Revised: June 12th, 2018
IMPORTANT -- THIS AGREEMENT ("AGREEMENT”) IS A LEGAL AGREEMENT BETWEEN YOU (EITHER AN INDIVIDUAL OR ENTITY) (“LICENSEE”, “YOU” OR "YOUR") AND NITRO SOFTWARE, INC. (“NITRO”). BY USING THE SERVICES AND/OR ANY SOFTWARE HEREIN DESCRIBED, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS AGREEMENT, UNDERSTAND IT AND AGREE TO BE BOUND BY ITS TERMS. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF AN ENTITY, YOU REPRESENT AND WARRANT TO NITRO THAT YOU HAVE LEGAL AUTHORITY TO BIND THAT ENTITY.
You are agreeing to use one or more of Nitro’s cloud-based document management services, which may be referred to individually or collectively herein as the "Service(s)", and/or Nitro’s document management software ("Software"). The Service and the Software may not be error free. Therefore, You are advised to safeguard important data, to use caution and not to rely on the correct functioning or performance of the Service or Software. Although Nitro will use reasonable efforts to provide technical support (assuming you have paid any applicable fees), it provides no assurance that any specific errors in the Service or Software will be corrected.
Subject to the terms and conditions of this Agreement and depending upon whether during sign-up and/or purchase process you have agreed to use the Service and/or the Software on a subscription basis or to receive a perpetual license to use the Software, Nitro grants to You:
Except as otherwise specifically permitted in this Agreement, You may not:
Any update to the Software provided to You is made on a license exchange basis such that You agree, as a condition for receiving an update, that You will terminate Your use any previous version of the Software. Nitro may automatically check the Service and/or Your version of the Software and may automatically update the Service and/or Software from time to time. You agree to accept such updates subject to this Agreement.
You may be required to create an account to participate in the Service and/or use the Software. If You are entering into this Agreement on behalf of an entity, You represent and warrant that the entity will utilize the Services and/or Software under a single account. You agree not to impersonate any person or entity or misrepresent Your identity or affiliation with any person or entity, including using another person's username, password or other account information. You are responsible for the security of Your password and for any use of Your account. You also agree to notify us promptly at privacy@gonitro.com of any unauthorized use of Your username, password, other account information, or any other breach of security that You become aware of involving or relating to the Service or Software.
If there is a fee associated with your use of the Service or Software, You agree to pay that fee. The fee charged excludes all applicable taxes and currency exchange settlements, unless stated otherwise. You are solely responsible for paying such taxes or other charges. Nitro may suspend or cancel Your access to the Service or Software if Nitro does not receive payment from You. Suspension or cancellation for non-payment may result in a loss of access to and use of Your account. To pay any fees, You will be asked to provide a payment method at the time you sign up with Nitro. You agree to keep your billing account information current at all times. By providing Nitro with Your payment method, You (a) represent that You are authorized to use the payment method that You provided and that any payment information You provide is true and accurate; and (b) authorize Nitro to charge You using Your payment method and to charge You for any paid feature that You choose to sign up for or use while this Agreement is in effect. You acknowledge and agree that Nitro may bill you on a recurring basis for Services that You purchase on a subscription basis. If You take part in any trial offer, You must cancel the Services by the end of the trial period to avoid incurring charges, unless Nitro notifies You otherwise. Nitro may change the price it charges for the Services at any time and will notify You in advance of such changes. If You do not agree to the price change, You must cancel and stop using the Services before the price change takes effect. If there is a fixed term and price for your Services offer, that price will remain in force for that term. Unless otherwise provided by law or by a particular Service offer, all purchases are final and non-refundable.
In Your use of the Service or Software, You agree to comply with all applicable laws and regulations. You shall, in connection with Your use of the Service or Software, comply with all applicable import, export and re-export control laws and regulations of any country, including the U.S. Export Administration Regulations, the U.S. International Traffic in Arms Regulations, Council Regulation (EC) No 428/2009 on the control of exports of dual-use items and technology, and country-specific economic sanctions programs or embargoes adopted against countries or individuals under any applicable national or international legislation, including any measures implemented by the U.S. Office of Foreign Assets Control. For clarity, You are solely responsible for compliance related to the manner in which You choose to use the Service or Software, including Your transfer and processing of Your content via the Service or Software.
For U.S. Government users, the Software is a “Commercial Item(s),” as that term is defined at 48 C.F.R. Section 2.101, consisting of “Commercial Computer Software” and “Commercial Computer Software Documentation,” as such terms are used in 48 C.F.R. Section 12.212 or 48 C.F.R. Section 227.7202, as applicable. Consistent with 48 C.F.R. Section 12.212 or 48 C.F.R. Sections 227.7202 1 through 227.7202 4, as applicable, the Commercial Computer Software and Commercial Computer Software Documentation are being licensed to U.S. Government users (a) only as Commercial Items and (b) with only those rights as are granted to all other end users pursuant to the terms and conditions of this Agreement.
You agree that You will not:
You represent that You have either reached the age of “majority” where You live or have valid parent or legal guardian consent to be bound by the terms of this Agreement. If You do not know whether You have reached the age of majority where You live, or do not understand this section, please do not create an account with Nitro before You have asked your parent or legal guardian for help. If You are the parent or legal guardian of a minor that creates an account with Nitro, You accept this Agreement on the minor’s behalf and agree to be responsible for all use of the corresponding account.
Nitro will treat Your data and information regarding your use of the Service and/or Software in accordance with this Agreement and its Privacy Policy published at http://www.gonitro.com/legal/privacy-policy, as may be amended from time to time.
You may not access the Service other than through the interfaces provided by Nitro or interfere with or disrupt the proper operation of the Service.
Subject to Licensee’s payment of the corresponding fees (if any), Nitro shall provide reasonable technical support. Licensee shall provide Nitro with such technical information and assistance as Nitro may reasonably request in order for it to provide support. Subject to Licensee’s payment of the corresponding fees (if any), Nitro shall provide the Licensee with updates, enhancements and maintenance modifications as they become available.
You agree, at your sole discretion, to provide to Nitro suggestions, comments and feedback regarding the Service or Software, including but not limited to usability and bug reports (collectively, "Feedback"). If You provide such Feedback to Nitro, You hereby grant Nitro the following worldwide, non-exclusive, perpetual, irrevocable, royalty free, fully paid up rights to: make, use, copy, modify, sell, distribute, publicly perform or display, sublicense (including the right to sublicense to further third parties), and create derivative works of the Feedback as part of any Nitro product, technology, service, specification or documentation (individually and collectively, "Nitro Products"). You warrant that Your Feedback is not subject to any license or other terms that would purport to require Nitro to comply with any additional obligations with respect to any Nitro Products that incorporate any Feedback.
Nitro may use Licensee’s name and/or logos to identify Licensee as a Nitro licensee in its general marketing materials or otherwise.
You agree to use reasonable efforts to cooperate with and assist Nitro in identifying and preventing any unauthorized use, copying, or disclosure of the Service or the Software.
Nitro and any of its licensors own all proprietary rights in and to the Service and the Software. The Service and any Software provided to you is licensed and not sold. Except as expressly provided herein, Nitro retains all rights and does not grant any express or implied right to You under any Nitro patents, copyrights, trademarks, or trade secret information.
Nitro may place limits on, modify, suspend or terminate the Service generally, may remove or disable access to any content posted by You in using the Service and may suspend or terminate Your use of the Service or terminate this Agreement at any time, including as a result of Your use of the Service that Nitro reasonably deems to be excessive, which may include usage that substantially and repeatedly exceeds the typical levels of usage by other users of same category/tier of Service. Notwithstanding anything else in this Agreement, this suspension or termination may result in the immediate deletion of Your documents, information, files, and other previously available content. Nitro is under no obligation to return any content to you. If Nitro terminates the Service, Your use of the Service or this Agreement, the rights and licenses granted to You under this Agreement shall immediately terminate (except that You may continue to use any Software as provided in Section 2(ii) in all instances other than termination of this Agreement as a result of Your breach) and You shall immediately cease using the Service. In addition to those provisions that survive according to their terms, Sections 3 through 15 shall continue to be effective after termination of this Agreement. If Nitro terminates the Service, Your use of the Service or this Agreement, the rights and licenses granted to You under this Agreement shall immediately terminate (except that You may continue to use any Software licensed on a perpetual basis as provided in Section 2 in all instances other than termination of this Agreement as a result of Your breach) and You shall immediately cease using the Service. In addition to those provisions that survive according to their terms, Sections 3 through 15 shall continue to be effective after termination of this Agreement.
Nitro may change this Agreement and will post the modified agreement (which shall then become the Agreement) on Nitro’s website. Therefore, Nitro encourages you to check the terms of this Agreement from time to time to see if they have been updated. If You do not agree to the modified agreement, Your sole recourse is to stop using the Service and/or Software. Your continued use of the Service or Software after the date the modified agreement is posted will constitute Your acceptance of the modified agreement.
During the Term, Nitro shall defend, indemnify and hold harmless Licensee and its officers, directors, employees, Users, successors and assigns, from and against any and all losses, damages, liabilities, settlements, reasonable costs and expenses resulting from or arising out of any third-party claim, demand, or cause of action which alleges that the Licensed Products infringe any duly issued patent, copyright or trademark or misappropriate any trade secret right of a third party (“Claim”). Licensee shall provide Nitro with prompt written notice of any Claim and permit Nitro to control the defense, settlement, adjustment or compromise of such Claim. Licensee shall have no authority to settle any Claim on behalf of Nitro. In addition, in the event use of the Licensed Products during the Term becomes, or in Nitro’s reasonable opinion is likely to become, the subject of a claim of infringement as outlined in this Section 10, Nitro may, at its option and expense: (a) obtain for Licensee the continuing right to use such Licensed Products; or (b) modify the Licensed Products or replace them with a substantially functional equivalent so that they no longer infringe; or (c) if neither (a) nor (b) is reasonably practicable, terminate Licensee’s license to such allegedly infringing Services and/or Software and refund to Licensee any unused pre-paid fees paid to Nitro, in which case this Agreement and Licensee’s right to use the Services and/or Software will terminate. This Section 10 states Nitro’s entire liability and Licensee’s exclusive remedy with respect to any claim of intellectual property infringement.
You will defend, indemnify and hold harmless Nitro, its affiliates, and their respective officers, directors, employees, agents, licensors and any third-party providers, from and against all claims, losses, damages and costs, including reasonable attorneys’ fees, arising from any third-party claim against Nitro related to Your use of the Service or Software, including any document or content You submit to the Service.
LICENSEE ACKNOWLEDGES AND UNDERSTANDS THAT THE SERVICE AND ANY SOFTWARE MAY CONTAIN ERRORS, OMISSIONS, AND PROBLEMS. LICENSEE HEREBY ACCEPTS THE SERVICE AND SOFTWARE, "AS IS" AND WITH ALL FAULTS, DEFECTS AND ERRORS AND LICENSEE UNDERSTANDS THAT IT ASSUMES ALL RISKS OF USE, QUALITY, AND PERFORMANCE. NEITHER NITRO NOR ANY OF NITRO'S LICENSORS MAKE ANY EXPRESS WARRANTIES, AND EACH OF THEM DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING IMPLIED WARRANTIES OF ACCURACY, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT.
LICENSEE AGREES AND ACKNOWLEDGES THAT NEITHER NITRO NOR ANY OF ITS LICENSORS MAY BE HELD LIABLE FOR ANY CLAIM, LOSS, DAMAGES, EXPENSES OR COSTS OF AN INDIRECT NATURE, INCLUDING CONSEQUENTIAL OR SPECIAL DAMAGES, LOST PROFITS OR OTHERWISE AND IN NO EVENT SHALL THEY BE LIABLE FOR ANY DAMAGES IN EXCESS OF THE AMOUNT OF FEES PAID TO NITRO BY LICENSEE (IF ANY) UNDER THIS AGREEMENT DURING THE IMMEDIATELY PRECEDING SIX MONTHS. THIS LIMITATION APPLIES TO ALL CAUSES OF ACTION OR CLAIMS IN THE AGGREGATE, INCLUDING, WITHOUT LIMITATION, BREACH OF CONTRACT, BREACH OF WARRANTY, INDEMNITY, NEGLIGENCE, STRICT LIABILITY, MISREPRESENTATION AND OTHER TORTS. THE LIMITATIONS IN THIS SECTION APPLY TO YOU ONLY TO THE EXTENT THEY ARE LAWFUL IN YOUR JURISDICTION.
THIS LIMITATION OF LIABILITY IS INTENDED TO APPLY WITHOUT REGARD TO WHETHER OTHER PROVISIONS OF THIS AGREEMENT HAVE BEEN BREACHED OR HAVE PROVEN INEFFECTIVE OR IF A REMEDY FAILS OF ITS ESSENTIAL PURPOSE. YOU ACKNOWLEDGE THAT IF THE ABOVE LIMITATION WERE NOT INCLUDED HEREIN, NITRO WOULD NOT LICENSE THE SERVICE OR SOFTWARE TO YOU.
Nitro is committed to integrity and high standards of business conduct in everything it does, especially in its dealings with its customers, suppliers and contractors. As a result, Nitro supports and agrees to abide by the following principles:
This Agreement is the entire agreement between You and Nitro related to the Service and/or Software, replacing any prior agreements. Nitro's licensors may be third party beneficiaries to this Agreement. There are no other third-party beneficiaries to this Agreement. The parties to this Agreement are independent contractors, and nothing in this Agreement creates an agency, partnership, or joint venture. You shall not assign this Agreement, by operation of law or otherwise. Nitro may assign this Agreement, subject to all of the terms of this Agreement.
Failure to enforce any provision will not constitute a waiver of that provision. If any provision of this Agreement is found unenforceable, it and any related provisions will be interpreted to best accomplish the unenforceable provision's essential purpose and, in any event, the remainder of the Agreement shall be unaffected. The prevailing party in any action or proceeding to enforce its rights hereunder shall be entitled to recover reasonable attorneys’ fees and other reasonable costs incurred in the action or proceedings.
You may only resolve disputes with Nitro on an individual basis, and may not bring a claim as a plaintiff or a class member in a class, consolidated, or representative action.
This Agreement shall be governed by California law without regard to any conflict of laws principles.
Effective: March 9th, 2021
Welcome to the website of Nitro Software, Inc. (“Nitro”, “we”, “us” and/or “our”). Data privacy is important and we have prepared this Privacy Policy to explain how we collect, use, protect and disclose data when you use any Nitro services which includes this website and any site ("Site(s)"); software provided by Nitro ("Software"); or services offered by Nitro (collectively, "Services"). "You" refers to you as a user of the Site or Services. We draw your attention in particular to the sections entitled “International Data Transfer” and “Data Subject’s Rights”.
We will only process your personal data in accordance with applicable data protection and privacy laws. For the purpose of UK and European Union (“EU”) data protection legislation, the data controller is Nitro Software, Inc. of 150 Spear St STE 1500, San Francisco CA 94105.
We need certain personal data in order to provide you with access to the Services. If you created a profile, registered an account, downloaded software or provided information to us, you will have been asked to explicitly consent to our Terms of Service and Privacy Policy in order to access our Services, purchase our products and/or view our content. This consent provides us with the legal basis we require under applicable law to process your data. If you do not agree to our use of your personal data in line with this Policy, please do not use our Services.
We may update this Privacy Policy to reflect changes to our data practices. If we make any material changes, we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this Site prior to the change becoming effective. We encourage you to periodically review this page for the latest data on our privacy practices. Please note the effective date listed at the beginning of the Privacy Policy. If we make any material change(s) to the Privacy Policy, we will post a notice on our Site prior to such changes(s) taking effect.
If you disagree with any changes to the Privacy Policy and do not wish to be subject to the revised Privacy Policy, you need to deactivate your account and stop using Nitro services.
We collect information about you in a range of forms, including personal data. As used in this Privacy Policy, “personal data” is as defined in the General Data Protection Regulation EU 2016/679 and any successor legislation, this includes any information which, either alone or in combination with other information we hold about you, identifies you as an individual, including, for example, your name, email address and telephone number.
Nitro collects personal data from users to provide services. Throughout standard use of the Site or Services, we collect some or all of the following:
Nitro does not require or use sensitive data like: racial or ethnic origin, political affiliation or opinions, religious or philosophical beliefs, trade union membership, health data, sexual orientation, criminal convictions, or genetic or biometric data. Subject to the following paragraph, we ask that you not send us, and/or disclose, any such sensitive personal data.
If you send or disclose any sensitive personal data to us when you submit user generated content to our Services, you consent to our processing and use of such sensitive personal data in accordance with this Policy. If you do not consent to our processing and use of such sensitive personal data, you must not submit such user generated content to our Services.
The Sites, Software, and Services provide capabilities to users to upload and manipulate documents. The user is responsible for and owns the content of the documents. Nitro does not alter the content of documents. By content, we are referring to text, graphics, and/or images within the document that are human readable and convey the meaning of the document to a person reading it. Occasionally, we will have to alter the formatting of the document to show it on the Sites (i.e. on Mobile devices) or in the Software, but there will be no material change to the content within the document.
You are responsible for who you choose to share documents with via the Site, Software, and/or Services’ collaboration functionality. When collaborating on documents, users you grant access to will be able to view that content and download the document (even if you delete that document at a later date). Additionally, if a collaborator signs, reviews, or marks-up the document, that collaborator owns a different version of that document which contains the collaborator's changes. If you access or collaborate on a document owned by another individual, you are responsible for the content you provide on or about the document. Also, by sharing documents with other parties, those parties own a version of the document which mean they may then share and retain the document even after the original owner deletes the document.
When storing documents on the Sites, Software, and Services, Nitro collects the following data:
You may share personal data with us when you submit user generated content to our Services, including via our forums, message boards and blogs on our Sites. Please note that any information you post or disclose on our Site will become public information, and will be available to other users of our Site and to the general public. We urge you to be very careful when deciding to disclose your personal data, or any other information, on our Site. Such personal data and other information will not be private or confidential once it is published on our Site.
For the types of processing that are needed to provide the Services, we rely on the necessity of our processing of your information for the performance of the Services (governed by the Terms of Service) as a legal ground to collect and use your data in accordance with this Privacy Policy. For all other types of processing carried out under this Privacy Policy, we rely on our legitimate interests as a legal ground to collect and use your data in such ways.
Nitro uses data provided through the use of our Sites, Software, and Services to provide services for which Nitro was engaged. The data may be used for a variety of functions, including:
Activity Data includes data about how users interact with our Site, Software, or Services. Data in this category includes:
What are cookies?
We may collect information using “cookies”. Cookies are small data files stored on the hard drive of your computer or mobile device by a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on our Services.
We use two broad categories of cookies: (1) first party cookies, served directly by us to your computer or mobile device, which are used only by us to recognize your computer or mobile device when it revisits our Services; and (2) third party cookies, which are served by service providers on our Services, and can be used by such service providers to recognize your computer or mobile device when it visits other websites.
Cookies we use
Our Services uses the following types of cookies for the purposes set out below:
Type of cookie | Purpose |
---|---|
Essential Cookies | These cookies are essential to provide you with services available through our Services and to enable you to use some of its features. For example, they allow you to log in to secure areas of our Services and help the content of the pages you request load quickly. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services. |
Functionality Cookies | These cookies allow our Services to remember choices you make when you use our Services, such as remembering your language preferences, remembering your login details and remembering the changes you make to other parts of our Services which you can customize. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our Services. |
Analytics and Performance Cookies | These cookies are used to collect information about traffic to our Services and how users use our Services. The information gathered does not identify any individual visitor. The information is aggregated and therefore anonymous. It includes the number of visitors to our Services, the websites that referred them to our Services, the pages that they visited on our Services, what time of day they visited our Services, whether they have visited our Services before, and other similar information. We use this information to help operate our Services more efficiently, to gather broad demographic information and to monitor the level of activity on our Services. We use Google Analytics for this purpose. Google Analytics uses its own cookies. It is only used to improve how our Services works. You can find out more information about Google Analytics cookies here: https://developers.google.com/analytics/resources/concepts/gaConceptsCookies. You can find out more about how Google protects your data here www.google.com/analytics/learn/privacy.html. You can prevent the use of Google Analytics relating to your use of our Services by downloading and installing the browser plugin available via this link: |
Targeted and advertising cookies | These cookies track your browsing habits to enable us to show advertising which is more likely to be of interest to you. These cookies use information about your browsing history to group you with other users who have similar interests. Based on that information, and with our permission, third party advertisers can place cookies to enable them to show adverts which we think will be relevant to your interests while you are on third party websites. You can disable cookies which remember your browsing habits and target advertising at you by visiting http://www.youronlinechoices.com/. If you choose to remove targeted or advertising cookies, you will still see adverts but they may not be relevant to you. Even if you do choose to remove cookies by the companies listed at the above link, not all companies that serve online behavioral advertising are included in this list, and so you may still receive some cookies and tailored adverts from companies that are not listed. |
Social Media Cookies | These cookies are used when you share information using a social media sharing button or “like” button on our Services or you link your account or engage with our content on or through a social networking website such as Facebook, Twitter or Google+. The social network will record that you have done this. |
At this time, Nitro does not recognize "do not track" (DNT) signals.
You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings”, “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings.
Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org and www.youronlinechoices.com.uk.
If you do not accept our cookies, you may experience some inconvenience in your use of our Services. For example, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit our Services.
We may also use pixel tags (which are also known as web beacons and clear GIFs) on our Services to track the actions of users on our Services. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on webpages. Pixel tags measure the success of our marketing campaigns and compile statistics about usage of the Services, so that we can manage our content more effectively. The information we collect using pixel tags is not linked to our users’ personal data.
Generally. We may use other companies to serve third-party advertisements when you visit and use the Services. These companies may collect and use click stream information, browser type, time and date, subject of advertisements clicked or scrolled over during your visits to the Services and other websites in order to provide advertisements about goods and services likely to be of interest to you. These companies typically use tracking technologies to collect this information. Other companies' use of their tracking technologies is subject to their own privacy policies.
Targeted Advertising. In order to serve offers and advertisements that may interest you, we may display targeted advertisements on the Services, or other digital properties or applications in conjunction with our content based on information provided to us by our users and information provided to us by third parties that they have independently collected. We do not provide personal data to advertisers when you interact with an advertisement.
Your Ad Choices. Some of the third-party service providers and/or Advertisers may be members of the Network European Interactive Digital Advertising Alliance ("EDAA") Self-Regulatory Program for Online Behavioral Advertising. To learn more, visit http://www.edaa.eu/edaa-for-users which provides information regarding targeted advertising and the "opt-out" procedures of EDAA members.
Mobile. We may, from time to time, offer certain location or pinpoint based services, such as location assisted navigation instruction. If you elect to use such location-based services, we must periodically receive your location in order to provide such location-based services to you. By using the location-based services, you authorize us to: (i) locate your hardware; (ii) record, compile and display your location; and (iii) publish your location to third parties designated by you by means of location publication controls available within the applications (for example, settings, user preferences). As part of the location-based services, we may also collect and store certain information about the users who elect to use such location-based services, such as a device ID. This information will be used to provide you the location-based services. We may use third-party providers to help provide location-based services through mobile systems and we may give the information to such providers to enable them to provide their location-based services, provided that such providers use the information in accordance with this Policy.
Your information, including personal data that we collect from you, may be processed and transferred within and to the United States and other countries and territories which may have different privacy laws from your country of residence. Nitro is compliant with the EU General Data Protection Regulation (GDPR).
Nitro adheres to the principles of the EU-U.S. and Swiss-U.S. Privacy Shield frameworks, although Nitro does not rely on the EU-U.S. Privacy Shield Framework as a legal basis for transfers of personal data in light of the judgment of the Court of Justice of the EU in Case C-311/18. Nor do we rely on the Swiss-U.S. Privacy Shield Framework in light of the policy paper of the Swiss Federal Data Protection and Information Commissioner of September 8, 2020. To learn more, visit the U.S. Department of Commerce’s Privacy Shield website.
Nitro takes data privacy seriously and monitors the regulatory landscape with regards to data privacy. As new regulations evolve, Nitro will evaluate those regulations and, in good faith, evolve our Data Privacy procedures appropriately.
We will share or sell your personal data with third parties only in the ways that are described in this Privacy Policy. We do not sell your personal data to third parties except as described in this Privacy Policy (see the "Business Transfers" section below).
We may provide your personal data to companies that provide services to help us with our business activities, such as shipping your order or offering customer service. These companies are authorized to use your personal data only as necessary to provide these services to us. We may disclose personal data when the disclosure:
Other ways Nitro shares personal data are:
Collaboration and Sharing: Nitro offers collaboration features built into the Site and Services which allow you to share documents (read-only or full edit capabilities) with others you explicitly choose. Collaboration and sharing allows others to view the content of the document you choose to share in addition to the activity data pertaining to the shared document (views, edits, etc.). You can set permissions and revoke access through your Nitro account. If you share a document with another party, that party can download the document as long as they have access to it. Additionally, you may choose to create a public link and send that link to others. If you create a public link, anyone with that link can access in read-only mode and download it.
Business Accounts: If you are an individual user and the domain of your e-mail address associated with your account is owned by your employer and that employer has established a Nitro Business account, the data concerning use of your individual account (including access to personal data, usage data and document content) are accessible to that organization.
External Storage: The Sites, Software, and Services allow users to save documents to third party storage providers like: Box, Dropbox, OneDrive, SharePoint 365 and many others offering a storage API. When saving documents externally, Nitro sends document meta data (like, name and size) along with the contents of the document to the storage provider. If documents are saved externally to Nitro, you are subject to such third parties' privacy policy and terms and conditions. We recommend you read their privacy policies before you submit any data to them.
Ads: We partner with third party ad networks to either display advertising on our Sites or to manage our advertising on other sites. Our ad network partner uses cookies and Web beacons to collect non-personally identifiable data about your activities on the Sites and other Web sites to provide you targeted advertising based upon your interests.
Business Transfers: In the event Nitro goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets, your personal data will likely be among the assets transferred. You will be notified via email (sent to the e-mail address specified in your account) or prominent notice on our Site of any such change in ownership or control that affects your personal data.
Aggregated and Anonymized Data: We also share aggregated and anonymized data with partners which does not directly identify individuals. We may create anonymous data from the personal data we receive about you and other individuals whose personal data we collect. Anonymous data might include analytics information and information collected by us using cookies. We make personal data into anonymous data by excluding information (such as your name) that makes the data personally identifiable to you. We use this anonymous data to analyse usage patterns in order to make improvements to our Services.
We will take reasonable precautions to protect your personal data from loss, misuse or alteration. This includes both physical and technological security measures. We follow generally accepted industry standards (e.g. encryption at rest and in transit, access control policies, etc.) to protect the personal data submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security and you agree that you submit data to us at your own risk. When you enter personal data on our order forms, we encrypt the transmission of that data using transport layer security (TLS).
We provide you the opportunity to consent to having your personal data used for certain purposes when we ask for this data. We will also give you the opportunity to 'opt-out' at any time. For example, if you purchase a product/service but do not wish to receive any additional marketing material from us, you can initially choose not to accept direct marketing from us, and at a later stage provide consent.
If you no longer wish to receive our newsletter and promotional communications, you may opt-out of receiving them by following the instructions included in each newsletter.
If you wish to not have data used for the purpose of serving you targeted ads, you may initially withhold your consent to being subject to such ads, and at a later stage opt-out by contacting privacy@gonitro.com (or if located in the European Union click here). Please note this does not opt you out of being served advertising. You will continue to receive generic ads.
Nitro provides promotional sites (commonly referred to the "conversion sites") that provide services to convert documents from one format to another. By using the conversion sites, you allow Nitro to store, retain, and use personal data, document data, and document metadata per the 'Use of Data' section above. If you do not wish to provide this personal data, document data, and document metadata, then refrain from using the conversion sites.
Outside of the conversion sites (above), you may delete your documents at any time from within the Services or Software via the User Interface. Any document you have shared explicitly with another user (via a sign, share, or review request) will still be available to that user with whom the document was shared if they downloaded it, copied it to a storage service like (Box, Dropbox, Google Drive, OneDrive, etc.), or added the document to the shared users' Nitro account.
We will retain your Personal, Document, and Activity Data for as long as your account is active or as needed to provide you Services. If you wish to cancel your account or request that we no longer use your personal data to provide you Services, please contact privacy@gonitro.com. However, Nitro will retain and use your Personal, Document, and Activity Data as necessary to comply with our legal or other obligations, resolve disputes, and enforce our rights and agreements. Nitro reserves the right to delete any data for inactive accounts.
Some actions initiated within the Site and Services link to external sites. Additionally, those actions may result in data appearing on forums that are public and/or not subject to the Privacy Policy.
Frames: Some of our pages utilize framing techniques to serve content from our partners while preserving the look and feel of our Sites. Please be aware that you are providing your personal data to these third parties and not to Nitro.
Social Media Widgets: Our Sites include social media features, such as the Facebook “Like” button and Widgets, the “Share this” button or interactive mini-programs that run on our Sites. These features may collect your IP address, which page you are visiting on our Sites, and may set a cookie to enable the feature to function properly. Social media features and Widgets are either hosted by a third party or hosted directly on our Sites. Your interactions with these features are governed by the privacy policy of the company providing it.
Customer Testimonials: We may post customer testimonials/comments/reviews on our Site which may contain personal data. We obtain the customer's consent, prior to posting the testimonial, to post the customer’s name along with the customer’s testimonial. If you would like to have us remove any of your comments, please contact us.
Forum and Blog Content: Our Site may offer publicly accessible blogs or community forums. You should be aware that any data you provide in these areas may be read, collected, and used by anyone who has access to them. To request removal of your personal data from our blog or community forum, please contact us at privacy@gonitro.com.
Forum and Blog Comments: Our blog is also managed by a third-party application that may require you to register to post a comment. We do not have access to or control of the data posted to the comments. You will need to contact or login to the third-party application if you want the personal data that was posted to the comments section removed. To learn how the third-party application uses your data, please review the third party’s privacy policy.
We do not knowingly collect personal data from children under the age of 16. By using the Site, Software, and/or Services, the user asserts they are over 16 years of age. If we become aware that we have inadvertently received personal data from a child under the age of 16, we will delete such data from our records.
Nitro takes privacy seriously. If you have any concerns regarding our handling of your Personal, Sensitive, or Document Data, we encourage you to contact us (details below in the 'Contact Us' section). Additionally, Nitro acknowledges you have the following rights with regards to your personal data.
Nitro collects a variety of information via the use of the Site, Software, and/or Services at the direction of users. If you have concerns about your personal data being processed, or if you seek access or want to correct, amend, or delete inaccurate data, please contact us at privacy@gonitro.com and we will work with you to respond to your request in a reasonable timeframe.
If you have concerns or inquiries regarding the handling of your personal, document, and/or activity data, please contact us at privacy@gonitro.com. Nitro will respond within a reasonable timeframe. If, after contacting us, we fail to adequately address your concern please contact the dispute resolution provider, Data Protection Commissioner of Ireland at www.dataprotection.ie, at no cost to you.
For your protection, we may only implement requests with respect to the personal data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable and in any event, within one month of your request. Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion.
We are committed to resolve any complaints about our collection or use of your personal data. If you would like to make a complaint regarding this Privacy Policy or our practices in relation to your personal data, please contact us using the “Contact Us” section below. We will reply to your complaint as soon as we can and in any event, within 45 days.
Nitro complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Nitro has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/
In compliance with the Privacy Shield Principles, Nitro commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Nitro by going to the "Contact Us" webpage on this Site or contacting us at privacy@gonitro.com or at the address below.
Nitro Software, Inc
150 California Street, STE 1500
San Francisco, CA 94105
Attn: Privacy
Nitro has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.
If you require more detailed data about our data handling practices please let us know by going to the “Contact Us” webpage on this Site or contacting us at privacy@gonitro.com or at the address below.
Nitro Software, Inc
150 Spear Street, STE 1500
San Francisco, CA 94105
Attn: Privacy
Updated: 25 September 2013
Nitro Software, Inc respects the copyright rights of others and has adopted the following procedure regarding the removal of allegedly infringing materials from Nitro's web sites, consistent with the removal notification and counter-notification provisions of the Digital Millennium Copyright Act ("DMCA") and other applicable intellectual property laws.
The DMCA provides a process for an owner of copyrighted material to notify an online service provider of alleged copyright infringement. Upon receipt of a valid DMCA removal notification (described below), Nitro will remove or disable access to the allegedly infringing content and take reasonable steps to contact the party that originally posted that content to allow it to file a counter-notification that indicates that it had the right to post the content. Upon receipt of a valid counter-notification (also described below), Nitro may restore the content in question, unless it receives timely notice from the party that requested removal that a legal action has been filed seeking a court order to restrain the alleged infringer from engaging in the infringing activity.
By submitting either a removal notification or a counter-notification as described herein, the submitting party acknowledges and agrees that Nitro may provide copies of such notices and any information contained therein to the other participants in the dispute or to any other third parties deemed necessary by Nitro. Please note that federal law provides that any person who knowingly materially misrepresents: (1) that material or activity is infringing, or (2) that material or activity was removed or disabled by mistake or misidentification, will be liable for damages, including costs and attorneys' fees.
If you believe someone has posted your copyrighted material on a Nitro web site and wish to have it removed, please send a removal notification to Nitro's designated copyright agent as provided below. To be considered valid, your request for removal must be written and include the following:
Promptly after receipt of a valid removal notification, Nitro will remove or disable access to the allegedly infringing content. Nitro will also notify the party that posted it of your claim that the material is infringing and will give that party an opportunity to send Nitro a written counter-notification as provided below.
In response to Nitro's receipt of a valid removal notice and removal of material, if you believe that the allegedly infringing material is not infringing and want Nitro to restore it on its web site, please send a counter-notification to Nitro's designated copyright agent as provided below.
To be considered valid, your counter-notification must be written and include the following:
Promptly after receipt of a valid counter-notification, Nitro will forward it to the party who submitted the original removal notification. After Nitro sends out the counter-notification, the party that submitted the original removal notification must then notify Nitro within 10 business days that it has filed an action seeking a court order to restrain you from engaging in the allegedly infringing activity. If Nitro receives such notification, it will not restore the material. If Nitro does not receive such notification, Nitro may reinstate the material within 10 to 14 days of receipt of the valid counter-notification.
All notices should be sent to Nitro's designated copyright agent using the following contact information:
Nitro Software, Inc
Attn: Agent for DMCA Notices
150 Spear Street, STE 1500
San Francisco CA 94111
USA
Alternatively, you may email your notice to:
privacy@gonitro.com Please indicate either "DMCA Removal Notification" or "DMCA Counter-Notification" in the subject line.
Or fax it to:
(415) 369-9097
Attn: Agent for DMCA Notices
As a customer, your satisfaction and success are the motivation for all we do—which is why we’ll always do everything we can to ensure we make working with documents smarter and easier for you. If, however, you feel like Nitro doesn’t fulfill your needs, we’re here to help make things right.
We understand you want the perfect fit and that’s why we offer a trial version of Nitro Pro. During this trial you can test all the functionality of the software to be sure it suits your needs and desires.
To ensure Nitro Pro is the perfect fit, you can experience all of Nitro Pro’s powerful features in our free 14-day trial. You’ll also have access to our User Guide, Knowledge Base, and Community Forum to help you maximize your trial and answer any questions you may have.
Experience the Nitro difference for yourself by downloading your free trial today.
You may be approved for a refund if you purchased Nitro from our online store at www.gonitro.com and one of the following conditions applies:
While these conditions are guidelines, all refunds are made at Nitro’s sole discretion.
We’re sorry to hear that Nitro wasn’t the perfect fit for your needs. If the conditions listed above apply to you, please follow this step-by-step guide to apply for a refund:
Note: We will notify you when we have processed your refund request or if we need additional information. Once your request has been processed, please allow 5–8 business days for the refund to appear in your account.
If you purchased Nitro Pro directly through a Nitro sales representative or reseller, please reach out to your Account Executive or reseller to discuss potential refund options.
Please be advised that Nitro do not, and has not, sold any personal information. See Nitro's privacy policy here. Likewise, Nitro do not have any future plans to sell personal information. Should you have any questions or concerns about how Nitro handles personal information, please contact us at privacy@gonitro.com or at the following address:
Nitro Software, Inc
150 Spear Street, STE 1500
San Francisco, CA 94105
Attn: Privacy
Nitro Software, Inc.(“Nitro”) uses certain subprocessors to assist in providing our Services. We use service providers that may store and process personal data about you and your end users (each, a "Sub-Processor"). This page provides important information about the identity, location, and role of these material Sub-Processors. Terms used on this page but not defined have the meaning set forth in our Terms of Service agreement (the "Agreement").
The following table identifies the Subprocessors used by Nitro, the function that may be provided, and the location where such subprocessing activities are performed.
Nombre | Function | Corporate Location |
---|---|---|
Amazon Web Services | Infrastructure | Alemania |
Oracle America | Billing | United States |
Salesforce.com | Customer Relationship Management / Support | United States |
Marketo | Marketing Tool | United States |
Analytics | United States | |
Stripe | Payment Processing | United States |
Microsoft | Infrastructure | United States |
CyberSource | Payment Processing | United States |
Intercom | Customer Communication | United States |
Gong | Call Recording | United States |
Salesloft | Customer Relationship Management | United States |
Slack | Collaboration and Communication | United States |
As our business and technical requirements change, we may from time to time remove or add Subprocessors, or we may engage an existing Subprocessor to perform additional services for us, if we believe that doing so will enhance our ability to deliver the Nitro Service. We will periodically update this page to reflect changes to our Subprocessors. If you have any questions about our subprocessing activities, please contact privacy@gonitro.com.
The following entities are members of Nitro Group Companies:
Nitro Group Member Name | Country |
---|---|
Nitro Software EMEA Limited | Irlanda |
Nitro Software Limited | Australia |
Nitro Software Canada Limited | Canada |
This Data Processing Addendum (“DPA”) forms part of the Nitro Business Terms of Service and Nitro Terms of Services governing the use of Nitro’s services. (“Agreement”) entered by and between you, the Customer (collectively, “Individual”, “Entity”, “Licensee”) and Nitro Software Inc. (“Nitro”) to reflect the parties’ agreement with regard to the Processing of Personal Data by Nitro solely on behalf of the Customer. Both Parties shall be referred to as the “Parties” and each, a “Party”.
For purposes of this DPA, the terms below have the meanings set forth below. Capitalized terms that are used but not defined in this DPA have the meanings given in the Agreement.
(a) Affiliate means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity, where “control” refers to the power to direct or cause the direction of the subject entity, whether through ownership of voting securities, by contract or otherwise.
(b) Applicable Data Protection Laws means the privacy, data protection and data security laws and regulations of any jurisdiction applicable to the Processing of Personal Data under the Agreement, including, without limitation, European Data Protection Laws and the CCPA.
(c) CCPA means the California Consumer Privacy Act of 2018 and any regulations promulgated thereunder.
(d) Customer Data means information provided or made available to Nitro for Processing on Customer’s behalf to perform the Services.
(e) EEA means the European Economic Area.
(f) European Data Protection Laws means the GDPR and other data protection laws and regulations of the European Union, its Member States, Switzerland, Iceland, Liechtenstein, Norway and the United Kingdom, in each case, to the extent applicable to the Processing of Personal Data under the Agreement.
(g) GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, as amended from time to time.
(h) Information Security Incident means a breach of Nitro’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data in Nitro’s possession, custody or control. Information Security Incidents do not include unsuccessful attempts or activities that do not compromise the security of Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, or other network attacks on firewalls or networked systems.
(i) Personal Data means Customer Data that constitutes “personal data,” “personal information,” or “personally identifiable information” defined in Applicable Data Protection Law, or information of a similar character regulated thereby, except that Personal Data does not include such information pertaining to Customer’s personnel or representatives who are business contacts of Nitro, where Nitro acts as a controller of such information.
(j) Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
(k) Security Measures has the meaning given in Section 5(a) (Provider’s Security Measures).
(l) Standard Contractual Clauses means the mandatory provisions of the standard contractual clauses for the transfer of personal data to processors established in third countries in the form set out by European Commission Decision 2010/87/EU.
(m) Subprocessors means third parties that Nitro engages to Process Personal Data in relation to the Services.
(n) Third Party Subprocessors has the meaning given in Section 5 (Subprocessors) of Annex 1.
(o) The terms controller, data subject, processor and supervisory authority as used in this DPA have the meanings given in the GDPR.
(a) This DPA will remain in effect so long as Nitro Processes Personal Data, notwithstanding the expiration or termination of the Agreement.
(b) Annex 1 (EU Annex) to this DPA applies solely to Processing subject to European Data Protection Laws. Annex 2 (California Annex) to this DPA applies solely to Processing subject to the CCPA if Customer is a “business” or “service provider” (as defined in CCPA) with respect to such Processing.
Nitro will Process Personal Data only in accordance with Customer’s instructions to Nitro. This DPA is a complete expression of such instructions, and Customer’s additional instructions will be binding on Nitro only pursuant to an amendment to this DPA signed by both parties. Customer instructs Nitro to Process Personal Data to provide the Services as contemplated by this Agreement.
Customer acknowledges and agrees that, as a part of the Services, Nitro may create and derive from Processing related to the Services anonymised and/or aggregated data that does not identify Customer or any natural person, and use, publicise or share with third parties such data to improve Nitro’s products and services and for its other legitimate business purposes.
(a) Provider Security Measures. Nitro will implement and maintain technical and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data (the “Security Measures”) as described in Annex 3 (Security Measures). Nitro may update the Security Measures from time to time, so long as the updated measures do not decrease the overall protection of Personal Data.
(b) Information Security Incidents. Nitro will notify Customer without undue delay of any Information Security Incident of which Customer becomes aware. Such notifications will describe available details of the Information Security Incident, including steps taken to mitigate the potential risks and steps Nitro recommends Customer take to address the Information Security Incident. Nitro’s notification of or response to an Information Security Incident will not be construed as Nitro’s acknowledgement of any fault or liability with respect to the Information Security Incident.
(c) Customer’s Security Responsibilities and Assessment (i) Customer’s Security Responsibilities. Customer agrees that, without limitation of Nitro’s obligations under Section 5 (Security), Customer is solely responsible for its use of the Services, including (a) making appropriate use of the Services to ensure a level of security appropriate to the risk in respect of the Personal Data; (b) securing the account authentication credentials, systems and devices Customer uses to access the Services; (c) securing Customer’s systems and devices that Nitro uses to provide the Services; and (d) backing up Personal Data. (ii) Customer’s Security Assessment. Customer agrees that the Services, the Security Measures and Nitro’s commitments under this DPA are adequate to meet Customer’s needs, including with respect to any security obligations of Customer under Applicable Data Protection Laws, and provide a level of security appropriate to the risk in respect of the Personal Data.
(a) Nitro’s Data Subject Request Assistance. Nitro will (taking into account the nature of the Processing of Personal Data) provide Customer with assistance reasonably necessary for Customer to perform its obligations under Applicable Data Protection Laws to fulfill requests by data subjects to exercise their rights under Applicable Data Protection Laws (“Data Subject Requests”) with respect to Personal Data in Nitro’s possession or control. Customer shall compensate Nitro for any such assistance at Nitro’s then-current professional services rates, which shall be made available to Customer upon request.
(b) Customer’s Responsibility for Requests. If Nitro receives a Data Subject Request, Nitro will advise the data subject to submit the request to Customer and Customer will be responsible for responding to the request.
(a) Customer Compliance. Customer shall comply with its obligations under Applicable Data Protection Laws. Customer shall ensure (and is solely responsible for ensuring) that its instructions in Section 3 comply with Applicable Data Protection Laws, and that Customer has given all notices to, and has obtained all such notices from, individuals to whom Personal Data pertains and all other parties as required by applicable laws or regulations for Customer to Process Personal Data as contemplated by the Agreement.
(b) Prohibited Data. Customer represents and warrants to Nitro that Customer Data does not and will not, without Nitro’s prior written consent, contain any social security numbers or other government-issued identification numbers; biometric information; passwords for online accounts; credentials to any financial accounts; tax return data; credit reports or consumer reports; any payment card information subject to the Payment Card Industry Data Security Standard; information subject to the Gramm-Leach-Bliley Act, Fair Credit Reporting Act or the regulations promulgated under either such law; information subject to restrictions under Applicable Data Protection Laws governing Personal Data of children, including, without limitation, all information about children under 13 years of age; or any information that falls within any special categories of data (as defined in GDPR). Customer further represents that Customer Data does not and will not contain protected health information subject to the Health Insurance Portability and Accountability Act (HIPAA) or any similar legislation in other jurisdiction; other information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional; or health insurance information unless Customer and Nitro have separately entered into a HIPAA Business Associate Agreement.
Except as expressly modified by the DPA, the terms of the Agreement remain in full force and effect. In the event of any conflict or inconsistency between this DPA and the other terms of the Agreement, this DPA will govern. Notwithstanding anything in the Agreement or any order form entered in connection therewith to the contrary, the parties acknowledge and agree that Nitro’s access to Personal Data does not constitute part of the consideration exchanged by the parties in respect of the Agreement. Notwithstanding anything to the contrary in the Agreement, any notices required or permitted to be given by Nitro to Customer under this DPA may be given (a) in accordance with any notice clause of the Agreement; (b) to Nitro’s primary points of contact with Customer; or (c) to any email provided by Customer for the purpose of providing it with Services-related communications or alerts. Customer is solely responsible for ensuring that such email addresses are valid.
(a) Subject Matter and Details of Processing. The parties acknowledge and agree that (i) the subject matter of the Processing under the Agreement is Nitro’s provision of the Services; (ii) the duration of the Processing is from Nitro’s receipt of Personal Data until deletion of all Personal Data by Nitro in accordance with the Agreement; (iii) the nature and purpose of the Processing is to provide the Services; (iv) the data subjects to whom the Personal Data pertains are Customer (to the extent that Customer is an individual), users of the Services or Nitro’s software, and data subjects, the personal data of which has been generated, shared or uploaded by Customer and/or users of the Services and/or Nitro’s software; and (v) the categories of personal data are the personal data generated, shared, uploaded or requested by the Customer or users of the Services and/or Nitro’s software (which may include personal data contained in documents, pictures and other media and user-generated content such as documents, text, pictures and other content).
(b) Roles and Regulatory Compliance; Authorization. The parties acknowledge and agree that (i) Nitro is a processor of that Personal Data under European Data Protection Laws; (ii) Customer is a controller (or a processor acting on the instructions of a controller) of that Personal Data under European Data Protection Laws; and (iii) each party will comply with the obligations applicable to it in such role under the European Data Protection Laws with respect to the Processing of that Personal Data. If Customer is a processor, Customer represents and warrants to Nitro that Customer’s instructions and actions with respect to Personal Data, including its appointment of Nitro as another processor, have been authorized by the relevant controller.
(c) Nitro’s Compliance with Instructions. Nitro will Process Personal Data only in accordance with Customer’s instructions stated in this DPA unless applicable European Data Protection Laws require otherwise, in which case Nitro will notify Customer (unless that law prohibits Nitro from doing so on important grounds of public interest).
(d) Data Deletion. Nitro shall delete all the Personal Data on Nitro’s systems on Customer’s request and after the end of the provision of Services, and shall delete existing copies unless continued storage of the Personal Data is required by (i) applicable laws of the European Union or its Member States, with respect to Personal Data subject to European Data Protection Laws or (ii) Applicable Data Protection Laws, with respect to all other Personal Data. Nitro will comply with such instruction as soon as reasonably practicable and no later than 180 days after such expiration or termination, unless Applicable Data Protection Laws require storage. Customer may choose to request a copy of such Personal Data from Nitro for an additional charge by requesting it in writing at least 30 days prior to expiration or termination of the Agreement. Upon the parties’ agreement to such charge pursuant to a work order or other amendment to the Agreement, Nitro will provide such copy of such Personal Data before it is deleted in accordance with this clause.
(a) Nitro Security Measures, Controls and Assistance (i) Nitro Security Assistance. available to Nitro) provide Customer with reasonable assistance necessary for Customer to comply with its obligations in respect of Personal Data under European Data Protection Laws, including Articles 32 to 34 (inclusive) of the GDPR, by (a) implementing and maintaining the Security Measures; (b) complying with the terms of Section 5(b) (Information Security Incidents) of the DPA; and (c) complying with this Annex 1. Customer hereby acknowledges and agrees that such measures are sufficient to permit Customer to comply with these obligations. (ii) Security Compliance by Nitro Staff. Nitro will ensure that its personnel who are authorized to access Personal Data are subject to appropriate confidentiality obligations.
(b) Reviews and Audits of Compliance
Customer may audit Nitro’s compliance with its obligations under this DPA up to once per year and on such other occasions as may be required by European Data Protection Laws, including where mandated by Customer’s supervisory authority. Nitro will contribute to such audits by providing Customer or Customer’s supervisory authority with the information and assistance reasonably necessary to conduct the audit. If a third party is to conduct the audit, Nitro may object to the auditor if the auditor is, in Nitro’s reasonable opinion, not independent, a competitor of Nitro, or otherwise manifestly unsuitable. Such objection by Nitro will require Customer to appoint another auditor or conduct the audit itself. To request an audit, Customer must submit a proposed audit plan to Nitro at least two weeks in advance of the proposed audit date and any third party auditor must sign a customary non-disclosure agreement mutually acceptable to the parties (such acceptance not to be unreasonably withheld) providing for the confidential treatment of all information exchanged in connection with the audit and any reports regarding the results or findings thereof. The proposed audit plan must describe the proposed scope, duration, and start date of the audit. Nitro will review the proposed audit plan and provide Customer with any concerns or questions (for example, any request for information that could compromise Nitro security, privacy, employment or other relevant policies). Nitro will work cooperatively with Customer to agree on a final audit plan. Nothing in this Section 2(b) shall require Nitro to breach any duties of confidentiality. If the controls or measures to be assessed in the requested audit are addressed in an SOC 2 Type 2, ISO, NIST or similar audit report performed by a qualified third party auditor within twelve (12) months of Customer’s audit request and Nitro has confirmed there have been no known material changes in the controls audited since the date of such report, Customer agrees to accept such report in lieu of requesting an audit of such controls or measures. The audit must be conducted during regular business hours, subject to the agreed final audit plan and Nitro’s safety, security or other relevant policies, and may not unreasonably interfere with Nitro business activities. Customer will promptly notify Nitro of any non-compliance discovered during the course of an audit and provide Nitro any audit reports generated in connection with any audit under this Section 2(b), unless prohibited by European Data Protection Laws or otherwise instructed by a supervisory authority. Customer may use the audit reports only for the purposes of meeting Customer’s regulatory audit requirements and/or confirming compliance with the requirements of this DPA. Any audits are at Customer’s sole expense. Customer shall reimburse Nitro for any time expended by Nitro and any third parties in connection with any audits or inspections under this Section 2(b) at Nitro’s then-current professional services rates, which shall be made available to Customer upon request. Customer will be responsible for any fees charged by any auditor appointed by Customer to execute any such audit.
Nitro will (taking into account the nature of the Processing and the information available to Nitro) reasonably assist Customer in complying with its obligations under Articles 35 and 36 of the GDPR, by (a) making available documentation describing relevant aspects of Nitro’s information security program and the security measures applied in connection therewith and (b) providing the other information contained in the Agreement, including this DPA.
(a) Data Processing Facilities. Provider may, subject to Section 4(b) (Transfers out of the EEA), store and Process Personal Data in the United States or anywhere Provider or its Subprocessors maintain facilities.
(b) Transfers out of the EEA. If Customer transfers Personal Data out of the EEA to Nitro in a country not deemed by the European Commission to have adequate data protection, such transfer will be governed by the Standard Contractual Clauses, the terms of which are hereby incorporated into this DPA. In furtherance of the foregoing, the parties agree that (i) Customer will act as the data exporter and Nitro will act as the data importer under the Standard Contractual Clauses; (ii) for purposes of Appendix 1 to the Standard Contractual Clauses, the categories of data subjects, data, special categories of data (if appropriate), and the Processing operations shall be as set out in Section 1(a) to this Annex 1 (Subject Matter and Details of Processing); (iii) for purposes of Appendix 2 to the Standard Contractual Clauses, the technical and organizational measures shall be the Security Measures; (iv) data importer will provide the copies of the subprocessor agreements that must be sent by the data importer to the data exporter pursuant to Clause 5(j) of the Standard Contractual Clauses upon data exporter’s request, and that data importer may remove or redact all commercial information or clauses unrelated the Standard Contractual Clauses or their equivalent beforehand; (v) the audits described in Clause 5(f) and Clause 12(2) of the Standard Contractual Clauses shall be performed in accordance with Section 2(b) of this Annex 1 (Reviews and Audits of Compliance); (vi) Customer’s authorizations in Section 5 (Subprocessors) of this Annex 1 will constitute Customer’s prior written consent to the subcontracting by Nitro of the Processing of Personal Data if such consent is required under Clause 5(h) of the Standard Contractual Clauses; and (vii) certification of deletion of Personal Data as described in Clause 12(1) of the Standard Contractual Clauses shall be provided upon data importer’s request.
Notwithstanding the foregoing, the Standard Contractual Clauses (or obligations the same as those under the Standard Contractual Clauses) will not apply to the extent an alternative recognized compliance standard for the transfer of Personal Data outside the EEA in accordance with European Data Protection Laws applies to the transfer. In the event of any conflict or inconsistency between (a) this Annex 1 and any other provision of this DPA, this Annex 1 will govern or (b) the Standard Contractual Clauses and any other provision of this Agreement, the Standard Contractual Clauses will govern.
(a) Consent to Subprocessor Engagement. Customer specifically authorizes the engagement of Nitro’s Affiliates as Subprocessors and generally authorizes the engagement of other third parties as Subprocessors (“Third Party Subprocessors”).
(b) Information about Subprocessors. Information about Subprocessors, including their functions and locations, is available at: www.gonitro.com/legal/subprocessors as may be updated by Nitro from time to time) or such other website address as Nitro may provide to Customer from time to time (the “Subprocessor Site”).
(c) Requirements for Subprocessor Engagement. When engaging any Subprocessor, Nitro will enter into a written contract with such Subprocessor containing data protection obligations not less protective than those in this DPA with respect to Personal Data to the extent applicable to the nature of the services provided by such Subprocessor. Nitro shall be liable for all obligations under the Agreement subcontracted to, the Subprocessor or its actions and omissions related thereto.
(d) Opportunity to Object to Subprocessor Changes. When Nitro engages any new Third Party Subprocessor after the effective date of the Agreement, Nitro will notify Customer of the engagement (including the name and location of the relevant Subprocessor and the activities it will perform) by updating the Subprocessor Site or by other written means. If Customer objects to such engagement in a written notice to Nitro within 15 days after being informed of the engagement on reasonable grounds relating to the protection of Personal Data, Customer and Nitro will work together in good faith to find a mutually acceptable resolution to address such objection. If the parties are unable to reach a mutually acceptable resolution within a reasonable timeframe, Customer may, as its sole and exclusive remedy, terminate the Agreement and cancel the Services by providing written notice to Nitro and pay Nitro for all amounts due and owing under the Agreement as of the date of such termination.
(e) Sufficiency of Consent. Customer hereby acknowledges and agrees that the foregoing procedures are sufficient to obtain Customer’s prior written consent to the subprocessing under Article 28 of the GDPR, and to the extent required under Clause 5(h) of the Standard Contractual Clauses.
Executive Summary
Nitro’s software solutions are designed to improve productivity and reduce paper consumption for every knowledge worker. By enabling end-to-end digital document workflows, Nitro helps organizations advance document security and corporate sustainability initiatives essential factors in building the foundation for successful digital transformation.
Nitro Sign, a part of the Nitro Productivity Suite, is a browser-based application offering fast, secure and legally binding eSigning workflows. Designed to provide simple, delightful eSigning for everyone, Nitro Sign offers an intuitive interface and rich functionality supported by strong security fundamentals, for a truly enterprise-grade experience. With our eSigning solution, Nitro customers are transforming disconnected, time-consuming legacy processes into modern digital workflows that can be executed in minutes.
Nitro Sign provides all the functionality required to achieve fast, secure and legally binding eSignatures:
The purpose of this this paper is to provide a high-level overview of Nitro Sign’s overall security framework, including but not limited to : application security, compliance, organisational security, network security, data security and disaster recovery.
Application Security
Nitro Sign runs on a containerised micro-services platform hosted in a dedicated-to- Nitro VPC (Virtual Private Cloud) across multiple Availability Zones within a single EU region—Frankfurt, Germany. Nitro Customers access the Nitro Sign application through their web browsers via the public website cloud.gonitro.com.
Public internet traffic to and from cloud.gonitro.com is encrypted via TLS (Transport Layer Security) secured using a Secure Hash Algorithm (SHA-2) family extended validation digital certificate from DigiCert (www.digicert.com) with both SHA1 and SHA256 fingerprints; SHA256 is the hashing algorithm used, and the signing scheme used is 2048-bit RSA.
Nitro Sign documents are stored in secure, dedicated and managed locations, using the Advanced Encryption Standard with a 256-bit key size (AES-256). AES is included in the ISO/IEC 18033-3: Information technology – Security techniques – Encryption algorithms – Part 3: Block ciphers Standard. AES is defined as U.S. Federal Information Processing Standard: FIPS PUB 197: Advanced Encryption Standard (AES).
Data communications between the web clients and Nitro backend servers is encrypted using TLS, which protects data in transit. Document metadata is held in a Relational Database Service which provides for high availability and data durability. Storage is provided by Amazon S3 (Simple Storage Service) buckets dedicated to Nitro which are encrypted to protect data at rest.
Sensitive information (credentials, tokens, certificates, API keys) are managed through an encrypted vault database.
User Authentication
Nitro Sign supports multiple methods for managing and authenticating user's identities.
Nitro Admin, our dedicated user and license management portal, is used by designated administrators to invite new users, to manage existing users and their licenses, and to suspend or remove users, as necessary.
Nitro also offer Single Sign-On (SSO) integrations as part of our Enterprise level plan. SSO allows users to access Nitro's products by authenticating through the organization’s Identity Provider (IdP). Nitro supports SSO with any SAML-2.0 compliant IdP.
More information on enabling Nitro’s SSO integration can be found here https://www.gonitro.com/user-guide/admin/article/single-sign-on-overview
Document Integrity
Upon completion of a signature workflow, Nitro digitally signs the PDF using a certificate issued to identify Nitro as an organization. The digital signature verifies the document integrity and confirms that the document has not been tampered with since it was completed. Please see the following image for how the Digital Signature appears on a completed document being viewed in Nitro Pro 13. The Digital Signature will be present in the copy of the document received by all parties to the request.
Conformidad
Nitro Software Inc. holds HIPAA, SOC2 Type 1, and SOC2 Type 2 certifications, among others. Nitro are also self-certified for Privacy Shield, and fully committed to supporting the EU General Data Protection Regulations (GDPR).
Dado que consideramos la seguridad de los datos como nuestra prioridad y labor número uno, fomentamos la seguridad en cada una de las etapas del ciclo de vida de desarrollo del sistema para todos los productos de Nitro.
We follow industry best practices to transfer, process, and store customer data. All Nitro cloud–enabled features use state-of-the-art computing facilities that satisfy key industry standards, such as PCI DSS, HIPAA, and SOC. Our primary data centre is in the EU in Frankfurt, Germany.
Nitro protects documents in motion and at rest with digital audit trails and TLS AES encryption. Through extensive logging and instrumentation, we monitor our production environment to audit security, availability, access, and other metrics for our services.
We use a combination of automated tools and manual inspection to ensure constant oversight of security events. For all of our cloud infrastructure, we use Amazon Web Services (AWS), which provides extensive documentation about their security practices here. AWS employs cutting-edge data security measures, as well as physical access restrictions at server locations.
For a full list of Nitro certifications, including SOC 2 Type 2, HIPAA, and Privacy Shield, please click here.
The list of AWS certifications, including ISO 27001 and SOC reports 1, 2, and 3, is available here.
Organisational Security
Nitro Software has developed and communicated to its users’ procedures to restrict logical access to Nitro Software’s systems. The procedures cover the following key security lifecycle areas:
Background Checks: Nitro go to great lengths to ensure no one sees or processes your data unless they’re authorized to do so and we strictly limit exceptions. All employees are subject to background checks, and access to production servers is limited solely to engineers who need to work directly with our production systems.
Nitro Information Security Standards v 1.5 exist and are in effect.
These Standards are developed under the authority of the Nitro Information Security Policy.
These Standards apply to all components of Nitro and all geographic regions where Nitro operates.
These Standards are based on and aligned with ISO/IEC 27002:2013 Information technology – Code of practice for information security controls (licensed by Nitro).
These standards are also aligned with and support the U.S. Department of Commerce NIST Special Publication 800-53.
The Nitro Information Security Policy is owned by the Global Security Lead, who has secured management approval and responsibility for developing, reviewing, and maintaining the policy.
Nitro Information Security Standards underpin the Nitro Information Security Policy. Standards are reviewed on an on-going basis with updates applied as and when required.
Nitro Information Security Standards and Policy are reviewed annually as part of our ongoing Regulatory Compliance initiatives including SOC2 and HIPAA.
Security Awareness & Training
Nitro has an information security policy to help ensure that employees understand their individual roles and responsibilities concerning processing and controls to ensure significant events are communicated in a timely manner.
These include formal and informal training programs and the use of email, Slack and other methods to communicate time-sensitive information and processes for security and system availability purposes that notify key personnel in the event of problems.
General Information Security training is delivered during the hiring and onboarding process and refreshed at least annually thereafter. Specific training dependent on roles is provided to specialist areas such as software development and systems or platforms engineering.
Data Security
All systems and applications are subject to vulnerability assessment scans by an independent and accredited third party on a regular basis.
The Nitro online platform service is a cloud-based solution hosted in AWS VPC across multiple availability zones in a single region (Frankfurt, Germany), designed for failure, self-healing, robustness, and is highly available.
Automated backups are in place covering 20 generations of data.
AES-256 encryption is in place covering data at rest, and data in transit.
Multiple instances of Anti-Virus and Anti-Malware technology is in place, at the desktop layer and also at the email gateway and internet gateway layers.
Nitro also uses a Web Application Firewall and DDoS protection platform.
Disaster Recovery
All Nitro systems are built to be highly resilient, highly available, and fault tolerant.
That said, we do have a Nitro Disaster Recovery Plan and Nitro Business Continuity Plan, which are reviewed and tested annually.
The most recent test of the Nitro Disaster Recovery Plan was conducted in Q3 2020.