cPanel EULA - Auditing Rights
Currently cPanel has the right to audit its software. This is allowed by the cPanel EULA, specifically section 2.5.1, which states:
2.5.1 Audit by cPanel. You agree that cPanel may audit Your use of the Software for compliance with this Agreement at any time, upon reasonable notice. You agree to cooperate with cPanel and any auditors selected by cPanel to complete the audit including by providing access to any facilities in which the Software is used or stored, including without limitation the facilities which house the Licensed Server and any facilities which cPanel reasonably believes house servers upon which the Software is installed. In the event that such audit reveals any use of the Software by You other than in compliance with the terms of this Agreement, You shall reimburse cPanel for all reasonable expenses related to such audit in addition to any other liabilities You may incur as a result of such noncompliance.
While this is a standard practice by most software companies, cPanel takes it a step further. Once you agree to this, cPanel has rights to audit you for life, regardless of if you are using their software or not. (Section 5.7) 5.7 Survival. Sections 1 (Definitions), 2.5 (Monitoring of Software), 3 (Intellectual Property Rights), 4 (Payments), 5 (Term and Termination), 6.3 (Disclaimer), 7 (Limitation on Liability), 8 (Indemnification) and 9 (Miscellaneous) shall survive the termination or expiration of this Agreement for any reason.
This has some serous implications that need to be addressed, as no person would agree to this after reading the EULA. Unfortunately, almost no one reads through the EULA. Some of my concerns are as follows: [LIST]cPanel can audit any facility which uses their software. If someone were to use cPanel from their house, they are effectively giving cPanel the right to show up at their house and conduct an audit. Remember that once you give cPanel this right, it can not be revoked.
Most users simply click "I agree", and do not realize the serous implications of the rights you are giving up.
The scope of the audit is not defined. cPanel basically has uncontrolled access to your server room or datacenter (or house!) if you agree to their EULA. Nothing in this agreement would prevent them from going through all your data, taking images of hard drives and pictures of your equipment, and selling your data to a competitor.
cPanel can show up "at any time". Who else likes visitors at 3AM?
There is no limitation to how many times they could audit you. They could audit you every hour, for the rest of your life, if they so choose. VMWare limits their audits to a maximum of one per year.
There is no expiration to this agreement. At least Microsoft and VMWare, among others, have a set number of days after termination. After that, those companies can no longer audit you.
I am publicly asking cPanel to re-visit their EULA. Their auditing policy needs to be revised.
While this is a standard practice by most software companies, cPanel takes it a step further. Once you agree to this, cPanel has rights to audit you for life, regardless of if you are using their software or not. (Section 5.7) 5.7 Survival. Sections 1 (Definitions), 2.5 (Monitoring of Software), 3 (Intellectual Property Rights), 4 (Payments), 5 (Term and Termination), 6.3 (Disclaimer), 7 (Limitation on Liability), 8 (Indemnification) and 9 (Miscellaneous) shall survive the termination or expiration of this Agreement for any reason.
This has some serous implications that need to be addressed, as no person would agree to this after reading the EULA. Unfortunately, almost no one reads through the EULA. Some of my concerns are as follows: [LIST]
-
Hello, I have sent this to our legal team for commentary. 0 -
Hello, We"ve taken a look at your concerns. As noted in your post, our audit clause is similar to those used in our industry. Our legal team does agree with a couple of your concerns, and these concerns will be incorporated into our next revision of our legal documents (more about that near the end). We agree that the audit should be for a limited period of time, and not perpetual. We also agree that the number of times we can exercise this right should be limited, or capped. While we understand your other concerns, it is important to note that application of a clause like this is limited both by law, and by reason. We would not, and believe that we would be legally prohibited from, engage in the more extreme conduct set out in your question. Software audits are complex endeavors, and typically only take place after the licensee and licensor have failed to cooperatively resolve license discrepancies. We will always reach out to customers to try to resolve these issues. We will make the changes identified in the first paragraph in the next revision of our legal documents. As you can imagine, we do not take revisions of our legal documents lightly, and do not revise them frequently. The major reason we are conservative in this way is that many of our customers build their customer facing documents around ours - so when we change our agreements, they often feel that they must change theirs. We do not anticipate that this document will be revised in 2016, but it may be revised in 2017. I want to convey, on behalf of our legal team, our thanks to you for bringing this to our attention. Help making our legal agreements better, and more customer friendly, is very much appreciated. 0 -
Thank you, Kenneth. I see cPanel as a great company, who maybe went a little overboard with their EULA. The willingness to correct this (even if it is not right away) shows that cPanel as a company has a great level of maturity. Again, thank you for the response, and I look forward to doing even more business with cPanel in the future. 0
Please sign in to leave a comment.
Comments
3 comments