>

Download the Google Zanzibar Annotated Paper with foreword by Kelsey Hightower

 [Get Your Copy]

MASTER SERVICES AGREEMENT - AUTHZED CLOUD

This Master Services Agreement (this “Agreement”) is made and entered into as of the date that the last party signs an applicable Order that incorporates this Agreement, (the “Effective Date”) by and between Authzed, Inc. (“AuthZed”), and [Client/Company] (“Customer”). ​​AuthZed reserves the right to modify this Agreement at any time. Any changes will be effective immediately upon posting to the AuthZed website or notifying Customer via email or other communication channels. Customer’s continued use of the Services following such changes constitutes their acceptance of the revised Agreement.

In consideration of the premises and the covenants set forth in this Agreement, the parties hereby agree as follows:

  1. DEFINITIONS
    Capitalized terms shall have the meaning defined herein and, in the Exhibits, hereto.

    1. Aggregated Data” means Usage Data submitted to, collected, or generated by AuthZed in connection with Customer's use of the Service, that is aggregated, anonymized and in de-identified form, and not linked specifically to Customer or any individual.

    2. Authorized Period” means the Term specified for access to Services in an applicable Order.

    3. Authorized User” means anyone who is authorized by Customer to access and use the Services under the rights granted to Customer according to this Agreement, including, but not limited to, Customer’s employees, customers, consultants, contractors, and agents.

    4. Business Contact Information” or “BCI” means business contact data containing personal and/or private information relating to business contact information of Customer’s, Customer’s agents, employees, or any Authorized User of the Services, and whose use, processing or transfer is regulated by personal data laws and/or regulations. For avoidance of doubt, Business Contact Information does not include Customer Data.

    5. Customer Data” means information, data, and other content, in any form or medium, that is stored, submitted, posted, or otherwise transmitted by or on Customer’s behalf, End User Customers (as applicable), or any other Authorized User, in using the Services, or that result from performance of the Services.

    6. Downtime” means the period of time, whether planned or unplanned, that the Service is unavailable for Customer’s use.

    7. Feedback” means any suggestions, comments, or other feedback Customer provides to AuthZed with respect to the Services.

    8. Fees” means the fees and charges under this Agreement and any applicable Order(s).

    9. Order” means any order for Services accepted by AuthZed that refers to this Agreement or an equivalent AuthZed agreement, such order may be in the form of an order form shared by AuthZed or submitted by Customer via an online portal which will be effective only after AuthZed accepts it and begins providing the Services.

    10. Order Term” means the date an Order shall commence along with its term length as specified in a corresponding Order.

    11. Scheduled Availability” means 24 hours a day, 7 days a week, excluding any Downtime resulting from or in connection with: (i) any unauthorized use of the Services by Customer, (ii) Customer or any third party’s equipment, software, or other technology; (iii) scheduled maintenance; (iv) any conditions beyond AuthZed’s reasonable control, including but not limited to internet outages or outages in connection with Customer’s network or internet access.

    12. Services” means the access and use of the Software and related services that is provided either on-demand or as part of a subscription by AuthZed under this Agreement and any applicable Order(s).

    13. Software” means the object code version of AuthZed Cloud, including any related data and third-party software incorporated therein or provided therewith, Software shall include the updates and upgrades, if any, which AuthZed includes as part of the Services.

    14. Uptime Commitment” means the Target Percentage of all Scheduled Availability, calculated on a calendar month basis.

    15. Usage Data” means tracking usage or operational data regarding Customer’s use of the Services or specific Services functionality (e.g., query logs, metadata, or feature usage information), as applicable.

    16. Target Percentage” means percentage of Scheduled Availability with respect to the Services as set forth in Exhibit B.

  2. SCOPE OF SERVICES AND RESTRICTIONS

    1. Access to and Scope of Service. Subject to Customer’s compliance with the terms and conditions of this Agreement and any corresponding Order(s), AuthZed hereby grants to Customer, and Customer hereby accepts from AuthZed, a limited, non-exclusive, non-transferable, non-assignable and non-sublicensable license to access and use the Services set forth in a corresponding Order(s). Unless otherwise set forth in an Order, Customer is authorized to use the Services solely for its internal business operations during the Authorized Period.

    2. Restrictions. Customer agrees that it shall: (i) use the Services only in accordance with all applicable laws, including, but not limited to, laws related to data (whether applicable within the United States, the European Union, United Kingdom or otherwise); (ii) not exceed the scope of the licenses granted in an Order; (iii) not sublicense, assign, delegate, rent, lease, sell/resell (unless authorized by AuthZed), time-share or otherwise transfer the benefits of, use under, or rights to, the license granted in this Section 2; (iv) not reverse engineer, decompile, disassemble or otherwise attempt to learn the source code, structure or algorithms underlying the Software, except to the extent required to be permitted under applicable law; (v) not modify, translate or create derivative works of the software; or (vi) not remove any copyright, trademark, patent or other proprietary notice that appears on the Software or copies thereof;

    3. Customer Data and BCI License Grant. Customer hereby grants AuthZed a non-exclusive license to display, modify, distribute, perform, and reproduce Customer Data and BCI for the purpose of making it available to Customer through the Services during the term of the Agreement.

    4. Data Collection. Customer is solely responsible for Customer Data including, but not limited to compliance with all applicable laws and this Agreement, and backing up and maintaining Customer Data. AuthZed’s collection of Business Contact Information and how it’s used is described in more detail in AuthZed’s Privacy Policy (available here: https://authzed.com/privacy-policy). Customer, not AuthZed, shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness, and intellectual property ownership or right to use of all Customer Data. AuthZed is not responsible for unauthorized access to Customer Data or the unauthorized use of the Services unless such access is due to AuthZed’s gross negligence or willful misconduct. AuthZed may retain Customer Data for up to thirty (30) days following the termination or expiration of any Order(s). Thereafter, Customer agrees and acknowledges that Customer Data may be irretrievably deleted. Customer agrees not to make available to or provide access to AuthZed any personally identifiable information subject to applicable law or regulation unless and until Customer and AuthZed have first agreed to a separate data protection agreement.

    5. Services Suspension. AuthZed may suspend Customer’s access to or use of the Services as follows: (a) immediately if AuthZed reasonably believes Customer’s use of the Services may pose a security risk to or may adversely impact the Service; (b) immediately if Customer become insolvent, has ceased to operate in the ordinary course, made an assignment for the benefit of creditors, or becomes the subject of any bankruptcy, reorganization, liquidation, dissolution or similar proceeding; (c) following thirty (30) days written notice if Customer is in breach of this Agreement or any Order (and has not cured such breach, if curable, within the thirty (30) days of such notice); or (d) Customer has failed to pay AuthZed the Fees with respect to the Service.

  3. OWNERSHIP

    1. Software and Services. AuthZed retains all right, title, and interest in and to the Software and Services and any products, works, or other intellectual property created, used, provided, or made available by AuthZed under or in connection with the Services.

    2. Customer Data and BCI. Except as provided herein, Customer retains all right, title, and interest in and to Customer Data and BCI.

    3. Feedback. Customer may provide suggestions, comments, or other Feedback to AuthZed with respect to the Services. Customer hereby grants AuthZed a non-exclusive, worldwide, perpetual, irrevocable, transferable, sub-licensable, royalty-free, fully paid-up license to use and exploit the Feedback for any purpose. Nothing in this Agreement will impair AuthZed’s right to develop, acquire, license, market, promote or distribute products, software, or technologies that perform the same or similar functions as, or otherwise compete with, any products, software, or technologies that Customer may develop, produce, market, or distribute.

    4. Aggregated Data. Notwithstanding anything to the contrary in this Agreement or any Order, Customer acknowledges and agrees that AuthZed owns all right, title, and interest in Aggregated Data and Usage Data. As such, AuthZed may freely use and make available Aggregated Data and Usage Data for AuthZed’s business purposes (including, without limitation, for purposes of improving, testing, operating, promoting, and marketing AuthZed’s products and services).

  4. FEES

    1. Fees. 0. Customer shall pay to AuthZed the fees as set forth on https://authzed.com/legal/pricing. The Services will be provided according to Customer’s usage of the product. For enterprise pricing or heavy use of AuthZed products, Customer may contact sales@authzed.com to discuss different pricing options.. Should Customer enter an enterprise agreement, the fully executed enterprise agreement will supersede this Master Services Agreement. Customer may change their usage of the Services at any time. Unless other or different arrangements have been mutually agreed in writing, fees will be billed to the credit card or other payment account Customer provides on or around the first of each month.

      1. Customer hereby acknowledges and agrees that AuthZed will automatically charge Customer’s credit card or other payment account on record with Authzed in connection with their use of the Services and related products in arrears for any services Customer has used or added to their self-service subscription during the prior self-service subscription calendar month. The usage Customer creates on AuthZed Cloud will automatically continue unless Customer deletes the infrastructure they have created in the platform.

      2. Customer represents and warrants to Authzed that all payment information provided by Customer is true and that Customer is authorized to use the payment instrument. Customer will promptly update their account information with any changes (for example, a change in their billing address or credit card expiration date) that may occur. If payment is not received or cannot be charged to your credit card or other payment account for any reason in advance, Authzed reserves the right to either suspend or terminate Customer’s access to the Services and terminate this Agreement. In the event of late payment by Customer, AuthZed shall be entitled to interest on the amount owing at a rate of 1% per month or the highest rate allowed by applicable law, whichever is less.

      3. All fees are non-refundable, except as expressly stated otherwise in this Agreement.

  5. Payments

    1. Payments and Taxes. All payments shall be made in the currency of, and within the borders of the United States. Any and all payments made by AuthZed in accordance with this Agreement are exclusive of any taxes that might be assessed against Customer by any jurisdiction. Customer shall pay or reimburse AuthZed for all value-added, sales, use, property, and similar taxes; all customs duties, import fees, stamp duties, license fees, and similar charges; and all other mandatory payments to government agencies of whatever kind, except taxes imposed on the net or gross income of AuthZed. All amounts payable to AuthZed under this Agreement shall be without set-off and without deduction of any taxes, levies, imposts, charges, withholdings and/or duties of any nature which may be levied or imposed, including without limitation, value added tax, customs duty and withholding tax. You will reimburse AuthZed any pre-approved and agreed upon costs. AuthZed may change its fees and payment terms at its discretion and will post all changes to fees at https://authzed.com/legal/pricing. Should the fees change, you will also be notified via your email on file. Your continued use of the Services after the price change becomes effective constitutes your agreement to pay the changed amount.

  6. TERM AND TERMINATION

    1. Term. The term of this Agreement will commence on your acceptance of this Agreement and will continue for as long as the Services are being provided to you under this Agreement. Customer may stop using the Services (and any associated products and services) at any time.

    2. Termination for Breach. This Agreement and the Orders hereunder may be terminated: (a) by either party if the other has materially breached this Agreement, within thirty (30) calendar days after written notice of such breach to the other party if the breach is remediable or immediately upon notice if the breach is not remediable; or (b) by AuthZed upon written notice to Customer if Customer (i) has made or attempted to make any assignment for the benefit of its creditors or any compositions with creditors, (ii) has any action or proceedings under any bankruptcy or insolvency laws taken by or against it which have not been dismissed within sixty (60) days.

    3. Effect of Termination. Upon any expiration or termination of this Agreement, Customer shall (i) immediately cease use of the Services, and (ii) return all AuthZed Confidential Information and other materials and information provided by AuthZed. Any termination or expiration shall not relieve Customer of its obligation to pay all Fees accruing prior to termination.

    4. Survival. The following provisions will survive termination of this Agreement: Section 3 (Ownership), Section 5.3 (Effect of Termination), Section 5.4 (Survival), Section 6 (Confidentiality), Section 7.1 (Indemnification by Customer), Section 9 (Limitation of Liability) and Section 11 (Miscellaneous).

  7. CONFIDENTIALITY

    1. During the term of this Agreement, either party may provide the other party with confidential and/or proprietary materials and information (“Confidential Information”). All materials and information provided by the disclosing party and identified at the time of disclosure as “Confidential” or bearing a similar legend, and all other information that the receiving party reasonably should have known was the Confidential Information of the disclosing party, shall be considered Confidential Information. This Agreement is Confidential Information, and all pricing terms are AuthZed Confidential Information. The receiving party shall maintain the confidentiality of the Confidential Information and will not disclose such information to any third party without the prior written consent of the disclosing party. The receiving party will only use the Confidential Information internally for the purposes contemplated hereunder. The obligations in this Section 6 shall not apply to any information that: (a) is made generally available to the public without breach of this Agreement, (b) is developed by the receiving party independently from and without reference to the Confidential Information, (c) is disclosed to the receiving party by a third party without restriction, or (d) was in the receiving party’s lawful possession prior to the disclosure and was not obtained by the receiving party either directly or indirectly from the disclosing party. The receiving party may disclose Confidential Information as required by law or court order; provided that, the receiving party provides the disclosing with prompt written notice thereof and uses the receiving party’s best efforts to limit disclosure. At any time, upon the disclosing party’s written request, the receiving party shall return to the disclosing party all disclosing party’s Confidential Information in its possession, including, without limitation, all copies, and extracts thereof.

  8. INDEMNIFICATION

    1. Indemnification by Customer. Customer will defend, indemnify, and hold AuthZed, its affiliates, suppliers, and licensors harmless and each of their respective officers, directors, employees and representatives from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising out of or relating to any third party claim with respect to: (a) Customer Data; (b) breach of this Agreement or violation of applicable law by Customer; or (c) alleged infringement or misappropriation of third-party’s intellectual property rights resulting from Customer Data.

    2. Indemnification by AuthZed. AuthZed will defend, indemnify, and hold Customer harmless from and against any third-party claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising from claims by a third party that Customer’s use of the Services directly infringes or misappropriates a third party’s United States (or Berne Convention signatory country) intellectual property rights (an “Infringement Claim”). Notwithstanding any other provision in this Agreement, AuthZed shall have no obligation to indemnify or reimburse Customer with respect to any Infringement Claim to the extent arising from: (a) the combination of any Customer Data with the Service; (b) the combination of any products or services, other than those provided by AuthZed to Customer under this Agreement, with the Services; or (c) non-discretionary designs or specifications provided to AuthZed by Customer that caused such Infringement Claim. Customer agrees to reimburse AuthZed for any and all damages, losses, costs, and expenses incurred as a result of any of the foregoing actions.

    3. Notice of Claim and Indemnity Procedure. In the event of a claim for which a party seeks indemnity or reimbursement under this Section 7 (each an “Indemnified Party”) and as conditions of the indemnity, the Indemnified Party shall: (a) notify the indemnifying party in writing as soon as practicable, but in no event later than thirty (30) days after receipt of such claim, together with such further information as is necessary for the indemnifying party to evaluate such claim; and (b) the Indemnified Party allows the indemnifying party to assume full control of the defense of the claim, including retaining counsel of its own choosing. Upon the assumption by the indemnifying party of the defense of a claim with counsel of its choosing, the indemnifying party will not be liable for the fees and expenses of additional counsel retained by any Indemnified Party. The Indemnified Party shall cooperate with the indemnifying party in the defense of any such claim. Notwithstanding the foregoing provisions, the indemnifying party shall have no obligation to indemnify or reimburse for any losses, damages, costs, disbursements, expenses, settlement liability of a claim or other sums paid by any Indemnified Party voluntarily, and without the indemnifying party’s prior written consent, to settle a claim. Subject to the maximum liability set forth in Section 9, the provisions of this herein constitute the entire understanding of the parties regarding each party’s respective liability under this Section 7, including but not limited to Infringement Claims (including related claims for breach of warranty) and each party’s sole obligation to indemnify and reimburse any Indemnified Party.

  9. WARRANTY

    1. Warranty. The Services, when used by Customer in accordance with the provisions of this Agreement and in compliance with the applicable specifications, will perform as defined by the Uptime Commitment specified in Exhibit B. The remedy set forth in Exhibit B and any applicable order(s), is Customer’s sole and exclusive remedy.

    2. Disclaimer of Warranty. AUTHZED DOES NOT REPRESENT OR WARRANT THAT THE OPERATION OF THE SERVICES (OR ANY PORTION THEREOF) WILL BE UNINTERRUPTED OR ERROR FREE, OR THAT THE SERVICES (OR ANY PORTION THEREOF) WILL OPERATE IN COMBINATION WITH OTHER HARDWARE, SOFTWARE, SYSTEMS OR DATA NOT PROVIDED BY AUTHZED, EXCEPT AS EXPRESSLY SPECIFIED IN THE APPLICABLE SPECIFICATION. CUSTOMER ACKNOWLEDGES THAT, EXCEPT AS EXPRESSLY SET FORTH IN SECTION 8.1, AUTHZED MAKES NO EXPRESS OR IMPLIED REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE SERVICE OR SERVICES, OR THEIR CONDITION. AUTHZED IS FURNISHING THE WARRANTY SET FORTH IN SECTION 8.1 IN LIEU OF, AND AUTHZED HEREBY EXPRESSLY EXCLUDES, ANY AND ALL OTHER EXPRESS OR IMPLIED REPRESENTATIONS OR WARRANTIES, WHETHER UNDER COMMON LAW, STATUTE OR OTHERWISE, INCLUDING WITHOUT LIMITATION ANY AND ALL WARRANTIES AS TO MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SATISFACTORY QUALITY OR NON-INFRINGEMENT OF THIRD-PARTY RIGHTS.

  10. LIMITATIONS OF LIABILITY

    1. IN NO EVENT SHALL AUTHZED BE LIABLE FOR ANY LOST DATA, LOST PROFITS, BUSINESS INTERRUPTION, REPLACEMENT SERVICE OR OTHER SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE, OR INDIRECT DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THEORY OF LIABILITY. AUTHZED’S LIABILITY FOR ALL CLAIMS ARISING UNDER THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR OTHERWISE, SHALL NOT EXCEED THE AMOUNT OF FEES PAID OR PAYABLE BY CUSTOMER UNDER THE APPLICABLE ORDER DURING THE TWELVE (12) MONTH PERIOD PRECEDING THE CLAIM.

  11. MARKETING

    1. AuthZed is authorized to identify Customer as an AuthZed customer and to use Customer’s name, mark, and logo ("Customer Trademarks") on customer lists displayed on AuthZed’s website and marketing materials only with express written approval by the Customer. Any additional use of Customer Trademarks will require prior written approval from Customer for each instance.

  12. MISCELLANEOUS

    1. Compliance with Laws. Customer shall comply with all applicable laws and regulations in its use of any Services, including without limitation the unlawful gathering or collecting, or assisting in the gathering or collecting of information in violation of any privacy laws or regulations. Customer shall, at its own expense, defend, indemnify, and hold harmless AuthZed from and against any and all claims, losses, liabilities, damages, judgments, government or federal sanctions, costs, and expenses (including attorneys’ fees) incurred by AuthZed arising from any claim or assertion by any third party of violation of privacy laws or regulations by Customer or any of its agents, officers, directors, or employees.

    2. Assignment. Neither party may transfer and assign its rights and obligations under this Agreement without the prior written consent of the other party. Notwithstanding the foregoing, AuthZed may transfer and assign its rights under this Agreement without consent from the other party in connection with a change in control, acquisition, or sale of all or substantially all of its assets.

    3. Force Majeure. Neither party shall be responsible for failure or delay in performance by events out of their reasonable control, including but not limited to, acts of God, Internet outage, terrorism, war, fires, earthquakes, and other disasters (each a “Force Majeure”). Notwithstanding the foregoing: (i) Customer shall be liable for payment obligations for Services rendered; and (ii) if a Force Majeure continues for more than thirty (30) days, either party may terminate this agreement by written notice to the other party.

    4. Notice. All notices, summons and communications related to this Agreement and sent by either party hereto to the other shall be written in English and given by registered mail, internationally recognized overnight courier or by facsimile also confirmed by registered or certified mail, postage prepaid.

    5. Independent Contractor. AuthZed is an independent Contractor and both parties agree that no agency, partnership, joint venture, or employment is created as a result of this Agreement. Customer does not have any authority of any kind to bind AuthZed.

    6. Governing Law. This Agreement shall be governed exclusively by, and construed exclusively in accordance with, the laws of the United States and the State of New York, without regard to its conflict of laws’ provisions. The federal courts of the United States in the state of New York and the state courts of the State of New York shall have exclusive jurisdiction to adjudicate any dispute arising out of or relating to this Agreement. Each party hereby consents to the jurisdiction of such courts and waives any right it may otherwise have to challenge the appropriateness of such forums, whether on the basis of the doctrine of forum non conveniens or otherwise.

    7. Entire Agreement. This Agreement is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements, communications, and other understandings relating to the subject matter of this Agreement, and all waivers and modifications must be in a writing signed by both parties, except as otherwise provided herein. Any term or provision of this Agreement held to be illegal or unenforceable shall be, to the fullest extent possible, interpreted so as to be construed as valid, but in any event the validity or enforceability of the remainder hereof shall not be affected. In the event of a conflict between this Agreement and the Order document, the terms of this Agreement shall control, other than terms expressly modified in any Order with respect to such Order.

Exhibit B

Service Level Agreement

Uptime. AuthZed will make the Services available to Customer according to the Uptime Commitment. AuthZed will use commercially reasonable efforts to maintain the Uptime Commitment with respect to the Service. If AuthZed fails to meet the Uptime Commitment during the Authorized Term, Customer shall be entitled to Service Credits as defined in the table below, provided Customer notifies AuthZed in writing of a failure to meet the Uptime Commitment within thirty (30) days of the date giving rise to the claim that the Uptime Commitment was not met, and such notice includes information reasonably necessary to support such claim. Notwithstanding anything to the contrary in this agreement, the remedy in this section is Customer’s sole and exclusive remedy and AuthZed’s entire liability with respect to any claims in connection with or arising from AuthZed’s obligations with respect to Uptime Commitments.

Target PercentageService Credits
Less than 99.9% but equal to or greater than 99%5% of monthly fees
Less than 99% but equal to or greater than 97%10% of monthly fees
Less than 97%30% of monthly fees