Terms of Use for a Humu Trial

Date: April 16, 2021

Please read these Terms of Use for a Humu Trial (“Terms”) carefully before using the Humu Trial product and services offered by Humu, Inc. (“Humu”). You (“Customer”) indicate your agreement to these Terms by executing a document that references them. If you are agreeing to these Terms on behalf of Customer, you represent to Humu that you have legal authority to bind Customer.

1. Humu Services

1.1 Provision of Services

The Humu Trial product and services offered by Humu (“Services”) include human resources-related technology services that may allow Customer and its authorized employees and officers (“Users”) to: (i) participate in human resource diagnostics; (ii) use Humu’s software platform as developed and improved by Humu (“Humu Platform”). Humu shall make the Services available to you in accordance with these Terms and each applicable Order.

1.2 License Grant by Humu

Humu hereby grants you a revocable, worldwide, non-exclusive license for the Subscription Term of the applicable Order to access and use the Services solely for your non-commercial internal business purposes. Neither these Terms nor your use of the Services grants you ownership in the Services or the content you access through the Services (other than your Content). These Terms do not grant you any right to use Humu’s trademarks or other brand elements.

2. Your Content

2.1 You Retain Ownership of Your Content

You retain ownership of all of your intellectual property rights in your Content, which includes your registration data, information and other materials (“Customer Content”) including information that its Users create, upload, submit, post or otherwise make available to Humu through the Services (“Employee Content”). Humu does not claim ownership over any of your Content. These Terms do not grant Humu any licenses or rights to your Content except for the limited rights needed for us to provide the Services, and as otherwise described in these Terms.

2.2 Limited License to Your Content

You grant Humu a worldwide, royalty free, non-exclusive license to use, reproduce, distribute, adapt, create derivative works, make publicly available, and otherwise exploit your Content, but only for the limited purposes of providing the Services to you, which may include security monitoring, verification of data integrity, and using data regarding the use of the Services n order to make improvements to the performance of the Services. You grant to Humu a worldwide, perpetual, irrevocable, royalty-free license to use and incorporate into the Services any suggestion, enhancement request, recommendation, correction or other feedback provided by you or Users relating to the operation of the Services.

3. Security, Privacy and Confidentiality

3.1 Security and Privacy

Humu uses reasonable security technologies in providing the Services. As a data processor, Humu will implement technical and organizational measures referenced in the Data Processing Agreement attached hereto as Addendum A (“DPA”) to secure personal data processed in the Services in accordance with applicable data protection law.

3.2 Confidentiality

“Confidential Information” means all information disclosed by a party (“Disclosing

Party”) to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Confidential

Information of Customer includes Customer Data; Confidential Information of Humu includes the Services and Content, and the terms and conditions of this Agreement and all Order Forms. Confidential Information of each party includes business and marketing plans, technology and technical information, product plans and designs, and business processes disclosed by such party. The Receiving Party will hold in confidence and not disclose to any third party any Confidential Information of the disclosing party, except as approved in writing by the Disclosing Party or otherwise permitted by these Terms.

Confidential Information shall not include information that: (a) is or becomes generally known or publicly available through no fault of the receiving party; (b) is known by or in the possession of the receiving party prior to its disclosure, as evidenced by business records, and is not subject to restriction; (c) is lawfully obtained from a third party who has the right to make such disclosure; or (d) was developed by employees or agents of the receiving party who had no access to any Confidential Information. The receiving party may disclose Confidential Information when required by law or legal process, but only after the receiving party, if permitted by law, uses commercially reasonable efforts to notify the disclosing party to give it the opportunity to challenge the requirement to disclose.

4. Acceptable Uses

4.1 Legal Compliance

You represent and warrant that you will comply with all laws and regulations applicable to your use of the Services.

4.2 Your Responsibilities

You must comply with the following requirements when using the Services: (a) you may not purchase, use, or access the Services for the purpose of building a competitive product or service or for any other competitive purposes; (b) you may not misuse our Services by interfering with their normal operation, or attempting to access them using a method other than through the interfaces and instructions that we provide; (c) you may not use the Services in any manner that could interfere with, disrupt, negatively affect or inhibit other users from utilizing the Services or that could damage, disable, overburden or impair the functioning of the Services in any manner; (d) you may not transmit any viruses, malware, or other types of malicious software, or links to such software, through the Services; (e) you may not use the Services to infringe the intellectual property rights of others, or to commit an unlawful activity; (f) unless authorized by Humu in writing, you may not resell or lease the Services; (g) if your use of the Services requires you to comply with industry-specific regulations applicable to such use, you will be solely responsible for such compliance, unless Humu has agreed with you otherwise. You may not use the Services in a way that would subject Humu to those industry-specific regulations without obtaining Humu’s prior written agreement; (h) upon reasonable request, you agree to whitelist certain Humu IP addresses and allow images in Humu emails delivered to Customer employees in order to improve response rates.

4.3 Embargoes

You may only use the Services if you are not barred under any applicable laws from doing so. If you are located in a country embargoed by United States or other applicable law from receiving the Services, or are on the U.S. Department of Commerce’s Denied Persons List or Entity List, or the U.S. Treasury Department’s list of Specially Designated Nationals, you are not permitted to purchase any paid Services from Humu. You will ensure that: (a) your end users do not use the Services in violation of any export restriction or embargo by the United States; and (b) you do not provide access to the Services to persons or entities on any of the above lists.

5. Term and Fees

5.1 Term

The subscription term is as stated in the Order.

5.2 Termination

Customer may terminate the Order at any time during the term upon notice to Humu. Humu may terminate this Agreement upon thirty (30) days’ prior written notice to Customer in the event of Customer’s failure to perform its obligations pursuant to this Agreement and such failure is not cured to Humu’s satisfaction by Customer within the thirty (30) day notice period.

5.3 Effect of Expiration or Termination

Upon the effective date of expiration or termination of the subscription, Customer’s right to use the Services will end. Except to the extent required otherwise by Data Privacy Laws, Humu will return to Customer and/or securely destroy all Personal Data at Customer’s written request upon termination of the Agreement.

5.4 Fees

Fees and payment terms, if any, will be as specified in the Order.

6. Warranties, Disclaimers and Limitations of Liability

6.1 Warranties

Humu warrants that during the Subscription Term: (a) the Services will be free of all: (i) "time bombs", time-out or deactivation functions or other means designed to terminate the operation of the Services (other than at the direction of Customer, its Users, or any other user that Customer authorizes); (ii) "back doors" or other means in which Humu or any other party may remotely access or control (or both) any of Customer’s networks without the Customer’s express authorization; (iii)  functions that transmit data to any destination not specified by the Customer; (iv) Customer Data copy prevention mechanisms; (v) functions or routines that will surreptitiously delete or corrupt data;  or (vi) computer viruses; (b) the Services will not allow unauthorized users to gain privileges off the related operating system (e.g., supervisory state); and (c) it has disclosed in the applicable Order Form all hardware Customer will need to access and use the Services in accordance with the Agreement.

6.2 Warranty Remedy

In the event the Humu Platform does not conform with the warranties stated in the Agreement, without limiting any other remedies available to Customer, Customer will notify Humu in writing specifying the nature and extent of the breach. Humu shall cure the breach as promptly as possible, but in any event within thirty (30) business days of receipt of Customer’s notice. If the non-conformity persists without relief more than 30 days after notice of a warranty claim provided to Humu under this section, then Customer may terminate the affected Humu Subscription, and Humu will provide a pro rata refund to Customer of any prepaid fees for the period of the Order Term following the effective date of such termination. This section sets forth Customer’s exclusive rights and remedies (and Humu’s sole liability) in connection with this warranty.

6.3 Disclaimers.


6.4 Exclusion of Certain Liability.


6.5 Limitation of Liability.


7. Indemnification

7.1 By Humu

Humu will defend Customer against claims brought against Customer and its Affiliates by any third party alleging that Customer’s and its Affiliates’ use of the Services infringes or misappropriates a patent claim, copyright, or trade secret right. Humu will indemnify Customer against all damages finally awarded against Customer (or the amount of any settlement Humu enters into) with respect to these claims. Humu’s obligations under Section 8.1 will not apply if the claim results from (i) Customer’s breach of Section 5, (ii) use of the Services in conjunction with any product or service not provided by Humu, or (iii) use of the Services provided for no fee. In the event a claim is made or likely to be made, Humu may (i) procure for Customer the right to continue using the Services under the terms of the Agreement, or (ii) replace or modify the Services to be non-infringing without a material decrease in functionality. If these options are not reasonably available, Humu or Customer may terminate Customer’s subscription to the affected Services upon written notice to the other.

7.2 By Customer

Customer will defend Humu and its affiliates, officers, agents, and employees from all liabilities, damages, and costs (including settlement costs and reasonable attorneys’ fees) arising out of a third party claim regarding or in connection with your or your end users’ use of the Services or breach of these Terms, to the extent that such liabilities, damages and costs were caused by you or your end users.

7.3 Third Party Claim Procedure

The party against whom a third party claim is brought will timely notify the other party in writing of any claim, reasonably cooperate in the defense and may appear (at its own expense) through counsel reasonably acceptable to the party providing the defense. The party that is obligated to defend a claim will have the right to fully control the defense. Any settlement of a claim will not include a financial or specific performance obligation on, or admission of liability by, the party against whom the claim is brought.

7.4 Exclusive Remedy

The provisions of Section 8 state the sole, exclusive, and entire liability of the parties and their Affiliates to the other party, and is the other party’s sole remedy, with respect to covered third party claims and to the infringement or misappropriation of third party intellectual property rights.

8. General

8.1 Governing Law

These Terms and any action related thereto will be governed by the laws of the State of California, excluding that State’s choice-of-law principles. All disputes will be subject to the exclusive jurisdiction of the courts located in Santa Clara, California. The United Nations Convention on Contracts for the International Sale of Goods and the Uniform Computer Information Transactions Act (where enacted) will not apply to the Agreement. Each party consents to personal jurisdiction over such party in the state and/or federal courts of California and hereby waives any defense of lack of personal jurisdiction. Venue, for the purpose of all such suits, will be in Santa Clara County, State of California.

8.2 Notices

Notices required to be delivered to Humu under these Terms must be delivered in writing to Humu at 100 View Street Suite 101, Mountain View, CA 94041 or to Customer at the address provided in Customer’s subscription registration.

8.3 Relationship of the Parties

The parties are independent contractors, and no partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties is created hereby. There are no third party beneficiaries to these Terms.

8.4 Force Majeure

Neither party shall be liable to the other for any delay or failure to perform hereunder (excluding payment obligations) due to circumstances beyond such party's reasonable control, including acts of God, acts of government, flood, fire, earthquakes, civil unrest, acts of terror, strikes or other labor problems (excluding those involving such party's employees), service disruptions involving hardware, software or power systems not within such party's possession or reasonable control, and denial of service attacks.

8.5 Severability

If any provision of these Terms is, for any reason, held to be invalid or unenforceable, the other provisions in these Terms will remain enforceable and the invalid or unenforceable provision will be deemed modified so that it is valid and enforceable to the maximum extent permitted by law.

8.6 Entire Agreement

These Terms are the final and complete agreement between Customer and Humu with respect to the subject matter in this Agreement and supersedes and replaces any prior proposal, representation, discussion or understanding between Customer and Humu. No modification or amendment of these Terms, nor any waiver or any rights under these Terms, will be effective unless in writing and signed by both parties.

8.7 Survival

Provisions of these Terms will survive any termination or expiration if by their nature and context they are intended to survive, including provisions relating to confidentiality, ownership of intellectual property, warranties and limitation of liability.

Addendum A


This Data Processing Addendum (“DPA”) is entered into Customer and Humu. Customer and Humu agree as follows:


  1. Data Privacy Laws” means all applicable laws, regulations, and other legal or self-regulatory requirements in any jurisdiction relating to privacy, data protection, data security, communications secrecy, breach notification, or the Processing of Personal Data, including without limitation, to the extent applicable, the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. (“CCPA”) and the General Data Protection Regulation, Regulation (EU) 2016/679 (“GDPR”).  
  2. Data Subject” means an identified or identifiable natural person about whom Personal Data relates.
  3. Personal Data” includes “personal data,” “personal information,” and “personally identifiable information,” and such terms shall have the same meaning as defined by the applicable Data Privacy Laws.
  4. Process” and “Processing” mean any operation or set of operations performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, creating, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.        
  5. Security Breach” means any accidental or unlawful acquisition, destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data.

Scope and Purposes of Processing.

  1. Humu will Process Personal Data solely: (1) to fulfill its obligations to Customer under the Agreement, including this Addendum; (2) on Customer’s behalf; and (3) in compliance with Data Privacy Laws.  If a Data Privacy Law to which Humu is subject requires Humu to Process Personal Data in a manner that conflicts with the terms of the Agreement or this Addendum, Humu will inform Customer of that legal requirement before Processing, unless that law prohibits Customer from providing such information within the meaning of Data Privacy Laws.
  2. Without limiting the foregoing, Customer directs Humu, and Humu agrees, to Process Personal Data in accordance with Customer’s written instructions, as may be provided by Customer to Humu from time to time.
  3. Humu will inform Customer if, in Humu’s opinion, an instruction from Customer infringes Data Privacy Laws.
  4. Humu will not sell Personal Data or otherwise Process Personal Data for any purpose other than for the specific purposes set forth herein. For the avoidance of doubt, Humu will not Process Personal Data outside of the direct business relationship between Customer and Humu. For purposes of this paragraph, “sell” shall have the meaning set forth in the CCPA.

Personal Data Processing Requirements. Humu will:

  1. Ensure that the persons it authorizes to Process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
  2. Upon written request of Customer, assist Customer in the fulfilment of Customer’s obligations to respond to verifiable requests by Data Subjects (or their representatives) for exercising their rights under Data Privacy Laws (such as rights to access or delete Personal Data).
  3. Promptly, and in any event within five days, notify Customer of (i) any third-party or Data Subject complaints regarding the Processing of Personal Data; or (ii) any government or Data Subject requests for access to or information about Humu’s Processing of Personal Data on Customer’s behalf, unless prohibited by law. If Humu receives a third-party, Data Subject, or governmental request, Humu will await written instructions from Customer on how, if at all, to assist in responding to the request, if and to the extent permitted by law. Humu will provide Customer with reasonable cooperation and assistance in relation to any such request.
  4. Provide reasonable assistance to and cooperation with Customer for Customer’s performance of a data protection impact assessment of Processing or proposed Processing of Personal Data.
  5. Provide reasonable assistance to and cooperation with Customer for Customer’s consultation with regulatory authorities in relation to the Processing or proposed Processing of Personal Data, including complying with any obligation applicable to Humu under Data Privacy Laws to consult with a regulatory authority in relation to Humu’s Processing or proposed Processing of Personal Data.

Data Security. Humu will implement appropriate administrative, technical, physical, and organizational measures to protect Personal Data, as set forth in Exhibit 1.

Security Breach. Humu will notify Customer promptly of any Security Breach. Humu will comply with the Security Breach-related obligations directly applicable to it under Data Privacy Laws and will assist Customer in Customer’s compliance with its Security Breach-related obligations, including without limitation, by:

  1. At Humu’s own expense, taking steps to mitigate the effects of the Security Breach and reduce the risk to Data Subjects whose Personal Data was involved; and
  2. Providing Customer with the following information, to the extent known:(i) The nature of the Security Breach, including, where possible, what happened, the categories and approximate number of Data Subjects concerned, and the categories and approximate number of Personal Data records concerned;(ii) The likely consequences of the Security Breach; and (iii) Measures taken or proposed to be taken by Humu to address the Security Breach, including, where appropriate, measures to mitigate its possible adverse effects.


  1. Customer acknowledges and agrees that Humu may use Humu affiliates and other sub-processors to Process Personal Data in accordance with the provisions within this Addendum and Data Privacy Laws. A current list of Humu’s sub-processors can be found on Attachment A, attached hereto, and Customer hereby consents to Humu’s use of such sub-processors.
  2. Where Humu subcontracts any of its rights or obligations concerning Personal Data, including to any affiliate, Humu will (i) take steps to select and retain sub-processors that are capable of maintaining appropriate privacy and security measures to protect Personal Data consistent with Data Privacy Laws; and (ii) enter into a written agreement with each sub-processor that imposes obligations on the sub-processor that are no less restrictive than those imposed on Humu under this Addendum.
  3. Humu will maintain an up-to-date list of its sub-processors who  may have access to Personal Data, which it will provide to Customer thirty days in advance, and with reasonable notice of any new sub-processor being able to Process Personal Data. Customer may object to a new sub-processor within 30 days of receipt of notice. In the event Customer objects to a new sub-processor, Humu will use reasonable efforts to make available to Customer a change in the services or recommend a commercially reasonable change to Customer’s use of the services to avoid Processing of Personal Data by the objected-to sub-processor without unreasonably burdening the Customer. If Humu is unable to change the services to satisfy Customer, Customer may terminate the Agreement.

Data Transfers. To the extent that Humu Processes Personal Data of Data Subjects located in the European Economic Area (“EEA”) and/or Switzerland, by signing this Addendum, Humu agrees to be bound by the standard contractual clauses for the transfer of personal data from the EEA to processors established in third countries (Commission Decision 2010/87/EC) (“Model Clauses”) located here. In case of conflict between the Model Clauses and this Addendum, the Model Clauses will prevail.    Following Brexit, the relevant terms shall be deemed amended as necessary to legitimize transfers of Personal Data of Data Subjects located in the United Kingdom to and from the United Kingdom and subsequent onward transfers. The Standard Contractual Clauses shall not apply with respect to Personal Data that meets the following standards:

  1. Humu Processes Personal Data in a country that the European Commission has decided provides adequate protection for Personal Data; or
  2. Humu receives the Personal Data directly from a data subject in the European Economic Area or Switzerland.

Audits. Humu will allow for and contribute to audits, including inspections, conducted by Customer or another auditor mandated by Customer to demonstrate compliance with this Addendum, provided that any such audits shall:  (i) occur no more than once per calendar year; (ii) be conducted at Customer’s sole cost and expense; (iii) only occur after Customer has provided Humu with 30 days prior written notice in advance of the audit commencement date.

Return or Destruction of Personal Data. Except to the extent required otherwise by Data Privacy Laws, Humu will return to Customer and/or securely destroy all Personal Data at  Customer’s written request upon termination of the Agreement. Except to the extent prohibited by Data Privacy Laws, Humu will inform Customer if it is not able to return or delete the Personal Data.  

Survival. The provisions of this Addendum survive the termination or expiration of the Agreement for so long as Humu or its sub-processors Process the Personal Data.  

Exhibit 1


Humu will implement and maintain the following administrative, technical, physical, and organizational security measures for the Processing of Personal Data:

Humu has agreed to employ appropriate technical and organizational measures to protect against unauthorized or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data (“Information Security Program”).

Humu’s Information Security Program includes specific security requirements for its personnel and all sub-processors or agents who have access to Customer Personal Data (“Data Personnel”). Humu’s security requirements covers the following areas:

Information Security Policies and Standards. Humu will maintain information security policies, standards and procedures. These policies, standards, and procedures shall be kept up to date, and revised whenever relevant changes are made to the information systems that use or store Customer Personal Data. These policies, standards, and procedures shall be designed and implemented to:

  1. Prevent unauthorized persons from gaining physical access to Customer Personal Data Processing systems (e.g. physical access controls);
  2. Prevent Customer Personal Data Processing systems from being used without authorization (e.g. logical access control);
  3. Ensure that Data Personnel gain access only to such Customer Personal Data as they are entitled to access (e.g. in accordance with their access rights) and that, in the course of Processing or use and after storage, Customer Personal Data cannot be read, copied, modified or deleted without authorization (e.g. data access controls);
  4. Ensure that Customer Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage, and that the recipients of any transfer of Customer Personal Data by means of data transmission facilities can be established and verified (e.g. data transfer controls); and
  5. Ensure that all systems that Process Customer Personal Data are the subject of a vulnerability management program that includes without limitation internal and external vulnerability scanning with risk rating findings and formal remediation plans to address any identified vulnerabilities.

Physical Security. Humu will maintain commercially reasonable security systems at all Humu sites at which an information system that uses or stores Customer Personal Data is located (“Processing Locations”) and will reasonably restrict access to such Processing Locations.

Organizational Security. Humu will maintain information security policies and procedures addressing:

  1. Data Disposal. Procedures for when media are to be disposed or reused have been implemented to prevent any subsequent retrieval of any Customer Personal Data.
  2. Data Minimization. Procedures for when media are to leave the premises at which the files are located as a result of maintenance operations have been implemented to prevent undue retrieval of Customer Personal Data stored on media.
  3. Data Classification. Policies and procedures to classify sensitive information assets, clarify security responsibilities, and promote awareness for all employees have been implemented and are maintained.
  4. Incident Response. All Customer Personal Data security incidents are managed in accordance with appropriate incident response procedures.

Network Security. Humu maintains commercially reasonable information security policies and procedures addressing network security.

Access Control (Governance).

  1. Humu governs access to information systems that Process Customer Personal Data.
  2. Only authorized Humu staff can grant, modify or revoke access to an information system that Processes Customer Personal Data.
  3. Humu implements commercially reasonable physical and technical safeguards to create and protect passwords.

Virus and Malware Controls. Humu protects Customer Personal Data from malicious code and will install and maintain anti-virus and malware protection software on any system that handles Customer Personal Data.


  1. Humu has implemented and maintains a security awareness program to train all employees about their security obligations. This program includes training about data classification obligations, physical security controls, security practices, and security incident reporting.
  2. Data Personnel strictly follow established security policies and procedures. Disciplinary process is applied if Data Personnel fail to adhere to relevant policies and procedures.
  3. Humu shall take reasonable steps to ensure the reliability of any employee, agent or contractor who may Process Customer Personal Data.

Business Continuity. Humu implements disaster recovery and business resumption plans. Business continuity plans are tested and updated regularly to ensure that they are up to date and effective.

Exhibit 2


Customer acknowledges and agrees that Humu may use Humu Affiliates and other sub-processors to Process Personal Data in accordance with the provisions within this Addendum and Data Privacy Laws. A current list of Humu’s sub-processors can be found below, and Customer hereby consents to Humu’s use of such sub-processors.

Google LLC

  • 1600 Amphitheatre Way
    Mountain View, CA 94041
  • Cloud computing services.  Humu uses cloud hosting services to host our production systems, store  customer and user data, and perform data processing. Humu’s provider for all of these services is Google.

Sendgrid, Inc

  • 889 Winslow St.
    Redwood City, CA 94063
  • Email. Humu uses an email sending service to send emails to customers and users, such as invitations to take a diagnostic and nudges.

Hound Technology, Inc. d/b/a Honeycomb.

  • 945 Bryant St. #300
    San Francisco, CA 94103
  • Logging, logs analysis and alerting. Humu logs data about our application and analyse those logs so we can respond to customer requests, find bugs, alert engineers of issues, and improve the application.

Google LLC

  • 1600 Amphitheatre Way
    Mountain View, CA 94041
  • Customer Support.  Humu uses several tools to route and handle customer tickets, requests, and emails as quickly as possible.

Jira Software (by Atlassian Corporation Plc)

  • 301 E. Evelyn Ave.
    Mountain View, CA 94041
  • Customer Support.  Humu uses several tools to route and handle customer tickets, requests, and emails as quickly as possible.

Zendesk, Inc.

  • 1019 Market St
    San Francisco, CA 94103
  • Customer Support.  Humu uses several tools to route and handle customer tickets, requests, and emails as quickly as possible.

Slack Technologies, Inc.

  • 500 Howard St.
    San Francisco, CA 94105
  • Customer Support.  Humu uses several tools to route and handle customer tickets, requests, and emails as quickly as possible.

Elasticsearch, Inc.

  • 800 West El Camino Real, Suite 350
    Mountain View, California 94040
  • Cloud computing services. Humu uses Elastic Cloud services as an auxiliary database that enables additional storage and search functionality for customer and user data.