LiveRamp Terms of Service Agreement

This Terms of Service Agreement (together with any Order Form (as defined below in Section 1.1), individually or collectively, this “Agreement”) is by and between LiveRamp, Inc., a Delaware corporation, with its principal place of business at 225 Bush Street, 17th Floor, San Francisco, CA 94104 (“LiveRamp”) and the party executing an Order Form incorporating this Terms of Service Agreement (“Company” and, together with LiveRamp, each a “Party”) and, subject to the terms of this Agreement, is effective as of the last date of execution set forth in Company’s Order Form incorporating this Terms of Service Agreement.

 

1. SERVICES.

1.1 Services. Any product or service to be provided by LiveRamp to Company (each, a “Service”) shall be set forth in an order form, schedule, statement of work, work order, or other document executed by the Parties and expressly made subject to this Agreement (each, an “Order Form”). Each Order Form will identify and describe the Services and associated fees and such other terms as mutually agreed to by the Parties.

1.2 Implementation. LiveRamp may begin the implementation, including the provision and configuration, of a Service as of the effective date of the applicable Order Form. In the event that LiveRamp provides Company with access to a Service prior to the beginning of the term of such Service as set forth in the applicable Order Form, then Company agrees that such access will be only for its internal testing or troubleshooting purposes and it will not be permitted to utilize such Service for any commercial purpose (including internal business purposes) prior to the beginning of such term.

1.3 Geographic Scope. Unless otherwise set forth in an Order Form with respect to a Service, such Service shall be performed with respect to data subjects located only within the United States.

1.4 Affiliates. “Control” means possessing, directly or indirectly, the power to direct, or cause the direction of, the management, policies, and/or operations of an entity, whether through ownership of voting securities, by contract, or otherwise. A legal entity that Controls, is Controlled by, or is under common Control with a Party to this Agreement (each, an “Affiliate”) is authorized to enter into an Order Form on behalf of such Party. For any Order Form executed by an Affiliate, all references in this Agreement to the Party Controlling such Affiliate shall be deemed to include the Affiliate, and by executing such Order Form, such Affiliate agrees to abide by the terms of this Agreement. The Party Controlling such Affiliate shall be responsible for the breach of this Agreement caused by such Affiliate’s acts or omissions.

1.5 Company as End User. Unless expressly set forth in an Order Form, Company shall use such Service solely for Company’s own purposes and shall not use any Service to provide a competing product or service to any third party, or on behalf of, or for the benefit of, any third party, including any of Company’s customers. If Company is authorized to use a Service on behalf of, or for the benefit of, any third party, including any of Company’s customers, then Company shall be responsible for the breach of this Agreement caused by such third party’s acts or omissions.

1.6 LiveRamp Locations and Personnel. Any Service may be performed, in whole or in part, by any of LiveRamp’s or its Affiliates’ directors, officers, employees, consultants, subcontractors, or representatives (collectively, “Personnel”) from any location that is owned, leased, maintained, or otherwise used by LiveRamp, its Affiliates, and/or their Personnel. Any such location must meet, in all material respects, the applicable requirements established in this Agreement. LiveRamp’s and its Affiliates’ Personnel shall access Company Data only to the extent required in connection with performing the Services under this Agreement. LiveRamp will be responsible for any act or omission of LiveRamp’s or its Affiliates’ Personnel that may result in LiveRamp’s breach of this Agreement.

1.7 Invoicing and Payment.

(a) Unless otherwise agreed to in an Order Form with respect to a particular Service: (i) LiveRamp shall invoice Company for (A) a one-time fee in advance upon execution of the Order From; (B) fixed periodic fees, or minimum fees, in advance on a quarterly basis in equal amounts; and (C) variable fees monthly in arrears as incurred; and (ii) payment is due within forty-five (45) days from Company’s receipt of invoice (if sent via electronic transmission, then Company’s receipt is deemed to be the date of such transmission). The Parties may mutually agree to other invoice delivery methods (e.g., through a third-party portal) with respect to a particular Service, provided that Company shall be responsible for any costs or fees that are associated with such invoice delivery method.

(b) If Company disputes the validity of any invoice, then Company must provide to LiveRamp written notice within thirty (30) days of receipt of such invoice stating the details of the dispute. If only a portion of an invoice is in dispute, then Company shall pay all undisputed amounts in accordance with the terms of this Agreement. Acceptance of any partial payment will not constitute a waiver of the disputed fees. Any undisputed fees not paid when due shall accrue interest at a rate of one percent (1%) per month or the maximum lawful rate, whichever is less, from the original due date. If Company fails to pay any undisputed fees when due, then LiveRamp may, without limiting any other remedies available to it, (i) suspend Company’s access to any or all Services until Company has made payment to LiveRamp in full for any amounts due and (ii) require the prepayment of any future payments to be made under this Agreement.

1.8 Taxes. Company shall pay all taxes of a transactional nature (including sales, use, and value-added taxes) levied in connection with this Agreement in accordance with applicable tax laws. Each Party is responsible for taxes based on its own net income, corporate franchise, business license, property, and employee payroll. To the extent required by an applicable tax law, rule or regulation, LiveRamp will collect applicable taxes from Company unless Company provides an exemption certificate, direct pay permit, or other valid documentation. If Company is required under the laws of any jurisdiction to withhold taxes from payments made to LiveRamp pursuant to this Agreement, then Company shall deduct and withhold the amount of such taxes for the account and benefit of LiveRamp. In such event, amounts payable to LiveRamp shall be reduced by the amount of taxes so deducted and withheld, provided that Company transmits to LiveRamp an official tax certificate or other evidence of such tax obligations.

2. TERM AND TERMINATION.

2.1 Term of the Agreement. Unless terminated earlier in accordance with its terms, this Agreement will remain in effect with respect to a particular Service until the end of the term for such Service as set forth in the applicable Order Form. If there is no active Service under any Order Form for a period of twelve (12) consecutive months, then this Agreement will automatically terminate as of the end of such twelve (12)-month period.

2.2 Termination. A Party may immediately terminate this Agreement upon written notice to the other Party if: (a) the other Party is in breach of this Agreement and fails to cure, or begin implementation of a mutually agreed-upon plan to cure, such breach, within thirty (30) days of written notice from the other Party specifying the nature of such breach; (b) the other Party makes a general assignment for the benefit of creditors; or (c) the other Party ceases doing business or assigns, or attempts to assign, any portion of this Agreement to an entity other than as expressly provided in this Agreement.

2.3 Effects of Termination and Expiration.

(a) Upon termination of this Agreement: (i) all Order Forms under this Agreement and any Services provided thereunder shall simultaneously terminate; (ii) LiveRamp shall not, and shall not permit any third party to, access or use Company Data (as defined below); and (iii) Company shall not, and shall not permit any third party to, access or use any Service(s).

(b) Upon the expiration of an Order Form, all obligations of LiveRamp to provide the Services under such Order Form will cease, and Company will cease using and accessing such Services, unless such use or access post-expiration is expressly authorized in such Order Form, in which case the terms of this Agreement and such Order Form shall govern for so long as such use or access continues.

(c) Termination of the Agreement or termination or expiration of any Order Form shall not relieve Company of its obligation to pay for Services provided by LiveRamp under an Order Form through termination or expiration, or its obligation to pay for any use of, or access to, Services provided post-expiration that may be expressly authorized under an Order Form.

3. PROPRIETARY RIGHTS AND CONFIDENTIALITY.

3.1 Company Data. For purposes of this Agreement, “Company Data” means any data that Company (a) owns or acquires the right to use from a third party and (b) provides (either itself or by a third party) to LiveRamp for use in the performance of a Service. Company Data does not include any data that was or is independently obtained or derived by LiveRamp.

3.2 Rights Grant from Company to LiveRamp. Unless expressly otherwise agreed in an Order Form, Company hereby grants to LiveRamp, during the term of such Order Form, a term-limited, worldwide, non-exclusive, non-sublicensable, non-transferable (except as a result of any assignment expressly permitted by the provisions of this Agreement) right, solely for the purpose of performing the Services described in such Order Form, to access, download, receive, store, reproduce, modify, and use Company Data, each as the case may be for a particular Service. LiveRamp acknowledges and agrees that Company owns and retains all right, title, and interest (including, without limitation, all intellectual property rights, if any) in and to Company Data and any updates or modifications to it. Other than the rights expressly granted to LiveRamp in this Agreement, no right, title, or interest in Company Data or any of Company’s intellectual property is granted or provided to LiveRamp.

3.3 Rights Grant from LiveRamp to Company.

(a) Unless expressly otherwise agreed in an Order Form, LiveRamp hereby grants to Company, during the term of the applicable Order Form, a term-limited, non-exclusive, non-sublicensable, non-transferable (except as a result of any assignment expressly permitted by the provisions of this Agreement) right to access and use the Services described in such Order Form. Notwithstanding anything to the contrary in this Section, Company hereby acknowledges and agrees that LiveRamp (and/or its applicable suppliers) owns and retains all right, title, and interest (including, without limitation, all intellectual property rights, if any) in any Services and its data, technology, infrastructure, methods, and know-how (e.g., the creation of RampIDs or RampID Envelopes), where “RampID” means Company-specific encrypted versions of LiveRamp identifiers to be used within the applicable Service(s). As between the Parties, LiveRamp owns any software and other technological functionality LiveRamp grants use of, or provides, to Company that establishes and enables the linkage between any Company Data and any third-party identifiers, including any LiveRamp identifier (e.g., a RampID). Other than the rights expressly granted to Company in this Agreement, no right, title, or interest in the Services or any of LiveRamp’s intellectual property, including, without limitation, any RampIDs and RampID Envelopes, is granted or provided to Company.

(b) Company shall not, and shall not direct any third party to: (i) reverse engineer, disassemble, or decompile any Service; (ii) modify or otherwise adapt any Service; or (iii) remove any copyright notices or other proprietary notices or restrictions from any Service.

3.4 Other Intellectual Property Rights.

(a) Each Party may only access and use the other Party’s data and technology as expressly set forth in this Agreement or an Order Form. Nothing in this Agreement shall affect or modify either Party’s ownership rights in any pre-existing or future works, trademarks, copyrights, or technologies independently developed or created by such Party. Without limiting the generality of the foregoing, as between LiveRamp and Company, LiveRamp exclusively owns all right, title and interest (including all intellectual property rights) in: (i) each Service and its features and functionality, including, without limitation, any queries or questions created, or provided by LiveRamp within any Service; (ii) all the data within any Service (excluding Company Data), including system performance metrics; and (iii) any future developments, derivatives, and enhancements to any Service.

(b) LiveRamp will not be restricted from improving any Service on the basis of general learning and know-how gained from the provision of such Service to Company and/or LiveRamp’s other customers. LiveRamp may use any suggestions or feedback perpetually and irrevocably, without accounting, attribution, or compensation.

3.5 Confidential Information. During the term of this Agreement, the Parties may disclose certain confidential or proprietary information to each other, including, without limitation: (a) a Party’s intellectual property; (b) Company Data; (c) a Party’s product designs, business and marketing plans, and product strategies; (d) LiveRamp pricing information, proposals, presentations, and analysis reports and/or results from testing its Services; (e) the terms and conditions of this Agreement; and (f) any other materials marked or reasonably considered “confidential” or “proprietary” (collectively, “Confidential Information”).

3.6 Exclusions from Confidential Information. For purposes of this Agreement, Confidential Information does not include information that: (a) is part of the public domain through no act or omission of the receiving Party; (b) was in the lawful possession of a Party prior to the disclosure by the other Party and had not been obtained from such other Party; (c) is disclosed to a Party by a third party when such receiving Party was reasonably unaware of a non-disclosure obligation of such disclosing third party to the Party whose information was so disclosed; or (d) was, or is, independently developed by a Party without use of, or reference to, Confidential Information of the other Party.

3.7 Confidentiality Obligations. During the term of this Agreement, each Party shall hold the other Party’s Confidential Information in strict confidence and shall not: (a) disclose such Confidential Information to any third party, except as expressly permitted by this Agreement; or (b) use such Confidential Information for any purpose other than in connection with providing or using a Service under this Agreement or exploring the use of an additional service to be added as a Service under this Agreement in accordance with its terms. Each Party shall employ commercially reasonable steps to protect the other Party’s Confidential Information from unauthorized or inadvertent disclosure, including those steps that it takes to protect its own Confidential Information of a similar nature. Each Party may disclose the other Party’s Confidential Information only to those of its and its Affiliates’ respective Personnel on a “need-to-know” basis and only as necessary to enable such disclosing Party to adequately perform its obligations under this Agreement. Each Party shall ensure that its and its Affiliates’ Personnel comply with the terms of this subsection. No copies of any Confidential Information may be made by a receiving Party except as necessary to perform its obligations under this Agreement. Confidential Information may not be translated into another format or language, decompiled, or reverse engineered without the disclosing Party’s express prior written consent. Upon termination of this Agreement, and by no later than thirty (30) days after such termination, each Party shall irreversibly destroy or delete the Confidential Information of the other Party in its possession or control. Upon written request from the disclosing Party, the receiving Party shall provide written or email confirmation of destruction or deletion. For the avoidance of doubt, each Party’s confidentiality obligations hereunder shall survive during such thirty (30) day period and for so long as it takes such Party to destroy or delete the other Party’s Confidential Information as provided herein.

3.8 Injunctive Relief. Each Party acknowledges and agrees that a Party’s breach of its confidentiality obligations under this Agreement may result in irreparable harm to the other Party and that the non-breaching Party may seek, in addition to any other available remedies, an immediate injunction for such breach without the need of posting any bond.

3.9 Unauthorized Disclosure. Each Party shall: (a) report to the other Party any unauthorized disclosure of, or access to, such other Party’s Confidential Information, subject to any reasonable restrictions placed on the timing of such notice by a law enforcement or regulatory agency investigating the incident, as soon as reasonably practical, but in any event, no later than seventy-two (72) hours, after discovery; and (b) take all commercially reasonable measures to prevent any further unauthorized disclosure or access.

3.10 Mandated Disclosure.

(a) If a Party is required to disclose Confidential Information of the other Party pursuant to a Mandated Disclosure (as defined below), then the Party subject to such Mandated Disclosure shall: (i) unless requested in connected with such Mandated Disclosure, or required by law, provide the disclosing Party with prompt written notice and reasonable cooperation if a protective order is sought by such disclosing Party; (ii) take reasonable steps to limit any such disclosure only to the Confidential Information required to be compliant with such Mandated Disclosure; and (iii) continue to otherwise protect all Confidential Information disclosed in response to such Mandated Disclosure in accordance with the terms of this Agreement.

(b) “Mandated Disclosure” means: (i) a written court order, subpoena, or deposition; (ii) a governmental, regulatory, or civil investigation demand; or (iii) another process of any law, rule, or regulation.

4. INFORMATION SECURITY, DATA PROCESSING, AND PRIVACY.

4.1 Information Security. LiveRamp hereby agrees that it has implemented and will maintain the information security requirements and program as set forth and described in Exhibit A and that such information security program contains administrative, technical, and physical safeguards that are appropriate to the size, nature, and scope of its business.

4.2 Data Processing Addendum. Each Party shall comply with, and will be subject to the terms of, the Data Processing Addendum set forth at https://liveramp.com/legal/dpa/, which is hereby incorporated by reference (the “DPA”).

4.3 Privacy Review. LiveRamp may, upon no less than ten (10) business days’ prior written notice, review, through use of a questionnaire, Company’s use of any Service(s) to determine if Company’s use of such Service(s) is in compliance with Data Protection Laws (as defined in the DPA) and the terms of this Agreement. Company agrees to reasonably cooperate with LiveRamp in such privacy review, including any follow-up to its questionnaire, provided that Company’s cooperation is limited to its normal business hours, conducted in a manner that does not unreasonably disrupt Company’s business, and, to the extent LiveRamp needs access Company’s records or systems as part of such privacy review, such access is limited in scope to only those records and systems relevant to Company’s use of the applicable Service(s) being reviewed.

4.4 Right to Suspend Services. If LiveRamp reasonably believes that Company’s use of a Service violates any Data Protection Law, the DPA, or LiveRamp’s privacy standards and practices, then LiveRamp shall have the right to suspend any or all Services. LiveRamp will endeavor to provide at least ten (10) days’ written notice prior to such suspension; however, such suspension may occur contemporaneously with notice if such violation: (a) jeopardizes LiveRamp’s ability to provide services to its other customers in accordance with Data Protection Law; (b) jeopardizes LiveRamp’s contractual obligations to its other customers; or (c) exposes LiveRamp to any actual or potential violation of any law, potential fines, or civil liability. A notice of suspension shall include a description of the violation. LiveRamp’s right to suspend Services under this subsection shall not limit any of LiveRamp’s other rights or remedies at law, in equity, or as otherwise stated in this Agreement.

4.5 No Reidentification. Unless expressly permitted as set forth in the description of a particular Service or as otherwise expressly agreed to in writing by LiveRamp, Company shall not: (a) store or merge any pseudonymous identifier provided as part of such Service (e.g., a RampID) with any directly identifiable data (e.g., plain text name, postal address, email address, phone number) or other data that could directly identify a data subject or household; (b) attempt to re-identify or reverse engineer any identifier provided by LiveRamp; (c) use any Service to facilitate the use of third-party identifiers in any license of data; or (d) use any Service to re-identify unauthenticated online identifiers (e.g., cookies, mobile identifiers, digital fingerprints, or other similar online tracking identifiers) or browsing activity (e.g., impression logs) of a data subject unless Company has received such data subject’s express consent to do so and only does so in compliance with Data Protection Laws. Company agrees to implement commercially reasonable technical and organizational controls, including access restrictions, to minimize risk of any accidental or intentional violation of this subsection. Company shall notify LiveRamp of any violation of this subsection and take immediate steps to prevent the continuation of such violation.

4.6 No Fingerprinting. Company shall not use any Service: (a) to conduct or enable the creation of a synthetic unique identifier or profile based on a combination of signals from browsers, hardware, software, devices, networks, add-ons, preferences, or other similar signals (including user agent, screen resolution, fonts, operating system, and/or device model) to identify or track users; or (b) in connection with any tracking mechanism that does not offer an opt out that is as persistent as the tracking mechanism.

4.7 Tagging, Tracking, and Connected Devices. When using any pixel, tag, or similar mechanism provided as part of a Service, Company must give all notices, offer all data subject rights and choices, and obtain all consents required by Data Protection Laws. Furthermore, when using a Service in connection with the collection and use of data from a device that connects to the internet and is used for personal household purposes (not including mobile devices or web browsers, but including connected television (CTV) or over-the-top video (OTT)), Company agrees to comply with any applicable guidance with respect to such collection or use as issued by the Digital Advertising Alliance, the Interactive Advertising Bureau, or their respective successors.

4.8 Prohibited Uses. Company shall not use any Service: (a) to facilitate advertising of adult entertainment (e.g., pornography) or products or services that are illegal in the locality in which the advertisement is sent or received; (b) to determine eligibility for employment, credit, healthcare or insurance; (c) for insurance underwriting or policy pricing; (d) for any Fair Credit Reporting Act-regulated purpose; (e) to identify people in connection with illegal activities; or (f) to discriminate on the basis of race, gender, religion, sexual orientation, or in any other way prohibited by law.

4.9 Foreign Adversaries and Countries of Concern.

(a) For purposes of this Section:
(i) “DOJ Rule” means 28 C.F.R. Part 202, as amended.
(ii) “PADFA” means the Protecting Americans’ Data from Foreign Adversaries Act of 2024, as amended.

(b) Each Party represents to the other Party that it and any of its Affiliates that provide, or use Services, as the case may be, is not, and will not be: (i) an entity or person that is “controlled by a foreign adversary” as defined and determined under PADFA, or (ii) a “covered person” as defined and determined under the DOJ Rule.

(c) If Company or one of its Affiliates utilizing a Service pursuant to this Agreement is a “foreign person” as defined in the DOJ Rule, then Company and such Affiliate, and all of Company’s and such Affiliate’s Personnel shall not use, or facilitate the use of, any Service to engage in a “covered data transaction” involving “data brokerage”, as each is defined and determined under the DOJ Rule, with a “country of concern” or “covered person”, as each is defined and determined under the DOJ Rule. Company acknowledges and agrees that LiveRamp may refuse to provide a Service in connection with a “covered data transaction” involving “data brokerage”, as each is defined and determined under the DOJ Rule, if LiveRamp reasonably believes that it would result in a breach of this subsection.

(d) Any breach of this Section by a Party must be reported to the other Party as soon as practically possible but within no more than fourteen (14) days from discovery of such breach.

5. COMPANY DATA USE AND RESTRICTIONS AND OTHER TERMS.

5.1 Encryption. Before transferring directly identifiable personal information to LiveRamp over a public network or on physical media, Company must encrypt such data using industry-standard encryption measures.

5.2 Prohibited Data. Unless expressly permitted otherwise in an Order Form or other writing signed by LiveRamp, Company shall not provide to LiveRamp, or permit any third party to provide to LiveRamp on Company’s behalf, any of the following (“Prohibited Data”): (a) government-issued identification numbers; (b) financial or customer account numbers or debit, credit, or payment card numbers; (c) descriptions of an individual’s health or medical condition; (d) Protected Health Information, as defined in 45 CFR 160.103, including information related to reproductive health (“PHI”); (e) sensitive personal data or special categories of personal data as defined by Data Protection Law; (f) biometric data; (g) full dates of birth; (h) maiden name of any individual’s mother; (i) digitized or electronic signature; (j) access credentials; or (k) data associated with any individual under the age of eighteen (18). If Company discovers that it has transferred ProhibitedData to LiveRamp in violation of this subsection, then Company shall immediately notify LiveRamp of the date, time, and other pertinent information related to such transfer so that LiveRamp may take the steps necessary to remove such Prohibited Data from its systems.

5.3 Delivery of Software. If, as part of a Service, LiveRamp makes software available to Company for its installation and use, including any application programming interface (collectively, “Software”), Company acknowledges and agrees that: (a) LiveRamp may release subsequent versions of such Software; (b) Company will use the most recent version of such Software as made available by LiveRamp but will have ninety (90) days from the release to implement the new version; and (c) failure to obtain and use the most recent version of the Software may cause a suspension of access to such Software and any related Service(s).

5.4 Restrictions on the Use of Company Data. LiveRamp shall not, and shall not authorize any third party to, process, retain, use, sell, transfer, disclose, or otherwise share Company Data for any purposes other than as directed under this Agreement.

5.5 Testing Company Data. Notwithstanding anything to the contrary contained in this Agreement (including the DPA), LiveRamp may use Company Data and Usage Data (as defined in the DPA) internally to perform quality control and testing of the existing or new functionality of LiveRamp’s services generally. Without limiting LiveRamp’s confidentiality obligations with respect to Company Data, Company acknowledges that such use of Company Data and Usage Data may result in improvements to LiveRamp’s services generally, to the benefit of all LiveRamp customers, including Company. Company Data and Usage Data will only be used in a de-identified, aggregated form for these purposes and will not include any directly identifiable personal information.

5.6 Interoperability with Third-Party Applications and Destination Agreements. Company acknowledges and agrees as follows:

(a) A particular Service may offer features designed to interoperate, or otherwise work together with, third-party software applications and services, which may include, but are not limited to, cloud and warehouse platforms (e.g., AWS, GCP, Snowflake, etc.), business intelligence tools (e.g., Tableau, Looker, Power BI, etc.), or other ad-tech platforms (e.g., The Trade Desk, Yahoo, etc.) (each, a “Third-Party Application”).

(b) If Company uses a Third-Party Application in connection with its use of such Service, then Company hereby grants LiveRamp permission to allow such Third-Party Application and its provider to access Company Data, the data of a collaborating third party of Company, and information about Company’s usage of such Third-Party Application, each as the case may be, in order for LiveRamp to provide such Service and for the sole purpose of the interoperation of, or otherwise working together with, such Third-Party Application.

(c) Third-Party Applications are not LiveRamp’s products or services.

(d) The provider of a Third-Party Application may require Company to agree to additional terms and conditions directly between Company and such provider in connection with Company’s use of such Third-Party Application. Company shall not use a Service to make any distributions of Company Data or any other data to any third-party destination unless Company has a direct written agreement with the intended destination governing the receipt and processing of such distributed data and Company’s ad purchases, media buys, resulting campaign(s), and/or any other uses of the destination’s services (e.g., measurement).

(e) LiveRamp is not responsible for any act or omission by the provider of any Third-Party Application, including, without limitation, any disclosure, modification, refusal to process or deletion of Company Data or other data resulting from Company’s use of such Third-Party Application.

(f) LiveRamp cannot guarantee the continued availability of any Third-Party Application and is not responsible for the acts or omissions of the provider of a Third-Party Application related to the continued use of any Third-Party Application with such Service.

6. REPRESENTATIONS AND WARRANTIES.

6.1 Mutual. Each Party represents and warrants to the other that: (a) it has full power and authority to enter into and perform this Agreement and doing so does not breach any other agreement or covenant to which it is a party or is bound; (b) the execution and delivery of this Agreement have been duly authorized; (c) its Confidential Information has been legally obtained and it has the authority to provide the same to the other Party; and (d) it will comply with all applicable laws, including Data Protection Laws, in connection with providing, or using, a Service.

6.2 LiveRamp.

(a) LiveRamp represents and warrants that during the term of a Service as set forth in the applicable Order Form, such Service will conform in all material respects to the descriptions of such Service as set forth in: (i) the applicable Order Form; and (ii) any online or other written documentation or instructions made generally available by LiveRamp to its customers in connection with such Service, including, without limitation, any documentation describing the use of any software application owned, developed, licensed, and/or maintained by LiveRamp and made available for download, access, and/or use, as the context may require, by Company under this Agreement (collectively, the “Documentation”). For purposes of this Agreement, the foregoing warranty shall be referred to as the “Services Limited Warranty”. Notwithstanding the foregoing, the Parties agree that: (A) LiveRamp may at any time update the technical description of a Service within the Documentation for such Service, provided that such Service continues to work substantially in the same manner as intended when entering into the current Order Form for such Service; and (B) to the extent there is a direct conflict between the terms of such Order Form and the then current Documentation with respect to such Service, then the terms of such Order Form shall govern and control any such conflict.

(b) If a Service does not conform to the Services Limited Warranty, then LiveRamp shall, at its option and expense: (i) use commercially reasonable efforts to correct any such non-conformities in such Service or provide Company with a commercially reasonable workaround; (ii) correct any errors or discrepancies in the Documentation; or (iii) refund a pro rata portion of any prepaid fees paid by Company for such Service based upon the remaining time, if any, in the term of such Service as set forth in the applicable Order Form and terminate such Service for such remaining time in which event Company will not be required to pay any fees for such Service for such remaining time. The foregoing states Company’s sole remedy, and the exclusive obligations of LiveRamp, with respect to claims of breach of any Services Limited Warranty.

(c) LiveRamp shall have no liability for any claim based upon: (i) use of a Service not in compliance with the terms of this Agreement or the Documentation; (ii) any modification of a Service that is not done by, or on behalf of, LiveRamp; or (iii) errors caused by the infrastructure, network, communication facilities (including the internet), or other software or hardware not owned, or controlled, by LiveRamp and used by Company to access a Service.

(d) For purposes of this Agreement, “Professional Services” means any support, consulting, implementation, configuration, training, or technical services (including those delivered as part of, and in connection with, any particular Service) provided by LiveRamp pursuant to an Order Form for the benefit of Company. LiveRamp represents and warrants that the Professional Services will be performed with commercially reasonable skill, care and diligence (the “Professional Services Limited Warranty”).

(e) If Company notifies LiveRamp in writing within thirty (30) days of completion of a Professional Service that such Professional Service was not completed in accordance with the Professional Services Limited Warranty, then LiveRamp, at its expense, will re-perform such Professional Service to the extent necessary so that such Professional Service is performed in accordance with the Professional Services Limited Warranty. The foregoing states Company’s sole remedy, and the exclusive obligations of LiveRamp, with respect to claims of breach of the Professional Services Limited Warranty.

6.3 Company. With respect to any Company Data provided to LiveRamp, Company represents and warrants that it:

(a) fully owns, or has the authority to use, such Company Data as contemplated by the terms of this Agreement, and that in obtaining or collecting such Company Data, Company did not violate any law or rights of any third party; (b) shall not instruct LiveRamp to process, or to take any other action with respect to such Company Data, that would violate any law or Company’s own applicable privacy policies, notices, or disclosure statements; (c) has complied, and will continue to comply, with all data subject requests, including, without limitation, requests of individuals to exercise their rights under Data Protection Laws and inform LiveRamp of any such data subject requests (including, by providing LiveRamp with updated Company Data reflective of any such requests) within a reasonable time period and as required by Data Protection Laws.

6.4 Disclaimers. EXCEPT AS EXPRESSLY STATED IN THIS AGREEMENT OR IN AN ORDER FORM, THERE ARE NO OTHER WARRANTIES MADE BY A PARTY, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, OR, WITH RESPECT TO DATA ACCURACY, COMPLETENESS, CORRECTNESS, TIMELINESS, RELIABILITY OR CURRENTNESS, AND ALL SERVICES ARE PROVIDED TO COMPANY STRICTLY ON AN “AS-IS, AS-AVAILABLE” BASIS.

7. LIMITATIONS OF LIABILITY.

7.1 Indirect or Consequential Damages. EXCEPT AS OTHERWISE PROVIDED IN SECTION 7.3, NEITHER PARTY IS LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES (INCLUDING LOSS OF INCOME, REVENUE, PROFITS, OR GOODWILL, BUT NOT INCLUDING ANY FEES PAYABLE HEREUNDER), EVEN IF A PARTY FORESAW OR WAS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

7.2 Aggregate Liability.

(a) EXCEPT AS OTHERWISE PROVIDED IN SECTION 7.2(b) AND SECTION 7.3, NEITHER PARTY’S LIABILITY FOR DAMAGES ARISING FROM OR RELATED TO THIS AGREEMENT WILL EXCEED THE FEES PAID BY COMPANY UNDER THIS AGREEMENT DURING THE 12 MONTHS PRECEDING THE EVENTS GIVING RISE TO SUCH DAMAGES.

(b) EXCEPT AS OTHERWISE PROVIDED IN SECTION 7.3, LIVERAMP’S LIABILITY FOR DAMAGES RESULTING FROM THE UNAUTHORIZED ACCESS TO, OR IMPERMISSIBLE DISCLOSURE OF, COMPANY DATA WILL NOT EXCEED TWICE THE FEES PAID BY COMPANY UNDER THIS AGREEMENT DURING THE 12 MONTHS PRECEDING THE EVENTS GIVING RISE TO SUCH DAMAGES. IF SUCH DAMAGES INCLUDE THE COST OF CONSUMER NOTIFICATION OR CREDIT MONITORING, LIVERAMP SHALL BE LIABLE FOR SUCH DAMAGES (SUBJECT TO THE FOREGOING LIMITATION) ONLY IF NOTICE OR CREDIT MONITORING IS REQUIRED BY APPLICABLE LAW.

7.3 Miscellaneous. The limitations in this Section shall not apply to a Party’s indemnification obligations or to damages resulting from a Party’s gross negligence or intentional misconduct and the limitations in this Section shall apply regardless of the legal theory or form under which any action is brought. Company hereby acknowledges and agrees that the limitations of liability in this Section constitute a material inducement for LiveRamp to enter into this Agreement and that the fees charged to Company for Services would be substantially higher without such limitations.

8. INDEMNIFICATION.

8.1 General. Each Party (an “Indemnifying Party”) agrees to indemnify and hold the other Party and its Personnel (individually or collectively, an “Indemnified Party”) harmless from and against any third-party claim, action, or liability (including damages, costs, expenses, and reasonable attorneys’ fees) that may arise against the Indemnified Party as the result of: (a) personal injuries or damages to tangible real property caused by the Indemnifying Party and/or its Personnel; and (b) the Indemnifying Party’s failure to comply with any applicable law, including Data Protection Laws.

8.2 Infringement.

(a) Except as provided below, each Indemnifying Party shall defend and indemnify the Indemnified Party from and against any damages, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising out of any third-party claim that (i) a Service provided under this Agreement by the Indemnifying Party (i.e., LiveRamp) or (ii) Confidential Information, including Company Data, provided by the Indemnifying Party infringes a valid patent, trademark, or copyright, or otherwise misappropriates a trade secret, of a third-party, provided that the Indemnified Party has provided to the Indemnifying Party prompt written notice of such claim and reasonable cooperation, information, and assistance in connection therewith. Unless prohibited by law and notwithstanding anything to the contrary in this Agreement, the Indemnifying Party’s aggregate liability for its indemnification obligations under this subsection shall not exceed an amount equal to two (2) times the total fees paid, or payable, by Company to LiveRamp during the twelve (12) months immediately preceding the event that gave rise to such indemnification obligation.

(b) Notwithstanding subsection (a) above, neither Party shall have any liability or indemnification obligation to the other Party for any third-party infringement claim to the extent caused by, or based upon: (i) the combination of a Service or Confidential Information with other products or services not furnished, or authorized, by the Party providing such Service or Confidential Information to the extent such infringement would not have occurred but for such combination; or (ii) additions or modifications made to the Service or Confidential Information that are not made by the Party providing such Service or Confidential Information or authorized by this Agreement to the extent such infringement would not have occurred but for such addition or modification.

(c) Should a Service provided to Company, or any part thereof, become, or in LiveRamp’s opinion be likely to become, the subject of a third-party claim of infringement, LiveRamp may, at its option and expense, either: (i) procure for Company the right to continue using such Service; or (ii) replace or modify such Service so as to make it non-infringing. If LiveRamp is not able to procure the right for Company to continue using such Service, or modification is not possible or is commercially unreasonable as determined by LiveRamp, then, in addition to LiveRamp’s obligations under subsection (a) above, LiveRamp will pay Company a pro rata refund of any prepaid fees paid to LiveRamp with respect to such Service based upon the date Company ceased to use such Service as a result of such infringement.

(d) Each Party hereby acknowledges and agrees that subsections (a) and (c) state the entire liability of a Party, and the sole and exclusive remedy of the other Party, with respect to any third-party claim of infringement.

8.3 Indemnification Procedure. The Indemnifying Party shall have sole control and authority with respect to the defense, settlement, and/or compromise of any third-party claim subject to the terms of this Section; provided, however, that: (a) the Indemnified Party, at its own expense, shall have the right to participate in any such litigation insofar as it concerns claims against it; and (b) without the express written consent of the Indemnified Party, the Indemnifying Party shall not enter into a settlement agreement for any such claim if such agreement calls for any payment obligation of, or admission of liability by, the Indemnified Party.

9. PUBLICITY. Without the written consent of the other Party, neither Party shall: (a) except as required by applicable law or otherwise expressly permitted by the terms of this Agreement, use the other Party’s name, logo, or trademark without the other Party’s approval; or (b) issue any press release, advertising, or promotional material relating to this Agreement. LiveRamp may generate case studies from Company’s use of a Service that may be incorporated into LiveRamp’s marketing materials provided that such materials do not reference Company’s name, logo, or trademarks or include any of Company’s Confidential Information.

10. GOVERNING LAW AND DISPUTES.

10.1 Governing Law. This Agreement is governed by applicable Delaware law without regard to its choice of law rules.

10.2 Informal Resolution. Other than with respect to a claim for a violation under Section 2 or a Party seeking injunctive relief, before filing any litigation relating to this Agreement, a Party will provide written notice of the dispute to the other Party. Each Party shall use good faith efforts to attempt to reach resolution of such dispute within (30) thirty days following the receipt of such notice. If such dispute is not resolved during such period, then either Party may bring a proceeding before a court of law relating to such dispute subject to the terms of this Agreement.

10.3 Jury Trial Waiver. TO THE FULLEST EXTENT PERMITTED BY LAW, COMPANY AND LIVERAMP EACH WAIVES ITS RIGHT TO A JURY TRIAL FOR ANY CLAIM OR CAUSE OF ACTION ARISING OUT OF, OR RELATING IN ANY WAY TO, THIS AGREEMENT.

11. MISCELLANEOUS.

11.1 Severance and Waiver. If any one or more of the provisions of this Agreement shall for any reason be held to be invalid or unenforceable, then such provision shall be enforced to the maximum extent permissible to affect the original intent of the Parties, and the same shall not affect any of the other portions thereof. Failure or delay by either Party in exercising any right hereunder shall not be a waiver of such right. To be enforceable, a waiver must be in writing and signed by the waiving Party.

11.2 Assignment. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent shall not be unreasonably withheld or delayed; provided, however, no consent is required for assignment by either Party: (a) to an Affiliate; or (b) in connection with a direct or indirect purchase, merger, reorganization, consolidation, or sale of all or substantially all of the assigning Party’s assets, but in each case subject to the assigning Party’s prompt notice of such assignment to the other Party. This Agreement will be binding upon, inure to the benefit of, and be enforceable by, the Parties and their respective permitted successors and assigns.

11.3 No Third-Party Beneficiaries. Unless expressly set forth in this Agreement, including in any Order Form, there are no intended third-party beneficiaries of any terms of this Agreement.

11.4 Relationship. The Parties are independent contractors and no joint venture, partnership, employment, or agency relationship exists between the Parties as a result of this Agreement.

11.5 Force Majeure. If performance of any obligation hereunder is directly prevented or interfered with by an act or condition outside the reasonable control of a Party, including, without limitation, fire, strike, or labor disputes of a third party, war or violence, court order or requirement of a government agency (a “Force Majeure Event”), then the Party suffering such Force Majeure Event, upon giving prompt written notice to the other Party, is excused from such performance during such Force Majeure Event to the extent performance is not reasonably possible.

11.6 Notices. Except as otherwise provided by this Agreement or applicable law, any notice or other communication required hereunder shall be made by electronic mail and deemed to be received upon transmission. A Party may change the name or address of the designated recipient by giving notice to the other Party. Any notice or communication shall be deemed given upon receipt.

(a) If to LiveRamp, notices or other communications required hereunder shall be sent to [email protected]; and,

(b) If to Company, notices or other communications required hereunder shall be sent to the email address of the person executing Company’s initial Order Form or such other email address as may be provided by Company to LiveRamp in accordance with this Section.

11.7 Survival of Terms. Any provision of this Agreement that contemplates performance or observance subsequent to the termination of this Agreement, including, but not limited to, all provisions with respect to confidentiality, limitations of liabilities, and indemnification, shall survive any termination or expiration of this Agreement and continue in full force and effect in accordance with their respective terms.

11.8 Headings and Counterparts. The descriptive headings of the sections and subsections of this Agreement are for convenience only and do not constitute a part of this Agreement. An Order Form may be executed in two or more counterparts, each of which will be considered one and the same agreement and will become effective when counterparts have been signed by each of the Parties hereto and delivered to the other Party (including by means of electronic delivery or facsimile).

11.9 Entire Agreement. This Agreement constitutes the entire agreement between the Parties with respect to the subject-matter hereof and supersedes any and all written and oral prior agreements and understandings between the Parties. Without limiting the generality of the foregoing, any confidentiality or non-disclosure agreement entered into by the Parties prior to entering into this Agreement is hereby superseded by the terms of this Agreement, including the confidentiality provisions of this Agreement.

11.10 Amendments. This Agreement may only be amended in a writing executed by the Parties. Notwithstanding the foregoing, Company agrees that LiveRamp shall have the right to amend this Terms of Service Agreement at any time for customers generally, without any notice to Company, by posting an updated version of this Terms of Service Agreement. For the avoidance of doubt, any such changes will only be effective and apply to Company for a particular Service currently being used by Company upon the (a) renewal (including an auto-renewal) of such Service or (b) execution of an Order Form referencing the then-current Terms of Service Agreement for an additional Service, in which case such then-current Terms of Service Agreement will apply to all Services as of the effective date of such Order Form. Executing such Order Form, and continued use of a Service thereafter, shall constitute Company’s consent to any such changes. The Terms of Service Agreement in effect for Company at any given time will be available to Company. LiveRamp recommends that Company review the then-current Terms of Service Agreement prior to executing any Order Form to ensure Company’s familiarity with the terms and conditions governing the use of Services and to inform Company of any such changes.

Exhibit A: Information Security

This Exhibit describes the information security measures that LiveRamp uses in providing Services under the Agreement. Capitalized terms used in this Exhibit, but not defined herein, shall have the meanings given to them in the Agreement.

1. GENERAL. LiveRamp will use industry-standard security measures designed to protect against unauthorized access, loss, and misuse of hashed or encrypted IDs, including: (a) encryption of stored information behind a secured server network; and (b) organizational, contractual, technological, and managerial safeguards as more thoroughly described herein. LiveRamp security measures may be subject to change at LiveRamp’s sole discretion; however, any such change(s) will not diminish or reduce the requirements provided herein.

2. SHARED PROCESSING ENVIRONMENT. LiveRamp may perform the Services from a facility owned by a third party (a portion of which is available for use by LiveRamp or its Affiliates), through a cloud platform provider, or from a similar environment that is managed by LiveRamp Personnel. Any such facility, location, or environment will meet, in all material respects, the applicable requirements established herein.

3. SAFEGUARDS. LiveRamp will maintain the following administrative, technical, and physical controls designed to ensure the security and confidentiality of Company Data (“Safeguards”) in accordance with the terms of the Agreement:

3.1 Physical Access. LiveRamp will maintain physical access controls designed to secure relevant facilities, infrastructure, data centers, hard copy files, servers, backup systems, and equipment (including mobile devices) that are in LiveRamp’s control and used to access Company Data, including controls to prevent, detect, and respond to attacks, intrusions, and other system failures. LiveRamp will log physical access, conduct regular reviews, and require visitors to sign in and out of facilities housing systems in LiveRamp’s control that process, store, and/or transmit Company Data.

3.2 User Authentication. LiveRamp will maintain user authentication and access controls within operating systems, applications, equipment, and media.

3.3 Personnel Security. LiveRamp will maintain personnel security policies and practices restricting access to Company Data, including written confidentiality agreements and background checks consistent with applicable law for all LiveRamp Personnel with access to Company Data or who maintain, implement, and/or administer LiveRamp’s information security program and Safeguards.

3.4 Logging and Monitoring. LiveRamp will log and monitor the details of access to Company Data on networks, systems, and devices operated by LiveRamp. LiveRamp logging and monitoring systems will meet applicable industry standards.

3.5 Malware Controls. LiveRamp will maintain reasonable and up-to-date controls designed to protect its networks, systems, and devices that access Company Data from malware and unauthorized software.

3.6 Security Patches. LiveRamp will maintain controls and processes designed to ensure that networks, systems, and devices (including operating systems and applications) that access Company Data are up-to-date, including application of security updates and patches to systems and applications that process Company Data in accordance with the applicable providers’ best practice recommendations or guidelines. In accordance with LiveRamp’s change management program, LiveRamp will test patches, service packs, and hot fixes before installing such updates and patches.

3.7 User Account Management. LiveRamp will implement reasonable user account management procedures to securely create, amend, and delete user accounts on LiveRamp networks, systems, and devices, including monitoring redundant accounts and ensuring that information owners properly authorize user account requests. User account management will include: (a) unique user IDs for access; (b) a review of user access rights, including privileged accounts, at most every three (3) months; and (c) allow limited and controlled access to LiveRamp’s internal network.

3.8 Password Requirements. LiveRamp will maintain a password policy for its systems and applications that process Company Data that, at a minimum, requires passwords to: (i) be a minimum of ten (10) characters in length; (ii) contain a mix of upper- and lowercase letters and at least one (1) number and one (1) special character; (iii) not be the username; (iv) expire at least every ninety (90) days; (v) not be the same as any previous six (6) passwords; (vi) be changed at the first logon after initial password; (vii) be encrypted at rest and in transit; (viii) be masked when entered into a system or application; (ix) lock accounts after five (5) invalid login attempts; (x) not be a PIN or secret question that is any less secure than the primary authentication password or mechanism; and (xi) have a minimum password age.

4. ENCRYPTION REQUIREMENTS. Using a reasonable encryption standard, LiveRamp will encrypt all Company Data that is: (a) stored on portable devices or portable electronic media; (b) stored or maintained outside of LiveRamp’s facilities, excluding hard-copy documents; or (c) transferred across any network other than an internal network owned and managed by LiveRamp.

5. ACCESS CONTROLS. LiveRamp will: (a) maintain reasonable controls to ensure that only individuals who have a legitimate need to access Company Data under the Agreement and/or applicable Schedule(s) will have such access; (b) promptly terminate an individual’s access to Company Data when such access is no longer required for performance under the Agreement and/or applicable Order Forms; and (c) log the appropriate details of access to Company Data on LiveRamp’s systems and equipment.

6. TRAINING AND SUPERVISION. LiveRamp will provide ongoing privacy and information protection training and supervise its Personnel who access Company Data.

7. ASSESSMENTS; AUDITS; CORRECTIONS.

7.1 Company Audits and Assessments. Upon Company’s written request, to confirm compliance with this Exhibit and no more than once annually, LiveRamp will promptly and accurately complete Company’s written information security questionnaire regarding LiveRamp’s information security practices in relation to all Company Data that LiveRamp receives in order to provide the Services. Furthermore, and no more than once annually, upon Company’s written request, which must be given to LiveRamp at least ten (10) business days in advance, Company or its designated representative may assess and audit LiveRamp’s compliance with this Exhibit, LiveRamp’s responses to Company’s information security questionnaire, or LiveRamp’s compliance with applicable laws to determine adequacy to protect Company Data. As a result, Company may request improvements of LiveRamp’s applicable security controls that are designed to prevent malicious or inappropriate access to source code, data, graphics, and/or audio/visual material used to perform Services for Company. Notwithstanding the foregoing, or anything to the contrary in the Agreement or any Order Form, LiveRamp shall have no obligation to provide Company or its representatives with access to LiveRamp’s systems or certain information from LiveRamp’s shared processing environments, including, but not limited to, records of internal vulnerability scans and penetration tests, systems logs, detailed network diagrams, and application code.

7.2 LiveRamp Audits and Assessments. LiveRamp will continuously monitor risk to Company Data to help ensure that the Safeguards are properly designed and maintained in their use to prevent unauthorized access to Company Data. LiveRamp will periodically (but no less than once annually) assess and document the effectiveness of its Safeguards across its networks, systems, and devices (including infrastructure, applications, and the Services) used to access Company Data and update its Safeguards as needed. In addition to any internal audits, LiveRamp will conduct an annual security audit of its Safeguards covering all relevant networks, systems, devices, and media used to access Company Data, and such audit will be conducted by a recognized third-party audit firm using a reasonable audit standard. Upon Company’s written request, LiveRamp will provide Company a SOC 2 Report, as may be applicable, a Statement on Standards for Attestation Engagements (SSAE) No. 18 audit, ISAE 3402, or equivalent audit completed by such firm.

7.3 Vulnerability Testing. LiveRamp will periodically (but at least once annually) perform manual and automated vulnerability testing (including penetration testing based on recognized industry best practices) on LiveRamp internet-facing networks, systems, software, and devices used to access Company Data. Upon written request from Company, LiveRamp will provide evidence of such testing, which will include a summary of results for testing completed on LiveRamp internet-facing systems. Company shall have no right to perform vulnerability or penetration testing on LiveRamp networks or systems.

7.4 LiveRamp Response to Audits. Upon Company’s written request, the Parties may meet promptly following the completion of any audit conducted pursuant to this Exhibit and/or the issuance of an interim or final report following such audit. The Parties will review and escalate such audit findings to the extent necessary. LiveRamp will respond to each exit interview and/or audit report in writing within thirty (30) days, unless a shorter response time is specified in such report and agreed upon by LiveRamp. The Parties shall develop and agree upon an action plan to promptly address and resolve any deficiencies, concerns, and/or recommendations identified in such exit interview or audit report. LiveRamp will then undertake remedial action in accordance with such action plan and to the extent necessary to comply with LiveRamp’s obligations under this Exhibit.

8. SECURITY BREACH RESPONSE. LiveRamp will maintain policies and procedures for responding to Security Breaches, including, without limitation: (a) assigning and training a security coordinator; and (b) training Personnel who have access to Company Data on the policies and procedures to recognize Security Breaches and how to escalate and notify the security coordinator of any Security Breach. “Security Breach” shall mean any actual or reasonably suspected: (i) unauthorized access to or theft of Company Data; (ii) unauthorized use of Company Data by a person with authorized access to the information for purposes of actual or reasonably suspected theft, fraud, or identity theft; (iii) unauthorized disclosure or alteration of Company Data; and/or (iv) loss of Company Data, including, without limitation, any of the foregoing described in subclauses (i)–(iii) caused by, or resulting from, a failure, lack, or inadequacy, of security, physical intrusion of facilities, or theft or loss of documents, laptops or storage media, or Personnel malfeasance. If LiveRamp has a Security Breach, it shall handle such Security Breach in accordance with its Security Incident Response Guide, and:

8.1 notify Company within seventy-two (72) hours after the discovery of the Security Breach;

8.2 use commercially reasonable efforts and take all commercially reasonable actions to prevent, contain, and mitigate the impact of the Security Breach;

8.3 provide a written status report to Company promptly, but in no event more than seven (7) business days, after the Security Breach;

8.4 collect and preserve all evidence concerning the discovery, cause, vulnerability, exploitation, remedial actions, and impact related to the Security Breach, which will be forensically admissible in legal proceedings;

8.5 document incident response and remedial actions taken in detail, which will be forensically admissible in legal proceedings; and

8.6 notify Company in advance of any press releases or public statements made by LiveRamp related to the Security Breach.

9. BUSINESS CONTINUITY AND DISASTER RECOVERY. LiveRamp will implement and maintain Business Continuity & Disaster Recovery (“BCDR”) capabilities to ensure the availability of the Services in the event of a disaster scenario or outage. LiveRamp will assess each Service for BCDR requirements pursuant to its documented risk management guidelines. LiveRamp will ensure that each Service has, to the extent warranted by such risk assessment, and based on the business criticality of such Services provided to Company, maintained and validated BCDR capabilities consistent with industry-standard practices.

Updated: July 9, 2025

Previous Versions
Terms of Service Agreement (Effective June 15, 2021)