Exact Hosting Master Service Agreement
This Master Service Agreement (MSA) shall constitute a binding contractual agreement between Exact Hosting, a service operated by Tucows.com Co, (“Company”) and you, the purchaser of our services (“you” or “Customer”).
This MSA provides the terms and conditions for services sold through our website, exacthosting.com.
The Service Agreement includes:
Terms of Service
- Monthly Service Fees: Fees for service(s) ordered by the Customer shall begin on the date of the initial order. That date shall serve as the monthly anniversary date for all future billings including one time fees, upgrades, additional services, cancellations, and service credits. Fees are due in advance of the monthly service cycle and will be billed on the anniversary date of each month. Failure to pay may result in termination.
- Upgrade Fees: Upgrades ordered on the billing anniversary date will be billed for a full month of service and will continue each month on the anniversary date. Upgrades ordered after the normal anniversary billing date will be prorated to the next anniversary date and billed as a one-time pro rata charge. Future charges will appear as full monthly fees added to your existing anniversary billing date.
- Additional Service Fees: Additional services ordered on the billing anniversary date will be billed for the full month service and will continue to be billed each month on the anniversary date. Additional services ordered after the normal anniversary billing date will be prorated to the next anniversary date and billed as a one-time pro rata charge. Future charges will appear as full monthly fees added to your existing anniversary billing date.
- One Time Fees: One time fees, such as setup fees, administrative fees, and late fees, are due and payable at the time they are incurred.
- Service Credits: Service credits will be issued to your Customer account and shall be used to offset future billable services. Service credits shall not be issued as cash back to the Customer nor are service credits transferable to other account holders or to other accounts held by the same Customer.
- Cancellation: The Company requires a thirty (30) day written (i.e. via email or help request) cancellation notice prior to the anniversary billing date for discontinuance or downgrades of month-to-month services. Failure to supply the requisite thirty (30) days written notice of cancellation will result in a full billable monthly cycle prior to cancellation. Customer data remaining after the cancellation date may be destroyed for security and privacy reasons.
- Refunds & Disputes: All services rendered by the Company are non-refundable. This includes, but is not limited to: set-up fees, one time fees, monthly service fees, upgrade fees, additional service fees, administrative fees, and late fees. Customers seeking to resolve billing errors are instructed to open a help ticket with our support department. A payment chargeback for services rendered will result in an additional charge of $150 and will be subject to collection by an authorized collection agency.
- Non-Payment: Any outstanding amounts not paid within a thirty (30) day period will be considered past due and will accrue interest at the rate of one and one-half percent (1.5%) per month. If any amount due under this Agreement is collected by or through an attorney or collection agency, Customer shall pay all of Company’s collection costs, including attorney’s fees. Company reserves the right to terminate services if an account is ninety (90) days past due.
- Data: The Company agrees to use best efforts and commercially reasonable best practices when deploying services related to data integrity, backup, security, and retention. These services include, but are not limited to: hard drive storage, RAID hard drive arrays, network attached storage, storage area networks, operating system installs, operating system reloads, and other situations involving Customer data. Customer assumes ultimate responsibility for data integrity, retention, security, backup, and ownership. Upon Termination of this MSA, the Company no longer has any obligation to maintain any data.
- Identity Use: Company agrees not to use Customer name, logos, or information without prior written consent of Customer.
- Laws: Customer agrees to abide by all local, state, and federal laws pursuant to services delivered in Charlottesville, Virginia, United States of America. Proper venue for legal remedies shall be the City of Charlottesville, Virginia. All contract terms found herein shall be bound by the laws of the Commonwealth of Virginia or the Uniform Commercial Code, whichever may be applicable.
- Mutual Indemnification: Each party agrees to indemnify and hold harmless the other party, the other party’s affiliates, and each of their respective officers, directors, attorneys, agents, and employees from and against any and all claims, demands, liabilities, obligations, losses, damages, penalties, fines, punitive damages, amounts in interest, expenses, and disbursements of any kind and nature whatsoever (including reasonable attorney’s fees) brought by a third party under any theory of legal liability arising out of or related to the indemnifying party’s actual or alleged infringement or misappropriation of a third party’s copyright, trade secret, patent, trademark, or other proprietary right.
- Limitation of Liability: The Company shall not be liable to Customer for harm caused by or related to Customer’s services or inability to utilize the services unless caused by gross negligence or willful misconduct. Neither Party shall be liable to the other for lost profits, direct or indirect, special or incidental, consequential or punitive, or damages of any kind whether or not they were known or should have been known. Notwithstanding anything else in this agreement, the maximum aggregate liability of the Company and any of its employees, agents, or affiliates, under any theory of law shall not exceed a sum not to exceed the amount paid by the Customer for services for the six months prior to the occurrence of the event(s) giving rise to the claim.
- Arbitration: Any controversy or claim arising from service or related to this contract or breach therein in excess of $5000.00 shall be settled by arbitration in accordance with the commercial arbitration rules of the ADR Forum. The resulting judgment rendered by a licensed arbitrator may be entered in any court having valid jurisdiction.
- Affiliates: Exact Hosting does not offer an affiliate program. However, customers who have become part of Exact Hosting via an acquisition will be grandfathered into any existing affiliate program that was active prior to an acquisition. Additionally, the following changes will take place immediately following an acquisition:
- Payouts will be reduced to 10% or remain as is if less than 10% of the hosting plans monthly or annual payment;
- You can request the commission balance as a credit to your account. There is no minimum amount required for this request.
- If you do not request that your balance be paid out to you within one (1) year of its accrual, it may be forfeited. You must also have a valid W9 form on file, please submit one separately to our support team.
- Scripts: In order to maintain the integrity and security of our servers, Exact Hosting reserves the right to update any outdated software or plugins or files associated with this software at any time. This includes but is not limited to WordPress, Joomla, Drupal, etc.
- Resource Usage: Exact Hosting reserves the right to suspend accounts that are using excessive resources and to determine what those may be at its sole discretion.
- Acceptance: Acceptance of this Master Service Agreement, including the Terms of Service and Acceptable Use Policy, hereby initiates billable services and is deemed complete by agreement to the terms as described and completion of the ordering process.
Acceptable Use Policy
The Company is dedicated to the unrestricted free transmission of information via the Internet.
Notwithstanding anything found herein, the Company follows all local, state, and federal laws pursuant to the services delivered over the Internet and directly related to our network and internal systems. The purpose of this Acceptable Use Policy (“AUP”) is to inform all Customers of anticipated Customer use. Due to the myriad of possibilities in maintaining a network comprised of many servers, this document is intended to act as a guideline to service and not to be all-encompassing. In addition, we may update this document at any time and it will become effective immediately.
Direct Violations of AUP: The following list represents per se direct violations of the AUP and will be subject to immediate redress under the methods of resolution as described in this, the AUP. Any violation of the AUP may result in immediate suspension of services, cancellation of account, removal and/or termination.
- Copyright Infringement: Direct copyright infringement as defined and noted under Title 17, Section 512 of the United States Code is a direct violation of the AUP.
- Unsolicited Email: The sending of mass unsolicited email (spam) is a direct violation of the AUP. This includes the direct sending of such messages, support of such messages via web page, splash page, or other related sites, and the advertisement of such services.
- Mailing Lists: “Opt-in” mailings are those email messages that are sent to more than 500 users by either Company customers or their third-party partner to any group of end users. Opt-in means that the end user has signed up for the mailings voluntarily. “Opt-in” implies that the mailings are not spam. For more information please refer to this article.
- Email Bombing: The sending, return, bouncing, or forwarding of email to specified user(s) in an attempt to interfere with or overflow email services is a direct violation of the AUP.
- Proxy Email (Spam): The use of dedicated services to proxy email unsolicited users is a direct violation of the AUP. Proxy email is defined as the use of dedicated services to act in concert with other services located inside and outside the network to achieve mass unsolicited email (spam) to unrelated third parties.
- UseNet Spam: The use of dedicated services to send, receive, forward, or post UseNet unsolicited email or posts is a direct violation of the AUP. This includes UseNet services located within the Company’s network or unrelated third party networks.
- Illegal Use: Any use of services in direct contravention of applicable statutes is a direct violation of the AUP. This includes, but is not limited to: death threats, terroristic threats, threats of harm to another individual, multi-level marketing schemes, high yield investment plans (HYIP), “Ponzi schemes”, invasion of privacy, “doxxing”, credit card fraud, racketeering, defamation, slander, and other illegal activities. This includes hosting, linking, and/or advertising via email, websites, or schemes designed to defraud.
- Threats & Harassment: Any use of services to promote or publish information that is misleading; objectionable; harmful; hateful; defamatory; derogatory or bigoted based on racial, ethnic, sexual preference, sexual identity, age, disability, or political grounds; that may otherwise cause injury, damage, or harm of any kind to any person or entity; that violates or threatens to violate a person’s privacy or property rights; or any activities that may in any way be harmful to minors is a direct violation of the AUP.
- Gambling and Pornography: Any use of services or promote, send, receive, forward, or post pornographic materials or materials relating to gambling, gaming, or other similar activities is a direct violation of the AUP.
- Fraudulent Activities: The Company prohibits utilizing services for fraudulent activities. Notification of fraudulent activities by verified third parties may result in violation of the AUP.
- Denial of Service: The Company absolutely prohibits the use of services for the origination or control of denial of service attacks (DoS) or distributed denial of service attacks (DDoS). Any relation to DoS or DDoS type activity is a direct violation of the AUP.
- Terrorist Websites: Use of services for the hosting of terrorist-related websites is a direct violation of the AUP. This includes, but is not limited to, sites advocating human violence and hate crimes based upon religion, ethnicity, gender, gender expression, sexual preference, sexual identity, or country of origin.
- Distribution of Malware: The Company prohibits the storage, distribution, fabrication, or use of malware including virus software, root kits, password crackers, adware, key stroke capture programs, and other programs normally used in malicious activity. Programs used in the normal and ordinary course of business are deemed acceptable. For example, a security company hosting analysis of the latest root kit for security analysis may not be a violation of the AUP.
- Phishing: The Company strictly prohibits any activity associated with phishing or systems designed to collect personal information (name, account numbers, usernames, passwords, etc.) under false pretense. Splash pages, phishing forms, email distribution, proxy email, or any relation to phishing activities is a direct violation of the AUP and may result in immediate removal.
- Spoofing: Manipulating identifiers such as email headers, IP addresses, or server names; imitating or impersonating another person or their email address; or creating false accounts for the purpose of sending spam is a direct violation of the AUP.
- Child Abuse Material: The Company has a zero-tolerance stance policy against child abuse material, related sites, and related content. The hosting of or linking to child abuse material or related sites or contact information is in direct violation of federal law and the AUP.
Disclosure to Law Enforcement: Occasionally, the Company is required by law to submit Customer information to law enforcement officials when presented with a valid subpoena from a court with proper jurisdiction. Information requested is disclosed as directed pursuant to the subpoena. The Company utilizes great care in keeping Customer information safe and private and will only release information described in the subpoena. The Company will notify Customer of the information request as allowed by the subpoena.
Reporting Violations of the Acceptable Use Policy: The Company accepts reports of alleged violations of the AUP via email to email@example.com. Reports of alleged violations must be verified and include name, contact information, IP address, and description of the violation. The Company owes no duty to third parties reporting alleged violations due to lack of privity in contract law. The Company will review all verified third party reports and will take appropriate actions as described within the AUP.
Methods of Resolution for Violations under the Acceptable Use Policy: The ultimate goal of the Company is to balance the rights and interests of our Customers in the highly evolving Internet world. The Company understands the challenges of hosting companies, resellers, businesses, organizations, and other Customers who may have third-party violations occur due to the nature of their business. The goal to our methods of resolution is to mitigate any service interruptions while resolving any potential violations under the policy. Our staff are dedicated to working with you in resolving potential violations and are available via phone or email. Timing for resolution differs according to the degree of the violation, the nature of the violation, involvement of law enforcement, involvement of third party litigation, and other related factors. Overall, the Company is dedicated to working with the Customer to resolve potential violations prior to any service interruptions.
Disclaimer: The Company retains the right, at its sole discretion, to refuse new service to any individual, group, or business. The Company also retains the right to discontinue service with notice.
III. Exhibit A – Domain Registration Policy
You agree to the following terms and conditions listed on this page upon purchasing, renewing, or transferring a domain name.
- Domains registered with OpenSRS
- Domains registered with Enom
- Domains registered with Internet.bs
- Domains registered with ResellerClub
Whenever we refer to “Exact” in this document, we are referring to the hosting services provided by Tucows.com Co. via the website exacthosting.com.
Our Privacy and Data Collection Practices
Like most online businesses, Exact collects and processes information on behalf of and about our customers. We want to help our customers understand what data we collect, how we use the data we collect, who we share this data with, and how we secure and protect this data.
The purpose of this policy is to share these details with our customers and anyone else interested in how we collect and process personal data.
We’ve tried really hard to keep this document simple and readable and if you have any suggestions for how we can improve it, please let do us know.
Information We Collect and Hold
When you purchase services from Exact, we create an account for you. This account makes it possible for you to track and manage your purchases with us. For the purpose of creating your account, we collect what we call “account data” and “hosted data”.
Account data includes:
- the name of the account holder;
- the mailing address of the account holder;
- a primary and, optionally, a secondary email address, associated with the account holder and any other individual that the account holder wishes to designate; and
- a credit card number, expiry, and verification code.
For your convenience, we may store this data at your direction as a default set of information for future purchases.
Hosted data depends on what you want on your website(s) and includes:
- the files you upload to publish as your website(s);
- the files you upload but remain unpublished as your website(s).
You should be aware that we understand that your hosted data is intended to be published, as the service that you have purchased from us is to publish that data as your website(s). If you upload anything as hosted data, we will treat it as such. You should be careful about what you upload as hosted data.
Our use of your account data
Exact only uses account data for the purpose of facilitating the management of your account and billing for your purchases.
We share this data programmatically with Stripe, for the purpose of billing your credit card.
Exact relies on tokens generated by Stripe to trigger billable events. Exact retains the industry-normal first six and last four digits of the credit card, the type of credit card, and the name associated with the credit card for internal tracking and audit purposes. The data is stored securely and is not usable for any billing or charging purposes. Stripe will never use your data for their own purposes without our explicit consent or notice to us.
We use WHMCS for billing. Your account information may be associated with your bill through WHMCS. The data is stored securely and not usable for any purpose other than billing and auditing.
Exact may share your account data with law enforcement agencies on a case-by-case basis, if necessary as part of a legal investigation. We may notify you if this happens, depending on the circumstances. Exact may also share your account data with a third party under order from a court of competent jurisdiction related to a lawsuit or investigation. We evaluate these requests on a case-by-case basis and we will notify you as appropriate.
We may use your account data to contact you concerning a dispute related to your account or for verification purposes to make sure no one else is accessing your account.
Exact does not share your account data with any other parties for any other reasons, with the exception of vendors, working under our instruction following levels of security at least as rigorous as those followed by Exact.
We never sell this information.
Location of Data Collection and Processing
Your account data and hosted data are collected and processed by us in the United States, the UK, and the Netherlands. When necessary for the services your have requested from us, your data may also be processed elsewhere, within or outside of Canada, in accord with legal regulations. Again, your hosted data is published to your website(s) and is public on the Internet.
Customer Service Information
We use a third party service, Zendesk, to help us manage all of our customer service interactions. Any information you send to use via email is usually stored and tracked in our Zendesk system. We also use Zendesk to log information when you call us for assistance. None of this information is accessible by any third party other than Zendesk.
When you call Exact Support via telephone, we will likely record and archive the conversation. If you don’t agree to this, please contact Exact Support through our online chat, email or other means as may be available at exacthosting.com.
Electronic Newsletters and Unsubscribe Policy
We only provide newsletters to you if you have opted in to receive them. If you change your mind, you can unsubscribe from our mailing list at any time through the link we provide at the top and bottom of every mailer.
We collect and aggregate data concerning how people use the website at exacthosting.com. When you visit our websites, our web servers temporarily record the IP address of your computer, the file requested (file name and URL) by the client, the http response code, and the website from which you are visiting us. The recorded data is used for data security purposes, particularly to protect against attempted attacks on our server, and for statistical analysis. We do not use it to create individual user profiles nor do we share this information with third parties. Some of the data is associated with your account and the website(s) we host on your behalf, but is not personally identifiable to any third-party.
Here is a list of the third-party services that Exact uses:
- American Express
- AWS (Amazon Web Services)
- DENIC Data Escrow Services
- Iron Mountain Data Escrow Services
- Sage (Intacct)
Session cookies are cookies that are only saved on your computer for the duration of a single Internet session. They do not contain any personal data. For some offerings we use persistent cookies that support the services for future sessions. These cookies remain valid until you delete them or until the deletion period configured in your client is reached. You can set your browser to prevent these cookies being stored or to delete the cookies at the end of your Internet session. Please remember that in this case you may not have access to the full range of functions offered by our website.
Data Security and Retention
We follow generally-accepted standards to store and protect the personal data we collect, both during transmission and once received and stored. We use encryption where appropriate.
We retain personal data only for as long as necessary to provide the services you have purchased from us, and we may retain that information for legal or business purposes after termination of the services. These post-services retention periods are either mandated by law or contract and are necessary for preserving, resolving, defending, or enforcing our legal and contractual rights or needed to maintain accurate business and financial records.
If you have any questions about the security or retention of your personal data, you can contact us by email at firstname.lastname@example.org or by giving us a phone call at 1.877.658.4146 (Option 1, Monday to Friday between 8am and 9pm ET).
Data Access and Correction
You may view the personal information we have about you inside your account. You also may request, free of charge, information on the scope, origin, and recipients of any stored data as well as the purpose of storage. You may request that incorrect data be corrected at any time, or you may correct any data elements inside your account to which you have access.
We do not target our services to persons under the age of 18. If you know of, or have reason to believe, anyone under the age of 18 has provided us with any personal data, please contact us.
Data Protection Authority
If you are a resident of the European Economic Area (EEA) and believe we maintain your personal data subject to the General Data Protection Regulation (GDPR), you may direct questions or complaints to our lead supervisory authority, responsible for the territory in which we maintain a subsidiary office in Germany. Our lead supervisory authority is:
Landesbeauftragte für Datenschutz und Informationsfreiheit
Postfach 20 04 44
Exact, a service of Tucows
96 Mowat Avenue
(Attention: Office of the Data Protection Officer)
or for customers established in the EEA:
Tucows Data Protection Officer
Rickert Rechtsanwaltsgesellschaft m.b.H
Kaiserplatz 7 – 9
DPO @ Tucows.com
We will respond to all requests, inquiries or concerns within thirty (30) days.