Terms of Service - eventabee

These Terms of Service ("Terms") form a binding agreement between HONEYBOUND LLC, an Arizona limited liability company with its principal place of business at 3101 N. Central Ave, Ste 183 #6958, Phoenix, Arizona 85012, United States ("honeybound", "Eventabee", "we", "us", or "our"), and the Shopify merchant installing or using the Eventabee application and associated services (the "Service") ("Merchant", "you", or "your").

BY INSTALLING, ACCESSING, OR USING THE SERVICE, YOU AGREE TO BE BOUND BY THESE TERMS, INCLUDING THE BINDING INDIVIDUAL ARBITRATION AND CLASS ACTION WAIVER IN SECTION 17. IF YOU DO NOT AGREE, DO NOT INSTALL OR USE THE SERVICE.

1. The Service

Eventabee is a server-side event tracking and consent management application for Shopify merchants. The Service captures storefront and webhook events, normalizes and enriches them, enforces consent-category gating, and forwards events to third-party advertising, analytics, and data platforms that you configure.

The Service is offered through the Shopify App Store and is subject to the Shopify Terms of Service and Shopify API Terms. These Terms supplement those agreements; any conflict is resolved in favor of Shopify's terms as between you and Shopify, and in favor of these Terms as between you and honeybound.

2. Eligibility and Accounts

You represent and warrant that: (a) you are at least 18 years old and have legal capacity to contract; (b) you are authorized to bind the entity operating the Shopify store; (c) your use of the Service will not violate any law, regulation, or third-party right; and (d) you are not located in, or a resident of, any country subject to a US embargo, and are not on any US government restricted-party list.

You are responsible for safeguarding access credentials to your Shopify store and to the Service. honeybound is not liable for loss or damage arising from your failure to do so.

3. Merchant Responsibilities and Representations

You acknowledge that, with respect to end-customer data, you are the data controller / business and honeybound acts as your processor / service provider. You represent, warrant, and covenant that:

You have provided all legally required notices to your end-customers, including disclosure of server-side tracking, hashed-PII forwarding to advertising platforms, the use of advertising cookies, the use of the consent banner, and any applicable "sale" or "sharing" of personal information under US state privacy laws.
You have obtained all consents and have a valid legal basis for processing the data you direct honeybound to process on your behalf.
You will configure the consent banner and category gating appropriately for the jurisdictions in which your end-customers reside, and will honor opt-out requests and Global Privacy Control signals.
You will not use the Service to process special-category data (GDPR Art. 9), children's data in violation of applicable law, or any data you are not legally entitled to share.
You will comply with the terms, policies, and data-use requirements of every destination platform you enable, and you alone are responsible for maintaining valid credentials and lawful use of each destination.
For custom destinations, you are solely responsible for the security, availability, and lawful use of the endpoint you specify; honeybound is not liable for any loss, breach, or misuse arising from data delivered to a merchant-controlled endpoint.
You will maintain a publicly accessible, accurate privacy policy on your storefront that satisfies the requirements of Shopify, GDPR, CCPA/CPRA, and other applicable laws.

Failure to comply with this Section 3 is a material breach of these Terms and may result in immediate suspension or termination of the Service.

4. Acceptable Use

You will not, and will not permit any third party to:

Use the Service in violation of any law, regulation, or third-party right;
Use the Service to collect, process, or transmit data without the legally required consent, notice, or opt-out mechanisms;
Reverse engineer, decompile, disassemble, or attempt to derive the source code of the Service, except to the extent such restriction is prohibited by applicable law;
Circumvent rate limits, authentication, quota enforcement, or any technical measure;
Submit malicious code, conduct penetration testing without prior written consent, or interfere with the Service's operation or security;
Use the Service to send unsolicited commercial messages or to violate any destination platform's acceptable use, advertising, or data policies;
Transmit artificial traffic, botnet traffic, or events not originating from genuine end-customer interactions with your storefront;
Resell, sublicense, or make the Service available to any third party, except for your authorized agents acting on your behalf;
Use the Service to benchmark, build a competing product, or extract data for the purpose of replicating the Service.

5. Fees, Billing, and Plans

The Service is offered in four plan tiers: Free, Pro ($49/month), Business ($199/month), and Scale ($599/month). Current plan features, limits, and pricing are shown in-app and may change on 30 days' notice.

Paid plans are billed through Shopify Billing. By subscribing, you authorize Shopify to charge your Shopify-associated payment method on a recurring basis.
All fees are in US dollars and exclusive of applicable taxes, which you are responsible for paying.
You may upgrade, downgrade, or cancel at any time. Cancellation takes effect at the end of the then-current billing period.
All fees are non-refundable, and no refunds or credits are provided for partial billing periods, unused features, or downgrades.
Downgrades may result in loss of access to features and data beyond the new plan's limits and retention window.
If payment fails, we may suspend the Service and/or downgrade the account to Free until payment is restored.

6. Data Retention and Deletion

Event data is retained according to your plan tier:

Free: 1 day
Pro: 14 days
Business: 30 days
Scale: 30 days

On Business-tier plans, consent audit receipts are retained for 365 days and contain only a one-way SHA-256 visitor hash (no raw IP or user agent). Browser session cache entries expire after 30 days in Redis.

Upon uninstallation of the Service:

Shopify access tokens are invalidated immediately.
Redis cache entries for the shop are cleared immediately.
All shop data (events, destinations, consent configuration, receipts) is permanently deleted within 48 hours of Shopify's shop/redact webhook.

7. Third-Party Destinations and Custom Endpoints

You control which destinations receive your event data. Once delivered to a destination, data is governed by that destination's terms and privacy policy. honeybound has no responsibility for:

The availability, accuracy, or security practices of any third-party destination;
Attribution accuracy, campaign performance, or ROI resulting from data forwarded to any destination;
Changes to third-party APIs, deprecations, or rejection of events by a destination;
Data handling by any endpoint you designate as a custom destination.

You are responsible for maintaining valid API credentials and for using each destination in compliance with its terms.

8. Intellectual Property

honeybound and its licensors own all right, title, and interest in and to the Service, including all software, designs, trademarks, and documentation. Subject to these Terms, we grant you a limited, non-exclusive, non-transferable, non-sublicensable, revocable license to use the Service during the subscription term for your internal business purposes.

You retain all rights in the data you submit to the Service. You grant honeybound a worldwide, royalty-free license to process, transmit, store, display, and create derivative works of such data solely as necessary to provide, secure, and improve the Service, and to produce aggregated, de-identified statistics that cannot reasonably be used to identify you, your end-customers, or your store.

9. Feedback

If you provide suggestions, feedback, or ideas regarding the Service, you grant honeybound a perpetual, irrevocable, royalty-free, worldwide license to use and incorporate them without restriction or compensation to you.

10. Beta Features

Features designated as "beta", "preview", "early access", or similar (including, from time to time, consent backfill and custom destination templates) are provided "AS IS" for evaluation, may be modified or withdrawn at any time, are excluded from any service-level commitment, and carry no warranty or indemnity.

11. Confidentiality

Each party will protect the other's non-public business, technical, and commercial information disclosed in connection with the Service using the same care it uses to protect its own confidential information (and not less than reasonable care), and will use it only to perform under these Terms. This obligation does not apply to information that is public, independently developed, rightfully obtained from a third party, or required to be disclosed by law.

12. Security

honeybound implements commercially reasonable technical and organizational measures to protect the Service, including TLS in transit, encrypted storage of access tokens, HMAC-verified webhooks, SSRF-validated custom destinations, rate limiting, and restricted production access. Full measures are described in our Privacy Policy.

Breach notification. We will notify you of a personal data breach affecting your data without undue delay and in any event within 72 hours of becoming aware, by email to the address associated with your Shopify store.

13. Disclaimer of Warranties

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE", WITHOUT WARRANTY OF ANY KIND, EXPRESS, IMPLIED, OR STATUTORY. HONEYBOUND, ITS AFFILIATES, AND ITS LICENSORS AND SUPPLIERS DISCLAIM ALL WARRANTIES, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, TITLE, ACCURACY, QUIET ENJOYMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

WE DO NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, TIMELY, ERROR-FREE, SECURE, OR FREE OF HARMFUL COMPONENTS, THAT ANY DATA WILL BE DELIVERED TO ANY DESTINATION, THAT CONSENT GATING WILL ACHIEVE ANY PARTICULAR COMPLIANCE OUTCOME, OR THAT ATTRIBUTION, CAMPAIGN PERFORMANCE, OR ROI WILL RESULT FROM USE OF THE SERVICE.

NO ADVICE OR INFORMATION OBTAINED FROM THE SERVICE OR FROM HONEYBOUND CREATES ANY WARRANTY NOT EXPRESSLY STATED IN THESE TERMS.

14. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL HONEYBOUND, ITS AFFILIATES, OR ITS LICENSORS, SUPPLIERS, OR PERSONNEL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR ANY LOSS OF PROFITS, REVENUE, GOODWILL, BUSINESS OPPORTUNITY, OR DATA, ARISING OUT OF OR RELATING TO THESE TERMS OR THE SERVICE, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR ANY OTHER THEORY, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, OUR TOTAL CUMULATIVE LIABILITY FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THESE TERMS OR THE SERVICE WILL NOT EXCEED THE GREATER OF (A) THE AMOUNTS YOU PAID TO US FOR THE SERVICE IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM, OR (B) ONE HUNDRED US DOLLARS (US$100).

THESE LIMITATIONS APPLY REGARDLESS OF THE FAILURE OF ANY LIMITED OR EXCLUSIVE REMEDY OF ITS ESSENTIAL PURPOSE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF CERTAIN DAMAGES; IN SUCH JURISDICTIONS, OUR LIABILITY IS LIMITED TO THE MAXIMUM EXTENT PERMITTED BY LAW.

THE LIMITATIONS IN THIS SECTION 14 DO NOT APPLY TO YOUR OBLIGATION TO PAY FEES DUE OR TO YOUR INDEMNIFICATION OBLIGATIONS IN SECTION 15.

15. Indemnification

You will defend, indemnify, and hold harmless honeybound, its affiliates, and their officers, directors, employees, contractors, and agents (each an "Indemnified Party") from and against any and all third-party claims, actions, proceedings, losses, damages, fines, penalties, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of or relating to:

Your breach or alleged breach of these Terms, including your representations in Section 3;
Your violation of any applicable law or regulation, including data protection, consumer protection, advertising, and marketing laws;
Your violation or infringement of any third-party right, including intellectual property, privacy, or publicity rights;
Any claim by an end-customer of your store, or by a regulator, arising from the collection, processing, sharing, or "sale" of personal information through the Service;
Your configuration of destinations, including any custom destination endpoint you designate and any use of a raw JSON template;
Your failure to obtain required consents, provide required notices, or honor opt-out requests;
Your violation of any destination platform's terms, advertising policies, or data policies;
Content, events, or data that you or your end-customers submit to the Service.

We will: (i) promptly notify you of the claim (failure to do so will not relieve you of your obligations except to the extent you are materially prejudiced); (ii) grant you sole control of the defense and settlement, provided no settlement may admit liability on, or impose non-monetary obligations on, an Indemnified Party without our prior written consent; and (iii) reasonably cooperate at your expense.

16. Term, Suspension, and Termination

These Terms commence when you install the Service and continue until terminated. Either party may terminate these Terms at any time. You terminate by uninstalling the Service. We may suspend or terminate the Service, with or without notice, if: (a) you breach these Terms; (b) we reasonably believe your use poses a security, legal, or reputational risk to honeybound, Shopify, end-customers, or other merchants; (c) required by law or by Shopify; or (d) we cease to offer the Service.

Upon termination: your license ends; we will process data deletion as described in Section 6; and Sections 3, 7 (with respect to pre-termination conduct), 8, 9, 11, 13, 14, 15, 17, 18, and 19 will survive.

17. Governing Law; Binding Arbitration; Class-Action Waiver

17.1 Governing Law

These Terms are governed by the laws of the State of Arizona, USA, without regard to its conflict-of-laws principles. The United Nations Convention on Contracts for the International Sale of Goods does not apply.

17.2 Binding Arbitration

You and honeybound agree that any dispute, claim, or controversy arising out of or relating to these Terms or the Service, including its formation, interpretation, breach, or termination (a "Dispute"), will be resolved by binding individual arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules, and, for claims of US$250,000 or less, the AAA Consumer Arbitration Rules where applicable.

The arbitration will be conducted by a single arbitrator, seated in Maricopa County, Arizona, and conducted in English. Judgment on the award may be entered in any court of competent jurisdiction. The Federal Arbitration Act governs the interpretation and enforcement of this Section 17.

17.3 Class-Action Waiver

YOU AND HONEYBOUND AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN AN INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, COLLECTIVE, OR REPRESENTATIVE PROCEEDING. The arbitrator may not consolidate more than one party's claims and may not preside over any form of representative or class proceeding. If this waiver is found unenforceable, the remainder of Section 17 is null and void, and the Dispute must proceed exclusively in the courts identified in Section 17.5.

17.4 Carve-Outs

The following are excluded from Section 17.2 and may be brought in court: (a) claims for preliminary injunctive or equitable relief to protect intellectual property rights, confidential information, or to prevent unauthorized use of the Service; (b) small-claims court actions within that court's jurisdictional limits; and (c) claims that cannot be arbitrated as a matter of applicable law.

17.5 Exclusive Venue for Non-Arbitrable Claims

For any Dispute not subject to arbitration, you and honeybound consent to the exclusive jurisdiction of the state and federal courts located in Maricopa County, Arizona, and waive any objection to venue or forum non conveniens.

17.6 Time Limit

Any Dispute must be filed within one (1) year after it arose; otherwise it is permanently barred.

18. Force Majeure

honeybound is not liable for any failure or delay in performance caused by events beyond its reasonable control, including acts of God, war, terrorism, civil unrest, epidemic or pandemic, government action, labor disputes, internet or telecommunications failures, cyberattacks, failures or changes by Shopify or destination platforms, or failures of third-party infrastructure providers.

19. General

Entire Agreement. These Terms, our Privacy Policy, the DPA in Section 20, and any order or plan page referenced in-app constitute the entire agreement between you and honeybound regarding the Service and supersede all prior agreements on the subject.
Amendments. We may update these Terms. Material changes will be posted with a revised "Last updated" date and, where practicable, notified in-app or by email. Continued use after the effective date constitutes acceptance.
Assignment. You may not assign these Terms without our prior written consent. We may assign these Terms in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of our assets.
Severability. If any provision is held unenforceable, the remaining provisions remain in full force, and the unenforceable provision will be modified only to the minimum extent necessary to make it enforceable.
No Waiver. Failure to enforce any provision is not a waiver of future enforcement.
Independent Contractors. The parties are independent contractors. These Terms do not create any agency, partnership, joint venture, or employment relationship.
No Third-Party Beneficiaries. There are no third-party beneficiaries to these Terms.
Notices to honeybound must be sent to [email protected] with a copy by certified mail to HONEYBOUND LLC, 3101 N. Central Ave, Ste 183 #6958, Phoenix, Arizona 85012, USA. Notices to you may be sent via the email associated with your Shopify store or posted in-app.
Export Compliance. You will comply with all US and other applicable export-control and sanctions laws.
US Government Rights. The Service is "commercial computer software" under FAR 12.212 and DFARS 227.7202. Use by US government entities is subject to these Terms.
Headings are for convenience only and have no interpretive effect.

20. Data Processing Addendum (DPA)

This Data Processing Addendum ("DPA") forms part of the Terms and applies to honeybound' processing of Personal Data on behalf of Merchant. Capitalized terms used in this DPA and not defined elsewhere have the meanings set forth in the GDPR.

20.1 Roles of the Parties

For Personal Data relating to end-customers of Merchant's store ("Customer Personal Data"), Merchant is the Controller / Business and honeybound is the Processor / Service Provider. honeybound will process Customer Personal Data only on Merchant's documented instructions, which consist of these Terms, the configuration of the Service (destinations, field mappings, consent categories, retention plan), and any additional written instructions agreed by the parties.

20.2 Scope, Subject Matter, and Duration

Subject matter: provision of the Eventabee Service.
Duration: the term of Merchant's use of the Service plus deletion periods in Section 6 of the Terms.
Nature and purpose: ingestion, normalization, enrichment, consent-gating, storage, and forwarding of storefront and webhook events to Merchant-configured destinations.
Categories of data subjects: end-customers and visitors of Merchant's Shopify store.
Categories of Personal Data: as described in Section 3 of the Privacy Policy.

20.3 honeybound Obligations

Process Customer Personal Data only on documented instructions from Merchant and in compliance with GDPR Art. 28.
Ensure personnel authorized to process Customer Personal Data are bound by confidentiality.
Implement appropriate technical and organizational measures as described in Section 11 of the Privacy Policy and updated from time to time.
Assist Merchant, taking into account the nature of processing, in responding to data subject requests and to meeting obligations under GDPR Art. 32–36 (security, breach notification, DPIAs).
At Merchant's choice, delete or return all Customer Personal Data at the end of the Service, except as required by law to retain.
Make available information necessary to demonstrate compliance with GDPR Art. 28 and allow for audits as set out in §20.7.
Notify Merchant without undue delay and in any event within 72 hours of becoming aware of a Personal Data Breach affecting Customer Personal Data.

20.4 Sub-Processors

Merchant provides a general authorization for honeybound to engage sub-processors, listed in Section 5.2 of the Privacy Policy and updated there from time to time. honeybound imposes on each sub-processor, by contract, data-protection obligations substantially equivalent to those in this DPA. honeybound remains liable to Merchant for each sub-processor's performance. honeybound will notify Merchant of additions or replacements of sub-processors in advance via in-app notice or update to the Privacy Policy; Merchant may object on reasonable grounds within 14 days, and the parties will work in good faith to resolve the objection, failing which Merchant's sole remedy is to terminate the Service.

20.5 International Transfers

Where transfer of Customer Personal Data from the EEA, UK, or Switzerland to a country not recognized as providing an adequate level of protection occurs, the parties incorporate the Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914), with Merchant as data exporter and honeybound as data importer, Module Two (Controller-to-Processor) for direct Controller engagements and Module Three (Processor-to-Processor) where Merchant acts as a processor itself. For UK transfers, the UK International Data Transfer Addendum is incorporated. The parties agree that the optional clauses take the following form: docking clause included; Clause 8.9(c) audits are subject to §20.7; Clause 9(a) uses Option 2 with 14-day notice; Clause 17 Option 1 with governing law of the Republic of Ireland for EU transfers; Clause 18(b) courts of the Republic of Ireland.

20.6 Data Subject Requests and Assistance

honeybound will, at Merchant's reasonable request and expense, provide reasonable assistance to enable Merchant to respond to requests from data subjects exercising their rights under applicable law. Requests received by honeybound directly from a data subject will be forwarded to the Merchant without response (except to acknowledge receipt), unless legally required otherwise.

20.7 Audit Rights

honeybound will make available to Merchant on reasonable written request the information necessary to demonstrate compliance with this DPA, including third-party attestations and summaries of security measures. On-site audits are available only where strictly required by applicable law or regulator order, at Merchant's expense, on at least 30 days' written notice, no more than once per 12 months, during normal business hours, subject to confidentiality obligations, and must not unreasonably disrupt honeybound' operations or compromise the data of other customers.

20.8 CCPA/CPRA Service Provider Terms

To the extent honeybound processes Personal Information (as defined by the CCPA/CPRA) on behalf of Merchant, honeybound acts as a "Service Provider" and will not: (a) sell or share such Personal Information; (b) retain, use, or disclose it outside the direct business relationship with Merchant or for any purpose other than the specified business purpose of providing the Service; or (c) combine it with Personal Information received from other sources except as permitted under CCPA/CPRA regulations. honeybound certifies it understands and will comply with these restrictions.

20.9 Liability under this DPA

The liability of each party under this DPA is subject to the limitations and exclusions of liability set out in Section 14 of the Terms. Where Section 14 and this §20.9 conflict with the liability provisions of the Standard Contractual Clauses, the SCCs prevail only to the extent required by law.

21. Contact

HONEYBOUND LLC
3101 N. Central Ave, Ste 183 #6958
Phoenix, Arizona 85012, United States
Email: [email protected]