Cloud Service Agreement

HASP Cloud Service Agreement Last updated · May 21, 2026

Overview

The Cloud Service Agreement (the "CSA") is the master agreement governing every paid HASP subscription. Per-deal commercial variables — subscription period, payment process, use limitations, technical support level — are captured on the Order Form, which incorporates the CSA by reference.

The version published here is published for pre-signup review by procurement, legal, and security teams. The contractually binding CSA is the version accepted at paid signup (self-serve plans) or referenced by the countersigned Order Form (Enterprise).

Service and Customer Content

Access and Use (§1.1). During the Subscription Period, Customer may access and use the Cloud Service and copy the included Software and Documentation as needed to access and use the Cloud Service for internal business purposes.
Feedback and Usage Data (§1.4). Feedback is given "AS IS" and HASP may use it freely. Aggregated Usage Data may be used to maintain, improve, and promote HASP's products and services; only aggregated, non-identifying Usage Data may be disclosed externally.
Customer Content (§1.5). HASP may copy, display, modify, and use Customer Content only as needed to provide and maintain the product and related offerings.
Machine Learning (§1.6). Usage Data and Customer Content may be used to train AI/ML models only after aggregation and commercially reasonable de-identification. The DPA and BAA control over §1.6 in any conflict — PHI under the BAA and personal data under the DPA are not used for training.

Restrictions and Suspension

Restrictions on Customer (§2.1). Standard prohibitions: no reverse engineering, no reselling, no removal of proprietary notices, no derivative works, no security testing or interference, no unauthorized access, no use to develop competing services, no High Risk Activities, no use to circumvent access restrictions, and no Customer Content the Customer does not have rights to.
Suspension (§2.2). HASP may temporarily suspend access for unpaid undisputed balances over 30 days, for §2.1 breaches, or for use that materially and negatively impacts the product or others. HASP will try to inform Customer before suspending when practical.

Privacy and Security

Before submitting Personal Data governed by GDPR, Customer must enter into the HASP Data Processing Agreement, which is incorporated into the CSA by reference. The DPA's terms control over the CSA on Personal Data. Customer will not submit Prohibited Data to the product unless authorized by the Order Form.

For PHI workloads, the Business Associate Agreement applies in parallel and is countersigned in-product at signup on paid tiers where PHI is in scope.

Payment and Taxes

All Fees are in U.S. Dollars (unless the Order Form specifies otherwise) and exclusive of taxes.
Invoiced Fees are billed in arrears for usage and in advance for everything else, according to the Payment Process on the Order Form. Automatic payment is charged according to the Payment Process; Customer authorizes those charges.
Customer is responsible for sales, use, VAT, GST, withholding, and similar taxes itemized on an invoice — not for HASP's income taxes.
Good-faith Fee disputes must be raised before payment due (or within 30 days of an automatic charge); undisputed amounts must still be paid on time, and the parties have 15 days to resolve.

Term and Termination

Order Form (§5.1). Each Order Form runs from the Order Date through the Subscription Period and auto-renews unless one party gives notice of non-renewal before the Non-Renewal Notice Date.
Framework Terms (§5.2). The CSA itself runs for the longer of one year or until all governed Order Forms have ended.
Termination (§5.3). Either party may terminate immediately for an uncured material breach (after 30 days notice), an incurable material breach, dissolution, assignment for the benefit of creditors, or insolvency proceedings continuing more than 60 days.
Force Majeure (§5.4). Either party may terminate an affected Order Form if a Force Majeure Event prevents material operation for 30+ consecutive days; HASP refunds prepaid Fees for the remainder of the Subscription Period.
Effect of Termination (§5.5). Customer's use rights end; on request, HASP deletes Customer Content within 60 days; each party returns or destroys the other's Confidential Information; HASP invoices for accrued unpaid Fees.

Representations and Warranties

Each party warrants it has authority, is duly organized and in good standing, and will comply with Applicable Laws. Customer warrants it has the rights necessary to submit Customer Content. HASP warrants it will not materially reduce the general functionality of the Cloud Service during the Subscription Period; the sole remedy if HASP breaches this warranty is restoration and, failing that, prorated refund and termination of the affected Order Form.

Limitation of Liability

General Cap (§8.1a). Each party's total liability is capped at total Fees paid or payable under the applicable Order Form in the twelve (12) months before the event giving rise to the claim.
Increased Cap (§8.1b). The cap is doubled for "Increased Claims" — breaches of Privacy & Security (§3), Confidentiality (§10), or the DPA.
Damages Waiver (§8.2). Neither party is liable for lost profits or revenues, consequential, special, indirect, exemplary, punitive, or incidental damages — except as carved out by §8.4.
Unlimited Claims (§8.4). The caps do not apply to indemnification obligations, unpaid Fees, IP infringement, gross negligence, willful misconduct, or fraud — or to liability that cannot be limited under Applicable Laws.

Indemnification

HASP indemnifies, defends, and holds harmless Customer against third-party IP infringement claims arising from permitted use of the product (Provider Covered Claims). Customer indemnifies HASP against third-party claims arising from Customer Content or use of the product in violation of the CSA or Applicable Laws (Customer Covered Claims). Standard notice, control, and cooperation procedures apply.

Confidentiality

Each party's confidential information is protected on standard terms — limited use, reasonable care, exceptions for publicly available or independently developed information, and disclosure permitted only as required by law. Mutual NDA terms for pre-signup conversations are covered by the separate Mutual NDA.

Governing Law

The CSA is governed by the laws of the State of Delaware, without regard to conflict of laws provisions. Suits and proceedings must be brought in the federal or state courts located in New Castle, Delaware; both parties submit to the exclusive jurisdiction of those courts.

Frequently asked questions

What is the CSA and when does it apply?

The Cloud Service Agreement is the master agreement governing every paid HASP subscription. It applies to Solo, Professional, Business, and Enterprise tiers. Self-serve plans accept the CSA at signup; Enterprise customers accept it through the executed Order Form, which incorporates the CSA by reference.

Why is it called the CSA and not an MSA?

HASP uses "Cloud Service Agreement" because HASP is a cloud service. The CSA functions identically to what other vendors call a Master Subscription Agreement or Master Services Agreement.

How does the CSA relate to the BAA, DPA, and Order Form?

The CSA is the umbrella. The Order Form sets the per-deal commercial terms (subscription period, payment process, use limitations) and incorporates the CSA. The DPA covers personal-data handling under GDPR and CCPA. The BAA covers PHI handling under HIPAA, on paid plans where PHI is in scope. All four are designed to work together as one bundle.

What are the liability caps?

The general liability cap is the total Fees paid or payable in the twelve months before the event giving rise to the claim. The cap doubles for "Increased Claims" — breaches of the Privacy & Security section, the Confidentiality section, or the DPA. Indemnification obligations, unpaid Fees, IP infringement, gross negligence, willful misconduct, and fraud are uncapped.

What are the termination rights?

Either party can terminate the Framework Terms or an Order Form immediately for an uncured material breach (after 30 days notice), for incurable material breach, dissolution, assignment for the benefit of creditors, or insolvency proceedings continuing more than 60 days. On termination, Customer's right to use the product ends, HASP deletes Customer Content within 60 days on request, and HASP issues a final invoice for accrued Fees.

Does HASP train AI models on my Customer Content?

Section 1.6 of the CSA permits use of Usage Data and Customer Content for training only after aggregation and commercially reasonable de-identification, and never in a way that overrides HASP's obligations under the DPA or BAA. In practice: PHI under the BAA and personal data under the DPA are not used for training, full stop. The DPA controls in any conflict.

Can I redline the CSA?

The published CSA is what every HASP paid customer signs. Enterprise customers can negotiate redlines to specific provisions through the Order Form; contact [email protected] to begin. Solo, Professional, and Business plans sign the standard form — that's how HASP offers the same legal posture at every paid tier without procurement gating the lower bands.

Business Associate Agreement — BAA for PHI workloads.
Data Processing Agreement — GDPR and CCPA companion to the BAA.
Mutual NDA — For pre-signup security reviews and evidence sharing.
Trust Center — Compliance posture and evidence index.
Terms of Service — Headline summary of the customer commitment.

Enterprise customers requiring redlines, custom terms, or a separately countersigned PDF should contact [email protected] before starting the paid signup flow.