These Supplemental Terms for the Risk Device Module (the “Supplemental Terms”) strictly pertain to Customer’s election and use of the “Risk Device Module” by Bottomline through its third-party service provider, Socure Inc. (“Socure”).
1. License. Socure may provide Customer with access to sample code ("Sample Code") or software development kit consisting of documentation ("Documentation"), redistributable libraries ("Libraries"), sample code, and any upgrades, modified versions, additions, and improvements thereto, if any (collectively, the "SDK") designed to enable software developers to integrate the Risk Device Module into Customer’s applications or website (“Applications”). The SDK is the confidential and proprietary information of Socure and its licensors and subject to the confidentiality obligations set forth in the Terms. The SDK consists of a package of components, including certain third-party software that are provided by their authors under separate license terms as described in more detail in the SDK. Subject to compliance with these Supplemental Terms, solely in connection with Customer’s use of CES and the Risk Device Module, Socure grants Customer the limited, non-exclusive, non-transferable, non-sublicensable, revocable license to (i) use the Documentation solely in connection with modifying Customer’s Applications to incorporate Risk Device Module functionalities, (ii) incorporate unmodified Libraries into Customer’s Applications, solely for the purpose of enabling interoperability with the Risk Device Module in accordance with the Documentation, and (iii) use, modify, and redistribute the Sample Code pursuant to the applicable third-party license, as identified in the headers or Documentation, solely for the purpose of enabling interoperability with the Risk Device Module.
2. Restrictions. The SDK is owned by Socure or its third-party licensors. Except as set forth above, Customer’s license does not include any right to (i) redistribute, sell, lease, license, publicly display or modify, make any derivative works to, any portion of the SDK, or (ii) use or implement any undocumented feature or API, or use any documented feature or API other than in accordance with applicable Documentation. Customer may not (i) decompile, reverse engineer, or otherwise access or attempt to access the source code for the SDK not made available to Customer in source code form, or make or attempt to make any modification to the SDK; or (ii) remove, obscure, interfere with or circumvent any feature of the SDK, including without limitation any copyright or other intellectual property notices, security, or access control mechanism. Customer may not use the SDK for any purpose other than integrating with the Risk Device Module in a manner for which the SDK and Service are expressly designed. Customer agrees to indemnify, defend and hold Socure and its affiliates, officers, directors, suppliers, licensors, and other customers harmless from and against any and all liability and costs, including reasonable attorneys' fees incurred by such parties, in connection with or arising out of Customer’s Applications, Customer’s use or misuse of the SDK, or Customer’s violation of these Supplemental Terms.
3. Document Verification and Device Risk Module. Customer acknowledges that any consumer information collected by Customer and its Applications in connection with the Device Risk Module, including without limitation device ID information, and device and interaction data, is (i) processed by Socure for the legitimate interests of Socure and Customer under applicable law; (ii) collected by consumer’s devices and transferred directly to Socure or its third party vendors; (iii) processed by Socure or its third party vendors for Socure’s business purposes and as set forth in its privacy policy, and (iv) retained by Socure after consumers terminate their accounts with Customer. Customer shall ensure its privacy policies and disclosures accurately reflect and disclose its collection of personal information via the Risk Device Module and Socure’s processing of consumer information as set forth herein. Where applicable, Customer’s privacy notices will provide consumers the ability to opt out of the use of their information in accordance with Socure’s Opt-Out Policy, which may be viewed via this link: https://www.socure.com/opt-out. Customer shall obtain all consents which are or may be required by applicable laws and shall comply with all requirements of such applicable laws (including any consumer notification requirements) necessary. Socure third party licensors shall have the right to enforce these Supplemental Terms. Customer will notify Socure of any requests by consumers relating to Socure’s processing of consumers’ information, including requests by consumers to access information or opt out. Customers will not claim to consumers that Customer responds to Do Not Track signals as long as it uses the Risk Device Module.
