Mabel

Terms of Service

Last Updated: February 20th, 2025

These Terms of Use (the “Terms”) set forth the terms and conditions that govern (i) access to, and use of the software application provided by Siena Labs, Inc. (the “Platform”), (ii) the access to, and use of our website available at the URL www.siena.cx (“Site”) and (iii) the access to, and use of the content of the Platform and of the Site including of the services provided by Siena (the “Services”).

Please carefully read these Terms as they contain important information concerning your rights and obligations. These Terms include various limitations and exclusions, defining Siena's liability in certain cases, determining the jurisdiction and authorities on matters of conflict resolution, as well as the applicable legislation to Siena Services.

These Terms are a legal agreement between you (i) as a commercial user of the Platform (“Client”), or (ii) as an individual user only navigating through our Site (“you”, “your”, or “user”) and Siena Labs Inc., a company incorporated under the United States law, having its headquarters in 1209 Orange Street, Wilmington, New Castle, DE, 19801, ("Siena", “we”, "us"). Before you use the Platform, you will need to agree to these Terms. We are only willing to make the Platform available to you if you accept all of these Terms. Otherwise, you may not access or use the Platform. The use of our presentation Site represents your confirmation that you understand and agree to all of these Terms.

In case you use the Platform and or Site on behalf of a company, you represent that you have the legal authority to accept these Terms on behalf of the respective company. In such a case, when using “you” in these Terms, we will refer to the respective company.

We reserve the right to change the Terms at any time and in our sole discretion. If we make changes to these Terms, they will become effective when we make the updated version of the Terms available on the Platform and on the Site and update the “Last Updated” date found at the top of these Terms and we will inform you accordingly. In such a case, in order to continue to use the Platform, the Services, the Site and the Content you need to agree to the newly amended Terms. If you do not agree to the updated Terms, your access to the Platform, the Services, the Site and the Content  may be restricted or blocked.

1. THE PLATFORM

The Platform can be accessed by Clients (for example, online shops) at the URL addresses https://app.siena.cx and https://www.siena.cx/insights. The Platform is designed to help the Clients to support and engage with their Users, to automate conversations and gather analytics.

2. USAGE OF THE PLATFORM

Subject to compliance with these Terms of Use, Siena may, on the terms and conditions set out in these Terms of Use, provide Client or You, as applicable, with access to Siena's proprietary conversational, artificial intelligence powered chatbot software services and any other products and services otherwise made available by Siena under these Terms of Use. In order to provide the Services, it will be necessary for Siena to communicate through various channels, including instant messaging, email and SMS. Accordingly, Client or You, as applicable, consent and grant us permission to communicate through such channels, and further agree to provide us with any further evidence required to document or affirm such consent and permission, in each case as required by applicable laws, in connection with these Terms of Use or our performance of the Services. Use of the Services also require You to first obtain an account by completing a registration form. When registering, you must: (a) provide true, current and complete information about yourself on the registration form and (b) maintain such information so it continues to be true, current and complete.

When using the Platform, if required by applicable law, You must identify the Services as being provided by a virtual assistant and that the sessions are being recorded and obtain any required User consent.

3. FEES

Siena may offer a free trial period of the Platform and the Services. The length of the trial period and the conditions for transitioning to a paid subscription are specified in the offer, quote or any other price calculation (“Order Form”). Order Form takes into account key factors such as the duration and scope of service usage. Upon the trial period's expiration, the Client will be required to pay the applicable Fee as established in the Order Form to continue using the Platform. Fees are not refundable.

Client agrees to pay all invoiced amounts in full within thirty (30) calendar days from the date of the receipt of the invoice ("Net 30 Payment Term"). Payment shall be made by the Client through the payment method specified in the invoice. All payments shall be made in the currency specified in the invoice, and the Client is responsible for any bank or transaction fees incurred in the transfer of funds.

The subscription to the Platform and its related Services will remain active for the duration of the Order form commencing from the date of purchase. Any unused features, packages or Services within the Platform will expire concurrently with the subscription term, unless otherwise stipulated in agreement.

For multi-year agreements, any unused automated features of the Platform from the previous year will be rolled over to the subsequent year, subject to the terms outlined in the Order Form.

If a Client exceeds their subscribed usage limits for the Services, they will be automatically enrolled in the next (higher) available automation plan, based on a previously negotiated rate as specified in the Order Form.

The payment of the Fee shall be made by using the services of a third-party provider. Client understands and agrees that it must provide current, complete and accurate billing and payment information. We will not be responsible or liable for any claims, damages, payments, deficiencies, fines, judgments, settlements, liabilities, losses, costs and expenses arising out of or relating to the use of the respective payment services. In certain instances there may be banking or financial institution transaction fees or related charges, which the Client understands and agrees it shall be responsible to pay.

We have the right to change the Fees from time to time. Any changes to the Fees shall apply only upon renewal of the applicable subscription term or during a mutually agreed negotiation period. Such changes shall not affect existing agreements or any ongoing subscription term. The updated Fees will take effect as of the date specified in the revised Terms, which will be made available on the Platform and the Site or provided to the Client otherwise..

4. INTELLECTUAL PROPERTY RIGHTS

These Terms and Conditions constitute the general terms and conditions for the provision of services by Siena Labs Inc. (Siena). Detailed conditions for the execution of individual orders, such as the date of execution, service specifications, costs and other individual arrangements, are specified in an offer or separate Order Form provided by Siena and accepted by Client.

The Order Form constitutes an integral part of the contract between Siena and the Client and serves to specify the conditions for the execution of a specific order within the general principles set out in these Terms and Conditions.

In the event that the provisions of the Order Form differently regulate issues such as the scope of services, payment dates, execution dates or other specific aspects of the order, the provisions of the Order Form shall take precedence over the general principles contained in these Terms and Conditions.

Any issues not regulated in the Order Form shall be subject to the provisions of these Terms and Conditions.

Any additional, conflicting or different terms proposed by the Client in connection with this Order Form that have not been accepted by Siena in writing are not binding on Siena.

5. USER CONTENT

Unless otherwise indicated by us, all elements of the Platform and of the Site, all content and other materials therein are owned by us (or, as applicable, our licensors) and are protected by intellectual property rights. For the avoidance of doubt, the visual interfaces, design, text, graphics, pictures, systems, information, data, methods, software, computer code, organization, services, all other elements and any other documentation or other ancillary material provided to you (the “Content”) are owned by us or by our licensors and are protected by copyright, patents, trademarks, design, trade secrets, any other intellectual property rights and applicable law.

Client and You, as applicable, can use the Platform, the Services, the Site and the Content solely for the purpose of provided by these Terms and in accordance with all applicable laws, including, but not limited to, laws related to data (whether applicable within the United States, the European Union, or otherwise).  However, you are not permitted to:

  • use the Platform, the Site or the Content other than for their intended purposes;
  • use any data mining, robots or similar data gathering or extraction methods;
  • sell, rent, lease, lend, redistribute, sublicense or make commercial use of the Platform, the Site or the Content;
  • copy, reverse engineer, decompile, disassemble or attempt to discover the source code of our Platform, the Site or Content;
  • modify, alter or otherwise make any derivative uses of the Platform, the Site or the Content, or any portion thereof, except as expressly permitted under these Terms;
  • remove, alter or obscure any copyright, trademark or other proprietary rights notice included in the Platform, the Site or Content;

Any use of the Platform, the Site or the Content other than as specifically authorized herein, without the prior written permission of Siena, is strictly prohibited. Such unauthorized use may also violate applicable laws, including without limitation, copyright and trademark laws. Unless explicitly stated by Siena, nothing in these Terms shall be construed as conferring any license to intellectual property rights, whether by implication or otherwise.‍

In case Client, through the use of the Platform or the Services, and during the term of agreement for providing the Platform to the Client,  creates any work protected by copyright law whether intentionally or unintentionally, or produces any creation subject to intellectual property law (i.e. industrial property rights such as patents, trademarks, design, trade secrets), the parties agree pursuant to these Terms that upon the moment the work is fixed in any form they are a subject of a license granted by the Client to the Siena Labs Inc.

The license shall be royalty-free, perpetual, exclusive and not limited by territory. The license shall be granted on following fields of use:  1) with respect to fixing and reproducing a work - using a specific technique to make copies of the work, including printing, reprographic, magnetic recording and digital technique; 2) with respect to trading in an original or copies of the object on which a work is fixed - marketing, lending or rental of the original or copies; 3) with respect to other forms of distribution of a work than that referred to in subparagraph 2 - public performance, display, screening, replaying and broadcasting and rebroadcasting as well as communicating a work to the public in such a way that each person may access the work from a place and at a time individually chosen by him.

6. USER CONTENT

In case Client or the Client’s Users create any user content on or by our Platform or Services, Client is  solely responsible for all content created, transmitted and/or distributed through the Platform or Services (“User Content”) including, but not limited to: (a) compliance with all applicable laws and these Terms; and (b) any claims that User Content infringes, misappropriates, or otherwise violates the rights of any third party. It is a violation of this Agreement to create, transmit and/or distribute through the Platform any User Content that:

  • is illegal or unlawful, that would constitute, encourage or provide instructions for a criminal offense, violate the rights of any party, or otherwise create liability or violate any local, national or international law;
  • is defamatory, profane, obscene, pornographic, sexually explicit, indecent, lewd, vulgar, suggestive, violent, harassing, hateful, threatening, offensive, discriminatory, bigoted, abusive, inflammatory, invasive of privacy or publicity rights, fraudulent, deceptive or otherwise objectionable;
  • impersonates any person or entity or otherwise misrepresents your affiliation with a person or entity;
  • may infringe or violate any patent, trademark, trade secret, copyright, or other intellectual property right or other right of any party;
  • contains or depicts any statements, remarks or claims that do not reflect your honest views and experiences;
  • is designed to deceive or trick the users of the Platform;

Subject to Siena’s confidentiality obligations hereunder, Client acknowledges and agrees that Siena may: (i) use User Content for the sole purposes of providing the Services, and (ii) use and make available Aggregated Data for Siena’s business purposes. “Aggregated Data” means data submitted to, collected by, or generated by Siena in connection with Client’s use of the Platform or Services, but only in aggregate, de-identified form which is not linked specifically to Client or any individual. Client shall retain all right, title and interest in and to the User Content, including all intellectual property rights therein. Siena will use best efforts to maintain the security and integrity of the User Content controlled by Siena. Client is responsible for the use of the Platforms and Services by any person to whom Client has given access to the Platform and Services, even if Client did not authorize such use. Siena may retain User Content for up to thirty (30) days following the termination or expiration of the Agreement. Thereafter, Client agrees and acknowledges that User Content may be irretrievably deleted. To the extent User Content contains any personal data (PII) the processing of such data will be governed by a Data Processing Addendum which is attached as an Exhibit C hereto.;

To the extent technically feasible, upon termination or expiration of the Agreement, Siena will, within thirty (30) days of receiving written notice from Client (e-mail is sufficient), transfer all of User Content to Client designated recipient in a mutually agreed-upon format and method of delivery, along with any accompanying documentation necessary for Client’s continued use and understanding of the data. User Content includes but is not limited to any and all data collected, generated, or processed during the term of the Agreement that - as of the day of the termination of the Agreement - is stored within Services. Siena will ensure the secure and complete transfer of such data to Client designated recipient, and will provide reasonable assistance and support to Client during the transition period to facilitate the integration of the transferred data into Client’s systems or operations. Client must provide Siena with notice regarding transfer of User Content within 7 days following the termination or expiration of the Agreement.

Client may from time to time provide suggestions, comments or other feedback to Siena with respect to the Service (“Feedback”). Client shall, and hereby does, grant to Siena a nonexclusive, worldwide, perpetual, irrevocable, transferable, sublicensable, royalty-free, fully paid up license to use and exploit the Feedback for any bona fide business purpose of Siena. Notwithstanding the foregoing, in case Feedback contains any Confidential Information (as defined in section 10 herein), including in particular any PII which Client is a controller of, Siena’s use of such Feedback will comply with applicable data privacy laws and will be in compliance with any confidentiality obligations set forth in these Terms.

7. USER CONDUCT

Client and You, as applicable, are solely responsible for your own conduct while accessing or using the Platform and the Site. Client and You, as applicable, agree to use the Platform and the Site only for purposes that are legal, proper and in accordance with these Terms and any applicable laws or regulations. Client and You, as applicable, agree that you will not and will not permit any third party to do, including but not limited to, any of the following:

  • use the Platform and the Site for any illegal or unauthorized purpose or engage in, encourage, or promote any illegal activity, or any activity that violates these Terms or any other rules or policies established from time to time by us;
  • use the Platform and the Site to violate the legal rights and the legitimate interests of others, including, but not limited to, transmitting or otherwise making available through the Platform of content that infringes the intellectual proprietary rights of any party;
  • remove any copyright, trademark or other proprietary rights notices contained in or on the Platform and the Site, or any part of it;
  • modify, adapt, hack, translate, or reverse engineer the Platform and the Site;
  • use any robot, spider, crawler, scraper or other automated means or interface not provided by us to access the Platform and the Site or to extract data;
  • attempt to indicate in any manner that you have a relationship with us or that we have endorsed you or any products or services for any purpose, unless we specifically consented to such conduct;
  • upload, send, distribute or disseminate any User Content that could be in any way interpreted as defamatory, unlawful, fraudulent, obscene, harassing or objectionable;
  • distribute any other harmful components such as, including but not limited to, worms, viruses, Trojan horses, corrupted files, defects, hoaxes;
  • impersonate another person by any mean (e.g., by use of an email address, name, nickname or otherwise);
  • exploit the Platform and the Site for any unauthorized commercial purpose;
  • access or use the Platform and the Site for the purpose of creating a product or service competitive with any of our products or services;
  • register on the Platform and the Site on behalf of a company, without having the right to represent the respective company.

Client hereby certifies that Client will comply with all current US Export Control laws. Client agrees to defend, indemnify and hold Siena harmless from any liability for Client’s violation of U.S. Export Control laws.

8. INDEMNIFICATION
  1. Each of Client and You agree, at your sole expense, to defend, indemnify and hold us, our officers, agents, employees, advertisers, licensors, suppliers or partners harmless from and against any claims, damages, payments, deficiencies, fines, judgments, settlements, liabilities, losses, costs and expenses of any kind or nature, including litigation costs, and legal fees arising out of or in any way related to (i) your use of the Platform and the Site; (ii) your violation of these Terms, applicable law or the rights of any third-party; or (iii) your breach of the provisions of this Agreement; or (iv) alleged infringement or misappropriation of third-party’s intellectual property rights resulting from User Content.
  2. Siena will indemnify, defend and hold harmless Client, its affiliates, and its and their respective officers, directors, employees, and representatives from and against any and all claims, damages, losses, liabilities, costs and expenses (including reasonable attorneys’ fees and costs) (“Losses”) to the extent such Losses directly or indirectly arise out of or are related to: (i) any breach of Siena’s representations and warranties described in 6.1.; (ii) any breach of laws applicable to the Services; (iii) the negligence, bad faith, fraud or willful misconduct of Siena; and (iv) any infringement of the intellectual property or proprietary rights of Client or any third party and (v) any loss, mis-use or breach of data or violation any data privacy provisions or laws applicable to the Services. Notwithstanding any other provision in this Agreement, Siena will have no obligation to indemnify or reimburse Client with respect to any claim arising from: (a) the combination of any User Content with the Service; (b) the combination of any products or services, other than those provided by Siena to Client under these Terms, with the Service.

Promptly after the party indemnified pursuant to this Section (the “Indemnified Party”) obtains knowledge of the existence or commencement of any claim, suit, action, investigation (including investigations conducted by governmental authorities) or proceeding (each, a “Claim”) that gives rise to an indemnity obligation under this Section, the Indemnified Party will notify the other Party (the “Indemnifying Party”) of such Claim in writing (e-mail is sufficient). The Indemnifying Party will assume full control of the defense and settlement of such Claim at the Indemnifying Party’s sole risk and expense, with counsel designated by Indemnified Party and satisfactory to the Indemnified Party in its reasonable judgment; provided, that, the Indemnified Party shall be entitled to participate in the defense of such Claim. The Indemnifying Party will not settle or compromise any Claim or consent to entry into any judgment without the prior written consent of the Indemnified Party which will not be unreasonably conditioned, withheld or delayed. If the Indemnifying Party fails to assume the defense of any Claim the Indemnified Party may retain counsel and assume the defense of such Claim at the cost of the Indemnifying Party.

Subject to the maximum liability set forth in Section 12, the provisions of this Section 8 constitute the entire understanding of the parties regarding each party’s respective liability under this Section 8, including but not limited to Infringement Claims (including related claims for breach of warranty) and each party’s sole obligation to indemnify and reimburse any Indemnified Party.

9. DISCLAIMER

SIENA DOES NOT REPRESENT OR WARRANT THAT THE OPERATION OF THE PLATFORM, THE SITE OR THE SERVICES (OR ANY PORTION THEREOF) WILL BE UNINTERRUPTED OR ERROR FREE. CLIENT ACKNOWLEDGES THAT SIENA MAKES NO EXPRESS OR IMPLIED REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE SERVICE OR SERVICES, OR THEIR CONDITION. SIENA HEREBY EXPRESSLY EXCLUDES, ANY AND ALL OTHER EXPRESS OR IMPLIED REPRESENTATIONS OR WARRANTIES, WHETHER UNDER COMMON LAW, STATUTE OR OTHERWISE, INCLUDING WITHOUT LIMITATION ANY AND ALL WARRANTIES AS TO MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SATISFACTORY QUALITY OR NON-INFRINGEMENT OF THIRD-PARTY RIGHTS.

  1. CONFIDENTIALITY

The Client and You, as applicable, agree that they shall not, during the term of use the Platform, the Services and the Site, and for 3 years upon its termination, disclose any proprietary, secret or confidential information (“Confidential Information”) of the other party to any third party whatsoever without the express written consent of Siena.

The Client and You, as applicable, shall secure all documents, work in process, products or other items incorporating any of the Confidential Information to prevent its unauthorized disclosure. The Client and You, as applicable, agree that any such Confidential Information constitutes valuable property which belongs exclusively to Siena. The Client and You, as applicable, will not at any time acquire any legal rights whatsoever to any of the Confidential Information.

Nothing in these Terms will impose any obligation upon Siena to disclose or hand over to the  Client and You, as applicable, any Confidential Information or data of whatsoever kind or nature which Siena in its absolute discretion wishes to keep confidential.

The Confidential Information will not include any information which: (i) is known generally to the public; or (ii) becomes available to the Client and You, as applicable, on a non-confidential basis from a source other than Siena; or (iii) was available to the The Client and You, as applicable, on a non-confidential basis prior to its disclosure by Siena.

If the The Client and You, as applicable, are compelled pursuant to legal, judicial, or administrative proceedings, or otherwise required by law, to disclose Confidential Information, the Client and You, as applicable, shall use reasonable efforts to: (i) seek confidential treatment for such Confidential Information, and (ii) provide prior notice to Siena to allow Siena to seek protective or other court orders.

  1. WARRANTY

Siena represents and warrants to Client that (a) Siena has the requisite expertise, knowledge and skills necessary to perform the Services with a high standard of quality; (b) the Services will be performed in a professional and workmanlike manner and in accordance with the highest industry standards; (c) Siena has the right to enter into and fully perform its obligations under these Terms and Siena’s performance of the Services pursuant to these Terms will not violate any agreement or obligation between Siena and any third party; (d) all Services shall be in conformance with all applicable laws; (e) Siena has all rights, licenses and title necessary to perform the Services and for Client to use the Platform, the Site and the Services and that neither the Services nor Client’s use of the Services will infringe the intellectual property or other right of any third party; (f) Siena will employ industry standard security measures in the delivery of the Services and reasonable and appropriate procedures, and guidelines regarding information protection, systems and data security, and privacy obligations; and (g) the Services, when used by Client in accordance with these Terms will not violate any proprietary or intellectual property rights of any third party, including, without limitation, any patents, copyrights or trade secrets.

Client shall report to Siena any breach of the warranty set forth in this section. In the event of a breach of warranty by Siena under this Section 11 (g), Client’s sole and exclusive remedy, and Siena’s entire liability, shall be prompt correction of any non-conformance in order to minimize any material adverse effect on Client’s business.

12. LIMITATION OF LIABILITY

Client and You, as applicable, acknowledge and agree that to the maximum extent permitted under applicable law, in no event will Siena be liable to you or to any other third party for any incidental, indirect, special, consequential, exemplary or punitive damages whatsoever including, but not limited to, damages for loss of profits, (whether incurred directly or indirectly), loss of goodwill or business reputation, loss of data, cost of procurement of substitute goods or services, or any other intangible loss, arising out of or related to the Platform and the Site, regardless of the theory of liability (contract, warranty, tort, strict liability, product liability or other theory) and even if we have been advised of the possibility of such damages. The limitation of liability set forth herein, shall not apply to any fraud, negligent behavior or wilful misconduct.

Client and You, as applicable, understand and agree that we will not be liable for any failure or delayed performance of our obligations that results from any condition beyond our reasonable control, including but not limited to, acts or omissions of third parties, earthquake, fire, flood, governmental action, acts of terrorism, labor conditions, power failures, Internet disturbances or server failures.

Client and You, as applicable, acknowledge that the Platform and the Site is Internet-based and you understand and accept the inherent security risks associated with such applications and websites, including but not limited to, the risk of losing the Internet connections, the risk of malicious software, the risk of hardware or software failure and the risk of unauthorized access by third parties to your account. Thus, you agree that our liability for any malfunctions, communication failures, delays, errors, or any breach of security you might incur shall be limited to the amounts we received from you for the access to the Platform during the twelve months prior to the event giving rise to the claim.

SIENA’S LIABILITY FOR INDEMNIFICATION PURSUANT TO 8. ABOVE WILL BE LIMITED IN TOTAL AND IN THE AGGREGATE TO $250,000 (“INDEMNITY CAP”), PROVIDED THAT, HOWEVER, THE INDEMNITY CAP WILL NOT APPLY TO ANY CLAIMS SUBJECT TO INDEMNIFICATION BASED ON 8a(iv).

13. EXTERNAL SITES

The Platform and the Site may contain hyperlinks to third party websites or resources. These links to third party pages are provided for convenience only. In any event, especially because of the volatile nature of information on the Internet, Siena cannot control the nature or content of these external sources and therefore is not responsible and or liable for the use, the unavailability of third party website nor their content and advertising or other materials available on such third party websites that you might access via our Platform or the Site.

14. CHANGES OF THE PLATFORM AND OF THE SITE

In no event will Siena be liable for the removal of or disabling of access to any portion or feature of the Platform or the Site.

15. SUSPENSION OR TERMINATION

In case Client or You, as applicable, breaches these Terms, fails to pay the Fees, or Siena reasonably believes Client’s use of the Platform, Site or Services may pose a security risk to or may adversely impact the Platform, Site or Services, we may suspend or terminate in whole or in part, your access to the Platform at our sole discretion, immediately and without prior notice, and delete or deactivate your account. In such a case, we will notify you accordingly. The Clients have the possibility to delete their accounts (provided we may retain certain information about the commercial relationship with the respective user, in accordance with our Privacy Policy and section 6 of the Terms). Upon termination of this Agreement, the Client will be granted a reasonable period to request access to their data. Following this period, Siena will delete all Client data. Upon termination of the Agreement, Client shall immediately cease use of the Platform and Services.

16. ASSIGNMENT

Siena may assign these Terms and/or any and all of its rights or delegate any and all of its obligations under these Terms without your consent. All provisions contained in these Terms shall extend to and be binding upon you and Siena's successors and assigns. You may not assign these Terms or any of your rights and/or obligations under these Terms to another person or entity.

17. PERSONAL DATA

Please refer to our Privacy Policy for information on how we collect, use, store and disclose your personal data.

In the event that the processing of personal data is entrusted by Client to Siena, such processing shall be governed by the Data Processing Agreement, which forms an integral part of these Terms. The Data Processing Agreement sets forth the terms and conditions under which Siena shall process personal data on behalf of Client in accordance with applicable data protection laws and regulations. By engaging Siena to process personal data, you agree to the terms of the Data Processing Agreement, which is available in Appendix A below.

18.  SEVERABILITY AND ENFORCEMENT

If any provision of these Terms shall be deemed unlawful, void or for any reason unenforceable, then that provision shall be deemed severable from these Terms and shall not affect the validity and enforceability of any remaining provisions.

Enforcement of these Terms is solely in our discretion and our failure to enforce any of the provisions in some instances does not constitute a waiver of our right to enforce such provisions in other instances.

19.  GOVERNING LAW AND JURISDICTION

These Terms will be governed by and construed exclusively in accordance with, the laws of the United States and the State of New York, without regard to its conflict of laws provisions. The federal courts of the United States in the Southern District of New York and the state courts of the State of New York shall have exclusive jurisdiction to adjudicate any dispute arising out of or relating to this Agreement. Each party hereby consents to the jurisdiction of such courts and waives any right it may otherwise have to challenge the appropriateness of such forums, whether on the basis of the doctrine of forum non conveniens or otherwise. The United Nations Convention on Contracts for the International Sale of Goods shall not apply to this Agreement or any Purchase Order issued under this Agreement.

For any dispute with Siena, Client and You, as applicable, agree to first contact us at legal@siena.cx and attempt to resolve the dispute with us informally. In the unlikely event that We have not been able to resolve a dispute after sixty (60) days, we each agree to resolve any claim, dispute, or controversy (excluding any claims for injunctive or other equitable relief as provided below) arising out of or in connection with or relating to this Agreement, or the breach or alleged breach thereof (collectively, “Claims”), by referring the case to a competent court.

Appendix A - Data processing Agreement
For a signed copy of the DPA (including the full appendix content) click here.

Data Processing Agreement

This Data Processing Agreement ("DPA") is entered into as of the Effective Date by and between Siena Labs Inc. (Siena) a company incorporated under the United States law, and the entity or person set forth on the last page hereto ("Customer"). Siena (Processor) and Customer (Controller) are sometimes referred to individually as "Party" or collectively as "Parties".

This DPA forms an integral part of and is concluded subject to the Terms of Service or Master Service Agreement, which Customer has concluded with Siena.

Whereas:

  1. the Customer is interested in using software application provided by Siena Labs, Inc. (the software and associated services are jointly referred to as "Services");
  2. Customer's use of the Services requires that Customer Users’ Data (as defined below) is processed by Siena;
  3. the Parties wish to set forth their mutual obligations regarding the processing of Customer Data (as defined below) by Siena;

The parties have agreed as follows:

  1. SUBJECT MATTER OF DPA

    1. Data Processing Agreement is entered into in connection with and for the purpose of performing the Siena Master Service Agreement (the "Master Agreement") or Siena Terms of Service (the “ToS”). The processing of personal data in connection with the performance of the Master Agreement or ToS is regulated by the US State Privacy Laws (as defined in Appendix 4 to this DPA) - the CPRA and the US State Privacy Laws, as well as Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC ("GDPR").
    2. Pursuant to the Data Processing Agreement, the Customer entrusts Siena with the personal data specified in Appendix 1 to the DPA ("Personal Data") for processing. A change in the scope of entrustment of processing does not require an annex, but only the consent of both Parties expressed in writing or electronically (including e-mail) by persons authorized to make statements under the Master Agreement or ToS. A change in the scope of entrustment as specified in the preceding sentence may not lead to an expansion of the Processor's obligations or limitation of its rights under the Master Agreement or ToS, including with regard to the remuneration due.
    3. We process Personal Data only for the fulfillment of the Master Agreement or ToS and to the extent necessary for its fulfillment and only during the term of the Master Agreement or ToS.
    4. We are obliged to process Personal Data in accordance with the "Applicable Data Protection Laws" which means the CPRA, GDPR or the US State Privacy Laws (as defined in Appendix 4 to this DPA).
  2. OBLIGATIONS OF THE PARTIES

    1. Customer, as the data controller, acknowledges and understands that in circumstances and to the extent described in Appendix 1 to this DPA making use of the Services requires that Customer Users' Data are processed within the Services.
    2. Customer, as the data controller, confirms that this DPA along with Customer’s use and configuration of the Services and its individual features are the complete and final instructions to Siena for the processing of Customer Data. Siena will immediately inform the Customer if in its opinion the Customer’s instructions may infringe Applicable Data Protection Laws; Customer Data was and will be obtained in accordance with Applicable Data Protection Laws and that all required consents (if required) from people whose personal data is processed using the Services were collected and all information duties fulfilled.
    3. Siena, as a data processor, undertakes to only process Customer Data to make it possible for the Customer to make use of the Services and its individual features, solely on the basis and under the conditions specified in this DPA and Applicable Data Protection Laws.
    4. Siena is obliged to:

      1. apply all technical and organizational measures adequate to the level of risk to secure Personal Data under the principles set forth in Article 32 of the GDPR;
      2. assist the Customer in complying with the obligations set forth in Articles 32-36 of the GDPR, taking into account the nature of the processing and the information available to Siena;
      3. process Personal Data only at the Customer’s documented instruction, unless such an obligation is imposed on Siena by applicable national or EU law, in which case Siena will inform the Customer of this legal obligation prior to the start of processing, unless such law prohibits the provision of such information for reasons of important public interest; in particular, the Master Agreement or ToS is considered to be the documented instruction of the Controller;
      4. as far as possible, assist the Customer, through appropriate technical and organizational measures describer in Appendix 2, in fulfilling its obligation to respond to the data subject's requests for the execution of their rights under Chapter III of the GDPR;
      5. ensure that persons authorized to process Personal Data undertake to maintain confidentiality, unless they are persons obliged to maintain confidentiality under the law;
      6. upon termination of the DPA, depending on the Customer’s request, to delete or return the Personal Data and delete copies thereof, unless otherwise provided by imperative law; within the limits set forth in Appendix 1 to the DPA, Siena shall process the Personal Data on its own behalf, for the purpose of establishing, asserting or defending against claims that may arise in connection with the performance of the DPA or the Master Agreement or ToS.
    5. The provisions of Sections 2.1.1-2.1.6 do not expand Siena’s obligations with regard to the provision of services in accordance with the Master Agreement or ToS.
    6. Siena is authorized to further entrust the processing of Personal Data to sub-processors, the list of which is attached as Appendix 3 to the DPA. Siena will inform the Customer of any significant intended change to the list of sub-processors in the way adopted for communication in accordance with the Master Agreement or ToS. The Customer can object to such change within the following 3 days. Siena ensures that it will only use the services of such sub-processors that provide sufficient guarantees for the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the GDPR, as well as protects the rights of data subjects. Siena is obliged to ensure that at least the same obligations are imposed on sub-processors as those imposed on Siena in the DPA. Customer acknowledges that failure to agree to a change in the list of further processors may result in Siena’s inability to continue performing the Master Agreement or ToS, of which Siena will inform Customer immediately.
    7. Siena will share with Customer the information necessary to perform its duties related to the entrustment of the processing of Personal Data. Siena will allow Customer to carry out audits, including inspections, at a time agreed upon by the Parties, to the extent related to the entrustment of processing of Personal Data by Siena and will provide cooperation in this regard. The cost of the audit shall be incurred by each Party on its own, notwithstanding the outcome of the audit. Customer is obliged to maintain the confidentiality of all information obtained in connection with the audit, including the results of the audit, and to ensure that the persons it relies on to carry out the audit have also obliged themselves to confidentiality in this regard. The obligation of confidentiality applies for the term of the DPA and indefinitely thereafter. In the case when the preceding sentence becomes invalid or ineffective, the confidentiality obligation shall continue for the term of the DPA and for a period of 10 years thereafter.
    8. Siena is obliged to ensure that any person processing Personal Data on its behalf processes the data only at Customer instruction.
  3. DATA TRANSFER
    1. Siena may transfer Personal Data if:
      1. the destination country provides an adequate level of personal data protection to that of the European Union; or
      2. Customer and Siena or Siena’s sub-processor have entered into an agreement based on standard contractual clauses or have implemented another mechanism that legalizes the transfer of data to a third country in accordance with the law.
  4. LIABILITY
    1. Notwithstanding the provisions of the Master Agreement or ToS, the total contractual and tort liability of Siena in relation to the processing of Personal Data under the DPA is limited to an amount equivalent to the amount of Siena’s monthly remuneration under the Master Agreement or ToS, calculated according to the month in which the premise for the occurrence of the said liability occurred, unless otherwise provided by binding legal regulations.
  5. Jurisdiction specific data protection clauses
    If Customer is subject to any data protection laws of jurisdictions listed in Appendix 4, then the terms of Appendix 4 supplement the clauses of sections 1 - 4 of this DPA.
  6. FINAL PROVISIONS
    1. The DPA is concluded for the term of the Master Agreement or ToS. The DPA may be terminated by Customer with immediate effect in the event of gross or repeated breaches of the DPA, GDPR or other applicable data protection laws by Siena - if Siena has been previously called upon to remedy the breaches, an additional period of not less than 30 days has been set for this purpose, and the period has expired without effect. Termination of the DPA shall be in writing under pain of ineffectiveness.
    2. Termination of the DPA is the basis for termination of the Master Agreement or ToS.
    3. Amendments to the DPA are possible only in writing under pain of ineffectiveness, unless the DPA expressly provides for another form for amendments.
    4. Any terms capitalized and not defined in the DPA have the meaning given to them in the Master Agreement or ToS.
    5. Any disputes having to do with the DPA will be adjudicated by the Court of competent jurisdiction in accordance with the Master Agreement or ToS.
    6. The Appendices to the DPA are an integral part of the DPA. The list of appendices is as follows:
      1. Appendix No. 1 - Scope of entrustment of personal data;
      2. Appendix No. 2 - Summary of security measures implemented by Siena;
      3. Appendix No. 3 - List of sub-processors;
      4. Appendix No. 3 - US Data Protection Laws Addendum.


APPENDIX 1
Scope of entrustment of personal data

  1. The nature and purposes of processing: processing of personal data in connection with the provision of services in the form of Siena Enterprise Software Platform in order to fulfill the contract connecting the Controller and the Processor. Siena Enterprise Software Platform specifically supports the Controller in serving customers, prospects and others who interact with the Controller through automated interactions.
  2. Data subject categories:
  • Controller’s employees and coworkers,
  • Controller’s clients,
  • Controller’s potential clients;
  • Controller’s contractors;
  • Controller’s potential contractors; 
  • Any other person contacting the Controller on any matter. 
  1. Type of personal data:
  • Contact information; 
  • Content of the inquiry/notification/message;
  • Data on the established cooperation or concluded contract;
  • Data contained in the inquiry/notification/message;
  1. Location where personal data will be processed: European Economic Area, USA, Canada. 
  2. Data processed by the Controller on its own behalf, in its role as Controller, for the purposes of establishing, asserting or defending against claims that may arise in relation to the performance of the DPA or Master Agreement: data related to the operation of the Siena Enterprise Software Platform.

APPENDIX 2

Summary of security measures implemented by Siena

This document describes security measures that Siena has implemented to ensure that Customer Data is processed in accordance with the Applicable Data Protection Laws and the DPA. This document is regularly updated to reflect changes made in Siena’s security and data privacy compliance program.

1. General organizational measures

  1. Data Protection Officer and Compliance Program. Siena has appointed a Data Protection Officer who is responsible for coordinating, monitoring and improving Siena’s security and data privacy compliance program ("Compliance Program"). The Compliance Program defines clear roles and responsibilities of Siena’s personnel. The Data Protection Officer is responsible for coordinating, monitoring and improving the Compliance Program.
  2. Confidentiality. Siena’s entire personnel is subject to confidentiality obligations and may only access personal data (personal information) subject to a prior, written authorization issued by Siena.

2. Training and awareness

  1. Personnel training. Siena conducts regular training sessions for its personnel on data protection rules and personnel roles within its Compliance Program. Siena also informs its personnel about possible consequences of non-compliance. These training sessions are conducted using anonymized data.

3. Physical and environmental security

  1. Physical access to data centers. Customer Data is processed within AWS data centers. Access to these datacenters is restricted only to identified Google staff members. Siena personnel may not physically access these data centers.
  2. Protection from disruptions. Siena takes reasonable measures per industry accepted solutions to protect against loss of data due to power supply failure, fire, natural disaster or line interference.
  3. Component disposal. Siena takes reasonable measures per industry accepted solutions to delete Customer Data when it is no longer needed.

4. Access control

  1. Access authorization. Siena maintains a comprehensive register of personnel authorized to access its facilities and information systems. To ensure the security and integrity of its operations, Siena has implemented robust controls designed to prevent any individual who ceases employment or engagement with the organization from retaining access. This is achieved by deactivating their authentication credentials and revoking all access rights. Furthermore, Siena conducts regular audits, at intervals not exceeding 12 months, to verify that inactive authentication credentials are promptly deactivated. Deactivated or expired identifiers are not reassigned to other personnel or new members. Additionally, Siena adheres to industry-standard protocols for the timely deactivation of passwords that have been compromised or inadvertently disclosed.
  2. Limitation of privileges. A restricted and designated group of personnel is exclusively authorized to grant, modify, or revoke access privileges to Siena’s facilities and information systems. The access rights conferred upon personnel are strictly limited to those assets and resources necessary for the performance of their respective duties. This principle of least privilege ensures that access is confined to the minimum scope required for the execution of specific functions, thereby enhancing security and safeguarding sensitive information within the organization.
  3. Authentication of users. Siena employs industry-recognized solutions, including multifactor authentication, to identify and authenticate users accessing its information technology systems. Passwords are regularly updated and must conform to minimum standards established by Siena's security policies. Additionally, best practices are rigorously applied to ensure the confidentiality and integrity of passwords during assignment, distribution, and storage. These measures are designed to safeguard credentials and prevent unauthorized access to Siena's IT systems, in line with recognized security protocols.
  4. Monitoring. Siena continuously monitors its information systems to detect and prevent any attempts of unauthorized access, including the use of expired or invalid credentials. This monitoring is designed to promptly identify and mitigate security threats, ensuring that only authorized individuals with valid credentials can access Siena's systems, in accordance with its stringent security protocols.

5. Asset and operations management

  1. Endpoint protection. All computing endpoints are encrypted and protected against malware.
  2. Backup copies. Siena regularly creates backups of service settings, configuration details, and Customer Users' Data. These backups are maintained to ensure data integrity, continuity of operations, and the ability to restore critical information in the event of system disruptions or data loss, in accordance with Siena’s data protection and security protocols.
  3. Integrity and confidentiality. All personnel are required to terminate all active sessions upon leaving computers unattended to prevent unauthorized access. A limited and specifically designated group of personnel, whose duties necessitate remote access, is authorized to carry mobile devices and utilize them outside of Siena's premises. All such mobile devices are secured with password protection and equipped with encrypted storage, ensuring the confidentiality and integrity of data in accordance with Siena's security policies.

6. Incident management

  1. Malicious software. Siena has implemented comprehensive anti-malware controls to prevent malicious software from gaining unauthorized access to Customer Data and its information systems. These controls are designed to safeguard against threats originating from public networks, ensuring the protection of data and the integrity of Siena's systems in compliance with established security standards and best practices.
  2. Incident record. Siena maintains a detailed record of all security incidents, which includes the date and time of each incident, the consequences resulting from the breach, and the corrective measures implemented to prevent recurrence. This documentation ensures a systematic approach to incident management and enhances the organization's ability to mitigate future security risks in alignment with industry best practices and legal obligations.
  3. Service monitoring. Siena conducts regular verification and monitoring of system logs to detect any irregularities or suspicious activity. This continuous oversight is implemented to promptly identify potential security threats and ensure the integrity and security of Siena’s information systems, in accordance with its established security policies and procedures.

APPENDIX 4

US Data Protection Laws Addendum

1. The following terms and conditions apply additionally when we process Customer Data containing California consumers' personal information or otherwise subject to the California Consumer Privacy Act ("CCPA") (hereinafter jointly referred to as "CCPA Covered Data"):

  1. where we process CCPA Covered Data we are a "service provider" who processes CCPA Covered Data on your behalf and you are a "business", as defined in the CCPA;
  2. unless explicitly stated otherwise, in sections 1 – 4 of this DPA the term "you" shall be read to include "business", the term "us" or “Siena” shall be read to include "service provider", the term "data subject" shall be read to include "consumer" and the terms "Customer Data" shall be read to include "personal information", each as defined under the CCPA;
  3. as a service provider, we will process CCPA Covered Data only for the business purposes set forth in the Master Agreement or ToS and in this DPA;
  4. as a service provider, we undertake not to: (i) sell or share CCPA Covered Data; (ii) retain, use or disclose CCPA Covered Data for any purpose other than making your use of our Services possible or as otherwise may be permitted for service providers under the CCPA; (iii) retain, use or disclose CCPA Covered Data outside of the direct business relationship between us; (iv) combine CCPA Covered Data that we receive from you, or on your behalf, with personal information that we receive from, or on behalf of, another person or persons, or collect from our own interactions with consumers, unless such combination is required to perform any business purpose as permitted by the CCPA, including any regulations thereto, or by regulations adopted by the California Privacy Protection Agency;
  5. we will: (i) comply with obligations applicable to us as a service provider under the CCPA; (ii) provide CCPA Covered Data with the same level of privacy protection as is required by the CCPA, provided, however, that you are responsible for ensuring that you have complied, and will continue to comply, with the requirements of the CCPA in your use of the Services and your own processing of CCPA Covered Data; (iii) notify you without undue delay if we make a determination that we can no longer meet our obligations as a service provider under the CCPA; (iv) provide you with reasonable additional and timely assistance to assist you in complying with your obligations with respect to consumer requests under the CCPA in line with the procedure described in points 5.1. – 5.3. of this DPA; (v) observe the conditions for the engagement of sub-processors including by ensuring that we enter into a written agreement that complies with the CCPA, regarding, without limitation, the contractual requirements for service providers and contractors, with each such sub-processor that we engage to process CCPA Covered Data;
  6. you have the right to take reasonable and appropriate steps: (i) to help ensure that we use CCPA Covered Data in a manner consistent with your obligations under the CCPA; (ii) to stop and remediate unauthorized use of CCPA Covered Data; to exercise these rights, just contact us;
  7. you have the right to monitor our compliance with this DPA and the CCPA by using any of the means and methods described in section 9 of this DPA;
  8. we certify that we understand and will comply with our obligations as a service provider under the CCPA;
  9. we acknowledge and confirm that we do not receive Customer Data, Customer Email Data or Customer Emails as consideration for any Services provided to you.

2. The following terms and conditions apply additionally when we process Customer Data containing personal data subject to the US State Privacy Laws (as defined below) (all hereinafter jointly referred to as "US State Privacy Laws Covered Data"):

  1. for the purposes of this Addendum, the term "US State Privacy Laws" means: (i) the Virginia Consumer Data Protection Act; (ii) the Colorado Privacy Act; (iii) the Connecticut Data Privacy Act; (iv) the Utah Consumer Privacy Act; (v) any other applicable US state law relating to the protection of personal data, based on which you are a controller of personal data and we are a processor of personal data, provided that the terms and conditions of this Addendum meet the requirements set forth in such other state laws;
  2. unless explicitly stated otherwise, in sections 1 – 4 of this DPA the term "you" shall be read to include "controller", the term "we" or “Siena” shall be read to include "processor", the term "data subject" shall be read to include "consumer" and the terms "Customer Data", "Customer Email Data" and "Customer Emails" shall be read to include "personal data", each as defined under the US State Privacy Laws;
  3. we will: (i) adhere to your instructions regarding the processing of US State Privacy Laws Covered Data; (ii) provide you with necessary information to enable you to conduct and document data protection assessments as may be required pursuant to the US State Privacy Laws in line with the procedure described in point 5.4. of this DPA; (iii) make available to you, upon your reasonable request, all information in our possession necessary to demonstrate our compliance with our obligations as a processor under the US State Privacy Laws in line with the procedure described in section 2 of this DPA; (iv) undertake that each person processing US State Privacy Laws Covered Data is subject to a duty of confidentiality with respect to such data; (v) delete all US State Privacy Laws Covered Data in line with point 2 of this DPA, unless retention of US State Privacy Laws Covered Data is required by law; (vi) arrange for a qualified and independent assessor to conduct an assessment of our policies and technical and organizational measures implemented in support of our obligations under this Addendum, as well as provide a report of such assessment to you upon request in line with point 2 of this DPA; (vii) observe the conditions for the engagement of sub-processors including, without limitation, by ensuring that we enter into a written agreement that complies with the US State Privacy Laws with each such sub-processor that we engage to process US State Privacy Laws Covered Data and that we give you the opportunity to object against the involvement of a new sub-processor;
  4. taking into account the nature of processing and the information available to us, by appropriate technical and organizational measures, insofar as this is reasonably practicable, we will: (i) help you fulfill your obligation to respond to consumer rights requests made pursuant to the US State Privacy Laws in line with the procedure described in point 2 of this DPA; (ii) assist you in meeting your obligations in relation to the security of processing the personal data and in relation to the notification of a breach of security regarding the Services, including in particular by providing relevant notices in line with section 2 of this DPA.