THESE END USER TERMS of service are entered into between AuditBoard and Client (as defined below). By using the Service, Client accepts the terms of this Agreement, which is binding and enforceable like any written agreement signed by Client. Client should not commence use of the Service in any manner if it does not agree with the terms of this Agreement. Client shall be bound by the terms of this Agreement upon any use by its Users. By using the Service, each User represents that it has the authority to enter into this agreement and bind the Client. AuditBoard and Client may be collectively or individually referred to as the "Parties" or "Party" below.

TERMS AND CONDITIONS

1. DEFINITIONS. The following definitions shall apply as used in the Terms and Conditions:
   1. "Affiliate" means with respect to a Party to this Agreement, any entity that directly or indirectly controls, is controlled by or is under common control with such Party. "Control", "controls", or "controlled" with respect to this definition of "Affiliate" means the ability to direct the management and policies of an entity, whether through the ownership of a majority share of voting securities, by contract or otherwise.
   2. "Agreement" means these End User Terms of Service and any attachments or exhibits thereto.
   3. "Applicable Law" means all local, state, national and foreign laws, treaties and regulations, including those related to data privacy, international communications and the transmission of technical or personal data each as applicable to the performance, delivery or use of the Service by a Party.
   4. "AuditBoard" means AuditBoard, Inc., a Delaware corporation with a place of business at 12900 Park Plaza Drive, Suite 200, Cerritos, CA 90703.
   5. "Client" means the entity using the Service under these terms in connection with such entity's relationship with Grant Thornton LLP.
   6. "Client Data" means (i) all data and other information supplied by or on behalf of Client for the Service, and (ii) all data or other information created by AuditBoard, through the Service or otherwise, from any data or other information supplied by or on behalf of Client for the Service.
   7. "Intellectual Property Rights" means unpatented inventions, patent applications, patents, design rights, copyrights, trademarks, service marks, trade names, domain name rights, mask work rights, know-how and other trade secret rights, and all other intellectual property rights, derivatives thereof, and forms of protection of a similar nature anywhere in the world
   8. "Service" means the proprietary AuditBoard software products and modules made available directly to Client under the Agreement including the website through which Client accesses such software products and modules and any audio or visual information, documents, text, images, data or other software or services offered by AuditBoard directly to Client in connection therewith.
   9. "User" or "Users" means the Client and Client's employees, agents, consultants each (i) who are under the direction or supervision of Client's internal audit or compliance functions and (ii) who are authorized to use the Service and have been supplied User identifications and passwords by Grant Thornton LLP or AuditBoard.
2. LIMITED USER ACCESS
   1. Client understands that AuditBoard hereby grants Client a non-transferable, non-exclusive right to use and access the Service, solely for Client's own internal business purposes and only in connection with Client's relationship with Grant Thornton LLP, subject, at all times, to this Agreement. All rights not expressly granted to Client are reserved by AuditBoard and its licensors. Client shall not (i) license, sublicense, sell, resell, distribute, or otherwise commercially exploit or make any part of the Service available to any non-User third party; (ii) modify or make derivative works based upon any part of the Service; (iii) "frame" or "mirror" any part of the Service on any server or wireless or Internet-based device; (iv) knowingly interfere with or disrupt the integrity or performance of the Service or the data contained therein; (v) provide any protected health information (as defined under the Health Insurance Portability and Accountability Act and the Health Information Technology for Economic and Clinical Health Act, both as amended, including their implementing regulations promulgated at 45 C.F.R. Parts 160 and 164), payment card information, or information relating to identified or identifiable individuals other than Users ("Highly-Sensitive Data"); (vi) attempt to gain unauthorized access to the Service or its related systems or networks; (vii) reverse engineer or otherwise attempt to discover the underlying source or object code, structure or ideas of the Service; or (viii) share login credentials between more than one individual User (collectively, the "Usage Restrictions"). Client is responsible for activity of all its Users under the Agreement and shall take all commercially reasonable steps to prevent unauthorized access to or use of the Services and notify AuditBoard promptly of any such unauthorized access or use.
   2. Client understands and agrees that the Service is not designed to any specific security requirements for Highly Sensitive Data. Client is responsible for determining if the Service meets Client's needs with regard to the data and information Client intends to load into the Service.
   3. As applicable, and upon Client's request and consent, Grant Thornton LLP may provide access to the Services to Client's external auditors or other professional advisors. Such access will be limited to "view only" for informational purposes only. Neither Grant Thornton LLP nor AuditBoard make any representation or warranty and assume no liability in regard to the sufficiency, appropriateness or service level of such access or information for such external auditors' or professional advisors' purposes.
3. INTELLECTUAL PROPERTY RIGHTS; OWNERSHIP
   1. Client acknowledges and understands that, as between the Parties, AuditBoard is the sole owner of all rights, title and interest in and to the Service, including, without limitation, all Intellectual Property Rights therein, and Client shall have no rights, title or interest therein or thereto other than the limited right to use and access expressly set forth herein. Client understands that AuditBoard considers the Service to be a trade secret. AuditBoard name, the AuditBoard logo, and the product names associated with the Service are trademarks of AuditBoard or third parties, and no right or license is granted to use them.
   2. AuditBoard acknowledges and understands that, as between the Parties, Client is the sole owner of all rights, title and interest in and to the Client Data, including, without limitation, all Intellectual Property Rights therein, provided that Client hereby grants AuditBoard a limited license to use, copy and store Client Data in order to perform its obligations or exercise its rights herein.
   3. Client understands and agrees that all materials developed by AuditBoard that are related to or comprise the Service, including but not limited to, all software modifications, customizations, developments, specifications, updates and upgrades, derivative works based on the Service are created by AuditBoard for AuditBoard to benefit its customers and shall be and remain the property of AuditBoard, and Client shall not obtain any rights or interest therein. At their discretion, Users may choose to submit comments or ideas related to the Service, including, without limitation, about how to improve the Service ("Ideas"). Client agrees the AuditBoard has all rights to use, disclose and incorporate Ideas into the Service without restriction or payment to Client.
4. RESPONSIBILITIES, REPRESENTATIONS AND WARRANTIES
   1. By using the Service, each Party represents and warrants that it has the legal power and authority to enter into this Agreement.
   2. When used in accordance with this Agreement, AuditBoard represents and warrants that the Service shall (i) comply with Applicable Laws, and (ii) perform and be provided in accordance with generally accepted industry standards.
   3. Client is solely responsible for all use of Client's User accounts. Client represents and warrants that (i) Client shall only use the Service in accordance with Applicable Laws, the Agreement, the terms of its agreement with Grant Thornton LLP and any relevant documentation provided by AuditBoard and (ii) Client will not, and will not permit any third party to upload, download, post, submit, provide, transmit, distribute, or otherwise make available to or through the Services any Client Data that (A) is unlawful, infringing, deceptive, fraudulent, invasive of another's privacy, tortious, obscene, or that otherwise violates any other right of any third party, including any intellectual property, proprietary, or privacy rights, or that is otherwise inappropriate, as determined by AuditBoard in its sole discretion; (B) contains any viruses, code, files, or programs designed or intended to disrupt, damage, limit, or interfere with the proper function of any software, hardware, or telecommunications equipment or that is or can be otherwise malicious or disruptive; or (C) contains any Highly Sensitive Data. Client acknowledges and agrees that AuditBoard is not a "Business Associate" under HIPAA and will not provide any protected health information to AuditBoard.
5. OTHER SERVICES Any other services by AuditBoard to Client shall be provided only under a separate written agreement between Client and AuditBoard.
6. TERM AND TERMINATION. Unless earlier terminated, this Agreement is effective as of Client's first use of the Service and apply so long as both of the following conditions are met: (i) Grant Thornton LLP has the right to provide access to the Service to Client under the terms of its agreement with AuditBoard and (ii) Grant Thornton LLP elects to provide access to the Service under its agreement with the Client . AuditBoard reserves the right to immediately suspend any User account or right to use and access the Service for breach of the Usage Restrictions. In all other circumstances, either Party may terminate this Agreement or the relevant Order for: (i) a material breach by the other Party that is not cured within thirty (30) days after written notice of such material breach, or (ii) if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors.
7. DISCLAIMER.
   1. WITH THE EXCEPTION OF THE REPRESENTATIONS SET FORTH IN THIS AGREEMENT, AUDITBOARD AND ITS LICENSORS MAKE NO REPRESENTATION, WARRANTY OR GUARANTY WHATSOEVER AND DISCLAIMS, TO THE MAXIMUM EXTENT PERMITTED BY LAW, ALL WARRANTIES, WHETHER EXPRESS, IMPLIED OR STATUTORY INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY, SATISFACTORY QUALITY, NON-INFRINGEMENT OR FITNESS FOR A PARTICULAR PURPOSE.
   2. CLIENT ASSUMES ALL RESPONSIBILITIES AND RISKS, FOR ITSELF AND ALL USERS, REGARDING THE PREPARATION, ACCURACY, REVIEW AND USE OF RESULTS OBTAINED THROUGH USE OF THE SERVICE, AND ANY DECISIONS OR ADVICE MADE OR GIVEN TO ANY PARTY BASED ON THE USAGE OF THE SERVICE. AUDITBOARD AND ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SUBCONTRACTORS AND SUPPLIERS ARE NOT ENGAGED IN RENDERING AUDITING, ACCOUNTING, LEGAL OR OTHER PROFESSIONAL OR EXPERT ADVICE AND ARE NOT RESPONSIBLE FOR HOW THE SERVICE IS USED, THE RESULTS AND ANALYSIS DERIVED BY CLIENT BY USE OF THE SERVICE AND ANY DECISIONS THE CLIENT MAY MAKE BASED ON THE CLIENT'S USAGE OF THE SERVICE.
8. INDEMNIFICATION. Client shall indemnify and hold AuditBoard, and its Affiliates, officers, directors, employees, attorneys and agents harmless from and against claims and associated finally awarded costs and damages and reasonable expenses (including attorneys' fees and costs) arising out of (i) a claim alleging that the Client Data infringes the rights of, or has caused harm to, a third party; or a (ii) a claim, which if true, would constitute a violation by Client of this Agreement, including, without limitation, Client's representations and warranties; provided in any such case that AuditBoard (a) promptly gives written notice of the claim to Client; (b) gives Client sole control of the defense and settlement of the claim (provided that Client may not settle any claim unless it unconditionally releases AuditBoard of all liability); (c) provide to Client all reasonable information and assistance; and (d) have not compromised or settled such claim.
9. CONFIDENTIALITY. AuditBoard agrees that any information or data disclosed by Client that a reasonable person under similar circumstances would consider confidential in nature, including, without limitation, all Client Data, is Client's “Confidential Information.” Client agrees that in addition to all data and other information disclosed by AuditBoard that a reasonable person under similar circumstances would consider confidential in nature, the pricing and the Service are “Confidential Information” of AuditBoard. The Parties' confidential information are hereafter collectively referred to as "Confidential Information." The Parties agree to use the same care and discretion to protect Confidential Information of the other Party as it employs with similar information of its own (but in no event less than reasonable care). Each Party may only disclose Confidential Information of the other Party to its employees, agents, or contractors who need access for purposes consistent with this Agreement and who are bound to confidentiality terms containing protections no less stringent than those contained herein. Neither Party may disclose, copy, sell, assign, lease, rent or otherwise transfer Confidential Information to any third party without the prior written consent of the other Party. Each Party agrees that any actual or threatened use or disclosure of Confidential Information by the other Party in a manner inconsistent with this Agreement may cause the owner irreparable damage for which remedies other than injunctive relief might be inadequate, and the disclosing Party agrees that the owner may seek injunctive or other equitable relief restraining such prohibited use or disclosure.
10. DATA SECURITY.
    1. Each Party shall: (i) notify the other Party without undue delay of any unauthorized copying, distribution, disclosure or processing of any Confidential Information (each a "Data Security Incident") upon becoming aware of such Data Security Incident; and (ii) report to the other Party promptly thereafter with such details as the other Party may reasonably require regarding such Data Security Incident; and (iii) use reasonable efforts to immediately stop any unauthorized copying, distribution, disclosure or processing of a Party's Confidential Information.
    2. In providing the Service, AuditBoard utilizes the services of Microsoft Corporation and Amazon Web Services, Inc. to provide certain cloud-based hosting services ("Cloud Hosting Providers"). Client consents to AuditBoard's use of the Cloud Hosting Providers in performing its obligations hereunder. AuditBoard and its Cloud Hosting Providers may record and collect information related to account activity (e.g. standard web analytics, which includes but is not limited to latency, packet size, hops, and source destination) in the course of providing the Services, but may only use such information for internal business purposes (including, but not limited to, improving the services and/or fulfilling its rights and obligations under this Agreement). Any such recorded or collected information is anonymized and aggregated and remains subject to Section 12.
    3. AuditBoard shall maintain appropriate administrative, physical, and technical safeguards designed to protect the security of the Services and Client Data in accordance with the AuditBoard Security Standards available at https://www.auditboard.com/customer-security-terms. If Client's use of the Services involves processing personal data pursuant to Regulation 2016/679 (the “GDPR”) and/or transferring personal data outside the European Economic Area or Switzerland to any country not deemed by the European Commission as providing an adequate level of protection for personal data, the terms of the data processing addendum shall apply to such personal data and be incorporated into the Agreement upon the execution and submission of the data processing addendum. AuditBoard's data processing addendum will be provided upon request. If this Agreement is terminated, AuditBoard will provide a file of the Client Data in a mutually agreed format within thirty (30) days of termination if Client so requests at the time of termination. Client agrees and acknowledge that AuditBoard has no right or obligation to retain Client Data more than thirty (30) days after termination or expiration and will destroy Client Data in its possession or control thirty (30) days after termination or expiration of this Agreement.
11. LIMITATION OF LIABILITY. IN NO EVENT SHALL AUDITBOARD'S AGGREGATE LIABILITY TO CLIENT UNDER THIS AGREEMENT FOR DIRECT DAMAGES EXCEED $10,000. IN NO EVENT SHALL AUDITBOARD OR ITS LICENSORS BE LIABLE TO CLIENT FOR ANY INDIRECT, PUNITIVE, SPECIAL, EXEMPLARY, INCIDENTAL, CONSEQUENTIAL OR OTHER DAMAGES OF ANY TYPE OR KIND (INCLUDING LOSS OF DATA, REVENUE, PROFITS, USE OR OTHER ECONOMIC ADVANTAGE) ARISING OUT OR IN ANY WAY CONNECTED WITH THIS SERVICE, ANY INTERRUPTION, INACCURACY, ERROR OR OMISSION, REGARDLESS OF CAUSE, EVEN IF AUDITBOARD HAS BEEN PREVIOUSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Certain states and/or jurisdictions do not allow the exclusion of implied warranties or limitations of liability for incidental, consequential or certain other types of damages, and to that extent, the exclusions set forth above may not apply to Client.
12. MISCELLANEOUS.
    1. Client agrees that AuditBoard is acting as an independent contractor in the performance of all services provided hereunder and no joint venture, partnership, employment, or agency relationship exists between Client and AuditBoard.
    2. As between AuditBoard and Client, this is the entire Agreement of the parties relating to this subject and it supersedes all other commitments, negotiations and understandings and the obligations of AuditBoard contained herein are controlling. Any terms between Grant Thornton LLP and Client are not binding on AuditBoard and Grant Thornton may not modify the terms contained and the rights and obligations between AuditBoard and Client set forth herein. This Agreement cannot be amended except by a writing signed by both Parties. This Agreement cannot be assigned without written consent of the non-assigning party, except that AuditBoard may assign this Agreement (a) to an acquirer of substantially all of that party's assets, stock or business by sale, merger or otherwise or (b) to an Affiliate. All provisions of this Agreement which by their nature should survive termination or expiration, will survive the expiration or termination of this Agreement. Any claims (in court or arbitration) must be brought in the initiating Party's individual capacity and not as a plaintiff or member in any class action or other similar proceeding.
    3. Neither Party will be liable to the other for any delays or failure in performance of any obligation under this Agreement in the event of and for so long as the performance of any such obligation is prevented or delayed by any cause beyond the reasonable control of such party, provided that the Party prevented or delayed from performance immediately notifies the other Party of such disability and resumes performance as soon as possible following removal of the disability.
    4. This Agreement is made in and shall be governed by the laws of the State of California without reference to conflicts of laws.
    5. Any action arising under or related to this Agreement will be resolved in the state or federal courts (and the parties hereby consent to personal jurisdiction) in the County of Los Angeles, California. The prevailing Party is entitled to recover all reasonable fees, costs and expenses of enforcing its rights, including reasonable attorneys' fees.
    6. No third party is intended to be, and no third party shall be, a third-party beneficiary of this Agreement.
    7. Any notice required under this Agreement shall be made in writing. If to AuditBoard, notice shall be sent to 12900 Park Plaza Dr., Suite 200, Cerritos, CA 90703, USA ATTN: Legal Department. If to Client, notice shall be sent to the address you have on record with Grant Thornton LLP. Notices shall be deemed given upon receipt.