Product-Specific Terms

Where Customer orders any of the Red Sift Products set out below, the relevant Product-Specific Terms applicable to that Red Sift Product supplement the Red Sift Terms, the Red Sift Cloud Master Services Agreement, or any other agreement entered between Customer and Red Sift under which Customer purchases a subscription to use such Red Sift Products (the “Agreement”). These Product-Specific Terms are incorporated into and form a binding and effective part of the Agreement. Unless otherwise defined in these Product-Specific Terms, all capitalised terms in these Product-Specific Terms shall have the meaning given to them in the Agreement. To the extent of any conflict or inconsistency between these Product-Specific Terms and the Agreement, these Product-Specific Terms shall govern and prevail in respect of the Red Sift Products to which they apply.

1.                     RED SIFT RADAR

1.1                 AI Services. Customer acknowledges and agrees: (a) Red Sift Radar incorporates functionality of certain third-party machine learning and artificial intelligence systems and models (“AI Services”), including those made available by OpenAI; (b) by using Red Sift Radar, Customer is authorising and instructing Red Sift to share certain Customer Data (including any inputs to Red Sift Radar) with the relevant providers of such AI Services to the extent necessary to facilitate such functionality and the operation of Red Sift Radar; and (c) such AI Services are not under Red Sift’s direct control and Red Sift will have no liability for any unavailability or failure of any AI Services, nor any third-party provider’s decision to discontinue, suspend or terminate any AI Services.

1.2                No Training. Red Sift will not, and shall not authorise any other person to, use any Customer Data to create, train, refine or improve any AI Services.

1.3                AI Services Guidelines. With respect to its use of Red Sift Radar, Customer agrees to comply with any terms, guidelines or policies that any third-party provider of the AI Services may publish from time to time as applicable to Customer’s use of Red Sift Radar, including OpenAI’s Service Terms, Sharing & Publication Policy, Usage Policies,.

1.4               DISCLAIMER. To the fullest extent permitted by law, Red Sift expressly disclaims any and all express or implied conditions, warranties, representations, undertakings, or other terms of any nature relating to the AI Services, and Red Sift does not warrant, represent, endorse, support or guarantee the completeness, truthfulness, accuracy, originality, reliability, performance, appropriateness, fitness for purpose or any other attributes of any outputs from Red Sift Radar that are generated based on Customer’s Inputs to Red Sift Radar (“Outputs”).

1.5                Outputs. Red Sift is not responsible for reviewing or attempting to verify the accuracy or currency of the content of any such Outputs, and Customer shall be solely responsible for evaluating the fitness of any such Outputs as appropriate for Customer’s specific use case. Furthermore, Customer acknowledges that it should not take any action in reliance upon any such Outputs without prior human intervention, review and approval.  

1.6                Restrictions. Customer will not do or attempt (nor authorize or permit any third party, including Authorized Users) to: 

(i)              (re)create, access, inspect or derive any underlying models (including architectures, weights, (hyper)parameters, coefficients, embeddings, calibrations and algorithms (whether or not, instantiated in software code)), and/or data used to train or create those models, which are part of any AI Services made available thereby (including as part of any so-called ‘model extraction’, ‘model inference’ or ‘model inversion’ techniques or similar); or

(ii)             automatically share, publish or take any action in reliance upon any Outputs (as defined below) without prior human intervention, review and approval.

2.                    RED SIFT BRAND TRUST – FACE DETECTION

2.1                Additional Definitions. As used in these Product-Specific Terms, the following terms shall have the following meaning: (a) “Biometric Information” means “biometric identifiers,” “biometric information”, “biometric data” or any similar term defined in Applicable Data Protection Laws (as defined in the Red Sift DPA), and Biometric Information includes a scan of face (including as captured from images and used for unique identification purposes as part of the Brand Trust Face Detection offering) and any information, regardless of how it is captured, converted, stored, or shared, based on such data; and (b) “Biometric Privacy Laws” means the Illinois Biometric Information Privacy Act, the Texas Capture or Use of Biometric Identifiers Act, Tex. Bus. & Com. Code Ann. § 503.001, the Washington H.B. 1493, RCW 19.375, and any other laws relating to the privacy, security or Processing (as defined in the Red Sift DPA) of Biometric Information. Furthermore, the Parties acknowledge and agree that the Biometric Privacy Laws constitute Applicable Data Protection Laws for the purposes of the definition of that term in the Red Sift DPA.

2.2               Biometric Processing. To the extent Customer submits images of natural persons for Processing as part of the Brand Trust Face Detection offering, Customer acknowledges and agrees that Biometric Information will be created and Processed by and on behalf of Red Sift, and that Red Sift’s Processing of Biometric Information in connection with provision of the Brand Trust Face Detection offering is solely for the purpose of providing that offering to, and for the benefit and on behalf of, Customer. Customer is solely responsible for complying with all applicable data retention and destruction requirements, including as applicable to Biometric Information under applicable Biometric Privacy Laws, and other Applicable Data Protection Laws.

2.3               Consents and Notices. Without limiting any more general terms and conditions of the Agreement, Customer warrants and represents (at all relevant times) that it has, and further undertakes that it shall, as a condition to its right to use the Brand Trust Face Detection offering, have:

(i)              presented all individuals whose image or likeness is submitted to the Brand Trust Face Detection offering, and whose Biometric Information will therefore be Processed as part of Brand Trust Face Detection offering, with all required notices and statements; and

(ii)             obtained all required consents and authorisations from such individuals, relating to the Processing of their Personal Data and Biometric Information (including by Red Sift) as part of the Brand Trust Face Detection offering as contemplated by the Agreement and this DPA, including under and in compliance with all Biometric Privacy Laws and any other Applicable Data Protection Laws. Customer shall maintain auditable records of all such consents referred to in (ii) and shall make such records available to Red Sift upon request.

2.4              Customer Warranties and Obligations. Customer warrants and represents on an ongoing basis, and further undertakes that: (a) the only persons whose images or likenesses are submitted to the Brand Trust Face Detection offering by or on behalf of Customer are, at the time of such submission, an employee or officer of Customer; (b) such persons are not residents of any of the following U.S. states: Illinois, Texas or Washington; and (c) it has and shall continue to have at all relevant times, all necessary rights, power, consents and authority to submit all images or likenesses that are submitted to the Brand Trust Face Detection offering by or on behalf of Customer.

2.5              Indemnity. Customer shall, at all times during and after the term of the Agreement, indemnify and hold harmless Red Sift and its Affiliates, and its and their employees, officers, directors, and agents (together, the “Red Sift Indemnified Parties”) from and against all liabilities, losses, damages, costs, fines and other expenses (including legal costs and fees) suffered or incurred by any of them as a result of or in connection with any third party claim against any Red Sift Indemnified Party arising out of any breach by Customer of Sections 2.3 and 2.4 of these Product-Specific Terms. Any and all limitations on, or exclusions of, liability set out in the Agreement shall not apply to liability arising under or in connection with the indemnity set out in this Section 2.5 of these Product-Specific Terms.

3.                    RED SIFT BRAND TRUST – TAKEDOWN SERVICES

3.1                Additional Definitions. As used in these Product-Specific Terms, the following terms shall have the following meaning: (a) “Properties” means any: (1) internet domain names, web addresses, uniform resource locators, or similar; (2) handles, usernames or account names or identifiers associated with accounts, profiles, pages, feeds, registrations and other presences on or in connection with any social media, social networking website, marketplaces or other similar online service; and (3) email addresses, email sending domains, email-related services, or similar properties and services used for sending, receiving, or managing email communications; (b) “Notified Properties” means those Properties which Customer notifies Red Sift should be taken down as part of the Takedown Services (e.g., by clicking ‘Apply For Takedown’ or similar within the Red Sift Products); and (c) “Takedown Services” means those services available as part of the Brand Trust Takedown offering, which involve those procedures and actions to be taken by or on behalf of Red Sift on behalf of Customer to remove or disable access to or the certain Notified Properties hosted or maintained by certain third parties as those procedures, actions and those third parties are more fully contemplated by the authorisation granted by Customer pursuant to Section 3.2 of these Product-Specific Terms.

3.2               Authorisation. Customer hereby authorises Red Sift as the Customer’s agent to perform the Takedown Services with respect to the Notified Properties in its name and on its behalf, and to authorise its appointed delegates, substitutes and sub-agents to do the same, including to:

(i)              send take-down notices to the operators of hosting providers, domain name registrars, social media sites, platforms, marketplace operators or similar, email service providers, certificate authorities, internet service providers, search engines, or their agents or legal representatives;

(ii)             send notices and cease-and-desist letters to the owners, domain name registrants, hosting providers of the websites, platforms or similar (including their agents or legal representatives) and on which any such Notified Property is hosted or maintained (including to send follow-up communications to pursue the required compliance, to send complaint retraction notices, and to send correspondence (including responses) to individuals or companies sharing infringing content relevant to the Notified Properties thereon);

(iii)            send notices to Registries, Registrars, Domain Name Server providers, Content Delivery Networks, Pay Per Click Ads platforms, Secure Sockets Layer certificate providers, ICANN, Payment Service Providers, Law Enforcement Authorities and Agencies, Market and Consumer Authorities, Digital Service Coordinators, Reputation Block Lists, IP Transit Providers, Regional Internet Registries, or similar (including their agents or legal representatives), and to file WHOIS disclosure requests and complaints with Data Protection Authorities; 

(iv)           to investigate possible unauthorized distribution or selective distribution, MAP, parallel import and any other applicable trademark violations of relevant products by monitoring product offerings online marketplaces, website and social media platforms worldwide, including to send notices to sellers of such products and, where applicable, to the operators of these online platforms where such products are offers, to send follow-up communication to pursue the required compliance, and to send responses to communication by individuals or companies offerings these products on these online platforms; and

(v)            investigate possible violations of any platform operators, website owners, domain name registrants, hosting providers and Registrars or other relevant aforementioned persons’ terms, conditions and policies, and to send notices to any aforementioned persons requiring their actions to comply with the relevant terms, conditions and policies (including to send follow-up communication to pursue the required compliance, and to send correspondence (including responses) to individuals or companies sharing infringing content relevant to the Notified Properties thereon).

3.3              Fees. Customer shall be invoiced for all costs that are related to goods or services that are purchased by Red Sift for the purpose of investigating an infringement within the scope of its Brand Trust services and as instructed by the Customer.

3.4              Power of Attorney. As a condition to being able to use, and to Red Sift’s performance obligations with respect to the Brand Trust Takedown offering, Customer must have entered into a duly-executed power of attorney in favour of Red Sift in the form provided to Customer by Red Sift to authorise Red Sift and its delegates, substitutes and sub-agents to perform the Takedown Services with respect to the Notified Properties in its name and on its behalf.

3.5              Subcontracting. Notwithstanding anything to the contrary in the Agreement, Customer acknowledges and agrees that Red Sift may subcontract performance of the Brand Trust Takedown offering; provided that Red Sift will remain liable for any actions or omissions of any appointed sub-contractors with respect to such delegated performance as if such actions or omissions were Red Sift’s own.

3.6              Warranties. Customer warrants and represents on an ongoing basis that: (a) it has, and undertakes that it shall continue to have, at all relevant times, all necessary rights, power, consents and authority to authorise Red Sift to provide the Takedown Services; and (b) it is the owner of all rights (including Intellectual Property Rights) in and to the Notified Properties.

3.7               Indemnity. Customer shall, at all times during and after the term of the Agreement, indemnify and hold harmless Red Sift and its Affiliates, and its and their employees, officers, directors, agents (together, the “Red Sift Indemnified Parties”) from and against all liabilities, losses, damages, costs, fines and other expenses (including legal costs and fees) suffered or incurred by any of them as a result of or in connection with any third party claim against any Red Sift Indemnified Party arising out of: (a) any breach by Customer of Section 3.6 of these Product-Specific Terms; or (b) Red Sift’s or any of its appointed delegates’, substitutes’ and sub-agents’ performance of the Takedown Services on Customer’s behalf Any and all limitations on, or exclusions of, liability set out in the Agreement shall not apply to liability arising under or in connection with the indemnity set out in this Section 3.7 of these Product-Specific Terms.

3.8              NO LEGAL ADVICE; NO DUTY OF CARE. Customer acknowledges and agrees that Red Sift is not a law firm nor otherwise qualified or competent to give any legal advice. No part of the Takedown Services or any performance under this Agreement by or on behalf of Red Sift constitutes legal or any other form of professional advice. Red Sift does not accept, nor does it assume, any duty of care to Customer nor any other person in relation to performance of the Takedown Services. Customer warrants and represents that it has taken appropriate legal advice from a qualified and experienced legal professional prior to clicking ‘Apply For Takedown’ or similar within the Red Sift Products or otherwise electing to use the Takedown Services with respect to any Properties.

4.                   RED SIFT VERIFIED MARK CERTIFICATES – VMC SERVICE

4.1               Additional Definitions. As used in these Product-Specific Terms, the following terms shall have the following meaning: (a) Verified Mark Certificates (“VMC”) means a digital certificate that verifies the authenticity of a brand's logo displayed alongside their emails in supported email clients, such as those implementing the BIMI standard and (b) Brand Indicators for Message Identification (“BIMI”) means a specification enabling the display of brand logos alongside authenticated email messages in supported email clients.

4.2              Red Sift Responsibilities.  In addition to its responsibilities set out in the Red Sift Terms, Red Sift agrees, solely in respect of ’Customer's purchase of the VMC Service, throughout the VMC Subscription Period to (a) manage the application, support and VMC renewal processes through Red Sift’s OnDMARC service; (b) provide support of the VMC in accordance with Red Sift’s standard support terms; (c) maintain the VMC issuance state for Customer on renewals; and (d) enable Customer to manage the BIMI Txt record.

4.3              Customer Warranties and Obligations.  Customer shall (a) provide Red Sift with all necessary co-operation and access to such information as may be required by Red Sift in order to render its VMC Service in a timely and efficient manner (b) ensure they have an active and valid registered trademark in the applicable jurisdiction (c) own the domain(s) associated with the email addresses that will use the VMC and (d) have a Domain-based Message Authentication, Reporting, and Conformance (“DMARC”) set to either “quarantine” or “reject” (e) configure their domain to support the BIMI standard.

4.4             VMC Readiness Requirement and Order Expiration. Customer acknowledges and agrees that it must fulfil the necessary prerequisites to apply for its VMC within twelve (12) months from the date of the Order (the "Readiness Period"). These prerequisites include, but are not limited to:

(i)              Establishing a valid and enforceable DMARC policy at enforcement level (e.g., "quarantine" or "reject").

(ii)             Possessing and maintaining ownership or licensing rights to the brand logo intended for use with the VMC.

(iii)            Meeting any additional requirements specified by the VMC certification authority.

If the Customer fails to satisfy these prerequisites and does not apply for its VMC within the Readiness Period, the Order shall automatically expire, and the Customer will forfeit any associated rights, including any fees paid, unless otherwise agreed in writing by Red Sift. Red Sift is not responsible for any delays or failures by the Customer to meet these requirements within the specified timeframe.

4.5              Third Party Dependencies.  Customer accepts and agrees that Red Sift is dependent on third party accredited Certificate Authorities to issue VMC’s and whilst it shall use all reasonable endeavours to perform its obligations with respect to the VMC Service in a timely manner, time shall not be of the essence in the performance of its responsibilities set out in these Product-Specific Terms.