Last updated: June 6, 2019 To see what has changed in this Agreement, click here.
MongoDB, Inc. and MongoDB Limited (“we,” “us,” or “our”) are pleased to offer certain web services (“Cloud Services”) according to the terms and conditions in this Agreement (“Agreement”). If you are located in the Americas (excluding the Caribbean) or Japan, your counterparty is MongoDB, Inc.; if you are located anywhere else (including the Caribbean), your counterparty is MongoDB Limited. By creating an account to use the Cloud Services, you agree to this Agreement. If you represent an organization, you represent and warrant that you are authorized to agree to this Agreement on behalf or your organization. If you do not agree to this Agreement, do not use the Cloud Services.
You may access and use our Cloud Services in accordance with this Agreement. The service level agreement we currently offer with respect to MongoDB Atlas is located at: https://www.mongodb.com/cloud/atlas/availability-sla. The service level agreement we currently offer with respect to MongoDB Stitch is located at https://www.mongodb.com/cloud/stitch/availability-sla. The Cloud Services may include features or services that have separate rules specific to the feature or service. You will comply with all laws, rules and regulations applicable to the use of the Cloud Services and any additional feature or service you use. You understand and agree that we may change, suspend or discontinue any part or all of the Cloud Services. We will notify you of any material change to or discontinuation of the Cloud Services by email or via our website.
Some Cloud Services may be in pre-production, testing, or “beta” phase (each, a “Beta Offering”), for the purpose of evaluating performance, identifying defects and obtaining feedback. We have no obligation to release a final version of any Beta Offering.
If you purchase support for MongoDB Atlas (“Support”), we will provide you with Support in accordance with the applicable support policy on our website, currently available at https://www.mongodb.com/support-policy. We may modify our support policy from time to time. Each time you register to receive Support, you are obligated to pay for a minimum of 30 days of Support. If you promptly or repeatedly re-register for Support after terminating it, we may charge you for the time period in which your Support was inactive or refuse to provide you Support.
2. Registration and Your Account.
To register to use the Cloud Services, you must create a username and password and provide us with the information requested in the registration process. You must provide complete and accurate information during the registration process and will update your information to ensure it remains accurate. You may not disclose your username, password or multi-factor authentication information to any unauthorized persons. You are responsible for all activity that occurs in your account, regardless of whether undertaken by you, your employees or a third party (including contractors or agents), and we and our affiliates are not responsible for unauthorized access to your account. You must contact us immediately if you believe unauthorized activity occurred in your account or your account information is lost or stolen.
3. Your Data.
(a) You are solely responsible for your data. You will ensure that your data, and your use of it, complies with this Agreement and any applicable law. You are responsible for properly configuring and using the Cloud Services and taking your own steps to maintain appropriate security, protection and backup of your data. You will not store or process protected health information using the Cloud Services unless you sign a Business Associate Agreement with us. We routinely collect and analyze metadata regarding your usage of the Cloud Services, excluding any personal data. We may use this information to gauge Cloud Services usage levels and application performance, as well as to create anonymized statistics for our own marketing purposes. We may deactivate your M0 (Free Tier) MongoDB Atlas cluster if you do not use it for 30 days, after which we will use commercially reasonable efforts to allow you to reactivate the cluster by request to us.
(b) Data Processing. For the purposes of this Section 3(b), terms defined by European Union Regulation 2016/679 (“GDPR”) have the meanings provided by GDPR.
(i) We will process any personal data you include in your use of our Cloud Services (the “Customer Personal Data“) on your behalf as a processor, and you are the controller of such data.
(ii) Each party undertakes to comply with all data protection legislation applicable to it (“Data Protection Law“) and shall not knowingly cause the other to breach Data Protection Law.
(iii) As Customer’s processor, MongoDB will process personal data for only the following purposes: (A) provisioning of the Cloud Services; (B) processing initiated by Customer in its use of the Cloud Services; and (C) processing to comply with the Agreement and other reasonable instructions provided by Customer that are consistent with the terms of the Agreement.
(iv) We will ensure that our personnel who have access to Customer Personal Data have committed themselves to confidentiality and are aware of and comply with our obligations under this Agreement.
(v) We will implement appropriate technical and organizational security measures to ensure a level of security appropriate to the risks that are presented by the processing of Customer Personal Data. The current technical and organizational security measures with respect to MongoDB Atlas are described at mongodb.com/technical-and-organizational-security-measures. With respect to Customer Personal Data, you agree that those technical and organizational security measures satisfy Data Protection Law. We will notify you without undue delay if we become aware of a data breach affecting Customer Personal Data.
(vi) You acknowledge and agree that we may retain our affiliates and other third parties to further process personal data on your behalf (as “Subprocessors“) in connection with the provision of the Cloud Services having imposed on such Subprocessors the same data protection obligations as are imposed on us under this Agreement. We will be liable to you for the performance of the Subprocessors' obligations to the extent required by Data Protection Law. We maintain a current list of our Subprocessors at https://www.mongodb.com/cloud/trust/compliance/subprocessors, which we will update at least 30 days before the addition or replacement of any Subprocessors. You may also sign up to receive email notifications of any updates to our list of Subprocessors.
(vii) MongoDB will, to the extent legally permitted, promptly notify Customer if MongoDB receives any request from a data subject to exercise its rights under Data Protection Law in relation to Customer Personal Data (each, a “Data Subject Request”). Taking into account the nature of the processing, and solely to the extent that Customer cannot access Customer Personal Data itself, MongoDB will assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of Customer’s obligation to respond to a Data Subject Request under applicable Data Protection Law. To the extent legally permitted, Customer shall be responsible for any costs arising from MongoDB’s provision of such assistance, including any fees associated with provision of additional functionality.
(viii) Taking into account the nature of the processing and the information available to us, we will provide reasonable assistance, at your request and cost, to comply with the obligations under Data Protection Law with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators, in each case solely related to processing of Customer Personal Data by MongoDB.
(ix) Use of the Cloud Services may involve transfers of Customer Personal Data outside of the European Union. We have appropriate safeguards in place for the processing of Customer Personal Data outside of the European Union, including certification by MongoDB under the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Frameworks and through the use of standard contractual clauses. If you elect to transfer Customer Personal Data to a Subprocessor outside of the European Union, you authorize us to apply our standard contractual clauses with that Subprocessor.
(x) Upon termination of this Agreement or upon your request, we will destroy or return all Customer Personal Data to you unless applicable law requires storage of the Customer Personal Data.
(xi) Upon Customer’s request, and subject to the confidentiality obligations set forth below, MongoDB will make available to Customer (or Customer’s independent, third-party auditor) information regarding MongoDB’s compliance with the security obligations set forth in this Agreement in the form of third-party certifications and audit reports (“MongoDB Information”). Customer may use MongoDB Information only to evaluate the Cloud Services and will use a high degree of care to avoid disclosure of MongoDB Information. Customer will not disclose MongoDB Information to any third party without MongoDB's prior written consent. Customer’s confidentiality obligations will continue for three years after this Agreement terminates.
(xii) If the MongoDB Information is not sufficient to demonstrate our compliance with the security obligations in this Agreement, Customer may contact MongoDB in accordance with the notice provision of this Agreement to request an on-site audit of MongoDB’s procedures relevant to the protection of personal data, but only to the extent required under applicable Data Protection Law. Customer will reimburse MongoDB for its reasonable costs associated with any such on-site audit. Before the commencement of any such on-site audit, Customer and MongoDB will mutually agree upon the scope, timing, and duration of the audit. Customer will promptly notify MongoDB with information regarding any non-compliance discovered during the course of an audit, and MongoDB will use commercially reasonable efforts to address any confirmed non-compliance.
4. Payment and Taxes.
(a) Services Fees. We calculate and bill fees and charges as described on the site specific to the Cloud Service you are using. For monthly charges, we may bill you more frequently for fees accrued if we believe there is a risk of non-payment or if we suspect that your account is fraudulent. If you choose monthly billing by credit card, you authorize a recurring monthly charge to your credit card based on our current fee schedule for the Cloud Services. You will pay us the applicable fees and charges for use of the Cloud Services as described on the applicable site using your credit card. All amounts payable for the Cloud Services will be made without setoff or deduction, and all amounts paid are non-refundable. We may increase or add new fees and charges for a Cloud Service by updating the applicable site. In the event that we change the pricing for the Cloud Services, the fees payable by you will increase or decrease in accordance with any such modification upon the date specified on the applicable site. We may charge you interest at the rate of 1% per month or the highest rate permitted by law on any late payment.
(b) Taxes. All fees and charges payable by you are exclusive of applicable taxes and duties, including VAT and applicable sales tax. You will provide us any information we reasonably request to determine whether we are obligated to collect VAT from you, including your VAT identification number. If you are legally entitled to an exemption from any sales, use, or similar transaction tax, you are responsible for providing us with legally-sufficient tax exemption certificates for each taxing jurisdiction. We will apply the tax exemption certificates to charges under your account occurring after the date we receive the tax exemption certificates. If any deduction or withholding is required by law, you will notify us and will pay us any additional amounts necessary to ensure that the net amount that we receive, after any deduction and withholding, equals the amount we would have received if no deduction or withholding had been required. Additionally, you will provide us with documentation showing that the withheld and deducted amounts have been paid to the relevant taxing authority.
5. Term and Termination.
(a) Term; Termination. The term of this Agreement commences when you create an account and will remain in effect until terminated in accordance with this Agreement. You may terminate this Agreement by terminating all Cloud Services under your account, and we may terminate this Agreement for any reason by providing you 30 days’ advance notice. We may also terminate your account and this Agreement, or suspend your access to the Cloud Services, immediately if: (i) we change the way we provide or discontinue any Cloud Service; (ii) you are late in payment or otherwise in breach of this Agreement; (iii) we determine that there is a risk to the Cloud Services or any third party; (iv) we determine that your use of the Cloud Services may be unlawful; or (v) you have ceased to operate in the ordinary course, made an assignment for the benefit of creditors or similar disposition of your assets, or become the subject of any bankruptcy, reorganization, liquidation, dissolution or similar proceeding. We may suspend or terminate your access to or use of any Beta Offering at any time and for any reason. If we suspend your right to access or use any portion or all of the Cloud Services, you remain responsible for all fees and charges you have incurred during the suspension and you will not be entitled to any credit or refund.
(b) Effect of Termination. Upon termination of this Agreement (i) all your rights under this Agreement immediately terminate; and (ii) you remain responsible for all fees and charges you have incurred through the date of termination. We have no obligation to continue to store the data contained in backup snapshots or in a MongoDB Atlas cluster that you have terminated or after termination of this Agreement.
6. Intellectual Property Rights and Ownership.
(a) Your Data. You represent and warrant to us that: (a) you have all rights in your data necessary to grant the rights contemplated by this Agreement; and (b) none of your data violates this Agreement, any applicable law or any third party’s intellectual property or other right.
(b) Our Service. You may not: (a) modify, alter, tamper with, repair, or create derivative works of any software included in the Cloud Services; (b) reverse engineer, disassemble, or decompile the Cloud Services or apply any other process or procedure to derive the source code of any software included in the Cloud Services; (c) access or use the Cloud Services in a way intended to avoid incurring fees or exceeding usage limits or quotas; (d) resell or sublicense the Cloud Services; (e) use the Cloud Services in connection with any fork or derivative work of the MongoDB database; (f) attempt to disable or circumvent any security mechanisms used by the Cloud Services; (g) use the Cloud Services to perform a harmful activity; or (h) upload or otherwise process any harmful content to or through the Cloud Services.
(c) No Other Rights. This Agreement does not transfer any right, title or interest in any intellectual property to any party, except as expressly set forth in this Agreement. You are not obligated to provide us with any suggestions or other feedback about the Cloud Services or otherwise, but if you do, we may use and modify this feedback without any restriction or payment.
7. No Warranty.
The Cloud Services, including Beta Offerings, are provided on an "AS IS" and "AS AVAILABLE" basis and with no representation or warranty of any kind. Except to the extent prohibited by law, we disclaim any implied or statutory warranty, including any implied warranty of merchantability or fitness for a particular purpose, and any warranty arising out of any course of dealing or usage of trade.
8. Limitation of Liability.
We and our affiliates and licensors will not be liable to you for any indirect, incidental, special, consequential or exemplary damages (including damages for loss of profits, goodwill, use or data). We and our affiliates and licensors will not be responsible for any compensation, reimbursement or direct damages arising in connection with: (a) your inability to use the Cloud Services; (b) the cost of procurement of substitute goods or services; (c) any investments, expenditures or commitments by you in connection with this Agreement or your use of or access to the Cloud Services; or (d) any unauthorized access to, alteration of, or deletion, destruction, damage, loss or failure to store any of your content or other data. Our and our affiliates’ and licensors’ aggregate liability for any permitted direct damages under this agreement will be limited to the amount you actually pay us under this agreement for the Cloud Services that gave rise to the claim during the 12 months preceding the claim.
You will defend, indemnify, and hold harmless us, our affiliates and licensors, and each of their respective employees, officers, directors, and representatives from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising out of or relating to any third party claim concerning: (a) your use of the Cloud Services (including any activities under your account and use by your employees and personnel); (b) breach of this Agreement or violation of applicable law by you; or (c) your data or the combination of your data with other applications, content or processes, including any claim involving alleged infringement or misappropriation of intellectual property rights. If we or our affiliates are obligated to respond to a third party subpoena or other compulsory legal order or process, you will also reimburse us for reasonable legal fees, as well as our employees’ and contractors’ time and materials spent responding to the third party subpoena or other compulsory legal order or process at our then-current hourly rates. We will promptly notify you of any claim subject to this Section, but our failure to promptly notify you will only affect your obligations to the extent that our failure materially harms your ability to defend the claim. You may: (a) use counsel of your own choosing (subject to our written consent) to defend against any claim; and (b) settle the claim as you deem appropriate, provided that you obtain our prior written consent before entering into any settlement.
(a) General. We and you are independent contractors, and neither party, nor any of their respective affiliates, is an agent of the other for any purpose or has the authority to bind the other. This Agreement does not create any third party beneficiary rights in any individual or entity that is not a party to this Agreement. You will not assign this Agreement, or delegate or sublicense any of your rights under this Agreement, without our prior written consent. Our failure to enforce any provision of this Agreement will not constitute a present or future waiver of such provision nor limit our right to enforce such provision at a later time. If any portion of this Agreement is held to be invalid or unenforceable, the remaining portions of this Agreement will remain in full force and effect.
(b) Entire Agreement. This Agreement incorporates any data processing agreement or Business Associate Agreement, and comprises the entire understanding between you and us relating to the subject matter of this Agreement. This Agreement supersedes all prior or contemporaneous representations, understandings, agreements or communications between you and us, whether written or verbal, regarding the subject matter of this Agreement.
(c) Notice. All communications and notices to be made or given pursuant to this Agreement must be in English. We may provide any notice to you under this Agreement by posting a notice on the site for the applicable Cloud Service or sending a message to the email address associated with your account. You will be deemed to have received any email sent to the email address then associated with your account when we send the email, whether or not you actually receive the email. To give us notice under this Agreement, you must (1) email us at email@example.com, or (2) send us your notice by certified mail, return receipt requested, to MongoDB, Inc., 1633 Broadway, 38th Floor New York, NY 10019, Attention: Legal Department.
(d) Choice of Law; Consent to Jurisdiction. The laws of New York, excluding any applicable conflict of laws rules or principles, govern this Agreement and any dispute of any sort that might arise between you and us. You consent to exclusive jurisdiction and venue of New York courts. We may seek injunctive or other relief in any state, federal or national court of competent jurisdiction for any actual or alleged infringement of our, our affiliates', or any third party’s intellectual property or other proprietary rights. The United Nations Convention for the International Sale of Goods does not apply to this Agreement.
(e) Force Majeure. We are not liable for any delay or failure to perform any obligation under this Agreement where the delay or failure results from any cause beyond our reasonable control, including acts of God, labor disputes or other industrial disturbances, systemic electrical, telecommunications or other utility failures, earthquake, storms or other elements of nature, blockages, embargoes, riots, acts or orders of government, acts of terrorism, or war.
(f) Amendments. We may amend this Agreement at any time by posting a revised version on the site for the applicable Cloud Service or by otherwise notifying you by email. Amended terms of service become effective upon posting on the site for the applicable Cloud Service or as stated in our email notice message. By continuing to use the Cloud Services after the effective date of any amendment to this Agreement, you agree to be bound by the amended terms of service. Please check the site for the applicable Cloud Service regularly. We last amended this Agreement on the date listed at the beginning of this Agreement.