Cognidox Terms of Service Agreement

Issue: 21; Issue Date: 25 Jun 2020; Ref: VI-403795-CS

This Terms of Service agreement ("Agreement") governs access to and use of CDOX websites and services provided by Cognidox Limited, a company registered in England and Wales (registered company number: 06506232) and with registered address at Eagle Labs, 28 Chesterton Road, Cambridge CB4 3AZ, United Kingdom ("Cognidox").

Please read this Agreement carefully before using any Service. By using the Services (as defined below) and providing the Company data to Cognidox, the Company agrees to be bound by the terms of this Agreement.

  1. Definitions
  2. Service Rights, Restrictions and Ownership
  3. Fees and Payment
  4. Term and Termination
  5. Support
  6. Confidentiality
  7. Warranty
  8. General
  9. Appendix A – Processing of Personal Data


1. Definitions

“Account” means a Content storage and management account created by the Company or on the behalf of the Company within the Service.

“Agreement” means this Cognidox Terms of Service agreement.

“Company” means the legal entity that is using the Services under the terms of this Agreement.

“Content” means files, materials, data, text, audio, video, images or other electronic data and information uploaded by or for the Company to the Service.

“Documentation” means Cognidox user guides, help, and training materials, as updated from time to time, and accessible from within the Services or from

“Purchase Order” means any written or electronic document specifying the Service to be provided hereunder that is entered into between the Company and Cognidox, including any addenda and supplements thereof, entered into contemporaneously with this Agreement or from time to time thereafter.

“Service” or “Services” means the hosted solution provided or made available by Cognidox for online storage, sharing and processing of Content; in conjunction with the Software, Website, and Documentation.

“Service Fee” means the sums payable for the use of the Service, as set out in Cognidox’s quotation and/or order confirmation or as otherwise notified to the Company.

“Service Administrator” means a named User the Company identifies as having administrative rights including, without limitation, the permission to add users, delete users and define the scope of the Services.

“Specification” means the computing resources including CPU, memory, storage, IP addresses, and data transfer bandwidth allocation that is allocated by Cognidox and is necessary for the Services.

“Software” means all computer programs used, provided or made available by Cognidox for use in connection with the Services.

"Subscription Period” means the time period for which the Company agrees to prepay fees under a Purchase Order Form in order to access the Services. Each subscription period is one (1) year in length. "Billing Period" means the time period for which the Company prepays fees in order to access the Services. Each billing period is three (3) months in length, and each subscription period therefore comprises four billing periods. For Start Up subscriptions the billing period is twelve (12) months in length, and each subscription period therefore comprises of one billing period.

“User” means any individual, including but not limited to employees, contractors and affiliates, which the Company authorises to have access via a login name and password to the Website in order to utilise the Services.

“Website” means a uniquely-identifiable location on the World Wide Web that is created by Cognidox and is made available to the Company for the provision of the Services.

The headings and sub-headings in this Agreement are for readability only and shall not affect the meaning of this Agreement.

In this Agreement, references to “writing” include email.

2. Service Rights, Restrictions and Ownership

2.1 Service Availability

Cognidox will make the Services available for the Company use on a non-exclusive basis and in strict compliance with these Terms and all applicable laws. The Company use includes allowing Users to transmit, store, share, retrieve, and process Content through the Services solely through an Account registered to the Company and in accordance with the orders the Company places with Cognidox.

Cognidox will make a backup of the Company's Content every 24 hours and will store this in encrypted form at a separate cloud storage facility.

Cognidox will monitor system storage capacity and will notify the Company with a minimum of three (3) days notice when capacity limits approach the maximum allocated in the Company's Agreement. Thereafter, Cognidox will increase storage capacity in increments of 20% of total capacity. In the event that the Company exceeds the quantity of storage capacity for which the Company has paid, the Company agrees to pay for this additional storage at Cognidox then-current pricing.

Cognidox reserves the right, in Cognidox's sole discretion, to change, update, and enhance the Services at any time including adding functionality or features to, or removing them from, the Services. Modification of the Services, including changes such as increasing the Company's storage capacity, will require a brief period of downtime. The Company agrees that such scheduled downtime is permissible within the terms of this Agreement.

If Cognidox applies hotfixes, security patches or any unscheduled modification that require interruption to the Service Cognidox will communicate and schedule such changes in advance with the Service Administrator as defined in Section 2.7. In the event that Cognidox cannot contact the Service Administrator or do not receive a reply, the Company agrees that Cognidox may schedule system downtime at a time of determined by Cognidox.

2.2 Software Provided for Use with the Services

For the term of this Agreement and subject to the Company’s payment of the applicable Fee as defined in this Agreement, Cognidox grants the Company the right to a non-exclusive, non-transferable license for the sole purpose of accessing the Services by Users; and the right to receive support services and upgrades for the Services.

Without prejudice and subject to clause 2.4 below Cognidox shall own all right, title, and interest to the Software, technology, information, code or software provided to the Company, including all portions or copies thereof. No title to or ownership of any proprietary rights related to the Services is transferred to the Company or any User pursuant to these Terms or any transaction contemplated by these Terms.

During any term of this Agreement, the Company shall not, directly or indirectly: (a) sublicense, resell, rent, lease, distribute, market, commercialize or otherwise transfer rights or usage to: the Software, any modified version or derivative work of the Software created by the Company or for the Company, or any software, either modified or not, for any purpose including timesharing or service bureau purposes; (b) remove or alter any copyright, trademark or proprietary notice in the Software; (c) transfer, use or export the Software in violation of any laws or regulations of any government or governmental agency; (d) reverse engineer, decompile or modify any encrypted or encoded portion of the Software.

2.3 Software Updates

From time to time, we may issue updates to the Software (for example, to address security vulnerabilities, improve usability or performance, and upgrade features). In that event, the version of the Software will be automatically upgraded and the Company consents to such automatic upgrading. All updates to the Software will be subject to the terms and conditions of this Agreement.

2.4 The Company's Content

The Company or its licensors own all right, title and interest in and to the Content. Cognidox will not monitor any Content transmitted or processed through, or stored in, the Services. The Company grants Cognidox a non-exclusive right for the duration of the Subscription Period, to transmit, use, modify, adapt, reproduce, display or disclose the Content solely (a) to provide the Services to the Company and its Users, (b) as necessary and at a sufficiently aggregate and anonymous level only to monitor and improve the Services, and (c) subject always to prior approval of the Company to comply with any request of a governmental or regulatory body (including subpoenas or court orders) or as otherwise required by law. In addition, Cognidox shall not disclose the Company's Content to any third party, to include the Company's accounts and/or users.

The Company represents and warrants that the Company has all rights in the Content necessary to grant these rights and use the Services, and that the transmission, storage, retrieval, and processing of Content does not violate any Law or these Terms, particularly those pertaining to Use Restrictions.

The Company agrees that the Company is responsible for the accuracy and quality of all Content that is transmitted or processed through, or stored in, the Company’s Account. The Company will maintain appropriate security, protection and backup copies of the Content, which may include the use of encryption technology to protect the Content from unauthorized access and routine archiving of the Content. Cognidox will make and store a backup copy of the Content as part of Service, and will use its best efforts to restore Content when required.

Company has the right at any time within the term of this Agreement to download copies of the Content for storage at a location determined by the Company.

Cognidox will retain a secure backup copy of Content for one (1) calendar month after the termination of this Agreement. The Company may, for an administration fee payment of £1,000 per instance, request Cognidox to export the backup copy to another service location that the Company nominates (e.g. Dropbox, Google, or FTP site) and for which the Company is fully responsible. After the one month period Cognidox will remove the Content and it will then be unrecoverable.

2.5 Grant to Cognidox

Neither party will, without the other party’s prior written consent, make any news release, public announcement, denial or confirmation of this Agreement, its value, or its terms and conditions, or in any manner advertise or publish the fact of this Agreement.

Notwithstanding the above, the Company agrees that Cognidox may include the Company name and/or logo among our clients listed in Cognidox marketing materials, including the Website. Nothing herein shall require the Company to endorse the Services.

2.6 Passwords & Account Security

Access to Services shall be controlled by the Company providing user accounts which designate a user ID and password for Users. The Company is responsible for safeguarding the confidentiality of user ID and passwords, and for all activities that take place within the Account.

Cognidox agrees to take commercially all reasonable steps to maintain the Services in a secure manner. The third party data centre providers utilized by Cognidox in the provision of the Services will maintain at a minimum SSAE 16 audit certification or its equivalent. If a security flaw is detected with respect to which Cognidox has reason to believe the security or integrity of Content or account information of Users may be affected, Cognidox shall use its best efforts to notify the Company promptly of such defect and any related remedial steps Cognidox propose to take.

The Company agrees to notify Cognidox promptly in writing if and when it becomes aware of any unauthorized use of Content or Services, including if the Company suspects there has been any loss, theft or other security breach of passwords or user IDs. If there is an unauthorized use by a third party which obtained access to the Services through the Company or the Company Users, whether directly or indirectly, the Company agrees to take all steps necessary to terminate the unauthorized use. The Company also agrees to provide Cognidox with any cooperation and assistance related to that unauthorized use which Cognidox reasonably requests. Cognidox agrees to notify the Company and provide reciprocal cooperation and assistance if and when it becomes aware of any unauthorized use of Content or Services.

2.7 Service Administrator

The Company shall designate a Service Administrator and notify Cognidox of the identity and contact information for said Administrator. The Service Administrator may add Users to the Service. The Company shall notify Cognidox promptly of any changes to the service administrator contact details.

2.8 Use Restrictions

The Company agrees not to:

  • use the Services in any manner or for any purpose other than as expressly permitted by these Terms;
  • use the Services to send unsolicited or unauthorized junk mail, spam, chain letters, pyramid schemes, bulk instant messages or any other form of duplicative or unsolicited messages for marketing or other purposes other than internal business use;
  • upload, post, email, transmit, or otherwise make available any Content that Cognidox, in its sole discretion, deem to be (a) unlawful, harmful, threatening, abusive, harassing, tortuous, defamatory, vulgar, obscene, libellous, invasive of another’s privacy, inflammatory, hateful, or racially, religiously, ethnically, or otherwise objectionable, or harmful to minors; (b) containing any material that encourages conduct that could constitute a criminal offense, or (c) that has been established in law to violate the intellectual property rights or rights to the publicity or privacy of others;
  • use the Services to upload, post, email, or transmit viruses, Trojan horses, worms, time bombs, cancelbots, corrupted files, or any other software, files or programs that may interrupt, damage, destroy or limit the functionality of any computer software or hardware or network equipment;
  • interfere with or disrupt servers or networks connected to the Service or violate the regulations, policies or procedures of those networks through use or launch of any automated system, including without limitation, “robots”, “spiders” or “offline readers”;
  • access or attempt to access any other accounts, computer systems or networks not covered by these Terms, through password mining or any other means;
  • probe, scan, or test the vulnerability of the Service or any network connected to the Service (except with Cognidox express prior written consent and cooperation for security testing purposes only), nor breach the security or authentication measures on the Service or any network connected to the Service;
  • provide access to the Service to anyone else other than Users;
  • transfer, import, export, sell, resell, use, or otherwise use, permit, or facilitate any other party’s use of the Services in any manner which would cause Cognidox or any other user to breach any applicable UK or US export or trade control laws, orders, or regulations. In addition, the Company shall not, directly or indirectly export or re-export the Services: (i) to any country to which the is subject to US embargo (including, for these purposes, any national or resident of any such country); or (ii) to anyone on the US Treasury Department’s List of Specially Designated Nationals and Blocked Persons, List of Specially Designated Terrorists, List of Specially Designated Narcotics Traffickers, or the US Department of Commerce Bureau of Industry and Security Denied Persons List.

3. Fees and Payment

3.1 Service Fee

The Company agrees to pay to Cognidox the Service Fee for each Billing Period in which the Company wishes to use the Service. Service Fees are prepaid in advance. Payment for the first Service Fee shall be due and payable according to the date notified to the Company. Except as otherwise set forth in this Agreement, all fees paid to Cognidox are non-refundable. The Company is responsible for the payment of all taxes, applicable duties and sales taxes including Value Added Tax on the transactions contemplated by this Agreement. All taxes and duties including sales taxes, Value Added Tax on the transactions contemplated by this Agreement in the United Kingdom including taxes based upon Cognidox net income shall be paid by Cognidox. The Service Fee is exclusive of VAT and other sales tax, which the Company shall pay in addition to the Service Fee.

Users are sold in blocks of 5. There are no restrictions to adding users between billing periods. Scale up packages are billed quarterly in advance; Start up packages are billed yearly in advance. With regard to data limits, the Start Up package includes 1GB of data storage per user. There are no data limits for Scale Up packages and above (subject to fair use).

3.2 Invoicing and Payment

The Company shall initiate this Agreement by sending a valid purchase order to Cognidox for a Subscription Period comprising minimum of one year plus any other setup or similar charges as notified to the Company. Cognidox will invoice the Company on or around the dates notified to the Company. Invoiced charges are due net 30 days from the invoice date. The Company is responsible for providing complete and accurate billing and contact information and notifying Cognidox of any changes to such information.

3.3 Upgrade Fees

The Company upgrades or expanded consumption of Service (for example, to obtain additional storage, disk memory, or data transfer allowance) shall be notified in writing to Cognidox and additional fees will be due at Cognidox then-current pricing. If additional fees are due, those fees will be charged to your next quarterly payment invoice.

3.4 Fee Increases

Cognidox shall notify the Company in advance, by email to the address the Company has most recently provided to Cognidox, if Cognidox increases Fees or institute new charges or fees. Any increase in Fees will take effect at the beginning of the next renewal subscription term for the Services. For example, if the Company is currently in the second quarter of the four-quarter payment cycle in the purchase order provided, the increase in fees will not take effect until the end of the fourth quarter payment period. Any purchase order for the subsequent four-quarterly payments shall be for the new Fee charge amounts. If the Company doesn't agree to these changes, the Agreement will terminate and the Company’s access to the Services shall end.

3.5 Late Fees

Cognidox reserves the right to charge, and the Company agrees to pay, a late fee on past due amounts. The late fee will be imposed only after a grace period of additional seven (7) working days from the due date and will be equal to the lesser of 1.5% of the unpaid amount each month or the maximum amount allowed by applicable law. In addition, Cognidox may suspend the Company’s access to the Service, or cancel the Service, if the Company's account is past due for more than two (2) months.

4. Term and Termination

The initial term of this Agreement (12 months) shall commence on the first use by the Company of the Service and shall continue indefinitely until the expiry of any served notice period thereafter.

The Company may terminate this Agreement, at any time, without any liability, by giving Cognidox no less than 3 month’s written notice to expire no earlier than the anniversary of the commencement date of this Agreement. The Company shall remain obligated for all undisputed fees through the date of termination.

Cognidox may terminate this Agreement for convenience without liability to the Company by giving at least six (6) months’ prior written notice to the Company. Cognidox shall not exercise its termination for convenience rights under this Agreement during the first year following the Effective Date. Following a termination for convenience, and as long as the Company is not in breach of this Agreement, Cognidox shall offer to the Company at no additional change, at the Company’s request, to: a) migrate the copies of the Content using a secure method and in a format as requested by the Company; and b) to migrate the Service either directly to the Client or a third party supplier of the Client, and Cognidox shall grant the Company perpetual right to use without Service Fee the Software provided for use with the Service, subject to clause 2.2. of this Agreement. The Company accepts that Cognidox will not support use of Software following termination for convenience.

Either party may terminate this Agreement prior to the end of a term if the other party materially breaches its obligations hereunder and, where such breach is curable and remains uncured for thirty days following written notice of the breach. In the event of termination, all licenses granted hereunder terminate immediately, and upon termination of the Agreement then the Company shall, at its own expense, promptly return and/or destroy all copies, caches, or other embodiments of any Software in its possession or under its control. If Cognidox terminates for cause there shall be no refund of any payments made to Cognidox by the Company.

Except where termination is as a result of breach of this Agreement, the Company’s obligation to make payment of unpaid and undisputed fees shall survive termination, and Cognidox’s obligation to refund the Company for any advance payments shall also survive terminations. Each party shall pay any outstanding sums to the other within 14 days of termination of the Agreement.

Any provision of this agreement that expressly or by implication is intended to come into or continue in force on or after termination or expiry of this agreement shall remain in full force and effect.

5. Support

Cognidox shall provide on-line technical support via e-mail to respond to technical problems or inquiries from the Company. The Company shall be entitled to receive technical support to a maximum of 3.5 hours in any single calendar week during the term of this Agreement, such support shall be provided immediately upon request. Further support hours are at the discretion of Cognidox. Cognidox shall endeavour to use commercially reasonable efforts to respond to such further technical support inquiries promptly; however, Cognidox does not guarantee that it will be able respond to such further technical support inquiries within any specific period of time. Cognidox shall not be required to, but may at its own discretion provide telephone technical support.

6. Confidentiality

The Company and Cognidox agree to maintain the confidentiality of any proprietary information received by the other party during, or prior to entering into this Agreement, information that is confidential or proprietary based on the circumstances surrounding the disclosure, including, without limitation, non-public technical and business information (“Confidential Information”) for a period of five (5) years after the termination of this Agreement. This confidentiality undertaking shall not apply to any publicly available or independently developed information or any Open Source version of the Cognidox software as provided and licensed by Cognidox. The receiving party of any Confidential Information of the other party agrees not to use said Confidential Information for any purpose except as necessary to fulfil its obligations and exercise its rights under this Agreement. The receiving party shall protect the secrecy of and avoid disclosure and unauthorized use of the disclosing party’s Confidential Information to the same degree that it takes to protect its own confidential information and in no event less than reasonable care.

Cognidox acknowledges and agrees to process the Company’s Personal Data (as defined in Appendix A) at all times according to the terms of Appendix A. For the avoidance of doubt, if there is any inconsistency with these Terms of Service and Appendix A of this Agreement, in connection with processing of Personal Data of the Company, the terms of Appendix A shall apply.

7. Warranty

7.1 Infringement

During any term of this Agreement, if any portion of the Software is held by a court of competent jurisdiction to infringe any third party intellectual property rights and the Company incurs a liability or expense as a result of such holding, then the Company's remedy shall be, and Cognidox will, at the Company’s option: (a) obtain the right for the Company to continue to use the Software consistent with this Agreement; (b) modify the Software so that it is non-infringing; or (c) replace the infringing component with a non-infringing component, or (d) refund all of the Company's outstanding Service Fees paid under this Agreement.

7.2 As Is


7.3 Limitation of Liability



8. General

8.1 Assignment

The Company may not assign this Agreement or any rights or obligations herein without the written consent of Cognidox, which consent shall not be unreasonably withheld. Cognidox may not assign this Agreement or any rights or obligations herein without the written consent of the Company, which consent shall not be unreasonably withheld.

8.2 Modifications

Cognidox shall be permitted, by giving notice in writing to the Company, to modify this Agreement at any time: (i) in such manner as is reasonably necessary to reflect changes in law; and (ii) by making any other changes which Cognidox considers reasonably necessary or desirable and which do not materially prejudice the Company’s rights under this Agreement. The Company’s continued use of the Service shall constitute its acceptance of any such modifications. Any other changes to these Terms shall be subject to written agreement between the parties.

8.3 Severability

If any provision of this Agreement is determined to be illegal or unenforceable, that provision will be limited to the minimum extent necessary so that this Agreement remains in full force and effect.

8.4 Choice of Law

This Agreement shall be governed by and construed in accordance with the laws of England and Wales, and if any disputes arise from or in relation to it, Company agrees to submit to the exclusive jurisdiction of the English Courts.

8.5 Complete Understanding

This Agreement, Purchase Order, and any appendices and schedules attached to this Agreement, constitute the complete understanding of the parties, and supersedes all prior or contemporaneous agreements, discussions, or proposals.

8.6 Notices

Notices hereunder shall be in writing and addressed to the Company at the address provided when purchasing this license, or, in the case of Cognidox when addressed to Cognidox Ltd, Eagle Labs, 28 Chesterton Road Cambridge CB4 3AZ, UK.

Appendix A – Processing of Personal Data


1.1 In this Appendix A, the following words and expressions shall bear the following meanings:

  • "Data Controller", "Data Processor", "Data Subject", "Personal Data", "Personal Data Breach", "Process/Processed/Processing", "Special Categories of Personal Data" and "Supervisory Authority" shall have the same meaning as in the Data Protection Laws; and
  • “Data Protection Laws” means the General Data Protection Regulation (EU) 2016/679 ("GDPR") on and from 25 May 2018 (as amended and superseded from time to time), and/or all applicable laws, rules, regulations, regulatory guidance, regulatory requirements from time to time, in each case in each jurisdiction where the Services are delivered in relation to data privacy.


2.1 The parties acknowledge that, in connection with the provision of the Services by Cognidox to the Company, the Company is a Data Controller and Cognidox is a Data Processor.

2.2 The subject matter and duration of the Processing are as set out in the Agreement including this Exhibit A. The nature and purpose of the Processing, the type of Personal Data Processed and the categories of Data Subject whose Personal Data is Processed pursuant to the Agreements are set out in the Appendix hereto. The obligations and rights of the parties in respect of the Processing of Personal Data are set out in this Exhibit A.

2.3 When acting as a Data Processor in relation to Personal Data provided by the Company acting as a Data Controller, Cognidox shall:

  • not Process the Personal Data or disclose Personal Data other than in accordance with the Data Controller's documented instructions (whether in the Agreement or otherwise) unless required by EU or member state law to which the Data Processor is subject;
  • not authorise any sub-contractor to Process the Personal Data ("sub-processor") other than with the prior written consent of the Data Controller, such consent to be subject to the Data Processor meeting the conditions set out in all Data Protection Laws, including without limitation Article 28 (2) and (4) of the GDPR;
  • implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk and take all measures required pursuant to all Data Protection Laws, including without limitation Article 32 GDPR, in relation to the processing of personal data, taking account of the risks that are presented by Processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise Processed;
  • take all reasonable steps to ensure the reliability of persons authorised to Process the Personal Data and ensure that they have committed themselves to obligations of confidentiality;
  • promptly notify the Data Controller if it receives any communication from a Data Subject or Supervisory Authority under the Data Protection Laws in respect of the Personal Data, including requests by a Data Subject to exercise rights in Chapter III of GDPR and assist the Data Controller in the Data Controller's obligation to respond to these communications;
  • immediately notify the Data Controller, upon becoming aware of or reasonably suspecting a Personal Data Breach and shall, unless paragraph 2.3(g) below applies, provide the Data Controller at the time of original notification with sufficient information which allows the Data Controller to meet any obligations to report a Personal Data Breach under the Data Protection Laws. Such notification shall as a minimum:
    (i) describe the nature of the Personal Data Breach, the categories and numbers of Data Subjects concerned, and the categories and numbers of Personal Data records concerned;
    (ii) communicate the name and contact details of the Data Processor's Data Protection Officer or, where the Data Processor has not appointed a Data Protection Officer, the relevant contact from whom information may be obtained;
    (iii) describe the likely consequences of the Personal Data Breach; and
    (iv) describe the measures taken or proposed to be taken to address the Personal Data Breach.
  • if at the time of making the original notification described in paragraph 2.3(f), the Data Processor does not have available to it all the information described in paragraphs 2.3(f)(i) to 2.3(f)(iv), the Data Processor shall include in the original notification such information as it has available to it at that time, and then shall provide the further information set out in paragraphs 2.3(f)(i) to 2.3 (f)(iv) as soon as possible thereafter.
  • assist the Data Controller in ensuring compliance with the obligations pursuant to all Data Protection Laws, including without limitation Articles 35 and 36 of the GDPR, taking into account the nature of Processing and the information available to the Data Processor;
  • at the choice of the Data Controller, delete or return all the personal data to the Data Controller after the end of the provision of Services relating to Processing;
  • make available to the Data Controller all information necessary to demonstrate compliance with the obligations laid down in all Data Protection Laws, including without limitation Article 28 of the GDPR, and allow for and contribute to audits, including inspections, conducted by the Data Controller or another auditor mandated by the Data Controller;
  • not (and shall procure that its sub-processors shall not) under any circumstances transfer Personal Data outside the EEA unless authorised in writing by the Data Controller and if and to the extent that it is located outside the EEA, in a country which has not been determined by the European Commission to ensure an adequate level of protection in relation to Personal Data, shall enter into the Standard Contractual Clauses (Processors) (as laid down in the Commission Decision 2010/87 EU of 5 February 2010, or any subsequent version which replaces these).


3.1 In the event of a conflict, inconsistency or ambiguity between the terms of this Appendix A and any other terms of the Agreement with respect to the subject matter hereof, the terms of this Appendix A shall control.