from the Services at any time in our sole discretion, although we will endeavor to notify you before we do that if it materially impacts you and if practicable under the circumstances.

11. Disclaimers and Limitations of Liability

11.1. Disclaimers.

•  While it is in BoardMetrix’s interest to provide you with a great experience when using the Services (and we love to please our customers), there are certain things we do not promise about them. We try to keep our online Services up, but they may be unavailable from time to time for various reasons. EXCEPT AS EXPRESSLY PROVIDED IN THESE TERMS AND TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE SERVICES ARE PROVIDED “AS IS” AND BOARDMETRIX DOES NOT MAKE WARRANTIES OF ANY KIND, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT OR ANY REPRESENTATIONS REGARDING AVAILABILITY, RELIABILITY, OR ACCURACY OF THE SERVICES.

11.2. Exclusion of Certain Liability.

•  TO THE EXTENT PERMITTED BY APPLICABLE LAW, BOARDMETRIX, ITS AFFILIATES, OFFICERS, EMPLOYEES, AGENTS, SUPPLIERS, AND LICENSORS WILL NOT BE LIABLE FOR (A) ANY INDIRECT, CONSEQUENTIAL, SPECIAL, INCIDENTAL, PUNITIVE, OR EXEMPLARY DAMAGES WHATSOEVER, OR (B) LOSS OF USE, DATA, BUSINESS, REVENUES, OR PROFITS (IN EACH CASE WHETHER DIRECT OR INDIRECT), ARISING OUT OF OR IN CONNECTION WITH THE SERVICES AND THESE TERMS, AND WHETHER BASED ON CONTRACT, TORT, STRICT LIABILITY, OR ANY OTHER LEGAL THEORY, EVEN IF BOARDMETRIX HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND EVEN IF A REMEDY FAILS OF ITS ESSENTIAL PURPOSE.

11.3. Limitation of Liability.

•  TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE AGGREGATE LIABILITY OF EACH OF BOARDMETRIX, ITS AFFILIATES, OFFICERS, EMPLOYEES, AGENTS, SUPPLIERS, AND LICENSORS ARISING OUT OF OR IN CONNECTION WITH THE SERVICES AND THESE TERMS WILL NOT EXCEED THE LESSER OF: (A) THE AMOUNTS PAID BY YOU TO BOARDMETRIX FOR USE OF THE SERVICES AT ISSUE DURING THE 12 MONTHS PRIOR TO THE EVENT GIVING RISE TO THE LIABILITY; AND (B) GBP200.00.

11.4. Consumers.

•  We acknowledge that the laws of certain jurisdictions provide legal rights to consumers that may not be overridden by contract or waived by those consumers. If you are such a consumer, nothing in these Terms limits any of those consumer rights.

11.5. Businesses.

 If you are a business, you will indemnify and hold harmless BoardMetrix and its affiliates, officers, agents, and employees from all liabilities, damages, and costs (including settlement costs and reasonable attorneys’ fees) arising out of a third party claim regarding or in connection with your or your end users’ use of the Services or breach of these Terms, to the extent that such liabilities, damages and costs were caused by you or your end users.

12. Contracting Entity

12.1. Who you are contracting with.

•  Unless otherwise specified in relation to a particular Service, the Services are provided by, and you are contracting with, BoardMetrix Ltd.

12.2. BoardMetrix Ltd.

•  For any Service provided by BoardMetrix Ltd., the following provisions will apply to any terms governing that Service:
  • • Contracting Entity. References to “BoardMetrix”, “we”, “us”, and “our” are references to BoardMetrix Limited located at Beachside Business Centre, La Rue du Hocq, St Clement, JERSEY JE2 6LF
    • Governing Law. Those terms are governed by the laws of Bailiwick of Jersey (without regard to its conflict of laws provisions).
    • Jurisdiction. Except if prohibited by applicable law, each party submits to the exclusive jurisdiction of Royal Court of Jersey.

Security Statement This security statement is based on the underlying service provided by SurveyMonkey Inc.   User Security

• • • Authentication: User data on our database is logically segregated by account-based access rules. User accounts have unique usernames and passwords that must be entered each time a user logs on. BoardMetrix issues a session cookie only to record encrypted authentication information for the duration of a specific session. The session cookie does not include the password of the user.
    • Passwords: User application passwords have minimum complexity requirements. Passwords are individually salted and hashed.
    • Single Sign-On: For our Team Collaboration accounts, BoardMetrix supports SAML 2.0 integration, which allows you to control access to BoardMetrix across your organization and define authentication policies for increased security. .
    • Data Encryption: Certain sensitive user data, such as credit card details and account passwords, are stored in encrypted format.
    • Data Portability: BoardMetrix enables you to export your data from our system in a variety of formats so that you can back it up, or use it with other applications.
    • Privacy: We have a comprehensive privacy policy that provides a very transparent view of how we handle your data, including how we use your data, who we share it with, and how long we retain it.
    • Data Residency: All BoardMetrix user data, to include Wufoo, TechValidate, BoardMetrix Intelligence, is stored on servers located in the United States. For FluidSurveys and FluidReview, all data is stored in Canada.

Physical Security All BoardMetrix information systems and infrastructure are hosted in world-class data centers. These data centers include all the necessary physical security controls you would expect in a data center these days (e.g., 24×7 monitoring, cameras, visitor logs, entry requirements). BoardMetrix has dedicated cages to separate our equipment from other tenants. In addition, these data centers are SOC 2 accredited. For more information, visit SuperNAP and InterNAP. If you are looking for FluidSurvey or FluidReview information, please contact us directly. Availability

• • • Connectivity: Fully redundant IP network connections with multiple independent connections to a range of Tier 1 Internet access providers.
    • Power: Servers have redundant internal and external power supplies. Data centers have backup power supplies, and are able to draw power from the multiple substations on the grid, several diesel generators, and backup batteries.
    • Uptime: Continuous uptime monitoring, with immediate escalation to BoardMetrix staff for any downtime.
    • Failover: Our database is replicated in real-time and can failover in less than an hour.
    • Backup Frequency: Backups occur daily at multiple geographically disparate sites.

Network Security

• • • Testing: System functionality and design changes are verified in an isolated test “sandbox” environment and subject to functional and security testing prior to deployment to active production systems.
    • Firewalls: Firewalls restrict access to all ports except 80 (http) and 443 (https).
    • Access Control: Secure VPN, 2FA (two-factor authentication), and role-based access is enforced for systems management by authorized engineering staff.
    • Logging and Auditing: Central logging systems capture and archive all internal systems access including any failed authentication attempts.
    • Encryption in Transit: By default, our survey collectors have Transport Layer Security (TLS) enabled to encrypt respondent traffic. All other communications with the BoardMetrix.com website are sent over TLS connections, which protects communications by using both server authentication and data encryption. This ensures that user data in transit is safe, secure, and available only to intended recipients. Our application endpoints are TLS only and score an “A” rating on SSL Labs‘ tests. We also employ Forward Secrecy and only support strong ciphers for added privacy and security.

 

Vulnerability Management

• • • Patching: Latest security patches are applied to all operating systems, applications, and network infrastructure to mitigate exposure to vulnerabilities.
    • Third Party Scans: Our environments are continuously scanned using best of breed security tools. These tools are configured to perform application and network vulnerability assessments, which test for patch status and basic misconfigurations of systems and sites.
    • Penetration Testing: External organizations perform penetration tests at least annually.
    • Bug Bounty: We take the security of our platforms very seriously! SurveyMonkey runs a private bug bounty program to ensure the application is continuously reviewed for vulnerabilities.

Organizational & Administrative Security

• • • Information Security Policies: We maintain internal information security policies, including incident response plans, and regularly review and update them.
    • Employee Screening: We perform background screening on all employees, to the extent possible within local laws.
    • Training: We provide security and technology use training for employees.
    • Service Providers: We screen our service providers and bind them under contract to appropriate confidentiality and security obligations if they deal with any user data.

 

Access:

Access controls to sensitive data in our databases, systems, and environments are set on a need-to-know / least privilege necessary basis.

• • • Audit Logging: We maintain and monitor audit logs on our services and systems.

Software Development Practices

• • • Stack: We code in Python and run on SQL Server, Windows, and Ubuntu.
    • Coding Practices: Our engineers use best practices and industry-standard secure coding guidelines which align with the OWASP Top 10.
    • Deployment: We deploy code dozens of times during the week, giving us the ability to react quickly in the event a bug or vulnerability is discovered within our code.

 

Compliance and Certifications

  PCI:

• •  BoardMetrix is currently PCI 3.1 compliant.

HIPAA: BoardMetrix offers enhanced security features that support HIPAA requirements. For more details, visit our HIPAA-compliance page. Handling of Security Breaches Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if BoardMetrix learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under various state and federal laws and regulation, as well as any industry rules or standards that we adhere to. Notification procedures include providing email notices or posting a notice on our website if a breach occurs. Your Responsibilities Keeping your data secure also depends on you ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems, to keep any survey data you download to your own computer away from prying eyes. We offer TLS to secure the transmission of survey responses, but it is your responsibility to ensure that your surveys are configured to use that feature where appropriate.

Last updated: May 4, 2018.