Last updated: February 24, 2025 (see previous version).
PLEASE READ THE FOLLOWING TERMS AND CONDITIONS CAREFULLY BEFORE ACCESSING OR USING THE SUBSCRIPTION SERVICES (DEFINED BELOW).
THE TERMS AND CONDITIONS OF THIS AGREEMENT (DEFINED BELOW) GOVERN USE OF THE SUBSCRIPTION SERVICES UNLESS YOU AND METABASE, INC. (“METABASE”) HAVE EXECUTED A SEPARATE AGREEMENT GOVERNING USE OF THE SUBSCRIPTION SERVICES.
Metabase is willing to provide the Subscription Services to you only upon the condition that you accept all the terms contained in the Hosting Terms of Service attached as Exhibit A (“Terms”) and the Data Processing Addendum attached as Exhibit B (collectively, this “Agreement”). By clicking on the checkbox marked “Subscribe” on the registration page or by accessing or using the Subscription Services, you have indicated that you understand this Agreement and accept all of its terms. If you are accepting the terms of this Agreement on behalf of a company or other legal entity, you represent and warrant that you have the authority to bind that company or other legal entity to the terms of this Agreement, and, in such event, “you” and “your” will refer to that company or other legal entity. If you do not accept all the terms of this Agreement, then you must not accept this Agreement and you may not use the Subscription Services.
1. Subscription Services.
1.1. Subscription Services. Subject to your compliance with the terms and conditions of this Agreement, with effect from the Services Start Date and thereafter during the Subscription Term (as defined below) Metabase will provide you with the Subscription Services, and Metabase grants you a limited, non-transferable, non-sublicensable, license to use the Subscription Services solely for your internal business purposes within the usage limits specified in the Order.
1.2. Authorized Users. Customer may only permit the Subscription Services to be accessed and used by its employees and independent contractors (each, an “Authorized User”), who may only access and use the Subscription Services for Customer’s internal business purposes in accordance with the license granted in Section 1.1, and only up to the number of Authorized Users specified in the Order (and otherwise in accordance with any other volume limits or restrictions on the use of the Subscription Services set forth in the Order). Customer will ensure that each account (and associated log-in credentials) are accessed only by the specific Authorized User for whom such account is created (for clarity, each account is for a single individual only and cannot be shared or used by more than one person). You will remain wholly liable and responsible for all actions taken under an Authorized User’s account, whether or not such action was taken or authorized by the Authorized User, and for the acts and omissions of each Authorized User, including without limitation compliance with this Agreement.
1.3. Benefit of Third Parties. If your plan includes the right to embed the Subscription Services (i.e., the “Right to Embed” stated in the Order) within your software application designated as the Customer Application in the Order (“Customer Application”), subject to your payment of associated fees for the Right to Embed as described in the Order or otherwise in our pricing page currently located at https://www.metabase.com/pricing then subject to your compliance with the terms and conditions of this Agreement (including payment of the applicable fees in accordance with Section 4), Metabase grants to Customer a non-exclusive, non-transferable, non-sublicensable, worldwide limited license to operate the Subscription Services within, and to embed such Subscription Services in, the Customer Application (identified on the Order), and to allow your end customers (“End Customer”) to access the Subscription Services solely as embedded in, and a part of, the Customer Application, including to display such Customer Application (with the embedded Subscription Services therein) to End Customers. You will cause each End Customer to enter into an end user license agreement that protects Metabase to the same extent this Agreement protects Metabase and which designates Metabase as a third party beneficiary thereof. The exact type of embedding you can do depends on your subscription level, as detailed on our pricing page and in our documentation. If your plan requires you to display the “Powered by Metabase” logo you may not remove or cover it.
1.4. Intentionally omitted.
1.5. Restrictions. You, on behalf of yourself and your Authorized Users, agree not to: (1) copy, modify, alter, decompile or reverse engineer the Subscription Services (including the source code, object code, and underlying structure and algorithms thereof); (2) resell or otherwise make the Subscription Services available to any third party; (3) use the Subscription Services either directly or indirectly to support any activity that is illegal or that violates the proprietary rights of others; (4) interfere with or disrupt the Subscription Services or attempt to gain access to any systems or networks that connect thereto (except as required to access and use the Subscription Services); (5) deactivate, impair, or circumvent any security or authentication measures of the Subscription Services; (6) use the Subscription Services or its output to train, calibrate, or validate, in whole or in part any other systems, programs or platforms, or for benchmarking, software-development, or other competitive purposes; or (7) permit any third parties to do any of the above. You are responsible for the use of the Subscription Services by your Authorized Users, and their compliance with this Agreement.
1.6. Intentionally omitted.
1.7. Attached Data Warehouse. If you have purchased a license, or otherwise obtained the right from Metabase, to access the Attached Data Warehouse (as defined in Exhibit C, attached hereto), which is data storage accessed in connection with the Subscription Services, then Exhibit C will apply and you agree to be fully bound by Exhibit C.
2. Ownership.
2.1. Metabase IP. As between Metabase and you, Metabase owns all worldwide right, title and interest in and to the Subscription Services and the Usage Data, including all Intellectual Property Rights therein. For purposes of this Agreement, “Intellectual Property Rights” means patent rights (including patent applications and disclosures), copyrights, trade secrets, know-how and any other intellectual property rights recognized in any country or jurisdiction in the world.
2.2. Feedback. If you provide any ideas, suggestions, or recommendations regarding the Subscription Services (“Feedback”), Metabase will be free to use, disclose, reproduce, license or otherwise distribute, and exploit such Feedback as it sees fit, entirely without obligation or restriction of any kind. By providing Feedback, you grant to Metabase a worldwide, perpetual, irrevocable, fully-paid, royalty-free, nonexclusive license to use and exploit in any manner such Feedback.
3. Customer Support.
3.1. Customer Support by Metabase. Subject to your compliance with the terms and conditions of this Agreement, with effect from the Services Start Date and thereafter during the Subscription Term (as defined below), Metabase will provide the support services applicable to the service tier that you have subscribed to, as described in “Support Terms” section of the Order and in accordance with Metabase’s then-current policies, located at https://www.metabase.com/enterprise/support.
4. Subscription Fees & Payment.
4.1. Subscription Fees. You will pay the fees and charges stated in the Order (“Subscription Fees”) for use of the Subscription Services. The base Subscription Fee for each Subscription Term will be specified in the Order (“Base Subscription Fee”) and is payable and charged at the beginning of each Subscription Term.
4.2. Verification; True-Up. If specified in the Order, Subscription Fees will be calculated based on units of use of the Subscription Services (such as number of users or amount of data processed) (each, a “Unit”). Where applicable, the Base Subscription Fee includes the number of Units specified in the Order for each Subscription Term. Metabase may create and maintain logs reflecting usage of the Subscription Services under your account. Metabase may access and review such logs from time to time to verify your compliance with applicable usage limitations and other terms of this Agreement, and Metabase may use such logs to prevent or limit unauthorized use of the Subscription Services. Without limiting any of Metabase’s other rights or remedies, if your actual usage of the Subscription Services exceeds the Units covered by the Base Subscription Fee prepaid by you for a Subscription Term, Metabase will charge you for the difference between the Units covered by the Base Subscription Fee and the number of Units actually used by you during that Subscription Term (“Additional Units Fee”).
4.3. Payment Terms. If you have provided us with credit card details, we will charge that credit card: (i) at the start of each Subscription Term, for the Base Subscription Fee; and (ii) within thirty (30) days of our invoice for any Additional Units Fee payable by you (if any). We will issue a payment confirmation to you with respect to any charges we have made to your credit card. If we issue an invoice to you, all invoices are payable as specified in the Payment Terms section of the Order (or if not so specified, within thirty (30) days of receipt). All amounts are stated and shall be paid in US dollars and are exclusive of taxes, duties, levies, tariffs, and other governmental charges (collectively, “Taxes”). You are responsible for payment of all Taxes and any related interest and/or penalties resulting from any payments made to us, other than any taxes based on Metabase’s net income. All past due amounts will incur interest at a rate of 1% per month or the maximum rate permitted by law, whichever is less. Except as expressly set forth in this Agreement, all payments, once paid, are non-refundable.
5. Term And Termination.
5.1. Subscription Term. This Agreement will commence on the Effective Date and, unless terminated earlier by either party in accordance with the terms of this Agreement, will continue for the Initial Subscription Term specified in the Order. At the end of such Initial Subscription Term, subject always to timely payment of the Subscription Fees, this Agreement will automatically renew for additional successive Renewal Subscription Terms having the duration specified in the Order (or if no renewal term length is stated in the Order, having the same duration as the Initial Subscription Term) (each, a “Renewal Subscription Term”), unless either party provides 15 days’ prior written notice of non-renewal. Such Initial Subscription Term and each Renewal Subscription Term are each individually referred to herein as a “Subscription Term.”
5.2. Termination for Breach. Each party will have the right to terminate this Agreement if the other party breaches this Agreement and fails to cure such breach within 10 days after written notice thereof. If you terminate this Agreement for breach, Metabase will refund the unused portion of the Subscription Fees that you had paid for the Subscription Services for the remainder of the then-current Subscription Term (if any).
5.3. Additional Remedies. Without limiting other available remedies, Metabase reserves the right to suspend or disable your and your Authorized Users’ access to the Subscription Services if any undisputed amounts payable under this Agreement more than 30 days past due. Metabase also reserves the right to suspend or disable access to the Subscription Services if Metabase determines (in its discretion) that: (1) your or any Authorized User’s use of the Subscription Services disrupts, harms, or poses a security risk, or may cause harm, in each case to Metabase, the Subscription Services or any third party; or (2) you or any Authorized User has used, or is using, the Subscription Services in breach of this Agreement.
5.4. Effect of Termination. Upon any expiration or termination of this Agreement, your (and your Authorized Users’) right to access and use the Subscription Services will automatically terminate, except that the Authorized Users will be permitted to access the Subscription Services for 30 days following termination solely to download any Customer Data stored thereon. Metabase will have no liability for any costs, losses, damages, or liabilities arising out of or related to Metabase’s exercise of its termination rights under this Agreement. Any payment obligations as of the expiration or termination will remain in effect. Sections 2, 4, 5.4, 7, 8, 9, 10, 11, 12, and 13 will survive any expiration or termination of this Agreement.
6. Customer Data.
6.1. Definitions. For purposes of this Agreement, (i) “Customer Application Data” means data input into the Subscription Services by you and your Authorized Users (and includes, without limitation, the log-in credentials for each Authorized User and queries submitted by your Authorized Users); (ii) “Customer Business Data” means the data on your external databases that you and your Authorized Users retrieve or access in the course of using the Subscription Services; (iii) “Customer Data” means, collectively, the Customer Application Data, the Customer Business Data and the Customer Metadata; and (iv) “Customer Metadata” means data that describes the Customer Data (which may include data such as the number of datasets in a database, the average data size of a dataset, what database software a user connects to, and/or Metabase-generated descriptions of a given dataset).
6.2. Customer Data. As between you and Metabase, you own all worldwide right, title and interest in and to all Customer Data. You grant to Metabase a non-exclusive license to access and use the Customer Data to provide the Subscription Services to you and your Authorized Users. In addition, you grant to Metabase a non-exclusive license to access and use the Customer Application Data and Customer Metadata (but not the Customer Business Data) to develop and improve Metabase’s products and services (including the Subscription Services) as set forth in more detail in the Metabase Privacy Policy at: metabase.com/hosting/privacy_policy. You acknowledge and agree that your use of the Subscription Services is subject to Metabase’s Privacy Policy. You are solely responsible for the content of all Customer Data. You represent and warrant that (1) you have, and will continue to have, during the term of this Agreement, all necessary rights, authority and licenses for the access to and use of the Customer Data as contemplated by this Agreement and the software and systems on or through which you have requested us to provide services; and (2) Metabase’s use of the Customer Data in accordance with this Agreement will not violate any applicable laws or regulations or cause a breach of any agreement or obligation between you and any third party. The Data Processing Addendum set forth in Exhibit B is hereby incorporated herein by reference.
6.3. Security; Backup. Metabase will maintain (and will require its third party service providers to maintain) reasonable administrative, physical and technical safeguards intended to protect the Customer Data against accidental loss and unauthorized access or disclosure, in accordance with applicable industry standards. Metabase will follow its standard archival procedures for Customer Data. In the event of any loss or corruption of Customer Data, Metabase will use its commercially reasonable efforts to restore the lost or corrupted Customer Data from the latest backup of such Customer Data maintained by Metabase. Metabase will not be responsible for any loss, destruction, alteration, unauthorized disclosure or corruption of Customer Data caused by you or by any Authorized User or third party. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS AGREEMENT, METABASE’S EFFORTS TO RESTORE LOST OR CORRUPTED CUSTOMER DATA PURSUANT TO THIS SECTION 6.3 WILL CONSTITUTE METABASE’S SOLE LIABILITY AND YOUR SOLE AND EXCLUSIVE REMEDY IN THE EVENT OF ANY LOSS OR CORRUPTION OF CUSTOMER DATA IN CONNECTION WITH THE SUBSCRIPTION SERVICES OR THIS AGREEMENT.
6.4. Usage Data. You acknowledge and agree that Metabase may generate de-identified data with respect to the use and performance of the Subscription Services (“Usage Data”) and may retain and use such de-identified usage and performance data for its internal business purposes, such as developing and improving Metabase’s products and services (including the Subscription Services).
7. Confidentiality.
7.1. Each party understands that the other party may need to disclose certain non-public information relating to the disclosing party’s business that is marked or identified as “confidential” at the time of disclosure, or that is of any nature described in this Agreement as confidential (“Confidential Information”) in connection with the use and/or performance of the Subscription Services. Metabase Confidential Information includes the non-public portions of the Subscription Services and any related documentation and pricing information. During the term of this Agreement and for three (3) years thereafter, each party agrees to take reasonable precautions to protect the disclosing party’s Confidential Information from unauthorized disclosure, not to use such Confidential Information except as authorized or as necessary to perform its obligations under this Agreement and to not disclose (without the disclosing party’s prior authorization, including any such authorization given under this Agreement) to any third person any such Confidential Information (other than on a need to know basis to the receiving party’s employees, consultants and service providers who are subject to confidentiality obligations that are at least as protective of the disclosing party’s Confidential Information as this Agreement) or as specifically permitted under this Agreement. Confidential Information does not include any information that the receiving party can show: (1) through no fault of the receiving party, is or becomes generally available to the public, or (2) was in its possession or was known prior to receipt from the disclosing party, or (3) was rightfully disclosed to it without restriction by a third party, or (4) was independently developed without use of any Confidential Information of the disclosing party. The receiving party may disclose Confidential Information if the disclosure is necessary to comply with a valid court order or subpoena (in which case the receiving party will, unless prohibited by law or legal process, promptly notify the disclosing party and cooperate with the disclosing party if the disclosing party chooses to contest the disclosure requirement, seek confidential treatment of the information to be disclosed, or to limit the nature or scope of the information to be disclosed). Upon termination of this Agreement will promptly return to the disclosing party or destroy all copies of the disclosing party’s Confidential Information in its possession or control, except that the receiving party may retain one (1) copy of the disclosing party’s Confidential Information for the sole purpose of monitoring its compliance under this Agreement. Notwithstanding the foregoing, upon termination, Metabase will not retain the Customer Data except as necessary to comply with Section 5.4.
8. NO WARRANTY. THE SUBSCRIPTION SERVICES ARE PROVIDED AS “AS IS,” WITHOUT WARRANTY OF ANY KIND. METABASE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT, AND ANY WARRANTIES ARISING OUT OF COURSE OF DEALING OR USAGE OF TRADE. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM METABASE OR ELSEWHERE WILL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THESE TERMS. METABASE DISCLAIMS ANY WARRANTY THAT THE SUBSCRIPTION SERVICES WILL BE ERROR-FREE OR UNINTERRUPTED OR THAT ALL ERRORS WILL BE CORRECTED. You assume sole responsibility and liability for results obtained from the use of the Subscription Services and for conclusions drawn from such use. Metabase will have no liability for any claims, losses, or damages caused by errors or omissions in any Customer Data or any results produced by the Subscription Services based upon Customer Data.
9. Indemnification.
9.1. Metabase Indemnity. Metabase will defend, indemnify and hold you harmless from and against any damages, costs and expenses (including reasonable attorneys’ fees and other professional fees) awarded against you in a final non-appealable judgment or that are agreed to in settlement, to the extent based on a third-party claim that the Subscription Services, as provided by Metabase to you, infringes any patent, copyright or misappropriates any trade secret of any third party; provided that you: (a) promptly notify Metabase in writing of any such claim; (b) grant Metabase sole control of the defense and settlement of the claim; and (c) provide Metabase, at Metabase’s expense, with all assistance, information and authority reasonably required for the defense and settlement of the claim. You have the right to retain counsel, at your expense, to participate in the defense or settlement of any claim. Metabase will not be liable for any settlement or compromise that you enter into without Metabase’s prior written consent.
9.2. Exclusions. Metabase’s obligation to indemnify you pursuant to Section 9.1 will not apply to the extent any claim results from or is based on: (i) any combination, operation or use of the Subscription Services with any product, system, device, method or data not provided by Metabase, if such claim would have been avoided but for such combination, operation or use; (ii) modification of the Subscription Services by anyone other than Metabase, if a claim would have been avoided but for such modification; (iii) your failure to install and use any upgrades to the Subscription Services furnished by Metabase, if such claim could have been avoided by such installation and use of such upgrades; or (iv) use of the Subscription Services other than in accordance with this Agreement. You will indemnify, defend and hold Metabase harmless and will pay any costs damages and reasonable attorney’s fees in connection with any third party claim to the extent it results from any of the foregoing activities in this Section 9.2, provided that Metabase (a) promptly notifies you in writing of any such claim; (b) grants you sole control of the defense and settlement of the claim; and (c) provides you, at your expense, with all assistance, information and authority reasonably required for the defense and settlement of the claim.
9.3. Injunction. If your use of the Subscription Services is, or in Metabase’s opinion is likely to be, enjoined due to the type of claim specified in Section 9.1, then Metabase will at its sole option and expense: procure for you the right to continue using the Subscription Services under the terms of this Agreement; (ii) replace or modify the Subscription Services to make it non-infringing and of equivalent functionality; or (iii) if Metabase is unable to accomplish either (i) or despite using its reasonable efforts, then Metabase may terminate your rights and Metabase’s obligation under this Agreement with respect to such Subscription Services and refund to you a pro-rata portion of the prepaid license fees you paid for such Subscription Services.
9.4. Customer Indemnity. Customer agrees to defend and indemnify Metabase, at Customer’s expense, against any legal action brought against Metabase by a third party to the extent that it is based on a claim that Customer Data or Customer Application, or the combination of the Subscription Services with any other software, hardware, materials or technology used by Customer, infringes a patent, copyright or trademark of such third party or makes unlawful use of such party’s trade secret, and Customer shall pay any settlement of such claim or final judgment against Metabase in any such action if attributable to any such claim. However, such defense and payments are subject to the conditions that Metabase must: (i) notify Customer promptly in writing of such claim, (ii) permit Customer to have sole control of the defense, compromise or settlement of such claim, including any appeals, and (iii) fully cooperate with Customer, at Customer’s expense, in the defense or settlement of such claim.
9.5. Sole Remedy. THIS SECTION 9 SETS FORTH METABASE’S SOLE AND EXCLUSIVE OBLIGATIONS, AND YOUR SOLE AND EXCLUSIVE REMEDIES, WITH RESPECT TO INFRINGEMENT OR MISAPPROPRIATION OF INTELLECTUAL PROPERTY RIGHTS OF ANY KIND.
10. Limitation of Liability. IN NO EVENT WILL METABASE BE LIABLE FOR ANY SPECIAL, INCIDENTAL, EXEMPLARY, PUNITIVE OR CONSEQUENTIAL DAMAGES, OR FOR ANY LOSS OF USE, LOSS OF DATA, LOSS OF PROFITS OR LOSS OF GOODWILL, OR THE COSTS OF PROCURING SUBSTITUTE PRODUCTS, WHETHER OR NOT FORESEEABLE, ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR THE USE OR PERFORMANCE OF THE SUBSCRIPTION SERVICES, WHETHER SUCH LIABILITY ARISES FROM ANY CLAIM BASED UPON CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, AND WHETHER OR NOT METABASE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. METABASE’S TOTAL AGGREGATE LIABILITY ARISING UNDER THIS AGREEMENT, FROM ALL CAUSES OF ACTION AND ALL THEORIES OF LIABILITY, WILL NOT EXCEED THE AMOUNTS PAID TO METABASE BY YOU FOR THE SUBSCRIPTION SERVICES DURING THE 12 MONTH PERIOD PRIOR TO THE FIRST CLAIM FOR LIABILITY HEREUNDER. The parties agree that the limitations and exclusions contained in this Section 10 and elsewhere in this Agreement will (a) not apply to any claims under indemnity and (b) survive and apply even if any exclusive remedy specified in this Agreement is found to have failed of its essential purpose.
11. U.S. Government End Customers. The Subscription Services are “commercial computer software” and “commercial computer software documentation,” respectively, as such terms are used in FAR 12.212 and DFARS 227.7202. If access to the Subscription Services is being acquired by or on behalf of the U.S. Government, then, as provided in FAR 12.212 and DFARS 227.7202-1 through 227.7202-4, as applicable, the U.S. Government’s rights in the Subscription Services will be only those specified in this Agreement.
12. Export Law. You agree to comply fully with all applicable export laws and regulations to ensure that neither the Subscription Services nor any technical data related thereto nor any direct product thereof are exported or re-exported directly or indirectly in violation of, or used for any purposes prohibited by, such laws and regulations.
13. General.
13.1. This Agreement will be governed by and construed in accordance with the laws of the State of California, without regard to or application of conflict of laws rules or principles. The United Nations Convention on Contracts for the International Sale of Goods will not apply. Any legal action or proceeding arising under this Agreement will be brought exclusively in the federal or state courts located in the Northern District of California and each party irrevocably consents to the personal jurisdiction thereof and venue therein.
13.2. You may not assign or transfer this Agreement, or any rights granted hereunder, by operation of law or otherwise, without Metabase’s prior written consent, and any attempt by you to do so, without such consent, will be void. Metabase may freely assign this Agreement.
13.3. Except as expressly set forth in this Agreement, the exercise by either party of any of its remedies under this Agreement will be without prejudice to its other remedies under this Agreement or otherwise.
13.4. All notices or approvals required or permitted under this Agreement will be in writing and delivered by confirmed email transmission, by overnight delivery service, or by certified mail, and in each instance will be deemed given upon receipt. All notices or approvals will be sent to the addresses set forth in the Order or to such other address as may be specified by either party to the other in accordance with this Section 13.4.
13.5. The failure by either party to enforce any provision of this Agreement will not constitute a waiver of future enforcement of that or any other provision. Any waiver, modification or amendment of any provision of this Agreement will be effective only if in writing and signed by authorized representatives of both parties.
13.6. If any provision of this Agreement is held to be unenforceable or invalid, that provision will be enforced to the maximum extent possible, and the other provisions will remain in full force and effect.
13.7. This Agreement is the complete and exclusive understanding and agreement between the parties regarding its subject matter, and supersedes all proposals, understandings or communications between the parties, oral or written, regarding its subject matter.
13.8. The parties to this Agreement are independent contractors and this Agreement will not establish any relationship of partnership, joint venture, employment, franchise, or agency between the parties. Neither party will have the power to bind the other or incur obligations on the other’s behalf without the other’s prior written consent.
13.9. This Agreement may be executed in counterparts, each of which will be deemed an original, but all of which together will constitute one and the same instrument.
13.10. Metabase will not be in breach of this Agreement if its performance is prevented or delayed for circumstances beyond its reasonable control, including but not limited to acts of God, inclement weather, flood, lightning or fire, strikes or other labor disputes or industrial action, act or omission of government or other competent authority, terrorism, war, riot, or civil commotion, unavailability of supply or power outage, hackers, viruses, disruption in transmission, or disruption in telecommunications services.
13.11. Intentionally omitted.
13.12. No shrink-wrap, click-wrap, click-through, click-accept, online terms or website terms provided or presented by you with any products or software hereunder, or other terms provided or presented by you in a separate quote or ordering document (other than the Order, or in a mutually-executed amendment to this Agreement signed by duly authorized representatives of both parties) (“Additional Terms”) shall be binding on Metabase, even if use of such products and software requires an affirmative “acceptance” of those Additional Terms. All such Additional Terms shall be of no force or effect and shall be deemed rejected by Metabase in their entirety.
Exhibit last updated: February 24, 2025
This Data Processing Addendum (“DPA”) forms part of the attached Subscription Services Agreement (the “Agreement”) between you (“Customer”) and Metabase.
1. Subject Matter and Duration
1.1. Subject Matter. This DPA reflects the parties’ commitment to abide by Data Protection Laws concerning the Processing of Customer Personal Data in connection with Metabase’s performance of its obligations under the Agreement. All capitalized terms that are not expressly defined in this DPA will have the meanings given to them in the Agreement. If and to the extent language in this DPA conflicts with the Agreement, this DPA shall control.
1.2. Duration and Survival. This DPA will become legally binding upon the effective date of the Agreement. Metabase will Process Customer Personal Data until the relationship terminates as specified in the Agreement. Metabase’s obligations and Customer’s rights under this DPA will continue in effect so long as Metabase Processes Customer Personal Data.
2. Definitions
2.1. “Customer Personal Data” means Personal Data within Customer Business Data (and Uploaded Customer Data, if applicable) Processed by Metabase on behalf of Customer.
2.2. “Data Protection Laws” means all applicable data privacy, data protection, and cybersecurity laws, rules and regulations to which the Customer Personal Data are subject. “Data Protection Laws” shall include, but not be limited to, the California Consumer Privacy Act of 2018 (“CCPA”) and the EU General Data Protection Regulation 2016/679 (“GDPR”); in each case, to the extent applicable.
2.3. “Personal Data” has the meaning assigned to the term “personal data” or “personal information” under applicable Data Protection Laws.
2.4. “Process” or “Processing” means any operation or set of operations which is performed on Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
2.5. “Security Incident(s)” means the breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data attributable to Metabase.
2.6. “Services” means the services that Metabase performs under the Agreement.
2.7. “Third Party(ies)” means Metabase’s authorized vendors and service providers (i.e., sub-processors) that Process Customer Personal Data.
3. Data Use and Processing
3.1 Documented Instructions. Metabase and its Third Parties shall Process Customer Personal Data only in accordance with the documented instructions of Customer or as specifically authorized by this DPA, the Agreement, or any applicable Order. Metabase will, unless legally prohibited from doing so, inform Customer in writing if it reasonably believes that there is a conflict between Customer’s instructions and applicable law or otherwise seeks to Process Customer Personal Data in a manner that is inconsistent with Customer’s instructions.
3.2. Authorization to Use Third Parties. To the extent necessary to fulfill Metabase’s contractual obligations under the Agreement, Customer hereby authorizes (i) Metabase to engage Third Parties and (ii) Third Parties to engage sub-processors.
3.3 Metabase and Third-Party Compliance. Metabase agrees to (i) enter into a written agreement with Third Parties regarding such Third Parties’ Processing of Customer Personal Data that imposes on such Third Parties data protection and security requirements for Customer Personal Data that are compliant with Data Protection Laws; and (ii) remain responsible to Customer for Metabase’s Third Parties’ failure to perform their obligations with respect to the Processing of Customer Personal Data.
3.4. Right to Object to Third Parties. Where required by Data Protection Laws, Metabase will notify Customer prior to engaging any new Third Parties that Process Customer Personal Data by updating its subprocessor list at: metabase.com/hosting/subprocessors and allow Customer ten (10) days to object. If Customer has legitimate objections to the appointment of any new Third Party related to privacy or data protection, the Parties will work together in good faith to resolve the grounds for the objection for no less than thirty (30) days.
3.5. Confidentiality. Any person or Third Party authorized to Process Customer Personal Data must be subject to a duty of confidentiality, contractually agree to maintain the confidentiality of such information, or be under an appropriate statutory obligation of confidentiality.
3.6. Personal Data Inquiries and Requests. Where required by Data Protection Laws, Metabase agrees to provide reasonable assistance and comply with reasonable instructions from Customer related to any requests from individuals exercising their rights in Customer Personal Data granted to them under Data Protection Laws (e.g., access, rectification, erasure, data portability, etc.). If a request is sent directly to Metabase, Metabase shall notify Customer without undue delay.
3.7. Data Protection Assessment, Data Protection Impact Assessment and Prior Consultation. Where required by Data Protection Laws, Metabase agrees to provide reasonable assistance at Customer’s expense to Customer where, in Customer’s judgement, the type of Processing performed by Metabase requires a data protection assessment, data protection impact assessment, and/or prior consultation with the relevant data protection authorities.
3.8. Demonstrable Compliance. Metabase agrees provide information that is reasonably necessary to demonstrate compliance with this DPA upon reasonable request.
3.9. California Specific Terms. To the extent that Metabase’s Processing of Customer Personal Data is subject to the CCPA, this Section shall also apply. Customer discloses or otherwise makes available Customer Personal Data to Metabase for the limited and specific purpose of Metabase providing the Services to Customer in accordance with the Agreement and this DPA. Metabase shall: (i) comply with its applicable obligations under the CCPA; (ii) provide the same level of protection as required under the CCPA; (iii) notify Customer if it can no longer meet its obligations under the CCPA; (iv) not “sell” or “share” (as such terms are defined by the CCPA) Customer Personal Data; (v) not retain, use, or disclose Customer Personal Data for any purpose (including any commercial purpose) other than to provide the Services under the Agreement or as otherwise permitted under the CCPA; (vi) not retain, use, or disclose Customer Personal Data outside of the direct business relationship between Customer and Metabase; and (vii) unless otherwise permitted by the CCPA, not combine Customer Personal Data with Personal Data that Metabase (a) receives from, or on behalf of, another person, or (b) collects from its own, independent consumer interaction. Customer may: (1) take reasonable and appropriate steps agreed upon by the parties to help ensure that Metabase Processes Customer Personal Data in a manner consistent with Customer’s CCPA obligations; and (2) upon notice, take reasonable and appropriate steps agreed upon by the parties to stop and remediate unauthorized Processing of Customer Personal Data by Metabase.
4. Information Security Program
Metabase agrees to implement commercially reasonable technical and organizational measures designed to protect Customer Personal Data consistent with Data Protection Laws.
5. Security Incidents
Upon becoming aware of a Security Incident, Metabase agrees to provide written notice without undue delay and within the time frame required under Data Protection Laws to Customer by email to the email address associated with Customer’s account. Where possible, such notice will include all available details required under Data Protection Laws for Customer to comply with its own notification obligations to regulatory authorities or individuals affected by the Security Incident.
6. Cross-Border Transfers of Customer Personal Data
6.1. Cross-Border Transfers of Customer Personal Data. Customer authorizes Metabase and its Third Parties to transfer Customer Personal Data across international borders, including from the European Economic Area, Switzerland, and/or the United Kingdom to the United States.
6.2. EEA, Swiss, and UK Standard Contractual Clauses. If Customer Personal Data originating in the European Economic Area, Switzerland, and/or the United Kingdom is transferred by Customer to Metabase in a country that has not been found to provide an adequate level of protection under applicable Data Protection Laws, the parties agree that the transfer shall be governed by the Annex to the Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (“Standard Contractual Clauses”) as supplemented by Attachment 1 attached hereto, the terms of which are incorporated herein by reference. Where the Standard Contractual Clauses are applicable and Customer acts as a controller of Customer Personal Data with Metabase acting as a processor of Customer Personal Data, each party shall comply with its obligations under Module Two of the Standard Contractual Clauses. Where the Standard Contractual Clauses are applicable and Customer acts as a processor of Customer Personal Data with Metabase acting as a (sub)processor of Customer Personal Data, each party shall comply with its obligations under Module Three of the Standard Contractual Clauses. Each party’s execution of the Agreement shall be considered a signature to the Standard Contractual Clauses to the extent that the Standard Contractual Clauses apply hereunder.
7. Audits
7.1. Where Data Protection Laws afford Customer an audit right, Customer (or its appointed representative) may, not more than once annually, carry out an audit of Metabase’s Processing of Customer Personal Data by having Metabase complete a data protection questionnaire of reasonable length. Any such audit shall be subject to Metabase’s security and confidentiality terms and guidelines.
8. Data Deletion
8.1. At the expiry or termination of the Agreement, Metabase will, at Customer’s option, delete or return all Customer Personal Data (excluding any back-up or archival copies which shall be deleted in accordance with Metabase’s data retention schedule), except where Metabase is required to retain copies under applicable laws, in which case Metabase will isolate and protect that Customer Personal Data from any further Processing except to the extent required by applicable laws.
9. Processing Details
Subject Matter: The subject matter of the Processing is the Services pursuant to the Agreement.
Duration: The Processing will continue until the expiration or termination of the Agreement.
Categories of Data Subjects: Data subjects whose Personal Data will be Processed pursuant to the Agreement.
Nature and Purpose of the Processing: The purpose of the Processing of Customer Personal Data by Metabase is the performance of the Services.
Types of Customer Personal Data: Customer Personal Data that is Processed pursuant to the Agreement.
This Attachment 1 forms part of the DPA and supplements the Standard Contractual Clauses. Capitalized terms not defined in this Attachment 1 have the meaning set forth in the DPA.
The parties agree that the following terms shall supplement the Standard Contractual Clauses:
1. Supplemental Terms
The parties agree that: (i) a new Clause 1(e) is added the Standard Contractual Clauses which shall read: “To the extent applicable hereunder, these Clauses also apply mutatis mutandis to the Parties’ processing of personal data that is subject to the Swiss Federal Act on Data Protection. Where applicable, references to EU Member State law or EU supervisory authorities shall be modified to include the appropriate reference under Swiss law as it relates to transfers of personal data that are subject to the Swiss Federal Act on Data Protection.”; (ii) a new Clause 1(f) is added to the Standard Contractual Clauses which shall read: “To the extent applicable hereunder, these Clauses, as supplemented by Annex III, also apply mutatis mutandis to the Parties’ processing of personal data that is subject to UK Data Protection Laws (as defined in Annex III).”; (iii) the optional text in Clause 7 is deleted; (iv) Option 1 in Clause 9 is struck and Option 2 is kept, and data importer must notify data exporter of any new subprocessors in accordance with Section 3.4 of the DPA; (v) the optional text in Clause 11 is deleted; and (vi) in Clauses 17 and 18, the governing law and the competent courts are those of Ireland (for EEA transfers), Switzerland (for Swiss transfers), or England and Wales (for UK transfers).
2. Annex I
Annex I to the Standard Contractual Clauses shall read as follows:
A. List of Parties
Data Exporter: Customer
Address: As set forth in the applicable Order.
Contact person’s name, position, and contact details: As set forth in the applicable Order.
Activities relevant to the data transferred under these Clauses: The Services.
Role: Controller (Module Two); Processor (Module Three).
Data Importer: Metabase
Address: As set forth in the applicable Order.
Contact person’s name, position, and contact details: As set forth in the applicable Order.
Activities relevant to the data transferred under these Clauses: The Services.
Role: Processor.
B. Description of the Transfer:
Categories of data subjects whose personal data is transferred: Data Subjects whose Customer Personal Data is processed under the Agreement including, but not limited to, Customer’s employees, contractors, contingent workers, and end users.
Categories of personal data transferred: The categories of Customer Personal Data that are processed under the Agreement including, but not limited to, name, address, email address, IP addresses, etc.
Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures: To the parties knowledge, no sensitive data is transferred.
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis): Customer Personal Data is transferred by virtue of Customer uploading Customer Personal Data to the Services.
Nature of the processing: The Services.
Purpose(s) of the data transfer and further processing: The Services.
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period: Metabase will retain Customer Personal Data in accordance with the Agreement.
For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing: For the subject matter, nature, and duration as identified above.
C. Competent Supervisory Authority: The supervisory authority mandated by Clause 13. If no supervisory authority is mandated by Clause 13, then the Irish Data Protection Commission (DPC), and if this is not possible, then as otherwise agreed by the parties consistent with the conditions set forth in Clause 13.
D. Clarifying Terms: The parties agree that: (i) the certification of deletion required by Clause 8.5 and Clause 16(d) of the Clauses will be provided upon data exporter’s written request; (ii) the measures data importer is required to take under Clause 8.6(c) of the Clauses will only cover data importer’s impacted systems; (iii) the audit described in Clause 8.9 of the Clauses shall be carried out in accordance with Section 7 of the DPA; (iv) the termination right contemplated by Clause 14(f) and Clause 16(c) of the Clauses will be limited to the termination of the Clauses; (v) unless otherwise stated by data importer, data exporter will be responsible for communicating with data subjects pursuant to Clause 15.1(a) of the Clauses; (vi) the information required under Clause 15.1(c) of the Clauses will be provided upon data exporter’s written request; and (vii) notwithstanding anything to the contrary, data exporter will reimburse data importer for all costs and expenses incurred by data importer in connection with the performance of data importer’s obligations under Clause 15.1(b) and Clause 15.2 of the Clauses without regard for any limitation of liability set forth in the Agreement.
3. Annex II
Annex II of the Standard Contractual Clauses shall read as follows:
Data importer shall implement and maintain technical and organisational measures designed to protect personal data in accordance with the DPA.
Pursuant to Clause 10(b), data importer will provide data exporter assistance with data subject requests in accordance with the DPA.
4. Annex III
A new Annex III shall be added to the Standard Contractual Clauses and shall read as follows:
The UK Information Commissioner’s Office International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (“UK Addendum”) is incorporated herein by reference.
Table 1: The start date in Table 1 is the effective date of the DPA. All other information required by Table 1 is set forth in Annex I, Section A of the Clauses.
Table 2: The UK Addendum forms part of the version of the Approved EU SCCs which this UK Addendum is appended to including the Appendix Information, effective as of the effective date of the DPA.
Table 3: The information required by Table 3 is set forth in Annex I and II to the Clauses.
Table 4: The parties agree that Importer may end the UK Addendum as set out in Section 19.
These Attached Data Warehouse Terms (this “Exhibit C”) will apply if you have purchased a license to access or use the Attached Data Warehouse (defined below) as described in Section 1 of this Exhibit C below. Capitalized terms used but not otherwise defined in this Exhibit C will have the meanings ascribed to them in the Agreement.
1. Attached Data Warehouse; License. You may purchase a license to access data storage via the Subscription Services or otherwise through a checkout flow or other area of Metabase’s online webstore or as noted in the Order (“Attached Data Warehouse”). The Attached Data Warehouse is hosted by Metabase (or its third-party data storage or database management system provider(s)) and is designed to enable you to connect the data uploaded to the Attached Data Warehouse to the Subscription Services. Subject to your payment of the Attached Data Warehouse Fees, Metabase grants you a limited, non-exclusive, non-transferable, non-sublicensable, license, during the Subscription Term, to access the Attached Data Warehouse to upload data into the Attached Data Warehouse solely for use in connection with the Subscription Services, and in such case the Attached Data Warehouse will be deemed a part of the Subscription Services, and all references to the Subscription Services in the Agreement will include reference to the Attached Data Warehouse, as applicable.
2. Uploaded Customer Data For purposes of the Agreement (including this Exhibit C), “Uploaded Customer Data” means any and all data, information, and materials which you upload or transmit to, or otherwise store in, the Attached Data Warehouse. Notwithstanding anything to the contrary in the Agreement, Customer Data will include Uploaded Customer Data. For clarity, Metabase will use Uploaded Customer Data solely in connection with providing the Attached Data Warehouse and Services, and not to develop or improve the Services.
3. License to Uploaded Customer Data. In addition to the licenses granted elsewhere in the Agreement, you hereby grant Metabase (and its third-party data storage or database management system provider(s)) a non-exclusive, worldwide license to access, store, and host the Uploaded Customer Data in the Attached Data Warehouse for purposes of the Agreement and the provision of Subscription Services.
4. Fees. You will pay all fees applicable to your access to and use of the Attached Data Warehouse, as communicated to you via the Subscription Services or otherwise through a checkout flow or other area of Metabase’s online webstore (“Attached Data Warehouse Fees”). Metabase may immediately suspend or terminate your access to the Attached Data Warehouse if you fail to timely pay Attached Data Warehouse Fees when due.
5. No PHI or NPI; Representations and Warranties; Indemnification. You represent and warrant that the (i) you will not transmit, upload, or otherwise provide any Protected Health Information (PHI) (as defined by the Health Insurance Portability and Accountability Act of 1996) or nonpublic personal information (NPI) (as defined by the Gramm-Leach-Bliley Act) to the Attached Data Warehouse; and (ii) you have all necessary rights, permissions, consents, and authority to transmit, upload, and provide Uploaded Customer Data to the Attached Data Warehouse, and such transmission, upload, and provision will not infringe any third-party’s intellectual property rights or violate applicable law. You agree to defend and indemnify Metabase, at your expense, against any legal action brought against Metabase by a third party to the extent that it is based on a claim in connection with your use of the Attached Data Warehouse in a manner that is not in accordance with this Agreement or which violates applicable law.
6. Data Retention. Notwithstanding anything to the contrary in the Agreement, upon termination or expiration of the Agreement, Metabase may retain Uploaded Customer Data for up to one hundred eighty (180) days thereafter pursuant to its backup and archival policies.
