Customer Agreement
Last Updated: July 9, 2026 Effective: August 10, 2026
AGREEMENT AND ACCEPTANCE
This Customer Agreement (the “Agreement”) is a legally binding agreement between Rakefire LLC DBA Stoked (“Stoked,” “we,” “us,” or “our”) and the brand or community organization that subscribes to the Stoked service (“Customer,” “you,” or “your”). It governs your subscription to and use of the Stoked platform, including the admin portal, the advocate application, and the Community Sites we host for you.
You accept this Agreement by any of the following:
- An authorized representative clicking to accept it in the Stoked admin portal or during checkout;
- Executing an order form or subscription that references it; or
- Continuing to use the service after the effective date above, following our notice of this Agreement.
The person accepting on your behalf represents that they have authority to bind your organization. Any administrator of your community account is considered an authorized representative.
If there is a conflict between this Agreement and our general Terms of Service, this Agreement controls for the relationship between Stoked and Customer. Individual users of the Service — visitors to your Community Sites, advocates, prospects, and your administrators acting in their individual capacity — remain subject to the Terms of Service and our Privacy Policy.
DEFINITIONS
- “Service” means the Stoked software-as-a-service platform, including the admin portal, advocate application, messaging features, and Community Sites.
- “Community Sites” means the visitor-facing websites Stoked hosts for you on Stoked-operated domains (for example, yourbrand.stokedhq.com).
- “Customer Data” means content and data you or your advocates, prospects, and site visitors submit to the Service, including personal data of those individuals.
- “DPA” means the Data Processing Addendum attached as Annex A, which is incorporated into this Agreement and applies automatically — no separate signature is required.
ACCESS AND LICENSE
During your subscription, we grant you a limited, non-exclusive, non-transferable right to access and use the Service for your internal business purposes, in accordance with this Agreement and the plan you have purchased. You may not resell the Service, reverse engineer it, use it to build a competing product, or use it in violation of applicable law.
FEES, BILLING, AND PRICE CHANGES
- Fees are billed through our billing provider (currently Outseta) at our published pricing, on a monthly or annual cycle depending on your plan.
- You authorize us to charge your payment method for all applicable fees, and you agree to keep your billing information current.
- Subscriptions automatically renew until canceled. We will send a renewal reminder email at least 10 business days before each renewal, but you remain responsible for managing your subscription and completing any cancellation before the renewal date.
- We may change prices with at least 30 days’ notice. Price changes take effect at your next renewal — never mid-term.
- We reserve the right to correct pricing errors, even after payment has been processed.
CANCELLATION AND REFUNDS
- You may cancel anytime in the Stoked admin portal. Self-service cancellation in the app is always available and effective.
- You may also request cancellation by email at stoked-help@stokedhq.com or by phone at (740) 561-1361, but requests made by email or phone may not be honored unless submitted at least 5 business days before the renewal date.
- Cancellation takes effect at the end of the current billing period. You keep access through the end of the period you have paid for.
- No refunds are issued for unused portions of a billing period unless required by law.
YOUR TRACKING TECHNOLOGIES AND CUSTOM CODE
Stoked lets you configure analytics and other third-party technologies — such as Google Analytics, the Meta Pixel, and custom HTML or JavaScript — on your Community Sites. Even though those sites are hosted by Stoked on Stoked-operated domains, you are the party deploying any tracking technologies or custom code you configure, and any data those technologies collect flows to your own accounts, not ours. By configuring or injecting them, you agree that:
- You are solely responsible for ensuring your tracking technologies and custom code comply with all applicable laws, including privacy, wiretapping, electronic-surveillance, and data-protection laws (for example, the California Invasion of Privacy Act (CIPA), the federal Electronic Communications Privacy Act (ECPA) and similar state wiretap laws, the GDPR, and the ePrivacy Directive).
- You are solely responsible for obtaining any legally required visitor consents, providing any legally required notices and disclosures, and keeping your privacy policy accurate and up to date with respect to those technologies.
- Stoked provides a built-in cookie consent banner that gates configured trackers behind visitor consent by default. The banner is provided as a compliance aid only. It is not a guarantee that your use of any tracking technology complies with applicable law, and nothing we provide is legal advice. You must make your own compliance determinations.
- Bypassing or circumventing the consent gating — including placing tracking, analytics, session-replay, or similar scripts in fields that load without visitor consent (such as the “Essential Code” fields) — is a violation of this Agreement and is done at your sole risk. We may remove or disable any such code and may suspend or terminate your account.
For personal data you cause to be collected through your own tracking technologies and custom code, you — not Stoked — determine the purposes and means of that collection, and Stoked is not a processor or service provider with respect to it.
INTELLECTUAL PROPERTY AND CUSTOMER DATA
- Stoked owns the Service and everything in it — software, source code, designs, trademarks, and documentation. No rights are transferred to you except the access right granted above.
- You own your Customer Data. You grant us a license to host, process, transmit, and display Customer Data as needed to provide the Service, and as described in the DPA.
- You are responsible for the accuracy and lawfulness of Customer Data and for having the rights and permissions needed to submit it to the Service.
- We may use feedback you provide about the Service without restriction.
CONFIDENTIALITY
Each party may receive non-public information from the other that is marked confidential or that a reasonable person would understand to be confidential (including Customer Data, on your side, and non-public product and pricing information, on ours). Each party agrees to protect the other’s confidential information with at least reasonable care, to use it only to perform under this Agreement, and not to disclose it except to employees, agents, and subprocessors who need it and are bound by comparable obligations, or as required by law (with notice to the other party where legally permitted). These obligations continue for 3 years after termination, and indefinitely for personal data and trade secrets.
WARRANTIES AND DISCLAIMERS
We will provide the Service using commercially reasonable skill and care, and we will use commercially reasonable efforts to keep it available. However:
- We do not offer a service-level agreement (SLA), uptime guarantee, or service credits.
- The Service is provided “as is” and “as available.” To the maximum extent permitted by law, we disclaim all other warranties, express or implied, including merchantability, fitness for a particular purpose, and non-infringement.
- We do not warrant that the Service, including the cookie consent banner, will satisfy your legal or regulatory obligations. Compliance determinations are yours to make.
LIMITATION OF LIABILITY
TO THE MAXIMUM EXTENT PERMITTED BY LAW:
- Neither party is liable for indirect, incidental, special, or consequential damages, or for lost profits or lost data, arising out of this Agreement.
- Stoked is not liable for any damages, claims, fines, or penalties arising from tracking technologies or custom code that you configure or inject on your Community Sites.
- Each party’s total liability under this Agreement will not exceed the fees you paid us in the 12 months before the event giving rise to the claim.
These limits do not apply to your indemnification obligations below, to your payment obligations, or to either party’s liability that cannot be limited under applicable law.
INDEMNIFICATION
You agree to indemnify, defend, and hold harmless Rakefire LLC DBA Stoked and its officers, employees, and agents from and against any third-party claims, demands, actions, investigations, damages, losses, liabilities, fines, penalties, costs, and expenses (including reasonable attorneys’ fees) arising out of or related to:
- Any tracking technologies, analytics tools, pixels, cookies, session-replay tools, chat widgets, or custom HTML or JavaScript that you configure, inject, or enable on your Community Sites, including any claim that such technologies violate privacy, wiretapping, electronic-surveillance, consumer-protection, or data-protection laws (for example, CIPA, ECPA and state wiretap analogues, the GDPR, or the ePrivacy Directive), whether the claim is brought against you, against Stoked, or against both.
- Your Customer Data, including data you collect from visitors to your Community Sites.
- Your violation of any applicable law or of this Agreement.
We will give you prompt written notice of any claim subject to this section; our failure to do so does not relieve you of your obligations except to the extent you are materially prejudiced by the delay. You will control the defense and settlement of the claim, except that you may not settle any claim in a way that admits fault on our behalf or imposes any obligation on us without our prior written consent. We may participate in the defense with counsel of our own choosing at our own expense. If you fail to promptly assume the defense, we may defend the claim ourselves at your expense. Your indemnification obligations are not subject to, and are not limited by, the Limitation of Liability section above.
TERM AND TERMINATION
- This Agreement runs for as long as you have an active subscription.
- Either party may terminate for material breach if the breach is not cured within 30 days of written notice describing it. We may suspend or terminate immediately for breaches that create legal exposure or harm to the Service or others — including placing tracking scripts in consent-bypassing fields — or for non-payment.
- If we decide to discontinue the Service entirely, customers will receive at least 3 months’ notice before shutdown.
- For 30 days after termination or expiration, you may export your Customer Data from the Service. After that window, we will delete Customer Data from active systems as described in the DPA, except where retention is required by law.
- Sections that by their nature should survive termination do survive, including Confidentiality, Limitation of Liability, Indemnification, Governing Law, and accrued payment obligations.
DATA PROTECTION
The DPA in Annex A governs our processing of personal data in Customer Data on your behalf. It applies automatically to every customer — no signature required — and is part of this Agreement.
MODIFICATIONS
We may modify this Agreement by giving you at least 30 days’ notice by email or in the admin portal. Changes take effect at the end of the notice period. If a change materially reduces your rights and you object, you may cancel before it takes effect; continued use after the effective date constitutes acceptance.
GOVERNING LAW AND DISPUTE RESOLUTION
This Agreement is governed by the laws of the State of Ohio, without regard to its conflict-of-laws rules.
Before initiating arbitration, both parties agree to attempt to resolve disputes informally for at least 30 days. If a resolution is not reached, disputes shall be settled through binding arbitration under the rules of the American Arbitration Association (AAA). Arbitration will take place in Athens County, Ohio, United States. Either party may bring claims in small claims court if the claim does not exceed $5,000, and either party may seek injunctive relief in court to protect its intellectual property or confidential information.
GENERAL
- This Agreement, together with the DPA and any order form, is the entire agreement between the parties about the Service and supersedes prior discussions.
- You may not assign this Agreement without our consent, except to a successor in a merger or sale of substantially all assets. We may assign it to an affiliate or successor.
- If any provision is unenforceable, the rest remains in effect.
- Notices to us go to stoked-help@stokedhq.com or Rakefire LLC DBA Stoked, 29 East Carpenter, Athens, OH 45701, United States. Notices to you go to your account’s administrator email addresses.
ANNEX A: DATA PROCESSING ADDENDUM
This Data Processing Addendum (“DPA”) is part of the Customer Agreement and applies whenever Stoked processes personal data contained in Customer Data on your behalf. It applies automatically — no signature is required.
ROLES
For personal data of your advocates, prospects, and Community Site visitors that we process to provide the Service, you are the controller (or a processor acting for another controller) and Stoked is your processor (a “service provider” under U.S. state privacy laws).
This DPA does not cover: (a) data collected by tracking technologies and custom code you configure, which flows to your own accounts and for which Stoked is not a processor; or (b) account and billing data about you and your administrators, which Stoked processes as an independent controller under its Privacy Policy.
SCOPE, PURPOSE, AND DURATION
- Subject matter and purpose: hosting and operating your Community Sites, advocate messaging (SMS and, when available, WhatsApp), email, advocate and prospect management, and related support.
- Types of personal data: names, contact details (email, phone), locations provided by users, message content, profile content, and usage data connected to identified users.
- Categories of data subjects: your advocates, prospects, community members, site visitors, and administrators.
- Duration: the term of the Customer Agreement plus the deletion period below.
OUR OBLIGATIONS AS PROCESSOR
- Documented instructions. We process personal data only on your documented instructions — this Agreement, your configuration of the Service, and other written instructions — unless required by law, in which case we will tell you before processing (unless the law forbids it). We will inform you if we believe an instruction violates applicable data protection law.
- Confidentiality. Personnel authorized to process personal data are bound by confidentiality obligations.
- Security. We maintain appropriate technical and organizational measures, including encryption in transit, encrypted storage of sensitive configuration values, role-based access controls, audited administrative access, and hosting with providers that maintain industry-standard certifications (e.g., SOC 2). We will not materially reduce the overall security of the Service during your subscription.
- Assistance with data subject requests. Taking into account the nature of the processing, we will assist you with reasonable measures to respond to requests from data subjects exercising their rights (access, deletion, correction, portability, objection). If a data subject contacts us directly about your community, we will redirect them to you.
- Assistance with your obligations. We will provide reasonable assistance with your data protection impact assessments and consultations with supervisory authorities, insofar as they relate to our processing.
- Breach notification. We will notify you without undue delay after becoming aware of a personal data breach affecting your Customer Data, and provide information reasonably available to us to help you meet your own notification obligations.
- Deletion and return. For 30 days after termination, you may export your Customer Data. After that window, we will delete personal data in Customer Data from active systems within a reasonable period, and from backups on their normal expiration cycle, unless retention is required by law.
- Audits. We will make available information reasonably necessary to demonstrate compliance with this DPA, including summaries of security documentation and third-party attestations from our hosting providers. If that information is insufficient to meet a legal requirement, you may request an audit — at most once per year, on reasonable notice, during business hours, at your expense, and without access to other customers’ data.
SUBPROCESSORS
You give general authorization for us to use the subprocessors below. We will notify customers (by email or in the admin portal) at least 15 days before adding or replacing a subprocessor that processes Customer Data; if you reasonably object on data protection grounds and we cannot offer an alternative, you may cancel your subscription. We remain responsible for our subprocessors’ performance, and we bind them to data protection obligations comparable to this DPA.
| Subprocessor | Purpose |
|---|---|
| Heroku (Salesforce) | Application hosting and database |
| Amazon Web Services | File storage (S3) |
| Twilio | SMS and voice messaging (WhatsApp planned) |
| Postmark (ActiveCampaign) | Transactional email delivery |
| Outseta | Customer billing and CRM |
| OpenAI | Content moderation and message-drafting assistance |
| Honeybadger | Error monitoring |
| Skylight | Application performance monitoring (may process incidental request data) |
| Cloudflare | CDN, DNS, and IP-based geolocation |
| Stadia Maps | Geocoding of user-provided locations |
| Mapbox | Geocoding of user-provided locations |
INTERNATIONAL TRANSFERS
Where our processing involves transferring personal data from the European Economic Area, the United Kingdom, or Switzerland to a country without an adequacy decision, the transfer is governed by the European Commission’s Standard Contractual Clauses (Controller-to-Processor, Module 2, Decision (EU) 2021/914), which are incorporated into this DPA by reference, together with the UK International Data Transfer Addendum and Swiss adaptations where applicable. In the event of a conflict between the Standard Contractual Clauses and this DPA, the Standard Contractual Clauses control.
CONTACT
Questions about this DPA: stoked-help@stokedhq.com
© 2026 Rakefire LLC DBA Stoked