Terms of Service

This Terms of Service Agreement ("Agreement") is a legally binding contract between ConsentStack LLC, a California limited liability company ("ConsentStack," "we," "us," or "our"), with its principal place of business at 23046 Avenida De La Carlota, Suite #600, Laguna Hills, California 92653, and the entity or individual ("Customer," "you," or "your") who accesses or uses the ConsentStack platform and services.

BY CLICKING "I AGREE," CREATING AN ACCOUNT, EXECUTING AN ORDER FORM, OR ACCESSING OR USING THE SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THIS AGREEMENT. IF YOU ARE ACCEPTING ON BEHALF OF AN ENTITY, YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY TO THIS AGREEMENT. IF YOU DO NOT AGREE TO THESE TERMS, DO NOT ACCESS OR USE THE SERVICES.

1. Agreement to Terms

1.1 Acceptance

This Agreement becomes effective on the earliest of the following (the "Effective Date"): (a) the date you click "I Agree" or a similar acceptance mechanism; (b) the date you create a ConsentStack account; (c) the date you execute an Order Form referencing this Agreement; or (d) the date you first access or use the Services. If you register using a work email address, you accept this Agreement on behalf of the entity that owns that email domain.

1.2 Eligibility

You must be at least eighteen (18) years of age or the age of majority in your jurisdiction, whichever is greater, to use the Services. The Services are intended for business use only and are not directed at consumers.

1.3 Modifications

ConsentStack may modify this Agreement from time to time. We will provide at least thirty (30) days' prior written notice of material changes via email or notification within the Dashboard. Your continued use of the Services after the effective date of such modifications constitutes acceptance of the modified Agreement. For material changes that alter your rights or obligations, we will seek affirmative consent from existing subscribers before such changes take effect.

2. The Services

2.1 Description

ConsentStack provides a cloud-based consent management platform (the "Services") consisting of: (a) a web-based dashboard application for configuring consent experiences, managing websites and domains, and viewing analytics (the "Dashboard"); (b) a JavaScript software development kit for deployment on Customer's websites (the "SDK"); (c) edge API endpoints for consent configuration delivery and consent event logging; and (d) platform integrations for transmitting consent signals to third-party services, including but not limited to Google Consent Mode v2, Meta, TikTok, Microsoft, Pinterest, and LinkedIn.

2.2 Business-to-Business Designation

The Services are directed exclusively at business-to-business customers. By using the Services, you represent that you are acting in a business capacity and not as a consumer.

2.3 Not Legal Advice

THE SERVICES, DOCUMENTATION, AND ANY COMMUNICATIONS FROM CONSENTSTACK DO NOT CONSTITUTE LEGAL ADVICE AND ARE NOT INTENDED TO BE RELIED UPON AS LEGAL ADVICE. CONSENTSTACK PROVIDES CONSENT MANAGEMENT TOOLS TO FACILITATE COMPLIANCE BUT DOES NOT GUARANTEE COMPLIANCE WITH ANY LAW, REGULATION, OR STANDARD. CUSTOMER IS SOLELY RESPONSIBLE FOR: (A) DETERMINING APPLICABLE LEGAL REQUIREMENTS IN ITS JURISDICTION(S); (B) ENSURING CORRECT AND COMPLIANT IMPLEMENTATION OF THE SDK; (C) APPROPRIATE CATEGORIZATION OF COOKIES, TRACKERS, AND SCRIPTS; AND (D) SEEKING INDEPENDENT LEGAL COUNSEL FOR COMPLIANCE QUESTIONS.

2.4 No Compliance Guarantee

ConsentStack does not warrant that use of the Services will result in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the ePrivacy Directive, or any other privacy law, regulation, or standard. Compliance depends on many factors outside of ConsentStack's control, including Customer's implementation, configuration, and applicable legal requirements.

3. Account Registration

3.1 Account Information

To use the Services, you must create an account and provide accurate, complete, and current registration information. You agree to update your registration information promptly to keep it accurate and current. ConsentStack may suspend or terminate accounts that contain inaccurate or misleading information.

3.2 Account Security

You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. You agree to immediately notify ConsentStack of any unauthorized use of your account or any other breach of security.

3.3 One Account Per Entity

Each ConsentStack account must correspond to a single person or legal entity. Shared accounts are not permitted.

4. Customer Responsibilities

4.1 Legal Compliance

Customer shall comply with all applicable laws, regulations, and industry standards in the jurisdictions in which Customer operates, including all applicable data protection and privacy laws. Customer shall conspicuously post and maintain a legally sufficient privacy notice on all websites and properties where data is collected via the Services.

4.2 Implementation

Customer is solely responsible for: (a) correct implementation and deployment of the SDK on Customer's websites; (b) accurate categorization of cookies, trackers, and scripts into appropriate consent categories; (c) verification that cookies categorized as "strictly necessary" or "essential" are truly required for the basic functioning of Customer's website; (d) ensuring that all domains registered with the Services are accurately entered and publicly accessible; and (e) proper configuration of consent rules, regional settings, and consent models appropriate for Customer's jurisdictions.

4.3 Operational Obligations

Customer shall: (a) maintain appropriate access controls for team members and promptly revoke access when no longer authorized; (b) ensure Customer has all necessary rights, consents, and permissions to collect data from end-users through the Services; (c) remove all ConsentStack SDK code and references from its websites promptly upon termination of this Agreement; and (d) independently verify that ConsentStack's default configurations are appropriate for Customer's compliance requirements and not rely on such defaults as legal guidance.

5. Prohibited Uses

5.1 General Restrictions

Customer shall not: (a) make the Services available to any unauthorized third party; (b) resell, sublicense, rent, or lease the Services; (c) modify, copy, or create derivative works of the Services; (d) reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of the Services, except to the extent expressly permitted by applicable law; (e) use the Services for competitive analysis, benchmarking, or monitoring; (f) introduce viruses, worms, Trojan horses, or other malicious code into the Services; (g) interfere with or disrupt the integrity or performance of the Services or their underlying infrastructure; (h) access the Services through any automated, illegal, or unconventional means other than through documented APIs; or (i) use the Services in violation of applicable export control or sanctions laws and regulations.

5.2 CMP-Specific Restrictions

Customer shall not: (a) use the Services to intentionally circumvent or defeat the purpose of consent collection, including but not limited to configuring consent banners designed to manipulate, coerce, or trick end-users into providing consent; (b) deploy the SDK on domains not registered to Customer's ConsentStack account; (c) submit false, misleading, or fabricated consent data to the ConsentStack logging endpoints; or (d) use the Services to facilitate the collection of personal data from children under the age of sixteen (16) without implementing appropriate parental or guardian consent mechanisms as required by applicable law.

6. Fees and Payment

6.1 Subscription Fees

The Services are offered in subscription tiers (currently Basic, Pro, Business, and Enterprise) as described on the ConsentStack pricing page or in an applicable Order Form. Subscription fees are charged per site, not per account, and are billed monthly or annually as selected by Customer.

6.2 Payment Terms

All fees are due in advance of each billing period. Payment shall be made by credit card or other payment method accepted by ConsentStack and processed through our third-party payment processor, Stripe. All fees are quoted and payable in United States Dollars (USD). Late payments shall accrue interest at the rate of one and one-half percent (1.5%) per month or the maximum rate permitted by applicable law, whichever is lower.

6.3 Auto-Renewal and Price Changes

Subscriptions automatically renew for successive periods of the same duration unless Customer provides notice of non-renewal at least thirty (30) days before the end of the then-current term. ConsentStack will provide at least thirty (30) days' notice of any price increase. Price increases shall not exceed ten percent (10%) above the then-current list price per renewal period and shall take effect at the next renewal date.

6.4 Taxes

All fees are exclusive of applicable taxes. Customer is responsible for all sales, use, value-added, goods and services, and similar taxes, except for taxes based on ConsentStack's net income. If ConsentStack is required to collect such taxes, they will be added to Customer's invoice.

6.5 Add-Ons

Additional domains and MAU (Monthly Active Users) capacity add-ons are available at the rates set forth on the pricing page. MAU add-ons are available for the Business tier only. Add-on fees are prorated for the current billing period and renew with the underlying subscription.

6.6 Automatic Tier Upgrades

When a paid plan's MAU cap is exceeded: (a) for the Pro tier, the banner will continue serving and Customer's plan will be automatically upgraded to the Business tier at the start of the next billing cycle, with advance notice; and (b) for the Business tier, a thirty (30) day grace period applies during which Customer may purchase MAU add-ons at the rates on the pricing page.

6.7 Refunds and Downgrades

Annual prepayments are non-refundable upon early cancellation. For monthly subscriptions, no refund will be issued for the current billing period upon cancellation. ConsentStack may issue refunds at its sole discretion. Downgrades to a lower plan tier take effect at the end of the current billing period. Features exceeding the lower tier's limits will be removed or reduced at the downgrade effective date.

7. Free Tier

7.1 Scope

The Basic plan is provided at no cost, subject to the usage limitations published on the ConsentStack pricing page, which currently include a cap on Monthly Active Users, a limit on the number of registered domains, a limit on team members, and the exclusion of analytics and consent log retention.

7.2 Reduced Protections

For Customers on the free Basic plan: (a) ConsentStack's intellectual property indemnification obligations under Section 14.1 do not apply; (b) ConsentStack provides no service level commitments or uptime guarantees; and (c) support is limited to community resources and publicly available documentation.

7.3 Modification and Termination

ConsentStack may alter the features, usage limits, or availability of the free tier at any time without prior notice. ConsentStack may terminate free accounts that have been inactive for ninety (90) consecutive days. ConsentStack shall have no liability for termination of or material changes to the free tier.

7.4 Enforcement at Cap

When MAU usage reaches one hundred percent (100%) of the free tier limit, the SDK will cease serving consent banners on Customer's websites until Customer upgrades to a paid plan. Customer is responsible for exporting any data before cap enforcement or termination.

7.5 Branding

The free Basic plan includes "Powered by ConsentStack" branding on the consent banner. This branding may not be removed, obscured, or modified without upgrading to a paid plan.

8. Intellectual Property

8.1 ConsentStack Ownership

ConsentStack retains all right, title, and interest in and to the Services, including the Dashboard, SDK, edge functions, APIs, Documentation, and all related intellectual property rights. This includes all improvements, modifications, derivative works, and enhancements to the Services, whether or not incorporating Customer feedback. Nothing in this Agreement transfers ownership of any ConsentStack intellectual property to Customer.

8.2 Customer Ownership

Customer retains all right, title, and interest in and to Customer Data (as defined in Section 9) and Customer's websites, applications, and content.

8.3 License Grants

Customer grants ConsentStack a non-exclusive, worldwide license to host, process, display, and transmit Customer Data solely as necessary to provide the Services. This license terminates upon termination of this Agreement, subject to the post-termination data retrieval period described in Section 15.5. ConsentStack grants Customer a non-exclusive, non-transferable, non-sublicensable license during the Term to access and use the Services in accordance with this Agreement and the applicable plan tier, including a license to deploy the SDK on Customer's registered domains for the purpose of consent collection.

8.4 Feedback

Any suggestions, ideas, enhancement requests, recommendations, or other feedback provided by Customer regarding the Services ("Feedback") may be used by ConsentStack perpetually and irrevocably for any business purpose, without accounting, attribution, or compensation to Customer. Customer hereby assigns to ConsentStack all right, title, and interest in and to such Feedback.

8.5 Marketing Rights

ConsentStack may use Customer's name and logo to identify Customer as a user of the Services in marketing materials and on ConsentStack's website, subject to Customer's trademark usage guidelines. Customer may revoke this right at any time upon written notice to ConsentStack.

9. Customer Data

9.1 Customer Data

"Customer Data" means data that Customer provides, uploads, or generates through the Services, including site configurations, consent banner settings, team member information, domain registrations, document metadata, and script categorization rules.

9.2 Consent Data

"Consent Data" means data collected by the SDK from Customer's end-users, including pseudonymized visitor identifiers (which are one-way hashed before storage), consent decisions per category, event types and actions, device type, resolved region and language, interaction timing, and banner metrics. ConsentStack does not collect names, email addresses, IP addresses, or other directly identifying information from end-users. Consent Data is processed on Customer's behalf and treated as Customer Data for purposes of ownership and data protection obligations under this Agreement.

9.3 ConsentStack Data

"ConsentStack Data" means: (a) aggregated, de-identified, or anonymized data derived from Customer Data and Consent Data that cannot reasonably be used to identify Customer, Customer's end-users, or any individual; (b) system performance metrics, uptime statistics, and infrastructure telemetry; and (c) usage patterns and product analytics. ConsentStack may collect, use, and disclose ConsentStack Data for any lawful business purpose, including product improvement, industry benchmarking, research, and machine learning model training. ConsentStack Data is and remains the sole property of ConsentStack. Customer may not restrict ConsentStack's use of general knowledge, techniques, or learnings acquired in the course of providing the Services, provided that such use does not reveal Customer's Confidential Information.

9.4 Data Processing

ConsentStack processes Customer Data and Consent Data as a data processor (or "service provider" under the CCPA) on behalf of Customer, as further described in the Data Processing Agreement ("DPA") incorporated herein by reference. To the extent the DPA has not yet been published, the following provisions apply and shall be superseded by the DPA upon its publication: (a) ConsentStack shall not sell Personal Information (as defined by the CCPA) received from Customer; (b) ConsentStack shall not retain, use, or disclose Personal Information for any purpose other than the specific business purpose of providing the Services under this Agreement; (c) ConsentStack may disclose Personal Information to its own sub-processors, provided such sub-processors are bound by contractual obligations at least as protective as those set forth herein; and (d) ConsentStack shall reasonably assist Customer in responding to verifiable consumer requests under the CCPA.

9.5 Data Retention

Consent logs are collected for all plan tiers but retained only per the applicable plan's retention schedule: purged promptly for the Basic plan (no long-term retention), thirty (30) days for the Pro plan, three hundred sixty-five (365) days for the Business plan, and a custom period for Enterprise plans as set forth in the applicable Order Form. Upon termination of this Agreement, Customer has thirty (30) days to export Customer Data, after which ConsentStack will delete Customer Data in accordance with Section 15.5.

10. Third-Party Integrations

10.1 Scope

The Services integrate with third-party platforms including but not limited to Google (Consent Mode v2), Meta (Pixel), TikTok, Microsoft (UET), Pinterest, LinkedIn, and third-party payment processors.

10.2 No Guarantee of Availability

ConsentStack does not guarantee the continued availability, accuracy, or compatibility of any third-party integration. Third-party platforms may modify their APIs, protocols, or requirements at any time, which may affect integration functionality. ConsentStack will use commercially reasonable efforts to maintain integrations but shall not be liable for disruptions caused by third-party changes.

10.3 Customer Responsibility

Customer is solely responsible for compliance with the terms of service, policies, and requirements of each third-party platform Customer uses in connection with the Services. Customer is responsible for maintaining any required accounts, API keys, or credentials with third-party platforms. Customer grants ConsentStack permission to transmit consent signals and data to third-party platforms as configured by Customer. Customer must promptly remove or disable integrations if required by applicable law or third-party platform terms.

10.4 Disclaimer

ConsentStack is not responsible for the acts, omissions, data practices, or policies of any third-party platform. ConsentStack makes no representation or warranty regarding the accuracy or completeness of consent signals delivered to third-party platforms.

10.5 Right to Disable

ConsentStack may disable or restrict any third-party integration if ConsentStack reasonably believes that the integration violates applicable law, infringes third-party rights, or poses a security risk to the Services.

11. Confidentiality

11.1 Definition

"Confidential Information" means all non-public information disclosed by one party (the "Disclosing Party") to the other party (the "Receiving Party"), whether orally, in writing, or electronically, that is designated as confidential or that a reasonable person would understand to be confidential given the nature of the information and the circumstances of disclosure. Confidential Information includes the terms and conditions of this Agreement (including pricing), Customer Data, ConsentStack's proprietary technology and trade secrets, business plans, and security architecture.

11.2 Exclusions

Confidential Information does not include information that: (a) is or becomes publicly available without breach by the Receiving Party; (b) is independently developed by the Receiving Party without use of or reference to the Disclosing Party's Confidential Information; (c) is rightfully received from a third party without restriction on disclosure; or (d) was previously known to the Receiving Party without obligation of confidence.

11.3 Obligations

The Receiving Party shall: (a) protect the Disclosing Party's Confidential Information with at least the same degree of care it uses for its own confidential information, and in no event less than reasonable care; (b) not disclose Confidential Information except to employees, contractors, and agents who need to know and who are bound by confidentiality obligations at least as protective as those herein; and (c) not use Confidential Information for any purpose other than as necessary to exercise its rights or perform its obligations under this Agreement.

11.4 Compelled Disclosure

If the Receiving Party is compelled by law, regulation, or legal process to disclose Confidential Information, it may do so provided it gives the Disclosing Party reasonable prior written notice (to the extent legally permitted) and cooperates with the Disclosing Party's reasonable efforts to obtain protective treatment for the disclosed information.

11.5 Injunctive Relief

Both parties acknowledge that a breach of confidentiality obligations may cause irreparable harm for which monetary damages would be inadequate. Accordingly, the Disclosing Party shall be entitled to seek injunctive or equitable relief in any court of competent jurisdiction without the requirement of posting a bond or proving actual damages.

11.6 Duration

Confidentiality obligations under this Section 11 shall survive termination of this Agreement for a period of five (5) years, except with respect to trade secrets, which shall remain protected for as long as they qualify as trade secrets under applicable law.

12. Warranties and Disclaimers

12.1 ConsentStack Warranties

ConsentStack warrants that: (a) the Services will perform materially in accordance with the Documentation during the Term; (b) ConsentStack will provide the Services in a professional and workmanlike manner consistent with generally accepted industry standards; and (c) ConsentStack has the authority to enter into this Agreement and grant the rights and licenses herein.

12.2 Customer Warranties

Customer warrants that: (a) Customer has the authority to enter into this Agreement and to bind the entity on whose behalf it is accepted; (b) Customer owns or has the necessary rights to all domains registered with the Services; and (c) Customer's use of the Services will comply with all applicable laws and this Agreement.

12.3 Disclaimer

EXCEPT AS EXPRESSLY SET FORTH IN SECTION 12.1, THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE." CONSENTSTACK DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. CONSENTSTACK DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR SECURE, THAT DEFECTS WILL BE CORRECTED, OR THAT THE SERVICES OR THE SERVERS THAT MAKE THEM AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS.

12.4 CMP-Specific Disclaimers

WITHOUT LIMITING THE FOREGOING, CONSENTSTACK DOES NOT WARRANT THAT: (A) THE SERVICES WILL ENSURE COMPLIANCE WITH ANY LAW, REGULATION, OR STANDARD, INCLUDING BUT NOT LIMITED TO GDPR, CCPA, THE EPRIVACY DIRECTIVE, OR ANY OTHER PRIVACY LAW; (B) COOKIE OR TRACKER DETECTION RESULTS WILL BE COMPLETE OR ACCURATE; (C) CONSENT SIGNALS DELIVERED TO THIRD-PARTY PLATFORMS WILL BE RECEIVED OR PROCESSED CORRECTLY BY THOSE PLATFORMS; OR (D) GEO-DETECTION OF END-USER LOCATIONS WILL BE ACCURATE IN ALL CASES.

13. Limitation of Liability

13.1 Exclusion of Consequential Damages

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, REVENUE, DATA, BUSINESS OPPORTUNITIES, OR GOODWILL, REGARDLESS OF THE CAUSE OF ACTION OR THEORY OF LIABILITY, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

13.2 Exclusion of Regulatory Fines

THIS EXCLUSION EXPRESSLY INCLUDES ANY REGULATORY FINES, PENALTIES, OR SANCTIONS IMPOSED ON CUSTOMER BY ANY GOVERNMENTAL OR REGULATORY AUTHORITY ARISING FROM CUSTOMER'S FAILURE TO COMPLY WITH APPLICABLE PRIVACY LAWS, REGARDLESS OF WHETHER CUSTOMER'S USE OF THE SERVICES CONTRIBUTED TO SUCH NON-COMPLIANCE.

13.3 Liability Cap

EXCEPT FOR THE CARVE-OUTS SET FORTH IN SECTION 13.4, CONSENTSTACK'S AGGREGATE LIABILITY UNDER THIS AGREEMENT SHALL NOT EXCEED THE TOTAL FEES PAID BY CUSTOMER TO CONSENTSTACK IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM (THE "STANDARD CAP"). FOR INDEMNIFICATION OBLIGATIONS UNDER SECTION 14, THE CAP SHALL BE TWO TIMES (2X) THE STANDARD CAP. FOR CUSTOMERS ON THE FREE BASIC PLAN, THE STANDARD CAP SHALL BE ONE HUNDRED UNITED STATES DOLLARS ($100).

13.4 Carve-Outs

The limitations set forth in Sections 13.1 through 13.3 shall not apply to: (a) either party's gross negligence or willful misconduct; (b) either party's breach of its confidentiality obligations under Section 11; (c) Customer's payment obligations under Section 6; or (d) either party's indemnification obligations arising from infringement of third-party intellectual property rights under Section 14.

14. Indemnification

14.1 ConsentStack Indemnification

ConsentStack shall defend, indemnify, and hold harmless Customer from and against any third-party claim alleging that the Services, as provided by ConsentStack, infringe or misappropriate any third-party patent, copyright, trademark, or trade secret (an "IP Claim"). This obligation does not extend to claims arising from: (a) modifications made by Customer; (b) combination of the Services with products, services, or technologies not provided or contemplated by ConsentStack; (c) Customer's failure to use the most current version of the SDK when made available by ConsentStack; or (d) Customer's use of the Services in violation of this Agreement. This Section 14.1 does not apply to Customers on the free Basic plan.

14.2 IP Remediation

If the Services are found to infringe or if ConsentStack reasonably believes they may infringe, ConsentStack may at its option: (a) procure the right for Customer to continue using the Services; (b) modify the Services to make them non-infringing without material degradation of functionality; or (c) if neither (a) nor (b) is commercially practicable, terminate this Agreement and refund to Customer any prepaid fees for the unused portion of the then-current Term.

14.3 Customer Indemnification

Customer shall defend, indemnify, and hold harmless ConsentStack from and against any third-party claim arising from: (a) Customer Data or data collected from Customer's end-users; (b) Customer's implementation or use of the Services in violation of applicable law; (c) Customer's breach of this Agreement; or (d) Customer's use of third-party integrations in connection with the Services.

14.4 Indemnification Procedure

The indemnified party shall: (a) provide prompt written notice of the claim to the indemnifying party (provided that failure to provide prompt notice shall not relieve the indemnifying party of its obligations except to the extent materially prejudiced by such failure); (b) grant the indemnifying party sole control of the defense and settlement of the claim; and (c) provide reasonable cooperation to the indemnifying party at the indemnifying party's expense. The indemnifying party shall not enter into any settlement that imposes liability or obligations on the indemnified party without the indemnified party's prior written consent.

15. Term and Termination

15.1 Term

This Agreement begins on the Effective Date and continues until terminated in accordance with this Section 15. Each subscription term shall automatically renew as set forth in Section 6.3.

15.2 Termination for Cause

Either party may terminate this Agreement upon written notice if the other party materially breaches this Agreement and fails to cure such breach within thirty (30) days of receiving written notice thereof. For non-payment, the cure period shall be five (5) business days. Either party may terminate this Agreement immediately upon written notice if the other party becomes subject to insolvency proceedings, makes an assignment for the benefit of creditors, or ceases to operate in the ordinary course of business.

15.3 Termination for Convenience

Customer may cancel a paid subscription at any time; cancellation takes effect at the end of the current billing period, and no refund will be issued for the remaining period. ConsentStack may terminate free accounts at any time without cause upon thirty (30) days' prior written notice. ConsentStack may terminate paid accounts without cause upon ninety (90) days' prior written notice.

15.4 Effect of Termination on SDK

Upon termination, ConsentStack will cease serving configuration data to the SDK. The SDK will fail gracefully: consent banners will not render, and script blocking will cease. Customer acknowledges that if Customer fails to remove the SDK code from its websites after termination, third-party scripts on Customer's websites will execute without consent controls. Customer is solely responsible for removing all ConsentStack SDK code and references from its websites promptly upon termination.

15.5 Post-Termination Data

Customer shall have thirty (30) days following the effective date of termination to export Customer Data via the Dashboard or documented APIs. After the thirty (30) day retrieval period, ConsentStack will delete all Customer Data, except as required by law or for legitimate business purposes such as billing records and dispute resolution. Consent logs shall be deleted in accordance with the retention schedule applicable to Customer's plan tier.

15.6 Termination for Customer Breach

If this Agreement is terminated by ConsentStack for Customer's material breach under Section 15.2, Customer shall remain liable for all fees due for the remainder of the then-current subscription Term.

15.7 Survival

The following Sections shall survive any termination or expiration of this Agreement: 5 (Prohibited Uses), 8 (Intellectual Property), 9 (Customer Data, solely with respect to data deletion obligations), 11 (Confidentiality), 12 (Warranties and Disclaimers), 13 (Limitation of Liability), 14 (Indemnification), 16 (Governing Law and Dispute Resolution), and 17 (General Provisions).

16. Governing Law and Dispute Resolution

16.1 Governing Law

This Agreement shall be governed by and construed in accordance with the laws of the State of California, without regard to its conflict of laws principles.

16.2 Informal Resolution

Before initiating any formal proceeding, the parties shall attempt in good faith to resolve any dispute arising out of or relating to this Agreement through informal negotiation. The party raising the dispute shall provide written notice describing the nature of the dispute and proposed resolution. The parties shall negotiate in good faith for a period of one hundred twenty (120) days following such notice before commencing formal proceedings.

16.3 Binding Arbitration

If a dispute is not resolved through informal negotiation under Section 16.2, the dispute shall be resolved by final and binding arbitration administered by the American Arbitration Association ("AAA") under its Commercial Arbitration Rules then in effect. The arbitration shall be conducted by a single arbitrator in Orange County, California. The arbitrator's decision shall be final and binding, and judgment on the award may be entered in any court of competent jurisdiction. Each party shall bear its own costs and attorney's fees, unless the arbitrator determines that a party's claim or defense was frivolous, in which case the arbitrator may award reasonable attorney's fees to the prevailing party.

16.4 Small Claims Exception

Notwithstanding Section 16.3, either party may bring a claim in small claims court in Orange County, California, if the claim falls within that court's jurisdictional limits.

16.5 Class Action Waiver

CUSTOMER AGREES THAT ANY DISPUTE RESOLUTION PROCEEDINGS UNDER THIS AGREEMENT WILL BE CONDUCTED ONLY ON AN INDIVIDUAL BASIS AND NOT IN A CLASS, CONSOLIDATED, OR REPRESENTATIVE ACTION. THE ARBITRATOR MAY NOT CONSOLIDATE MORE THAN ONE PERSON'S CLAIMS AND MAY NOT OTHERWISE PRESIDE OVER ANY FORM OF A REPRESENTATIVE OR CLASS PROCEEDING.

16.6 Injunctive Relief Exception

Notwithstanding the foregoing, either party may seek injunctive or equitable relief in any court of competent jurisdiction to protect its intellectual property rights or Confidential Information without first engaging in the informal resolution or arbitration procedures set forth above.

17. General Provisions

17.1 Entire Agreement

This Agreement, together with all Order Forms, the Data Processing Agreement, and any policies expressly referenced herein, constitutes the entire agreement between the parties with respect to the subject matter hereof and supersedes all prior or contemporaneous agreements, representations, and understandings, whether written or oral.

17.2 Order of Precedence

In the event of a conflict among the documents constituting this Agreement, the following order of precedence shall apply (from highest to lowest): (a) amendments to this Agreement; (b) the Data Processing Agreement; (c) Order Forms; (d) this Agreement.

17.3 Severability

If any provision of this Agreement is held to be invalid, illegal, or unenforceable, the remaining provisions shall remain in full force and effect. The invalid provision shall be modified to the minimum extent necessary to make it valid, legal, and enforceable while preserving the parties' original intent.

17.4 Waiver

The failure of either party to enforce any provision of this Agreement shall not constitute a waiver of that party's right to enforce that provision or any other provision in the future.

17.5 Assignment

Neither party may assign this Agreement without the prior written consent of the other party, except that either party may assign this Agreement without consent in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets, provided that the assignee agrees in writing to be bound by this Agreement. Any purported assignment in violation of this Section shall be void.

17.6 Force Majeure

Neither party shall be liable for any delay or failure to perform its obligations (other than payment obligations) caused by events beyond its reasonable control, including but not limited to acts of God, natural disasters, war, terrorism, pandemics, government orders or restrictions, labor disputes, internet or telecommunications failures, or third-party service outages. The affected party shall provide prompt written notice and shall use commercially reasonable efforts to mitigate the impact of the force majeure event.

17.7 Independent Contractors

The parties are independent contractors. Nothing in this Agreement creates a partnership, joint venture, agency, or employment relationship between the parties.

17.8 No Third-Party Beneficiaries

This Agreement is for the sole benefit of the parties and their permitted successors and assigns. Nothing in this Agreement confers upon any third party any right, benefit, or remedy.

17.9 Notices

All notices under this Agreement must be in writing and shall be deemed given when: (a) delivered by email with confirmation of receipt to the email address associated with the recipient's account (or, for ConsentStack, to [email protected]); (b) delivered by nationally recognized overnight courier; or (c) sent by certified or registered mail, return receipt requested. ConsentStack may also provide notices through the Dashboard.

17.10 Export Compliance

Customer shall not use or export the Services in violation of applicable United States export control laws and regulations, including the Export Administration Regulations (EAR) and sanctions programs administered by the Office of Foreign Assets Control (OFAC).

17.11 Government Use

If Customer is a United States government entity, the Services are provided as "commercial computer software" and "commercial computer software documentation" as defined in FAR 12.212 and DFARS 227.7202. Use, duplication, or disclosure by the U.S. government is subject to the restrictions set forth in this Agreement.

17.12 Marketing

ConsentStack may identify Customer as a user of the Services in marketing materials and on ConsentStack's website. Customer may revoke this permission at any time by providing written notice to ConsentStack.

17.13 Contact Information

ConsentStack LLC 23046 Avenida De La Carlota, Suite #600 Laguna Hills, California 92653 Email: [email protected]