Skip to content

Last Revised: 2025-09-19

These Business Tools Terms of Service (the “Terms”) are entered into by and between Groundhog Inc. (“Groundhog”) and any business user that installs, enables, or uses the Service via any e-commerce platform’s app store (each, a “Merchant”). By clicking “Install” (or a similar option) on the installation page, or by signing in, configuring, or continuing to use the Service after installation, you are deemed to have read, understood, and agreed to be bound by these Terms. Please read carefully.

Ch. 1. Acceptance & Scope

1.1 Parties and Covered Users. These Terms of Service (the “Terms”) are a binding agreement between Groundhog Inc. (including its affiliates and designated persons, “Groundhog”) and any business user that installs or uses the plug‑in provided by Groundhog via an e‑commerce platform’s app store (the “Service”) (each, a “Merchant”). Any individual who installs, configures, or uses the Service on a Merchant’s behalf has actual authority to bind the Merchant, and such actions will bind the Merchant..

1.2 Acceptance of the Terms. By clicking “Install” (or a similar option) in the app store installation interface, or after installation by signing in, accessing, configuring, or otherwise using the Service, the Merchant is deemed to have read, understood, and agreed to be bound by these Terms, and agrees to authorize Groundhog to process relevant data to the extent necessary under these Terms. If the Merchant does not agree to all or part of the Terms, the Merchant must immediately cease installation or use and remove the Service.

1.3 Entire Agreement. These Terms, together with Groundhog’s Privacy Policy, Data Processing Agreement (DPA), and any other applicable terms published by Groundhog, constitute the parties’ entire agreement regarding the Service. In the event of any conflict, and to the extent not contrary to mandatory law, the provision that is stricter or affords greater protection to data subjects will prevail.

1.4 Description of the Service. The Service provides configuration, tracking, measurement, performance analytics, and reporting functions related to interactions by visitors of the Merchant’s website (each, a “Visitor”), including for subsequent ad delivery purposes.

1.5 Territorial Scope. These Terms apply worldwide. However, the Merchant must comply with all applicable laws, regulations, and platform rules in the jurisdictions where the Merchant is located or whose users are targeted when using the Service.

1.6 Language and Interpretation. These Terms are drafted in Chinese. Versions in other languages are provided for reference only; in case of inconsistency, the Chinese version will control.

1.7 Incorporation by Reference. Groundhog may publish or update terms or documents relating to the Service on its website from time to time. Once published or updated, such documents form part of these Terms, and the Merchant agrees to be bound by them. Changes to the Terms and the method of notice are governed by Chapter 10 of these Terms.

Ch. 2. License & Use

2.1 Nature of License. Subject to these Terms, Groundhog grants the Merchant a worldwide, non‑exclusive, non‑transferable, non‑sublicensable, revocable right to use the Service during the term of these Terms, solely on the Merchant’s own websites and solely for the Merchant’s internal business purposes.

2.2 Scope of Use. The Merchant may use the Service only in the manner specified in these Terms or in technical documentation published by Groundhog.

2.3 Account and Credential Management. The Merchant must safeguard its admin console credentials, passwords, API keys, and any other credentials. Any action taken through the Merchant’s accounts or credentials is deemed the Merchant’s action, for which the Merchant is responsible. If the Merchant becomes aware of any unauthorized use or a security incident, the Merchant must immediately disable the affected credentials and notify Groundhog in accordance with Chapter 8.

2.4 Use Restrictions. Except to the extent required by applicable law or expressly permitted by Groundhog in writing, the Merchant must comply with the Acceptable Use restrictions in Chapter 7 and must not: (i) resell or lease the Service; (ii) reverse engineer, decompile, or attempt to obtain the source code of the Service or any component; (iii) remove, obscure, or modify any proprietary notices, identifiers, or tracking mechanisms; (iv) use the Service to build a competing product or service; (v) operate the Service beyond the documentation or reasonable usage in a manner that undermines stability; or (vi) collect, process, or input data that is outside the Merchant’s lawful control.

2.5 Compliance with Platform Rules. When using the Service on any e‑commerce platform, the Merchant must comply with that platform’s rules. Interactions with third‑party tools or services are governed by Chapter 4.

2.6 Updates, Maintenance, and Feature Changes. Groundhog may, from time to time and in its sole discretion, update, modify, or remove some or all features of the Service to maintain security and performance. Changes to these Terms and related notices are governed by Chapter 10.

2.7 Reservation of Rights. Except for the rights expressly granted in these Terms, Groundhog and its licensors reserve all rights, title, and interest in and to the Service and any modifications, derivative works, interfaces, and documentation. Unless otherwise agreed in writing, these Terms do not constitute any transfer or assignment of rights.

2.8 Feedback. Any suggestions, ideas, or feedback the Merchant provides regarding the Service (collectively, “Feedback”) are deemed granted to Groundhog on a worldwide, irrevocable, royalty‑free basis, permitting Groundhog to use, copy, modify, and distribute such Feedback for any purpose without any obligation of attribution or notice to the Merchant.

Ch. 3. Roles and Responsibilities

3.1 General Principles. The Merchant determines the purposes and means of collecting personal data relating to its Visitors (including, without limitation, IP addresses, device identifiers, and Event Data) and acts as the controller of such data. Groundhog, in principle, performs processing activities to provide the Service only in accordance with the Merchant’s configurations and instructions.

3.2 Groundhog as Joint Controllers (Joint Control Situations):

(1) Joint processing scope: Where Event Data and related personal data collected via the Service’s pixels, tags, SDKs, APIs, or other technologies (the “Business Tools Data”) are processed such that Groundhog and the Merchant jointly determine the purposes and means of that processing, the parties agree they shall be joint controllers under Article 26 of the GDPR. The scope of such joint control includes: (i) the collection of such personal data through the Service; and (ii) the transfer of such data to Groundhog for the following purposes (collectively, “Joint Processing”): performance measurement and attribution, audience creation and targeting, ad delivery, and abuse prevention / security risk management insofar as these are necessary operations related to the foregoing purposes.

(2) Joint control arrangement: This clause constitutes the core arrangement required by Article 26 GDPR; the parties may supplement it by written documents, backend settings, API configurations or other means. The core obligations are as follows:

(a) Link to privacy policy: The Merchant shall, on every page, link from its privacy / cookie policy to Groundhog’s “Business Tools Privacy Policy” and provide Groundhog’s contact details (URL: [https://mi.ghtinc.com/language/en/groundhog-mi-contact-us]) so that Data Subjects may obtain detailed information and exercise their rights.

(b) Processing in accordance with Groundhog’s privacy policy: With respect to Business Tools Data processed by Groundhog within the joint control scope, Groundhog will process such personal data in accordance with its privacy policy (including stated purposes, legal bases, and how rights may be exercised); the Merchant shall disclose such processing to Data Subjects accordingly.

(c) Legitimate interests (GDPR Art. 6(1)(f)): Where legitimate interests constitute the lawful basis for processing, Groundhog shall be responsible for processing of the data under Groundhog’s control and shall fulfill the necessary transparency obligations; the Merchant shall bear equal responsibility for the data it controls.

(d) Security (GDPR Art. 32): For data and systems under Groundhog’s control, Groundhog shall implement and maintain appropriate technical and organizational measures; the Merchant shall be equally responsible for the data and systems under its control.

(e) Data breach notifications (GDPR Arts. 33, 34): Each party shall be responsible for supervisory authority and Data Subject notification obligations only with respect to the personal data it controls; the parties shall promptly notify one another and reasonably cooperate to address any incident that materially affects the Joint Processing activities, provided that such cooperation shall not expand one party’s liability for personal data that it does not control.

(3) Post-transfer independent controller processing: Where Business Tools Data is transferred to Groundhog, Groundhog may continue to process such data as an independent controller under Article 4(7) GDPR for purposes including, but not limited to, security and abuse prevention, legal compliance, and service improvement and statistics (with anonymization or aggregation as a principle); such processing shall be subject to Groundhog’s privacy statement.

(4) Independent controller position for other processing: For any processing of Business Tools Data that falls outside the Joint Processing scope described in (1), the Merchant and Groundhog shall each act as independent controllers under Article 4(7) GDPR and shall each bear legal responsibility for their respective processing activities; such independent processing shall not be subject to the Joint Processing arrangement.

(5) Allocation of roles: For the Joint Processing scope described in (1), the parties shall set out in writing (including these Terms, backend settings, API documentation, or other Groundhog-published materials) their respective compliance responsibilities. The principal allocation is as follows:

(a) Groundhog: Responsible for designing security and data-protection mechanisms for the Joint Processing activities, providing and maintaining cross-border transfer safeguards (e.g., SCCs), and managing retention, deletion, and Subprocessor governance for such activities.

(b) Merchant: Responsible for providing Data Subjects (Visitors) with sufficient and clear disclosures, obtaining valid consent where required by law, offering opt-out / preference controls, and acting as the primary point of contact for collection that originates on the Merchant’s site.

(c) Data Subject requests: Data Subjects may exercise rights in respect of the Joint Processing scope against either joint controller; the parties shall refer such requests to one another and cooperate to handle them within a reasonable time. Data Subjects may also exercise rights directly against Groundhog with respect to Groundhog’s post-transfer independent controller processing.

(6) Merchant’s disclosure obligations: The Merchant shall explicitly identify Groundhog as a joint controller in its per-page privacy / cookie policy, provide a link to Groundhog’s privacy statement and Groundhog’s contact details, and explain the key points of this clause in an easily understandable manner in accordance with Article 26(2) GDPR.

(7) Lawful basis: Where processing involves behavioral advertising or cross-site tracking, the Merchant warrants that it has obtained valid consent (as required by ePrivacy/GDPR) in the applicable jurisdiction(s) (e.g., the EEA) and that such consent can be withdrawn at any time; Groundhog’s post-transfer independent controller processing will rely on the lawful basis(es) and purposes disclosed in Groundhog’s privacy statement.

(8) Order of precedence: To the extent of the Joint Processing scope, this clause shall prevail over other provisions of this Chapter; processing activities not forming part of the Joint Processing scope shall remain governed by the provisions of this Chapter relating to Groundhog’s role as an independent controller or as a processor.

3.3 Groundhog as a Processor. Where the Merchant determines the purposes and means of processing Visitor data, Groundhog acts as a processor and processes such data only in accordance with the Merchant’s instructions (including, for example, admin console settings, API parameters, and written or email instructions) and with appropriate technical and organizational security measures required by applicable law. If Groundhog is required by applicable law to process in a manner different from the Merchant’s instructions, Groundhog will notify the Merchant in advance where legally permitted, or otherwise promptly after the fact to the extent permitted by law. If Groundhog reasonably believes an instruction may violate data protection laws, Groundhog will notify the Merchant within a reasonable period.

3.4 Contractual Framework. Unless otherwise agreed in writing, when Groundhog processes personal data as a processor, if Groundhog separately publishes a Data Processing Agreement (DPA), the Merchant agrees to be bound by it; if no separate DPA is published, this Chapter 3 serves as the processor terms. In case of any conflict between such documents and these Terms, and to the extent not contrary to mandatory law, the provision that is stricter or affords greater protection to data subjects will prevail.

3.5 Subprocessors. The Merchant consents that Groundhog may appoint Subprocessors to provide cloud, transmission, analytics, or support services. Groundhog will impose contractual obligations on Subprocessors that are no less protective of personal data than those set out in these Terms.

3.6 Cross‑Border Transfers and Access. The Merchant agrees that data may be stored and processed in any region where Groundhog or its Subprocessors are located, and warrants that it has obtained all necessary lawful bases for cross‑border transfers or remote access. Groundhog will implement appropriate transfer safeguards in accordance with applicable laws.

3.7 Restrictions and Prohibitions. The Merchant must not require Groundhog to process data unrelated to the Service or in violation of law, nor require processing of special categories of personal data as defined by law. Groundhog may refuse instructions that would violate law or exceed the reasonable scope of the Service. The Merchant must, as set out in Chapter 4, disclose in its cookie banner and/or privacy policy the use of third‑party analytics/advertising tools and obtain valid consent from Visitors. Any violation is the Merchant’s sole responsibility.

3.8 Assistance with Data Subject Requests. In accordance with Article 28(3)(e) of the GDPR, and to the extent feasible and reasonable, Groundhog will assist the Merchant in responding to requests by data subjects under applicable laws (including GDPR Chapter III), such as access, rectification, erasure, restriction, portability, and objection, and will provide processing information reasonably required by the Merchant. The Merchant remains solely responsible for communications with, decisions regarding, and responses to data subjects.

3.9 Security and Impact Assessment Assistance. Taking into account the nature of processing and the information available to Groundhog, and in accordance with Article 28(3)(f) of the GDPR, Groundhog will, within a reasonable scope, assist the Merchant in meeting its obligations under GDPR Articles 32–36 (including appropriate technical and organizational measures, breach notifications, prior consultations, and data protection impact assessments). This assistance does not constitute any warranty or commitment to indemnify.

3.10 Audit. To evidence compliance with this Chapter, and in accordance with Article 28(3)(h) of the GDPR, Groundhog will provide necessary and appropriate information and agrees to cooperate with audits conducted by the Merchant (or an independent auditor appointed by the Merchant) upon reasonable prior notice, at a reasonable frequency, and within a reasonable scope. Audits will primarily consist of document reviews, questionnaires, and remote verifications; on‑site audits may be conducted only where strictly necessary, and the parties will separately agree on the schedule, scope, confidentiality obligations, and cost allocation. Audits must not materially interfere with Groundhog’s operations, compromise its confidential information, or infringe the rights of Groundhog’s other customers.

Ch. 4. Merchant Obligations and Warranties

4.1 Consent and Authorization. The Merchant consents and authorizes Groundhog and its appointed Subprocessors to collect, receive, access, use, process, store, transmit, aggregate, pseudonymize, or anonymize the data types listed in Chapter 5, for the purposes described in the Service and these Terms, and to the extent necessary. The foregoing authorization does not affect the Merchant’s duty under applicable laws to provide disclosures to, and obtain valid consent from, Visitors.

4.2 Compliance Obligations. 

4.2.1 Obtaining valid consent: The Merchant shall ensure that it adequately discloses to Visitors the use of third-party analytics/advertising tools and implements mechanisms to obtain valid consent (for example: cookie banners and privacy/cookie policies).

4.2.2 Disclosure requirements: Such disclosures must comply with the following requirements:

(1) Clear and conspicuous per-page notice: The Merchant agrees and warrants that, on every webpage where the Merchant deploys the Service’s pixels, tags, SDKs, or other tracking technologies, it will provide a clear and conspicuous notice and, in that notice or a directly accessible link thereto, at a minimum include:
(a) that Groundhog and other third parties (e.g., advertising platforms, performance-measurement or audience-targeting providers) may use cookies, web beacons, or other storage and identification technologies to receive or collect data from the Merchant’s website or other online platforms and to use such data for performance measurement, audience creation/targeting, and ad delivery;
(b) how Users may opt-out of or limit the use of their data for behavioral advertising or audience-targeting purposes; and
(c) a functioning opt-out mechanism or link.

(2) Privacy / cookie policy disclosure: The Merchant shall also include the foregoing information in its privacy or cookie policy, and shall describe the third-party tools used (at minimum identifying Groundhog and the types or identification information of the principal advertising/analytics providers), the categories of data processed, the processing purposes, retention periods, how to opt-out / manage preferences, and where Data Subjects may exercise their rights.

4.2.3 Consent management mechanisms: The Merchant must deploy consent-management mechanisms that comply with applicable law to ensure that the activation of non-necessary cookies/identifiers and the upload of events occur only after valid consent has been obtained; the Merchant shall retain consent records (including timestamps, versioning, and preference settings) for Groundhog’s review.

4.2.4 Consequences of no consent or withdrawal: The Merchant acknowledges and agrees that if valid consent has not been obtained or is withdrawn by a Visitor, some features of the Service may not operate fully or may be degraded, and the Merchant shall bear all legal consequences arising from such lack of or withdrawal of consent.

4.3 Platform and Third‑Party Terms. The Merchant warrants compliance with the rules of each e‑commerce platform it uses (including developer/API/app rules) and with the policies and terms of third‑party tools or services that interact with the Service.

4.4 Representations of Lawful Basis. The Merchant represents and warrants that: (i) it has a lawful basis (e.g., valid consent or other lawful grounds under applicable laws) for collecting, processing, and providing to Groundhog the data (including, without limitation, IP addresses, device identifiers, and Event Data); (ii) it holds all rights, permissions, and authorizations necessary to use the Service; and (iii) unless otherwise agreed in writing between the parties and permitted by applicable law, it will not provide data that is unrelated to the Service, unlawful, or outside the Merchant’s lawful control, and it will not provide special categories of personal data or other specially protected information.

4.5 Cooperation. The Merchant must cooperate with Groundhog’s reasonable instructions regarding compliance, information security, abuse prevention, or third‑party claims, including by providing necessary configuration information, records, or evidence, and must fulfill its obligations to respond to data subject requests (access, rectification, erasure, restriction, objection).

4.6 Effects of Breach and Risk Allocation. Any breach of this Chapter constitutes a material breach. Groundhog may, under Chapters 7 and 10, without prior notice immediately restrict, suspend, or terminate the Service in whole or in part, and may seek damages and indemnification under Chapter 9. Any claims arising from the Merchant’s consent mechanisms, violations of platform or third‑party terms, or unlawful data provision are solely the Merchant’s responsibility, and the Merchant shall defend and indemnify Groundhog under Chapter 9.

4.7 Survival of Warranties. The representations and warranties in this Chapter survive any termination, expiration, invalidity, or similar cessation of these Terms.

5.1 Data Types. The Merchant acknowledges and agrees that, in providing the Service, Groundhog may collect and process data related to Visitors’ interaction events on the Merchant’s websites, including, without limitation: IP addresses, cookie IDs, device identifiers, advertising IDs, geolocation data, and browsing behavior.

5.2 Processing Methods and Purposes. Groundhog processes the foregoing data for the following purposes and in the following ways: (1) Pseudonymized data: processed only to the extent necessary to provide the Service, perform debugging, conduct performance analytics, prevent abuse/fraud, protect information security, and improve service quality; and (2) Anonymized/Aggregated data: where identifiability has been irreversibly removed or data has been aggregated, used for providing the Service, statistics, usage‑trend analysis, and product improvement (including training generative AI models). Unless required by applicable law or otherwise agreed in writing by the parties, Groundhog will not, by means reasonably available to it, re‑identify anonymized or de-identified data back to a specific natural person.

5.3 Consent. The Merchant must, in accordance with Chapter 4, obtain valid consent in advance and make the necessary disclosures in its cookie banner/policies, and provide opt‑out mechanisms. Where consent has not been obtained or has been withdrawn, some or all features of the Service may not function properly; the setup of such consent mechanisms and all resulting legal consequences are borne solely by the Merchant, and Groundhog makes no warranty or indemnity in this regard.

5.4 Technologies. The Service may use cookies, local storage, pixels, tags, SDKs, webhooks, and fingerprinting to achieve the purposes of the Service; Groundhog may adjust the foregoing technologies as necessary for security, performance, or compatibility.

5.5 Retention and Deletion. Groundhog will retain data for the period necessary to achieve the above purposes. Retention periods, deletion or anonymization mechanisms, and the handling of data‑subject requests are governed by Groundhog’s Privacy Policy and, where applicable, the Data Processing Agreement (DPA). The Merchant must receive and process data‑subject requests through the Merchant’s own mechanisms.

5.6 No Improper Processing Requests. The Merchant must not require Groundhog to process data that is unrelated to the Service, unlawful, or outside the Merchant’s lawful control; nor may the Merchant require processing of special categories of personal data or other specially protected information as defined by law. Groundhog may refuse such instructions or requests.

5.7 Cross‑Border and Third‑Party Interactions. Matters involving cross‑border data transfers or processing by Subprocessors are governed by Sections 3.5 and 3.6. Data processing arising from third‑party tools or services used by the Merchant remains subject to the Merchant’s compliance obligations and responsibilities under Chapter 4.

Ch. 6. Brand and Results Disclosure Authorization

6.1 Nature and Scope of Authorization. The Merchant grants Groundhog a worldwide, non‑exclusive, revocable, royalty‑free right to, for marketing, promotion, or case‑study purposes, use the Merchant’s name and logo across Groundhog’s official websites, product pages, presentations, proposal materials, case studies, media assets, and social posts, and to disclose a summary of the Merchant’s advertising results achieved through use of the Service. For the avoidance of doubt, Groundhog states that such result summaries will be de‑identified in a reasonable manner so that they do not involve personal data capable of identifying data subjects, nor reveal information from which the Merchant’s trade secrets could be inferred. This authorization does not constitute a transfer or assignment of ownership or any other intellectual property rights.

6.2 Manner of Use and Restrictions. When using the Merchant’s name and logo, Groundhog will reasonably comply with any brand guidelines provided by the Merchant (if any), and must not use them in any false or misleading manner, or in a way that could lead a reasonable person to believe there is any endorsement, guarantee, partnership, or agency relationship beyond the relationship arising from the Service. Except as expressly authorized in this Section, nothing in these Terms grants Groundhog any additional rights in the Merchant’s trademarks or other intellectual property.

6.3 Withdrawal and Takedown Mechanism. If the Merchant disagrees with or wishes to withdraw the foregoing authorization, the Merchant may do so at any time via the contact form on Groundhog’s official website:[https://mi.ghtinc.com/en-us/groundhog-mi-contact-us] Groundhog will, within a reasonable period, cease further use and, to the extent feasible, remove or update the relevant materials from digital channels; provided that materials already printed before the withdrawal notice, content already published, content posted by third parties, or other materials outside Groundhog’s control will not be retroactively affected, although Groundhog will take reasonable steps to avoid further use of such materials going forward.

6.4 No Endorsement; Disclaimer. Any promotional content displaying the Merchant’s name or logo does not constitute the Merchant’s endorsement, guarantee, or commitment regarding Groundhog or the Service; likewise, any reference by the Merchant to Groundhog does not constitute Groundhog’s endorsement of the Merchant’s products or services. As between the parties, any third‑party claims arising from such disclosures or uses will not be attributed to the Merchant; Groundhog remains responsible for its own willful misconduct or gross negligence.

6.5 Survival and Post‑Termination Effect. The authorization under this Chapter remains in effect during the term of these Terms. Upon withdrawal under Section 6.3 or upon termination of these Terms, Groundhog will cease further use within a reasonable period and follow the takedown mechanism above. Section 6.4 (No Endorsement; Disclaimer) will survive any termination of these Terms.

Ch. 7. Acceptable Use and Prohibited Conduct

7.1 General Duties. The Merchant must use the Service in a lawful and reasonable manner and with due care, in accordance with these Terms and Groundhog’s published documentation and policies, and must comply with the rules and policies of each e‑commerce platform the Merchant uses.

7.2 Prohibited Conduct. Except where expressly permitted by applicable law or with Groundhog’s prior written consent, the Merchant must not: (i) use the Service for any unlawful, fraudulent, infringing, or immoral purpose; (ii) circumvent, block, impair, or interfere with any security controls, access controls, rate limits, monitoring, or anti‑abuse mechanisms; (iii) collect, transmit, or process Event Data without obtaining Visitor consent or after a Visitor has withdrawn consent, or otherwise bypass consent mechanisms; (iv) fabricate, manipulate, or otherwise generate events or traffic by improper means; (v) conduct any unauthorized vulnerability scanning, penetration testing, or stress testing of the Service, APIs, webhooks, SDKs, or any other Groundhog systems; (vi) upload, distribute, or trigger any malicious software, virus, or other code that may damage systems; (vii) interfere with or degrade the availability, performance, or stability of the Service, including through high‑volume or abnormal requests; (viii) collect, process, or input data beyond the Merchant’s lawful control, or require processing of special categories of personal data or other specially protected information as defined by law; (ix) provide access to or the functionality of the Service for the benefit of third parties in a manner that effectively constitutes resale or leasing; (x) use any results or information from the Service to build a competing product or service; or (xi) engage in any other acts expressly prohibited by these Terms or by documentation or policies published by Groundhog.

7.3 Monitoring and Cooperation. To maintain the security and stability of the Service, Groundhog may, in a manner compliant with applicable laws and proportionate to the purpose, collect and analyze necessary system records or metrics to detect or prevent the above abuse patterns. The Merchant must, upon reasonable request and to the extent permitted by law and confidentiality obligations, provide necessary configuration information or cooperate with remediation plans.

7.4 Remedial Measures. If Groundhog reasonably determines that the Merchant poses a material risk or has violated this Chapter, Groundhog may, without prior notice, immediately restrict, suspend, or terminate the Service in whole or in part, and may take measures including, without limitation: disabling or rotating credentials, blocking sources, limiting API/webhook calls, or requiring remedial actions.

7.5 Service Restoration. After the Merchant completes the remedial actions required by Groundhog, provides written explanations and assurances, and implements reasonable preventative controls, Groundhog may, in its reasonable discretion, determine whether and when to restore the Service. Groundhog reserves the right to determine whether to provide a cure period and whether to restore the Service; the Merchant may not claim any damages or compensation on that basis.

Ch. 8. Confidentiality and Information Security

8.1 Definition and Scope of Confidential Information. “Confidential Information” means any non‑public information disclosed by one party (the “Disclosing Party”) to the other party (the “Receiving Party”), including, without limitation: personal data of Visitors or other data subjects; technical data; source code; API specifications; system architectures and configurations; keys and credentials; business, financial, and operational information; product roadmaps; plans; customer or supplier information; quotations and contract terms; incident records and debugging information; and other information that, under industry standards, should be kept confidential. Confidential Information does not include information that: (i) is or becomes publicly known without breach by the Receiving Party; (ii) is lawfully obtained by the Receiving Party from a third party without a duty of confidentiality; (iii) is independently developed by the Receiving Party without use of or reference to the Disclosing Party’s Confidential Information; or (iv) is disclosed pursuant to a court order, regulatory directive, or other legal requirement (provided that, to the extent permitted by law, the Receiving Party promptly notifies the Disclosing Party).

8.2 Confidentiality Obligations and Use Restrictions. The Receiving Party must keep Confidential Information strictly confidential and, except as necessary to perform these Terms or as required by law, or as otherwise provided in these Terms, must not disclose it to any third party; and the Receiving Party may use Confidential Information only to the extent necessary to achieve the purposes of the Service. The Receiving Party must ensure that its employees, personnel, and subcontractors (if any) are bound by confidentiality obligations no less protective than those set out in these Terms and that they access Confidential Information only on a need‑to‑know basis.

8.3 Duration and Survival. Confidentiality obligations take effect upon receipt of the Confidential Information and continue during the term of these Terms and after termination or expiration, until such Confidential Information lawfully becomes public or the Disclosing Party releases the Receiving Party from such obligations in writing. For trade secrets, the duration follows applicable law or the conditions for maintaining trade‑secret status.

8.4 Information Security Measures. Groundhog will implement reasonable, industry-standard technical and organizational measures, consistent with Article 32 of the GDPR, taking into account the nature of the processing, the level of risk, the state of the art, and the costs of implementation, and other relevant factors, to protect the security and integrity of the Service and the data it processes. The Merchant agrees that such measures may be adjusted at any time as necessary for security, performance, or compatibility.

8.5 Security Incident Notification. If either party becomes aware of a security incident that may affect the Service or that is legally notifiable, it must notify the other party within a reasonable period and provide information reasonably available to it (e.g., an overview of the incident, scope of impact, and remedial actions taken or planned). Groundhog may provide notices via the Service pages, system messages, or email. The other party must cooperate with investigations and remediation upon reasonable request. Except as otherwise required by law, any external communications or notifications to data subjects are, in principle, the responsibility of the party legally obligated to make them. If a security incident involves the personal data of the Merchant or Visitors, Groundhog will, within a reasonable period, promptly provide the Merchant with the information known to Groundhog that is needed for the Merchant to assess and fulfill its notification obligations under applicable laws.

8.6 Merchant Security Responsibilities. The Merchant must: (i) properly safeguard and manage its accounts, passwords, keys, and credentials; (ii) maintain secure configurations and updates for its systems, devices, and browsers; (iii) ensure that any tags, pixels, SDKs, webhooks, or other systems it deploys do not contain malicious or insecure code; and (iv) establish reasonable internal access controls and audit mechanisms to prevent unauthorized access or misuse. The Merchant bears all risks and liabilities arising from the foregoing.

8.7 Redundancy, Backup, and Recovery. Groundhog will use commercially reasonable efforts to maintain the availability of the Service and data redundancy/backup mechanisms. If the Service is interrupted due to force majeure, platform outages, or third‑party service interruptions, Groundhog may execute its incident response and recovery procedures. The foregoing mechanisms do not constitute any warranty of Service availability.

Ch. 9. Limitation of Liability; Disclaimers; Indemnity

9.1 Warranty Disclaimer (AS IS). THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE,” AND, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, GROUNDHOG MAKES NO EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON‑INFRINGEMENT, ERROR‑FREE OPERATION, OR UNINTERRUPTED AVAILABILITY. The Merchant understands and agrees that operation of the Service may be limited by the Merchant’s own systems and by the availability and policy changes of e‑commerce platforms or third‑party services the Merchant uses. THE MERCHANT FURTHER UNDERSTANDS AND AGREES THAT ANY ANALYTICS, PREDICTIONS, OR REPORTS (COLLECTIVELY, “REPORTS”) PROVIDED BY THE SERVICE ARE AUTOMATICALLY GENERATED USING MACHINE‑LEARNING AND ALGORITHMIC TECHNIQUES AND ARE FOR REFERENCE ONLY; GROUNDHOG ASSUMES NO LIABILITY FOR ANY OUTCOME ARISING FROM THE MERCHANT’S USE OF OR RELIANCE ON SUCH REPORTS, AND THE MERCHANT ASSUMES ALL RISKS AND RESPONSIBILITIES.

9.2 Exclusion of Certain Damages. TO THE MAXIMUM EXTENT PERMITTED BY LAW, GROUNDHOG WILL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR FOR LOSS OF PROFITS, LOSS OF GOODWILL, DATA LOSS, OR BUSINESS INTERRUPTION, WHETHER BASED ON CONTRACT, TORT (INCLUDING NEGLIGENCE), OR ANY OTHER THEORY, EVEN IF GROUNDHOG HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

9.3 Aggregate Liability Cap. To the maximum extent permitted by law, the total aggregate liability of Groundhog for all claims, damages, and liabilities arising out of or relating to the Service is limited to the total fees actually paid by the Merchant to Groundhog for the Service prior to the event giving rise to the claim; if no fees have been paid, the cap is USD 100. The foregoing cap does not apply to liability caused by GROUNDHOG’S WILLFUL MISCONDUCT OR GROSS NEGLIGENCE.

9.4 Third‑Party Services and Platform Changes. The Merchant acknowledges and agrees that Groundhog is not responsible or liable for: (i) changes to, reviews by, or takedowns imposed under the rules or policies of any e‑commerce platform; (ii) the availability, errors, or policy changes of third‑party services (including cloud, transmission, analytics, or advertising tools); (iii) deficiencies in the Merchant’s configurations, deployments, or consent management; or (iv) impacts arising from changes in law or regulatory directives. If any of the foregoing results in third‑party claims, the Merchant remains responsible in accordance with the indemnity provisions of this Chapter.

9.5 Force Majeure. Groundhog will not be liable for any delay, impediment, or failure to perform due to force majeure or causes beyond Groundhog’s reasonable control, including, without limitation, natural disasters, strikes, power outages, communications or network failures, supplier or platform outages, governmental orders, epidemics, or similar events.

9.6 Indemnity by the Merchant. The Merchant must defend, indemnify, and hold harmless Groundhog, its affiliates, and their directors, officers, employees, and agents from and against any and all third‑party claims, actions, investigations, penalties, damages, fines, settlements, and reasonable attorneys’ fees and costs arising out of or relating to: (i) the Merchant’s breach of these Terms, applicable laws, or the policies of e‑commerce platforms or third‑party services; (ii) the Merchant’s failure to obtain, manage, or maintain valid Visitor consent, or deficiencies in the Merchant’s consent mechanisms, disclosures, opt‑out, or preference management; (iii) data, content, or code provided or introduced by the Merchant (including tags, pixels, SDKs, webhooks, or API integrations); (iv) the Merchant’s use or misuse of the Service (including violations of Chapter 7) or acts of its personnel or contractors; or (v) disputes between the Merchant and its end customers, users, or any third party.

9.7 Defense and Settlement Procedure. Groundhog will notify the Merchant of any indemnifiable claim in a timely manner to the extent permitted by law (provided that late notice does not relieve the Merchant of its obligations except to the extent the Merchant is materially prejudiced). The Merchant must lead the defense and settlement, but must not, without Groundhog’s prior written consent: (i) admit liability on behalf of Groundhog; (ii) impose any non‑monetary obligations on Groundhog; or (iii) enter into a settlement that is not a complete release. Groundhog may, at its own expense, retain counsel to participate and will reasonably cooperate. If the Merchant fails to defend within a reasonable period or if a conflict of interest arises, Groundhog may undertake the necessary defense or settlement itself, and the Merchant must reimburse Groundhog for reasonable costs incurred.

9.8 Aggregation and Exclusivity. The liability cap in Section 9.3 is the aggregate for all claims and does not expand due to multiple claims, incidents, or legal theories. Except as otherwise mandated by law, this Chapter constitutes the parties’ entire agreement on risk allocation and liability, superseding and excluding any other express or implied terms or remedies.

9.9 Relationship with Other Chapters. This Chapter complements Chapter 2 (License & Use), Chapter 4 (Merchant Obligations), Chapter 7 (Acceptable Use), and Chapter 8 (Confidentiality & Security). In case of conflict, specific provisions in those Chapters prevail with respect to their subject matter.

9.10 Jurisdictional Limits. If any jurisdiction does not permit certain exclusions or limitations of warranties or liabilities, the exclusions and limitations in this Chapter apply only to the maximum extent permitted by law, without affecting the validity of other provisions.

Ch. 10. Term, Termination, Changes, and Notices

10.1 Term. These Terms take effect when the Merchant expresses consent under Chapter 1 or actually uses the Service, and continue until terminated under this Chapter or until the Service is discontinued.

10.2 Termination and Suspension. If Groundhog reasonably determines that the Merchant violates these Terms, applicable laws, the rules or policies of e‑commerce platforms or third‑party services, or that there exists a security, fraud, abuse, or other material risk, Groundhog may, without prior notice, immediately restrict, suspend, or terminate the Service in whole or in part, and may implement necessary remedial or risk‑control measures. The Merchant may cease using the Service or remove it from the platform at any time; provided that this does not affect obligations or liabilities accrued prior to termination.

10.3 Post‑Termination Handling. Upon termination or expiry of these Terms: (i) the Merchant’s access to the Service will end, and Groundhog may disable or revoke related credentials; (ii) with respect to personal data concerning the Merchant, and except where retention is required by law, Groundhog will, at the Merchant’s choice, delete or return such personal data upon the end of the Service and, upon completion, delete existing copies; (iii) Groundhog may, in accordance with law or reasonable business considerations, retain necessary records and backups for a reasonable period; (iv) any anonymized or aggregated data already created may continue to be retained and used; and (v) the Merchant must cooperate within a reasonable period to complete any necessary migration or shutdown actions.

10.4 Changes to the Terms. Groundhog may from time to time modify or update these Terms and other related documents. The latest version and effective date will be published on the Service pages or relevant documentation pages and will take effect immediately upon publication, without individualized notice. The Merchant’s continued installation, access, or use of the Service after an update constitutes acceptance of the amended Terms. If the Merchant does not agree to the changes, the Merchant must immediately stop using and remove the Service.

10.5 Notices and Delivery. Except as otherwise mandatorily required by law, Groundhog may provide notices via the Service pages, admin console messages, system messages, or email. Notices via pages or system messages are deemed delivered upon posting; notices by email are deemed delivered when successfully sent to the Merchant’s last‑provided email address. The Merchant has a duty to keep its contact information current and accurate.

10.6 Contact Point. For general communications or notices related to these Terms, please contact Groundhog via the contact form on Groundhog’s official website [ https://mi.ghtinc.com/language/en/groundhog-mi-contact-us]. For data‑processing or privacy matters, if a DPA or privacy documentation designates a separate contact, such designation will prevail.

10.7 Survival. The following provisions survive termination or expiration of these Terms: Section 2.7 (Reservation of Rights) and Section 2.8 (Feedback); Chapter 3 (Roles and Responsibilities); Chapter 4 (Merchant Obligations and Warranties); Section 6.4 (No Endorsement; Disclaimer); Sections 7.4–7.5 (Remedial Measures; Service Restoration); Chapter 8 (Confidentiality and Information Security); Chapter 9 (Limitation of Liability; Disclaimers; Indemnity); Chapter 11 (Governing Law and Jurisdiction); and any other provisions that by their nature should survive.

10.8 Assignment. Groundhog may assign all or part of its rights or obligations under these Terms to an affiliate or to a third party that succeeds to the Service. The Merchant must not assign any rights or obligations under these Terms without Groundhog’s prior written consent.

10.9 Relationship of the Parties. Nothing in these Terms creates any partnership, joint venture, employment, agency, or similar relationship between the parties.

10.10 Severability. If any provision of these Terms is held invalid or unenforceable, the remaining provisions will remain in full force and effect, and the parties will substitute a valid provision that most closely reflects the original intent.

10.11 Entire Agreement; No Waiver. These Terms, together with the documents incorporated by reference, constitute the parties’ entire agreement regarding the Service. Groundhog’s failure or delay in exercising any right does not constitute a waiver of that right.

Ch. 11. Governing Law and Dispute Resolution

11.1 Governing Law. These Terms are governed by the laws of Taiwan, excluding its choice‑of‑law or conflict‑of‑laws rules; provided that nothing herein affects the application of mandatory laws in any relevant jurisdiction.

11.2 Exclusive Jurisdiction. Any dispute arising out of or relating to these Terms or the Service will be subject to the exclusive jurisdiction of the Taipei District Court, Taiwan, as the court of first instance.

11.3 Language and Precedence. These Terms are drafted in Chinese. In the event of any inconsistency between language versions, the Chinese version controls.

11.4 Negotiation and Remedies. The parties will negotiate in good faith to resolve disputes; provided that nothing in this Section limits either party’s right to seek injunctive relief or other provisional measures from a court.

Ch. 12. Cross‑Border Data Transfers and Standard Contractual Clauses (SCCs)

12.1 Applicability. If the Service involves the cross‑border transfer of personal data from the European Economic Area (EEA) to a third country (including remote access from a third country), this Chapter applies from the moment such transfer occurs.

12.2 Incorporation of SCCs (SCC 2021/914, Module Two). The parties agree that the European Commission’s Standard Contractual Clauses adopted by Commission Implementing Decision (EU) 2021/914, Module Two (Controller to Processor), are automatically incorporated and form part of these Terms (the “SCCs”). For the SCCs: (a) the data exporter is the Merchant, and the data importer is Groundhog; (b) Clause 7 (Docking Clause) is adopted; (c) under Clause 9 (Option 2), general authorization applies to the appointment of Subprocessors, and Groundhog will provide at least ten (10) days’ prior notice of any addition or replacement and provide an objection mechanism; (d) under Clauses 17/18, the governing law and forum are, in principle, those of the EU Member State in which the data exporter is established; if the exporter is not established in any Member State, or if that law does not recognize third‑party beneficiary rights, the governing law and courts of Ireland apply; (e) the content of Annexes I–III is as set out in the parties’ Data Transfer Schedule, which forms part of these Terms; and (f) to the extent of any conflict between these Terms and the SCCs, the SCCs prevail within their scope.

12.3 Transfer Impact Assessment (TIA) and Supplementary Measures. In accordance with SCC Clauses 14–15 and applicable guidance, Groundhog will cooperate with the Merchant to complete TIAs and, where necessary, implement reasonable technical and organizational and/or contractual supplementary measures, including, for example, end‑to‑end or customer‑side encryption with key management, pseudonymization, least‑privilege access, and audit and transparency mechanisms.

12.4 Subprocessors. When appointing Subprocessors, Groundhog will impose written obligations no less protective than those in the SCCs and these Terms, and Groundhog remains liable for Subprocessors’ performance. This Section complements Section 3.5; in case of conflict, within the scope of the GDPR/SCCs, this Chapter and the SCCs prevail.

12.5 Provision and Updates of Documents. Upon the Merchant’s reasonable request, Groundhog will provide a copy of the then‑applicable SCCs (including Annexes I–III). If laws or regulatory requirements mandate an update or replacement of the SCCs, the parties will complete the necessary update or replacement within a reasonable period.

12.6 Relationship with Chapter 11. Chapter 11 (Governing Law and Dispute Resolution) applies to the remainder of these Terms; with respect to the SCCs themselves, governing law and forum are determined by Section 12.2(d) above.

Data Transfer Schedule — Incorporating SCC Annexes I–III

This Data Transfer Schedule (incorporating the SCC Annexes I–III) forms part of Chapter 12 (Cross‑Border Data Transfers and SCCs). The Merchant is deemed to have read and agreed to this Schedule upon any of the following: (i) installing/enabling the Service via an e‑commerce platform; (ii) continuing to use the Service after installation; or (iii) clicking or selecting “Agree/Continue” to relevant prompts or checkboxes in the admin console. These acts also constitute confirmation by both parties, and this Schedule takes effect once the applicability condition in Section 12.1 is met.

Annex I — Relevant Information (I.A–I.C)

Annex I.A Parties and Contact Points

  • Data Exporter (Controller): the “Merchant.”
  • Data Importer (Processor): Groundhog Inc., Address: 104, Taipei City, Zhongshan District, Section 2, Zhongshan N Rd, No.42, 2F ; Contact point: Data Protection/Privacy contact; URL: [https://mi.ghtinc.com/en-us/groundhog-mi-contact-us].

Annex I.B Description of the Transfer

  • Categories of Data Subjects: Visitors and users of the Merchant’s websites.
  • Categories of Personal Data: IP addresses, cookie IDs, device identifiers, advertising IDs, event timestamps, page/event interaction data, browser and device parameters (e.g., User‑Agent), etc.; excludes special categories of personal data unless separately agreed in writing and listed in this Schedule.
  • Nature and Operations of Processing: collection, receipt, transmission, recording, organization, structuring, storage, adjustment or alteration, querying, retrieval, analytics, pseudonymization/anonymization, report generation, restriction, deletion, or destruction.
  • Purposes of Processing: configuration, tracking, measurement, performance analytics, and reporting necessary to provide and operate the Service; debugging and support; abuse/fraud prevention; information security; and service‑quality improvements (consistent with Section 5.2 of the Terms).
  • Frequency and Duration of Transfers: continuous/event‑driven; for the duration of the Service.
  • Retention: as set out in Section 5.5 of the Terms and Groundhog’s Privacy Policy, or the longest retention period required by law.
  • Locations of Access by the Importer: regions where Groundhog and its Subprocessors are located (per Sections 3.5 and 3.6 of the Terms).
  • Destinations and Third Countries: Personal data may be transferred to or remotely accessed from third countries including [Taiwan] and [United States] (as applicable) and may be updated due to changes in Subprocessors. The latest list and version history are available at: [to be provided].
  • Competent Supervisory Authority (Annex I.C): the supervisory authority of the Member State where the data exporter is established; if the data exporter is not established in any Member State, the Data Protection Commission (Ireland) shall be the competent supervisory authority.

Annex II — Technical and Organizational Measures

  • Encryption: TLS for data in transit; industry‑standard algorithms and key management for encryption at rest (where applicable); key segregation and rotation policies.
  • Access Controls: principle of least privilege (PoLP), segregation of duties, multi‑factor authentication, periodic access reviews, and timely de‑provisioning.
  • Network and System Security: firewalls and WAF, IDS/IPS, DDoS mitigation, endpoint protection, vulnerability scanning and patching processes (including CVE tracking and internal remediation SLAs).
  • Application Security: secure development lifecycle (SDL), code reviews, dependency management, penetration testing (documentation/remote by default; on‑site where necessary).
  • Logging and Audit: centralized logging, integrity protection, audit trails for access and administrative actions, periodic audits, and anomaly alerting.
  • Data Minimization and Pseudonymization: collect only the minimum data necessary for the purposes; apply pseudonymization where feasible; implement irreversible anonymization procedures for anonymized data.
  • Redundancy and Recovery: multi‑region redundancy and regular backups; disaster‑recovery drills; internal RTO/RPO targets; disaster recovery plan (DRP).
  • Supply Chain and Subprocessor Management: security requirements for Subprocessors; data‑protection obligations in contracts; periodic reviews; at least 10 days’ prior notice and an objection mechanism before additions or replacements.
  • Incident Notification and Management: detection and classification, internal reporting processes, root‑cause analysis (RCA), and provision of information required by the data exporter without undue delay (aligned with Section 8.5 of the Terms).
  • Data‑Subject Rights Support: assistance, to the extent feasible, with access, rectification, erasure, restriction, portability, and objection (aligned with Section 3.8 of the Terms).
  • Deletion or Return: upon termination of the Service, deletion or return at the Controller’s choice, followed by deletion of existing copies.

Annex III — Subprocessor List (General Authorization) 

Because these Terms use SCC Clause 9 (Option 2, general authorization), it is not necessary to list each specific Subprocessor in this Schedule. Groundhog will provide and maintain a Subprocessor list on its website (URL: [to be provided]) with version and update date. Groundhog will announce additions or replacements at least ten (10) days in advance and provide a mechanism for the Merchant to object on reasonable grounds; however, in emergencies (e.g., security incidents, legal or regulatory requirements) where the advance period cannot reasonably be met, Groundhog may take necessary measures first and notify without undue delay thereafter. Upon a Merchant objection, the parties will negotiate in good faith; if unresolved, Groundhog may (i) not use the Subprocessor, (ii) offer an alternative, or (iii) suspend or terminate the affected feature or Service (strictly to the necessary scope).

Effectiveness and Versioning. The effectiveness and updates of this Data Transfer Schedule are governed by Chapter 12 and Section 10.4 (Changes and Publication). Acceptance follows the same methods as for the Terms (installation, continued use, or admin console confirmation). If later set out in an order form or supplemental agreement, the effective date will be as stated in that document. Groundhog will maintain version numbers and timestamps for audit purposes. In case of any conflict between this Schedule (including the SCC Annexes it incorporates) and other parts of the Terms, within the scope of the GDPR/SCCs, this Schedule and the SCCs prevail.

隱私權政策
Groundhog MI | Mobility Intelligence
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.