Terms of Use

Terms of Use
GDPR
Privacy Policy

Effective: September 30, 2025

Dryrun Subscription Agreement

Plain-Language Summary

We know contracts can be long and technical. Here’s the quick version of what you’re agreeing to when you subscribe to Dryrun. For full legal details, see the Dryrun Subscription Agreement below.

✅ What You Get
  • Access to Dryrun’s cash flow forecasting & scenario modeling software.
  • Secure connection to your accounting/ERP systems.
  • Training, onboarding, and support via chat, email, phone, and video.
  • Regular product updates and improvements.
📅 Term & Renewal
  • Subscriptions run for 1 year unless otherwise stated.
  • They auto-renew each year unless cancelled with 30 days’ notice before renewal.
💰 Fees & Payment
  • Subscription fees are billed monthly or annually (per your order form).
  • One-time setup or implementation fees may apply.
  • All fees are non-refundable, except if you cancel within 30 days of activation.
🔒 Data & Security
  • You own your data — always.
  • Dryrun protects your data with industry-standard security (encryption, access controls, monitoring) under our Written Information Security Program (WISP).
  • For EU/UK clients, our agreement includes GDPR-compliant processing terms and safeguards for cross-border transfers.
⚖️ Liability & Fair Use
  • We’ll do our best to keep Dryrun up and running (99.5% uptime target).
  • We’re not responsible for issues caused by your systems, third-party apps, or force majeure events.
  • Your total liability to us, and our total liability to you, is capped at the fees paid in the prior 12 months.
📞 Support
  • Standard support via chat, email, phone, or video call.
  • Post-launch check-ins to review performance and fine-tune setup.
📌 The Legal Version

The summary above is provided for clarity only. The legally binding terms are set out in the full Dryrun Subscription Agreement below.

Dryrun Subscription Agreement

Last updated: [Insert Date]

This Subscription Agreement (“Agreement”) is between LEVR Media Inc. d/b/a Dryrun (“Dryrun”, “we”, “us”, “our”) and the customer identified in an order form or online sign-up (“Subscriber”, “you”, “your”). By signing an Order Form, clicking “I agree,” or using the Services, you accept this Agreement.

If you don’t agree, do not use the Services.

1) Key definitions
  • Services: Dryrun’s hosted cash-flow forecasting and scenario-modeling software, APIs, and support.
  • Order Form: The document (online or signed) that lists the Services, term, and fees.
  • Documentation: Our user guides and help materials.
  • Subscriber Data: Data you or your users input to, or generate in, the Services.
  • Activation Date: When we enable your paid account.
  • System Availability Period: 24×7, excluding planned maintenance and allowed downtime described here.
  • System Maintenance Period: Planned maintenance windows we announce in advance.
  • Privacy Policy / DPA: Incorporated in Schedule B (Data Processing Addendum) of this Agreement.
2) Your subscription & license
  • We grant you a limited, non-exclusive, non-transferable right to use the Services for your internal business during the Term, subject to payment and this Agreement.
  • You won’t: sell/rent/sublicense the Services; reverse engineer; use to build a competitor; remove notices; or use unlawfully.
  • You’re responsible for your users, keeping credentials secure, and following the Documentation.
  • Trials/developer access are provided as-is and may be changed or turned off at any time.
3) Term, renewals, cancellation
  • The Initial Term is stated on your Order Form. Subscriptions auto-renew for successive 1-year periods unless either party gives 30 days’ written non-renewal notice before the current term ends.
  • You may cancel anytime, but fees are non-refundable, except (a) for cause under §12 or (b) the 30-day initial activation refund: cancel in writing within 30 days after the Activation Date and we’ll refund fees paid for the then-current Initial Term.
4) Fees, taxes, billing
  • Pay fees as per your Order Form (monthly on your Activation Date anniversary or annually in advance unless stated otherwise).
  • Fees exclude taxes. You’re responsible for applicable taxes (except our income taxes). If we pay on your behalf, you’ll reimburse us on proof.
  • Late payments may accrue 2%/month (24%/year) or the legal maximum, plus reasonable collection costs.
  • Billing disputes: notify us within 15 days of invoice; pay the undisputed portion; we’ll work promptly to resolve the rest.
  • Price changes apply to renewals with 60 days’ notice; if you don’t agree, do not renew.
  • Non-payment: after notice, if an undisputed invoice is 30 days overdue, we may suspend Services and/or change payment terms; we’ll reinstate after payment.
5) Service levels (SLA)
  • Target Monthly Uptime: 99.5% (see Schedule A for measurement, exclusions, response targets, and credits).
  • Support channels: chat, email, scheduled video, and phone during posted hours.
6) Data protection (ownership, GDPR, PIPA, transfers)

Ownership & roles

  • You own Subscriber Data.
  • For Subscriber Data, Dryrun acts as Processor; you are Controller.
  • For Dryrun’s own business data (e.g., account, billing, telemetry, marketing), Dryrun acts as an independent Controller.

Processing & privacy laws

  • We process personal data only to provide the Services and as instructed by you, and comply with applicable privacy laws including GDPR and Alberta PIPA (details in Schedule B).

Breach notice

  • If we become aware of a Personal Data Breach affecting your personal data within our control, we will notify you without undue delay and, in any event, not later than 72 hours after becoming aware, sharing available details and remediation steps.

Data residency & transfers

  • Default hosting region: Canada (unless otherwise agreed on the Order Form).
  • We may use vetted sub-processors. Cross-border transfers are protected by: EU SCCs (2021), UK Addendum, and Swiss FADP mapping (all in Schedule B). We will assist with Transfer Impact Assessments, challenge unlawful access requests, and disclose only what is legally required.

Data subject requests & deletion

  • We will reasonably assist you with data-subject rights requests.
  • Upon termination or your request, we will delete or return Subscriber Data; backups are purged on normal cycles (timelines in Schedule B).

Aggregated/de-identified data

  • We may use de-identified or aggregated data for analytics and service improvement—never to identify you or your users.
7) Security

We maintain reasonable administrative, physical, and technical safeguards (access controls, least-privilege, encryption in transit and at rest, vulnerability management, logging/monitoring, backups/restores). You configure roles/permissions, protect credentials, and secure your networks/devices. See Schedule B, Annex II.

8) Acceptable use

Don’t introduce malware; overload/attack; attempt unauthorized access; send spam; or use the Services in ways that are unlawful, infringing, or privacy-violating. Tell us promptly if you suspect misuse or a security issue.

9) Intellectual property & feedback

We and our licensors own the Services and Documentation. You may not use our names/logos without permission. If you provide feedback, you grant us a perpetual, worldwide, royalty-free license to use it.

10) Updates & third-party tools

We may update the Services/Documentation for improvements, security, and new features. We can’t guarantee third-party tools or integrations will always be available.

11) Warranties & disclaimers
  • Service warranty: During the Term, the Services will materially conform to the Documentation. If not, we’ll correct, re-perform, or if we can’t within a reasonable time, pro-rate refund the non-conforming portion and end that part.
  • Otherwise the Services, Documentation, support, and any trials/betas are provided “as is”; we disclaim other warranties (merchantability, fitness, non-infringement, etc.).
12) Suspension & termination
  • For cause: Either party may terminate for a material breach not cured within 30 days of notice (10 days for payment).
  • Effect: Your access stops; amounts due are payable; data handling follows §6 and Schedule B.
  • Suspension: We may suspend immediately for security risks, suspected unlawful/prohibited use, non-payment after notice, or to comply with law; we’ll limit scope/duration and restore when fixed.
13) Confidentiality

Each party will protect the other’s Confidential Information, use it only to deliver/use the Services, disclose only to those who need to know under confidentiality, and return or securely destroy it on request or at end of Term (subject to legal/backup retention). Lawful compelled disclosures allowed with notice if permitted.

14) Indemnities
  • You indemnify us for claims/losses arising from: (a) your or your users’ illegal use/breach; (b) Subscriber Data (including IP/privacy claims); (c) missing consents.
  • We indemnify you if a third party claims the Services (as provided by us and used per the docs) directly infringe a U.S./Canadian patent, trademark, or copyright. We may procure rights, modify, or terminate/refund the impacted part. Exclusions: your modifications, combinations, misuse, or your specs. This is your exclusive IP remedy.
15) Limitation of liability
  • No party is liable for indirect/special damages (lost profits, revenue, goodwill, or data), even if foreseeable.
  • Each party’s total liability is capped at the fees you paid/owe for the 12 months before the event.
  • These limits don’t apply to your payment or indemnity obligations.
16) Force majeure

No liability for delays/failures caused by events beyond reasonable control (e.g., natural disasters, war, labor actions, government action, major utility/Internet outages). We’ll mitigate and resume promptly.

17) Disputes
  • Step 1 (10 business days): executive-level discussion.
  • Step 2 (within 30 days): non-binding mediation in Edmonton, Alberta (ADR Institute of Canada rules).
  • Step 3: courts per §18. Either party may seek urgent injunctive relief anytime.
18) Governing law & venue

This Agreement is governed by the laws of Alberta and applicable federal laws of Canada. Courts in Edmonton, Alberta have exclusive jurisdiction. The U.N. CISG does not apply.

19) Export compliance

You will comply with applicable export/re-export/import laws. You represent you’re not on a restricted-party list.

20) Changes & notices
  • We may update this Agreement. Material changes take effect 30 days after notice via email/in-app/website (or sooner if required by law/security). If you don’t agree, you may terminate before the effective date and receive a pro-rated refund of prepaid, unused fees. Continued use after effective date = acceptance.
  • Notices to us: the address in §24 and legal@dryrun.com. Notices to you: your account/billing email or via the Services.
21) Assignment

Either party may assign to an affiliate or in a merger/acquisition/sale of substantially all assets if the assignee agrees in writing to be bound. Otherwise, written consent is required. Non-permitted assignments are void.

22) Other legal terms
  • Waiver: Not enforcing a right once doesn’t waive it later.
  • Severability: Unenforceable terms are modified to the minimum extent needed; the rest stays in effect.
  • Entire agreement: This Agreement (including Schedules) and the Order Form are the entire agreement and supersede prior discussions.
23) Publicity

With your prior written consent (not unreasonably withheld), we may use your name/logo to identify you as a customer.

24) Contact

LEVR Media Inc. (Dryrun)

#202, 14032–23 Ave NW, Edmonton, AB, Canada T6R 3L6

+1-855-4DRYRUN | info@dryrun.com | legal@dryrun.com

Schedule A — Service Level Agreement (SLA)

1. Monthly Uptime Commitment: 99.5% per calendar month.

2. Measurement:

Monthly Uptime = 100% − (Downtime Minutes ÷ Total Minutes) × 100, measured at the account edge.

3. Exclusions:

(a) announced System Maintenance Periods (we aim for 48 hours’ notice and off-peak scheduling); (b) issues caused by your or third-party networks/ISPs/devices/configs; (c) force majeure; (d) beta/trial features; (e) urgent security maintenance.

4. Support first-response targets (business hours):

  • P1 – Critical outage (service down/critical function inoperable): 1 business hour
  • P2 – Major degradation (material loss, no reasonable workaround): 4 business hours
  • P3 – Standard (limited impact/questions): 1 business day

5. Service credits (sole SLA remedy; request within 30 days after month-end):

  • 99.0–99.49%: credit 5% of that month’s subscription fees
  • 98.0–98.99%: 10%
  • <98.0%: 20%
  • Credits apply to future invoices; not cash-refundable; capped at that month’s fees.

6. Changes:

We may update this SLA for clarity/new services; material reductions apply at renewal unless you agree earlier.

Schedule B — Data Processing Addendum (DPA) – GDPR/UK/Swiss

This DPA forms part of the Agreement between Controller (Subscriber) and Processor (Dryrun). Capitalized terms follow GDPR unless defined here.

1. Scope & roles
  • Controller determines purposes/means; Processor processes only on documented instructions to provide the Services and as required by law.
  • Processor’s processing of Controller Personal Data will comply with GDPR, UK GDPR, and Swiss FADP as applicable.
2. Details of processing (Annex I)
  • Subject matter: Provision of Dryrun Services.
  • Duration: Term of the Agreement + deletion period in §9.
  • Nature & purpose: Hosting, storage, compute, support, backups, security monitoring.
  • Categories of data: Business contact data; account/authentication data; usage logs/metadata; financial contact details contained in Subscriber Data; any other data types uploaded by Controller.
  • Data subjects: Controller’s employees, contractors, clients, and other individuals whose data Controller inputs.
  • Special categories: Not intended; if included by Controller, Controller ensures lawful basis and safeguards; Processor applies the same security measures.
  • Instructions: Agreement, this DPA, Controller configurations, and written instructions.
3. Processor obligations

Processor will:

a) process Personal Data only per Controller’s instructions;

b) ensure personnel are bound by confidentiality;

c) implement appropriate technical and organizational measures (Annex II);

d) assist with data subject rights, DPIAs, and consultations (Art. 35–36) to the extent reasonably possible;

e) Breach notice: notify Controller without undue delay and, in any event, not later than 72 hours after becoming aware of a Personal Data Breach, with available details and remediation steps;

f) at Controller’s choice, delete or return Personal Data after termination and delete remaining copies within 90 days unless law requires storage;

g) make available information to demonstrate compliance and allow reasonable audits per §8.

4. Sub-processing
  • General authorization. Controller authorizes Processor to use sub-processors to deliver the Services.
  • Processor imposes data-protection terms no less protective than this DPA and remains responsible for sub-processor performance.
  • Change notices & objection: Processor will give at least 30 days’ prior notice of additions/replacements of material sub-processors. Controller may object on reasonable data-protection grounds within 10 business days; parties will discuss in good faith. If unresolved, Controller may suspend or terminate the affected Service and receive a pro-rated refund of prepaid, unused fees.
  • A current list of material sub-processors is available on request.
5. International transfers
  • For transfers to countries without an adequacy decision, the parties incorporate by reference the EU Standard Contractual Clauses (EU SCCs, 2021/914) as follows:
    • Module 2 (Controller→Processor) and, where relevant, Module 3 (Processor→Sub-processor).
    • SCC Annex I/II/III are satisfied by Annex I/II/III of this DPA.
    • Clause 9(a): general authorization; notice and objection timelines per §4.
    • Clause 17: law governing SCCs — Ireland.
    • Clause 18: forum — Courts of Ireland.
  • UK Addendum (ICO) is incorporated by reference for UK transfers; the Swiss FADP mapping applies for Swiss transfers (references to GDPR include FADP; competent authority FDPIC; forum per Swiss law where required).
  • Schrems II support: Processor will (i) assist with Transfer Impact Assessments; (ii) notify Controller of binding government access requests unless legally prohibited; (iii) challenge unlawful/overbroad requests; and (iv) disclose only the minimum necessary after exhausting remedies.
6. Security
  • Processor maintains the measures in Annex II and will not materially decrease security during the Term.
7. Personal Data Breach
  • See §3(e). Processor will cooperate in remediation, notifications, and investigations.
8. Audits
  • On reasonable prior notice, Processor will (a) provide available third-party assurance reports or summaries of controls (e.g., SOC/independent assessments), and (b) allow a reasonable, scoped audit by Controller or its independent auditor once per 12 months (or following a confirmed breach), during normal business hours, without disrupting operations, subject to confidentiality and reimbursement of Processor’s reasonable time/materials.
9. Return & deletion
  • Upon termination or at Controller’s written direction, Processor will return or delete Personal Data. Backups are deleted on their normal cycles. Processor may retain minimal data if required by law, subject to continued confidentiality.
10. Order of precedence
  • If there is a conflict between this DPA and the Agreement, this DPA controls for Personal Data processing. If there is a conflict with the EU SCCs/UK Addendum, those instruments control.

Annex I — Processing details (SCCs Annex I mapping)

  • Controller: Subscriber (legal name and address per Order Form).
  • Processor: LEVR Media Inc. (Dryrun), #202, 14032–23 Ave NW, Edmonton, AB, T6R 3L6; legal@dryrun.com.
  • Activities: Hosting, storage, compute, support, monitoring, backups, disaster recovery.
  • Frequency: Continuous for the Term.
  • Retention: Per §9 of this DPA.
  • Supervisory authority: Determined by Controller’s EU establishment (GDPR Art. 56).

Annex II — Technical & Organizational Measures (TOMs)

  • Governance: Security/privacy policies; privacy program; confidentiality commitments; personnel training.
  • Access control: Unique IDs; RBAC/least-privilege; MFA for admin; timely provisioning/de-provisioning.
  • Encryption: TLS in transit and encryption at rest.
  • Logging/monitoring: Centralized logs; alerting; anomaly detection; time-sync.
  • Segregation & SDLC: Tenant isolation; secure coding; code review; change management.
  • Vulnerability management: Regular scanning; risk-based patching; independent testing.
  • Availability/continuity: Redundancy where applicable; regular backups; tested restore procedures.
  • Incident response: Documented plan (triage, containment, eradication, recovery, post-mortems).
  • Supplier management: Sub-processor vetting; contractual controls; ongoing monitoring.
  • Data handling: Minimization; retention schedules; secure deletion; export tools.
  • Physical security: Certified data centers with access controls, surveillance, and environmental safeguards.

Annex III — Sub-processors

  • A current list of material sub-processors (e.g., hosting, email delivery, monitoring/telemetry, analytics, support tooling) is available on request; changes follow §4 (notice/objection).

End of Schedule B