Contracts
Managed Inference TOS for Open Router Customers
Effective February 18th 2025
DownloadTable of Contents
Crusoe Managed Inference Terms of Service for Open Router Customers
As a user of OpenRouter LLC’s (“Open Router”) services, we welcome you to Crusoe’s Managed Inference Service! Our service provides access to cutting edge artificial intelligence models, powered by some of the world’s most powerful GPUs.
These terms of service (together, the “Agreement”) outlines the terms regarding your use of our Services. This Agreement is a legally binding contract between Crusoe Energy Systems, LLC (along with its Affiliates, “Crusoe,” “We,” “Us,” or “Our”) and the entity or person agreeing to these terms (“Customer,” “You,” “Your,” “Yourself”), so please read carefully. If you do not agree with these terms, do not register or use any of our Services.
This Agreement is in effect when Customer first accesses the Services (the “Effective Date”). If you are accepting on behalf of Customer, you represent and warrant that (a) you have full legal authority to bind Customer to this Agreement; (b) you have read and understand this Agreement; and (c) you agree, on behalf of Customer, to this Agreement.
Definitions
- “Affiliate” means any entity that directly or indirectly Controls, is Controlled by, or is under common Control with a party.
- “Anti-Bribery Laws” means all applicable commercial and public anti-bribery laws, including the U.S. Foreign Corrupt Practices Act of 1977 and the UK Bribery Act 2010, that prohibit corrupt offers of anything of value, either directly or indirectly, to anyone, including government officials, to obtain or keep business or to secure any other improper commercial advantage. Government officials include: any government employees, candidates for public office, members of royal families, and employees of government-owned or government-controlled companies, public international organizations, and political parties.
- “AUP” means the then-current acceptable use policy for the Services stated at Acceptable Use Policy.
- “Brand Features” means the trade names, trademarks, service marks, logos, domain names, and other distinctive brand features of each party, respectively, as secured by such party from time to time.
- “Confidential Information” means information that one party (or an Affiliate) discloses to the other party under this Agreement, and which is marked as confidential or would normally under the circumstances be considered confidential information. It does not include information that is independently developed by the recipient, is rightfully given to the recipient by a third party without confidentiality obligations, or becomes public through no fault of the recipient. Subject to the preceding sentence, Customer Data is considered Customer’s Confidential Information.
- “Control” means control of greater than 50 percent of the voting rights or equity interests of a party.
- “Customer Application” means a software program that Customer creates or hosts using the Open Router API.
- “Customer Data” means Input, Output, and any personal data about Customer that Crusoe may receive from Open Router, and excludes Service Data.
- “Data Processing and Security Terms” means the terms stated at Data Processing and Security Terms.
- “Documentation” means the Crusoe documentation (as may be updated from time to time) in the form generally made available by Crusoe to its customers for use with the Services at https://docs.crusoecloud.com.
- “End Users” means the individuals who are permitted by Customer to use the Open Router API or any Customer Applications. For clarity, End Users may include employees of Customer Affiliates and other authorized third parties.
- “Export Control or Sanctions Laws” means all applicable export, re-export control or economic sanctions laws and regulations, including but not limited to (a) the Export Administration Regulations (“EAR”) maintained by the U.S. Department of Commerce, (b) trade and economic sanctions maintained by the U.S. Treasury Department’s Office of Foreign Assets Control, and (c) the International Traffic in Arms Regulations (“ITAR”) maintained by the U.S. Department of State.
- “Fees” means the applicable fees charged by Open Router for access to the Service through the Open Router API, as listed at https://openrouter.ai/models, or any applicable fees charged by Crusoe for the Service, plus any applicable Taxes.
- “High Risk Activities” means activities where the use or failure of the Services would reasonably be expected to lead to death, personal injury, or environmental or property damage (such as the creation or operation of nuclear facilities, air traffic control, life support systems, or weaponry).
- “including” means including but not limited to.
- “Indemnified Liabilities” means any (i) settlement amounts approved by the indemnifying party and (ii) damages and costs finally awarded against the indemnified party by a court of competent jurisdiction.
- “Input” means any data, text, query or other information that you submit through the Service for processing by the Models.
- “Intellectual Property Rights” means current and future worldwide rights under patent, copyright, trade secret, trademark, and moral rights laws, and other similar rights.
- “Legal Process” means an information disclosure request made under law, governmental regulation, court order, subpoena, warrant, or other valid legal authority, legal procedure, or similar process.
- “Liability” means any liability, whether under contract, tort (including negligence), or otherwise, regardless of whether foreseeable or contemplated by the parties.
- “Model” means a computational algorithm designed to perform tasks by learning patterns from data, used for prediction, classification, or decision-making.
- “Open Router API” means any application programming interface provided by Open Router that interfaces with the Services.
- “Output” means any data, text, results, or other information generated by the Models in response to the Input provided by the Customer through the Service
- “Service Specific Terms” means the then-current terms specific to one or more Services stated at Service Specific Terms.
- “Services” means Crusoe’s managed inference service that provides access to Models.
- “Software” means any downloadable tools, software development kits, or other such computer software provided by Crusoe in connection with the Services, and any updates Crusoe may make to such Software from time to time, excluding any Third-Party Offerings.
- “Suspend” or “Suspension” means disabling or limiting access to or use of the Services or components of the Services.
- “Taxes” means all government-imposed taxes, except for taxes based on Crusoe’s net income, net worth, asset value, property value, or employment.
- “Term” has the meaning stated in Agreement Term of this Agreement.
- “Third-Party Offerings” means (a) third-party services, software, products, and other offerings that are not incorporated into the Services or Software and (b) offerings identified in the “Third-Party Terms” section of the Service Specific Terms.
- “Third-Party Legal Proceeding” means any formal legal proceeding filed by an unaffiliated third party before a court or government tribunal (including any appellate proceeding).
- “URL Terms” means, collectively, the AUP, Data Processing and Security Terms, and the Service Specific Terms.
Provision of the Services
During the Term, Crusoe will provide the Services and Customer may use the Services, and integrate the Services into any Customer Application that has material value independent of the Services, in accordance with the Agreement.
Our Services provide Customer with the inference from available Models through the Open Router API. Customers can set an Input and a set of parameters, which may depend on the Model. In response, the Customer receives an Output.
Customers acknowledge and agree that, by submitting a request to the Open Router API, they are interacting with an AI system as defined by the EU AI Act. Customers are obliged to inform End Users of this clause prior to their use of the Service or a Customer Application.
Modifications
To the Agreement
Crusoe may make changes to this Agreement (including the URL Terms) and pricing from time to time. Unless otherwise noted by Crusoe, material changes to the Agreement will become effective immediately. If Customer does not agree to the revised Agreement, Customer may stop using the Services or terminate this Agreement for convenience. Customer’s continued use of the Services after such material change will constitute Customer’s consent to such changes. Crusoe will post any modification to this Agreement here.
To the Data Processing and Security Terms
Crusoe may only change the Data Processing and Security Terms where such change is required to comply with applicable law, is expressly permitted by the Data Processing and Security Terms, or:
- is commercially reasonable;
- does not result in a material reduction of the security of the Services;
- does not expand the scope of or remove any restrictions on Crusoe’s processing of “Customer Personal Data,” as described in the “Scope of Processing” Section of the Data Processing and Security Terms; and
- does not otherwise have a material adverse impact on Customer’s rights under the Data Processing and Security Terms.
If Crusoe makes a material change to the Data Processing and Security Terms in accordance with Modifications: To the Data Processing and Security Terms, Crusoe will post the change at the webpage containing the Data Processing and Security Terms.
Software
Crusoe may make Software available to Customer, including third-party software. Customer’s use of any Software is subject to the applicable provisions in the Service Specific Terms.
Customer Obligations
Compliance
Customer will (a) ensure that Customer and its End Users’ use of the Services through the Open Router API complies with the Agreement, (b) use commercially reasonable efforts to prevent and terminate any unauthorized use of, or access to, the Services, and (c) promptly notify Crusoe of any unauthorized use of, or access to, the Services of which Customer becomes aware. Crusoe reserves the right to investigate any potential violation of the AUP by Customer, which may include reviewing Customer Applications or Customer Data.
Privacy
Customer is responsible for any consents and notices required to permit (a) Customer’s use and receipt of the Services and (b) Crusoe’s accessing, storing, and processing of data provided by Customer (including Customer Data, if applicable) under the Agreement.
Restrictions
Customer will not, and will not allow End Users to, (a) copy, modify, or create a derivative work of the Services; (b) reverse engineer, decompile, translate, disassemble, or otherwise attempt to extract any or all of the source code or Input and Output of other Customers of, the Services (except to the extent such restriction is expressly prohibited by applicable law); (c) sell, resell, sublicense, transfer, or distribute any or all of the Services; (d) use the Service as a high-risk AI system or in prohibited AI practices as defined in the EU AI Act; (e) use or access the Service to develop a product or service that competes with the Service or engage in competitive analysis or benchmarking; (f) impose an unreasonable or disproportionately heavy load on the API or Service, or negatively impact the ability of others to use the Service; (g) attempt to probe, scan or test the vulnerability of the Service, breach security or authentication measures without the proper authorization, or intentionally render any part of the Service unusable; or (h) access or use the Services (i) for High Risk Activities; (ii) in violation of the AUP; (iii) in a manner intended to avoid incurring Fees or to circumvent Service-specific usage limits or quotas; (iv) to operate or enable any telecommunications service or in connection with any Customer Application that allows End Users to place calls or to receive calls from any public switched telephone network, unless otherwise described in the Service Specific Terms; (v) for materials or activities that are subject to the International Traffic in Arms Regulations ("ITAR") maintained by the United States Department of State; (vi) in a manner that breaches, or causes the breach of, Export Control or Sanctions Laws; or (vii) to transmit, store, or process health information subject to United States HIPAA regulations.
Documentation
Crusoe may provide Documentation for Customer’s use of the Services.
Models
The Service provides Customers with the ability to interface with Models. We do not guarantee the accuracy, reliability, validity or appropriateness of the Outputs generated by these Models. You acknowledge and agree that the use of the Output is at their own risk and discretion.
Each Model we provide is subject to its own EULA, and You are responsible for complying with those EULAs available at [LINK], which is hereby incorporated by reference into this Agreement.
Copyright
Crusoe provides information to help copyright holders manage their intellectual property online, but Crusoe cannot determine whether something is being used legally without input from the copyright holders. Crusoe will respond to notices of alleged copyright infringement and may terminate repeat infringers in appropriate circumstances as required to maintain safe harbor for online service providers under the U.S. Digital Millennium Copyright Act. If Customer believes a person or entity is infringing Customer’s or its End User’s copyrights and would like to notify Crusoe, Customer can find information about submitting notices, and Crusoe’s policy about responding to notices, at Digital Millennium Copyright Act.
Suspension
AUP Violations
If Crusoe becomes aware that Customer’s or any End User’s use of the Services violates the AUP, Crusoe will notify Open Router and request that Customer correct the violation. If Customer fails to correct the violation within 24 hours of Customer receiving notification of Crusoe’s request, then Crusoe may request that Open Router Suspend all or part of Customer’s use of the Services through the Open router API until the violation is corrected.
Other Suspension
Notwithstanding AUP Violations, Crusoe may immediately Suspend all or part of Customer’s use of the Services if (a) Crusoe reasonably believes Customer’s or any End User’s use of the Services could adversely impact the Services, other customers’ or their end users’ use of the Services, or the Crusoe network or servers used to provide the Services; (b) there is suspected unauthorized third-party access to the Services; (c) Crusoe reasonably believes that immediate Suspension is required to comply with any applicable law; or (d) Customer is in breach of Restrictions or the Service Specific Terms. Crusoe will lift any such Suspension when the circumstances giving rise to the Suspension have been resolved. At Customer’s request, Crusoe will, unless prohibited by applicable law, notify Customer of the basis for the Suspension as soon as is reasonably possible.
Intellectual Property Rights; Protection of Customer Data; Feedback
Intellectual Property Rights
Except as expressly stated in this Agreement, this Agreement does not grant either party any rights, implied or otherwise, to the other’s content or any of the other’s intellectual property. As between the parties, Customer owns all Intellectual Property Rights in Customer Data and Customer Applications, and Crusoe owns all Intellectual Property Rights in the Services and Software.
Protection of Customer Data; No Training
Crusoe will only access or use Customer Data to provide the Services to Customer or as otherwise instructed by Customer and will not use it for any other Crusoe products, services, or advertising.
Specifically, Crusoe will only use Customer Data for inference - we will not use it for training Models, and we will not store it on disk or use it for any other purpose other than the inference process.
Crusoe generally does not log Customer Data, but does log metadata that might be useful for purposes of debugging and improving the performance of the Service. Crusoe may observe and log a small portion of Customer Data when necessary for debugging, security purposes, or as required by law.
Crusoe has implemented and will maintain administrative, physical, and technical safeguards to protect Customer Data, as further described in the Data Processing and Security Terms.
Customer Feedback
At its option, Customer may provide feedback or suggestions about the Services to Crusoe (“Feedback”). If Customer provides Feedback, then Crusoe and its Affiliates may use that Feedback without restriction and without obligation to Customer.
Confidential Information
Obligations
The recipient will only use the disclosing party’s Confidential Information to exercise the recipient’s rights and fulfill its obligations under the Agreement, and will use reasonable care to protect against the disclosure of the disclosing party’s Confidential Information. The recipient may disclose Confidential Information only to its Affiliates, employees, agents, or professional advisors (“Delegates”) who need to know it and who have agreed in writing (or in the case of professional advisors are otherwise bound) to keep it confidential. The recipient will ensure that its Delegates use the received Confidential Information only to exercise rights and fulfill obligations under this Agreement.
Required Disclosure
Notwithstanding any provision to the contrary in this Agreement, the recipient or its Affiliate may also disclose Confidential Information to the extent required by applicable Legal Process; provided that the recipient or its Affiliate uses commercially reasonable efforts to (a) promptly notify the other party before any such disclosure of its Confidential Information, and (b) comply with the other party’s reasonable requests regarding its efforts to oppose the disclosure. Notwithstanding the foregoing, subsections (a) and (b) above will not apply if the recipient determines that complying with (a) and (b) could (i) result in a violation of Legal Process; (ii) obstruct a governmental investigation; or (iii) lead to death or serious physical harm to an individual.
Term and Termination
Agreement Term
The term of this Agreement (the “Term”) will begin on the Effective Date and continue until the Agreement is terminated by one of the parties.
Termination
Customer may stop using the Services at any time. Customer or Crusoe may terminate this Agreement at its convenience at any time on prior written notice, upon which Customer must cease use of the Services.
Effect of Termination
If the Agreement is terminated, then (a) all rights and access to the Services will terminate (including access to Customer Data, if applicable), unless otherwise described in this Agreement, and (b) any Fees owed by Customer to Crusoe are immediately due upon Customer’s receipt of the final electronic bill or as stated in the final invoice.
Representations and Warranties
Each party represents and warrants that (a) it has full power and authority to enter into the Agreement, and (b) it will comply with all laws applicable to its provision, receipt, or use of the Services, as applicable.
Disclaimer
Except as expressly provided for in the Agreement, Crusoe does not make and expressly disclaims to the fullest extent permitted by applicable law (a) any warranties of any kind, whether express, implied, statutory, or otherwise, including warranties of merchantability, fitness for a particular use, title, noninfringement, or error-free or uninterrupted use of the Services or Software and (b) any representations about content or information accessible through the Services.
To the extent permitted by applicable law, the Service, Output and Documentation are offered “as-is” and “as available”.
Limitation of Liability
Limitation on Indirect Liability
To the extent permitted by applicable law and subject to Unlimited Liabilities, Crusoe will not have any Liability arising out of or relating to the Agreement for any (a) direct, indirect, consequential, special, incidental, or punitive damages or (b) lost revenues, profits, savings, data or goodwill.
Limitation on Amount of Liability
Crusoe’s total aggregate Liability for damages arising out of or relating to the Agreement is limited to $1,000.
Unlimited Liabilities
Nothing in the Agreement excludes or limits Customer’s Liability for: (a) its fraud or fraudulent misrepresentation; (b) its obligations under Indemnification; (c) its infringement of Customer’s Intellectual Property Rights; or (d) its payment obligations under the Agreement; Neither party’s Liability is excluded or limited with respect to to matters for which liability cannot be excluded or limited under applicable law.
Indemnification
Crusoe Indemnification Obligations
Crusoe will defend Customer and its Affiliates using the Services under Customer’s Account and indemnify them against Indemnified Liabilities in any Third-Party Legal Proceeding to the extent arising from an allegation that the Service itself, independent of the provision or use of a Model or Output, or any Crusoe Brand Feature, in each case used in accordance with the Agreement, infringes the third party’s Intellectual Property Rights.
Customer Indemnification Obligations
Customer will defend Crusoe and its Affiliates providing the Services and indemnify them against Indemnified Liabilities in any Third-Party Legal Proceeding to the extent arising from (a) any Customer Application, Customer Data, or Customer Brand Features; or (b) Customer’s or an End User’s use of the Services .
Exclusions
Crusoe Indemnification Obligations and Customer Indemnification Obligations will not apply to the extent the underlying allegation arises from (a) the indemnified party’s breach of the Agreement, (b) a combination of the indemnifying party’s technology or Brand Features with materials not provided by the indemnifying party under the Agreement, unless the combination is required by the Agreement, and (c) in the case of Crusoe or any of its Affiliates as the indemnifying party, any Services provided to Customer free of charge.
Conditions
Crusoe Indemnification Obligations and Customer Indemnification Obligations are conditioned on the following:
- Any indemnified party must promptly notify the indemnifying party in writing of any allegation(s) that preceded the Third-Party Legal Proceeding and cooperate reasonably with the indemnifying party to resolve the allegation(s) and Third-Party Legal Proceeding. If breach of this Section prejudices the defense of the Third-Party Legal Proceeding, the indemnifying party’s obligations under Crusoe Indemnification Obligations or Customer Indemnification Obligations (as applicable) will be reduced in proportion to the prejudice.
- Any indemnified party must tender sole control of the indemnified portion of the Third-Party Legal Proceeding to the indemnifying party, subject to the following: (i) the indemnified party may appoint its own non-controlling counsel, at its own expense; and (ii) any settlement requiring the indemnified party to admit liability, pay money, or take (or refrain from taking) any action, will require the indemnified party’s prior written consent, not to be unreasonably withheld, conditioned, or delayed.
Remedies
If Crusoe reasonably believes the Service might infringe a third party’s Intellectual Property Rights, then Crusoe may, at its sole option and expense (a) procure the right for Customer to continue using the Services; (b) modify the Services to make them non-infringing without materially reducing their functionality; or (c) replace the Services with a non-infringing, functionally equivalent alternative. If Crusoe does not believe the remedies in this Section are commercially reasonable, then Crusoe may Suspend or terminate Customer’s use of the impacted Services.
Sole Rights and Obligations
Without affecting either party’s termination rights, Indemnification states the parties’ sole and exclusive remedy under this Agreement for any third-party allegations of Intellectual Property Rights infringement is covered by Indemnification.
Miscellaneous
Emails
The parties may use emails to satisfy written approval and consent requirements under the Agreement.
Assignment
Neither party may assign any part of this Agreement without the written consent of the other, except to an Affiliate where (a) the assignee has agreed in writing to be bound by the terms of this Agreement, and (b) the assigning party has notified the other party of the assignment. Any other attempt to assign is void.
Change of Control
If a party experiences a change of Control other than as part of an internal restructuring or reorganization (for example, through a stock purchase or sale, merger, or other form of corporate transaction), that party will give written notice to the other party within 30 days after the change of Control.
Force Majeure
Neither party will be liable for failure or delay in performance to the extent caused by circumstances beyond its reasonable control, including acts of God, natural disasters, terrorism, riots, or war.
Subcontracting
Crusoe may subcontract obligations under the Agreement but will remain liable to Customer for any subcontracted obligations.
No Agency
This Agreement does not create any agency, partnership, or joint venture between the parties.
No Waiver
Neither party will be treated as having waived any rights by not exercising (or delaying the exercise of) any rights under this Agreement.
Severability
If any part of this Agreement is invalid, illegal, or unenforceable, the rest of the Agreement will remain in effect.
No Third-Party Beneficiaries
This Agreement does not confer any benefits on any third party unless it expressly states that it does.
Equitable Relief
Nothing in this Agreement will limit either party’s ability to seek equitable relief.
Amendments
Except as stated in Modifications: To the Agreement or Modifications: To the Data Processing and Security Terms, any amendment must be in writing, signed by both parties, and expressly state that it is amending this Agreement.
Survival
The following Sections will survive expiration or termination of this Agreement: Intellectual Property Rights; Protection of Customer Data; Feedback, Confidential Information, Effect of Termination, Disclaimer, Limitation of Liability, Indemnification, and Miscellaneous.
Entire Agreement
This Agreement sets out all terms agreed between the parties and supersedes all other agreements between the parties relating to its subject matter. In entering into this Agreement, neither party has relied on, and neither party will have any right or remedy based on, any statement, representation, or warranty (whether made negligently or innocently), except those expressly stated in this Agreement. The URL Terms are incorporated by reference into the Agreement. After the Effective Date, Crusoe may provide an updated URL in place of any URL in this Agreement.
Conflicting Terms
If there is a conflict between the documents that make up this Agreement, the documents will control in the following order (of decreasing precedence): the Data Processing and Security Terms, the remainder of the Agreement (excluding the URL Terms), and the URL Terms (excluding the Data Processing and Security Terms).
Headers
Headings and captions used in the Agreement are for reference purposes only and will not have any effect on the interpretation of the Agreement.
U.S. Governing Law
U.S. City, County, and State Government Entities
If Customer is a U.S. city, county, or state government entity, then the Agreement will be silent regarding governing law and venue.
U.S. Federal Government Entities
If Customer is a U.S. federal government entity, then the following applies: ALL CLAIMS ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE SERVICES WILL BE GOVERNED BY THE LAWS OF THE UNITED STATES OF AMERICA, EXCLUDING ITS CONFLICT OF LAWS RULES. SOLELY TO THE EXTENT PERMITTED BY FEDERAL LAW, (I) THE LAWS OF THE STATE OF NEW YORK (EXCLUDING NEW YORK’S CONFLICT OF LAWS RULES) WILL APPLY IN THE ABSENCE OF APPLICABLE FEDERAL LAW; AND (II) FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE SERVICES, THE PARTIES CONSENT TO PERSONAL JURISDICTION IN, AND THE EXCLUSIVE VENUE OF, THE COURTS IN DENVER, COLORADO.
All Other Entities
If Customer is any entity not identified in U.S. City, County, and State Government Entities or U.S. Federal Government Entities, then the following applies: ALL CLAIMS ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE SERVICES WILL BE GOVERNED BY NEW YORK LAW, EXCLUDING THAT STATE’S CONFLICT OF LAWS RULES, AND WILL BE LITIGATED EXCLUSIVELY IN THE FEDERAL OR STATE COURTS OF DENVER COUNTY, COLORADO, USA; THE PARTIES CONSENT TO PERSONAL JURISDICTION IN THOSE COURTS.
Models for Crusoe Managed Inference Service
With Crusoe’s managed inference service, you can test and deploy AI models for generative language, image, and processing tasks. Available Models are listed at: https://docs.crusoecloud.com/
Effective February 18th 2025 to February 18th 2025
DownloadTable of Contents
Crusoe Managed Inference Terms of Service for Open Router Customers
As a user of OpenRouter LLC’s (“Open Router”) services, we welcome you to Crusoe’s Managed Inference Service! Our service provides access to cutting edge artificial intelligence models, powered by some of the world’s most powerful GPUs.
These terms of service (together, the “Agreement”) outlines the terms regarding your use of our Services. This Agreement is a legally binding contract between Crusoe Energy Systems, LLC (along with its Affiliates, “Crusoe,” “We,” “Us,” or “Our”) and the entity or person agreeing to these terms (“Customer,” “You,” “Your,” “Yourself”), so please read carefully. If you do not agree with these terms, do not register or use any of our Services.
This Agreement is in effect when Customer first accesses the Services (the “Effective Date”). If you are accepting on behalf of Customer, you represent and warrant that (a) you have full legal authority to bind Customer to this Agreement; (b) you have read and understand this Agreement; and (c) you agree, on behalf of Customer, to this Agreement.
Definitions
- “Affiliate” means any entity that directly or indirectly Controls, is Controlled by, or is under common Control with a party.
- “Anti-Bribery Laws” means all applicable commercial and public anti-bribery laws, including the U.S. Foreign Corrupt Practices Act of 1977 and the UK Bribery Act 2010, that prohibit corrupt offers of anything of value, either directly or indirectly, to anyone, including government officials, to obtain or keep business or to secure any other improper commercial advantage. Government officials include: any government employees, candidates for public office, members of royal families, and employees of government-owned or government-controlled companies, public international organizations, and political parties.
- “AUP” means the then-current acceptable use policy for the Services stated at Acceptable Use Policy.
- “Brand Features” means the trade names, trademarks, service marks, logos, domain names, and other distinctive brand features of each party, respectively, as secured by such party from time to time.
- “Confidential Information” means information that one party (or an Affiliate) discloses to the other party under this Agreement, and which is marked as confidential or would normally under the circumstances be considered confidential information. It does not include information that is independently developed by the recipient, is rightfully given to the recipient by a third party without confidentiality obligations, or becomes public through no fault of the recipient. Subject to the preceding sentence, Customer Data is considered Customer’s Confidential Information.
- “Control” means control of greater than 50 percent of the voting rights or equity interests of a party.
- “Customer Application” means a software program that Customer creates or hosts using the Open Router API.
- “Customer Data” means Input, Output, and any personal data about Customer that Crusoe may receive from Open Router, and excludes Service Data.
- “Data Processing and Security Terms” means the terms stated at Data Processing and Security Terms.
- “Documentation” means the Crusoe documentation (as may be updated from time to time) in the form generally made available by Crusoe to its customers for use with the Services at https://docs.crusoecloud.com.
- “End Users” means the individuals who are permitted by Customer to use the Open Router API or any Customer Applications. For clarity, End Users may include employees of Customer Affiliates and other authorized third parties.
- “Export Control or Sanctions Laws” means all applicable export, re-export control or economic sanctions laws and regulations, including but not limited to (a) the Export Administration Regulations (“EAR”) maintained by the U.S. Department of Commerce, (b) trade and economic sanctions maintained by the U.S. Treasury Department’s Office of Foreign Assets Control, and (c) the International Traffic in Arms Regulations (“ITAR”) maintained by the U.S. Department of State.
- “Fees” means the applicable fees charged by Open Router for access to the Service through the Open Router API, as listed at https://openrouter.ai/models, or any applicable fees charged by Crusoe for the Service, plus any applicable Taxes.
- “High Risk Activities” means activities where the use or failure of the Services would reasonably be expected to lead to death, personal injury, or environmental or property damage (such as the creation or operation of nuclear facilities, air traffic control, life support systems, or weaponry).
- “including” means including but not limited to.
- “Indemnified Liabilities” means any (i) settlement amounts approved by the indemnifying party and (ii) damages and costs finally awarded against the indemnified party by a court of competent jurisdiction.
- “Input” means any data, text, query or other information that you submit through the Service for processing by the Models.
- “Intellectual Property Rights” means current and future worldwide rights under patent, copyright, trade secret, trademark, and moral rights laws, and other similar rights.
- “Legal Process” means an information disclosure request made under law, governmental regulation, court order, subpoena, warrant, or other valid legal authority, legal procedure, or similar process.
- “Liability” means any liability, whether under contract, tort (including negligence), or otherwise, regardless of whether foreseeable or contemplated by the parties.
- “Model” means a computational algorithm designed to perform tasks by learning patterns from data, used for prediction, classification, or decision-making.
- “Open Router API” means any application programming interface provided by Open Router that interfaces with the Services.
- “Output” means any data, text, results, or other information generated by the Models in response to the Input provided by the Customer through the Service
- “Service Specific Terms” means the then-current terms specific to one or more Services stated at Service Specific Terms.
- “Services” means Crusoe’s managed inference service that provides access to Models.
- “Software” means any downloadable tools, software development kits, or other such computer software provided by Crusoe in connection with the Services, and any updates Crusoe may make to such Software from time to time, excluding any Third-Party Offerings.
- “Suspend” or “Suspension” means disabling or limiting access to or use of the Services or components of the Services.
- “Taxes” means all government-imposed taxes, except for taxes based on Crusoe’s net income, net worth, asset value, property value, or employment.
- “Term” has the meaning stated in Agreement Term of this Agreement.
- “Third-Party Offerings” means (a) third-party services, software, products, and other offerings that are not incorporated into the Services or Software and (b) offerings identified in the “Third-Party Terms” section of the Service Specific Terms.
- “Third-Party Legal Proceeding” means any formal legal proceeding filed by an unaffiliated third party before a court or government tribunal (including any appellate proceeding).
- “URL Terms” means, collectively, the AUP, Data Processing and Security Terms, and the Service Specific Terms.
Provision of the Services
During the Term, Crusoe will provide the Services and Customer may use the Services, and integrate the Services into any Customer Application that has material value independent of the Services, in accordance with the Agreement.
Our Services provide Customer with the inference from available Models through the Open Router API. Customers can set an Input and a set of parameters, which may depend on the Model. In response, the Customer receives an Output.
Customers acknowledge and agree that, by submitting a request to the Open Router API, they are interacting with an AI system as defined by the EU AI Act. Customers are obliged to inform End Users of this clause prior to their use of the Service or a Customer Application.
Modifications
To the Agreement
Crusoe may make changes to this Agreement (including the URL Terms) and pricing from time to time. Unless otherwise noted by Crusoe, material changes to the Agreement will become effective immediately. If Customer does not agree to the revised Agreement, Customer may stop using the Services or terminate this Agreement for convenience. Customer’s continued use of the Services after such material change will constitute Customer’s consent to such changes. Crusoe will post any modification to this Agreement here.
To the Data Processing and Security Terms
Crusoe may only change the Data Processing and Security Terms where such change is required to comply with applicable law, is expressly permitted by the Data Processing and Security Terms, or:
- is commercially reasonable;
- does not result in a material reduction of the security of the Services;
- does not expand the scope of or remove any restrictions on Crusoe’s processing of “Customer Personal Data,” as described in the “Scope of Processing” Section of the Data Processing and Security Terms; and
- does not otherwise have a material adverse impact on Customer’s rights under the Data Processing and Security Terms.
If Crusoe makes a material change to the Data Processing and Security Terms in accordance with Modifications: To the Data Processing and Security Terms, Crusoe will post the change at the webpage containing the Data Processing and Security Terms.
Software
Crusoe may make Software available to Customer, including third-party software. Customer’s use of any Software is subject to the applicable provisions in the Service Specific Terms.
Customer Obligations
Compliance
Customer will (a) ensure that Customer and its End Users’ use of the Services through the Open Router API complies with the Agreement, (b) use commercially reasonable efforts to prevent and terminate any unauthorized use of, or access to, the Services, and (c) promptly notify Crusoe of any unauthorized use of, or access to, the Services of which Customer becomes aware. Crusoe reserves the right to investigate any potential violation of the AUP by Customer, which may include reviewing Customer Applications or Customer Data.
Privacy
Customer is responsible for any consents and notices required to permit (a) Customer’s use and receipt of the Services and (b) Crusoe’s accessing, storing, and processing of data provided by Customer (including Customer Data, if applicable) under the Agreement.
Restrictions
Customer will not, and will not allow End Users to, (a) copy, modify, or create a derivative work of the Services; (b) reverse engineer, decompile, translate, disassemble, or otherwise attempt to extract any or all of the source code or Input and Output of other Customers of, the Services (except to the extent such restriction is expressly prohibited by applicable law); (c) sell, resell, sublicense, transfer, or distribute any or all of the Services; (d) use the Service as a high-risk AI system or in prohibited AI practices as defined in the EU AI Act; (e) use or access the Service to develop a product or service that competes with the Service or engage in competitive analysis or benchmarking; (f) impose an unreasonable or disproportionately heavy load on the API or Service, or negatively impact the ability of others to use the Service; (g) attempt to probe, scan or test the vulnerability of the Service, breach security or authentication measures without the proper authorization, or intentionally render any part of the Service unusable; or (h) access or use the Services (i) for High Risk Activities; (ii) in violation of the AUP; (iii) in a manner intended to avoid incurring Fees or to circumvent Service-specific usage limits or quotas; (iv) to operate or enable any telecommunications service or in connection with any Customer Application that allows End Users to place calls or to receive calls from any public switched telephone network, unless otherwise described in the Service Specific Terms; (v) for materials or activities that are subject to the International Traffic in Arms Regulations ("ITAR") maintained by the United States Department of State; (vi) in a manner that breaches, or causes the breach of, Export Control or Sanctions Laws; or (vii) to transmit, store, or process health information subject to United States HIPAA regulations.
Documentation
Crusoe may provide Documentation for Customer’s use of the Services.
Models
The Service provides Customers with the ability to interface with Models. We do not guarantee the accuracy, reliability, validity or appropriateness of the Outputs generated by these Models. You acknowledge and agree that the use of the Output is at their own risk and discretion.
Each Model we provide is subject to its own EULA, and You are responsible for complying with those EULAs available at [LINK], which is hereby incorporated by reference into this Agreement.
Copyright
Crusoe provides information to help copyright holders manage their intellectual property online, but Crusoe cannot determine whether something is being used legally without input from the copyright holders. Crusoe will respond to notices of alleged copyright infringement and may terminate repeat infringers in appropriate circumstances as required to maintain safe harbor for online service providers under the U.S. Digital Millennium Copyright Act. If Customer believes a person or entity is infringing Customer’s or its End User’s copyrights and would like to notify Crusoe, Customer can find information about submitting notices, and Crusoe’s policy about responding to notices, at Digital Millennium Copyright Act.
Suspension
AUP Violations
If Crusoe becomes aware that Customer’s or any End User’s use of the Services violates the AUP, Crusoe will notify Open Router and request that Customer correct the violation. If Customer fails to correct the violation within 24 hours of Customer receiving notification of Crusoe’s request, then Crusoe may request that Open Router Suspend all or part of Customer’s use of the Services through the Open router API until the violation is corrected.
Other Suspension
Notwithstanding AUP Violations, Crusoe may immediately Suspend all or part of Customer’s use of the Services if (a) Crusoe reasonably believes Customer’s or any End User’s use of the Services could adversely impact the Services, other customers’ or their end users’ use of the Services, or the Crusoe network or servers used to provide the Services; (b) there is suspected unauthorized third-party access to the Services; (c) Crusoe reasonably believes that immediate Suspension is required to comply with any applicable law; or (d) Customer is in breach of Restrictions or the Service Specific Terms. Crusoe will lift any such Suspension when the circumstances giving rise to the Suspension have been resolved. At Customer’s request, Crusoe will, unless prohibited by applicable law, notify Customer of the basis for the Suspension as soon as is reasonably possible.
Intellectual Property Rights; Protection of Customer Data; Feedback
Intellectual Property Rights
Except as expressly stated in this Agreement, this Agreement does not grant either party any rights, implied or otherwise, to the other’s content or any of the other’s intellectual property. As between the parties, Customer owns all Intellectual Property Rights in Customer Data and Customer Applications, and Crusoe owns all Intellectual Property Rights in the Services and Software.
Protection of Customer Data; No Training
Crusoe will only access or use Customer Data to provide the Services to Customer or as otherwise instructed by Customer and will not use it for any other Crusoe products, services, or advertising.
Specifically, Crusoe will only use Customer Data for inference - we will not use it for training Models, and we will not store it on disk or use it for any other purpose other than the inference process.
Crusoe generally does not log Customer Data, but does log metadata that might be useful for purposes of debugging and improving the performance of the Service. Crusoe may observe and log a small portion of Customer Data when necessary for debugging, security purposes, or as required by law.
Crusoe has implemented and will maintain administrative, physical, and technical safeguards to protect Customer Data, as further described in the Data Processing and Security Terms.
Customer Feedback
At its option, Customer may provide feedback or suggestions about the Services to Crusoe (“Feedback”). If Customer provides Feedback, then Crusoe and its Affiliates may use that Feedback without restriction and without obligation to Customer.
Confidential Information
Obligations
The recipient will only use the disclosing party’s Confidential Information to exercise the recipient’s rights and fulfill its obligations under the Agreement, and will use reasonable care to protect against the disclosure of the disclosing party’s Confidential Information. The recipient may disclose Confidential Information only to its Affiliates, employees, agents, or professional advisors (“Delegates”) who need to know it and who have agreed in writing (or in the case of professional advisors are otherwise bound) to keep it confidential. The recipient will ensure that its Delegates use the received Confidential Information only to exercise rights and fulfill obligations under this Agreement.
Required Disclosure
Notwithstanding any provision to the contrary in this Agreement, the recipient or its Affiliate may also disclose Confidential Information to the extent required by applicable Legal Process; provided that the recipient or its Affiliate uses commercially reasonable efforts to (a) promptly notify the other party before any such disclosure of its Confidential Information, and (b) comply with the other party’s reasonable requests regarding its efforts to oppose the disclosure. Notwithstanding the foregoing, subsections (a) and (b) above will not apply if the recipient determines that complying with (a) and (b) could (i) result in a violation of Legal Process; (ii) obstruct a governmental investigation; or (iii) lead to death or serious physical harm to an individual.
Term and Termination
Agreement Term
The term of this Agreement (the “Term”) will begin on the Effective Date and continue until the Agreement is terminated by one of the parties.
Termination
Customer may stop using the Services at any time. Customer or Crusoe may terminate this Agreement at its convenience at any time on prior written notice, upon which Customer must cease use of the Services.
Effect of Termination
If the Agreement is terminated, then (a) all rights and access to the Services will terminate (including access to Customer Data, if applicable), unless otherwise described in this Agreement, and (b) any Fees owed by Customer to Crusoe are immediately due upon Customer’s receipt of the final electronic bill or as stated in the final invoice.
Representations and Warranties
Each party represents and warrants that (a) it has full power and authority to enter into the Agreement, and (b) it will comply with all laws applicable to its provision, receipt, or use of the Services, as applicable.
Disclaimer
Except as expressly provided for in the Agreement, Crusoe does not make and expressly disclaims to the fullest extent permitted by applicable law (a) any warranties of any kind, whether express, implied, statutory, or otherwise, including warranties of merchantability, fitness for a particular use, title, noninfringement, or error-free or uninterrupted use of the Services or Software and (b) any representations about content or information accessible through the Services.
To the extent permitted by applicable law, the Service, Output and Documentation are offered “as-is” and “as available”.
Limitation of Liability
Limitation on Indirect Liability
To the extent permitted by applicable law and subject to Unlimited Liabilities, Crusoe will not have any Liability arising out of or relating to the Agreement for any (a) direct, indirect, consequential, special, incidental, or punitive damages or (b) lost revenues, profits, savings, data or goodwill.
Limitation on Amount of Liability
Crusoe’s total aggregate Liability for damages arising out of or relating to the Agreement is limited to $1,000.
Unlimited Liabilities
Nothing in the Agreement excludes or limits Customer’s Liability for: (a) its fraud or fraudulent misrepresentation; (b) its obligations under Indemnification; (c) its infringement of Customer’s Intellectual Property Rights; or (d) its payment obligations under the Agreement; Neither party’s Liability is excluded or limited with respect to to matters for which liability cannot be excluded or limited under applicable law.
Indemnification
Crusoe Indemnification Obligations
Crusoe will defend Customer and its Affiliates using the Services under Customer’s Account and indemnify them against Indemnified Liabilities in any Third-Party Legal Proceeding to the extent arising from an allegation that the Service itself, independent of the provision or use of a Model or Output, or any Crusoe Brand Feature, in each case used in accordance with the Agreement, infringes the third party’s Intellectual Property Rights.
Customer Indemnification Obligations
Customer will defend Crusoe and its Affiliates providing the Services and indemnify them against Indemnified Liabilities in any Third-Party Legal Proceeding to the extent arising from (a) any Customer Application, Customer Data, or Customer Brand Features; or (b) Customer’s or an End User’s use of the Services .
Exclusions
Crusoe Indemnification Obligations and Customer Indemnification Obligations will not apply to the extent the underlying allegation arises from (a) the indemnified party’s breach of the Agreement, (b) a combination of the indemnifying party’s technology or Brand Features with materials not provided by the indemnifying party under the Agreement, unless the combination is required by the Agreement, and (c) in the case of Crusoe or any of its Affiliates as the indemnifying party, any Services provided to Customer free of charge.
Conditions
Crusoe Indemnification Obligations and Customer Indemnification Obligations are conditioned on the following:
- Any indemnified party must promptly notify the indemnifying party in writing of any allegation(s) that preceded the Third-Party Legal Proceeding and cooperate reasonably with the indemnifying party to resolve the allegation(s) and Third-Party Legal Proceeding. If breach of this Section prejudices the defense of the Third-Party Legal Proceeding, the indemnifying party’s obligations under Crusoe Indemnification Obligations or Customer Indemnification Obligations (as applicable) will be reduced in proportion to the prejudice.
- Any indemnified party must tender sole control of the indemnified portion of the Third-Party Legal Proceeding to the indemnifying party, subject to the following: (i) the indemnified party may appoint its own non-controlling counsel, at its own expense; and (ii) any settlement requiring the indemnified party to admit liability, pay money, or take (or refrain from taking) any action, will require the indemnified party’s prior written consent, not to be unreasonably withheld, conditioned, or delayed.
Remedies
If Crusoe reasonably believes the Service might infringe a third party’s Intellectual Property Rights, then Crusoe may, at its sole option and expense (a) procure the right for Customer to continue using the Services; (b) modify the Services to make them non-infringing without materially reducing their functionality; or (c) replace the Services with a non-infringing, functionally equivalent alternative. If Crusoe does not believe the remedies in this Section are commercially reasonable, then Crusoe may Suspend or terminate Customer’s use of the impacted Services.
Sole Rights and Obligations
Without affecting either party’s termination rights, Indemnification states the parties’ sole and exclusive remedy under this Agreement for any third-party allegations of Intellectual Property Rights infringement is covered by Indemnification.
Miscellaneous
Emails
The parties may use emails to satisfy written approval and consent requirements under the Agreement.
Assignment
Neither party may assign any part of this Agreement without the written consent of the other, except to an Affiliate where (a) the assignee has agreed in writing to be bound by the terms of this Agreement, and (b) the assigning party has notified the other party of the assignment. Any other attempt to assign is void.
Change of Control
If a party experiences a change of Control other than as part of an internal restructuring or reorganization (for example, through a stock purchase or sale, merger, or other form of corporate transaction), that party will give written notice to the other party within 30 days after the change of Control.
Force Majeure
Neither party will be liable for failure or delay in performance to the extent caused by circumstances beyond its reasonable control, including acts of God, natural disasters, terrorism, riots, or war.
Subcontracting
Crusoe may subcontract obligations under the Agreement but will remain liable to Customer for any subcontracted obligations.
No Agency
This Agreement does not create any agency, partnership, or joint venture between the parties.
No Waiver
Neither party will be treated as having waived any rights by not exercising (or delaying the exercise of) any rights under this Agreement.
Severability
If any part of this Agreement is invalid, illegal, or unenforceable, the rest of the Agreement will remain in effect.
No Third-Party Beneficiaries
This Agreement does not confer any benefits on any third party unless it expressly states that it does.
Equitable Relief
Nothing in this Agreement will limit either party’s ability to seek equitable relief.
Amendments
Except as stated in Modifications: To the Agreement or Modifications: To the Data Processing and Security Terms, any amendment must be in writing, signed by both parties, and expressly state that it is amending this Agreement.
Survival
The following Sections will survive expiration or termination of this Agreement: Intellectual Property Rights; Protection of Customer Data; Feedback, Confidential Information, Effect of Termination, Disclaimer, Limitation of Liability, Indemnification, and Miscellaneous.
Entire Agreement
This Agreement sets out all terms agreed between the parties and supersedes all other agreements between the parties relating to its subject matter. In entering into this Agreement, neither party has relied on, and neither party will have any right or remedy based on, any statement, representation, or warranty (whether made negligently or innocently), except those expressly stated in this Agreement. The URL Terms are incorporated by reference into the Agreement. After the Effective Date, Crusoe may provide an updated URL in place of any URL in this Agreement.
Conflicting Terms
If there is a conflict between the documents that make up this Agreement, the documents will control in the following order (of decreasing precedence): the Data Processing and Security Terms, the remainder of the Agreement (excluding the URL Terms), and the URL Terms (excluding the Data Processing and Security Terms).
Headers
Headings and captions used in the Agreement are for reference purposes only and will not have any effect on the interpretation of the Agreement.
U.S. Governing Law
U.S. City, County, and State Government Entities
If Customer is a U.S. city, county, or state government entity, then the Agreement will be silent regarding governing law and venue.
U.S. Federal Government Entities
If Customer is a U.S. federal government entity, then the following applies: ALL CLAIMS ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE SERVICES WILL BE GOVERNED BY THE LAWS OF THE UNITED STATES OF AMERICA, EXCLUDING ITS CONFLICT OF LAWS RULES. SOLELY TO THE EXTENT PERMITTED BY FEDERAL LAW, (I) THE LAWS OF THE STATE OF NEW YORK (EXCLUDING NEW YORK’S CONFLICT OF LAWS RULES) WILL APPLY IN THE ABSENCE OF APPLICABLE FEDERAL LAW; AND (II) FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE SERVICES, THE PARTIES CONSENT TO PERSONAL JURISDICTION IN, AND THE EXCLUSIVE VENUE OF, THE COURTS IN DENVER, COLORADO.
All Other Entities
If Customer is any entity not identified in U.S. City, County, and State Government Entities or U.S. Federal Government Entities, then the following applies: ALL CLAIMS ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE SERVICES WILL BE GOVERNED BY NEW YORK LAW, EXCLUDING THAT STATE’S CONFLICT OF LAWS RULES, AND WILL BE LITIGATED EXCLUSIVELY IN THE FEDERAL OR STATE COURTS OF DENVER COUNTY, COLORADO, USA; THE PARTIES CONSENT TO PERSONAL JURISDICTION IN THOSE COURTS.
Models for Crusoe Managed Inference Service
With Crusoe’s managed inference service, you can test and deploy AI models for generative language, image, and processing tasks. Available Models are listed at: https://docs.crusoecloud.com/
Effective February 11th 2025 to February 18th 2025
DownloadTable of Contents
Crusoe Managed Inference Terms of Service for Open Router Customers
As a user of OpenRouter LLC’s (“Open Router”) services, we welcome you to Crusoe’s Managed Inference Service! Our service provides access to cutting edge artificial intelligence models, powered by some of the world’s most powerful GPUs.
These terms of service (together, the “Agreement”) outlines the terms regarding your use of our Services. This Agreement is a legally binding contract between Crusoe Energy Systems, LLC (along with its Affiliates, “Crusoe,” “We,” “Us,” or “Our”) and the entity or person agreeing to these terms (“Customer,” “You,” “Your,” “Yourself”), so please read carefully. If you do not agree with these terms, do not register or use any of our Services.
This Agreement is in effect when Customer first accesses the Services (the “Effective Date”). If you are accepting on behalf of Customer, you represent and warrant that (a) you have full legal authority to bind Customer to this Agreement; (b) you have read and understand this Agreement; and (c) you agree, on behalf of Customer, to this Agreement.
Definitions
- “Affiliate” means any entity that directly or indirectly Controls, is Controlled by, or is under common Control with a party.
- “Anti-Bribery Laws” means all applicable commercial and public anti-bribery laws, including the U.S. Foreign Corrupt Practices Act of 1977 and the UK Bribery Act 2010, that prohibit corrupt offers of anything of value, either directly or indirectly, to anyone, including government officials, to obtain or keep business or to secure any other improper commercial advantage. Government officials include: any government employees, candidates for public office, members of royal families, and employees of government-owned or government-controlled companies, public international organizations, and political parties.
- “AUP” means the then-current acceptable use policy for the Services stated at Acceptable Use Policy.
- “Brand Features” means the trade names, trademarks, service marks, logos, domain names, and other distinctive brand features of each party, respectively, as secured by such party from time to time.
- “Confidential Information” means information that one party (or an Affiliate) discloses to the other party under this Agreement, and which is marked as confidential or would normally under the circumstances be considered confidential information. It does not include information that is independently developed by the recipient, is rightfully given to the recipient by a third party without confidentiality obligations, or becomes public through no fault of the recipient. Subject to the preceding sentence, Customer Data is considered Customer’s Confidential Information.
- “Control” means control of greater than 50 percent of the voting rights or equity interests of a party.
- “Customer Application” means a software program that Customer creates or hosts using the Open Router API.
- “Customer Data” means Input, Output, and any personal data about Customer that Crusoe may receive from Open Router, and excludes Service Data.
- “Data Processing and Security Terms” means the terms stated at Data Processing and Security Terms.
- “Documentation” means the Crusoe documentation (as may be updated from time to time) in the form generally made available by Crusoe to its customers for use with the Services at https://docs.crusoecloud.com.
- “End Users” means the individuals who are permitted by Customer to use the Open Router API or any Customer Applications. For clarity, End Users may include employees of Customer Affiliates and other authorized third parties.
- “Export Control or Sanctions Laws” means all applicable export, re-export control or economic sanctions laws and regulations, including but not limited to (a) the Export Administration Regulations (“EAR”) maintained by the U.S. Department of Commerce, (b) trade and economic sanctions maintained by the U.S. Treasury Department’s Office of Foreign Assets Control, and (c) the International Traffic in Arms Regulations (“ITAR”) maintained by the U.S. Department of State.
- “Fees” means the applicable fees charged by Open Router for access to the Service through the Open Router API, as listed at https://openrouter.ai/models, or any applicable fees charged by Crusoe for the Service, plus any applicable Taxes.
- “High Risk Activities” means activities where the use or failure of the Services would reasonably be expected to lead to death, personal injury, or environmental or property damage (such as the creation or operation of nuclear facilities, air traffic control, life support systems, or weaponry).
- “including” means including but not limited to.
- “Indemnified Liabilities” means any (i) settlement amounts approved by the indemnifying party and (ii) damages and costs finally awarded against the indemnified party by a court of competent jurisdiction.
- “Input” means any data, text, query or other information that you submit through the Service for processing by the Models.
- “Intellectual Property Rights” means current and future worldwide rights under patent, copyright, trade secret, trademark, and moral rights laws, and other similar rights.
- “Legal Process” means an information disclosure request made under law, governmental regulation, court order, subpoena, warrant, or other valid legal authority, legal procedure, or similar process.
- “Liability” means any liability, whether under contract, tort (including negligence), or otherwise, regardless of whether foreseeable or contemplated by the parties.
- “Model” means a computational algorithm designed to perform tasks by learning patterns from data, used for prediction, classification, or decision-making.
- “Open Router API” means any application programming interface provided by Open Router that interfaces with the Services.
- “Output” means any data, text, results, or other information generated by the Models in response to the Input provided by the Customer through the Service
- “Service Specific Terms” means the then-current terms specific to one or more Services stated at Service Specific Terms.
- “Services” means Crusoe’s managed inference service that provides access to Models.
- “Software” means any downloadable tools, software development kits, or other such computer software provided by Crusoe in connection with the Services, and any updates Crusoe may make to such Software from time to time, excluding any Third-Party Offerings.
- “Suspend” or “Suspension” means disabling or limiting access to or use of the Services or components of the Services.
- “Taxes” means all government-imposed taxes, except for taxes based on Crusoe’s net income, net worth, asset value, property value, or employment.
- “Term” has the meaning stated in Agreement Term of this Agreement.
- “Third-Party Offerings” means (a) third-party services, software, products, and other offerings that are not incorporated into the Services or Software and (b) offerings identified in the “Third-Party Terms” section of the Service Specific Terms.
- “Third-Party Legal Proceeding” means any formal legal proceeding filed by an unaffiliated third party before a court or government tribunal (including any appellate proceeding).
- “URL Terms” means, collectively, the AUP, Data Processing and Security Terms, and the Service Specific Terms.
Provision of the Services
During the Term, Crusoe will provide the Services and Customer may use the Services, and integrate the Services into any Customer Application that has material value independent of the Services, in accordance with the Agreement.
Our Services provide Customer with the inference from available Models through the Open Router API. Customers can set an Input and a set of parameters, which may depend on the Model. In response, the Customer receives an Output.
Customers acknowledge and agree that, by submitting a request to the Open Router API, they are interacting with an AI system as defined by the EU AI Act. Customers are obliged to inform End Users of this clause prior to their use of the Service or a Customer Application.
Modifications
To the Agreement
Crusoe may make changes to this Agreement (including the URL Terms) and pricing from time to time. Unless otherwise noted by Crusoe, material changes to the Agreement will become effective immediately. If Customer does not agree to the revised Agreement, Customer may stop using the Services or terminate this Agreement for convenience. Customer’s continued use of the Services after such material change will constitute Customer’s consent to such changes. Crusoe will post any modification to this Agreement here.
To the Data Processing and Security Terms
Crusoe may only change the Data Processing and Security Terms where such change is required to comply with applicable law, is expressly permitted by the Data Processing and Security Terms, or:
- is commercially reasonable;
- does not result in a material reduction of the security of the Services;
- does not expand the scope of or remove any restrictions on Crusoe’s processing of “Customer Personal Data,” as described in the “Scope of Processing” Section of the Data Processing and Security Terms; and
- does not otherwise have a material adverse impact on Customer’s rights under the Data Processing and Security Terms.
If Crusoe makes a material change to the Data Processing and Security Terms in accordance with Modifications: To the Data Processing and Security Terms, Crusoe will post the change at the webpage containing the Data Processing and Security Terms.
Software
Crusoe may make Software available to Customer, including third-party software. Customer’s use of any Software is subject to the applicable provisions in the Service Specific Terms.
Customer Obligations
Compliance
Customer will (a) ensure that Customer and its End Users’ use of the Services through the Open Router API complies with the Agreement, (b) use commercially reasonable efforts to prevent and terminate any unauthorized use of, or access to, the Services, and (c) promptly notify Crusoe of any unauthorized use of, or access to, the Services of which Customer becomes aware. Crusoe reserves the right to investigate any potential violation of the AUP by Customer, which may include reviewing Customer Applications or Customer Data.
Privacy
Customer is responsible for any consents and notices required to permit (a) Customer’s use and receipt of the Services and (b) Crusoe’s accessing, storing, and processing of data provided by Customer (including Customer Data, if applicable) under the Agreement.
Restrictions
Customer will not, and will not allow End Users to, (a) copy, modify, or create a derivative work of the Services; (b) reverse engineer, decompile, translate, disassemble, or otherwise attempt to extract any or all of the source code or Input and Output of other Customers of, the Services (except to the extent such restriction is expressly prohibited by applicable law); (c) sell, resell, sublicense, transfer, or distribute any or all of the Services; (d) use the Service as a high-risk AI system or in prohibited AI practices as defined in the EU AI Act; (e) use or access the Service to develop a product or service that competes with the Service or engage in competitive analysis or benchmarking; (f) impose an unreasonable or disproportionately heavy load on the API or Service, or negatively impact the ability of others to use the Service; (g) attempt to probe, scan or test the vulnerability of the Service, breach security or authentication measures without the proper authorization, or intentionally render any part of the Service unusable; or (h) access or use the Services (i) for High Risk Activities; (ii) in violation of the AUP; (iii) in a manner intended to avoid incurring Fees or to circumvent Service-specific usage limits or quotas; (iv) to operate or enable any telecommunications service or in connection with any Customer Application that allows End Users to place calls or to receive calls from any public switched telephone network, unless otherwise described in the Service Specific Terms; (v) for materials or activities that are subject to the International Traffic in Arms Regulations ("ITAR") maintained by the United States Department of State; (vi) in a manner that breaches, or causes the breach of, Export Control or Sanctions Laws; or (vii) to transmit, store, or process health information subject to United States HIPAA regulations.
Documentation
Crusoe may provide Documentation for Customer’s use of the Services.
Models
The Service provides Customers with the ability to interface with Models. We do not guarantee the accuracy, reliability, validity or appropriateness of the Outputs generated by these Models. You acknowledge and agree that the use of the Output is at their own risk and discretion.
Each Model we provide is subject to its own EULA, and You are responsible for complying with those EULAs available at [LINK], which is hereby incorporated by reference into this Agreement.
Copyright
Crusoe provides information to help copyright holders manage their intellectual property online, but Crusoe cannot determine whether something is being used legally without input from the copyright holders. Crusoe will respond to notices of alleged copyright infringement and may terminate repeat infringers in appropriate circumstances as required to maintain safe harbor for online service providers under the U.S. Digital Millennium Copyright Act. If Customer believes a person or entity is infringing Customer’s or its End User’s copyrights and would like to notify Crusoe, Customer can find information about submitting notices, and Crusoe’s policy about responding to notices, at Digital Millennium Copyright Act.
Suspension
AUP Violations
If Crusoe becomes aware that Customer’s or any End User’s use of the Services violates the AUP, Crusoe will notify Open Router and request that Customer correct the violation. If Customer fails to correct the violation within 24 hours of Customer receiving notification of Crusoe’s request, then Crusoe may request that Open Router Suspend all or part of Customer’s use of the Services through the Open router API until the violation is corrected.
Other Suspension
Notwithstanding AUP Violations, Crusoe may immediately Suspend all or part of Customer’s use of the Services if (a) Crusoe reasonably believes Customer’s or any End User’s use of the Services could adversely impact the Services, other customers’ or their end users’ use of the Services, or the Crusoe network or servers used to provide the Services; (b) there is suspected unauthorized third-party access to the Services; (c) Crusoe reasonably believes that immediate Suspension is required to comply with any applicable law; or (d) Customer is in breach of Restrictions or the Service Specific Terms. Crusoe will lift any such Suspension when the circumstances giving rise to the Suspension have been resolved. At Customer’s request, Crusoe will, unless prohibited by applicable law, notify Customer of the basis for the Suspension as soon as is reasonably possible.
Intellectual Property Rights; Protection of Customer Data; Feedback
Intellectual Property Rights
Except as expressly stated in this Agreement, this Agreement does not grant either party any rights, implied or otherwise, to the other’s content or any of the other’s intellectual property. As between the parties, Customer owns all Intellectual Property Rights in Customer Data and Customer Applications, and Crusoe owns all Intellectual Property Rights in the Services and Software.
Protection of Customer Data; No Training
Crusoe will only access or use Customer Data to provide the Services to Customer or as otherwise instructed by Customer and will not use it for any other Crusoe products, services, or advertising.
Specifically, Crusoe will only use Customer Data for inference - we will not use it for training Models, and we will not store it on disk or use it for any other purpose other than the inference process.
Crusoe generally does not log Customer Data, but does log metadata that might be useful for purposes of debugging and improving the performance of the Service. Crusoe may observe and log a small portion of Customer Data when necessary for debugging, security purposes, or as required by law.
Crusoe has implemented and will maintain administrative, physical, and technical safeguards to protect Customer Data, as further described in the Data Processing and Security Terms.
Customer Feedback
At its option, Customer may provide feedback or suggestions about the Services to Crusoe (“Feedback”). If Customer provides Feedback, then Crusoe and its Affiliates may use that Feedback without restriction and without obligation to Customer.
Confidential Information
Obligations
The recipient will only use the disclosing party’s Confidential Information to exercise the recipient’s rights and fulfill its obligations under the Agreement, and will use reasonable care to protect against the disclosure of the disclosing party’s Confidential Information. The recipient may disclose Confidential Information only to its Affiliates, employees, agents, or professional advisors (“Delegates”) who need to know it and who have agreed in writing (or in the case of professional advisors are otherwise bound) to keep it confidential. The recipient will ensure that its Delegates use the received Confidential Information only to exercise rights and fulfill obligations under this Agreement.
Required Disclosure
Notwithstanding any provision to the contrary in this Agreement, the recipient or its Affiliate may also disclose Confidential Information to the extent required by applicable Legal Process; provided that the recipient or its Affiliate uses commercially reasonable efforts to (a) promptly notify the other party before any such disclosure of its Confidential Information, and (b) comply with the other party’s reasonable requests regarding its efforts to oppose the disclosure. Notwithstanding the foregoing, subsections (a) and (b) above will not apply if the recipient determines that complying with (a) and (b) could (i) result in a violation of Legal Process; (ii) obstruct a governmental investigation; or (iii) lead to death or serious physical harm to an individual.
Term and Termination
Agreement Term
The term of this Agreement (the “Term”) will begin on the Effective Date and continue until the Agreement is terminated by one of the parties.
Termination
Customer may stop using the Services at any time. Customer or Crusoe may terminate this Agreement at its convenience at any time on prior written notice, upon which Customer must cease use of the Services.
Effect of Termination
If the Agreement is terminated, then (a) all rights and access to the Services will terminate (including access to Customer Data, if applicable), unless otherwise described in this Agreement, and (b) any Fees owed by Customer to Crusoe are immediately due upon Customer’s receipt of the final electronic bill or as stated in the final invoice.
Representations and Warranties
Each party represents and warrants that (a) it has full power and authority to enter into the Agreement, and (b) it will comply with all laws applicable to its provision, receipt, or use of the Services, as applicable.
Disclaimer
Except as expressly provided for in the Agreement, Crusoe does not make and expressly disclaims to the fullest extent permitted by applicable law (a) any warranties of any kind, whether express, implied, statutory, or otherwise, including warranties of merchantability, fitness for a particular use, title, noninfringement, or error-free or uninterrupted use of the Services or Software and (b) any representations about content or information accessible through the Services.
To the extent permitted by applicable law, the Service, Output and Documentation are offered “as-is” and “as available”.
Limitation of Liability
Limitation on Indirect Liability
To the extent permitted by applicable law and subject to Unlimited Liabilities, Crusoe will not have any Liability arising out of or relating to the Agreement for any (a) direct, indirect, consequential, special, incidental, or punitive damages or (b) lost revenues, profits, savings, data or goodwill.
Limitation on Amount of Liability
Crusoe’s total aggregate Liability for damages arising out of or relating to the Agreement is limited to $1,000.
Unlimited Liabilities
Nothing in the Agreement excludes or limits Customer’s Liability for: (a) its fraud or fraudulent misrepresentation; (b) its obligations under Indemnification; (c) its infringement of Customer’s Intellectual Property Rights; or (d) its payment obligations under the Agreement; Neither party’s Liability is excluded or limited with respect to to matters for which liability cannot be excluded or limited under applicable law.
Indemnification
Crusoe Indemnification Obligations
Crusoe will defend Customer and its Affiliates using the Services under Customer’s Account and indemnify them against Indemnified Liabilities in any Third-Party Legal Proceeding to the extent arising from an allegation that the Service itself, independent of the provision or use of a Model or Output, or any Crusoe Brand Feature, in each case used in accordance with the Agreement, infringes the third party’s Intellectual Property Rights.
Customer Indemnification Obligations
Customer will defend Crusoe and its Affiliates providing the Services and indemnify them against Indemnified Liabilities in any Third-Party Legal Proceeding to the extent arising from (a) any Customer Application, Customer Data, or Customer Brand Features; or (b) Customer’s or an End User’s use of the Services .
Exclusions
Crusoe Indemnification Obligations and Customer Indemnification Obligations will not apply to the extent the underlying allegation arises from (a) the indemnified party’s breach of the Agreement, (b) a combination of the indemnifying party’s technology or Brand Features with materials not provided by the indemnifying party under the Agreement, unless the combination is required by the Agreement, and (c) in the case of Crusoe or any of its Affiliates as the indemnifying party, any Services provided to Customer free of charge.
Conditions
Crusoe Indemnification Obligations and Customer Indemnification Obligations are conditioned on the following:
- Any indemnified party must promptly notify the indemnifying party in writing of any allegation(s) that preceded the Third-Party Legal Proceeding and cooperate reasonably with the indemnifying party to resolve the allegation(s) and Third-Party Legal Proceeding. If breach of this Section prejudices the defense of the Third-Party Legal Proceeding, the indemnifying party’s obligations under Crusoe Indemnification Obligations or Customer Indemnification Obligations (as applicable) will be reduced in proportion to the prejudice.
- Any indemnified party must tender sole control of the indemnified portion of the Third-Party Legal Proceeding to the indemnifying party, subject to the following: (i) the indemnified party may appoint its own non-controlling counsel, at its own expense; and (ii) any settlement requiring the indemnified party to admit liability, pay money, or take (or refrain from taking) any action, will require the indemnified party’s prior written consent, not to be unreasonably withheld, conditioned, or delayed.
Remedies
If Crusoe reasonably believes the Service might infringe a third party’s Intellectual Property Rights, then Crusoe may, at its sole option and expense (a) procure the right for Customer to continue using the Services; (b) modify the Services to make them non-infringing without materially reducing their functionality; or (c) replace the Services with a non-infringing, functionally equivalent alternative. If Crusoe does not believe the remedies in this Section are commercially reasonable, then Crusoe may Suspend or terminate Customer’s use of the impacted Services.
Sole Rights and Obligations
Without affecting either party’s termination rights, Indemnification states the parties’ sole and exclusive remedy under this Agreement for any third-party allegations of Intellectual Property Rights infringement is covered by Indemnification.
Miscellaneous
Emails
The parties may use emails to satisfy written approval and consent requirements under the Agreement.
Assignment
Neither party may assign any part of this Agreement without the written consent of the other, except to an Affiliate where (a) the assignee has agreed in writing to be bound by the terms of this Agreement, and (b) the assigning party has notified the other party of the assignment. Any other attempt to assign is void.
Change of Control
If a party experiences a change of Control other than as part of an internal restructuring or reorganization (for example, through a stock purchase or sale, merger, or other form of corporate transaction), that party will give written notice to the other party within 30 days after the change of Control.
Force Majeure
Neither party will be liable for failure or delay in performance to the extent caused by circumstances beyond its reasonable control, including acts of God, natural disasters, terrorism, riots, or war.
Subcontracting
Crusoe may subcontract obligations under the Agreement but will remain liable to Customer for any subcontracted obligations.
No Agency
This Agreement does not create any agency, partnership, or joint venture between the parties.
No Waiver
Neither party will be treated as having waived any rights by not exercising (or delaying the exercise of) any rights under this Agreement.
Severability
If any part of this Agreement is invalid, illegal, or unenforceable, the rest of the Agreement will remain in effect.
No Third-Party Beneficiaries
This Agreement does not confer any benefits on any third party unless it expressly states that it does.
Equitable Relief
Nothing in this Agreement will limit either party’s ability to seek equitable relief.
Amendments
Except as stated in Modifications: To the Agreement or Modifications: To the Data Processing and Security Terms, any amendment must be in writing, signed by both parties, and expressly state that it is amending this Agreement.
Survival
The following Sections will survive expiration or termination of this Agreement: Intellectual Property Rights; Protection of Customer Data; Feedback, Confidential Information, Effect of Termination, Disclaimer, Limitation of Liability, Indemnification, and Miscellaneous.
Entire Agreement
This Agreement sets out all terms agreed between the parties and supersedes all other agreements between the parties relating to its subject matter. In entering into this Agreement, neither party has relied on, and neither party will have any right or remedy based on, any statement, representation, or warranty (whether made negligently or innocently), except those expressly stated in this Agreement. The URL Terms are incorporated by reference into the Agreement. After the Effective Date, Crusoe may provide an updated URL in place of any URL in this Agreement.
Conflicting Terms
If there is a conflict between the documents that make up this Agreement, the documents will control in the following order (of decreasing precedence): the Data Processing and Security Terms, the remainder of the Agreement (excluding the URL Terms), and the URL Terms (excluding the Data Processing and Security Terms).
Headers
Headings and captions used in the Agreement are for reference purposes only and will not have any effect on the interpretation of the Agreement.
U.S. Governing Law
U.S. City, County, and State Government Entities
If Customer is a U.S. city, county, or state government entity, then the Agreement will be silent regarding governing law and venue.
U.S. Federal Government Entities
If Customer is a U.S. federal government entity, then the following applies: ALL CLAIMS ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE SERVICES WILL BE GOVERNED BY THE LAWS OF THE UNITED STATES OF AMERICA, EXCLUDING ITS CONFLICT OF LAWS RULES. SOLELY TO THE EXTENT PERMITTED BY FEDERAL LAW, (I) THE LAWS OF THE STATE OF NEW YORK (EXCLUDING NEW YORK’S CONFLICT OF LAWS RULES) WILL APPLY IN THE ABSENCE OF APPLICABLE FEDERAL LAW; AND (II) FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE SERVICES, THE PARTIES CONSENT TO PERSONAL JURISDICTION IN, AND THE EXCLUSIVE VENUE OF, THE COURTS IN DENVER, COLORADO.
All Other Entities
If Customer is any entity not identified in U.S. City, County, and State Government Entities or U.S. Federal Government Entities, then the following applies: ALL CLAIMS ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE SERVICES WILL BE GOVERNED BY NEW YORK LAW, EXCLUDING THAT STATE’S CONFLICT OF LAWS RULES, AND WILL BE LITIGATED EXCLUSIVELY IN THE FEDERAL OR STATE COURTS OF DENVER COUNTY, COLORADO, USA; THE PARTIES CONSENT TO PERSONAL JURISDICTION IN THOSE COURTS.
Models for Crusoe Managed Inference Service
With Crusoe’s managed inference service, you can test and deploy AI models for generative language, image, and processing tasks. Available Models are listed at: https://docs.crusoecloud.com/
Acceptable Use Policy
Effective August 1st 2023
DownloadTable of Contents
Acceptable Use Policy
Use of the Services is subject to this Acceptable Use Policy. Capitalized terms have the meaning stated in the applicable agreement between Customer and Crusoe. Customer agrees not to, and not to allow third parties to use the Services:
- to violate, or encourage the violation of, the legal rights of others (for example, this may include allowing Customer End Users to infringe or misappropriate the intellectual property rights of others in violation of the Digital Millennium Copyright Act);
- to engage in, promote or encourage illegal activity;
- for any unlawful, invasive, infringing, defamatory or fraudulent purpose (for example, this may include phishing, creating a pyramid scheme or mirroring a website);
- to intentionally distribute viruses, worms, Trojan horses, corrupted files, hoaxes, or other items of a destructive or deceptive nature;
- to interfere with the use of the Services, or the equipment used to provide the Services, by customers, authorized resellers, or other authorized users; to disable, interfere with or circumvent any aspect of the Services;
- to generate, distribute, publish or facilitate unsolicited mass email, promotions, advertisements or other solicitations (“spam”); or
- to use the Services, or any interfaces provided with the Services, to access any other Crusoe product or service in a manner that violates the terms of service of such other Crusoe product or service.
Data Processing and Security Terms
Effective November 24th 2024
DownloadTable of Contents
Data Processing and Security Terms
These Data Processing and Security Terms, including their appendices (the “Terms”) are incorporated into the agreement under which Crusoe has agreed to provide the Crusoe Cloud Platform (as described at Services) and related technical support to Customer (the “Agreement”). These Terms will be effective and replace any previously applicable data processing and security terms from the Terms Effective Date (as defined below).
Definitions
Capitalized terms defined in the Agreement apply to these Terms. In addition, in these Terms:
- “Adequate Country” means:
- for data processed subject to the EU GDPR: the EEA, or a country or territory that is the subject of an adequacy decision by the Commission under Article 45(1) of the EU GDPR;
- for data processed subject to the UK GDPR: the UK or a country or territory that is the subject of the adequacy regulations under Article 45(1) of the UK GDPR and Section 17A of the Data Protection Act 2018; and/or
- for data processed subject to the Swiss FDPA: Switzerland, or a country or territory that (i) is included in the list of the states whose legislation ensures an adequate level of protection as published by the Swiss Federal Data Protection and Information Commissioner, or (ii) is the subject of an adequacy decision by the Swiss Federal Council under the Swiss FDPA.
- “Alternative Transfer Solution” means a solution, other than SCCs, that enables the lawful transfer of personal data to a third country in accordance with European Data Protection Law.
- “Customer Data” has the meaning given in the Agreement or, if no such meaning is given, means data provided by or on behalf of Customer or Customer End Users via the Services under the Account.
- “Customer End Users” has the meaning given in the Agreement or, if not such meaning is given, has the meaning given to “End Users” in the Agreement.
- “Customer Personal Data” means the personal data contained within the Customer Data, including any special categories of personal data defined under European Data Protection Law.
- “Customer SCCs” means the SCCs (EU Controller-to-Processor), the SCCs (EU Processor-to-Processor), the SCCs (EU Processor-to-Controller), and/or the SCCs (UK Controller-to-Processor), as applicable.
- “Data Incident” means a breach of Crusoe’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data on systems managed by or otherwise controlled by Crusoe.
- “EEA” means the European Economic Area.
- “EMEA” means Europe, the Middle East and Africa.
- “EU GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
- “European Data Protection Law” means, as applicable: (a) the GDPR; (b) the EU e-Privacy Directive (2002/58/EC); (c) any national data protection laws made under or pursuant to (a) or (b); (d) the UK GDPR; and/or (e) the Swiss FDPA.
- “European Law” means, as applicable: (a) EU or EU Member State law (if the EU GDPR applies to the processing of Customer Personal Data); and (b) the law of the UK or a part of the UK (if the UK GDPR applies to the processing of Customer Personal Data).
- “GDPR” means, as applicable: (a) the EU GDPR; and/or (b) the UK GDPR.
- “Instructions” has the meaning given in Customer’s Instructions.
- “Non-European Data Protection Law” means data protection or privacy laws in force outside the EEA, the UK and Switzerland, including but not limited to the California Consumer Privacy Act (CCPA), the Colorado Privacy Act (CPA), the Utah Consumer Privacy Act (UCPA), and the Virginia Consumer Data Protection Act (VCDPA).
- “Notification Email Address” means the email address(es) designated by Customer in the Admin Console or Order Form to receive certain notifications from Crusoe. Customer is responsible for using the Admin Console to ensure that its Notification Email Address remains current and valid.
- “Security Documentation” means all documents and information made available by Crusoe at https://docs.crusoecloud.com/.
- “Security Measures” has the meaning given in Crusoe’s Security Measures.
- “Subprocessor” means a third party authorized as another processor under these Terms to have logical access to and process Customer Data in order to provide parts of the Services and TSS.
- “Supervisory Authority” means, as applicable: (a) a “supervisory authority” as defined in the EU GDPR; and/or (b) the “Commissioner” as defined in the UK GDPR and/or the Swiss FDPA.
- “Swiss FDPA” means the Federal Data Protection Act of 19 June 1992 (Switzerland).
- “Term” means the period from the Terms Effective Date until the end of Crusoe’s provision of the Services, including, if applicable, any period during which provision of the Services may be suspended and any post-termination period during which Crusoe may continue providing the Services for transitional purposes.
- “Terms Effective Date” means the date on which Customer accepted, or the parties otherwise agreed to, these Terms.
- “UK GDPR” means the EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018, and applicable secondary legislation made under that Act.
The terms “personal data”, “data subject”, “processing”, “controller” and “processor” as used in these Terms have the meanings given in the GDPR irrespective of whether European Data Protection Law or Non-European Data Protection Law applies.
Duration
Regardless of whether the Agreement has terminated or expired, these Terms are in effect when Customer Data is processed by Crusoe.
Scope of Data Protection Law
Application of European Law
The parties acknowledge that European Data Protection Law may apply to the processing of Customer Personal Data if, for example:
- the processing is carried out in the context of the activities of an establishment of Customer in the territory of the EEA or the UK; and/or
- the Customer Personal Data is personal data relating to data subjects who are in the EEA or the UK and the processing relates to the offering to them of goods or services in the EEA or the UK, or the monitoring of their behavior in the EEA or the UK.
Application of Non-European Law
The parties acknowledge that Non-European Data Protection Law may also apply to the processing of Customer Personal Data.
Application of Terms
Except to the extent these Terms state otherwise, these Terms will apply irrespective of whether European Data Protection Law or Non-European Data Protection Law applies to the processing of Customer Personal Data.
Processing of Data
Roles and Regulatory Compliance; Authorization
Processor and Controller Responsibilities
If European Data Protection Law applies to the processing of Customer Personal Data:
- Crusoe is a processor of that Customer Personal Data under European Data Protection Law;
- Customer is a controller or processor, as applicable, of that Customer Personal Data under European Data Protection Law; and
- each party will comply with the obligations applicable to it under European Data Protection Law with respect to the processing of that Customer Personal Data.
Processor Customers
If European Data Protection Law applies to the processing of Customer Personal Data and Customer is a processor:
- Customer warrants on an ongoing basis that the relevant controller has authorized: (i) the Instructions, (ii) Customer’s appointment of Crusoe as another processor, and (iii) Crusoe’s engagement of Subprocessors as described in Subprocessors;
- Customer will immediately forward to the relevant controller any notice provided by Crusoe under Instruction Notifications or Incident Notification); and
- Customer may make available to the relevant controller any other information made available by Crusoe under Information about Subprocessors.
Responsibilities under Non-European Law
If Non-European Data Protection Law applies to either party’s processing of Customer Personal Data, the relevant party will comply with any obligations applicable to it under that law with respect to the processing of that Customer Personal Data.
Scope of Processing
Customer’s Instructions
Customer may instruct Crusoe to process Customer Personal Data only in accordance with applicable law: (a) to provide, secure, and monitor the Services and TSS; (b) as further specified via Customer’s use of the Services (including the Admin Console and other functionality of the Services) and TSS; (c) as documented in the form of the Agreement (including these Terms); and (d) as further documented in any other written instructions given by Customer and acknowledged by Crusoe as constituting instructions for purposes of these Terms (collectively, the “Instructions”).
Crusoe’s Compliance with Instructions
Crusoe will comply with the Instructions unless prohibited by European Law.
Instruction Notifications
Crusoe will promptly notify Customer if, in Crusoe’s opinion: (a) European Law prohibits Crusoe from complying with an Instruction; (b) an Instruction does not comply with European Data Protection Law; or (c) Crusoe is otherwise unable to comply with an Instruction, in each case unless such notice is prohibited by European Law. This Section does not reduce either party’s rights and obligations elsewhere in the Agreement.
Data Deletion
Deletion by Customer during the Term
Crusoe will enable Customer to delete Customer Data during the Term in a manner consistent with the functionality of the Services. Crusoe will comply with a Customer Instruction to to delete Customer Data from Crusoe’s systems as soon as reasonably practicable, unless European Law requires storage.
Return or Deletion at the end of the Term
If Customer wishes to retain any Customer Data after the end of the Term, it may export such data in accordance with Access; Rectification; Restricted Processing; Portability during the Term. All Customer Data (including existing copies) remaining at the end of the Term will be deleted from Crusoe’s systems unless European Law requires storage.
Data Security
Crusoe’s Security Measures, Controls and Assistance
Crusoe’s Security Measures
Crusoe will implement and maintain technical and organizational measures to protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access as described in Appendix 2 (the “Security Measures”). Crusoe may update the Security Measures from time to time provided that such updates do not result in a material reduction of the security of the Services.
Access and Compliance
Crusoe will: (a) authorize its employees, contractors and Subprocessors to access Customer Personal Data only as strictly necessary to comply with Instructions; (b) take appropriate steps to ensure compliance with the Security Measures by its employees, contractors and Subprocessors to the extent applicable to their scope of performance; and (c) ensure that all persons authorized to process Customer Personal Data are under an obligation of confidentiality.
Crusoe’s Security Assistance
Crusoe will (taking into account the nature of the processing of Customer Personal Data and the information available to Crusoe) assist Customer in ensuring compliance with its (or, where Customer is a processor, the relevant controller’s) obligations under Articles 32 to 34 of the GDPR, by:
- implementing and maintaining the Security Measures;
- complying with the terms of Data Incidents;
- providing Customer with the Security Documentation and the information contained in the Agreement (including these Terms); and
- if subsections (a)-(c) above are insufficient for Customer (or the relevant controller) to comply with such obligations, upon Customer’s request, providing Customer with additional reasonable cooperation and assistance.
Data Incidents
Incident Notification
After becoming aware of a Data Incident, Crusoe will promptly notify Customer and take reasonable steps to minimize harm and secure Customer Data.
Details of Data Incident
Crusoe’s notification of a Data Incident will describe: the nature of the Data Incident including the Customer resources impacted; the measures Crusoe has taken, or plans to take, to address the Data Incident and mitigate its potential risk; the measures, if any, Crusoe recommends that Customer take to address the Data Incident; and details of a contact point where more information can be obtained. If it is not possible to provide all such information at the same time, Crusoe’s initial notification will contain the information then available and further information will be provided without undue delay as it becomes available.
Delivery of Notification
Notification(s) of any Data Incident(s) will be delivered to the Notification Email Address.
No Assessment of Customer Data by Crusoe
Crusoe has no obligation to assess Customer Data in order to identify information subject to any specific legal requirements.
No Acknowledgement of Fault by Crusoe
Crusoe’s notification of or response to a Data Incident under Data Incidents will not be construed as an acknowledgement by Crusoe of any fault or liability with respect to the Data Incident.
Customer’s Security Responsibilities and Assessment
Customer’s Security Responsibilities
Without prejudice to Crusoe’s obligations under Crusoe’s Security Measures, Controls and Assistance and Data Incidents), and elsewhere in the Agreement, Customer is responsible for its use of the Services and its storage of any copies of Customer Data outside Crusoe’s or Crusoe’s Subprocessors’ systems, including:
- using the Services to ensure a level of security appropriate to the risk to the Customer Data;
- securing the account authentication credentials, systems and devices Customer uses to access the Services; and
- backing up its Customer Data as appropriate.
In addition, Customer is responsible for implementing and maintaining privacy protections and security measures for aspects of the Services that it controls (such as taking measures to protect Customer Data within resources provisioned by Customer using the Services, such as a virtual machine or storage).
Customer’s Security Assessment
Customer agrees that the Services, Security Measures implemented and maintained by Crusoe, and Crusoe’s commitments under Data Security provide a level of security appropriate to the risk to Customer Data (taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Customer Personal Data as well as the risks to individuals).
Impact Assessments and Consultations
Crusoe will (taking into account the nature of the processing and the information available to Crusoe) assist Customer in ensuring compliance with its (or, where Customer is a processor, the relevant controller’s) obligations under Articles 35 and 36 of the GDPR, by:
- providing the Security Documentation;
- providing the information contained in the Agreement (including these Terms); and
- if subsections (a) and (b) above are insufficient for Customer (or the relevant controller) to comply with such obligations, upon Customer’s request, providing Customer with additional reasonable cooperation and assistance.
Access etc.; Data Subject Requests
Access; Rectification; Restricted Processing; Portability
During the Term, Crusoe will enable Customer, in a manner consistent with the functionality of the Services, to access, rectify and restrict processing of Customer Data, including via the deletion functionality provided by Crusoe as described in Deletion by Customer, and to export Customer Data. If Customer becomes aware that any Customer Personal Data is inaccurate or outdated, Customer will be responsible for using such functionality to rectify or delete that data if required by applicable European Data Protection Law.
Data Subject Requests
During the Term, if Crusoe receives a request from a data subject that relates to Customer Personal Data and identifies Customer, Crusoe will: (a) advise the data subject to submit their request to Customer; (b) promptly notify Customer; and (c) not otherwise respond to that data subject’s request without authorization from Customer. Customer will be responsible for responding to any such request including, where necessary, by using the functionality of the Services.
Data Transfers
Data Storage and Processing Facilities
Subject to Crusoe’s data location commitments under the Service Specific Terms and to the remainder of Data Transfers, Customer Data may be processed in any country in which Crusoe or its Subprocessors maintain facilities.
Permitted Transfers
The parties acknowledge that European Data Protection Law does not require an Alternative Transfer Solution in order for Customer Personal Data to be processed in or transferred to an Adequate Country (“Permitted Transfers”).
Restricted Transfers
If the processing of Customer Personal Data involves any transfers that are not Permitted Transfers, and European Data Protection Law applies to those transfers (“Restricted Transfers”), then:
- if Crusoe announces its adoption of an Alternative Transfer Solution for any Restricted Transfers, then Crusoe will ensure that they are made in accordance with that Alternative Transfer Solution; and/or
- if Crusoe has not adopted an Alternative Transfer Solution for any Restricted Transfers, then:
- if Crusoe’s address is in an Adequate Country:
- the SCCs (EU Processor-to-Processor, Crusoe Exporter) will apply with respect to all Restricted Transfers from Crusoe to Subprocessors; and in addition,
- if Customer’s billing address is not in an Adequate Country, the SCCs (EU Processor-to-Controller) will apply (regardless of whether Customer is a controller and/or processor) with respect to Restricted Transfers between Crusoe and Customer; or
- if Crusoe’s address is not in an Adequate Country:
- the SCCs (EU Controller-to-Processor) and/or SCCs (EU Processor-to-Processor) will apply (according to whether Customer is a controller and/or processor) with respect to Restricted Transfers between Crusoe and Customer that are subject to the EU GDPR and/or the Swiss FDPA; and
- the SCCs (UK Controller-to-Processor) will apply (regardless of whether Customer is a controller and/or processor) with respect to Restricted Transfers between Crusoe and Customer that are subject to the UK GDPR.
- if Crusoe’s address is in an Adequate Country:
Subprocessors
Consent to Subprocessor Engagement
Customer specifically authorizes the engagement as Subprocessors of those entities listed as of the Terms Effective Date at the URL specified in Information about Subprocessors. In addition, Customer generally authorizes the engagement as Subprocessors of any other third parties (“New Subprocessors”).
Information about Subprocessors
Information about Subprocessors, including their functions and locations, is available at Crusoe Cloud Subprocessors (as may be updated by Crusoe from time to time in accordance with these Terms).
Requirements for Subprocessor Engagement
When engaging any Subprocessor, Crusoe will ensure that: (a) the Subprocessor only accesses and uses Customer Data to the extent required to perform the obligations subcontracted to it, and does so in accordance with the Agreement (including these Terms); and (b) if the processing of Customer Personal Data is subject to European Data Protection Law, the data protection obligations described in these Terms (as referred to in Article 28(3) of the GDPR, if applicable), are imposed on the Subprocessor.
Audits
Customer acknowledges that the Services are regularly audited against the standards outlined at Crusoe's Trust Center (the “Trust Center”), and may obtain summary reports of such audits as detailed therein. Customer chooses to conduct any audit it has the right to request on its own behalf, and on behalf of its controller if applicable, by instructing Crusoe to carry out the audits described in the Trust Center.
Support; Processing Records
Support
Crusoe will provide prompt and reasonable assistance with any Customer queries related to processing of Customer Personal Data under the Agreement and can be contacted at support@crusoecloud.com (and/or via such other means as Crusoe may provide from time to time).
Crusoe’s Processing Records
Crusoe will keep appropriate documentation of its processing activities as required by the GDPR. To the extent the GDPR requires Crusoe to collect and maintain records of certain information relating to Customer, Customer will use the Admin Console to supply such information and keep it accurate and up-to-date. Crusoe may make any such information available to the Supervisory Authorities if required by the GDPR.
Controller Requests
During the Term, if Crusoe receives a request or instruction from a third party purporting to be a controller of Customer Personal Data, Crusoe will advise the third party to contact Customer.
Appendix 1: Subject Matter and Details of the Data Processing
Subject Matter
Duration of the Processing
The Term plus the period from the end of the Term until deletion of all Customer Data by Crusoe in accordance with the Terms.
Nature and Purpose of the Processing
Crusoe will process Customer Personal Data for the purposes of providing the Services and TSS to Customer in accordance with the Terms.
Categories of Data
Data relating to individuals provided to Crusoe via the Services, by (or at the direction of) Customer or by Customer End Users.
Data Subjects
Data subjects include the individuals about whom data is provided to Crusoe via the Services by (or at the direction of) Customer or by Customer End Users.
Appendix 2: Security Measures
As from the Terms Effective Date, Crusoe will implement and maintain the Security Measures described herein.
Data Centers
Infrastructure
Crusoe maintains geographically distributed data centers. Crusoe stores all production data in physically secure data centers.
Redundancy
Infrastructure systems have been designed to minimize single points of failure and the impact of anticipated environmental risks. Reasonable technical measures have been taken, where possible, to provide this redundancy. The Services are designed to allow Crusoe to perform certain types of preventative and corrective maintenance without interruption. When customer interruption is expected as part of a planned maintenance event, Crusoe will provide notice to customers ahead of the event. All environmental equipment and facilities have documented preventative maintenance procedures that detail the process for and frequency of performance in accordance with the manufacturer’s or internal specifications. Preventative and corrective maintenance of the data center equipment is scheduled through a standard change process according to documented procedures.
Power
The data center electrical power systems are designed to be redundant and maintainable without impact to continuous operations, 24 hours a day, 7 days a week. In most cases, a primary as well as an alternate power source, each with sufficient capacity to power a data center, is provided for critical infrastructure components in the data center. Backup power is provided by various mechanisms such as uninterruptible power supplies (UPS) batteries, which supply consistently reliable power protection during utility brownouts, blackouts, over voltage, under voltage, and out-of-tolerance frequency conditions. If primary power is interrupted, backup power is designed to provide transitory power to the data center, at full capacity, until the backup generator systems take over. The backup generators are capable of automatically starting up within seconds to provide enough emergency electrical power to run the data center at full capacity typically for a period of days.
Networks and Transmission
Data Transmission
Data centers are typically connected via high-speed private links to provide secure and fast data transfer between data centers. This is designed to prevent data from being read, copied, altered or removed without authorization during electronic transfer or transport or while being recorded onto data storage media. Crusoe transfers data via Internet standard protocols.
External Attack Surface
Crusoe employs multiple layers of network devices and intrusion detection to protect its external attack surface. Crusoe considers potential attack vectors and incorporates appropriate purpose built technologies into external facing systems.
Intrusion Detection
Intrusion detection is intended to provide insight into ongoing attack activities and provide adequate information to respond to incidents. Crusoe’s intrusion detection involves controlling the size and make-up of Crusoe’s attack surface through preventative measures.
Incident Response
Crusoe monitors a variety of communication channels for security incidents, and Crusoe’s security personnel will react promptly to known incidents.
Encryption Technologies
Crusoe makes HTTPS encryption (also referred to as SSL or TLS connection) available. Crusoe servers support ephemeral elliptic curve Diffie-Hellman cryptographic key exchange signed with RSA and ECDSA. These perfect forward secrecy (PFS) methods help protect traffic and minimize the impact of a compromised key, or a cryptographic breakthrough.
Site and Access Controls
Crusoe maintains formal access procedures for allowing physical access to the data centers. Only authorized employees, contractors and visitors are allowed entry to the data centers. CCTV cameras are in operation both inside and outside the data centers. The positioning of the cameras has been designed to cover strategic areas including, among others, the perimeter, doors to the data center building, and shipping/receiving.
Customer’s administrators and Customer End Users must authenticate themselves via a central authentication system in order to use the Services.
Crusoe’s internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to Crusoe’s systems. Crusoe designs its systems to only allow authorized persons to access data they are authorized to access. Crusoe employs a centralized access management system to control personnel access to production servers, and only provides access to a limited number of authorized personnel. Crusoe’s authentication and authorization systems utilize SSH certificates and security keys, and are designed to provide Crusoe with secure and flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and configuration information. Crusoe requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimize the potential for unauthorized account use. The granting or modification of access rights is based on: the authorized personnel’s job responsibilities; job duty requirements necessary to perform authorized tasks; and a need to know basis. The granting or modification of access rights must also be in accordance with Crusoe’s internal data access policies and training. Approvals are managed by workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g., login to workstations), password policies that follow at least industry standard practices are implemented. These standards include restrictions on password reuse and sufficient password strength.
Data
Crusoe stores data in a multi-tenant environment on Crusoe-owned servers. Subject to any Instructions to the contrary (e.g., in the form of a data location selection), Crusoe replicates Customer Data between multiple data centers. Crusoe also logically isolates Customer Data. Customer will be given control over specific data sharing policies. Those policies, in accordance with the functionality of the Services, will enable Customer to determine the product sharing settings applicable to Customer End Users for specific purposes.
Personnel
Crusoe personnel are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. Crusoe conducts reasonably appropriate background checks to the extent legally permissible and in accordance with applicable local labor law and statutory regulations. Personnel are required to execute a confidentiality agreement and must acknowledge receipt of, and compliance with, Crusoe’s confidentiality and privacy policies.
Subprocessors
Before onboarding Subprocessors, Crusoe ensures Subprocessors provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide. Once Crusoe has assessed the risks presented by the Subprocessor, the Subprocessor is required to enter into appropriate security, confidentiality and privacy contract terms.
Effective August 1st 2023 to November 24th 2024
DownloadSummary of changes
Added Heading
Table of Contents
Data Processing and Security Terms
These Data Processing and Security Terms, including their appendices (the “Terms”) are incorporated into the agreement under which Crusoe has agreed to provide the Crusoe Cloud Platform (as described at Services) and related technical support to Customer (the “Agreement”). These Terms will be effective and replace any previously applicable data processing and security terms from the Terms Effective Date (as defined below).
Definitions
Capitalized terms defined in the Agreement apply to these Terms. In addition, in these Terms:
- “Adequate Country” means:
- for data processed subject to the EU GDPR: the EEA, or a country or territory that is the subject of an adequacy decision by the Commission under Article 45(1) of the EU GDPR;
- for data processed subject to the UK GDPR: the UK or a country or territory that is the subject of the adequacy regulations under Article 45(1) of the UK GDPR and Section 17A of the Data Protection Act 2018; and/or
- for data processed subject to the Swiss FDPA: Switzerland, or a country or territory that (i) is included in the list of the states whose legislation ensures an adequate level of protection as published by the Swiss Federal Data Protection and Information Commissioner, or (ii) is the subject of an adequacy decision by the Swiss Federal Council under the Swiss FDPA.
- “Alternative Transfer Solution” means a solution, other than SCCs, that enables the lawful transfer of personal data to a third country in accordance with European Data Protection Law.
- “Customer Data” has the meaning given in the Agreement or, if no such meaning is given, means data provided by or on behalf of Customer or Customer End Users via the Services under the Account.
- “Customer End Users” has the meaning given in the Agreement or, if not such meaning is given, has the meaning given to “End Users” in the Agreement.
- “Customer Personal Data” means the personal data contained within the Customer Data, including any special categories of personal data defined under European Data Protection Law.
- “Customer SCCs” means the SCCs (EU Controller-to-Processor), the SCCs (EU Processor-to-Processor), the SCCs (EU Processor-to-Controller), and/or the SCCs (UK Controller-to-Processor), as applicable.
- “Data Incident” means a breach of Crusoe’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data on systems managed by or otherwise controlled by Crusoe.
- “EEA” means the European Economic Area.
- “EMEA” means Europe, the Middle East and Africa.
- “EU GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
- “European Data Protection Law” means, as applicable: (a) the GDPR; and/or (b) the Swiss FDPA.
- “European Law” means, as applicable: (a) EU or EU Member State law (if the EU GDPR applies to the processing of Customer Personal Data); and (b) the law of the UK or a part of the UK (if the UK GDPR applies to the processing of Customer Personal Data).
- “GDPR” means, as applicable: (a) the EU GDPR; and/or (b) the UK GDPR.
- “Instructions” has the meaning given in Customer’s Instructions.
- “Non-European Data Protection Law” means data protection or privacy laws in force outside the EEA, the UK and Switzerland.
- “Notification Email Address” means the email address(es) designated by Customer in the Admin Console or Order Form to receive certain notifications from Crusoe. Customer is responsible for using the Admin Console to ensure that its Notification Email Address remains current and valid.
- “Security Documentation” means all documents and information made available by Crusoe at https://docs.crusoecloud.com/.
- “Security Measures” has the meaning given in Crusoe’s Security Measures.
- “Subprocessor” means a third party authorized as another processor under these Terms to have logical access to and process Customer Data in order to provide parts of the Services and TSS.
- “Supervisory Authority” means, as applicable: (a) a “supervisory authority” as defined in the EU GDPR; and/or (b) the “Commissioner” as defined in the UK GDPR and/or the Swiss FDPA.
- “Swiss FDPA” means the Federal Data Protection Act of 19 June 1992 (Switzerland).
- “Term” means the period from the Terms Effective Date until the end of Crusoe’s provision of the Services, including, if applicable, any period during which provision of the Services may be suspended and any post-termination period during which Crusoe may continue providing the Services for transitional purposes.
- “Terms Effective Date” means the date on which Customer accepted, or the parties otherwise agreed to, these Terms.
- “UK GDPR” means the EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018, and applicable secondary legislation made under that Act.
The terms “personal data”, “data subject”, “processing”, “controller” and “processor” as used in these Terms have the meanings given in the GDPR irrespective of whether European Data Protection Law or Non-European Data Protection Law applies.
Duration
Regardless of whether the Agreement has terminated or expired, these Terms will remain in effect until, and automatically expire when, Crusoe deletes all Customer Data as described in these Terms.
Scope of Data Protection Law
Application of European Law
The parties acknowledge that European Data Protection Law may apply to the processing of Customer Personal Data if, for example:
- the processing is carried out in the context of the activities of an establishment of Customer in the territory of the EEA or the UK; and/or
- the Customer Personal Data is personal data relating to data subjects who are in the EEA or the UK and the processing relates to the offering to them of goods or services in the EEA or the UK, or the monitoring of their behavior in the EEA or the UK.
Application of Non-European Law
The parties acknowledge that Non-European Data Protection Law may also apply to the processing of Customer Personal Data.
Application of Terms
Except to the extent these Terms state otherwise, these Terms will apply irrespective of whether European Data Protection Law or Non-European Data Protection Law applies to the processing of Customer Personal Data.
Processing of Data
Roles and Regulatory Compliance; Authorization
Processor and Controller Responsibilities
If European Data Protection Law applies to the processing of Customer Personal Data:
- Crusoe is a processor of that Customer Personal Data under European Data Protection Law;
- Customer is a controller or processor, as applicable, of that Customer Personal Data under European Data Protection Law; and
- each party will comply with the obligations applicable to it under European Data Protection Law with respect to the processing of that Customer Personal Data.
Processor Customers
If European Data Protection Law applies to the processing of Customer Personal Data and Customer is a processor:
- Customer warrants on an ongoing basis that the relevant controller has authorized: (i) the Instructions, (ii) Customer’s appointment of Crusoe as another processor, and (iii) Crusoe’s engagement of Subprocessors as described in Subprocessors;
- Customer will immediately forward to the relevant controller any notice provided by Crusoe under Instruction Notifications or Incident Notification); and
- Customer may make available to the relevant controller any other information made available by Crusoe under Information about Subprocessors.
Responsibilities under Non-European Law
If Non-European Data Protection Law applies to either party’s processing of Customer Personal Data, the relevant party will comply with any obligations applicable to it under that law with respect to the processing of that Customer Personal Data.
Scope of Processing
Customer’s Instructions
Customer may instruct Crusoe to process Customer Personal Data only in accordance with applicable law: (a) to provide, secure, and monitor the Services and TSS; (b) as further specified via Customer’s use of the Services (including the Admin Console and other functionality of the Services) and TSS; (c) as documented in the form of the Agreement (including these Terms); and (d) as further documented in any other written instructions given by Customer and acknowledged by Crusoe as constituting instructions for purposes of these Terms (collectively, the “Instructions”).
Crusoe’s Compliance with Instructions
Crusoe will comply with the Instructions unless prohibited by European Law.
Instruction Notifications
Crusoe will promptly notify Customer if, in Crusoe’s opinion: (a) European Law prohibits Crusoe from complying with an Instruction; (b) an Instruction does not comply with European Data Protection Law; or (c) Crusoe is otherwise unable to comply with an Instruction, in each case unless such notice is prohibited by European Law. This Section does not reduce either party’s rights and obligations elsewhere in the Agreement.
Data Deletion
Deletion by Customer during the Term
Crusoe will enable Customer to delete Customer Data during the Term in a manner consistent with the functionality of the Services. Crusoe will comply with a Customer Instruction to to delete Customer Data from Crusoe’s systems as soon as reasonably practicable, unless European Law requires storage.
Return or Deletion at the end of the Term
If Customer wishes to retain any Customer Data after the end of the Term, it may export such data in accordance with Access; Rectification; Restricted Processing; Portability during the Term. All Customer Data (including existing copies) remaining at the end of the Term will be deleted from Crusoe’s systems unless European Law requires storage.
Data Security
Crusoe’s Security Measures, Controls and Assistance
Crusoe’s Security Measures
Crusoe will implement and maintain technical and organizational measures to protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access as described in Appendix 2 (the “Security Measures”). Crusoe may update the Security Measures from time to time provided that such updates do not result in a material reduction of the security of the Services.
Access and Compliance
Crusoe will: (a) authorize its employees, contractors and Subprocessors to access Customer Personal Data only as strictly necessary to comply with Instructions; (b) take appropriate steps to ensure compliance with the Security Measures by its employees, contractors and Subprocessors to the extent applicable to their scope of performance; and (c) ensure that all persons authorized to process Customer Personal Data are under an obligation of confidentiality.
Crusoe’s Security Assistance
Crusoe will (taking into account the nature of the processing of Customer Personal Data and the information available to Crusoe) assist Customer in ensuring compliance with its (or, where Customer is a processor, the relevant controller’s) obligations under Articles 32 to 34 of the GDPR, by:
- implementing and maintaining the Security Measures;
- complying with the terms of Data Incidents;
- providing Customer with the Security Documentation and the information contained in the Agreement (including these Terms); and
- if subsections (a)-(c) above are insufficient for Customer (or the relevant controller) to comply with such obligations, upon Customer’s request, providing Customer with additional reasonable cooperation and assistance.
Data Incidents
Incident Notification
After becoming aware of a Data Incident, Crusoe will promptly notify Customer and take reasonable steps to minimize harm and secure Customer Data.
Details of Data Incident
Crusoe’s notification of a Data Incident will describe: the nature of the Data Incident including the Customer resources impacted; the measures Crusoe has taken, or plans to take, to address the Data Incident and mitigate its potential risk; the measures, if any, Crusoe recommends that Customer take to address the Data Incident; and details of a contact point where more information can be obtained. If it is not possible to provide all such information at the same time, Crusoe’s initial notification will contain the information then available and further information will be provided without undue delay as it becomes available.
Delivery of Notification
Notification(s) of any Data Incident(s) will be delivered to the Notification Email Address.
No Assessment of Customer Data by Crusoe
Crusoe has no obligation to assess Customer Data in order to identify information subject to any specific legal requirements.
No Acknowledgement of Fault by Crusoe
Crusoe’s notification of or response to a Data Incident under Data Incidents will not be construed as an acknowledgement by Crusoe of any fault or liability with respect to the Data Incident.
Customer’s Security Responsibilities and Assessment
Customer’s Security Responsibilities
Without prejudice to Crusoe’s obligations under Crusoe’s Security Measures, Controls and Assistance and Data Incidents), and elsewhere in the Agreement, Customer is responsible for its use of the Services and its storage of any copies of Customer Data outside Crusoe’s or Crusoe’s Subprocessors’ systems, including:
- using the Services to ensure a level of security appropriate to the risk to the Customer Data;
- securing the account authentication credentials, systems and devices Customer uses to access the Services; and
- backing up its Customer Data as appropriate.
Customer’s Security Assessment
Customer agrees that the Services, Security Measures implemented and maintained by Crusoe, and Crusoe’s commitments under Data Security provide a level of security appropriate to the risk to Customer Data (taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Customer Personal Data as well as the risks to individuals).
Impact Assessments and Consultations
Crusoe will (taking into account the nature of the processing and the information available to Crusoe) assist Customer in ensuring compliance with its (or, where Customer is a processor, the relevant controller’s) obligations under Articles 35 and 36 of the GDPR, by:
- providing the Security Documentation;
- providing the information contained in the Agreement (including these Terms); and
- if subsections (a) and (b) above are insufficient for Customer (or the relevant controller) to comply with such obligations, upon Customer’s request, providing Customer with additional reasonable cooperation and assistance.
Access etc.; Data Subject Requests
Access; Rectification; Restricted Processing; Portability
During the Term, Crusoe will enable Customer, in a manner consistent with the functionality of the Services, to access, rectify and restrict processing of Customer Data, including via the deletion functionality provided by Crusoe as described in Deletion by Customer, and to export Customer Data. If Customer becomes aware that any Customer Personal Data is inaccurate or outdated, Customer will be responsible for using such functionality to rectify or delete that data if required by applicable European Data Protection Law.
Data Subject Requests
During the Term, if Crusoe receives a request from a data subject that relates to Customer Personal Data and identifies Customer, Crusoe will: (a) advise the data subject to submit their request to Customer; (b) promptly notify Customer; and (c) not otherwise respond to that data subject’s request without authorization from Customer. Customer will be responsible for responding to any such request including, where necessary, by using the functionality of the Services.
Data Transfers
Data Storage and Processing Facilities
Subject to Crusoe’s data location commitments under the Service Specific Terms and to the remainder of Data Transfers, Customer Data may be processed in any country in which Crusoe or its Subprocessors maintain facilities.
Permitted Transfers
The parties acknowledge that European Data Protection Law does not require an Alternative Transfer Solution in order for Customer Personal Data to be processed in or transferred to an Adequate Country (“Permitted Transfers”).
Restricted Transfers
If the processing of Customer Personal Data involves any transfers that are not Permitted Transfers, and European Data Protection Law applies to those transfers (as certified by Customer under Certification by Non-EMEA Customers if its billing address is outside EMEA) (“Restricted Transfers”), then:
- if Crusoe announces its adoption of an Alternative Transfer Solution for any Restricted Transfers, then Crusoe will ensure that they are made in accordance with that Alternative Transfer Solution; and/or
- if Crusoe has not adopted an Alternative Transfer Solution for any Restricted Transfers, then:
- if Crusoe’s address is in an Adequate Country:
- the SCCs (EU Processor-to-Processor, Crusoe Exporter) will apply with respect to all Restricted Transfers from Crusoe to Subprocessors; and in addition,
- if Customer’s billing address is not in an Adequate Country, the SCCs (EU Processor-to-Controller) will apply (regardless of whether Customer is a controller and/or processor) with respect to Restricted Transfers between Crusoe and Customer; or
- if Crusoe’s address is not in an Adequate Country:
- the SCCs (EU Controller-to-Processor) and/or SCCs (EU Processor-to-Processor) will apply (according to whether Customer is a controller and/or processor) with respect to Restricted Transfers between Crusoe and Customer that are subject to the EU GDPR and/or the Swiss FDPA; and
- the SCCs (UK Controller-to-Processor) will apply (regardless of whether Customer is a controller and/or processor) with respect to Restricted Transfers between Crusoe and Customer that are subject to the UK GDPR.
- if Crusoe’s address is in an Adequate Country:
Certification by Non-EMEA Customers
If Customer’s billing address is outside EMEA, and the processing of Customer Personal Data is subject to European Data Protection Law, Customer will certify as such, and identify its competent Supervisory Authority, via the Admin Console.
Subprocessors
Consent to Subprocessor Engagement
Customer specifically authorizes the engagement as Subprocessors of those entities listed as of the Terms Effective Date at the URL specified in Information about Subprocessors. In addition, Customer generally authorizes the engagement as Subprocessors of any other third parties (“New Subprocessors”).
Information about Subprocessors
Information about Subprocessors, including their functions and locations, is available at Crusoe Cloud Subprocessors (as may be updated by Crusoe from time to time in accordance with these Terms).
Requirements for Subprocessor Engagement
When engaging any Subprocessor, Crusoe will ensure that: (a) the Subprocessor only accesses and uses Customer Data to the extent required to perform the obligations subcontracted to it, and does so in accordance with the Agreement (including these Terms); and (b) if the processing of Customer Personal Data is subject to European Data Protection Law, the data protection obligations described in these Terms (as referred to in Article 28(3) of the GDPR, if applicable), are imposed on the Subprocessor.
Support; Processing Records
Support
Crusoe will provide prompt and reasonable assistance with any Customer queries related to processing of Customer Personal Data under the Agreement and can be contacted at support@crusoecloud.com (and/or via such other means as Crusoe may provide from time to time).
Crusoe’s Processing Records
Crusoe will keep appropriate documentation of its processing activities as required by the GDPR. To the extent the GDPR requires Crusoe to collect and maintain records of certain information relating to Customer, Customer will use the Admin Console to supply such information and keep it accurate and up-to-date. Crusoe may make any such information available to the Supervisory Authorities if required by the GDPR.
Controller Requests
During the Term, if Crusoe receives a request or instruction from a third party purporting to be a controller of Customer Personal Data, Crusoe will advise the third party to contact Customer.
Appendix 1: Subject Matter and Details of the Data Processing
Subject Matter
Duration of the Processing
The Term plus the period from the end of the Term until deletion of all Customer Data by Crusoe in accordance with the Terms.
Nature and Purpose of the Processing
Crusoe will process Customer Personal Data for the purposes of providing the Services and TSS to Customer in accordance with the Terms.
Categories of Data
Data relating to individuals provided to Crusoe via the Services, by (or at the direction of) Customer or by Customer End Users.
Data Subjects
Data subjects include the individuals about whom data is provided to Crusoe via the Services by (or at the direction of) Customer or by Customer End Users.
Appendix 2: Security Measures
As from the Terms Effective Date, Crusoe will implement and maintain the Security Measures described herein.
Data Centers
Infrastructure
Crusoe maintains geographically distributed data centers. Crusoe stores all production data in physically secure data centers.
Redundancy
Infrastructure systems have been designed to minimize single points of failure and the impact of anticipated environmental risks. Reasonable technical measures have been taken, where possible, to provide this redundancy. The Services are designed to allow Crusoe to perform certain types of preventative and corrective maintenance without interruption. When customer interruption is expected as part of a planned maintenance event, Crusoe will provide notice to customers ahead of the event. All environmental equipment and facilities have documented preventative maintenance procedures that detail the process for and frequency of performance in accordance with the manufacturer’s or internal specifications. Preventative and corrective maintenance of the data center equipment is scheduled through a standard change process according to documented procedures.
Power
The data center electrical power systems are designed to be redundant and maintainable without impact to continuous operations, 24 hours a day, 7 days a week. In most cases, a primary as well as an alternate power source, each with sufficient capacity to power a data center, is provided for critical infrastructure components in the data center. Backup power is provided by various mechanisms such as uninterruptible power supplies (UPS) batteries, which supply consistently reliable power protection during utility brownouts, blackouts, over voltage, under voltage, and out-of-tolerance frequency conditions. If primary power is interrupted, backup power is designed to provide transitory power to the data center, at full capacity, until the backup generator systems take over. The backup generators are capable of automatically starting up within seconds to provide enough emergency electrical power to run the data center at full capacity typically for a period of days.
Networks and Transmission
Data Transmission
Data centers are typically connected via high-speed private links to provide secure and fast data transfer between data centers. This is designed to prevent data from being read, copied, altered or removed without authorization during electronic transfer or transport or while being recorded onto data storage media. Crusoe transfers data via Internet standard protocols.
External Attack Surface
Crusoe employs multiple layers of network devices and intrusion detection to protect its external attack surface. Crusoe considers potential attack vectors and incorporates appropriate purpose built technologies into external facing systems.
Intrusion Detection
Intrusion detection is intended to provide insight into ongoing attack activities and provide adequate information to respond to incidents. Crusoe’s intrusion detection involves controlling the size and make-up of Crusoe’s attack surface through preventative measures.
Incident Response
Crusoe monitors a variety of communication channels for security incidents, and Crusoe’s security personnel will react promptly to known incidents.
Encryption Technologies
Crusoe makes HTTPS encryption (also referred to as SSL or TLS connection) available. Crusoe servers support ephemeral elliptic curve Diffie-Hellman cryptographic key exchange signed with RSA and ECDSA. These perfect forward secrecy (PFS) methods help protect traffic and minimize the impact of a compromised key, or a cryptographic breakthrough.
Site and Access Controls
Crusoe maintains formal access procedures for allowing physical access to the data centers. Only authorized employees, contractors and visitors are allowed entry to the data centers. CCTV cameras are in operation both inside and outside the data centers. The positioning of the cameras has been designed to cover strategic areas including, among others, the perimeter, doors to the data center building, and shipping/receiving.
Customer’s administrators and Customer End Users must authenticate themselves via a central authentication system in order to use the Services.
Crusoe’s internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to Crusoe’s systems. Crusoe designs its systems to only allow authorized persons to access data they are authorized to access. Crusoe employs a centralized access management system to control personnel access to production servers, and only provides access to a limited number of authorized personnel. Crusoe’s authentication and authorization systems utilize SSH certificates and security keys, and are designed to provide Crusoe with secure and flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and configuration information. Crusoe requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimize the potential for unauthorized account use. The granting or modification of access rights is based on: the authorized personnel’s job responsibilities; job duty requirements necessary to perform authorized tasks; and a need to know basis. The granting or modification of access rights must also be in accordance with Crusoe’s internal data access policies and training. Approvals are managed by workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g., login to workstations), password policies that follow at least industry standard practices are implemented. These standards include restrictions on password reuse and sufficient password strength.
Data
Crusoe stores data in a multi-tenant environment on Crusoe-owned servers. Subject to any Instructions to the contrary (e.g., in the form of a data location selection), Crusoe replicates Customer Data between multiple data centers. Crusoe also logically isolates Customer Data. Customer will be given control over specific data sharing policies. Those policies, in accordance with the functionality of the Services, will enable Customer to determine the product sharing settings applicable to Customer End Users for specific purposes.
Personnel
Crusoe personnel are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. Crusoe conducts reasonably appropriate background checks to the extent legally permissible and in accordance with applicable local labor law and statutory regulations. Personnel are required to execute a confidentiality agreement and must acknowledge receipt of, and compliance with, Crusoe’s confidentiality and privacy policies.
Subprocessors
Before onboarding Subprocessors, Crusoe ensures Subprocessors provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide. Once Crusoe has assessed the risks presented by the Subprocessor, the Subprocessor is required to enter into appropriate security, confidentiality and privacy contract terms.
Effective August 5th 2024 to August 5th 2024
DownloadTable of Contents
These Data Processing and Security Terms, including their appendices (the “Terms”) are incorporated into the agreement under which Crusoe has agreed to provide the Crusoe Cloud Platform (as described at Services) and related technical support to Customer (the “Agreement”). These Terms will be effective and replace any previously applicable data processing and security terms from the Terms Effective Date (as defined below).
Definitions
Capitalized terms defined in the Agreement apply to these Terms. In addition, in these Terms:
- “Adequate Country” means:
- for data processed subject to the EU GDPR: the EEA, or a country or territory that is the subject of an adequacy decision by the Commission under Article 45(1) of the EU GDPR;
- for data processed subject to the UK GDPR: the UK or a country or territory that is the subject of the adequacy regulations under Article 45(1) of the UK GDPR and Section 17A of the Data Protection Act 2018; and/or
- for data processed subject to the Swiss FDPA: Switzerland, or a country or territory that (i) is included in the list of the states whose legislation ensures an adequate level of protection as published by the Swiss Federal Data Protection and Information Commissioner, or (ii) is the subject of an adequacy decision by the Swiss Federal Council under the Swiss FDPA.
- “Alternative Transfer Solution” means a solution, other than SCCs, that enables the lawful transfer of personal data to a third country in accordance with European Data Protection Law.
- “Customer Data” has the meaning given in the Agreement or, if no such meaning is given, means data provided by or on behalf of Customer or Customer End Users via the Services under the Account.
- “Customer End Users” has the meaning given in the Agreement or, if not such meaning is given, has the meaning given to “End Users” in the Agreement.
- “Customer Personal Data” means the personal data contained within the Customer Data, including any special categories of personal data defined under European Data Protection Law.
- “Customer SCCs” means the SCCs (EU Controller-to-Processor), the SCCs (EU Processor-to-Processor), the SCCs (EU Processor-to-Controller), and/or the SCCs (UK Controller-to-Processor), as applicable.
- “Data Incident” means a breach of Crusoe’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data on systems managed by or otherwise controlled by Crusoe.
- “EEA” means the European Economic Area.
- “EMEA” means Europe, the Middle East and Africa.
- “EU GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
- “European Data Protection Law” means, as applicable: (a) the GDPR; and/or (b) the Swiss FDPA.
- “European Law” means, as applicable: (a) EU or EU Member State law (if the EU GDPR applies to the processing of Customer Personal Data); and (b) the law of the UK or a part of the UK (if the UK GDPR applies to the processing of Customer Personal Data).
- “GDPR” means, as applicable: (a) the EU GDPR; and/or (b) the UK GDPR.
- “Instructions” has the meaning given in Customer’s Instructions.
- “Non-European Data Protection Law” means data protection or privacy laws in force outside the EEA, the UK and Switzerland.
- “Notification Email Address” means the email address(es) designated by Customer in the Admin Console or Order Form to receive certain notifications from Crusoe. Customer is responsible for using the Admin Console to ensure that its Notification Email Address remains current and valid.
- “Security Documentation” means all documents and information made available by Crusoe at https://docs.crusoecloud.com/.
- “Security Measures” has the meaning given in Crusoe’s Security Measures.
- “Subprocessor” means a third party authorized as another processor under these Terms to have logical access to and process Customer Data in order to provide parts of the Services and TSS.
- “Supervisory Authority” means, as applicable: (a) a “supervisory authority” as defined in the EU GDPR; and/or (b) the “Commissioner” as defined in the UK GDPR and/or the Swiss FDPA.
- “Swiss FDPA” means the Federal Data Protection Act of 19 June 1992 (Switzerland).
- “Term” means the period from the Terms Effective Date until the end of Crusoe’s provision of the Services, including, if applicable, any period during which provision of the Services may be suspended and any post-termination period during which Crusoe may continue providing the Services for transitional purposes.
- “Terms Effective Date” means the date on which Customer accepted, or the parties otherwise agreed to, these Terms.
- “UK GDPR” means the EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018, and applicable secondary legislation made under that Act.
The terms “personal data”, “data subject”, “processing”, “controller” and “processor” as used in these Terms have the meanings given in the GDPR irrespective of whether European Data Protection Law or Non-European Data Protection Law applies.
Duration
Regardless of whether the Agreement has terminated or expired, these Terms will remain in effect until, and automatically expire when, Crusoe deletes all Customer Data as described in these Terms.
Scope of Data Protection Law
Application of European Law
The parties acknowledge that European Data Protection Law may apply to the processing of Customer Personal Data if, for example:
- the processing is carried out in the context of the activities of an establishment of Customer in the territory of the EEA or the UK; and/or
- the Customer Personal Data is personal data relating to data subjects who are in the EEA or the UK and the processing relates to the offering to them of goods or services in the EEA or the UK, or the monitoring of their behavior in the EEA or the UK.
Application of Non-European Law
The parties acknowledge that Non-European Data Protection Law may also apply to the processing of Customer Personal Data.
Application of Terms
Except to the extent these Terms state otherwise, these Terms will apply irrespective of whether European Data Protection Law or Non-European Data Protection Law applies to the processing of Customer Personal Data.
Processing of Data
Roles and Regulatory Compliance; Authorization
Processor and Controller Responsibilities
If European Data Protection Law applies to the processing of Customer Personal Data:
- Crusoe is a processor of that Customer Personal Data under European Data Protection Law;
- Customer is a controller or processor, as applicable, of that Customer Personal Data under European Data Protection Law; and
- each party will comply with the obligations applicable to it under European Data Protection Law with respect to the processing of that Customer Personal Data.
Processor Customers
If European Data Protection Law applies to the processing of Customer Personal Data and Customer is a processor:
- Customer warrants on an ongoing basis that the relevant controller has authorized: (i) the Instructions, (ii) Customer’s appointment of Crusoe as another processor, and (iii) Crusoe’s engagement of Subprocessors as described in Subprocessors;
- Customer will immediately forward to the relevant controller any notice provided by Crusoe under Instruction Notifications or Incident Notification); and
- Customer may make available to the relevant controller any other information made available by Crusoe under Information about Subprocessors.
Responsibilities under Non-European Law
If Non-European Data Protection Law applies to either party’s processing of Customer Personal Data, the relevant party will comply with any obligations applicable to it under that law with respect to the processing of that Customer Personal Data.
Scope of Processing
Customer’s Instructions
Customer may instruct Crusoe to process Customer Personal Data only in accordance with applicable law: (a) to provide, secure, and monitor the Services and TSS; (b) as further specified via Customer’s use of the Services (including the Admin Console and other functionality of the Services) and TSS; (c) as documented in the form of the Agreement (including these Terms); and (d) as further documented in any other written instructions given by Customer and acknowledged by Crusoe as constituting instructions for purposes of these Terms (collectively, the “Instructions”).
Crusoe’s Compliance with Instructions
Crusoe will comply with the Instructions unless prohibited by European Law.
Instruction Notifications
Crusoe will promptly notify Customer if, in Crusoe’s opinion: (a) European Law prohibits Crusoe from complying with an Instruction; (b) an Instruction does not comply with European Data Protection Law; or (c) Crusoe is otherwise unable to comply with an Instruction, in each case unless such notice is prohibited by European Law. This Section does not reduce either party’s rights and obligations elsewhere in the Agreement.
Data Deletion
Deletion by Customer during the Term
Crusoe will enable Customer to delete Customer Data during the Term in a manner consistent with the functionality of the Services. Crusoe will comply with a Customer Instruction to to delete Customer Data from Crusoe’s systems as soon as reasonably practicable, unless European Law requires storage.
Return or Deletion at the end of the Term
If Customer wishes to retain any Customer Data after the end of the Term, it may export such data in accordance with Access; Rectification; Restricted Processing; Portability during the Term. All Customer Data (including existing copies) remaining at the end of the Term will be deleted from Crusoe’s systems unless European Law requires storage.
Data Security
Crusoe’s Security Measures, Controls and Assistance
Crusoe’s Security Measures
Crusoe will implement and maintain technical and organizational measures to protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access as described in Appendix 2 (the “Security Measures”). Crusoe may update the Security Measures from time to time provided that such updates do not result in a material reduction of the security of the Services.
Access and Compliance
Crusoe will: (a) authorize its employees, contractors and Subprocessors to access Customer Personal Data only as strictly necessary to comply with Instructions; (b) take appropriate steps to ensure compliance with the Security Measures by its employees, contractors and Subprocessors to the extent applicable to their scope of performance; and (c) ensure that all persons authorized to process Customer Personal Data are under an obligation of confidentiality.
Crusoe’s Security Assistance
Crusoe will (taking into account the nature of the processing of Customer Personal Data and the information available to Crusoe) assist Customer in ensuring compliance with its (or, where Customer is a processor, the relevant controller’s) obligations under Articles 32 to 34 of the GDPR, by:
- implementing and maintaining the Security Measures;
- complying with the terms of Data Incidents;
- providing Customer with the Security Documentation and the information contained in the Agreement (including these Terms); and
- if subsections (a)-(c) above are insufficient for Customer (or the relevant controller) to comply with such obligations, upon Customer’s request, providing Customer with additional reasonable cooperation and assistance.
Data Incidents
Incident Notification
After becoming aware of a Data Incident, Crusoe will promptly notify Customer and take reasonable steps to minimize harm and secure Customer Data.
Details of Data Incident
Crusoe’s notification of a Data Incident will describe: the nature of the Data Incident including the Customer resources impacted; the measures Crusoe has taken, or plans to take, to address the Data Incident and mitigate its potential risk; the measures, if any, Crusoe recommends that Customer take to address the Data Incident; and details of a contact point where more information can be obtained. If it is not possible to provide all such information at the same time, Crusoe’s initial notification will contain the information then available and further information will be provided without undue delay as it becomes available.
Delivery of Notification
Notification(s) of any Data Incident(s) will be delivered to the Notification Email Address.
No Assessment of Customer Data by Crusoe
Crusoe has no obligation to assess Customer Data in order to identify information subject to any specific legal requirements.
No Acknowledgement of Fault by Crusoe
Crusoe’s notification of or response to a Data Incident under Data Incidents will not be construed as an acknowledgement by Crusoe of any fault or liability with respect to the Data Incident.
Customer’s Security Responsibilities and Assessment
Customer’s Security Responsibilities
Without prejudice to Crusoe’s obligations under Crusoe’s Security Measures, Controls and Assistance and Data Incidents), and elsewhere in the Agreement, Customer is responsible for its use of the Services and its storage of any copies of Customer Data outside Crusoe’s or Crusoe’s Subprocessors’ systems, including:
- using the Services to ensure a level of security appropriate to the risk to the Customer Data;
- securing the account authentication credentials, systems and devices Customer uses to access the Services; and
- backing up its Customer Data as appropriate.
Customer’s Security Assessment
Customer agrees that the Services, Security Measures implemented and maintained by Crusoe, and Crusoe’s commitments under Data Security provide a level of security appropriate to the risk to Customer Data (taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Customer Personal Data as well as the risks to individuals).
Impact Assessments and Consultations
Crusoe will (taking into account the nature of the processing and the information available to Crusoe) assist Customer in ensuring compliance with its (or, where Customer is a processor, the relevant controller’s) obligations under Articles 35 and 36 of the GDPR, by:
- providing the Security Documentation;
- providing the information contained in the Agreement (including these Terms); and
- if subsections (a) and (b) above are insufficient for Customer (or the relevant controller) to comply with such obligations, upon Customer’s request, providing Customer with additional reasonable cooperation and assistance.
Access etc.; Data Subject Requests
Access; Rectification; Restricted Processing; Portability
During the Term, Crusoe will enable Customer, in a manner consistent with the functionality of the Services, to access, rectify and restrict processing of Customer Data, including via the deletion functionality provided by Crusoe as described in Deletion by Customer, and to export Customer Data. If Customer becomes aware that any Customer Personal Data is inaccurate or outdated, Customer will be responsible for using such functionality to rectify or delete that data if required by applicable European Data Protection Law.
Data Subject Requests
During the Term, if Crusoe receives a request from a data subject that relates to Customer Personal Data and identifies Customer, Crusoe will: (a) advise the data subject to submit their request to Customer; (b) promptly notify Customer; and (c) not otherwise respond to that data subject’s request without authorization from Customer. Customer will be responsible for responding to any such request including, where necessary, by using the functionality of the Services.
Data Transfers
Data Storage and Processing Facilities
Subject to Crusoe’s data location commitments under the Service Specific Terms and to the remainder of Data Transfers, Customer Data may be processed in any country in which Crusoe or its Subprocessors maintain facilities.
Permitted Transfers
The parties acknowledge that European Data Protection Law does not require an Alternative Transfer Solution in order for Customer Personal Data to be processed in or transferred to an Adequate Country (“Permitted Transfers”).
Restricted Transfers
If the processing of Customer Personal Data involves any transfers that are not Permitted Transfers, and European Data Protection Law applies to those transfers (as certified by Customer under Certification by Non-EMEA Customers if its billing address is outside EMEA) (“Restricted Transfers”), then:
- if Crusoe announces its adoption of an Alternative Transfer Solution for any Restricted Transfers, then Crusoe will ensure that they are made in accordance with that Alternative Transfer Solution; and/or
- if Crusoe has not adopted an Alternative Transfer Solution for any Restricted Transfers, then:
- if Crusoe’s address is in an Adequate Country:
- the SCCs (EU Processor-to-Processor, Crusoe Exporter) will apply with respect to all Restricted Transfers from Crusoe to Subprocessors; and in addition,
- if Customer’s billing address is not in an Adequate Country, the SCCs (EU Processor-to-Controller) will apply (regardless of whether Customer is a controller and/or processor) with respect to Restricted Transfers between Crusoe and Customer; or
- if Crusoe’s address is not in an Adequate Country:
- the SCCs (EU Controller-to-Processor) and/or SCCs (EU Processor-to-Processor) will apply (according to whether Customer is a controller and/or processor) with respect to Restricted Transfers between Crusoe and Customer that are subject to the EU GDPR and/or the Swiss FDPA; and
- the SCCs (UK Controller-to-Processor) will apply (regardless of whether Customer is a controller and/or processor) with respect to Restricted Transfers between Crusoe and Customer that are subject to the UK GDPR.
- if Crusoe’s address is in an Adequate Country:
Certification by Non-EMEA Customers
If Customer’s billing address is outside EMEA, and the processing of Customer Personal Data is subject to European Data Protection Law, Customer will certify as such, and identify its competent Supervisory Authority, via the Admin Console.
Subprocessors
Consent to Subprocessor Engagement
Customer specifically authorizes the engagement as Subprocessors of those entities listed as of the Terms Effective Date at the URL specified in Information about Subprocessors. In addition, Customer generally authorizes the engagement as Subprocessors of any other third parties (“New Subprocessors”).
Information about Subprocessors
Information about Subprocessors, including their functions and locations, is available at Crusoe Cloud Subprocessors (as may be updated by Crusoe from time to time in accordance with these Terms).
Requirements for Subprocessor Engagement
When engaging any Subprocessor, Crusoe will ensure that: (a) the Subprocessor only accesses and uses Customer Data to the extent required to perform the obligations subcontracted to it, and does so in accordance with the Agreement (including these Terms); and (b) if the processing of Customer Personal Data is subject to European Data Protection Law, the data protection obligations described in these Terms (as referred to in Article 28(3) of the GDPR, if applicable), are imposed on the Subprocessor.
Support; Processing Records
Support
Crusoe will provide prompt and reasonable assistance with any Customer queries related to processing of Customer Personal Data under the Agreement and can be contacted at support@crusoecloud.com (and/or via such other means as Crusoe may provide from time to time).
Crusoe’s Processing Records
Crusoe will keep appropriate documentation of its processing activities as required by the GDPR. To the extent the GDPR requires Crusoe to collect and maintain records of certain information relating to Customer, Customer will use the Admin Console to supply such information and keep it accurate and up-to-date. Crusoe may make any such information available to the Supervisory Authorities if required by the GDPR.
Controller Requests
During the Term, if Crusoe receives a request or instruction from a third party purporting to be a controller of Customer Personal Data, Crusoe will advise the third party to contact Customer.
Appendix 1: Subject Matter and Details of the Data Processing
Subject Matter
Duration of the Processing
The Term plus the period from the end of the Term until deletion of all Customer Data by Crusoe in accordance with the Terms.
Nature and Purpose of the Processing
Crusoe will process Customer Personal Data for the purposes of providing the Services and TSS to Customer in accordance with the Terms.
Categories of Data
Data relating to individuals provided to Crusoe via the Services, by (or at the direction of) Customer or by Customer End Users.
Data Subjects
Data subjects include the individuals about whom data is provided to Crusoe via the Services by (or at the direction of) Customer or by Customer End Users.
Appendix 2: Security Measures
As from the Terms Effective Date, Crusoe will implement and maintain the Security Measures described herein.
Data Centers
Infrastructure
Crusoe maintains geographically distributed data centers. Crusoe stores all production data in physically secure data centers.
Redundancy
Infrastructure systems have been designed to minimize single points of failure and the impact of anticipated environmental risks. Reasonable technical measures have been taken, where possible, to provide this redundancy. The Services are designed to allow Crusoe to perform certain types of preventative and corrective maintenance without interruption. When customer interruption is expected as part of a planned maintenance event, Crusoe will provide notice to customers ahead of the event. All environmental equipment and facilities have documented preventative maintenance procedures that detail the process for and frequency of performance in accordance with the manufacturer’s or internal specifications. Preventative and corrective maintenance of the data center equipment is scheduled through a standard change process according to documented procedures.
Power
The data center electrical power systems are designed to be redundant and maintainable without impact to continuous operations, 24 hours a day, 7 days a week. In most cases, a primary as well as an alternate power source, each with sufficient capacity to power a data center, is provided for critical infrastructure components in the data center. Backup power is provided by various mechanisms such as uninterruptible power supplies (UPS) batteries, which supply consistently reliable power protection during utility brownouts, blackouts, over voltage, under voltage, and out-of-tolerance frequency conditions. If primary power is interrupted, backup power is designed to provide transitory power to the data center, at full capacity, until the backup generator systems take over. The backup generators are capable of automatically starting up within seconds to provide enough emergency electrical power to run the data center at full capacity typically for a period of days.
Networks and Transmission
Data Transmission
Data centers are typically connected via high-speed private links to provide secure and fast data transfer between data centers. This is designed to prevent data from being read, copied, altered or removed without authorization during electronic transfer or transport or while being recorded onto data storage media. Crusoe transfers data via Internet standard protocols.
External Attack Surface
Crusoe employs multiple layers of network devices and intrusion detection to protect its external attack surface. Crusoe considers potential attack vectors and incorporates appropriate purpose built technologies into external facing systems.
Intrusion Detection
Intrusion detection is intended to provide insight into ongoing attack activities and provide adequate information to respond to incidents. Crusoe’s intrusion detection involves controlling the size and make-up of Crusoe’s attack surface through preventative measures.
Incident Response
Crusoe monitors a variety of communication channels for security incidents, and Crusoe’s security personnel will react promptly to known incidents.
Encryption Technologies
Crusoe makes HTTPS encryption (also referred to as SSL or TLS connection) available. Crusoe servers support ephemeral elliptic curve Diffie-Hellman cryptographic key exchange signed with RSA and ECDSA. These perfect forward secrecy (PFS) methods help protect traffic and minimize the impact of a compromised key, or a cryptographic breakthrough.
Site and Access Controls
Crusoe maintains formal access procedures for allowing physical access to the data centers. Only authorized employees, contractors and visitors are allowed entry to the data centers. CCTV cameras are in operation both inside and outside the data centers. The positioning of the cameras has been designed to cover strategic areas including, among others, the perimeter, doors to the data center building, and shipping/receiving.
Customer’s administrators and Customer End Users must authenticate themselves via a central authentication system in order to use the Services.
Crusoe’s internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to Crusoe’s systems. Crusoe designs its systems to only allow authorized persons to access data they are authorized to access. Crusoe employs a centralized access management system to control personnel access to production servers, and only provides access to a limited number of authorized personnel. Crusoe’s authentication and authorization systems utilize SSH certificates and security keys, and are designed to provide Crusoe with secure and flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and configuration information. Crusoe requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimize the potential for unauthorized account use. The granting or modification of access rights is based on: the authorized personnel’s job responsibilities; job duty requirements necessary to perform authorized tasks; and a need to know basis. The granting or modification of access rights must also be in accordance with Crusoe’s internal data access policies and training. Approvals are managed by workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g., login to workstations), password policies that follow at least industry standard practices are implemented. These standards include restrictions on password reuse and sufficient password strength.
Data
Crusoe stores data in a multi-tenant environment on Crusoe-owned servers. Subject to any Instructions to the contrary (e.g., in the form of a data location selection), Crusoe replicates Customer Data between multiple data centers. Crusoe also logically isolates Customer Data. Customer will be given control over specific data sharing policies. Those policies, in accordance with the functionality of the Services, will enable Customer to determine the product sharing settings applicable to Customer End Users for specific purposes.
Personnel
Crusoe personnel are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. Crusoe conducts reasonably appropriate background checks to the extent legally permissible and in accordance with applicable local labor law and statutory regulations. Personnel are required to execute a confidentiality agreement and must acknowledge receipt of, and compliance with, Crusoe’s confidentiality and privacy policies.
Subprocessors
Before onboarding Subprocessors, Crusoe ensures Subprocessors provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide. Once Crusoe has assessed the risks presented by the Subprocessor, the Subprocessor is required to enter into appropriate security, confidentiality and privacy contract terms.
Crusoe Cloud Platform Privacy Notice
Effective February 18th 2025
DownloadTable of Contents
Crusoe Cloud Platform Privacy Notice
This Crusoe Cloud Platform Privacy Notice ("Privacy Notice") describes how we collect and process your personal information in relation to our Services.
Information We Collect
Crusoe processes Customer Data and Service Data in order to provide our Services. This Privacy Notice applies solely to Service Data and does not apply to Customer Data.
Service Data is the personal information Crusoe collects or generates during the provision and administration of our Services, excluding any Customer Data. Service Data includes:
- Account information. Customer and its authorized parties may provide Crusoe with contact information like name, email, organization name, and billing address to sign up for waitlists for the Services, as well as to create and maintain the Accounts associated with Customer. Certain uses of our Services do not require an Account.
- Payments and transactions. We keep reasonable business records of charges, payments, and billing details and issues.
- Settings and configurations. We record your configuration and settings, including resource identifiers and attributes. This includes service and security settings for data and other resources.
- Technical and operational details of your usage of the Services. We collect information about usage, operational status, software errors and crash reports, authentication credentials, quality and performance metrics, and other technical details necessary for us to operate and maintain the Services and related software. This information may include device identifiers, identifiers from cookies or tokens, and IP addresses.
- Your direct communications. We keep records of your communications and interactions with us and our partners, for example, when you provide feedback or contact information, ask questions or seek technical support.
Service Data is collected directly from you or your authorized users when you join a waitlist for the Services, submit or create an Account. In addition, we generate or automatically collect Service Data when you interact with the Services. For example, the Services may record the IP, user ID, and organization ID of an End User when they create a resource through the Services, such as a virtual machine or disk.
Why We Process Data
Crusoe processes Service Data for the following purposes:
- Provide the Services you request. Service Data is primarily used to deliver the Services that you request. This includes a number of processing activities that are necessary to provide the Services, including processing to bill for Services usage, to ensure Services are working as intended, to detect and avoid outages or other problems you might experience, and to secure your data and the Services you use.
- Make recommendations to optimize use of the Services. We may process Service Data to provide you with recommendations and tips. These suggestions may include ways to better secure your Account or data, options to reduce service charges or improve performance, and information about new or related products and features. We may also evaluate your response to our recommendations.
- Maintain and improve the Services. We evaluate Service Data to help us improve the performance and functionality of the Services.
- Provide and improve other services you request. We may use Service Data to deliver and improve other services that you request, including Crusoe or third-party services that are enabled via the Services, administrative consoles and APIs.
- Assist you. We use Service Data when needed to provide technical support and professional services as requested by you, and to assess whether we have met your needs. We also use Service Data to improve our online support, and to communicate with you. This includes notifications about updates to the Services, and responding to support requests.
- Protect you, our users, the public, and Crusoe. We use Service Data to improve the safety and reliability of our Services. This includes detecting, preventing, and responding to fraud, abuse, security risks, and technical issues that could harm our users, our customers, the public, or Crusoe. These activities are an important part of our commitment to secure our Services.
- Comply with legal obligations. We may need to process Service Data to comply with our legal obligations, for example, where we’re responding to legal process or an enforceable governmental request, or to meet our financial record-keeping obligations.
- Other purposes with your consent. We may ask for your consent to process information for other purposes not covered in this Privacy Notice. You have the right to withdraw your consent at any time.
To achieve these purposes, we may use Service Data together with information we collect from other Crusoe products and services, or from your interaction with our web properties (such as https://www.crusoe.ai). We may use algorithms to recognize patterns in Service Data. Manual collection and review of Service Data may also occur, such as when you interact directly with our billing or support teams. We may aggregate and anonymize Service Data to eliminate personal details, and we may use Service Data for internal reporting and analysis of applicable product and business operations.
Where Data Is Stored
Crusoe and Crusoe’s partners maintain data centers around the world, and provide the Services from these locations. Service Data may be processed on servers located outside of the country where our users and customers are located because Service Data is typically processed by centralized or regionalized operations like billing, support, and security.
Regardless of where Service Data is processed, we apply the same protections described in this Privacy Notice.
When we transfer personal information from the EEA, the UK, or from Switzerland, we rely on data transfer mechanisms such as the Standard Contractual Clauses and the International Data Transfer Agreement.
When we transfer personal information from countries other than the EEA, the UK, or Switzerland, we strive to comply with those countries’ data protection and data transfer laws, such as by cooperating with that country’s data protection authority or providing a written agreement.
How We Secure Service Data
We build our Services with strong security features to protect information. The insights we gain from providing our Services help us detect and automatically block security threats from ever reaching you.
We work hard to protect you and Crusoe from unauthorized access, alteration, disclosure, or destruction of information we hold, including:
- We encrypt Service Data while in transit.
- We regularly review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems.
- We restrict access to personal information to Crusoe employees, contractors, and agents who need that information in order to process it for us. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
How We Share Data
We do not share Service Data with companies, organizations, or individuals outside of Crusoe except in the following cases:
- With your consent. We’ll share Service Data outside of Crusoe when we have your consent. For example, when you use a third-party application that requests access to your information, we’ll seek permission to share information with that third party.
- With your administrators. When you use Crusoe Cloud, your administrators authorized to manage your or your organization’s account will have access to certain Service Data. For example, they may be able to:
- View account and billing information, activity and statistics;
- Change your account password;
- Suspend or terminate your account access;
- Access your account information in order to satisfy applicable law, regulation, legal process, or enforceable governmental request;
- Restrict your ability to delete or edit your information or your privacy settings
- For external processing. We provide information to our affiliates, partners and other trusted businesses or persons to process it for us, based on our instructions and in compliance with this Privacy Notice and other appropriate confidentiality and security measures.
- For legal reasons. We may share Service Data outside of Crusoe if we have a good-faith belief that access to, or use, preservation, or disclosure of the information is reasonably necessary to:
- Comply with applicable law, regulation, legal process, or enforceable governmental request;
- Enforce applicable agreements, including investigation of potential violations;
- Detect, prevent, or otherwise address fraud, security, or technical issues;
- Protect against harm to the rights, property or safety of Crusoe, our customers, users, and the public as required or permitted by law.
If Crusoe is involved in a reorganization, merger, acquisition, or sale of assets, we’ll continue to ensure the confidentiality of your personal information and give affected users notice before personal information becomes subject to a different privacy policy.
Access to Data
You and your organization’s administrator can access the portion of Service Data used to create and maintain your Account directly from Crusoe Cloud, including your name, email, organization name, billing contact information, and payment and transaction information, as well as product and communication settings and configurations.
If you’re otherwise unable to access your data, you can always request it by contacting support@crusoecloud.com.
Deletion and Retention of Data
We retain Service Data for different periods of time depending on what it is, how we use it, and how you configure your settings.
Service Data is deleted or anonymized once it is no longer needed. For each type of data and operation, we set retention timeframes based on the purpose for its collection, and ensure it is kept for no longer than necessary.
Your organization’s administrator can delete the portion of Service Data used to create and maintain your Account directly from the Crusoe platform. If you have a request to delete this information, please direct it to your organization’s administrator. In the rare case where this is not possible, you can email your request to privacy@crusoeenergy.com.
Crusoe deletes other Service Data once it is no longer needed. For each type of data and operation, we set retention timeframes based on the purpose for its collection, and ensure it is kept for no longer than necessary.
Sometimes we need to retain certain information for an extended period of time for legitimate business or legal purposes. For example, when Crusoe processes a payment for you, or when you make a payment to Crusoe, we’ll retain data about those transactions as required for tax or accounting purposes. Other legitimate business or legal purposes that may require us to retain data include security, fraud and abuse prevention, ensuring continuity of our Services, and complying with legal or regulatory requirements.
When we delete data, we follow detailed steps to make sure that the data is securely and completely removed from our active systems or retained only in anonymized form. We take measures to ensure that our Services protect information from accidental or malicious deletion through the use of backup systems.
Using Crusoe Accounts and Products
Your Crusoe Account is your connection to Crusoe Cloud. If you interact with Crusoe Cloud using a Crusoe Account managed by an organization, then your personal information may be subject to your organization’s privacy policies and processes, and you should direct privacy inquiries to your organization.
EU Privacy Standards and GDPR
If European Union (EU), UK or Swiss data protection law applies to the processing of information about you, you have certain rights, including the rights to access, correct, delete and export your information, as well as to object to or request that we restrict processing of your information.
If you want to exercise your data protection rights with regard to information we process in accordance with this Privacy Notice and are not able to do so via the tools available to you or your organization’s administrator, you can always contact Crusoe at support@crusoecloud.com. And you can contact your local data protection authority if you have concerns regarding your rights under local law.
In addition to the purposes and grounds described in this Privacy Notice, we may process information on the following legal grounds:
- Where necessary for the performance of a contract with you. We may process your information where necessary for us to enter into a contract with you or to comply with our contractual commitments to you.
- When we’re complying with legal obligations. We’ll process your information when we have a legal obligation to do so.
- When we’re pursuing legitimate interests. We may process Service Data based on our legitimate interests and those of third parties while applying appropriate safeguards that protect your privacy. This means that we process your information in the interests of providing the Services you request; making recommendations to optimize use of the Services; maintaining and improving the Services; providing and improving other services you request; assisting you; and protecting against harm to the rights, property or safety of Crusoe, our users, our customers, and the public, as required or permitted by law.
California Requirements
The California Consumer Privacy Act (CCPA) requires specific disclosures for California residents. This Privacy Notice is designed to help you understand how Crusoe handles your information:
- We explain the categories of information Crusoe collects and the sources of that information in Information We Collect.
- We explain how Crusoe uses information in Why We Process Data.
- We explain when Crusoe may share information in How We Share Data. Crusoe does not sell your personal information.
The CCPA also provides the right to request information about how Crusoe collects, uses, and discloses your personal information. And it gives you the right to access your information and request that Crusoe delete that information. Finally, the CCPA provides the right to not be discriminated against for exercising your privacy rights.
We provide your organization's administrator with tools described in this Privacy Notice so you can exercise these rights. If you have questions or requests related to your rights under the CCPA, please direct them to your organization's administrator. In the rare case this is not possible, you can also contact Crusoe at privacy@crusoeenergy.com.
The CCPA requires a description of data practices using specific categories. This table uses these categories to organize the information in this Privacy Notice.
Categories of personal information we collect
Service Data is the personal information Crusoe collects or generates during the provision and administration of our Services, excluding any Customer Data. Service Data includes:
- Identifiers such as your name, phone number, and address, as well as unique identifiers tied to the browser, application, or device you’re using.
- Demographic information, such as your preferred language.
- Commercial information such as records of charges, payments, and billing details and issues.
- Internet, network, and other activity information such as device identifiers, identifiers from cookies or tokens, IP addresses, and information about usage, operational status, software errors and crash reports, authentication credentials, quality and performance metrics, and other technical details necessary for us to operate and maintain the Services and related software.
- Geolocation data, such as the country you’re in, as may be determined by GPS or IP address, depending in part on your device and account settings.
- Audio, electronic, visual and similar information, such as audio recordings of your calls with our technical support providers.
- Inferences drawn from the above, like aggregated performance metrics for a new product feature to determine product strategy.
Business purposes for which information may be used or disclosed
Crusoe processes Service Data for the following purposes:
- Protecting against security threats, abuse, and illegal activity. Crusoe uses and may disclose Service Data to detect, prevent and respond to security incidents, and for protecting against other malicious, deceptive, fraudulent, or illegal activity. For example, to protect our Services, Crusoe may receive or disclose information about IP addresses that malicious actors have compromised.
- Auditing and measurement. Crusoe uses Service Data for analytics and measurement to understand how our Services are used, and to provide you and our customers with recommendations and tips.
- Maintaining our Services. Crusoe uses Service Data to provide the Services, technical support, and other services you request, and ensure they are working as intended, for example by tracking outages or troubleshooting bugs and other issues that you report to us.
- Product development. Crusoe uses Service Data to improve the Services and other services you request, and to develop new features and technologies that benefit our users and customers.
- Use of service providers. Crusoe shares Service Data with service providers to perform Services on our behalf, in compliance with this Privacy Notice and other appropriate confidentiality and security measures. For example, we may rely on service providers to help provide technical support.
- Legal reasons. Crusoe also uses Service Data to satisfy applicable laws or regulations, and discloses information in response to legal process or enforceable government requests, including to law enforcement.
Parties with whom information may be shared
We do not share Service Data with companies, organizations, or individuals outside of Crusoe except in the following cases:
- With your consent. We’ll share Service Data outside of Crusoe when we have your consent. For example, when you use a third-party application that requests access to your information, we’ll seek permission to share information with that third party.
- With your administrators. When you use Crusoe Cloud, your administrator authorized to manage your or your organization’s account will have access to certain Service Data. For example, they may be able to:
- View account and billing information, activity and statistics
- Change your account password
- Suspend or terminate your account access
- Access your account information in order to satisfy applicable law, regulation, legal process, or enforceable governmental request
- Restrict your ability to delete or edit your information or your privacy settings
- For external processing. We provide information to our affiliates, partners and other trusted businesses or persons to process it for us, based on our instructions and in compliance with this Privacy Notice and other appropriate confidentiality and security measures.
- For legal reasons. We may share Service Data outside of Crusoe if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to:
- Comply with applicable law, regulation, legal process, or enforceable governmental request.
- Enforce applicable agreements, including investigation of potential violations.
- Detect, prevent, or otherwise address fraud, security, or technical issues.
- Protect against harm to the rights, property or safety of Crusoe, our customers, users, and the public as required or permitted by law.
Updates to this Privacy Notice
We may update this Privacy Notice from time to time. We will not make any significant changes without notifying you in advance by posting a prominent notice on this page describing the changes or by sending you a direct communication. We encourage you to regularly review this Privacy Notice, and we will always indicate the date the last changes were published.
Effective November 24th 2024 to February 18th 2025
DownloadTable of Contents
Crusoe Cloud Platform Privacy Notice
This Crusoe Cloud Platform Privacy Notice ("Privacy Notice") describes how we collect and process your personal information in relation to the Crusoe Cloud Platform.
Information We Collect
Crusoe processes Customer Data and Service Data in order to provide the Crusoe Cloud Platform. This Privacy Notice applies solely to Service Data and does not apply to Customer Data.
Customer Data is defined in our agreement(s) covering the Crusoe Cloud Platform and represents the data that you upload for processing in the Crusoe Cloud Platform or through TSS. For more information about how we process Customer Data, see our Data Processing and Security Terms.
Service Data is the personal information Crusoe collects or generates during the provision and administration of the Crusoe Cloud Platform, excluding any Customer Data. Service Data includes:
- Account information. Customer and its authorized parties provide Crusoe with contact information like name, email, organization name, and billing address to sign up for waitlists for the Services, as well as to create and maintain the Accounts associated with Customer.
- Payments and transactions. We keep reasonable business records of charges, payments, and billing details and issues.
- Settings and configurations. We record your configuration and settings, including resource identifiers and attributes. This includes service and security settings for data and other resources.
- Technical and operational details of your usage of the Crusoe Cloud Platform. We collect information about usage, operational status, software errors and crash reports, authentication credentials, quality and performance metrics, and other technical details necessary for us to operate and maintain the Crusoe Cloud Platform and related software. This information may include device identifiers, identifiers from cookies or tokens, and IP addresses.
- Your direct communications. We keep records of your communications and interactions with us and our partners, for example, when you provide feedback or contact information, ask questions or seek technical support.
Service Data is collected directly from you or your authorized users when you join a waitlist for the Services, submit or create an Account. In addition, we generate or automatically collect Service Data when you interact with the Services. For example, the Services record the IP, user ID, and organization ID of an End User when they create a resource through the Services, such as a virtual machine or disk.
Why We Process Data
Crusoe processes Service Data for the following purposes:
- Provide the Crusoe Cloud Platform you request. Service Data is primarily used to deliver the Crusoe Cloud Platform that you request. This includes a number of processing activities that are necessary to provide the Crusoe Cloud Platform, including processing to bill for services usage, to ensure services are working as intended, to detect and avoid outages or other problems you might experience, and to secure your data and the services you use.
- Make recommendations to optimize use of the Crusoe Cloud Platform. We may process Service Data to provide you with recommendations and tips. These suggestions may include ways to better secure your account or data, options to reduce service charges or improve performance, and information about new or related products and features. We may also evaluate your response to our recommendations.
- Maintain and improve the Crusoe Cloud Platform. We evaluate Service Data to help us improve the performance and functionality of the Crusoe Cloud Platform.
- Provide and improve other services you request. We may use Service Data to deliver and improve other services that you request, including Crusoe or third-party services that are enabled via the Crusoe Cloud Platform, administrative consoles and APIs.
- Assist you. We use Service Data when needed to provide technical support and professional services as requested by you, and to assess whether we have met your needs. We also use Service Data to improve our online support, and to communicate with you. This includes notifications about updates to the Crusoe Cloud Platform, and responding to support requests.
- Protect you, our users, the public, and Crusoe. We use Service Data to improve the safety and reliability of our services. This includes detecting, preventing, and responding to fraud, abuse, security risks, and technical issues that could harm our users, our customers, the public, or Crusoe. These activities are an important part of our commitment to secure our services.
- Comply with legal obligations. We may need to process Service Data to comply with our legal obligations, for example, where we’re responding to legal process or an enforceable governmental request, or to meet our financial record-keeping obligations.
- Other purposes with your consent. We may ask for your consent to process information for other purposes not covered in this Privacy Notice. You have the right to withdraw your consent at any time.
To achieve these purposes, we may use Service Data together with information we collect from other Crusoe products and services, or from your interaction with our web properties (such as https://www.crusoe.ai). We may use algorithms to recognize patterns in Service Data. Manual collection and review of Service Data may also occur, such as when you interact directly with our billing or support teams. We may aggregate and anonymize Service Data to eliminate personal details, and we may use Service Data for internal reporting and analysis of applicable product and business operations.
Where Data Is Stored
Crusoe and Crusoe’s partners maintain data centers around the world, and provide the Crusoe Cloud Platform from these locations. Service Data may be processed on servers located outside of the country where our users and customers are located because Service Data is typically processed by centralized or regionalized operations like billing, support, and security.
Regardless of where Service Data is processed, we apply the same protections described in this Privacy Notice.
When we transfer personal information from the EEA, the UK, or from Switzerland, we rely on data transfer mechanisms such as the Standard Contractual Clauses and the International Data Transfer Agreement.
When we transfer personal information from countries other than the EEA, the UK, or Switzerland, we strive to comply with those countries’ data protection and data transfer laws, such as by cooperating with that country’s data protection authority or providing a written agreement.
How We Secure Service Data
We build the Crusoe Cloud Platform with strong security features to protect information. The insights we gain from providing our services help us detect and automatically block security threats from ever reaching you.
We work hard to protect you and Crusoe from unauthorized access, alteration, disclosure, or destruction of information we hold, including:
- We encrypt Service Data while in transit.
- We regularly review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems.
- We restrict access to personal information to Crusoe employees, contractors, and agents who need that information in order to process it for us. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
How We Share Data
We do not share Service Data with companies, organizations, or individuals outside of Crusoe except in the following cases:
- With your consent. We’ll share Service Data outside of Crusoe when we have your consent. For example, when you use a third-party application that requests access to your information, we’ll seek permission to share information with that third party.
- With your administrators. When you use the Crusoe Cloud Platform, your administrators authorized to manage your or your organization’s account will have access to certain Service Data. For example, they may be able to:
- View account and billing information, activity and statistics;
- Change your account password;
- Suspend or terminate your account access;
- Access your account information in order to satisfy applicable law, regulation, legal process, or enforceable governmental request;
- Restrict your ability to delete or edit your information or your privacy settings
- For external processing. We provide information to our affiliates, partners and other trusted businesses or persons to process it for us, based on our instructions and in compliance with this Privacy Notice and other appropriate confidentiality and security measures.
- For legal reasons. We may share Service Data outside of Crusoe if we have a good-faith belief that access to, or use, preservation, or disclosure of the information is reasonably necessary to:
- Comply with applicable law, regulation, legal process, or enforceable governmental request;
- Enforce applicable agreements, including investigation of potential violations;
- Detect, prevent, or otherwise address fraud, security, or technical issues;
- Protect against harm to the rights, property or safety of Crusoe, our customers, users, and the public as required or permitted by law.
If Crusoe is involved in a reorganization, merger, acquisition, or sale of assets, we’ll continue to ensure the confidentiality of your personal information and give affected users notice before personal information becomes subject to a different privacy policy.
Access to Data
You and your organization’s administrator can access the portion of Service Data used to create and maintain your Account directly from the Crusoe Cloud Platform, including your name, email, organization name, billing contact information, and payment and transaction information, as well as product and communication settings and configurations.
If you’re otherwise unable to access your data, you can always request it by contacting support@crusoecloud.com.
Deletion and Retention of Data
We retain Service Data for different periods of time depending on what it is, how we use it, and how you configure your settings.
Service Data is deleted or anonymized once it is no longer needed. For each type of data and operation, we set retention timeframes based on the purpose for its collection, and ensure it is kept for no longer than necessary.
Your organization’s administrator can delete the portion of Service Data used to create and maintain your Account directly from the Crusoe platform. If you have a request to delete this information, please direct it to your organization’s administrator. In the rare case where this is not possible, you can email your request to privacy@crusoeenergy.com.
Crusoe deletes other Service Data once it is no longer needed. For each type of data and operation, we set retention timeframes based on the purpose for its collection, and ensure it is kept for no longer than necessary.
Sometimes we need to retain certain information for an extended period of time for legitimate business or legal purposes. For example, when Crusoe processes a payment for you, or when you make a payment to Crusoe, we’ll retain data about those transactions as required for tax or accounting purposes. Other legitimate business or legal purposes that may require us to retain data include security, fraud and abuse prevention, ensuring continuity of our services, and complying with legal or regulatory requirements.
When we delete data, we follow detailed steps to make sure that the data is securely and completely removed from our active systems or retained only in anonymized form. We take measures to ensure that our services protect information from accidental or malicious deletion through the use of backup systems.
Using Crusoe Accounts and Products
Your Crusoe Account is your connection to the Crusoe Cloud Platform. If you interact with the Crusoe Cloud Platform using a Crusoe Account managed by an organization, then your personal information may be subject to your organization’s privacy policies and processes, and you should direct privacy inquiries to your organization.
EU Privacy Standards and GDPR
If European Union (EU), UK or Swiss data protection law applies to the processing of information about you, you have certain rights, including the rights to access, correct, delete and export your information, as well as to object to or request that we restrict processing of your information.
If you want to exercise your data protection rights with regard to information we process in accordance with this Privacy Notice and are not able to do so via the tools available to you or your organization’s administrator, you can always contact Crusoe at support@crusoecloud.com. And you can contact your local data protection authority if you have concerns regarding your rights under local law.
In addition to the purposes and grounds described in this Privacy Notice, we may process information on the following legal grounds:
- Where necessary for the performance of a contract with you. We may process your information where necessary for us to enter into a contract with you or to comply with our contractual commitments to you.
- When we’re complying with legal obligations. We’ll process your information when we have a legal obligation to do so.
- When we’re pursuing legitimate interests. We may process Service Data based on our legitimate interests and those of third parties while applying appropriate safeguards that protect your privacy. This means that we process your information in the interests of providing the Crusoe Cloud Platform you request; making recommendations to optimize use of the Crusoe Cloud Platform; maintaining and improving the Crusoe Cloud Platform; providing and improving other services you request; assisting you; and protecting against harm to the rights, property or safety of Crusoe, our users, our customers, and the public, as required or permitted by law.
California Requirements
The California Consumer Privacy Act (CCPA) requires specific disclosures for California residents. This Privacy Notice is designed to help you understand how Crusoe handles your information:
- We explain the categories of information Crusoe collects and the sources of that information in Information We Collect.
- We explain how Crusoe uses information in Why We Process Data.
- We explain when Crusoe may share information in How We Share Data. Crusoe does not sell your personal information.
The CCPA also provides the right to request information about how Crusoe collects, uses, and discloses your personal information. And it gives you the right to access your information and request that Crusoe delete that information. Finally, the CCPA provides the right to not be discriminated against for exercising your privacy rights.
We provide your organization's administrator with tools described in this Privacy Notice so you can exercise these rights. If you have questions or requests related to your rights under the CCPA, please direct them to your organization's administrator. In the rare case this is not possible, you can also contact Crusoe at privacy@crusoeenergy.com.
The CCPA requires a description of data practices using specific categories. This table uses these categories to organize the information in this Privacy Notice.
Categories of personal information we collect
Service Data is the personal information Crusoe collects or generates during the provision and administration of the Crusoe Cloud Platform, excluding any Customer Data. Service Data includes:
- Identifiers such as your name, phone number, and address, as well as unique identifiers tied to the browser, application, or device you’re using.
- Demographic information, such as your preferred language.
- Commercial information such as records of charges, payments, and billing details and issues.
- Internet, network, and other activity information such as device identifiers, identifiers from cookies or tokens, IP addresses, and information about usage, operational status, software errors and crash reports, authentication credentials, quality and performance metrics, and other technical details necessary for us to operate and maintain the Crusoe Cloud Platform and related software.
- Geolocation data, such as the country you’re in, as may be determined by GPS or IP address, depending in part on your device and account settings.
- Audio, electronic, visual and similar information, such as audio recordings of your calls with our technical support providers.
- Inferences drawn from the above, like aggregated performance metrics for a new product feature to determine product strategy.
Business purposes for which information may be used or disclosed
Crusoe processes Service Data for the following purposes:
- Protecting against security threats, abuse, and illegal activity. Crusoe uses and may disclose Service Data to detect, prevent and respond to security incidents, and for protecting against other malicious, deceptive, fraudulent, or illegal activity. For example, to protect our services, Crusoe may receive or disclose information about IP addresses that malicious actors have compromised.
- Auditing and measurement. Crusoe uses Service Data for analytics and measurement to understand how our services are used, and to provide you and our customers with recommendations and tips.
- Maintaining our services. Crusoe uses Service Data to provide the Crusoe Cloud Platform, technical support, and other services you request, and ensure they are working as intended, for example by tracking outages or troubleshooting bugs and other issues that you report to us.
- Product development. Crusoe uses Service Data to improve the Crusoe Cloud Platform and other services you request, and to develop new features and technologies that benefit our users and customers.
- Use of service providers. Crusoe shares Service Data with service providers to perform services on our behalf, in compliance with this Privacy Notice and other appropriate confidentiality and security measures. For example, we may rely on service providers to help provide technical support.
- Legal reasons. Crusoe also uses Service Data to satisfy applicable laws or regulations, and discloses information in response to legal process or enforceable government requests, including to law enforcement.
Parties with whom information may be shared
We do not share Service Data with companies, organizations, or individuals outside of Crusoe except in the following cases:
- With your consent. We’ll share Service Data outside of Crusoe when we have your consent. For example, when you use a third-party application that requests access to your information, we’ll seek permission to share information with that third party.
- With your administrators. When you use the Crusoe Cloud Platform, your administrator authorized to manage your or your organization’s account will have access to certain Service Data. For example, they may be able to:
- View account and billing information, activity and statistics
- Change your account password
- Suspend or terminate your account access
- Access your account information in order to satisfy applicable law, regulation, legal process, or enforceable governmental request
- Restrict your ability to delete or edit your information or your privacy settings
- For external processing. We provide information to our affiliates, partners and other trusted businesses or persons to process it for us, based on our instructions and in compliance with this Privacy Notice and other appropriate confidentiality and security measures.
- For legal reasons. We may share Service Data outside of Crusoe if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to:
- Comply with applicable law, regulation, legal process, or enforceable governmental request.
- Enforce applicable agreements, including investigation of potential violations.
- Detect, prevent, or otherwise address fraud, security, or technical issues.
- Protect against harm to the rights, property or safety of Crusoe, our customers, users, and the public as required or permitted by law.
Updates to this Privacy Notice
We may update this Privacy Notice from time to time. We will not make any significant changes without notifying you in advance by posting a prominent notice on this page describing the changes or by sending you a direct communication. We encourage you to regularly review this Privacy Notice, and we will always indicate the date the last changes were published.
Effective May 26th 2022 to November 24th 2024
DownloadTable of Contents
Crusoe Cloud Platform Privacy Notice
This Crusoe Cloud Platform Privacy Notice ("Privacy Notice") describes how we collect and process your personal information in relation to the Crusoe Cloud Platform.
Information We Collect
Crusoe processes Customer Data and Service Data in order to provide the Crusoe Cloud Platform. This Privacy Notice applies solely to Service Data and does not apply to Customer Data.
Customer Data is defined in our agreement(s) covering the Crusoe Cloud Platform and represents the data that you provide for processing in the Crusoe Cloud Platform. For more information about how we process Customer Data, see our Data Processing and Security Terms.
Service Data is the personal information Crusoe collects or generates during the provision and administration of the Crusoe Cloud Platform, excluding any Customer Data. Service Data includes:
- Payments and transactions. We keep reasonable business records of charges, payments, and billing details and issues.
- Settings and configurations. We record your configuration and settings, including resource identifiers and attributes. This includes service and security settings for data and other resources.
- Technical and operational details of your usage of the Crusoe Cloud Platform. We collect information about usage, operational status, software errors and crash reports, authentication credentials, quality and performance metrics, and other technical details necessary for us to operate and maintain the Crusoe Cloud Platform and related software. This information may include device identifiers, identifiers from cookies or tokens, and IP addresses.
- Your direct communications. We keep records of your communications and interactions with us and our partners, for example, when you provide feedback or contact information, ask questions or seek technical support.
Why We Process Data
Crusoe processes Service Data for the following purposes:
- Provide the Crusoe Cloud Platform you request. Service Data is primarily used to deliver the Crusoe Cloud Platform that you request. This includes a number of processing activities that are necessary to provide the Crusoe Cloud Platform, including processing to bill for services usage, to ensure services are working as intended, to detect and avoid outages or other problems you might experience, and to secure your data and the services you use.
- Make recommendations to optimize use of the Crusoe Cloud Platform. We may process Service Data to provide you with recommendations and tips. These suggestions may include ways to better secure your account or data, options to reduce service charges or improve performance, and information about new or related products and features. We may also evaluate your response to our recommendations.
- Maintain and improve the Crusoe Cloud Platform. We evaluate Service Data to help us improve the performance and functionality of the Crusoe Cloud Platform.
- Provide and improve other services you request. We may use Service Data to deliver and improve other services that you request, including Crusoe or third-party services that are enabled via the Crusoe Cloud Platform, administrative consoles and APIs.
- Assist you. We use Service Data when needed to provide technical support and professional services as requested by you, and to assess whether we have met your needs. We also use Service Data to improve our online support, and to communicate with you. This includes notifications about updates to the Crusoe Cloud Platform, and responding to support requests.
- Protect you, our users, the public, and Crusoe. We use Service Data to improve the safety and reliability of our services. This includes detecting, preventing, and responding to fraud, abuse, security risks, and technical issues that could harm our users, our customers, the public, or Crusoe. These activities are an important part of our commitment to secure our services.
- Comply with legal obligations. We may need to process Service Data to comply with our legal obligations, for example, where we’re responding to legal process or an enforceable governmental request, or to meet our financial record-keeping obligations.
- Other purposes with your consent. We may ask for your consent to process information for other purposes not covered in this Privacy Notice. You have the right to withdraw your consent at any time.
To achieve these purposes, we may use Service Data together with information we collect from other Crusoe products and services. We may use algorithms to recognize patterns in Service Data. Manual collection and review of Service Data may also occur, such as when you interact directly with our billing or support teams. We may aggregate and anonymize Service Data to eliminate personal details, and we may use Service Data for internal reporting and analysis of applicable product and business operations.
Where Data Is Stored
Crusoe and Crusoe’s partners maintain data centers around the world, and provide the Crusoe Cloud Platform from these locations. Service Data may be processed on servers located outside of the country where our users and customers are located because Service Data is typically processed by centralized or regionalized operations like billing, support, and security.
Regardless of where Service Data is processed, we apply the same protections described in this Privacy Notice.
How We Secure Data
We build the Crusoe Cloud Platform with strong security features to protect information. The insights we gain from providing our services help us detect and automatically block security threats from ever reaching you.
We work hard to protect you and Crusoe from unauthorized access, alteration, disclosure, or destruction of information we hold, including:
- We encrypt Service Data while in transit.
- We regularly review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems.
- We restrict access to personal information to Crusoe employees, contractors, and agents who need that information in order to process it for us. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
How We Share Data
We do not share Service Data with companies, organizations, or individuals outside of Crusoe except in the following cases:
- With your consent. We’ll share Service Data outside of Crusoe when we have your consent. For example, when you use a third-party application that requests access to your information, we’ll seek permission to share information with that third party.
- With your administrators. When you use the Crusoe Cloud Platform, your administrators authorized to manage your or your organization’s account will have access to certain Service Data. For example, they may be able to:
- View account and billing information, activity and statistics;
- Change your account password;
- Suspend or terminate your account access;
- Access your account information in order to satisfy applicable law, regulation, legal process, or enforceable governmental request;
- Restrict your ability to delete or edit your information or your privacy settings
- For external processing. We provide information to our affiliates, partners and other trusted businesses or persons to process it for us, based on our instructions and in compliance with this Privacy Notice and other appropriate confidentiality and security measures.
- For legal reasons. We may share Service Data outside of Crusoe if we have a good-faith belief that access to, or use, preservation, or disclosure of the information is reasonably necessary to:
- Comply with applicable law, regulation, legal process, or enforceable governmental request;
- Enforce applicable agreements, including investigation of potential violations;
- Detect, prevent, or otherwise address fraud, security, or technical issues;
- Protect against harm to the rights, property or safety of Crusoe, our customers, users, and the public as required or permitted by law.
If Crusoe is involved in a reorganization, merger, acquisition, or sale of assets, we’ll continue to ensure the confidentiality of your personal information and give affected users notice before personal information becomes subject to a different privacy policy.
Access to Data
Your organization may allow you to access and export your data in order to back it up or transfer it to a service outside of Crusoe. The Crusoe Cloud Platform may enable you to directly access and download the data you have stored in the services.
You and your organization’s administrator can access several categories of Service Data directly from the Crusoe Cloud Platform, including your billing contact information, payment and transaction information, as well as product and communication settings and configurations.
If you’re otherwise unable to access your data, you can always request it by contacting support@crusoecloud.com.
Deletion and Retention of Data
We retain Service Data for different periods of time depending on what it is, how we use it, and how you configure your settings.
Service Data is deleted or anonymized once it is no longer needed. For each type of data and operation, we set retention timeframes based on the purpose for its collection, and ensure it is kept for no longer than necessary.
Sometimes we need to retain certain information for an extended period of time for legitimate business or legal purposes. For example, when Crusoe processes a payment for you, or when you make a payment to Crusoe, we’ll retain data about those transactions as required for tax or accounting purposes. Other legitimate business or legal purposes that may require us to retain data include security, fraud and abuse prevention, ensuring continuity of our services, and complying with legal or regulatory requirements.
When we delete data, we follow detailed steps to make sure that the data is securely and completely removed from our active systems or retained only in anonymized form. We take measures to ensure that our services protect information from accidental or malicious deletion through the use of backup systems.
Using Crusoe Accounts and Products
Your Crusoe Account is your connection to the Crusoe Cloud Platform. If you interact with the Crusoe Cloud Platform using a Crusoe Account managed by an organization, then your personal information may be subject to your organization’s privacy policies and processes, and you should direct privacy inquiries to your organization.
EU Privacy Standards and GDPR
If European Union (EU), UK or Swiss data protection law applies to the processing of information about you, you have certain rights, including the rights to access, correct, delete and export your information, as well as to object to or request that we restrict processing of your information.
If you want to exercise your data protection rights with regard to information we process in accordance with this Privacy Notice and are not able to do so via the tools available to you or your organization’s administrator, you can always contact Crusoe at support@crusoecloud.com. And you can contact your local data protection authority if you have concerns regarding your rights under local law.
In addition to the purposes and grounds described in this Privacy Notice, we may process information on the following legal grounds:
- Where necessary for the performance of a contract with you. We may process your information where necessary for us to enter into a contract with you or to comply with our contractual commitments to you.
- When we’re complying with legal obligations. We’ll process your information when we have a legal obligation to do so.
- When we’re pursuing legitimate interests. We may process Service Data based on our legitimate interests and those of third parties while applying appropriate safeguards that protect your privacy. This means that we process your information in the interests of providing the Crusoe Cloud Platform you request; making recommendations to optimize use of the Crusoe Cloud Platform; maintaining and improving the Crusoe Cloud Platform; providing and improving other services you request; assisting you; and protecting against harm to the rights, property or safety of Crusoe, our users, our customers, and the public, as required or permitted by law.
California Requirements
The California Consumer Privacy Act (CCPA) requires specific disclosures for California residents. This Privacy Notice is designed to help you understand how Crusoe handles your information:
- We explain the categories of information Crusoe collects and the sources of that information in Information We Collect.
- We explain how Crusoe uses information in Why We Process Data.
- We explain when Crusoe may share information in How We Share Data. Crusoe does not sell your personal information.
The CCPA also provides the right to request information about how Crusoe collects, uses, and discloses your personal information. And it gives you the right to access your information and request that Crusoe delete that information. Finally, the CCPA provides the right to not be discriminated against for exercising your privacy rights.
We provide the information and tools described in this Privacy Notice so you can exercise these rights. When you use them, we’ll validate your request by verifying your identity (for example, by confirming that you’re signed in to your Crusoe Account). If you have questions or requests related to your rights under the CCPA, you can also contact Crusoe at legal@crusoeenergy.com.
The CCPA requires a description of data practices using specific categories. This table uses these categories to organize the information in this Privacy Notice.
Categories of personal information we collect
Service Data is the personal information Crusoe collects or generates during the provision and administration of the Crusoe Cloud Platform, excluding any Customer Data. Service Data includes:
- Identifiers such as your name, phone number, and address, as well as unique identifiers tied to the browser, application, or device you’re using.
- Demographic information, such as your preferred language.
- Commercial information such as records of charges, payments, and billing details and issues.
- Internet, network, and other activity information such as device identifiers, identifiers from cookies or tokens, IP addresses, and information about usage, operational status, software errors and crash reports, authentication credentials, quality and performance metrics, and other technical details necessary for us to operate and maintain the Crusoe Cloud Platform and related software.
- Geolocation data, such as the country you’re in, as may be determined by GPS or IP address, depending in part on your device and account settings.
- Audio, electronic, visual and similar information, such as audio recordings of your calls with our technical support providers.
- Inferences drawn from the above, like aggregated performance metrics for a new product feature to determine product strategy.
Business purposes for which information may be used or disclosed
Crusoe processes Service Data for the following purposes:
- Protecting against security threats, abuse, and illegal activity. Crusoe uses and may disclose Service Data to detect, prevent and respond to security incidents, and for protecting against other malicious, deceptive, fraudulent, or illegal activity. For example, to protect our services, Crusoe may receive or disclose information about IP addresses that malicious actors have compromised.
- Auditing and measurement. Crusoe uses Service Data for analytics and measurement to understand how our services are used, and to provide you and our customers with recommendations and tips.
- Maintaining our services. Crusoe uses Service Data to provide the Crusoe Cloud Platform, technical support, and other services you request, and ensure they are working as intended, for example by tracking outages or troubleshooting bugs and other issues that you report to us.
- Product development. Crusoe uses Service Data to improve the Crusoe Cloud Platform and other services you request, and to develop new features and technologies that benefit our users and customers.
- Use of service providers. Crusoe shares Service Data with service providers to perform services on our behalf, in compliance with this Privacy Notice and other appropriate confidentiality and security measures. For example, we may rely on service providers to help provide technical support.
- Legal reasons. Crusoe also uses Service Data to satisfy applicable laws or regulations, and discloses information in response to legal process or enforceable government requests, including to law enforcement.
Parties with whom information may be shared
We do not share Service Data with companies, organizations, or individuals outside of Crusoe except in the following cases:
- With your consent. We’ll share Service Data outside of Crusoe when we have your consent. For example, when you use a third-party application that requests access to your information, we’ll seek permission to share information with that third party.
- With your administrators. When you use the Crusoe Cloud Platform, your administrator authorized to manage your or your organization’s account will have access to certain Service Data. For example, they may be able to:
- View account and billing information, activity and statistics
- Change your account password
- Suspend or terminate your account access
- Access your account information in order to satisfy applicable law, regulation, legal process, or enforceable governmental request
- Restrict your ability to delete or edit your information or your privacy settings
- For external processing. We provide information to our affiliates, partners and other trusted businesses or persons to process it for us, based on our instructions and in compliance with this Privacy Notice and other appropriate confidentiality and security measures.
- For legal reasons. We may share Service Data outside of Crusoe if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to:
- Comply with applicable law, regulation, legal process, or enforceable governmental request.
- Enforce applicable agreements, including investigation of potential violations.
- Detect, prevent, or otherwise address fraud, security, or technical issues.
- Protect against harm to the rights, property or safety of Crusoe, our customers, users, and the public as required or permitted by law.
Updates to this Privacy Notice
We may update this Privacy Notice from time to time. We will not make any significant changes without notifying you in advance by posting a prominent notice on this page describing the changes or by sending you a direct communication. We encourage you to regularly review this Privacy Notice, and we will always indicate the date the last changes were published.
Service Specific Terms
Effective August 1st 2023
DownloadTable of Contents
Service Specific Terms
These Service Specific Terms are incorporated into the agreement under which Crusoe has agreed to provide Crusoe Cloud Platform (as described in Services) to Customer (the “Agreement”). Capitalized terms used but not defined in the Service Specific Terms have the meaning given to them in the Agreement.
General Service Terms
Data Location
The Services do not limit the locations from which Customer or Customer End Users may access Customer Data or to which they may move Customer Data. For clarity, Customer Data does not include resource identifiers, attributes, or other data labels.
General Software Terms
The following terms apply to all Software:
License
Crusoe grants Customer a royalty-free (unless otherwise stated by Crusoe), non-exclusive, non-sublicensable, non-transferable license during the Term to reproduce and use Software ordered by Customer on systems owned, operated, or managed by or on behalf of Customer in accordance with (i) the Agreement, and (ii) if applicable, the Scope of Use. Customer may authorize its and its Affiliates' employees, agents, and subcontractors (collectively, “Software Users”) to use the Software in accordance with this section (License), so long as Customer remains responsible. Customer may make a reasonable number of copies of the Software for backup and archival purposes. For clarity, Software does not constitute Services.
Documentation
Crusoe may provide Documentation describing the appropriate operation of the Software, including a description of how Software is properly used, and whether and how the Software collects and processes data. Customer will comply with any restrictions in the Documentation regarding Software use.
Compliance With Scope of Use
Within 30 days of Crusoe’s reasonable written request, Customer will provide a sufficiently detailed written report describing its usage in accordance with the applicable Scope of Use of each Software product used by Customer and its Software Users during the requested period. If requested, Customer will provide reasonable assistance and access to information to verify the accuracy of Customer’s Software usage report(s).
Other Warranties and Compliance
Each party represents and warrants that it will comply with all laws and regulations applicable to its provision or use of the Software, as applicable. Customer will: (i) ensure that Customer and its Software Users' use of the Software complies with the Agreement and the restrictions in the Agreement applying to Customer's use of the Services; (ii) use commercially reasonable efforts to prevent and terminate any unauthorized access to or use of the Software; and (iii) promptly notify Crusoe of any unauthorized access to or use of the Software of which Customer becomes aware. If the Software contains open source or third-party components, those components may be subject to separate license agreements, which Crusoe will make available to Customer. Customer is solely responsible for complying with the terms of any third-party sources from which Customer elects to migrate its workloads onto the Services, and represents and warrants that such third-party sources permit the use of Software to migrate applications away from such sources. If the Agreement terminates or expires, then Customer will stop using all Software and delete it from Customer's systems.
Benchmarking
Customer may conduct benchmark tests of the Services (each a "Test"). Customer may only publicly disclose the results of such Tests if it (a) obtains Crusoe's prior written consent, (b) provides Crusoe all necessary information to replicate the Tests, and (c) allows Crusoe to conduct benchmark tests of Customer's publicly available products or services and publicly disclose the results of such tests. Notwithstanding the foregoing, Customer may not do either of the following on behalf of a public cloud provider without Crusoe's prior written consent: (i) conduct (directly or through a third party) any Test of the Services or (ii) disclose the results of any such Test.
Trials
Certain Services may be made available to Customer on a trial basis. The parameters of each trial, including any Scope of Use, may be presented to Customer either through the Fees URL, Admin Console, Documentation, email, or as otherwise communicated by Crusoe. Use of a trial indicates Customer’s acceptance of any such parameters.
Third-Party Terms
Disclaimer
Crusoe’s suppliers will have no liability arising out of or relating to the Agreement.
NVIDIA Drivers
Customer’s use of NVIDIA software components provided by Crusoe in conjunction with the Services is subject to the terms and conditions stated at NVIDIA Third Party Terms.
Pricing and Billing Terms
Instance Commitments.
Selection and Commitment
Customer may have an option to request Committed Instances via the Services (for example, in the Developer Console, Command Line Interface, or through a Crusoe API) or in an Order Form. If Crusoe accepts the request, then notwithstanding the payment terms in the Agreement, Customer will pay the Fees for those Committed Instances during the Commitment Term selected by Customer, whether or not they are used, as stated at the Fees URL for the applicable SKU.
Cancellation and Expiration
Committed Instances purchases may not be cancelled or refunded after they are placed. Any use of the Services after cancellation or expiration of the Commitment Term will be billed at standard Fee rates.
No Resell or Transfer
Unless Crusoe agrees otherwise, Customer may not resell or transfer Committed Instances.
Subscription Offerings
Subscription SKUs
Certain SKUs may be offered on a subscription basis (each, a “Subscription Offering”). Each Subscription Offering may be a single Service or Software item, or a package of two or more Services or Software items. The details of each Subscription Offering (“Subscription Details”) will be stated (i) at the Fees URL or elsewhere in the Services, the Admin Console, or Documentation, or (ii) in an Order Form or other written agreement between Crusoe and Customer. The Subscription Details will include the duration of the subscription (“Subscription Term”), the amount of permitted usage of the applicable Subscription Offering during the Subscription Term (e.g., usage per month) (“Subscription Usage”), minimum Subscription Usage (if applicable), and the applicable pricing. If the Subscription Offering is a package of two or more Services or Software items, the Subscription Details may also list the different components packaged into the Subscription Offering. Customer may request to purchase a Subscription Offering via the Services (for example, in the Admin Console or through a Crusoe API) or in an Order Form or other written agreement between Crusoe and Customer, as applicable. If Crusoe accepts Customer's request to purchase a Subscription Offering, then notwithstanding the invoicing and payment terms in the Agreement, Crusoe will invoice or charge Customer for the Subscription Offering, and Customer will pay Crusoe, during the Subscription Term (including during any renewal Subscription Term) as specified in the Subscription Details. Further, unless otherwise specified in the applicable Subscription Details, Crusoe reserves the right to issue additional invoices or charges to Customer in arrears if Customer's usage of a Subscription Offering exceeds the Subscription Usage, with the pricing listed at the Fees URL applying to that excess usage, unless otherwise agreed by the parties.
Renewal
Unless (i) otherwise specified in the Subscription Details, or (ii) either party provides the other party with notice of non-renewal at least 30 days before the end of the then-current Subscription Term, at the end of each Subscription Term, Customer's access to the Subscription Offering will automatically renew, with the renewal Subscription Term duration and Subscription Usage as described in the Subscription Details.
Cancellation
Unless otherwise specified in the Subscription Details, Customer may not terminate a Subscription Offering before the end of the Subscription Term. If a particular Subscription Offering is indicated as terminable in the Subscription Details, then Customer may terminate the Subscription Offering before the expiration of the Subscription Term, and Crusoe may charge a termination fee (“Termination Fee”), as specified in the Subscription Details. Further, Customer may be required to give extended notice before termination of any Subscription Offering, as specified in the Subscription Details. Notwithstanding any term to the contrary in the Agreement, (i) if Customer has entered into an Order Form under the Agreement for the purchase of Services on an on-demand basis, then the Subscription Term will also terminate immediately upon termination of such Order Form (and Customer will be charged the Termination Fee, if applicable), and (ii) upon termination of the Subscription Term, Customer may continue to use Crusoe Cloud Platform, and pricing for the Service(s) or Software that are part of the Subscription Offering will be as stated at the Fees URL or as otherwise agreed by the parties (if available on a non-subscription basis).
Definitions
- “Documentation” means the then-current Crusoe documentation made available by Crusoe to its customers for use with the Services at https://docs.crusoecloud.com.
- “Fees URL” means https://crusoe.ai/cloud/pricing.
- “Order Form” means an order form executed by Customer and Crusoe or an order placed by Customer via a Crusoe website, in either case specifying the Services Crusoe will provide to Customer.
- “Scope of Use” means any limits on installation or usage of Services or Software described at the Fees URL, Admin Console, order form, or otherwise presented by Crusoe.