top of page

PRIMA ID DATA SERVICES AGREEMENT

Commercial, Data Processing & Identity-Provider Flow-Down Terms

This Prima ID Data Services Agreement (“DSA”) is entered into pursuant to, incorporated into, and governed by the Master Services Agreement (“MSA”) between Tria Prima, LLC (“Company”) and the Client identified in the applicable Prima ID Order Form (“Client”). This DSA governs Client’s access to and use of the Prima ID Product Services and the processing of data in connection with them. In the event of a conflict between the MSA and this DSA, this DSA shall control with respect to Prima ID and the processing of data, subject to the order of precedence in the MSA. Capitalized terms not defined herein have the meanings set forth in the MSA.

1. Description of Prima ID Services

Prima ID provides integration, orchestration, behavioral tracking, and CRM activation services that enable transmission of website behavioral data, identity resolution performed by an independent third-party identity resolution provider (“Identity Resolution Provider”), delivery of identity results into Client’s CRM, and workflow prioritization within Client’s CRM environment.

 

2. Definitions

“Identity Data” means the identity-resolved records, match results, and enrichment data sourced from the third-party Identity Resolution Provider. “Client Data” means data provided or made available by Client, including website behavioral data. “Derived Insights” means data, reports, analysis, or other output developed by or on behalf of Client that is derived from Identity Data, provided that such output (i) does not contain any Identity Data and (ii) cannot be reverse engineered to obtain the original Identity Data. “Personal Data” means information that identifies, relates to, or could reasonably be linked, directly or indirectly, with a particular individual. “Permitted Use” means the manner in which Client is authorized to use Prima ID and Identity Data as set forth in this DSA and the applicable Order Form. “Applicable Law” means any international, federal, state, or local treaties, laws, rules, regulations, or ordinances applicable to Client’s use of Prima ID and Identity Data.

 

3. Third-Party Identity Resolution; Pass-Through of Provider Requirements

Identity matching and enrichment are performed exclusively by an independent Identity Resolution Provider. Company does not own, control, audit, or warrant the identity graph, underlying data sources, data accuracy, data completeness, or match rates. Identity Data and enrichment signals are provided strictly on an “AS IS” and “AS AVAILABLE” basis. Company disclaims all liability arising from or related to third-party identity data.

Company licenses the identity data services from the Identity Resolution Provider as its customer, and Client is an authorized end user of that data through the Prima ID service. The restrictions, data-protection, records, and deletion obligations set out in this DSA are intended to be back-to-back with, and no less protective than, the requirements that the Identity Resolution Provider imposes on Company. Client’s access to and use of Identity Data is at all times subject to those requirements as passed through in this DSA.

Additional Restrictions. The Identity Resolution Provider may, from time to time, impose additional or modified restrictions on the use of Identity Data, including as required by applicable law, regulatory or self-regulatory guidance, or its data licensors. Company will provide Client with reasonable advance notice of any such additional restrictions to the extent practicable, and Client agrees to comply with them upon notice.

 

4. Data Handling; No Data Retention; Transient Processing

Company will not accept or maintain consumer information, including, but not limited to, personally identifiable information (“PII”) and non-public personal information (“NPI”) as defined in the Gramm-Leach-Bliley Act. Company does not store, retain, aggregate, or maintain consumer Personal Data in connection with Prima ID beyond transient processing necessary for secure transmission and integration, and does not maintain a database of such data. Notwithstanding the foregoing, during a proof-of-concept (“POC”) engagement for which Client has signed the separate POC agreement, data may be maintained in Company’s ‘sandbox’ environment solely during the three (3) week POC period and solely for the purposes of the POC.

 

5. Use Restrictions

Client shall use Prima ID and Identity Data solely for the Permitted Uses, and shall not, and shall not permit any user to, use Prima ID, the Identity Data, or any Derived Insights:

  • to determine any person’s employability, credit worthiness, credit standing, credit capacity, or other characteristic listed in Section 603(d) of the Fair Credit Reporting Act, or for any other purpose requiring compliance with the Fair Credit Reporting Act or similar laws (Prima ID is not a consumer reporting agency and does not constitute a consumer report);

  • to make a decision by automated processing that evaluates, analyzes, or predicts an individual’s characteristics or preferences where the decision results in the provision or denial of financial or lending services, housing, insurance, education enrollment or opportunity, criminal justice, employment opportunities, healthcare services, or access to essential goods or services;

  • in any manner that violates Applicable Law;

  • to build or support any product or service that is competitive with the Identity Resolution Provider’s data services or with Company’s Product Services;

  • in any manner that exceeds the scope of the licenses granted or the limits or restrictions set forth in this DSA or the applicable Order Form; or

  • in connection with any software or service that incorporates a large language model, machine learning, generative artificial intelligence, or any other process generally referred to as artificial intelligence (including, without limitation, operating, training, fine-tuning, embedding, evaluating, or improving any such model).

Client shall not sell, rent, license, sublicense, distribute, or otherwise make Identity Data available to any third party except as expressly permitted in the Order Form.
 

6. AI Restriction; Reconciliation with MSA

The restriction in Section 5(f) is required by the Identity Resolution Provider and, notwithstanding anything in the MSA or any Order Form to the contrary, controls with respect to Identity Data. For clarity, this restriction does not limit Client’s use of artificial intelligence, machine learning, or analytics (including the AI- and machine-learning-powered features built into Client’s CRM, marketing, and workflow systems) as applied to (i) Client’s own first-party data, (ii) Client’s behavioral data, and (iii) Derived Insights that do not themselves contain Identity Data. This Section reconciles the permitted-use provisions of the MSA with the pass-through requirements of this DSA.
 

7. Client Responsibilities and Compliance

Client is solely responsible for: (a) lawful collection of website and other data; (b) maintaining a conspicuously posted privacy policy that complies with Applicable Law and accurately describes the collection, processing, use, and disclosure of data as contemplated by Prima ID; (c) obtaining all notices, consents, and rights required under Applicable Law for the collection and use of data, including any data Client submits to Company or the Identity Resolution Provider; (d) compliance with all applicable privacy, data protection, and marketing laws; and (e) all downstream use of Identity Data within its CRM and marketing systems. Client acknowledges that Company does not provide legal advice and does not monitor Client’s compliance posture.


8. Sensitive Data Prohibition

Client shall not transmit or upload to Company or the Identity Resolution Provider, and shall not request or use Identity Data to assemble or augment, any individually identifiable health information (as defined under the Health Insurance Portability and Accountability Act), payment card information, bank account information, Social Security number, driver’s license information, government identification information, or any similarly sensitive information about any individual.


9. Security; Personal Data; Records

Company shall implement commercially reasonable administrative, technical, and physical safeguards appropriate to the nature of transient data transmission, and shall notify Client without undue delay following confirmation of a material security incident affecting Company-controlled systems. Company does not guarantee prevention of all security incidents. Each party shall provide commercially reasonable security controls to prevent unauthorized access to Personal Data, promptly notify the other of any breach or unauthorized activity relating to such Personal Data of which it becomes aware, and maintain complete and accurate books and records with respect to its activities and disclosures involving Personal Data during the term and for at least two (2) years after termination or expiration. Each party shall comply with its obligations under Applicable Law and provide the level of privacy protection required by Applicable Law.


10. Intellectual Property Ownership

Client retains ownership of Client Data. The Identity Resolution Provider retains ownership of its identity graph and all Identity Data. Company retains ownership of its integration architecture, APIs, orchestration logic, workflow configurations, CRM scoring methodologies, and implementation frameworks. Client shall not use Company’s Confidential Information or proprietary technology to build a competing identity-resolution or orchestration system. For clarity, and subject to the Use Restrictions and the other terms of this DSA, Client remains free to use Prima ID outputs and Derived Insights within its CRM, marketing, and workflow systems for Client’s business purposes.
 

11. Committed Term

For any subscription Product Service with a committed Initial Term stated in an Order Form, the for-convenience termination right in Section 5 (Term and Termination) of the MSA does not apply during that Initial Term. If Client terminates other than for Company’s uncured material breach, Client shall pay the subscription fees for the remainder of the then-current term. This provision reflects Company’s corresponding committed-term obligation to the Identity Resolution Provider. Order Form terms and renewal mechanics apply to the extent set forth in the Order Form.
 

12. Termination of Data Rights; Deletion; Records and Audit

Automatic Termination of Data Rights. All rights to access and use Identity Data automatically terminate upon the expiration or termination of the applicable Order Form, this DSA, or Company’s upstream agreement with the Identity Resolution Provider, whichever occurs first. Deletion on Termination. No later than thirty (30) days following termination or expiration, Client shall irrevocably delete all Identity Data (including identity-resolved match records and identifiers sourced from the Identity Resolution Provider) and, upon request, execute the Data Deletion Acknowledgement in the form attached as Exhibit A. For clarity, Client is not required to delete (i) data already in Client’s possession prior to obtaining it from Company, or (ii) Derived Insights developed in compliance with this DSA prior to termination.

Records and Audit. Client shall maintain business and financial records for a rolling period of three (3) years sufficient to verify Client’s compliance with this DSA, including that its use of Identity Data complies with this DSA and that Identity Data has been deleted as required. Upon Company’s reasonable request (including where required by the Identity Resolution Provider), Client shall provide written confirmation of compliance and, where applicable, SQL logs or similar evidence reasonably requested to confirm deletion. If such evidence reveals that Client has failed to delete Identity Data as required, Client shall, on demand, pay the proportionate (pro-rata) fees that would have applied to maintain such Identity Data for the period between termination and the date of confirmation.
 

13. Service Level Commitment

Company will use commercially reasonable efforts to maintain availability of its integration and orchestration infrastructure at a target uptime of 95% measured monthly, excluding: (a) scheduled maintenance; (b) downtime caused by third-party identity providers; (c) CRM platform outages; (d) force majeure events; and (e) issues caused by Client systems or integrations.


14. Limitation of Liability (Prima ID Override)

Notwithstanding anything in the MSA to the contrary, Company’s total aggregate liability arising from Prima ID shall not exceed the total subscription fees paid for Prima ID during the one (1) month preceding the event giving rise to the claim. Company shall not be liable for regulatory fines, identity data inaccuracies, third-party data claims, lost profits, reputational harm, or indirect or consequential damages.

15. Indemnification Scope

Company shall indemnify Client solely for third-party claims alleging that Company’s proprietary integration technology directly infringes a valid U.S. intellectual property right. Company shall have no indemnification obligation for claims arising from identity data, third-party providers, Client tracking activities, privacy disclosures, or downstream business decisions.

Client Indemnity. Client shall defend, indemnify, and hold harmless Company (and, as applicable, the Identity Resolution Provider) from any claims and losses arising from Client’s breach of this DSA, violation of Applicable Law, or misuse of Identity Data, including any resulting claim against Company by the Identity Resolution Provider or its data licensors. Because this obligation flows down from the Identity Resolution Provider’s requirements, it is not limited by the liability cap in the MSA.

 

16. Acceptable Use; Rate Limit

If web-visitor identification or customer-recognition functionality is provided, Client shall comply with the applicable Acceptable Use Policy supplied by Company. Client’s API usage shall not exceed 6,000 queries per minute in the aggregate across the bundle. Batch or file-based processing requests are billed at $1,000 per file unless otherwise quoted in the Order Form.

 

17. Legal Proceedings; Cooperation; Professional Fees

Company shall not be required to participate in, respond to, defend, or appear in connection with any consumer claim, class action, regulatory inquiry, subpoena, or proceeding arising from Client’s tracking activities, privacy notices, consent mechanisms, or downstream data use. If Client requests Company’s assistance in connection with any such matter, Company may, at its sole discretion, provide assistance pursuant to a separate written engagement. All such assistance shall be billed at Company’s then-current hourly professional services rate plus reasonable expenses. Company shall have no obligation to provide assistance absent such written agreement.

18. Dispute Resolution; Mandatory Mediation

Prior to initiating arbitration or litigation related to Prima ID, the parties agree to participate in non-binding mediation administered by a mutually agreed mediator. Mediation shall occur within thirty (30) days of written notice of dispute. Each party shall bear its own costs. Nothing herein prevents either party from seeking injunctive relief where necessary to prevent irreparable harm.

bottom of page