Last Updated: September 3, 2020
I. Scope of Responsibility. Customer shall be responsible for ensuring compliance with this 8x8 CPaaS Use Policy (this “Policy”) by the parties specified herein, and any violation of this Policy by any such party shall constitute and be considered a breach hereof by Customer itself. Without limiting the foregoing, Customer shall be responsible and liable for all direct and indirect accessing and/or use of the Ordered CPaaS Services or the 8x8 Platform by or on behalf of it, the Users, other users of Ordered CPaaS Services, or parties with which Customer communicates therethrough, other than unauthorized activities resulting from the gross negligence or willful misconduct of 8x8 or its Affiliate (“Customer Use”) and all content, numbers, email addresses, and data transmitted or stored via the Ordered CPaaS Services or provided by or on behalf of Customer, its Affiliates, or the Users.
II. Determination of Requirements. Customer shall be solely responsible for determining and familiarizing itself with – and seeking its own legal counsel regarding – all United States, foreign, international, national, state, provincial, territorial, municipal, local, or other laws, regulations, codes, ordinances, treaties, conventions, writs, decrees, resolutions, promulgations, or court or administrative orders or rulings (collectively, “Laws”); contractual obligations; and rules, standards, policies, and guidelines imposed or published by telecommunications carriers or providers, network providers, ISPs, the Cellular Telecommunications Industry Association (“CTIA”) (including without limitation the CTIA Short Code Monitoring Handbook and addenda thereto and the CTIA Messaging Principles and Best Practices), the Canadian Wireless Telecommunications Association (including without limitation the Canadian Common Short Code Application Guidelines), the Mobile Marketing Association (including without limitation the Mobile Marketing Association Guidelines), or other generally-recognized industry organizations or bodies (Laws and all of the foregoing, collectively, “Requirements”) that might apply to Customer Use, which Requirements might include without limitation domestic and/or foreign Laws relating to:
- (i) marketing, solicitation, business practices, or telecommunications or electronic communications (collectively, “Marketing Laws”), such as the US Telephone Consumer Protection Act of 1991 (the TCPA) (which significantly restricts telephone solicitations (i.e., telemarketing) and the use of automatic dialing systems, artificial or pre-recorded voice messages, SMS / text messages, and facsimile communications) and Canada’s Anti-Spam Legislation (CASL);
- (ii) privacy, or the security or protection of personal data or other categories of data (“Data Protection Laws”); and
- (iii) surveillance; the monitoring or recording of conversations, communications, or other activities; or wiretapping(“Monitoring Laws”), which Laws may prohibit or require advance notice or consent for such activities.
8x8 shall have no obligation to provide legal advice of any kind to the Customer Parties, and the Customer Parties shall not treat or rely on any statements, communications, or materials of the 8x8 Parties as such.
III. Policy Requirements. Customer agrees, represents, warrants, and covenants the following:
(a) Legal and Other Compliance – All Customer Use and related content shall comply with all applicable Requirements, including without limitation those within the applicable recipients’ jurisdiction(s) that apply to the acts, activities, and conduct at issue.
(b) Consents, Etc. – Customer has obtained all consents, licenses, rights, authorizations, and/or permits and has provided all disclosures and notices/notifications required (including without limitation under Marketing, Data Protection, or Monitoring Laws) for or in connection with Customer Use or any personal data related thereto and shall not transmit any communication via the CPaaS Services (i) to a recipient that has not explicitly requested the message (or that is otherwise unsolicited) or (ii) in such a manner that the sender of the message may not be reasonably identified.
(c) Do-Not-Call List – To the extent that Customer Use might involve telemarketing, solicitation, or substantial outbound activities, Customer shall maintain and enforce an accurate, comprehensive, and up-to-date internal “do not call/text” list to prevent contacting parties that do not wish to receive further communications.
(d) No Resale; Reasonable Business Use – Ordered CPaaS Services shall not be sold/resold, leased/subleased, licensed/sublicensed, or otherwise made available to any other third party (other than a Customer Affiliate), and all orders under the Agreement and all Customer Use shall be for Customer’s or its Affiliate’s own internal reasonable business use.
(e) Documentation – All Customer Use shall be consistent with the applicable Documentation.
(f) No Bribery – Neither the Customer Parties nor any User has received or been offered any bribe, kickback, or illegal/improper payment, gift, or thing of value from any 8x8 Party in connection with the Agreement or Ordered CPaaS Services.
(g) Other Prohibited Uses and Activities – In no event shall Customer Use consist of, involve, solicit, promote, or facilitate any:
- (i) content, material, conduct, or activity that is criminal, unlawful, defamatory, harassing, fraudulent, dishonest, obscene, offensive, discriminatory, abusive, threatening, harmful, tortious, or intended to cause distress;
- (ii) transmission of misleading or inaccurate caller ID information with the intent to defraud, cause harm, or wrongfully obtain anything of value;
- (iii) transmission, storage, or distribution of any virus; time bomb; Trojan horse; worm; malware; spyware; cancel bot; computer programming routine intended to damage, detrimentally interfere with, surreptitiously intercept or expropriate information; or similar programs, or files, code, or other materials containing any of the foregoing;
- (iv) breach, violation, or infringement of any intellectual property, privacy, or other right – or misappropriation of the property – of any party (or contain any material that may result in or cause any of the foregoing);
- (v) accessing or use of CPaaS Services in or from a US-embargoed country;
- (vi) any conduct or activity that might cause 8x8 or any of its Affiliates or Partners to violate any Law;
- (vii) the targeting of specific wireless carriers for the purpose of obtaining below-market telephony rates or the exploitation of undocumented features of the CPaaS Services; or
- (viii) any information, content, or material that has been generated or obtained through the use of a dictionary attack or address-harvesting software.
(h) Export Control – At no point during the Effective Period or any subsequent period during which Customer, its Affiliates, and/or any User continues to have access to Ordered CPaaS Services (the “Access Period”) will Customer, any of its Affiliates, and/or any User be named on any US government denied-party list.
(i) Security of Ordered CPaaS Services – Customer shall, during the entire Access Period, (i) implement and maintain reasonable and appropriate measures and safeguards to prevent unauthorized access to and/or use of the Ordered CPaaS Services and/or the related account(s); data transmitted, received, or stored therein or therethrough; and any equipment used to access any of the foregoing and (ii) promptly provide notice to 8x8 of any such unauthorized access or use or other breach of any of the foregoing (including without limitation any loss or theft of such equipment) and provide such cooperation as 8x8 might reasonably request to address or prevent any such incident. Without limiting the foregoing, Customer shall instruct, train, and oversee all Users as necessary to ensure that they (1) choose robust password combinations, change their passwords regularly, and not disclose their passwords except to authorized 8x8 support agents and (2) perform a “log off” / exit from such accounts at the end of each session of access thereto.
(j) CPaaS Services Updates and Security – Throughout the Access Period, Customer, its Affiliates accessing or using Ordered CPaaS Services, and the Users shall (i) promptly install all upgrades, bug fixes, patches, and other corrections relating to the CPaaS Services made available by or on behalf of 8x8 or its Affiliates or Partners and (ii) not take any action or omission that might reasonably be expected to (A) disrupt or compromise the integrity or security of any services, platforms, or networks of 8x8 or its Affiliates or Partners, (B) cause material damage to 8x8, its Affiliates or Partners, or any customer of 8x8, its Affiliates, or any their Partners, or (C) compromise the privacy of any such customer.
(k) Emergency Services and High-Risk Applications – THE ORDERED CPaaS SERVICES SHALL NOT – AND CUSTOMER UNDERSTANDS THAT THE CPaaS SERVICES ARE NOT DESIGNED OR INTENDED TO – BE USED FOR, ANY APPLICATION (SUCH AS SUPPORTING EMERGENCY COMMUNICATIONS) WHERE FAILURE, INTERRUPTION, OR MALFUNCTION MAY REASONABLY RESULT IN BODILY INJURY, LOSS OF LIFE, OR SUBSTANTIAL DAMAGE TO PROPERTY. Customer shall inform all Users and keep them apprised of the foregoing and any similar limitation of which 8x8 or its Affiliates notify Customer.
(l) Prohibited Acts– During the Access Period, neither the Customer Parties nor the Users shall:
- (i) inspect, possess, use, copy, reverse engineer or attempt to discover the source code of any program or other component of the CPaaS Services or 8x8 Platform or any source code used to create any such program or other component, except as expressly permitted by applicable law;
- (ii) attempt to scan for penetration or third-party security assessment purposes, hack, or gain unauthorized access to any network, environment, or system of 8x8, its Affiliates or Partners, or any customer of 8x8, its Affiliates, or their Partners; or
- (iii) access or use any CPaaS Services in order to build a competitive product or for the primary purpose of monitoring its availability, performance, or functionality, or for benchmarking or competitive purposes.
(m) Oversight of Users – Customer shall (i) ensure that each log-in associated with Ordered CPaaS Services is assigned solely to and usable solely by a single duly authorized individual User, (ii) not provide, or direct or request any party to provide, access to Ordered CPaaS Services to any individual over whom Customer lacks sufficient control (contractual or otherwise) to ensure compliance with this Policy, or allow any such individual to access or use Ordered CPaaS Services, and (iii) during the Access Period, instruct, oversee, and train the Users and its workforce and Partners as necessary to ensure Customer’s compliance with this Policy.