Skip to content

Additional Terms Governing Income Verification Services and Identity Verification Services

March 28, 2025

Through Plaid, Inc. (“Plaid”), Licensee will have access to Income Verification and/or Identity Verification Services (as defined herein). These terms, together with the master agreement between Licensee and the RealPage Party providing the services (“RealPage”) (the “Master Agreement”), apply to any Income Verification Services and Identity Verification Services provided to Licensee. The term “Licensee” as used herein shall mean the entity licensing Product Centers from RealPage under the Master Agreement. Where Licensee is a Site owner, and its third-party manager is a party to the Master Agreement, Income Verification and Identify Verification Product Centers may be accessed and used on behalf of Licensee by such manager.

A. Compliance Review.

Prior to Licensee receiving access to or use of the Income Verification Services or Identity Verification Services, Licensee must successfully complete a qualification process, which will include: (i) supplying RealPage with information reasonably required to identify the property that will access or use the Services and/or Licensee; and (ii) a physical site inspection, conducted by a third party, of the location where the results of the Services will be reviewed. Licensee agrees to cooperate fully with RealPage and Plaid in any periodic reviews, audits, or investigations (“Reviews”) of Licensee to verify its ongoing qualification, uses of the Information and compliance with its obligations under these terms and applicable law. Upon request from RealPage or Plaid, Licensee agrees to supply documents to verify ownership of rental units, business and professional licenses, applications and supplementary application materials, and any other documents reasonably requested by RealPage or Plaid to verify the matters in the foregoing sentence. Such Reviews will be performed during Licensee’s regular business hours and in a manner that minimizes, to the extent practicable, disruption of its business operations.

B. Income Verification Services.

The following provisions (the “Income Verification Terms”) set out terms and conditions in connection with the Income Verification Services.

1. Restrictions.  Unless Plaid specifically agrees in writing, Licensee will not, and will not enable or assist any third-party to: (i) attempt to reverse engineer (except as permitted by law), decompile, disassemble, or otherwise attempt to discover the source code, object code, or underlying structure,  ideas, or algorithms of the Plaid income verification services described at https://www.plaid.com (the “Income Verification Services” or “IV Services”); (ii) modify, translate, or create derivative works based on the IV Services; (iii) make the IV Services or information and data of Licensee’s end users (such businesses and consumers, the “End Users”) provided to Licensee via the IV Services (such information and data, the “Output”) (or any derivative work thereof) available to, or use the IV Services or Output (or any derivative work thereof) for the benefit of, anyone other than Licensee or End Users; (iv) sell, resell, license, sublicense, distribute, rent or lease any IV Services or Output to any third-party, or include any IV Services or Output (or any derivative work thereof) in a service bureau, time-sharing, or equivalent offering; (v) publicly disseminate information from any source regarding the performance of the IV Services or Output; or (vi) attempt to create a substitute or similar service through use of, or access to, the IV Services or Output.  Licensee will use the IV Services and Output only in compliance with (a) the Licensee application,  use case, and the terms of the Master Agreement and any product-specific exhibit, addendum, or other document governed by these Income Verification Terms, (b) the Plaid developer policies (available at https://www.plaid.com/legal), (c) Plaid’s applicable technical user documentation (available at https://www.plaid.com/docs), and (d) any agreements between Licensee and End Users (for clarity, including any privacy policy or statement).  Notwithstanding anything to the contrary, the Licensee accepts and assumes all responsibility for complying with all applicable laws and regulations in connection with all of Licensee’s activities involving any IV Services, Output, or End User data.  Except as set forth in any product-specific exhibit, addendum, or other document attached to these Income Verification Terms, the parties acknowledge that Plaid retrieves End User data for the IV Services (including Output) from End Users’ financial accounts on behalf, and with the authorization, of such End Users and transmits such IV Services (including Output) to RealPage and/or Licensee (via RealPage) at End Users’ request, and accordingly, Licensee will not (a) make any representation or other statement to any third party, including to End Users, that Plaid is a “consumer reporting agency,” issues or creates a “consumer report,” or is a “furnisher” of information to “consumer reporting agencies,” or that the IV Services (including Output) is a “consumer report,” in each case, as such terms are defined in the Fair Credit Reporting Act, 15 U.S.C. § 1681 et seq., its implementing regulations (12 C.F.R. 1022), or analogous state laws (collectively the “FCRA”) or (b) use any IV Services or Output as, or in a manner that would cause them to be deemed, a “consumer report”; provided that, for clarity, this clause (b) does not prohibit Licensee from using solely “Assets” and “Income and Employment” Services and associated Output in connection with verification and decisioning use cases permitted by Plaid in writing such as employment verification, tenant screening, pre-screening or firm offers of credit, eligibility determination, or extension of credit by RealPage or Licensee to End Users. Notwithstanding anything to the contrary, Licensee will be bound by and will only use the IV Services or Output in compliance with the terms and conditions set forth herein.

2. Privacy and Authorizations.  Plaid and Licensee each warrant that it will provide all notices, and obtain all consents, required under applicable law for such party to process End User data in accordance with these Income Verification Terms.  Neither party will knowingly (i) make representations or other statements in its privacy policy with respect to End User data that are contrary to or otherwise inconsistent with the other’s privacy policy or (ii) interfere with any independent efforts by the other party to provide End User notice or obtain End User consent.  Without limiting the generality of the foregoing, Licensee will not prevent Plaid from presenting End Users with Plaid’s “Plaid Link” interface or from otherwise presenting a link to Plaid’s privacy policy (currently available at http://www.plaid.com/privacy) before End Users engage with the Licensee services in a manner that uses or otherwise implicates the Services.

3. WARRANTY; DISCLAIMER; ENFORCEMENTTHE IV SERVICES ARE PROVIDED “AS IS.” TO THE FULLEST EXTENT PERMITTED BY LAW, NEITHER PLAID NOR ITS AFFILIATES, SUPPLIERS, LICENSORS, AND DISTRIBUTORS MAKE ANY WARRANTY OF ANY KIND, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR ANY WARRANTY THAT THE IV SERVICES ARE FREE FROM DEFECTS. PLAID DOES NOT MAKE ANY WARRANTY AS TO THE OUTPUT THAT MAY BE OBTAINED FROM USE OF THE IV SERVICES.PLAID WILL BE AN INTENDED THIRD-PARTY BENEFICIARY OF THE AGREEMENT BETWEEN REALPAGE AND LICENSEE AND MAY DIRECTLY ENFORCE SUCH AGREEMENT AGAINST LICENSEE, WITHOUT REALPAGE’S CONSENT OR PARTICIPATION, BUT SOLELY RELATING TO THE OUTPUT OR IV SERVICES PROVIDED BY PLAID TO REALPAGE OR LICENSEE.

4. FI Data. Through the RealPage Product Centers or Plaid Services, Licensee may have access to information about or of End Users provided to Plaid by a bank, financial institution, or other financial data source (each, as designated by Plaid, “FI”, and such information, the “FI Data”).

  1. Licensee Obligations.
    1. End User Consents.  Licensee will provide all notices and obtain all express consents from each End User as required under applicable laws in connection with Licensee’s use, storage, and other processing of any FI Data (such notices and consents, the “Express Consents”). Express Consents will be clear and conspicuous and will generally specify the categories of FI Data that Licensee will receive and how Licensee will use, store, and otherwise process it, in addition to any other required disclosures under applicable laws.  Licensee will maintain records (which may include technical logs, screenshots, versions of Express Consents obtained) to demonstrate its compliance with this Section 4(i)(a) and will promptly provide such records to Plaid upon request.
    2. Scope of Access.  Licensee will only access FI Data for which it has obtained Express Consents from the End User for the use case reviewed and permitted by Plaid in writing that is consented to by the applicable End User (such use case, the “Permitted Use Case”).  Key factors Plaid will consider during its review include whether the use case is appropriate and useful to provide the End User with the Licensee application that the End User has enrolled in, whether the Licensee application provides a direct benefit to the End User, and whether the use case directly supports the development of new or improved product features for the benefit of End Users, and the jurisdiction(s) in which the Licensee operates and/or stores FI Data.  If Licensee possesses FI Data that exceeds the scope of the End User’s Express Consents, Licensee will use industry-standard means to permanently and securely delete (“Delete”) such FI Data. Plaid has reviewed and approved RealPage’s use case: 

      RealPage will use Plaid’s "Income" endpoint to enable Licensees to verify End Users’ income and employment in connection with Licensee’s lease or guarantor application decisions.  Subject to these Income Verification Terms, RealPage will use and store data from Plaid’s income endpoint into RealPage-owned platforms accessed by Licensees to perform these verifications and validations. RealPage will provide Plaid with prior notice of, and Plaid will have the right to reject, any proposed use cases of the Plaid Services and Plaid-Provided Data that fall outside of the scope defined in the foregoing sentence.

    3. Data Use.  Licensee will use, store, and otherwise process FI Data solely in accordance with the End User’s Express Consents and applicable laws.
    4. Data Disclosure.  Licensee will not disclose, transfer, syndicate or distribute FI Data to any third party (including its employees, agents, contractors, and service providers accessing or using the IV Services on Licensee’s behalf) (“Data Sharing”) except in each case with the End User’s Express Consents and in accordance with applicable laws. Notwithstanding anything to the contrary, Licensee will not sell FI Data.
    5. Data Deletion. Licensee will promptly Delete any FI Data upon request by the applicable End User and acknowledges and agrees that RealPage may do the same in response to requests made to RealPage by End Users; provided that each may retain copies of the FI Data solely to the extent required by applicable laws.
    6. No Attribution.  Licensee will not charge End Users any fees attributable to an FI for (a) access to its FI Data or (b) use of End User’s account with an FI in connection with the Licensee application.  In addition, Licensee will not publicize its receipt of FI Data from specific FIs under the Master Agreement or this Section 4 (FI Data).
    7. No Other Access.  Licensee will only access FI Data through the IV Services or another manner that uses the FI’s authorized APIs. Licensee will not “screen scrape” data from FIs or collect an End User’s log-on credentials for FI accounts and will not otherwise knowingly obtain from a third party FI Data that was originally sourced through screen scraping.  Licensee will immediately Delete any such End User log-on credentials in its possession. Licensee will maintain records to demonstrate compliance with this Section 4(i)(g) and will provide them to Plaid upon request.
    8. Compliance with Laws.  Licensee will comply with all applicable privacy, security, and other laws, including, as applicable, the Gramm-Leach-Bliley Act, the California Consumer Privacy Act, and all other laws relating to FI Data. Licensee will not use, store, disclose, or otherwise process any FI Data for any purpose not permitted under applicable laws.
    9. Information Security Program. Licensee will maintain a comprehensive written information security program approved by its senior management (“Infosec Program”). The Infosec Program will include administrative, technical, and physical measures designed to: (a) ensure the security of FI Data, (b) protect against unauthorized access to or use of FI Data and anticipated threats and hazards to FI Data and (c) ensure the proper disposal of FI Data. The Infosec Program will be appropriate to Licensee’s risk profile and activities, the nature of the Licensee application, and the nature of the FI Data received by Licensee. In any event, the Infosec Program will meet or exceed applicable control objectives captured in industry standards and best practices such as AICPA Trust Service Criteria for Security, NIST 800-53, or ISO 27002 and will comply with applicable laws. Licensee will use up-to-date antivirus software and anti-malware tools designed to prevent viruses, malware, and other malicious code in the Licensee application or on Licensee’s systems.
    10. Security Breach Obligations. Licensee will promptly notify Plaid (and in no event after more than 24 hours) upon becoming aware of any Security Breach via an email to security@plaid.com (with a copy to legalnotices@plaid.com), providing a description of all known facts, the types of End Users affected, and any other information that Plaid may reasonably request.  Licensee will reasonably cooperate with Plaid in investigating and remediating Security Breaches.  Licensee will be responsible for the costs of investigating, mitigating, and remediating the Security Breach, including costs of credit monitoring, call centers, support, and other customary or legally required remediation.  Security Breach” means any event that compromises the Licensee application or Licensee’s systems or that does or reasonably could compromise the security, integrity or confidentiality of FI Data or result in its unauthorized use, disclosure, or loss. For clarity, (i) the definition of “Security Breach” is not intended to include inconsequential incidents that occur on a daily basis such as scans, pings, or other unsuccessful attempts to penetrate computer networks or systems; and (ii) Licensee’s obligations in this section do not apply to the extent the Plaid Services fail to operate in material compliance with Plaid’s technical documentation available on Plaid’s website or if the Security Breach is directly caused by a compromise of the Plaid Services or Plaid systems or facilities owned or operated by Plaid in providing such Plaid Services.
    11. FI Confidential Information.  If Plaid discloses to Licensee any confidential or proprietary materials of an FI (such materials, “FI Confidential Information”), such materials will be subject to the same obligations that apply to RealPage’s Confidential Information under the Master Agreement, which will in no event be less protective of such information than a reasonable standard of care.  FI Confidential Information will also be subject to the same obligations as FI Data under this Section (i) (Licensee Obligations) of this Section 4 (FI Data).
    12. Oversight and Cooperation.  Towards assessing Licensee’s material compliance with this Section 4(i), Licensee will promptly provide all reasonably necessary information and cooperation requested by Plaid, an FI, or any entity with examination, supervision, or other legal or regulatory authority over Plaid or an FI.   In the event that Plaid has a good faith reason to believe that Licensee is not in material compliance with this Section 4 (FI Data), Plaid will notify Licensee and, at Plaid’s option, Licensee will promptly provide sufficient documentation to demonstrate such material compliance or submit to a third-party audit by a firm selected from a mutually-approved list of audit firms at Plaid’s expense (provided that Licensee will reimburse reasonable and actual out-of-pocket costs of such audit incurred by Plaid if the conclusion of such audit confirms Licensee’s material non-compliance) to verify such compliance.    Plaid and FIs may also conduct operational assessments of Licensee, which will be subject to advance notice and will not occur more than once per year unless legally required and materially different in scope from a preceding audit.
    13. Information Sharing.  Where required by an FI and to the extent relevant to an Licensee’s access or use of FI Data from that FI, Plaid may share with such FI certain information related to Licensee’s compliance with this Section 4 (FI Data), including with respect to Licensee’s Infosec Program, provided that such information Plaid shares with FI shall be treated in the same manner it treats Plaid confidential information after Plaid has entered into a written agreement with FI containing terms of confidentiality at least as stringent and protective as those in these Income Verification Terms, but in any event no less than reasonable care.
    14. Insurance.  Licensee will maintain insurance coverage appropriate to Licensee’s risk profile and activities, the nature of the Licensee application, and the nature of the FI Data received by Licensee; provided that such coverage will be no less than industry standard and will include cybersecurity liability insurance.
    15. Access Frequency.  The parties acknowledge that as of the Effective Date, no guidelines regarding Licensee’s frequency of “batch” pulls of End User Data (such guidelines, the “Guidelines”) apply to Plaid Licensees. Notwithstanding the foregoing, (i) Licensee will comply with any Guidelines provided in writing by Plaid; and (ii) Plaid may enforce such guidelines in accordance with its standard practices, which may include throttling, suspension, or termination of Licensee’s access.
    16. Additional FCRA Requirements.  The FCRA and analogous state laws regulate the operations of consumer credit reporting agencies and apply to customers receiving Income Verification Services, such as Licensee and its third party property manager (“Manager”) (if any), as users of FI Data about consumers. The FCRA may be found at https://www.ftc.gov/system/files/documents/statutes/fair-credit-reporting-act/545a_fair-credit-reporting-act-0918.pdf.  Licensee and Manager (if any) shall review and become familiar with FCRA, paying particular attention to at least the following (non-exhaustive list of) sections, which apply to Licensee and Manager (if any) as users of FI Data:

      604.  Permissible Purposes of Reports; 607.  Compliance Procedures; 615.  Requirement on Users of Consumer Reports 616.  Civil Liability for Willful Noncompliance;  617.  Civil Liability for Negligent Noncompliance; 619.  Obtaining Information under False Pretenses; 621.  Administrative Enforcement; 623.  Responsibilities of Furnishers of Information to Consumer Reporting Agencies

      In addition, a copy of the Notice to Users of Consumer Reports: Obligations of Users Under the FCRA (“Notice to Users”) is available at https://realpage.force.com/screening. Licensee hereby acknowledges that it has received, reviewed, and will comply with the obligations set forth in the Notice to Users.
      By law, FI Data may be issued only if used for certain specific purposes.  Under these Income Verification Terms, the only Permissible Purposes for ordering and using FI Data are stated in Section 4(i)(b) above.  FCRA PROVIDES THAT ANY PERSON WHO KNOWINGLY AND WILLFULLY OBTAINS INFORMATION ON A CONSUMER FROM A CONSUMER REPORTING AGENCY UNDER FALSE PRETENSES SHALL BE FINED UNDER TITLE 18 OF THE UNITED STATES CODE OR IMPRISONED NOT MORE THAN TWO YEARS, OR BOTH.
      In addition to FCRA, other federal and state laws addressing such topics as computer crime, unauthorized access to protected databases, and use of personally identifiable information of individuals may also be applicable.  Licensee agrees to comply with all relevant federal, state, and local laws, regulations, and ordinances in its use of any FI Data.
  2. Suspension.  Plaid may suspend or terminate Licensee’s access to the IV Services or FI Data, in whole or in part, if it reasonably believes (a) Licensee has materially breached this Section 4 (FI Data) or  (b) Licensee’s use of the IV Services or FI Data could violate or give rise to liability under any Plaid agreement (including Plaid’s agreement with any FI) or pose a risk of harm, including reputational harm, to any End User, FI, the Plaid Services, or Plaid and its affiliates.  Plaid will (i) provide Licensee with at least thirty (30) days’ written advance notice of any such suspension and (ii) narrowly tailor any such suspension to mitigate Plaid’s risk.  Notwithstanding the foregoing, Plaid may immediately suspend Licensee’s access to any Plaid Services or FI Data without written advance notice if either of the foregoing (a)—(b) is, in Plaid’s reasonable belief, likely to result in irreparable harm to any End User, FI, the Plaid Services, or Plaid. Plaid will then provide written notice to RealPage (and RealPage will convey such notice to Licensee) as soon as practicable under the circumstances.   In addition, an FI may immediately suspend Licensee’s access to FI Data with respect to such FI.
  3. Indemnity.  Licensee will indemnify, defend, and hold harmless each FI, Plaid, and the affiliates of each of the foregoing from any claims, actions, suits, demands, losses, liabilities, damages (including taxes), costs and expenses arising from: (a) any Security Breach resulting in unauthorized disclosure of FI Data or (b) Licensee’s unauthorized or improper use of FI Data (including any unauthorized Data Sharing, transmission, access, display, storage or loss). This Section (iii) is not subject to any limitation of liabilities set forth in the Master Agreement. Each FI is a third-party beneficiary of this Section 4(iii).
  4. Modifications.  Licensee acknowledges that continued access to FI Data provided by certain FIs may require modifications to this Section 4 (FI Data).  In such event, Plaid will notify RealPage (and RealPage will convey such notice to Licensee) in writing in a manner consistent with notice to other Plaid partner/end clients for the same, including a description of the modifications and the effective date of such modifications.  If Licensee objects to the modifications, its exclusive remedy is to cease any and all access and use of the IV Services as it relates to such FI(s).  Continued access or use of such the Services after the effective date of such modifications to this Section 4 (FI Data) will constitute Licensee’s acceptance of such modifications
  5. Miscellaneous.   In the event of a conflict with any other agreement (including the Master Agreement), the terms and conditions of this Section 4 (FI Data) will govern and prevail.  All provisions of this Section 4 (FI Data) will remain in force in the event of this Section 4’s (FI Data) or the Master Agreement’s termination or expiration.

B. Identity Verification Services. The following provisions (the “IDV Terms”) set out terms and conditions in connection with the Identity Verification Services.

  1. DEFINITIONS
    1. End User” means an individual providing data to Licensee via the IDV Services.
    2. Licensee Data” means data in electronic form that is transmitted through the IDV Services by, on behalf of, from or to Licensee or End Users. For the avoidance of doubt: (i) Licensee Data (including Licensee Data returned to Licensee) is not Output; and (ii) Licensee Data is not the Confidential Information of either party.
    3. Identity Verification” means the IDV Services to which Licensee may submit Licensee Data provided by Licensee or End Users, as determined by Licensee via the Dashboard.
    4. Monitor” means the IDV Services that provide anti-money laundering screening.
    5. Identity Verification Services” or “IDV Services” means the Services comprised of the Identity Verification and Monitor, as applicable, and the Dashboard. For the avoidance of doubt, the IDV Services are Services.
    6. Dashboard” means the Licensee facing dashboard functionality and dashboard display services within the IDV Services.
    7. DPPA” means the Drivers Privacy Protection Act, 18 U.S.C. § 2721, et. seq.
    8. GLBA” means the Gramm-Leach-Bliley Act, 15 U.S.C. § 6801, et seq.
    9. "Output” means the information and data of End Users provided to Licensee via the IDV Services (or any derivative work thereof).
    10. PII” means Licensee Data that relates to an End User and is deemed “personal data” or “personal information” (or analogous variations of such terms) under applicable privacy or data protection laws.
    11. Permitted Service Provider” means Licensee’s employees, agents, contractors, and service providers accessing or using the IDV Services on Licensee’s behalf.
    12. Process” means collect, disclose, use, store, or otherwise process.
    13. "IDV Use Case” means RealPage will use Plaid's "Identity Verification" endpoint to enable Licensees to verify the identity of applicants, guarantors, and third party invitees or visitors to the property.
    14. For the purposes of these IDV Terms, the terms “controller,” “processor,” and “subprocessor” have the meanings ascribed to them and are hereby deemed references to the relevant defined terms with analogous meanings, under applicable law. For example, these terms will be deemed references, as applicable, to the terms “business” and “service provider” as such terms are used in the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020.
  2. IDV SERVICES
    1. Access. Licensee may use the IDV Services subject to, and only in accordance with, applicable law, these IDV Terms, the Master Agreement, the IDV Use Case, and any agreements between Licensee and End Users (for clarity, including any privacy policy or terms of service) to: (i) verify, via Identity Verification’s matching of Licensee Data provided by End Users, applicable End User identities in the normal course of Licensee's business; and (ii) assess, via Monitor, the Licensee Data for certain screening purposes (e.g., to confirm that End Users do not appear on any watchlist, to provide antifraud or anti-money laundering screening services, etc.). Without limiting the generality of the foregoing, Licensee agrees that: (a) Licensee will not enable or use the “autofill” functionality of the IDV Services if Licensee is located outside of the United States; and (b) any violation of this sentence will be deemed a material breach of these IDV Terms.
    2. Instructions. To enable RealPage to provide the IDV Services to Licensee, RealPage will submit Licensee’s instructions to Plaid via the Dashboard (the “Instructions”). The Instructions, based on the RealPage services ordered by Licensee, the applicable Product Specifications, and any settings selected by Licensee, will include direction regarding: (i) the applicable categories or types of Licensee Data that will be processed by the IDV Services on behalf of Licensee and its End Users; (ii) when such processing will occur; and (iii) the categories or types of End Users who will provide Licensee Data through the IDV Services.
    3. Consent. Licensee represents and warrants that Licensee will provide all notices and obtain all consents and/or require that RealPage will provide all notices and obtain all consents on behalf of Licensee as required under applicable law, regulations, and third-party agreements for: (i) Licensee to Process Licensee Data; and (ii) RealPage (and its affiliates, subcontractors, subprocessors, service providers, and data sources) to provide the IDV Services by Processing such Licensee Data, and to otherwise exercise the rights described in these IDV Terms. Licensee will maintain records sufficient to demonstrate its compliance with this Section 2(iii) and will promptly provide such records to RealPage upon request.
    4. Licensee Data. Licensee grants to RealPage’s IDV Services subprocessor and its affiliates and subcontractors a limited and non-exclusive license to copy, store, configure, display, back test, transmit, and otherwise Process Licensee Data as necessary to provide the IDV Services and to develop enhancements for the IDV Services in accordance with the end user privacy statement available at https://cognitohq.com/privacy-statement. Without limiting the generality of the foregoing, subprocessor may disclose Licensee Data to subcontractors subject to restrictions similar to those in these IDV Terms. Notwithstanding anything to the contrary, subprocessor may disclose Licensee Data as required by law or court order. Subject to the foregoing in this paragraph, Licensee will retain its existing rights (if any, including any ownership rights) in and to Licensee Data. For the avoidance of doubt and notwithstanding any other provisions of these IDV Terms, the parties hereto acknowledge and agree that subprocessor, subject to its compliance with applicable laws and regulations: (i) may use, reproduce, disclose, or otherwise exploit de-identified or anonymized Licensee Data (i.e., Licensee Data from which PII has been removed, de-identified, or anonymized) in any way in subprocessor’s sole discretion; and (ii) reserves the right to provide the IDV Services through use of subcontractors, affiliates, and otherwise, worldwide.
  3. COMPLIANCE
    1. GLBA; DPPA. Licensee certifies that all Licensee’s and Permitted Service Providers’ uses of, and purposes pertaining to, the IDV Services are and will be in accordance with and solely comprised of uses and purposes: (i) described in Section 6802(e) of GLBA and the United States Federal Trade Commission rules promulgated thereunder, as may be interpreted from time to time by a competent regulatory authority; or (ii) permitted under DPPA.
    2. Processing on Licensee’s Behalf. Licensee acknowledges and agrees that, solely with regard to the Licensee Data: (i) Licensee will determine, via the Instructions, the purpose and means by which subprocessor will process Licensee Data; (ii) RealPage will require subprocessor to act on Licensee’s Instructions with respect to the details of subprocessor’s processing of Licensee Data (i.e., how, what, when, and why such Licensee Data is processed by subprocessor); and that therefore (a) Licensee will be deemed a controller with regard to such Licensee Data; (b) RealPage will be deemed a data processor with regard to Licensee Data; and (c) RealPage’s subcontractors will be deemed subprocessors with regard to Licensee Data where such subprocessors facilitate, via the IDV Services, the Licensee activities described in Section 2(i). Licensee will direct End Users to Licensee’s privacy policy for any queries or requests regarding End User rights with respect to, and the processing of, PII applicable to the IDV Services. For the avoidance of doubt, Licensee acknowledges and agrees that: (I) Licensee’s privacy policy will control and apply with respect to the processing of all PII applicable to the IDV Services; and (II) Licensee will make available and maintain all data retention policies and provisions as required under applicable law pertaining to subprocessor storage of PII on Licensees’ behalf in relation to the IDV Services provided under these IDV Terms. RealPage agrees that its IDV Services subprocessor will not, other than as expressly permitted for processors or subprocessors under applicable law: (A) process PII for any purpose (including any commercial purpose) other than as necessary to perform the IDV Services for the Licensee (which performance includes the activities described in Section 2(iv); (B)  sell or, where applicable, share (as that term is defined in the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 and any subsequent amendments) any PII; (C) process PII outside of the business relationship described in these IDV Terms; or (D) combine PII with any other personal information that subprocessor collects (directly from end users or via any third party).
    3. Details of Processing. The parties acknowledge and agree that Licensee will control, via the Instructions, the types and categories of PII that may be Processed in connection with the IDV Services. For clarity, such types and categories may include names, addresses, dates of birth, phone numbers, identification documents, and images/videos (e.g., photos or selfies). RealPage agrees that such Processing will continue, as applicable, in accordance with these IDV Terms.
    4. FCRA. Licensee acknowledges and agrees that: (i) neither RealPage nor its IDV Services subprocessor are a “consumer reporting agency” or a “furnisher” of information to consumer reporting agencies under the FCRA; and (ii) the Licensee Data is not a “consumer report” under the FCRA.  Licensee represents and warrants that it will not, and will not permit or enable any third party to, use the IDV Services or any Licensee Data: (a) as a, or as part of a, “consumer report” as that term is defined in the FCRA; or (b) such that the IDV Services or any Licensee Data would be deemed “consumer reports” under the FCRA.
    5. Licensee Responsibilities. Notwithstanding the applicability or details of Licensee’s integration involving the IDV Services, and notwithstanding anything to the contrary in these IDV Terms or any other terms of the Master Agreement, Licensee is solely responsible for its relationships with End Users, including any related billing matters, technical support, and disputes. Without limiting anything in this these IDV Terms, Licensee will publish and maintain an easily accessible and legally sufficient: (i) terms of service regarding all applicable End User use of Licensee’s services; and (ii) privacy policy. Licensee is, and will remain, solely responsible and liable for each End User’s and each Permitted Service Provider’s use of and access to the IDV Services. Licensee shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, and appropriateness of all Licensee Data, and for verifying the same.
    6. Unauthorized Use. In connection with its processing of any Licensee Data, RealPage will comply with all obligations (including privacy protection obligations) applicable to it as a processor under applicable law. Licensee reserves the right to take reasonable and appropriate steps towards stopping and remediating any unauthorized use of PII. RealPage will reasonably cooperate with Licensee to facilitate such steps, including by making available to Licensee all information reasonably necessary to demonstrate RealPage’s compliance with its obligations under these IDV Terms and applicable law.
  4. DISCLAIMER

    Subprocessor makes no warranty with respect to, and disclaims all liability pertaining to: (i) the Instructions and any acts or omissions in accordance therewith; and (ii) the accuracy of any Licensee Data and all other data (a) uploaded or otherwise provided to or for the IDV Services by or on behalf of Licensee or End Users, and (b) Processed or provided by, or otherwise originating from, subprocessor or its data sources in relation to the IDV Services. With respect to the IDV Services, subprocessor disclaims all liability for the errors and omissions of it and its data sources.

  5. EFFECT OF TERMINATION

    Upon termination or expiration of an Order relating to the IDV Services: (i) Licensee will destroy or return to RealPage all IDV Services documentation provided to Licensee relating to such Order; and (ii) following RealPage’s receipt of Licensee’s request in writing, RealPage will facilitate the deletion (or return, per such request) of all Licensee Data stored on RealPage’s and its subprocessor’s servers relating to such Order, unless retention of the Licensee Data is required under applicable law. Without limiting the foregoing, RealPage and Licensee may mutually agree upon the retention periods for various types or categories of Licensee Data. Notwithstanding anything to the contrary, subprocessor disclaims all liability pertaining to: (a) deletion of Licensee Data after the termination or expiration of an Order; and (b) Licensee’s use of the IDV Services and Licensee Data after any Order termination or expiration.

  6. INDEMNITY

    Licensee will indemnify, defend, and hold harmless RealPage’s IDV Services subprocessor and its affiliates from any claims, actions, suits, demands, losses, liabilities, damages (including taxes), costs and expenses arising from or in connection with: (i) breaches by Licensee of these IDV Terms; (ii) acts or omissions of Licensee or its employees, affiliates, or contractors relating to the IDV Services; and (iii) the Processing of Licensee Data by Licensee or its Permitted Service Providers; and (iv) the Instructions and any acts or omissions in accordance therewith in .

  7. MISCELLANEOUS

    In the event of a conflict between these IDV Terms and any other terms and conditions of the Master Agreement or any agreements between Licensee and End Users (for clarity, including any privacy policy or terms of service), the terms and conditions of these IDV Terms will govern and prevail with respect to the IDV Services. RealPage may update the IDV Services and these IDV Terms from time to time.

Additional Terms Governing
Income Verification Services (Consumer Reports)

Through Plaid Consumer Reporting, Inc. (“Plaid CRA”), Licensee will have access to Consumer Reports (as defined herein) which are derived from FCRA Services (as defined herein).  These terms, together with the master agreement between Licensee and the RealPage Party providing the services (“RealPage”) (the “Master Agreement”), apply to any FCRA Services provided to Licensee.  The term “Licensee” as used herein shall mean the entity licensing the Income Verification Product Center from RealPage under the Master Agreement.  Where Licensee is a Site owner, and its third-party manager is a party to the Master Agreement, the Income Verification Product Center may be accessed and used on behalf of Licensee by such manager.

  1. Compliance Review.  Prior to Licensee receiving access to or use of the FCRA Services, Licensee must successfully complete  a qualification process, which will include: (i) supplying RealPage with information reasonably required to identify the property that will access or use the FCRA Services and/or Licensee; and (ii) a physical site inspection, conducted by a third party, of the location where the results of the FCRA Services will be reviewed. Licensee agrees to cooperate fully with RealPage and Plaid CRA in any periodic reviews, audits, or investigations (“Reviews”) of Licensee to verify its ongoing qualification, uses of the FCRA Services and compliance with its obligations under these terms and applicable law. Upon request from RealPage or Plaid CRA, Licensee agrees to supply documents to verify ownership of rental units, business and professional licenses, applications and supplementary application materials, and any other documents reasonably requested by RealPage or Plaid CRA to verify the matters in the foregoing sentence. Such Reviews will be performed during Licensee’s regular business hours and in a manner that minimizes, to the extent practicable, disruption of its business operations.
  2. Restrictions.  Before Licensee receives Consumer Reports (as defined below), as authorized by each applicable consumer  (each an “End User”), and accesses the RealPage products or services which include, are derived from, or incorporate the FCRA Services (as defined below) or Consumer Reports, Licensee represents and warrants that it: (i)  understands the nature of the information provided in the Consumer Report can change daily and agrees that each Consumer Report is provided for a one-time use; (ii) has certified that it understands and agrees that Plaid Consumer Reporting Agency, Inc.’s (“Plaid CRA’s”) provision of the FCRA Services do not indicate ownership or authorization to transact on a bank account and are not to be used by the Licensee to confirm ownership or authorization to transact on a bank account; (iii) certified that it shall ensure that its employees, agents or contractors working on its behalf do not request and/or obtain Consumer Reports on themselves, coworkers, employees, family members or friends unless it is in connection with a legitimate permissible purpose previously identified; (iv) has certified that it shall not use or store the FCRA Services outside of the United States; and (v) has certified that it shall not, and shall not enable or assist any third party to: (1) use the FCRA Services to create, enhance or structure any database in any form for resale or external distribution; (2) modify, translate, or create derivative works based on the FCRA Services; (3) attempt to reverse engineer (except as permitted by law), decompile, disassemble, or otherwise attempt to discover the source code, object code, or underlying structure, ideas, or algorithms of the FCRA Services; (4) use the FCRA Services in any way that is defamatory, trade libelous, unlawfully threatening or unlawfully harassing; (5) make the FCRA Services or Consumer Report (or any derivative work thereof) available to, or use the FCRA Services or Consumer Report (or any derivative work thereof) for the benefit of anyone other than RealPage, End Users, or Licensee; (6) publicly disseminate or disclose information from any source regarding the performance of the FCRA Services; or (7) attempt to create a substitute or similar service through use of, or access to, the FCRA Services. Licensee represents and warrants that it will use the FCRA Service in accordance with (a) the rights granted under this Agreement, and (b) Plaid Inc. and its subsidiaries Developer Policy (available atwww.plaid.com/legal). As used in the Agreement, “FCRA Services” means together (I) the API Package, and (II) a consumer report, as is defined in 15 U.S.C. § 1681a(d), including any data relating to an End User included therein, deposit account verification and activity reports, and enhancements to the consumer reports (collectively “Consumer Reports”). Except as explicitly provided in the Agreement, the Licensee agrees that it shall not disclose, disseminate, share, sublicense, resell or otherwise redistribute the FCRA Services (or any part thereof) to any parent, subsidiary, affiliate or other third party, except: (x) in connection with the sale of a loan to which the FCRA Services relate; (y) to the End User to whom the Consumer Report relates if an adverse action (as defined by the FCRA) has been taken based on the FCRA Services; or (z) as otherwise required by law.
  3. Required Consents.  Licensee warrants and ensures that it will, before requesting a Consumer Report, provide all notices and obtain all consents required under applicable laws, regulations, and third-party agreements for Plaid CRA to provide the FCRA Services and to otherwise collect, use, and process End User data (including End User Input (as defined below)) in accordance with Plaid CRA’s privacy policy (https://plaid.com/plaid-check-consumer-report/privacy-policy/). Licensee may provide Plaid CRA, directly or indirectly via RealPage, certain identifying information regarding an End User, such as first name, last name, and address, to use the FCRA Services (all such information, the “End User Input”)
  4. Retention of Documents.  All consumer authorizations required by the Agreement or by applicable law, along with all adverse action letters provided to consumers and consumer applications, including copies of government-issued identification needed to verify the identity of the applicant, shall be retained by Licensee for a reasonable period of time, but not less than five (5) years, and evidence of such documents shall be made available for inspection by Plaid CRA, its third-party data vendors, or its designee upon demand.
  5. End User Authentication. Licensee certifies that, before requesting a Consumer Report, (i) it will verify the consumer’s identity prior to presenting the consumer with Plaid CRA’s channel, (ii) it understands that Plaid CRA may rely on this verification, and (iii) it understands and agrees that Plaid CRA has no obligation to separately authenticate or confirm the identity of any consumer presented to the Plaid CRA channel by the End User.
  6. DISCLAIMER; ENFORCEMENT.  THE FCRA SERVICES, CONSUMER REPORTS, AND ANY OTHER INFORMATION, SOFTWARE, PRODUCTS, SERVICES, AND MATERIALS PROVIDED BY PLAID CRA IN CONNECTION WITH THE AGREEMENT ARE PROVIDED “AS IS.”  TO THE FULLEST EXTENT PERMITTED BY LAW, NEITHER PLAID CRA NOR ITS AFFILIATES, SUPPLIERS, LICENSORS, OR DISTRIBUTORS MAKE ANY WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING BUT NOT LIMITED TO ANY WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ANY WARRANTY THAT THE FCRA SERVICES ARE FREE FROM DEFECTS, ANY WARRANTY THAT ANY FCRA SERVICES WILL BE UNINTERRUPTED, OR THAT ANY DATA PROVIDED BY OR THROUGH ANY FCRA SERVICES WILL BE TIMELY, ACCURATE, OR COMPLETE. PLAID CRA WILL BE AN INTENDED THIRD-PARTY BENEFICIARY OF THE AGREEMENT BETWEEN REALPAGE AND LICENSEE AND MAY DIRECTLY ENFORCE SUCH AGREEMENT AGAINST LICENSEE, WITHOUT REALPAGE’S CONSENT OR PARTICIPATION, BUT SOLELY RELATING TO THE CONSUMER REPORTS (INCLUDING FI DATA) AND FCRA SERVICES THAT ARE PROVIDED BY PLAID CRA TO REALPAGE OR LICENSEE.
  7. FI Data.  Through the RealPage Income Verification Product Center or FCRA Services, Licensee may have access to information about or of End Users provided to Plaid CRA by a bank, financial institution, or other financial data source (each, as designated by Plaid CRA, “FI”, and such information, the “FI Data”).
    1. Licensee Obligations.
      1. End User Consents.  Licensee will provide all notices to, and obtain all express consents from, each End User as required under applicable laws in connection with Licensee’s use, storage, and other processing of any FI Data (such notices and consents, the “Express Consents”).  Express Consents will (A) be clear and conspicuous; (B) generally specify the categories of FI Data that Licensee will receive and how Licensee will use, store, and otherwise process FI Data; (C) be valid, enforceable, and expressly accepted by each End User; (D) identify any and all third parties or categories of third parties to whom Licensee may provide FI Data for processing; (E) specify how End Users may exercise their right to revoke their Express Consent; and (F) include any other required disclosures under applicable laws.  Licensee will maintain records (which may include technical logs, screenshots, versions of Express Consents obtained) sufficient to demonstrate Licensee’s compliance with this Section 7(a)(i) (End User Consents) and will promptly provide such records to Plaid CRA upon request.
      2. Scope of Access.  Licensee will only access FI Data for which it has obtained Express Consents from the End User for the use case reviewed and permitted by Plaid CRA in writing and consented to by the applicable End User (such use case, the “Permitted Use Case”).  For clarity, key factors Plaid CRA will consider during its review of a potential Permitted Use Case include whether the use case is appropriate and useful to provide the End User with the Licensee application that the End User has enrolled in, whether the Licensee application provides a direct benefit to the End User, whether the use case directly supports the development of new or improved product features for the benefit of End Users, and the jurisdiction(s) in which the Licensee operates and/or stores FI Data.  If Licensee possesses FI Data that exceeds the scope of the End User’s Express Consents, Licensee will use industry-standard means to permanently and securely delete (“Delete”) such FI Data; provided that Licensee may retain such FI Data to the extent required by applicable laws. If Licensee becomes aware that any data it receives from Plaid CRA does not relate to the End User that Licensee originally requested FI Data for, Licensee will promptly notify Plaid CRA and will Delete such data.
      3. Data Use.  Licensee will use, store and otherwise process FI Data solely in accordance with the End User’s Express Consents and applicable laws.
      4. Data Disclosure.  Licensee will not disclose, transfer, syndicate or distribute FI Data to any third party (including its Permitted Service Providers) (“Data Sharing”) except in each case with the End User’s Express Consent and in accordance with applicable laws.  Notwithstanding anything to the contrary, Licensee will not sell FI Data.
      5. Data Deletion.  Licensee will promptly Delete any FI Data upon request by the applicable End User; provided that Licensee may retain copies of FI Data solely to the extent required by applicable laws.
      6. No Attribution.   Licensee will not charge End Users any fees attributable to an FI for (a) access to its FI Data or (b) use of End User’s account with an FI in connection with the Licensee application.  In addition, Licensee will not suggest or imply a partnership, sponsorship, or other relationship with an FI based on Licensee’s receipt of FI Data under the Master Agreement or this Section 7 (FI Data).
      7. No Other Access.  During the term of the Agreement, Licensee will only access FI Data through the FCRA Services or another manner that uses the FI’s authorized APIs.  Licensee will not “screen scrape” data from FIs or collect an End User’s log-on credentials for FI accounts, and will not otherwise knowingly obtain from a third party FI Data that was originally sourced through screen scraping an FI.  Licensee will immediately Delete any such End User log-on credentials in its possession.  Licensee will maintain records to demonstrate compliance with this Section 7(a)(vii) (No Other Access).  For the avoidance of doubt, nothing in this Section 7(a)(vii) (No Other Access) will prohibit Licensee from engaging any third party to obtain services similar to the FCRA Services, provided that such third-party services enable Licensee's access to FI Data solely via the FI’s authorized APIs.
      8. Compliance with Laws.  Licensee will comply with all applicable federal, state and local statutes, regulations, rules, privacy, security, and other laws pertaining to FI Data, FCRA Services, including but not limited to Fair Credit Reporting Act, 15 U.S.C. §§ 1681 et seq., as amended (“FCRA”) and the Gramm-Leach-Bliley Act, 15 U.S.C. §§ 6801 et seq., as amended, in requesting and using the FCRA Services.  Licensee will not use, store, disclose, or otherwise process any FI Data for any purpose not permitted under applicable laws. For the avoidance of doubt, Licensee acknowledges that Section 1033 of the Dodd-Frank Act may include obligations on Licensee relating to processing, handling, and protecting FI Data.  Licensee will maintain a program designed to ensure compliance with applicable laws, including appropriately training Licensee personnel.
      9. Information Security Program.  Licensee will maintain a comprehensive written information security program approved by its senior management (“Infosec Program”).  The Infosec Program will be designed to: (a) ensure the security of FI Data and FCRA Services, (b) protect against unauthorized access to or use of FI Data and FCRA Services and anticipated threats and hazards to FI Data and FCRA Services and (c) ensure the proper disposal of FI Data and the FCRA Services.  The Infosec Program will be appropriate to Licensee’s risk profile and activities, the nature of the Licensee application, and the nature of the FI Data and FCRA Services received by Licensee.  In any event, the Infosec Program will meet or exceed applicable control objectives captured in industry standards and best practices, such as AICPA Trust Service Criteria for Security, NIST 800-53, or ISO 27002, and will comply with applicable laws. The safeguards contained within the Infosec Program shall include the elements set forth in 16 C.F.R. § 314.4. Licensee will use up-to-date antivirus software and anti-malware tools designed to prevent viruses, malware, and other malicious code in the Licensee application or on Licensee’s systems. Licensee shall limit use of the FI Data and FCRA Services to its employees who have been appropriately trained.
      10. Security Breach Obligations.  Licensee will notify Plaid CRA promptly (and in any event within twenty-four (24) hours) via an email to security@plaid.com, following Licensee becoming aware of any Security Breach, providing a description of all known facts, the types of End Users affected, and any other information that Plaid CRA may reasonably request.  Licensee will reasonably cooperate with Plaid CRA in investigating and remediating Security Breaches.  Licensee will be responsible for the costs of investigating, mitigating, and remediating the Security Breach, including costs of credit monitoring, call centers, support, and other customary or legally required remediation.  Security Breach” means any event that compromises the Licensee application or Licensee’s systems or that does or reasonably could compromise the security, integrity or confidentiality of FI Data or results in such FI Data’s unauthorized use, disclosure, or loss. For clarity, (i) the definition of “Security Breach” is not intended to include inconsequential incidents that occur on a daily basis such as scans, pings, or other unsuccessful attempts to penetrate computer networks or systems; and (ii) Licensee’s obligations in this section do not apply to the extent the FCRA Services fail to operate in material compliance with Plaid CRA’s technical documentation available on Plaid CRA’s website or if the Security Breach is directly caused by a compromise of the FCRA Services or Plaid CRA systems or facilities owned or operated by Plaid CRA in providing such FCRA Services.
      11. FI Confidential Information.  If Plaid CRA discloses to Licensee any confidential or proprietary materials of an FI pertaining to the provision of FI Data hereunder (such materials, “FI Confidential Information”), such materials will be subject to the same obligations that apply to RealPage’s Confidential Information under the Master Agreement, which will in no event be less protective of such information than a reasonable standard of care.  FI Confidential Information will also be subject to the same obligations as FI Data under this Section 7(a) (Licensee Obligations). Licensee will promptly Delete FI Confidential Information in its possession upon Plaid CRA’s request and will provide a written certification regarding such Deletion.
      12. Oversight and Cooperation.  Toward assessing Licensee’s material compliance with this Section 7 (FI Data), Licensee will promptly provide all reasonably necessary information and cooperation requested by Plaid CRA, an FI, or any entity with examination, supervision, or other legal or regulatory authority over Plaid CRA or an FI.  In the event that Plaid CRA has a good faith reason to believe that Licensee is not in material compliance with this Section 7 (FI Data), Plaid CRA will notify Licensee and, upon Plaid CRA’s request, Licensee will promptly provide sufficient documentation to demonstrate such material compliance.  If the documentation provided by Licensee in accordance with the immediately prior sentence is insufficient (in Plaid CRA’s reasonable discretion) to demonstrate such material compliance, Licensee will submit to a third-party audit by a firm selected by Licensee from a list of audit firms reasonably approved by Plaid CRA to verify such compliance.  Plaid CRA and FIs may also conduct operational assessments of Licensee, which will be subject to advance notice and will not occur more than once per year unless legally required and materially different in scope from a preceding audit.
      13. Information Sharing.  Where required by an FI or relevant to an Licensee’s access or use of FI Data from that FI, Plaid CRA may share with such FI certain information related to Licensee’s compliance with this Section 7 (FI Data), including with respect to Licensee’s Infosec Program, provided that such information Plaid CRA shares with FI shall be treated in the same manner it treats Plaid CRA confidential information after Plaid CRA (or a Plaid CRA affiliate) has entered into a written agreement with FI containing terms of confidentiality at least as stringent and protective as those in this Agreement, but in any event no less than reasonable care.
      14. Insurance.  Licensee will maintain insurance coverage appropriate to Licensee’s risk profile and activities, the nature of the Licensee application, and the nature of the FI Data received by Licensee; provided that such coverage will be no less than industry standard and will include cybersecurity liability insurance.
      15. Access Frequency.  The parties acknowledge that as of the effective date of the Master Agreement, no guidelines regarding Licensee’s frequency of “batch” pulls of FI Data (such guidelines, the “Guidelines”) apply to Plaid CRA Licensees.  Notwithstanding the foregoing in this paragraph: (1) Licensee will comply with any Guidelines provided in writing by Plaid CRA (including via RealPage); and (2) Plaid CRA and RealPage may enforce such Guidelines to the extent necessary in accordance with Plaid CRA’s standard practices, which may include throttling, suspension or termination of Licensee’s access.
      16. Licensee Marks License.  Licensee hereby grants to Plaid CRA and each FI (and each of their third-party service providers) the non-exclusive and non-transferable right and license to use Licensee’s trademarks and service marks solely in connection with consent management activities, including use associated with End User facing consent management portals operated by Plaid CRA or an FI.
    2. Suspension.  Plaid CRA may suspend Licensee’s access to the FCRA Services or FI Data, in whole or in part, if Plaid CRA determines or reasonably believes that: (a) Licensee has materially breached this Section 7 (FI Data); (b) Licensee’s use of the FCRA Services or FI Data will or has materially violated an agreement between Plaid CRA and an applicable FI; (c) Licensee’s use of the FCRA Services or FI Data will or does pose a risk of material harm, including material reputational harm, to End Users, an FI, or the FCRA Services.  In addition, an FI may suspend Licensee’s access to FI Data with respect to such FI.  For Plaid CRA-required suspensions, Plaid CRA will (i) provide Licensee with at least thirty (30) days’ written advance notice of any such suspension; and (ii) narrowly tailor any such suspension to mitigate Plaid CRA’s risk.  Notwithstanding the foregoing, Plaid CRA may immediately suspend Licensee’s access to any FCRA Services or FI Data without written advance notice if the foregoing (a) – (c) is, in Plaid CRA’s reasonable belief, likely to result in irreparable harm to any End User, FI, the FCRA Services, or Plaid CRA. Plaid CRA will then provide written notice to RealPage (and RealPage will convey such notice to Licensee) as soon as practicable under the circumstances. In addition, an FI may immediately suspend Licensee’s access to FI Data with respect to such FI.
    3. Indemnity.  Licensee will indemnify, defend and hold harmless each FI, Plaid CRA, and the affiliates of each of the foregoing from any claims, actions, suits, demands, losses, liabilities, damages (including taxes), costs, and expenses arising from or in connection with: (a) any Security Breach resulting in unauthorized disclosure of FI Data provided to Licensee hereunder; or (b) Licensee’s unauthorized or improper use of FI Data provided to Licensee hereunder (including any unauthorized Data Sharing, transmission, access, display, storage, or loss).  This Section 7(c) (Indemnity) is not subject to any limitation of liabilities set forth in the Master Agreement.  Each FI is a third-party beneficiary of this Section 7(c) (Indemnity).
    4. Modifications.  Licensee acknowledges that continued access to FI Data provided by certain FIs may necessitate modifications to this Section 7 (FI Data) pertaining to all applicable Plaid CRA Licensees. In such event, Plaid CRA will notify RealPage (and RealPage will convey such notice to Licensee) in writing in a manner consistent with notice to other Plaid CRA resellers/Licensees for the same, including a description of the modifications and the effective date of such modifications.  If Licensee objects to the modifications, its exclusive remedy is to cease any and all access and use of the FCRA Services as it relates to the applicable FI(s).  Continued access to or use of such FCRA Services after the effective date of such modifications to this Section 6 (FI Data) will constitute Licensee’s acceptance of such modifications.
    5. Miscellaneous.  In the event of a conflict with any other agreement or provision (including other provisions within the Master Agreement), the terms and conditions of this Section 7 (FI Data) will govern and prevail.  Capitalized terms used in this Section 7 (FI Data) and not otherwise defined will have the meanings ascribed to them in the Agreement.  All provisions of this Section 7 (FI Data) will remain in force in the event of the termination or expiration of this Section 7 (FI Data), the Agreement, or the Master Agreement.