Corpus Agreement

Template (customize placeholders before use)

Plain‑English Overview (non‑binding)

This Agreement explains how you (the Customer) may use Corpus (the Service), how we protect your data, what we each promise, and what happens if things go wrong.

If anything here conflicts with the legal terms below, the legal terms control.

Effective Date & Parties

Effective Date: [YYYY‑MM‑DD] Order Form(s): [Order reference]
Provider
[Company Legal Name], a [jurisdiction] company
Principal place of business: [address]
(“Provider,” “we,” “us”)
Customer
The entity or person agreeing to these terms
(“Customer,” “you”)
Legal name: [Customer Legal Name]

  • Affiliate: Entity controlling, controlled by, or under common control with a party.
  • Authorized Users: Employees, contractors, or agents Customer authorizes to use the Service.
  • Customer Data: Data submitted to or collected by the Service on behalf of Customer, including personal data.
  • Documentation: User guides, help text, and specs for the Service.
  • Service: Provider’s multi‑tenant, web‑based Corpus application and hosted components.
  • Sensitive Data: Data needing special protections unless expressly permitted in writing.
  • SLA: The service level and support commitments in Annex C.

2.1 Provision. During the Subscription Term in the Order, Provider will make the Service available per this Agreement, Documentation, and SLA.

2.2 Accounts. Customer configures roles/permissions, keeps credentials confidential, and is responsible for activities under its accounts.

2.3 Restrictions. No reverse engineering; no security circumvention; no competing product; no AUP violations.

3.1 What Corpus Is. SaaS for agencies, publishers, and rights teams: submissions, rights/contracts, analytics, notifications; multi‑tenant with tenant isolation.

3.2 Third‑Party Services. Interoperates with third parties (email/SMS, storage, AI). Their terms apply.

4.1 Compliance. Use only in compliance with law and the AUP.

4.2 Content & Rights. Customer has rights to Customer Data; use does not infringe third‑party rights.

4.3 Security Configuration. Customer secures users/SSO/API keys and classification; Provider provides reasonable guidance.

5.1 Ownership. Provider keeps IP in Service/Docs; Customer keeps IP in Customer Data.

5.2 License. Non‑exclusive, non‑transferable right to use Service during the term, subject to payment/compliance.

5.3 Feedback. Provider may use feedback to improve the Service (no identifying Customer).

5.4 OSS. Open‑source notices provided on request.

6.1 Ownership & Control. Customer owns Customer Data; Provider is processor/service provider.

6.2 DPA. Annex B governs personal data; controls in case of conflict.

6.3 Security Program. Safeguards per Annex D (encryption, RBAC, logging, backups, vulnerability management).

6.4 Customer Duties. Lawful collection/consents; no Sensitive Data unless permitted.

6.5 Subprocessors. Allowed per Annex B; Provider remains responsible.

6.6 Incident Response. Notify without undue delay after confirmed breach; cooperate per Annex B.

7.1 Definition. Confidential info includes marked or reasonably confidential info.

7.2 Obligations. Use only for this Agreement; protect with reasonable care; disclose only as needed under similar duties.

7.4 Compelled Disclosure. Allowed when legally compelled with notice/cooperation where lawful.

8.1 Fees. As in Order; auto‑renew unless stated; price changes with at least [60] days notice.

8.2 Payment. Due within [30] days; interest [1.5%]/month (or max allowed).

8.3 Taxes. Customer pays applicable taxes/withholdings (except Provider income taxes).

8.4 Suspension. Possible for material non‑payment after [10] days notice.

9.1 Term. Starts on Effective Date; continues until Orders end.

9.2 For Cause. Terminate for material breach not cured within [30] days.

9.3 Convenience. Only if an Order allows it.

9.4 Suspension. Immediate suspension for security risk, unlawful activity/AUP violations, or urgent maintenance.

10.1 Self‑Service Export. Export in common formats for 30 days after termination.

10.3 Deletion. Delete/anonymize within 60 days (active) and 90 days (backups), unless law requires more.

10.4 Logs. Logs retained for [90] days unless stated otherwise.

11.1 Mutual. Authority to enter this Agreement.

11.2 Service Warranty. Material conformance to Documentation; services performed professionally.

11.3 Disclaimers. Otherwise “AS IS/AS AVAILABLE”; implied warranties disclaimed; beta features without warranties.

12.1 Provider (IP). Defend/indemnify for IP infringement claims about the Service as provided; remedies include modify/license/terminate with prorated refund; exclusions apply.

12.2 Customer. Indemnify for Customer Data, unlawful/AUP‑violating use, unauthorized combinations.

12.3 Procedure. Notice, defense control, cooperation.

No indirect/consequential damages. Liability cap equals amounts paid/payable in the prior 12 months under the applicable Order. Exceptions apply (fees due, IP, confidentiality, indemnities).

Provider may list Customer’s name/logo as a customer, subject to brand guidelines. Case studies/press releases require prior written consent.

Each party complies with anti‑corruption, export control, and sanctions laws; Customer is not sanctioned and will not use the Service in prohibited jurisdictions.

Provider may modify the Service if core functionality isn’t materially reduced. Material adverse term changes: 30 days notice.

No liability for failures beyond reasonable control; parties use reasonable efforts to mitigate and resume.

Legal notices must be in writing to addresses in the Order (and legal@[Provider Domain] for Provider).

Governed by the laws of Türkiye; courts of İstanbul have exclusive jurisdiction. CISG does not apply.

No assignment without consent except Affiliate/transaction. Provider may subcontract but remains responsible.

Entire agreement is Agreement + Orders + Annexes. Order > Annex B > Agreement > Annexes > Documentation.

Unenforceable terms are modified minimally; remainder remains. No waiver by non‑enforcement. Independent contractors.

Signatures

Provider
By: ____________________________
Name/Title: _____________________
Date: ___________________________
Customer
By: ____________________________
Name/Title: _____________________
Date: ___________________________

Annex A — Acceptable Use Policy (AUP)

  • No Illegal/Abusive Use. No unlawful, infringing, defamatory, harassing, fraudulent activity.
  • Security. No probing/scanning/testing vulnerabilities or bypassing controls; no malware.
  • Email/Messaging. No spam or unlawful bulk messaging.
  • Sensitive Data. Do not upload without a written exception in the Order.
  • Resource Abuse. Do not overload or materially degrade the Service.
Provider may investigate suspected violations and suspend/terminate access.

Annex B — Data Processing Addendum (DPA)

(Processor/Service Provider terms under GDPR, KVKK, CCPA/CPRA)
  • Roles. Customer = Controller; Provider = Processor.
  • Instructions. Processing only per documented instructions.
  • Subprocessors. Notice of changes; objection right.
  • Security. See Annex D.
  • Breach Notice. Notify without undue delay after confirmed breach.
  • Transfers. Appropriate safeguards (SCCs/UK addendum/KVKK).
  • Deletion. Per Section 10.

Annex C — SLA & Support Policy

  • Availability. Target monthly uptime: 99.5%.
  • Maintenance. Sundays 02:00–04:00 Europe/Istanbul (typical).
  • Credits. 99.0–99.5%: 5% • 98.0–98.99%: 10% • 95.0–97.99%: 20% • <95%: 30%.
  • Support. 09:00–18:00 Europe/Istanbul, Mon–Fri.
  • Response targets. P1: 1h • P2: 4h • P3: 1d • P4: 2d.
  • Backups. Daily encrypted; RPO 24h; RTO 24–48h.

Annex D — Security Overview

  • SSO/2FA, RBAC, least privilege, access reviews.
  • TLS in transit; at‑rest encryption for databases/backups.
  • Logical tenant isolation; separate prod/staging.
  • Centralized logs, alerting, vulnerability scanning.
  • Incident response playbooks.

Implementation Notes

  • Replace bracketed placeholders.
  • Confirm governing law/venue.
  • Attach current subprocessor list.