Overview

Confidentiality is a critical issue when considering any email related service. As detailed below, SpamStopsHere treats all email with utmost confidentiality and security; and we will be happy to send you a signed copy of this Agreement. While our most demanding clients such as law firms and medical groups have found this Agreement suitable, we will be happy to discuss any other requirements you may have.

Greenview Data, Inc. operates the SpamStopsHere service for all clients according to the following strict Confidentiality Agreement (NDA) which also states that the service follows the requirements of the United States "Health Insurance Portability and Accountability Act" (HIPAA).

Clients that would prefer a signed copy of this Confidentiality Agreement are welcome to request one by contacting our sales department.

You can also download the PDF version of this document and of the HIPAA Addendum.

Confidentiality (Non-disclosure) Agreement

This is a Confidentiality (Non-Disclosure) Agreement between SpamStopsHere (SSH), an anti-spam service owned and operated by Greenview Data, Inc. (GDI) with offices at 8178 Jackson Rd., Ann Arbor, MI 48103, USA and all clients (Client) that use the SSH service.

This agreement assumes that the Client is using the SpamStopsHere anti-spam service (Service) in which all Client email passes through the SSH servers for the purpose of anti-spam filtering.

GDI hereby agrees to treat all Client email and other information supplied by or on behalf of the Client as Confidential Information. As detailed in this agreement:

• GDI will not log or archive the contents (body) of email messages.
   
• GDI will not disclose Confidential Information, including email information or email contents, to any third party, unless required to do so by court order.
   
• If Client is a "covered entity" under the United States "Health Insurance Portability and Accountability Act" (HIPAA), the "HIPAA Addendum" is incorporated by reference as part of this agreement.
   
• Outside of special situations (testing, debugging, spam review) detailed below, GDI staff do not view Client email. Additionally, GDI staff have been trained to treat Client email with utmost confidentiality and understand that disclosing or using information in Client email may be a felony, and each staff member has agreed in writing to the terms hereof.

Confidentiality

GDI agrees to treat all Client email as Confidential Information, unless the email is beyond a reasonable doubt an Unsolicited Commercial Email (UCE), i.e. "Spam". GDI also agrees to treat any information the Client shares with GDI with regard to business plans, employee numbers, IT security, IT configuration, and similar "sensitive" business information as Confidential Information.

The term Confidential Information does not include information which (i) is already in GDI's possession, provided that such information is not known by GDI to be subject to another confidentiality agreement with the Client, or (ii) becomes generally available to the public other than as a result of a disclosure by GDI or its directors, officers or employees, or (iii) becomes available to GDI on a non-confidential basis from a source other than the Client or its advisors, provided that such source is not known by GDI to be bound by a confidentiality agreement with or other obligation of secrecy to the Client or another party.

GDI will always treat all legitimate (non-UCE) Client email as Confidential Information.

Non-Disclosure

Only GDI's directors, officers and employees have (limited) access to Client email and information. GDI will not disclose Confidential Information, email information or email contents to any third party, unless required to do so by court order. In particular, GDI does not allow subcontractors, affiliates, partners, resellers or any other third party to access Client email.

In the event a court with proper jurisdiction subpoenas Client or email information, GDI will make every effort to delay the release of information and contact the affected Client(s). Since many Clients are entitled to additional confidentiality by Lawyer-client or Doctor-patient privilege, GDI will challenge any court ordered subpoena.

The directors, officers and employees of GDI have been trained to take all reasonable steps to ensure that Client email remains confidential, and is not deliberately or accidentally divulged to any other party.

Access to Confidential information

GDI limits access to Client email to the absolute minimum necessary to operate a reliable Service. Outside of occasional testing and debugging of the Service, no Client email (body) content is seen by any staff, unless the Client explicitly permits GDI to review only those email messages filtered by the Service. (This is detailed below.) Only GDI officers and senior employees perform testing and debugging, and have access to the computers that contain or process (filter) Client email.

GDI agrees to use reasonable, industry-standard security measures to prevent unauthorized access to its computer systems. All computers that contain Confidential Information or process (filter) Client email are protected by hardware and/or software firewalls to restrict access to only authorized personal and from authorized locations.

Logging/Archiving

GDI certifies that this Service does not log or archive the content (body) of email messages, unless the Client explicitly permits GDI to do so for spam review purposes. In the event a Client's legitimate (non-UCE) email is captured during the course of testing, debugging, or spam review, any copy/capture of the email will be immediately deleted.

While the Service logs each email message, the log consists of only sender's email address, IP address and the Subject line of the email. This limited log is also treated as Confidential information and will be deleted after 31 days.

Spam Review

Many Clients give GDI explicit permission to monitor and review the spam which is filtered for their domain(s). When permitted, only those emails which are filtered by the Service are logged and reviewed by GDI staff. Since unfiltered emails are not logged or reviewed, GDI staff will only view UCE (spam) emails and an occasional (typically less than 1 in 10,000) legitimate email which was incorrectly filtered by the Service. In the event a legitimate email is reviewed, all copies of it are immediately deleted. GDI and its staff will maintain the confidentiality of these and all legitimate emails.

HIPAA

The United States "Health Insurance Portability and Accountability Act (HIPAA) requires that medical and patient information be treated with a high level of confidentiality, and imposes severe penalties for the disclosure of such information. GDI agrees to comply with the confidentiality requirements of HIPAA, pursuant to the terms hereof and the HIPAA Addendum.

It is GDI's opinion that this Confidentiality Agreement exceeds the requirements of HIPAA, especially since no Client email information is stored or used by GDI, no designated client record sets are maintained by SSH, and email not shared with any third party.

Binding Effect

This agreement is binding upon, and inures to the benefit of, the successors and assigns of the parties.

Remedies

GDI acknowledges that failure to comply with the terms of this Agreement may cause irreparable damage to the Client. Therefore, GDI agrees that in addition to any other remedies at law or in equity available to the Client for GDI's breach or threatened breach of this Agreement, the Client is entitled to specific performance or injunctive relief against GDI to prevent such damage or breach, and the existence of any claim or cause of action GDI may have against the Client will not constitute a defense thereto. GDI further agrees to pay reasonable attorney fees incurred by the Client in any proceeding relating to the enforcement part of the agreement or to any alleged breach thereof in which the Client will prevail in whole or in part.

Confirmed and Agreed to:

For:    Greenview Data, Inc.

By:     Theodore Green

Title: President

Date: May 13, 2004