OpenVPN Legal

This End User Agreement (“Agreement”) governs the disclosure of information by OpenVPN, Inc. (“Company”) to the OpenVPN Cloud End User (the “Recipient”) and Recipient’s use of Company’s OpenVPN Cloud (“Service”) service offering.

1. Subject to the terms and conditions of this Agreement, Company grants Recipient a nonexclusive, nontransferable license to use the Company service (“Service”) for the period designated by the user’s active free or paid subscription agreement with OpenVPN.
2. The Service enables the Recipient to create an openvpn.com subdomain. The Recipient shall not:
   • (a) interfere with other customers’ access to, or use of, the Cloud Service, or with the security of the Cloud Service;
   • (b) facilitate the attack or disruption of the Cloud Service or use the Cloud Service to perform a denial-of-service attack, syn flood, unauthorized access, crawling or distribution of malware (including viruses, trojan horses, worms, time bombs, spyware, adware and cancelbots);
   • (c) cause an unusual spike or increase in your use of the Cloud Service that negatively affects operation of the Cloud Service;
   • (d) offer, permit or promote gambling as part of a openvpn.com Site URL;
   • (e) display, transmit or otherwise make available as part of a openvpn.com Site URL material that is pornographic, obscene, lewd, indecent, or vulgar;
   • (f) display, transmit or otherwise make available as part of a openvpn.com Site URL material that infringes upon the intellectual property rights of others, is defamatory, violates the privacy rights of others, or is otherwise unlawful under the laws of the United States of America or any state thereof (collectively “US Laws”);
   • (g) display or transmit as part of a openvpn.com Site URL material promoting or providing instructional information about illegal activities, promoting physical harm or injury against any group or individual, or promoting any act of cruelty to animals, including, but is not limited to, instructions on how to assemble bombs, grenades, and other weapons, and "Crush" sites;
   • (h) display or transmit as part of a openvpn.com Site URL material that promotes violence against or directly attack or threaten other people on the basis of race, ethnicity, national origin, caste, sexual orientation, gender, gender identity, religious affiliation, age, disability, or serious disease;
   • (i) display or otherwise use as profiles, in profile headers, or in usernames text or images that violate any of the prohibitions in (a) through (h) above.
3. Company can determine in their sole discretion that an openvpn.com subdomain in use by Recipient violates these Terms or on receipt of a notice or claim alleging that any such subdomain violates or infringes any law or third-party right, Company may disable your Service and make reactivation conditional on the Recipient submitting a new subdomain acceptable to Us. Company reserves these rights irrespective of whether or not ICANN requires You to cease using a domain.
4. The Recipient agrees that it will at all times hold in strict confidence and not disclose Confidential Information (as defined below) to any third party except as approved in writing by the Company and will use the Confidential Information for no purpose other than evaluating the Service. The Recipient shall only permit access to Confidential Information to those of its employees having a need to know and who have signed confidentiality agreements or are otherwise bound by confidentiality obligations at least as restrictive as those contained herein. “Confidential Information” means all non-public materials and information provided or made available by Company to Recipient, including products and services, service and product documentation, information regarding technology, know-how, processes, software programs, research, development, financial information and information the Company provides regarding third parties.
5. The Recipient’s obligations under this Agreement with respect to any portion of the Confidential Information shall terminate when the Recipient can document that: (a) it was in the public domain at the time it was communicated to the Recipient; (b) it entered the public domain subsequent to the time it was communicated to the Recipient through no fault of the Recipient; (c) it was in the Recipient’s possession free of any obligation of confidence at the time it was communicated to the Recipient; (d) it was rightfully communicated to the Recipient free of any obligation of confidence subsequent to the time it was communicated to the Recipient; or (e) it was developed by employees or agents of the Recipient who had no access to any information communicated to the Recipient. After the Recipient’s evaluation of the Service is complete, or upon request of the Company, the Recipient shall promptly return to the Company all documents, notes and other tangible materials and return or certify the destruction of all electronic documents, notes, software, data, and other materials in electronic form representing the Confidential Information and all copies thereof.
6. The Recipient agrees that nothing contained in this Agreement shall be construed as granting any ownership rights to any Confidential Information disclosed pursuant to this Agreement, or to any invention or any patent, copyright, trademark, or other intellectual property right. The Recipient shall not make, have made, use or sell for any purpose any product or other item using, incorporating or derived from any Confidential Information or the Service. The Recipient will not modify, reverse engineer, decompile, create other works from, or disassemble any software programs contained in the Confidential Information or the Service.
7. The Service and documentation are provided “as is” without warranty of any kind, and company and its licensors disclaim all warranties, express, implied, or statutory, including without limitation any implied warranties of title, non-infringement of third party rights, merchantability, or fitness for a particular purpose. No oral or written advice or consultation given by company, its agents or employees will in any way give rise to a warranty. The entire risk arising out of the use or performance of the Service remains with the Recipient.
8. Company and its licensors shall not be liable for loss of use, lost profit, cost of cover, loss of data, business interruption, or any indirect, incidental, consequential, punitive, special, or exemplary damages arising out of or related to the Service or this Agreement, however caused and regardless of the form of action, whether in contract, tort (including negligence) strict liability, or otherwise, even if such parties have been advised of the possibility of such damages. In no event will Company’s aggregate liability for all claims arising out of or related to the Service in any one- year period exceed $500.00 or the amount the Recipient has paid the Company for the Service during the one-year period prior to the date on which a claim arose, whichever is greater.
9. The Recipient will also adhere to the Company's terms of use.
10. Company’s Privacy Policy (Privacy Policy) applies to the Beta Program and the Service. Recipient acknowledges and agrees that by participating in the Beta Program or by using the Service, Company may receive certain information about Recipient including personally identifiable information and Recipient hereby consents to Company’s collection, use and disclosure such information in accordance with the Privacy Policy.
11. Company may, in its sole discretion, provide Recipient with certain support and consultation services with respect to the Service free of charge to assist in the evaluation and testing activities under this Agreement; provided, however, that OpenVPN is not obligated to correct any bugs, defects, or errors in the Service or otherwise support or maintain the Service. Company may discontinue any support or consulting services at any time.
12. The Recipient’s obligations under this Agreement shall survive any termination of this agreement. For other than the U.S. Government as a party, this Agreement shall be governed by and construed in accordance with the laws of the State of California. as If performed wholly within the state and without giving effect to the principles of conflict of law rules of any jurisdiction or the United Nations Convention on Contracts for the International Sale of Goods, the application of which is expressly excluded. Any legal action or proceeding arising under this Agreement will be brought exclusively in the federal or state courts located in San Francisco. California and the parties hereby consent to personal Jurisdiction and venue therein. The Recipient hereby agrees that breach of this Agreement will cause Company irreparable damage for which recovery of damages would be inadequate and that the Company shall therefore be entitled to obtain timely injunctive relief under this Agreement, as well as such further relief as may be granted by a court of competent jurisdiction. The Recipient will not assign or transfer any rights or obligations under this Agreement without the prior written consent of the Company.

OpenVPN Copyright 2023. Last Revised: January 24th, 2023

OpenVPN Access Server End User License Agreement (OpenVPN-AS EULA)

1. Copyright Notice: OpenVPN Access Server License;
   Copyright (c) 2009-2023 OpenVPN Inc.. All rights reserved.
   “OpenVPN” is a trademark of OpenVPN Inc.
2. Redistribution of OpenVPN Access Server binary forms and related documents, are permitted provided that redistributions of OpenVPN Access Server binary forms and related documents reproduce the above copyright notice as well as a complete copy of this EULA.
3. You agree not to reverse engineer, decompile, disassemble, modify, translate, make any attempt to discover the source code of this software, or create derivative works from this software.
4. The OpenVPN Access Server is bundled with other open source software components, some of which fall under different licenses. By using OpenVPN or any of the bundled components, you agree to be bound by the conditions of the license for each respective component. A copy of the EULA is also distributed with the Access Server in the file /usr/local/openvpn_as/license.txt.
5. This software is provided “as is” and any expressed or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall OpenVPN Inc. be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage.
6. License Grant: OpenVPN Inc. is the sole distributor of OpenVPN Access Server licenses. This agreement and licenses granted by it may not be assigned, sublicensed, or otherwise transferred by licensee without prior written consent of OpenVPN Inc. Any licenses violating this provision will be subject to revocation and deactivation and will not be eligible for refunds. OpenVPN grants you a limited license to use Access Server for your business or personal use only and solely in compliance with this EULA. You may redistribute Access Server in binary forms and related documents if those redistributions of OpenVPN Access Server binary forms and related documents reproduce the above copyright notice as well as a complete copy of this EULA; however no other transfer of Access Server is permitted and your license to Access Server is otherwise non-assignable and non-transferable.
7. Subscription License Key: Entitles you to use this software for the duration of term of your subscription up to the concurrent user limit specified by your subscription. This license permits you to use the software on one or more servers, provided that in no event will the number of concurrent VPN connections that all servers may allow exceed the concurrent user limit. Upon activation of the first purchased activation key for this software, you agree to forego any free licenses or keys that were given to you for demonstration purposes, and as such, the free licenses will not appear after the activation of a purchased key. You are responsible for the timely activation of these licenses on the server or servers of your choice.
   Refunds on purchased activation keys are only possible within 30 days of purchase of activation key, and then only if the activation key has not already been activated on a system. To request a refund, contact us through our support ticket system using the account you have used to purchase the activation key. Activated subscriptions are nontransferable. Access Server Subscription entitles the use of (1) subscription license key on a single server or across multiple servers. Once an activated key expires or becomes invalid, the concurrency limit on our software product will revert to demonstration mode, which allows a maximum of two (2) concurrent users to be connected to your server. Prior to your subscription license expiration, OpenVPN Inc. will, depending on your purchase selection, either auto-renew your subscription, or attempt to remind you to renew your subscription by sending periodic email messages to the licensee email address on record. You are solely responsible for the timely renewal of your activation key(s) prior to their expiration if continued operation is expected after the subscription term ends. OpenVPN Inc. will not be responsible for any misdirected and/or undeliverable email messages, nor does it have an obligation to contact you regarding your subscription term’s expiry.
8. Standard Non-Subscription License Key(s) also called Fixed License Key(s): A Purchased Standard Non-Subscription license entitles you to use this software for the duration of time denoted on your activation key on any one (1) particular device, up to the concurrent user limit specified by your license. Multiple activation keys may be activated to achieve a desired concurrency limit on this given device. Unless otherwise prearranged with OpenVPN Inc., concurrency counts on activation keys are not to be divided for use amongst multiple devices. Upon activation of the first purchased activation key in this software, you agree to forego any free licenses or keys that were given to you for demonstration purposes, and as such, the free licenses will not appear after the activation of a purchased key. You are responsible for the timely activation of these licenses on your desired server of choice. Refunds on purchased activation keys are only possible within 30 days of purchase of activation key, and then only if the activation key has not already been activated on a system. To request a refund, contact us through our support ticket system using the account you have used to purchase the activation key.
   Activating a standard Non-Subscription key ties it to the specific hardware/software combination that it was activated on, and activated activation keys are nontransferable. Substantial software and/or hardware changes may invalidate an activated license. In case of substantial software and/or hardware changes, caused by for example, but not limited to failure and subsequent repair or alterations of (virtualized) hardware/software, our software product will automatically attempt to contact our online licensing systems to renegotiate the licensing state. On any given activation key, you are limited to three (3) automatic renegotiations within the activation key lifetime. After these renegotiations are exhausted, the activation key is considered invalid, and the activation state will be locked to the last valid system configuration it was activated on. OpenVPN Inc. reserves the right to grant exceptions to this policy for license holders under extenuating circumstances, and such exceptions can be requested through a ticket via the OpenVPN Access Server ticketing system.
   Once an activated activation key expires or becomes invalid, the concurrency limit on our software product will decrease by the number of concurrent connections previously granted by the activation key. If all purchased activation key(s) have expired, the product will revert to demonstration mode, which allows a maximum of two (2) concurrent users to be connected to your server. Prior to your license expiration date(s), OpenVPN Inc. will attempt to remind you to renew your license(s) by sending periodic email messages to the licensee email address on record. You are solely responsible for the timely renewal of your activation key(s) prior to their expiration if continued operation is expected after the license expiration date(s). OpenVPN Inc. will not be responsible for any misdirected and/or undeliverable email messages, nor does it have an obligation to contact you regarding your expiring activation keys.
9. Once an activated activation key expires or becomes invalid, the concurrency limit on our software product will decrease by the amount of concurrent connections previously granted by the activation key. If all of your purchased activation key(s) have expired, the product will revert to demonstration mode, which allows a maximum of two (2) concurrent users to be connected to your server. Prior to your license expiration date(s), OpenVPN Inc. will attempt to remind you to renew your license(s) by sending periodic email messages to the licensee email address on record. You are solely responsible for the timely renewal of your activation key(s) prior to their expiration if continued operation is expected after the license expiration date(s). OpenVPN Inc. will not be responsible for any misdirected and/or undeliverable email messages, nor does it have an obligation to contact you regarding your expiring activation keys.
10. Any valid activation key holder is entitled to use our ticketing system for support questions or issues specifically related to the OpenVPN Access Server product. To file a ticket, go to our website at https://openvpn.net/ and sign in using the account that was registered and used to purchase the activation key(s). You can then access the support ticket system through our website and submit a support ticket. Tickets filed in the ticketing system are answered on a best-effort basis. OpenVPN Inc. staff reserve the right to limit responses to users of our demo / expired licenses, as well as requests that substantively deviate from the OpenVPN Access Server product line. Tickets related to the open source version of OpenVPN may not be handled here.
11. Purchasing an activation key does not entitle you to any special rights or privileges, except the ones explicitly outlined in this user agreement. Unless otherwise arranged prior to your purchase with OpenVPN Inc., software maintenance costs and terms are subject to change after your initial purchase without notice. In case of price decreases or special promotions, OpenVPN Inc. will not retrospectively apply credits or price adjustments toward any licenses that have already been issued. Furthermore, no discounts will be given for license maintenance renewals unless this is specified in your contract with OpenVPN Inc.

* * *

OpenVPN trademark

———————————

“OpenVPN” is a trademark of OpenVPN Inc.

OpenVPN community edition license:

———————————

OpenVPN is distributed under the GPL license version 2 (see Below).

Special exception for linking OpenVPN with OpenSSL:

In addition, as a special exception, OpenVPN Inc. gives permission to link the code of this program with the OpenSSL Library (or with modified versions of OpenSSL that use the same license as OpenSSL), and distribute linked combinations including the two. You must obey the GNU General Public License in all respects for all of the code used other than OpenSSL. If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version.

LZO license:

———————————

LZO is Copyright (C) Markus F.X.J. Oberhumer,

and is licensed under the GPL.

Special exception for linking OpenVPN with both OpenSSL and LZO:

Hereby I grant a special exception to the OpenVPN project (https://openvpn.net/) to link the LZO library with the OpenSSL library (http://www.openssl.org).

- Markus F.X.J. Oberhumer

TAP-Win32/TAP-Win64 Driver license:

———————————

This device driver was inspired by the CIPE-Win32 driver by

Damion K. Wilson.

The source and object code of the TAP-Win32/TAP-Win64 driver is Copyright (C) 2002-2013 OpenVPN Technologies, Inc., and is released under the GPL version 2 (see below).

Windows DDK Samples:

———————————

The Windows binary distribution includes devcon.exe, a Microsoft DDK sample which is redistributed under the terms of the DDK EULA.

NSIS License:

———————————

Copyright (C) 2002-2003 Joost Verburg

This software is provided ‘as-is’, without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software.

Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions:

1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required.
2. Altered versions must be plainly marked as such, and must not be misrepresented as being the original software.
3. This notice may not be removed or altered from any distribution.

OpenSSL License:

———————————

The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org.

Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following acknowledgment: ”This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)”
4. The names “OpenSSL Toolkit” and “OpenSSL Project” must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact openssl-core@openssl.org.
5. Products derived from this software may not be called “OpenSSL” nor may “OpenSSL” appear in their names without prior written permission of the OpenSSL Project.
6. Redistributions of any form whatsoever must retain the following acknowledgment: “This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)

This software is provided by the openssl project “as is” and any expressed or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the openssl project or its contributors be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage.

———————————

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).
This product includes software written by Tim Hudson (tjh@cryptsoft.com).

Original SSLeay License

———————————

Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

All rights reserved.

This package is an SSL implementation written by Eric Young (eay@cryptsoft.com). The implementation was written so as to conform with Netscapes SSL.

This library is free for commercial and non-commercial use as long as the following conditions are aheared to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com).

Copyright remains Eric Young’s, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following acknowledgement: ”This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)”.
The word ‘cryptographic’ can be left out if the routines from the library being used are not cryptographic related :-).
4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: ”This product includes software written by Tim Hudson (tjh@cryptsoft.com)”

This software is provided by eric young “as is” and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the author or contributors be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage.

The licence and distribution terms for any publically available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution licence [including the GNU Public Licence.]

wxWindows Library Licence, Version 3.1

———————————

Copyright (C) 1998-2005 Julian Smart, Robert Roebling et al

Everyone is permitted to copy and distribute verbatim copies of this licence document, but changing it is not allowed.

WXWINDOWS LIBRARY LICENCE

TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public Licence as published by the Free Software Foundation; either version 2 of the Licence, or (at your option) any later version.

This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public Licence for more details.

You should have received a copy of the GNU Library General Public Licence along with this software, usually in a file named COPYING.LIB. If not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.

EXCEPTION NOTICE

1. As a special exception, the copyright holders of this library give permission for additional uses of the text contained in this release of the library as licenced under the wxWindows Library Licence, applying either version 3.1 of the Licence, or (at your option) any later version of the Licence as published by the copyright holders of version 3.1 of the Licence document.
2. The exception is that you may use, copy, link, modify and distribute under your own terms, binary object code versions of works based on the Library.
3. If you copy code from files distributed under the terms of the GNU General Public Licence or the GNU Library General Public Licence into a copy of this library, as this licence permits, the exception does not apply to the code that you add in this way. To avoid misleading anyone as to the status of such modified files, you must delete this exception notice from such code and/or adjust the licensing conditions notice accordingly.
4. If you write modifications of your own for this library, it is your choice whether to permit this exception to apply to your modifications. If you do not wish that, you must delete the exception notice from such code and/or adjust the licensing conditions notice accordingly.

OpenLDAP

———————————

The OpenLDAP Public License

Version 2.8, 17 August 2003

Redistribution and use of this software and associated documentation

(“Software”), with or without modification, are permitted provided that the following conditions are met:

1. Redistributions in source form must retain copyright statements and notices,
2. Redistributions in binary form must reproduce applicable copyright statements and notices, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution, and
3. Redistributions must contain a verbatim copy of this document.

The OpenLDAP Foundation may revise this license from time to time. Each revision is distinguished by a version number. You may use this Software under terms of this license revision or under the terms of any subsequent revision of the license.

THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS CONTRIBUTORS “AS IS” AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S) OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

The names of the authors and copyright holders must not be used in advertising or otherwise to promote the sale, use or other dealing in this Software without specific, written prior permission. Title to copyright in this Software shall at all times remain with copyright holders.

OpenLDAP is a registered trademark of the OpenLDAP Foundation.

Copyright 1999-2003 The OpenLDAP Foundation, Redwood City, California, USA. All Rights Reserved. Permission to copy and distribute verbatim copies of this document is granted.

PYTHON SOFTWARE FOUNDATION LICENSE VERSION 2

———————————

1. This LICENSE AGREEMENT is between the Python Software Foundation (“PSF”), and the Individual or Organization (“Licensee”) accessing and otherwise using this software (“Python”) in source or binary form and its associated documentation.
2. Subject to the terms and conditions of this License Agreement, PSF hereby grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce, analyze, test, perform and/or display publicly, prepare derivative works, distribute, and otherwise use Python alone or in any derivative version, provided, however, that PSF’s License Agreement and PSF’s notice of copyright, i.e., “Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006 Python Software Foundation; All Rights Reserved” are retained in Python alone or in any derivative version prepared by Licensee.
3. In the event Licensee prepares a derivative work that is based on or incorporates Python or any part thereof, and wants to make the derivative work available to others as provided herein, then Licensee hereby agrees to include in any such work a brief summary of the changes made to Python.
4. PSF is making Python available to Licensee on an “AS IS” basis. PSF MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED. BY WAY OF EXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF PYTHON WILL NOT INFRINGE ANY THIRD PARTY RIGHTS.
5. PSF SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS A RESULT OF MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON,OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF.
6. This License Agreement will automatically terminate upon a material breach of its terms and conditions.
7. Nothing in this License Agreement shall be deemed to create any relationship of agency, partnership, or joint venture between PSF and Licensee. This License Agreement does not grant permission to use PSF trademarks or trade name in a trademark sense to endorse or promote products or services of Licensee, or any third party.
8. By copying, installing or otherwise using Python, Licensee agrees to be bound by the terms and conditions of this License Agreement.

CURL

———————————
COPYRIGHT AND PERMISSION NOTICE

Copyright (c) 1996 – 2009, Daniel Stenberg, <daniel@haxx.se>.

All rights reserved.

Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Except as contained in this notice, the name of a copyright holder shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization of the copyright holder.

Twisted

———————————

Copyright (c) 2001-2008

Allen Short, Andrew Bennetts, Apple Computer, Inc., Benjamin Bruheim, Bob Ippolito, Canonical Limited, Christopher Armstrong, David Reid, Donovan Preston, Eric Mangold, Itamar Shtull-Trauring, James Knight, Jason A. Mobarak, Jean-Paul Calderone, Jonathan Lange, Jonathan D. Simms, Jürgen Hermann, Kevin Turner, Mary Gardiner, Matthew Lefkowitz, Massachusetts Institute of Technology, Moshe Zadka, Paul Swartz, Pavel Pergamenshchik, Ralph Meijer, Sean Riley, Software Freedom Conservancy, Travis B. Hartwell, Thomas Herve, Eyal Lotem, Antoine Pitrou, Andy Gayton.

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the ”Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

SQLite Copyright

———————————

SQLite is in the Public Domain.

All of the deliverable code in SQLite has been dedicated to the public domain by the authors. All code authors, and representatives of the companies they work for, have signed affidavits dedicating their contributions to the public domain and originals of those signed affidavits are stored in a firesafe at the main offices of Hwaci. Anyone is free to copy, modify, publish, use, compile, sell, or distribute the original SQLite code, either in source code form or as a compiled binary, for any purpose, commercial or non-commercial, and by any means.

The previous paragraph applies to the deliverable code in SQLite – those parts of the SQLite library that you actually bundle and ship with a larger application. Portions of the documentation and some code used as part of the build process might fall under other licenses. The details here are unclear. We do not worry about the licensing of the documentation and build code so much because none of these things are part of the core deliverable SQLite library.

All of the deliverable code in SQLite has been written from scratch. No code has been taken from other projects or from the open internet. Every line of code can be traced back to its original author, and all of those authors have public domain dedications on file. So the SQLite code base is clean and is uncontaminated with licensed code from other projects.

Verge web layout template

———————————

Based on Convergence template

1. http://www.freecsstemplates.org

GNU Public License (GPL)

———————————

OpenVPN, LZO, and the TAP-Win32 distributions are

licensed under the GPL version 2 (see COPYRIGHT.GPL).

In the Windows binary distribution of OpenVPN, the GPL is reproduced below.

GNU GENERAL PUBLIC LICENSE

Version 2, June 1991

Copyright (C) 1989, 1991 Free Software Foundation, Inc.

59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.

Preamble

The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software–to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation’s software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too.

When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things.

To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it.

For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights.

We protect your rights with two steps:

(1) copyright the software, and

(2) offer you this license which gives you legal permission to copy, distribute and/or modify the software.

Also, for each author’s protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors’ reputations.

Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone’s free use or not licensed at all.

The precise terms and conditions for copying, distribution and modification follow.

GNU GENERAL PUBLIC LICENSE

TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

1. 1. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The “Program”, below, refers to any such program or work, and a “work based on the Program” means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term “modification”.) Each licensee is addressed as “you”.
      Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does.
   2. You may copy and distribute verbatim copies of the Program’s source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program.
      You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.
   3. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:
      • a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change.
      • b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.
      • c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.)

      These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.

      Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program.

      In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.

   4. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:
      • a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
      • b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
      • c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)

      The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.

      If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code.

   5. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License.

      However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.

   6. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it.

   7. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients’ exercise of the rights granted herein.

      You are not responsible for enforcing compliance by third parties to this License.

   8. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program.

      If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances.

      It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.

      This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.

   9. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.
   10. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and “any later version”, you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation.
   11. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.
       
       NO WARRANTY
   12. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
   13. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

END OF TERMS AND CONDITIONS

How to Apply These Terms to Your New Programs

If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the “copyright” line and a pointer to where the full notice is found.

<one line to give the program’s name and a brief idea of what it does.>

Copyright (C) <year> <name of author>

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Also add information on how to contact you by electronic and paper mail.

If the program is interactive, make it output a short notice like this when it starts in an interactive mode:

Gnomovision version 69, Copyright (C) year name of author

Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w’.

This is free software, and you are welcome to redistribute it under certain conditions; type `show c’ for details.

The hypothetical commands `show w’ and `show c’ should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w’ and `show c’; they could even be mouse-clicks or menu items–whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a “copyright disclaimer” for the program, if necessary. Here is a sample; alter the names:

Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision’ (which makes passes at compilers) written by James Hacker.

<signature of Ty Coon>, 1 April 1989

Ty Coon, President of Vice

This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License.

* * *

THIS GENERAL DATA PROCESSING AGREEMENT (“DPA”) is entered into by OpenVPN Inc., a Delaware corporation (“OpenVPN”) and the person or persons to whom OpenVPN has granted a license to use a service described below (the “Customer”) and sets forth the terms under which OpenVPN will process Customer Data in connection with that service.

All capitalized terms not defined in this DPA shall have the meanings set forth in the License Agreement. For the avoidance of doubt, all references to the “Agreement” shall include this DPA.

1. Definition of Terms.
   • “Affiliate” means an entity that directly or indirectly Controls, is Controlled by or is under common Control with an entity.
   • “Control” means an ownership, voting or similar interest representing fifty percent (50%) or more of the total interests then outstanding of the entity in question. The term “Controlled” shall be construed accordingly.“Customer Data” means personal data that OpenVPN processes on behalf of Customer via the Service, as more particularly described in this DPA.
   • “Data Protection Laws” means all data protection laws and regulations applicable to a party’s processing of Customer Data under the Agreement, including, where applicable, European Data Protection Laws and Non-European Data Protection Laws.
   • “European Data Protection Laws” means all data protection laws and regulations applicable to Europe, including (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (“GDPR”); (ii) Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector; (iii) applicable national implementations of (i) and (ii); (iv) the GDPR as it forms part of UK law by virtue of section 3 of the UK European Union (Withdrawal) Act 2018 and the UK Data Protection Act 2018 (together, “UK Data Protection Laws”); and (v) the Swiss Federal Data Protection Act of 19 June 1992 and its Ordinance (“Swiss DPA”).
   • “Europe” means, for the purposes of this DPA, the European Economic Area and its member states (“EEA”), Switzerland and the United Kingdom (“UK”).
   • “Non-European Data Protection Laws” means the California Consumer Privacy Act (“CCPA”); the Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”); the Brazilian General Data Protection Law (“LGPD”), Federal Law no. 13,709/2018; and the Privacy Act 1988 of Australia, as amended (“Australian Privacy Law”).
   • “Principal Agreement” means the agreement pursuant to which OpenVPN provides the Service to the Customer, including OpenVPN Access Server End User License Agreement, 2 OpenVPN Cloud End User License Agreement, and the OpenVPN Connect End User License Agreement.
   • “Service” means OpenVPN Cloud, Access Server, OpenVPN Connect, or other computer software or service that OpenVPN provides to the Customer under the License Agreement.
   • “Security Incident” means any unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, or alteration of, or unauthorized disclosure of or access to, Customer Data on systems managed or otherwise controlled by OpenVPN.
   • “Sensitive Data” means an individual’s (a) social security number, tax file number, passport number, driver’s license number, or similar identifier (or any portion thereof); (b) credit or debit card number (other than the truncated (last four digits) of a credit or debit card); (c) employment, financial, credit, genetic, biometric or health information; (d) information concerning a person’s race, ethnicity, political or religious affiliation, trade union membership, sexual life or sexual orientation, or criminal record.
   • “Sub-Processor” means any processor engaged by OpenVPN or its Affiliates to assist in fulfilling its obligations with respect to providing the Service pursuant to the License Agreement or this DPA. Sub-Processors may include third parties or Affiliates of OpenVPN but shall exclude OpenVPN employees, contractors, or consultants.The terms “personal data”, “controller”, “data subject”, “processor” and “processing” shall have the meaning given to them under applicable Data Protection Laws or if not defined thereunder, the GDPR, and “process”, “processes" and “processed”, with respect to any Customer Data, shall be interpreted accordingly.
2. Roles and Responsibilities
   • a. Parties’ Roles. If European Data Protection Laws apply to either party’s processing of Customer Data, the parties acknowledge and agree that with regard to the processing of Customer Data, OpenVPN is a processor acting on behalf of the Customer (whether itself a controller or a processor).
   • b. Purposes. OpenVPN will process Customer Data for the purposes described in Exhibit A and only in accordance with Customer’s documented lawful instructions as set forth in this DPA, as necessary to comply with applicable law and to perform the Service, or as OpenVPN and Customer otherwise agreed in writing (“Permitted Purposes”). The License Agreement, including this DPA, along with the Customer’s configuration of or use of any settings, features, or options in the Service (as the Customer may be able to modify from time to time) constitute the Customer’s complete and final instructions to OpenVPN in relation to the processing of Customer, and processing outside the scope of these instructions (if any) shall require prior written agreement between the parties.
   • c. Prohibited Data. Unless Sensitive Information is listed in Exhibit A as being among the categories of Customer Data OpenVPN will process, Customer will not provide (or cause to be provided) any Sensitive Data to OpenVPN for processing or storage. OpenVPN will have no obligations with respect to any Sensitive Data or liability for any access or destruction of 3 any Sensitive Data, whether in connection with a Security Incident or otherwise, that Customer provides or makes available to OpenVPN in violation of this Section 2c.
   • d. Customer Compliance. Customer represents and warrants that (i) it has complied, and will continue to comply, with all applicable laws, including Data Protection Laws, in respect of its processing of Customer Data and any processing instructions it issues to OpenVPN; and (ii) it has provided, and will continue to provide, all notice and has obtained, and will continue to obtain, all consents and rights necessary under Data Protection Laws for OpenVPN to process Customer Data for the purposes described in the License Agreement. Customer shall have sole responsibility for the accuracy, quality, and legality of Customer Data and the means by which Customer acquired Customer Data.e. Lawfulness of Customer’s Instructions. Customer will ensure that OpenVPN’s processing of the Customer Data in accordance with Customer’s instructions will not cause OpenVPN to violate any applicable law, regulation, or rule, including, without limitation, Data Protection Laws. OpenVPN shall promptly notify Customer in writing, unless prohibited from doing so under applicable law, if it becomes aware or believes that any data processing instruction from Customer violates European Data Protection Laws. Customer shall serve as the sole point of contact for OpenVPN and OpenVPN need not interact directly with (including to provide notifications to or seek authorization from) any third-party controller other than through regular provision of the Service to the extent required under the License Agreement. Customer shall be responsible for forwarding any notifications received under this DPA to the relevant controller, where appropriate.
3. Sub-Processing
   • a. Authorized Sub-Processors. Customer agrees that OpenVPN may engage Sub-Processors to process Customer Data on Customer’s behalf. OpenVPN shall notify Customer if it adds or removes Sub-Processors at least 10 days prior to any such changes if Customer opts in to receive such notifications.
   • b. Sub-Processor Obligations. OpenVPN shall: (i) enter into a written agreement with each Sub-Processor containing data protection obligations that provide at least the same level of protection for Customer Data as those in this DPA, to the extent applicable to the nature of the service provided by such Sub-Processor; and (ii) remain responsible for such SubProcessor’s compliance with the obligations of this DPA and for any acts or omissions of such Sub-Processor that cause OpenVPN to breach any of its obligations under this DPA. Customer acknowledges and agrees that OpenVPN may be prevented from disclosing Sub-Processor agreements to Customer due to confidentiality restrictions but OpenVPN shall, upon request, use reasonable efforts to provide Customer with all relevant information it reasonably can in connection with Sub-Processor agreements.
4. Security and Confidentiality
   • a. Security Measures. OpenVPN shall implement and maintain appropriate technical and organizational security measures that are designed to protect Customer Data from Security 4 Incidents and designed to preserve the security and confidentiality of Customer Data in accordance with OpenVPN’s security standards, which shall be no less stringent than those that are generally applied in the industry in the United States (“Security Measures”).
   • b. Confidentiality of Processing. OpenVPN shall ensure that any person who is authorized by OpenVPN to process Customer Data (including its staff, agents, and subcontractors) shall be under an appropriate obligation of confidentiality (whether a contractual or statutory duty).
   • c. Updates to Security Measures. Customer acknowledges that the Security Measures are subject to technical progress and development and that OpenVPN may update or modify the Security Measures from time to time, provided that such updates and modifications do not result in the degradation of the overall security of the Service provided to Customer. Customer is responsible for reviewing the information made available by OpenVPN relating to data security and making an independent determination as to whether the Service meets Customer’s requirements and legal obligations under Data Protection Laws.
   • d. Security Incident Response. Upon becoming aware of a Security Incident, OpenVPN shall: (i) notify Customer without undue delay, and where feasible, in any event no later than forty-eight (48) hours from becoming aware of the Security Incident; (ii) provide timely information relating to the Security Incident as it becomes known or as is reasonably requested by Customer; and (iii) promptly take reasonable steps to contain and investigate any Security Incident. OpenVPN’s notification of or response to a Security Incident under this Section 4d shall not be construed as an acknowledgment by OpenVPN of any fault or liability with respect to the Security Incident.
   • e. Customer Responsibilities. Notwithstanding the above, Customer agrees that it, and not OpenVPN, is responsible for its secure use of the Service, including securing its account authentication credentials, protecting the security of Customer Data when in transit to and from the Service, and taking any appropriate steps to securely encrypt or backup any Customer Data that is uploaded to the Service.
   • f. Government Audit. If a government regulatory authority requires an audit of the data processing facilities of OpenVPN in order to ascertain or monitor Customer's compliance with Data Protection Laws, OpenVPN will cooperate with such audit. Customer is responsible for all costs and fees related to such audit, including all reasonable costs and fees for any and all time OpenVPN expends for any such audit, in addition to the rates for services performed by OpenVPN.
5. Provisions for Specific Customers and Data.
   • a. Data Center Locations. Customer acknowledges that OpenVPN may transfer and process Customer Data to and in the United States and anywhere else in the world where OpenVPN, its Affiliates or its Sub-Processors maintain data processing operations provided that such transfer is in accordance with applicable law. OpenVPN shall at all times ensure that such transfers are made in compliance with the requirements of Data Protection Laws and this DPA.
   • b. Provisions Applicable to Certain Jurisdictions.
     • i) If OpenVPN is a recipient of Customer Data protected by the Australian Privacy Law, the parties acknowledge and agree that OpenVPN may transfer such Customer Data outside of Australia as permitted by the terms agreed upon by the parties and subject to OpenVPN complying with this DPA and the Australian Privacy Law.
     • ii) To the extent that OpenVPN receives Customer Data from the states and countries listed in Exhibit C, the provisions of Exhibit C will apply to OpenVPN’s obligations under this Agreement with respect to that Customer Data.
     • iii) If OpenVPN receives Customer Data from Brazil, the Customer agrees that OpenVPN may process that data outside of Brazil, and represents and warrants that such transfer of Customer Data is in compliance with LGPD.
   • c. International Transfers from Designated Countries. The parties obligations with respect to Customer Data that originates in the European Area will be governed by the following Addenda to this DPA. To the extent that there is any conflict between the provisions of this DPA and any Addendum that is applicable to the Customer Data from that country or region so designated, that Addendum will control.
     • i) For Customer Data that is transmitted from the EEA and is processed by OpenVPN outside of the EEA, the Data Processing Agreement Addendum, Module 2, (attached as Exhibit D) will govern.
     • ii) For Customer Data that is transmitted from the UK and is processed by OpenVPN outside of the UK, the United Kingdom Data Processing Agreement Addendum (attached as Exhibit E) will govern.
     • iii) For Customer Data that is transmitted from Switzerland and is processed by OpenVPN outside of Switzerland, the Data Processing Agreement Addendum under Switzerland Data Protection (attached as Exhibit F) will govern.
   • d. HIPAA Data. If OpenVPN has entered into an agreement with Customer pursuant to which it processes Customer Data that is subject to the Health Insurance Portability and Accountability Act of 1996 and the regulations of the Department of Health and Human Services promulgated thereunder, that agreement will govern all rights and obligations of OpenVPN and the Customer with respect to that data.
6. Return or Deletion of Data
   • a. Deletion or Return on Termination. Upon termination or expiration of the Agreement, OpenVPN shall (at Customer’s election) delete or return to Customer all Customer Data (including copies) in its possession or control, except that this requirement shall not apply to the extent OpenVPN is required by applicable law to retain some or all of the Customer Data, or to Customer Data it has archived on back-up systems, which Customer Data OpenVPN shall securely isolate, protect from any further processing and eventually delete in accordance with OpenVPN’s deletion policies, except to the extent required by applicable law.
   • b. Return or Removal of Customer Data. OpenVPN will promptly delete Customer Data pursuant to an instruction from Customer, whether pursuant to a written request from the data subject or otherwise, provided that such request was in accordance with applicable law. Promptly following Customer’s request OpenVPN will provide Customer with evidence of the deletion of that Customer Data.
7. Data Subject Rights and Cooperation
   • a. Data Protection Impact Assessment. To the extent required under applicable Data Protection Laws, OpenVPN shall (considering the nature of the processing and the information available to OpenVPN) provide all reasonably requested information regarding the Service to enable Customer to carry out data protection impact assessments or prior consultations with data protection authorities as required by Data Protection Laws. OpenVPN shall comply with the foregoing by: (i) complying with Section 4; (ii) providing the information contained in the Agreement, including this DPA; and (iii) if the foregoing clauses (i) and (ii) are insufficient for Customer to comply with such obligations, providing additional reasonable assistance (at Customer’s expense) upon Customer’s request.
8. Limitation of Liability
   • a. Each party’s and all of its Affiliates’ liability taken together in the aggregate arising out of or related to this DPA shall be subject to the exclusions and limitations of liability set forth in the License Agreement.
   • b. Any claims made against OpenVPN or its Affiliates under or in connection with this DPA shall be brought solely by the Customer.
   • c. In no event shall any party limit its liability with respect to any individual’s data protection rights under this DPA or otherwise.
9. Relationship with the License Agreement
   • a. This DPA shall remain in effect for as long as OpenVPN carries out Customer Data processing operations on behalf of Customer or until termination of the Agreement (and all Customer Data has been returned or deleted in accordance with Section 6.a.
   • b. The parties agree that this DPA replaces in its entirety any existing data processing agreement or similar document into which the parties may have previously entered into in connection with the Service.
   • c. In the event of any conflict or inconsistency between this DPA and the License Agreement with respect to Customer Data, the provisions of this DPA will prevail.
   • d. Except for any changes made by this DPA, the License Agreement remains unchanged and in full force and effect.
   • e. No one other than a party to this DPA, its successors and permitted assignees shall have any right to enforce any of its terms.
   • f. This DPA shall be governed by and construed in accordance with the governing law and jurisdiction provisions in the License Agreement, unless required otherwise by applicable Data Protection Laws.g. This DPA may only be amended by means of a writing signed by OpenVPN and Customer; however, if, in the good faith judgment of OpenVPN, any provision of this DPA is required to be amended to comply with a Data Processing Law applicable to the Customer Data, OpenVPN may amend effect such amendment by delivering notice of that amendment to Customer. Such amendment will enter into effect thirty (30) days after notice of that amendment is provided to Customer unless OpenVPN determines in good faith that the amendment is required to enter into effect earlier to comply with that Data Processing Law, in which case that amendment will enter into effect immediately upon OpenVPN providing notice of the same to Customer.

EXHIBIT A – DETAILS OF DATA PROCESSING

(a) Categories of Data Subjects:
Individual customers of OpenVPN

(b) Categories of Personal Data:
Customer may upload, submit, or otherwise provide certain personal data to the Service, the extent of which is typically determined and controlled by Customer in its sole discretion, and may include the following types of personal data:
For OpenVPN’s Access Server and OpenVPN Cloud Solution: Data Importer may process certain information about how a User uses the Subscriber Websites or Apps, including a User’s Internet Protocol (IP) address and other user engagement and interaction metrics and other statistics. For subscriber processing, Data Importer may process name, email address, usernames, passwords and other login credentials as necessary to manage the user’s account.

(c) Sensitive Data Processed (if applicable):
No sensitive data is processed by OpenVPN

(d) Frequency of Processing:
OpenVPN shall process Personal Data in its provision of Services on a continuous basis pursuant to the terms of the Agreement.

(e) Subject Matter and Nature of the Processing:
Storage and other processing necessary to provide, maintain, and improve the Service provided to Customer pursuant to the License Agreement.

(f) Purpose of the Processing:
OpenVPN shall process Customer Data for the Permitted Purposes, which shall include: (i) processing as necessary to provide the Service in accordance with the License Agreement; (ii) processing initiated by Customer in its use of the Service; and (iii) processing to comply with any other reasonable instructions provided by Customer (e.g., via email or support tickets) that are consistent with the terms of the License Agreement.

(g) Duration of Processing and Period for which Personal Data will be retained:
OpenVPN will process Customer Data as outlined in Section 7 (Return or Deletion of Data) of this DPA.

EXHIBIT B – SECURITY MEASURES

The Security Measures applicable to the Service are described here (as updated from time to time in accordance with Section 4.c of this DPA).

MFA is required to access stored data. Access is limited based on least privilege and limited to a small number of importer employees who require access. All data transfer is performed over encrypted connections. Only minimum necessary data is collected. Information Security program is overseen by certified individual (CISSP, CISM, GPEN, GXPN.)

For transfers to (sub-) processors, also describe the specific technical and organizational measures to be taken by the (sub-) processor to be able to provide assistance to the controller and, for transfers from a processor to a sub-processor, to the data exporter.

Sub-processors that are certified in PCI-DSS are used to process credit card transactions. Required transaction information is transferred to importer over encrypted connections.

EXHIBIT C - JURISDICTION-SPECIFIC TERMS

Europe:
Objection to Sub-Processors. Customer may object in writing to OpenVPN’s appointment of a new Sub-Processor within five (5) calendar days of receiving notice in accordance with Section 3.a of the DPA, provided that such objection is based on reasonable grounds relating to data protection. In such event, the parties shall discuss such concerns in good faith with a view to achieving a commercially reasonable resolution. If no such resolution can be reached, OpenVPN will, at its sole discretion, either not appoint such Sub-Processor, or permit Customer to suspend or terminate the affected Service in accordance with the termination provisions in the Agreement without liability to either party (but without prejudice to any fees incurred by Customer prior to suspension or termination).

Government data access requests. As a matter of general practice, OpenVPN does not voluntarily provide government agencies or authorities (including law enforcement) with access to or information about OpenVPN accounts (including Customer Data). If OpenVPN receives a compulsory request (whether through a subpoena, court order, search warrant, or other valid legal process) from any government agency or authority (including law enforcement) for access to or information about a OpenVPN account (including Customer Data) belonging to a data subject whose primary contact information indicates that the data subject is located in Europe, OpenVPN shall: (i) review the legality of the request; (ii) inform the government agency that OpenVPN is a processor of the data; (iii) attempt to redirect the agency to request the data directly from Customer; (iv) notify Customer via email sent to Customer’s primary contact email address of the request to allow Customer to seek a protective order or other appropriate remedy; and (v) provide the minimum amount of information permissible when responding to the agency or authority based on a reasonable interpretation of the request. As part of this effort, OpenVPN may provide the data subject’s primary and billing contact information to the agency. OpenVPN shall not be required to comply with this paragraph if it is legally prohibited from doing so, or it has a reasonable and good-faith belief that urgent access is necessary to prevent an imminent risk of serious harm to any individual, public safety, the OpenVPN website, OpenVPN’s computer network and other assets, or to the Service.

California:
Except as described otherwise, the definitions of: “controller” includes “Business”; “processor” includes “Service Provider”; “data subject” includes “Consumer”; “personal data” includes “Personal Information”; in each case as defined under the CCPA.

For this “California” section of Exhibit C only, “Permitted Purposes” shall include processing Customer Data only for the purposes described in this DPA and in accordance with Customer’s documented lawful instructions as set forth in this DPA, as necessary to comply with applicable law, as otherwise agreed in writing, including, without limitation, in the Agreement, or as otherwise may be permitted for “service providers” under the CCPA.

OpenVPN’s obligations regarding data subject requests, as described in Section 7 of this DPA, extend to rights requests under the CCPA. Notwithstanding any use restriction contained elsewhere in this DPA, OpenVPN shall process Customer Data to perform the Service, for the Permitted Purposes and/or in accordance with Customer’s documented lawful instructions, or as otherwise permitted or required by applicable law.

Notwithstanding any use restriction contained elsewhere in this Exhibit C, OpenVPN may de-identify or aggregate Customer Data as part of performing the Service specified in this DPA and the Agreement.

Where Sub-Processors process the Personal Information of Customer contacts, OpenVPN takes steps to ensure that such Sub-Processors are Service Providers under the CCPA with whom OpenVPN has entered into a written contract that includes terms substantially similar to this “California” section of Exhibit or are otherwise exempt from the CCPA’s definition of “sale”. OpenVPN conducts appropriate due diligence on its Sub-Processors.

Canada:
OpenVPN takes steps to ensure that OpenVPN’s Sub-Processors are third parties under PIPEDA, with whom OpenVPN has entered into a written contract that includes terms substantially similar to this DPA. OpenVPN conducts appropriate due diligence on its SubProcessors.

OpenVPN will implement technical measures set forth in Section 4 of the DPA.

Addendums for EEU, UK, and Switzerland available upon request

Rev. 9.19.2022

OpenVPN has incorporated the new Standard Contractual Clauses (SCCs) that the European Commission published on June 4, 2021 to address data transfers originating from the European Economic Area (EEA).

When OpenVPN is the processor (Importer) of Personal Data transferred from the EEA on behalf of a Controller (Exporter) the SCC clauses apply.

The Swiss Addendum provides the necessary amendments and adaptations to the SCCs for customer data transfers in compliance with Swiss data protection law.

When OpenVPN is the processor (Importer) of Personal Data transferred from the UK on behalf of a Controller (Exporter) the UK DPA Addendum applies.

OpenVPN safeguards the electronic protected health information (ePHI) it creates, receives, maintains, or transmits on behalf of customers that function as business associates of Covered Entities under HIPAA compliance.