Terms and Conditions of Cogram
Cogram Inc., 2918 Avenue I #1036, Brooklyn, NY 11210, USA (“Cogram”) offers an automatic note taking tool for virtual meetings to private consumers and businesses (each a “Customer”). These Terms and Conditions together with any written agreement detailing these Terms and Conditions (“Order Form”) and the Data Processing Agreement (together the “Agreement”) shall be the contractual basis for the services provided by Cogram to the Customer.
- Subject matter of these Terms
- The subject matter of this Agreement is the provision of a Software-as-a-Service solution as further detailed in the service description in Annex 1 (the “Service”) by Cogram to the Customer (each a “Party” or together the “Parties”).
- The provision of the Service includes the granting of use rights and the provision of storage space on the servers of Cogram against payment of the agreed service fee as per the Order Form.
- Cogram does not owe to the Customer any services other than those listed in the service description in Annex 1.
- Cogram is permitted to involve subcontractors (e.g. hosting providers) for the provision of the Service. Cogram shall be liable for subcontractors as it is for its own actions.
- Provision of the Service
- For the duration of this Agreement, Cogram shall make the Service available to the Customer in the scope described in the service description in Annex 1.
- Cogram shall provide the Customer with the number of user accounts agreed in the Order Form. Usernames and user passwords are created by the Customer.
- The Service is provided ready for operation in accordance with the availability described in Sec. 5.
- Rights of use
- For the duration of this Agreement, Cogram grants to the Customer the simple, non-exclusive, non-transferable and non-sublicensable right to use the Service within the scope of the service description in Annex 1.
- The Customer may only reproduce the Service if this is necessary due to the intended use of the Service to the current service description. Necessary duplication includes loading the Service into the RAM of Cogram's server, but not even temporary installation or storage of the Service on data carriers of the hardware used by the Customer.
- The Customer may only use the Service for its own business activities when Customer is a business user.
- The Customer is not entitled to make the Service available for use by third parties, whether for payment or free of charge.
- If Cogram releases new versions, updates or other new deliveries with regard to the Service during the term of the Agreement, the above rights shall also apply to these.
- Data Protection and Data Usage
- To the extent that Cogram processes personal data on behalf of the Customer within the scope of the Service this shall be done in accordance with the Data Processing Agreement in Annex 2, concluded between the Parties as part of the Agreement. The Data Processing Agreement shall have priority in its scope of application.
- The Customer shall be responsible for compliance with the statutory provisions on data protection, in particular for the lawfulness of data processing. The Customer must ensure that there is a legal basis for the processing of any and all personal data in connection with the use of the Service and must obtain – where legally necessary – valid consent for the processing of such personal data. The Customer acknowledges and agrees that the servers of Cogram, which are used to provide the Service are located in the United States of America.
- The Customer grants Cogram the right to anonymize personal data and further grants a non-exclusive, transferable, sublicensable right, unrestricted in time and space to use such anonymized data for the purpose of designing, developing and optimizing the Service. Cogram will in no case use customer data to train artificial intelligence systems.
- The Customer acknowledges and accepts that any results generated from the use of the anonymized data and any intellectual property created as a result of using the data shall belong solely to Cogram.
- Availability
- Availability is the ability of the Customer to use the entire functionalities of the Service.
- The Service shall be deemed unavailable if it is not accessible and this is not due to maintenance work.
- Scheduled maintenance work usually takes place in the maintenance windows between 10:00 p.m. and 5:00 a.m. of the following day (EST). Unscheduled maintenance work will be communicated to the customer in advance if possible.
- Limited Warranty
- Cogram warrants to the Customer that, during the effective term of the Agreement, the Service will conform in all material respects to Cogram’s published documentation when accessed and used in accordance with such published documentation. THE FOREGOING WARRANTY DOES NOT APPLY, AND COGRAM STRICTLY DISCLAIMS ALL WARRANTIES, WITH RESPECT TO ANY THIRD-PARTY PRODUCTS. EXCEPT FOR THE LIMITED WARRANTY SET FORTH IN THIS SECTION 6, THERE ARE NO WARRANTIES MADE WITH RESPECT TO THE SERVICE AND COGRAM HEREBY DISCLAIMS ALL OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. FOR THE AVOIDANCE OF DOUBT, COGRAM SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE. COGRAM MAKES NO WARRANTY OF ANY KIND THAT SERVICE, OR ANY PRODUCTS OR RESULTS OF THE USE THEREOF, WILL MEET THE CUSTOMER’S OR ANY OTHER PERSON’S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM, OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE, OR ERROR-FREE.
- Cogram shall remedy any defects of the Service within a reasonable period of time after the defect notification by the Customer. The defect may also be remedied by means of an update. As a temporary measure, Cogram may provide the customer with possibilities to circumvent the symptoms of the defect. The Customer shall support Cogram to a reasonable extent in the identification of the cause of the defect.
- To the extent that the Customer's use of the Service in accordance with the Agreement is wholly or partially deprived due to a legal defect, Cogram may, at its own discretion, also remedy such defect by
- providing the Customer with the necessary rights to use the Service in accordance with the Agreement; or
- modifying the Application in such a way that the right of the third party no longer prevents the Customer from using it in accordance with the Agreement.
- Third party rights
- If a third party asserts an infringement of rights against the Customer for the use of the Service, the Customer shall notify Cogram thereof without undue delay in text or written form.
- Cogram shall reasonably support the Customer in its defense and provide relevant information. Customer's obligation to remedy defects in accordance with clause 6 shall remain unaffected hereby.
- Payment terms
- During the term of Agreement, the Customer is obligated to pay the agreed service fee in the agreed upon currency for the use of the Service. All fees to be paid under this Agreement are net amounts plus value added tax at the statutory rate.
- Unless otherwise agreed in the Order Form, Cogram’s claim to payment of the monthly service fee shall arise in advance for each month.
- Cogram may at its discretion choose the payment method in each case (i.e. invoice, credit card or through third party payment providers). In case of an invoice Cogram grants the Customer a payment period of thirty (30) days from the invoice date. All invoices are sent to Customer via email.
- In case Cogram chooses third party payment providers as a payment method, all payment for all services rendered by Cogram must be made through the third party payment providers designated and approved by Cogram. Cogram reserves the right to change the designated payment providers at any time.
- The Customer may only offset against payment claims of Cogram against due and/or future claims if these claims have been legally established or are undisputed.
- Limitations on Liability
- IN NO EVENT WILL COGRAM BE LIABLE TO THE CUSTOMER UNDER OR IN CONNECTION WITH THE AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE, FOR ANY: (a) CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, ENHANCED, OR PUNITIVE DAMAGES; (b) INCREASED COSTS, DIMINUTION IN VALUE OR LOST BUSINESS, PRODUCTION, REVENUES, OR PROFITS; (c) LOSS OF GOODWILL OR REPUTATION; (d) USE, INABILITY TO USE, LOSS, INTERRUPTION, DELAY, OR RECOVERY OF ANY DATA, OR BREACH OF DATA OR SYSTEM SECURITY; OR (e) COST OF REPLACEMENT GOODS OR SERVICES, IN EACH CASE REGARDLESS OF WHETHER COGRAM WAS ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE. IN NO EVENT WILL PROVIDER’S AGGREGATE LIABILITY TO THE CUSTOMER ARISING OUT OF OR RELATED TO THE AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE EXCEED THE TOTAL AMOUNTS PAID TO COGRAM UNDER THE AGREEMENT IN THE SIX (6)-MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.
- Force Majeure
Cogram is released from the obligation to perform in cases of force majeure. Force majeure shall be deemed to be all unforeseen events and such events whose effects on the performance of the Agreement are not attributable to either Party. These events include, in particular, lawful industrial action, also in third party companies, official measures, failure of communication networks and gateways of other operators, disruptions in the area of line providers, even if these circumstances occur in the area of subcontractors, sub-suppliers or their subcontractors. The Customer has no claims in the event of failures for which Cogram is not responsible.
- Term and termination
- The term of the Agreement shall commence with the Service Term Start Date as per the Order Form and shall have an indefinite period. In case no Service Term Start Date is explicitly agreed upon the Agreement shall commence with the conclusion of the Agreement.
- The Agreement can be terminated by either Party by written notice with a notice period of one (1) month to the end of a month.
- The right of either Party to terminate the Agreement for cause shall remain unaffected.
- Notwithstanding Sec. 11.3 Cogram may terminate the Agreement without notice if the Customer is in delay with the payment due under the Agreement.
- Trial period
- If agreed upon in the Order Form, the Customer will be granted the right in accordance with Sec. 3.1 to access and use the Service for a trial period of seven days (the "Trial Period"). The Trial Period commences from the Service Term Start Date or from the conclusion of the Agreement as per Sec. 11.1.
- During the Trial Period the Customer may use the Service free of charge. The Customer will have access to all the features and functionalities of the Service.
- Both Parties may cancel the Agreement at any time before the end of the Trial Period. If Customer does not terminate the Agreement before the end of the Trial Period, the Agreement will automatically continue, subject to the payment of the agreed upon service fee.
- Confidentiality
- Information to be treated confidentially hereunder is (i) any information which is expressly designated as confidential by the Party providing the information and (ii) any information, the confidentiality of which clearly results from the circumstances of the transfer.
- Information is not to be treated as confidential hereunder insofar as the Party receiving the relevant information proves that it
- was known to them or generally accessible before the date of receipt;
- was known or generally available to the public prior to the date of receipt;
- became known or generally accessible to the public after the date of receipt, with- out the information-receiving Party being responsible for disclosure.
- The Parties shall keep confidential all confidential information that has come to their knowledge within the scope of the Agreement and shall only use such confidential information vis-à-vis third parties - for whatever purpose - with the prior consent in text form of the respective other Party. Furthermore, they shall apply to such confidential information appropriate secrecy measures according to the circumstances.
- The obligations under this Sec. 12 shall continue to exist beyond the term of the Agreement for a period of three years.
- For each case of breach by either Party of an obligation under this Section 12, the Party in breach shall owe a contractual penalty payable to the other Party, the amount of which shall be determined by the Party not in breach to be reasonable. The reasonableness of the contractual penalty shall be reviewed by the competent court at the request of the Party in breach.
- Press Releases, Publication
- Cogram shall be entitled to publish the name and logo of the Customer in press releases and other marketing materials, as well as on social media platforms and otherwise on the Internet, also as a reference and in connection with products and services of Cogram. Cogram shall take reasonable account of design specifications provided by the Customer to Cogram for this purpose.
- The Customer may revoke the permission pursuant to Sec. 14.1 by notifying Cogram in text or written form. Upon receipt of the revocation by Cogram, the permission of Cogram pursuant to Sec. 14.1 shall end with effect for the future. Marketing measures prior to receipt of the revocation shall remain unaffected. In particular, Cogram shall not be obliged to recall any marketing materials already published.
- Final provision
- Unless expressly agreed otherwise, amendments and supplements to the Agreement must be made in text or written form, including any waiver of this formal requirement.
- Should individual provisions of this Agreement be invalid or unenforceable, this shall not affect the validity of the remaining provisions. The Parties shall replace such provisions by effective and feasible provisions which correspond as closely as possible to the meaning and economic purpose as well as the intention of the Parties at the time of conclusion of the Agreement. The same shall apply in the event of a gap in the Agreement.
- This Agreement shall be governed by and construed in accordance with the laws of the State of New York, without giving effect to any choice of law or conflict of law provisions.
- To the extent permissible any legal action or proceeding arising out of or relating to this Agreement shall be brought exclusively in the state or federal courts located in the City of New York, New York, and each party hereby submits to the personal jurisdiction of such courts.
* * *
Annex 1
Service description
Cogram (www.cogram.com) develops a virtual coworker for companies that automates common tasks in and around meetings. Cogram’s core product is a SaaS platform that users can access with username, password, and two-factor login credentials. The Cogram application can connect with the user’s calendar, allowing the user to invite Cogram to meetings in Microsoft Teams, Zoom, or Google Meet, to:
- Automatically transcribe, summarize, and create structured minutes in meetings,
- track and assign action items,
- and automate typical tasks after meetings, such as drafting proposals or follow-up emails.
Meeting transcripts, notes, action items, and summaries are accessible to the user via the Cogram web application.
Annex 2
Data Processing Agreement
between
- Customer
- "Controller" -
- Cogram Inc., 2918 Avenue I #1036, Brooklyn, NY 11210, USA
- "Processor" -
- hereinafter each individually a “Party” and, collectively, the “Parties” -
This data processing agreement ("DPA") is part of the Order Former and the Terms and Conditions (“Principal Agreement”) between the Parties (together the “Agreement”). It specifies each Party’s data protection duties resulting from the data processing as described in detail in the Principal Agreement. It shall apply to any processing of personal data related to the Principal Agreement whereby employees of the Processor or persons appointed by the Processor have access to personal data of the Controller.
- Subject matter, duration and specification of the data processing
- The term of this DPA shall be based on the term of the Principal Agreement.
- The personal data shall be deleted at the end of the term of the Principal Agreement, insofar as they are not subject to any retention obligations.
- The nature and subject matter of the data processing is outlined in the Principal Agreement.
- The purpose of the data processing is outlined in the Principal Agreement.
- The following types and categories of personal data may be processed:
- Types of personal data
- master data of clients
- data of contact persons
- usage data
- address data
- meeting transcripts, including all data contained therein and derived from those transcripts (“meeting data”)
- Categories of data subjects
- clients
- employees
- suppliers
- other affiliates
- Scope and responsibility
- The Processor shall process personal data on behalf of the Controller. This includes data processing activities that are specified in the Principal Agreement and in the service description. The Controller shall be responsible for the compliance with the statutory provisions on data protection, in particular for the lawfulness of the data processing.
- The instructions shall initially be stipulated by the Agreement and may thereafter be amended, complemented or replaced by the Controller in writing or in text form to the office designated by the Processor (individual instructions). Instructions that go beyond the scope of the agreed performance shall be treated as a request for a change in performance.
- Duties of the Processor
- The Processor may process personal data of data subjects only within the scope of the Agreement and the documented instructions of the Controller. If the Processor is obliged by national or European law to process personal data in a manner that deviates from the above, the Processor shall - insofar as it is legally permissible - inform the Controller of this circumstance prior to processing the Controller’s personal data.
- The Processor shall structure the internal organization in the Processor’s area of responsibility to meet the requirements of applicable data protection law. The Processor shall take technical and organizational measures to protect the Controller's personal data against unauthorized access or use. A description of these technical and organizational measures is available on request. The measures shall be reasonably designed to ensure the confidentiality, integrity, availability and endurance of the systems and services regarding the data processing on a long-term basis. The Controller shall be familiar with these technical and organizational measures. The Processor shall be responsible for these measures providing a reasonable level of protection for the risks exposed by the data processing.
- The Processor reserves the right to change the technical and organizational measures taken; provided, however, that the Processor shall ensure that the level of protection does not fall below the level agreed upon.
- Within the Processor’s capabilities and the contractually agreed performance, the Processor shall support the Controller in responding to data subject requests and claims pursuant to applicable data protection law, including Chapter III of the GDPR, and in complying with the obligations set forth in Art. 33 to 36 of the GDPR.
- The Processor shall ensure that access to the Controller’s personal data is limited to those of the Controller’s employees who require access to such data for purposes of enabling the Processor to perform its obligations to the Controller, that such employees are provided access to only those parts of the personal data required for such performance, and that such employees are prohibited from processing the Controller’s personal data for any purpose other than pursuant to the Controller's instructions. Further, the Processor shall ensure that those persons authorized to process personal data have committed themselves to confidentiality and are obliged to keep the personal data confidential. The confidentiality and non-disclosure obligation shall continue to exist after termination of the Agreement.
- The Processor shall notify the Controller without undue delay upon becoming aware of a personal data breach. The Processor shall take all necessary measures to secure the personal data and to mitigate any possible adverse consequences for the affected data subjects. The Processor shall coordinate these measures with the Controller without undue delay.
- The Processor shall inform the Controller of the contact person responsible for data protection issues arising within the scope of the Agreement.
- The Processor shall implement and maintain appropriate technical and organizational measures designed to safeguard personal data against unauthorized or unlawful processing, access, copying, modification, storage, reproduction, display and distribution, and against accidental loss, destruction, unavailability or damage, and to comply with its obligations under applicable data privacy law, including Art. 32 (1) lit. d.) of the GDPR. The Processor shall implement a procedure to regularly review the effectiveness of the technical and organizational measures taken to safeguard the security of the data processing.
- The Processor shall correct or delete the Controller’s personal data if the Controller instructs the Processor to do so and if it is covered by the scope of instructions. If a data protection-compliant removal or a respective restriction of the data processing is not possible, the Processor shall carry out a data protection-compliant removal of data carriers and other media upon an individual request by the Controller, unless already otherwise specified in the Agreement.
- Data, data carriers and all other materials shall be either returned or deleted at the request of the Controller after termination of the Agreement. Subject to Sec. 4.3 of the Principal Agreement Processor may use the anonymized data for the further development of their services.
- In case of any processing outside the EU and the EEA by the Processor the Parties shall implement appropriate safeguards according to Art. 46 GDPR. The same shall apply in case Processor includes subcontractors as per Sec. 7 of this DPA.
- Duties of the Controller
- The Controller shall inform the Processor immediately and comprehensively as soon as he identifies any errors or irregularities in the data processing results with regard to data protection provisions.
- In the event of a data subject claim pursuant to applicable data privacy law, including Art. 82 of the GDPR, the Parties shall be obliged to mutually assist each other regarding the verification of the active legitimization in the defense of the claim. If any personal data transfer between the Controller and the Processor requires execution of Standard Contractual Clauses in order to comply with applicable data privacy law, the Parties will complete all relevant details in, and will execute, the required Standard Contractual Clauses and take all other actions required to legitimize the transfer, including implementing any required supplementary measures or supervisory authority consultations.
- The Controller shall inform the Processor of the contact person responsible for data protection questions arising within the scope of the Agreement.
- Requests by data subjects
If a data subject approaches the Processor with requests for rectification, erasure correction, or notification regarding their personal data, the Processor shall refer the data subject to the Controller, provided that a referral is feasible based on the information provided by the data subject, and the Processor shall cooperate with and assist the Controller in responding to any such request.
- Options for demonstrating compliance
- The Processor shall provide the Controller with evidence of compliance regarding the obligations under applicable data privacy law, including those set forth in Art. 28 of the GDPR, and in the DPA by suitable means. In order to demonstrate compliance with the latter, the Processor may provide the Controller with third-party audit reports or certificates as well as audit reports from the Processor’s data protection officer.
- If, in individual cases, audits by the Controller or an auditor commissioned by the Controller are deemed necessary, these audits shall be carried out during normal business hours without disturbing the Processor’s course of business and only after notification, allowing for a reasonable lead time. The Processor may make any audits conditional upon the signing of an appropriate non-disclosure agreement. If the third-party auditor commissioned by the Controller is in a competitive relationship with the Processor, the Controller shall not commission such auditor without the prior written consent of the Processor.
- If a data protection authority or any other supervisory authority of the Controller carries out an audit, Sec. 6.2 shall apply accordingly. It shall not be necessary to sign a non-disclosure agreement if the supervisory authority is subject to professional or statutory confidentiality where a breach is subject to prosecution.
- The Processor may demand reasonable remuneration for his assistance in carrying out an audit pursuant to Sec. 6.2 or 6.3, unless the purpose of the audit was an urgent suspicion of a data protection breach in the Processor’s area of responsibility, or any other breach of the DPA by the Processor. In this case, the facts leading to the suspicion shall be submitted by the Controller along with the notice of the audit.
- Subcontractors (further processors)
- The Controller agrees that the Processor may use subcontractors. The Processor shall notify the Controller in writing within a reasonable period of time before engaging or replacing a subcontractor. The Controller may only object to the Processor’s use of any subcontractor for good cause. Any objection must be submitted no later than two weeks after notification and must explicitly include all relevant reasons. If no objection is submitted within this period, consent shall be deemed to have been given. Subcontractors and partial services listed below that already existed prior to conclusion of the Agreement will not be subject to any separate notification. The Controller has no right of objection regarding these subcontractors.
- Subcontractors processing Meeting Data
- Microsoft Corporation, located at One Microsoft Way, Redmond, WA 98052-6399, USA
- Amazon Web Services Inc., located at 410 Terry Avenue North Seattle, WA 98109 USA
- Other subcontractors may be used to process data that is not Meeting Data, such as emails, user IDs, or credit card information. These include Google Cloud, Segment.io, FullStory, Inc., Stripe, Inc., Zendesk, Inc., Raintank Inc. (dba Grafana Labs), or Elastic Inc (Close CRM).
- If the Processor engages a subcontractor, the Processor shall be obliged to delegate its data protection obligations pursuant to the DPA directly to the subcontractor.
- Upon written request of the Controller, the Processor shall at any time provide information about the data protection obligations of the Processor’s subcontractors.
- Information requirement, written form, choice of law
- If personal data held by the Processor is at risk due to attachment or seizure, insolvency or settlement proceedings or other legal measures taken by third parties against the Processor, the Processor shall notify the Controller with undue delay. Further, the Processor shall immediately notify all persons in charge of aforementioned legal measures about the fact that the sovereignty over and ownership of the data rests exclusively with the Controller.
- Any amendments and additions to the DPA and all its components - including any assurances of the Processor - shall require a separate written agreement between the Parties, explicitly stating that it is an amendment or addition to the DPA. Such agreements may be entered into in electronic form. The same shall also apply to the waiver of any such written form requirement.
- In the event of conflicting provisions, the provisions of the DPA shall take precedence over the provisions of the Principal Agreement. If provisions of the DPA are invalid, such invalidity shall not affect the validity of the remaining parts of the DPA.
- If the Parties have already entered a data processing agreement for the purposes of aforementioned data processing in the past, this DPA shall replace previous agreement(s).
- The DPA is subject to the applicable laws as agreed upon in the Principal Agreement.
* * *