ThredCloud SaaS Agreement | Terms, Definitions, and Rights

This ThredCloud SaaS Agreement ("Agreement") is entered into between ThredCloud Limited, a New Zealand company (Company Number 9385201), with its registered office at 264 Whangaparaoa Road, Red Beach, Red Beach, 0932, New Zealand ("THRED"), and the entity identified in the applicable Order Form ("Licensee").

By executing an Order Form that references this Agreement, Licensee agrees to be bound by the terms of this Agreement, including Schedule A (Acceptable Use Policy).

1. Definitions

"Acceptable Use Policy" or "AUP" means the acceptable use policy set forth in Schedule A of this Agreement.

"Authorized Users" means individuals authorized by Licensee to access and use the Platform under Licensee's account.

"Confidential Information" means any non-public information disclosed by one party to the other that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and circumstances of disclosure.

"Documentation" means ThredCloud's standard user guides, online help, and technical documentation for the Platform.

"End Customer Personnel" means employees, contractors, and agents of an End Customer who are authorized by Licensee to access the Platform on behalf of that End Customer.

"End Customer" means the owner of the factory, manufacturing site, or operational facility whose equipment generates the data stored within a Licensed Workspace. Each Licensed Workspace is provisioned for a single End Customer. Where Licensee is the owner of the factory or facility for which a Licensed Workspace is provisioned, Licensee is considered the End Customer for that workspace and retains all End Customer rights under this Agreement, including ownership of Workspace Data.

"Fees" means the amounts payable by Licensee as specified in the Order Form.

"Licensed Workspace" means a unique ThredCloud Platform workspace instance, identified by a Workspace ID, that Licensee is entitled to access and use under this Agreement, as specified in the Order Form. Each Licensed Workspace is intended to represent a single factory equivalent (a discrete manufacturing site, production facility, or equivalent operational unit).

"Licensee Data" means all data, content, and information uploaded, submitted, or transmitted to the Platform by or on behalf of Licensee or its Authorized Users.

"Managed Data" means data that is managed by the Platform but not permanently retained, as defined in Schedule A (Section A.6.1). Managed Data includes, but is not limited to, time-based data such as telemetry, sensor readings, alarms, events, logs, energy data, utility data, and operator data. Managed Data is subject to storage cap limits and first-in, first-out (FIFO) deletion once the Data Usage Cap is reached, as set out in Schedule A (Section A.7).

"Order Form" means the commercial ordering document executed by the parties that references this Agreement and specifies the subscription scope, Fees, and other commercial terms. Order Forms include but are not limited to:

Direct customer order forms; and
Reseller order forms.

"Persisted Data" means Knowledge Graph Context Data and Set-up and Configuration Data, as defined in Schedule A (Section A.6.1). Persisted Data is retained indefinitely during the Subscription Term and is not subject to storage cap deletion.

"Tag" means a single data point, attribute, or signal stored or processed within the Platform.

"Tag Block" means an allocation of Tags as specified in the Order Form.

"Platform" means ThredCloud's cloud-hosted software-as-a-service platform that structures, contextualises, and stores operational technology (OT) data within an industrial knowledge graph. The Platform enables Licensee to query, visualise, and retrieve contextualised operational information through:

Open architecture with broad connectivity to industrial data sources (including Ignition, historians, SCADA systems, PLCs, and other OT systems);
Enterprise and cloud connectors and APIs for integration with business systems, cloud services, and third-party applications;
Model Context Protocol (MCP) integration enabling standardised interaction with AI systems and large language models;
AI agent capabilities for automated data retrieval, contextual analysis, and natural language query processing; and
Analytics and decision support tools for operational insight generation.

The Platform includes all updates and enhancements made available to Licensee during the Term.

"Term" means the period during which this Agreement is in effect, as specified in Section 12

"Trial Period" means, if specified in the Order Form, the initial period during which Licensee may access and use the Platform for evaluation purposes on the terms set out in Section 2A (Trial Period) and the Order Form.

"Trial Purpose" means the agreed purpose for which Licensee will use the Platform during the Trial Period, as specified in the Order Form.

2. Grant of Rights

2.1 License Grant

Subject to the terms of this Agreement and payment of Fees, ThredCloud grants Licensee a non-exclusive, non-transferable (except as permitted under Section 14.2), limited right to access and use the Platform during the Term, solely for Licensee's internal business purposes or as otherwise permitted under this Agreement.

2.2 Scope

The scope of the license (including the number of Licensed Workspaces and Tag Blocks) is as specified in the applicable Order Form. Each Licensed Workspace is identified by a unique Workspace ID. The number of Tags included in each Tag Block is as specified in the Order Form.

2.3 End Customer Access

Licensee may permit End Customers and End Customer Personnel to access and use the Platform through Licensee's account, provided that:

such access is within the scope specified in the Order Form, including any limits on Licensed Workspaces and Tag Blocks — End Customer Personnel count toward Licensee's Authorized User limits where applicable;

Licensee remains fully responsible for all End Customers' and End Customer Personnel's compliance with this Agreement;

Licensee's relationship with End Customers is solely between Licensee and End Customers;

(a) such access is within the scope specified in the Order Form, including any limits on Licensed Workspaces and Tag Blocks — End Customer Personnel count toward Licensee's Authorized User limits where applicable;

(b) Licensee remains fully responsible for all End Customers' and End Customer Personnel's compliance with this Agreement;

(d) ThredCloud has no direct contractual obligations to End Customers or End Customer Personnel (except as expressly provided in Section 7.3 regarding End Customer data rights); and

(e) Licensee shall indemnify ThredCloud against any claims brought by End Customers or End Customer Personnel pursuant to Section 11.

2.4 Documentation

ThredCloud grants Licensee a non-exclusive right to use the Documentation solely in support of Licensee's authorized use of the Platform.

2A. Trial Period

If the Order Form specifies a Trial Period, the following terms apply:

2A.1 Trial Grant

Subject to the terms of this Agreement, ThredCloud grants Licensee a limited, non-exclusive, non-transferable right to access and use the Platform during the Trial Period solely for the Trial Purpose specified in the Order Form.

2A.2 Trial Scope

During the Trial Period, Licensee's use of the Platform is limited to the scope specified in the Order Form, including any limits on Trial Workspaces, Tag Blocks, and Data Usage Cap applicable to the Trial.

2A.3 Trial Fees

The Fees (if any) payable during the Trial Period are as specified in the Order Form. If no Trial Fee is specified, the Trial Period is provided at no charge.

2A.4 Conversion to Paid Subscription

The Trial Period converts to a paid subscription in accordance with the conversion trigger specified in the Order Form, which may include one or more of the following:

(a) Automatic Conversion — The Trial automatically converts to a paid subscription at the end of the Trial Period unless Licensee provides written notice of cancellation at least 7 days prior to the Trial End Date;

(b) End-Customer Payment Trigger — The Trial converts to a paid subscription when the End Customer commences payment for services that incorporate or utilise the Platform; or

(c) Written Confirmation — The Trial converts to a paid subscription only upon Licensee's written confirmation to ThredCloud.

Upon conversion, the subscription continues on the post-trial terms (including Fees and Initial Term) specified in the Order Form.

2A.5 Non-Conversion

If the Trial Period does not convert to a paid subscription:

(a) Extension — ThredCloud may, at its sole discretion, approve an extension of the Trial Period upon Licensee's written request. Any extension and its terms must be agreed in writing;

(b) Cancellation — If no extension is agreed, or if ThredCloud declines to extend, the Trial Period terminates on the Trial End Date and Licensee's access to the Platform ceases; and

(c) Data Export — Upon termination of the Trial Period without conversion, Licensee may request export of Licensee Data within the data export window specified in the Order Form (or 30 days if not specified). After such period, ThredCloud may delete all data associated with the Trial.

2A.6 Trial Limitations

During the Trial Period:

(a) ThredCloud provides the Platform on an "as-is" basis and makes no warranties regarding Platform availability or performance beyond commercially reasonable efforts;

(b) Service Level commitments (if any) specified in the Order Form apply only to the post-conversion paid subscription unless expressly stated to apply during the Trial Period; and

(c) ThredCloud may terminate the Trial Period immediately upon written notice if Licensee breaches this Agreement or uses the Platform other than for the Trial Purpose.

3. Restrictions

3.1 Use Restrictions

Licensee shall not, and shall not permit any third party to:

(a) copy, modify, or create derivative works of the Platform;

(b) reverse engineer, disassemble, decompile, or otherwise attempt to derive the source code or underlying algorithms of the Platform;

(d) access the Platform for the purpose of building a competitive product or service;

(e) use the Platform to store or transmit infringing, defamatory, or unlawful material;

(f) use the Platform to store or transmit material in violation of the AUP;

(g) interfere with or disrupt the integrity or performance of the Platform; or

(h) attempt to gain unauthorized access to the Platform or its related systems.

3.2 Compliance with Laws

Licensee shall use the Platform in compliance with all applicable laws and regulations.

4. ThredCloud Obligations

4.1 Platform Availability

ThredCloud will use commercially reasonable efforts to make the Platform available in accordance with the availability target specified in the Order Form, excluding scheduled maintenance (communicated at least 48 hours in advance) and downtime caused by factors outside ThredCloud's reasonable control.

4.2 Security

ThredCloud shall implement and maintain reasonable administrative, physical, and technical safeguards designed to protect Licensee Data against unauthorized access, use, or disclosure.

4.3 Data Residency

ThredCloud shall store Licensee Data in the geographic region specified in the Order Form.

4.4 Support

ThredCloud shall provide reasonable technical support to Licensee during ThredCloud's normal business hours (9:00 AM to 5:00 PM New Zealand Time, Monday to Friday, excluding New Zealand public holidays).

5. Licensee Obligations

5.1 Account Security

Licensee is responsible for maintaining the confidentiality of account credentials and for all activities that occur under Licensee's account.

5.2 Lawful Use

Licensee shall ensure that its use of the Platform, and the use by its Authorized Users, End Customers, and End Customer Personnel, complies with all applicable laws and regulations.

5.3 AUP Compliance

Licensee shall comply with the AUP and shall ensure that its Authorized Users, End Customers, and End Customer Personnel comply with the AUP.

5.4 Personal Data Restriction

Licensee shall use commercially reasonable efforts to ensure that no Personal Data (other than permitted User Account Data and Incidental Personal Data as defined in the AUP) is uploaded to or processed by the Platform. Licensee acknowledges that the Platform is designed for industrial and operational technology data, not for processing Personal Data.

5.5 End Customer Compliance

If Licensee permits End Customers or End Customer Personnel to access the Platform, Licensee is responsible for ensuring they comply with this Agreement. Any breach by an End Customer or End Customer Personnel shall be treated as a breach by Licensee.

6. Fees and Payment

6.1 Fees

Licensee shall pay the Fees specified in the Order Form in accordance with the payment terms specified therein.

6.2 Taxes

Fees are exclusive of all taxes. Licensee is responsible for paying all applicable taxes, except for taxes based on ThredCloud's net income.

6.3 Late Payment

If Licensee fails to pay any Fees when due, ThredCloud may:

(a) charge interest on overdue amounts at the rate of 1.5% per month (or the maximum rate permitted by law, if less); and

(b) suspend access to the Platform until all overdue amounts are paid in full.

6.4 Fee Disputes

Licensee must notify ThredCloud in writing of any Fee dispute within 30 days of the invoice date. Undisputed amounts remain payable.

7. Intellectual Property and Data Ownership

7.1 ThredCloud Ownership

ThredCloud owns and retains all right, title, and interest in and to the Platform, Documentation, and all related intellectual property rights. This Agreement does not grant Licensee any rights to ThredCloud's intellectual property except as expressly set forth herein.

7.2 Workspace Data Ownership

All data stored within a Licensed Workspace ("Workspace Data") is owned by and remains the property of the End Customer for whom that workspace was provisioned. Licensee acknowledges that:

(a) Each Licensed Workspace represents a single factory equivalent, and all Workspace Data belongs to that factory's owner (the End Customer);

(b) Licensee does not acquire any ownership interest in Workspace Data by virtue of provisioning, managing, or accessing the workspace;

(d) Upon termination of the relationship between Licensee and End Customer, Licensee's access rights to that End Customer's Workspace Data terminate automatically.

7.3 End Customer Rights

End Customers retain the following rights with respect to their Workspace Data:

(a) Export: Request a complete export of their workspace data at any time;

(b) Deletion: Request deletion of their workspace and all data upon termination;

(d) Survival: Workspace Data survives termination of the Licensee's subscription.

ThredCloud will honor reasonable export and deletion requests from End Customers, made directly or via Licensee.

7.4 Licensee Authorization Obligations

(a) End Customer Authorization: Licensee is solely responsible for obtaining and maintaining all necessary authorizations from each End Customer to access, process, and manage Workspace Data on that End Customer's behalf.

(b) AUP Compliance: Licensee is responsible for ensuring that each End Customer complies with ThredCloud's Acceptable Use Policy.

(c) Material Breach: Failure to maintain proper End Customer authorization constitutes a material breach of this Agreement.

7.5 ThredCloud's License to Process

Licensee (on behalf of each End Customer) grants ThredCloud a non-exclusive, worldwide, royalty-free license to use, copy, store, and process Workspace Data to:

(a) provide, maintain, and operate the Platform;

(b) improve, enhance, and develop ThredCloud's products and services, including the Platform;

(c) generate insights, analytics, and machine learning models that improve the Platform's functionality, performance, and capabilities; and

(d) create Aggregated Data (as defined in Section 7.7).

7.6 Feedback

If Licensee provides suggestions, ideas, or feedback regarding the Platform ("Feedback"), Licensee grants ThredCloud a perpetual, irrevocable, royalty-free license to use and incorporate such Feedback into ThredCloud's products and services.

7.7 Aggregated Data

ThredCloud may collect, aggregate, and anonymize data derived from Workspace Data and Licensee's use of the Platform ("Aggregated Data") for purposes including:

(a) product improvement and development;

(b) benchmarking and performance analytics;

(d) industry research and reporting; and

(e) marketing ThredCloud's products and services.

Aggregated Data shall not identify Licensee, any End Customer, any Authorized User, any End Customer Personnel, or any individual. ThredCloud owns all right, title, and interest in Aggregated Data

8. Confidentiality

8.1 Obligations

Each party shall:

(a) protect the other party's Confidential Information using at least the same degree of care it uses to protect its own confidential information, but no less than reasonable care;

(b) not use the other party's Confidential Information except as necessary to perform its obligations or exercise its rights under this Agreement; and

(c) not disclose the other party's Confidential Information to third parties except to employees, contractors, and agents who need to know and are bound by confidentiality obligations at least as protective as those in this Agreement.

8.2 Exceptions

Confidential Information does not include information that:

(a) is or becomes publicly available without breach of this Agreement;

(b) was known to the receiving party prior to disclosure;

(d) is rightfully obtained from a third party without restriction.

8.3 Required Disclosure

A party may disclose Confidential Information if required by law or court order, provided the disclosing party gives reasonable prior notice to the other party (where permitted) and cooperates in seeking confidential treatment.

9. Warranties

9.1 Performance Warranty

ThredCloud warrants that the Platform will perform materially in accordance with the Documentation during the Term ("Performance Warranty").

9.2 Warranty Remedies

If the Platform fails to conform to the Performance Warranty, Licensee must notify ThredCloud in writing, describing the non-conformity in reasonable detail. Upon receipt of such notice, ThredCloud shall, at its option and as Licensee's sole and exclusive remedy:

(a) Cure: Use commercially reasonable efforts to correct the non-conformity within a reasonable timeframe; or

(b) Re-perform: Re-perform the affected services or functionality to achieve material conformity with the Documentation; or

(c) Terminate: If ThredCloud is unable to cure or re-perform within a reasonable time (not exceeding 90 days from Licensee's notice), either party may terminate the affected Order Form upon written notice.

The remedies in this Section 9.2 are sequential — ThredCloud shall first attempt to cure or re-perform before termination becomes available. Termination under this Section does not entitle Licensee to a refund of Fees already paid; Licensee's obligation to pay Fees for the period prior to termination remains in effect.

9.3 Mutual Warranties

Each party represents and warrants that:

(a) it has the legal power and authority to enter into this Agreement; and

(b) it will comply with all applicable laws in its performance under this Agreement.

9.4 Disclaimer

Except as expressly set forth in this Agreement, ThredCloud makes no warranties of any kind, whether express, implied, statutory, or otherwise. ThredCloud specifically disclaims all implied warranties, including any warranties of merchantability, fitness for a particular purpose, title, and non-infringement, to the maximum extent permitted by applicable law.

10. Limitation of Liability

10.1 Liability Cap

Except for Excluded Claims (defined below), each party's total cumulative liability arising out of or related to this Agreement shall not exceed the total Fees paid or payable by Licensee during the twelve (12) months immediately preceding the claim.

10.2 Exclusion of Consequential Damages

In no event shall either party be liable to the other for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits, revenue, data, or business opportunities, arising out of or related to this Agreement, regardless of whether such damages were foreseeable or whether either party was advised of the possibility of such damages.

10.3 Excluded Claims

The limitations in Sections 10.1 and 10.2 shall not apply to:

(a) Licensee's payment obligations;

(b) either party's indemnification obligations under Section 11;

(d) Licensee's breach of Section 3 (Restrictions); or

(e) either party's gross negligence, willful misconduct, or fraud.

10.4 Jurisdictional Limitations

Some jurisdictions do not allow the exclusion or limitation of certain damages. In such jurisdictions, the limitations above shall apply to the maximum extent permitted by applicable law.

11. Indemnification

11.1 ThredCloud Indemnification

ThredCloud shall defend, indemnify, and hold harmless Licensee from and against any third-party claim that the Platform infringes any patent, copyright, or trademark, or misappropriates any trade secret, and shall pay any resulting damages awarded or settlement amounts, provided that:

(a) Licensee promptly notifies ThredCloud in writing of the claim;

(b) ThredCloud has sole control of the defense and settlement; and

ThredCloud's obligations under this Section 11.1 do not apply if the claim arises from: (i) Licensee Data; (ii) modifications to the Platform not made by ThredCloud; (iii) combination of the Platform with other products or services not provided by ThredCloud; or (iv) Licensee's use of the Platform in violation of this Agreement.

11.2 Licensee Indemnification

Licensee shall defend, indemnify, and hold harmless ThredCloud from and against any third-party claim arising from or related to:

(a) Workspace Data or Licensee's use of the Platform;

(b) Licensee's breach of this Agreement;

(d) any claim brought by an End Customer or End Customer Personnel;

(e) Licensee's failure to obtain proper authorization from an End Customer;

(f) Licensee's unauthorized access to or use of Workspace Data; or

(g) any dispute between Licensee and an End Customer regarding data access or ownership

Licensee shall pay any resulting damages awarded or settlement amounts, provided that ThredCloud promptly notifies Licensee in writing of the claim, Licensee has sole control of the defense and settlement (except that Licensee may not settle any claim that imposes obligations on ThredCloud without ThredCloud's prior written consent), and ThredCloud provides reasonable cooperation at Licensee's expense.

12. Term and Termination

12.1 Term

This Agreement commences on the Effective Date and continues for the initial term specified in the Order Form. Unless either party provides written notice of non-renewal at least the number of days specified in the Order Form (or 30 days if not specified) prior to the end of the then-current term, the Agreement shall automatically renew for successive renewal periods as specified in the Order Form.

12.2 Termination for Breach

Either party may terminate this Agreement upon written notice if the other party materially breaches this Agreement and fails to cure such breach within 30 days of receiving written notice thereof.

12.3 Termination for Insolvency

Either party may terminate this Agreement immediately upon written notice if the other party becomes insolvent, makes an assignment for the benefit of creditors, or becomes subject to bankruptcy or similar proceedings.

12.4 Effect of Termination

Upon termination or expiration of this Agreement:

(a) Licensee's right to access and use the Platform shall immediately cease;

(b) Licensee shall pay all outstanding Fees through the effective date of termination;

(d) upon Licensee's written request made within 30 days of termination, ThredCloud shall make Licensee Data available for export in a standard format. After such 30-day period, ThredCloud may delete Licensee Data.

12.5 Survival

The following Sections shall survive termination or expiration of this Agreement: 1 (Definitions), 6 (Fees and Payment, to the extent of unpaid amounts), 7 (Intellectual Property), 8 (Confidentiality), 9.3 (Disclaimer), 10 (Limitation of Liability), 11 (Indemnification), 12.4 (Effect of Termination), 12.5 (Survival), and 14 (General Provisions).

13. Governing Law and Dispute Resolution

13.1 Governing Law

This Agreement shall be governed by and construed in accordance with the laws of New Zealand, without regard to its conflict of laws principles.

13.2 Jurisdiction

The parties submit to the exclusive jurisdiction of the courts of New Zealand for any dispute arising out of or related to this Agreement.

14. General Provisions

14.1 Entire Agreement and Order of Precedence

This Agreement, together with all Order Forms and Schedules, constitutes the entire agreement between the parties regarding its subject matter and supersedes all prior agreements, proposals, or representations. In the event of any conflict between the terms of this Agreement and the terms of an Order Form, the terms of the Order Form shall prevail to the extent of the conflict.

14.2 Assignment

Neither party may assign this Agreement without the other party's prior written consent, except that either party may assign this Agreement to an affiliate or in connection with a merger, acquisition, or sale of all or substantially all of its assets. Any purported assignment in violation of this Section shall be void.

14.3 Modifications

ThredCloud may update the Schedule from time to time. ThredCloud shall provide Licensee with at least 30 days' notice of any material adverse changes. Continued use of the Platform after such notice constitutes acceptance of the modified terms.

14.4 Waiver

No failure or delay by either party in exercising any right under this Agreement shall constitute a waiver of that right.

14.5 Severability

If any provision of this Agreement is held to be invalid or unenforceable, the remaining provisions shall continue in full force and effect.

14.6 Force Majeure

Neither party shall be liable for any delay or failure to perform (other than payment obligations) due to causes beyond its reasonable control, including acts of God, natural disasters, war, terrorism, labor disputes, government actions, or internet service interruptions.

14.7 Notices

All notices under this Agreement shall be in writing and sent to the addresses specified in the Order Form. Notices shall be deemed given when delivered personally, one business day after sending by overnight courier, or three business days after sending by certified mail.

14.8 Independent Contractors

The parties are independent contractors. Nothing in this Agreement creates any partnership, joint venture, agency, or employment relationship.

14.9 No Third-Party Beneficiaries

This Agreement does not create any third-party beneficiary rights, except as expressly provided in Section 11 (Indemnification).

14.10 Counterparts

Order Forms may be executed in counterparts, each of which shall be deemed an original and all of which together shall constitute one instrument.

ThredCloud Cloud Limited
264 Whangaparaoa Road, Red Beach, Red Beach, 0932, New Zealand
New Zealand Company Number: 9385201

Schedule A — Acceptable Use Policy

A.1 Purpose

The ThredCloud Platform is designed for industrial and operational technology (OT) data — equipment telemetry, process data, sensor readings, and related industrial information. This Schedule A defines the permitted and prohibited uses of the Platform to ensure security, compliance, and optimal performance for all users.

A.2 Permitted Data

Licensee may upload, store, and process the following categories of data on the Platform:

A.2.1 Industrial and OT Data

Equipment telemetry and sensor readings
Process control data and historian data
Asset information and equipment metadata
Alarm and event data
Production and manufacturing data
Energy and utility consumption data

A.2.2 User Account Data

Names and business email addresses of Authorised Users
User roles and access permissions
Authentication credentials (encrypted)
Audit logs of user activity within the Platform

A.2.3 Incidental Personal Data

The following categories of personal data are permitted where they arise incidentally in the context of industrial operations:

Operator names or identifiers appearing in equipment logs
Technician or maintenance personnel identifiers
Shift supervisor names in production records
Employee IDs associated with equipment interactions

A.3 Prohibited Data

Licensee shall use commercially reasonable efforts to ensure that no Personal Data (other than User Account Data and Incidental Personal Data) is uploaded to or processed by the Platform.

The following categories of data are strictly prohibited:

A.3.1 Sensitive Personal Data

Government-issued identifiers (passport numbers, national ID numbers, social security numbers, driver's licence numbers)
Financial account information (bank account numbers, credit card numbers)
Biometric data (fingerprints, facial recognition data, retinal scans)
Health or medical information
Genetic data
Racial or ethnic origin data
Political opinions, religious or philosophical beliefs
Trade union membership
Sexual orientation data
Criminal history or judicial data

A.3.2 Other Prohibited Data

Consumer personal data (data about individuals who are not employees or contractors of Licensee)
Children's data (data relating to individuals under 16 years of age)
Data subject to specific regulatory regimes (e.g., HIPAA-protected health information, PCI-DSS cardholder data)
Classified or government-restricted information
Data that Licensee does not have the legal right to collect, store, or process

A.4 Personal Data Avoidance

A.4.1 Commercially Reasonable Efforts

Licensee shall use commercially reasonable efforts to:

(a) Avoid uploading Personal Data (other than permitted User Account Data and Incidental Personal Data) to the Platform;

(b) Implement technical and organisational measures to prevent Personal Data from being included in data feeds, integrations, or uploads to the Platform;

(d) Regularly audit data flows to the Platform to identify and remediate any unintended Personal Data uploads; and

(e) Promptly notify ThredCloud if Licensee becomes aware that Prohibited Data has been uploaded to the Platform.

A.4.2 Remediation

If Prohibited Data is discovered on the Platform:

(a) Licensee shall notify ThredCloud promptly upon discovery;

(b) Licensee shall take immediate steps to delete or anonymise the Prohibited Data; and

(c) ThredCloud may, at its discretion and upon reasonable notice, assist with deletion or suspend access to affected data.

A.5 Prohibited Conduct

Licensee shall not, and shall not permit any Authorised User, End Customer, or End Customer Personnel to:

A.5.1 Security Violations

Attempt to gain unauthorised access to the Platform, other accounts, or ThredCloud systems
Circumvent or disable security features or access controls
Probe, scan, or test the vulnerability of the Platform without ThredCloud's prior written consent
Introduce malware, viruses, or other harmful code

A.5.2 Abuse and Misuse

Use the Platform in a manner that disrupts, degrades, or impairs performance for other users
Generate excessive load through automated means (bots, scripts, crawlers) beyond reasonable use patterns
Use the Platform for cryptocurrency mining or similar resource-intensive activities
Resell or redistribute Platform access except as permitted under Section 2.3 of the Agreement

A.5.3 Unlawful Use

Use the Platform for any purpose that violates applicable law or regulation
Store, transmit, or process data in violation of export control laws
Engage in fraudulent, deceptive, or misleading activities
Infringe the intellectual property rights of ThredCloud or any third party

A.5.4 Harmful Content

Upload or transmit content that is defamatory, obscene, threatening, or harassing
Upload or transmit content that promotes violence or discrimination
Use the Platform to send unsolicited communications (spam)

A.6 Data Classification

A.6.1 Data Classes

All data stored within a Licensed Workspace falls into one of three macro classes:

(a) Knowledge Graph Context Data — Semantic relationships, entity definitions, asset hierarchies, business rules, and contextual metadata that structure and give meaning to operational data. This data defines how information relates and is interpreted within the Platform.

(b) Set-up and Configuration Data — Workspace settings, tag structures, connection configurations, user preferences, integration settings, and system parameters required to operate the Licensed Workspace.

(c) Managed Data — Data that is managed by the Platform but not permanently retained. Managed Data includes, but is not limited to, time-based data such as:

Managed Data is subject to storage cap limits and first-in, first-out (FIFO) deletion once the Data Usage Cap is reached, as set out in Section A.7.

Equipment telemetry and sensor readings
Alarm and event data
System and operational logs
Energy and utility consumption data
Operator activity data
Process values and historian data
Derived, aggregated, calculated, or transformed data (including KPIs, analytics outputs, trend analyses, and AI/ML-generated insights)

Managed Data is subject to storage cap limits and first-in, first-out (FIFO) deletion once the Data Usage Cap is reached, as set out in Section A.7.

A.6.2 Data Preservation Classes

Knowledge Graph Context Data and Set-up and Configuration Data are Persisted Data — retained indefinitely during the Subscription Term and not subject to storage cap deletion.

Data falling within category (c) above is Managed Data — subject to storage cap limits and the data management provisions in Section A.7.

A.7 Data Usage Cap

A.7.1 Usage Limits — Per Workspace

The Order Form specifies a Data Usage Cap per Licensed Workspace, which is the maximum data storage volume permitted for Managed Data within each Licensed Workspace. Each Licensed Workspace has its own separate Data Usage Cap.

The Data Usage Cap is separate from and in addition to Tag Block limits:

Tag Blocks define the maximum number of active Tags (data points) Licensee may maintain within each Workspace
Data Usage Cap defines the maximum storage consumed by Managed Data within each Workspace

Persisted Data (Knowledge Graph Context Data and Set-up and Configuration Data) does not count toward the Data Usage Cap.

A.7.2 Monitoring and Notification

ThredCloud will:

(a) Provide Licensee with reasonable visibility into current data usage per Workspace via the Platform, broken down by data class;

(b) Notify Licensee when any Workspace reaches 80% of its Data Usage Cap; and

A.7.3 Exceeding the Cap

If any Licensed Workspace reaches or exceeds its Data Usage Cap, Licensee has two options:

(a) Upgrade Subscription Tier — Licensee may purchase additional storage capacity by upgrading to a higher subscription tier or adding storage capacity via an amended Order Form. Upon upgrade, data ingestion continues normally.

(b) Automatic Data Deletion — If Licensee does not upgrade within 14 days of receiving notice that the Data Usage Cap has been reached, the oldest Managed Data exceeding the cap will be automatically deleted on a first-in, first-out (FIFO) basis until usage is within the cap.

ThredCloud shall not be liable for any data loss resulting from automatic deletion under this Section.

A.7.4 Deletion Scope

Automatic deletion under Section A.7.3(b) applies only to Managed Data (oldest data deleted first)

The following are never subject to automatic deletion:

Knowledge Graph Context Data
Set-up and Configuration Data
Any data within the Data Usage Cap limit

A.7.5 End Customer Data

Data uploaded by End Customers or End Customer Personnel within a Workspace counts toward that Workspace's Data Usage Cap (to the extent it constitutes Managed Data). Licensee is responsible for managing usage within each Workspace, including data from all Authorised Users, End Customers, and End Customer Personnel

A.8 End Customer Compliance

If Licensee permits End Customers or End Customer Personnel to access the Platform:

(a) Licensee is responsible for ensuring all End Customers and End Customer Personnel comply with this AUP;

(b) Violations by End Customers or End Customer Personnel are treated as violations by Licensee;

(d) ThredCloud may suspend access if AUP violations occur, regardless of whether caused by Licensee, End Customer, or End Customer Personnel;

(e) Licensee shall indemnify ThredCloud against any claims arising from End Customer or End Customer Personnel violations.

(b) Suspend Licensee's access to all or part of the Platform;

(d) Terminate the Agreement for material breach; or

(e) Pursue any other remedies available under the Agreement or applicable law.

A.9.3 Emergency Suspension

ThredCloud may immediately suspend access without notice if:

The violation poses an imminent threat to the security or integrity of the Platform;
The violation may expose ThredCloud or other users to legal liability; or
Required by law or regulatory authority.

ThredCloud will provide notice of emergency suspension as soon as reasonably practicable.

A.10 Reporting Violations

Licensee should report suspected AUP violations (including by other users) to:

Email: security@ThredCloudcloud.com

ThredCloud will investigate reports in good faith and take appropriate action.

ThredCloud SaaS Agreement.

1. Definitions

2. Grant of Rights

2.1 License Grant

2.2 Scope

2.3 End Customer Access

JOIN US ON LINKEDIN