Terms & Policies

Terms of Service

This terms of service agreement governs your access to, and use of, the websites, services and applications which are owned, operated or provided by or on behalf of Bold Innovation Group Ltd.

Last updated: October 1, 2020

By using the Bold Commerce Services (as defined below) you are agreeing to be bound by the following terms and conditions (“Terms of Service”). You must read, agree to and accept all of the terms and conditions contained in the Terms of Service, the API License Agreement and Privacy Policy (and any applicable data protection addendum).

This Terms of Service, the API License Agreement, Privacy Policy and any applicable DPA collectively forms your agreement (the “Agreement”) and governs your access to, and use of, the websites, services, applications and integrations (collectively, the “Services”) which are owned, operated or provided by or on behalf of Bold Innovation Group Ltd. (“Bold” or “Bold Commerce”).

As used in this Agreement, “you” and “your” refers to you, the person accessing the Services; “we” means (and “us”, “our”, “ours” and “ourselves” refer to) Bold; and “party” or “parties” refers to both you and us. The effective date of this Agreement is when you accept it, in accordance with the terms and conditions that are set out below.

IMPORTANT! YOUR ACCESS TO AND USE OF THE SERVICES IS SUBJECT TO LEGALLY BINDING TERMS AND CONDITIONS. PLEASE CAREFULLY READ ALL OF THE FOLLOWING TERMS AND CONDITIONS BEFORE YOU PROCEED. ACCESSING OR USING THE SERVICES IS THE EQUIVALENT OF YOUR SIGNATURE AND INDICATES YOUR ACCEPTANCE OF THESE TERMS AND CONDITIONS AND THAT YOU INTEND TO BE LEGALLY BOUND BY THEM. IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, PLEASE DO NOT USE THE SERVICES.

You can view, print, download or save this Agreement at any time, under the “Terms of Service” link that appears on our website.

We reserve the right to change these terms and conditions at any time without notice, by updating this Agreement, and such changes will be effective as of the date these updates (or an updated version of this Agreement) is posted to our website. We may provide notice to you of material revisions by means of a general notice on our website. Your continued use of the Services after such revisions are posted will signify your agreement to these revised terms. Therefore, you should visit this page periodically to review this Agreement.

Our Services

We develop and make available to you apps which are designed to enhance your e-commerce platform. Our eCommerce apps are built to provide additional value-add features to your existing storefront. In some cases, our apps may permit you to receive, sell, and otherwise use material (“Uploaded Content”) which is uploaded by third parties (“Content Uploaders”). For more information about Uploaded Content and Content Uploaders, please see the “ Uploaded Content” heading below. We can also custom develop apps for your store, provide webmaster services, and many other e-commerce services. You can access information on our current apps at boldcommerce.com.

The specifics of each aspect of the Services (including technical details, support and pricing information) are posted on our website, as we may amend them from time to time, as well as in any applicable statement of work we may issue to you, in respect of the Services. Where you engage us to custom develop Services, the details of our engagement will be governed by any additional documents and agreements as part of that engagement.

We take reasonable efforts to explain each Service’s features to you on our website, but we can’t guarantee a Service will look or perform exactly like it appears on a demo page. If you have any questions about any terms or details of any of our Services, please reach out to us at the contact information below.

Bold shall use commercially reasonable efforts to provide technical support for Services. We are not responsible for providing technical support for any apps, products, or services provided to you by third parties.

Payments & Terms

All Services are provided on a per store basis, meaning you will have to purchase Services on an individual store basis. For example, if you have two stores, and you wish to use one of our apps for both stores, you must purchase two subscriptions to that app.

Unless otherwise indicated, the sale is finalized when you conclude the purchase of the Service, and your method of payment will be charged following your predefined billing cycle on that eCommerce platform. When you make a payment, you confirm that you are entitled to use the method which you have used to make the payment.

All payments to Bold do not include applicable sales, goods and services, harmonized, or any other taxes or fees, which may be charged by governmental authorities. Such taxes and/or fees will be added to the total amount you are required to pay and billed to your method of payment. Payment of these taxes and/or fees will be your sole responsibility.

You agree to indemnify and hold harmless Bold and its officers, directors, subsidiaries, affiliates, employees, representatives, agents, licensors and their respective successors and assigns (collectively, its “Others”), against any chargeback costs (plus any taxes or related fees) which we are required to pay, as a result of a payment dispute with you or in relation to a payment you have made to us for the Services.

In the event that you are billed directly by us, in most cases, you will be billed in advance of your payment period, typically monthly. In some cases, such as for overages, you may be billed in the month after the overages incurred. You must make all payments, without any setoff or deduction for any reason, within fifteen (15) days of the date of your invoice in a manner determined by us in our sole discretion.

All payments are made payable in USD (United States Dollars).

Trial Period

We may offer a trial period for certain Services before being required to purchase or subscribe. The duration and specific terms of the trial period will be published to our websites and during the Services install process. You will not be charged for the Services until the trial period has expired.

You agree that even though you may have access to the Services on a trial basis, free of charge, you will be bound by the terms and conditions of this Agreement. Your continued use of the Services following the conclusion of the trial period constitutes your consent to be charged for those Services and to the provisions in this Agreement.

Right to use the Services and Intellectual Property

Subject to your compliance with the terms and conditions of this Agreement, we hereby grant to you a limited, non-exclusive, non-assignable, non-sublicensable, revocable right to install and use the Services for the purpose of operating your online store. This right terminates upon termination of this Agreement or any other agreements previously provided to you by us, as may be applicable. For certainty, if you uninstall all our apps, your Agreement is terminated automatically. Any and all rights not expressly granted to you are reserved by us, and this Agreement does not confer to you a proprietary interest in any Services.

All materials displayed or otherwise accessible on or through the Services, including source code (“Our Content”), and the selection and arrangement of Our Content, are protected by copyright, pursuant to Canadian copyright laws, international conventions and other copyright laws. We either own the intellectual property rights, including copyright, or have acquired the necessary rights or licences, in Our Content. Portions of Our Content may have been licensed to us or published on our website, or as part of our Services, by third parties. Any reproduction, modification, publication, transmission, transfer, sale, distribution, display or exploitation of the Services or Our Content, whether in whole or in part, without our express written permission, is strictly prohibited.

Certain words, phrases, names, designs or logos made available on or through the Services may constitute trademarks, service marks, or trade names that are owned by us or others. The display of such marks on or through the Services does not imply that you have been granted a licence by us or others with respect to them.

If you believe in good faith that any material that is made available on or through the Services, infringes your copyright, please notify us using the Contact Us link on our website.

Subject to the terms and conditions of this Agreement and the API License Agreement, you are granted a limited personal, non-exclusive, non-transferable, revocable license to access, view and use our website, including a limited license to download, print and store single copies of Our Content (other than source code) from our website, for your personal use, provided that you maintain all copyright and other notices contained in such items and you do not (and do not allow any third party to) copy, modify, create derivative works of, reverse engineer, reverse assemble or otherwise attempt to discover any source code, in our website. Our Content must not be reproduced, republished, or disseminated in any manner or form without our prior written consent or the prior written consent of the third parties from which such information was collected, as the case may be.

Continued Use, Updates and Upgrades

We reserve the right to modify, update, remove or disable access to any Services, without notice to you, and we will not be liable to you if we exercise those rights. When you purchase a particular Service, you are purchasing the right to use that Service as of the time you purchase it. You are not paying for the right to any updates, upgrades or future versions of the Services, though we may make such updates, upgrades or future versions available to you, in our sole discretion. We do not warrant, represent or undertake to provide any updates and in no event shall we be liable to you for our failure to do so.

Third Party Services and Content

We are not a party to any relationship between you and any third party, including, but not limited to, you and your eCommerce platform or you and your customers (your “Customers”), and as such, we have no responsibility to you as regards to your relationships with these third parties. You acknowledge and agree that you have no recourse against us for any acts or omissions of third parties, and your interaction with third parties is entirely at your own risk.

Your use of the Services may rely on services and products which are offered by third parties (“Third Party Services”). We have no responsibility to you for anything third parties do (or fail to do) and we provide no warranties or guarantees about third parties or Third Party Services. Your use of Third Party Services may be subject to specific terms and conditions which are set by those third parties.

We may make third parties’ content and materials (“Third Party Content”) available to you through our websites, such as reviews. Our making available of such Third Party Content does not constitute an endorsement or recommendation, and we are not responsible for any reliance you may place on Third Party Content. We make no warranties or representations as to any Third Party Content and we shall have no liability for it. Any opinions or statements made by third parties are those of such third parties, and do not necessarily state or reflect our views.

You agree that we will have no liability to you with respect to the acts, omissions, errors, representations, warranties, breaches or negligence for any damages or expenses resulting in any manner from your interactions with any: a) third parties; b) Third Party Services; or c) Third Party Content, and we are not obliged to become involved in any disputes you may have with any third parties. If you have a dispute with any third parties, you release Bold and its Others from any direct, indirect, incidental, special, consequential, exemplary or other damages whatsoever, including, without limitation, any direct, indirect, incidental, special, consequential, exemplary or other damages, arising out of or in any way related to such disputes and/or our Services.

Uploaded Content

Some of our Services may permit you to sell or otherwise enable Uploaded Content, which is material that has been uploaded by Content Uploaders. When you sell or otherwise enable Uploaded Content from Content Uploaders, the following rules apply (in addition to all other terms of this Agreement). You grant us a non-exclusive, worldwide, royalty-free, irrevocable, sub-licensable, perpetual licence to use, display, edit, modify, reproduce, distribute, store, and prepare derivative works of Uploaded Content, to provide the Services and to promote the Services, in any formats and through any channels, whether now or later existing (and you represent and warrant that you have obtained the necessary permissions and rights to grant us this licence). You acknowledge that WE HAVE NO LEGAL RELATIONSHIP WITH CONTENT UPLOADERS, and we are not responsible for the Uploaded Content, or anything else related to Content Uploaders. UPLOADED CONTENT AND CONTENT UPLOADERS ARE SOLELY YOUR RESPONSIBILITY. YOU WILL BE RESPONSIBLE FOR ANY LOSSES OR DAMAGES WE SUFFER BECAUSE OF UPLOADED CONTENT OR CONTENT UPLOADERS. Without limiting any other limitation of liability, indemnity or release set out in this Agreement, you agree that we have no liability to you for any losses or damages you might suffer because of Uploaded Content or Content Uploaders. Further, you agree to indemnify and hold harmless Bold and its Others from any claim or demand (including reasonable legal fees, expert fees and other reasonable litigation costs), arising from, incurred as a result of, or in any manner related to, Uploaded Content or Content Uploaders. You represent and warrant that Content Uploaders have the necessary rights (including, without limitation, intellectual property rights) to: a) upload Uploaded Content; and b) enable you to use (including offering for purchase) Uploaded Content, as part of your use of the Services. We do not review Uploaded Content and you are solely responsible for ensuring it complies with this Agreement and all applicable laws.

Disclaimer

The Services and the materials on our website are provided on an as-is, as-available, basis and without warranties of any kind, expressed or implied. By accessing and using the Services and the materials on our website, you acknowledge and agree that such access and use is entirely at your own risk. We make no representation or warranties regarding the use or the results of the Services or the materials on our website (whether provided directly by us or through third parties or our affiliates), including, without limitation, that the Services or materials on our website will be accurate, complete, correct, timely or suitable, that the Services and the materials on our website are of merchantable quality or fit for a particular purpose, that the Services and the materials on our website will be available or uninterrupted at all times or at any particular time, or that the Services and the materials on our website will be free from errors, viruses or other harmful components. To the fullest extent permissible pursuant to applicable law, we disclaim all warranties, express or implied, including, but not limited to, warranties and conditions regarding the use of the Services and the materials on our website, including all implied warranties or conditions of merchantability, fitness for a particular purpose or non-infringement, whether express or implied, or arising from a course of dealing, usage or trade practice. We are not responsible for what others do with any materials or information you choose to share using the Services.

Limitation of Liability

THIS SECTION LIMITS OUR LIABILITY TO YOU. PLEASE READ IT CAREFULLY.

To the maximum extent permitted by law, under no circumstances shall you be entitled to recover any special, incidental, consequential or indirect damages from Bold or its Others, which you may suffer arising out of, caused by, or in connection with, the use, or inability to use, the Services, any inaccuracy, incompleteness or incorrectness contained in the materials displayed, accessed or used as part of the Services, or your reliance or acting upon the materials used as part of the Services, including any loss or damages in the nature of or relating to lost business, lost savings, lost data and/or profits, regardless of the cause and whether arising in contract, tort, in equity, at law or otherwise, and whether or not Bold has or had been advised of the possibility of such losses or damages. Unless otherwise agreed to by you and Bold in writing, under no circumstances shall the liability of Bold and its Others to you, for damages or losses suffered by you arising out of, related to or caused by, the Services, or the use thereof, exceed a maximum equal to the amount actually paid by you for the Services in the three (3) months’ period preceding such losses or damages. You acknowledge and agree that the payments paid by you for the Services reflect the allocation of risk set forth in this Agreement and that Bold would not enter into this Agreement without these limitations on liability.

You agree to release, remise and acquit Bold and its Others from any claims, actions, demands, costs and expenses of any kind whatsoever, whether in contract, negligence or tort, at law or in equity, or by statute or otherwise, howsoever caused, with respect to your use of, or our operation of, the Services, except as may be set out in the preceding paragraph.

Indemnity

You agree to indemnify and hold harmless Bold and its Others from any claim or demand (including reasonable legal fees, expert fees and other reasonable litigation costs), arising from, incurred as a result of, or in any manner related to, your use of the Services, including, but not limited to: a) your breach of this Agreement; b) any misrepresentation made by you to any third party; c) any third party claim in respect of the Services involving or related to your or your Customers’ use of the Services; d) your ability or your Customers’ ability to access and use the Services; or e) your violation of applicable laws, rules or regulations or the rights of any third party.

Cancellation, Termination & Refund Policy

If you breach any provision of this Agreement (as determined by us, in our sole discretion), we may terminate this Agreement and you may no longer use the Services. We may, at any time, and for any reason, with or without cause, and in our sole discretion, immediately suspend or terminate (in whole or in part) your permission to use the Services and this Agreement, all without notice or liability to you or to any other person.

We shall not be responsible for refunding or otherwise paying any funds, amounts or credits that may be owed to you if we have suspended or terminated your permission to use the Services or any part thereof. We reserve the right to cease, suspend or interrupt operation of, or access to, the Services or any part thereof, and we shall not be required to provide any notice in respect of such cessation, suspension or interruption of access, nor shall we have any liability for such cessation, suspension or interruption of access.

While we do not offer any refunds on the Services and all sales are final, you may cancel your subscription(s) at any time for no additional charges. Simply uninstall the app(s) (or other Services) that you no longer want to use and your next invoice will automatically be adjusted to exclude the app(s) (or other Services) you uninstall (provided that, in the case of subscription based Services, your invoice will be adjusted during the first billing cycle after you uninstall the app). If you no longer use any of our apps or Services and you no longer owe us any fees, you won’t receive any further invoices. Upon termination, all payments for Services received pursuant to this Agreement shall become due immediately. Please note that this cancellation policy may not apply to custom developed Services/deliverables which you have engaged us to create/perform for you.

When the Services are terminated by you or by us, for any reason, we will stop providing the Services to you, and you will no longer be able to access your Bold account. You shall uninstall and/or delete any apps or other software you have downloaded from us. The termination of the Services may result in the loss of content which is associated with your account and we are not responsible for storing or providing you copies of such content. Personal data tied to your Bold account will be permanently deleted or anonymized within 60 days of the termination date.

Provisions which, by their nature, should survive termination of this Agreement (including, without limitation, obligations you have to pay or indemnify us, limitations on our liability and any releases of us, terms regarding confidentiality, ownership of intellectual property rights and rules which govern disputes between us), shall survive termination of this Agreement.

Privacy Policy

We are committed to protecting your privacy, in accordance with the terms and conditions of the Bold Privacy Policy. By accessing and continuing to use the Services, including without limitation by registering or creating an account or profile with Bold, and by providing personally identifiable information or personal data to Bold through the Services, you are acknowledging that you have read our Privacy Policy (which sets out how we process personal data, and our legal basis for processing personal data) and that you agree and consent to us processing your personal data to provide the Services to you in accordance with this Agreement and our Privacy Policy. Please ensure that you have reviewed and understand our Privacy Policy before purchasing or subscribing for any Services from us or providing personal data to us.

When you use the Services to transfer your Customers’ personal data to us, you represent and warrant that you have your Customers’ consent to: a) the transfer of such personal data to us; and b) our collection, use, retention, and disclosure of that and other personal data of your Customers, for the purposes which are set out in the Privacy Policy. You further acknowledge and agree that our use of your Customers’ personal data for these purposes is in our capacity as your agent, only.

Confidentiality

We will not sell, share, or rent your personal data to or with any third party.

Your records are regarded as confidential and therefore will not be divulged to any unaffiliated third party, other than our payment gateway in order to process your payment(s), and as is otherwise necessary for the delivery of the Services and/or if legally required to do so, to the appropriate authorities. Further information on the collection, use, retention, and disclosure of personal data is available in our Privacy Policy.

Your Account

You may be required, when you use certain features of the Services, to create an account with us, including a username and password. If we determine the username is in use by someone else or it is otherwise offensive, we may refuse to allow you, in our sole discretion, to use the chosen username. In addition, you are responsible for maintaining the confidentiality of your password and you are responsible for all uses of your username, whether or not you authorize such uses. You agree to notify us immediately of any actual or suspected loss, theft or unauthorized use of your username and password, or your account. We are not responsible for verifying your identity or the identity of anyone who uses your account, and we are not liable for any loss or damage as a result of your failure to protect your password, or as a result of unauthorized use of your username and/or password. You agree that any registration information you provide will be true and accurate, and that you will update it, as is necessary to keep it current. We reserve the right to automatically log you out of your account after such a period of inactivity as we determine is reasonable, in the circumstances.

We care about the security of our users. While we work hard to protect the security of your Uploaded Content, personal data, and account, we cannot guarantee that unauthorized third parties will not be able to defeat our security measures. Please notify us immediately in the event of any actual or suspected breach or unauthorized access or use of your account.

If you are a resident of the European Union: You have the right to delete your account with us by contacting us. If you choose to permanently delete your account, the non-public personal data that we have associated with your account will also be deleted.

Internet Connectivity and Compatible Technology

The availability and functioning of the Services depend on the availability of a properly functioning Internet connection, as well as compatible hardware and software. We are not responsible for ensuring uninterrupted access to the Internet or any charges you incur, in association with your use of the Internet, nor are we responsible for ensuring your hardware and software are compatible with the Services. You acknowledge that your access to and use of the Services may be impaired or prevented by factors beyond our control (such as issues with your computer system or Internet connectivity), and that we are not responsible for any such factors, or their effects. We are not liable for any failure to backup or restore any information or for interruptions, delay or suspension of access to or unavailability of the Services, or any loss of such information, data or transmissions. It is your responsibility to ensure that your data is backed up effectively.

We do not monitor or review the content of other parties’ websites and services which are linked to from this website, nor do we control the availability and content of such websites and services. Opinions expressed or material appearing on such websites are not necessarily shared or endorsed by us and we should not be regarded as the publisher of such opinions or material, nor are we responsible for the accuracy of such opinions or material.

Please be aware that we are not responsible for the privacy practices, or content of third party websites and services. We encourage our users to be aware when they leave our website, and to read the terms of use and privacy statements of the websites that they may link to or access. You should evaluate the security and trustworthiness of any other website connected to our website or accessed through our website yourself, before disclosing any personal data to it. Bold will not accept any responsibility for any loss or damage in whatever manner, howsoever caused, resulting from your disclosure to third parties of personal data.

Acceptable Use

Without limiting anything else in this Agreement, you must not use (or cause or permit to be used) this website or the Services:

  • in any way that causes, or may cause, damage to our website or the Services, or impairment of the availability or accessibility of our website or the Services;
  • in any way which is unlawful, illegal, fraudulent or harmful, or in connection with any unlawful, illegal, fraudulent or harmful purpose or activity;
  • to post, transmit, or otherwise make available any material that is or may be: (a) threatening, harassing, degrading, hateful, or intimidating; (b) defamatory; (c) fraudulent or tortious; (d) obscene, indecent, pornographic, or otherwise objectionable; or (e) non-compliant with applicable privacy legislation or an infringement of another person’s privacy, including without limitation by disclosing the personal data of another individual without their knowledge and consent;
  • to post, transmit, or otherwise make available, any material that may violate: a) our proprietary rights; or b) the proprietary rights of any third party, including, without limitation, copyrighted software, photographs, texts, videos or artwork or any moral rights associated therewith;
  • for any commercial purposes other than those which are expressly set out in this Agreement;
  • to copy, store, host, transmit, send, use, publish or distribute any material which consists of (or is linked to) any spyware, computer virus, Trojan horse, worm, keystroke logger, rootkit or other malicious computer software;
  • to conduct any systematic or automated data collection activities (including, without limitation, scraping, data mining, data extraction and data harvesting) on or in relation to this website without our prior express written consent;
  • to impersonate any person or entity or misrepresent your affiliation with any other person or entity;
  • to engage in spamming, flooding, harvesting of email addresses or other personal information, spidering, “screen scraping”, “database scraping”, or any other activity with the purpose of obtaining lists of users or other information (including any activity which involves accessing or using the Services for purposes which are unrelated to the Services);
  • to attempt to gain (or gain) unauthorized access to other computer systems through the Services, or to obtain or attempt to obtain any materials or information through any means not intentionally made available or provided for through the Services;
  • in a manner that is disrespectful toward Bold employees, which may involve actions, words or physical gestures that could reasonably be perceived to be the cause of the employee’s distress or discomfort; or
  • in a manner which is otherwise contrary to this Agreement.

Any use of the Services which is contrary to the terms of this Agreement may result in the immediate termination of this Agreement and your use of the Services, by us.

International Terms

If you are not a Canadian resident and you are accessing our Services from outside of Canada, you agree to transfer certain information outside your home country to us, and that you will follow all the laws that apply to you.

We provide our Services outside of Canada; however, our servers and operations are located primarily in Canada (and, in the case of our servers, Canada, the European Union, and the United States), and our policies and procedures are based primarily on Canadian law. Because of this, the following provisions apply specifically to users located outside of Canada: (i) you consent to the transfer, storage, and processing of your information, including but not limited to Uploaded Content and any personal data, to and in Canada and/or other countries; and (ii) you agree to comply with all local laws, rules, and regulations including, without limitation, all laws, rules, and regulations in effect in the country in which you reside and the country from which you access the Services. The Services are not intended for distribution to, or use by, any person or entity in any jurisdiction or country where such distribution or use would be contrary to law or regulation.

Miscellaneous

We are physically located within the Province of Manitoba, Canada. This Agreement will be governed by the laws of the Province of Manitoba and the laws of Canada applicable therein and shall be treated in all respects as a Manitoba contract, without reference to the principles of conflicts of law. In the event of a dispute, you agree to submit to the exclusive jurisdiction of Manitoba’ s courts.

Your use of the Services may also be subject to other local, state, provincial, national or international laws and the use of the Services may be prohibited by law in some jurisdictions. By using the Services you certify that the laws of the jurisdiction in which you are using the Services, permit the use of it, and you are responsible for complying with all local laws in your jurisdiction. If the laws which apply to your use of the Services would prohibit the enforceability of this Agreement, or impose any additional burdens on us, or confer to you rights which are materially different than those granted to you under this Agreement, you are not authorized to use the Services and you agree to remove them from any computer or other device on which they may be installed.

We expressly exclude the United Nations Convention on Contracts for the International Sale of Goods and The International Sale of Goods Act (Manitoba), C.C.S.M. c. S11, as amended, replaced or re-enacted from time to time.

You agree to waive any right you may have to: a) a trial by jury; and b) commence or participate in any class action against us related to your use of the Services, the exchange of electronic documents between us or this Agreement and, where applicable, you also agree to opt out of any class action proceedings against us.

The Services offered by Bold are directed towards and designed for the use of persons above the age of majority in their respective province, state, or country. Persons under the age of majority are not permitted to use the Services on their own, and Bold will not approve applications of, or establish, or maintain accounts or memberships for any persons below their respective region’s age of majority.

If you are younger than 18, you may use the Services under the supervision of a parent or legal guardian. Otherwise, you must be 18 or older to use the Services and in no circumstances shall people under the age of majority in your state, province, or country, use the Services. Use of the Services by anyone under 13 years of age is strictly prohibited.

The parties hereto have required that this Agreement and all documents relating thereto be drawn up in English. Nous avons demandé que cette convention ainsi que tous les documents qui s’ y rattachent soient rédigés en anglais.

Words importing the singular include the plural and vice versa; and words importing gender include all genders, including the neuter gender, as the context may require.

We will not be liable for the failure or delay in our performance of our obligations under this Agreement due to any cause beyond our reasonable control, including, but not limited to: a) acts of God; or b) failure or disruptions in third-party-controlled or operated communications facilities; or c) worms, viruses and other disabling or disruptive software, communications or files.

Our failure to exercise or enforce any right or provision of this Agreement shall not constitute a waiver of such right or provision. If any provision of these terms shall be unlawful, void, or for any reason unenforceable, then that provision shall be deemed severable from these terms and shall not affect the validity and enforceability of any remaining provisions. We may assign this Agreement without restriction. You may not assign your rights under this Agreement without our prior written permission and any attempt by you to do so shall be void. This Agreement is binding on you and us, and your and our respective successors (including any successor by reason of amalgamation of any party), heirs, legal representatives and permitted assigns, as the case may be.

Communication

When you visit our website, use the Services or send emails to us, you are communicating with us electronically. We may communicate with you by email or by posting notices on our website. You agree that all agreements, notices, disclosures and other communications that we provide to you electronically, satisfy any legal requirement that such communications be in writing and/or signed.

You are not required to agree to receive promotional messages from us as a condition of using the Services. However, by electing to submit your contact information to us and agreeing to this Agreement, you agree to receive certain communications from Bold. These communications may include, for example, operational communications concerning your account or use of the Services, updates concerning new and existing features of the Services or Bold websites, and promotional communications concerning promotions run by us or third parties, and news relating to the Services and industry developments. If you wish to stop receiving promotional communications from us, follow the instructions we provide in the communication for that category of communication.

All notices given by you to us, must be given to us at the address set out below or by email to [email protected]. We may give notice to you at the email or mailing address you provide to us when you place an order with us, or register to use the Services, or by way of a general posting on our website. Notice will be deemed to be received immediately when posted on our website, twenty-four (24) hours after an email is sent and three (3) days after a letter is posted. In proving the service of any notice, it will be sufficient to prove, in the case of a letter, that such letter was properly addressed, stamped and placed in the post. In the case of an email, notice will be proved by showing the email was sent to the specified email address of the recipient of the notice.

Our contact information can be found on our Contact Us link on our website.

Bold is registered in Winnipeg, Manitoba, Canada, registered office: 50 Fultz Blvd., R3Y 0L6.

Our Privacy Policy

Protecting your privacy is important to Bold Innovation Group LTD.

Last updated: October 1, 2020

Purpose

Protecting your privacy is important to Bold Innovation Group LTD. (“Bold Commerce”)

Bold Commerce provides services and develops software to help merchants sell better or more efficiently online through various platforms, such as Shopify. Bold Commerce has adopted this Privacy Policy (“Privacy Policy”) to guide you through the collection, use, retention, and disclosure of Personally Identifiable Information (“Personal Data”, as further described below) that you may provide while using Bold Commerce websites, apps, and services in connection with these platforms (collectively referred to as “Services”). A list of our apps is available on our website. Bold Commerce encourages you to read this Privacy Policy, as well as our Terms and Conditions of Use, in order to understand how we collect and process Personal Data in the course of providing the Services and your interaction with the Services.

By using the Services, you consent to the collection, use, retention, and disclosure of your Personal Data for processing as described in, and subject to the limitations set out in this Privacy Policy.

Note to Residents of the European Union and California: In order to comply with the requirements of the European General Data Protection Regulation (GDPR) for our European users, and California Consumer Privacy Act (CCPA), this Privacy Policy outlines the legal basis on which we process your Personal Data and provides other information required by the GDPR & CCPA.

Personal Data

Personal Data is any information that would identify a person directly, or indirectly in combination with data from other sources. For example, a full name, home or work address, phone number, national identification number (SSN, SIN, etc.), email address, banking details, IP address, biometric data, usage data, or any information that may individually identify a person.

Bold Commerce may collect Personal Data including without limitation your name, shipping and billing addresses, phone number, email address, payment information, IP address, and device identifiers and/or geolocation information, in the course of its Services, and may use or disclose that Personal Data as described in this Privacy Policy.

Bold Commerce may also create de-identified or anonymized data from Personal Data by excluding data components (such as your name, email address, etc.) that makes the data able to personally identify you, through obfuscation, or through other means. In addition, Bold Commerce may collect and use aggregated, anonymous information to provide data about the Services to advertisers, potential business partners and other unaffiliated entities. As this information does not identify a person, and is therefore not Personal Data, Bold Commerce’s use of such aggregated, anonymized and/or de-identified data is not subject to this Privacy Policy.

If you use a Bold Commerce website, or conduct a transaction through a Bold Commerce Service where Personal Data is essential, your consent is implied to collect and use your Personal Data to facilitate that use or complete that transaction requested or initiated by you only. Examples of instances in which Personal Data may be collected by Bold Commerce are, without limitation:

  • When you install a Bold Commerce App,
  • If you make or return a purchase through a merchant who uses a Bold Commerce App,
  • When you access and navigate a Bold Commerce website, or engage in communication and/or business transactions with Bold Commerce Professional Services, Managed Services, Client Success, or any other Bold Commerce entity,
  • If you knowingly submit Personal Data through a Bold Commerce website for the purpose of registering for a service, a contest, or authentication.

During these instances, we may collect data such as, but not restricted to: areas of the Services or Bold Commerce websites you visit, transaction type(s) you engage in or request (and amounts thereof), content you view, your IP address, data downloaded or submitted by you, payment information provided by you, shipping and billing information entered by you, as well as the nature, quantity and price of the goods or services you exchange and the individuals or entities with whom you communicate or transact business using the Services.

In the event Bold Commerce requests Personal Data for scenarios independent of the above, such as marketing-related questions via questionnaires, surveys, and profile data, it will include a specific consent request. The consent request will include a clear purpose and goal for the collection of Personal Data, along with a means of withdrawing consent. In these scenarios, we may ask for data such as, but not limited to: your contact information (name, telephone numbers, email address, mailing address), date of birth, product and/or cosmetic concerns, which brands and products you use, user authentication and security information (e.g. username and password).

If at any point you wish to withdraw consent to Personal Data collection, please contact Bold Commerce via the Contact & Questions area at the bottom of this Privacy Policy. Please note that certain Services may only be able to be offered or provided to you if you disclose the Personal Data necessary to facilitate those Services, and therefore Bold Commerce may not be able to provide you with certain Services in the event that you choose not to disclose that Personal Data to Bold Commerce.

The Services offered by Bold Commerce are directed towards and designed for the use of persons above the age of majority in your province, state, or country. Persons under the age of majority are not permitted to use the Services on their own, and Bold Commerce will not approve applications of, or establish, or maintain accounts or memberships for, any persons below their respective region’s age of majority.

Bold Commerce does not solicit or knowingly collect Personal Data from persons below the age of majority of their region. If we discover we have received Personal Data of a person below the age of majority, we will delete such information from our systems. Additionally, if a parent or legal guardian believes that Personal Data regarding a minor in their care has been provided to Bold Commerce, they may request the minor’s information be corrected or deleted by contacting Bold Commerce Privacy Officer via the Contact & Questions area at the bottom of this Privacy Policy.

Anonymous Information

When you interact with a Bold Commerce Service, similar to most other websites, apps, and online services, certain anonymous technical information about your visit is automatically logged and collected by Bold Commerce. This may include information about the type of browser you use, operating system, the date and time you access the Service, the links you accessed while using the Service, and the internet address of the website, if any, which linked directly to the Bold Commerce Service. This information is used for system administration purposes such as diagnosing problems with Bold Commerce’s Services, servers and websites, compiling aggregated and statistical information, and to improve the operation and content of Bold Commerce’s websites and Services. It is not personally identifiable, and is not considered Personal Data and subject to this Privacy Policy.

Personal Data Use

Bold Commerce may use collected Personal Data for such purposes as:

  • Helping to establish and verify the identity of users, and to keep user accounts secure,
  • Opening, maintaining, administering and servicing users’ accounts or memberships,
  • Providing Services and support to users,
  • Improving Bold Commerce’s websites, including tailoring its websites to users’ preferences,
  • Providing users with product or Service updates, promotional notices and offers, and other information about Bold Commerce and its affiliates,
  • Corresponding with you, and responding to your questions, inquiries, comments, and instructions,
  • Maintaining the security and integrity of Bold Commerce systems, and,
  • Complying with applicable laws.

Once collected, Bold Commerce will store and process your Personal Data in secure locations. Bold Commerce may transmit data outside of Canada for the purposes of processing and executing transactions related to the Services, or for the purpose of executing transactions on behalf of merchants that have installed and make use of Bold Commerce Apps in connection with their online stores. Where this transmission occurs, the security measures outlined in this Privacy Policy will continue to apply.

Personal Data will only be retained by Bold Commerce for the length of time required to fulfill the purpose or complete the transaction for which it was collected, or as may be required by law. Beyond that point, Personal Data in the possession or control of Bold Commerce will be anonymized or securely destroyed.

This section addresses the legal basis for processing your Personal Data if you reside outside of Canada and in the European Economic Area (within Canada, you typically provide consent when you receive notice of this Privacy Policy in (or via) a website link or mobile app).

Lawful Basis for Processing

Data protection law in the European Union requires a “lawful basis” for collecting and retaining Personal Data from citizens or residents of the European Economic Area. Bold Commerce collects and processes your Personal Data for a variety of purposes outlined in this Privacy Policy. In certain cases, separate consent to this processing is not required, including:

  • For the performance of a contract: To perform our contractual obligations to you, including account registration, fulfilling orders or purchases you have made (including processing of payment), contacting you in relation to any issues with your order, in relation to the provision of the Services, where Bold Commerce needs to provide your Personal Data to our service providers to provide the Services, or to aggregate and centralize data for the performance of the Services.
  • To meet legal obligations: To comply with laws, regulations, court orders, or other legal obligations or to assist in an investigation.
  • For legitimate interests: To operate Bold Commerce’s business and provide the Services, other than in performing our contractual obligations to you, except where overridden by the interests or fundamental rights and freedoms that require protection of Personal Data. For example, the following areas include processing permitted due to legitimate interests:
  • Communication. To communicate with you regarding the Services, including to provide you important notices regarding changes to Bold Commerce’s Terms of Use, and also to address your requests, inquiries, and complaints. Bold Commerce may send strictly necessary communications, including emails, even if you have opted out of receiving other Bold Commerce emails or communications. These types of communications do not require consent. Bold Commerce also processes your Personal Data for our legitimate interests when you communicate with us, including when you sign up for promotional materials and Bold Commerce has not asked you for your consent in that regard.
  • Respond to Your Requests. To respond to your requests for technical support, online services, product information or to any other communication you initiate. This includes accessing your account to address technical support requests.
  • Promotional Messages. Bold Commerce processes your non-sensitive Personal Data to provide you with promotional messages, including when you communicate with Bold Commerce or sign up for promotional materials, when you participate in special activities, offers, or programs, when we aggregate and centralize data, and when we share Personal Data with our service providers and vendors.
  • Surveys. To send you surveys in connection with our Services, unless commercial in nature. In those cases, a survey request may be sent to you if you have given Bold Commerce your consent to receive marketing from us.
  • Compliance with Law and Public Safety. To assist in the investigation of suspected illegal or wrongful activity, including sharing information with other entities for fraud, loss, and crime prevention purposes. To protect and defend Bold Commerce’s rights and property, or the rights or safety of third parties.
  • Improvement and Development. To develop, provide, enhance, and improve Bold Commerce Services and your experience, including to enable you to use the full range of our Services. For internal purposes related to certain research, analytics, innovation, testing, monitoring, customer communication, risk management, and administrative purposes.
  • Enforcing Terms and Notice. To enforce Bold Commerce’s Terms of Use or this Privacy Policy, or agreements with third parties.
  • Merger or Acquisition (Note that certain country/region-specific disclosures may also apply, depending upon the jurisdiction in which you reside). To support a contemplated reorganization or an actual reorganization of Bold Commerce’s business, in connection with financing, a sale, or other transaction involving the disposal of all or part of our business or assets, including for the purpose of permitting the due diligence required to decide whether to proceed with a transaction.

In some cases, Bold Commerce will ask for your consent to process your Personal Data. You may indicate your consent in a number of ways, including, as may be presented by Bold Commerce and permitted by law, ticking a box (or equivalent action) to indicate your consent when providing us with your Personal Data through our Services or a form, or registering or creating an account with us. Note that certain country/region-specific rules regarding consent may also apply, depending upon the jurisdiction in which you reside.

Security

Bold Commerce maintains reasonable physical, technical, and administrative security measures to minimize the risk of unauthorized loss, theft, copying, misuse, access, disclosure, alteration, or destruction of your Personal Data.

If transactions are offered as part of a Bold Commerce Service, transaction information is transmitted to and from Bold Commerce in encrypted form using industry-standard Secure Socket Layer (SSL) connections to help protect such information, including Personal Data transmitted in the course of these transactions, from interception.

Bold Commerce also restricts access to your Personal Information to only those persons who have a legitimate business need or legal requirement to view it in connection with the Services. You, as a Personal Data owner, may also authorize any persons you may choose to have access to your Personal Data.

Although Bold Commerce does utilize security measures appropriate to the level of risk, no method of data transfer or storage on the internet is 100% secure and security risks cannot be eliminated entirely. As such, Bold Commerce cannot guarantee perfect security, integrity, or confidentiality of Personal Data.

Bold Commerce maintains a security incident response protocol to be put in place in the event that the security of your Personal Data in the possession or control of Bold Commerce is compromised. In the event of a data breach or security incident involving the Services, Bold Commerce will apply this protocol to enable Bold Commerce to effectively and efficiently respond to, and contain, the breach or incident. Bold Commerce may also seek to notify you in such an event. If notification is appropriate or required, Bold Commerce may notify you by email, messaging to your device, or other reasonable means.

Disclosure of Personal Data

Bold Commerce does not provide Personal Data to unaffiliated third parties for their use in marketing directly to you. We may use unaffiliated companies, or trusted third party service providers, to help maintain and operate our Services for reasons related to our business operations and to better serve you, and those companies may receive your Personal Data for that purpose. For example, Bold may use third party payment processor services in connection with the Services and its websites, and the payment information that you provide to Bold Commerce may be disclosed to and used by these payment processors for the purposes of completing and executing transactions requested or initiated by you. When Bold Commerce shares Personal Data with third-party services that support our delivery of the Services, we require that they use your Personal Data only for the purposes we’ve authorized, and that they protect your Personal Data to at least the same standards used by Bold Commerce.

As part of agreements with merchants who have installed Bold Commerce Apps and the execution of transactions on behalf of merchants that make use of Bold Commerce Apps in connection with their online stores, we may disclose Personal Data which has been collected by us that is specific to that merchant’s store and your transactions in connection therewith.

Bold Commerce may also disclose Personal Data about you in connection with legal requirements, such as in response to an authorized subpoena, governmental request or investigation, or as otherwise permitted by applicable law (including, without limitation, to prevent fraud or abuse, or to protect Bold Commerce’s legal rights, property, or the safety of Bold Commerce, its employees, users or others).

Finally, as Bold Commerce’s business develops, it may sell or buy corporate assets, and in such transactions Personal Data may be one of the transferred business assets. If Bold Commerce, its internet businesses, or substantially all of its shares or assets, is acquired or an acquisition is contemplated, Personal Data may be one of the assets assessed or transferred in connection with that transaction.

If you believe your Personal Data has been disclosed other than as described in this Privacy Policy, please contact Bold Commerce via the Contact & Questions area at the bottom of this Privacy Policy.

Transfers of Your Personal Data to Other Countries

The Personal Data Bold Commerce processes, and associated Services and systems, may be housed on servers in various locations where Bold Commerce maintains servers or facilities, including Canada, the United States, and the EU. Please be aware that Personal Data we collect may be processed and stored in one or more of these locations. The data protection and privacy laws in these locations may offer a different level of protection than in your country/region, however, as noted earlier in this Privacy Policy, Bold Commerce takes steps, including through contracts, intended to ensure that the Personal Data it collects continues to be protected wherever it is located in a manner consistent with the standards of protection required under applicable law.

Where Personal Data is transferred from the European Economic Area to a country that has not received an adequacy decision by the European Commission, Bold Commerce relies on appropriate safeguards, such as for example the European Commission-approved Standard Contractual Clauses and EU-U.S. Privacy Shield Frameworks, to transfer the Personal Data.

By using our Services and submitting your Personal Data, you agree to the transfer, storage, and/or processing of your Personal Data in the locations contemplated above. Where and as required, we will seek your explicit consent as outlined in this Privacy Policy.

“Cookies” and Advertisers

The Bold Commerce websites, or the third-party companies used to host, operate, or maintain these websites, may place a “cookie” on your computer in order to allow you to use these websites and to personalize your experience.

A “cookie” is a small piece of data, or an alphanumeric identifier, that can be sent by a web server to your computer or device, which then may be stored by your browser on your computer or device. Cookies allow Bold Commerce to recognize your computer or device while you are on our websites and help customize your online experience and make it more convenient for you. Cookies are also useful in allowing more efficient log-in for users, tracking transaction histories, and preserving information between browsing sessions. The information collected from cookies may also be used to improve website functionality.

The advertisers and/or other content providers that may appear on Bold Commerce websites may also use cookies that are not sent by Bold Commerce. Such ads or content may contain cookies that help track and target the interests of users of our websites in order to present “personalized” advertisements or other messages that the user might find interesting. Bold Commerce is not responsible for any such cookies.

Most web browsers have features that can notify you when you receive a cookie or prevent cookies from being sent. If you disable cookies, however, you may not be able to use certain personalized functions of Bold Commerce websites.

Rights with Respect to Personal Data

Bold Commerce is committed to ensuring you retain full access to and control of your Personal Data. To that end, we endeavor to respect your right to be informed regarding the collection, use and disclosure of Personal Data, and your right of correction and access to it, via this Privacy Policy.

If you would like to access, correct, remove, request a copy of, withdraw consent to collection of your Personal Data, or are looking for any additional information on how your Personal Data may be collected, used or disclosed by Bold Commerce, please contact Bold Commerce via the Contact & Questions area at the bottom of this Privacy Policy. Subject to certain exceptions and limitations that may be prescribed by applicable law, you will be provided with reasonable access to your Personal Data, and will be entitled to have it amended or corrected as appropriate.

In certain circumstances, you may have the right to have your Personal Data, or certain components of your Personal Data, erased by Bold Commerce, to have your Personal Data moved, copy or transmitted from Bold Commerce’s systems to other systems, or to object to or restrict certain processing of your Personal Data by Bold Commerce. In the event that you wish to inquire about, or seek to exercise any of these rights (as they may be applicable), please contact Bold Commerce.

European Economic Area and the United Kingdom

Subject to applicable law, if you are a citizen or resident of the European Economic Area or the United Kingdom you have certain statutory rights in relation to your Personal Data. Subject to any exemptions provided by law, you may have the right to request access to Information, as well as to seek to update, delete or correct this Information. You can usually do this by contacting Bold Commerce in accordance with the Contact & Questions area at the bottom of this Privacy Policy.

To the extent that Bold’s processing of your Personal Data is subject to the General Data Protection Regulation, (or applicable laws covering the processing of Personal Data in the United Kingdom), Bold relies on its legitimate interests, described above, to process your data. Bold may also process other information that constitutes your Personal Data for direct marketing purposes, and you have a right to object to Bold’s use of your Personal Data for this purpose at any time.

If you are a customer of a merchant who uses Bold’s Apps and wish to exercise these rights, please contact the merchants you interacted with directly – we serve as a processor on their behalf, and can only forward your request to them to allow them to respond.

If you are unhappy with the response that you receive from us, we hope that you would contact us to resolve the issue but you also have the right to lodge a complaint with the relevant data protection authority in your jurisdiction at any time. Please visit here for more information including our data protection addendum.

California Privacy Rights

This section provides additional details about California consumers and the rights afforded to them under the California Consumer Privacy Act or (“CCPA”). If you need to access this notice in an alternative format, please contact us via the method in Contact & Questions section below.

Under CCPA “Personal Information” is defined as anything that identifies, relates to, describes or is capable of being associated with or could reasonably be linked, directly or indirectly, with a particular California consumer of household. For more details about the Personal Information we have collected over the last 12 months, including the categories of sources, please see the Personal Data and Consent and Collection of Personal Data section above. We collect this information for the business and commercial purposes described in the Personal Data Use section above. We share this information with the categories of third parties described in there. Bold does not sell (as such term is defined in the CCPA) the personal information we collect (and will not sell it without providing a right to opt out). Please note that we may use third-party cookies for our advertising purposes as further described in our Cookies and Advertising section above.

The CCPA requires opt-in consent to information use for minors under the age of 16 and verified parental consent for children under the age of 13. We do not knowingly collect or process the information of children.

Subject to certain limitations, the CCPA provides California consumers the right to request, free of charge, to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), to delete their personal information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.

California consumers may make a request pursuant to their rights under the CCPA by contacting us at [email protected]. We will verify your request using the information associated with your account, including email address. Government identification may be required. Consumers can also designate an authorized agent to exercise these rights on their behalf.

Bold Commerce Services may contain links to other websites, apps, or services, including those of advertisers or third-party content providers who offer downloads as part of a Bold Commerce Service. Bold Commerce is not responsible for the privacy practices or the content of other websites, apps, or services. We encourage you to read the Privacy Policies published by such third parties before divulging your Personal Data to them.

Changes to this Privacy Policy

Bold Commerce reserves the right to modify or supplement this Privacy Policy in its discretion, at any time. If a material change to the terms of this Privacy Policy is made, we will post a notice to our Blog and a link to the new or amended Privacy Policy. The collection, use and disclosure of your Personal Data by Bold Commerce will be governed by the version of this Privacy Policy in effect at that time. Your continued use of Bold Commerce’s websites and/or Services subsequent to any changes to this Privacy Policy will indicate your consent to the collection, use and disclosure of your Personal Data in accordance with the amended Privacy Policy.

Contact & Questions

If you have any questions or comments regarding this Privacy Policy or any aspects of Bold Commerce Services, please contact Bold Commerce at [email protected].

VeraSafe has been appointed as the European Union representative for Bold Commerce related to data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. On matters related to the processing of personal data, VeraSafe can be contacted in addition to the Bold Commerce Privacy Officer at [email protected]. To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative

Alternatively, VeraSafe can be contacted at:

VeraSafe Czech Republic s.r.o
Klimentská 46
Prague 1, 11002
Czech Republic

VeraSafe Ireland Lt
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland

VeraSafe Netherlands BV
Keizersgracht 391 A
1016 EJ Amsterdam
The Netherlands

API License Agreement

Last updated: October 1, 2020

BY DOWNLOADING, INSTALLING, ACCESSING OR USING THE BOLD INNOVATION GROUP LTD. API, YOU AGREE TO THIS API LICENSE AGREEMENT (“API LICENCE”) WITH BOLD INNOVATION GROUP LTD. AND ITS AFFILIATES (“BOLD”, “WE”, “OUR” OR “US”). IF YOU ARE ENTERING INTO THIS API LICENCE ON BEHALF OF A COMPANY, ORGANIZATION OR ANOTHER LEGAL ENTITY (AN “ENTITY”), YOU ARE AGREEING TO THIS API LICENCE FOR THAT ENTITY AND REPRESENTING TO US THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THIS API LICENCE, IN WHICH CASE THE TERMS “LICENSEE”, “YOU”, OR “YOUR” SHALL REFER TO SUCH ENTITY AND ITS AFFILIATES. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THIS API LICENCE, YOU MUST NOT ACCEPT THIS API LICENCE AND MAY NOT ACCESS NOR USE THE API.

1. Definitions.

(a) “API” means the application programming interface and any API Documentation or other API materials made available by Bold.

(b) “API Documentation” means the API documentation described at www.developers.boldcommerce.com from time to time.

(c) “API Key” means the security key Bold makes available for you to access the API.

(d) “Bold Marks” means Bold’s proprietary trademarks, trade names, branding, or logos made available for use in connection with the API pursuant to this API LICENCE.

(e) “Bold Offering” means the technology and application software made available by Bold on a hosted basis as listed and described at www.boldcommerce.com.

(f) “Your Applications” means any software applications or websites developed by you to interact with the API.

2. Licence Grants.

Subject to and conditioned on your compliance with all terms and conditions set forth in this API Licence and our Terms of Service available on our website, we hereby grant you a limited, revocable, non-exclusive, non-transferable, non-sublicensable licence during the term of the API Licence to: (a) use the API solely for your internal business purposes in developing Your Applications that will communicate and interoperate with the Bold Offering; and (b) display certain Bold Marks in compliance with usage guidelines that we may specify from time to time solely in connection with the use of the API and the Applications. You acknowledge that there are no implied licences granted under this API Licence. We reserve all rights that are not expressly granted. You may not use the API or any Bold Mark for any other purpose without our prior written consent. Where applicable, you must obtain an API Key through the registration process to use and access the API. You may not share your API Key with any third party, must keep your API Key and all log-in information secure, and must use the API Key as your sole means of accessing the API. Your API Key may be revoked at any time by us.

3. Use Restrictions.

Except as expressly authorized under this API Licence, you may not:

(a) copy, modify, or create derivative works of the API, in whole or in part;

(b) rent, lease, lend, sell, license, sublicense, assign, distribute, publish, transfer, or otherwise make available the API;

(c) reverse engineer, disassemble, decompile, decode, adapt, or otherwise attempt to derive or gain access to any software component of the API, in whole or in part;

(d) remove any proprietary notices from the API;

(e) use the API in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right or other right of any person, or that violates any applicable law;

(f) combine or integrate the API with any software, technology, services, or materials not authorized by Bold;

(g) design or permit Your Applications to disable, override, or otherwise interfere with any Bold-implemented communications to end users, consent screens, user settings, alerts, warning, or the like;

(h) use the API in any of Your Applications to replicate or attempt to replace the user experience of the Bold Offering; or

(i) attempt to cloak or conceal your identity or the identity of Your Applications when requesting authorization to use the API.

You will comply with all terms and conditions of this API Licence, all applicable laws, rules, and regulations, and all guidelines, standards, and requirements that may be posted on www.boldcommerce.com from time to time. In addition, you will not use the API in connection with or to promote any products, services, or materials that constitute, promote, or are used primarily for the purpose of dealing in spyware, adware, or other malicious programs or code, counterfeit goods, items subject to Canadian embargo, unsolicited mass distribution of email (“spam”), unconsented to commercial electronic messages (CEMs), multi-level marketing proposals, hate materials, hacking, surveillance, interception, or descrambling equipment, libelous, defamatory, obscene, pornographic, abusive, or otherwise offensive content, stolen products, and items used for theft, hazardous materials, or any illegal activities.

4. Collection and Use of Your Information.

We may collect certain information through the API or the Licensor Offering about you or any of your employees, contractors, or agents. By 3accessing, using, and providing information to or through the API or the Bold Offering, you consent to all actions taken by us with respect to your information in compliance with the then-current version of our privacy policy and data protection requirements, available at www.boldcommerce.com/legal#our-privacy-policy, and all applicable privacy and data security laws, rules and regulations.

5. Term and Termination.

The term of this API Licence commences when you access the API and will continue in effect until terminated as set forth in this Section. We may immediately terminate or suspend this API Licence, any rights granted herein, and/or your licences under this API Licence, in our sole discretion at any time and for any reason, by providing notice to you or revoking access to the API and Bold Trademarks. In addition, this API Licence will terminate immediately and automatically without any notice if you violate any of the terms and conditions of this API Licence. You may terminate this API Licence at any time by ceasing your access to and use of the API and Bold Trademarks. Upon termination of this API Licence for any reason, all licences and rights granted to you under this API Licence will also terminate and you must cease using, destroy, and permanently erase from all devices and systems you directly or indirectly control all copies of the API and Bold Trademarks. Any terms that by their nature are intended to continue beyond the termination or expiration of this API Licence will survive termination. Termination will not limit any of Bold’s rights or remedies at law or in equity.

6. Entire API Licence.

This API Licence, together with the Bold Terms of Service found at www.boldcommerce.com/legal#terms-of-service, the Bold Privacy Policy found at www.boldcommerce.com/legal#our-privacy-policy, and all guidelines and other documents linked or otherwise incorporated or referenced herein, set forth the entire agreement and supersedes any and all prior agreements, written or oral, of the parties with respect to the subject matter hereof. Either party’s failure to enforce at any time any provision of this Agreement does not constitute a waiver of that provision or of any other provision of this Agreement.

Our contact information can be found on our website at www.boldcommerce.com.

The registered head office for Bold is located at 50 Fultz Boulevard, Winnipeg, Manitoba, Canada, R3Y 0L6.

GDPR Compliance

Protecting your privacy is important to Bold Innovation Group LTD.

At Bold Commerce, we take the protection and handling of personal information very seriously.

We do this not only because of legal requirements, but because we hold integrity as one of our core company values.

Making sure that merchants (and their customers) can trust that our team will keep their personal and financial information safe is vital, and frankly, something we obsess over each and every day.

What is GDPR?

The General Data Protection Regulation (GDPR) creates a new set of legal requirements that aim to better protect the personal data of residents of the European Union. This includes more stringent rules on how and where data can be disclosed, stored, and processed.

To help our merchants be confident that Bold takes data security seriously, we’ve compiled a list of things we’ve done that help us meet the high standards set by the GDPR, including:

  • Updating our Privacy Statement
  • Consent and Lawful Basis for Processing
  • Data Subject Rights
  • Data Processing Addendum

Privacy Statement

We’ve updated our Privacy Statement to explain how we handle your data and who might access it in plain language, so it’s easy to understand.

This document is important because it explains how we enable and facilitate Rights for Data Subjects, including requests for access, deletion, and modification.

As a Merchant, it’s important for you to familiarize yourself with this document so that you can effectively handle inquiries from your customers.

The Lawful Basis for Processing represent the six reasons a company may be allowed to process a user’s personal data.

Bold acts as both a Data Controller and Processor in some circumstances, as defined under the GDPR, and these scenarios are described in our updated Privacy Statement.

We have implied consent to process a Merchant’s personal data when installing one of our apps, or submitting a form indicating interest in Bold services (such as a quote request for our Professional Services, or a pre-sales support request).

In some other cases, we might have expressed consent to process your data. In our case, this would happen if you sign up to our email list: we tell you what you’re signing up for in plain English.

We also act as a Data Processor when you install one of our apps.

A Processor takes personal data on behalf of a Controller and acts on it as the Controller has requested. In Bold’s case, we process the personal data of our Merchant’s Customers to help facilitate a transaction between the Merchant and Customer. For example, our Recurring Orders app reads Shopify customer and order data to be able to generate and report on purchased subscriptions.

Protection of Personal Data

We’ve completed an audit of our physical, technical, and administrative security measures to make sure we can be confident that personal data we’re entrusted with is kept safe.

One important outcome of this audit was the minimization and redaction of information that could potentially be used to identify someone personally. The best way to avoid a data breach is to not have that data in the first place; we’ve instituted policies to ensure that we only keep customer (or merchant) information for as long as is reasonable and necessary. At Bold, this means that customer personal data is redacted after a merchant uninstalls one of our apps.

A Data Protection Impact Analysis helps us assess the risk that apps, services and features could pose to an user’s personal data. This process is undertaken as we develop new services and functionality to make sure we’re building with privacy in mind.

We’ve also reviewed processes of teams across the company to make sure we’re handling personal data in a way that meets the high standards set by the GDPR.

One of our biggest undertakings has been to work with every single vendor or processor used by our team that could potentially come in contact with personal data. This includes server hosts, support ticketing software, blog providers, and everything in between. We’ve made sure they also meet the requirements set out by the GDPR, and where they aren’t able to do this we’ve found alternatives or discontinued the relationships altogether. We’ve signed Data Processing Agreements (or Addendums, where appropriate) to ensure the transfer of this data to countries without adequate privacy laws (as determined by the European Commission) is done safely.

Multiple sessions have also been held with every single member of our staff to ensure that all are educated on their legal obligations as it pertains to personal data, and to ensure their commitment to the ideals of privacy and respect for personal data being at the core of working alongside Merchants.

Data Subject Rights

One of the most relevant components of the GDPR to citizens is the Data Subject’s Rights. A set of rights granting people the ability to exercise control over their personal data. The three most relevant ones to you as an eCommerce entrepreneur are likely the right of access, the right to rectification, and the right of erasure.

Right of Access

The right of access allows a Data Subject (person whom’s data has been collected or stored) to request from a Data Controller any data they have collected relating to that person, along with information on if and how it has been processed. In plain language, this is a “Give me everything you have on me” type of request. The Data Controller (in many cases, the merchant) is responsible for providing the data from their systems, any which has been provided to third-party Processors. If a merchant receives a request relating to the right of access, they should contact [email protected] for assistance.

Right to Rectification

The right to rectification allows Data Subjects to request their personal data be modified or corrected. As a merchant, this may simply mean you make the change as requested in your eCommerce platform. If you have a concern relating to a rectification request as it exists in a Bold app or service, contact [email protected].

Right to Erasure

The right to erasure, commonly referred to as the “Right to be forgotten” means Data Subjects have the right to ask for all of their personal data be deleted by a Controller. This means, as with each of the other rights, the Controller is responsible for their own records, and must ensure Processors with whom they work also delete this person’s data. Fulfilling requests for erasure and deletion are handled through an email to [email protected].

Data Processing Addendum

We offer a Data Processing Addendum confirming data transferred outside of the EEA (European Economic Area) is handled and processed safely. Merchants can download the Data Processing Addendum, sign and send it to [email protected].

If you want to learn more, read our last post on GDPR: What is it, why it matters, and how it will affect your store or send us an email to [email protected].

Bug Bounty Program

Bold is committed to protecting the privacy and security of our customers. Despite our efforts to keep our platform secure, we realize we may have missed something. Bold’s Bug Bounty Program is our way to reward security researchers for finding serious security vulnerabilities in the In Scope properties listed below.

Bold is committed to protecting the privacy and security of our merchants.

Accordingly, recognizing that we may have missed something, we encourage individual security researchers to analyze our solutions to make them safer for our merchants. Bold’s Bug Bounty Program is our way to reward security researchers for finding serious security vulnerabilities in the In-Scope properties listed below.

If you think you have found a security vulnerability in our solutions, please contact us! We’ll investigate the issue and try to resolve it quickly. Before you report an issue, review this page.

Our team strives to:

  • Triage and reply to all reports within a week (where applicable)
  • Determine the security impact transparently
  • Award bounties within a week of resolution (excluding extenuating circumstances)
  • Only close reports as N/A when the issue reported has already been identified by another researcher (known issues), lacks evidence of a vulnerability, or falls under the Out-of-Scope Vulnerabilities

Bug Bounty Program Policy

To protect both Bold and security researchers, we ask you to comply with the following policies:

  • Allow reasonable time to investigate and mitigate an issue you report before you publicize any information about the report or share such information with others.
  • Avoid privacy violations and disruptions to others, including (but not limited to) unauthorized access to or destruction of data, and interruption or degradation of our services.
  • Do not intentionally violate any other applicable laws or regulations, including (but not limited to) laws and regulations prohibiting the unauthorized access to data.
  • Do not exploit a security issue you discover for any reason. This includes demonstrating additional risk, such as attempted compromise of sensitive company data or probing for additional issues.
  • For the purposes of this policy, you are not authorized to access user data or company data, including (but not limited to) personally identifiable information and data relating to an identified or identifiable natural person.
  • By submitting content to Bold, you irrevocably waive all moral rights which you may have in the content.
  • All content submitted by you to Bold under this program is licensed under the MIT License.
  • You must report any discovered vulnerability to Bold as soon as you have validated the vulnerability.
  • Failure to follow any of the foregoing rules will disqualify you from participating in this program.
Note

Bold reserves the right to cancel this program at any time and the decision to pay a bounty is entirely at our discretion. Your testing and submission must not violate any law, or disrupt or compromise any data that is not your own. There may be additional restrictions on your ability to submit content or receive a bounty depending on your local laws.

Bold considers activities conducted consistent with this program to constitute “authorized” conduct under the Computer Fraud and Abuse Act. If legal action is initiated by a third party against you and you have fully complied with this program, Bold will take steps to make it known, either to the public or to the court, that your actions were conducted in compliance with the Bold policy.

Upon Bold’s request, you will execute, acknowledge and deliver such further instruments, and will otherwise cooperate and do all other acts as may be necessary or appropriate in order to perfect or carry out the purpose and intent of these terms.

Bold Bug Bounty Guidelines

Participating in Bold’s Bug Bounty Program requires that you follow our guidelines. Adhere to the following guidelines to be eligible for rewards as part of this program:

  • Don’t violate the privacy of other users, destroy data, disrupt our services, etc.
  • Since we’re handling many reports and spam impacts our efficiency, don’t request updates on an hourly basis.
  • Threatening behaviour of any kind will automatically disqualify you from participating in the program.
  • Don’t target, attempt to access, or otherwise disrupt the accounts of other users. All investigative targets must be accounts you own.
  • Exploiting or mis-using the vulnerability for own or others benefit will automatically disqualify the report.
  • Don’t target our physical security measures, or attempt to use social engineering, spam, or distributed denial of service (DDOS) attacks.
  • If you find a severe vulnerability that allows system access, you must not proceed further.
  • Disclosing bugs to a party other than Bold is forbidden, all bug reports are to remain at the reporter and Bold’s discretion.
  • It’s Bold’s decision to determine when and how bugs should be addressed and fixed.
  • Bug disclosure communications with Bold’s Security team are to remain confidential. Researchers must destroy all artifacts created to document vulnerabilities (PoC code, videos, screenshots) after the bug report is closed.

Bold Bug Bounty Scope

The following services and domains are considered in scope:

  • All of Bold’s solution admin consoles
  • All of Bold’s APIs

In-Scope Vulnerabilities

Generally speaking, any bug that poses a significant vulnerability to our merchants could be eligible for reward. It’s entirely at Bold’s discretion to decide whether a bug is significant enough to be eligible for reward. Security issues that typically would be eligible include:

  • SQL injections
  • Code Executions
  • Directory Traversal
  • Privilege Escalations
  • Authentication Bypasses
  • Leakage of sensitive data
  • Cross-Site Scripting (XSS)
  • File inclusions (Local & Remote)
  • Cross-Site Request Forgery (CSRF)
  • Server Side Request Forgery (SSRF)
  • Open redirects which allow stealing tokens/secrets
  • Protection Mechanism bypasses (CSRF bypass, etc.)
  • Administration portals without authentication mechanism

Out-of-Scope Vulnerabilities

Things that aren’t eligible for reward include:

  • Clickjacking
  • Cache Poisoning
  • Content spoofing
  • Missing SPF records
  • Brute force attacks
  • Issues that aren’t reproducible
  • Lack of rate limiting mechanisms
  • Distributed Denial of Service attacks
  • Open redirects without a severe impact
  • CSRF issues on actions with minimal impact
  • Application stack traces (path disclosures, etc.)
  • Vulnerabilities that require Man in the Middle (MiTM) attacks
  • Theoretical subdomain takeovers with no supporting evidence
  • Any exploit that a merchant can intentionally use against themselves
  • HSTS not enabled on *.boldcommerce.com or *.boldapps.net websites
  • Vulnerabilities affecting outdated or unpatched browsers/operating systems
  • Security practices (banner revealing a software version, missing security headers, etc.)
  • Vulnerabilities contingent on physical attack, social engineering, spamming, DDOS attack, etc.
  • Bugs already known to us, or already reported by someone else (reward goes to first reporter)
  • Vulnerabilities on sites hosted by third parties unless they lead to a vulnerability on the main websites.

Reporting

To report an issue: Send an email to [email protected].

Include information about the vulnerability and detailed steps on how to replicate it. The report must pertain to an item explicitly listed under our in-scope vulnerabilities section.

The report should also contain as much detailed information as you can include—ideally, a description of your findings, the steps needed to reproduce the issue, when you discovered the vulnerability and the vulnerable component.

Questions

If you have any questions about our Bug Bounty Program, contact [email protected].