BLOGAtlas Vector Search voted most loved vector database in 2024 Retool State of AI report — Read more >>

SI Services Agreement


By signing a SOW that references this SI Services Agreement (this "Agreement"), you agree to this Agreement on behalf of your organization (the "SI"). If you represent an organization, you represent and warrant that you have the authority to agree to this Agreement on behalf of the SI. 

1. Services.  This Agreement governs any services ("Services") set forth in a SOW between the MongoDB entity set forth on a SOW ("MongoDB") provided by SI to an end customer ("Customer"). MongoDB's Affiliates may enter in a SOW with SI or any of its Affiliates, and the SOW creates a separate contractual obligation governed by this Agreement between the companies that sign it. An "Affiliate" of a party is a company the party controls, is controlled by, or is under common control with. If a provision in a SOW conflicts with a provision in this Agreement, the SOW governs. SI will furnish all tools and supplies necessary to perform the Services. SI will provide to MongoDB reports regarding the Services reasonably requested by MongoDB.

2. Payment and Taxes.  The SOW states SI's entire compensation for the Services and includes any applicable taxes. Unless stated otherwise in the SOW, MongoDB will pay undisputed invoice amounts within 45 days after MongoDB receives SI's invoice. MongoDB will reimburse SI's expenses set forth in a SOW. SI will submit invoices to MongoDB in accordance with the SOW or as otherwise instructed by MongoDB, and SI's invoices will contain sufficient detail and information reasonably requested by MongoDB.

3. Intellectual Property Rights.

(a) Assignment.  SI agrees and acknowledges that it may create or participate in the development of inventions, discoveries, improvements and original works of authorship, including derivative, joint, and collective works and compilations ("Works" or "Deliverables"). The term "Works" and "Deliverables" includes all ideas or items produced or created by SI (or any person furnished by SI, if applicable) in the course of performing the Services. SI will promptly disclose to MongoDB any Works involved in providing the Services. SI agrees that all Works that it creates or helps develop will be the property of MongoDB, and SI hereby assigns to MongoDB all existing and future rights, title and interest in and to all Works, including copyrights, patents, trade secrets and right of whatever nature ("Property Rights") and all materials embodying these rights to the fullest extent permitted by law. MongoDB's rights in and to each Work vest on the date the Work is created. At no additional charge, SI will provide all assistance reasonably required to vest in MongoDB throughout the world all Property Rights in the Works, including written assignments and waivers of such Property Rights in favor of MongoDB.  If SI retains any Property Rights in any Works, SI irrevocably assigns to MongoDB all Property Rights that it retains, and will execute documents and take actions as reasonably required to effect its assignment. If such assignment is invalid or insufficient, SI consents to MongoDB's and its clients' use and infringement of the rights SI retains in the Works, and will refrain from interfering with MongoDB's and its clients' use of any Works. SI waives any moral rights in the Works to which it is now or may at any future time be entitled.

(b) Pre-existing Work / Third Party Works.  SI will retain ownership of any Property Rights to any Works created before the Effective Date of a SOW ("Preexisting Works"). SI grants MongoDB a fully-paid, perpetual, irrevocable, world-wide and non-exclusive license to use, display, perform, modify, copy and create derivative works of ("Use") Preexisting Works and any Property Rights licensed by SI from a third party included in the Works. This license includes the right of MongoDB to allow sublicensees of MongoDB (including its customers) to Use the Preexisting Works and any Property Rights licensed by SI from a third party included in the Works.

4. Confidential Information.

(a) "Confidential Information" means information designated as confidential or reasonably should be considered confidential and in respect of MongoDB shall include information relating to its customers. Confidential Information does not include information publicly available through no fault of recipient or received by recipient from a third party without a duty of confidentiality. Each party will use the other party's Confidential Information only to perform this Agreement or any SOW.  Neither party will disclose Confidential Information to a third party without the written consent of the disclosing party. Each party will return or destroy the other party's Confidential Information upon written request.  Without MongoDB's prior consent, SI will not refer to its relationship with MongoDB, including on its website, in discussions with potential customers, or in meetings with the press.

(b) Customer Data. If SI becomes aware of any actual or suspected unauthorized access to MongoDB Confidential Information (an "Incident"), including any data of a MongoDB customer, SI will take appropriate actions to contain and mitigate the Incident, including notifying MongoDB as soon as possible, but at most within 24 hours of learning of the Incident (subject to any delay requested by an appropriate law enforcement agency), to enable MongoDB to expeditiously implement its response program and prevent any further information loss. Upon MongoDB's request, SI will cooperate with MongoDB to investigate the nature and scope of any Incident and to take appropriate actions to mitigate, remediate and otherwise respond to the Incident or associated risks. Without limiting the foregoing, MongoDB shall make the final decision on whether and how to notify any MongoDB employees, customers, consumers and/or the general public of any such Incidents, subject to applicable law; provided that nothing in this provision restricts SI's ability to (i) communicate with its advisors or other representatives in respect of the Incident as it deems appropriate, as long as such communication is subject to confidentiality obligations consistent with the confidentiality provisions in this Agreement; (ii) disclose the Incident publicly as long as: (1) the Incident does not relate solely to MongoDB or MongoDB's data or account; and (2) SI does not identify MongoDB or MongoDB's customers or users as affected by the Incident; or (iii) act as otherwise may be necessary to comply with its legal obligations.

(c) SI will comply with the terms in Exhibit A if applicable.

5. Representations and Warranties.  SI represents and warrants that:  (a) it will perform the Services in accordance with the highest applicable professional standards in effect at the time of such performance, and in accordance with any applicable laws and rules, (b) it has paid and will pay its personnel involved in providing Services any compensation due in connection with the assignment of any Property Rights in the Works, (c) its personnel are subject to agreements that secure MongoDB's intellectual property rights and SI's confidentiality obligations, (d) the Services, Works and any Property Rights in the Works do not violate or infringe any third party's right, (e) it will comply and ensure its personnel comply with MongoDB or its customer's relevant policies or procedures from time to time in force in the provision of the Services including any MongoDB or its customer's internal policies and procedures as referenced in a SOW, (f) it will comply with all applicable laws, regulations, codes and sanctions relating to anti-bribery and anti-corruption; and (g) unless it has been specifically authorized to do so by MongoDB in writing, it shall not (i) have any authority to incur any expenditure in the name of or for the account of MongoDB, or (ii) hold itself out as having authority to bind MongoDB.

6. Acceptance Testing.

(a) MongoDB shall have the right to review each Deliverable to determine whether it conforms to its applicable specifications and any other functions, specifications and descriptions of the Deliverable set forth in any materials, documentation and technical information relating to the Deliverable, and to ensure that the Deliverable can be effectively utilized and, if applicable, is fully functional in MongoDB's operating business environment (collectively, the "Acceptance Criteria").  Additional Acceptance Criteria may be set forth in a SOW.

(b) If MongoDB determines that the Deliverables have not successfully completed acceptance testing, MongoDB may, at its option, either terminate this Agreement or the particular SOW (in which case Section 6(c) shall apply), or request SI to make such necessary corrections and modifications to the Deliverables as will permit the Deliverables to be ready for retesting no later than 10 days from the date of MongoDB's notice that the Deliverables failed to conform.  If the Deliverables still fail to pass the acceptance tests, MongoDB shall promptly notify SI in writing, and shall have the right, at its option, to terminate this Agreement or the particular SOW by giving written notice of such termination to SI (in which case Section 6(c) shall apply).

(c) Upon MongoDB's termination of this Agreement or a particular SOW after failure of any of the acceptance tests, MongoDB may, in its sole discretion, either: (i) return to SI, at SI's expense, or de-install and cease all use of, the Deliverables, and shall have the right to a refund of all fees paid allocable to such defective Deliverables and any other Deliverables that function with, or are integrated or used with, the defective Deliverable; or (ii) retain ownership and possession of the non-conforming Deliverables, receive a refund of fees in an amount that is proportionate to the non-delivered and non-conforming portion of the Deliverables, and be relieved of any future payments due for such Deliverables.

7. Insurance and Liability.

(a) Insurance. SI shall carry and maintain the following insurance coverage:

(i) Commercial General Liability of $1 million each occurrence and $2 million in the aggregate, covering bodily injury, property damage, personal injury, blanket contractual liability and completed operations.

(ii) Excess Liability Insurance (Umbrella Form) of $4 million per occurrence and in the aggregate over the Employer's, General and Auto Liability.

(iii) Fidelity Coverage (Crime) $5 million.

(iv) Technology (Errors & Omission Insurance) of $2 million.

SI shall furnish MongoDB with a certificate of insurance evidencing such coverage prior to the execution of any SOW under this Agreement and thereafter upon MongoDB's request. SI shall notify MongoDB in writing at least 30 days prior to the effectiveness of any applicable policy being cancelled or materially altered as to affect coverage for MongoDB. Any liability policies, except for Employer's and Technology Liability policies, shall name MongoDB and its Affiliates as additional insureds. Policies of insurance shall contain a waiver of subrogation in favor of MongoDB. SI's insurance coverage shall be primary for all losses and damages without contribution from the insurance of MongoDB or other third party. SI's failure to deliver satisfactory evidence of coverage shall not be construed as a waiver of its obligation to provide the required insurance coverage. Receipt by MongoDB of a non-conforming certificate of insurance does not constitute acceptance.

(b) Business Continuity Plan. SI shall have a business continuity/disaster recovery plan ("BCP/DR Plan") for the Services provided to MongoDB under this Agreement. On at least an annual basis, SI shall exercise and test the operability of its BCP/DR Plan. SI will correct any deficiencies in the BCP/DR Plan identified by such test(s). Within thirty (30) days of MongoDB's request, SI shall provide a copy of its current BCP/DR Plan and its attestation as to when SI last updated and/or tested its BCP/DR Plan and whether it has corrected any identified deficiencies.

(c) Liability Limitation. Except for any indemnification claim, and any breach of Section 4 or 5, neither party will be liable to the other in connection with this Agreement for (a) any incidental or consequential damages, including lost profits or business opportunities, or any special or punitive damages, or (b) an amount that exceeds five times the fees payable by MongoDB to SI during the 12-month period before the event giving rise to the liability.  Nothing in this Agreement limits either party's liability for gross negligence or intentional misconduct, or for death or personal injury.

8. Indemnification.  Each party will defend and indemnify the other party, its Affiliates, and their respective directors, officers and employees from and against all third party claims to the extent resulting from or alleged to have resulted from its breach of this Agreement. Each party will promptly notify the other in writing of any third-party claim. The indemnifying party will control the defense of the claim, but will obtain the other party's prior written approval of the indemnifying party's settlement of a claim. The indemnified party will not unreasonably withhold or delay its approval of a proposed settlement. The indemnified party will cooperate in the defense as reasonably requested by the indemnifying party and at the indemnifying party's expense.

9. Other Activities. Nothing in this agreement shall prevent the SI from being engaged, concerned or having any financial interest in any capacity in any other business, trade, profession or occupation during the term of this Agreement provided that: (a) such activity does not cause a breach of any of the SI's obligations under this Agreement; (b) the SI shall not engage in any such activity if it relates to a business which is similar to or in any way competitive with the business of MongoDB without the prior written consent of MongoDB; and (c) the SI shall give priority to the provision of the Services to MongoDB over any other business activities undertaken by the SI during the term of the Agreement.

10. Term and Termination.  This Agreement begins on the Effective Date and will terminate in accordance with this Section. Either party may terminate this Agreement at any time if there are no outstanding SOWs by providing the other party with five days' prior written notice. MongoDB may terminate this Agreement, and may terminate any SOW, for convenience on 30 days' prior written notice, and may terminate this Agreement and any outstanding SOW immediately if SI does not cure any material breach within 10 days after receipt of MongoDB's notice of breach. MongoDB may terminate this Agreement, and may terminate any SOW with immediate effect with no liability to make any further payment to the SI (other than in respect of amounts accrued before the termination date) if at any time the SI: (a) commits any gross misconduct; (b) is declared insolvent or makes any arrangement with or for the benefit of its creditors; (c) commits any fraud or dishonesty or acts in any manner which in the opinion of MongoDB brings or is likely to bring the SI or MongoDB into disrepute or is materially adverse to the interests of MongoDB; (d) commits any breach of MongoDB's or its client's policies and procedures; or (e) commits an offence under any applicable anti-bribery or anti-corruption laws and regulations. SI may terminate this Agreement if MongoDB does not cure any material breach within 30 days after receipt of SI's notice of breach.  Upon termination of this Agreement or any SOW, SI will: (a) deliver MongoDB all work in progress; (b) irretrievably delete any information relating to the business of MongoDB or its clients whether or not stored on any magnetic or optical disk or memory and all matter derived from such sources which is in SI's possession or under the SI's control. The contact details of clients of MongoDB made during the term of this Agreement are regarded as Confidential Information, and as such, must be deleted from personal social or professional networking accounts; (c) if requested by MongoDB provide a signed statement confirming its compliance with sub-sections (a) and (b) above.  Provisions intended by their nature to survive termination of this Agreement will survive.

11. Software and Promotional Materials. As a participant in the PS SI Program, MongoDB grants SI a non-transferable (except to SI Affiliates) and nonexclusive license during the Term to use and reproduce the Software for purposes of enablement of resources that will deliver Services or to facilitate delivery of Services only. SI will not use the Software for any other purpose, and SI will not, and will not allow any third party to: (a) decompile, disassemble, translate, reverse engineer or otherwise attempt to derive source code from any encrypted or encoded portion of the Software; (b) sell, sublicense, rent, lease, or distribute the Software, or commercialize the Software except as expressly authorized in this Agreement or in a separate agreement with MongoDB; (c) directly or indirectly circumvent or violate the technical restrictions of the Software; (d) remove any identification, proprietary, copyright or other notices in the Software or documentation; (e) modify or create a derivative work of any portion of the Software; (f) publicly disseminate performance information about or analysis of the Software, including benchmarking test results, without our prior written consent; or (g) use any Support included in any subscription for an unsupported application. SI will comply with all applicable laws in connection with SI use of Software, Support and SI subscriptions, including any applicable U.S. Export Administration Regulations, anti-corruption laws and U.S. embargoes. 

12. Promotional Materials. SI may use promotional materials made available to SI during the Term as long as SI comply with the Marketing Guidelines. Marketing Guidelines available at Promotional materials are the property of MongoDB, and SI agrees to not modify the Promotional Materials. Partner must submit usage requests to MongoDB in advance if they chose to market their relationship with MongoDB through the following channels: press release, blog, online logo, reference in earnings materials, trade show booth or other event collateral, media and analyst references, out-of-home or online advertising, social media or other marketing/public facing collateral.

13. Trademarks.

(a) Our Trademarks. MongoDB grants to SI a non-exclusive and non-transferable right to display MongoDB logos and trademarks during the Term in compliance with the Marketing Guidelines. SI may not use our logos or trademarks in connection with search engine rankings, ad word purchases, or as part of a trade name, business name, or Internet domain name. MongoDB may refer to its relationship with SI during discussions with analysts, meetings with the press, or in regulatory filings.

(b) SI Trademarks. SI grants to MongoDB a non-exclusive and non-transferable right to use SI logos and trademarks during the Term in marketing materials and in public statements, including placement on our website, inclusion in partner lists, and customer briefings.


15. General.  SI is an independent SI, and this Agreement does not create a partnership, agency relationship, or joint venture.  Neither party may assign this Agreement without the other party's consent, except to an Affiliate or to a successor resulting from a merger, consolidation, or in connection with the sale of all or substantially all of the party's business, stock or assets.  The parties will deliver notices by personal delivery or overnight courier to the address of the other party set forth in this Agreement.  New York law governs this Agreement, excluding any applicable conflict of laws rules or principles, and the parties agree to the exclusive jurisdiction of New York courts.  If any provision of this Agreement is unenforceable, that provision will be modified to render it enforceable to the extent possible to affect the parties' intention and the remaining provisions will not be affected. The parties may amend this Agreement or waive any contractual right only in a written amendment signed by both parties.  The parties may sign this Agreement electronically and in counterparts, each of which is deemed to be an original and all of which taken together comprise a single document. This Agreement is the parties' entire agreement relating to its subject.


Highly Confidential Data Handling Requirements

I.  Processing of Personal Information.

"Personal Information" means any information relating to an identified or identifiable individual that is within the scope of the European Union Data Protection Directive (Directive 95/46/EC) and the General Data Protection Regulation 2016/679 when it comes into effect, and regardless of the media in which it is contained, that may be: (1) disclosed to the SI or its personnel by MongoDB or its personnel, (2) further processed at any time by SI or its personnel; or (3) derived by SI or its Personnel from the information described in (1) and (2) above. Personal Information will be considered Confidential Information and shall be subject to the confidentiality provisions set forth in the Agreement and the NDA, if any.

SI represents and warrants that:

a.     SI acts as MongoDB's agent when processing Personal Information in the context of this Agreement and will only process Personal Information for the purpose of providing the Services or to address other service or technical problems, on behalf of MongoDB, only in accordance with MongoDB's instructions and in compliance with applicable law.

b.     SI will either maintain a current the U.S.-EU Privacy Shield certification or provide at least the same level of privacy protection for Personal Information as is required by the relevant Privacy Shield Principles.

c.    SI will not process any Personal Information transferred in a manner inconsistent with this Agreement and with the Privacy Shield Principles.

d.     SI will promptly notify MongoDB in writing if it cannot comply with its obligations under this Agreement. If this is the case, MongoDB and SI must take reasonable and appropriate steps to stop and remediate the situation.

e.     SI may contract its rights or obligations concerning Personal Information under this Agreement to agents that will only process Personal Information on behalf of SI, under its instructions, for the purpose of providing the Services and in accordance with this Agreement. Where SI contracts any of its rights or obligations concerning Personal Information, SI must enter into a written agreement which imposes the same obligations on the agent as are imposed on SI under this Agreement. SI must provide MongoDB with a summary or a representative copy of the relevant privacy provisions of its contract with the agent upon request.

f.     SI must maintain reasonable and appropriate safeguards and other security measures to protect Personal Information against any actual or suspected unauthorized or unlawful processing, loss, use, destruction of, damage to, disclosure or acquisition of or access to such information and to ensure compliance with the seventh data protection principle or Privacy Shield Principles as applicable including but not limited to the security measures set out in this Exhibit.

g. SI will not transfer Personal Information outside the European Economic Area without prior written consent of MongoDB.

II.  Security Requirements.

a.  Security.  SI shall maintain MongoDB Confidential Information and its information technology environment secure from unauthorized access by using best commercial efforts and industry standard organizational, physical and technical safeguards, and refrain from implementing changes that materially lower the level of security protection provided as of the Effective Date of the Agreement.  SI shall comply with the minimum security standards set forth in this Exhibit and provide sixty (60) days prior written notice to MongoDB of any significant changes to SI's information security policy.

If SI conducts SSAE 16, SOC-2, SOC-3 or similar or successor audits (such as audits against ISO 27001-2), SI shall, at SI's expense, provide MongoDB prompt notice of any non-conformance and promptly remediate and/or mitigate any non-conformance findings.

b.  Audit Rights.  Not more than once per calendar year during the term of the Agreement and with at least thirty (30) days prior written notice by MongoDB to SI, MongoDB may, at MongoDB's sole expense, audit SI to verify compliance with the terms and conditions of this Exhibit, and all applicable laws.  Such audit shall be:

  • Completed within two (2) weeks

  • Performed in a manner that, in SI's reasonable judgment, does not disrupt SI's operations

  • Conducted by either MongoDB's employees or, with SI's approval, by an independent third party agreed to by the parties.

MongoDB shall disclose the results of its audit to SI within one week after its completion. SI shall promptly respond to audit findings and, at SI's expense, remediate and/or mitigate any critical and high risk findings to the satisfaction of MongoDB.

c.  Technical Security Controls.   With respect to IT infrastructure, servers, databases, or networks that process, store, or transmit MongoDB Confidential Information, SI shall use the following technical security controls where applicable (and keep them current by incorporating and using all updates commercially available):

i. Network Protection.

  • Network based firewalls or equivalent

  • Network intrusion detection/protection systems

ii. Client Protection.

  • An antivirus or endpoint protection program using software that is updated at least daily on all systems that may store or process MongoDB Confidential Information

  • Host-based firewall/intrusion prevention software that blocks activity not directly related to or useful for business purposes

  • A SI supported operating system with all current critical patches and security fixes installed

iii. System and Software Protection.

  • All system and applications must utilize secure authentication and authorization mechanisms.

  • All SI-developed applications must be designed and implemented using secure coding standards and design principles (e.g. OWASP).

  • Operating systems must be hardened appropriately according to industry best practices (e.g. NIST 800 series, NSA guidelines, CIS benchmark, etc.).

  • Systems must be inspected for known vulnerabilities and all identified known vulnerabilities must be patched as soon as reasonably possible.

iv. Encryption

  • SI shall review and update encryption configurations on all systems that utilize encryption. SI will utilize only modern industry accepted encryption algorithms, ciphers, modes and key sizes.

v. MongoDB Confidential Information Protection.

  • MongoDB Confidential Information Access:  SI shall ensure that only authorized individuals (based on role) shall, on behalf of SI, have access to MongoDB Confidential Information.

  • MongoDB Confidential Information Storage:  SI shall not process MongoDB Confidential Information on or transfer such to any portable storage medium, unless the storage medium is fully encrypted in accordance with encryption requirements set forth in this Exhibit.

  • MongoDB Confidential Information Transmission: All transmission or exchange of MongoDB Confidential Information by Company shall use secure protocol standards in accordance with encryption requirements set forth in this Exhibit.

d.  Incidents.  If SI becomes aware of any unauthorized access to the MongoDB Confidential Information on systems owned, managed or subcontracted by SI, SI must immediately notify MongoDB, consult and cooperate with investigations and potentially required notices, and provide any information reasonably requested by MongoDB.

In the event of a breach or any unauthorized disclosure of MongoDB Confidential Information, at no additional cost to MongoDB, SI will fully cooperate with MongoDB in investigating the incident, including, but not limited to, the provision of system, application, and access logs, conducting forensics reviews of relevant systems, imaging relevant media, and making personnel available for interview.  

On notice of any actual or suspected breach, SI will immediately institute appropriate controls to maintain and preserve all electronic evidence relating to the breach in accordance with industry best practices.  In the event any breach of security or confidentiality by SI or its agents requires notification to an individual under any privacy law, MongoDB will have sole control over the timing, content, and method of notification and SI will promptly reimburse MongoDB for all costs and expenses incurred as a result of the breach.

e.  MongoDB Confidential Information Deletion or Return.  Within thirty (30) days after termination of the Agreement, or the termination or completion of a particular SOW, or within seven days after the request by MongoDB (whichever occurs first), SI shall (i) electronically erase, destroy, and render unreadable all MongoDB Confidential Information, or (ii) physically destroy MongoDB Confidential Information through shredding all physical media containing such, or (iii) provide MongoDB with all physical media containing MongoDB Confidential Information.  In the event SI cannot comply with this provision due to technical limitations, then SI shall continue to maintain the security of the MongoDB Confidential Information in accordance with this Exhibit and shall destroy it as soon as practicable and, in any event, no later than required by SI's record retention policy or applicable laws. SI shall certify in writing to MongoDB that these actions have been completed.

At MongoDB's request, at any time and at MongoDB's discretion, SI, and any third parties to whom SI has transferred or made available MongoDB Confidential Information in accordance with this Exhibit, shall return requested MongoDB Confidential Information to MongoDB and comply with the requirements listed above to purge the MongoDB Confidential Information.

f.  Integration.  The terms of this Exhibit apply in addition to, not in lieu of, any other terms and conditions agreed with SI, except as specifically and expressly agreed in writing with explicit reference to this Exhibit.

g.  Training.  SI shall periodically provide those employees, consultants and any approved third parties (affiliated or not) that manage, or have access to, Confidential Information including Personal Information provided or made available by MongoDB with privacy training on how to process and manage Confidential Information including Personal Information in accordance with applicable laws and the terms of this Agreement.