GuidesAPI ReferenceGraphQLChangelogManage API AccessCreate Yelp Account
Guides

Yelp API Lead Acquisition Terms of Service

Terms of Service Version 1.01
Effective Date: March 30, 2026

These Yelp Lead Acquisition API Terms of Service (these "Terms") govern the use of the Yelp Lead
Acquisition API (the "API") by any party ("Partner" or "you") who executes an Insertion Order with Yelp
Inc. ("Yelp") that references these Terms. By executing an Insertion Order, Partner agrees to be bound
by these Terms.


  1. Purpose, Roles, and User Process (Introduction)
    1.1 This Agreement governs the relationship under which Yelp shall purchase consumer leads ("Leads")
    from the Partner using a dynamic bidding model. The Partner operates websites where a Homeowner
    (the consumer submitting the quote request) initiates a quote request by submitting their project type
    and location (e.g., zip code). The Partner then uses a Ping-Post API process, built and maintained by
    Yelp, to offer this potential Lead to Yelp for a bid. If Yelp submits the winning bid, the consumer
    completes the project submission on the Partner's site, and the Partner immediately transmits the
    consumer's PII (Personally Identifiable Information) and project details (the Lead) to Yelp via API. Yelp
    then assumes ownership of the Lead, utilizes the PII to create an account if necessary, and services the
    quote request by dispatching it to local Yelp Pros the local service professionals and businesses on the
    Yelp platform) who can respond to the consumer via email, app, or messaging inbox. Yelp acts solely as
    the Lead Buyer, with no volume commitments to the Partner, and the Partner warrants that all Leads
    sold to Yelp are exclusive to Yelp (i.e. are not sold to Yelp and other Lead buyers concurrently) and
    sourced only from its owned and operated websites.
    1.2 No Commitment: This Agreement does not create any commitment or obligation on the part of Yelp
    to purchase any minimum volume of Leads or continue the pilot for any fixed duration. Yelp reserves the
    right, in its sole discretion, to bid on, or to terminate the pilot at any time.
    1.3 Commercial Schedules and Order of Precedence: The specific commercial terms, including the
    agreed-upon rates, criteria for Leads, and delivery dates, shall be set forth in a separate Insertion Order
    (IO) or Order Form in the form of the attached Exhibit B (each, a "Schedule"), which shall be deemed
    incorporated into this Agreement upon execution by both Parties. In the event of an irreconcilable
    conflict between the terms of any executed Schedule and this Agreement, the terms of this Agreement
    shall control, except for the financial rate and volume criteria expressly set forth in the Schedule.
  2. Lead Requirements and Sourcing
    The parties agree to the following mandatory conditions for all Leads offered to and purchased by Yelp:
    2.1 Lead Exclusivity: All Leads purchased by Yelp must be exclusive leads. Partner warrants that any
    Lead sold to Yelp has not been and will not be sold to any other buyer.
    2.2 Lead Sourcing: All Leads offered to Yelp must be generated on Partner's owned and operated sites
    only (e.g., mygutterguards.com). Partner warrants that Leads are sourced exclusively via owned
    methods, excluding all 3rd party aggregators and affiliates unless explicitly agreed to by Yelp in writing,
    email sufficing.
    2.3 Lead Validation and Returns: Yelp may, in its sole discretion, return any Lead purchased that
    contains obviously false information or disconnected contact information (e.g., telephone number,
    email address) within five (5) business days of receipt for credit against future invoices. Partner agrees
    to issue such credit promptly upon validation of the invalidity of the Lead.
    2.4 Transparency and Brand Disclosure. To ensure the consumer’s original intent to be contacted by
    Yelp is preserved, Partner shall ensure that its consent UI clearly and conspicuously discloses Yelp’s role
    in fulfilling the quote request. This disclosure must be presented at the point of collection, in a font size
    and color that is easily readable and not overshadowed by other design elements. Specifically, the call-
    to-action (e.g., the "Submit" button) or the immediate surrounding text must explicitly state that the
    consumer is directing Partner to share their information with Yelp for the purpose of receiving quotes
    from Yelp service professionals. Any material change to this disclosure or the surrounding UI/UX must
    be approved by Yelp in writing prior to implementation.
  3. Data Transfer and Privacy
    3.1 Lead Transfer: When a consumer completes a project submission on a Partner site and Yelp has the
    winning bid, the consumer's PII (Personally Identifiable Information) and project information will be
    passed to Yelp via API.
    3.2 Partner Data Warranty and Evidence of Consent. Partner represents and warrants that all PII
    contained in the Leads has been collected in full compliance with applicable laws, including the CCPA,
    CIPA, and the TCPA. Specifically, Partner warrants that it has obtained "Prior Express Written Consent"
    (PEWC) for Yelp and its Pros to contact the consumer via automated technology, including auto-dialers
    and SMS, where such consent specifically names Yelp at the point of collection. To ensure the integrity
    of this consent, Partner shall retain a comprehensive "click-log" or similar digital record for each Lead for
    no less than five (5) years. This record must include the date and time of consent, the consumer’s IP
    address, and a visual representation (e.g., a screenshot or "session replay" link) of the exact UI/UX and
    disclosure text the consumer viewed. Upon Yelp’s written request, Partner shall provide this evidence of
    consent within three (3) business days to assist in the resolution of any consumer inquiry or regulatory
    matter
    3.3 Yelp Ownership and Service: Upon receipt of the PII, Yelp will own and service the Lead and send
    the quote request to Yelp professionals (pros). Yelp’s use of the PII shall be governed by Yelp’s internal
    policies.
    3.4 Data Protection: The Parties agree to comply with the terms of the Data Protection Addendum,
    attached hereto as Exhibit A, which governs the processing of Yelp Personal Information under this
    Agreement.

  1. Commercial Terms and Payment
    4.1 Fee Model: Fee Model: Yelp will pay Partner per Lead.
    4.2 Invoicing: Partner shall invoice Yelp monthly for all Leads successfully sold to Yelp. Undisputed invoices are due and payable Net 30 days from the date of such invoice.
    4.3 Reporting: Partner shall provide Yelp with bi-weekly status updates regarding: (i) lead volume trends; (ii) any technical issues with API integration; (iii) quality metrics; and (iv) any changes to Partner's lead generation practices or sources. In addition, Partner shall provide reporting to Yelp within two (2) business days of calendar month end that includes summary level metrics (total Leads, total spend) and itemized Leads transactions that include time/date stamp, lead price, originating site, and any other information reasonably requested by Yelp, email sufficing.
    4.4 Operational Updates: Partner shall provide Yelp with regular status updates regarding the API integration, lead volume trends, quality metrics, and any material issues or changes affecting the delivery of Leads to Yelp, at a mutually agreed-upon frequency (e.g., bi-weekly or monthly).
  2. Term and Termination
    5.1 Term: This Agreement is effective as of the Effective Date and shall continue until terminated by either Party in accordance with this Section.
    5.2 Termination for Convenience: Either Party may terminate this Agreement for convenience at any time by providing no less than thirty (30) days’ prior written notice to the other Party. This notice period aligns with the no-commitment nature of the pilot.
    5.3 Effect of Termination: Upon termination, Partner shall cease all use of the Yelp API and Yelp shall pay for all Leads successfully received prior to the effective date of termination.
    5.4 Transition Assistance:
    (a) Termination. Upon termination, Partner shall: (i) immediately cease all use of the Yelp API and any Yelp-provided credentials or access methods; (ii) within ten (10) business days, destroy all Yelp Confidential Information in its possession, including but not limited to bid patterns, conversion metrics, performance data, and any technical documentation related to the API integration; (iii) upon request, provide written certification of such destruction within fifteen (15) business days of termination; and (iv) cooperate reasonably with any technical disconnect requirements to ensure clean API disconnection.
    (b) AI and Data Integrity. Partner agrees that it shall not, at any time during or after the term of this Agreement: (i) share, disclose, or use Yelp's bid rates, conversion data, lead performance metrics, or any other confidential performance data with any third party; (ii) use such information to benefit any other lead buyer; (iii) fail to maintain appropriate data segregation if Partner works with Yelp competitors; or (iv) use Yelp Content—including Customer Data, bid patterns, or any aggregate insights derived from Yelp’s platform—to train, fine-tune, or improve any artificial intelligence or machine learning models. This prohibition includes both generative models (e.g., LLMs) and non-generative models used for predictive analytics. For clarity, "derivative works" in this context does not include individual business records created for a single transaction, but does include any aggregate insights or patterns harvested from Yelp’s bid data or lead-acquisition activity. This obligation shall survive termination for three (3) years.
  3. No Non-Circumvention: The Parties agree that neither Party shall be restricted from contracting with any other publishers, lead sources, or lead buyers. Each Party is free to engage with any third parties for similar services.
  4. Indemnity, Liability and Insurance
    7.1 Partner Indemnity: Partner will indemnify and defend Yelp from any claim arising out of or related to: (a) Partner's breach of the Lead Exclusivity or Sourcing requirements (Section 2); (b) any breach of Partner's privacy, data security, or consumer consent obligations related to the Leads; or (c) the operation of Partner's websites.
    7.2 Mutual Indemnity for General Breach: Each Party (the “Indemnifying Party”) shall indemnify, defend and hold harmless the other Party (the “Indemnified Party”) from and against any and all claims, suits, losses, damages, liabilities, costs and expenses (including reasonable attorneys’ fees and expenses) arising out of or relating to any material breach by the Indemnifying Party of its representations, warranties, covenants, or obligations set forth in this Agreement, including but not limited to any breach of its data protection, privacy, or confidentiality obligations. The Indemnified Party shall promptly notify the Indemnifying Party of any such claim and provide reasonable cooperation for the defense thereof.
    7.3 Limitation of Liability: NEITHER PARTY SHALL BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT, EXEMPLARY, PUNITIVE OR CONSEQUENTIAL DAMAGES of any kind whatsoever. The maximum, aggregate liability of either Party for all claims shall in no event exceed the greater of (I) the total Fees paid by Yelp to Partner in the twelve (12) months prior to the date the claim arose, or (II) One Hundred Thousand Dollars ($100,000.00). NOTWITHSTANDING THE FOREGOING, EACH PARTY'S LIABILITY FOR DIRECT DAMAGES RESULTING FROM A BREACH OF ITS CONFIDENTIALITY OBLIGATIONS (SECTION 8.3), OR DATA PROTECTION OBLIGATIONS (EXHIBIT A), OR FROM WILLFUL MISCONDUCT OR GROSS NEGLIGENCE, SHALL BE UNCAPPED.
    7.4 Insurance: Partner shall, at its sole expense, maintain insurance coverage sufficient to support its indemnification obligations under this Agreement and to adequately cover risks associated with its performance hereunder, including, without limitation:
    (a) Commercial General Liability insurance with limits of at least $1,000,000 per occurrence and $2,000,000 in the aggregate.
    (b) Professional Liability (Errors & Omissions) insurance, including coverage for intellectual property infringement claims, with limits of at least $1,000,000 per occurrence and $2,000,000 in the aggregate.
    (c) Cyber Liability insurance covering breaches of confidentiality and privacy law violations, with limits of at least $1,000,000 per occurrence and $2,000,000 in the aggregate.
    Partner shall provide Yelp with certificates of insurance upon request, naming Yelp as an additional insured with respect to coverage for IP infringement, confidentiality breaches, and privacy law claims arising from Partner's performance under this Agreement. This insurance obligation shall remain in effect during the Term of this Agreement and for a period of three (3) years following its termination or expiration.
  5. General Provisions
    8.1 Dispute Resolution:
    (a) Arbitration. Any controversy or claim arising out of or relating to this Agreement, or the breach thereof, shall be settled by final and binding arbitration administered by National Arbitration and Mediation ("NAM"), or if NAM is unavailable, by another mutually agreed arbitral forum, and governed by NAM's Comprehensive Dispute Resolution Rules and Procedures ("NAM Rules"), which are available at www.namadr.com. The arbitration shall be conducted by a single, neutral arbitrator. This arbitration agreement evidences a transaction involving interstate commerce and, notwithstanding the provision below with respect to the applicable substantive law, the Federal Arbitration Act, 9 U.S.C. §1 et seq. will govern the interpretation and enforcement of this arbitration agreement. The arbitration hearing will take place in San Francisco, California, unless otherwise mutually agreed to by the parties.
    (b) Choice of Law. The arbitrator shall apply the substantive law of California, without regard to its conflict-of-law principles.
    (c) Arbitrator's Authority. The arbitrator shall have the exclusive authority to determine the scope and enforceability of this Arbitration Agreement, including any claim that all or any part of this Arbitration Agreement is void or voidable. The arbitrator will have the authority to award monetary damages, injunctive relief, and any other remedies available under applicable law, consistent with the terms of this Agreement. The arbitrator may order the imposition of sanctions which may include, but are not limited to, assessment of arbitration fees and costs, attorneys’ fees, and/or any other costs resulting from the sanctionable conduct. The arbitrator's decision will include a reasoned award detailing the essential findings and conclusions on which the award is based. The award may be confirmed in any court of competent jurisdiction.
    (d) Fees and Costs. Subject to the arbitrator’s authority to impose sanctions, each Party shall bear its own attorneys' fees and costs during the arbitration. After the arbitration is declared closed, the arbitrator may award the total costs of the arbitration and/or the cost of legal representation to one Party or may apportion such costs between the parties if the arbitrator determines that apportionment is appropriate.
    (e) Jury Trial and Class Action Waiver. THE PARTIES EXPRESSLY WAIVE THE RIGHT TO TRIAL BY JURY. The parties further acknowledge and agree that any arbitration will be conducted on an individual basis only. There shall be no right or authority for any claims to be arbitrated or resolved on a class, collective, or consolidated basis, or in a representative capacity. The arbitrator may not consolidate more than one Party's claims and may not otherwise preside over any form of a representative or class proceeding.
    (f) Injunctive Relief. Notwithstanding the parties’ agreement to arbitrate, each Party retains the right to seek injunctive or other equitable relief in a court of competent jurisdiction to prevent the actual or threatened infringement, misappropriation or violation of a Party’s copyrights, trademarks, trade secrets, patents or other intellectual property rights.
    8.2 Confidentiality: The terms and conditions of this Agreement will be the Confidential Information of the Parties. Each Party agrees to: (a) use Confidential Information solely for the purposes of performing its obligations under this Agreement; (b) not disclose Confidential Information to any third-party without the prior written consent of the disclosing Party, except as required by law; (c) implement and maintain reasonable security measures to prevent unauthorized access, use, or disclosure of Confidential Information; and (d) ensure that its employees, contractors, and agents who have access to Confidential Information are bound by confidentiality obligations at least as restrictive as those herein.
    Partner acknowledges that Yelp's bid rates, conversion data, lead performance metrics, and operational details specifically related to Yelp's use of Leads or pertaining to individual Yelp campaigns ("Yelp-Specific Performance Data") constitute sensitive competitive information. Partner shall not share, disclose, or use Yelp-Specific Performance Data, or any aggregate patterns, synthetic datasets, or derivative works created from such data, to train, fine-tune, or improve any artificial intelligence or machine learning models. This prohibition includes inputting Yelp-Specific Performance Data into any third-party service for such purposes. To maintain the integrity of Yelp’s lead-buying logic, Yelp may, at its discretion, seed or "watermark" bid data in a manner that does not materially impact the quality or performance of the API for the purpose of verifying compliance with these restrictions. Partner shall implement and maintain internal controls, such as data segregation and access restrictions, to ensure that Yelp-Specific Performance Data is isolated from information pertaining to Partner's other clients. If Partner is required by law to disclose Confidential Information, it shall notify the disclosing Party within five (5) business days and cooperate to limit disclosure to the minimum required.
    8.3 Assignment: Neither Party may assign this Agreement without the prior written consent of the other Party; provided, however, that either Party may assign this Agreement to an affiliate or in connection with a merger, acquisition, or sale of all or substantially all its assets without such consent, upon written notice to the other Party.
    8.4 Entire Agreement: This Agreement, including Exhibit A, constitutes the entire agreement between the Parties regarding the subject matter herein.
    8.5 Survival: The termination or expiration of this Agreement shall not affect the rights and obligations of the Parties that are intended to survive such termination or expiration. Accordingly, the following core provisions shall survive the termination or expiration of this Agreement for any reason: all obligations related to Lead Requirements and Sourcing (Section 2), Data Transfer and Privacy (Section 3), and the Data Protection Addendum (Exhibit A), including the Partner's data warranties, indemnities, and data deletion obligations. Furthermore, the financial settlement for all Leads successfully received prior to termination (Section 5.3), the obligations under Transition Assistance (Section 5.4), the explicit clause on No Non-Circumvention (Section 6), all terms governing Indemnity, Liability, and Insurance (Section 7), Dispute Resolution (Section 8.1), the protection of Confidentiality (Section 8.2) and this Section 8.5 shall remain in full force and effect.

EXHIBIT A
DATA PROTECTION ADDENDUM
This Data Protection Addendum ("Addendum") is entered into by and between any party ("Partner" or "you") who executes an Insertion Order with Yelp Inc. ("Yelp") that references this Addendum and Yelp Inc. ("Yelp" in this Addendum) to cover the exchange of Personal Information shared by Partner with Yelp to perform the Business Purpose as set forth in the Agreement ("Business Purpose").
Partner and Yelp may each be referred to as a "Party" and/or collectively referred to as the "Parties".

  1. Definitions.
    A. "Aggregated" or "Deidentified" shall have the meanings as ascribed by Privacy Laws and all regulations and opinions issued related thereto.
    B. "Yelp Personal Information" means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household, that may be: (i) processed at any time by Partner in anticipation of, in connection with or incidental to the performance of this Addendum, including any information provided by or on behalf of Partner to Yelp, or (ii) derived by Partner from such information. Personal Information includes any data elements identified pursuant to Privacy Laws.
    C. "Consumer," "Processing" (or "process"), "Share," and "Sale," (including the terms "sell," "selling," "sold," and other variations thereof) shall have the meanings ascribed to those terms under the Privacy Laws.
    D. "Privacy Laws" may include, without limitation, as applicable under the circumstances pertaining to the collection or sharing of data, Cal. Civ. Code §§ 1798.100 et seq., as amended by the California Privacy Rights Act of 2020 (the California Consumer Privacy Act) ("CCPA"), Colo. Rev. Stat. §§ 6-1-1301 et seq. (the Colorado Privacy Act) ("CPA"), Connecticut's Data Privacy Act ("CTDPA"), Utah Code Ann. §§ 13-61-101 et seq. (the Utah Consumer Privacy Act) ("UCPA"), VA Code Ann. §§ 59.1-575 et seq. (the Virginia Consumer Data Protection Act) ("VCDPA") (collectively "Privacy Laws"), and the European Union General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR"), and applicable subordinate legislation and regulations implementing those laws. This Addendum acknowledges that Privacy Laws and regulations are subject to change and that new privacy laws may be enacted or take effect during the term of this Addendum. Partner agrees that any additional privacy laws that come into effect during the term of this Addendum shall automatically apply to the processing of Yelp Personal Information covered by this Addendum, without the need for further amendments. Any conflicts between the existing provisions of this Addendum and the new privacy laws shall be resolved in favor of the new privacy laws to the extent permitted by applicable legal requirements and solely to the extent necessary to comply with Privacy Laws.

  2. Privacy Law Compliance.
    A. Partner acknowledges and agrees that it shall process Yelp Personal Information solely as necessary to perform its obligations under this Addendum for the Business Purpose described herein (i.e., offering Leads to Yelp via a Ping-Post dynamic bidding process, and where Yelp has the winning bid, transferring consumer PII and project information to Yelp). Partner shall not: (a) sell or share Yelp Personal Information; or (b) retain, use or disclose Yelp Personal Information for any purpose other than for the Business Purpose. Partner hereby certifies that it understands the foregoing restrictions and that it shall comply with such restrictions. In no event shall Partner process the Yelp Personal Information for its own purposes or those of any third-party; provided however, Partner may utilize Yelp Personal Information in the Aggregated and Deidentified manner in connection with Partner's ordinary business practices, provided that:
    (i) it has implemented technical safeguards that prohibit reidentification of such deidentified information, including but not limited to removing all direct and indirect identifiers as required by Privacy Laws;
    (ii) it has implemented business processes that specifically prohibit the reidentification and inadvertent release of such information;
    (iii) Partner represents and warrants that all such aggregation and deidentification will be performed in compliance with all applicable Privacy Laws and industry best practices, including CCPA standards for deidentification; and
    (iv) Partner shall indemnify, defend, and hold harmless Yelp from any claims, losses, or damages arising from Partner's failure to properly aggregate or deidentify such information, with such indemnification obligation being unlimited and not subject to any liability cap in the Agreement.
    B. Partner hereby certifies, represents, warrants and covenants that it understands its obligations under the Privacy Laws and that it shall comply at all times with the Privacy Laws and this Addendum, and shall provide Yelp with all reasonably requested assistance and cooperation to enable Yelp to comply with and fulfill its obligations under Privacy Laws. Without limiting the foregoing, Partner shall, upon Yelp's request, cooperate in good faith with Yelp to modify the terms herein and/or enter into additional terms to address any modifications, amendments or updates to the Privacy Laws and/or other industry guidelines.
    C. Partner is prohibited from combining or otherwise associating Yelp Personal Information with any other data associated with the same underlying consumer, device, identifier, except as necessary to perform its obligations under the Agreement. Where it is necessary to perform its obligations under this Addendum by combining or otherwise associating Yelp Personal Information with other data associated with the same underlying consumer, device, or identifier, Partner will disassociate such Yelp Personal Information from such other data once it has completed its obligation under the Agreement with respect to such Yelp Personal Information.
    D. Partner represents, warrants, and covenants that:
    (i) All Personal Information will be collected, processed, and transferred in full compliance with applicable Privacy Laws;
    (ii) Any aggregation or deidentification of Personal Information will be performed using methods that prevent reidentification by Partner or any third party;
    (iii) Partner has implemented and will maintain technical and organizational measures sufficient to protect Personal Information against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure;
    (iv) Partner's breach of any obligation related to Personal Information protection, aggregation, deidentification, or Privacy Law compliance shall not be subject to any limitation of liability, and Partner accepts unlimited liability for any such breaches.

  3. Inquiries. In the event that Partner receives an Inquiry (as defined below), Partner shall: (a) notify Yelp in writing of the Inquiry within two (2) business days (or such other time period as Yelp may specify in writing from time to time); (b) comply with all instructions from Yelp regarding the response to such Inquiry; (c) if requested, promptly and in any case, within seventy-two (72) hours) provide Yelp with copies of documents relating to the Inquiry; (d) not refer to Yelp in any correspondence or other response to the Inquiry without Yelp's prior written consent; (e) not disclose any confidential information of Yelp to the applicable individual, third-party or authority without Yelp's prior written consent; and (f) in a timely manner, notify Yelp of, and permit a representative of Yelp to attend, any relevant inspections or proceedings. Partner shall take all other measures as requested by Yelp to respond to or otherwise address the Inquiry adequately and in a timely manner. As used herein, "Inquiry" means any request, correspondence, inquiry or complaint (including rights of access or deletion, as applicable) received from Yelp, or other individual or regulatory authority in connection with the processing of Yelp Personal Information. Partner may notify Yelp at [email protected].

  4. Security Measures. Partner shall implement and maintain technical and organizational security measures appropriate under applicable Privacy Laws to protect the Yelp Personal Information from: (1) accidental, unauthorized or unlawful destruction, loss, alteration, disclosure or access; and (2) unauthorized or unlawful processing (each, a "Security Incident"). The technical and organizational measures implemented by Partner must ensure a level of security commensurate with the risks presented by the nature and processing of such Yelp Personal Information. Such measures shall, at minimum, meet or exceed industry standards and best practices (e.g., SOC 2 compliance). Such measures shall specifically include, without limitation:
    (a) Encryption of all Personal Information in transit using Transport Layer Security (TLS) version 1.2 or higher, with strong cipher suites excluding any known vulnerable protocols;
    (b) Encryption of Personal Information at rest using AES-256 encryption or equivalent industry-standard encryption;
    (c) Secure key management practices in accordance with NIST guidelines;
    (d) Implementation of perfect forward secrecy for all API communications;
    (e) Regular security assessments and penetration testing at least annually; and
    (f) Maintenance of SOC 2 Type II certification or equivalent third-party security audit certification.
    Partner shall also ensure that all Partner personnel receive appropriate training regarding the requirements herein with respect to Privacy Law compliance, privacy and data security, and, if requested by Yelp, shall promptly certify in writing that such training has taken place.

  5. Security Incidents. In addition to any obligations set forth in the Agreement and applicable law, upon becoming aware of any actual or reasonably suspected Security Incident which adversely impacts Yelp Personal Information, Partner shall inform Yelp without undue delay, and in any event within forty-eight (48) hours following discovery thereof. Partner shall cooperate with Yelp, including without limitation, by providing Yelp with all information necessary, or otherwise requested by Yelp, in order to investigate such Security Incident (including without limitation, the names of all individuals who are affected by the Security Incident and the date, time and cause of such Security Incident). Partner shall, at its sole expense, take all measures and actions necessary to remedy or mitigate the effects of the Security Incident and shall keep Yelp informed of all developments in connection with such investigation, remediation and mitigation. Notwithstanding the foregoing, Partner shall not issue any notification or other communications to the impacted individuals or applicable regulatory bodies without Yelp's prior written consent. Partner shall pay, or reimburse Yelp, for all costs, expenses, fines and other amounts incurred in connection with the response to and remediation of the Security Incident by Partner and Yelp.
    Partner acknowledges and agrees that its obligations under this Section 5, including but not limited to reimbursement of all costs, expenses, and fines, are not subject to any limitation of liability provisions in the Agreement. Partner further agrees that any failure to properly aggregate, deidentify, encrypt, or otherwise protect Personal Information as required herein shall be deemed a Security Incident subject to this Section.

  6. Deletion or Return of Data. Upon termination or expiration of the Agreement, Partner shall destroy (or, at Yelp's election, return to Yelp or its designee) all Yelp Personal Information (including all copies and backups of the Yelp Personal Information, whether in written, electronic or other form or media) in its possession or control. At Yelp's request, Partner shall provide Yelp within ten (10) business days of such revocation, expiration or termination of such rights with a certificate in form and substance satisfactory to Yelp that such Yelp Personal Information has been destroyed. If Partner is required by applicable law to retain some or all of the Yelp Personal Information, Partner shall (and shall ensure that Partner personnel) protect such Yelp Personal Information pursuant to the terms herein (and prevent any further processing of such information) and shall destroy or return the Yelp Personal Information in accordance with this provision as soon as retention of the Yelp Personal Information is no longer required.

  7. Audit and Security Questionnaire. Upon Yelp's request (not more than annually, unless a Security Incident occurs or Yelp reasonably suspects material non-compliance), Partner shall promptly complete Yelp's written security and compliance questionnaire regarding its adherence to this Addendum. Beyond technical security, Yelp (or its third-party auditor) shall have the right to audit Partner's lead-generation flows, user interfaces, and disclosure placement to verify that the collection of Yelp Personal Information is not "deceptive" or "unfair" under FTC standards or California’s Unfair Competition Law (UCL § 17200). Partner shall provide copies of all consumer-facing screens, terms of service, and consent mechanisms used to source Leads for Yelp. If such a review reveals material deficiencies in how consent is captured or how Yelp’s brand is presented, Partner shall promptly remedy any identified deficiencies. If Partner fails to cure a material non-compliance with Privacy Laws or these transparency standards within thirty (30) days of notice, Yelp may terminate this Agreement.

  8. Partner Acknowledgement. Partner certifies that it understands its restrictions and obligations set forth above and will comply with them.

Updated 5 days ago