Wordize Policies

The documents in this section are designed for users, partners, and entities engaging with Smallize’s products and services, including:

• Licensees (individual developers, enterprises, SaaS providers) bound by EULA terms.
• Data Controllers/Processors under GDPR (EU clients or those handling EU data).
• Legal/Compliance Teams ensuring adherence to intellectual property, security, and privacy regulations.
• Global Customers, particularly those subject to Australian law (governing jurisdiction) and GDPR requirements.

The documentation establishes a binding legal framework governing:

• Software Licensing: rights, restrictions, and obligations for product deployment.
• Data Protection: GDPR compliance, AWS-hosted security measures, and cross-border data transfers.
• Intellectual Property: copyright/trademark ownership and DMCA infringement procedures.
• Operational Policies: paperless workflows, payment methods (‘No Checks Policy’), third-party subprocessors, and dispute resolution.

Legal Documents

1. Terms of Use. Establishes binding terms for accessing Smallize’s website/services, governing law (New South Wales, Australia), and liability limitations.

   This section outlines the legal framework for user interactions with Smallize’s digital platforms. Jurisdiction is defined under Australian law, with disputes to be resolved in New South Wales. Key clauses include:

   • Data Transfers: User data (including EU citizens’) is stored in AWS (US) using GDPR-compliant mechanisms (Privacy Shield/Standard Contractual Clauses).
   • Unlawful Content: Smallize reserves the right to remove non-compliant data and supports DMCA takedown procedures.
   • Liability Exclusion: Disclaims responsibility for third-party sites linked from Smallize platforms.

   Key Points:
   Jurisdiction: Binding arbitration in Australia applies regardless of user location.
   GDPR Compliance: Explicit acknowledgment of EU data transfer safeguards.

---

2. End User License Agreement (EULA). Defines software licensing terms, permitted usage, and restrictions across 8 license types (e.g., Developer, Site, OEM).

   The EULA governs software use, redistribution, and compliance requirements. License types vary by user count, deployment scope (internal vs. third-party distribution), and SaaS applicability. Notable provisions include:

   • Redistribution Restrictions: Prohibits reverse engineering, embedded use in competing products, and unauthorized SDK integration.
   • Liability: Limited 30-day warranty; excludes consequential damages.

   Key Points:
   Commercialization Limits: OEM/SDK licenses allow third-party distribution but cap deployments (e.g., Site SDK: 250 customers).
   Automatic Updates: Users implicitly accept revised EULAs upon installing new versions.

---

3. Privacy Policy. Outlines data collection practices, user rights, and third-party sharing (AWS, Google, PayPal).

   Personal data (names, emails, payment details) is collected for account management and marketing. Non-sensitive data is stored securely via AWS. Users retain rights to access/delete data via sales@wordize.com.

   • Subprocessors: Data shared with GDPR-compliant partners (e.g., AWS, Google Analytics).
   • reCAPTCHA: Behavioral tracking to prevent bot activity.

   Key Points:
   EU-US Transfers: AWS infrastructure relies on Privacy Shield/SCCs for GDPR adequacy.
   Children’s Data: Services are not designed for users under 13.

---

4. GDPR Notice. Explains Smallize’s dual roles (Controller/Processor) and compliance measures for EU data subjects.

   As a Controller, Smallize processes user data under “legitimate interests” (e.g., billing, security). As a Processor, it follows client instructions for handling client-uploaded data.

   • Data Transfers: Subprocessors (AWS, Google) comply with GDPR via certification or contractual clauses.
   • User Rights: Requests for access/deletion must be submitted to dpo@smallize.com.

   Key Points:
   Legal Basis: Processing relies on contractual necessity (Art 6(1)(b)) and legitimate interests (Art 6(1)(f)).
   Controller Obligations: Clients must ensure lawful data uploads.

---

5. Security Practices. Implements AWS infrastructure with encryption, backups, and access controls to safeguard data.

   Physical and digital security measures include military-grade AWS data centers, daily backups, and automatic session termination after 30 minutes. Payment data is processed via PCI/DSS-compliant gateways (no local storage).

   Key Points:
   Infrastructure: AWS’s certifications (e.g., ISO 27001) underpin compliance.
   Passwords: Hashed and inaccessible even to Smallize employees.

---

6. Customer Data Security. Relies on AWS’s certified infrastructure for hosting, emphasizing encryption and access logs.

   Data protection is centralized within AWS’s SOC-compliant environment. Smallize maintains exclusive control over guest OS layers, with no AWS admin access.

   Key Points:
   No Third-Party Access: AWS personnel cannot view client data.
   Compliance Alignment: AWS’s certifications validate Smallize’s security posture.

---

7. Third-Party Providers (Subprocessors). Lists third-party providers (AWS, Google, PayPal) for infrastructure, analytics, and payments.

   Subprocessors undergo GDPR and security vetting. AWS hosts data, Google provides analytics, and PayPal handles payments without storing card details.

   Key Points:
   Transparency: Current subprocessors are publicly listed; changes require prior notice.

---

8. Copyright Notice. Claims exclusive rights to website/content; prohibits unauthorized use or trademark infringement.

   All content (text, graphics, code) is protected under Australian/international copyright law. Users may only access materials for informational purposes, not commercial exploitation.

   Key Points:
   Trademark Use: Third parties cannot use Smallize’s brands in ways harming its reputation.

---

9. DMCA Policy. Details procedures for reporting copyright violations via DMCA-compliant notices.

   Valid notices require a signed statement identifying infringed work, infringing URLs, and contact details. Smallize removes violating content promptly but disclaims responsibility for trademark disputes.

   Key Points:
   False Claims: Submitters risk perjury charges for fraudulent takedown requests.

---

10. Paperless Policy. Commits to 100% digital operations to minimize environmental impact.

    Paper use is restricted to rare exceptions (e.g., legal requirements). Communications are electronic-only, with ≤12-hour response times to sales@wordize.com.

    Key Points:
    Efficiency: Digital workflows reduce CO₂ emissions and streamline support.

---

11. No Checks Policy. Prohibits check payments due to inefficiencies, fraud risks, and alignment with Smallize’s paperless initiative, requiring credit card or wire transfers.

    Smallize discontinues check acceptance to mitigate operational risks, including 2-3 week international check clearance delays, mail loss, and fraud vulnerabilities. This policy mandates electronic payments (credit card/wire transfers) to accelerate license delivery and reduce administrative overhead.

    Key Points:
    Geographic Constraints: Critical for Australia-based clients with international payment workflows.
    Payment Security: Wire transfers/credit cards reduce fraud exposure compared to unsecured paper checks.
    Environmental Compliance: Aligns with Paperless Policy goals to minimize carbon footprint.

---

12. Custom Agreements. Restricts pre-purchase negotiations (NDAs/evaluations); requires Enterprise Support for tailored EULAs.

    Pre-sale agreements are prohibited. Limited EULA amendments are permitted via Smallize’s Agreement Wizard, contingent on Enterprise Support purchases.

    Key Points:
    EULA Modifications: Changes outside the Wizard’s scope are invalid.
    No Refunds: Enterprise Support fees are nonrefundable if negotiations fail.

Priority Analysis for Legal Review

• EULA Licensing Types: scrutinize deployment limits to avoid breach risks.
• GDPR Data Flows: verify SCCs/Privacy Shield adherence for EU-US transfers.
• Subprocessor Liability: ensure contracts mandate third-party GDPR compliance.
• DMCA Accountability: train clients to avoid erroneous takedown notices.
• Custom Agreements: highlight risks of non-Wizard EULA edits.

Guidance for Review

1. Prioritize Sections Based on Role:

• Developers: Focus on EULA license types (e.g., Site SDK’s 250-deployment cap) and redistribution prohibitions.
• Enterprises: Review Custom Agreements, GDPR Notice, and Subprocessor liability clauses.
• Compliance Teams: Highlight Security Practices (encryption standards), DMCA takedown protocols, and GDPR’s SCC/Privacy Shield mechanisms.

2. Key Interdependencies:

• The EULA references GDPR Notice for EU data handling and Security Practices for infrastructure safeguards.
• Custom Agreements require adherence to the Terms of Use and Paperless Policy for digital negotiations.

3. Key Considerations:

• Jurisdiction: Disputes fall under New South Wales, Australia, even for non-Australian users.
• Automatic Updates: EULA revisions apply upon installing new software versions (§18 EULA).
• Data Transfers: EU-US data flows rely on AWS’s Privacy Shield/SCC compliance (§4 GDPR Notice).

4. Risk Mitigation:

• Audit Licensing Metrics: Track deployments against SDK/Developer license caps to avoid breaches.
• Dcument Retention: Client Data is deleted 7 days post-account termination unless legally required (§12.3 EULA).
• DMCA Compliance: Submit valid notices to dmca@smallize.com; false claims risk legal penalties.

---

Jump To FAQ