< View All Legal Agreements

Magento Commerce Terms of Service

The following Terms of Service (the “Terms”) apply to your use of Magento Commerce. In the event of a conflict between these Terms and the Magento Commerce Services Agreement or other agreement with us governing your use of our Services (the “Agreement”), these Terms shall control, but only to the extent of such conflict. Capitalized terms used herein but not defined herein shall have the meanings set forth in the Agreement.

  1. You may only use the Services to store, retrieve, query, serve, and execute Your Content that is owned, licensed or lawfully obtained by you. As used in these Terms, “Your Content” includes any “Company Content” and any “Customer Content”. As part of the Services, you may be allowed to use certain software (including related documentation) provided by us or third party licensors. The Services are neither sold nor distributed to you and you may not use it for any purpose not expressly authorized in this Agreement unless we provide specific written authorization to do so.  We may subcontract, outsource or OEM any part of the Services in Magento’s sole discretion.
  2. Customer shall provide Magento with accurate, current and complete information on Customer’s legal business name, address, email address, and phone number, and maintain and promptly update this information if it should change. The Customer shall provide and maintain accurate and current information on the Customer’s Account. The Customer shall also provide and maintain accurate and current contact information for the “Release Manager” (a technical resource of the Customer or acting on behalf of the customer who is authorized to push software updated to the production environment).
  3. You must comply with the current technical documentation applicable to the Services (including the applicable developer guides) as posted by us and updated by us from time to time on the Magento Site. In addition, if you create technology that works with a Service, you agree that all such technology is subject to the Agreement and you must comply with the current technical documentation applicable to that Service (including the applicable developer guides) as posted by us and updated by us from time to time on the Magento Site.
  4. You will provide information or other materials related to Your Content (including copies of any client-side applications) as reasonably requested by us to verify your compliance with the Agreement. We may Access and monitor Your Content to verify your compliance with the Agreement. You will not block or interfere with our monitoring. You will reasonably cooperate with us to identify the source of any problem with the Services that we reasonably believe may be attributable to Your Content or Modifications, or any end user materials that you control.
  5. If we reasonably believe any of Your Content violates the law, infringes or misappropriates the rights of any third party or otherwise violates a material term of the Agreement (including any Policy) (“Prohibited Content”), we will notify you of the Prohibited Content and may request that such content be removed from the Services or access to it be disabled. If you do not remove or disable access to the Prohibited Content within two (2) business days of our notice, we may remove or disable access to the Prohibited Content or suspend the Services to the extent we are not able to remove or disable access to the Prohibited Content. Notwithstanding the foregoing, we may remove or disable access to any Prohibited Content without prior notice in connection with illegal content, where the content may disrupt or threaten the Services, pursuant to the Digital Millennium Copyright Act or as required to comply with law or any judicial, regulatory or other governmental order or request. In the event that we remove content without prior notice, we will provide prompt notice to you unless prohibited by law.
  6. You will ensure that all information you provide to us via the Magento Site (for instance, information provided in connection with your registration for the Services, requests for increased usage limits, etc.) is accurate, complete and not misleading.
  7. From time to time, we may apply upgrades, patches, bug fixes or other maintenance to the Services (“Maintenance”) and you agree to use reasonable efforts to comply with any Maintenance requirements that we notify you about.
  8. Based on the observed load on the Production Instance, Magento will take reasonable action to maintain the Site(s) performance. Customer agrees that Magento can unilaterally decide to increase the server capacity beyond the Baseline Server Configuration. Magento will make reasonable efforts to contact the Customer when server capacity increases are required. The Customer may contact Magento to schedule additional server capacity when increased server demands are anticipated.  Any provisioned server capacity shall remain in place for a minimum of five (5) days.  Additional server capacity may incur additional fees.  Magento reserves the right to not increase server capacity if it determines that additional capacity is unlikely to improve performance such as when the overload is due to customizations, extensions, Third Party Content, errant code, or due to a denial of service (DDOS) attack.  Customer acknowledges that Magento may also decide not to provision additional server capacity if the Customer’s account is in arrears. 
  9. Customer shall authorize access to and assign unique passwords and user names to all users of the service. User logins are for designated users and cannot be shared or used by more than one user, but any user login may be permanently reassigned to another user as needed.  Customer will be responsible for the confidentiality and use of user’s passwords and user names. Customer will also be responsible for all electronic communications, including those containing business information, account registration, account holder information, financial information, Customer Content, and all other data of any kind contained within emails or otherwise entered electronically through the Service or under Customer’s Account. Magento will act as though any electronic communications it receives under Customer’s passwords, user name, and/or account number will have been sent by Customer. Customer shall use commercially reasonable efforts to prevent unauthorized access to or use of the Service and shall promptly notify Magento of any unauthorized access or use of the Service and any loss or theft or unauthorized use of any user’s password or name and/or Service account numbers. 
  10. The Customer shall specify in the Order Form which Amazon Web Services (AWS) Location shall be used for both the Production Instance and non-production (PaaS) instance of the service. The selected production Location of the Service may affect prices. Any changes or migrations to different AWS regions for either the Production Instance or the non-production (PaaS) instance will incur additional charges and possibly changes to the prices for the Service.  The number of AWS Availability Zones in the Selected AWS Region may limit the redundancy of the Production Instance.
  11. Customer is responsible for all activities conducted under its User logins and for its Users' compliance with this Agreement.  Customer’s use of the Services shall not include service bureau use, outsourcing, renting, reselling, sublicensing, concurrent use of a single User login, or time-sharing of the Service.  Except as expressly authorized in the Agreement, Customer shall not and shall not  permit any third  party  to:  (a) copy,  translate,  create  a  derivative  work  of, reverse  engineer,  reverse assemble, disassemble, or decompile the Services or any part thereof or otherwise attempt to discover any source code or modify the Services in any manner or form; (b) access or use the Services to circumvent or exceed Services Account limitations or requirements; (c) use the Services for the purpose of building a similar or competitive product or service, (d) obtain unauthorized access to the Services (including without limitation permitting access to or use of the Services via another system or tool, the primary effect of which is to enable input of requests or transactions by other than authorized Users); (e) use the Services in a manner that is contrary to applicable law or in violation of any third party rights of privacy or intellectual property rights; (f) publish, post, upload or otherwise transmit Customer Content that contains any viruses, Trojan horses, worms, time bombs, corrupted files or other computer programming routines that are intended to damage, detrimentally interfere with, surreptitiously intercept or expropriate any systems, data, personal information or property of another; or (g) use or permit the use of any tools in order to probe, scan or attempt to penetrate or benchmark the Services with the exception of tools necessary to validate the performance or security of the Customer’s Site(s).  Customer shall comply with all applicable local, state, federal, and foreign laws, treaties, regulations, and conventions in connection with its use of the Services, including without limitation those related to privacy, electronic communications and anti-spam legislation. 
  12. Customer will maintain and implement commercially reasonable information and data security guidelines for maintaining security controls as it relates to the Customer Information.  At a minimum, Customer’s information security guidelines shall include (i) a requirement that Customer shall comply, in all material respects, with applicable Laws, (ii) a plan to assess and manage system failures, (iii) a regular assessment of data security risks, with adjustments made to the data security program to reduce such risks, and (iv) notice and incident response procedures. Customer agrees that Magento shall have Access to the Customer’s Account for the purposes of ensuring that Customer has met its security obligations and for monitoring Customer’s compliance with the terms of the Agreement.
  13. Customer shall comply with the export laws and regulations of the United States and other applicable jurisdictions in using the Service and obtain any permits, licenses and authorizations required for such compliance. Without limiting the foregoing, (i) Customer represents that it is not named on any U.S. government list of persons or entities prohibited from receiving exports, (ii) Customer shall not permit Users to access or use the Service in violation of any U.S. export embargo, prohibition or restriction, and (iii) Customer shall comply with all applicable laws regarding the transmission of technical data exported from the United States and the country in which its Users are located.  Customer will not send any Electronic Communication from the Service that is unlawful, harassing, libelous, defamatory or threatening. Except as permitted by this Agreement, no part of the Service may be copied, reproduced, distributed, republished, displayed, posted or transmitted in any form or by any means.  Customer agrees not to access the Service by any means other than through the interfaces that are provided by Magento.  Customer will not in any way express or imply that any opinions contained in Customer’s Electronic Communications are endorsed by Magento.  Customer shall ensure that all access and use of the Service by Users is in accordance with the terms and conditions of this Agreement. Any action or breach by any of such User shall be deemed an action or breach by Customer.
  14. Customer agrees that: (i) Magento is not acting on Customer’s behalf as a Business Associate or subcontractor; (ii) the Service may not be used to store, maintain, process or transmit protected health information (“PHI”) and (iii) the Service will not be used in any manner that would require Magento or the Service to be compliant with the Health Insurance Portability and Accountability Act of 1996, as amended and supplemented (“HIPAA”).  In the preceding sentence, the terms “Business Associate,” “subcontractor,” “protected” health information” or “PHI” shall have the meanings described in HIPAA.
  15. Customer acknowledges and understands that, notwithstanding the Location designations specified by Customer, the Customer Content could be hosted, transferred or stored outside the United States or the European Economic Area based on Third-Party Applications or Third-Party Web Services. It is Customer’s responsibility to negotiate any cross-border data transfer restrictions with such third parties.
  16. Customer shall only use payment gateways that support the direct submission of Cardholder Data from the customer’s browser to the payment gateway via a direct http POST, hosted fields or embedded iFrame methods. Customer may not develop any Modifications to the Software or Services to interface or process Cardholder Data of any kind. Customer shall ensure that the Software, Services, and Hosting Services do not store, transmit, process or tangentially process any Cardholder Data of any kind. Customer will defend, indemnify, and hold harmless Magento, its Affiliates and licensors, and each of their respective employees, officers, directors, and representatives from and against any Losses arising out of or relating to any claim concerning Customer’s breach of this Section. The foregoing obligation shall be governed by the indemnification procedures under Section 9.3 of the Agreement and shall not be subject to the limitations set forth in Section 11 of the Agreement. “Cardholder Data” means “cardholder name, expiration date and/or service code See Sensitive Authentication Data for additional data elements that may be transmitted or processed (but not stored) as part of a payment transaction.”
  17. Prior to launching any Site and within 30 days of subsequent request from Magento during the Term, Customer shall provide Magento with appropriate certification of Tier 1 Merchant compliance for all applicable PCI Data Security Standards and Payment Application Data Security Standards issued by the PCI Security Standards Council, or any successor compliance certificates, including, without limitations, PCI DSS (PCI Data Security Standard) v.2.0 as any such standards may be amended, update, or revised during the Term. 
  18. Customer agrees that Magento and the Service will not be used to host other third party software applications that are not directly dependent on the Software.
  19. Customer is solely responsible for the accuracy, completeness, and timeliness of the Customer Content, and the content of the Site(s) and for any decision made or action taken by Customer, any end user, or any third party in reliance upon any Customer Content or content on the Commerce Channels. Customer agrees that Magento’s sole obligation in this regard is to accurately reproduce such Customer Content on Customer’s instruction as provided in this Agreement.
  20. Customer shall add Magento to Customer’s master New Relic, Inc. (“New Relic”) account for any new or existing New Relic extension installed in the Magento Software by Customer.
  21. Magento may from time to time specify other analytics data services or analytics products, software or technologies that perform the same or similar functions as New Relic.  Customer shall comply with any such new data analytics requirements as directed by Magento.
  22. Customer hereby grants Magento a non-exclusive, worldwide, irrevocable, perpetual, royalty-free right and license to use all Customer data that Magento may obtain through (a) Accessing the Sites, (b) providing the Services, (c) access to data from third parties regarding Customer’s use of Third Party Applications or Third Party Web Services or other Third-Party Content (including analytics data and any unique account identifiers) for the purposes of (i) providing Support Services and other services to Customer; (ii) improving the Magento Software and the Services; (iii) performing analyses related to the Magento Software and Customer’s use of the Magento Software and the Services.  The foregoing license includes the right for Magento to develop and publish or otherwise make available broadly applicable insights regarding aggregated data but only when the data has been aggregated or de-identified so that such insights cannot reasonably be used to identify End-Users or the Customer.