Contracts
OpenSesame
Effective May 19th 2026
DownloadTable of Contents
These OpenSesame Online Terms (the “Online Terms”) govern the purchase, access, and use of OpenSesame Offerings through OpenSesame’s website or other online ordering channels, unless Customer has licensed the Offerings under a separate written agreement signed by OpenSesame (such as a master agreement), in which case that agreement controls for the Offerings it covers. By submitting an Online Order, executing a Sales Order that references these Online Terms, clicking to accept, or accessing or using any Offering, Customer agrees to these Online Terms.
These Online Terms are entered into by and between OpenSesame Inc., a Delaware corporation with a principal address at 1606 Headway Cir., Suite 9405, Austin, TX 78754 (“OpenSesame”), and the entity accepting these Online Terms (“Customer”). OpenSesame and Customer may be referred to individually as a “Party” and collectively as the “Parties.”
Privacy. OpenSesame’s collection and use of personal information is described in OpenSesame’s Privacy Policy. Where Customer and OpenSesame have entered into a data processing addendum or similar data processing agreement (“DPA”), the DPA governs the Parties’ processing obligations with respect to Personal Data (as defined in the DPA). If the Parties have not separately executed a DPA, OpenSesame’s standard DPA, available here, will govern, as applicable.
Changes. OpenSesame may update these Online Terms from time to time by posting an updated version. Unless otherwise prohibited by law, Customer’s continued use of the Offerings after the effective date of the updated Online Terms constitutes acceptance of the updated Online Terms.
1. OPENSESAME OFFERINGS
1.1. Offerings; Orders. OpenSesame provides elearning and upskilling offerings, including (i) elearning content licensed from third parties (“Publishers”) (the “Courses”), and (ii) software and platform products and related services for talent management, course creation, and training delivery (“Platform Services”). Courses, Platform Services, and/or other services or features provided under an Order are collectively, the “Offerings.” During the applicable Order term, OpenSesame will provide the Offerings in accordance with the applicable order documentation, which may include (a) an order entered into in writing and signed by both Parties (each a “Sales Order”) and/or (b) a purchase completed through OpenSesame’s online checkout or marketplace (each an “Online Order”). Sales Orders and Online Orders are each an “Order” and collectively, “Orders.” Each Order will identify the Offerings purchased, the applicable term, quantities and/or seat counts, fees, and other commercial specifics.
1.2. Affiliates. Customer may permit its Affiliates to access and use the Offerings under an Order. Customer is responsible for its Affiliates’ compliance with these Online Terms and the applicable Order. “Affiliate” means any entity that directly or indirectly owns, is owned by, controls, is controlled by, or is under common control with a Party.
2. PAYMENT
2.1. Fees; Taxes. Customer will pay OpenSesame the fees set forth in each Order. Customer is responsible for all applicable taxes (including sales tax). If Customer’s primary billing address is in a jurisdiction where OpenSesame is legally required to collect sales tax, OpenSesame will add the appropriate sales tax to the invoice or collect it at checkout, as applicable. If sales tax is not specified, Customer will self-assess and pay any applicable sales tax.
2.2. Invoicing; Timing. Unless otherwise specified in an Order:
- Online Orders are charged at the time of purchase using the payment method provided by Customer; and
- Sales Orders are invoiced as stated in the applicable Sales Order (and if not stated, invoiced annually in advance) and payable in U.S. Dollars (USD).
2.3. Late Payments; Suspension. If OpenSesame does not receive payment of an undisputed invoice within thirty (30) days after its due date, OpenSesame may suspend Customer’s access to the applicable Offerings and charge a monthly late fee on the overdue amount equal to the lesser of one percent (1%) or the maximum amount allowed by applicable law, compounded monthly until paid. Customer will reimburse OpenSesame for reasonable attorneys’ fees and costs incurred to collect undisputed amounts due or otherwise enforce OpenSesame’s rights under these Online Terms.
3. LICENSES; ACCESS; USE RESTRICTIONS
3.1. General. OpenSesame retains all right, title, and interest in and to the Offerings (including all intellectual property rights therein), subject only to the limited rights expressly granted to Customer in these Online Terms and the applicable Orders. For Courses, Publishers retain all intellectual property rights in the Courses. Customer acknowledges that the Offerings are provided as subscriptions and/or licenses, and not sold. Section 3.2 applies only if Customer purchases Course licenses. Section 3.3 applies only if Customer purchases Platform Services.
3.2 Course Licenses. If Customer purchases Course licenses, Customer receives a non-exclusive license to use the Courses consistent with the license type listed in the applicable Order (“License Type”) and Schedule A (Course Schedule), which is incorporated by reference. Course seats are for single-person usage only and may not be broadcast or otherwise shared.
3.3. Platform Services License. If Customer purchases any Platform Service, then during the applicable subscription term (the “Subscription Term”) and subject to these Online Terms, the applicable Order, and Schedule B (Platform Service Schedule), which is incorporated by reference, OpenSesame grants Customer a limited, non-exclusive, non-transferable, non-sublicensable, revocable license to access and use such Platform Service solely for legitimate business purposes and internal use.
3.4. Use Restrictions. Customer will not, and will procure that its employees, contractors, agents, and other authorized users (“Users”) will not: (a) allow minors to access the Offerings or OpenSesame’s systems; (b) use any Offering for any purpose other than Customer’s legitimate business purposes and internal training and/or skills development programs, as applicable, or for any illegal or inappropriate purposes; (c) copy, record, edit, alter, or otherwise interfere with the Offerings, including but not limited to: (i) record or webcast playback of Courses or the interface of any Platform Service, except that Customer may record or webcast usage of Platform Services (but not playback of Courses) internally solely to Users for purposes of training Users to use the applicable Platform Service; (ii) overlay Courses with other audio, video, or images or distort the quality of the training programs; or (iii) remove, edit, or otherwise interfere with (or attempt to remove, edit, or otherwise interfere with) any names, marks, logos, or branding on Courses or Platform Services; (d) interfere with or disrupt (or attempt to interfere or disrupt) OpenSesame’s software, hardware, systems, or networks, including by transmitting malicious code or harmful files, and will use reasonable care to avoid negligently transmitting such files; (e) reverse engineer, decompile, disassemble, or otherwise determine or attempt to discover the source code or underlying ideas, structure, or organization of any Platform Service; (f) upload, submit, or make available (including through any Platform Service) content or information without the necessary rights and/or license, including content restricted from disclosure by confidentiality obligations; (g) upload or submit any personal health information, financial information, information subject to export control regulations, or “sensitive” personally identifying information; or (h) use Courses or Platform Services to: (1) convey false, unlawful, harassing, defamatory, abusive, hateful, racial, threatening, harmful, vulgar, obscene, seditious, or otherwise objectionable material; (2) conduct commercial business other than internal employee training and/or skills development; (3) falsify the origin or source of any content or other material; or (4) conduct illegal activity. Customer’s right to access and use the Offerings may not be assigned, transferred, or sublicensed, except as expressly permitted under Section 8.4. Customer will not use OpenSesame’s or any Publisher’s names, logos, or other marks for branding, marketing, or public presentations without written permission from OpenSesame or the applicable Publisher.
3.5. Website Use Limitations. If Customer accesses OpenSesame’s website for the purpose of evaluating or purchasing Offerings, Customer may use the website only for legitimate business purposes. Customer will not use the website to research OpenSesame customers or partners, and will not collect or record data from the website except as reasonably necessary to evaluate or purchase Offerings. Customer will not use automated methods to crawl, scrape, or otherwise collect data from the website.
4. CUSTOMER CONTENT; CUSTOMER DATA
4.1. Customer Content. Certain Offerings may allow Customer and/or its Users to upload or create content, including courses, drafts, text, images, audio, video, and other materials (“Customer Content”). Customer Content includes customizations to Courses made or requested by Customer (“Customizations”). As between OpenSesame and Customer, Customer owns Customer Content. Customer grants OpenSesame a worldwide, non-exclusive, royalty-free, fully paid up right and license to host, store, transfer, display, perform, reproduce, modify for formatting purposes, and distribute Customer Content for purposes of delivering the applicable Platform Services and related support in accordance with these Online Terms. Customer is solely responsible for Customer Content and any liabilities arising from uploading or creating Customer Content, and OpenSesame expressly disclaims all liability in connection with Customer Content. Customer represents and warrants that it has the necessary right and license to provide Customer Content and grant the foregoing rights, and that Customer Content and its use as contemplated herein will not (a) infringe or misappropriate third-party rights, (b) slander, defame, threaten, or invade privacy or other rights, or (c) violate (or cause OpenSesame to violate) laws or regulations. OpenSesame has no obligation to edit, review, monitor, or control Customer Content, and may remove Customer Content it determines violates these Online Terms or an applicable Order. Customer acknowledges that Customizations may prevent Courses from receiving automatic updates.
4.2. Customer Data; Usage Data. OpenSesame may receive information and data in connection with Customer’s and Users’ use of the Offerings, including personal information and learning activity data (“Customer Data”), including data provided by Customer’s LMS and enrollment, launch, completion, and review data (“Course Activity Data”). OpenSesame may also collect and process technical and performance data and logs about Customer’s use of Offerings (“Usage Data”) to operate, troubleshoot, provide updates, analyze trends and results, and improve the Offerings. As between the Parties, OpenSesame owns Usage Data and Course Activity Data when processed in aggregated, anonymized, or deidentified form.
4.3. AI Features. Certain Offerings may include features that generate, summarize, recommend, translate, analyze, or otherwise produce content or outputs using artificial intelligence or machine learning technologies (“AI Features”). AI Features may generate text, images, audio, course materials, summaries, recommendations, career insights, or other materials (“AI Outputs”). Customer acknowledges and agrees that: (a) AI Outputs may be inaccurate, incomplete, misleading, or inappropriate; (b) AI Outputs are not a substitute for human judgment or professional advice; and (c) Customer is solely responsible for reviewing and validating AI Outputs before relying on them, including for personnel, compliance, or other business decisions.
4.4. Feedback; Improvements. Customer grants OpenSesame a perpetual, irrevocable, royalty-free, fully paid up right to use and exploit any suggestions, ideas, enhancement requests, feedback, recommendations, or other information provided by Customer related to the Offerings. OpenSesame may use Customer Data, Usage Data, Customer Content, and AI Outputs to provide and operate AI Features; monitor performance and troubleshoot; improve, develop, train, fine-tune, and enhance AI Features and related technologies, provided that, except as necessary to provide the Offerings to Customer, OpenSesame will use Personal Data for improvement purposes only in aggregated, anonymized, or deidentified form in accordance with the DPA. OpenSesame will not authorize third parties to use Customer Data or Customer Content for training.
5. LIMITATION OF LIABILITY; INDEMNIFICATION
5.1. Disclaimers. EXCEPT AS EXPRESSLY SET FORTH IN THESE ONLINE TERMS OR AN APPLICABLE ORDER, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, (1) OFFERINGS ARE PROVIDED “AS IS” AND ON AN “AS AVAILABLE” BASIS; AND (2) OPENSESAME DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. OpenSesame does not warrant that the Offerings will be error free or operate without interruption or free of viruses or harmful components, or that Customer will achieve a particular result by using the Offerings. No marketing or other statement provided by OpenSesame will be deemed a warranty or give rise to liability. Without limiting the foregoing, OpenSesame does not warrant that AI Outputs will be accurate, complete, non-infringing, reliable, or fit for any particular purpose. AI Outputs are provided “as is.” From time to time, OpenSesame may offer “Beta” features or tools for evaluation. Beta features are provided without warranties and may be modified or discontinued at OpenSesame’s sole discretion.
5.2. General Liability Cap. Except with respect to its indemnification obligations in Section 5.4, OpenSesame’s cumulative and sole liability for any claim will be limited to the fees paid and payable by Customer to OpenSesame for the applicable Offering(s) giving rise to such claim over the twelve (12) month period preceding the event that gave rise to such claim (the “General Liability Cap”).
5.3. Indemnification by Customer. Customer shall indemnify, defend, and hold harmless OpenSesame and its Publishers, and their respective directors, officers, employees, and agents, from and against any and all claims, actions, demands, settlements, fees, costs, damages, losses, liabilities, and expenses of any type (including reasonable attorneys’ fees and costs) (“Losses”) incurred by OpenSesame resulting from any third-party claim, suit, action, or proceeding in connection with Customer’s or its Users’ use of the Offerings in breach of these Online Terms or an applicable Order, including third-party allegations related to Customer Content. This indemnification obligation is subject to Customer receiving (i) prompt written notice (sufficient for Customer to respond without prejudice), (ii) the exclusive right to control and direct the investigation, defense, or settlement of the claim, and (iii) all reasonably necessary cooperation of OpenSesame at Customer’s expense.
5.4. Indemnification by OpenSesame. OpenSesame shall indemnify, defend, and hold harmless Customer and its directors, officers, employees, and agents from and against any and all Losses incurred by Customer resulting from any third-party claim that the Courses and/or Platform Services, or Customer’s use of such Offerings in accordance with these Online Terms, infringes or misappropriates the third party’s intellectual property rights, provided that Customer (i) promptly notifies OpenSesame in writing (sufficient for OpenSesame to respond without prejudice), (ii) allows OpenSesame sole authority to control and direct the investigation, defense, and/or settlement, and (iii) cooperates with OpenSesame. If a claim is made or appears possible, OpenSesame may, at its sole discretion: (i) replace the applicable Offering (or component) with a substantially similar non-infringing offering; (ii) modify it to make it non-infringing; or (iii) obtain the right for Customer to continue use. THIS SECTION 5.4 SETS FORTH CUSTOMER’S SOLE REMEDIES AND OPENSESAME’S SOLE LIABILITY FOR ANY CLAIMS THAT THE OFFERINGS INFRINGE OR MISAPPROPRIATE THIRD-PARTY INTELLECTUAL PROPERTY RIGHTS. In no event will OpenSesame’s liability under this Section 5.4 exceed the cap below:
Total Annual Fees* | Indemnified Claims Cap |
Less than $50,000 USD | General Liability Cap |
$50,000–$250,000 USD | Up to $500,000 USD |
$250,001–$500,000 USD | Up to $1,000,000 USD |
$500,001+ USD | Greater of 3x the General Liability Cap or $2,000,000 USD |
*Total fees paid and payable to OpenSesame for the Offering(s) giving rise to the claim in the twelve (12) month period preceding the date of the claim.
5.5. No Consequential Damages. NEITHER PARTY SHALL BE LIABLE FOR INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR RELATING TO THESE ONLINE TERMS OR THE EXERCISE OF ITS RIGHTS HEREUNDER, INCLUDING LOST PROFITS, REGARDLESS OF ANY NOTICE OF SUCH DAMAGES. NOTHING IN THIS SECTION 5.5 IS INTENDED TO LIMIT OR RESTRICT THE INDEMNIFICATION RIGHTS OR OBLIGATIONS OF EITHER PARTY.
5.6. Reliance. THE PARTIES ACKNOWLEDGE AND AGREE THAT THESE ONLINE TERMS HAVE BEEN ENTERED INTO IN RELIANCE ON THE LIMITATIONS OF LIABILITY IN THIS SECTION 5 AND THAT SUCH LIMITATIONS FORM AN ESSENTIAL BASIS OF THE BARGAIN.
6. TERM AND TERMINATION
6.1. Term. These Online Terms begin on the earlier of Customer’s acceptance or first use of an Offering and continue until all Orders have expired or been terminated.
6.2. Termination for Material Breach. Either Party may terminate these Online Terms and all applicable Orders if the other Party materially breaches and fails to cure within thirty (30) days after receiving written notice of the breach. If Customer terminates under this Section 6.2, OpenSesame will refund, pro rata, prepaid fees under then-current Orders as of the termination date, if applicable.
6.3. Effect of Termination. Following termination or expiration of an Order, Customer will cease use of the applicable Offerings and delete from its systems any archived materials printed or published for end users who accessed such content during the Order term.
7. DATA PROCESSING
The Parties’ obligations regarding processing of Personal Data are governed by the DPA (if applicable), which is incorporated by reference. OpenSesame processes, manages, and stores Personal Data consistent with data minimization principles and generally collects only the Personal Data reasonably necessary to provide the Offerings. OpenSesame may engage subprocessors and transfer Personal Data to them solely to provide the Offerings and related services, in accordance with the DPA and notices made available through OpenSesame’s Trust Center. Any privacy policy is intended to describe OpenSesame’s general practices; however, for purposes of the Parties’ contractual relationship, these Online Terms and the DPA control, and in the event of a conflict regarding Personal Data obligations, the DPA will prevail.
8. GENERAL PROVISIONS
8.1. Applicable Law; Attorneys’ Fees. These Online Terms and all Orders will be governed by and construed in accordance with the laws of the State of Delaware, without regard to conflict of laws principles. The prevailing Party in any suit or action hereunder shall be entitled to recover from the losing Party all costs incurred in enforcing performance of, or protecting its rights under, any part of these Online Terms, including reasonable costs of investigation and reasonable attorneys’ fees.
8.2. Confidentiality. The Parties agree to keep confidential all non-public information and materials they learn or obtain about the business, plans, practices, and policies of the other Party. The receiving Party will not disclose such information or use it to benefit a third party without the disclosing Party’s prior written consent, unless such information becomes public knowledge through lawful publication by someone other than the receiving Party. This prohibition will survive for three (3) years following termination or expiration of all Orders. Notwithstanding the foregoing, OpenSesame may disclose such information to third parties as necessary to exercise its rights and perform its obligations under these Online Terms and/or any Order, provided such third parties are similarly obligated to hold such information in confidence and are prevented from using such information for any purpose other than providing services to OpenSesame.
8.3. Publicity. Unless otherwise agreed in writing, Customer agrees that OpenSesame may identify Customer as a customer and may use Customer’s name and logo in OpenSesame marketing materials. If Customer requests removal, OpenSesame will use commercially reasonable efforts to comply.
8.4. Assignment. Neither Party may assign these Online Terms or any Order without the other Party’s prior written consent, except in connection with a transfer of all or substantially all of its business or assets. Any attempted assignment in violation of this section is void. These Online Terms bind and inure to the benefit of the Parties and their permitted successors and assigns.
8.5. Waiver. A waiver of a breach or failure to exercise any right will not constitute a waiver of any other breach or right.
8.6. Severability. If any provision is deemed unenforceable, the remaining provisions remain in full force and effect unless doing so would materially defeat the Parties’ intent.
8.7. Force Majeure. Except for Customer’s payment obligations, neither Party is liable for delay or failure to perform due to causes beyond its reasonable control, and such non-performance will not constitute default.
8.8. Notices. Legal notices to OpenSesame must be sent via email to: legal-notices@opensesame.com. Termination notices will not be effective unless sent to this email address. Legal notices to Customer will be sent to the contact email address associated with the applicable Order.
8.9. Reporting. If Customer becomes aware of an OpenSesame employee or representative engaging in unethical or illegal conduct, Customer may notify OpenSesame’s legal team via email at legal-notices@opensesame.com or via OpenSesame’s anonymous hotline at 833-222-4148.
8.10. Compliance. OpenSesame reserves the right to terminate these Online Terms and any Orders upon written notice if it becomes aware that Customer is identified in connection with any applicable law or regulation contributing to the United States Consolidated Screening List or otherwise relating to export control compliance or anti-corruption.
8.11. Entire Agreement; Order of Precedence; Purchase Orders. These Online Terms and the applicable Orders constitute the entire agreement of the Parties with respect to their subject matter and supersede all prior or contemporaneous proposals, agreements, and understandings, whether written or oral. Any additional or different terms in a Customer purchase order or other business form are rejected and have no legal effect, even if signed by OpenSesame; such documents are for administrative purposes only. If there is a conflict between an Order and these Online Terms, the following order of precedence applies unless the Order expressly states otherwise: (1) the Order, (2) these Online Terms, (3) the Schedules. By accepting any Order governed by these OpenSesame Terms, Customer represents and warrants that it has the legal right and ability, including all the ownership, license, proprietary, and other rights necessary, to agree to and abide by these OpenSesame Terms, and that the individual accepting on behalf of Customer has the right to bind Customer to these OpenSesame Terms.
SCHEDULE A
COURSE SCHEDULE
1. LICENSE TYPES. Each Course is licensed under the License Type specified in the applicable Sales Order. The Sales Order will specify the initial license term (the “License Term”) and, where applicable, the number of licensed users. Customer is responsible for conducting its own research before choosing a Course. This is the case even in the event that Customer requests assistance from OpenSesame in selecting Courses.
(a) Volume Purchase License. Customer may purchase access to an individual Course or Course bundle for a specific number of users (a “Volume Purchase License”). Under a Volume Purchase License, licensed users will have twelve (12) months to access the purchased Course(s) from the date OpenSesame enables access to such Course(s), unless a longer License Term is indicated on the applicable Sales Order. Additional user licenses may be added mid-term at the original per user license purchase price. Any such additional user licenses purchased mid-term will expire co-terminate with the original purchase. For a Volume Purchase License, a Course is deemed accessed upon initial launch.
(b) Site License Purchases. Customer may purchase access to an individual Course or Course bundle for an unlimited number of users from an individual company (limited to a single Internet domain) (a “Site License”). Under a Site License, users may access the applicable Course(s) for the entire License Term of the purchase (from the date OpenSesame enables access to such Course(s)).
(c) Pay Per Use Licenses. Customer may purchase pay-per-use access to an individual Course (a “Pay Per Use License”). Under a Pay Per Use License, Customer will pay a fixed price each time a user accesses such Course. For Pay Per Use Licenses, a Course is deemed accessed when a user (i) views at least two (2) minutes of the Course, (ii) launches the Course two times, or (iii) completes the Course; whichever occurs first.
(d) OpenSesame Plus Subscription Licenses. Customer may purchase a subscription to OpenSesame’s “Plus Library” of Courses for a limited number of licensed users (a “Plus License”). The Plus Library is a specific subset of OpenSesame Courses and is subject to change from time to time at OpenSesame’s discretion. Under a Plus License, licensed users may access Courses in the Plus Library an unlimited number of times throughout the License Term, as indicated on the applicable Sales Order. Plus Licenses come in one of several types that determine the number of Courses to which licensed users will have access, as further detailed below. The specific type of Plus License will be indicated on the applicable Sales Order. Customer will designate one or more licensed users as “Administrators” to select the specific Courses to which other licensed users will have access. For Plus Licenses, user licenses are deemed consumed upon initial launch of a Course.
(i) Plus Complete. Licensed users on a Plus Complete subscription may access an unlimited number of Courses from the Plus Library throughout the License Term. Plus Complete subscriptions include ongoing Course curation / selection services throughout the License Term.
(ii) Plus 100. Licensed users on a Plus 100 subscription may access up to 100 Courses from the Plus Library selected by Customer’s Administrators. Administrators may substitute selected Courses once every three (3) months of the License Term. Plus 100 subscriptions include up to one (1) hour of Course curation / selection services per year of the License Term.
(iii) Plus 25. Licensed users on a Plus 25 subscription may access up to 25 Courses from the Plus Library selected by Customer’s Administrator(s). Administrators may substitute selected Courses once every six (6) months of the License Term. Plus 25 subscriptions do not include Course curation / selection services.
2. IMPLEMENTATION; DELIVERY. OpenSesame will deliver Course files for use in Customer’s standards-compliant delivery platform. Customer is responsible for loading, categorizing, and assigning Courses.
3. CONTENT SUBSTITUTIONS. If Customer purchases Course licenses, OpenSesame retains the right to substitute substantially similar Courses for those initially selected as necessary. OpenSesame also reserves the right to remove Courses. In the event that Customer purchases a Volume Purchase License and a purchased Course is removed other than due to a breach by Customer, OpenSesame shall issue a pro rata refund of the purchase price for such Course license.
SCHEDULE B
PLATFORM SERVICE SCHEDULE
ORO
The following terms apply only if a Sales Order includes “Oro” as a Platform Service.
1. THE PRODUCT. Oro is OpenSesame’s elearning course delivery system. Oro may allow Customer to select and deliver licensed Courses, upload and deliver Customer Content to Users, and track learner progress. Oro Skills is an optional additional feature of Oro, a talent development platform designed to assist end users to identify and achieve career paths, including allowing Users to create a profile, upload a resume, identify skills, design a career path, and identify areas for skill development.
2. DATA PROCESSED. In connection with Oro, OpenSesame may process User identifiers (including first and last name and user ID) and course activity/completion data, and administrator contact information, in each case as described in Section 7 of the MPA. Customer acknowledges that Oro Skills may process (as Customer Data) certain user profile and skills-related information, and (if integrated by Customer) certain organizational or role-related information, in each case as described in Section 7.
3. GUIDANCE; NO EMPLOYMENT DECISIONS. Oro Skills is designed to assist and provide guidance based on the information provided by Users, and should not be used as a replacement for human judgment, critical thinking, or professional advice. Customer is solely responsible for its employment and related decisions.
4. ORO SKILLS INDEMNITY. Without limiting Customer’s indemnification obligations in Section 5.2 of the MPA, Customer’s indemnity includes third-party claims by Users (or others) arising out of Customer’s use of Oro Skills outputs, Customer Data, or related insights to make employment decisions.
5. PERSONAL ACCOUNTS. If Oro Skills permits Users to provide a personal email to maintain a personal account beyond their employer’s Subscription Term, Customer consents to OpenSesame offering such option to Users. Corporate/organizational data provided by Customer will continue to be handled in accordance with Section 7 of the MPA and any applicable data deletion provisions.
SIMON
The following terms apply only if a Sales Order includes “Simon” as a Platform Service.
1. THE PRODUCT. Simon is OpenSesame’s elearning course creation platform that allows Users to create elearning courses (“Simon Courses”), which may then be made available through Customer’s learning management system.
2. DRAFTS. Simon may allow Users to generate temporary links to share view-only access to draft Simon Courses (“Drafts”). Customer will only use Drafts for previewing and reviewing Drafts before delivery, and will not use Drafts (a) to deliver Simon Courses for usage by end users or (b) for any purpose other than legitimate business purposes. Customer will only provide links to Drafts to individuals who are employees of, or otherwise affiliated with, Customer.
3. TRANSLATIONS. Customer Content may include machine-generated translations of text and audio created using Simon (“Translations”). Customer is responsible for ensuring the accuracy of Translations and acknowledges that Translations may be generated to fit timing parameters and may therefore not be word-for-word translations.
4. DATA PROCESSED. In connection with Simon, OpenSesame may process User account information (including name and email address) and related service usage data, in each case as described in Section 7 of the MPA.
Privacy Policy
Effective June 13th 2025
DownloadSummary of changes
Updated headquarters location in Section V and mailing address in Section XII.
Table of Contents
Welcome to OpenSesame! Your privacy is of paramount importance to us. This Privacy Policy (this “Policy”) outlines our practices concerning the collection, use, and disclosure of your personal information through our website, www.opensesame.com, and any related services, sales, marketing, or events (collectively referred to as the "Services"). For specific terms relating to GDPR and CCPA, see Section XIII (Jurisdiction-Specific Provisions).
I. INTRODUCTION
At OpenSesame Inc. (“OpenSesame”), we are committed to protecting your personal information and respecting your privacy in accordance with applicable state and international laws. This Policy explains how we handle personal information collected from and about our users, customers, and visitors when they use our Services, interact with us, or otherwise engage with our offerings. It is designed to inform you about our practices regarding the collection, use, and sharing of the information you provide to us or that we gather when you interact with our Services.
By accessing or using our Services, you agree to the collection and use of information in accordance with this Policy. We encourage you to read this Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, please do not use our Services. By continuing to use our Services, you are accepting and consenting to the practices described in this policy.
This Policy is a binding contract between OpenSesame and you, and is integral to our Terms and Conditions and subject to them. We may update this Policy from time to time. We encourage you to review this Policy periodically to stay informed about our policies and practices. Your continued use of our Services after any modification to this Policy will constitute your acceptance of such modifications and updates.
Who is OpenSesame?
OpenSesame is a provider of elearning and certification courses that address a broad range of business needs from management and leadership, soft skills, HR, IT and more. With over 30,000 offerings in a variety of formats and languages, we are poised to help businesses prepare their employees today and into the future. OpenSesame also offers other products and services related to elearning and skills development.
II. INFORMATION COLLECTION
OpenSesame may collect two types of information:
Aggregate Information. For purposes of this Policy, information relating to your use of the Services that is anonymous and/or aggregated (such as pages visited on the Site, browser type, referring URL, IP address) will be referred to as “Aggregate Information.” We also collect course activity data (including enrollment, launch, completion, and review data) that, when anonymized and/or aggregated (either at the time of collection or at the end of your relationship with us), will also constitute Aggregate Information. Aggregate Information is owned by us and is not connected to you or to any other personally identifiable information relating to you. If you are an Oro customer, Aggregate Information also may include anonymized and aggregate information from your Oro profile.
Personal Information. For purposes of this Policy, personally identifiable information that is connected to you or other personally identifiable information relating to you, including, but not limited to your name, billing address, payment information, or email address, will be referred to as “Personal Information.”
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from our customers. For example, information that our customers provide to us related to the Services for which they engage us.
- Indirectly from our customers. For example, through information we collect from our customers through their use of the Services.
- Directly and indirectly from activity on our website. For example, from submissions through our website portal or website usage details collected automatically.
- From third parties if you have provided your consent for such third parties to share your personal information with us
The following is a description of the categories of Personal Information that OpenSesame may collect while utilizing the Site or providing Services:
Category | Examples | Collected? | GDPR Lawful basis for processing |
Identifiers | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. | YES | Consent to processing (Article 6(1)(c)) and/or contractual necessity (Article 6(1)(b)) |
Personal information categories (as listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))) | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. | YES | Consent to processing (Article 6(1)(c)) and/or contractual necessity (Article 6(1)(b)) |
Protected classification characteristics under California or federal law | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | YES (for job applicants only) | Consent to processing (Article 6(1)(c)) |
Commercial information | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | NO | N/A |
Biometric information | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | NO | N/A |
Internet or other similar network activity | Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. | YES | Consent to processing (Article 6(1)(c)) and/or contractual necessity (Article 6(1)(b)) |
Geolocation data | Physical location or movements. | NO | N/A |
Sensory data | Audio, electronic, visual, thermal, olfactory, or similar information. | NO | N/A |
Professional or employment-related information | Current or past job history or performance evaluations. | YES (for job applicants or Oro users only) | Consent to processing (Article 6(1)(c)) and/or contractual necessity (Article 6(1)(b)) |
Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | YES (for Oro users only) | Consent to processing (Article 6(1)(c)) and/or contractual necessity (Article 6(1)(b)) |
Inferences drawn from other personal information | Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | YES (for Oro users only) | Consent to processing (Article 6(1)(c)) and/or contractual necessity (Article 6(1)(b)) |
Sensitive personal information | Government identifiers, precise geolocation, information concerning sexual orientation, racial or ethnic origin, religious or philosophical beliefs, union membership, citizenship and immigration status, and mental and physical health conditions or diagnoses. | NO | N/A |
III. USE OF INFORMATION
Aggregate Information. At OpenSesame, we utilize Aggregate Information to enhance our services and user experiences. This includes generating statistical reports to identify usage trends and service improvements. Aggregate Information, by nature, does not identify you personally; it helps us understand how our services are used collectively.
Personal Information. The Personal Information you provide enables us to offer and improve our Services tailored to your needs. This includes:
- Fulfilling requests for products and services;
- Customizing content and user experiences;
- Communicating about promotions, specials, and new products;
- Facilitating the overall use of our website and Services; or
- Carrying out any other purpose described to you at the time the Personal Information is collected.
Third-Party Interactions. OpenSesame partners with third-party service providers and advisors to assist in supporting our website and Services, including without limitation: (i) third-party service provides we use for shipping, credit card processing, and communication regarding OpenSesame's Services; and (ii) third-party advertising, marketing or analytics companies who may use your Personal Information in order to assist OpenSesame with its marketing or advertising or to otherwise provide OpenSesame with analytics services such as analyzing consumer or market trends. These partners are carefully selected and obligated to protect your information and use it solely for the purposes for which they have been engaged. When OpenSesame engages third parties such as these, OpenSesame requires that the third parties comply with this Policy and any other appropriate confidentiality and security measures. OpenSesame may also share Personal Information with any third parties in limited circumstances, including (i) when replying to requests of public authorities or any other government agencies; (ii) preventing fraud or imminent harm; and (iii) ensuring the security of OpenSesame’s network and services. We may also share your Personal Information with OpenSesame’s professional advisors such as attorneys or accountants in order to facilitate these professionals in the provision of their services to OpenSesame.
We respect your privacy rights and include provisions in this Policy for you to understand and control how your personal information is used. For detailed information on your rights and how to exercise them, please refer to Section VI (User Rights).
IV. INFORMATION SHARING AND DISCLOSURE
Personal Information. OpenSesame does not sell, rent or share personally identifiable information to or with any third party not affiliated with or owned by OpenSesame, except that you grant OpenSesame the right to disclose such information to service providers who may assist OpenSesame in providing services to you or in reporting the completion of certain types of training. No mobile information will be shared with third parties/affiliates for marketing/promotional purposes.
Aggregate Information. Aggregate information is used solely for internal purposes to help OpenSesame improve its users’ experience and to better provide its Services to you.
Disclosure to Comply With Laws or Respond to Other Requests. OpenSesame has the right to disclose an individual's personal information as deemed reasonably appropriate by OpenSesame: (i) in response to a request by any public authorities or any other government agencies, including without limitation to meet national security or law enforcement requirements or requests; (ii) to assist in replying to any other legal process, including without limitation any subpoena from any party or any order of any public authorities or other government agencies; or (iii) to assist in complying with any other laws or regulations, including without limitation, any tax reporting requirements.
Business Transition. In the event OpenSesame goes through a business transition, such as a merger, acquisition by another company, or a sale of a portion of OpenSesame’s assets, our customers’ Personal Information may be part of the assets transferred. Disclosure of users’ Personal Information in such a situation, or in contemplation of such a situation, shall be deemed consistent with this Policy. However, such a transfer may result in a change in this Policy, and you are advised and strongly encouraged to review this Policy frequently.
V. INTERNATIONAL DATA TRANSFERS
This section explains how we handle such international transfers of personal data to ensure your privacy is safeguarded in accordance with applicable data protection laws. OpenSesame is headquartered in Austin, Texas, and processes Personal Information exclusively in the United States. Personal Information of international users will be transferred to and processed exclusively within the United States.
Data Privacy Framework Principles
EU-US and Swiss-US Data Privacy Framework Privacy Statement For EU, UK, and Swiss Individuals
OpenSesame Inc. complies with the EU-U.S. Data Privacy program Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy program Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. OpenSesame Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework program Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. OpenSesame Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework program Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
The Federal Trade Commission (FTC) has jurisdiction with enforcement authority over OpenSesame's compliance with the Data Privacy Framework. All OpenSesame employees who handle Personal Data from Europe, the UK, and Switzerland are required to comply with the Principles stated in this Policy.
A. SCOPE
This Policy applies to the processing of Individual Customer Personal Data that OpenSesame receives in the United States concerning Individual Customers who reside in the European Union, the UK, and Switzerland. OpenSesame provides products and services to businesses and consumers. This Policy does not cover data from which individual persons cannot be identified or situations in which pseudonyms are used. (The use of pseudonyms involves the replacement of names or other identifiers with substitutes so that identification of individual persons is not possible.)
B. RESPONSIBILITIES AND MANAGEMENT
OpenSesame has designated the Legal Department to oversee its information security program, including its compliance with the EU-US and Swiss-US Data Privacy Framework Principles programs The Legal Department shall review and approve any material changes to this program as necessary. Any questions, concerns, or comments regarding this Policy also may be directed to legal-notices@OpenSesame.com. OpenSesame will maintain, monitor, test, and upgrade information security policies, practices, and systems to assist in protecting the Personal Data that it collects. OpenSesame personnel will receive training, as applicable, to effectively implement this Policy. Please refer to Section VII (Data Security) for a discussion of the steps that OpenSesame has undertaken to protect Personal Data.
C. RENEWAL / VERIFICATION
OpenSesame will recertify its participation in the EU-US and Swiss-US Data Privacy Framework Principles annually, unless it subsequently determines that it no longer needs such certification or if it employs a different adequacy mechanism. Prior to the recertification, OpenSesame will conduct an in house verification to ensure that its attestations and assertions with regard to its treatment of Individual Customer Personal Data are accurate and that the company has appropriately implemented these practices. Specifically, as part of the verification process, OpenSesame will undertake the following:
- Review this Data Privacy Framework Principles policy and its publicly posted website privacy policy to ensure that these policies accurately describe the practices regarding the collection of Individual Customer Personal Data
- Ensure that the publicly posted privacy policy informs Individual EU, UK, and Swiss Customers of OpenSesame's participation in the EU-US and Swiss-US Data Privacy Framework Principles programs and where to obtain a copy of additional information (e.g., a copy of this Policy)
- Ensure that this Policy continues to comply with the Data Privacy Framework Principles
- Confirm that Individual Customers are made aware of the process for addressing complaints and any independent dispute resolution process (OpenSesame may do so through its publicly posted website, Individual Customer contract, or both)
- Review its processes and procedures for training Employees about OpenSesame's participation in the Data Privacy Framework programs and the appropriate handling of Individual's Personal Data OpenSesame will prepare an internal verification statement on an annual basis.
D. RECOURSE MECHANISM
In compliance with the EU-US Data Privacy Framework Principles and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, OpenSesame Inc. commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union, UK, and Swiss individuals with DPF inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact OpenSesame Inc. at security@opensesame.com
OpenSesame Inc. has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by JAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction
E. LIABILITY FOR ONWARD TRANSFERS
In the context of an onward transfer, OpenSesame has responsibility for the processing of personal information it receives under the Data Privacy Framework Principles and subsequently transfers to a third party acting as an agent on its behalf. OpenSesame shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless it proves that it is not responsible for the event giving rise to the damage.
VI. USER RIGHTS
When applicable, data privacy laws may provide you with certain user rights regarding your data. This section outlines these potential rights and how you can exercise these rights.
Right to Access. You may have the right to request access to the Personal Information OpenSesame holds about you. This may include the right to be informed about the nature, processing, and disclosure of your data.
Right to Rectification. If any Personal Information we hold about you is incorrect or incomplete, you may have the right to request that we correct or complete it.
Right to Erasure (‘Right to be Forgotten’). You may have the right to request the deletion or removal of Personal Information when there is no legal basis for its continued processing by OpenSesame.
Right to Restrict Processing. You may have the right to 'block' or suppress further use of your Personal Information under certain conditions. When processing is restricted, we may still store your information but will not use it further.
Right to Data Portability. You may have the right to obtain and reuse your Personal Information for your own purposes across different services in a safe and secure way, without affecting its usability.
Right to Object. You may have the right to object to the processing of your Personal Information based on legitimate interests, direct marketing (including profiling), and processing for scientific or historical research and statistics.
Rights in relation to Automated Decision Making and Profiling. You may have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
VII. DATA SECURITY
OpenSesame takes commercially reasonable precautions to protect your Personal Information. However, given the nature of the Internet and the fact that network security measures are not infallible, OpenSesame cannot guarantee the security of Personal Information submitted through the Site. OpenSesame also takes commercially reasonable offline efforts to protect your Personal Information. OpenSesame also makes commercially reasonable efforts to restrict access to Personal Information to employees who need the information to perform a specific job. OpenSesame maintains commercially reasonable physical, electronic and managerial procedures to safeguard the Personal Information OpenSesame collects.
VIII. DATA RETENTION
OpenSesame retains personal information in production for the duration of your business relationship with OpenSesame and for up to 90 days thereafter to allow you to recover your account if you decide to renew. For more information on where and how long your personal information is stored, and for more information on your rights of erasure and portability, please contact us using the contact information provided in Section XII (Contact Information).
IX. COOKIES; LINKS
Cookies. OpenSesame may use “cookies” to recognize and count new visitors and to acquire Aggregate Information that lets OpenSesame analyze traffic patterns and tune the performance and functionality of our website and the Services. A cookie is a small text file that is placed on your device when you visit a website. It contains specific information that allows the Site to “recognize” your computer the next time you visit. The most important use for cookies is to eliminate the need for you to re-enter your information every time you visit the website. Most browsers accept cookies by default, but you can turn off cookies using your browser settings. If you turn off cookies, certain website features may no longer work or may work differently. Please note that when you accept a cookie from the website, OpenSesame does not gain access to your device or personal information other than the information you have provided to us. OpenSesame does not provide cookie information to any third party. By using our site, you agree to our use of cookies. For more details on managing cookies, check your browser's help section.
Links. The Site contains or may contain links to other web sites, including without limitation social media sites. OpenSesame is not responsible for the privacy practices or content of these other web sites. This Policy applies solely to information collected by the Site. OpenSesame encourages you to be aware when you leave the Site and to read the privacy statements of each and every web site that collects Personal Information.
X. CHILDREN’S PRIVACY
OpenSesame is committed to protecting the privacy of children. In compliance with the Children’s Online Privacy Protection Act (COPPA) and the FTC’s Rule interpreting COPPA (16 CFR § 512), our website and Services are not directed towards children under the age of 13. Furthermore, OpenSesame does not knowingly collect any Personal Information from children under 13 years of age in any manner.
XI. UPDATES TO THE PRIVACY POLICY
We reserve the right to amend this Policy at our discretion and at any time and from time to time. When we make material changes to this Policy, we will use commercially reasonable efforts to notify you; provided, however, you agree that it will be deemed commercially reasonable if OpenSesame provides you with this notice either by email or through a notice on our website homepage. You agree that your continued use of this site or of any of our Services constitutes your acceptance of these changes. Thus, you should regularly review and print this Policy for your records.
XII. CONTACT INFORMATION
If you wish to exercise your rights under this Policy, or if you have any questions, comments or concerns regarding this Policy or your experiences with the Services, please do not hesitate to get in touch with us using the details provided below.
Email: security@opensesame.com
Address: 1606 Headway Cir, Suite 9405, Austin, TX 78754, United States of America, ATTN: Legal Department
Phone: (503) 808-1268
XIII. JURISDICTION-SPECIFIC PROVISIONS
California Privacy Rights
OpenSesame is dedicated to upholding the privacy rights of California residents in compliance with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). This section details the rights afforded to California residents under these laws and explains how to exercise them.
Rights Under CCPA and CPRA:
- Right to Know: You can request disclosure of the specific pieces and categories of personal information OpenSesame has collected, used, disclosed, and sold about you in the past 12 months. We have collected the categories of personal information listed in Section II from consumers within the last twelve (12) months (California job applicants and employees click here for additional information). Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
- Right to Delete: You have the right to request the deletion of personal information collected from you, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
- Right to Correct: Under the CPRA, you have the right to request correction of inaccurate personal information held about you.
- Right to Opt-Out of Sale or Sharing: You have the right to direct us not to sell or “share” (as defined under the CCPA as amended by the CPRA) your personal information with third parties. OpenSesame does not sell or “share” personal information, but if this practice changes, we will provide a clear method for you to exercise this right.
- Right to Limit Use and Disclosure of Sensitive Personal Information: The CPRA provides you the right to limit the use and disclosure of your sensitive personal information for purposes other than those necessary to provide the goods or services you requested. OpenSesame does not knowingly collect or use sensitive personal information.
- Right to Non-Discrimination: You have the right not to be discriminated against for exercising any of your CCPA or CPRA rights. We will not discriminate against you for exercising any of your CCPA or CPRA rights. Unless permitted by the CCPA or CPRA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
Exercising Your CCPA/CPRA Rights:
- To exercise any of the above rights, please submit a verifiable consumer request to us by filling out our Data Subject Access Request Form. We may need to verify your identity before processing your request, which may require additional information from you.
- Requests can be made directly by the consumer or by an authorized agent on their behalf.
- We aim to respond to consumer requests within 45 days of receiving them. If more time is needed, we will inform you of the reason and extension period in writing.
For any inquiries or to exercise your CCPA or CPRA rights, please contact us using the contact information provided in Section XII (Contact Information).
General Data Protection Regulation (GDPR) Compliance
OpenSesame processes Personal Information in accordance with the requirements of the GDPR. OpenSesame recognizes the following rights of individuals located in the EU:
- the right to request information about whether and which personal data is processed by us, and the right to demand that personal data is rectified or amended.
- the right to request that personal data should be deleted.
- the right to demand that the processing of personal data should be restricted.
- withdraw your consent to the processing and use of your data completely or partially at any time with future application.
- have the right to obtain your personal data in a common, structured and mechanically readable format.
- contact our data protection officer if there are any questions, comments, complaints or requests in connection with our statement on data protection and the processing of your personal data.
- the right to complain to the responsible supervisory authority if believed that the processing of your personal data is in violation of the legislation.
Pursuant to Article 46 of the GDPR, OpenSesame provides appropriate safeguards through execution of Data Processing Agreements (“DPAs”) with its subprocessors and its corporate customers that have employees located in the European Union, which incorporate Standard Contractual Clauses. A list of OpenSesame’s current subprocessors and OpenSesame’s DPA are available upon request.
OpenSesame’s GDPR Representative in the EU can be contacted at:
Osano International Compliance Services Limited
ATTN: 2KSF
25/28 North Wall Quay
Dublin 1, D01 H104
IRELAND
Effective March 19th 2025 to June 13th 2025
DownloadTable of Contents
Welcome to OpenSesame! Your privacy is of paramount importance to us. This Privacy Policy (this “Policy”) outlines our practices concerning the collection, use, and disclosure of your personal information through our website, www.opensesame.com, and any related services, sales, marketing, or events (collectively referred to as the "Services"). For specific terms relating to GDPR and CCPA, see Section XIII (Jurisdiction-Specific Provisions).
I. INTRODUCTION
At OpenSesame Inc. (“OpenSesame”), we are committed to protecting your personal information and respecting your privacy in accordance with applicable state and international laws. This Policy explains how we handle personal information collected from and about our users, customers, and visitors when they use our Services, interact with us, or otherwise engage with our offerings. It is designed to inform you about our practices regarding the collection, use, and sharing of the information you provide to us or that we gather when you interact with our Services.
By accessing or using our Services, you agree to the collection and use of information in accordance with this Policy. We encourage you to read this Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, please do not use our Services. By continuing to use our Services, you are accepting and consenting to the practices described in this policy.
This Policy is a binding contract between OpenSesame and you, and is integral to our Terms and Conditions and subject to them. We may update this Policy from time to time. We encourage you to review this Policy periodically to stay informed about our policies and practices. Your continued use of our Services after any modification to this Policy will constitute your acceptance of such modifications and updates.
Who is OpenSesame?
OpenSesame is a provider of elearning and certification courses that address a broad range of business needs from management and leadership, soft skills, HR, IT and more. With over 30,000 offerings in a variety of formats and languages, we are poised to help businesses prepare their employees today and into the future. OpenSesame also offers other products and services related to elearning and skills development.
II. INFORMATION COLLECTION
OpenSesame may collect two types of information:
Aggregate Information. For purposes of this Policy, information relating to your use of the Services that is anonymous and/or aggregated (such as pages visited on the Site, browser type, referring URL, IP address) will be referred to as “Aggregate Information.” We also collect course activity data (including enrollment, launch, completion, and review data) that, when anonymized and/or aggregated (either at the time of collection or at the end of your relationship with us), will also constitute Aggregate Information. Aggregate Information is owned by us and is not connected to you or to any other personally identifiable information relating to you. If you are an Oro customer, Aggregate Information also may include anonymized and aggregate information from your Oro profile.
Personal Information. For purposes of this Policy, personally identifiable information that is connected to you or other personally identifiable information relating to you, including, but not limited to your name, billing address, payment information, or email address, will be referred to as “Personal Information.”
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from our customers. For example, information that our customers provide to us related to the Services for which they engage us.
- Indirectly from our customers. For example, through information we collect from our customers through their use of the Services.
- Directly and indirectly from activity on our website. For example, from submissions through our website portal or website usage details collected automatically.
- From third parties if you have provided your consent for such third parties to share your personal information with us
The following is a description of the categories of Personal Information that OpenSesame may collect while utilizing the Site or providing Services:
Category | Examples | Collected? | GDPR Lawful basis for processing |
Identifiers | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. | YES | Consent to processing (Article 6(1)(c)) and/or contractual necessity (Article 6(1)(b)) |
Personal information categories (as listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))) | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. | YES | Consent to processing (Article 6(1)(c)) and/or contractual necessity (Article 6(1)(b)) |
Protected classification characteristics under California or federal law | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | YES (for job applicants only) | Consent to processing (Article 6(1)(c)) |
Commercial information | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | NO | N/A |
Biometric information | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | NO | N/A |
Internet or other similar network activity | Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. | YES | Consent to processing (Article 6(1)(c)) and/or contractual necessity (Article 6(1)(b)) |
Geolocation data | Physical location or movements. | NO | N/A |
Sensory data | Audio, electronic, visual, thermal, olfactory, or similar information. | NO | N/A |
Professional or employment-related information | Current or past job history or performance evaluations. | YES (for job applicants or Oro users only) | Consent to processing (Article 6(1)(c)) and/or contractual necessity (Article 6(1)(b)) |
Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | YES (for Oro users only) | Consent to processing (Article 6(1)(c)) and/or contractual necessity (Article 6(1)(b)) |
Inferences drawn from other personal information | Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | YES (for Oro users only) | Consent to processing (Article 6(1)(c)) and/or contractual necessity (Article 6(1)(b)) |
Sensitive personal information | Government identifiers, precise geolocation, information concerning sexual orientation, racial or ethnic origin, religious or philosophical beliefs, union membership, citizenship and immigration status, and mental and physical health conditions or diagnoses. | NO | N/A |
III. USE OF INFORMATION
Aggregate Information. At OpenSesame, we utilize Aggregate Information to enhance our services and user experiences. This includes generating statistical reports to identify usage trends and service improvements. Aggregate Information, by nature, does not identify you personally; it helps us understand how our services are used collectively.
Personal Information. The Personal Information you provide enables us to offer and improve our Services tailored to your needs. This includes:
- Fulfilling requests for products and services;
- Customizing content and user experiences;
- Communicating about promotions, specials, and new products;
- Facilitating the overall use of our website and Services; or
- Carrying out any other purpose described to you at the time the Personal Information is collected.
Third-Party Interactions. OpenSesame partners with third-party service providers and advisors to assist in supporting our website and Services, including without limitation: (i) third-party service provides we use for shipping, credit card processing, and communication regarding OpenSesame's Services; and (ii) third-party advertising, marketing or analytics companies who may use your Personal Information in order to assist OpenSesame with its marketing or advertising or to otherwise provide OpenSesame with analytics services such as analyzing consumer or market trends. These partners are carefully selected and obligated to protect your information and use it solely for the purposes for which they have been engaged. When OpenSesame engages third parties such as these, OpenSesame requires that the third parties comply with this Policy and any other appropriate confidentiality and security measures. OpenSesame may also share Personal Information with any third parties in limited circumstances, including (i) when replying to requests of public authorities or any other government agencies; (ii) preventing fraud or imminent harm; and (iii) ensuring the security of OpenSesame’s network and services. We may also share your Personal Information with OpenSesame’s professional advisors such as attorneys or accountants in order to facilitate these professionals in the provision of their services to OpenSesame.
We respect your privacy rights and include provisions in this Policy for you to understand and control how your personal information is used. For detailed information on your rights and how to exercise them, please refer to Section VI (User Rights).
IV. INFORMATION SHARING AND DISCLOSURE
Personal Information. OpenSesame does not sell, rent or share personally identifiable information to or with any third party not affiliated with or owned by OpenSesame, except that you grant OpenSesame the right to disclose such information to service providers who may assist OpenSesame in providing services to you or in reporting the completion of certain types of training. No mobile information will be shared with third parties/affiliates for marketing/promotional purposes.
Aggregate Information. Aggregate information is used solely for internal purposes to help OpenSesame improve its users’ experience and to better provide its Services to you.
Disclosure to Comply With Laws or Respond to Other Requests. OpenSesame has the right to disclose an individual's personal information as deemed reasonably appropriate by OpenSesame: (i) in response to a request by any public authorities or any other government agencies, including without limitation to meet national security or law enforcement requirements or requests; (ii) to assist in replying to any other legal process, including without limitation any subpoena from any party or any order of any public authorities or other government agencies; or (iii) to assist in complying with any other laws or regulations, including without limitation, any tax reporting requirements.
Business Transition. In the event OpenSesame goes through a business transition, such as a merger, acquisition by another company, or a sale of a portion of OpenSesame’s assets, our customers’ Personal Information may be part of the assets transferred. Disclosure of users’ Personal Information in such a situation, or in contemplation of such a situation, shall be deemed consistent with this Policy. However, such a transfer may result in a change in this Policy, and you are advised and strongly encouraged to review this Policy frequently.
V. INTERNATIONAL DATA TRANSFERS
This section explains how we handle such international transfers of personal data to ensure your privacy is safeguarded in accordance with applicable data protection laws. OpenSesame is headquartered in Portland, Oregon, and processes Personal Information exclusively in the United States. Personal Information of international users will be transferred to and processed exclusively within the United States.
Data Privacy Framework Principles
EU-US and Swiss-US Data Privacy Framework Privacy Statement For EU, UK, and Swiss Individuals
OpenSesame Inc. complies with the EU-U.S. Data Privacy program Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy program Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. OpenSesame Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework program Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. OpenSesame Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework program Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
The Federal Trade Commission (FTC) has jurisdiction with enforcement authority over OpenSesame's compliance with the Data Privacy Framework. All OpenSesame employees who handle Personal Data from Europe, the UK, and Switzerland are required to comply with the Principles stated in this Policy.
A. SCOPE
This Policy applies to the processing of Individual Customer Personal Data that OpenSesame receives in the United States concerning Individual Customers who reside in the European Union, the UK, and Switzerland. OpenSesame provides products and services to businesses and consumers. This Policy does not cover data from which individual persons cannot be identified or situations in which pseudonyms are used. (The use of pseudonyms involves the replacement of names or other identifiers with substitutes so that identification of individual persons is not possible.)
B. RESPONSIBILITIES AND MANAGEMENT
OpenSesame has designated the Legal Department to oversee its information security program, including its compliance with the EU-US and Swiss-US Data Privacy Framework Principles programs The Legal Department shall review and approve any material changes to this program as necessary. Any questions, concerns, or comments regarding this Policy also may be directed to legal-notices@OpenSesame.com. OpenSesame will maintain, monitor, test, and upgrade information security policies, practices, and systems to assist in protecting the Personal Data that it collects. OpenSesame personnel will receive training, as applicable, to effectively implement this Policy. Please refer to Section VII (Data Security) for a discussion of the steps that OpenSesame has undertaken to protect Personal Data.
C. RENEWAL / VERIFICATION
OpenSesame will recertify its participation in the EU-US and Swiss-US Data Privacy Framework Principles annually, unless it subsequently determines that it no longer needs such certification or if it employs a different adequacy mechanism. Prior to the recertification, OpenSesame will conduct an in house verification to ensure that its attestations and assertions with regard to its treatment of Individual Customer Personal Data are accurate and that the company has appropriately implemented these practices. Specifically, as part of the verification process, OpenSesame will undertake the following:
- Review this Data Privacy Framework Principles policy and its publicly posted website privacy policy to ensure that these policies accurately describe the practices regarding the collection of Individual Customer Personal Data
- Ensure that the publicly posted privacy policy informs Individual EU, UK, and Swiss Customers of OpenSesame's participation in the EU-US and Swiss-US Data Privacy Framework Principles programs and where to obtain a copy of additional information (e.g., a copy of this Policy)
- Ensure that this Policy continues to comply with the Data Privacy Framework Principles
- Confirm that Individual Customers are made aware of the process for addressing complaints and any independent dispute resolution process (OpenSesame may do so through its publicly posted website, Individual Customer contract, or both)
- Review its processes and procedures for training Employees about OpenSesame's participation in the Data Privacy Framework programs and the appropriate handling of Individual's Personal Data OpenSesame will prepare an internal verification statement on an annual basis.
D. RECOURSE MECHANISM
In compliance with the EU-US Data Privacy Framework Principles and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, OpenSesame Inc. commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union, UK, and Swiss individuals with DPF inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact OpenSesame Inc. at security@opensesame.com
OpenSesame Inc. has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by JAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction
E. LIABILITY FOR ONWARD TRANSFERS
In the context of an onward transfer, OpenSesame has responsibility for the processing of personal information it receives under the Data Privacy Framework Principles and subsequently transfers to a third party acting as an agent on its behalf. OpenSesame shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless it proves that it is not responsible for the event giving rise to the damage.
VI. USER RIGHTS
When applicable, data privacy laws may provide you with certain user rights regarding your data. This section outlines these potential rights and how you can exercise these rights.
Right to Access. You may have the right to request access to the Personal Information OpenSesame holds about you. This may include the right to be informed about the nature, processing, and disclosure of your data.
Right to Rectification. If any Personal Information we hold about you is incorrect or incomplete, you may have the right to request that we correct or complete it.
Right to Erasure (‘Right to be Forgotten’). You may have the right to request the deletion or removal of Personal Information when there is no legal basis for its continued processing by OpenSesame.
Right to Restrict Processing. You may have the right to 'block' or suppress further use of your Personal Information under certain conditions. When processing is restricted, we may still store your information but will not use it further.
Right to Data Portability. You may have the right to obtain and reuse your Personal Information for your own purposes across different services in a safe and secure way, without affecting its usability.
Right to Object. You may have the right to object to the processing of your Personal Information based on legitimate interests, direct marketing (including profiling), and processing for scientific or historical research and statistics.
Rights in relation to Automated Decision Making and Profiling. You may have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
VII. DATA SECURITY
OpenSesame takes commercially reasonable precautions to protect your Personal Information. However, given the nature of the Internet and the fact that network security measures are not infallible, OpenSesame cannot guarantee the security of Personal Information submitted through the Site. OpenSesame also takes commercially reasonable offline efforts to protect your Personal Information. OpenSesame also makes commercially reasonable efforts to restrict access to Personal Information to employees who need the information to perform a specific job. OpenSesame maintains commercially reasonable physical, electronic and managerial procedures to safeguard the Personal Information OpenSesame collects.
VIII. DATA RETENTION
OpenSesame retains personal information in production for the duration of your business relationship with OpenSesame and for up to 90 days thereafter to allow you to recover your account if you decide to renew. For more information on where and how long your personal information is stored, and for more information on your rights of erasure and portability, please contact us using the contact information provided in Section XII (Contact Information).
IX. COOKIES; LINKS
Cookies. OpenSesame may use “cookies” to recognize and count new visitors and to acquire Aggregate Information that lets OpenSesame analyze traffic patterns and tune the performance and functionality of our website and the Services. A cookie is a small text file that is placed on your device when you visit a website. It contains specific information that allows the Site to “recognize” your computer the next time you visit. The most important use for cookies is to eliminate the need for you to re-enter your information every time you visit the website. Most browsers accept cookies by default, but you can turn off cookies using your browser settings. If you turn off cookies, certain website features may no longer work or may work differently. Please note that when you accept a cookie from the website, OpenSesame does not gain access to your device or personal information other than the information you have provided to us. OpenSesame does not provide cookie information to any third party. By using our site, you agree to our use of cookies. For more details on managing cookies, check your browser's help section.
Links. The Site contains or may contain links to other web sites, including without limitation social media sites. OpenSesame is not responsible for the privacy practices or content of these other web sites. This Policy applies solely to information collected by the Site. OpenSesame encourages you to be aware when you leave the Site and to read the privacy statements of each and every web site that collects Personal Information.
X. CHILDREN’S PRIVACY
OpenSesame is committed to protecting the privacy of children. In compliance with the Children’s Online Privacy Protection Act (COPPA) and the FTC’s Rule interpreting COPPA (16 CFR § 512), our website and Services are not directed towards children under the age of 13. Furthermore, OpenSesame does not knowingly collect any Personal Information from children under 13 years of age in any manner.
XI. UPDATES TO THE PRIVACY POLICY
We reserve the right to amend this Policy at our discretion and at any time and from time to time. When we make material changes to this Policy, we will use commercially reasonable efforts to notify you; provided, however, you agree that it will be deemed commercially reasonable if OpenSesame provides you with this notice either by email or through a notice on our website homepage. You agree that your continued use of this site or of any of our Services constitutes your acceptance of these changes. Thus, you should regularly review and print this Policy for your records.
XII. CONTACT INFORMATION
If you wish to exercise your rights under this Policy, or if you have any questions, comments or concerns regarding this Policy or your experiences with the Services, please do not hesitate to get in touch with us using the details provided below.
Email: security@opensesame.com
Address: 1629 SW Salmon Street, Portland, OR 97205, United States of America, ATTN: Legal Department
Phone: (503) 808-1268
XIII. JURISDICTION-SPECIFIC PROVISIONS
California Privacy Rights
OpenSesame is dedicated to upholding the privacy rights of California residents in compliance with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). This section details the rights afforded to California residents under these laws and explains how to exercise them.
Rights Under CCPA and CPRA:
- Right to Know: You can request disclosure of the specific pieces and categories of personal information OpenSesame has collected, used, disclosed, and sold about you in the past 12 months. We have collected the categories of personal information listed in Section II from consumers within the last twelve (12) months (California job applicants and employees click here for additional information). Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
- Right to Delete: You have the right to request the deletion of personal information collected from you, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
- Right to Correct: Under the CPRA, you have the right to request correction of inaccurate personal information held about you.
- Right to Opt-Out of Sale or Sharing: You have the right to direct us not to sell or “share” (as defined under the CCPA as amended by the CPRA) your personal information with third parties. OpenSesame does not sell or “share” personal information, but if this practice changes, we will provide a clear method for you to exercise this right.
- Right to Limit Use and Disclosure of Sensitive Personal Information: The CPRA provides you the right to limit the use and disclosure of your sensitive personal information for purposes other than those necessary to provide the goods or services you requested. OpenSesame does not knowingly collect or use sensitive personal information.
- Right to Non-Discrimination: You have the right not to be discriminated against for exercising any of your CCPA or CPRA rights. We will not discriminate against you for exercising any of your CCPA or CPRA rights. Unless permitted by the CCPA or CPRA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
Exercising Your CCPA/CPRA Rights:
- To exercise any of the above rights, please submit a verifiable consumer request to us by filling out our Data Subject Access Request Form. We may need to verify your identity before processing your request, which may require additional information from you.
- Requests can be made directly by the consumer or by an authorized agent on their behalf.
- We aim to respond to consumer requests within 45 days of receiving them. If more time is needed, we will inform you of the reason and extension period in writing.
For any inquiries or to exercise your CCPA or CPRA rights, please contact us using the contact information provided in Section XII (Contact Information).
General Data Protection Regulation (GDPR) Compliance
OpenSesame processes Personal Information in accordance with the requirements of the GDPR. OpenSesame recognizes the following rights of individuals located in the EU:
- the right to request information about whether and which personal data is processed by us, and the right to demand that personal data is rectified or amended.
- the right to request that personal data should be deleted.
- the right to demand that the processing of personal data should be restricted.
- withdraw your consent to the processing and use of your data completely or partially at any time with future application.
- have the right to obtain your personal data in a common, structured and mechanically readable format.
- contact our data protection officer if there are any questions, comments, complaints or requests in connection with our statement on data protection and the processing of your personal data.
- the right to complain to the responsible supervisory authority if believed that the processing of your personal data is in violation of the legislation.
Pursuant to Article 46 of the GDPR, OpenSesame provides appropriate safeguards through execution of Data Processing Agreements (“DPAs”) with its subprocessors and its corporate customers that have employees located in the European Union, which incorporate Standard Contractual Clauses. A list of OpenSesame’s current subprocessors and OpenSesame’s DPA are available upon request.
OpenSesame’s GDPR Representative in the EU can be contacted at:
Osano International Compliance Services Limited
ATTN: 2KSF
25/28 North Wall Quay
Dublin 1, D01 H104
IRELAND
Effective February 14th 2025 to March 19th 2025
DownloadTable of Contents
Effective Date: 5 February 2024
Welcome to OpenSesame! Your privacy is of paramount importance to us. This Privacy Policy (this “Policy”) outlines our practices concerning the collection, use, and disclosure of your personal information through our website, www.opensesame.com, and any related services, sales, marketing, or events (collectively referred to as the "Services"). For specific terms relating to GDPR and CCPA, see Section XIII (Jurisdiction-Specific Provisions).
I. INTRODUCTION
At OpenSesame Inc. (“OpenSesame”), we are committed to protecting your personal information and respecting your privacy in accordance with applicable state and international laws. This Policy explains how we handle personal information collected from and about our users, customers, and visitors when they use our Services, interact with us, or otherwise engage with our offerings. It is designed to inform you about our practices regarding the collection, use, and sharing of the information you provide to us or that we gather when you interact with our Services.
By accessing or using our Services, you agree to the collection and use of information in accordance with this Policy. We encourage you to read this Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, please do not use our Services. By continuing to use our Services, you are accepting and consenting to the practices described in this policy.
This Policy is a binding contract between OpenSesame and you, and is integral to our Terms and Conditions and subject to them. We may update this Policy from time to time. We encourage you to review this Policy periodically to stay informed about our policies and practices. Your continued use of our Services after any modification to this Policy will constitute your acceptance of such modifications and updates.
Who is OpenSesame?
OpenSesame is a provider of elearning and certification courses that address a broad range of business needs from management and leadership, soft skills, HR, IT and more. With over 30,000 offerings in a variety of formats and languages, we are poised to help businesses prepare their employees today and into the future. OpenSesame also offers other products and services related to elearning and skills development.
II. INFORMATION COLLECTION
OpenSesame may collect two types of information:
Aggregate Information. For purposes of this Policy, information relating to your use of the Services that is anonymous and/or aggregated (such as pages visited on the Site, browser type, referring URL, IP address) will be referred to as “Aggregate Information.” We also collect course activity data (including enrollment, launch, completion, and review data) that, when anonymized and/or aggregated (either at the time of collection or at the end of your relationship with us), will also constitute Aggregate Information. Aggregate Information is owned by us and is not connected to you or to any other personally identifiable information relating to you. If you are an Oro customer, Aggregate Information also may include anonymized and aggregate information from your Oro profile.
Personal Information. For purposes of this Policy, personally identifiable information that is connected to you or other personally identifiable information relating to you, including, but not limited to your name, billing address, payment information, or email address, will be referred to as “Personal Information.”
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from our customers. For example, information that our customers provide to us related to the Services for which they engage us.
- Indirectly from our customers. For example, through information we collect from our customers through their use of the Services.
- Directly and indirectly from activity on our website. For example, from submissions through our website portal or website usage details collected automatically.
- From third parties if you have provided your consent for such third parties to share your personal information with us
The following is a description of the categories of Personal Information that OpenSesame may collect while utilizing the Site or providing Services:
Category | Examples | Collected? | GDPR Lawful basis for processing |
Identifiers | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. | YES | Consent to processing (Article 6(1)(c)) and/or contractual necessity (Article 6(1)(b)) |
Personal information categories (as listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))) | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. | YES | Consent to processing (Article 6(1)(c)) and/or contractual necessity (Article 6(1)(b)) |
Protected classification characteristics under California or federal law | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | YES (for job applicants only) | Consent to processing (Article 6(1)(c)) |
Commercial information | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | NO | N/A |
Biometric information | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | NO | N/A |
Internet or other similar network activity | Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. | YES | Consent to processing (Article 6(1)(c)) and/or contractual necessity (Article 6(1)(b)) |
Geolocation data | Physical location or movements. | NO | N/A |
Sensory data | Audio, electronic, visual, thermal, olfactory, or similar information. | NO | N/A |
Professional or employment-related information | Current or past job history or performance evaluations. | YES (for job applicants or Oro users only) | Consent to processing (Article 6(1)(c)) and/or contractual necessity (Article 6(1)(b)) |
Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | YES (for Oro users only) | Consent to processing (Article 6(1)(c)) and/or contractual necessity (Article 6(1)(b)) |
Inferences drawn from other personal information | Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | YES (for Oro users only) | Consent to processing (Article 6(1)(c)) and/or contractual necessity (Article 6(1)(b)) |
Sensitive personal information | Government identifiers, precise geolocation, information concerning sexual orientation, racial or ethnic origin, religious or philosophical beliefs, union membership, citizenship and immigration status, and mental and physical health conditions or diagnoses. | NO | N/A |
III. USE OF INFORMATION
Aggregate Information. At OpenSesame, we utilize Aggregate Information to enhance our services and user experiences. This includes generating statistical reports to identify usage trends and service improvements. Aggregate Information, by nature, does not identify you personally; it helps us understand how our services are used collectively.
Personal Information. The Personal Information you provide enables us to offer and improve our Services tailored to your needs. This includes:
- Fulfilling requests for products and services;
- Customizing content and user experiences;
- Communicating about promotions, specials, and new products;
- Facilitating the overall use of our website and Services; or
- Carrying out any other purpose described to you at the time the Personal Information is collected.
Third-Party Interactions. OpenSesame partners with third-party service providers and advisors to assist in supporting our website and Services, including without limitation: (i) third-party service provides we use for shipping, credit card processing, and communication regarding OpenSesame's Services; and (ii) third-party advertising, marketing or analytics companies who may use your Personal Information in order to assist OpenSesame with its marketing or advertising or to otherwise provide OpenSesame with analytics services such as analyzing consumer or market trends. These partners are carefully selected and obligated to protect your information and use it solely for the purposes for which they have been engaged. When OpenSesame engages third parties such as these, OpenSesame requires that the third parties comply with this Policy and any other appropriate confidentiality and security measures. OpenSesame may also share Personal Information with any third parties in limited circumstances, including (i) when replying to requests of public authorities or any other government agencies; (ii) preventing fraud or imminent harm; and (iii) ensuring the security of OpenSesame’s network and services. We may also share your Personal Information with OpenSesame’s professional advisors such as attorneys or accountants in order to facilitate these professionals in the provision of their services to OpenSesame.
We respect your privacy rights and include provisions in this Policy for you to understand and control how your personal information is used. For detailed information on your rights and how to exercise them, please refer to Section VI (User Rights).
IV. INFORMATION SHARING AND DISCLOSURE
Personal Information. OpenSesame does not sell, rent or share personally identifiable information to or with any third party not affiliated with or owned by OpenSesame, except that you grant OpenSesame the right to disclose such information to service providers who may assist OpenSesame in providing services to you or in reporting the completion of certain types of training. No mobile information will be shared with third parties/affiliates for marketing/promotional purposes.
Aggregate Information. Aggregate information is used solely for internal purposes to help OpenSesame improve its users’ experience and to better provide its Services to you.
Disclosure to Comply With Laws or Respond to Other Requests. OpenSesame has the right to disclose an individual's personal information as deemed reasonably appropriate by OpenSesame: (i) in response to a request by any public authorities or any other government agencies, including without limitation to meet national security or law enforcement requirements or requests; (ii) to assist in replying to any other legal process, including without limitation any subpoena from any party or any order of any public authorities or other government agencies; or (iii) to assist in complying with any other laws or regulations, including without limitation, any tax reporting requirements.
Business Transition. In the event OpenSesame goes through a business transition, such as a merger, acquisition by another company, or a sale of a portion of OpenSesame’s assets, our customers’ Personal Information may be part of the assets transferred. Disclosure of users’ Personal Information in such a situation, or in contemplation of such a situation, shall be deemed consistent with this Policy. However, such a transfer may result in a change in this Policy, and you are advised and strongly encouraged to review this Policy frequently.
V. INTERNATIONAL DATA TRANSFERS
This section explains how we handle such international transfers of personal data to ensure your privacy is safeguarded in accordance with applicable data protection laws. OpenSesame is headquartered in Portland, Oregon, and processes Personal Information exclusively in the United States. Personal Information of international users will be transferred to and processed exclusively within the United States.
Data Privacy Framework Principles
EU-US and Swiss-US Data Privacy Framework Privacy Statement For EU, UK, and Swiss Individuals
OpenSesame Inc. complies with the EU-U.S. Data Privacy program Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy program Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. OpenSesame Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework program Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. OpenSesame Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework program Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
The Federal Trade Commission (FTC) has jurisdiction with enforcement authority over OpenSesame's compliance with the Data Privacy Framework. All OpenSesame employees who handle Personal Data from Europe, the UK, and Switzerland are required to comply with the Principles stated in this Policy.
A. SCOPE
This Policy applies to the processing of Individual Customer Personal Data that OpenSesame receives in the United States concerning Individual Customers who reside in the European Union, the UK, and Switzerland. OpenSesame provides products and services to businesses and consumers. This Policy does not cover data from which individual persons cannot be identified or situations in which pseudonyms are used. (The use of pseudonyms involves the replacement of names or other identifiers with substitutes so that identification of individual persons is not possible.)
B. RESPONSIBILITIES AND MANAGEMENT
OpenSesame has designated the Legal Department to oversee its information security program, including its compliance with the EU-US and Swiss-US Data Privacy Framework Principles programs The Legal Department shall review and approve any material changes to this program as necessary. Any questions, concerns, or comments regarding this Policy also may be directed to legal-notices@OpenSesame.com. OpenSesame will maintain, monitor, test, and upgrade information security policies, practices, and systems to assist in protecting the Personal Data that it collects. OpenSesame personnel will receive training, as applicable, to effectively implement this Policy. Please refer to Section VII (Data Security) for a discussion of the steps that OpenSesame has undertaken to protect Personal Data.
C. RENEWAL / VERIFICATION
OpenSesame will recertify its participation in the EU-US and Swiss-US Data Privacy Framework Principles annually, unless it subsequently determines that it no longer needs such certification or if it employs a different adequacy mechanism. Prior to the recertification, OpenSesame will conduct an in house verification to ensure that its attestations and assertions with regard to its treatment of Individual Customer Personal Data are accurate and that the company has appropriately implemented these practices. Specifically, as part of the verification process, OpenSesame will undertake the following:
- Review this Data Privacy Framework Principles policy and its publicly posted website privacy policy to ensure that these policies accurately describe the practices regarding the collection of Individual Customer Personal Data
- Ensure that the publicly posted privacy policy informs Individual EU, UK, and Swiss Customers of OpenSesame's participation in the EU-US and Swiss-US Data Privacy Framework Principles programs and where to obtain a copy of additional information (e.g., a copy of this Policy)
- Ensure that this Policy continues to comply with the Data Privacy Framework Principles
- Confirm that Individual Customers are made aware of the process for addressing complaints and any independent dispute resolution process (OpenSesame may do so through its publicly posted website, Individual Customer contract, or both)
- Review its processes and procedures for training Employees about OpenSesame's participation in the Data Privacy Framework programs and the appropriate handling of Individual's Personal Data OpenSesame will prepare an internal verification statement on an annual basis.
D. RECOURSE MECHANISM
In compliance with the EU-US Data Privacy Framework Principles and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, OpenSesame Inc. commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union, UK, and Swiss individuals with DPF inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact OpenSesame Inc. at security@opensesame.com
OpenSesame Inc. has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction
E. LIABILITY FOR ONWARD TRANSFERS
In the context of an onward transfer, OpenSesame has responsibility for the processing of personal information it receives under the Data Privacy Framework Principles and subsequently transfers to a third party acting as an agent on its behalf. OpenSesame shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless it proves that it is not responsible for the event giving rise to the damage.
VI. USER RIGHTS
When applicable, data privacy laws may provide you with certain user rights regarding your data. This section outlines these potential rights and how you can exercise these rights.
Right to Access. You may have the right to request access to the Personal Information OpenSesame holds about you. This may include the right to be informed about the nature, processing, and disclosure of your data.
Right to Rectification. If any Personal Information we hold about you is incorrect or incomplete, you may have the right to request that we correct or complete it.
Right to Erasure (‘Right to be Forgotten’). You may have the right to request the deletion or removal of Personal Information when there is no legal basis for its continued processing by OpenSesame.
Right to Restrict Processing. You may have the right to 'block' or suppress further use of your Personal Information under certain conditions. When processing is restricted, we may still store your information but will not use it further.
Right to Data Portability. You may have the right to obtain and reuse your Personal Information for your own purposes across different services in a safe and secure way, without affecting its usability.
Right to Object. You may have the right to object to the processing of your Personal Information based on legitimate interests, direct marketing (including profiling), and processing for scientific or historical research and statistics.
Rights in relation to Automated Decision Making and Profiling. You may have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
VII. DATA SECURITY
OpenSesame takes commercially reasonable precautions to protect your Personal Information. However, given the nature of the Internet and the fact that network security measures are not infallible, OpenSesame cannot guarantee the security of Personal Information submitted through the Site. OpenSesame also takes commercially reasonable offline efforts to protect your Personal Information. OpenSesame also makes commercially reasonable efforts to restrict access to Personal Information to employees who need the information to perform a specific job. OpenSesame maintains commercially reasonable physical, electronic and managerial procedures to safeguard the Personal Information OpenSesame collects.
VIII. DATA RETENTION
OpenSesame retains personal information in production for the duration of your business relationship with OpenSesame and for up to 90 days thereafter to allow you to recover your account if you decide to renew. For more information on where and how long your personal information is stored, and for more information on your rights of erasure and portability, please contact us using the contact information provided in Section XII (Contact Information).
IX. COOKIES; LINKS
Cookies. OpenSesame may use “cookies” to recognize and count new visitors and to acquire Aggregate Information that lets OpenSesame analyze traffic patterns and tune the performance and functionality of our website and the Services. A cookie is a small text file that is placed on your device when you visit a website. It contains specific information that allows the Site to “recognize” your computer the next time you visit. The most important use for cookies is to eliminate the need for you to re-enter your information every time you visit the website. Most browsers accept cookies by default, but you can turn off cookies using your browser settings. If you turn off cookies, certain website features may no longer work or may work differently. Please note that when you accept a cookie from the website, OpenSesame does not gain access to your device or personal information other than the information you have provided to us. OpenSesame does not provide cookie information to any third party. By using our site, you agree to our use of cookies. For more details on managing cookies, check your browser's help section.
Links. The Site contains or may contain links to other web sites, including without limitation social media sites. OpenSesame is not responsible for the privacy practices or content of these other web sites. This Policy applies solely to information collected by the Site. OpenSesame encourages you to be aware when you leave the Site and to read the privacy statements of each and every web site that collects Personal Information.
X. CHILDREN’S PRIVACY
OpenSesame is committed to protecting the privacy of children. In compliance with the Children’s Online Privacy Protection Act (COPPA) and the FTC’s Rule interpreting COPPA (16 CFR § 512), our website and Services are not directed towards children under the age of 13. Furthermore, OpenSesame does not knowingly collect any Personal Information from children under 13 years of age in any manner.
XI. UPDATES TO THE PRIVACY POLICY
We reserve the right to amend this Policy at our discretion and at any time and from time to time. When we make material changes to this Policy, we will use commercially reasonable efforts to notify you; provided, however, you agree that it will be deemed commercially reasonable if OpenSesame provides you with this notice either by email or through a notice on our website homepage. You agree that your continued use of this site or of any of our Services constitutes your acceptance of these changes. Thus, you should regularly review and print this Policy for your records.
XII. CONTACT INFORMATION
If you wish to exercise your rights under this Policy, or if you have any questions, comments or concerns regarding this Policy or your experiences with the Services, please do not hesitate to get in touch with us using the details provided below.
Email: security@opensesame.com
Address: 1629 SW Salmon Street, Portland, OR 97205, United States of America, ATTN: Legal Department
Phone: (503) 808-1268
XIII. JURISDICTION-SPECIFIC PROVISIONS
California Privacy Rights
OpenSesame is dedicated to upholding the privacy rights of California residents in compliance with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). This section details the rights afforded to California residents under these laws and explains how to exercise them.
Rights Under CCPA and CPRA:
- Right to Know: You can request disclosure of the specific pieces and categories of personal information OpenSesame has collected, used, disclosed, and sold about you in the past 12 months. We have collected the categories of personal information listed in Section II from consumers within the last twelve (12) months (California job applicants and employees click here for additional information). Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
- Right to Delete: You have the right to request the deletion of personal information collected from you, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
- Right to Correct: Under the CPRA, you have the right to request correction of inaccurate personal information held about you.
- Right to Opt-Out of Sale or Sharing: You have the right to direct us not to sell or “share” (as defined under the CCPA as amended by the CPRA) your personal information with third parties. OpenSesame does not sell or “share” personal information, but if this practice changes, we will provide a clear method for you to exercise this right.
- Right to Limit Use and Disclosure of Sensitive Personal Information: The CPRA provides you the right to limit the use and disclosure of your sensitive personal information for purposes other than those necessary to provide the goods or services you requested. OpenSesame does not knowingly collect or use sensitive personal information.
- Right to Non-Discrimination: You have the right not to be discriminated against for exercising any of your CCPA or CPRA rights. We will not discriminate against you for exercising any of your CCPA or CPRA rights. Unless permitted by the CCPA or CPRA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
Exercising Your CCPA/CPRA Rights:
- To exercise any of the above rights, please submit a verifiable consumer request to us by filling out our Data Subject Access Request Form. We may need to verify your identity before processing your request, which may require additional information from you.
- Requests can be made directly by the consumer or by an authorized agent on their behalf.
- We aim to respond to consumer requests within 45 days of receiving them. If more time is needed, we will inform you of the reason and extension period in writing.
For any inquiries or to exercise your CCPA or CPRA rights, please contact us using the contact information provided in Section XII (Contact Information).
General Data Protection Regulation (GDPR) Compliance
OpenSesame processes Personal Information in accordance with the requirements of the GDPR. OpenSesame recognizes the following rights of individuals located in the EU:
- the right to request information about whether and which personal data is processed by us, and the right to demand that personal data is rectified or amended.
- the right to request that personal data should be deleted.
- the right to demand that the processing of personal data should be restricted.
- withdraw your consent to the processing and use of your data completely or partially at any time with future application.
- have the right to obtain your personal data in a common, structured and mechanically readable format.
- contact our data protection officer if there are any questions, comments, complaints or requests in connection with our statement on data protection and the processing of your personal data.
- the right to complain to the responsible supervisory authority if believed that the processing of your personal data is in violation of the legislation.
Pursuant to Article 46 of the GDPR, OpenSesame provides appropriate safeguards through execution of Data Processing Agreements (“DPAs”) with its subprocessors and its corporate customers that have employees located in the European Union, which incorporate Standard Contractual Clauses. A list of OpenSesame’s current subprocessors and OpenSesame’s DPA are available upon request.
OpenSesame’s GDPR Representative in the EU can be contacted at:
Osano International Compliance Services Limited
ATTN: 2KSF
25/28 North Wall Quay
Dublin 1, D01 H104
IRELAND
Effective January 6th 2025 to February 14th 2025
DownloadTable of Contents
Effective Date: 27 September 2024
Welcome to OpenSesame! Your privacy is of paramount importance to us. This Privacy Policy (this “Policy”) outlines our practices concerning the collection, use, and disclosure of your personal information through our website, www.opensesame.com, and any related services, sales, marketing, or events (collectively referred to as the "Services"). For specific terms relating to GDPR and CCPA, see Section XIII (Jurisdiction-Specific Provisions).
I. INTRODUCTION
At OpenSesame Inc. (“OpenSesame”), we are committed to protecting your personal information and respecting your privacy in accordance with applicable state and international laws. This Policy explains how we handle personal information collected from and about our users, customers, and visitors when they use our Services, interact with us, or otherwise engage with our offerings. It is designed to inform you about our practices regarding the collection, use, and sharing of the information you provide to us or that we gather when you interact with our Services.
By accessing or using our Services, you agree to the collection and use of information in accordance with this Policy. We encourage you to read this Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, please do not use our Services. By continuing to use our Services, you are accepting and consenting to the practices described in this policy.
This Policy is a binding contract between OpenSesame and you, and is integral to our Terms and Conditions and subject to them. We may update this Policy from time to time. We encourage you to review this Policy periodically to stay informed about our policies and practices. Your continued use of our Services after any modification to this Policy will constitute your acceptance of such modifications and updates.
Who is OpenSesame?
OpenSesame is a provider of elearning and certification courses that address a broad range of business needs from management and leadership, soft skills, HR, IT and more. With over 30,000 offerings in a variety of formats and languages, we are poised to help businesses prepare their employees today and into the future. OpenSesame also offers other products and services related to elearning and skills development.
II. INFORMATION COLLECTION
OpenSesame may collect two types of information:
Aggregate Information. For purposes of this Policy, information relating to your use of the Services that is anonymous and/or aggregated (such as pages visited on the Site, browser type, referring URL, IP address) will be referred to as “Aggregate Information.” We also collect course activity data (including enrollment, launch, completion, and review data) that, when anonymized and/or aggregated (either at the time of collection or at the end of your relationship with us), will also constitute Aggregate Information. Aggregate Information is owned by us and is not connected to you or to any other personally identifiable information relating to you. If you are an Oro customer, Aggregate Information also may include anonymized and aggregate information from your Oro profile.
Personal Information. For purposes of this Policy, personally identifiable information that is connected to you or other personally identifiable information relating to you, including, but not limited to your name, billing address, payment information, or email address, will be referred to as “Personal Information.”
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from our customers. For example, information that our customers provide to us related to the Services for which they engage us.
- Indirectly from our customers. For example, through information we collect from our customers through their use of the Services.
- Directly and indirectly from activity on our website. For example, from submissions through our website portal or website usage details collected automatically.
- From third parties if you have provided your consent for such third parties to share your personal information with us
The following is a description of the categories of Personal Information that OpenSesame may collect while utilizing the Site or providing Services:
Category | Examples | Collected? | GDPR Lawful basis for processing |
Identifiers | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. | YES | Consent to processing (Article 6(1)(c)) and/or contractual necessity (Article 6(1)(b)) |
Personal information categories (as listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))) | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. | YES | Consent to processing (Article 6(1)(c)) and/or contractual necessity (Article 6(1)(b)) |
Protected classification characteristics under California or federal law | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | YES (for job applicants only) | Consent to processing (Article 6(1)(c)) |
Commercial information | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | NO | N/A |
Biometric information | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | NO | N/A |
Internet or other similar network activity | Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. | YES | Consent to processing (Article 6(1)(c)) and/or contractual necessity (Article 6(1)(b)) |
Geolocation data | Physical location or movements. | NO | N/A |
Sensory data | Audio, electronic, visual, thermal, olfactory, or similar information. | NO | N/A |
Professional or employment-related information | Current or past job history or performance evaluations. | YES (for job applicants or Oro users only) | Consent to processing (Article 6(1)(c)) and/or contractual necessity (Article 6(1)(b)) |
Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | YES (for Oro users only) | Consent to processing (Article 6(1)(c)) and/or contractual necessity (Article 6(1)(b)) |
Inferences drawn from other personal information | Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | YES (for Oro users only) | Consent to processing (Article 6(1)(c)) and/or contractual necessity (Article 6(1)(b)) |
Sensitive personal information | Government identifiers, precise geolocation, information concerning sexual orientation, racial or ethnic origin, religious or philosophical beliefs, union membership, citizenship and immigration status, and mental and physical health conditions or diagnoses. | NO | N/A |
III. USE OF INFORMATION
Aggregate Information. At OpenSesame, we utilize Aggregate Information to enhance our services and user experiences. This includes generating statistical reports to identify usage trends and service improvements. Aggregate Information, by nature, does not identify you personally; it helps us understand how our services are used collectively.
Personal Information. The Personal Information you provide enables us to offer and improve our Services tailored to your needs. This includes:
- Fulfilling requests for products and services;
- Customizing content and user experiences;
- Communicating about promotions, specials, and new products;
- Facilitating the overall use of our website and Services; or
- Carrying out any other purpose described to you at the time the Personal Information is collected.
Third-Party Interactions. OpenSesame partners with third-party service providers and advisors to assist in supporting our website and Services, including without limitation: (i) third-party service provides we use for shipping, credit card processing, and communication regarding OpenSesame's Services; and (ii) third-party advertising, marketing or analytics companies who may use your Personal Information in order to assist OpenSesame with its marketing or advertising or to otherwise provide OpenSesame with analytics services such as analyzing consumer or market trends. These partners are carefully selected and obligated to protect your information and use it solely for the purposes for which they have been engaged. When OpenSesame engages third parties such as these, OpenSesame requires that the third parties comply with this Policy and any other appropriate confidentiality and security measures. OpenSesame may also share Personal Information with any third parties in limited circumstances, including (i) when replying to requests of public authorities or any other government agencies; (ii) preventing fraud or imminent harm; and (iii) ensuring the security of OpenSesame’s network and services. We may also share your Personal Information with OpenSesame’s professional advisors such as attorneys or accountants in order to facilitate these professionals in the provision of their services to OpenSesame.
We respect your privacy rights and include provisions in this Policy for you to understand and control how your personal information is used. For detailed information on your rights and how to exercise them, please refer to Section VI (User Rights).
IV. INFORMATION SHARING AND DISCLOSURE
Personal Information. OpenSesame does not sell, rent or share personally identifiable information to or with any third party not affiliated with or owned by OpenSesame, except that you grant OpenSesame the right to disclose such information to service providers who may assist OpenSesame in providing services to you or in reporting the completion of certain types of training.
Aggregate Information. Aggregate information is used solely for internal purposes to help OpenSesame improve its users’ experience and to better provide its Services to you.
Disclosure to Comply With Laws or Respond to Other Requests. OpenSesame has the right to disclose an individual's personal information as deemed reasonably appropriate by OpenSesame: (i) in response to a request by any public authorities or any other government agencies, including without limitation to meet national security or law enforcement requirements or requests; (ii) to assist in replying to any other legal process, including without limitation any subpoena from any party or any order of any public authorities or other government agencies; or (iii) to assist in complying with any other laws or regulations, including without limitation, any tax reporting requirements.
Business Transition. In the event OpenSesame goes through a business transition, such as a merger, acquisition by another company, or a sale of a portion of OpenSesame’s assets, our customers’ Personal Information may be part of the assets transferred. Disclosure of users’ Personal Information in such a situation, or in contemplation of such a situation, shall be deemed consistent with this Policy. However, such a transfer may result in a change in this Policy, and you are advised and strongly encouraged to review this Policy frequently.
V. INTERNATIONAL DATA TRANSFERS
This section explains how we handle such international transfers of personal data to ensure your privacy is safeguarded in accordance with applicable data protection laws. OpenSesame is headquartered in Portland, Oregon, and processes Personal Information exclusively in the United States. Personal Information of international users will be transferred to and processed exclusively within the United States.
Data Privacy Framework Principles
EU-US and Swiss-US Data Privacy Framework Privacy Statement For EU, UK, and Swiss Individuals
OpenSesame Inc. complies with the EU-U.S. Data Privacy program Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy program Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. OpenSesame Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework program Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. OpenSesame Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework program Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
The Federal Trade Commission (FTC) has jurisdiction with enforcement authority over OpenSesame's compliance with the Data Privacy Framework. All OpenSesame employees who handle Personal Data from Europe, the UK, and Switzerland are required to comply with the Principles stated in this Policy.
A. SCOPE
This Policy applies to the processing of Individual Customer Personal Data that OpenSesame receives in the United States concerning Individual Customers who reside in the European Union, the UK, and Switzerland. OpenSesame provides products and services to businesses and consumers. This Policy does not cover data from which individual persons cannot be identified or situations in which pseudonyms are used. (The use of pseudonyms involves the replacement of names or other identifiers with substitutes so that identification of individual persons is not possible.)
B. RESPONSIBILITIES AND MANAGEMENT
OpenSesame has designated the Legal Department to oversee its information security program, including its compliance with the EU-US and Swiss-US Data Privacy Framework Principles programs The Legal Department shall review and approve any material changes to this program as necessary. Any questions, concerns, or comments regarding this Policy also may be directed to legal-notices@OpenSesame.com. OpenSesame will maintain, monitor, test, and upgrade information security policies, practices, and systems to assist in protecting the Personal Data that it collects. OpenSesame personnel will receive training, as applicable, to effectively implement this Policy. Please refer to Section VII (Data Security) for a discussion of the steps that OpenSesame has undertaken to protect Personal Data.
C. RENEWAL / VERIFICATION
OpenSesame will recertify its participation in the EU-US and Swiss-US Data Privacy Framework Principles annually, unless it subsequently determines that it no longer needs such certification or if it employs a different adequacy mechanism. Prior to the recertification, OpenSesame will conduct an in house verification to ensure that its attestations and assertions with regard to its treatment of Individual Customer Personal Data are accurate and that the company has appropriately implemented these practices. Specifically, as part of the verification process, OpenSesame will undertake the following:
- Review this Data Privacy Framework Principles policy and its publicly posted website privacy policy to ensure that these policies accurately describe the practices regarding the collection of Individual Customer Personal Data
- Ensure that the publicly posted privacy policy informs Individual EU, UK, and Swiss Customers of OpenSesame's participation in the EU-US and Swiss-US Data Privacy Framework Principles programs and where to obtain a copy of additional information (e.g., a copy of this Policy)
- Ensure that this Policy continues to comply with the Data Privacy Framework Principles
- Confirm that Individual Customers are made aware of the process for addressing complaints and any independent dispute resolution process (OpenSesame may do so through its publicly posted website, Individual Customer contract, or both)
- Review its processes and procedures for training Employees about OpenSesame's participation in the Data Privacy Framework programs and the appropriate handling of Individual's Personal Data OpenSesame will prepare an internal verification statement on an annual basis.
D. RECOURSE MECHANISM
In compliance with the EU-US Data Privacy Framework Principles and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, OpenSesame Inc. commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union, UK, and Swiss individuals with DPF inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact OpenSesame Inc. at security@opensesame.com
OpenSesame Inc. has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction
E. LIABILITY FOR ONWARD TRANSFERS
In the context of an onward transfer, OpenSesame has responsibility for the processing of personal information it receives under the Data Privacy Framework Principles and subsequently transfers to a third party acting as an agent on its behalf. OpenSesame shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless it proves that it is not responsible for the event giving rise to the damage.
VI. USER RIGHTS
When applicable, data privacy laws may provide you with certain user rights regarding your data. This section outlines these potential rights and how you can exercise these rights.
Right to Access. You may have the right to request access to the Personal Information OpenSesame holds about you. This may include the right to be informed about the nature, processing, and disclosure of your data.
Right to Rectification. If any Personal Information we hold about you is incorrect or incomplete, you may have the right to request that we correct or complete it.
Right to Erasure (‘Right to be Forgotten’). You may have the right to request the deletion or removal of Personal Information when there is no legal basis for its continued processing by OpenSesame.
Right to Restrict Processing. You may have the right to 'block' or suppress further use of your Personal Information under certain conditions. When processing is restricted, we may still store your information but will not use it further.
Right to Data Portability. You may have the right to obtain and reuse your Personal Information for your own purposes across different services in a safe and secure way, without affecting its usability.
Right to Object. You may have the right to object to the processing of your Personal Information based on legitimate interests, direct marketing (including profiling), and processing for scientific or historical research and statistics.
Rights in relation to Automated Decision Making and Profiling. You may have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
VII. DATA SECURITY
OpenSesame takes commercially reasonable precautions to protect your Personal Information. However, given the nature of the Internet and the fact that network security measures are not infallible, OpenSesame cannot guarantee the security of Personal Information submitted through the Site. OpenSesame also takes commercially reasonable offline efforts to protect your Personal Information. OpenSesame also makes commercially reasonable efforts to restrict access to Personal Information to employees who need the information to perform a specific job. OpenSesame maintains commercially reasonable physical, electronic and managerial procedures to safeguard the Personal Information OpenSesame collects.
VIII. DATA RETENTION
OpenSesame retains personal information in production for the duration of your business relationship with OpenSesame and for up to 90 days thereafter to allow you to recover your account if you decide to renew. For more information on where and how long your personal information is stored, and for more information on your rights of erasure and portability, please contact us using the contact information provided in Section XII (Contact Information).
IX. COOKIES; LINKS
Cookies. OpenSesame may use “cookies” to recognize and count new visitors and to acquire Aggregate Information that lets OpenSesame analyze traffic patterns and tune the performance and functionality of our website and the Services. A cookie is a small text file that is placed on your device when you visit a website. It contains specific information that allows the Site to “recognize” your computer the next time you visit. The most important use for cookies is to eliminate the need for you to re-enter your information every time you visit the website. Most browsers accept cookies by default, but you can turn off cookies using your browser settings. If you turn off cookies, certain website features may no longer work or may work differently. Please note that when you accept a cookie from the website, OpenSesame does not gain access to your device or personal information other than the information you have provided to us. OpenSesame does not provide cookie information to any third party. By using our site, you agree to our use of cookies. For more details on managing cookies, check your browser's help section.
Links. The Site contains or may contain links to other web sites, including without limitation social media sites. OpenSesame is not responsible for the privacy practices or content of these other web sites. This Policy applies solely to information collected by the Site. OpenSesame encourages you to be aware when you leave the Site and to read the privacy statements of each and every web site that collects Personal Information.
X. CHILDREN’S PRIVACY
OpenSesame is committed to protecting the privacy of children. In compliance with the Children’s Online Privacy Protection Act (COPPA) and the FTC’s Rule interpreting COPPA (16 CFR § 512), our website and Services are not directed towards children under the age of 13. Furthermore, OpenSesame does not knowingly collect any Personal Information from children under 13 years of age in any manner.
XI. UPDATES TO THE PRIVACY POLICY
We reserve the right to amend this Policy at our discretion and at any time and from time to time. When we make material changes to this Policy, we will use commercially reasonable efforts to notify you; provided, however, you agree that it will be deemed commercially reasonable if OpenSesame provides you with this notice either by email or through a notice on our website homepage. You agree that your continued use of this site or of any of our Services constitutes your acceptance of these changes. Thus, you should regularly review and print this Policy for your records.
XII. CONTACT INFORMATION
If you wish to exercise your rights under this Policy, or if you have any questions, comments or concerns regarding this Policy or your experiences with the Services, please do not hesitate to get in touch with us using the details provided below.
Email: security@opensesame.com
Address: 1629 SW Salmon Street, Portland, OR 97205, United States of America, ATTN: Legal Department
Phone: (503) 808-1268
XIII. JURISDICTION-SPECIFIC PROVISIONS
California Privacy Rights
OpenSesame is dedicated to upholding the privacy rights of California residents in compliance with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). This section details the rights afforded to California residents under these laws and explains how to exercise them.
Rights Under CCPA and CPRA:
- Right to Know: You can request disclosure of the specific pieces and categories of personal information OpenSesame has collected, used, disclosed, and sold about you in the past 12 months. We have collected the categories of personal information listed in Section II from consumers within the last twelve (12) months (California job applicants and employees click here for additional information). Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
- Right to Delete: You have the right to request the deletion of personal information collected from you, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
- Right to Correct: Under the CPRA, you have the right to request correction of inaccurate personal information held about you.
- Right to Opt-Out of Sale or Sharing: You have the right to direct us not to sell or “share” (as defined under the CCPA as amended by the CPRA) your personal information with third parties. OpenSesame does not sell or “share” personal information, but if this practice changes, we will provide a clear method for you to exercise this right.
- Right to Limit Use and Disclosure of Sensitive Personal Information: The CPRA provides you the right to limit the use and disclosure of your sensitive personal information for purposes other than those necessary to provide the goods or services you requested. OpenSesame does not knowingly collect or use sensitive personal information.
- Right to Non-Discrimination: You have the right not to be discriminated against for exercising any of your CCPA or CPRA rights. We will not discriminate against you for exercising any of your CCPA or CPRA rights. Unless permitted by the CCPA or CPRA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
Exercising Your CCPA/CPRA Rights:
- To exercise any of the above rights, please submit a verifiable consumer request to us by filling out our Data Subject Access Request Form. We may need to verify your identity before processing your request, which may require additional information from you.
- Requests can be made directly by the consumer or by an authorized agent on their behalf.
- We aim to respond to consumer requests within 45 days of receiving them. If more time is needed, we will inform you of the reason and extension period in writing.
For any inquiries or to exercise your CCPA or CPRA rights, please contact us using the contact information provided in Section XII (Contact Information).
General Data Protection Regulation (GDPR) Compliance
OpenSesame processes Personal Information in accordance with the requirements of the GDPR. OpenSesame recognizes the following rights of individuals located in the EU:
- the right to request information about whether and which personal data is processed by us, and the right to demand that personal data is rectified or amended.
- the right to request that personal data should be deleted.
- the right to demand that the processing of personal data should be restricted.
- withdraw your consent to the processing and use of your data completely or partially at any time with future application.
- have the right to obtain your personal data in a common, structured and mechanically readable format.
- contact our data protection officer if there are any questions, comments, complaints or requests in connection with our statement on data protection and the processing of your personal data.
- the right to complain to the responsible supervisory authority if believed that the processing of your personal data is in violation of the legislation.
Pursuant to Article 46 of the GDPR, OpenSesame provides appropriate safeguards through execution of Data Processing Agreements (“DPAs”) with its subprocessors and its corporate customers that have employees located in the European Union, which incorporate Standard Contractual Clauses. A list of OpenSesame’s current subprocessors and OpenSesame’s DPA are available upon request.
OpenSesame’s GDPR Representative in the EU can be contacted at:
Osano International Compliance Services Limited
ATTN: 2KSF
25/28 North Wall Quay
Dublin 1, D01 H104
IRELAND
Data Processing Addendum
Effective May 19th 2026
DownloadTable of Contents
This data processing addendum (“DPA”) supplements and forms part of the OpenSesame Online Terms and any Order governed by or incorporating the OpenSesame Online Terms, or any other agreement that expressly incorporates this DPA, between OpenSesame Inc. (“OpenSesame”) and the entity accepting or otherwise bound by such terms or Order (“Company”) (each a “Party” and collectively the “Parties”) (the "Agreement"). This DPA applies only to the extent OpenSesame Processes Company Personal Data on behalf of Company in connection with the Offerings. If the Parties have entered into a separate signed data processing agreement or addendum governing the same Processing, that separate agreement will control the Processing it covers. “DPA Effective Date” means the date Company first becomes bound by the Agreement or an agreement that incorporates this DPA.
WHEREAS, the Parties have entered into an Agreement under which OpenSesame provides products and/or services ("Services");
WHEREAS, in performing such Services, OpenSesame may collect, use, disclose or maintain, from or on behalf of Company, or have access to, certain Personal Data in connection with the Services;
WHEREAS, the Parties wish to set forth in this DPA their agreement with respect to terms governing the processing of Personal Data under the Agreement.
NOW, THEREFORE, the Parties agree as follows:
1. DEFINITIONS. Capitalized terms not otherwise defined herein shall have the meaning given to them in the Agreement. In this DPA, the following terms shall have the meanings set out below:
1.1. “Applicable Data Protection Laws” means all laws and regulations, in each case as amended, replaced, or superseded from time to time, that apply to the Processing of Personal Data under this DPA.
1.2. “Business” means the definition set forth in the CCPA.
1.3. “CCPA” means the California Consumer Privacy Act of 2018, as set forth in California Civil Code §§ 1798.100 et seq., and any implementing regulations adopted thereunder (all of which as may be amended from time to time).
1.4. “Controller” means the entity which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data (or such similar term under Applicable Data Protection Laws).
1.5. “Data Breach” means the accidental, unlawful, and/or unauthorized disclosure, loss, alteration, acquisition, transfer, deletion, or destruction of Personal Data.
1.6. “Data Subject” means a natural person who can be identified, whether directly or indirectly, including by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity, and to the extent that corporate entities or deceased persons receive the same or similar protection as natural persons under the Applicable Data Protection Laws, shall also include corporate entities or deceased persons.
1.7. “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), including as implemented or adopted under the laws of the United Kingdom.
1.8. “Personal Data” means any information relating to an identified or identifiable Data Subject or as otherwise defined by applicable law.
1.9. “Process/Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, return or destruction, and “Process,” “Processed”, and “Processing” shall be construed accordingly.
1.10. “Processor” means the entity which Processes Personal Data on behalf of a Controller (or such similar term under Applicable Data Protection Laws).
1.11. “Sell” means the definition set forth in the CCPA.
1.12. “Service Provider” means the definition set forth in the CCPA.
1.13. “Standard Contractual Clauses” means Standard Contractual Clauses for the transfer of Personal Data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and the Council approved by European Commission Implementing Decision (EU) 2021/914 of 4 June 2021.
1.14. “Subprocessor” means any processor appointed by OpenSesame to Process Personal Data on behalf of Company.
2. PERSONAL DATA PROCESSING. OpenSesame may Process Personal Data on behalf of Company in accordance with instructions set forth in this DPA. Company is the Controller or Processor, as applicable, and OpenSesame acts as Processor or as a subprocessor, respectively, with respect to any Personal Data Processed under this DPA; and, for purposes of the CCPA, the Parties shall comply with the obligations applicable to their respective roles under the CCPA. Company represents that it is authorized to enter into this DPA, provide the instructions set forth herein, and grant the authorizations set forth herein on its own behalf and, where applicable, on behalf of the relevant Controller.
3. DATA PROCESSING TERMS. In the course of providing the Services to Company pursuant to the Agreement, OpenSesame shall not use the Personal Data for any other purpose except as necessary to perform the requirements of the Agreement. OpenSesame shall not Process, Sell, transfer, modify, amend or alter the Personal Data or disclose or permit the disclosure of the Personal Data to any third party other than in accordance with Company’s documented instructions (including, where Company is a Processor, documented instructions communicated by Company on behalf of the relevant Controller) (whether in this DPA or otherwise), unless Processing is required by applicable law, in which case OpenSesame shall, to the extent permitted by such law, inform Company of that legal requirement before Processing that Personal Data.
4. OPENSESAME PERSONNEL; SUBPROCESSORS
4.1. OpenSesame shall take reasonable steps to ensure the reliability of any employee, agent or contractor who may have access to the Personal Data, ensuring in each case that access is strictly limited to those individuals who need to access the relevant Personal Data, as strictly necessary for the purposes set out in Section 3 (Data Processing Terms) of this DPA, in the context of that individual's duties to OpenSesame, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
4.2. OpenSesame may engage Subprocessors so long as OpenSesame strictly adheres to its obligations with respect to such Subprocessors as set forth in this DPA, including without limitation the terms of this Section 4. With respect to each Subprocessor, OpenSesame shall include terms in the contract between OpenSesame and each Subprocessor which are materially similar to those set out in this DPA. Company may access a list of OpenSesame’s Subprocessors through the Trust Center.
4.3. OpenSesame shall be responsible for its Subprocessors’ compliance and the acts of its Subprocessors to the same extent as if the acts were performed by OpenSesame. Any breach of this DPA by a Subprocessor shall constitute a breach by OpenSesame.
4.4. Company consents to OpenSesame’s use of the Subprocessors listed on the Trust Center as of the DPA Effective Date. Company may subscribe to the Trust Center to receive notices regarding OpenSesame’s engagement of additional Subprocessors. To the extent applicable law or Company’s agreement with a relevant Controller requires Company consent or authorization for OpenSesame’s engagement of additional Subprocessors, Company will have ten (10) business days following delivery of such notice to reasonably object. In the event that Company has not provided an objection to such change(s) within such period, Company will be deemed to have waived its right to object and to have consented to the use of the new Subprocessor(s). OpenSesame will be deemed to have provided any notice required hereunder or under applicable law if such notice is delivered through the Trust Center, whether or not Company has subscribed for such notifications.
5. SECURITY. OpenSesame shall maintain the confidentiality of any such Personal Data and not permit access by unauthorized persons. OpenSesame shall take all appropriate and legally required administrative, technical, physical and organizational security safeguards to protect Personal Data against accidental, unauthorized or unlawful destruction, loss, damage, alteration or access and against all unauthorized or unlawful forms of data processing. Those safeguards shall include, but will not be limited to, measures for preventing access, use, modification or disclosure of Personal Data by OpenSesame except (a) to provide the Services and prevent or address service or technical problems, (b) as compelled by law or (c) as Company expressly permits in writing. OpenSesame’s security measures are set forth in its Trust Center.
6. OPENSESAME COOPERATION. OpenSesame shall, to the extent legally permitted, promptly inform Company if OpenSesame receives any inquiry, complaint or claim from any court, governmental official, third parties or individuals (including but not limited to the Data Subjects). OpenSesame shall not respond directly to a Data Subject request unless required by law. OpenSesame shall provide Company with support and cooperation to enable Company to respond and comply with any such inquiry, complaint or claim from any court, governmental official, third parties or individuals. OpenSesame’s support and cooperation with respect to the responsibilities set forth in this Section 6 shall be provided by OpenSesame at no additional fee or cost.
7. DATA BREACH. To the extent OpenSesame experiences a Data Breach, OpenSesame shall take the following actions: (a) notify Company promptly, and in any case within seventy-two (72) hours, upon becoming aware of a Data Breach, such notification to be sent via email to the contact email address designated by Company in the Agreement; (b) provide Company with a description of the incident, including, as applicable, the following minimum information in such notification, to the extent such information is available: (i) the scope of the compromised information; (ii) the total number of affected Data Subjects; (iii) the number of affected Data Subjects of Company; and (iv) the name and contact details of OpenSesame's data protection officer or other relevant contact from whom more information may be obtained; (c) provide Company with a description of the measures taken or proposed to be taken to address the Data Breach, including (without limitation): (i) whether OpenSesame has contacted law enforcement; (ii) whether OpenSesame has engaged forensics; and (iii) any steps OpenSesame has taken to mitigate the event; and (d) cooperate with Company and take such commercially reasonable steps as directed by Company to assist in the investigation, mitigation, and remediation of each Data Breach. In the event of a Data Breach, OpenSesame shall not inform any third party, including a governmental entity, Data Subject, or other third party, without first notifying Company, unless notification is required by applicable law.
8. DELETION OR RETURN OF PERSONAL DATA. Within 90 days of termination of the Agreement, OpenSesame will permanently anonymize all copies of Personal Data in production, and request the same of its Subprocessors. OpenSesame will provide certification of compliance with this Section 8 to Company upon request. OpenSesame will destroy any Personal Data located in backups according to its retention schedule, and all such Personal Data will remain subject to the obligations of this DPA until destroyed.
9. AUDIT AND INSPECTION RIGHTS. Company may access information about OpenSesame’s information security program through the Trust Center. OpenSesame submits to third-party penetration testing as well as quarterly vulnerability scanning. OpenSesame shall make available to Company any summary report it receives from these tests on request. Additionally, OpenSesame is SOC2 Type II, ISO 27001, and ISO 27701 certified and will share its annual certification reports on request. Company may also conduct paper audits of OpenSesame’s processing activities as required by law, including documentation requests and questionnaires.
10. INTERNATIONAL TRANSFERS OF COMPANY PERSONAL DATA. OpenSesame is certified under the EU-US Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce. The Parties agree to execute Standard Contractual Clauses, Module 2 (controller-to-processor) or Module 3 (processor-to-processor), as applicable, or other similar data transfer mechanism allowed under the GDPR or superseding legislation as necessary to comply with applicable laws.
11. LIMITATION OF LIABILITY. To the extent permitted by law, neither Party will have any liability arising out of or related to this DPA for indirect, special, incidental, reliance or consequential damages or damages for loss of use, lost profits or interruption of business, even if informed of their possibility in advance.
12. INDEMNIFICATION. OpenSesame shall indemnify, reimburse, defend, and hold harmless Company, its Affiliates, and their respective successors and assigns, customers, and distribution partners from and against all fines, sanctions, claims, losses, penalties, damages, expenses, costs or other liability incurred by Company, its Affiliates, and their respective successors and assigns arising out of any (a) breach by OpenSesame or its employees, agents, or subcontractors of any provisions of this DPA; (b) violation by OpenSesame or its employees, agents, or subcontractors of applicable laws, rules or regulations; or (c) loss, theft or breach of security of Personal Data due to OpenSesame’s gross negligence or willful misconduct. The provisions of this Section 12 shall survive termination or expiration of the Agreement. To the extent permitted by law, OpenSesame’s total obligation herein shall be limited to five (5) times the fees payable by Company in the preceding twelve (12) months.
13. DATA PROTECTION IMPACT ASSESSMENT. Upon Company’s reasonable request, OpenSesame shall provide Company with reasonable cooperation and assistance needed to fulfill Company’s obligations under applicable law relating to a data protection impact assessment in connection with OpenSesame’s provision of the Services, including where Company is required to assist a relevant Controller, to the extent Company does not otherwise have access to the relevant information.
14. GENERAL TERMS.
14.1. Subject to Section 14.2, below, the Parties agree that this DPA shall terminate automatically upon termination of the Agreement.
14.2. Any obligation imposed on OpenSesame under this DPA in relation to the Processing of Personal Data shall survive any termination or expiration of the Agreement.
14.3. To the extent that OpenSesame or its employees, agents, or subcontractors breaches any of its obligations under this DPA and does not cure the breach within ten (10) business days of receipt of notice, Company may exercise its right to terminate the affected Services immediately upon written notice. Company reserves its right to obtain equitable relief and pursue any other remedies Company may have in law or in equity.
14.4. With regard to the subject matter of this DPA, in the event of inconsistencies between the provisions of this DPA and any other agreements between the Parties, including but not limited to the Agreement, the provisions of this DPA shall prevail with regard to the Parties’ data protection obligations for Personal Data of a Data Subject.
14.5. Compliance by OpenSesame with the provisions of this DPA will be at no additional cost to Company.
14.6. Except to the extent required by applicable law, nothing in this DPA shall confer any benefits or rights on any person or entity other than the Parties to this DPA.
14.7. Should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the Parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.
Partner Program Terms and Conditions
Effective May 22nd 2025
DownloadTable of Contents
These terms and conditions (the “Agreement”) governs your participation in OpenSesame’s Partner Program and is a binding legal commitment between OpenSesame Inc. (“OpenSesame”) and you or the entity you represent (“you” “You“, or “Partner“). OpenSesame and Partner are sometimes referred to individually as a “Party” and collectively as the “Parties.” This Agreement takes effect when the Parties sign a contract referencing this Agreement (an “Enrollment Agreement”) (such date being the “Effective Date“).
BY SIGNING AN ENROLLMENT AGREEMENT, YOU REPRESENT THAT (1) YOU HAVE READ, UNDERSTAND, AND AGREE TO BE BOUND BY THE TERMS OF THIS AGREEMENT, AND (2) YOU HAVE THE AUTHORITY TO ENTER INTO THIS AGREEMENT ON BEHALF OF THE ENTITY YOU REPRESENT THAT IS SEEKING TO PARTICIPATE IN THE PARTNER PROGRAM, AND TO BIND THAT ENTITY TO THIS AGREEMENT. IF YOU DO NOT ACCEPT OR UNDERSTAND THIS AGREEMENT, YOU MAY NOT PARTICIPATE IN THE PARTNER PROGRAM OR OTHERWISE ACCESS OR USE ANY OF THE OPENSESAME MATERIALS OR OPENSESAME’S MARK AND MUST DISCONTINUE ALL USE OF THE OPENSESAME MATERIALS AND ALL ACTIVITIES RELATED TO THE PARTNER PROGRAM. OPENSESAME RESERVES THE RIGHT TO UPDATE THIS AGREEMENT, OR DISCONTINUE TO THE PARTNER PROGRAM, AT ANY TIME.
1. PARTNER PROGRAM.
1.1. Partner Appointment. Subject to the terms and conditions hereof and the Partner Program Guide (which will be provided to you by OpenSesame), OpenSesame hereby appoints Partner, and Partner accepts such appointment, as an independent non-exclusive agent to market and offer OpenSesame’s e-learning courses (“Courses”) and other approved OpenSesame products (“Products”) to Partner’s prospects and customers solely for their internal use, on terms and conditions as described below (including the attached Exhibit(s)), and in the Partner Program Guide, which is hereby incorporated by reference as updated by OpenSesame from time to time. The term “Agreement” as used herein includes the attached Exhibit(s) and the Partner Program Guide.
1.2 Account. Upon execution of an Enrollment Agreement, Partner agrees to create an account (“Account”) on OpenSesame’s designated partner portal (“Partner Portal”). The Partner Portal will be indicated in the Partner Program Guide. OpenSesame may change the Partner Portal from time to time at its discretion. In registering an Account, Partner agrees to: (a) provide true, accurate, current and complete information as prompted by the registration form (the “Registration Data”); and (b) maintain and promptly update the Registration Data to keep it true, accurate, current and complete. Partner is responsible for all activities that occur under Partner’s Account. Partner may not share Partner’s Account or password with anyone, and Partner agrees to notify OpenSesame immediately of any unauthorized use of Partner’s password or any other breach of security.
1.3 Ongoing. Partner hereby agrees to be responsible for reviewing the Partner Program Guide and any other related policies regularly to maintain compliance as part of its continued participation in the Partner Program. For the avoidance of doubt, OpenSesame may update the Partner Program Guide from time to time.
1.4 Motions; Tiers. The Partner Program consists of different go-to-market motions allowing different levels of participation in the Partner Program (each, a “Partner Program GTM Motion”). Upon execution of an Enrollment Agreement, OpenSesame shall designate Partner’s applicable Partner Program GTM Motion and Tier (as defined below) via email or in the Partner Portal. OpenSesame may offer certain benefits to Partner based on the level of Partner’s participation in the applicable Partner Program Motion and certain qualifying criteria, as further described in the Partner Portal or the Partner Program Guide (each such level, a “Tier”). OpenSesame may, in its sole discretion, change the benefits available, and qualifying criteria for each Tier upon written notice to Partner. Partner’s Tier shall be reviewed at least annually to determine Tier eligibility, and OpenSesame reserves the right to change Partner’s Tier based on the Partner Program requirements.
1.5. Trademark License. OpenSesame hereby grants to Partner a limited, non-transferable, non-exclusive, royalty-free license to use the OpenSesame name and design logo, and any other marks designated by OpenSesame (collectively, “OpenSesame’s Marks”) on Partner’s website(s), advertising, promotional and other materials associated with the marketing and sale of Courses and/or Products. OpenSesame shall have the right to establish such quality standards and additional terms and conditions concerning the use of OpenSesame’s Marks as OpenSesame deems reasonably necessary to protect OpenSesame’s Marks. Use of OpenSesame’s Marks, and the goodwill associated therewith, shall inure solely to OpenSesame. Except as expressly permitted herein, Partner shall not make any other use of OpenSesame’s Marks, and OpenSesame’s rights in its Marks, other than those expressly licensed in this Agreement, are reserved by OpenSesame for its own use and benefit. Partner shall not use or display in any way the name, design logo, or any other marks of any OpenSesame publisher without OpenSesame’s express written consent.
2. PARTNER OBLIGATIONS.
2.1. General. Partner shall use best efforts to market and sell Courses and Products pursuant to the terms and conditions of this Agreement at its expense in accordance with its Partner Program GTM Motion and Tier.
2.2. Identification of Sales and Sales Leads. Partner referrals and sales will be identified and processed as described in the applicable Exhibit(s) and the Partner Program Guide. Partner will conduct an account mapping exercise to determine existing joint prospects and customers and give OpenSesame access to Partner’s existing prospects and customers via Crossbeam or other similar collaborative data tools, or in another format mutually agreed upon by the Parties.
2.3. Restriction on Going Direct. For the Term of this Agreement, Partner shall not sell Courses from OpenSesame content partners directly to Partner’s customers except as set forth below. If OpenSesame reasonably suspects Partner of having violated this Section 2.3, and Partner believes it is subject to one of the exceptions listed below, upon request it shall provide reasonable evidence of such exception. In the event that Partner violates this provision and fails to provide any such evidence, OpenSesame shall invoice Partner for the revenue share that it would have otherwise received. This Section 2.3 shall not apply as to any business relationship Partner may have with an OpenSesame content partner that predates OpenSesame’s business relationship with such content partner, or any relationship Partner has with an OpenSesame content partner as of the effective date of this Agreement.
2.4. Marketing and Sales Training. Partner will engage in applicable marketing and sales training as identified in the applicable Exhibit(s) and the Partner Program Guide.
2.5. Learning Platform Access. If Partner will be providing access to OpenSesame Courses and/or Products via its proprietary learning management or other relevant proprietary enterprise system (“Partner Platform”), Partner will provide OpenSesame access to an administrator instance of its Partner Platform at no cost to OpenSesame. Such access must, at a minimum, allow OpenSesame to independently test Courses and/or Products as applicable, support Integration troubleshooting, validate and maintain Integration documentation, and assess platform functionality to recommend improvements as APIs and Integrations evolve.
2.6. No Modifications. Partner shall not: copy, modify, adapt, translate, decompile, disassemble or reverse engineer the Courses, Products, or any OpenSesame technology used to deliver the Courses.
2.7. Compliance. Partner shall comply with all applicable laws and regulations in performance of its obligations under this Agreement, including but not limited to data privacy laws. Partner shall not access, store, transmit, or otherwise process any personal information belonging to end users or customers except as strictly necessary to fulfill its obligations under this Agreement or as expressly permitted by the customer or applicable law. Additionally, OpenSesame reserves the right to terminate this Agreement upon written notice if it becomes aware that Partner is identified in connection with any applicable law or regulation contributing to the United States Consolidated Screening List or otherwise relating to export control compliance or anti-corruption.
2.8. No Unauthorized Representations. Partner shall not make any unauthorized representations, warranties, or commitments related to the Courses, Products, or OpenSesame in any of its marketing materials, or to any of its prospects or customers.
2.9. Restriction on Customer Charges. Where Partner is directly selling OpenSesame Courses, subscriptions, and/or Products to an end customer, Partner will not charge such end customer an additional service, technology or implementation fee related to providing such Courses and/or Products.
2.10. Integration. If applicable, Partner will work with OpenSesame to integrate OpenSesame Courses and/or Products with the Partner Platform (the “Integration”) as described further in the applicable Exhibit(s) and the Partner Program Guide. Specifically:
- OpenSesame will provide its API documentation for Partner’s use in building out the Integration;
- Partner will collaborate with OpenSesame’s Product Team to ensure the Integration meets OpenSesame’s design quality standards;
- Partner will work with OpenSesame’s Integration Program Manager to launch the Integration;
- Partner will work with OpenSesame on co-branding and marketing efforts related to the Integration;
- Partner will not charge an additional fee for its customers to connect to or otherwise have access to the Integration; and
- Partner will maintain and update the Integration during the term of the Agreement. Additionally, Partner will continue to maintain and upgrade the Integration after termination of the Agreement until the expiration of all active licenses purchased utilizing the Integration prior to termination of the Agreement.
3. OPENSESAME OBLIGATIONS.
3.1. Delivery. OpenSesame will deliver Courses either (a) to Partner; or (b) directly to the end customer, in each case as specified in the applicable Exhibit(s) and the Partner Program Guide.
3.2. Customer Support. Where OpenSesame is delivering Courses to Partner, OpenSesame shall provide Partner with the applicable technical service and support as set forth in the applicable Exhibit(s) and the Partner Program Guide. At a minimum, Partner will use its best efforts to meet or exceed OpenSesame’s SLA response timing on joint end customer issues.
3.3. Ownership. All right, title and interest (including but not limited to all copyright and other intellectual property rights) in and to the Courses shall remain with the underlying owner of the Courses. All right, title and interest (including but not limited to all copyright and other intellectual property rights) in and to the Products shall remain with OpenSesame.
3.4. Sales, Marketing, and Partner Relationship Support. OpenSesame will provide reasonable sales, marketing, and Partner relationship support, as set forth in any applicable Exhibit(s) and the Partner Program Guide.
3.5. Demo Courses. OpenSesame may, in its sole discretion, select and provision a set of Courses for Partner’s internal use as demo courses in the Partner Platform (if applicable). Partner staff will have unlimited access to such demo courses. Partner may not grant access to demo courses to prospective customers without OpenSesame’s prior written consent.
4. TRADE SECRETS AND CONFIDENTIALITY.
4.1. Trade Secrets and Confidential Information. Both OpenSesame and Partner recognize and acknowledge the value of Trade Secrets and Confidential Information developed by each Party. OpenSesame has developed, or may develop, certain Trade Secrets that offer significant competitive advantages. Similarly, Partner may possess or develop its own Trade Secrets and Confidential Information through its business operations. In the course of the relationship between OpenSesame and Partner, both parties may have access to each other's proprietary Trade Secrets and Confidential Information. These assets are of substantial value to both OpenSesame and Partner, and unauthorized use or disclosure contrary to the terms of this Agreement may cause significant competitive harm and other serious injuries to either Party. For these reasons, both OpenSesame and Partner covenant and agree to comply with the provisions of this Section 4.
4.2. Definition of Trade Secrets. "Trade Secrets" shall mean any information of either OpenSesame or Partner, without regard to form, including, but not limited to, technical or nontechnical data, formulas, patterns, compilations, programs, devices, methods, techniques, drawings, processes, financial data, financial plans, product designs, product plans, or a list of actual or potential customers or suppliers. Such information must not be commonly known by or available to the public and must (a) derive economic value, actual or potential, from not being generally known and not being readily ascertainable by others who can obtain economic value from its disclosure or use; and (b) be the subject of reasonable efforts to maintain its secrecy. Trade Secrets also include any such information described above that either OpenSesame or Partner obtains from third parties and treats as proprietary or designates as trade secrets.
4.3. Definition of Confidential Information. "Confidential Information" shall mean any confidential or proprietary data or information of either OpenSesame or Partner other than Trade Secrets.
4.4. Excluded Information. The terms "Trade Secrets" and "Confidential Information" shall not include any information that (a) becomes publicly known through no fault of either Party; or (b) is known to either Party prior to the date hereof, having been lawfully received from sources other than the disclosing Party. Failure to mark any of the Trade Secrets or Confidential Information as confidential shall not affect their status under this Agreement.
4.5. Protection of Trade Secrets and Confidential Information. All Trade Secrets and Confidential Information shall remain the respective property of OpenSesame or Partner. Each Party shall use the other Party’s Trade Secrets and Confidential Information only for the purpose of performing its obligations under this Agreement and as expressly permitted by this Agreement. Each Party hereby expressly agrees not to use, copy, duplicate, transfer, transmit, disclose, reveal, disseminate, or permit any unauthorized person access to the other Party’s Trade Secrets or Confidential Information without the disclosing Party's prior written consent. The obligations regarding Confidential Information shall expire five (5) years after termination of this Agreement. The obligations regarding Trade Secrets shall survive for the longer of (a) five (5) years after termination of this Agreement, or (b) as long as such information remains a trade secret under applicable law. Each Party will ensure its officers, employees, agents, and contractors comply with the terms of this Section 4 and will be responsible for any breach of this Section 4 by its officers, employees, agents, or contractors.
5. COMMISSIONS AND PAYMENTS.
5.1. Partner Commission For Content Sales. Partner will be entitled to a sales commission for sales of OpenSesame subscriptions, Courses, and/or Products closed in accordance with this Agreement and the Partner Program Guide (“Sales Commission”), as further described in the applicable Exhibit(s) and the Partner Program Guide and this Section 5.
- Paid Partner Events. Leads initially independently generated via OpenSesame attending an event hosted by Partner shall not be subject to any Sales Commission hereunder if OpenSesame is required to sponsor, or otherwise pay, to attend such event.
- Alternative Commission Agreements. In cases where Partner and OpenSesame mutually agree to cooperate to jointly close a transaction that is not in accordance with the terms of any applicable Exhibit(s), the Parties will agree to an alternative commission structure. Any such agreement will be documented by email confirmation generated by OpenSesame’s Director or VP of Partnerships.
5.2. Taxes. In the event that the sale or delivery of any of the Courses or Products to any end-user is subject to any tax, OpenSesame shall collect and remit to the competent tax authorities such taxes. Sales Commissions shall be net of any such taxes.
5.3. Multiple Lead Priority Commission Rules. If multiple partners of OpenSesame register a referral lead, the partner that wins the platform and/or services transaction receives the commission. If none of the partners win the transaction, the first partner to register the referral lead receives the commission.
5.4. Right to Offset. Partner acknowledges and agrees that, in the event OpenSesame owes payment to Partner under this Agreement, OpenSesame shall have the right to offset any amounts due and payable to Partner against any amounts that remain outstanding and unpaid by Partner to OpenSesame. Such set-off shall not relieve Partner of its obligations to pay any remaining balance owed after the set-off is applied, nor shall it limit OpenSesame’s rights and remedies under this Agreement or applicable law. This Section shall survive termination or expiration of this Agreement.
6. TERM AND TERMINATION.
6.1. Term. Unless otherwise agreed to in an Enrollment Agreement, this Agreement shall begin on the Effective Date and, subject to earlier termination in accordance herewith, continue for one year (the “Initial Term”), after which the Agreement shall automatically renew for consecutive one-year renewal terms (each a “Renewal Term”) unless one Party provides the other written notice no later than thirty (30) days prior to the expiration of the then-current Initial or Renewal Term, as applicable, of its intention to allow the Agreement to expire at the end of such term (the Initial Term and Renewal Term, collectively, the “Term”).
6.2. Termination. This Agreement may be terminated upon written notice: (a) by either Party upon thirty (30) days’ written notice for the material breach of the other Party that remains uncured following the 30 days’ notice; (b) by either Party immediately if the other Party files for or has instituted against it any proceedings as to its bankruptcy, insolvency, reorganization, liquidation, receivership, or dissolution or there is an assignment for the benefit of creditors. Additionally, OpenSesame may terminate this Agreement upon written notice in the event it, in its sole discretion, discontinues the Partner Program.
6.3. Effect of Termination. Upon termination or expiration of this Agreement, the rights and licenses granted to Partner pursuant to hereunder shall terminate, and Partner shall immediately cease using OpenSesame’s Marks and shall also cease marketing, promoting, advertising and selling the Courses and Products, and return to OpenSesame any Confidential Information provided to or obtained by Partner pursuant to this Agreement.
7. REPRESENTATIONS AND WARRANTIES.
7.1. By OpenSesame. OpenSesame represents and warrants that (a) it has the right, power and authority to enter into this Agreement and to fully perform its obligations hereunder (b) it possesses all rights necessary to grant the rights to Partner contemplated by this Agreement, and (c) it will comply with all applicable legal standards, laws, regulations, rules, orders, and other requirements of governmental and other authorities with respect to its performance hereunder.
7.2. By Partner. Partner represents and warrants that (a) it has the right, power and authority to enter into this Agreement and to fully perform its obligations hereunder, and (b) it will comply with all applicable legal standards, laws, regulations, rules, orders, and other requirements of governmental and other authorities with respect to its performance hereunder.
7.3. Disclaimer. EXCEPT AS EXPRESSLY SET FORTH HEREIN, NEITHER PARTY MAKES ANY WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED OR STATUTORY, RELATING TO THIS AGREEMENT, OR ITS PERFORMANCE HEREUNDER.
8. INDEMNIFICATION.
8.1. By OpenSesame. OpenSesame agrees to defend, indemnify and hold Partner and its respective employees, agents, representatives, managers, officers and directors harmless from and against any and all damages, costs and liabilities, including reasonable attorneys' fees, arising out of or related to any third-party claim for damages arising from the breach of any representation, warranty or covenant herein by OpenSesame.
8.2. By Partner. Partner agrees to defend, indemnify and hold OpenSesame and its Partners, and their respective employees, agents, representatives, managers, officers and directors, harmless from and against any and all damages, costs and liabilities, including reasonable attorneys' fees, arising out of or related to any third-party claim for damages arising from (a) the breach of any representation, warranty or covenant herein by Partner, or (b) Partner’s breach of Section 2.8 (No Unauthorized Representations).
8.3. Conditions. Each Party’s indemnification obligations hereunder shall be conditioned upon (i) prompt written notice by the indemnified Party to the indemnifying Party of any claim, action or demand for which indemnity is claimed; (ii) complete control of the defense and settlement thereof by the indemnifying Party; and (iii) such reasonable cooperation by the indemnified Party in the defense as the indemnifying Party may request.
9. LIMITED LIABILITY.
EXCEPT FOR INFRINGEMENTS OF OPENSESAME’S INTELLECTUAL PROPERTY RIGHTS, OR VIOLATIONS OF SECTION 2.3 (RESTRICTION ON GOING DIRECT) OR 2.8 (NO UNAUTHORIZED REPRESENTATIONS) BY PARTNER, IN NO EVENT WILL EITHER PARTY BE LIABLE FOR: (A) LOST PROFITS OR FOR INDIRECT, INCIDENTAL, CONSEQUENTIAL, PUNITIVE, SPECIAL OR EXEMPLARY DAMAGES, REGARDLESS OF THE NATURE OF THE CLAIM GIVING RISE TO SUCH DAMAGES, WHETHER IN CONTRACT OR IN TORT, INCLUDING NEGLIGENCE, AND EVEN IF SUCH PARTY WAS ADVISED IN ADVANCE OF THE POSSIBILITY OF SUCH DAMAGES, OR (B) AGGREGATE TOTAL LIABILITY UNDER THIS AGREEMENT IN EXCESS OF THE AMOUNT OF SALES COMMISSIONS EARNED BY PARTNER HEREUNDER IN THE TWELVE (12) MONTHS PRIOR TO THE EVENTS GIVING RISE TO THE CLAIM.
10. GENERAL PROVISIONS.
10.1. Parties’ Relationship. Partner has no express or implied authority to assume or create any obligation on OpenSesame’s behalf, and shall disclaim any such authority whenever necessary to avoid confusion. In no case shall either Party or its subsidiaries or partners be deemed the other’s agents or representatives, nor shall either Party or its subsidiaries or partners have the right to conclude any contract or commitment in the other’s name, nor to make any representation, guarantee or warranty on behalf of the other Party or any of its licensors to any third party, including end-users.
10.2. Governing Law. This Agreement and any controversy arising out of or in relation to it shall be governed by the law of the state of Delaware, without regard to its choice of law provisions.
10.3. Severability. If any provision of this Agreement shall be declared void, invalid, or illegal, the validity or legality of all other provisions of the Agreement shall not be affected thereby.
10.4. Notices. Any notices or communications under this Agreement shall be in writing and deemed given (a) if to OpenSesame, upon receipt when sent to legal-notices@opensesame.com, and (b) if to Partner, upon receipt when sent to the email provided by Partner to OpenSesame on its Enrollment Agreement, or as updated by notice to OpenSesame from time to time.
10.5. Assignability. Neither Party shall assign or transfer this Agreement without the other Party’s prior written consent, upon which this Agreement shall bind and inure to the benefit of the assigns; provided, however that OpenSesame may assign this Agreement without obtaining prior written consent if such assignment is to any entity that acquires OpenSesame’s business through operation of a merger or consolidation, or purchase of all or substantially all of OpenSesame’s assets that relate to the business contemplated by this Agreement.
10.6. No Waiver. Any failure of either Party to enforce at any time, or for any period of time, any provision of this Agreement, shall not constitute a waiver of such provision or in any way affect the validity of this Agreement.
10.7. Complete Agreement. This Agreement constitutes the entire agreement between the Parties with respect to the subject matter hereof, and supersedes all prior intentions, proposals, understandings, communications and agreements, oral or written, relating to the subject matter of this Agreement. This Agreement will not be binding upon the Parties until it has been signed by each Party's authorized representative.
10.8. Remedies Cumulative. All rights and remedies, whether conferred hereunder, or by any other instrument or law will be cumulative and may be exercised singularly or concurrently. The rights and remedies of the Parties provided in this Agreement shall not be exclusive but are in addition to any other rights and remedies provided by law or this Agreement.
10.9. Public Disclosures. Neither Party shall disclose the terms or existence of this Agreement without the consent of the other Party. Notwithstanding the foregoing, the Parties may mutually agree upon a press release to be issued promptly after the Effective Date of this Agreement.
10.10. Reporting. If you believe you have witnessed an employee or representative of OpenSesame engaging in unethical or illegal conduct, please notify our legal team via email at legal-notices@opensesame.com, or via our anonymous hotline at 833-222-4148.
EXHIBIT A
DESCRIPTION OF GTM MOTIONS
The terms and provisions of this Exhibit are incorporated into the OpenSesame Partner Program Terms and Conditions (“Agreement”). Any terms used in this Exhibit shall have the same meaning as defined in the Agreement, unless otherwise specified. This Exhibit is subject to all terms, conditions, and provisions of the Agreement, and in the event of any conflict between this Exhibit and the main body of the Agreement, the terms of the main body of the Agreement shall prevail.
The terms below apply to specific Partner Program GTM Motions. Partners participating in each specific Partner Program GTM Motion must comply with the applicable terms.
I. REFERRAL MOTION
- Registering Leads. Partner may refer sales leads to OpenSesame for the sale of individual Courses, Course Bundles, Plus subscriptions, and/or other Products in accordance with this Exhibit and the Partner Program Guide. Partner shall register a sales lead with OpenSesame for organizations with 100 or more employees by completing an online customer lead registration form provided by OpenSesame that includes company name and contact information (such form the “Lead Registration Form” and each submitted lead a “Registered Lead”). Partner shall not register leads for organizations with fewer than 100 employees. Lead Registration must be submitted in accordance with Section I.2 (Lead Engagement Process), below, and the timing of submissions in certain cases may impact commission eligibility as set forth in the Agreement and Section I.3 (Sales Commission), below. The Lead Registration Form may be made available via link or via a partner portal website. It is the Partner’s responsibility to submit Lead Registration Forms. Registered Leads shall remain valid unless (a) inactive for a period of twelve (12) months or (b) OpenSesame rejects the Registered Lead in the case where the referred company is an existing or prospective customer of OpenSesame with an open opportunity in its system. “Valid Leads” shall refer to Registered Leads where neither (a) or (b) in the preceding sentence apply.
- Lead Engagement Process. For all Registered Leads, OpenSesame will assign an account executive promptly after receiving Partner’s Lead Registration Form except where it determines the Registered Lead is not valid in accordance with subsection 1(b), above. Partner will introduce OpenSesame’s assigned account executive to the Registered Lead as early as possible in the process. Partner will not provide any information to the Registered Lead relating to OpenSesame pricing, attempt to align OpenSesame Products to the Registered Lead’s needs, or answer content or product questions from the Registered Lead prior to this introduction and written approval from OpenSesame. This includes, but is not limited to, providing pricing (including but not limited to quotes taken from OpenSesame’s website), demos, or course mappings. OpenSesame will take the lead in the sales process upon Partner’s introduction. Partner is not required to assist in closing a referral deal, and OpenSesame is not required to seek or allow Partner’s assistance.
- Sales Commission.
- Subject to subsection I.3(c), below, Partner will be entitled to a Sales Commission for Registered Leads that convert to a closed transaction of OpenSesame Courses and/or Products within three (3) years of lead registration without an inactive period during the 3 years longer than twelve (12) months (each a “Closed Transaction”).
- Sales Commission for Closed Transactions shall be the amount listed in the Partner Program Guide for the applicable Tier, in effect as of the date the Closed Transaction is closed.
- Notwithstanding anything to the contrary, Partner will not be entitled to a Sales Commission for the following transactions unless the Partner Program Guide explicitly provides otherwise for Partner’s applicable Tier, in effect as of the date such transaction is closed: (i) upsells initiated by OpenSesame and made during the initial sale period of a Closed Transaction; (ii) renewals of Closed Transactions; (iii) Closed Transactions for OpenSesame Plus via a monthly license, even where the customer is a Registered Lead; and (iv) sales to organizations with fewer than 100 employees.
- Payment of Sales Commissions to Partner.
- All Sales Commissions shall be processed by OpenSesame to Partner on a monthly basis. Payments shall include Sales Commissions from sales for which OpenSesame receives customer payment within the preceding month leading up such monthly payment. If Partner’s Tier makes it eligible for commission on the entire initial term of multi-year contracts, Partner will be paid annually based on the full value of the contract divided by the number of years.
- In the event that a customer referred by Partner hereunder receives a refund for a content sale for which a Sales Commission has previously been paid (a “Deficit”), OpenSesame shall deduct an amount equal to such Sales Commission from the current monthly and/or future monthly payments. In the event that this Agreement is terminated and there is an unsatisfied Deficit, Partner will pay such amount upon receipt of an invoice therefore.
- Prior to releasing payment, OpenSesame may be required to collect additional information to comply with United States tax laws.
II. CO-SELLING MOTION
- Co-Selling Motion. Partner may directly sell certain OpenSesame products, services, or content on Partner’s purchase contract in cases where Partner is selling the subscription to its existing customers or prospects (each an “End Customer”) that also purchase Partner’s platform and/or services (an “Co-Selling Transaction”), subject to Partner’s compliance with the terms of the Agreement, this Exhibit, and the Partner Program Guide. The OpenSesame products, services, or content eligible for Co-Selling Transactions depends on Partner’s Tier, as detailed in the Partner Program Guide.
- General. OpenSesame sales and implementation staff will work directly with the End Customer through the sales and implementation process and provide customer relationship support and management. While Partner may take the lead as the primary contact for engagements during the sales cycle, OpenSesame will assist Partner at all stages of the sales process to the extent OpenSesame deems necessary.
- Process. OpenSesame will issue a quote to Partner for each Co-Selling Transaction in the form of a Sales Order, which will include payment, term, and invoicing terms as between OpenSesame and Partner. Partner will then complete and submit OpenSesame’s Co-Selling Order Form (“Co-Selling Order Form”), and will in each instance reference the applicable Sales Order in the Co-Selling Order Form. The completed Co-Selling Order Form will be binding on the Parties upon OpenSesame’s acceptance, which OpenSesame will provide or deny within 1 business day of receipt. Failure by OpenSesame to reject a Co-Selling Order Form within that timeframe will constitute acceptance. A signature shall not be required on the Co-Selling Order Form or underlying Sales Order for it to be binding on both Parties. Unless the Sales Order referenced in a Co-Selling Order Form explicitly states otherwise, all purchases of OpenSesame subscriptions pursuant to a Co-Selling Transactions shall automatically renew for subsequent 12 month terms, subject to standard OpenSesame pricing changes. Partner is responsible for communicating an End Customer's intent to not renew a purchase of an OpenSesame subscription pursuant to a Co-Selling Transaction.
- Transaction Terms. Co-Selling Transactions shall be made under a written agreement directly between Partner and the End Customer (a “Co-Selling Agreement”), or subject to terms made publicly available on Partner’s website (“Online Terms”). Partner shall ensure all Co-Selling Agreements and/or its Online Terms either (i) contain terms and conditions that are consistent with those found at https://www.opensesame.com/legal as modified from time to time (the “OpenSesame Terms”) or (ii) incorporate the OpenSesame Terms by reference. Partner will promptly provide a copy of any Co-Selling Agreement requested by OpenSesame and/or access to Partner’s Online Terms to confirm compliance with this subsection 1(c), and will promptly correct any noncompliance identified by OpenSesame. Partner will not charge the End Customer more than the price indicated on the quote provided by OpenSesame for such Co-Selling Transaction. In no case will Partner allow the end customer to sublicense or further resell OpenSesame Products or Courses.
- Customer Success Representative. An OpenSesame Customer Success representative will be assigned to the End Customer following the closing of a Co-Selling Transaction, provided the value of the Co-Selling Transaction meets OpenSesame’s then in-effect threshold, which OpenSesame may update from time to time.
- Additional Marketing and Sales Terms. The following shall apply to the Parties’ relationship with respect to the Co-Selling Motion:
- The Parties will develop a content sales business plan that includes a specific annual sales goal broken down by region, number of customers, and average transaction size;
- The Parties shall participate in business reviews that are focused on sales of Courses (and, if eligible, Products);
- Partner will provide its sales team members with quota retirement and commission for closed Co-Selling Transactions;
- Partner will develop and execute marketing programs for Courses (and, if eligible, Products);
- Partner will use marketing assets and messaging made available by OpenSesame in executing the above referenced marketing programs, or, with written permission and content approval from OpenSesame, may elect to create custom assets and messaging;
- Partner will provide access to its sales, account management, marketing, and customer success staff for OpenSesame sales training;
- Each Party will place the other Party’s logo with mention of the partnership on the homepage of the Party’s website;
- Each Party will provide mention of the partnership with the other Party in relevant advertising and sales materials;
- Partner will offer OpenSesame Courses (and, if eligible, Products) as an option in its standard sales presentation;
- If approved by OpenSesame on a case-by-case basis and in OpenSesame’s sole discretion, Partner will include OpenSesame demo courses in Partner Platform demo and trial accounts, if applicable. In such cases, Partner is responsible for limiting prospective customers to a maximum of 30 days of access per user to such trial licenses; and
- Partner will invite OpenSesame to participate in all revenue kickoff and customer and prospect events hosted by Partner, including its user conference, at no cost to OpenSesame.
- Sales Commission.
- For each Co-Selling Transaction, OpenSesame will invoice Partner an amount equal to the list price (or OpenSesame approved reduced sales price) of the applicable product(s) minus the applicable commission percentage, which shall be the amount listed in the Partner Program Guide for the applicable Tier, in effective as of the date the Co-Selling Transaction is closed. Partner’s Sale Commission for Co-Selling Transactions shall be the difference between (y) the amount received by Partner from the End Customer for the OpenSesame product(s) contained in the Co-Selling Transaction, and (z) the amount invoiced by OpenSesame.
- OpenSesame will invoice Partner at the billing frequency specified on the quote issued in conjunction with the applicable Co-Selling Order Form on a net-45 basis. Partner will be responsible for invoicing and collecting funds from the End Customer. Partner’s payment obligation to OpenSesame for a Co-Selling Transaction is not dependent on Partner’s receipt of payment from its End Customer. OpenSesame reserves the right to disable access to OpenSesame Courses and/or Products for an End Customer in the event Partner’s payment to OpenSesame for such End Customer's Co-selling Transaction is more than 60 days past due
- Notwithstanding anything to the contrary, Partner will not be entitled to a Sales Commission for the following transactions unless the Partner Program Guide explicitly provides otherwise for Partner’s applicable Tier, in effect as of the date such transaction is closed: (i) upsells initiated by OpenSesame and made during the initial sale period of an Co-Selling Transaction; (ii) renewals of Co-Selling Transactions; (iii) Co-Selling Transactions for OpenSesame Plus via a monthly license; and (iv) sales to organizations with fewer than 100 employees.
III. FULL RESELLER MOTION
In the event OpenSesame approves Partner to participate in a Full Reseller Motion, the Parties will execute an addendum to the Enrollment Agreement containing the details of such partnership.
Effective February 14th 2025 to May 22nd 2025
DownloadTable of Contents
These terms and conditions (the “Agreement”) governs your participation in OpenSesame’s Partner Program and is a binding legal commitment between OpenSesame Inc. (“OpenSesame”) and you or the entity you represent (“you” “You“, or “Partner“). OpenSesame and Partner are sometimes referred to individually as a “Party” and collectively as the “Parties.” This Agreement takes effect when the Parties sign a contract referencing this Agreement (an “Enrollment Agreement”) (such date being the “Effective Date“).
BY SIGNING AN ENROLLMENT AGREEMENT, YOU REPRESENT THAT (1) YOU HAVE READ, UNDERSTAND, AND AGREE TO BE BOUND BY THE TERMS OF THIS AGREEMENT, AND (2) YOU HAVE THE AUTHORITY TO ENTER INTO THIS AGREEMENT ON BEHALF OF THE ENTITY YOU REPRESENT THAT IS SEEKING TO PARTICIPATE IN THE PARTNER PROGRAM, AND TO BIND THAT ENTITY TO THIS AGREEMENT. IF YOU DO NOT ACCEPT OR UNDERSTAND THIS AGREEMENT, YOU MAY NOT PARTICIPATE IN THE PARTNER PROGRAM OR OTHERWISE ACCESS OR USE ANY OF THE OPENSESAME MATERIALS OR OPENSESAME’S MARK AND MUST DISCONTINUE ALL USE OF THE OPENSESAME MATERIALS AND ALL ACTIVITIES RELATED TO THE PARTNER PROGRAM. OPENSESAME RESERVES THE RIGHT TO UPDATE THIS AGREEMENT, OR DISCONTINUE TO THE PARTNER PROGRAM, AT ANY TIME.
1. PARTNER PROGRAM.
1.1. Partner Appointment. Subject to the terms and conditions hereof and the Partner Program Guide (which will be provided to you by OpenSesame), OpenSesame hereby appoints Partner, and Partner accepts such appointment, as an independent non-exclusive agent to market and offer OpenSesame’s e-learning courses (“Courses”) and other approved OpenSesame products (“Products”) to Partner’s prospects and customers solely for their internal use, on terms and conditions as described below (including the attached Exhibit(s)), and in the Partner Program Guide, which is hereby incorporated by reference as updated by OpenSesame from time to time. The term “Agreement” as used herein includes the attached Exhibit(s) and the Partner Program Guide.
1.2 Account. Upon execution of an Enrollment Agreement, Partner agrees to create an account (“Account”) on OpenSesame’s designated partner portal (“Partner Portal”). The Partner Portal will be indicated in the Partner Program Guide. OpenSesame may change the Partner Portal from time to time at its discretion. In registering an Account, Partner agrees to: (a) provide true, accurate, current and complete information as prompted by the registration form (the “Registration Data”); and (b) maintain and promptly update the Registration Data to keep it true, accurate, current and complete. Partner is responsible for all activities that occur under Partner’s Account. Partner may not share Partner’s Account or password with anyone, and Partner agrees to notify OpenSesame immediately of any unauthorized use of Partner’s password or any other breach of security.
1.3 Ongoing. Partner hereby agrees to be responsible for reviewing the Partner Program Guide and any other related policies regularly to maintain compliance as part of its continued participation in the Partner Program. For the avoidance of doubt, OpenSesame may update the Partner Program Guide from time to time.
1.4 Motions; Tiers. The Partner Program consists of different go-to-market motions allowing different levels of participation in the Partner Program (each, a “Partner Program GTM Motion”). Upon execution of an Enrollment Agreement, OpenSesame shall designate Partner’s applicable Partner Program GTM Motion and Tier (as defined below) via email or in the Partner Portal. OpenSesame may offer certain benefits to Partner based on the level of Partner’s participation in the applicable Partner Program Motion and certain qualifying criteria, as further described in the Partner Portal or the Partner Program Guide (each such level, a “Tier”). OpenSesame may, in its sole discretion, change the benefits available, and qualifying criteria for each Tier upon written notice to Partner. Partner’s Tier shall be reviewed at least annually to determine Tier eligibility, and OpenSesame reserves the right to change Partner’s Tier based on the Partner Program requirements.
1.5. Trademark License. OpenSesame hereby grants to Partner a limited, non-transferable, non-exclusive, royalty-free license to use the OpenSesame name and design logo, and any other marks designated by OpenSesame (collectively, “OpenSesame’s Marks”) on Partner’s website(s), advertising, promotional and other materials associated with the marketing and sale of Courses and/or Products. OpenSesame shall have the right to establish such quality standards and additional terms and conditions concerning the use of OpenSesame’s Marks as OpenSesame deems reasonably necessary to protect OpenSesame’s Marks. Use of OpenSesame’s Marks, and the goodwill associated therewith, shall inure solely to OpenSesame. Except as expressly permitted herein, Partner shall not make any other use of OpenSesame’s Marks, and OpenSesame’s rights in its Marks, other than those expressly licensed in this Agreement, are reserved by OpenSesame for its own use and benefit. Partner shall not use or display in any way the name, design logo, or any other marks of any OpenSesame publisher without OpenSesame’s express written consent.
2. PARTNER OBLIGATIONS.
2.1. General. Partner shall use best efforts to market and sell Courses and Products pursuant to the terms and conditions of this Agreement at its expense in accordance with its Partner Program GTM Motion and Tier.
2.2. Identification of Sales and Sales Leads. Partner referrals and sales will be identified and processed as described in the applicable Exhibit(s) and the Partner Program Guide. Partner will conduct an account mapping exercise to determine existing joint prospects and customers and give OpenSesame access to Partner’s existing prospects and customers via Crossbeam or other similar collaborative data tools, or in another format mutually agreed upon by the Parties.
2.3. Restriction on Going Direct. For the Term of this Agreement, Partner shall not sell Courses from OpenSesame content partners directly to Partner’s customers except as set forth below. If OpenSesame reasonably suspects Partner of having violated this Section 2.3, and Partner believes it is subject to one of the exceptions listed below, upon request it shall provide reasonable evidence of such exception. In the event that Partner violates this provision and fails to provide any such evidence, OpenSesame shall invoice Partner for the revenue share that it would have otherwise received. This Section 2.3 shall not apply as to any business relationship Partner may have with an OpenSesame content partner that predates OpenSesame’s business relationship with such content partner, or any relationship Partner has with an OpenSesame content partner as of the effective date of this Agreement.
2.4. Marketing and Sales Training. Partner will engage in applicable marketing and sales training as identified in the applicable Exhibit(s) and the Partner Program Guide.
2.5. Learning Platform Access. If Partner will be providing access to OpenSesame Courses via its proprietary learning management or other relevant proprietary enterprise system (“Partner Platform”), Partner will provide OpenSesame access to an administrator instance of its Partner Platform at no cost to OpenSesame. Such access must allow OpenSesame to independently test Courses, support Integration troubleshooting, validate and maintain Integration documentation, and assess platform functionality to recommend improvements as APIs and Integrations evolve.
2.6. No Modifications. Partner shall not: copy, modify, adapt, translate, decompile, disassemble or reverse engineer the Courses, Products, or any OpenSesame technology used to deliver the Courses.
2.7. Compliance. Partner shall comply with all applicable laws and regulations in performance of its obligations under this Agreement, including but not limited to data privacy laws. Partner shall not access, store, transmit, or otherwise process any personal information belonging to end users or customers except as strictly necessary to fulfill its obligations under this Agreement or as expressly permitted by the customer or applicable law. Additionally, OpenSesame reserves the right to terminate this Agreement upon written notice if it becomes aware that Partner is identified in connection with any applicable law or regulation contributing to the United States Consolidated Screening List or otherwise relating to export control compliance or anti-corruption.
2.8. No Unauthorized Representations. Partner shall not make any unauthorized representations, warranties, or commitments related to the Courses, Products, or OpenSesame in any of its marketing materials, or to any of its prospects or customers.
2.9. Restriction on Customer Charges. Where Partner is directly selling OpenSesame Courses, subscriptions, and/or Products to an end customer, Partner will not charge such end customer an additional service, technology or implementation fee related to providing such Courses and/or Products.
2.10. Integration. If applicable, Partner will work with OpenSesame to integrate the OpenSesame course catalog with the Partner Platform (the “Integration”) as described further in the applicable Exhibit(s) and the Partner Program Guide. Specifically:
- OpenSesame will provide its API documentation for Partner’s use in building out the Integration;
- Partner will collaborate with OpenSesame’s Product Team to ensure the Integration meets OpenSesame’s design quality standards;
- Partner will work with OpenSesame’s Integration Program Manager to launch the Integration;
- Partner will work with OpenSesame on co-branding and marketing efforts related to the Integration;
- Partner will not charge an additional fee for its customers to connect to or otherwise have access to the Integration; and
- Partner will maintain and update the Integration during the term of the Agreement. Additionally, Partner will continue to maintain and upgrade the Integration after termination of the Agreement until the expiration of all active licenses purchased utilizing the Integration prior to termination of the Agreement.
3. OPENSESAME OBLIGATIONS.
3.1. Delivery. OpenSesame will deliver Courses either (a) to Partner; or (b) directly to the end customer, in each case as specified in the applicable Exhibit(s) and the Partner Program Guide.
3.2. Customer Support. Where OpenSesame is delivering Courses to Partner, OpenSesame shall provide Partner with the applicable technical service and support as set forth in the applicable Exhibit(s) and the Partner Program Guide. At a minimum, Partner will use its best efforts to meet or exceed OpenSesame’s SLA response timing on joint end customer issues.
3.3. Ownership. All right, title and interest (including but not limited to all copyright and other intellectual property rights) in and to the Courses shall remain with the underlying owner of the Courses. All right, title and interest (including but not limited to all copyright and other intellectual property rights) in and to the Products shall remain with OpenSesame.
3.4. Sales, Marketing, and Partner Relationship Support. OpenSesame will provide reasonable sales, marketing, and Partner relationship support, as set forth in any applicable Exhibit(s) and the Partner Program Guide.
3.5. Demo Courses. OpenSesame may, in its sole discretion, select and provision a set of Courses for Partner’s internal use as demo courses in the Partner Platform (if applicable). Partner staff will have unlimited access to such demo courses. Partner may not grant access to demo courses to prospective customers without OpenSesame’s prior written consent.
4. TRADE SECRETS AND CONFIDENTIALITY.
4.1. Trade Secrets and Confidential Information. Both OpenSesame and Partner recognize and acknowledge the value of Trade Secrets and Confidential Information developed by each Party. OpenSesame has developed, or may develop, certain Trade Secrets that offer significant competitive advantages. Similarly, Partner may possess or develop its own Trade Secrets and Confidential Information through its business operations. In the course of the relationship between OpenSesame and Partner, both parties may have access to each other's proprietary Trade Secrets and Confidential Information. These assets are of substantial value to both OpenSesame and Partner, and unauthorized use or disclosure contrary to the terms of this Agreement may cause significant competitive harm and other serious injuries to either Party. For these reasons, both OpenSesame and Partner covenant and agree to comply with the provisions of this Section 4.
4.2. Definition of Trade Secrets. "Trade Secrets" shall mean any information of either OpenSesame or Partner, without regard to form, including, but not limited to, technical or nontechnical data, formulas, patterns, compilations, programs, devices, methods, techniques, drawings, processes, financial data, financial plans, product designs, product plans, or a list of actual or potential customers or suppliers. Such information must not be commonly known by or available to the public and must (a) derive economic value, actual or potential, from not being generally known and not being readily ascertainable by others who can obtain economic value from its disclosure or use; and (b) be the subject of reasonable efforts to maintain its secrecy. Trade Secrets also include any such information described above that either OpenSesame or Partner obtains from third parties and treats as proprietary or designates as trade secrets.
4.3. Definition of Confidential Information. "Confidential Information" shall mean any confidential or proprietary data or information of either OpenSesame or Partner other than Trade Secrets.
4.4. Excluded Information. The terms "Trade Secrets" and "Confidential Information" shall not include any information that (a) becomes publicly known through no fault of either Party; or (b) is known to either Party prior to the date hereof, having been lawfully received from sources other than the disclosing Party. Failure to mark any of the Trade Secrets or Confidential Information as confidential shall not affect their status under this Agreement.
4.5. Protection of Trade Secrets and Confidential Information. All Trade Secrets and Confidential Information shall remain the respective property of OpenSesame or Partner. Each Party shall use the other Party’s Trade Secrets and Confidential Information only for the purpose of performing its obligations under this Agreement and as expressly permitted by this Agreement. Each Party hereby expressly agrees not to use, copy, duplicate, transfer, transmit, disclose, reveal, disseminate, or permit any unauthorized person access to the other Party’s Trade Secrets or Confidential Information without the disclosing Party's prior written consent. The obligations regarding Confidential Information shall expire five (5) years after termination of this Agreement. The obligations regarding Trade Secrets shall survive for the longer of (a) five (5) years after termination of this Agreement, or (b) as long as such information remains a trade secret under applicable law. Each Party will ensure its officers, employees, agents, and contractors comply with the terms of this Section 4 and will be responsible for any breach of this Section 4 by its officers, employees, agents, or contractors.
5. COMMISSIONS AND PAYMENTS.
5.1. Partner Commission For Content Sales. Partner will be entitled to a sales commission for sales of OpenSesame subscriptions, Courses, and/or Products closed in accordance with this Agreement and the Partner Program Guide (“Sales Commission”), as further described in the applicable Exhibit(s) and the Partner Program Guide and this Section 5.
- Paid Partner Events. Leads initially independently generated via OpenSesame attending an event hosted by Partner shall not be subject to any Sales Commission hereunder if OpenSesame is required to sponsor, or otherwise pay, to attend such event.
- Alternative Commission Agreements. In cases where Partner and OpenSesame mutually agree to cooperate to jointly close a transaction that is not in accordance with the terms of any applicable Exhibit(s), the Parties will agree to an alternative commission structure. Any such agreement will be documented by email confirmation generated by OpenSesame’s Director or VP of Partnerships.
5.2. Taxes. In the event that the sale or delivery of any of the Courses or Products to any end-user is subject to any tax, OpenSesame shall collect and remit to the competent tax authorities such taxes. Sales Commissions shall be net of any such taxes.
5.3. Multiple Lead Priority Commission Rules. If multiple partners of OpenSesame register a referral lead, the partner that wins the platform and/or services transaction receives the commission. If none of the partners win the transaction, the first partner to register the referral lead receives the commission.
5.4. Right to Offset. Partner acknowledges and agrees that, in the event OpenSesame owes payment to Partner under this Agreement, OpenSesame shall have the right to offset any amounts due and payable to Partner against any amounts that remain outstanding and unpaid by Partner to OpenSesame. Such set-off shall not relieve Partner of its obligations to pay any remaining balance owed after the set-off is applied, nor shall it limit OpenSesame’s rights and remedies under this Agreement or applicable law. This Section shall survive termination or expiration of this Agreement.
6. TERM AND TERMINATION.
6.1. Term. Unless otherwise agreed to in an Enrollment Agreement, this Agreement shall begin on the Effective Date and, subject to earlier termination in accordance herewith, continue for one year (the “Initial Term”), after which the Agreement shall automatically renew for consecutive one-year renewal terms (each a “Renewal Term”) unless one Party provides the other written notice no later than thirty (30) days prior to the expiration of the then-current Initial or Renewal Term, as applicable, of its intention to allow the Agreement to expire at the end of such term (the Initial Term and Renewal Term, collectively, the “Term”).
6.2. Termination. This Agreement may be terminated upon written notice: (a) by either Party upon thirty (30) days’ written notice for the material breach of the other Party that remains uncured following the 30 days’ notice; (b) by either Party immediately if the other Party files for or has instituted against it any proceedings as to its bankruptcy, insolvency, reorganization, liquidation, receivership, or dissolution or there is an assignment for the benefit of creditors. Additionally, OpenSesame may terminate this Agreement upon written notice in the event it, in its sole discretion, discontinues the Partner Program.
6.3. Effect of Termination. Upon termination or expiration of this Agreement, the rights and licenses granted to Partner pursuant to hereunder shall terminate, and Partner shall immediately cease using OpenSesame’s Marks and shall also cease marketing, promoting, advertising and selling the Courses and Products, and return to OpenSesame any Confidential Information provided to or obtained by Partner pursuant to this Agreement.
7. REPRESENTATIONS AND WARRANTIES.
7.1. By OpenSesame. OpenSesame represents and warrants that (a) it has the right, power and authority to enter into this Agreement and to fully perform its obligations hereunder (b) it possesses all rights necessary to grant the rights to Partner contemplated by this Agreement, and (c) it will comply with all applicable legal standards, laws, regulations, rules, orders, and other requirements of governmental and other authorities with respect to its performance hereunder.
7.2. By Partner. Partner represents and warrants that (a) it has the right, power and authority to enter into this Agreement and to fully perform its obligations hereunder, and (b) it will comply with all applicable legal standards, laws, regulations, rules, orders, and other requirements of governmental and other authorities with respect to its performance hereunder.
7.3. Disclaimer. EXCEPT AS EXPRESSLY SET FORTH HEREIN, NEITHER PARTY MAKES ANY WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED OR STATUTORY, RELATING TO THIS AGREEMENT, OR ITS PERFORMANCE HEREUNDER.
8. INDEMNIFICATION.
8.1. By OpenSesame. OpenSesame agrees to defend, indemnify and hold Partner and its respective employees, agents, representatives, managers, officers and directors harmless from and against any and all damages, costs and liabilities, including reasonable attorneys' fees, arising out of or related to any third-party claim for damages arising from the breach of any representation, warranty or covenant herein by OpenSesame.
8.2. By Partner. Partner agrees to defend, indemnify and hold OpenSesame and its Partners, and their respective employees, agents, representatives, managers, officers and directors, harmless from and against any and all damages, costs and liabilities, including reasonable attorneys' fees, arising out of or related to any third-party claim for damages arising from (a) the breach of any representation, warranty or covenant herein by Partner, or (b) Partner’s breach of Section 2.8 (No Unauthorized Representations).
8.3. Conditions. Each Party’s indemnification obligations hereunder shall be conditioned upon (i) prompt written notice by the indemnified Party to the indemnifying Party of any claim, action or demand for which indemnity is claimed; (ii) complete control of the defense and settlement thereof by the indemnifying Party; and (iii) such reasonable cooperation by the indemnified Party in the defense as the indemnifying Party may request.
9. LIMITED LIABILITY.
EXCEPT FOR INFRINGEMENTS OF OPENSESAME’S INTELLECTUAL PROPERTY RIGHTS, OR VIOLATIONS OF SECTION 2.3 (RESTRICTION ON GOING DIRECT) OR 2.8 (NO UNAUTHORIZED REPRESENTATIONS) BY PARTNER, IN NO EVENT WILL EITHER PARTY BE LIABLE FOR: (A) LOST PROFITS OR FOR INDIRECT, INCIDENTAL, CONSEQUENTIAL, PUNITIVE, SPECIAL OR EXEMPLARY DAMAGES, REGARDLESS OF THE NATURE OF THE CLAIM GIVING RISE TO SUCH DAMAGES, WHETHER IN CONTRACT OR IN TORT, INCLUDING NEGLIGENCE, AND EVEN IF SUCH PARTY WAS ADVISED IN ADVANCE OF THE POSSIBILITY OF SUCH DAMAGES, OR (B) AGGREGATE TOTAL LIABILITY UNDER THIS AGREEMENT IN EXCESS OF THE AMOUNT OF SALES COMMISSIONS EARNED BY PARTNER HEREUNDER IN THE TWELVE (12) MONTHS PRIOR TO THE EVENTS GIVING RISE TO THE CLAIM.
10. GENERAL PROVISIONS.
10.1. Parties’ Relationship. Partner has no express or implied authority to assume or create any obligation on OpenSesame’s behalf, and shall disclaim any such authority whenever necessary to avoid confusion. In no case shall either Party or its subsidiaries or partners be deemed the other’s agents or representatives, nor shall either Party or its subsidiaries or partners have the right to conclude any contract or commitment in the other’s name, nor to make any representation, guarantee or warranty on behalf of the other Party or any of its licensors to any third party, including end-users.
10.2. Governing Law. This Agreement and any controversy arising out of or in relation to it shall be governed by the law of the state of Delaware, without regard to its choice of law provisions.
10.3. Severability. If any provision of this Agreement shall be declared void, invalid, or illegal, the validity or legality of all other provisions of the Agreement shall not be affected thereby.
10.4. Notices. Any notices or communications under this Agreement shall be in writing and deemed given (a) if to OpenSesame, upon receipt when sent to legal-notices@opensesame.com, and (b) if to Partner, upon receipt when sent to the email provided by Partner to OpenSesame on its Enrollment Agreement, or as updated by notice to OpenSesame from time to time.
10.5. Assignability. Neither Party shall assign or transfer this Agreement without the other Party’s prior written consent, upon which this Agreement shall bind and inure to the benefit of the assigns; provided, however that OpenSesame may assign this Agreement without obtaining prior written consent if such assignment is to any entity that acquires OpenSesame’s business through operation of a merger or consolidation, or purchase of all or substantially all of OpenSesame’s assets that relate to the business contemplated by this Agreement.
10.6. No Waiver. Any failure of either Party to enforce at any time, or for any period of time, any provision of this Agreement, shall not constitute a waiver of such provision or in any way affect the validity of this Agreement.
10.7. Complete Agreement. This Agreement constitutes the entire agreement between the Parties with respect to the subject matter hereof, and supersedes all prior intentions, proposals, understandings, communications and agreements, oral or written, relating to the subject matter of this Agreement. This Agreement will not be binding upon the Parties until it has been signed by each Party's authorized representative.
10.8. Remedies Cumulative. All rights and remedies, whether conferred hereunder, or by any other instrument or law will be cumulative and may be exercised singularly or concurrently. The rights and remedies of the Parties provided in this Agreement shall not be exclusive but are in addition to any other rights and remedies provided by law or this Agreement.
10.9. Public Disclosures. Neither Party shall disclose the terms or existence of this Agreement without the consent of the other Party. Notwithstanding the foregoing, the Parties may mutually agree upon a press release to be issued promptly after the Effective Date of this Agreement.
10.10. Reporting. If you believe you have witnessed an employee or representative of OpenSesame engaging in unethical or illegal conduct, please notify our legal team via email at legal-notices@opensesame.com, or via our anonymous hotline at 833-222-4148.
EXHIBIT A
DESCRIPTION OF GTM MOTIONS
The terms and provisions of this Exhibit are incorporated into the OpenSesame Partner Program Terms and Conditions (“Agreement”). Any terms used in this Exhibit shall have the same meaning as defined in the Agreement, unless otherwise specified. This Exhibit is subject to all terms, conditions, and provisions of the Agreement, and in the event of any conflict between this Exhibit and the main body of the Agreement, the terms of the main body of the Agreement shall prevail.
The terms below apply to specific Partner Program GTM Motions. Partners participating in each specific Partner Program GTM Motion must comply with the applicable terms.
I. REFERRAL MOTION
- Registering Leads. Partner may refer sales leads to OpenSesame for the sale of individual Courses, Course Bundles, Plus subscriptions, and/or other Products in accordance with this Exhibit and the Partner Program Guide. Partner shall register a sales lead with OpenSesame for organizations with 100 or more employees by completing an online customer lead registration form provided by OpenSesame that includes company name and contact information (such form the “Lead Registration Form” and each submitted lead a “Registered Lead”). Partner shall not register leads for organizations with fewer than 100 employees. Lead Registration must be submitted in accordance with Section I.2 (Lead Engagement Process), below, and the timing of submissions in certain cases may impact commission eligibility as set forth in the Agreement and Section I.3 (Sales Commission), below. The Lead Registration Form may be made available via link or via a partner portal website. It is the Partner’s responsibility to submit Lead Registration Forms. Registered Leads shall remain valid unless (a) inactive for a period of twelve (12) months or (b) OpenSesame rejects the Registered Lead in the case where the referred company is an existing or prospective customer of OpenSesame with an open opportunity in its system. “Valid Leads” shall refer to Registered Leads where neither (a) or (b) in the preceding sentence apply.
- Lead Engagement Process. For all Registered Leads, OpenSesame will assign an account executive promptly after receiving Partner’s Lead Registration Form except where it determines the Registered Lead is not valid in accordance with subsection 1(b), above. Partner will introduce OpenSesame’s assigned account executive to the Registered Lead as early as possible in the process. Partner will not provide any information to the Registered Lead relating to OpenSesame pricing, attempt to align OpenSesame Products to the Registered Lead’s needs, or answer content or product questions from the Registered Lead prior to this introduction and written approval from OpenSesame. This includes, but is not limited to, providing pricing (including but not limited to quotes taken from OpenSesame’s website), demos, or course mappings. OpenSesame will take the lead in the sales process upon Partner’s introduction. Partner is not required to assist in closing a referral deal, and OpenSesame is not required to seek or allow Partner’s assistance.
- Sales Commission.
- Subject to subsection I.3(c), below, Partner will be entitled to a Sales Commission for Registered Leads that convert to a closed transaction of OpenSesame Courses and/or Products within three (3) years of lead registration without an inactive period during the 3 years longer than twelve (12) months (each a “Closed Transaction”).
- Sales Commission for Closed Transactions shall be the amount listed in the Partner Program Guide for the applicable Tier, in effect as of the date the Closed Transaction is closed.
- Notwithstanding anything to the contrary, Partner will not be entitled to a Sales Commission for the following transactions unless the Partner Program Guide explicitly provides otherwise for Partner’s applicable Tier, in effect as of the date such transaction is closed: (i) upsells initiated by OpenSesame and made during the initial sale period of a Closed Transaction; (ii) renewals of Closed Transactions; (iii) Closed Transactions for OpenSesame Plus via a monthly license, even where the customer is a Registered Lead; and (iv) sales to organizations with fewer than 100 employees.
- Payment of Sales Commissions to Partner.
- All Sales Commissions shall be processed by OpenSesame to Partner on a monthly basis. Payments shall include Sales Commissions from sales for which OpenSesame receives customer payment within the preceding month leading up such monthly payment. If Partner’s Tier makes it eligible for commission on the entire initial term of multi-year contracts, Partner will be paid annually based on the full value of the contract divided by the number of years.
- In the event that a customer referred by Partner hereunder receives a refund for a content sale for which a Sales Commission has previously been paid (a “Deficit”), OpenSesame shall deduct an amount equal to such Sales Commission from the current monthly and/or future monthly payments. In the event that this Agreement is terminated and there is an unsatisfied Deficit, Partner will pay such amount upon receipt of an invoice therefore.
- Prior to releasing payment, OpenSesame may be required to collect additional information to comply with United States tax laws.
II. CO-SELLING MOTION
- Co-Selling Motion. Partner may directly sell certain OpenSesame products, services, or content on Partner’s purchase contract in cases where Partner is selling the subscription to its existing customers or prospects (each an “End Customer”) that also purchase Partner’s platform and/or services (an “Co-Selling Transaction”), subject to Partner’s compliance with the terms of the Agreement, this Exhibit, and the Partner Program Guide. The OpenSesame products, services, or content eligible for Co-Selling Transactions depends on Partner’s Tier, as detailed in the Partner Program Guide.
- General. OpenSesame sales and implementation staff will work directly with the End Customer through the sales and implementation process and provide customer relationship support and management. While Partner may take the lead as the primary contact for engagements during the sales cycle, OpenSesame will assist Partner at all stages of the sales process to the extent OpenSesame deems necessary.
- Process. OpenSesame will issue a quote to Partner for each Co-Selling Transaction in the form of a Sales Order, which will include payment, term, and invoicing terms as between OpenSesame and Partner. Partner will then complete and submit OpenSesame’s Co-Selling Order Form (“Co-Selling Order Form”), and will in each instance reference the applicable Sales Order in the Co-Selling Order Form. The completed Co-Selling Order Form will be binding on the Parties upon OpenSesame’s acceptance, which OpenSesame will provide or deny within 1 business day of receipt. Failure by OpenSesame to reject a Co-Selling Order Form within that timeframe will constitute acceptance. A signature shall not be required on the Co-Selling Order Form or underlying Sales Order for it to be binding on both Parties. Unless the Sales Order referenced in a Co-Selling Order Form explicitly states otherwise, all purchases of OpenSesame subscriptions pursuant to a Co-Selling Transactions shall automatically renew for subsequent 12 month terms, subject to standard OpenSesame pricing changes. Partner is responsible for communicating an End Customer's intent to not renew a purchase of an OpenSesame subscription pursuant to a Co-Selling Transaction.
- Transaction Terms. Co-Selling Transactions shall be made under a written agreement directly between Partner and the End Customer (a “Co-Selling Agreement”), or subject to terms made publicly available on Partner’s website (“Online Terms”). Partner shall ensure all Co-Selling Agreements and/or its Online Terms either (i) contain terms and conditions that are consistent with those found at https://www.opensesame.com/legal as modified from time to time (the “OpenSesame Terms”) or (ii) incorporate the OpenSesame Terms by reference. Partner will promptly provide a copy of any Co-Selling Agreement requested by OpenSesame and/or access to Partner’s Online Terms to confirm compliance with this subsection 1(c), and will promptly correct any noncompliance identified by OpenSesame. Partner will not charge the End Customer more than the price indicated on the quote provided by OpenSesame for such Co-Selling Transaction. In no case will Partner allow the end customer to sublicense or further resell OpenSesame Products or Courses.
- Customer Success Representative. An OpenSesame Customer Success representative will be assigned to the End Customer following the closing of a Co-Selling Transaction, provided the value of the Co-Selling Transaction meets OpenSesame’s then in-effect threshold, which OpenSesame may update from time to time.
- Additional Marketing and Sales Terms. The following shall apply to the Parties’ relationship with respect to the Co-Selling Motion:
- The Parties will develop a content sales business plan that includes a specific annual sales goal broken down by region, number of customers, and average transaction size;
- The Parties shall participate in business reviews that are focused on sales of Courses (and, if eligible, Products);
- Partner will provide its sales team members with quota retirement and commission for closed Co-Selling Transactions;
- Partner will develop and execute marketing programs for Courses (and, if eligible, Products);
- Partner will use marketing assets and messaging made available by OpenSesame in executing the above referenced marketing programs, or, with written permission and content approval from OpenSesame, may elect to create custom assets and messaging;
- Partner will provide access to its sales, account management, marketing, and customer success staff for OpenSesame sales training;
- Each Party will place the other Party’s logo with mention of the partnership on the homepage of the Party’s website;
- Each Party will provide mention of the partnership with the other Party in relevant advertising and sales materials;
- Partner will offer OpenSesame Courses (and, if eligible, Products) as an option in its standard sales presentation;
- If approved by OpenSesame on a case-by-case basis and in OpenSesame’s sole discretion, Partner will include OpenSesame demo courses in Partner Platform demo and trial accounts, if applicable. In such cases, Partner is responsible for limiting prospective customers to a maximum of 30 days of access per user to such trial licenses; and
- Partner will invite OpenSesame to participate in all revenue kickoff and customer and prospect events hosted by Partner, including its user conference, at no cost to OpenSesame.
- Sales Commission.
- For each Co-Selling Transaction, OpenSesame will invoice Partner an amount equal to the list price (or OpenSesame approved reduced sales price) of the applicable product(s) minus the applicable commission percentage, which shall be the amount listed in the Partner Program Guide for the applicable Tier, in effective as of the date the Co-Selling Transaction is closed. Partner’s Sale Commission for Co-Selling Transactions shall be the difference between (y) the amount received by Partner from the End Customer for the OpenSesame product(s) contained in the Co-Selling Transaction, and (z) the amount invoiced by OpenSesame.
- OpenSesame will invoice Partner at the billing frequency specified on the quote issued in conjunction with the applicable Co-Selling Order Form on a net-45 basis. Partner will be responsible for invoicing and collecting funds from the End Customer. Partner’s payment obligation to OpenSesame for a Co-Selling Transaction is not dependent on Partner’s receipt of payment from its End Customer. OpenSesame reserves the right to disable access to OpenSesame Courses and/or Products for an End Customer in the event Partner’s payment to OpenSesame for such End Customer's Co-selling Transaction is more than 60 days past due
- Notwithstanding anything to the contrary, Partner will not be entitled to a Sales Commission for the following transactions unless the Partner Program Guide explicitly provides otherwise for Partner’s applicable Tier, in effect as of the date such transaction is closed: (i) upsells initiated by OpenSesame and made during the initial sale period of an Co-Selling Transaction; (ii) renewals of Co-Selling Transactions; (iii) Co-Selling Transactions for OpenSesame Plus via a monthly license; and (iv) sales to organizations with fewer than 100 employees.
III. FULL RESELLER MOTION
In the event OpenSesame approves Partner to participate in a Full Reseller Motion, the Parties will execute an addendum to the Enrollment Agreement containing the details of such partnership.
IV. OEM MOTION
In the event OpenSesame approves Partner to participate in an OEM Motion, the Parties will execute an addendum to the Enrollment Agreement containing the details of such partnership.
Code of Conduct
Effective March 6th 2025
DownloadTable of Contents
Work Culture
At OpenSesame, we prioritize a work environment built on mutual trust and respect. Professionalism in all workplace interactions is essential, and we commit to addressing and aligning any conduct not reflective of our values.
Equal Employment Opportunity
We ensure equal employment and advancement opportunities for all, based on merit, qualifications, and abilities, without discrimination on any protected characteristics.
Harassment-Free Workplace
Every employee has the right to work in an environment free from all forms of unlawful discrimination and harassment, including sexual harassment.
Reporting Harassment
If harassment occurs, it should be reported immediately to a manager, the Director of People, or the President/CEO.
Whistleblower Protection
We protect whistleblowers reporting illegal or dishonest activities, ensuring confidentiality and prohibiting retaliation.
Internet Usage
Internet access and company-provided assets (laptops, VPNs, cloud applications are for work-related activities, with reasonable limits for personal use. Personnel may not:
- Access malicious, obscene, or harassing content; or
- Download or install unauthorized software on company systems.
Confidentiality and Non-Disclosure
Protecting confidential information is crucial. Employees are required to sign a Proprietary Rights Agreement, prohibiting the disclosure of sensitive information.
Business Ethics and Conflicts of Interest
Compliance with laws and ethical conduct is required. Conflicts of interest (e.g. outside business relationships) must be disclosed to ensure transparency and avoid unethical gains.
Environment
We minimize our environmental footprint through remote work. We comply with applicable environmental laws and regulations.
Compensation and Labor Rights
We commit to meeting or exceeding applicable laws related to compensation. We respect the rights of our employees to organize and collectively bargain. We do not engage in forced labor or hiring of employees under the minimum age limit.
Data Protection and Privacy
Personnel that handle confidential information, customer data, or personally identifiable information (PII) must:
- Follow OpenSesame’s Data Protection Policy and comply with relevant privacy laws (e.g., GDPR, CCPA).
- Not share, transfer, or store sensitive data outside approved OpenSesame systems.
- Immediately report any suspected data breach or unauthorized access.
Security Awareness and Responsibilities
All personnel must complete security awareness training and adhere to OpenSesame’s Information Security Policies, including:
- Safe password management (no credential sharing).
- Phishing awareness (avoiding suspicious emails and links).
- Handling sensitive data securely (following encryption and access control policies).
Failure to follow these security practices may result in termination of access or engagement.
Secure Use of Systems and Access Controls
- Personnel must use OpenSesame's IT systems responsibly.
- Unauthorized access, credential sharing, or attempting to bypass security controls is strictly prohibited.
- Any lost, stolen, or compromised access credentials must be reported immediately.
Incident Reporting and Response
If personnel become aware of a security incident, data breach, or policy violation, they must report it immediately to OpenSesame’s security team via:
security@opensesame.com (for security-related concerns)
helpdesk@opensesame.com (for IT support, technical issues, and immediate security reporting)
Failure to report security incidents may result in loss of access or other corrective actions.
User Account Terms
Effective May 19th 2026
DownloadTable of Contents
If you use your online OpenSesame user account to purchase Courses online, in addition to the OpenSesame Terms, these User Account Terms also apply. To the extent you or your employer purchases services from OpenSesame pursuant to a signed contract, these terms do not apply to your use of such services.
REGISTRATION. You understand and agree to the following:
- You must use a valid e-mail address and create a username during the registration process.
- You are responsible for all uses of your account. You must keep your password confidential. We may refuse, at our sole discretion, to allow you to register a username that is trademarked, inappropriate, or impersonates another individual.
- You agree to let OpenSesame immediately know of any unauthorized use of your account.
- If you are less than 13 years old, you may not use OpenSesame. If you are between 13 and 17 years old, then you must have parental consent to use this service. By registering for OpenSesame, you are indicating that you have the capacity to understand these OpenSesame Terms. OpenSesame will not be held liable for any loss or damage for non-compliance.
- You understand and agree that OpenSesame does not control, verify or endorse Courses.
- When registering with OpenSesame, you must provide, and maintain, accurate, current, and complete information about yourself.
- OpenSesame reserves the right to refuse the service to any user.
- You may only use the OpenSesame website for the limited purpose of researching and purchasing elearning courses. You may not use the OpenSesame website for any other purpose, including, but not limited to, researching OpenSesame customers and partners. You may not collect and record data from the OpenSesame website, except for the limited purpose of researching the potential purchase of elearning courses. Under no circumstances, may you use automated methods to crawl, scrape, or otherwise collect data from the OpenSesame website.
DEACTIVATION. If you are buying a course directly through the OpenSesame website with an online user account, you can deactivate, or terminate, your online user account at any time and for any reason. OpenSesame can also deactivate, or terminate, your online user account at any time and for any reason. We also reserve the right to use any means (legal, operational, or technological) available to enforce these terms. Once deactivation occurs, your rights to access the OpenSesame marketplace will cease to exist.
YOUR WARRANTIES. You warrant and represent to OpenSesame that: (1) (a) You are not a minor, or (b) If you are between the ages of 13 and 17 that you have parental consent and agreement to use the OpenSesame marketplace; and (2) You have the legal right and ability, including all the ownership, license, proprietary, and other rights necessary to agree to and abide by these User Account Terms and the OpenSesame Terms (including, if you are agreeing to these OpenSesame Terms on behalf of an entity, that you have been duly authorized to bind such entity to these User Account Terms and the OpenSesame Terms).