ResNexus (Convoyant LLC) and ThinkReservations (DeepThink LLC) have come to a settlement agreement. As part of the settlement, ThinkReservations has agreed to never again access ResNexus' back office without permission. The penalty if they do so is $2,000,000.

We want to take a moment to explain to the bed and breakfast industry the reasons behind our lawsuit against ThinkReservations.

To illustrate why we decided to proceed with legal action against ThinkReservations, consider the following scenario:

How would you feel if one day at your bed and breakfast, you found the owner of the bed and breakfast across town—your main competitor—in one of your guest rooms carrying the guest's luggage?

When asked why they are there, they respond, "I'm just getting the guest's luggage. They have decided they want to stay with me." When you let them know that they are trespassing on your property without your permission, your competitor responds with "No. Your guest gave me their room key and told me I could get their luggage. Therefore, I'm not trespassing."

How would you feel if, after telling the competitor not to trespass and that you would willingly retrieve the guest's luggage, you catch them doing it over and over again? How would you protect your business when guests are loaning out their keys?

How would you feel if they only stopped once you sought legal action?

Since the beginning of ResNexus, any business that has wanted to leave ResNexus to use a different property management system can export—or ask for an export of—their reservation and guest data. This is a tech industry standard and provides the business with their data without giving any third parties access to protected areas of a service or product.

Prior to this lawsuit, ThinkReservations did not ask ResNexus for any exports, and they did not ask us to improve our export process.

Instead, ThinkReservations built a custom hacking program to gather information from inside ResNexus. They used the client's ResNexus username and password to enable access for this program. Any act of gaining unauthorized access by itself goes against PCI and GDPR compliance.

When confronted, ThinkReservations replied that they were "scraping." Scraping is often employed by using a computer program to extract publicly available data from another source. There are lots of ways to lawfully "scrape" online sources, provided that proper authorization is acquired. "Hacking" is gaining access to protected programs/data by acquiring a username and password or bypassing authentication entirely in order to gain access to protected areas of a program. ResNexus was asking the court to determine if ThinkReservations was hacking, or scraping without the proper authorization and whether that is permissible under law.

When ResNexus discovered that ThinkReservations was hacking ResNexus with borrowed credentials, ResNexus asked ThinkReservations to stop. Even after receiving a cease and desist letter from our legal counsel, ThinkReservations continued. Even after ResNexus put in place new security measures to prohibit unauthorized access, ThinkReservations continued to try to find ways around these measures, and did not stop trying to access ResNexus until they were served a lawsuit from ResNexus.

ResNexus' Subscription Agreement prohibits ResNexus clients from sharing their username and password with anyone, and the Agreement has direct language prohibiting such sharing with other third parties and competitors. The Agreement states there is a $5,000 fine for doing so. By requesting client credentials, ThinkReservations was encouraging ResNexus clients to violate the terms of the ResNexus Agreement."

In addition, with constant access to the ResNexus back office, ThinkReservations had access to current and new features, updates and trade secrets.

The lawsuit between Convoyant LLC (ResNexus) and DeepThink LLC (Think Reservations) is public record, and anyone can look up the different motions, responses, and judgments at the links at the end of this page.

It was ResNexus' claim that this unauthorized access to our system by ThinkReservations is illegal and violates multiple federal and state laws. While there are many complex and technical aspects to these violations, a brief description of each claim is listed below. ResNexus was seeking judgment on the following items:

ResNexus is seeking judgment on the following items:

1. VIOLATIONS OF THE COMPUTER FRAUD AND ABUSE ACT (CFAA): 18 U.S. Code § 1030
ResNexus claimed that Think Reservation's actions constitute violation of the CFAA. While the facets of this act are quite complex, the simple definition prohibits anyone from "accessing a computer without authorization, or in excess of authorization," so long as that computer has been used in interstate commerce or by a financial institution. It is ResNexus' assertion that by intentionally accessing ResNexus password-protected servers without authorization, ThinkReservations was in violation of this statute. While accessing customer's computers, they also knowingly caused the transmission of a program (their scraping tool), which ResNexus asserts increased security risk, as well as negatively affecting ResNexus server performance.

2. VIOLATIONS OF THE STORED COMMUNICATIONS ACT (SCA) 18 U.S. Code § 2701
The SCA essentially gives you the right to sue for relief if someone else accesses electronic information you store without your authorization. Here, by gaining unauthorized access to the ResNexus back office, ThinkReservations had access to ResNexus stored communications in electronic storage. This communication included announcements, bug fixes, user agreements, and any other communication between ResNexus and our subscribers.

3. VIOLATIONS OF THE FEDERAL DEFEND TRADE SECRETS ACT (DTSA) 18 U.S. Code § 1836
The DTSA provides a private civil cause of action for victims of trade secret espionage or theft where a trade secret has been misappropriated. In other words, it protects companies from having their trade secrets stolen or accessed without authorization.

Because ThinkReservations gained unauthorized access to ResNexus' stored communications, they had access to see all of the "products in beta," bug fix announcements, front-end code of the ResNexus software, the back office support portal, back office design, etc. In short, having access to all of this information provided ThinkReservations the ability to know confidential and valuable information about ResNexus' business. In so doing, if they wanted to, they could use this information to their competitive advantage.

4. CIVIL CONSPIRACY
A civil conspiracy can occur when two or more people conspire to commit an act that is unlawful, and another person is injured by the act.

ResNexus claims that by soliciting the login information (username and password) from ResNexus subscribers, ThinkReservations violated the civil conspiracy laws of both Utah and Washington state. The solicitation of the login credentials allowed ThinkReservations unauthorized access to the ResNexus system to run their scraping program on the ResNexus servers. This violated the ResNexus Subscriber Agreement, allowed ThinkReservations to make money from charging the customer for the scraping service, and resulted in ResNexus losing customer revenue.

5. TORTIOUS INTERFERENCE WITH CONTRACT AND/OR BUSINESS EXPECTANCY
Tortious interference, also known as intentional interference with contractual relations, occurs when one party intentionally damages someone else's contractual or business relationships with a third party, causing economic harm. It is ResNexus' claim that ThinkReservations engaged in Tortious Interference by soliciting ResNexus subscribers to violate their Subscriber Agreements by providing ThinkReservations with their login credentials (username and password).

ResNexus has a valid contractual relationship with each of its subscribers that provided login credentials to ThinkReservations. Each subscriber agreed to abide by the Subscriber Agreement and ResNexus reasonably expected its subscribers to renew their respective Agreements.

Each of these ResNexus subscribers had a continuing obligation to abide by the Subscriber Agreement and agree to refrain from divulging login credentials, systematically scraping and exporting data, and sharing ResNexus trade secret information. ResNexus reasonably expects all subscribers to comply with every provision in the Subscriber Agreement as described above.

ResNexus believed that ThinkReservations had knowledge that its actions would be unlawful and had knowledge of the valid business relationships of ResNexus. Because ThinkReservations is a competitor in the hospitality management software industry, ThinkReservations knew or should have known that ResNexus' subscribers would be subject to contractual obligations of a Subscriber Agreement. Also, because it is a competitor in the hospitality management software industry, ThinkReservations knew or should have known that scraping subscriber data would not be within the accepted practices to comply with GDPR and PCI standards.

Further, by virtue of logging into the ResNexus platform, ThinkReservations would have had access to the Subscriber Agreement and would have gained actual knowledge of its restrictions. Further still, by virtue of being expressly notified that its actions induced violations of the Subscriber Agreement, ThinkReservations was again placed on actual notice that its actions were improper.

6. UNFAIR COMPETITION
ResNexus claims that the unauthorized access to our system by ThinkReservations in order to run their scraping program created an unfair competition between ThinkReservations and ResNexus in multiple ways.

First, as mentioned before, the unauthorized access gained by ThinkReservations provided access to stored communications between ResNexus and its subscribers. This included announcements of products in beta, bug fixes, and other information describing programming plans and information. Imagine the competitive advantage you could have with access to see the inner workings of your biggest competitor.

Second, ThinkReservations would solicit ResNexus subscriber login credentials to run their program. This program would access and scrape all the data in the subscriber's ResNexus account. This data would be used to quickly and programmatically create a new account within ThinkReservations. This means that many subscribers would be live and running with their new ThinkReservations account before ResNexus was aware that the subscriber was terminating the relationship. This afforded no recourse for ResNexus to attempt to "save" the subscriber relationship.

Third, this quick turnaround created an unfair advantage in payroll cost. Whenever a property wishes to leave their current provider and move to ResNexus, ResNexus does not log into competing software to obtain their data. Instead ResNexus asks each new property to send them their data. ResNexus employs an onboarding team that receives the data and uploads it into the property's new account and then completes the account setup. Much of the work is manual. However, by gaining unauthorized access and using the scraping program, ThinkReservations is able to programmatically complete this without having to employ an onboarding team.

Lastly, ThinkReservations gained monetarily from this scraping tool. Many of these properties were charged hundreds of dollars in "setup" fees in order for them to use the scraper and quickly create their account. ThinkReservations directly made money due to gaining unauthorized access to the ResNexus system.

7. TRESPASS TO CHATTELS
"Trespass to chattels" refers to the use of property without permission of the owner. Similar to previous claims made above, ResNexus asserted that ThinkReservations violated both Utah and Washington state trespass to chattels laws by soliciting subscriber login data and gaining unauthorized access into the ResNexus back office system.

8. UNJUST ENRICHMENT
This is similar to unfair competition, but is brought under state law. Put plainly, it is when one party uses another party to become enriched. The former, without paying the latter as per the appropriate restitution required by law, receives a benefit. This is deemed as unjust enrichment.

As ThinkReservations gained unauthorized access to the ResNexus system, used that access to build a scraping tool based on ResNexus front-end code, charged subscribers money to use their scraping tool, gained access to ResNexus' password-protected and stored communications, used the scraping tool to avoid payroll costs, and encourage ResNexus subscribers to violate their Subscriber Agreements, ResNexus asserts that this has directly enriched ThinkReservations without compensation to ResNexus.

As many in the industry know, ResNexus and ThinkReservations are competitors in the bed and breakfast industry, providing Property Management Software (PMS) to thousands of businesses throughout the industry. Each business tries to build products and integrations to give their customers the best user experience possible. It was a joint ResNexus and ThinkReservations integration that became the catalyst for the lawsuit. 

In July of 2020, ThinkReservations and Select Registry began making an online "booking engine" for the Select Registry website. This would allow Select Registry to show the availability of all its member properties and allow guests to book reservations directly on the Select Registry website. This is similar to OTAs (online travel agencies) such as Expedia or Airbnb.

Both Select Registry and ThinkReservations invited ResNexus to participate in this integration so that Select Registry members that use ResNexus could participate in the Select Registry booking engine.

ResNexus has a similar product that provides websites for regional and state associations. ResNexus agreed to integrate with Select Registry in return for ThinkReservations' cooperation to integrate with ResNexus' association product. It was a unanimous agreement that all parties involved felt was a win-win for them, as well as the industry as a whole.

ResNexus signed a contract for the tri-party Select Registry integration. However, when it came time for ThinkReservations to integrate with ResNexus' association product, they refused to sign the contract. ThinkReservations objected to a provision in the contract that would prohibit ThinkReservations from "scraping" the ResNexus system.

The fact that ThinkReservations was insisting that this provision be taken out of the contract was very suspicious to ResNexus. Anti-scraping provisions are a very normal part of contracts dealing with technology. The contracts normally are issued so that the companies don't scrape information from public facing websites of their partners. This anti-scraping policy is a standard provision in all ResNexus contracts, and has been required of ResNexus by a majority of partner integrations.

To attempt to resolve the impasse, ResNexus Vice President Nathan Mayfield and ThinkReservations CEO Richard Aday met on a call in September of 2020 to discuss the contract. During that call, Mr. Aday admitted that ThinkReservations did not want to sign the contract because ThinkReservations does in fact use automated tools to scrape/hack the ResNexus system.

Mr. Aday admitted that whenever a property wanted to switch PMS providers from ResNexus to ThinkReservations, ThinkReservations would encourage the property to breach its user agreement with ResNexus and give their ResNexus login username and password to ThinkReservations.

ThinkReservations would then log in as the customer and run an automated program to scrape all data from the customer's ResNexus account. This would assist ThinkReservations in quickly and programmatically creating the new user account within ThinkReservations. Thus, ThinkReservations would not have to hire a team of people to gather information and create new user accounts.

By gaining the login credentials from ResNexus customers, ThinkReservations had unfiltered access to password-protected ResNexus information such as the internal announcements shared with customers regarding new products, bug fixes, etc. All of this in complete opposition and defiance to the ResNexus user agreement.

After hearing Mr. Aday's admission that ThinkReservations was gaining unauthorized access to the ResNexus system, Mr. Mayfield asked Mr. Aday to stop. Mr. Aday not only claimed they had the right to do so, but he also told Mr. Mayfield that they would encourage ResNexus to reciprocate. Hacking (gaining unauthorized access) is illegal by definition and ResNexus wanted no part of reciprocating.

Mr. Mayfield warned Mr. Aday that if they did not stop, ResNexus would most likely pursue legal action. Upon hearing this, Mr. Aday ended the phone call and also terminated the Select Registry integration contract.

ResNexus reached out in the following three days to try to work out a compromise, but were rebuffed by ThinkReservations. Within a few days, ThinkReservations again engaged in hacking by using username and passwords obtained by ResNexus clients. Upon discovering this, ResNexus put additional protections in place to stop ThinkReservations from scraping and again asked that they cease their activity. Even after these two requests, ThinkReservations continued to try to circumvent ResNexus' new protections.

ResNexus sent an official cease and desist letter to ThinkReservations. Even after an official cease and desist letter, ThinkReservations continued trying to gain access.

It became clear that ThinkReservations did not respect ResNexus' requests to stop the hacking, and that they were going to try to keep building tools to circumvent the added system protections. The only way to stop this activity was to bring legal action.

It is telling that ThinkReservations agreed to stop its scraping only after ResNexus filed the lawsuit. 

False Statement #2: 
"...ResNexus admitted in the lawsuit that it also has logged into property management systems using username and password information."

It is ResNexus policy not to log into a competing system but to give them instructions on how to extract guest and reservation data. If employees were to do so, it would be against company policy that is provided during training. When brought to management's attention, they would be told to stop doing so.  
After discovering this claim, ResNexus has asked for details about who "admitted" that ResNexus does so and on what occasion. The lawsuit did not get to depositions, so proof would have to come from an email or statement from CEO James Mayfield stating that company policy was such, which it is not. If other leadership at ResNexus thought so, they would be incorrect.  
ThinkReservations had to have a company policy to ask for ResNexus credentials because their hacking program relied on a ResNexus username and password. ResNexus relied on receiving guest and reservation information normally in .csv files.

A factually correct statement would be: "ResNexus company policy has been and continues to be to not ask for credentials to any competing product."

False Statement #3:
"...ThinkReservations did not "encourage" any violation of any agreement. ThinkReservations assisted customers in obtaining their data from ResNexus so they could transfer services (at the request of the customer)."

ThinkReservations' hacking program required businesses to give over their ResNexus credentials. That had to be communicated from ThinkReservations to ResNexus clients in order to use the ThinkReservations hacking program. This is clear tortious interference; encouraging ResNexus clients to violate their ResNexus Subscriber Agreement for the gain of ThinkReservations.  
Even if ResNexus clients used the ThinkReservations hacking program directly, the client would be in violation of the ResNexus Subscriber Agreement since Section 12 states "The Subscriber is entirely responsible for maintaining the confidentiality of its passwords and account".

A factually correct statement would be: "ThinkReservations committed tortious interference by inviting ResNexus clients to violate their ResNexus Subscriber Agreement by asking or insisting ResNexus clients share their ResNexus credentials with ThinkReservations for use of their hacking program. ThinkReservations gained monetarily via setup fees and an unfair advantage by doing so."

False Statement #4: 
"...It is telling that ResNexus began providing its customers with data needed to transfer services after it filed the lawsuit."

ResNexus made improvements to its export processes since 2005 upon request from its clients and even competitors. Proof of this was provided to ThinkReservations during the discovery portion of the lawsuit.  
According to our records, ThinkReservations never asked for any improvements. In discovery, it is our understanding that ThinkReservations confirmed this. If they wish to clarify, we welcome them to provide emails or client statements where ThinkReservations or their clients asked for ResNexus export improvements.  
ThinkReservations only asked for improvements once they could no longer use their hacking program due to the lawsuit. The improvements were minor and thus disproves that ResNexus clients couldn't get the "data needed". For decades, other competitors used the export data provided.  
There is no industry standard with regards to "data needed" in the hospitality software industry. Each provider can determine the manner and details as far as exporting data. Even if a client asked for improvements it is up to the company to determine if the request is valid or worth doing. Even if ResNexus refused improvements, that does not grant ThinkReservations the right to gain access without permission to ResNexus.

A factually correct statement would be: "ThinkReservations never communicated to ResNexus any export improvement requests until the ThinkReservations hacking program could not be used. ResNexus has made improvements since its inception to its export capabilities when asked by its clients and competitors."

Misleading Statement #1: 
"...ResNexus settled the lawsuit after ThinkReservations filed a motion to dismiss the vast majority of ResNexus's claims."

ThinkReservations filed their first dismissal on October 14th, 2021. Some of their requests were denied by the judge, a few were accepted and some were deferred for a later time.

On March 29, 2023, ThinkReservations again filed a motion of summary judgment. This was after both parties were done waiting for months on the Washington Supreme Court to make a ruling on how the lawsuit should be conducted. In our opinion since it has been so long, over a year and a half, it makes legal sense to resubmit a motion for summary judgement.

On March 30th, they sent us the $400,000 settlement offer. If ThinkReservations' motion was so strong, why would they double their settlement the day after?

Motions for dismissal are very common in lawsuits and weren't a major factor in ResNexus' decision to settle.  

A factually correct statement would be: "ResNexus accepted a settlement on March 30th, 2023 which was 532 days after ThinkReservations filed its first motion to dismiss the vast majority of ResNexus' claims on October 14th, 2021."

When you put the number of days in context, it is our opinion that Richard Aday is being misleading with regards to this statement.

For the record, the motion to dismiss was not a major part of the settlement decision by ResNexus. It wasn't ResNexus' first lawsuit. Motions to dismiss are part of the process, and, from experience, normally thin the possible judgments by the court. For example, 6 down from 8. It was ResNexus' opinion that some if not all of the judgments would be accepted by the court. In addition, the court normally doesn't make a decision on motions to dismiss until after depositions; which was the next phase of the lawsuit.

ResNexus left the settlement amount out of this original press release because our focus was to bring to light what ThinkReservation had done and that they wouldn't stop until they were sued. We wanted to send a message to all of our competitors that gaining unauthorized access is not acceptable to us and at least one of them now has to pay $2,000,000 if they do so ever again.

What follows are the settlement details from ResNexus' perspective:

ThinkReservations was initially offered a settlement deal with two options:

1) $1,000,000 and ResNexus walked away silent. No apology required. ResNexus felt that was the true damage cost by ThinkReservations actions plus legal fees and payroll.

or

2) $500,000 plus a public apology that ThinkReservations actions lacked candor and gave them an unfair advantage. And the right for ResNexus to publish their side.

Richard Aday turned this down and responded with a $200,000 offer. As a "bonus," Richard would fly to ResNexus' offices to give a personal apology to CEO James Mayfield. That offended Mr. Mayfield, so ResNexus pushed forward with the lawsuit.

Later, Richard Aday upped the settlement amount to $400,000 and no public apology or admittance of wrongdoing. After the settlement was signed, ThinkReservations' lawyer emailed CEO James Mayfield and asked him not to do a press release. James Mayfield told the lawyer that he felt ResNexus needed to tell their side.

ThinkReservations has since sent a cease and desist letter demanding the removal of this press release because they claim it has damaged ThinkReservations and they allege that it contains falsehoods. Currently ResNexus has asked ThinkReservations to provide specifics on each part of the press release that they feel is false information.

At the same time, it is our opinion that Richard Aday now spreads false statements because "the truth" is too hard to face. See above for our responses to Richard's statements.

It is our opinion that ResNexus is the victim and that bringing "the truth" to light has brought natural consequences to ThinkReservations. ThinkReservations had a settlement option for no press release and no seeking damages from its clients. But they turned it down. It is our opinion that they felt that the community of business owners and general managers that make up the bed and breakfast industry would see it their way. From their cease and desist, this doesn't appear to be the case.

It is apparent that ThinkReservations does not like that the program they wrote to extract data from ResNexus be associated with the word "hacking" because it is a main focal point of their cease and desist.

It is ResNexus' opinion that the program they wrote is correctly classified as a "hacking program" because it behaved like a hacking program. Once hacking programs gain unauthorized access to a system, they try to extract data where they can, piece by piece.

ThinkReservations' hacking program went to specific pages within the ResNexus back office and gathered data. For example, to get all reservations, they first had to find the list of all reservations. Then they had the hacking program load each reservation page so they could extract any and all desired data. It is our opinion that this is the standard behavior of a hacking program and as such gives us the right to label ThinkReservations program as a "hacking program".

It is our opinion that during the lawsuit, ThinkReservations strategically was trying to pitch to ResNexus and the court that their program was a simple "scrapper". It is also our opinion that as ResNexus started to pitch to the lawyers and the court that their program should be considered "hacking" is when ThinkReservations raised their settlement amount. It is our opinion that being labeled as hackers was one of the reasons they decided to settle and why their lawyer didn't want ResNexus to publish a press release.