ProvenDB - Licence Agreement

ProvenDB End User Licence Agreement.

Southbank Software Pty Ltd. ("The Service Provider") is pleased to offer certain Blockchain-enabled database cloud services involving the use of ProvenDB ("Services") according to the terms and conditions in this Agreement ("Agreement"). By creating an account to use the Services, you agree to this Agreement. In creating an account, you will complete the Plan Selection page on our website to choose your particular Service and the relevant Service limitations. If you represent an organization, you represent and warrant that you are authorized to agree to this Agreement on behalf of your organization. If you do not agree to this Agreement, do not use the Services.

Shape 1 Shape 14 Shape Shape 3

1. Services.

1.1 You may access and use the Services in accordance with this Agreement. The target service level for this Agreement is 99% uptime in any given month. The Services may include features or services that have separate rules specific to the feature or service. You will comply with all laws, rules, and regulations applicable to the use of the Services and any additional feature or service you use. You may access and use the Services solely for your internal business purposes. You understand and agree that the Service Provider may change, suspend, or discontinue any part of the Services and the Services as a whole. The Service Provider will notify you of any material change to or discontinuation of the Services by email or via the Service Provider website.

2. Registration and Your Account.

2.1 To register to use the Services, you must create a username and password and provide the Service Provider with the information requested in the registration process, including your email address. Do not disclose your username or password information to any unauthorized persons. You are responsible for all activities that occur under your account, regardless of whether undertaken by you, your employees, or a third party (including contractors or agents), and the Service Provider and its affiliates are not responsible for unauthorized access to your account. You will contact the Service Provider immediately if you believe an unauthorized third party may be using your account or if your account information is lost or stolen. You will provide complete and accurate information during the registration process, and you will update it to ensure it remains accurate.

3. Your Data and Data Processing.

3.1 You are solely responsible for the development, content, operation, maintenance, and use of your data. You will ensure that your data, and your use of it, complies with this Agreement and any applicable law. You are responsible for properly configuring and using the Services and taking your own steps to maintain appropriate security, protection, and backup of your data.

3.2 The Service Provider will use commercially reasonable efforts to prevent the unauthorized disclosure or destruction of your stored information and data. The Service Provider routinely collects and analyses metadata, excluding any personal data. The Service Provider uses this information to gauge service levels and application performance and for its own marketing purposes. The Service Provider will use commercially reasonable efforts to provision the necessary storage space to move your data to backup media. Notwithstanding anything herein, if you provision the free instance of ProvenDB, the Service Provider may suspend that instance if there has been no activity in it for 30 days. You can then re-enable this instance manually at any time by following the procedure outlined in the Services Panel at

3.3 All data stored in ProvenDB ('the ProvenDB Data") ultimately resides in a Mongo DB Atlas database ("the Atlas Database") provided under licence (" the Mongo DB Service Agreement") to the Service Provider by Mongo DB, Inc ("Mongo DB"). Accordingly, notwithstanding any other provision in this section 3, you acknowledge and agree to the following:

  • Responsibility by the Service Provider to you for the availability, integrity, and data recovery of the ProvenDB Data is maintained at the same service levels as those provided by Mongo DB to the Service Provider, which are found at
  • The Service Provider and the Services are subject to the provisions regarding data in the Mongo DB Service Agreement; and
  • You do not have direct access to the Atlas Database, but you have the right, and the ability to create a back up of your data is stored in the Atlas Database.

3.4 ProvenDB stores hashed identifiers on the Bitcoin Blockchain, which can be used to prove the provenance and integrity of your data. These are SHA 256 Merkle tree root hashes created from your data. These hashes cannot be used to extract any personal information or your data. No meaning can be assigned to these hashes.

3.5 For the purposes of this Section 3, the terms "controller," "data subjects," "personal data," "processor," "processing," and "supervisory authority" shall have the meaning given to them by the European Union Regulation 2016/679 ("GDPR"). The Service Provider will process any personal data you include in your use of the Services (the "Customer Personal Data") on your behalf as a processor, and you are the controller of such data.

3.6 Each party undertakes to comply with all data protection legislation applicable to it ("Data Protection Law") and shall not knowingly cause the other to breach Data Protection Law.

3.7 The Service Provider will process Customer Personal Data only in accordance with your documented instructions and not for its own purposes. If the Service Provider is required to process Customer Personal Data for any other purpose by European Union or Member State law to which the Service Provider is subject, the Service Provider shall inform you of this requirement before the processing, unless that law prohibits this on substantial grounds of public interest.

3.8 The Service Provider will ensure that its personnel who have access to the Customer Personal Data have committed themselves to confidentiality and are aware of and comply with Service Provider duties and their personal duties and obligations under this Agreement.

3.9 The Service Provider will implement appropriate technical and organizational security measures to ensure a level of security appropriate to the risks that are presented by the processing of Customer Personal Data. A description of those technical and organizational security mesures is located at In case of a personal data breach that affects Customer Personal Data, the Service Provider will notify you without undue delay after becoming aware of it.

3.10 You acknowledge and agree that the Service Provider may retain its affiliates and other third parties as sub-processors (all together "Sub-Processors") in connection with the provision of the Services having imposed on such Sub-Processors the same data protection obligations as are imposed on the Service Provider under this Agreement. The Service Provider will be liable to you for the performance of the Sub-Processors' obligations. Where possible, the Service Provider will inform you in advance of any changes concerning the addition or replacement of third party processors.

3.11 The unique characteristics of a Blockchain database place upon you, as the controller, additional obligations under Data Protection Laws. When a data subject exercises the ' right to be forgotten,' the Service Provider will provide mechanisms to redact data in compliance with the Right to be Forgotten request. These mechanisms provide redaction of all data other than the Primary Key, which must be retained within the Blockchain proof. Consequently, you should avoid storing personally identifiable information inside a Primary Key. The Primary Key is the data attribute used to identify a record uniquely. Under the Mongo DB Protocol, the Primary Key is the "_ id" attribute.

3.12 The Service Provider will assist you, at your cost, to ensure compliance with the obligations under the GDPR with respect to security, breach notifications, impact assessments, and consultations with supervisory authorities or regulators.

3.13 Upon termination of this Agreement or upon your request, the Service Provider, will destroy or return all Customer Personal Data to you (unless European Union or Member State law requires the storage of the Customer Personal Data).

3.14 The Service Provider will make available to you all information reasonably necessary to demonstrate compliance with the obligations laid down in this section and allow for and contribute to audits, including inspections, conducted by you, or an auditor mandated by you.

4. Payment and Taxes.

4.1 The Service Provider currently offers a free service and a selection of paid services. The Plan Selection page on our website lists the service options and the fees and limitations for each option. The Service Provider will give one month's notice of any fee increase. Fees are paid in advance for each month. No refund is offered for any Services terminated during a month.

4.2 We do not collect or charge any taxes on your behalf. You are responsible for ensuring compliance with all relevant taxation laws in your jurisdiction.

4.3 If the Service does not meet the target service level, you will be entitled to a pro-rata refund of fees paid for that month. This only covers downtime associated with or caused by failures of the Service Provider. For example, but not limited to, network faults external to the Service Provider system are explicitly excluded.

5. Term; Termination.

5.1 The term of this Agreement commences when you create an account and will remain in effect until terminated in accordance with this Agreement. You may terminate this Agreement for convenience by terminating all Services under your account, and the Service Provider may terminate this Agreement for any reason by providing you 30 days' advance notice. The Service Provider may also terminate your account and this Agreement, or suspend your account, immediately if the Service Provider determines that:

  • You have failed to pay your fees for a period of 14 days after the due date;
  • Your use of the Services poses a security risk to the Services or any third party;
  • Your use of the Services may adversely impact the Services;
  • Your use of the Services may subject the Service Provider, its affiliates, or any third party to liability;
  • Your use of the Services may be fraudulent;
  • You are in breach of this Agreement; or
  • You have ceased to operate in the ordinary course, made an assignment for the benefit of creditors or similar disposition of your assets, or become the subject of any bankruptcy, reorganization, liquidation, dissolution or similar proceeding.

5.2 Effect of Termination. Upon termination of this Agreement:

  • All your rights under this Agreement immediately terminate and
  • You remain responsible for all fees and charges you have incurred through the date of termination, including fees and charges for in-process tasks completed after the date of termination. The Service Provider has no obligation to continue to store the data contained in backup snapshots or a ProvenDB instance that you have terminated or after the termination of this Agreement.

6. Intellectual Property Rights and Ownership.

6.1 Your Data. You represent and warrant to the Service Provider that:

  • You or your licensors own all right, title, and interest in and to your data;
  • You have all rights in your data necessary to grant the rights contemplated by this Agreement; and
  • None of your data violates this Agreement, any applicable law or any third party's intellectual property or other rights.

6.2 The Service. You may not:

  • Modify, alter, tamper with, repair, or otherwise create derivative works of any software included in the Service;
  • Reverse engineer, disassemble, or decompile the Services or apply any other process or procedure to derive the source code of any software included in the Service;
  • Access or use the Services in a way intended to avoid incurring fees or exceeding usage limits or quotas;
  • Resell or sublicence the Service;
  • Attempt to disable or circumvent any security mechanisms used by the Services;
  • Use the Services to perform a malicious activity; or
  • Upload or otherwise process any malicious content to or through the Services.

6.3 No Other Rights. This Agreement does not transfer any right, title, or interest in any intellectual property right to the other, except as expressly set forth in this Agreement. You are not obligated to provide the Service Provider with any suggestions or other feedback about the Services or otherwise, but if you do, the Service Provider may use and modify this feedback without any restriction or payment.

7. No Warranty.

7.1 The Services are provided on an "AS IS" and "AS AVAILABLE" basis and with no representation or warranty of any kind. Except to the extent prohibited by law, the Service Provider disclaims any implied or statutory warranty, including any implied warranty of merchantability or fitness for a particular purpose, and any warranty arising out of any course of dealing or usage of trade.

8. Limitation of Liability.

8.1 The Service Provider and its affiliates and licensors will not be liable to you for any indirect, incidental, special, consequential or exemplary damages (including damages for loss of profits, goodwill, use, or data). The Service Provider and its affiliates and licensors will not be responsible for any compensation, reimbursement, or direct damages arising in connection with:

  • Your inability to use the Service,
  • The cost of procurement of substitute goods or services;
  • Any investments, expenditures, or commitments by you in connection with this Agreement or your use of or access to the Service; or
  • Any unauthorized access to, alteration of, or the deletion, destruction, damage, loss or failure to store any of your content or other data. The Service Provider and its affiliates' and licensors' aggregate liability for any permitted direct damages under this agreement will be limited to the amount you pay the Service Provider under this agreement for the Services that gave rise to the claim during the 12 months preceding the claim.

9. Indemnification.

9.1 You will defend, indemnify, and hold harmless the Service Provider, its affiliates and licensors, and each of their respective employees, officers, directors, and representatives from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising out of or relating to any third party claim concerning:

  • Your use of the Services (including any activities under your account and use by your employees and personnel);
  • Breach of this Agreement or violation of applicable law by you; or
  • Your data or the combination of your data with other applications, content, or processes, including any claim involving alleged infringement or misappropriation of third-party rights by your data or by the use, development, design, production, advertising, or marketing of your data. If the Service Provider or its affiliates are obligated to respond to a third party subpoena or other compulsory legal order or process described above, you will also reimburse the Service Provider for reasonable legal fees, as well as the relevant employees' and contractors' time and materials spent responding to the third party subpoena or other compulsory legal order or process at the then-current hourly rates. The Service Provider will promptly notify you of any claim subject to this Section, but any failure to immediately notify you will only affect your obligations to the extent that the failure prejudices your ability to defend the claim. You may:

    1. Use counsel of your own choosing (subject to our written consent) to defend against any claim; and

    2. Settle the claim as you deem appropriate, provided that you obtain the Service Provider's prior written consent before entering into any settlement.

10. Miscellaneous.

10.1 General. The Service Provider and you are independent contractors, and neither party nor any of their respective affiliates is an agent of the other for any purpose or has the authority to bind the other. This Agreement does not create any third party beneficiary rights in any individual or entity that is not a party to this Agreement. You will not assign this Agreement or delegate or sublicence any of your rights under this Agreement without the Service Provider's prior written consent. Failure by the Service Provider to enforce any provision of this Agreement will not constitute a present or future waiver of such provision nor limit its right to enforce such provision at a later time. If any portion of this Agreement is held to be invalid or unenforceable, the remaining portions of this Agreement will remain in full force and effect.

10.2 Entire Agreement. This Agreement is the entire agreement between you and the Service Provider regarding the subject matter of this Agreement. This Agreement supersedes all prior or contemporaneous representations, understandings, agreements, or communications between the parties, whether written or verbal, regarding the subject matter of this Agreement.

10.3 Notice. All communications and notices to be made or given pursuant to this Agreement must be in English. The Service Provider may provide any notice to you under this Agreement by posting a notice on the site for the applicable Service or sending a message to the email address associated with your account. You will be deemed to have received any email sent to the email address then associated with your account when the Service Provider sends the email, whether or not you receive the email. To give notice under this Agreement, you must:

1. Email the Service Provider at or,

2. Send your notice by certified mail, return receipt requested, to Southbank Software Pty Ltd. Level 3, 20 Queen St, Melbourne, VIC 3000, Attention: Chief Technical Officer.

Last edited:

10 July 2020 by Guy Harrison,
CTO Southbank Software Pty Ltd

Left Shape 1 Right Shape 2 Shape 1 Shape

Contact us

We're here to help answer any question you might have. We look forward to hearing from you.