Juice OCPP Proxy Terms

1. Overview & Scope

Juice provides a hosted OCPP proxy that normalizes and routes OCPP 1.6J and 2.0.x traffic between participating CPOs/EVSE operators and authorized third‑party integrators. The service includes endpoint provisioning, device registry, event streaming/webhooks, observability, and relay of allowed remote commands. The proxy can support sessions initiated by a variety of authorization methods, including Plug & Charge, Autocharge, cards, App, QR, and NFC.

Juice does not operate physical Sites or chargers and is not a CPO. You remain responsible for your Sites, devices, signage, safety, pricing, and regulatory compliance.

2. Parties & Roles

• CPO/EVSE Operator (“CPO”) — controls Sites and chargers; is the data controller for charger‑originated data.
• Integrator — a third‑party software provider that, with CPO authorization, receives data and may issue commands via the proxy.
• Juice — provides the proxy platform as a service provider/processor to the CPO.

Where permitted by the CPO, Integrators may act as Juice’s sub‑processor or, in some cases, as an independent controller receiving data from the CPO. The applicable model is designated in the authorization flow.

3. Access & Authorization

Proxy access for any Integrator requires explicit CPO authorization specifying Scopes (e.g., data categories, command types) and Assets (tenants/sites/charger groups). The CPO may modify or revoke authorization at any time; revocations take immediate effect and suspend Integrator access to affected scopes/assets.

Juice may temporarily suspend access to address security, legal, or operational risk, or to comply with regulator or CPO instructions.

4. Onboarding & Integration

• Certificates & endpoints. Exchange OCPP endpoints and certificates/keys; complete sandbox tests.
• Rate limits. Reasonable per‑tenant rate limits apply; limits are shown in the portal and may be adjusted to protect stability.
• Change control. Non‑material improvements may be introduced from time to time. Material changes that degrade functionality require prior notice.

5. Fees, Billing & Taxes

Simple fee schedule. We provide a clear fee schedule to you in writing during onboarding or when you activate the proxy. If fees change, we will notify you in writing before they take effect. If you do not agree, you may disable the proxy or terminate under Section 15 before the effective date.

Auto‑processed charges. Standard proxy fees are automatically processed using the payment method on file (e.g., monthly subscription/usage). No separate invoice is required.

Separately invoiced services. Certain add‑on services (for example, bespoke mapping, extended support, or professional services) may be invoiced separately on Net 30 terms. Disputes must be raised within 30 days of invoice date; undisputed amounts remain payable.

Taxes. Fees are exclusive of taxes. You are responsible for applicable taxes, duties, and levies.

6. Service Levels & Support

Availability. The proxy targets 99.9% monthly availability, excluding scheduled maintenance (notice ≥48h; typically ≤2h/month) and upstream carrier/utility failures. Confirmed shortfalls may yield service credits as set out in Annex B; credits are your sole remedy for availability issues.

Support. Standard support via the portal/email during published hours; escalations per the support runbook.

7. Data Use, Privacy & Security

Ownership. As between the parties, the CPO owns charger‑originated data. Juice owns the proxy platform and de‑identified/aggregated analytics that do not reasonably identify a person or customer.

Use. Juice and any authorized Integrator may process data solely to deliver the proxy and permitted features for the CPO. No resale or sharing beyond the scopes authorized by the CPO.

Privacy. The Data Processing Addendum in Annex A applies where data includes personal data. Where relevant, EU SCCs/UK Addendum are incorporated for international transfers.

Security. Juice applies industry‑standard safeguards (encryption in transit/at rest; least‑privilege access; MFA for privileged accounts; vulnerability management; monitoring; incident response) and will notify the CPO without undue delay of personal‑data breaches affecting CPO data.

Retention. Operational logs are retained up to 12 months unless law requires longer or you configure shorter retention.

8. Commands & Event Handling

Remote commands are relayed only within the CPO’s allowlist and authorization scopes. The CPO remains responsible for device behavior and safety. Juice logs command origin, target, and status for auditability. See Annex C for an indicative matrix.

9. Third‑Party Connectors

Enabling a connector authorizes the minimum necessary data exchange and/or command execution within configured scopes/assets. Third‑party terms and privacy policies apply to those services. Juice does not control and is not responsible for third‑party services. Juice may remove or suspend a connector for security, legal, or operational reasons.

10. Acceptable Use

You will not: (a) violate law or third‑party rights; (b) bypass security, rate limits, or access controls; (c) submit malicious code; (d) access scopes/assets not authorized; (e) interfere with platform operation; or (f) misrepresent data origin or pricing to customers.

11. Intellectual Property

Juice retains all rights in the proxy platform, software, and improvements. The CPO retains rights in its data and configurations; Integrators retain rights in their applications/models. No joint IP is created by default; any co‑development requires a separate written addendum.

12. Warranties & Disclaimers

Juice warrants the proxy will be provided in a professional and workmanlike manner. Except as expressly stated, the proxy is provided “as is,” without implied warranties of merchantability, fitness, or non‑infringement. Beta/preview features are provided “as is,” may change or be discontinued, and are excluded from SLAs.

13. Indemnities

By Juice (IP). Juice will defend and indemnify against third‑party claims that the proxy, as provided, directly infringes IP rights, subject to standard exclusions (combinations not provided by Juice; use contrary to docs; continued use after notice where a non‑infringing alternative is offered).

By Customer (CPO/Integrator). You will defend and indemnify Juice against claims arising from your Sites/Assets/configuration, violations of law or network rules, misuse of commands/scopes, or your third‑party services.

14. Limitation of Liability

Except for (i) IP indemnity; (ii) breach of confidentiality; and (iii) a data‑security breach caused by a party’s failure to maintain reasonable security: each party’s aggregate liability under these Terms is limited to the fees paid or payable to Juice for the proxy in the 12 months preceding the claim. No indirect, incidental, special, consequential, or punitive damages.

15. Suspension & Termination

These Terms begin on acceptance and continue until terminated. Either party may terminate with 30 days’ notice or immediately for material breach, illegal activity, or safety/security risk. The CPO may require immediate suspension of an Integrator’s access. On termination or revocation, Juice ceases processing for affected scopes and will delete/return data per Annex A. Transactions already initiated may be completed to protect end users and prevent fraud.

16. Publicity & Marks

Public announcements require mutual written consent. Factual listings of names/logos require prior written consent (email is sufficient).

17. Governing Law & Venue

These Terms are governed by Delaware law. The parties submit to the exclusive jurisdiction of the state and federal courts located in New York County, New York.

18. Miscellaneous

• Notices. Provided via the portal UI and email to admin contacts.
• Force majeure. Neither party is liable for delays due to events beyond reasonable control.
• No waiver; severability. No waiver unless in writing. If a provision is unenforceable, the remainder remains effective.
• Assignment. Permitted to an affiliate or in a merger/asset sale with notice and assumption of obligations.
• Entire agreement. These Terms and any in‑product supplemental terms and written fee notices constitute the entire agreement for the proxy service.

Annex A — Data Processing Addendum (DPA)

Roles. For personal data, the CPO is Controller and Juice is Processor. If authorized, an Integrator may be a Sub‑processor to Juice or an independent Controller receiving data directly from the CPO.

Subject‑matter & duration. Processing to deliver the proxy and enabled features for the term and wind‑down.

Nature & purpose. Ingestion/normalization; eventing/observability; credential/authorization signals (e.g., Plug & Charge, Autocharge, App, QR/NFC tokens); command relay; logging; support; security.

Categories. Charger/connector IDs; device metadata; session/transaction and meter values; status/health; minimal driver identifiers if present in OCPP payloads (e.g., token IDs); audit logs.

Security measures. Encryption in transit/at rest; access controls; MFA for privileged accounts; segmentation; monitoring/logging; vulnerability management; incident response; secure development practices. Summaries of third‑party audit reports (e.g., SOC/ISO) may be provided under NDA.

Sub‑processing. Juice may use infrastructure/analytics/support sub‑processors and remains liable for them; equivalent obligations apply. Material changes will be notified with a reasonable opportunity to object.

International transfers. Where applicable, EU Standard Contractual Clauses (Modules 2/3) and the UK Addendum are incorporated. Transfer impact assessments available under NDA.

Assistance. Juice will reasonably assist with data subject requests, DPIAs, and supervisory consultations.

Retention & deletion. Default log retention ≤ 12 months unless configured shorter or required longer by law. On termination or written instruction, Juice will delete/return personal data and delete backups within standard cycles, unless legally required to retain.

Audits. No more than annually (unless required by regulator or incident), reasonable audit information or third‑party reports may be requested. On‑site audits occur only where legally required and subject to confidentiality and scheduling.

Annex B — Technical SLA

• Availability target: 99.9%/month, excluding scheduled maintenance and upstream failures.
• Latency targets: median command relay < 500 ms from receipt to dispatch; 95th percentile < 1.5 s (in‑region).
• Command success: target ≥ 98% excluding device/firmware faults and CPO‑side outages.
• Maintenance windows: typically ≤ 2 hours/month with ≥ 48 hours’ notice.
• Credits: up to 25% of the affected month’s proxy fees; credits are the sole remedy for SLA deviations.
• Support response targets (business hours): P1 within 1 hour; P2 within 4 hours; P3 within 1 business day.

Annex C — OCPP Command & Event Matrix (Indicative)

Events (CPO → Proxy → Integrator): Boot/Status notifications, Heartbeat, Transaction/session start/stop, Meter values, Diagnostics/firmware status, Reservations, Alarms.

Commands (Integrator/CPO App → Proxy → Charger), subject to CPO allowlists:

• OCPP 1.6J: RemoteStartTransaction, RemoteStopTransaction, UnlockConnector, ReserveNow, CancelReservation, SetChargingProfile, ClearChargingProfile, Reset, ChangeConfiguration, GetConfiguration, TriggerMessage, GetDiagnostics, UpdateFirmware (where supported).
• OCPP 2.0.x: RequestStartTransaction, RequestStopTransaction, UnlockConnector, ReserveNow, CancelReservation, SetChargingProfile, ClearChargingProfile, UpdateFirmware, Get/Set Variables, TriggerMessage, Diagnostics status (where supported).

Actual availability depends on charger firmware, CPO policy, and regional regulations.

Annex D — Security Summary

• TLS for OCPP over WebSocket/HTTP(S); mutual auth where supported.
• Per‑tenant isolation; role‑based access; least‑privilege service accounts.
• Hardened ingress; WAF/rate limiting; payload validation and schema checks.
• Continuous vulnerability management and dependency monitoring.
• Security incident response with prompt notifications to affected CPOs.