Vungle Inc., a Liftoff Mobile, Inc. company


MONETIZE INTERNATIONAL INSERTION ORDER


Terms and Conditions

This Monetize - SDK License and Publisher Terms (“Agreement ”) is made available by Vungle Inc. (“Liftoff ”). By downloading or using the software development kit, including and solely as enabled by Liftoff, available for download on Liftoff’s website as of the Effective Date, and any other software that may be provided by Liftoff to Developer with the software development kit, including any updates thereto (“Vungle SDK ”) and Liftoff’s hosted video advertising system, which supports video advertisement insertion within mobile applications, and related advertisement reporting tools (“Monetize Platform”), you and any company, entity, or organization on behalf of which you are accepting this Agreement (“Developer ”) hereby agrees to be bound by all terms and conditions of this Agreement effective as of the date you first access the Vungle Dashboard (“Effective Date ”), and you represent and warrant that you are an authorized representative of Developer with the authority to bind Developer to this Agreement.


VUNGLE SDK LICENSE:

License Grant: Subject to the terms and conditions of this Agreement, Liftoff grants Developer a non-exclusive, non-transferable, non-sublicensable, worldwide license to: (a) integrate the Vungle SDK with the mobile applications owned and/or controlled by Developer, including all content, images, music and text contained therein, that Developer wishes to use with the Vungle SDK and Monetize Platform (“Developer Apps ”) solely for internal use; (b) use, reproduce and distribute certain portions of the Vungle SDK as required for Developer’s distribution of Developer Apps; provided that, any distribution to an end user will be subject to terms that protect the Vungle SDK in a manner at least as protective as set forth herein; and (c) use the Vungle SDK and Monetize Platform to have video advertisements, sourced by or on behalf of Liftoff, which are routed and/or served by the Monetize Platform to the Developer Apps (“Liftoff Ads ”) inserted within Developer Apps pursuant to this Agreement.


SDK Updates: Liftoff periodically releases new versions of, or updates to, the Vungle SDK which may contain new features and fixes (each a, “ SDK Update”). Each SDK Update will be presented to Developer within the Monetize Platform dashboard, and Developer is encouraged to download and integrate each SDK Update within the Developer Apps. Each SDK Update shall be subject to the terms and conditions of this Agreement. Liftoff may sunset versions of the Vungle SDK that are older than 24 months.


License Restrictions: Except as expressly provided in this Agreement, Developer shall not (and shall not allow any third party to): (a) decompile, reverse engineer, disassemble, modify, adapt, create derivative works of, copy or distribute the Vungle SDK or Monetize Platform, (b) modify, remove, or obscure any copyright, trademark, patent or other proprietary notices or legends from the Vungle SDK or Monetize Platform; (c) copy, distribute, rent, lease, lend, sublicense, transfer or make the Vungle SDK or Monetize Platform available to any third party, (d) use the Vungle SDK or Monetize Platform to develop, upload, or transmit any software viruses or other computer code, files or programs designed to interrupt, destroy, or limit the functionality of any software or hardware, or (e) use the Vungle SDK, Monetize Platform, or any data collected, received, or provided access via the Vungle SDK or Monetize Platform, except as expressly set forth in this Agreement, including to re-identify an individual end user.


Third Party Software: Vungle’s SDK may include third party software or open source software (“Third Party Software”), such as ad measurement brand safety, and fraud detection. Developer acknowledges and agrees that the applicable third party policies required by such third parties’ service available via the Monetize Platform, including without limitation, any header bidder platform, mediation layer, demand service provider (“DSP ”), or App Store, and its corresponding terms of services, privacy policies, ad/content guidelines, and similar policies (“Third Party Policies ”) apply to and govern Developer’s use of the Third Party Software. Open source software utilized in the Vungle SDK is attributed in the SDK github files.


INTELLECTUAL PROPERTY RIGHTS:

Liftoff IP: All ownership rights, title, and interest in and to the Vungle SDK (excluding the Third Party Software) and Monetize Platform, including all intellectual property rights therein, as such may be modified, upgraded, or enhanced from time to time (“ Liftoff Property”) will remain and belong exclusively to Liftoff. Liftoff reserves all rights not expressly granted to Developer herein.


Developer IP :Developer shall retain all ownership rights, title and interest in and to the Developer Apps, including all intellectual property rights therein, as such may be modified, upgraded or enhanced from time to time. If Developer elects to provide any suggestions, comments, improvements, ideas or other feedback or materials to Liftoff (collectively, “Feedback”), Developer hereby grants Liftoff the right to freely use, copy, disclose, license, distribute and exploit any such Feedback in any manner without any obligation, royalty or restriction based on intellectual property rights or otherwise.


THE MONETIZE PLATFORM:

Liftoff Insertion &Sale of Ads: Developer hereby grants Liftoff the right to sell, and have sold, advertisement inventory in the Developer Apps, and to insert Liftoff Ads within such inventory. Developer agrees that in connection with Liftoff Ads, Liftoff may access or call to the Developer Apps, or the servers that make them available, and cause the routing, transmission, reproduction, and display of Liftoff Ads as contemplated herein. If Developer elects to enable header bidding in the Developer Apps, then Developer agrees to abide by such header bidder’s Third Party Policies. Unless expressly agreed in writing, Liftoff makes no guarantee that any level or amount of Liftoff Ads will be placed in the Developer Apps. In addition, Developer hereby grants Liftoff the non-exclusive, worldwide right and license to use, reproduce, distribute and display Developer’s and the Developer Apps’ trademarks, names, logos, and images of the Developer Apps, in connection with the sale of Liftoff Ads hereunder, including (a) listing the Developer Apps and inventory in pitch materials to prospective third-party advertisers (“Advertisers”); (b) reporting the inclusion of Developer Apps and inventory as part of Liftoff’s advertising network, and (c) identifying the Developer as a publishing partner on Liftoff’s website and other marketing materials.


Developer Apps Content Policy: The Developer Apps will not contain, consist of, or promote discrimination, illegal activities, hate speech, defamation, graphic violence, firearms, tobacco, illegal drugs, pornography, sex-trafficking, profanity, obscenity or sexually explicit material (“ Developer Apps Content Policy”). Additionally, Developer will notify Liftoff immediately of any Developer Apps relating to alcohol or real-money gambling. Developer agrees that Liftoff has no responsibility for the Developer Apps, including any content therein, and Liftoff has no obligation or ability to monitor or edit the Developer Apps. Developer will provide as much advance written notice as reasonably practicable, but in no event less than fifteen (15) days’ notice, regarding any material changes to the nature or design of any Developer App, including without limitation, changes to the placement of inventory, any action that will increase or reduce expected inventory within the Developer Apps, the type of content contained within the Developer Apps, or the target audience of the Developer Apps. In the event that Developer desires that certain Advertisers be restricted by category, brand, or otherwise, then Developer shall provide Liftoff with a blacklist and/or whitelist of such Advertisers, including those from DSPs.


Ad Restrictions and Invalid Impressions: Developer may not, and may not authorize or encourage any third party to: (i) engage in or create Invalid Impressions; (ii) edit, modify, filter, or change the order of the information contained in any Liftoff Ad, or remove, obscure or minimize any Liftoff Ad in any way; and/or (iii) redirect an end user away from any web page or app accessed by an end user after selecting or clicking on any part of a Liftoff Ad (“Advertiser Page”), provide a version of the Advertiser Page different from the page an end user would access by going directly to the Advertiser Page, or intersperse any content between the Liftoff Ads and the Advertiser Page. As used herein, “Invalid Impressions” means any impressions, downloads, installs, views, taps, clicks or other user engagement relating to any Liftoff Ad campaign that may artificially inflate an Advertiser 's costs or Developer 's earnings. By way of example, and without limitation, Invalid Impressions are caused by: (1) repeated manual clicks, (2) using “robots”, “spiders” or other tools for making automated computer generated requests, (3) using offers of cash, prizes, incentives, gift cards, vouchers or anything of value, including cryptocurrency, (4) using a design that encourages or is likely to lead to unintended impressions, downloads, installs, views, taps, clicks or other user actions, (5) manipulating or misrepresenting device IDs, Ad IDs, geolocation or other user or device information; (6) hijacking of an end user’s device; (7) automatic advertisement refreshes; or (8) any other deceptive or fraudulent methods. Developer shall promptly notify Liftoff if it suspects that any third party may be tampering with, abusing or manipulating the Monetize Platform or the Liftoff Ads within the Developer App, or otherwise violating the restrictions of this Section. Liftoff may suspend Developer’s use of the Monetize Platform and/or terminate this Agreement immediately should Developer violate the foregoing provisions of this Section, or if Liftoff observes unusually high levels of impressions, downloads, installs, views, taps or clicks on Developer’s account. Developer shall not be entitled to any revenue associated with Invalid Impressions or campaigns.


DATA AND PRIVACY:

Collection of Data: Developer acknowledges and agrees that Liftoff may: (i) use the Liftoff Property to collect, process and use data from the device of an end-user, including, for example, orientation data, volume settings, OS language, device make/model, operating system, mobile carrier, and device identifiers (“App Data ”) and the data regarding advertisement performance, including, for example, impressions, interactions, installs, header information, and end user segments or interests (“Performance Data ”) in connection with the performance of this Agreement, including to display Liftoff Ads to end users and to measure and report the performance of Liftoff Ads; (ii) disclose App Data and Performance Data (a) to third parties (including Advertisers, header bidding platforms, DSPs, advertising exchanges, and attribution partners) as reasonably necessary in connection with the operation of the Monetize Platform and performance of this Agreement, (b) if required by any court order, process, law or governmental agency; or (c) generally, when such data is aggregated, so that the specific information relating to Developer is not identified as such; and (iii) use App Data and Performance Data for Liftoff’s internal business purposes, including to develop and improve the Vungle SDK and Monetize Platform, perform internal analytics regarding Vungle SDK performance, and to monitor for errors. Liftoff will collect and use the App Data and Performance Data in accordance with the Privacy Notice, which is available at http://vungle.com/privacy/ (as updated from time to time).


Compliance with Privacy Laws: In performance of this Agreement, Developer agrees to comply with all applicable laws, governmental regulations, court or government agency orders, and decrees relating in any manner to the collection, use, processing or dissemination of data from or about users, user traffic, or otherwise relating to privacy rights. The Developer will inform Liftoff whether its Developer App is “directed to children” as defined by the US Children’s Online Privacy Protection Act (“COPPA ”) and will select the appropriate dashboard settings within the Liftoff Platform related to such child-directed apps (e.g., turn COPPA flag on). In addition, Developer agrees to conspicuously post a privacy notice that accurately describes the Developer’s and third parties’ collection, use, processing, and disclosure of end user data from the Developer Apps, which include disclosure (i) that third parties, including Liftoff, may collect or receive information and use that information to provide measurement services and targeted ads, and (ii) how and where users can opt-out of collection and use of information for ad targeting. Developer will notify Liftoff within thirty (30) days of any official ruling, decision, opinion, or other determination by any governmental or regulatory entity that its Developer App has been determined to be “directed to children under 13” as defined by COPPA. Liftoff reserves the right to modify, suspend, or terminate this Agreement should Developer violate this Section, and/or to remain compliant with all applicable laws.


Monetize Data Privacy Addendum: As applicable, and to the extent performance of this Agreement entails the collection and/or processing of any data or information from end users in the European Economic Area or the UK, the parties agree that the additional terms and conditions set forth in the Monetize Data Privacy Addendum(“DPA”) set out at and incorporated by reference to this Agreement. To the extent this Agreement conflicts with the DPA, the DPA shall govern and control.


PAYMENT OF FEES

Standard Developer Fee: Subject to the terms and conditions of this Agreement, Liftoff shall pay to Developer a percentage of the Net Revenue (the “Developer Fee”), as determined by Liftoff, which may include calculation on a flat CPM basis. “Net Revenue” means the gross revenue actually collected by Liftoff from Advertisers for Liftoff Ads served and displayed within the Developer Apps, less (i) any refunds to Advertisers; (ii) a deduction of up to 10% to cover expenses related to Advertiser discounts, payment transaction fees, telecommunications, data center and other serving costs, (iii) any amounts payable by Liftoff to providers of targeting, reporting, verification or other data, technology or services used in connection with a given campaign hereunder, and (iv) Invalid Impressions and/or other violations. The Developer Fee shall be based on the impression or app installation counts used by the applicable Advertiser(s). For the avoidance of doubt, all Developer Fees are based on advertisement requests from the Developer Apps that are actually fulfilled with Liftoff Ads. All revenue received from activities that Liftoff deems to be due to fraud, Invalid Impressions, or technical error may be refunded to the Advertiser(s) in Liftoff’s sole discretion.


Payment: Liftoff will pay any Developer Fee due to Developer sixty (60) days’ after the completion of the month in which such Liftoff Ads are served and displayed; provided that, Liftoff may withhold payment until the following month for Developer Fee amounts less than $1,000.00 U.S Dollars. Developer shall be responsible for any bank, transfer or transaction fees (e.g., PayPal). In the event that Developer does not claim its payment within one (1) year from delivery, then Developer forfeits such payment and Liftoff may reclaim such payment.


Taxes: Each party will be responsible, as required under applicable law, for identifying and paying all taxes and other governmental fees and charges (and any penalties, interest, and other additions thereto) that are imposed on that party upon or with respect to the transactions and payments under this Agreement. Developer may charge and Liftoff will pay applicable national, state or local sales or use taxes or value added taxes that Developer is legally obligated to charge (“Taxes”), provided that such Taxes are stated on the original invoice that you provide to us and your invoices state such Taxes separately and meet the requirements for a valid tax invoice. Liftoff maintains the right, however, to deduct or withhold any applicable taxes that Liftoff may be legally obligated to deduct or withhold from amounts due from Liftoff, and the amounts due, as reduced by such deductions or withholdings, will constitute full payment to Developer. Developer will provide Liftoff with any forms, documents, or other certifications as may be requested by Liftoff to satisfy any information reporting or tax obligations with respect to this Agreement. Developer is responsible for paying, and will indemnify and hold Liftoff forever harmless for, any taxes, duties, or fees, including interest and penalties, for which Developer is legally responsible, or that result from an inaccurate certification where Developer or the Developer Apps do in fact perform in the applicable tax jurisdiction.


TERM AND TERMINATION:

Term: This Agreement is effective until terminated in accordance with this Agreement.


Termination/Suspension: Liftoff may terminate this Agreement at any time by providing thirty (30) days’ notice to Developer. Additionally, Liftoff may terminate this Agreement immediately if Developer breaches any provision of this Agreement. Liftoff may immediately suspend Developer’s access to the Monetize Platform if Liftoff reasonably believes Developer has breached this Agreement.

Developer may terminate this Agreement at any time by providing written notice to Liftoff (email to suffice), ceasing all use of the Monetize Platform and Liftoff Property, and destroying or removing from all hard drives, networks, and other storage media all copies of the Liftoff Property.


Effect of Termination: Upon termination of this Agreement by Developer, the Agreement (including all rights and licenses granted and obligations assumed hereunder) will remain in force and effect until the completion of all Liftoff Ad campaigns associated with the Developer Apps in effect on the date of such termination (“Sell-Off Period”). Liftoff’s payment obligations will remain in effect during the Sell-Off Period. Upon any termination of this Agreement, each party will promptly return or destroy all copies of any Confidential Information in its possession or control.


Survival: All sections of this IO which by their nature should survive termination will survive termination, including, without limitation, restrictions, accrued rights to payment, confidentiality obligations, intellectual property rights, warranty disclaimers, and limitations of liability.


CONFIDENTIALITY:

Each party (the “Receiving Party ”) understands that the other party (the “Disclosing Party ”) has disclosed or may disclose information relating to the Disclosing Party’s technology or business (hereinafter referred to as “Confidential Information ” of the Disclosing Party). The Receiving Party agrees: (i) not to divulge to any third person any such Confidential Information, (ii) to give access to such Confidential information solely to those employees, consultants or agents with a need to have access thereto for purposes of this IO, and (iii) to take the same security precautions to protect against disclosure or unauthorized use of such Confidential information that the party takes with its own proprietary information, but in no event will a party apply less than reasonable precautions to protect such Confidential Information. The foregoing will not apply with respect to any information that (a) is or becomes generally available to the public without any action by, or involvement of, the Receiving Party, or (b) was in its possession or known prior to receipt from the Disclosing Party, or (c) was rightfully disclosed without restriction by a third party, or (d) was independently developed without use of any Confidential Information of the Disclosing Party. Nothing in this IO will prevent the Receiving Party from disclosing the Confidential Information pursuant to any judicial or governmental order, provided that the Receiving Party gives the Disclosing Party reasonable prior notice of such disclosure to contest such order. Notwithstanding the foregoing, Liftoff may collect data with respect to and report on the aggregate response rate and other aggregate measures of the Services’ performance and as set forth herein.


Use and Disclosure Restrictions: The Receiving Party shall not use the Confidential Information except as necessary to exercise its rights or perform its obligations under this Agreement, and shall not disclose the Confidential Information to any third party, except to those of its employees, subcontractors, and advisors that need to know such Confidential Information for the purposes of this Agreement, provided that each such employee, subcontractor, and advisor is subject to a written agreement that includes binding use and disclosure restrictions that are at least as protective of the Confidential Information as those set forth herein. The Receiving Party will use at least the efforts such party ordinarily uses with respect to its own confidential information of similar nature and importance to maintain the confidentiality of all Confidential Information in its possession or control, but in no event less than reasonable efforts. The foregoing obligations will not restrict the Receiving Party from disclosing any Confidential Information required by applicable law; provided that, the Receiving Party must use reasonable efforts to give the Disclosing Party advance notice thereof (i.e., so as to afford Disclosing Party an opportunity to intervene and seek an order or other relief for protecting its Confidential Information from any unauthorized use or disclosure) and the Confidential Information is only disclosed to the extent required by law. The Receiving Party shall return all of the Disclosing Party’s Confidential Information to the Disclosing Party or destroy the same, no later than fifteen (15) days after Disclosing Party’s request, or when Receiving Party no longer needs Confidential Information for its authorized purposes hereunder.


DEVELOPER REPRESENTATIONS AND WARRANTIES:

Developer represents and warrants to Liftoff that: (a) it shall comply with all applicable laws, rules, and regulations with respect to the operation of its business and its use of the Vungle SDK and Monetize Platform; (b) it has all necessary rights, title, and interest in and to the Developer Apps, and it has obtained all necessary rights and permissions to grant the rights to Liftoff in this Agreement, including to allow Liftoff to sell and insert the Liftoff Ads as contemplated herein; (c) the Developer Apps will comply with the Developer Apps Content Policy, and will not infringe upon, violate, or misappropriate any third party right, including any intellectual property or privacy rights; (d) any App Data Developer may provide to Liftoff, and the ability for Liftoff to collect App Data and Performance Data, is permitted under Developer’s privacy notice and provided in compliance with all applicable laws; (e) it has made, and shall maintain, any and all disclosures, and obtained any and all consents or permissions required by applicable laws with respect to Developer’s privacy practices, including without limitation: (i) any end user data Developer collects, uses, processes and/or discloses, (ii) the use and disclosure of App Data and Performance Data to Liftoff via the Vungle SDK and Monetize Platform, and (iii) notice and parental consent required by applicable privacy laws, including COPPA; (f) unless otherwise designated by Developer in the Monetize Platform dashboard, the Developer App is not “directed at children” as defined under COPPA; and (g) it will comply with all applicable Third Party Policies.


WARRANTY DISCLAIMER:

THE VUNGLE SDK, THIRD PARTY SOFTWARE AND MONETIZE PLATFORM ARE PROVIDED “AS IS.” LIFTOFF DOES NOT MAKE ANY WARRANTIES, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, FITNESS FOR A PARTICULAR PURPOSE, AND ANY IMPLIED WARRANTIES ARISING FROM COURSE OF DEALING OR PERFORMANCE. LIFTOFF AND ITS SUPPLIERS, LICENSORS, AND PARTNERS DO NOT WARRANT THAT THE MONETIZE PLATFORM, THIRD PARTY SOFTWARE, OR VUNGLE SDK WILL BE CORRECT, UNINTERRUPTED OR ERROR-FREE, THAT DEFECTS WILL BE CORRECTED, OR THAT THE MONETIZE PLATFORM, THIRD PARTY SOFTWARE OR VUNGLE SDK ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. LIFTOFF DOES NOT WARRANT THE RESULTS OF USE OF THE MONETIZE PLATFORM OR VUNGLE SDK. DEVELOPER ACKNOWLEDGES AND AGREES THAT LIFTOFF MAY MODIFY OR SUSPEND THE MONETIZE PLATFORM AT ANY TIME IN ITS SOLE DISCRETION AND WITHOUT NOTICE.


INDEMNIFICATION:

Developer agrees to indemnify, defend, and hold harmless Liftoff and its affiliates, and their directors, officers, employees, and agents from and against any liabilities, damages, costs and expenses (including reasonable attorneys’ fees) arising out of any claim, demand, action, or proceeding initiated by a third party arising from or in connection with any breach of Developer’s obligations, representations or warranties set forth in this Agreement.


Liftoff agrees to indemnify, reimburse and hold harmless, Developer, its officers, directors, employees, and agents from and against any and all third party claims, liabilities, demands, causes of action, damages, losses and expenses, including, without limitation, reasonable attorneys 'fees and costs of suit, arising out of or in connection with Liftoff’s infringement or misappropriation of a third party U.S. copyright, trademark or trade secret by the use of the Liftoff Property by Developer as permitted hereunder. Liftoff shall have no liability or obligation under this Section with respect to any claim if such claim is caused in whole or in part by (v) compliance with designs, data, instructions, or specifications provided by Developer; (w) modification of the Liftoff Property by any party other than Liftoff without Liftoff’s express consent; (x) failure to integrate any SDK Update and utilize the most up to date version of the Vungle SDK, (y) Third Party Software, or (z) the combination, operation, or use of the Liftoff Property with other applications, portions of applications, product(s), data or services where the Liftoff Property would not by itself be infringing. THE INDEMNIFICATION RIGHTS CONTAINED IN THIS SECTION ARE DEVELOPER’S SOLE REMEDY FOR THIRD PARTY INFRINGEMENT CLAIMS RELATING TO THE VUNGLE SDK AND THE MONETIZE PLATFORM.


LIMITATION OF LIABILITY:

EXCEPT WITH RESPECT TO INDEMNIFICATION OBLIGATIONS HEREIN AND BREACHES OF THE VUNGLE SDK LICENSE, NEITHER PARTY SHALL BE LIABLE TO OTHER PARTY FOR ANY PUNITIVE, INCIDENTAL, INDIRECT, SPECIAL, RELIANCE OR CONSEQUENTIAL DAMAGES, INCLUDING LOST BUSINESS, DATA, REVENUE, OR ANTICIPATED PROFITS, WHETHER BASED ON BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, AND WHETHER OR NOT A PARTY WAS ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGES. EXCEPT WITH RESPECT TO INDEMNIFICATION OBLIGATIONS HEREIN AND BREACHES OF THE VUNGLE SDK LICENSE, IN NO EVENT WILL EITHER PARTY’S AGGREGATE LIABILITY UNDER THIS AGREEMENT EXCEED THE LESSER OF (I) TEN THOUSAND DOLLARS, OR (II) THE FEES PAID TO LIFTOFF HEREUNDER IN THE TWELVE MONTH PERIOD ENDING ON THE DATE THAT A CLAIM OR DEMAND IS FIRST ASSERTED.NOTHING IN THIS AGREEMENT SHALL LIMIT EITHER PARTY 'S LIABILITY FOR DEATH OR PERSONAL INJURY CAUSED BY NEGLIGENCE, FRAUD OR FRAUDULENT MISREPRESENTATION OR ANYTHING ELSE THAT CANNOT BE EXCLUDED UNDER APPLICABLE LAW.


MISCELLANEOUS: If any provision of this IO is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this IO will otherwise remain in full force and effect and enforceable. This IO is not assignable, transferable or sublicensable by either party without the other party’s prior written consent, except in the event of a merger, acquisition or consolidation. Both parties agree that this IO is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral IOs, communications and other understandings relating to the subject matter of this IO, and that all waivers and modifications must be in writing and signed by both parties, except as otherwise provided herein. Revisions to accepted Order Forms must be made in writing and acknowledged by the other party in writing. No agency, partnership, joint venture, or employment is created as a result of this IO and the Developer does not have any authority of any kind to bind Liftoff in any respect whatsoever. All notices under this IO will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; and upon receipt, if sent by certified or registered mail (return receipt requested), postage prepaid. Liftoff will not be liable for any loss resulting from a cause over which it does not have direct control. This IO will be governed by the laws of Singapore without regard to its conflict of law provisions. Any dispute arising out of or related to this IO shall be negotiated and settled by both parties in accordance with the principle of deliberation and kinship. If no agreement is reached, then the parties agree that the dispute shall be submitted to the Singapore International Arbitration Centre (“SIAC”) and be settled in accordance with the arbitration rule of SIAC then in effect when the applicable for arbitration is filed. The venue for the arbitration shall be Singapore. The proceedings for the arbitration shall be conducted in the English language. The award of arbitration shall be final and binding upon both parties.


Monetize DPA

Monetize Data Privacy Addendum

This Data Privacy Addendum (“Addendum“) forms part of the Monetize IO ("IO") in place between LMI, Inc. (“Liftoff”) and the company identified as the “Developer” in the IO.  The terms of the Addendum shall only apply to the extent a Party processes Personal Data protected by Data Protection Laws under or in connection with the IO which incorporates these Addendum terms by reference. Capitalized terms used in this Addendum shall have the same meaning given to them in the main body of the IO unless otherwise defined in this Addendum.

IT IS AGREED:

1.          Definitions:

Ad Data” has the meaning given to it in Section 2 of this Addendum.

 

Demand Partners” means Liftoff’s media buying clients, including but not limited to Advertisers and attribution partners, demand side platforms, ad exchanges, agencies, agency trading desks and ad networks who submit “bids” for Liftoff Ad inventory.

 

Data Protection Laws” means all data protection and privacy laws and regulations in any relevant jurisdiction relating to the use or processing of personal data including, including (a) EU Regulation 2016/679 (“GDPR“); (b) GDPR as it forms part of the law of England and Wales by virtue of section 3 of the European Union (Withdrawal) Act 2018 (the “UK GDPR“); (c) any laws or regulations ratifying, implementing, adopting, supplementing or replacing the GDPR; (d) in the UK, the Data Protection Act 2018 (“DPA“); (e) any laws and regulations implementing or made pursuant to EU Directive 2002/58/EC (as amended by 2009/136/EC); (f) in the UK, the Privacy and Electronic Communications (EC Directive) Regulations 2003; in the USA, (g) Children’s Online Privacy Protection Act; (h) California Consumer Privacy Act; and (i) California Privacy Rights Act, in each case, as updated, amended or replaced from time to time and the terms “data subject”, "processing”, “personal data breach”, “Commissioner”, “processor” and “controller” referred to in this Addendum shall have the meanings set out in the UK GDPR;

 

EEA” means the European Economic Area .

 

EEA Standard Contractual Clauses” means the Module One standard Controller to Controller contractual clauses for the transfer of EEA Personal Data to Controllers established in Third Countries set out in the European Commission Decision 2021/914 dated 4 June 2021 (and for these purposes, the provision relating to Modules 2, 3 and 4 of the standard contractual clauses are deleted) as amended or replaced from time to time;

 

"Enquiry" means any request, complaint, investigation, notice or communication from an data subject or a governmental or regulatory body or authority with responsibility for monitoring or enforcing compliance with the Data Protection Laws.

 

Ex-EEA Transfer” means a transfer of Personal Data subject to GDPR by a Party, to a Party (or its premises) in a Restricted Country;

 

Ex-UK Transfer” means a transfer of Personal Data subject to UK GDPR by a Party, to a Party (or its premises) in a Restricted Country;

 

Parties” means the Developer and Liftoff;

 

Personal Data” means any information relating to an identified or identifiable natural person (which shall include for the avoidance of doubt, any personally identifiable information) or as otherwise defined in applicable Data Protection Laws.

 

Restricted Country” means (a) any country outside the UK or EEA which is not deemed adequate by (for Personal Data subject to GDPR) the European Commission pursuant to article 45 of GDPR or by (for Personal Data subject to UK GDPR) the Secretary of State in accordance with the relevant provisions of the UK GDPR and the DPA, or an adequacy decision recognised pursuant to paragraphs 4 and 5 of Schedule 21 of the DPA.

 

Tracking Technologies” means mobile SDKs, unique identifiers, pixels, and similar tracking technologies.

 

UK” means the United Kingdom.

 

UK Addendum” means the International Data Transfer Addendum to the Standard Contractual Clauses, as may be amended, replaced or superseded by the UK’s Information Commissioner’s Office (“ICO“) from time to time (including as formally issued by the ICO under section 119A(1) DPA).

 

Privacy Notice” means the privacy notice available (the latest version of which is available here: https://liftoff.io/privacy-policy/), as updated from time to time.

 

2.         Scope of Processing:

2.1                 Developer acknowledges and agrees that in connection with the Monetize Platform and Vungle SDK:

2.1.1              Liftoff may collect or otherwise receive data (including Personal Data) relating to end users of the Developer Apps (such as App Data), including unique device identifiers, log information, as well as usage data (such as Performance Data), including information about ads viewed or clicked, post-install data, geo-location of an end user’s device (as may be enabled by the Developer App) and streaming data, all as more particularly described in the Privacy Notice (collectively “Ad Data“); and

2.1.2             Liftoff and its Demand Partners use Tracking Technologies to collect certain Ad Data.

 

2.2               Developer grants Liftoff a perpetual, irrevocable, worldwide, sublicensable right and license to use, copy, modify, distribute and otherwise  process Ad Data for the following purposes:

2.2.1            accessing or calling the Developer Apps, or the servers that make them available, to cause the routing, serving, displaying, targeting, and tracking the performance of Liftoff Ads on the Developer Apps;

2.2.2          building and storing profiles of end users;

2.2.3          using Ad Data for Liftoff's (or its group companies') internal business purposes, including to develop and improve the Vungle SDK and Monetize Platform or any other products or services operated by Liftoff or any of its group companies;

2.2.4          for any other purposes identified in the Privacy Notice; and

2.2.5          disclosing Ad Data: (i) to third parties (including Demand Partners) as reasonably necessary to operate the Monetize Platform or any platform or offering operated by Liftoff or any of its group companies; (ii) to third parties (including Demand Partners) to allow such third parties to undertake statistical analysis for their own internal business purposes only (for example; to help determine the amount to bid on the Developer's inventory or inventory similar to it); (iii) if required by any court order, process, law or governmental agency; and/or (iv) generally when it is aggregated, such that the specific information relating to Developer or any underlying end user is not directly identifiable  (“Permitted Purposes“).

 

3.         Relationship between the Parties and Controller Terms:

 

3.1                 The Parties acknowledge and agree that for the purposes of Data Protection Laws, each Party is an independent controller with respect to their processing of Personal Data. Each Party will determine their legal basis for processing Personal Data independently.

 

3.2               Each Party must at all times:

 

3.2.1             process Personal Data in accordance with Data Protection Laws; and

3.2.2           not cause or permit anything to be done which may result in a breach by the other Party of Data Protection Laws.

 

3.3               Liftoff shall process Personal Data only for the Permitted Purposes. Nothing in the IO (including this Addendum) shall limit or prevent Liftoff from collecting or using data that Liftoff would otherwise collect and process independently of Developer’s use of the Monetize Platform and Vungle SDK.

 

3.4               Each Party is responsible for responding to any Enquiries independently of the other Party.

 

3.5               If either Party receives an Enquiry which relates to the other Party's: (i) processing of Personal Data; or (ii) potential failure to comply with Data Protection Laws in respect of the Personal Data, that Party must, without undue delay, notify the other Party of such Enquiry and direct the person making the Enquiry to the other Party.

 

3.6               If a Party needs assistance from the other Party to respond to an Enquiry, the other Party shall co-operate and provide such information and assistance as the other Party may reasonably require to enable the other Party to comply with its obligations under Data Protection Laws in respect of such Enquiry.

 

3.7                Each Party shall as soon as reasonably practicable after discovering any Personal Data breach notify the other Party of the same and, at its own expense, shall use its reasonable endeavours to:

3.7.1             minimise the impact of such Personal Data breach and prevent such Personal Data breach recurring; and

3.7.2            provide all reasonable assistance as the other Party shall require to provide such notifications as may be required in accordance with Data Protection Laws.

 

4.         Developer’s Responsibilities:

4.1                Notice Requirements

4.1.1              Developer represents and warrants that it shall conspicuously post, maintain, and abide by a publicly accessible privacy notice within the Developer App that satisfies the transparency and information requirements of the Data Protection Laws and this Addendum. If notice cannot be provided in or around Liftoff Ads, then Developer should make arrangements to provide notice within the Developer App or on the landing page of the Liftoff Ad.

 

4.1.2             Without prejudice to the generality of the foregoing, such notice shall, at a minimum, include the following: (i) the fact that Liftoff and its Demand Partners use Tracking Technology to collect use and share Ad Data; (ii) a conspicuous  link to or description of how and where end users can opt-out of collection and use of their information for ad targeting, including a link to the Liftoff opt-out (https://vungle.com/opt-out/); (iii) a description of the types of Ad Data that are collected and how and for what purposes the Ad Data will be used or transferred to third parties, including the fact that third parties may process Ad Data to provide measurement services and targeted ads; and (v) where EU Data Protection Law applies, the identity of the Controller(s) of Ad Data.

 

4.2               Notice and Consent.  Developer represents and warrants it has provided (and shall maintain) all required notices and obtained all necessary permissions and consents in accordance with the Data Protection Laws from the relevant data subjects (including any parental consent required by applicable Data Protection Laws) on behalf of Liftoff and all applicable Demand Partners to lawfully permit:

4.2.1             Liftoff and all applicable Demand Partners to collect, process and share Ad Data for the Permitted Purposes; and

4.2.2           deploy Tracking Technologies in order to collect Ad Data from the devices of end users served with Liftoff Ads.

 

4.3               Consent Mechanism.  Where consent is the lawful basis for processing Personal Data collected via Developer Apps by either party and/or where consent is required for the use of Tracking Technologies pursuant to Data Protection Laws, Developer represents and warrants that it shall, at all times, make available, maintain and make operational on the Developer Apps:

4.3.1            a mechanism for obtaining such consent from data subjects in accordance with the requirements of the Data Protection Laws; and

4.3.2           a mechanism for data subjects to withdraw such consent (opt-out) in accordance with the Data Protection Laws.

 

4.4               Consent Records.  Developer shall maintain a record of all consents obtained pursuant to Section 4.3 (above) from data subjects as required by the Data Protection Laws, including the time and date on which consent was obtained, the information presented to data subjects in connection with their giving consent, and details of the mechanism used to obtain consent. Developer shall maintain a record of the same information in relation to all withdrawals of consent by data subjects. Developer shall make these records available to Liftoff promptly upon request.

 

4.5               Non-compliance. If Developer is unable to comply with its notice and consent obligations under this Addendum, Developer shall promptly notify Liftoff and Liftoff may elect to perform any one or all of the obligations provided Developer does not prevent Liftoff from performing such obligations. In the event neither party is able to perform such obligations, Liftoff shall have the right to terminate the IO without liability upon written notice.

 

4.6               Prohibited Data Sharing.  Developer shall not:

 

4.6.1            share with Liftoff any Personal Data that allows users of Developer Apps to be directly identified (for example, by reference to their name or email address); and

4.6.2           pass to Liftoff any personal data of children (as such term is defined under applicable Data Protection Laws), unless expressly agreed in writing and as permitted under Data Protection Laws. Upon request, Liftoff shall provide Developer with such reasonable assistance as Developer may require to enable Developer to provide such notice and obtain such consents.

 

5.         International Transfers:

5.1                Neither Party shall process any Personal Data, or transfer the Personal Data (nor permit any Personal Data to be processed) in connection with the IO to any Restricted Country unless it has taken such measures as are necessary to ensure there is adequate protection and appropriate safeguards for such Personal Data in accordance with Data Protection Laws. Such adequate protection and appropriate safeguards may include entering into the EEA Standard Contractual Clauses and/or UK Addendum.

 

5.2               The Parties agree that in the event of an Ex-EEA Transfer, the transferring Party shall comply with the data exporter’s obligations in the EEA Standard Contractual Clauses and the receiving Party shall comply with the data importer’s obligations in the EEA Standard Contractual Clauses, and the EEA Standard Contractual Clauses are deemed to have been executed by the Parties and incorporated into (and form part of) this Addendum, with the following amendments:

 

5.2.1            Clause 7 (docking clause) of the EEA Standard Contractual Clauses shall be included;

5.2.2           the optional language in Clause 11 shall apply;

5.2.3           the governing law for the purposes of Clause 17 (governing law) of the EEA Standard Contractual Clauses shall be the law of Ireland;

5.2.4           the relevant courts for the purposes of Clause 18 (choice of forum and jurisdiction) of the EEA Standard Contractual Clauses shall be the courts of Ireland;

5.2.5           Annexes IA, IB and IC to the EEA Standard Contractual Clauses shall be deemed to have been completed with the information in Appendix A to this Addendum;

5.2.6           Annex II to the EEA Standard Contractual Clauses shall be deemed to have been completed with the information in Appendix B to this Addendum. The security measures listed in Appendix B shall be put in place even if the Parties are both in the EEA or UK.

 

5.3               The Parties agree that in the event of an Ex-UK Transfer, such transfer shall be conducted pursuant to the EEA Standard Contractual Clauses as supplemented and amended by the UK Addendum, which will be deemed to be executed by the Parties and incorporated into and form part of this Addendum, with the Part 1 tables to the UK Addendum completed as follows:

 

5.3.1            Table 1 shall be deemed completed with the information from Appendix A to this Addendum, and the start date shall be the Effective Date of the IO;

5.3.2           In Table 2, the first option shall be selected and the relevant version of the “Approved EEA Standard Contractual Clauses” referenced in that option shall be the EEA Standard Contractual Clauses referenced in Clause 3.2 above (as amended in accordance with Clause 3.2);

5.3.3           Table 3 shall be deemed completed with the information from Appendix A and Appendix B to this Addendum;

5.3.4           Table 4 shall be deemed completed such that the Importer has the right to end the UK Addendum as set out in Section 19 of Part 2 of the UK Addendum; and

5.3.5           the transferring Party shall comply with the data exporter’s obligations in the UK Addendum and the receiving Party shall comply with the data importer’s obligations in the UK Addendum, and if there is any conflict between this Addendum and the UK Addendum, the UK Addendum shall prevail.

 

5.4               in the case of any transfers of Personal Data protected by Data Protection Laws applicable to Switzerland, (i) general and specific references in the Standard Contractual Clauses to GDPR (or any predecessor to the GDPR) shall have the same meaning as the equivalent reference in Data Protections Laws of the Switzerland; (ii) any obligation in the Standard Contractual Clauses determined by the Member State in which the data exporter or data subject is established shall refer to an obligation such aforementioned Data Protection Laws; and (iii) references to the “competent supervisory authority” and “competent courts” shall be replaced with “the Swiss Federal Data Protection and Information Commissioner ” and “relevant courts in Switzerland”.

 

6.         Miscellaneous:

 

6.1                Liftoff reserves the right to modify, suspend or terminate the IO should Developer violate or breach this Addendum.

 

6.2               This Addendum shall survive termination or expiry of the IO.  Upon termination or expiry of the IO, Liftoff may continue to process the Personal Data provided that such processing complies with the requirements of this Addendum.

 

6.3               Notwithstanding anything to the contrary in the IO and without prejudice to Section 2 above, Liftoff may periodically make modifications to this Addendum as may be required to comply with the Data Protection Laws.

 

Appendix A

Details of the Transfer

Annex 1(A) List of Parties:

Data Importer

Name: The Liftoff group entity specified in the IO

Address: As specified in the IO

Official registration number (if any):

Contact person’s name, position and contact details: DPO, DPO@liftoff.io

Activities relevant to the data transferred: SSP services

Signature and date: As per the IO

Role (Controller/Processor): Controller

 Data Exporter

Name: Developer, as identified in the IO

Address: As specified in the IO

Official registration number (if any):

Contact person’s name, position and contact details: As specified in the IO

Activities relevant to the data transferred: See Annex 1(B) below

Signature and date: As per the IO

Role (Controller/Processor): Controller

Annex 1(B) Description of processing/ transfer:

Categories of data subjects whose personal data is transferred:

  •       End users of the Developer Apps or end users viewing ads delivered to the Developer Apps (“End Users“).
  • Developer employees and other personnel authorized to use the Monetize Platform (“Developer Users“)

Categories of personal data transferred:

 End Users

·           Identifiers: cookie and mobile Ad identifiers (such as IDFA, ADID, GPID etc.,), IP address, data that could be used for fingerprinting, latitude and longitude, GPS location;

·           Demographic information: location,  age range, gender, other publisher-specified demographics (tied to an identifier);

·           User agent or such device information.

·           Behavioral data:

Developer Users

Contact details (name, email, telephone) and professional details (role)

Sensitive data transferred:

None.

If sensitive data, the applied restrictions or safeguards

N/A

Frequency of the transfer:

Data is transferred on a continuous basis.

Nature, subject matter and duration of processing:

 Processing of Personal Data to provide the Liftoff Services pursuant to the Agreement. The subject matter of the processing is the Personal Data described in this Annex.

Purpose(s) of the data transfer and further processing:

 End Users: For the Permitted Purposes (as defined in the Addendum).

Developer Users: For business relationship, marketing and account management purposes.

Period for which the personal data will be retained, or if that is not possible the criteria used to determinate that period, if applicable

Liftoff will not retain the personal data for longer than the period during which Liftoff has a legitimate need to retain the personal data for purposes it was collected or transferred in accordance with the Addendum.

Annex 1(C) Competent supervisory authority:

The competent supervisory authority, in accordance with Clause 13 of the New SCCs

The competent supervisory authority shall be determined in accordance with GDPR and the UK GDPR.

 

 

 

Appendix B

Technical and Organizational Security Measures

 

Introduction

Each party employs a combination of policies, procedures, guidelines and technical and physical controls to protect the personal data it processes from accidental loss and unauthorised access, disclosure or destruction.

 

Governance and Policies

Each party assigns personnel with responsibility for the determination, review and implementation of security policies and measures.

Each party:

 

         has documented the security measures it has implemented in a security policy and/or other relevant guidelines and documents;

         reviews its security measures and policies on a regular basis to ensure they continue to be appropriate for the data being protected.

 

Each party establishes and follows secure configurations for systems and software, and ensures that security measures are considered during project initiation and the development of new IT systems.

 

Breach response

Each party has a breach response plan that has been developed to address data breach events. The plan is regularly tested and updated no less than once per year.

 

Intrusion, anti-virus and anti-malware defences

Each party’s IT systems used to process personal data have appropriate data security measures, including: (a) physical access controls; (b) remote access control includes firewalls on the internal network; (c) user access is logged and monitored for unusual and unauthorized access; (d) threat assessment and vulnerability scanning; (e) data is encrypted at rest.

 

Access controls

Each party limits access to personal data by implementing appropriate access controls, including: (a) limiting administrative access privileges and use of administrative accounts; (b) changing all default passwords before deploying operating systems, assets or applications; (c) requiring authentication and authorisation to gain access to IT systems (i.e. require users to enter a user id and password before they are permitted access to IT systems); (d) only permitting user access to personal data which the user needs to access for their job role or otherwise limited to the purpose for which they are given access (i.e. Service Provider implements measures to ensure least privilege access to IT systems); (e) appropriate procedures for controlling the allocation and revocation of personal data access rights, including procedures for revoking employee access to IT systems when they leave their job or change role; (f) encouraging users to use strong passwords, such as passwords with over fourteen characters, combination of upper and lower case letters, numbers and special characters; (g) automatic timeout and locking of user terminals if left idle; (h) monitoring and logging access to IT systems.

 

Availability and Back-up personal data

Each party has a documented disaster recovery plan that ensures that key systems and data can be restored in a timely manner in the event of a physical or technical incident. The plan is regularly tested and updated. Service Provider regularly backs-up information on IT systems and keeps back-ups in separate locations.  Back-ups of information are tested periodically.

 

Segmentation of personal data

Each party separates and limits access between network components and, where appropriate, implements measures to provide for separate processing (storage, amendment, deletion, transmission) of personal data collected and used for different purposes.

 

Disposal of IT equipment

Each party has in place processes to securely remove all personal data before disposing of IT systems, and uses appropriate technology to purge equipment of data and/or destroy hard disks.

 

Encryption

Each party uses encryption technology where appropriate to protect personal data held electronically, including encryption of data where appropriate and encryption of company issued portable devices used to process personal data. Encryption keys are stored separately from the encrypted information, and are subject to appropriate security measures.

 

Transmission or transport of personal data

Appropriate controls are implemented by each party to secure personal data during transmission or transit, including, but not limited to: use of VPNs; SSL in transit; logging personal data when transmitted electronically; ensuring physical security for personal data as appropriate when transported.

 

Asset and Software management

Each party maintains an inventory of IT assets and the data stored on them, together with a list of owners of the relevant IT assets. Service Provider: documents and implements rules for acceptable use of IT assets; proactively monitors software vulnerabilities and promptly implements any out of cycle patches.

 

Physical security  

Each party implements physical security measures to safeguard personal data. This may include  deployment of appropriate building security, including visitor logs, ID card access for staff, logs of staff access to buildings, and CCTV.

Staff training and awareness

Each party’s agreements with staff and contractors and employee handbooks set out its personnel’s responsibilities in relation to information security.

 

Each party requires:  staff training on data security and privacy issues relevant to their job role and ensures that new starters receive appropriate training before they start their role (as part of the on boarding procedures); appropriate screening and background checks on individuals that have access to sensitive personal data; that Staff are subject to disciplinary measures for breaches of such party’s policies and procedures relating to data privacy and security.

 

Selection of service providers and commission of services

Each party assesses service providers’ ability to meet their security requirements before engaging them.  Each party has written contracts in place with service providers which require them to implement appropriate security measures to protect the personal data they have access to and limit the use of personal data in accordance with Service Provider’s instructions.

 

Each party audits service providers (including subprocessors) that have access to such party’s data either through physical inspection by appropriately qualified security auditors or by reviewing its service providers’ security accreditation (such as ISO 27001 or SOC II) reports. Each party’s breach response protocol and agreements with its service providers provide for the audit of such service providers (and subprocessors) following receipt of any notice of a security incident from that service provider.

 

Assistance with Data Subject Rights Requests

Each party has implemented appropriate policies and measures to identify and address data subject rights requests, including: (a)  maintaining accurate records to enable it to identify quickly all personal data processed on behalf of the other party; (b) ensuring deletion and rectification requests are fully actioned.

 

Vungle Inc. ∙ 555 Bryant Street, Palo Alto CA 94301

support@liftoff.io