End-User License Agreement (EULA)

Legal Authority 

You represent and warrant that you are at least 18 years of age and you possess the legal authority and capacity to enter into and be bound by this Agreement under any applicable law. If you do not, then you may not download, install, access, or use the Platform.


We may modify this Agreement at any time by sending you a notification, including, without limitation, within the Platform. Such modifications shall take effect within ten
(10) days of such notice. Your continued access and use of the Platform after such time constitutes your acceptance of the updated Agreement.


During the Term (defined below) and subject to the terms of this Agreement (including, without limitation, the restrictions set forth in Section 4 below and the restrictions within the Commercial Agreement) and solely for the Institution’s internal business purposes, we hereby grant you a non-exclusive, revocable, non-perpetual, non-sublicensable, non-transferable, non-assignable limited license to install and maintain a single copy of a downloadable portion of Platform we make available to you on a single device and access and use the Platform through such copy.


You may not, and may not encourage any other person or entity to:

(A) copy, sell, resell, lease, lend, rent, share, make available the Platform, including, over a network, or in any service bureau or managed services arrangement;

(B) reverse engineer, decompile, decrypt, disassemble or otherwise attempt to derive, discover or reconstruct the source code of, modify, adapt, translate, or create derivative works based upon the Platform;

(C) use the Platform to develop a competing or similar product or service;

(D) remove, modify, or conceal any product identification, copyright, proprietary, intellectual property notices or other marks on or in the Platform;

(E) circumvent, disable or otherwise interfere with security-related or restrictive features of or limitations in the Platform;

(F) use the Platform to develop or in the development of any material which is infringing, libelous, or otherwise unlawful or tortious material, any material in violation of third-party privacy rights, or is malicious Code or software containing viruses or malware;

(G) use any robot, spider, scraper, or other automated means to use or access the Platform for any purpose;

(H) take any action that imposes or may impose (at our sole discretion) an unreasonable or disproportionately large load on our or our third-party service providers’ infrastructure; or (g) perform or publish the results of any benchmark testing on or of the Platform, unless otherwise permitted by law, in which case you shall not do so without first providing us a copy of such results and permitting us to comment on them.

For clarity, references to the Platform in this paragraph include any portion of the Platform. The restrictions in this Section 4 shall be deemed limitations on the scope of the license granted herein.


Any access and use of the Platform are subject to payment of fees by you, in accordance with the Commercial Agreement, as may be amended from time to time. We may suspend or terminate your access and use of the Platform in the event of any failure to pay any such amounts.

Intellectual Property Rights

You are granted a license to use a copy of the Platform as set forth in this Agreement and not ownership of the Platform or any portion thereof. Except for the limit license granted herein, we reserve all right, title, and interest, including all intellectual property rights, in and to the Platform and tools, including any modifications, improvements, additions and/ or derived work under this agreement.

Export Laws

Without limitation to Section 4 (Restrictions), you shall comply with all applicable export laws and regulations, and not, directly or indirectly, export or re-export the Platform or any portion thereof in violation of, or used for any purposes prohibited by, such laws and regulations, including without limitation, those of the United States or the State of Israel.


In order to access and use the Platform or certain features of the Platform, you may be required to create or access the Platform using an account (“Account”). You agree to provide accurate and complete information, and not to impersonate any person, in connection with your Account and the creation of your Account. You agree to keep your Account credentials secure and not to share them with others. You agree that you are responsible and liable for all activity that occurs on or through your Account as if committed by you.

Support and Updates

Our services include ongoing support services via email and telephone (the “Support“), version upgrades, patch or software release (collectively, “Updates”), maintenance and adjustments to API changes on social media platforms. However, in the event we make available or prompt you to download and install any Update you shall promptly download and install such Update. You acknowledge that failure to do so may result in damages or losses to you, your property or your customers or their property (including, without limitation systems and data) or to others. Support is provided by our team via email and telephone from Sundays to Thursdays, from 09 AM to 06 PM in which inquiries regarding malfunctions shall be responded within an hour from receiving of such report. However, support of malfunctions that do not disable activity shall granted up to three hours upon receiving a report. A full-time, 24/7, support service can be provided to clients upon additional monthly payment and shall be determined as a part of the Commercial Agreements’ terms.

Commercial Agreement Terms

The terms of Commercial Agreement, determined and executed prior to signing this agreement, shall include:

(A) the installation method: (i) isolated Node cloud installation (monthly); or (ii) on consumer’s site (considering conditions such as maintenance additional costs, remote access and software, infrastructures and more);

(B) the installation price including system setup, characterization of work processes at the call center and their assimilation in the system;

(C) management training;

(D) agent training;

(E) If applicable, integrations based on Our AOIs of the following CRM, switchboard systems and exterior SMS provider that shall be executed in collaboration with You and priced at a different rate, on an hourly basis;

(F) if applicable, Installation on the Customer’s Servers;

(G) if applicable, additional 10GB storage in addition to the basic cloud Services set forth in this section are based on our cloud service (AWS), which grants customer to enjoy occasional version upgrades transparently and at no additional costs; and (h) SMS channel with one virtual access number and (additional numbers shall be provided upon monthly subscription fee paid to the cellular provider. The package shall include 100,000 SMS messages which shall be priced on the Commercial Agreement. SMS package is not included in the price of the standard package and requires renewal upon completion of the SMS messages included in the package. All three SMS numbers are considered as one channel. One SMS is calculated by 68 characters.

Your Content

To the extent you upload to the Platform or otherwise provide or make available to us any information, images, text, and other content and materials (“Your Content”), you hereby grant us a non-exclusive, royalty-free, sublicensable, transferable, and worldwide license to reproduce, modify, create derivative works based upon, display, perform (including publicly), broadcast and use Your Content in order to provide and make the Platform available to you. You represent and warrant that you own or have obtained the rights to all of the intellectual property rights subsisting in Your Content and the right to grant us the foregoing license; and your use of Your Content in connection with the Platform, and our use of Your Content in accordance with

this Agreement does not infringe or violate any intellectual property rights or other rights of any third party or any applicable law. You shall remain solely responsible and liable for Your Content and shall defend, indemnify, and hold harmless us and our affiliates from and against any claims, actions, demands, proceedings, damages, liabilities, losses, costs and expenses (including reasonable attorney’s fees and litigation costs) arising out of (a) Your Content, (b) our receipt and use of Your Content in accordance with this Agreement, and (c) your breach of this Section 11.

Personal Data

We collect personal data in connection your access and use of our website, the Platform and use and process of such personal data in accordance with our privacy policy, available on our website, CommBox.io as may be updated from time to time. To the extent permitted by applicable law, you agree to such collection and processing of personal data relating to you. Notwithstanding anything to the contrary, we may collect, derive, use and process anonymous, statistical, or aggregated information regardless of the manner collected or derived, for any purpose.

Term, Suspension and Termination

A Project commencement date shall be up to one month as of signing the Commercial Agreement. Your annual obligation to our services shall start as of the fourth month. This Agreement shall remain in effect until terminated by you or us. You may terminate this Agreement anytime by uninstalling any portion of the Platform installed on your devices, and cease to access and use the We may terminate this Agreement at any time for any reason. Without limitation to the foregoing, we may immediately temporarily or permanently limit, suspend or terminate your use of the Platform and/or deny access to your Account, in the event of (a) your breach of this Agreement, (b) any breach of the applicable Commercial Agreement, or any failure to pay amounts due in connection with your use of the Platform, or (c) if we believe that the Platform is being accessed or used, including through your or your Institution’s Account or otherwise, in a manner that may cause harm to you, to us or any third party, property, or which is in violation of any law or intellectual property, privacy.

Effect of Termination

Upon termination of this Agreement, the license shall terminate and you shall cease all use and access of the Platform, and uninstall and delete all downloaded portions of the Platform. You are solely responsible for the backup of Your Content. This Section 14 and Sections 4 (Restrictions), 5 (Intellectual Property Rights), 7 (Export Laws), 8 (Account), 15 (Disclaimer), 16 (Limitation of Liability), 17 (Assignment), 18 (Governing Law; Jurisdiction), 19 (Miscellaneous) shall survive termination or expiration of this Agreement.


The platform (and any materials, services or other output provided by us or through or in connection with the platform), is provided on an “as is” basis, without warranties of any kind, whether express, implied, or statutory, including without limitation, of merchantability, title, non-infringement, compatibility or fitness for a particular purpose, or that may arise in the course of dealing or usage of trade. furthermore, we make no, and hereby disclaim any warranty that the platform will meet your requirements, be accurate, error free, or free of viruses or harmful code of any kind. the disclaimers herein apply to the maximum extent permitted by applicable law. without detracting from the generality of the

Foregoing, commBox and/or other parties on its behalf accept no liability for any damages relating to third-party products or services (such as whatsapp that have no official api, facebook, etc.), including their availability and the manner at which they are being used. any use made by the customer of third-party products and services, through or in connection with the system, will be at the responsibility of the customer and subject to the terms of use of these third parties.

Limitation of Liability 

Notwithstanding anything to the contrary

(A) We and our affiliates and our and their licensers, shall not be liable for any indirect, special, incidental, punitive, exemplary or consequential damages or losses, or loss or damage to profits, savings, business, reputation, goodwill, data;

(B) The total cumulative liability of commbox, our affiliates, and our and their licensors in connection with this agreement, the platform (or your use or inability to use the platform), shall not exceed the lesser of (i) the fees paid by you to us pursuant to this agreement during the three (3) months prior to the event giving rise to the cause of action or (ii) us$100.00;

(C) You agree that any cause of action that you may have arising out of or related to this agreement or the platform must commence within one (1) year after the cause of action accrues. otherwise, such cause of action is permanently barred; and

(D)  The exclusions and limitation of liability set forth herein shall apply to the maximum extent permitted by law, and regardless of (i) foreseeability or whether we or our affiliates or such licensors were warned of the possibility of damage or losses, (ii) how the damages or losses are caused, and (iii) the theory of liability or cause of action (whether for breach of contract, tort (including negligence and strict liability), or otherwise). This section 16 is an essential basis of the bargain and part of this agreement.


You may not assign, transfer or delegate this Agreement, any portion thereof, or any rights or obligations under this Agreement, but we may do so without restriction. Any assignment or delegation, or attempted assignment or delegation, in violation of the above shall be null and void. Subject to this Section 17, this Agreement shall bind and benefit each of our successors and valid assigns.

Governing Law; Jurisdiction

This Agreement, the subject matter thereof, and all conflicts or disputes related to the foregoing, shall be governed and construed solely in accordance with the laws of the State of Israel, without giving effect to conflicts of law principles thereof. The courts of competent jurisdiction located in Tel Aviv, Israel, shall have jurisdiction in any such conflicts or disputes, and you agree to, and waive and agree never to assert all claims with respect to such venue and jurisdiction, including without limitation, of inconvenient forum (forum nonconveniens). Notwithstanding the above, we may, in our sole discretion apply to any court of a competent jurisdiction, no matter where such court is located, for a temporary restraining order, preliminary injunction or interim relief, or other equitable relief, including without limitation to prevent irreparable harm.


This Agreement constitutes the entire agreement with respect to the subject matter thereof and supersedes all prior or contemporaneous oral or written agreements between you and CommBox, except the Commercial Agreement, if you personally have entered into such agreement with us. This Agreement may not be amended other than with the written agreement of a duly authorized representative of CommBox. No approval, consent, waiver, or other writing by either of us in connection with this Agreement shall be valid unless signed in writing by an authorized representative of such party. Unless expressly agreed otherwise, no waiver of any breach of this Agreement will be deemed a continuing waiver or effective as to any other breach, whether of the same or any other term or condition. In the event that any of these covenants or provisions is for any reason adjudged, decreed or ordered by any court of competent jurisdiction to be unenforceable in any respect, such covenants or provisions will be deemed modified to the extent necessary to render all of them enforceable and such judgment, decree or order will not affect, impair or invalidate any of the remaining covenants or provisions of this Agreement. Headings used in this Agreement are for convenience only and are not intended, and shall not be used for the purposes of interpreting or construing this Agreement. The prevailing party in any action in connection with this Agreement shall be entitled to recover, in addition to damages, its reasonable attorneys’ fees and costs incurred in connection therewith.

Data Processing Addendum (DPA)

This Data Processing Addendum (“Addendum”) applies pursuant to, and supplements, the Master Services Agreement (“Agreement”) entered into by _____________ (“Controller”) and CommBox Communication and Automation LTD. (“Processor”).

1. Select Definitions. The following terms, when capitalized and used in this Addendum (unless otherwise indicated), shall have the meaning set forth below. Any capitalized terms not defined in this Addendum shall have the meanings given to them in the Agreement.

1.1. “Anonymous Information” means information which does not relate to an identified or identifiable natural person or to Personal Data rendered anonymous in such a manner that the data subject is not or no longer identifiable.

1.2.Applicable Law” means any law, regulation, ordinance, rule, or order of any governmental or judicial body which applies.

1.3.Consent” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

1.4.Data Protection Laws” means all laws and regulations, ordinances, rules, or orders of any governmental or judicial body, which applies to the Processing or protection of Personal Data, such as GDPR and CCPA.

1.5.Controller Personal Data” means any Personal Data which is supplied or made available by Controller or on its behalf and Processed by Processor or on its behalf in connection with the Services (defined below).

1.6. “EU Data Protection Laws” means the GDPR and any law, statute, declaration, decree, directive, legislative enactment, order, ordinance, regulation, rule or other binding instrument which implements the GDPR, the Data Protection Directive 95/46/EC and the e-Privacy Directive 2002/58/EC, or any decision, directive or regulation of the EU Parliament, EU Commissions, EU Court of Justice or other body, as any of the above may amended, replaced or superseded from time to time.

1.7.GDPR” means Regulation (EU) 2016/679 (General Data Protection Regulation).

1.8. “CCPA” means the California Consumer Privacy Act of 2018 and the regulations issued thereunder.

1.9.Personal Data” shall have the meaning ascribed to the terms “personal data”, “personal information”, or other such terms as provided under applicable Data Protection Law. It means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.10.Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

1.11.Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, destruction and any automated mean necessary for the improvement of the Services, including without limitation, AI learning and testing, machine learning models and any other automated model required for the Services.

1.12.Services” means the products, services and other activities to be supplied or carried out by or on behalf of the Processor or its affiliates pursuant to the Agreement.

1.13.Subprocessor” means any third party appointed by or on behalf of Processor to Process Controller Personal Data in connection with the Services or this Addendum.

  1. Processing Personal Data. Processor shall only Process Controller Personal Data pursuant to the Controller’s documented instructions. Controller hereby instructs Processor to Process Controller Personal Data as needed in order to perform the Services or to comply with the Agreement or Applicable Law.

  2. Description of Processing. The subject-matter and duration of the Processing to be performed, the nature and purpose of such Processing, the type of Personal Data and categories of data subjects and the obligations and rights of the Controller in respect of such Processing, is set forth in Annex 1 (Description of Processing), attached hereto.

  3. Confidentiality. Processor shall only authorize persons to participate in the Processing of the Controller Personal Data who have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

  4. Data Subject Rights. Taking into account the nature of the processing, Processor shall assist the Controller by appropriate technical and organizational measures, insofar as this is possible and at the Controller’s expense, for the fulfilment of the Controller’s obligations as a data controller under EU Data Protection Laws to respond to requests for exercising of data subject’s rights pursuant to EU Data Protection Laws.

  5. Assistance. Processor shall assist Controller, at Controller’s expense, in complying with its obligations pursuant to Articles 32 to 36 of the GDPR as may be relevant to Processing of Controller Personal Data performed by Processor and taking into account the nature of processing and the information available to Processor.

  6. Notifications of Data Breach. Processor shall notify Controller without undue delay after becoming aware of a Personal Data Breach. Such notice shall (a) describe the nature of the personal data breach, including, where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned; (b) communicate the name and contact details of the data protection officer or other contact point of Processor where more information, if available, can be obtained; (c) describe the likely consequences of the Personal Data Breach; and (d) describe the measures taken or proposed to be taken by Processor to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects. Where, and in so far as, it is not possible for Processor to provide such information at the same time, the information may be provided in phases without undue further delay.

  7. Demonstrating Compliance; Audits. Each Party shall, following the other Party’s written request and at such requesting Party’s expense, make available to the other all information necessary for the requesting Party to demonstrate compliance with the obligations applicable to it pursuant to Article 28 of the GDPR and to allow for and contribute to audits, including inspections, conducted by such Party or its designated auditor. All audits of another Party shall be performed at a time and manner determined jointly by the Parties, and in any case in a manner which does not interfere with the operations of the audited Party, and not more than a reasonable number of times in any given period. The auditing Party shall be responsible for all costs and expenses incurred by the audited Party as a result of the audit. All information learned or obtained during such audits shall be deemed Confidential Information of the audited Party and any third-party person or entity participating or performing the audit shall execute a non-disclosure agreement with the audited Party at least as protective of such Confidential Information as the relevant provisions of the Agreement. Each Party shall immediately inform the other if, in its opinion, an instruction or request made pursuant to this Section 8‎ infringes this Regulation or other Union or Member State data protection provisions.

  8. Deletion or Return of Data. Processor shall delete or, at the Controller’s expense, return all Controller Personal Data to the Controller following termination of the provision of Services, and in case of returning the Controller Personal Data, delete remaining copies thereof. Unless Controller notifies Processor otherwise in writing within 30 days of termination of the Services or Agreement (the earlier of the two), Controller hereby authorizes Processor to delete the Controller Personal Data. Notwithstanding the above, Processor may retain Controller Personal Data to the extent EU Data Protection Laws or the laws of any European Union member state require storage of such Personal Data.

  9. Security

10.1. Processor and Controller shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. Such measures may include, inter alia, as appropriate: (1) the pseudonymization and encryption of personal data; (2) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (3) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and (4) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing. In assessing the appropriate level of security, Controller and Processor shall take account in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed.

10.2. Controller and Processor shall each take steps to ensure that any natural person acting under their respective authority who has access to Controller Personal Data does not Process such Controller Personal Data except on instructions from the Controller (including as set forth in Section ‎2 above), unless required to do so by EU Data Protection Laws or the laws of any European Union member state.

  1. Subprocessors.

11.1. Controller agrees that Processor may engage all of Processor’s affiliates and any reseller of insurance products with which the Controller is engaged as sub-processor.

11.2. Processor only engage Subprocessors pursuant to an agreement containing similar data protection obligations on the Subprocessor which apply to Processor in this Agreement.

11.3. Engagement of a Subprocessor by Processor shall not derogate from Processor’s obligations to Controller under this Agreement.

  1. International Transfers. The Controller hereby instructs Processor to transfer, and approves the transfer of, the Controller Personal Data to third countries, including, without limitation, countries outside of the European Union and European Economic Area, to the extent needed in order to perform the Services.
  2. Anonymous Information. The obligations of Controller hereunder do not concern the Processing of Anonymous Information, including, without limitation, Anonymous Information derived or rendered from Controller Personal Data, which Controller and its affiliates may use without restriction.
  3. Controller’s Responsibility.

14.1. Controller represents, warrants, and undertakes that all Controller Personal Data is and shall be collected, obtained and provided or made available to Processor (or anyone on its behalf) in accordance with all Applicable Laws, including EU Data Protection Laws. Controller agrees that it is solely liable for the legality of (and any claims of violations of any Applicable Laws relating to) the Processing of the Personal Data by Processor (or its Subprocessors) which is done in accordance with the Agreement and this Addendum. Without limitation of the foregoing, Controller will indemnify, keep indemnified and harmless Processor, its subcontractors and affiliates (each an “Indemnified Party) from and against all third party loss, harm, cost (including reasonable legal fees and expenses), expense and liability that an Indemnified Party may suffer or incur as a result of Controller’s non-compliance with the requirements of this Addendum.

14.2. Controller represents, warrants, and undertakes that it does and shall (a) post a privacy policy on its website describing its receipt, collection, use and Processing of Personal Data (“Privacy Policy”) which complies with all Data Protection Laws and other Applicable Laws,

14.3. Controller shall notify Processor in writing of the specific categories of individuals and the locations and nationalities of the individuals from or about whom the Controller Personal Data relates a reasonable amount of time in advance of collecting, processing the Personal Data in connection with the Services or making available such Personal Data to Processor, in order to enable Processor to assess the impact of the requirements of any Applicable Law and implement the necessary measures (such notice, “Personal Data Notice”). Controller represents, warrants, and undertakes that except as expressly set forth in Annex 1 and as notified to Processor in accordance with this Section ‎14.3, the Controller Personal Data is not, does not and shall not include (a) the categories of Personal Data described in Article 9(1) of the GDPR (sensitive or special categories of data) or “genetic data”, “biometric data”, “data concerning health” as such terms are defined in the GDPR; (b) “Personal Health Information” as such term is defined in 45 C.F.R. §160.103; (b) the data of children under the age of 18 years of age, including, without limitation, “Personal Information” of a “Child” as such terms are defined in 15 C.F.R. §312.2; or (c) data collected from or relating to persons residing outside the United States (other than negligible amounts of data unknowingly collected), or, to the knowledge of Controller, “Consumers” as defined under Cal. Civil Code §1798.140, and additionally that Controller is not a “Business” as defined under Cal. Civ. Code §1798.140.

  1. Changes in Law. In the event that Processor at any time determines that the use of the Services or Processing of the Controller Personal Data, or any change in any Applicable Law, require the execution of additional agreements or documentation, including, without limitation, amendments to the Agreement or this Addendum, Controller shall promptly execute such agreements or documents.

  2. Applicable Law. Notwithstanding anything to the contrary, Processor reserves the right to comply with Applicable Law, and may refuse to comply with any Processor instruction or request or to take any action or perform any Processing, to the extent Processor reasonably believes that such instruction, request, act or Processing violates Applicable Law. In such case, Processor shall, to the extent permitted by Applicable Law, notify Controller of such refusal and the relevant Applicable Law.

  3. Governing Law; Jurisdiction. This Addendum, the subject matter thereof, and any disputes relating to the foregoing shall be subject to the laws of the jurisdiction set forth in the Agreement, and any such disputes shall be exclusively adjudicated in by the competent courts of the jurisdiction, city or county set forth in the Agreement.

  4. Incorporation to Agreement. This Addendum is hereby incorporated into and made part of the Agreement. Unless a provision of the Agreement expressly states that it overrides this Addendum, in the event any provision of this Addendum expressly contradicts any provision of the Agreement, the provisions of this Addendum shall prevail to the extent necessary in order to resolve such contradiction.

Annexes – Description of Processing

  1. Subject matter and duration of the Processing of Controller Personal Data
  2. The nature and purpose of the Processing of Controller Personal Data
  3. The types of Controller Personal Data to be Processed, including special categories of data

Data submitted by, and collected automatically about or from the devices and networks of, end users of the Controller (including without limitation, personnel of the Controller), including, without limitation:

4. The categories of Data Subjects to whom the Controller Personal Data relates

5. The obligations and rights of Controller

We have rebranded blank

Thank you BumpYard. Hello CommBox

Say hello to CommBox.io, the intelligent customer communication center for live and automated interactions.

We’re extremely excited to announce that we have changed our company name to CommBox. It’s still the same company with the same awesome people! just a new name, a fresh look, and a brighter future.

Read full story