THIRD-PARTY APPLICATION TERMS FOR MX SERVICES


The following additional terms and conditions are Third-Party Application Terms that apply to Customer’s and its End Users’ access to and use of the products and services that Quiltt offers from MX Technologies, Inc. (“MX”) as a Third-Party Application. These Third-Party Application Terms are in addition to the terms and conditions of any Order and the Quiltt Terms of Service, all of which comprise the “Agreement” for purposes of the MX Service. In the event of a conflict between these Third-Party Application Terms and the terms and conditions relating to Quiltt Services, these Third-Party Application Terms control and govern with respect to the MX Service. Capitalized terms that are not defined in these Third-Party Application Terms have the meanings given to them in the Quiltt Terms of Service or the Order.

  1. Additional Definitions.

Aggregated Data” means End User Data and information that is Anonymized and aggregated with similar data and information to the extent that the original End User Data and information is no longer attributable to any specific End User.  “Anonymized” for purposes of this definition, means data that is made unidentifiable by removing all information that identifies, provides a reasonable basis to identify, or could reasonably be anticipated to identify, a specific User or individual. For the avoidance of doubt, Anonymized data cannot be reidentified or deanonymized at any time and does not include any form of personally identifiable information.

“MX Materials” means any materials that MX or Quiltt provides to Customer as part of, or in the course of providing, the MX Service, including materials provided through any online portal. 

MX Service” means any products or services provided by MX that Customer receives via an Order with Quiltt.

Spec Sheet” means a document provided by MX that describes the work by Customer that is necessary to configure the MX Service purchased by Customer.

MX Subscription” means an End User’s right to use the MX Service purchased by Customer through Quiltt pursuant to the terms of the Agreement.

Third-Party Data Provider” means any third party entity, including financial institutions, which provides End User Data or other data to MX for use in the MX Service.

  1. MX Service.
  1. Access to MX Service and MX Materials. In exchange for payment of the fees listed on the Order, and subject to the terms of the Quiltt Terms of Service and these Third-Party Application Terms, Quiltt and MX grant Customer a nonexclusive, royalty-free, nontransferable right, solely during the term of an MX Subscription: (a) to access and use the MX Service solely for Customer’s internal business purposes; and (b) to use the MX Materials solely in conjunction with Customer’s authorized use of the MX Service. Without the prior written consent of MX, Customer shall not alter or remove, or permit any third party to alter or remove, any proprietary trademark or copyright markings incorporated in, marked on or affixed to any MX Materials. The MX Materials the Confidential Information of MX. Customer shall use the MX Materials only as expressly permitted in this Agreement or the applicable Spec Sheet.
  2. Provision of MX Service. Customer must purchase an MX Subscription for each End User who may access or use the MX Service. Customer agrees that its purchase of the MX Service is neither contingent upon the delivery of any future functionality or features nor dependent upon any oral or written comments made by MX or any of its employees or agents with respect to future functionality or features.  Customer shall provide Quiltt such information regarding Customer’s data requirements and services as MX may reasonably require to facilitate its provision of the MX Service. MX may disclose any such information to its Third-Party Data Providers where reasonably necessary for the provision of the MX Service. MX has the right to monitor any and all use of the MX Service without notice to Customer or Quiltt or their personnel and may provide any information obtained through such monitoring to its Third-Party Data Providers.  
  1. Additional Responsibilities.
  1. Customer Responsibilities. Customer shall: (a) prevent unauthorized access to or use of the MX Services and notify Quiltt and MX promptly of any such unauthorized access or use; (b) use and provide access to the MX Service only in accordance with the Quiltt Terms of Service, the Order, these Third-Party Application Terms, and applicable law; and (c) maintain the security of the End User Data and the MX Service in accordance with industry standards and Section 9. In all instances where Customer permits access to the MX Service by End Users, Customer shall ensure compliance by such End Users with all of the requirements of the Agreement relating to the MX Service, and that any act or omission relating to the MX Service shall be deemed acts or omissions as though performed (or not) by Customer. Customer shall not charge End Users any fees that identify, or are identifiable to, MX, any Third-Party Data Provider, or to the End User’s use of the MX Service. The right to use the MX Service hereunder is for the use of object-oriented elements of the MX Service only, and neither Customer nor any End User shall have rights to the MX Service’s source code whether by escrow or otherwise. If Customer both accesses End User Data and initiates payments, it must obtain separate and distinct consents from each End User for these separate activities. With respect to consents required to be obtained from End Users hereunder, Customer must have and maintain such systems and procedures as may be reasonably necessary or otherwise required by MX to actively track, monitor, and document such End User consent and any revocation thereof.
  2.  End User Access. Prior to any access or use of the MX Service, Customer must require each of its End User to agree to minimum end user terms and conditions governing such End User’s use and access to the MX Service in the form of an end user license agreement governing such End User’s use of the MX Service that is substantially equivalent to and includes terms at least as protective of MX as those minimum end user terms and conditions attached hereto as Exhibit A – Minimum End User Terms and Conditions, as amended and supplemented by MX from time to time (“EULA”). Customer is responsible for all activity that occurs in its End Users’ accounts and for each End User’s compliance with the Agreement and the EULA. Prior to any access or use of the MX Service, each End User shall agree to the EULA. MX may amend and supplement the EULA at any time. Quiltt will notify Customer of any such change to the EULA (including by notice via the Quiltt Services), and Customer shall have no more than thirty (30) days from receipt of such notice to update its EULA to reflect such amendment or supplement, or a longer period if otherwise provided for by MX. Notwithstanding the foregoing or anything to the contrary herein, the EULA shall: (a) be prominent, written, accurate and as easy-to-understand by a reasonable consumer as other standard end user license agreements are; (b) accurately set forth what data (including all compilations, aggregations, and combinations of the same) is collected, how collected data will be used, and how collected data will be shared, exchanged, or sold; (c) provide clear and conspicuous disclosures to all End Users and prospective End Users, legally sufficient to comply with applicable law regarding the collection, use, and sharing described; (d) identify or disclose to each End User any and all categories of third parties to whom End User Data may be provided or who may use, receive, store, or process the same; (e) inform End Users of their rights with respect to End User Data including, without limitation, the right to terminate access and require deletion; (b) inform End Users that the End User Data does not represent an official record of the End User’s account with any relevant financial institution; (g) state that Quiltt and Customer are acting independently, and not on behalf of any third party, in providing its application or services; (h) describe how the End User Data will be protected in the event that Quiltt or Customer ceases operating as a going concern or otherwise ceases to make available the Quiltt’s and/or Customer’s application to End Users, describing how End User Data in Customer’s possession or control will be safeguarded, deleted, and purged in such circumstances; (i) provide MX and its Third Party Service Providers the same liability restrictions and limitations and warranty disclaimers to which Customer is entitled under its agreement(s) with End Users, to include but not be limited to: (i) exclusion of all implied warranties, including without limitation for merchantability and fitness for a particular purpose; (ii) exclusion of consequential, special, indirect, incidental, punitive, exemplary and tort damages in connection with the MX Service and End User Data made available through the MX Service; and (iii) inclusion of a quantifiable limitation of liability for direct and indirect damages in connection with the MX Service as further set forth herein; (j) release Quiltt, MX, and MX’s Third Party Service Providers of all liability and obligation related to any delays, inaccuracies or incomplete MX Service caused by the failure of Reseller and/or Customer and/or its third party providers to properly or timely meet their obligations or requirements; and (k) be agreed to by Users prior to access to the MX Service or restrict such access until after End User consent to the EULA has expressly occurred.
  3. Access and Use Rights.
  1. Customer shall only request End User Data through the MX Service that is expressly consented to by the End User. Customer may only host and/or store End User Data from locations within the United States unless otherwise approved in advance and in writing by MX, and where applicable, by an applicable Third-Party Data Provider. With respect to End User Data made available through the MX Service, Customer shall not, and shall not attempt to: (a) use, disclose or process the End User Data to target market products or services to End Users that are directly competitive to those offered by any Third Party Data Provider, by using such End Users’ status as a customer of a Third Party Data Provider as criteria; or (b) use any APR, APY, credit limit, or similar data included within the End User Data to ascertain confidential or proprietary information of any Third Party Data Provider, including, without limitation, credit models, credit algorithms, and other business processes and calculations not available to the public.
  2. Customer shall not use or disclose any End User Data accessed through the MX Service, except for the purposes of: (a) providing the End User Data directly to the applicable End User; and (b) complying with applicable law or mandatory requests of a government or regulatory body. Customer must provide End Users the ability to unlink such End User Data from any Quiltt or Customer application or service. In the event that any End User unlinks (or requests the unlinking of) its End User Data from any Quiltt or Customer application or service, Customer will promptly notify Quiltt of the same. Upon request by an End User, Customer shall promptly and permanently delete all End User Data in its possession or control, and shall promptly notify Quiltt of the same.
  3. End User Data obtained through the MX Service shall not be used in any way as a consumer report or as a factor in establishing a consumer’s eligibility for credit, insurance, employment, or other purposes governed by the Fair Credit Reporting Act 15 U.S.C. §1681 (“FCRA”). In the event that Customer utilizes End User Data obtained through the MX Service for any such purpose, Customer expressly agrees MX shall not be responsible for, and Customer shall not request or demand of MX or Quiltt any required compliance with the FCRA, including but not limited to, obtaining all necessary consents and providing all required notices to End Users, disposing of applicable End User Data, ensuring End User information obtained through the MX Service and utilized by Quiltt and/or Customer is accurate and complete, and investigating and remediating End User disputes about the accuracy of any such information provided through the MX Service.
  4. Quiltt or MX may provide Customer a list of Internet Protocol addresses (“IP Addresses”) from which MX may access End User Data from Quiltt or Customer on behalf of End Users. MX may update the provided list from time to time. Customer shall not block or otherwise obstruct MX from accessing End User Data using the IP Addresses in the provided list.
  1. Suspension Rights. MX and Quiltt shall have the right to suspend Customer’s access, in whole or in part, to the MX Service and any End User Data for the following reason(s): (a) Quiltt’s or MX’s good-faith belief that Customer is acting in an unauthorized manner with respect to its access to the MX Service or any End User Data; (b) an End User requests that MX or any Third Party Data Provider no longer permit Quiltt or Customer to access its End User Data (such suspension will only be applied to the requesting End User); (c) Quiltt’s or MX’s good-faith belief that there is a material risk to the security or integrity of the MX Service, the End User Data, or any systems of MX, Quiltt, or Customer; or (d) suspending access is reasonably necessary to prevent harm to the business or reputation of Quiltt, MX, any Third Party Data Provider, and/or their respective customers. Upon any notice of suspension, Customer shall immediately cease any attempt to access the MX Service or any End User Data, including by screen scraping. Unless prohibited by applicable law, Quiltt and/or MX will provide Customer with prompt (and, where reasonably practicable, advance) notice of the suspension, including, if permitted, a description of the scope of the suspension and the reasons for the suspension. Customer will work with Quiltt (and, if requested, MX) to remediate the reason for any suspension, with Quiltt and MX having the final authority as to the duration and extent of any suspension. At any point during such suspension, Quiltt and MX will have the right to terminate Customer’s access to the MX Service and End User Data (and Quiltt will have the right to terminate the Agreement, in part or in whole) by providing notice (which will be at least thirty (30) days’ notice, where reasonably practicable). Additionally, if Customer’s account is thirty (30) days or more overdue, except for charges then under reasonable and good faith dispute, then, following five (5) business days’ written notice and opportunity to cure, which notice may be provided via email, in addition to any of its other rights or remedies, Quiltt and MX reserve the right to suspend Customer’s and its End Users’ access to the MX Service until such amounts are paid in full. Customer further understands that Quiltt is subject to analogous suspension rights by MX, and that Customer’s and its End Users’ access to the MX Service may be suspended if MX suspends Quiltt’s access to the MX Service for any reason, whether or not justified or relating to Customer.
  2. Support. If Customer experiences any issues or problems with the MX Service, it should contact Quiltt for primary support. MX may, at its option, provide Customer with secondary general and technical support via phone or email.
  1. Term and Termination Relating to MX Service.
  1. Term. These Third-Party Applications Terms are effective as of the date provided in the Order and continue until all MX Subscriptions granted in accordance with the Agreement have expired or been terminated. MX Subscriptions are billed in accordance with the Order.
  2.  Effect of Termination. In addition to any obligations relating to expiration or termination of the Order and/or the Quiltt Terms of Service, upon termination of this these Third-Party Application Terms, unless otherwise agreed to by the parties: (a) all rights granted to the MX Service immediately terminate; (b) Customer’s access to the MX Service and all related services immediately cease and neither Quiltt nor MX shall have any obligation to provide or perform the same after the effective date of termination; and (c) Customer will immediately discontinue all use of the MX Service and all access to the MX Service by all End Users.
  1. Proprietary Rights Relating to MX Service.
  1. Reservation of Rights. Except for the limited rights expressly granted hereunder, MX reserve all rights, title, and interest in and to the MX Services, the underlying software, the MX Materials, transactional data, Aggregated Data, and related MX products and services, including all related intellectual property rights inherent therein.  No rights are granted to Customer or End Users hereunder other than as expressly set forth in the Agreement.  All rights not expressly granted hereunder are reserved by MX.
  2. Restrictions. Except as expressly permitted by the Agreement, Customer shall not, and shall not permit or authorize any End User or third party to:  (a) make the MX Service available to anyone other than authorized End Users; (b) license, sublicense, sell, resell, rent, lease, transfer, assign, distribute, time share or otherwise commercially exploit or make the MX Service available to any third party, other than to End Users; (c) attempt to gain unauthorized access to the MX Service or its related systems or networks; (d) access the MX Service in order to build a competitive product or service, or copy any ideas, features, functions or graphics of the MX Service; (e) access or engage in any use of the MX Service in a manner that abuses or materially disrupts MX’s or its service providers’ networks, security systems, the MX Service or websites; (f) interfere with or disrupt the integrity or performance of the MX Service or data contained therein; (g) modify, copy, display, republish, or create derivative works based on the MX Service or the underlying software; (h) modify, copy, or create derivative works of the MX Materials; (i) frame, scrape, link to or mirror any content forming part of the MX Service, other than on Customer’s own intranets or otherwise for its own internal business purposes; (j) reverse engineer, reverse assemble, disassemble, decompile or otherwise attempt to decipher any code used in connection with the MX Service, underlying software, or MX Materials; (k) use the MX Service for fraudulent purposes or otherwise in violation of applicable law; (l) send MX, or process through the MX Service, any data of an End User or any third party that falls under the protections of the Health Insurance Portability and Accountability Act (HIPAA) of 1996; (m) use the MX Service to send spam or otherwise duplicative or unsolicited messages in violation of applicable laws; (n) use the MX Service or End User Data to send or store infringing, obscene, threatening, libelous, or otherwise unlawful or tortious material, including material harmful to children or violative of third-party privacy rights or in any manner that encourages, supports, or promotes illegal activities or unlawful gambling; (o) upload to the MX Service or use the MX Service to send or store viruses, worms, time bombs, Trojan horses or other harmful or malicious code, files, scripts, agents or programs; (p) conduct any platform or system level testing of the MX Service; (q) permit any third party to utilize or access the MX Service, the MX Materials, or any other MX technology, except Customer and End User access expressly permitted under the Agreement or for whom Quiltt and MX have given Customer prior written permission; or (r) where the End User Data is provided in a de-identified form, re-identify or attempt to re-identify such End User Data.
  3. Intellectual Property Rights Ownership; Use.
  1. MX Intellectual Property. MX alone (and its suppliers, where applicable) shall own all right, title and interest, including all related intellectual property rights, in and to all of the MX proprietary technology (including software, hardware, products, processes, algorithms, user interfaces, know-how, techniques, designs and other tangible or intangible technical material or information) (hereafter, “MX Technology”) made available to Customer by MX in providing the MX Service and the MX Technology.  These Third-Party Application Terms are not a sale and do not convey to Customer or any other third party any rights of ownership in or related to the MX Service, the MX Technology, or the intellectual property rights owned by MX and its suppliers.  he MX name, MX logo, and the product names associated with the MX Service are trademarks of MX or its suppliers, and unless expressly granted herein, no right or license is granted to use them. Customer and its End Users will not accrue any residual rights to the MX Technology or MX Service, including any rights to the intellectual property rights in connection therewith. Unless otherwise expressly agreed to in writing by MX and Quiltt, the MX Service will at all times reside on server(s) owned and operated by or on behalf of MX.
  2. Customer Marks. Customer hereby grants to Quiltt and to MX a worldwide, non-exclusive, revocable, limited license during the term of these Third-Party Application Terms, to use the trademarks, marks, logos and trade names of Customer (collectively, “Customer Marks”), and to sublicense the Customer Marks to Third Party Data Providers, for the sole purpose of providing the MX Service and identifying Customer to End Users as a recipient of End User Data and obtaining consent from such End Users. Quiltt and MX shall use the Customer Marks, and MX shall require that any Third Party Data Provider use the Customer Marks, in compliance with any reasonable trademark use policies Customer may promulgate from time to time and provide to Quiltt and to MX in writing. In the event that Customer has subscribed for the MX Services on a White Label basis, Customer grants to Quiltt and to MX a non-exclusive, non-transferable, royalty-free right for Quiltt and MX to use and display the Customer’s name, logo, and any other trademarks or designs of Customer as designated by Customer, as necessary and appropriate for Quiltt and MX to fulfill their respective obligations under the Agreement and in accordance with the reasonable standards set by Customer.  For purposes of these Third-Party Application Terms, “White Label” means Customer’s rebranded use of the MX Service.
  3.  End User Data. End User Data is deemed Confidential Information under the Agreement.  In accordance with the EULA, Customer grants a nonexclusive, worldwide, royalty-free license for Quiltt and MX to reproduce, display, adapt, enhance, aggregate, transmit, distribute and otherwise use End User Data as necessary or reasonable to provide the MX Service and to use the End User Data in anonymized and aggregated form for generating Aggregated Data. MX will retain a transferable, sublicensable, nonexclusive, perpetual, worldwide, royalty-free, irrevocable license to all Aggregated Data related to the use of the MX Service, which it may aggregate, collect and otherwise use for its business purposes but only to the extent that such use does not reveal the identity of any individual, household, or company, including any End Users, Quiltt, Customer, its affiliates or any customer or employee of Quiltt, Customer, or its Affiliates.
  4. MX Service Feedback. Customer has no obligation to give Quiltt or MX any suggestions, ideas, enhancement requests, feedback, recommendations, comments or other information provided related to the MX Service or MX Technology (collectively, “MX Service Feedback”).  MX Service Feedback shall not include any End User Data, Quiltt-related or Customer-related data, intellectual property rights of Quiltt or Customer. To the extent MX receives any MX Service Feedback from Customer, MX may use and include any MX Service Feedback that Customer chooses to voluntarily provide to improve the MX Services, MX Technology, or any other related technologies or intellectual property. Accordingly, if Customer provides MX Service Feedback to MX, Customer hereby assigns to MX any MX Service Feedback and agrees that MX and its affiliates, licensees, clients, partners, third-party providers, and other authorized entities may freely use, reproduce, license, distribute, and otherwise commercialize the MX Service Feedback in the MX Services or other related technologies.
  1. Warranties and Disclaimers.
  1. Customer Warranties. Customer hereby warrants that Customer: (a) has all rights necessary, including all consents and/or licenses, and Customer has provided any applicable disclosures, to make the End User Data available to Quiltt and MX for the MX Service; (b) will conduct business in a professional manner that, to the best of its ability, reflects favorably on the MX Service and the good name, goodwill and reputation of MX; (c) will avoid deceptive, misleading or unethical practices that are or might be detrimental to MX and the MX Service; (d) will make no false or misleading representations nor publish, employ, or cooperate in the publication or employment of any misleading or deceptive advertising material with regard to MX, MX Technology and/or the MX Service; (e) will not make representations, warranties or guarantees to End Users or any other third party with respect to the specifications, features or capabilities of MX, MX Technology, and/or the MX Service that are inconsistent with the terms of these Third-Party Application Terms; (e) it is providing End User Data to Quiltt and MX in accordance with applicable law; and (f) will use and provide access to the MX Services only in accordance with the Agreement.
  2. Disclaimer. EXCEPT AS EXPRESSLY PROVIDED IN THESE THIRD-PARTY APPLICATION TERMS, CUSTOMER UNDERSTANDS THAT THE MX SERVICE, END USER DATA, AND ANY RELATED PRODUCTS, SERVICES, AND CONTENT ARE PROVIDED “AS IS” AND MX, ITS AFFILIATES, SUPPLIERS, THIRD PARTY DATA PROVIDERS, RESELLERS, AND ITS LICENSORS MAKE NO WARRANTIES OF ANY KIND WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND SPECIFICALLY DISCLAIM ALL IMPLIED WARRANTIES, INCLUDING ANY WARRANTIES OF MERCHANTABILITY, QUIET ENJOYMENT, SATISFACTORY QUALITY, NON-INFRINGEMENT OF THIRD PARTY RIGHTS, AND FITNESS FOR A PARTICULAR PURPOSE TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.  IN ADDITION, CUSTOMER ACKNOWLEDGES (i) THE MX SERVICE AND ANY RELATED MX PRODUCTS AND SERVICES DO NOT CONSTITUTE THE PROVISION OF LEGAL ADVICE OR SERVICES IN ANY MANNER; (ii) THE MX SERVICE DOES NOT ENSURE CUSTOMER’S COMPLIANCE WITH ANY APPLICABLE LAW; AND (iii) CUSTOMER IS SOLELY RESPONSIBLE FOR ITS COMPLIANCE WITH ALL APPLICABLE LAWS.  MX, ON BEHALF OF ITSELF AND ALL THIRD-PARTY DATA PROVIDERS, EXPRESSLY DISCLAIMS ANY TYPE OF REPRESENTATION OR WARRANTY REGARDING THE AVAILABILITY OR RESPONSE TIME OF THE MX SERVICE OR END USER DATA OR THAT ACCESS TO THE MX SERVICE OR END USER DATA WILL BE UNINTERRUPTED OR ERROR-FREE AND, EXCEPT AS EXPRESSLY PROVIDED FOR HEREIN, EXPRESSLY DISCLAIMS THE ACCURACY, COMPLETENESS AND CURRENCY OF ALL END USER DATA. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY MAY LAST. CUSTOMER MAY HAVE OTHER RIGHTS WHICH VARY FROM JURISDICTION TO JURISDICTION.
  1. Additional Indemnification by Customer. In addition to any indemnification obligations in the Quiltt Terms of Service:
  1. Customer shall defend Quiltt and MX, at Customer’s expense, against any claims, demands, suits or proceedings (“Claims”) made or brought against Quiltt or MX by a third party alleging: (i) any disclosure of any personally identifiable information of an End User or other third party by Customer or any of its officers, directors, employees, and agents; (ii) failure to obtain valid consent to use the End User Data as contemplated hereunder;  (iii) use of the End User Data in excess of End User’s obtained consent (iv) any products or services offered or provided by Customer that are sold or integrated by Customer with or without the MX Service infringes a patent, copyright, or trademark of a third party or misappropriates such third party’s trade secrets; (v) End User Data, Customer’s use, or any End User’s use of the MX Service in violation of the Agreement infringes or otherwise violates a third party’s property, privacy or other rights; and (vi) sales and marketing efforts related to the offering of the MX Service except to the extent acting at the express written instruction by or based on information or data provided by MX in writing. Further, Customer shall indemnify and hold Quiltt and MX harmless against all costs, including reasonable attorneys’ fees, finally awarded against Quiltt and/or MX by a court of competent jurisdiction or an arbitrator, or agreed to in a written settlement agreement signed by Customer, in connection with such Claims. Promptly upon receiving notice of a Claim, Quiltt or MX, as applicable, shall (a) give Customer prompt written notice of the Claim; (b) give Customer sole control of the defense and settlement of the Claim, provided that Customer may not settle or defend any Claim unless it unconditionally releases Quiltt and/or MX, as applicable, of all liability; and (c) provide to Customer, at Customer’s cost, all reasonable assistance in the defense or settlement of such Claim. Customer’s indemnification obligation shall be offset to the extent its ability to defend or settle a claim is jeopardized by Quiltt’s or MX’s failure to comply with the preceding sentence.
  2. Customer shall indemnify Quilt again, and hold it harmless from, any Losses incurred by Quiltt that arise from or relate to:  (i) Customer’s breach of these Third-Party Application Terms, (ii) any End User’s breach of the EULA, or (iii) Customer’s or its End Users’ use of or access to the MX Service.
  1. Liability Limitations and Exclusions.
  1. .IN NO EVENT SHALL MX, ITS LICENSORS, AND ITS THIRD-PARTY DATA PROVIDERS HAVE ANY LIABILITY TO CUSTOMER ARISING OUT OF OR RELATED TO THESE THIRD-PARTY APPLICATION TERMS OR THE USE OR INABILITY TO USE THE MX SERVICE, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY.
  2. THE LIMITATIONS OF LIABILITY IN THE QUILTT TERMS OF SERVICE DO NOT APPLY TO LIMIT OR EXCLUDE ANY LIABILITY OF CUSTOMER THAT ARISES FROM OR RELATES TO THESE THIRD-PARTY TERMS OF SERVICE OR THE MX SERVICE, 
  1. Audits and Security.
  1. Audit. During the term of these  Third-Party Application Terms and for one year thereafter, Customer will, upon reasonable advance written notice from Quiltt or MX, (i) permit MX, through its internal and external auditors or those of any Third-Party Data Provider, to audit, review and inspect (A) the books, records, and other documents, including security logs, of Customer, and (B) Customers’ systems, networks, and facilities (an “Audit”), or (ii) provide to MX or any Third-Party Data Provider a written attestation of Customer’s compliance with the terms and conditions of the Agreement governing the processing of End User Data, the prompt reporting of all Security Incidents (as defined below), and obligation to refrain from re-identifying or attempting to re-identify any aggregated or de-identified End User Data (an “Attestation”). All Audits will be conducted for the sole and exclusive purposes of confirming Customer’s compliance with the data handling and security terms and conditions of the Agreement, and will occur during regular business hours at a time to be agreed by Customer and the party or entity performing the Audit, at MX’s or an applicable Third-Party Data Provider’s sole cost and expense, and, except following the occurrence of a Security Incident, no more frequently than once per year.  Customer agrees to reasonably cooperate with any Audit performed pursuant to this Section 9 and shall promptly take all actions necessary to remediate any material deficiencies and non-compliance discovered as a result of any Audit or Attestation. All Attestations and the results of any Audits conducted with respect to Customer shall be considered Customer’s Confidential Information; provided, however, that MX may disclose copies of the same to any Third-Party Data Provider at MX’s sole discretion. Nothing in this Section 9 is or shall be construed as limiting the rights of any governmental or regulatory authority to conduct audits or investigations. Customer acknowledges that MX intends to fully comply with all governmental and regulatory authorities, including with respect to any law enforcement or judicial investigations, and that in connection with the foregoing, MX may disclose the identity of, and any information transmitted or received by, persons accessing the MX Service. Customer agrees to fully cooperate with any audits or investigations conducted by a governmental or regulatory authority pursuant to applicable law.
  2. Information Security. In connection with these Third-Party Application Terms, the parties may have access to and/or be provided with information concerning End Users and their past or present accounts including End User Data or other information that is personally identifiable information or nonpublic personal data (“Nonpublic Personal Information”). In connection with all such Nonpublic Personal Information, Customer must:
  1. handle, keep, maintain and secure from others the Nonpublic Personal Information to which it has access or is provided, with the utmost of care and confidentiality. In no event shall Customer take precautions any less stringent than those employed to protect its own proprietary and confidential information;
  2. allow the Nonpublic Personal Information to be accessed and used only in connection with the provisions of the Agreement;
  3. not share, disclose, provide, or permit access to (or allow to be shared, disclosed, provided or accessed) any Nonpublic Personal Information by any other person or entity, except as permitted hereunder or as permitted by the applicable End User;
  4. enter into a written agreement with any third party to which Customer provides access to Nonpublic Personal Information or Confidential Information, requiring that the third party safeguard Nonpublic Personal Information and Confidential Information in a manner no less restrictive than the obligations under the Agreement;
  5. implement appropriate safeguards and programs (including, but not limited to security controls such as physical and logical access, configuration and change management processes, data encryption, strong authentication, vulnerability and risk management, asset management, media protection, application security, network security, intrusion detection, security event monitoring and alerting, internal and external security program audits, and security incident detection and response) consistent with best practices in the financial services industry and all applicable law, designed to help designed to help ensure the security and confidentiality of Nonpublic Personal Information and to protect against unauthorized access to or use of Nonpublic Personal Information that could result in substantial harm and measurable damage to an End User, Quiltt, MX, or any third party; 
  6. establish and maintain a written information security program that is consistent with generally accepted industry standards, including “Generally Accepted Principles and Practices for Securing Information and Technology Systems” (GAPPs) issued by the National Institute of Standards & Technology and the ISO 27000, including safeguards against the disclosure, destruction, loss, or alteration of End User Data. At a minimum, Customer’s written information security program will be designed to: (i) ensure the security, integrity, and confidentiality of all End User Data; (ii) detect patterns, practices, or specific activity that indicates the possible existence of identity theft or other threats or hazards to the security or integrity of End User Data; (iii) protect against unauthorized access, interception, use, or disclosure of End User Data; (iv) ensure that all transfers of End User Data are accomplished in a secure and confidential manner and in compliance with best practices in the financial services industry and latest industry encryption standards; and (v) ensure the proper disposal of End User Data, where applicable;
  7. notify Quiltt and MX of any known unauthorized access to or use of Nonpublic Personal Information, as soon as is practicable, after confirmation of such an event; 
  8. identify and assess reasonably foreseeable threats to the security of Nonpublic Personal Information and adjust security mechanisms to address new threats; and
  9. maintain on all of its systems on which End User Data is accessed, stored, used or otherwise processed (I) real-time intrusion detection systems, and (II) up-to-date and reputable antivirus software and/or other commensurate anti-malware tools and applications.  Without limiting Customer’s obligations under Section 9.3 (Security Incident), Customer shall promptly report to Quiltt any patterns, practices, or specific activity detected with respect to Customer’s systems that may indicate the possible existence of identity theft, and shall take appropriate steps to prevent or mitigate the same.
  1. Security Incidents.
  1. For purposes of these Third-Party Application Terms, “Security Incident” means any breach, incident or other event that compromises (or would be reasonably likely to result in a compromise of) the security, integrity or confidentiality of the User Data or other Party’s Confidential Information, or that otherwise results in (or that would be reasonably likely to result in) the unauthorized access, use, disclosure or loss of User Data or the other Party’s Confidential Information.
  2. Customer must promptly (and in any event, within 48 hours of discovery) notify Quiltt of a Security Incident. Such notice shall include a detailed description of the Security Incident, and any other information Quiltt or MX may reasonably request concerning the Security Incident, including, without limitation, the number of records, types of information, and number of End Users impacted by the Security Incident, the known or suspected causes of the Security Incident, any actual or anticipated impact on Quiltt, MX, or their customers, and remediation plans. Customer must maintain records of all actual or suspected Security Incidents consistent with security best practices in the financial services industry, and will make such reports available to Quiltt upon request.
  3. Customer shall promptly and at its own cost and expense investigate and take all reasonable measures necessary or advisable to mitigate the effects of and remedy any Security Incident, including, where appropriate and without limitation, providing credit monitoring services and related call center or similar support activities to impacted parties.  
  4. Customer further agrees to fully cooperate with and provide all reasonable assistance to Quiltt and/or MX in regard to its investigation of any Security Incident. Without limiting the generality of the foregoing, Customer shall cooperate in determining its legal obligations with respect to notification of End Users, regulators, and/or law enforcement, if any, and Customer agrees to provide to Quiltt any documentation in Customer’s possession which is necessary for the other to issue required or advisable notifications or communications.
  5. Unless otherwise required by applicable law, neither party will (and will ensure that each of its representatives and agents do not) inform any unrelated third party of any Security Incident without first obtaining the other party’s prior written consent. Where any disclosure of a Security Incident by a party is required by applicable law, such party will use its commercially reasonable efforts to obtain the other party’s approval regarding such disclosure.  
  1. Training. Customer shall ensure that all of its employees and other personnel are familiar with and have received adequate training with respect to its written information security program and their obligations thereunder.
  2. Attestation. At least annually during the term of these Third-Party Application Terms, Customer shall have a certified independent public accounting firm or another independent, certified, industry-recognized third party: (i) conduct a review or assessment and provide a full attestation, review, or report under SOC 2 Type II of all Customer systems and operational controls used by Customer to access the MX Service or access, store, or process any End User Data; and (ii) conduct and provide a full report of an independent network and application penetration test. Customer shall provide copies of all such reports and the results of any testing to Quiltt and MX, together with such other independent third-party audit reports as Quiltt or MX may request, which may include, without limitation: SOC 1, Type II reports; SOC 2, Type II reports; ISAE 3402 reports; or any similar audit reports. All reports and results provided to MX hereunder shall be treated as confidential by MX, except that MX may provide the same to any Third-Party Data Provider, provided such Third-Party Data Provider is bound by obligations of confidentiality.
  3. Background Checks. During the term of these Third-Party Application Terms and for such period thereafter as Customer retains possession or control of End User Data, Customer shall maintain comprehensive hiring and employment policies and procedures designed to ensure that all of its personnel with access to the MX Service or to any End User Data possess appropriate character, disposition and honesty.  In connection with the foregoing, Customer shall, to the extent permitted by applicable law, conduct at its expense pre-employment background checks and other investigations of its employees and other personnel that may obtain access to the MX Service or End User Data. Such background checks and investigations shall include, but are not limited to: (a) confirmation of identity and personal information; (b) felony and misdemeanor and national criminal searches (where permissible); and (c) US Office of Foreign Assets Control (OFAC) (or national equivalent) and global sanctions enforcement searches. Customer shall not permit any Customer employees or other personnel to access the MX Service or End User Data until such individual has passed the outlined background screening. Customer shall not permit any Customer employee or other personnel who has been formally charged with a crime that is a dishonest act or breach of trust as set forth in Section 19 of the Federal Deposit Insurance Act, or who Customer knows has otherwise engaged in any material act of dishonesty or breach of trust, to access or use the MX Service or End User Data. Customer shall reasonably cooperate with any investigation undertaken by Quiltt and/or MX with respect to any act of dishonesty, breach of trust, or violation of law by any of Customer’s employees or personnel with respect to the MX Service or the End User Data.
  1. Other General Provisions.
  1. Export Control. Customer and its End Users shall not export, re-export, transfer, or make available, whether directly or indirectly, any regulated item or information to anyone outside the U.S. in connection with the Agreement without first complying with all export control laws and regulations that may be imposed by the U.S. Government and any country or organization of nations within whose jurisdiction Customer operates or does business, such as the Export Administration Regulations (“EAR”) maintained by the United States Department of Commerce, trade and economic sanctions maintained by the United States Treasury Department’s Office of Foreign Assets Control, and the International Traffic in Arms Regulations (“ITAR”) maintained by the United States Department of State, and shall not cause MX to violate the same.
  2. Third Party Beneficiary. MX and its Third-Party Data Providers are expressly third-party beneficiaries of these Third-Party Application Terms, and any of them may enforce any of these Third-Party Application Terms directly against Customer or any End User.

EXHIBIT A:

MINIMUM END USER TERMS AND CONDITIONS

This User agreement contains the terms and conditions for your use of digital money management tools and services that we may provide to you and that involve accessing third party account information (“Services”).  Hereinafter “you” “your” means the User and “us” “we” “our” or “Financial Institution” refers to Quiltt and Customer (protecting MX as its third-party service provider).  

  1. Provide Accurate Information. You represent and agree that all information you provide to us in connection with the Services is accurate, current, and complete. You agree not to misrepresent your identity or account information. You agree to keep account information secure, up to date and accurate. You represent that you are a legal owner, or an authorized user, of the accounts at third party sites which you include or access through the Services, and that you have the authority to (i) designate us and our service providers as your agent, (ii) use the Services, and (iii) give us and our service providers the passwords, usernames, and all other information you provide.
  2. Content You Provide. Your use of the Services is your authorization for Financial Institution or its service providers, as your agent, to access third party sites which you designate in order to retrieve information. You are licensing to Financial Institution and its service providers any information, data, passwords, usernames, PINS, personally identifiable information or other content you provide through the Services. You authorize us or our service providers to use any information, data, passwords, usernames, PINS, personally identifiable information or other content you provide through the Services or that we or our service providers retrieve on your behalf for purposes of providing the Services, to offer products and services, and for other permissible business purposes. Except as otherwise provided herein, we or our service providers may store, use, change, or display such information or create new content using such information.
  3. Authority to Access Information. Unless and until this User agreement is terminated, you grant Financial Institution and its service providers the right to access information at third-party sites on your behalf. Third-party sites shall be entitled to rely on the authorizations granted by you or through your account. For all purposes hereof, you hereby grant Financial Institution and its service providers the right to access third-party sites to retrieve information, use such information, as described herein, with the full power and authority to do and perform each and every act and thing required and necessary to be done in connection with such activities, as fully to all intents and purposes as you might or could do in person. Upon notice to Financial Institution, you may (i) revoke Financial Institution’s right to access information at third party sites on your behalf, or (ii) subject to Section 7, request deletion of information collected from third party sites. You understand and agree that the Services are not sponsored or endorsed by any third-party site. YOU ACKNOWLEDGE AND AGREE THAT WHEN FINANCIAL INSTITUTION OR ITS SERVICE PROVIDERS ACCESS AND RETRIEVE INFORMATION FROM THIRD-PARTY SITES, THEY ARE ACTING AT YOUR REQUEST AND WITH YOUR PERMISSION AND AUTHORIZATION, AND NOT ON BEHALF OF THE THIRD-PARTY SITES. 
  4. Third Party Accounts. With respect to any third-party sites we may enable you to access through the Services or with respect to any non- Financial Institution accounts you include in the Services, you agree to the following:
  1. You are responsible for all fees charged by the third party in connection with any non- Financial Institution accounts and transactions. You agree to comply with the terms and conditions of those accounts and agree that this User agreement does not amend any of those terms and conditions. If you have a dispute or question about any transaction on a non- Financial Institution account, you agree to direct these to the account provider.
  2. Any links to third party sites that we may provide are for your convenience only, and Financial Institution and its service providers do not sponsor or endorse those sites. Any third-party services, which you may be able to access through the Services, are services of the listed institutions. Neither we nor our service providers have no responsibility for any transactions and inquiries you initiate at third party sites. The third-party sites you select are solely responsible for their services to you. We nor our service providers are not liable for any damages or costs of any type arising out of or in any way connected with your use of the services of those third parties.
  1. Limitations of Services. When using the Services, you may incur technical or other difficulties. We nor our service providers are responsible for any technical or other difficulties or any resulting damages that you may incur. Any information displayed or provided as part of the Services is for informational purposes only, does not represent an official record of your account, may not reflect your most recent transactions, and should not be relied on for transactional purposes. We and our service providers reserve the right to change, suspend or discontinue any or all of the Services at any time without prior notice.  In the event that Services are discontinued, your information shall be retained in accordance with this Agreement and our privacy policies.
  2. Acceptance of User Agreement and Changes. Your use of the Services constitutes your acceptance of this User agreement. This User agreement is subject to change from time to time. We will notify you of any material change via e-mail or on our website by providing a link to the revised User agreement. Your continued use will indicate your acceptance of the revised User agreement. The licenses, user obligations, and authorizations described herein are ongoing.
  3. Aggregated Data.  Anonymous, aggregate information, comprising financial account balances, other financial account data, or other available data that is collected through your use of the Services, may be used by us and our service providers to conduct certain analytical research, performance tracking and benchmarking.  Our service providers may publish summary or aggregate results relating to metrics comprised of research data, from time to time, and distribute or license such anonymous, aggregated research data for any purpose, including but not limited to, helping to improve products and services and assisting in troubleshooting and technical support.  Your personally identifiable information will not be shared with or sold to third parties. 
  4. Ownership. You agree that Financial Institution and its service providers, as applicable, retain all ownership and proprietary rights in the Services, associated content, technology, mobile applications and websites.
  5. User Conduct. You agree not to use the Services or the content or information delivered through the Services in any way that would: (a) be fraudulent or involve the sale of counterfeit or stolen items, including but not limited to use of the Services to impersonate another person or entity; (b) violate any law, statute, ordinance or regulation (including without limitation those governing export control, consumer protection, unfair competition, anti-discrimination or false advertising); (c) create liability for Financial Institution or its service provider or cause Financial Institution to lose the services of our service providers; (d) access the information and content programmatically by macro or other automated means; or (e) use the Services in such a manner as to gain unauthorized entry or access to computer systems.
  6. Indemnification. You agree to defend, indemnify and hold harmless Financial Institution, its third party service providers and their officers, directors, employees and agents from and against any and all third party claims, liabilities, damages, losses or expenses, including settlement amounts and reasonable attorneys' fees and costs, arising out of or in any way connected with your access to or use of the Services, your violation of these terms or your infringement, or infringement by any other user of your account, of any intellectual property or other right of anyone.
  7. Disclaimer. The Services are not intended to provide legal, tax or financial advice. The Services, or certain portions and/or functionalities thereof, are provided as strictly educational in nature and are provided with the understanding that neither Financial Institutions nor its third-party providers are engaged in rendering accounting, investment, tax, legal, or other professional services. If legal or other professional advice including financial, is required, the services of a competent professional person should be sought. Financial Institution and its third-party providers specifically disclaim any liability, loss, or risk which is incurred as consequence, directly or indirectly, of the use and application of any of the content on this site. Further, Financial Institution and its third-party providers are not responsible for any credit, insurance, employment or investment decisions or any damages or other losses resulting from decisions that arise in any way from the use of the Services or any materials or information accessible through it. Past performance does not guarantee future results. Financial Institution and its third-party providers do not warrant that the Services comply with the requirements of the FINRA or those of any other organization anywhere in the world.
  8. DISCLAIMER OF WARRANTIES. YOU AGREE YOUR USE OF THE SERVICES AND ALL INFORMATION AND CONTENT (INCLUDING THAT OF THIRD PARTIES) IS AT YOUR RISK AND IS PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS. WE, AND OUR SERVICE PROVIDERS, DISCLAIM ALL WARRANTIES OF ANY KIND AS TO THE USE OF THE SERVICES, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. WE, AND OUR SERVICE PROVIDERS, MAKE NO WARRANTY THAT THE SERVICES (i) WILL MEET YOUR REQUIREMENTS, (ii) WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE, (iii) THE RESULTS THAT MAY BE OBTAINED FROM THE SERVICES WILL BE ACCURATE OR RELIABLE, (iv) THE QUALITY OF ANY PRODUCTS, SERVICES, INFORMATION, OR OTHER MATERIAL OBTAINED BY YOU THROUGH THE SERVICES WILL MEET YOUR EXPECTATIONS, OR (v) ANY ERRORS IN THE SERVICES OR TECHNOLOGY WILL BE CORRECTED. ANY MATERIAL DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE USE OF THE SERVICES IS DONE AT YOUR OWN DISCRETION AND RISK AND YOU ARE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM OR LOSS OF DATA THAT RESULTS FROM THE DOWNLOAD OF SUCH MATERIAL. WE, ON BEHALF OF OURSELVES AND ALL THIRD-PARTY DATA PROVIDERS, EXPRESSLY DISCLAIMS ANY TYPE OF REPRESENTATION OR WARRANTY REGARDING THE AVAILABILITY OR RESPONSE TIME OF THE SERVICE OR CONTENT OR INFORMATION OBTAINED THROUGH THE SERVICE OR THAT SUCH ACCESS WILL BE UNINTERRUPTED OR ERROR-FREE AND, EXCEPT AS EXPRESSLY PROVIDED FOR HEREIN, EXPRESSLY DISCLAIMS THE ACCURACY, COMPLETENESS AND CURRENCY OF ALL INFORMATION COLLECTED ON YOUR BEHALF.  NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU FROM FINANCIAL INSTITUTION OR ITS SERVICE PROVIDERS THROUGH OR FROM THE SERVICES WILL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THESE TERMS.
  9. LIMITATION OF LIABILITY. YOU AGREE THAT FINANCIAL INSTITUTION AND ITS THIRD PARTY SERVICE PROVIDERS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES, INCLUDING, BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA OR OTHER LOSSES, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, RESULTING FROM (i) THE USE OR THE INABILITY TO USE THE SERVICES AT OUR WEBSITE/MOBILE APPLICATION OR OF ANY THIRD PARTY ACCOUNT PROVIDER'S WEBSITE/MOBILE APPLICATION; (ii) THE COST OF GETTING SUBSTITUTE GOODS AND SERVICES, (iii) ANY PRODUCTS, DATA, INFORMATION OR SERVICES PURCHASED OR OBTAINED OR MESSAGES RECEIVED OR TRANSACTIONS ENTERED INTO, THROUGH OR FROM THE SERVICES, (iv) UNAUTHORIZED ACCESS TO OR ALTERATION OF YOUR TRANSMISSION OR DATA, (v) STATEMENTS OR CONDUCT OF ANYONE ON THE SERVICES, (vi) THE USE, INABILITY TO USE, UNAUTHORIZED USE, PERFORMANCE OR NON-PERFORMANCE OF ANY THIRD PARTY ACCOUNT PROVIDER SITE, EVEN IF THE PROVIDER HAS BEEN ADVISED PREVIOUSLY OF THE POSSIBILITY OF SUCH DAMAGES, OR (vii) ANY OTHER MATTER RELATING TO THE SERVICES. 
  10. WAIVER OF JURY TRIAL AND CLASS ACTION.  You agree that, with respect to any dispute with us or our service providers, arising out of or relating to your use of the Services or these terms: (i) YOU ARE GIVING UP YOUR RIGHT TO HAVE A TRIAL BY JURY; and (ii) YOU ARE GIVING UP YOUR RIGHT TO SERVE AS A REPRESENTATIVE, AS A PRIVATE ATTORNEY GENERAL, OR IN ANY OTHER REPRESENTATIVE CAPACITY, OR TO PARTICIPATE AS A MEMBER OF A CLASS OF CLAIMANTS, IN ANY LAWSUIT INVOLVING SUCH DISPUTE.
  11. Export Restrictions.  You acknowledge that the Services and any software underlying such Services are subject to the U.S. Export Administration Regulations (15 CFR, Chapter VII) and that you will comply with these regulations. You will not export or re-export the software or Services, directly or indirectly, to: (1) any countries that are subject to U.S. export restrictions; (2) any end user who has been prohibited from participating in U.S. export transactions by any federal agency of the U.S. government; or (3) any end user who you know or have reason to know will utilize them in the design, development or production of nuclear, chemical or biological weapons. You further acknowledge that the Services may include technical data subject to export and re-export restrictions imposed by U.S. law.
  12. Other Terms. You may not assign this User agreement. A determination that any provision of this User agreement is unenforceable or invalid shall not render any other provision of this User agreement unenforceable or invalid.


Quiltt, Inc.

169 Madison Ave #2132, New York, NY 10016, USA

New York, NY 10016

United States