Intelligent Assessments That Lead With Value
Monthly Subscription
What's Included
Subscription Agreement & Data Processing Agreement
This Subscription Agreement ("Agreement") is entered into as of the subscription date (the "Effective Date") by and between:
Growth Compass LLC ("Provider"), an Oklahoma limited liability company with its principal place of business at 704 Rustwood Trail, Norman, OK 73069, and
The Subscribing Client ("Client"), as identified during the subscription process.
Provider and Client are sometimes referred to herein individually as a "Party" and collectively as the "Parties."
1. Services
1.1 Subscription. Provider will make available to Client the Growth Compass Service (the "Service"), consisting of:
a. One (1) single page, branded online assessment hosted at [client].getgrowthcompass.com (the "Landing Page"). Provider will implement Client-supplied branding updates (logo, colors, copy) that are delivered in industry-standard digital formats within five (5) Business Days of receipt. Initial assessment implementation timelines, where applicable, are governed by separate implementation agreements. Any additional design iterations beyond standard branding updates will be billed at Provider's then-current hourly rate, unless otherwise agreed in writing;
b. Unlimited assessment completions during the Subscription Term;
c. Access to Provider's administrative dashboard (the "Dashboard") during the Subscription Term, subject to the Dashboard Terms of Service presented upon first login. The Dashboard displays assessment submissions, scores, and respondent details for Client's instance only. Client acknowledges the Dashboard is under active development, may change materially, and certain features may be provided on a beta basis. Provider may suspend or limit beta features without liability if required to maintain system security or performance;
d. Email‑based technical support during Business Hours (9 a.m.–5 p.m. CT, Monday–Friday, excluding U.S. federal holidays).
1.2 Service Levels. Provider will use commercially reasonable efforts to maintain 99.5% monthly uptime, excluding scheduled maintenance (not to exceed four hours per month) and force‑majeure events.
1.3 Multi-Tenant Platform. Client acknowledges that the Service operates on a multi-tenant platform serving multiple clients. Provider maintains logical data isolation between client instances such that Client's data is not accessible to other clients. Provider, as the platform operator, retains operational access to assessment data across all client instances for the purposes of platform operations, technical support, system monitoring, security, aggregate analytics, and product improvement, as further described in the Data Processing Agreement attached as Exhibit A.
2. Fees and Payment
2.1 Subscription Fee. In consideration of the Service, Client shall pay Provider US $100.00 per month (the "Subscription Fee"). This fee covers Dashboard access, assessment hosting, platform maintenance, and email support as described in Section 1.
2.2 Payment Method. Client will provide a valid credit card through Provider's Stripe™ checkout portal within five (5) days of the Effective Date. The first Subscription Fee will be charged on the Effective Date; subsequent charges will recur automatically every thirty (30) days.
2.3 Taxes. Fees are exclusive of all sales, use, VAT, or similar taxes. Client is responsible for any such taxes except those based on Provider's net income.
3. Term and Termination
3.1 Initial Term. The Agreement commences on the Effective Date and continues for twelve (12) full calendar months (the "Initial Term").
3.2 Renewal. After the Initial Term, the Agreement will automatically renew on a month‑to‑month basis (each a "Renewal Term") unless either Party gives written notice of non‑renewal at least thirty (30) days prior to the next billing date.
3.3 Termination for Cause. Either Party may terminate this Agreement upon written notice if the other Party materially breaches the Agreement and fails to cure within fifteen (15) days after receiving written notice of the breach.
3.4 Effect of Termination. Upon termination or expiration: (a) Client's access to the Service and Dashboard will cease; (b) all unpaid Fees through the termination date become immediately due; (c) Provider will delete or return Client Data in accordance with the Data Processing Agreement (Exhibit A); and (d) Sections 5, 6, 7, 8, 9, and 10 survive termination.
4. Client Responsibilities
4.1 Content Accuracy. Client is solely responsible for the accuracy of any assessment questions, answer keys, branding assets, or other content it supplies.
4.2 Client Cooperation & Alignment. (a) Client shall (i) provide complete and accurate assessment questions, answer keys, branding assets and any target-audience parameters reasonably requested by Provider, and (ii) review and approve draft assessment logic or reports within five (5) Business Days of receipt. (b) Client understands that the effectiveness of the assessment depends on the information and direction it supplies, and Provider will have no liability for results that are sub-optimal due to Client's failure to cooperate or to keep the assessment content current.
4.3 End‑User Data. Client shall ensure that appropriate privacy disclosures are provided to assessment respondents, including notice that their data will be processed by Growth Compass LLC as a service provider on Client's behalf. Provider will assist by including a standard privacy footer on assessment landing pages as described in Exhibit A.
4.4 Acceptable Use. Client will not (a) reverse‑engineer or copy the Service, (b) use the Service to transmit unlawful material, (c) interfere with Service security or performance, or (d) attempt to access assessment data belonging to other clients of the platform.
5. Intellectual Property
5.1 Ownership. Provider retains all right, title, and interest in and to the Service, the Dashboard, scoring algorithms, recommendation engines, report templates, and all underlying technology. Client retains all right, title, and interest in its own trademarks, logos, and proprietary assessment content.
5.2 License to Provider. Client grants Provider a non‑exclusive license to host, copy, and display Client Content solely for the purpose of providing the Service.
5.3 Aggregate Data. Provider may use de-identified, aggregated assessment data for benchmarking, product improvement, and industry analytics, provided such data cannot reasonably be used to identify Client or any individual respondent.
6. Confidentiality
Each Party agrees to protect the other's Confidential Information with at least the same degree of care it uses to protect its own similar information, but in no event less than reasonable care, and to use such information only for purposes of performing under this Agreement.
7. Data Security, Privacy & Processing
7.1 Security Safeguards. Provider will implement and maintain commercially reasonable administrative, physical, and technical safeguards designed to protect Client Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Current infrastructure includes AWS serverless architecture with encryption at rest and in transit.
7.2 Data Processing Agreement. The Data Processing Agreement attached as Exhibit A is incorporated by reference and governs the processing of personal data by Provider on Client's behalf. In the event of conflict between this Agreement and Exhibit A regarding data processing, Exhibit A controls.
7.3 Platform Access Transparency. Client acknowledges that Provider, as the operator of a multi-tenant platform, maintains administrative access to all assessment data for the purposes specified in Section 1.3 and Exhibit A. All super-admin access is logged with timestamps, user identity, and action performed. Audit logs are retained for a minimum of twelve (12) months and are available to Client upon reasonable written request.
7.4 Tenant Isolation. Provider maintains logical data isolation between client instances. Client's Dashboard access is restricted to assessment data from Client's own instance. Provider will not disclose Client's individual assessment data to other clients of the platform.
8. Disclaimers; Limitation of Liability
8.1 Disclaimer. EXCEPT AS EXPRESSLY PROVIDED, THE SERVICE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. PROVIDER DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
8.2 Limitation. TO THE MAXIMUM EXTENT PERMITTED BY LAW, PROVIDER'S TOTAL LIABILITY UNDER THIS AGREEMENT WILL NOT EXCEED THE FEES PAID BY CLIENT IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM.
8.3 Exclusion of Consequential Damages. NEITHER PARTY SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS OR REVENUE, EVEN IF ADVISED OF THE POSSIBILITY.
9. Indemnification
Client will indemnify and hold Provider harmless from any third‑party claim arising out of Client's content or breach of Section 4.
10. General
10.1 Governing Law. This Agreement is governed by the laws of the State of Oklahoma, without regard to its conflict‑of‑law rules.
10.2 Assignment. Neither Party may assign this Agreement without the other Party's prior written consent, except to a successor in connection with a merger or sale of substantially all assets.
10.3 Entire Agreement. This Agreement, together with Exhibit A (Data Processing Agreement) and the Dashboard Terms of Service, constitutes the entire understanding between the Parties and supersedes all prior proposals and communications.
10.4 Amendment. Any amendment must be in writing and signed by both Parties.
10.5 Notices. Notices must be in writing and delivered by email with confirmation of receipt, certified mail, or courier to the addresses set forth above.
10.6 Order of Precedence. In the event of conflict among the documents forming this Agreement, the order of precedence shall be: (1) the Data Processing Agreement (Exhibit A), (2) this Subscription Agreement, (3) the Dashboard Terms of Service.
Exhibit A — Data Processing Agreement
This Data Processing Agreement ("DPA") is an exhibit to and forms part of the Software-as-a-Service Subscription Agreement (the "Agreement") between Growth Compass LLC ("Provider" / "Processor") and the subscribing Client ("Client" / "Controller"). This DPA governs Provider's processing of personal data on Client's behalf in connection with the Service.
1. Definitions
"Assessment Data" means all data submitted by or collected from respondents through Client's assessment instance, including responses, scores, contact information, and metadata (timestamps, IP addresses, browser data).
"Personal Data" means any Assessment Data that identifies or could reasonably be used to identify a natural person.
"Processing" means any operation performed on Personal Data, including collection, storage, retrieval, use, analysis, transmission, and deletion.
"Sub-processor" means any third party engaged by Provider to process Personal Data on Provider's behalf.
2. Roles and Responsibilities
2.1 Controller. Client is the data controller with respect to Personal Data collected through Client's assessment instance. Client determines the purposes and means of processing by configuring assessment questions, lead capture fields, and distribution of the assessment to respondents.
2.2 Processor. Provider is the data processor. Provider processes Personal Data solely on Client's behalf and in accordance with Client's documented instructions as reflected in this DPA and the Agreement.
3. Data Processed
The following describes the Personal Data processed under this DPA:
| Category | Details |
|---|---|
| Data Subjects | Individuals who complete Client's online assessment ("Respondents") |
| Contact Data | Name, email address, company name, phone number, job title (as configured by Client in lead capture fields) |
| Assessment Responses | Answers to assessment questions, dimension scores, overall readiness index, completion status |
| Technical Metadata | Submission timestamp, IP address, browser user agent, session identifiers, UTM parameters |
| Generated Data | Scores, findings, priority areas, and roadmap recommendations generated by Provider's scoring algorithms |
4. Purpose of Processing
Provider processes Personal Data for the following purposes only:
a. Service Delivery: Collecting assessment responses, computing scores, generating reports, and displaying results on the Dashboard for Client's authorized users.
b. Platform Operations: System monitoring, performance optimization, error detection, security monitoring, and infrastructure maintenance across the multi-tenant platform.
c. Technical Support: Accessing Client's assessment data when necessary to diagnose and resolve issues reported by Client or detected through monitoring.
d. Product Improvement: Using de-identified, aggregated data to improve scoring algorithms, benchmarks, and platform features. Individual-level data is never shared with other clients.
e. Audit Logging: Recording all administrative access to assessment data for compliance and transparency purposes.
5. Provider Obligations
5.1 Lawful Processing. Provider will process Personal Data only for the purposes described in Section 4 and in accordance with Client's documented instructions. If Provider believes an instruction violates applicable data protection law, Provider will promptly notify Client.
5.2 Confidentiality. Provider will ensure that all personnel authorized to process Personal Data are bound by obligations of confidentiality.
5.3 Security Measures. Provider will implement and maintain appropriate technical and organizational security measures, including: encryption of data at rest and in transit (AWS-managed encryption); access controls with role-based permissions; secure serverless architecture (AWS Lambda, API Gateway, DynamoDB); regular security monitoring and patching; and audit logging of all administrative access.
5.4 Audit Logging. Provider will maintain audit logs of all super-admin access to Client's assessment data, recording: the identity of the individual accessing the data, the timestamp of access, the action performed, and the client instance accessed. Logs will be retained for a minimum of twelve (12) months.
5.5 Data Breach Notification. In the event of a confirmed breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data, Provider will: (a) notify Client without undue delay and in any event within seventy-two (72) hours of becoming aware; (b) provide details of the nature, scope, and likely consequences of the breach; (c) describe the measures taken or proposed to address the breach; and (d) cooperate with Client in any notification obligations Client may have.
6. Client Obligations
6.1 Lawful Basis. Client is responsible for ensuring it has a lawful basis for collecting and processing Personal Data from Respondents. Where Respondents voluntarily complete an assessment and submit their information, such voluntary submission constitutes consent for processing. Client is responsible for providing required privacy disclosures as described in Section 6.2.
6.2 Respondent Notice. Client will ensure that Respondents are informed of data processing practices prior to assessment submission. This obligation is satisfied by including a privacy notice or link to a privacy policy on the assessment landing page that discloses, at a minimum: (a) that assessment data will be processed by Growth Compass LLC as a service provider on Client's behalf; (b) that data will be stored in the United States on AWS infrastructure; and (c) how Respondents can contact Client to exercise their data rights. Provider will make reasonable efforts to include a standard privacy footer on assessment landing pages to assist Client in meeting this obligation.
7. Sub-processors
Client authorizes Provider to engage the following sub-processors:
| Sub-processor | Purpose | Location |
|---|---|---|
| Amazon Web Services | Cloud infrastructure (Lambda, DynamoDB, API Gateway, S3, CloudFront, SES) | United States |
| Stripe, Inc. | Payment processing for subscription billing | United States |
Provider will notify Client at least thirty (30) days before engaging any new sub-processor. Client may object to a new sub-processor within fifteen (15) days of notification. If Provider cannot reasonably accommodate the objection, either party may terminate the affected portion of the Service.
8. Data Subject Rights
Upon Client's request, Provider will provide reasonable assistance to enable Client to respond to requests from Respondents exercising their rights under applicable data protection laws, including rights of access, rectification, erasure, data portability, and restriction of processing. Provider will redirect any Respondent requests received directly to Client.
9. Data Retention and Deletion
9.1 During the Term. Provider will retain Client's Assessment Data for the duration of the Subscription Term. Client may request deletion of individual assessment records at any time through the Dashboard or by written request to Provider.
9.2 Upon Termination. Within thirty (30) days following termination or expiration of the Agreement, Provider will: (a) make Client's Assessment Data available for export in CSV format upon request; and (b) delete all Client Personal Data from active systems. Backup copies will be purged within ninety (90) days of termination, except where retention is required by law.
9.3 Aggregate Data. De-identified, aggregated data that cannot reasonably be used to identify Client or any individual Respondent may be retained indefinitely for benchmarking and product improvement purposes.
10. Audit Rights
Upon reasonable written request (no more than once per twelve-month period), Provider will make available to Client information necessary to demonstrate compliance with this DPA. This may take the form of: (a) a written summary of Provider's security practices and controls; (b) relevant portions of super-admin audit logs pertaining to Client's instance; or (c) responses to a reasonable security questionnaire.
11. Term
This DPA shall remain in effect for the duration of the Agreement and for as long as Provider retains any Personal Data processed on Client's behalf.
12. Governing Law
This DPA is governed by the laws of the State of Oklahoma, consistent with the Agreement.
By accepting the Subscription Agreement, Client also accepts this Data Processing Agreement as Exhibit A thereto.