Avalara Partner Program General Terms and Conditions


Summary of changes
Modifications effective December 1, 2023 will not apply to current program participants until the expiration of the 30-day notice period on January 1, 2024.

Table of Contents

These Avalara Partner Program General Terms and Conditions (the “General Partner Terms”), together with any applicable document used to describe a partnership between Avalara and Partner (the “Partner Agreement”), such as the Avalara Partner Program Agreement and the terms of Avalara’s Partner Programs, govern Avalara’s offering of, and Partner’s participation in, Avalara’s Partner Programs (each, a “Program”). These General Partner Terms together with the Partner Agreement comprise the “Agreement” and constitute a binding agreement between Avalara and Partner (each, a “Party”). Partner agrees to be bound by these General Partner Terms by executing, including clicking through, any document that references these General Partner Terms.
  1. Definitions. Unless otherwise defined in the Agreement, capitalized terms have the following meanings:
Affiliate” means an entity that controls, is controlled by, or is under common control with a Party. For this definition, “control” means direct or indirect ownership of more than 50% of the voting interests of the subject entity.
Avalarameans Avalara, Inc. a Washington corporation and its Affiliates.
Avalara Add-On Services” means AvaTax support plans, training services, and sales and use tax registration services, among others. Avalara Add-On Services do not include any other Professional Services offered by Avalara or any Avalara Affiliates.
Avalara CertCapture” or “CertCapture” means Avalara’s CertCapture Service for exemption certificate storage and management.
Avalara Product” means any Avalara Property, Avalara Add-On Service, and other Avalara products or services.
Avalara Property” means all products and services offered by Avalara, including, without limitation, Avalara AvaTax, Avalara Returns, Avalara CertCapture, the Avalara SDK, and other Avalara products and services.
Avalara Professional Services or Professional Services” means services supplemental to the Avalara Services, including professional consulting services, to be performed for Customers by Avalara’s employees or contractors, as specified in the applicable Order Document.
Avalara Returns” means the software application for compliance, preparation, and management of sales and use tax returns, treasury, remittance, and notice management, including all updates, upgrades, and accompanying documentation.
Avalara SDK” means the AvaTax software development kit that enables developers to integrate applications into and is a part of the Service.
Avalara Technology” means the technology and Intellectual Property that Avalara uses to provide its products and services, including computer software programs, websites, networks, and equipment. Avalara Technology includes all Avalara Products, Avalara Property, and the Partner Portal.
AvaTax or Avalara AvaTax” means Avalara’s AvaTax Service for calculating transactional taxes on the sale of goods and services, including sales, use, and value added taxes.
Certificate” means, with respect to CertCapture, each unique image file of a form document for a single jurisdiction uploaded to the CertCapture Service.
Certification” means that Partner has completed the process to ensure the Connector functions in accordance with Avalara’s requirements, and Avalara has provided final approval and acceptance of the Connector. A Connector is “Certified” if Avalara issues Certification.
Certification Documentation” means documentation made available to Partner that outlines the requirements to successfully complete Certification. Certification Documentation may be updated from time to time by Avalara in its sole discretion, and Partner may be required to fulfill additional requirements in order to retain such Certification.
Certification Logo” means the visual representation provided by Avalara to Program applicants that signifies Certification, as required under certain Avalara Programs. A Certification Logo will be licensed for Partner’s use upon completion of the required training.
Connector” means a software and communications interface that connects Customer’s business or financial software with an Avalara Service.
Console” means the administrative console through which a Customer accesses its Avalara account.
Customer” means a customer (other than Partner) that either purchases new Services from Avalara as a result of Partner’s qualifying activities under Avalara for Accountants or Avalara for Consulting Partners, or purchases an Avalara Service in conjunction with Partner’s Connector.
Documentation” means a Party’s user guides, training manuals, and other similar information, as updated or revised by that Party from time to time.
End User” means a customer who purchases an Avalara Service in conjunction with Partner’s Connector.
Integration or Integrate” means development of an interface that enables the Avalara Property and the Solution to work together through the Connector.
Intellectual Property” means all trade secrets, patents and patent applications, Marks, copyrights, moral rights, rights in Inventions, and all other intellectual property and proprietary rights (whether registered or unregistered, any application for the foregoing, and all rights to enforce the foregoing), and all other equivalent rights that may exist anywhere in the world.
Invention” means any work of authorship, invention, know-how, device, design, algorithm, method, process, improvement, concept, idea, expression, discovery, or invention, whether or not copyrightable or patentable and whether or not reduced to practice.
Leads” or “Customer Information means complete and up-to-date contact details of third parties that express an interest, or may have an interest, in purchasing the Services.
Logo” means the Marks Avalara provides to Partner in accordance with Section 3(b)(iii) (Marketing Activities; Avalara Marks).
Mark” means any trade names, trademarks, service marks, marks and logos owned by a Party (whether registered or unregistered and including any goodwill acquired in such trademarks).
Order Documentmeans a sales order, statement of work, or other document used to purchase Avalara Products(s) from Avalara.
Our Site” means or any other URL owned by Avalara.
Partner” or Business Partner” or Solution Partner” means the Party who enters into a partnership agreement with Avalara or participates in an Avalara Partner Program.
Partner Portal” means the website Avalara manages containing information for Partners about Avalara’s Services. Avalara provides Partners with access to the Partner Portal upon execution of the applicable Partner Agreement or upon approval as participant in an Avalara Partner Program. Partner’s use of the Partner Portal is governed by the Avalara Partner Portal Terms and Conditions located at (the “Partner Portal Terms”).
Partner Technology” or “Work Product” means the technology and Intellectual Property that the Partner uses to provide its Connector and the Solution, if applicable, including computer software programs, Partner’s Documentation, schematics, websites, networks, and equipment, as applicable.
Program” means any program Avalara offers to third parties to partner with Avalara, including programs for developing Connectors and referring potential customers to Avalara in return for commissions.
Referred Client” means a new customer (other than Partner), that purchases Avalara’s Services as a result of Partner’s qualifying activities under Avalara for Accountants or Avalara for Consulting Partners, or their predecessor or successor Programs.
Service” means the software and/or service offered to Customers by Avalara.
Solution” means any business or financial software provided by a Partner or third party, such as Enterprise Resource Planning (ERP), Customer Relationship Manager (CRM), or ecommerce platform, including all updates, modifications, and amendments.
Transaction” means (i) with respect to CertCapture, the collecting (by email, facsimile and/or mail) and the processing (uploading, validating and/or linking) of a document image file for a single jurisdiction on behalf of a Customer, and (ii) with respect to AvaTax, an electronic request submitted by a Customer to the AvaTax system to calculate tax, post a document, or validate an address.
  1. Service Account. Subject to the Not for Resale Account Terms located at (“NFR Account Terms”, “Terms and Conditions” or “AvaTax Terms”) and incorporated into this Agreement by reference, if applicable, Avalara will provide a Service account to Partner (the “Not for Resale Account”, the “NFR Account,” or the “Free Avalara AvaTax License”).
  2. Proprietary Rights.
    1. Partner’s Intellectual Property.
      1. Partner Technology. Partner retains all right, title, and interest in all Intellectual Property rights in the Partner Technology, Partner Confidential Information, and all enhancements or improvements to, or derivative works of, the foregoing. Nothing in the Agreement transfers or conveys to Avalara any ownership interest in the Partner Technology, Partner Confidential Information, or any Intellectual Property in the foregoing. Partner hereby grants to Avalara a non-transferable (except as permitted under the Agreement), non-exclusive, and sub-licensable license to: (A) demonstrate the Connector to Customers and users of the applicable Solution; (B) sell the right to use the Avalara Property in conjunction with the Connector, including use after the termination of the Agreement; (C) test the functionality of the Connector to ensure that the Connector is functional and compatible with Avalara Technology and Services; (D) provide support to Customers; and (E) use the Connector and the Partner Technology to satisfy Avalara’s other obligations under the Agreement.
      2. Restrictions. Avalara shall not A) reverse assemble, reverse engineer, decompile, or otherwise attempt to derive source code from any of the Partner Technology; (B) reproduce, modify, create, or prepare derivative works of any of the Partner Technology or Partner Documentation; (C) distribute or display any of the Partner Technology or Partner Documentation; (D) share, sell, rent, lease, or otherwise distribute access to the Partner Technology or use the Partner Technology to operate any timesharing, service bureau, or similar business; or (E) alter, destroy, or otherwise remove any proprietary notices within the Partner Technology or Partner Documentation.
      3. Partner Marks. Subject to the terms of the Agreement, Partner grants to Avalara a limited, non-exclusive, non-transferable, revocable license to display Partner’s Marks solely to market and promote the relationship contemplated by this Agreement and in accordance with any use guidelines provided by Partner. Notwithstanding the foregoing, Partner retains all right, title, and interest in the Partner Marks, and nothing in the Agreement confers any right of ownership in the Partner Marks.
    2. Avalara’s Intellectual Property.
      1. Avalara Technology. Avalara retains and owns all right, title, and interest in all Intellectual Property rights in the Avalara Technology, Avalara’s Documentation, Avalara’s Confidential Information, the Services, and all enhancements or improvements to, or derivative works of, the foregoing. Any work product created by the Avalara Professional Services (including any Inventions used or developed by Avalara or its subcontractors in connection with the Avalara Professional Services) will be Avalara’s Intellectual Property only to the extent that the work product does not incorporate (A) any Partner Intellectual Property or Partner Technology or (B) any works-made-for-hire that Avalara creates for Partner’s exclusive use. Nothing in the Agreement transfers to Partner any ownership interest in the Avalara Intellectual Property.
      2. Restrictions. Partner shall use the Services only as set forth in the Agreement and the Documentation. Partner shall not (A) reverse assemble, reverse engineer, decompile, or otherwise attempt to derive source code from any of the Avalara Technology; (B) reproduce, modify, create, or prepare derivative works of any of the Avalara Technology or Documentation; (C) except as permitted by this Agreement, distribute or display any of the Avalara Technology or Documentation; (D) share, sell, rent, lease, or otherwise distribute access to the Services, or use the Services to operate any timesharing, service bureau, or similar business; (E) alter, destroy, or otherwise remove any proprietary notices within the Avalara Technology or Documentation; or (F) disclose the results of any Service or program benchmark tests to any third parties without Avalara’s prior written consent.
      3. Marketing Activities; Avalara Marks. In conducting any marketing activities under a Program, Partner shall use only those marketing materials Avalara provides (either directly or through or approves in writing (“Avalara Assets”). Partner shall use the Avalara Assets and Avalara Marks in compliance with all guidelines Avalara provides. Partner shall not modify the Avalara Assets or Avalara Marks without Avalara’s prior written approval. Avalara grants Partner a limited, non-exclusive, non-transferable, non-assignable, revocable right to display the Avalara Assets and Avalara Marks solely to fulfill its obligations under the Agreement. Notwithstanding the forgoing, Avalara retains all right, title, and interest in the Avalara Assets and Avalara Marks, and nothing in the Agreement confers any right of ownership in the Avalara Assets or Avalara Marks on Partner, and all use of them inures to Avalara’s benefit.
    3. Suggestions and Feedback. If either Party provides the other Party with any suggested improvements to a Program, NFR Account, Avalara Assets, the Partner Portal, Intellectual Property, the Services, Partner’s Solution or any other products or services of such Party, then that Party also grants the other Party a nonexclusive, perpetual, irrevocable, royalty free, worldwide license, with rights to transfer, sublicense, sell, use, reproduce, display, and make derivative works of such suggested improvements. Notwithstanding the foregoing, nothing in this Section 3(c) (Suggestions and Feedback) grants a Party a license to use any Inventions covered by a registered patent owned by the other Party.
  3. Modification. Except as may otherwise be provided in the Agreement and except for the rights set forth in Section 3(a) (Partner’s Intellectual Property), Avalara may modify these General Partner Terms. If Avalara modifies these General Partner Terms, it will provide prior written notice (Modification Notice) to Partner of those modifications at least 30 days prior to the effectiveness of the modifications. If the modifications materially and adversely affect Partner, and Partner does not wish to accept such modifications, then Partner may withdraw from the applicable Program and terminate the applicable Partner Agreement by written notice to Avalara, subject to any wind down obligations in the Agreement.
  4. Term and Termination.
    1. Agreement Term. The term of the Agreement (the Term) begins on the effective date of the first Partner Agreement and ends on the date of termination or expiration of the final Partner Agreement.
    2. Termination for Breach or Cause. Either Party may terminate the Agreement by notice to the other (i) if the other Party materially breaches its obligations under the Agreement and, if the breach is capable of cure, fails to cure the breach within 30 days of the date of notice of breach; or (ii) upon the other Party ceasing to operate in the ordinary course, making an assignment for benefit of creditors, or becoming the subject of any bankruptcy, liquidation, dissolution, or similar proceeding that is not resolved within 60 days of filing.
    3. Effects of Termination. Upon termination, subject to a Party’s wind down obligations, (i) all rights and licenses granted under the Agreement will immediately terminate; (ii), Avalara shall cease all use of the Partner Marks and Partner Technology and Partner shall cease all use of the Avalara Marks and Avalara Assets, except that each Party may continue to use the other Party’s Marks in any items produced before termination; (iii) each Party will remain liable for all fees owed to the other Party; (iv) upon request, each Party will immediately return or, if instructed, destroy the other Party’s Confidential Information in its possession or control other than in automatic computer backups. A Party is not required to destroy or return any Confidential Information that must be retained for regulatory, legal, or audit purposes or for compliance with its document retention policies and has no obligation to destroy electronic copies made as part of its routine archival or backup procedures. All provisions that by their nature should survive termination will do so (including, for example, payment obligations, indemnification and defense obligations, and duties of confidentiality).
  5. Confidential Information.
    1. Confidential Information.Confidential Information means any information disclosed by a Party to the other Party, either directly or indirectly, in writing, orally, or by inspection that (i) is designated as "Confidential," "Proprietary," or some similar designation or (ii) by the nature of the information or the circumstances surrounding disclosure, would be reasonably understood as proprietary or confidential.
    2. Exclusions. Confidential Information does not include information (i) that is or becomes generally available to the public other than through the action of the receiving Party; (ii) lawfully in the possession of the receiving Party at the time of disclosure without restriction on use or disclosure; (iii) lawfully obtained by the receiving Party from a third party without restriction on use or disclosure or breach of such third party’s obligations of confidentiality; or (iv) independently developed by the receiving Party without use of or reference to the disclosing Party’s Confidential Information.
    3. Disclosures Required by Law. If any applicable law, regulation, or judicial or administrative order requires the receiving Party to disclose any of the disclosing Party’s Confidential Information (a Disclosure Order) then, unless otherwise prohibited by the Disclosure Order, the receiving Party will promptly notify the disclosing Party in writing prior to making any such disclosure, in order to facilitate the disclosing Party’s efforts to protect its Confidential Information. Following such notification, the receiving Party will cooperate with the disclosing Party, at the disclosing Party’s reasonable expense, in seeking and obtaining protection for the disclosing Party’s Confidential Information. If, in the absence of a protective order or other remedy or the receipt of a waiver by the disclosing Party, the receiving Party is legally compelled to disclose Confidential Information by any tribunal, regulatory authority, agency, or similar entity, the receiving Party may disclose, without liability hereunder, that portion of the Confidential Information which is legally required to be disclosed and the receiving Party will exercise its best efforts to preserve the confidentiality of the remaining Confidential Information.
    4. Restrictions on Use and Disclosure. Subject to the permitted disclosures set forth in Section 6(c) (Disclosures Required by Law), the receiving Party shall hold Confidential Information in strict confidence and shall not directly or indirectly disclose Confidential Information to third parties. The receiving Party may disclose Confidential Information to an employee, advisor, or consultant (Representatives) who needs such access in order to fulfill a Party’s obligations under these Terms on the condition that the receiving Party: (i) ensures that such Representatives are bound by a written agreement that is as substantially protective as the Agreement; and (ii) accepts full responsibility for its Representatives’ use of the Confidential Information. The receiving Party shall protect Confidential Information from unauthorized access and disclosure using the same degree of care, but in no event less than a reasonable standard of care, that it uses to protect its own Confidential Information and refrain from reverse engineering, decompiling, or disassembling any Confidential Information.
    5. Notice. Each Party will notify the other Party without undue delay in accordance with Applicable Laws of unauthorized access, use, or disclosure of Confidential Information. Each Party shall provide the other Party with information regarding the incident as required by Applicable Laws or as reasonably requested by the other Party to comply with its obligations under Applicable Laws. Each Party shall use commercially reasonable efforts to (i) identify the cause of the incident and (ii) remediate the cause of the incident within its systems, to the extent such remediation is within Avalara’s reasonable control.
  6. Data Privacy.
    1. Customer Data. Any data provided to Avalara by a Customer is solely governed by the agreement between that Customer and Avalara.
    2. Representatives. If Partner provides Avalara with any Personal Information relating to an individual employee, agent, or representative of Partner’s, Avalara’s use of that information shall be governed by the Avalara Privacy Policy located at “Personal Information” means any information exchanged by the Parties under these General Partner Terms that relates to an identified or identifiable natural person or that reasonably could be used to identify that person, or other data or information defined as personal information under applicable laws.
    3. Data Protection Laws. In submitting, transmitting, or sharing any Personal Information, each Party agrees that it has: (i) complied with all applicable Data Protection Laws in its collection, processing and transfer of the Personal Information; (ii) obtained all rights necessary to transfer the Personal Information; and (iii) obtained legally valid consent in accordance with Data Protection Laws with respect to the Personal Information, including specific consent for the intended use of such Personal Information. If any individual exercises their right to withdraw their consent with the disclosing Party, the disclosing Party will immediately inform the other Party of such withdrawal. Personal Information is subject to the same disclosure restrictions and conditions as Confidential Information under these General Partner Terms. Each Party acknowledges that it will only process Personal Information necessary for their participation in the Program. “Data Protection Laws” means all applicable laws relating to the collection, protection, security, transfer, storage, use, sharing, disclosure, and more generally any processing of Personal Information in all applicable jurisdictions, including (i) U.S. federal and state legislation, such as the California Consumer Privacy Act of 2018, as amended, including by the California Privacy Rights Act (“CCPA”); (ii) the General Data Protection Regulation of April 27, 2016 (Regulation (EU) 2016/679) (“GDPR”), and any implementing or equivalent national Laws, and (iii) the EU e-Privacy Directive.
    4. No Information Selling or Sharing for Cross‐Context Behavioral Advertising; Compliance with the CCPA. Partner and Avalara do not accept or disclose any Personal Information as consideration for any payments, services, or other items of value. Avalara and Partner do not sell or share any Personal Information, as the terms “sell” and “share” are defined in the CCPA. Avalara and Partner only process Personal Information for the business purposes specified in the General Partner Terms or the Partner Agreement. Avalara and Partner do not retain, use, or disclose Personal Information (i) for cross‐context behavioral advertising, or (ii) outside their direct business relationship. Avalara and Partner do not combine Personal Information with other data.
    5. EU Standard Contractual Clauses. For Personal Information that is subject to the GDPR, Avalara and Partner comply with the EU Standard Contractual Clauses for international transfers in Commission Implementing Decision (EU) 2021/914 of 4 June 2021 (“EU SCCs”) for the transfer of Personal Information outside the European Economic Area (EEA), Modules 1 as noted below, in Exhibit A. Under the EU SCCs, Partner will act as data exporter. Partner may be based within or outside the EEA. Avalara is based outside the EEA, acts as data importer, and agrees to the EU SCCs. For limited business contact information concerning individual representatives, Avalara and Partner agree to the EU SCCs Module 1.
    6. United Kingdom. With respect to transfers of Personal Information from the United Kingdom of Great Britain and Northern Ireland to countries not deemed to have adequate data protection regimes under all laws relating to data protection, the processing of Personal Information, privacy, or electronic communications in force from time to time in the United Kingdom of Great Britain and Northern Ireland, Avalara agrees to the EU SCCs as set out in this Section 7 and the International Data Transfer Addendum to the EU SCCs in Exhibit B. Any conflicts between the EU SCCs and the International Data Transfer Addendum to the EU SCCs shall be resolved as provided in the International Data Transfer Addendum to the EU SCCs.
  7. Warranties.
    1. Mutual Warranties. Each Party represents and warrants to the other Party that (i) it has the authority to enter into the Agreement and perform its obligations hereunder; (ii) the Agreement does not conflict with any other agreement entered into by it; (iii) it does not conduct business for any unlawful purpose; and (iv) it is not on the United States Department of Treasury, Office of Foreign Asset Control’s list of Specially Designated National and Blocked Persons; Her Majesty’s Treasury, Asset Freezing Unit’s Consolidated List of Financial Sanctions Targets; the European Union’s consolidated list of persons, groups, and entities subject to EU financial sanctions; or any similar list of embargoed or blocked persons applicable to persons or entities in the jurisdiction of such Party’s domicile or performance of the Agreement.
    2. Partner Warranties. Partner represents and warrants that: (i) the information Partner provides in connection with any Program, including Leads, and registration information of Customers and their billing information is current, accurate, and complete; (ii) to the extent Partner provides any Personal Information of data subjects protected by the GDPR or UK GDPR, Partner has the affirmative prior consent of the data subjects to provide such Personal Information to Avalara; (iii) Partner will not engage in any unfair or deceptive marketing practices whether by statement, act, omission, or implication and will immediately cease all such marketing upon a written request from Avalara; and (iv) the subjects of any Leads that Partner provides are not on the United States Department of Treasury, Office of Foreign Asset Control’s list of Specially Designated National and Blocked Persons.
    3. Disclaimer of Implied Warranties. Except as expressly provided in the Agreement, the Programs, the Partner Portal, the Services, and the Avalara Technology are provided on an “as is” and “as available” basis, and neither Party makes any warranties of any kind, whether express, implied, statutory, or otherwise, and each party specifically disclaims all implied warranties to the maximum extent permitted by applicable law.
  8. Indemnification.
    1. Indemnification by Avalara. Avalara shall indemnify and defend Partner against any Losses arising from a third-party claim that (i) Partner’s use of the Avalara Technology in accordance with the Agreement infringes a copyright, registered trademark, issued patent, or other Intellectual Property right of such third party (an Infringement); (ii) results from Avalara’s breach of the Agreement; or (iii) results from Avalara’s violation of applicable laws. Loss means any liability, loss, claim, settlement payment (including any settlement the Indemnitee agrees to pay as long as it is in a written settlement approved by Indemnitor in writing), cost and expense, interest, award, judgment, damages (including punitive damages), fines, fees, penalties, or other charges, filing fees and court costs, witness fees, costs of investigating and defending third party claims, and reasonable attorneys’ and other professionals’ fees, and any other fees.
    2. Indemnification by Partner. Partner will indemnify and defend Avalara against any Losses arising from a third-party claim that (i) Avalara’s use of the Partner Technology in accordance with the Agreement causes an Infringement; (ii) results from Partner’s breach of the Agreement; or (iii) results from Partner’s violation of applicable law.
    3. Mutual Indemnification. Each Party shall indemnify and defend the other Party against any Losses resulting from a third-party claim (including any Customer claim) arising under such third party’s purchase or use of the Indemnitor’s products or services, except those claims covered by Sections 9(a)(i) or 9(b)(ii) (e.g., as to Avalara, the Services and Avalara Technology; and, as to Partner, the Solution, Connector, and Partner Technology), including, for example, any claims based on warranty or product liability.
    4. Process. The obligations of a Party (“Indemnitor”) to defend or indemnify the other (“Indemnitee”) under this Section 9 (Indemnification) are subject to the following: (i) the Indemnitee must promptly inform the Indemnitor in writing of any claim within the scope of the Indemnitor’s defense or indemnity obligations set forth in the Agreement, provided that Indemnitor shall not be excused from its indemnity obligations for failure to provide prompt notice except to the extent that the Indemnitor is prejudiced by any such failure to provide prompt notice; (ii) the Indemnitor shall be given exclusive control of the defense of such claim and all negotiations relating to the settlement thereof (except that the Indemnitor may not make any admissions on the Indemnitee’s behalf or settle any such claim unless the settlement unconditionally releases the Indemnitee of all liability, and the Indemnitee may participate in the defense of the claim at its sole cost and expense); and (iii) the Indemnitee must reasonably assist the Indemnitor in all necessary respects in connection with the defense of the claim at the Indemnitor’s expense.
    5. If the Avalara Technology or the Partner Technology (each individually, the “Technology”) is subject to a claim of Infringement and as a result, the Indemnitee’s use of the Indemnitor’s Technology is enjoined, then the Indemnitor, shall, at no cost to the Indemnitee, procure for the Indemnitee the right to continue using the Indemnitor’s Technology or replace that Technology with non-infringing or modified Technology of materially equivalent functionality. If none of the above options are available on terms that are commercially reasonable, then the Indemnitor may terminate the Indemnitee’s right to access and use the Technology, subject to Section 5(c) (Effects of Termination).
    6. Neither Party has any obligation with respect to any actual or claimed Infringement to the extent that the Infringement is caused by (i) the Indemnitee’s Technology, (ii) use or modification of the Indemnitor’s Technology other than as specified in the Documentation or the Agreement, (iii) combination of the Indemnitor’s Technology with any products, software, services, data, or other materials not provided by the Indemnitor or approved by the Indemnitor in writing if the Infringement would not have occurred but for such combination, or (iv) any act or omission by the Indemnitee or any employee, agent, or Affiliate of the Indemnitor in violation of the Agreement, another agreement between the Parties, or applicable law.
    7. Exclusive Remedy. This Section 9 (Indemnification) states the Indemnitor’s sole liability and the Indemnitee’s exclusive remedy with respect to claims. This Section 9 (Indemnification) does not cover any claims based on an incorrect tax calculation result or other error in accuracy or timeliness of any tax calculation, tax return, or compliance document. Such claims are governed by the applicable terms and expressly excluded from this Agreement.
  9. Exclusion of Certain Claims; Limitation of Liability.
    1. Exclusion of Certain Claims. Neither Party will be liable to the other Party or any other party for any consequential, indirect, special, punitive, incidental, exemplary, or lost profits damages of any kind, whether foreseeable or unforeseeable, including damages for loss of data, goodwill, investments, use of money or use of facilities, interruption in use or availability of data, stoppage of other work, or impairment of other assets, even if advised of the possibility of such damages, arising out of (i) the performance or nonperformance of the Agreement or of products, software, Services, or Avalara Professional Services provided under the Agreement, or (ii) any claim, cause of action, breach of contract, indemnity, or any express or implied warranty, misrepresentation, negligence, strict liability, or other tort. The previous sentence will not apply to instances of gross negligence or willful misconduct, a Party’s breach of its confidentiality obligations set forth in Section 6 (Confidential Information), or a Party’s indemnification obligations set forth in Section 9 (Indemnification).
    2. Limitation of Liability. A Party’s aggregate liability will not exceed the fees paid or payable by Avalara to Partner under the Agreement in the 12-month period immediately preceding the event giving rise to the claim. The previous sentence does not apply to instances of gross negligence or willful misconduct, to a Party’s indemnification obligations set forth in Section 9 (Indemnification), to a Party’s obligations to pay fees and expenses when due and payable, or to any infringement or misappropriation by a Party of any Intellectual Property of the other Party.
    3. Limitation of Claims. Except with respect to claims of infringement or misappropriation of any Intellectual Property, misuse of Confidential Information, or a Party’s failure to pay amounts due, neither Party may bring any claim relating to the Agreement more than two years after the events giving rise to the claim occurred.
    4. General. Some jurisdictions do not allow the exclusion of certain warranties or the limitation or exclusion of liability for incidental or consequential damages. Accordingly, some or all of the above exclusions or limitations may not apply and the Parties may have additional rights.
  10. Miscellaneous.
    1. Payment Information. If Partner is to receive payments pursuant to a Partner Agreement, Partner shall promptly provide Avalara with any documentation reasonably required by Avalara, including, for example, a W-9.
    2. Relationship of the Parties; Transparency. The Agreement does not create a partnership, joint venture, agency, or fiduciary relationship between the Parties. Partner’s and Avalara’s other business partners are independent of Avalara and are not Avalara’s agents. Either Party may disclose any terms of Avalara’s Partner Programs that are publicly available, including information about commissions, and the existence of this Agreement. Each Party shall conduct its business in compliance with applicable laws.
    3. No Third-Party Beneficiaries. This Agreement does not and is not intended to confer any rights or remedies on third parties, including Customers.
    4. Governing Law; Jurisdiction and Venue. The Agreement will be governed by laws of the State of New York, without regard to any laws, treaties, or conflicts of laws principles that would apply the law of any other jurisdiction. For any claims or causes of action arising out of the Agreement, the Parties agree to the exclusive jurisdiction of, and venue in, the state and federal courts located in the following locations: (i) if Partner is the plaintiff, in King County, Washington, and (ii) if Avalara is the plaintiff, in the applicable jurisdiction of Partner’s corporate headquarters, or if Partner’s corporate headquarters are not in the United States, Partner’s primary place of business in the United States.
    5. Equitable Relief. Each Party acknowledges that damages may be an inadequate remedy if the other Party violates its obligations under the Agreement, and each Party shall have the right, in addition to any other rights it may have, to seek injunctive relief without any obligation to post any bond or similar security.
    6. Force Majeure. Neither Party will be responsible for failure or delay of performance caused by circumstances beyond its reasonable control, including earthquake, storm, or other act of God; labor disputes; electrical, telecommunications, or other utility failures; embargoes; riots; acts of government; or acts of terrorism or war (collectively, “Force Majeure Condition”). A Party seeking relief from performance under this Section 11(f) (Force Majeure) must (i) provide notice of such circumstances to the other Party as soon as practicable, (ii) use all commercially reasonable efforts to avoid or mitigate such circumstances, and (iii) resume performance as soon as practicable upon the cessation of the circumstances. If the failure or delay continues for more than 30 days, the other Party may, in its discretion, terminate this Agreement. That termination will not result in any liability by either Party.
    7. Notices. Avalara will communicate announcements of general interest by email or by posting on its website or in the Partner Portal. Avalara will provide Partner with legal notices by email, mail, or courier to the address provided by Partner. Partner shall immediately notify Avalara if Partner’s address for notice changes. Except as otherwise specified in the Agreement, all notices must be in writing, with account notices sent to and legal notices sent to
    8. Successors and Assigns. Either Party may assign the Agreement without the other Party’s consent to an entity that acquires all or substantially all of its assets or that is an Affiliate of the assigning Party, provided that (i) the assigning Party must provide notice to the other Party of the assignment, (ii) the assignee must agree in writing to be bound by the Agreement, and (iii) the non-assigning Party may prohibit assignment to a competitor. Except as provided above, neither Party may assign its rights or obligations under the Agreement without the other Party’s prior written consent, such consent not to be unreasonably withheld or delayed, and any attempt to so assign the Agreement will be null and void. The Agreement will bind and inure to the benefit of each Party’s permitted successors and assigns.
    9. Severability. If any provision of the Agreement is determined to be invalid or unenforceable by any court, then to the fullest extent permitted by law, that provision will be deemed modified to the extent necessary to make it enforceable and consistent with the original intent of the Parties and all other provisions of the Agreement will remain in full force and effect.
    10. Waiver. No waiver of any provision of the Agreement, nor consent by a Party to the breach of or departure from any provision of the Agreement, will in any event be binding on or effective against such Party unless it is in writing and signed by such Party, and then the waiver will be effective only in the specific instance and for the purpose for which given.
    11. Entire Agreement. These General Partner Terms, together with the Partner Agreement, and all other terms incorporated by reference, constitutes the entire agreement and understanding between the Parties. Except as provided in Section 4 (Modification), the Agreement may not be modified or amended except by a written instrument executed by both Parties. Partner’s standard terms of purchase (including purchase order terms), if any, are inapplicable.
The EU SCCs, module 1, available at Standard Contractual Clauses (SCC) | European Commission ( or on a successor website designated by the EU commission, are incorporated herein by reference.
Where the EU SCCs require that the Parties to make an election, the Parties make the elections reflected below. Any optional clauses in the EU SCCs not expressly selected below are omitted.
  1. In Clause 11 (a) of the EU SCCs, the optional language shall be deleted; and
  2. For purposes of Clause 17 and Clause 18 of the EU SCCs, the Member State for purposes of governing law, forum and jurisdiction are Luxembourg.
Annex I
For purposes of Annex 1.A (List of Parties) of the EU SCCs: (i) Avalara processes personal data as specified under the Partner Program and Avalara is the ‘data importer’; and (ii) Partner is the ‘data exporter’. Avalara can be contacted through the Avalara Global Privacy Office at Partner provides personal as specified under the Partner Program and can be contacted through the contact information provided by Partner.
For the details of the processing of personal data required for Annex 1.B of the EU SCCs, see below:
MODULE ONE: Transfer controller to controller
Categories of data subjects whose personal data is transferred
Potential and actual customers and employees of the data exporter; sales and marketing leads of the data exporter; and third parties that have, or may have, a commercial relationship with the data exporter (e.g. advertisers, customers, corporate subscribers, contractors and product users).
Categories of personal data transferred
Business contact information and other information relating to how data exporter partners with data importer.
Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures
Sensitive data is not transferred on a controller-to-controller basis.
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis)
Continuous as initiated by Partner in each case for the period during which Partner is enrolled in the Partner Program.
Nature of the processing
Data importer uses data as a controller to do business with data exporter, sell services, issue invoices, provide technical support, perform services, address customer questions, improve services and develop new services and offerings.
Purpose(s) of the data transfer and further processing
Communications and business collaboration between data exporter and data importer.
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period
For the term of the contract and so long as data importer markets additional services to data exporter.
For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing
Same as above.
For purposes of Clause 13 and Annex 1.C of the EU SCCs, where no competent supervisory authority is identified through the rules of such Clause 13, the competent supervisory authority is the authority in Luxembourg.

Annex II
For the purposes of Annex 2 of the EU SCCs, the technical and organizational measures implemented by Avalara are as described below.
Avalara maintains the following technical and organization measures:
  1. Avalara maintains a written security program under which Avalara periodically evaluates risks to Customer Data and maintains commercially reasonable technical, and physical safeguards to protect Customer Data against accidental or unauthorized access, disclosure, loss, destruction, or alteration. Avalara regularly evaluates the scope and coverage of the Security Program.
  2. Avalara teams classify and handle data using technical controls described below to ensure its integrity, availability, and confidentiality.
  3. Avalara maintains a central inventory of assets where the asset custodian is responsible for classifying and maintaining the asset and ensuring the use of the asset complies with the security program.
  4. Avalara maintains standards for user authentication, access provisioning, de-provisioning, performing periodic access reviews and restricting administrative access to ensure access is granted based on the principle of least privilege.
  5. Avalara maintains standards for segregation of network services and devices to ensure unrelated portions of the network are isolated from each other.
  6. Avalara maintains network zones and applies ingress and egress standards for the protection of data.
  7. Avalara systems encrypt data at rest and in transit between the Avalara networks and its customers to ensure integrity, security, and confidentiality of customer data.
  8. Avalara maintains processes to securely generate, store and manage encryption keys that prevent loss, theft, or compromise.
  9. Avalara maintains physical access controls to restrict entry to Avalara facilities. Physical controls may include badge readers, security personnel, staff supervision, video cameras, and other tools.
  10. Avalara maintains processes for retaining and securely deleting data no longer than necessary to provide its services.
  11. Direct database access is restricted using the corporate VPN. This can only be accessed via Avalara issued computing equipment.
  12. Avalara has disabled the ability to write data to USB mass storage devices on all Avalara issued computing equipment.
  13. Avalara maintains a Software Management Standard that defines software and services which are approved, acceptable, or prohibited to be used by Avalara personnel.
  14. Avalara monitors its applications and systems for vulnerabilities on a periodic basis. Identified vulnerabilities are remediated by taking actions to close them in a timely manner.
  15. Avalara maintains an incident response program to detect, analyze, prioritize, and handle cyber security events and incidents to prevent, detect, and deter the unauthorized access, loss, compromise, disclosure, modification, or destruction of Avalara’s electronic data assets and information, including personal information.
  16. Avalara performs root cause analyses for incidents based on the nature of the incident, to identify, document, and eliminate the cause of an incident and to prevent the issue from recurring. Changes to the Avalara Incident Response Plan and standard operating procedures is also part of this review.
  17. Security and audit logs are fed to the SIEM daily and retained for a period of one year. These logs cannot be modified by anyone.
  18. Daily recoverable backups of critical data are configured to be performed and replicated to a secondary location.
  19. Avalara maintains a Security Infraction Management Policy that describes how Avalara treats security incidents that result from deviations from Avalara’s security policies, standards, and procedures.
  20. Avalara maintains standards for making changes to applications, including customer-facing applications, by ensuring they are tested and approved by appropriate individuals before they are moved to production. Access to make production changes is restricted to authorized individuals.
  21. Avalara has established logical separation between production and lower environments.
  22. Avalara ensures test data is selected and handled in accordance with the technical controls specified in this document.
  23. All Avalara personnel must undergo the mandatory security awareness training at least annually.
  24. The Avalara Service Terms and Conditions along with the Vendor Security terms document are in place to communicate security commitments with vendors.
  25. The Avalara Security team periodically performs assessments of different systems by conducting phishing simulations, vulnerability scans, and penetration tests.
  26. The Avalara Compliance team periodically performs assessments of key systems. Remediation plans are defined as appropriate for the areas of non-compliance establishing clear ownership and accountability.
  27. The Avalara Risk Management Team periodically conducts risk assessments to identify risks arising from internal and external sources throughout the year to evaluate the organization's control environment. Risk treatment plans are defined, as appropriate, for identified risks including establishing clear ownership and accountability. Risks are monitored to acceptable mitigation according to the Avalara Security Risk Assessment Standard and Process.
  28. Avalara maintains standards for Vendor Risk Management to define requirements for vendor selection, risk assessments with roles and responsibilities, contract lifecycle, exception handling and terminations.
Exhibit B
The International Data Transfer Addendum to the EU SCCs (“UK addendum”), available at International data transfer agreement and guidance | ICO or on a successor website designated by the UK ICO, are incorporated herein by reference.
The parties are as reflected in the signature block to the Partner Program.
The parties select the version of the approved EU SCCs referenced above including the appendix information which is as described in Exhibit A.
The appendix information in table 3 of the UK addendum is as set out in the annexes to the EU SCCs in Exhibit A.
Either party may end the UK addendum as set out in section 19 of the same.

List of Subprocessors