MDI Cloud Terms & Conditions

Revision 4, 09/07/2024

1. Introduction

1.1 The following terms and conditions are for the “Software as a Service” (SaaS) version of MDI Cloud® document management software and is a legal and binding contract between the Customer (“you, “your”) and The Supplier (“we, “us”, “our”).

1.2 The term “Service” means the “MDI Cloud” document management software, and any updates or revisions we make to it, accessed from us and used by you as a licensed Service provided to you through the Internet.

2. Licence & Usage

2.1 We grant the Customer a limited, non-exclusive, non-transferable, right to access the Service from Your Device (defined below) through the Internet (the “License”) to store and retrieve Your Data (defined below) on MDI Cloud infrastructure, on the terms of this agreement. 

2.2 Your Device: you should only access the Service through your own computer, network or other internet ready device. References to “Your Device” means any computer or device functioning as an Internet client or workstation in your possession and control with Internet access, which you use to access the Service. If you choose to access the Service through a third-party application or equipment you don’t own, you may be increasing your privacy and security risks. 

2.3 Your Data: you may only use Your Data with the Service. “Your Data” means your electronic data, or data legitimately used by you personally or by your business that is transmitted to your MDI Cloud database as part of the licensed use of the Service. You are responsible for the accuracy and content of Your Data. You promise that Your Data, and the transmission and storage of it to and by us, will not violate rights or intellectual property of any third party, and is not deemed as offensive content. 

2.4 Usage Limits: usage of the service shall not be limited based on time or user activity, except for a default limitation of 20 file downloads per day. Limits on the use of AI tokens for querying documents and OCR are subject to pricing and package details. For further information or to adjust your usage limits, please contact our support team. The Supplier reserves the right to limit usage if there is evidence suggesting a security risk, such as a potential breach, unauthorised access, or attempts to overload and compromise the system’s integrity. 

2.5 You may not transfer, assign, lend or share the License, or permit anyone else to use the Service or your password to it. Rights not expressly granted to you are reserved to us. You may not sublicense or loan use of the Service, or any documentation on our website, to any other person, without the express written permission of The Supplier. You may use the Service only for your own personal and business purposes. You may use our Service with services you provide to others, but you may not loan or time share the Service, or use it as a storage service for another person, persons or business entity. 

2.6 The Customer agrees, warrants and represents that they will not: 

  • a.) upload or transmit to us any file, data or content (hereafter, “Content”) unless you have a lawful right to copy, transmit, distribute, publish, perform, and display the Content, and you must not violate your confidentiality or fiduciary obligations regarding that Content. 
  • b.) upload or transmit to us any Content unless you have a right, or the consent or permission of, each identifiable person in the Content to use the name, voice, signature, photograph, personal information, visage, likeness, or other recording of each such person (to the extent each such person is implicated by the Content). 
  • c.) act in a contrary manner to the provisions set out in the Data Protection Act 2018 (the “UK GDPR”), or where European Legislation is applicable, regulation 2016/79 of the European Parliament and of the Council (“GDPR”). 
  • d.) upload or transmit to us any Content that (i) violates intellectual property or privacy rights of any person (including without limitation copyright, trademark, patent, trade secret, trade dress, or other intellectual property rights, moral rights under copyright law, and rights of publicity and privacy); (ii) that is obscene, immoral, pornographic, or offensive under the law or to MDI Cloud in its unfettered discretion; (iii) promotes bigotry, racism, hatred, discrimination, or harm against any individual, group, entity, or business; or (iv) violates or encourages any conduct that violates any applicable law or regulation, or would give rise to civil liability to you or us. 
  • e.) access, tamper with, copy, or use any non-public areas of the Service or of our computer systems, or of the technical delivery systems of the MDI Cloud platform. 
  • f.) attempt to probe, test, or tamper with the vulnerability of the Service on any related computer, system or network, or breach or circumvent any security or authentication measure used with the Service or its systems and networks. 
  • g.) modify, copy, or create derivative works based on the Service or any portion thereof, nor reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code, object code, or underlying structure, ideas, or algorithms of the Service.
  • h.) harm or threaten to harm other users of the Service; or interfere with or attempt to interfere with, the access of any user, host or network, including without limitation through any virus, trojan, malicious software, overloading, flooding, spamming, blocking, redirection, mail-bombing, or other interference with the Service or MDI Cloud infrastructure. 
  • i.) send unsolicited email, spam, chain letters, promotions, or advertisements to or through the Service provided under this Agreement. 
  • j.) misrepresent your License or affiliation with the Service in any way. 
3. Service Levels

3.1 The Supplier commits to a service uptime of 99.99%. “Uptime” is defined as the availability of the service to customers, including scheduled maintenance periods. 

3.2 If The Supplier needs to conduct routine maintenance to ensure optimal service performance, The Customer will be notified at least 72 hours in advance of any scheduled maintenance. Scheduled maintenance periods will not exceed 4 hours per month and will be planned during off-peak hours to minimise service disruptions. 

4. Data Management and Security 

4.1 We are committed to protecting your data, and so we use a variety of security technologies and procedures to help protect your information from unauthorised access, use, or disclosure. You understand that for purposes of technical support of the Service and the Services we provide you, and our customers, some of our technical personnel with MDI Cloud security clearance must have access to Your Data. The Supplier has confidentiality agreements that prohibit its employees with such security clearance from accessing Your Data except for technical purposes in order to fulfil our obligations to you and to support, update, and improve the Service and products of The Supplier. 

4.2 None of Your Data will ever be disclosed to any organisation, unless specifically directed by UK Law Enforcement Agencies, UK Security Services, Office of Security, Counter Terrorism and the Serious Fraud Office. To provide access to Your Data, The Supplier will; 

  • a.) notify you about any requests to access to Your Data, unless specifically prohibited to do so by law or a court order, 
  • b.) not disclose any location tracking Data, such as IP addresses or audit log information, without a valid court order or search warrant, 
  • c.) not provide access to Your Data held within the MDI Cloud Database, without a valid search warrant. 

4.3 The Supplier agrees, warrants and represents that it implements the following controls on MDI Cloud to ensure the security and integrity of the Customer’s data stored on the platform: 

  • a.) Technical and Organisational Measures: The Supplier will protect the integrity of data by complying with the principles of ISO27001, including access control systems, security alarms, securing data processing equipment, user authentication, encryption, logging and analysis of data usage, controlled destruction of data media, separation of production and test environments, and adherence to data processing policies and procedures.
  • b.) Data Encryption: The Supplier shall utilise end-to-end encryption for all data processed, uploaded and stored within MDI Cloud provided by an appropriate advanced encryption standard (i.e. AES-256). 
  • c.) Availability: The Supplier shall safeguard data availability via mirrored redundancy across multiple data centres, leveraging cross-region replication capabilities provided by Amazon Web Services (AWS). 
  • d.) Backups: To ensure the preservation of data over time and to protect it from loss, The Supplier will ensure snapshots of data are taken every 4 hours, with up to 168 iterations of backups kept. 
  • e.) Penetration Testing: The MDI Cloud web application shall be regularly penetration tested, at least once annually, by a third party provider. 

4.4 The Customer should, at the recommendations of The Supplier, adopt the following best practices to enhance the protection and management of their data: 

  • a.) Multi-Factor Authentication: where available, it is advised that the Customer enable MFA to add an additional layer of security to their account. MFA provides an extra step of verification beyond just a password, reducing the risk of unauthorised access. 
  • b.) Passwords: in cases where the Customer sets a password or password policy, it is recommended that these comply with official National Cyber Security Centre (NCSC) recommendations and best practices for security. 
  • c.) Malware Protection: The Customer is responsible for maintaining adequate virus and malicious software protections for your computers and networks used to access MDI Cloud. 
  • d.) Regular User Review: the Customer should periodically review user accounts and permissions, especially in cases where employees leave the organisation or change roles. 
  • e.) Premises and Equipment: The Customer is responsible for maintaining adequate physical, technological, and procedural access controls and system security to ensure no unauthorised or improper access to your computer, or use of MDI Cloud through your account, or violation of data privacy, GDPR or confidentiality through your computer or your account. 
  • f.) Access through Third Party Apps: if you choose to access the Service through a third-party application, you should appreciate that such action has security risks that may or may not be disclosed in their privacy policies. You should be sure you are comfortable with the privacy and security measures of any third-party application, interface or network you use to access MDI Cloud. 
  • g.) Notification: you must promptly notify us of any known unauthorised use of your account, and of any other breach of security that might affect us, the Service, Your Data, or MDI Cloud. 
5. Confidentiality

5.1 The Customer and The Supplier shall keep in strict confidence, all technical or commercial know-how, specifications, inventions, processes, or initiatives which are of a confidential nature and have been disclosed to, or otherwise obtained by either Party, its employees, agents or subcontractors, and any other confidential information concerning both Parties. The Supplier shall restrict disclosure of such confidential information to such of its employees, agents or subcontractors as need to know it for the purpose of discharging The Supplier’s obligations, and shall ensure that such employees, agents or subcontractors are subject to obligations of confidentiality corresponding to those which bind The Supplier. 

5.2 The Customer will keep confidential and will not use for any purpose other than this Agreement, any of our proprietary information disclosed by us to you about, or that is learned or observed by you from, the technologies, methodologies, equipment, software, and processes used by us with the Service. You will ensure that your employees, agents, representatives, and contractors, if any, comply with these obligations. Any exceptions to the obligations of this paragraph may only be granted in a writing by The Supplier. This paragraph will not prohibit you from making general comments regarding your user experiences with MDI Cloud and the Service provided by The Supplier. 

6. Intellectual Property Rights

6.1 All right, title, and interest in and to the Service, including but not limited to the MDI Cloud document management software, its user interface, any logos, trademarks, copyrights, patents, trade secrets, and any related intellectual property rights, whether registered or unregistered (collectively, the “Intellectual Property”), are owned by or licensed to The Supplier. Except as expressly provided herein, no license or right, express or implied, is granted to the Customer, and all such rights are hereby reserved by The Supplier. 

6.2 All data, whether uploaded by the Customer or by The Supplier on the Customer’s behalf (the “Customer Data”), remains the sole property of the Customer. The Supplier will only access or use Customer Data to provide the Service or as required by law. 

6.3 If the Customer provides any feedback on the service, including recommendations, criticisms, enhancements, improvements, ideas, features, functionality, capabilities, methods, processes, and information relating to the Service, The Supplier has the right, but not the obligation, to incorporate any Feedback into any products, software or services and to otherwise use, implement, make, practice, modify, enhance, and commercialise Feedback without any obligation to account to you. 

6.4 The Customer will promptly notify The Supplier in writing if it becomes aware of any infringement or potential infringement of The Supplier’s Intellectual Property and will provide reasonable assistance to The Supplier, at The Supplier’s expense, in connection with any infringement proceedings. 

6.5 Should the Service infringe upon the intellectual property rights of a third party, The Supplier will, at its sole discretion, (a) modify the Service so it is no longer infringing; (b) obtain a license for the Customer’s continued use of the Service; or (c) terminate the Customer’s subscription and provide a pro-rata refund for any unused portion of the subscription. 

7. Indemnities and Liability

7.1 Limitation on Damages: The Supplier shall not be liable for any indirect, special, incidental, consequential, or exemplary damages, including loss of profits or loss of privacy, resulting from or related to the use or inability to use any Service, even if advised of such damages’ possibility. 

7.2 Aggregate Liability: Neither party’s liability shall be limited or excluded for (i) death or personal injury due to negligence, (ii) fraud or fraudulent misrepresentation, or (iii) any liability which cannot be limited or excluded by law. 

7.3 Third-Party Websites: The Supplier offers no warranties and assumes no liability for third-party websites, content, data, services, or products accessed or used through the Service. Any reliance on such is at the user’s risk. 

7.4 Risk Allocation: Fees for the Service are set in reflection of the risk allocation defined in this agreement. 

7.5 Your Instructions: The Supplier may act upon instructions provided by the Customer or its representatives. The Customer will indemnify The Supplier against claims and expenses arising from reliance on such instructions. 

7.6 Third-Party Beneficiaries: The Customer shall have no rights or remedies against The Supplier outside of those specified in this Agreement. Post-termination, data storage will cease, except as stated in this Agreement. 

7.7 Third-Party Providers: Disclaimers, risk allocations, and protections in this Agreement extend to third parties assisting The Supplier with software, services, or intellectual property. 

7.8 Our Warranty: The Supplier ensures the Service’s compliance with its documentation. Non-compliance reports will be addressed by corrective actions, support services, or refunds for the most recent paid month(s). 

7.9 Customer Warranty: The Customer shall not use the Service for illicit purposes or disparage The Supplier. Breach of this warranty may result in license termination and legal actions, including the involvement of UK law enforcement. 

8. Subscription

8.1 Free Period: we may offer a free trial for MDI Cloud. If the free trial ends, your License will continue automatically, ensuring you have uninterrupted access to Your Data. You’ll be billed for the following month’s use on the same date of the subsequent month. To avoid these charges, you must notify us of your intention to cancel the subscription prior to the end of your free trial. Failing to do so will activate monthly subscription charges.

8.2 Billing and Payment: all charges relating to MDI Cloud are billed monthly. All charges are referred to and payable in GBP £ sterling. The MDI Cloud product is sold exclusively on a subscription basis and you will be billed for your subscription renewal on the agreed date each month. 

8.3 Arrears Accounts: failure to make full payment within 30 (thirty) days from your payment due date may result in your account being suspended and access to your MDI Cloud database disabled. You will then have another 30 (thirty) days to fulfil your payment obligations. Failure to do so may result in the termination of your account and License in accordance with clause 10. 

9. Support

9.1 We provide Support to users of the Service, including software updates and general technical support for troubleshooting. Product installation, configuration, and training are not included in product Support but are available and may be billable at The Supplier’s discretion. 

9.2 You, the end user of the Service, are entitled to user support services, as long as you are current in the payment of all required fees, and in full compliance with this Agreement. 

9.3 We will make available to you such technical and training information relating to the Service, as we make available to all MDI Cloud customers. The Supplier’s Support teams provide Support via email, support@storetec.net, live chat on The Supplier’s website or by calling +44 (0) 800 612 4065. 

9.4 We are not responsible for problems relating to your computer hardware or software not provided by us, including (but not limited to) any incompatibility of the Service with any other SaaS services. You should appreciate that we cannot guarantee that that support services will cause the Service to be error-free or to operate continuously, efficiently, optimally, or without interruption, for you, particularly on your computer and your chosen networks. If our support team cannot solve your concerns then you, or we, may terminate your License to the Service. 

10. Termination

10.1 The termination of your License ends your right to use MDI Cloud and to access or retrieve Your Data. 

10.2 Upon termination, you must request for us to extract and return Your Data in a preferred format, such as a secure digital transfer or USB drive. This service will be subject to professional service charges, which cover the extraction, secure erasure, transfer, and formatting of the data. The charges will be determined based on the size and complexity of the data, as well as the specific output requirements. 

10.3 If no request for us to extract and return Your Data is received within 90 days after termination, or you decline the return of your scanned images, we reserve the right to permanently erase Your Data from MDI Cloud. The Supplier will provide a 30-day notice before erasing Your Data. 

11. Governing Law

11.1 These terms and any related disputes or claims, including non-contractual ones, are governed by English law. Both parties agree to exclusively resolve such matters in the courts of England and Wales. While the Services can be resold globally, they are always governed by English Law. 

12. Force Majeure

12.1 Neither party shall have any liability to the other under the Customer under the Contract if prevented from, or delayed in, performing its obligations under the Contract or from carrying on its business by acts, events, omissions or accidents beyond its reasonable control, including, without limitation, strikes, lock-outs or other industrial disputes, whether involving the workforce of The Supplier or any other party, failure of a utility service or transport network, fuel shortage, act of God, terrorism, war, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm or default of suppliers or sub-contractors. 

13. Waiver 

13.1 No failure or delay by a party to exercise any right or remedy provided under this Agreement or by law shall constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy shall prevent or restrict the further exercise of that or any other right or remedy. 

14. Severability

14.1 If any provision or part-provision of this Agreement is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not affect the validity and enforceability of the rest of this Agreement. 

14.2 If any provision or part-provision of this Agreement is deemed deleted under clause 14.1, the parties shall negotiate in good faith to amend such provision that, to the greatest extent possible, achieves the intended commercial result of the original provision. 

15. Entire Agreement

15.1 This Agreement constitutes the entire Agreement between the parties and supersedes and extinguishes all previous agreements, promises, any purchase orders that may be purported to apply, assurances, warranties, representations and understandings between them, whether written or oral, relating to its subject matter. 

15.2 Each party acknowledges that in entering into this Agreement it does not rely on, and shall have no remedies in respect of, any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in this Agreement. 

15.3 Each party agrees that it shall have no claim for innocent or negligent misrepresentation or negligent misstatement based on any statement in this Agreement. 

16. Assignment

16.1 We may assign this Agreement without notice to you at any time to any person who acquires substantially all of our business assets relative to the Service who will assume our rights and obligations under this Agreement. 

17. Notices

17.1 All notices related to this Contract, including notification of intent to terminate the service, must be in writing and can be hand-delivered or sent by registered post to the party’s registered address or via email. Notices are deemed received upon signed receipt if hand-delivered, by 9:00 am the next Business Day if emailed, or two Business Days after posting if mailed.