ACCEPTABLE USE POLICY
July 1, 2024
PowerPlan’s Acceptable Use Policy (the “Policy”) is designed to provide Clients and their Authorized Users subscribed to either PowerPlan’s SaaS, Cloud Services, or Subscription Services guidance on the appropriate uses of PowerPlan’s Software and Platform. The consistent adherence to the guidelines provided in this Policy works in conjunction with PowerPlan’s obligations in PowerPlan’s Security Policy to enable PowerPlan to provide an environment designed to be safe and secure for all clients subscribed to PowerPlan’s SaaS, Cloud Services, or Subscription Services.
All references to “you” or “your” refer to PowerPlan clients who are accessing or using Software pursuant to an active subscription for SaaS, Cloud Services, or Subscription Services.
To align with current industry standards and to align known and emerging risks, PowerPlan may update this Policy from time to time. The most current version available at https://powerplan.com/legal will apply upon next renewal to your subscription for SaaS, Cloud Services, or Subscription Services, as applicable. PowerPlan will provide a mechanism to obtain notice of updates, and You should check regularly for updates.
Definitions
-
Authorized User means a named individual authorized by you to use the Software, who has been supplied with user credentials for the Software by you or by PowerPlan at your request (thus, counting against the maximum number of named users allotted in an applicable Order Form).
-
Cloud Services means the services provided by PowerPlan to make the Software available remotely over the Internet during the Cloud Term.
-
Hosted Data means the data that an Authorized User loads into the Software or processes or stores using the Software.
-
Maintenance Policy refers to the maintenance policy that is applicable based on the PowerPlan offering procured by Client. For next generation SaaS products, this means the PowerPlan Support Plan for SaaS. For classic SaaS products, this means the PowerPlan Standard Maintenance Policy for SaaS. For Cloud Services, this means the PowerPlan Standard Maintenance Policy for Software Licenses. For Subscription Services, this means the PowerPlan Standard Maintenance Policy for Subscription Services. All are currently posted at https://powerplan.com/legal.
-
Maintenance Services means the support and maintenance services provided by PowerPlan per the applicable agreement between you and PowerPlan, per the Maintenance Policy.
-
Multi-Instance refers to the Solution Platform which provides a unique database per client with a shared application instance.
-
Multi-Tenant refers to the Solution Platform which provides a shared database and application instance.
-
Platform means the information technology infrastructure, including computers, servers, hardware, databases, database management systems, networks, communications infrastructure, devices, websites, and third-party software used by PowerPlan to provide access to the Software pursuant to a subscription for SaaS, Cloud Services, or Subscription Services, as applicable.
-
SaaS means Software as a Service and includes the Software, Platform, applicable documentation, and associated Maintenance Services, as indicated in the applicable agreement between you and PowerPlan.
-
Single-Tenant refers to the Solution Platform which provides a unique database and unique application instance per client.
-
Software means the object code version of the software module(s) identified on the Order Form, including all Modifications thereto.
-
Solution Platform refers to the method in which a Software module is structured and operationally controlled within the hosted environment.
-
Subscription Services means the (i) services that allow Client to access and use the Software only remotely over the Internet during the Subscription Term, and (ii) Maintenance Services; it does not include a license grant.
Your Responsibilities
Technical Requirements.
-
You are responsible for maintaining virus protection and reasonable security measures in place for your own workstations and all your host systems that are networked to those workstations.
-
You must use an internet browser that meets the requirements as published by PowerPlan in the Documentation.
-
You are responsible for configuration of your corporate internet firewall to allow all necessary ports to be used.
-
For purposes of clarity, any technical issues with access or use of the Software will be addressed in accordance with PowerPlan’s Maintenance Services, as applicable.
Data Security.
To enhance data security:
-
You are expected to use discretion in granting administrator privileges to any Authorized Users. You are solely responsible for granting appropriate administrator privileges to the appropriate Authorized Users, recognizing that Authorized Users with administrator privileges will have broad rights to configure and manage access and use rights of other Authorized Users.
-
Access and use of the Software by your Authorized Users is only permitted through the front-end user interface using valid access credentials, including passwords. Backend access to the Platform is strictly prohibited. Client is responsible for maintaining the confidentiality of its passwords and Authorized Users may not share their login identifier or password with other Authorized Users or third parties. You are fully liable for all use of the Software using access credentials issued to or created by your Authorized Users, including any use by a user you did not authorize who accesses the Software using your access credentials. PowerPlan may terminate access credentials and require new access credentials if it believes that the access credential is being used without authorization or contrary to the terms of this Agreement or any Order Form. You agree to promptly notify PowerPlan of any unauthorized use of your access credentials or other breach of security of which you become aware within twenty-four (24) hours.
Data Modification.
-
For Single-Tenant Solution Platforms, you are responsible for testing, validating, and approving in writing any changes which may affect the Software’s processing of your Hosted Data (including any Updates or Upgrades of the Software as defined by the Maintenance Policy) prior to such changes being implemented into your cloud production environment. Additional details on Change Management processes are provided in the Security Policy.
-
For Multi-Instance and Multi-Tenant Solution Platforms, you are responsible for testing, validating, and approving in writing any changes to data which may affect the Software’s processing of your Hosted Data (excluding any Release adoptions as defined by the Maintenance Policy since these updates will be tested by PowerPlan) prior to such changes being implemented into your PowerPlan-hosted production environment. More details on Change Management processes are provided in the Security Policy.
Prohibited Data and Activities
Prohibited Data.
-
The Software is not designed to collect, host, store, or process:
-
critical energy infrastructure information (“CEII”) subject to the Federal Power Act*
-
sensitive personal information, sensitive data, sensitive information, or special categories of personal data as those terms are defined by laws including, but not limited to: the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Colorado Privacy Act, the Connecticut Act Concerning Personal Data Privacy and Online Monitoring, the Delaware Personal Data Privacy Act, the Indiana Consumer Data Protection Act, the Iowa Consumer Data Protection Act, the Montana Consumer Data Privacy Act, the Oregon Consumer Privacy Act, the Tennessee Information Protection Act, the Texas Data Privacy and Security Act, the Utah Consumer Privacy Act, the Virginia Consumer Data Protection Act, the Personal Information Protection and Electronic Documents Act (PIPEDA), the General Data Protection Regulation (GDPR), or the Privacy Act of Australia
-
protected health information subject to the Health Insurance Portability and Accountability Act (HIPAA)
-
information about children under the age of 16 subject to the Children’s Online Privacy Protection Act (COPPA) or similar laws
-
payment card data subject to PCI-DSS
-
ITAR-regulated data subject to International Traffic in Arms Regulations (22 CFR 120)
-
nonpublic personal information subject to the Gramm-Leach-Bliley Act (GLBA)
-
customer proprietary network information subject to the Communications Act (47 U.S. Code § 222) and implementing rules (47 CFR § 64.2001 et seq)
-
You should not enter any such information or data in any free text fields of the Software, and you are solely responsible if you input any such information or data in or through the Software or Platform.
-
You may not submit, or permit your Affiliates or Authorized Users to submit, to the Software or Platform any Hosted Data that includes information or data described above or is illegal, misleading, defamatory, indecent, obscene, in poor taste, threatening, infringing of any third-party proprietary rights, invasive of personal privacy, or otherwise objectionable (collectively, “Prohibited Data”). You are solely responsible for all Hosted Data submitted to the Software and Platform by all Authorized Users.
-
You acknowledge that PowerPlan has no control over Hosted Data and does not purport to monitor the Hosted Data. However, PowerPlan reserves the right to remove Hosted Data from the Software or Platform where it reasonably suspects such Hosted Data is Prohibited Data or otherwise violates the provisions of the Agreement or this Policy. PowerPlan will notify you if it becomes aware of any allegation that Hosted Data may be Prohibited Data or otherwise violates the provisions of the Agreement or this Policy.
* Certain PowerPlan Software modules contemplate inclusion of mailing addresses and/or physical addresses of critical infrastructure within the Hosted Data; however, FERC Order 630, issued on February 21, 2003, and FERC Order 683, issued on September 21, 2008, state that location information which simply identifies the location of the infrastructure is excluded from the definition of CEII.
Use Limitations and Restrictions.
You are not permitted to, and will not permit your Affiliates, Authorized Users, or any other person to, access or use the Software except as expressly permitted under the applicable agreement between you and PowerPlan. Without limiting the generality of the foregoing, you and your Affiliates and Authorized Users are prohibited from:
-
bypassing or breaching any security device or protection used by the Software or Platform or accessing or using the Software other than through the front-end user interface by an Authorized User using their own then valid access credentials;
-
inputting, uploading, transmitting or otherwise providing to or through the Software or Platform any information or materials that are unlawful or injurious, or contain, transmit or activate any virus or malicious code;
-
damaging, destroying, disrupting, disabling, impairing, interfering with or otherwise impeding or harming in any manner the Software or Platform, or PowerPlan's provision of services to any third party, in whole or in part, including the cloud infrastructure that PowerPlan uses to deliver such services;
-
removing, deleting, altering, or obscuring any trademarks, documentation, warranties or disclaimers, or any copyright, trademark, patent or other intellectual property or proprietary rights notices from the Software or Documentation;
-
accessing or using the Software, Documentation, Deliverables, Services, or Platform in any manner or for any purpose that infringes, misappropriates, or otherwise violates any Intellectual Property Rights or other right of any third party, or that violates any applicable Law; or
-
accessing or using the Software, Documentation, Deliverables, or Services for purposes of competitive analysis, the development, provision, or use of a substitutable software service or product, or any other purpose that is to PowerPlan's detriment or commercial disadvantage.
In the event you discover a violation of this Policy, you will be responsible for, and directing your Affiliates and Authorized Users to, immediately: (a) take all reasonable and lawful measures within their respective control that are necessary to stop the activity or threatened activity and to mitigate its effects (including, where applicable, by discontinuing and preventing any unauthorized access to the Software or Platform and permanently erasing from their systems and destroying any data to which any of them have gained unauthorized access); and (b) notify PowerPlan of any such actual or threatened activity within twenty-four (24) hours.