IoTPI

Terms of Use

Effective Date: May 28, 2026

The Internet of Things Privacy Infrastructure Website is a portal under which Carnegie Mellon University (“CMU”) provides part of the Internet of Things privacy infrastructure (“IoT privacy infrastructure” or “IoT PI”) created under a research project directed by Prof. Norman Sadeh. The IoT PI enables people and organizations to inform the public about the presence of IoT devices, IoT services, and IoT systems (collectively referred to as “IoT Resources”) deployed in a given area, such as a university campus, a building, a shopping mall, a room, a stadium, a city block, an entire neighborhood, or a larger geographical area. The Internet of Things Privacy Infrastructure Project has two components:

1) The Internet of Things Assistant (“IoTA”) mobile app (“IoTA Mobile App”), which helps users discover IoT Resources deployed in their vicinity by identifying and querying registries of IoT Resources that pertain to the user’s current location (“IoT Resource Registries” or “IRRs”). The IoTA Mobile App informs the user about the data collection and use practices associated with the IoT Resources it discovers. The IoTA Mobile App also enables users to discover and configure privacy settings that may be offered by IoT Resources (e.g.,. data deletion, opting in or out of some data collection or sharing practices, or data access requests). CMU does not control how IoT resource operators respond to privacy requests submitted through the Services, whether through a third-party portal or via email. CMU cannot guarantee that any IoT resource operator will honor, acknowledge, or respond to a privacy request, and is not responsible for any failure by an IoT resource operator to fulfill a request. When they allow their IoTA Mobile App to track their location and send them notifications, users may receive notifications about nearby IoT Resources.

2) The IoT PI website (currently available at https://www.iotprivacy.io as "the Internet of Things Portal") which enables people and organizations to inform the public about the presence of IoT Resources deployed in different areas. Using the IoT PI website, individuals and organizations can request the creation of IRRs. Individuals and organizations can also use the IoT PI website to create descriptions of IoT Resources (“IoT Resource Listings”) and to publish them, enabling mobile users to discover published IoT Resource Listings using their IoTA Mobile App. The IoT PI website also enables users to create partial descriptions of IoT Resources that can be used as a starting point to create IoT Resource Listings (“IoT Resource Templates”). These IoT Resource Templates can be re-used and edited to publicize the presence of identical or similar IoT Resources at other locations.

Each IoT Resource Listing includes a description of the data collection and use practices associated with a given IoT Resource, which may include, among other things, what data the Resource collects, how it is used, who it is shared with, for how long the data is retained, etc. More generally, IoT Resource Listings are a way of publicizing the presence of IoT Resources in a given area (e.g., publicizing the presence of license plate readers at the entrance and exit of a parking garage, or the presence of facial expression recognition cameras to adjust marketing messages shown to people on TV screens in a shop window).

Platform Role; Neutral Host. The IoT PI operates as a neutral hosting platform. CMU does not author, create, generate, select, edit, review, approve, or verify User Content submitted to the IoT PI or to any IoT Resource Registry ("IRR"). Notwithstanding the foregoing, CMU may from time to time submit or publish certain IoT Resource Listings in its capacity as an IoT resource operator. The neutral host provisions of these TOU apply exclusively to User Content submitted by users other than CMU; CMU takes responsibility for the accuracy and lawfulness of such listings to the same extent as any other IoT Resource operator. All IoT Resource Listings, IoT Resource Templates, and other User Content are submitted by users and third-party contributors, except to the extent CMU acts as an IoT resource operator as described above, and CMU makes no representations or warranties regarding the accuracy, completeness, legality, or fitness for any purpose of such submissions. CMU’s role is limited to providing the technical infrastructure and platform through which users may contribute and access information. Nothing in these TOU shall be construed as making CMU a publisher, editor, or co-developer of any User Content for purposes of applicable law, including Section 230 of the Communications Decency Act (47 U.S.C. § 230).

BY CLICKING “Agree,” ACCESSING AND/OR USING THE IOT PI, YOU ARE AGREEING TO THESE TERMS OF USE (THE “TOU”) ON BEHALF OF YOU AND YOUR ORGANIZATION TO THE EXTENT YOU ARE ACCESSING THE APPLICATION ON BEHALF OF AN ORGANIZATION. THESE TOU ARE A LEGALLY BINDING AGREEMENT WITH CMU WITH RESPECT TO THE IOT PI.

IF THESE TOU ARE NOT ACCEPTABLE TO YOU AND YOUR ORGANIZATION, YOU MUST CLICK "Disagree" AND YOU, YOUR ORGANIZATION AND ITS USERS MAY NOT ACCESS OR USE THE IOT PI.

Additional Terms. Certain features of the IoT PI may be subject to additional terms (“Additional Terms”) presented in conjunction with the features. Regardless of how they are presented to you, you must agree to these Additional Terms before using the features of the IoT PI to which they apply. Unless otherwise specified in these Additional Terms, all Additional Terms are incorporated into this Agreement. If you do not agree to these Additional Terms, then you may not use the features to which they relate. This Agreement and Additional Terms apply equally but, if any Additional Term is inconsistent with any provision of this Agreement, the Additional Term will prevail for the IoT PI functionality or features to which the Additional Terms apply.

From time to time, CMU may conduct academic research studies in connection with the Services. Participation in any such study is voluntary and will be subject to a separate consent process and notice at the time of participation.

Eligibility; Account Set-Up; User Account Names and Passwords.

The IoT PI is intended for use only by individuals who are at least 18 years of age. By accessing or using the IoT PI, you represent and warrant that: (i) you are at least 18 years of age; (ii) you have the legal capacity and authority to enter into a binding agreement; and (iii) if you are accessing or using the IoT PI on behalf of an organization, you have the authority to bind that organization to these TOU. CMU reserves the right to terminate any account that CMU, in its sole discretion, determines is held by or on behalf of a person who does not meet these eligibility requirements. The IoT PI is not directed at children under 13 years of age, and CMU does not knowingly collect personal information from children under 13. If CMU becomes aware that it has collected personal information from a child under 13 without verifiable parental consent, CMU will take steps to delete that information.

The user’s full legal name, an email address and password will be required to access the IoT PI (currently available at https://www.iotprivacy.io), to request the creation of an IRR, to create IoT Resource Listings, to request the publication of these IoT Resource Listings in one or more IRRs, and to create IoT Resource Templates. People can request the creation of an account at https://www.iotprivacy.io/register. To enable the account set-up, you must provide a user account name for each person at your organization who intends to access the IoT PI. Each individual user must create and maintain their own separate account; shared accounts are not permitted. If you are accessing or using the IoT PI on behalf of an organization, CMU may require you to register using an email address associated with that organization.

User accounts can be granted different roles: IRR owners/administrators or IRR contributors, or IoT Resource Template contributors. These roles are all specific to a given IRR. These roles entail different levels of access through the IoT PI. Users agree not to share their user account names and passwords with others.

Account Security; Accuracy of Information. You are solely responsible for maintaining the confidentiality and security of your user account credentials, including your username and password. You agree to: (i) provide accurate, current, and complete information when registering for an account and when submitting any information through the IoT PI, and to update such information promptly to keep it accurate, current, and complete; (ii) notify CMU immediately at cmu-iotpi@lists.andrew.cmu.edu if you become aware of any unauthorized access to or use of your account, your username or password, or any other breach of security; (iii) log out of your account at the end of each session where practicable; and (iv) use particular caution when accessing your account from a public or shared computer or network so that others are not able to view or record your credentials or other personal information. CMU will not be liable for any loss or damage arising from your failure to comply with these obligations. You acknowledge that your account is personal to you and you agree not to share access to your account with any person who has not been separately granted a user account by CMU.

Accuracy of Registration Information. It is a condition of your use of the IoT PI that all information you provide during account registration and in connection with your use of the IoT PI — including information submitted in connection with IRR creation requests, IoT Resource Listings, and IoT Resource Templates — is correct, current, and complete. CMU reserves the right to disable or terminate any account for which inaccurate, fraudulent, or misleading registration information has been provided, in CMU’s sole and absolute discretion.

IRR Owners/Administrators: To be an IRR owner/administrator, you will need to complete a request form, in which you will provide your name, contact email, organization name and type, and a description of the purpose for which you plan to use each registry you are requesting, including the area it will cover, namely the area where it will be allowed to publicize the presence of IoT Resources. The information you provide may be used in part to vet your request, prevent abuse and to contact you. Once an IRR is created for you by CMU, you automatically become the “owner” or "IoT resource operator" of the IRR. As owner/operator, you have administrator privileges for the IRR, to the extent you have agreed to the Terms of Use https://www.iotprivacy.io/terms-of-use and acknowledged the Privacy Policy https://www.iotprivacy.io/privacy-policy. IRR owners/administrators have overall responsibility for approving requests to publish IoT Resource Listings in their IRRs and establishing adequate procedures to manage content published in their IRRs.

If you are an IRR owner/administrator you agree that you are the (data) controller (as defined under the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”)) of information you publicize through the IRRs you own or manage. You agree that you: (i) have provided adequate notice and obtained any necessary consents from data subjects required for personal data collected in connection with an IRR you own or manage, and (ii) have abided by any privacy choices (including opt-out preferences) of data subjects relating to the personal data you collect.

IRR Contributors: To be an IRR contributor, you will need to create an IoT PI user account with a display name and a valid email address. The information you provide may be used in part to vet your contributions, to prevent abuse and to contact you. IRR contributors can enter descriptions of IoT Resource Listings using a form that includes fields such as the location where the IoT Resource will be discoverable and the data it collects. There are two ways to publish IoT Resource Listings: self-publication by IRR contributors and publication in an IRR through publication submissions. For self-publication, each IRR contributor can publish IoT Resource Listings and is responsible for the content of their IoT Resource Listings. For publication in an IRR, publication submissions may be vetted by the corresponding IRR owner/administrator, and different IRR owners/administrators may have different policies. Note that administrators of specific IRRs have the authority to decide whether or not a particular IoT Resource Listing gets published in that IRR, and CMU cannot guarantee that any particular IoT Resource Listing will be published.

Once an IoT Resource Listing is published, it will be publicly discoverable through the IoT privacy infrastructure and in particular users using their IoTA Mobile App. Since their contents are not vetted by Registry owner/administrators, self-published IoT Resource Listings may be shown differently from IoT Resource Listings published in an IRR. IRR contributors are responsible for the descriptions of their IoT Resource Listings.

Since the purpose of IoT Resource listings is to provide information to all users of the IoT privacy infrastructure, information displayed about resources and registries in the app will include information identifying the owner of the resource or the registry, whether an individual or an organization.

If you are an IRR contributor, you agree that you are authorized to share any information you contribute to an IRR. You agree not to include, in any free-text description or other fields not specifically designated for operator or owner identification, any personal data about a private individual — including home addresses, personal phone numbers, personal email addresses, or precise geolocation information linked to a private individual’s identity — unless you have the right to disclose such information and its disclosure is necessary and appropriate for the transparency purpose of the relevant registry. You further agree not to include any content designed to harass, intimidate, stalk, or facilitate the doxxing of any individual, as further described in the Registry Submission Restrictions section of the Privacy Policy. IoT Resource Templates may be reused and edited by their creator. If CMU enables template sharing in the future, CMU may make templates — and associated contributor identification information — visible to other users, subject to additional terms and notice at that time.

Content. "Content” means all information, data, text, photographs, graphics, video, messages, tags, or other materials accessed, posted and/or transmitted through the IoT PI. "User Content" is any Content provided by and/or originating from a user (regardless of whether IRR owner/administrator, IRR contributor, or IoT Resource Template contributor). “IoT PI Content” is Content provided by and/or originating from the IoT PI. As used herein, "Content" refers to both User Content and IoT PI Content unless expressly stated otherwise. CMU is not responsible for any User Content that is uploaded, posted, emailed, transmitted or otherwise made available via the IoT PI. CMU does NOT make any warranties or guarantees about the accuracy, integrity or quality of any Content, including any User Content submitted by IRR Owners/Administrators, IRR Contributors, or IoT Resource Template Contributors. CMU does not verify or pre-screen User Content prior to publication, and the publication of any User Content through the IoT PI does not constitute CMU’s endorsement, verification, or approval of such content. You, your organization and its relevant users must evaluate the risks associated with the use of any Content, including any reliance on the accuracy, completeness, or usefulness of such Content. CMU is not assuming liability in any way for any Content, including, but not limited to, any errors or omissions in any Content, or any loss or damage of any kind incurred as a result of the use of any Content posted, emailed, transmitted or otherwise made available via the IoT PI. These terms do not preclude you from pursuing legal action to seek compensation in the event of malpractice, negligence, blame, fault, or guilt on the part of those involved in the research study (including CMU). CMU and its designees shall have the right (but not the obligation) in their sole discretion to pre-screen, refuse, or move any Content for any reason. Should User Content be found or reported in violation of these TOU, it will be CMU’s sole discretion as to what action should be taken, including removal of such Content and/or the suspension or termination of the applicable account(s) (see “Revocation, Suspension or Termination of Accounts” section below).

User Representations and Warranties Regarding Submissions. By submitting any User Content to the IoT PI, each user — whether acting as an IRR Owner/Administrator, IRR Contributor, or IoT Resource Template Contributor — represents and warrants to CMU that:

(a) Accuracy. To the best of the user’s actual knowledge, all information submitted is accurate, complete, and not materially misleading at the time of submission. The user has not knowingly fabricated, falsified, or misrepresented any aspect of the submitted User Content, including the identity of any IoT Resource operator, the location of any IoT Resource, or any data collection or privacy practice described therein.

(b) Lawful Basis. The user has a lawful basis and sufficient authorization to share, submit, and publish the information included in the submission. Where any submission includes information about a third-party organization or individual in their professional or organizational capacity, the user represents that such information is either: (i) publicly available from a governmental, regulatory, or widely distributed public source; (ii) provided pursuant to the third party’s express consent; or (iii) otherwise lawfully available to the user for publication consistent with applicable law.

(c) No Privacy Violations. The submission does not violate the privacy rights of any individual, including the right of private individuals to be free from the unauthorized publication of their personal identifying information. Without limiting the foregoing, the user represents that the submission does not include the home address, personal geolocation data, personal phone number, personal email address, biometric identifiers, health information, financial account information, or other sensitive personal information of any private individual, unless that information has been voluntarily made publicly available by that individual in an unrestricted manner.

(d) No Harmful Intent. The user does not intend, know, or recklessly disregard that the submission will be used to harm, harass, stalk, threaten, intimidate, or target any individual. The submission is not designed to facilitate coordinated harassment, doxxing, or discrimination.

(e) No Intellectual Property or Legal Violations. The submission does not infringe any copyright, trademark, trade secret, patent, or other intellectual property rights of any third party, and does not violate any applicable law, regulation, or court order.

CMU reserves the right to rely on these representations and warranties in determining whether to publish, retain, or remove any User Content. A user’s breach of any of the foregoing representations and warranties shall constitute a material violation of these TOU and may result in immediate suspension or termination of the user’s account and removal of associated User Content.

Permitted Use/Availability of the IoT PI. Subject to other relevant provisions of the TOU, the IoT PI may be used by individuals and organizations for transparency, informational, academic, educational, and other lawful purposes consistent with the Services’ intended functionality. Use of the IoT PI to operate a paid listing, advertising, or directory-resale service — including charging third parties for inclusion in a registry or resource listing — is prohibited without CMU’s prior written approval. Except for these limited rights, no other rights are granted to the IoT PI and Users may not copy, reproduce, alter, modify, create derivative works, or publicly display any part of the IoT PI. CMU (and/or its content providers, as applicable) own and retain all intellectual property rights they have in and to the IoT PI, including but not limited to the IoT PI Content and the underlying IoT privacy infrastructure.

Intellectual Property Rights; Ownership. The IoT PI website and its contents, features, and functionality — including but not limited to all IoT PI Content, software, text, displays, images, graphics, data, and the design, selection, and arrangement thereof — are owned by CMU, its licensors, or other providers of such material and are protected by United States and international copyright, trademark, patent, trade secret, and other intellectual property and proprietary rights laws. No right, title, or interest in or to the IoT PI or any IoT PI Content is transferred to you by virtue of your access or use of the IoT PI, and all rights not expressly granted in these TOU are reserved by CMU. Any access to or use of the IoT PI not expressly permitted by these TOU constitutes a breach of these TOU and may violate copyright, trademark, and other applicable laws.

Permitted Uses of IoT PI Content. Subject to these TOU, you may: (i) access and use the IoT PI and IoT PI Content for your transparency, informational, academic, educational, and other lawful purposes consistent with the Services’ intended functionality; (ii) temporarily store copies of IoT PI Content in your browser cache incidental to accessing and viewing such content; and (iii) print or download a single copy of a reasonable number of pages of the IoT PI website for your own personal, non-commercial use, provided such copies are not further reproduced, published, or distributed. You must not: (a) reproduce, distribute, modify, create derivative works of, publicly display, publicly perform, republish, or transmit any IoT PI Content except as expressly permitted herein; (b) delete or alter any copyright, trademark, or other proprietary rights notices from copies of IoT PI Content; (c) use any IoT PI Content for any commercial purpose; or (d) use IoT PI Content to develop, train, or improve any artificial intelligence model, machine learning system, or automated data processing tool without CMU’s prior written consent.

Trademarks. "Carnegie Mellon University," "CMU," "IoT Privacy Infrastructure," "IoT PI," "IoTA," and all related names, logos, product and service names, designs, and slogans are trademarks or service marks of Carnegie Mellon University or its affiliates. You must not use any such marks without CMU’s prior written permission. All other names, logos, product and service names, designs, and slogans referenced in the IoT PI that are not owned by CMU are the trademarks of their respective owners. Nothing in these TOU grants you any license or right to use any CMU trademark, service mark, or logo.

CMU shall have the right in its sole and absolute discretion to suspend or terminate any or all of the users’ access to it for any reason. CMU may modify, discontinue, or retire all or any part of the IoT PI at any time and has no obligation to continue making the IoT PI available, including on a free-of-charge basis. As specified below, the IoT PI and IRRs are provided on an “AS-IS, AS-AVAILABLE” basis.

Prohibited Uses/Activities. The following activities are prohibited with respect to your and/or your Organization’s and users’ use of the IoT PI: (a) using the IoT PI or any Content in a manner not permitted under these TOU; (b) using another user’s credentials to access and/or use the IoT PI; (c) transmitting or submitting or accessing any User Content that you do not have the right to transmit, submit or access (as applicable); (d) transmitting or submitting any User Content or otherwise taking any action using the IoT PI that is harmful, threatening, abusive, harassing, tortious, defamatory, vulgar, obscene, libelous, invasive of another’s privacy, hateful, discriminatory or racially, ethnically or otherwise objectionable, or that constitutes stalking, doxxing, or the targeted publication of personal identifying information for the purpose of facilitating harm to any individual, or encouraging and/or assisting others to engage in any of these activities; (e) interfering with, removing or modifying any terms and conditions or other Content on the IoT PI and/or any part of the IoT PI used for the operation and/or security of the IoT PI; (f) impersonating any person or entity, including, but not limited to, any CMU personnel, or falsely stating or otherwise misrepresenting your affiliation with a person or entity; (g) knowingly uploading, posting, emailing, transmitting or otherwise making available any User Content that contains software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer software or hardware or telecommunications equipment; (h) interfering with or disrupting the IoT PI or servers or networks connected to the IoT PI , or disobeying any requirements, procedures, policies or regulations of networks connected to the IoT PI (including but not limited to those of any relevant third party service providers used in connection with the IoT PI); (i) taking IoT PI Content from the IoT PI and reformatting it and/or displaying it on any other website; (j) exceeding the scope of the relevant user’s account authority with respect to the user’s use of the IoT PI , for example, a user accessing and using features or content that the user does not have the authority to use, or deleting, adding to, or otherwise changing other people’s entries or other Content when you have not been granted the privileges to do so; (k) using the IoT PI to harass, stalk, intimidate, threaten, or target any individual or group of individuals, including through the submission, publication, or distribution of content that is designed or likely to facilitate harassment, physical harm, stalking, or coordinated abuse directed at a specific person or entity; (l) submitting, publishing, or distributing any User Content that constitutes or facilitates "doxxing," meaning the intentional publication of personal identifying information — including but not limited to home addresses, personal phone numbers, personal email addresses, daily routines, physical descriptions, family member information, or geolocation data of private individuals — with the intent, knowledge, or reckless disregard that such information will be used to harm, threaten, intimidate, or target the individual whose information is published; (m) submitting any User Content that associates surveillance devices or IoT Resources with the personal home address or personal residence of a private individual in a manner not otherwise publicly available, or that could reasonably be used to identify, locate, or target a private individual; (n) knowingly or recklessly submitting User Content that is false, fabricated, materially misleading, or inaccurate, including deliberately misidentifying the owner, operator, or location of an IoT Resource, or misrepresenting the data collection practices of any IoT Resource; (o) using the IoT PI to submit, publish, or distribute content that facilitates discrimination against individuals or groups based on race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, or any other characteristic protected under applicable federal, state, or local law; (p) submitting personal identifying information about any private individual — including names, physical addresses, precise geolocation coordinates tied to a specific private person, personal telephone numbers, personal email addresses, financial account identifiers, government identification numbers, biometric information, or immigration status — for any purpose other than the legitimate identification of an entity that is publicly registered as the operator of an IoT Resource in connection with its professional or organizational capacity; (q) using any robot, spider, scraper, crawler, automated process, script, or other automated means to access, index, monitor, copy, or harvest any portion of the IoT PI, its Content, or any IoT Resource Registry data, for any purpose, without CMU’s prior express written consent, including for the purpose of building datasets, training machine learning models, aggregating IoT Resource data, or creating derivative databases or services; and/or (r) attacking the IoT PI via a denial-of-service attack, distributed denial-of-service attack, or any other attack intended to overwhelm, disable, or degrade the performance of the IoT PI or any server, network, or infrastructure connected to the IoT PI; introducing any virus, Trojan horse, worm, logic bomb, ransomware, spyware, or other malicious or technologically harmful code into the IoT PI; or attempting to gain unauthorized access to, interfere with, damage, or disrupt any part of the IoT PI, the servers on which the IoT PI is hosted, or any server, computer, database, or network connected to the IoT PI.

Revocation, Suspension or Termination of Accounts. CMU retains the right to revoke, suspend and/or terminate any or all user account privileges at any time in its sole and absolute discretion including, without limitation, for any violation of the TOU. To the extent your use of the IoT PI is subject to an applicable consent to participate in research, you acknowledge that CMU may terminate your use of the IoT PI if you withdraw your consent. You may delete your account at any time through the in-app account deletion feature. If your account is associated with any published IoT Resources or IoT Resource Registries for which you are the owner, you will be required to transfer ownership of those resources before deletion can proceed. Upon account deletion, CMU will permanently and irreversibly anonymize all personally identifiable information associated with your account. For further details on how CMU handles your information upon account deletion, please see the Privacy Policy.

Content Removal Rights. In addition to account-level actions, CMU and its designees retain the right — but not the obligation — to remove, restrict access to, edit, or decline to publish any User Content at any time and for any reason, in CMU’s sole and absolute discretion. This right applies regardless of whether the User Content has already been published, whether it has been reported by a third party, or whether CMU has previously reviewed or approved the content. The exercise or non-exercise of this right in any particular instance shall not constitute a waiver of CMU’s right to exercise it in any other instance.

Repeat Offender Policy. CMU shall have the right to implement and enforce a repeat offender policy. Users who repeatedly violate these TOU — including but not limited to repeat violations of the Prohibited Uses/Activities section — are subject to permanent suspension or termination of their accounts and all associated access privileges, at CMU’s sole and absolute discretion. CMU may, in its discretion, monitor submission patterns across user accounts to identify systemic, coordinated, or repeat abuse of the platform and take appropriate enforcement action.

Enforcement Discretion. CMU’s enforcement of these TOU is discretionary. CMU does not guarantee that it will take any particular action in response to a reported violation, and the failure to act with respect to a reported violation in one instance shall not create an obligation to act in any other instance or constitute a waiver of CMU’s enforcement rights. CMU may prioritize enforcement actions based on the severity, frequency, and nature of the alleged violation, including whether there is a credible risk of physical harm, harassment, or doxxing.

Emergency Removal. Notwithstanding any other provision of these TOU, CMU reserves the right to immediately remove any User Content, without prior notice to the submitting user, upon receipt of credible information that the content poses an imminent risk of harm to an identifiable individual — including but not limited to content that constitutes or facilitates doxxing, stalking, or targeted harassment — or upon the request of a law enforcement authority.

Content Removal and Reporting.

A. Reporting Harmful or Inaccurate Content. Any person — whether or not a registered user of the IoT PI — who believes that any User Content published through the IoT PI violates these TOU, applicable law, or that any User Content is inaccurate, harmful, or privacy-invasive, may submit a report to CMU by emailing cmu-iotpi@lists.andrew.cmu.edu. Reports should include: (i) a description of the specific User Content at issue and its location within the IoT PI; (ii) the basis for the report, including the nature of the alleged violation or harm; and (iii) to the extent the reporter is comfortable providing it, the reporter’s contact information. Anonymous reports are accepted, but providing contact information may assist CMU in responding to and investigating the report.

B. Removal Requests. Any individual who believes that User Content published through the IoT PI includes their personal identifying information — including home address, precise personal geolocation, personal telephone number, personal email address, or other sensitive personal information — without their consent, and that such publication poses a risk of harm to them, may submit a removal request to CMU at cmu-iotpi@lists.andrew.cmu.edu. Removal requests should include: (i) identification of the specific content at issue; (ii) a description of the claimed harm or risk; and (iii) if feasible, the requester’s contact information. CMU will review removal requests and respond in a commercially reasonable time. CMU does not guarantee that all removal requests will be granted, and the submission of a removal request does not constitute an admission by CMU that any violation has occurred.

C. Escalation. If a removal request or report involves a credible, imminent threat to the physical safety of any person — including threats of physical violence, doxxing-related threats, or stalking — the reporter should contact local law enforcement immediately in addition to notifying CMU. CMU may escalate such matters to its legal counsel or to law enforcement authorities at its discretion.

D. No Obligation to Act; No Waiver. The existence of this reporting process does not create any legal obligation on the part of CMU to remove any particular content or take any particular action. CMU’s response to — or failure to respond to — any report or removal request shall not constitute a waiver of any right or an admission of any liability. CMU’s moderation decisions are made in its sole and absolute discretion.

E. Good-Faith Moderation; No Liability. CMU shall not be liable to any user for any action taken in good faith to remove, restrict, or retain any User Content in response to a report, removal request, complaint, or CMU’s own review, to the fullest extent permitted by applicable law, including Section 230 of the Communications Decency Act (47 U.S.C. § 230).

F. Copyright Infringement Notices (DMCA); Designated Agent. CMU respects intellectual property rights and complies with the Digital Millennium Copyright Act, 17 U.S.C. § 512 ("DMCA"). If you believe in good faith that any User Content available through the IoT PI infringes a copyright you own or control, you may submit a written notification of claimed infringement ("DMCA Notice") to CMU’s designated DMCA agent at the following address:

Information Security Office
Computing Services
5000 Forbes Ave
Pittsburgh, PA 15213
Phone: (412) 268-2044
Email: dmca@andrew.cmu.edu

To be effective under 17 U.S.C. § 512(c)(3)(A), your DMCA Notice must include all of the following elements:

(i) Identification of the copyrighted work. A description of the copyrighted work that you claim has been infringed, or, if a single notice covers multiple works, a representative list of such works.

(ii) Identification of the infringing material. A description of the material that you claim is infringing and that is to be removed or access to which is to be disabled, along with information reasonably sufficient to permit CMU to locate the material within the IoT PI (e.g., the specific IoT Resource Registry, listing URL, or other precise location).

(iii) Contact information. Your name, mailing address, telephone number, and email address.

(iv) Statement of good faith belief. A statement that you have a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or applicable law.

(v) Statement under penalty of perjury. A statement, made under penalty of perjury, that the information in the notification is accurate and that you are the copyright owner or are authorized to act on behalf of the copyright owner.

(vi) Signature. A physical or electronic signature of the copyright owner or a person authorized to act on behalf of the copyright owner.

DMCA Notices that do not substantially comply with all of the foregoing requirements may not receive a response. CMU recommends that you consult legal counsel before submitting a DMCA Notice. Please be aware that under 17 U.S.C. § 512(f), any person who knowingly materially misrepresents that material or activity is infringing may be subject to liability.

G. Counter-Notification Procedure. If you are a user whose User Content has been removed or disabled in response to a DMCA Notice and you believe that the removal or disabling was the result of mistake or misidentification, you may submit a written counter-notification ("Counter-Notice") to CMU’s designated DMCA agent at the address set forth in subsection F above. To be effective under 17 U.S.C. § 512(g)(3), your Counter-Notice must include all of the following elements:

(i) Identification of the removed material. A description of the material that was removed or disabled and the location at which it appeared within the IoT PI before it was removed or disabled.

(ii) Statement under penalty of perjury. A statement, made under penalty of perjury, that you have a good faith belief that the material was removed or disabled as a result of mistake or misidentification.

(iii) Consent to jurisdiction. A statement that you consent to the jurisdiction of the federal district court for the judicial district in which your address is located, or, if your address is outside the United States, the Western District of Pennsylvania, and that you will accept service of process from the person who submitted the DMCA Notice or that person’s agent.

(iv) Contact information. Your name, address, and telephone number.

(v) Signature. Your physical or electronic signature.

Upon receipt of a valid Counter-Notice, CMU will forward a copy to the original complaining party and will inform that party that CMU may restore the removed material no sooner than ten (10) and no later than fourteen (14) business days after receipt of the Counter-Notice, unless CMU’s designated DMCA agent first receives notice that the complaining party has filed an action seeking a court order to restrain the allegedly infringing activity. CMU’s decision to restore or not restore removed material is made in CMU’s sole and absolute discretion. Please be aware that under 17 U.S.C. § 512(f), any person who knowingly materially misrepresents that material was removed or disabled by mistake or misidentification may be subject to liability.

H. Repeat Infringer Policy (DMCA). Consistent with 17 U.S.C. § 512(i), CMU has adopted and implements a policy of terminating, in appropriate circumstances and at CMU’s sole and absolute discretion, the accounts of users who are repeat copyright infringers. CMU reserves the right to terminate access to the IoT PI for any user who has been the subject of two or more DMCA Notices that CMU determines, in its reasonable discretion, to be valid. This repeat infringer policy supplements — and does not replace — the general repeat offender policy set forth in the "Revocation, Suspension or Termination of Accounts" section of these TOU. CMU may also take into account a history of DMCA-related violations as a factor in its general enforcement decisions under these TOU.

I. DMCA Safe Harbor; No Admission; Research Data Retention. By establishing and maintaining the DMCA notification and counter-notification procedures described in subsections F and G above, CMU does not waive any defense or right available to it under applicable law, including the safe harbor protections available under 17 U.S.C. § 512. The existence of these procedures does not constitute an admission by CMU that any particular User Content infringes any copyright, or that CMU has any obligation to remove content in response to any notice that does not fully comply with the requirements of 17 U.S.C. § 512(c)(3)(A). CMU’s response to any DMCA Notice — including any decision to remove or restore content — is made in CMU’s sole and absolute discretion and shall not constitute an admission of liability or a waiver of any right. To the fullest extent permitted by applicable law, CMU shall have no liability for any claim arising from its good-faith compliance with, or good-faith decision not to act upon, any DMCA Notice or Counter-Notice. Content removed pursuant to DMCA takedown may be retained by CMU in de-identified or anonymized form for research purposes in accordance with applicable research protocols and the Privacy Policy, provided that such retention does not include personally identifying information or copyrighted content.

J. Relationship to Other Reporting Procedures. The DMCA notification procedures set forth in subsections F and G are intended solely for the reporting of claimed copyright infringement. They are separate from and supplemental to the general content reporting and removal request procedures set forth in subsections A and B of this section. Reports of harmful, inaccurate, privacy-invasive, or otherwise unlawful content that does not involve copyright infringement should be submitted through the general reporting process described in subsections A and B. Submitting a DMCA Notice for non-copyright claims (such as defamation or privacy violations) will not invoke CMU’s DMCA obligations and will not be processed as a DMCA notice.

If you, your organization or a user becomes aware that a user account has been or may be compromised or is being used in violation of these TOU, or if a user for whom you had CMU create an account leaves your organization and/or will no longer be expected to use the IoT PI, please notify CMU by contacting cmu-iotpi@lists.andrew.cmu.edu as soon as possible so that CMU may de-activate the applicable account.

Features of the IoT PI; Use of Third Party Providers. The IoT PI and software embodied within the IoT PI may include security components that permit digital materials to be protected, and use of these materials may be subject to usage rules set by CMU. In addition, such features may include tools or other features designed to protect the integrity of certain materials, provide security-related features (such as automatically logging off a user after a period of inactivity) and/or to detect improper activity with respect to the IoT PI. You may not attempt to override or circumvent any of the usage rules embedded into the IoT PI. CMU may, at its discretion, use certain third party service providers to support portions of the IoT PI (including but not limited to hosting services and QR code functionality).

Third-Party Links and Resources. The IoT PI may contain links to websites, services, content, or resources operated or provided by third parties, including links contained in IoT Resource Listings submitted by users and links to third-party privacy policies. These links are provided for your convenience and informational purposes only. CMU has no control over the content, accuracy, legality, or practices of any third-party website or resource, and CMU does not review, endorse, or approve any third-party website or resource. CMU accepts no responsibility for the content of any third-party website or resource, and CMU shall have no liability for any loss or damage that may arise from your access to or use of any third-party website or resource. If you access any third-party website or resource linked from the IoT PI, you do so entirely at your own risk and subject to the terms and conditions applicable to those third-party sites. The existence of a link to a third-party website or resource does not imply any association between CMU and the operator of that website or resource, and does not constitute CMU’s endorsement, sponsorship, or recommendation of that website, resource, operator, or any content, product, or service offered through it. CMU may disable or remove third-party links at any time without notice.

Notifications on the IoTA Mobile App. The IoTA Mobile App is designed to provide notice of nearby IoT Resources. You can customize the notification settings for such notices, including the frequency of such notifications, and the types of data collection you want to be notified about. Your notification settings are only stored on your mobile device and are not linked to your account. Your notification settings will be deleted when you uninstall the IoTA Mobile App. By using the IoTA Mobile App, you consent to receive such notifications in accordance with your then-current notification settings.

Use of Information. Collection, use, and disclosure of personal data in connection with the IoT PI is governed by the Privacy Policy available at https://www.iotprivacy.io/privacy-policy. This section describes CMU’s rights to access and disclose account information and Content for legal, safety, and operational purposes as permitted under the Privacy Policy. CMU has the right to access, preserve and/or disclose account information and Content if required to do so by law or in a good faith belief that such access preservation or disclosure is reasonably necessary to: (a) comply with legal process; (b) enforce these TOU; (c) respond to claims that any Content violates the rights of third parties; (d) respond to your requests for assistance; or (e) protect the rights, property or personal safety of CMU, its users and/or the public. Further, CMU reserves the right to cooperate with legitimate law enforcement requests for information at its sole discretion, including providing account information, submission records, and User Content in response to lawful legal process (including subpoenas, court orders, and emergency disclosure requests), and including in circumstances involving a credible threat to the physical safety of any person. CMU may also proactively disclose information to law enforcement without notice to the relevant user in circumstances where CMU, in good faith, believes that such disclosure is necessary to prevent imminent harm to any individual, to address an emergency involving the risk of death or serious bodily injury, or to prevent the commission of a crime. In addition, CMU has the right to use data and information obtained or collected through the IoT PI to improve the IoT PI and/or for research or other activities consistent with CMU’s status as a 501(c)(3) organization, provided that CMU removes individually identifiable information (if any) contained in such data or information.

Safety-Based Emergency Actions. In addition to cooperating with law enforcement, CMU reserves the right — but assumes no obligation — to take unilateral protective action with respect to any User Content or user account where CMU, in good faith, determines that the content or conduct poses a credible, imminent risk of harm to an identifiable individual. Such actions may include, without limitation, immediate removal of User Content, emergency suspension of a user account, preservation of account records, and notification of appropriate third parties. The exercise of these rights is entirely discretionary and shall not create any duty of care toward any individual or class of individuals.

License to User Content. By submitting User Content, the applicable user retains any rights the user has with respect to its User Content (i.e., the user is not assigning ownership to CMU). However, CMU is hereby granted a worldwide, royalty-free, non-exclusive perpetual, irrevocable and fully sub-licensable license to use, distribute, reproduce, modify, adapt, publish, translate, publicly perform and publicly display such User Content (in whole or in part) as necessary to operate the IoT PI and for any other purposes permitted herein. If you delete User Content, CMU will cease public display of that User Content within a commercially reasonable time. CMU may retain copies of deleted User Content to the extent required or permitted under applicable law, for security or fraud prevention purposes, for dispute resolution or enforcement, or pursuant to applicable research record retention requirements, as further described in the Privacy Policy. If you delete your account, CMU will permanently and irreversibly anonymize all personally identifiable information associated with your account as described in the Privacy Policy. Please note that account deletion requires you to first transfer ownership of any IoT Resources or IoT Resource Registries for which you are the owner — CMU will prompt you to complete that transfer before account deletion can proceed.

International Use. If you are not a United States resident and you are accessing the IoT PI from outside the United States, you agree to transfer certain information outside your home country to us and that you will follow all the laws that apply to you.

CMU’s servers and operations are located primarily in the United States and our policies and procedures are based primarily on United States law. Because of this, the following provisions apply specifically to users located outside of the United States: (i) you consent to the transfer, storage, and processing of your information to and in the United States and/or other countries; (ii) if you are using the IoT PI from a country embargoed by the United States, or are on the United States Treasury Department’s list of “Specially Designated Nationals,” you are not authorized to access or use the IoT PI ; and (iii) you agree to comply with all local laws, rules, and regulations including all laws, rules, and regulations in effect in the country in which you reside and the country from which you access the IoT PI. The IoT PI is not intended for distribution to or use by any person or entity in any jurisdiction or country where such distribution or use would be contrary to law or regulation, or that would subject CMU or its affiliates to any registration requirement within such jurisdiction or country.

Notice to California Residents. BY USING THE SERVICES, YOU WAIVE YOUR RIGHTS WITH RESPECT TO CALIFORNIA CIVIL CODE SECTION 1542, WHICH SAYS "A GENERAL RELEASE DOES NOT EXTEND TO CLAIMS WHICH THE CREDITOR DOES NOT KNOW OR SUSPECT TO EXIST IN HIS FAVOR AT THE TIME OF EXECUTING THE RELEASE, WHICH, IF KNOWN BY HIM MUST HAVE MATERIALLY AFFECTED HIS SETTLEMENT WITH THE DEBTOR." HOWEVER, IN NO EVENT ARE STUDY PARTICIPANTS RELEASING ANY LIABILITY OR CLAIMS WITH RESPECT TO THE MALPRACTICE, NEGLIGENCE, BLAME, FAULT, OR GUILT ON THE PART OF THOSE INVOLVED IN THE RESEARCH STUDY (INCLUDING CMU).

If the IoT PI is at any time deemed an electronic commercial service (as defined under California Civil Code Section 1789.3), California residents are entitled to the following specific consumer rights information:

The provider of the IoT PI is:

Carnegie Mellon University
5000 Forbes Avenue
Pittsburgh, PA 15213
412-268-2000

If the IoT PI is deemed an electronic commercial service, you may file a complaint regarding the IoT PI or to receive further information regarding use of the IoT PI by sending a letter to the attention of “Legal Department” at the above address.

Disclaimer of Warranties. THE IoT PI, AND ALL MATERIALS, INFORMATION, PRODUCTS AND SERVICES INCLUDED IN THE IoT PI ARE PROVIDED "AS IS," WITH NO WARRANTIES WHATSOEVER. CMU, ITS DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, REPRESENTATIVES, AFFILIATES, LICENSORS, CONTENT PROVIDERS, CONTRACTORS (INCLUDING ANY THIRD PARTY PROVIDERS) AND SPONSORS (COLLECTIVELY THE “IoT PI PARTIES”) EXPRESSLY DISCLAIM TO THE FULLEST EXTENT PERMITTED BY LAW ALL EXPRESS, IMPLIED, AND STATUTORY WARRANTIES AND DUTIES, INCLUDING, WITHOUT LIMITATION: THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT; ANY WARRANTIES REGARDING THE SECURITY, RELIABILITY, TIMELINESS, AND PERFORMANCE OF THE IoT PI .

CYBERSECURITY; VIRUS AND HARMFUL CODE DISCLAIMER. CMU CANNOT AND DOES NOT GUARANTEE OR WARRANT THAT THE IOT PI, ANY FILES AVAILABLE THROUGH OR IN CONNECTION WITH THE IOT PI, OR ANY CONTENT ACCESSED THROUGH ANY THIRD-PARTY LINKS ON THE IOT PI, WILL BE FREE OF VIRUSES, TROJAN HORSES, WORMS, LOGIC BOMBS, RANSOMWARE, MALWARE, OR OTHER TECHNOLOGICALLY HARMFUL OR MALICIOUS CODE. YOU ARE SOLELY RESPONSIBLE FOR IMPLEMENTING SUFFICIENT PROCEDURES, ANTIVIRUS PROTECTIONS, AND CHECKPOINTS TO SATISFY YOUR PARTICULAR REQUIREMENTS FOR DATA SECURITY, ANTIVIRUS PROTECTION, AND ACCURACY OF DATA INPUT AND OUTPUT, AND FOR MAINTAINING EXTERNAL BACKUP MECHANISMS FOR ANY DATA YOU WISH TO PRESERVE. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, CMU AND THE IOT PI PARTIES WILL NOT BE LIABLE FOR ANY LOSS OR DAMAGE CAUSED BY A DENIAL-OF-SERVICE ATTACK, DISTRIBUTED DENIAL-OF-SERVICE ATTACK, VIRUS, OR OTHER TECHNOLOGICALLY HARMFUL MATERIAL THAT MAY AFFECT YOUR COMPUTER EQUIPMENT, COMPUTER PROGRAMS, DATA, OR OTHER PROPRIETARY MATERIAL IN CONNECTION WITH YOUR USE OF THE IOT PI OR YOUR DOWNLOADING OF ANY CONTENT FROM THE IOT PI OR FROM ANY THIRD-PARTY SITE LINKED TO THE IOT PI.

YOU UNDERSTAND AND AGREE THAT YOU PROVIDE OR OTHERWISE OBTAIN ANY AND ALL INFORMATION, MATERIAL, DATA AND/OR OTHER CONTENT THROUGH THE USE OF THE IoT PI AT YOUR OWN DISCRETION AND CMU IS NOT ASSUMING RESPONSIBILITY FOR ANY DAMAGES TO YOUR COMPUTER SYSTEM OR LOSS OF DATA THAT RESULTS FROM THE USE OF SUCH ITEMS; PROVIDED THAT THESE TERMS DO NOT PRECLUDE YOU FROM PURSUING LEGAL ACTION TO SEEK COMPENSATION IN THE EVENT OF MALPRACTICE, NEGLIGENCE, BLAME, FAULT, OR GUILT ON THE PART OF THOSE INVOLVED IN THE RESEARCH STUDY (INCLUDING CMU).

NO VERIFICATION OF USER CONTENT; NO GUARANTEE OF ACCURACY. CMU DOES NOT VERIFY, SCREEN, INVESTIGATE, OR VALIDATE ANY USER CONTENT SUBMITTED TO THE IOT PI, INCLUDING ANY IOT RESOURCE LISTINGS, IOT RESOURCE TEMPLATES, OR INFORMATION SUBMITTED IN CONNECTION WITH ANY IOT RESOURCE REGISTRY (IRR). CMU MAKES NO REPRESENTATION OR WARRANTY OF ANY KIND — EXPRESS, IMPLIED, OR STATUTORY — THAT ANY USER CONTENT IS ACCURATE, COMPLETE, CURRENT, LAWFUL, OR FIT FOR ANY PARTICULAR PURPOSE. WITHOUT LIMITING THE FOREGOING: (A) IOT RESOURCE LISTINGS MAY CONTAIN INACCURATE OR MISLEADING INFORMATION ABOUT THE IDENTITY, LOCATION, OWNERSHIP, OR DATA PRACTICES OF ANY IOT RESOURCE; (B) THE IDENTITY OF ANY PERSON OR ORGANIZATION IDENTIFIED AS AN OPERATOR OR OWNER OF AN IOT RESOURCE IN A USER SUBMISSION HAS NOT BEEN INDEPENDENTLY VERIFIED BY CMU; AND (C) THE PRESENCE OR ABSENCE OF ANY IOT RESOURCE IN THE REGISTRY DOES NOT CONSTITUTE A CERTIFICATION, ENDORSEMENT, OR FINDING BY CMU REGARDING SUCH IOT RESOURCE OR ITS OPERATORS.

RELIANCE AT OWN RISK. ANY PERSON WHO RELIES ON USER CONTENT — INCLUDING ANY PERSON WHO REVIEWS AN IOT RESOURCE LISTING OR ACCESSES INFORMATION THROUGH THE IOTA MOBILE APP — DOES SO ENTIRELY AT THEIR OWN RISK. CMU EXPRESSLY DISCLAIMS ANY RESPONSIBILITY FOR HARM ARISING FROM RELIANCE ON INACCURATE, FALSE, MISLEADING, OR UNLAWFULLY SUBMITTED USER CONTENT. CMU IS NOT THE PUBLISHER OR SPEAKER OF USER CONTENT FOR PURPOSES OF APPLICABLE LAW, INCLUDING 47 U.S.C. § 230, AND USERS WHO SUBMIT CONTENT BEAR FULL AND EXCLUSIVE RESPONSIBILITY FOR THE ACCURACY AND LAWFULNESS OF THEIR SUBMISSIONS.

IN ADDITION, SOME STATES OR OTHER JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSIONS MAY NOT APPLY TO YOU. YOU MAY ALSO HAVE OTHER RIGHTS THAT VARY FROM STATE TO STATE AND JURISDICTION TO JURISDICTION.

LIMITATION OF LIABILITY; LIMITATION ON DAMAGES. UNDER NO CIRCUMSTANCES ARE CMU OR ANY OTHER IoT PI PARTIES LIABLE TO YOU, YOUR ORGANIZATION, ANY USER, OR ANY THIRD PARTY ON ACCOUNT OF (A) USE OR MISUSE OF OR RELIANCE ON THE IoT PI; (B) ANY USER-SUBMITTED CONTENT, INCLUDING ANY IOT RESOURCE LISTING, IOT RESOURCE TEMPLATE, OR OTHER INFORMATION SUBMITTED BY ANY USER TO THE IOT PI OR TO ANY IRR, REGARDLESS OF WHETHER CMU HAS BEEN INFORMED OF THE POSSIBILITY THAT SUCH CONTENT IS INACCURATE, HARMFUL, OR UNLAWFUL; (C) THE PUBLICATION, DISTRIBUTION, OR DISSEMINATION OF USER CONTENT THROUGH THE IOT PI OR IOTA MOBILE APP, INCLUDING ANY CONTENT THAT IS LATER FOUND TO BE FALSE, MISLEADING, OR INVASIVE OF PRIVACY; (D) THIRD-PARTY HARM ARISING FROM THE IDENTIFICATION, TARGETING, HARASSMENT, STALKING, OR DOXXING OF ANY INDIVIDUAL IN CONNECTION WITH USER CONTENT PUBLISHED THROUGH THE IOT PI; (E) MISUSE OF REGISTRY DATA, INCLUDING THE MISUSE OF ANY IOT RESOURCE REGISTRY OR ANY IOT RESOURCE LISTING BY ANY USER OR THIRD PARTY FOR PURPOSES NOT AUTHORIZED BY THESE TOU; OR (F) ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, EXEMPLARY, OR PUNITIVE DAMAGES ARISING FROM ANY OF THE FOREGOING, WHETHER SUCH CLAIM IS BASED ON WARRANTY, CONTRACT, TORT, STATUTE, OR OTHERWISE, EVEN IF CMU AND/OR THE IoT PI PARTIES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. PROVIDED, HOWEVER, THE FOREGOING LIMITATION OF LIABILITY SHALL NOT APPLY TO CLAIMS DIRECTLY ARISING FROM CMU’S AFFIRMATIVE MISCONDUCT IN THE CONDUCT OF THE RESEARCH STUDY ITSELF, INCLUDING MALPRACTICE OR NEGLIGENCE IN RESEARCH DESIGN OR EXECUTION. THIS CARVEOUT DOES NOT APPLY TO CLAIMS BASED ON PLATFORM OPERATION, CONTENT MODERATION DECISIONS, OR THE ACCURACY OR LAWFULNESS OF USER-SUBMITTED CONTENT.

Some states or other jurisdictions do not allow the exclusion or limitation of liability for certain damages, so the above limitations and exclusions shall apply only to the extent permitted under applicable law.

Indemnification. To the fullest extent permitted by applicable law, you agree to defend, indemnify, and hold harmless CMU and its trustees, officers, directors, faculty, employees, agents, contractors, licensors, research collaborators, and service providers (collectively, the "CMU Indemnitees") from and against any and all claims, demands, liabilities, losses, damages, judgments, awards, settlements, costs, and expenses — including reasonable attorneys’ fees and court costs — arising out of or relating to:

(a) your access to or use of the IoT PI, including any access to or use of the IoT PI through your account by any person to whom you have granted access;

(b) any User Content you submit, post, publish, or otherwise make available through the IoT PI, including any claim that such User Content infringes, misappropriates, or violates any intellectual property right, privacy right, right of publicity, or other right of any third party, or that such User Content is false, misleading, defamatory, or harmful;

(d) your violation of any applicable law, regulation, or court order in connection with your access to or use of the IoT PI;

(e) your harassment, stalking, doxxing, or targeting of any individual in connection with your use of the IoT PI; or

(f) any dispute between you and any other user of the IoT PI or any third party arising out of or in connection with your use of the IoT PI.

CMU reserves the right, at its own expense, to assume the exclusive defense and control of any matter otherwise subject to indemnification by you, in which case you agree to cooperate fully with CMU’s defense of such matter. You agree not to settle any such matter without CMU’s prior written consent. This indemnification obligation shall survive the termination of your account and your cessation of use of the IoT PI. Nothing in this section shall be construed as limiting any other right or remedy CMU may have against you at law or in equity.

Force Majeure. In the event CMU’s performance of its obligations is delayed or prevented directly or indirectly by acts of nature, forces, or causes beyond its reasonable control, including, without limitation, Internet failures, computer equipment failures, telecommunication equipment failures, other equipment failures, electrical power failures, strikes, labor disputes, riots, insurrections, civil disturbances, shortages of labor or materials, fires, floods, storms, explosions, acts of God, war, governmental actions, orders of domestic or foreign courts or tribunals, non-performance of third parties, or loss of or fluctuations in heat, light, or air conditioning, CMU may take additional time to perform commensurate with the delay or may elect to terminate account access as described in these TOU.

Permitted Users; No CMU Status or Credit Conferred. Using the IoT PI does not confer any CMU course credit and/or any employment or student status at CMU.

Miscellaneous; Changes to These TOU. CMU reserves the right to revise, update, or modify these TOU at any time in its sole discretion. All changes will be effective upon the date posted unless otherwise stated. CMU will provide notice of material changes to these TOU by posting a revised version on the IoT PI website with an updated effective date, and, where practicable, by sending notice to the email address associated with your account. Your continued access to or use of the IoT PI following the posting of any revised TOU constitutes your acceptance of and agreement to the revised TOU. If you do not agree to the revised TOU, you must discontinue your use of the IoT PI. You are responsible for periodically reviewing these TOU for changes. Notwithstanding the foregoing, the existing provision that "These TOU may be amended or changed only by mutual written agreement of you and CMU" shall continue to apply to material changes that would reduce a user’s rights or increase a user’s obligations in a manner that is adverse to the user. If any provision of these TOU is held to be invalid or unenforceable, such provision shall be deemed superseded by a valid enforceable provision that most closely matches the intent of the original provision and the remaining provisions shall be enforced. CMU’s failure to act with respect to a breach by you, your organization or any other users does not waive CMU’s right to act with respect to subsequent or similar breaches. The failure of CMU to exercise or enforce any right or provision of these terms and conditions shall not constitute a waiver of such right or provision. The section headings and subheadings contained in these TOU are included for convenience only, and shall not limit or otherwise affect the terms of these TOU. These TOU and any disputes related to them shall be interpreted in accordance with the laws of the Commonwealth of Pennsylvania without regard to its conflicts of laws provisions. All claims and/or controversies of every kind and nature arising out of or relating to these TOU, including any questions concerning its existence, negotiation, validity, meaning, performance, non-performance, breach, continuance or termination shall be settled (1) at CMU’s election, by binding arbitration administered by the American Arbitration Association ("AAA") in accordance with its Commercial Arbitration Rules and, in such case (a) the arbitration proceedings shall be conducted before a panel of three arbitrators, with each party selecting one disinterested arbitrator from a list submitted by the AAA and the two disinterested arbitrators selecting a third arbitrator from the list, (b) each party shall bear its own costs of arbitration, (c) all arbitration hearings shall be conducted in Allegheny County, Pennsylvania, and (d) the provisions hereof shall be a complete defense to any suit, action or proceeding instituted in any Federal, state or local court or before any administrative tribunal with respect to any claim or controversy arising out of or relating to these TOU and which is arbitrable as provided in these TOU, provided that either party may seek injunctive relief in a court of law or equity to assert, protect or enforce its rights hereunder (2) in the event that CMU does not elect binding arbitration as permitted in point (1) above, exclusively in the United States District Court for the Western District of Pennsylvania or, if such Court does not have jurisdiction, in any court of general jurisdiction in Allegheny County, Pennsylvania and each party consents to the exclusive jurisdiction of any such courts and waives any objection which such party may have to the laying of venue in any such courts. Notwithstanding any provision hereof, for all purposes of these TOU each party shall be and act as an independent contractor and not as partner, joint venture, agent, employee or employer of the other and shall not bind nor attempt to bind the other to any contract. You are agreeing to these TOU on behalf of you, and where applicable, your organization. You agree that, except as otherwise expressly provided in these TOU, there shall be no third-party beneficiaries to these TOU.

These TOU represent the entire agreement with CMU regarding the subject matter hereof, superseding any and all prior or contemporaneous oral or written understandings.

Venue and Jurisdiction; Consent. Without limiting the arbitration provisions set forth above, to the extent that any legal suit, action, or proceeding arising out of or relating to these TOU or the IoT PI is not submitted to arbitration or is otherwise required to be brought in a court of law, you agree that such suit, action, or proceeding shall be instituted exclusively: (i) in the United States District Court for the Western District of Pennsylvania; or (ii) if such court does not have jurisdiction, in any court of general jurisdiction sitting in Allegheny County, Pennsylvania. You irrevocably and unconditionally consent to the exclusive jurisdiction of such courts and waive any objection you may now or hereafter have to the laying of venue of any such proceeding in such courts. You also waive any claim that any suit, action, or proceeding brought in any such court has been brought in an inconvenient forum.

If you have a question about the IoT PI, please contact CMU via email at cmu-iotpi@lists.andrew.cmu.edu.