These Terms of Use (this “Agreement”) are a binding contract between you or the entity you represent (“Customer,” “you,” or “your”) and Civio Inc., a Delaware corporation (“Provider,” “we,” or “us”). This Agreement governs your access to and use of the Services. Services provided under this Agreement are for business or commercial, and not personal or consumer, use.

THIS AGREEMENT TAKES EFFECT AT THE EARLIEST OF WHEN YOU EXECUTE AN ORDER THAT INCORPORATES THIS AGREEMENT BY REFERENCE OR ACCESS OR USE THE SERVICES (the “Effective Date”). BY EXECUTING AN ORDER THAT INCORPORATES THIS AGREEMENT BY REFERENCE OR ACCESSING OR USING THE SERVICES YOU (A) ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTAND THIS AGREEMENT; (B) REPRESENT AND WARRANT THAT YOU HAVE THE RIGHT, POWER, AND AUTHORITY TO ENTER INTO THIS AGREEMENT AND IF ENTERING INTO THIS AGREEMENT FOR AN ENTITY, THAT YOU HAVE THE LEGAL AUTHORITY TO BIND THAT ENTITY; AND (C) ACCEPT THIS AGREEMENT ON YOUR BEHALF OR ON BEHALF OF THE ENTITY YOU REPRESENT IF YOU ARE ENTERING INTO THIS AGREEMENT FOR AN ENTITY AND AGREE THAT YOU OR SUCH ENTITY, AS APPLICABLE, ARE LEGALLY BOUND BY ITS TERMS.

IF YOU DO NOT ACCEPT THESE TERMS, YOU MAY NOT ACCESS OR USE THE SERVICES.

1. Definitions.

“Aggregated Statistics” has the meaning set out in Section 2(d).

“AI Customer Input” means information, data, materials, text, prompts, images, works, code, or other content that is input, entered, posted, uploaded, submitted, transferred, or otherwise transmitted by or on behalf of Customer or any other Authorized User through the Services.

“AI Customer Output” means information, data, materials, text, images, code, works, or other content generated by or otherwise output from the Services in response to an AI Customer Input.

“AI Technology” means any and all machine learning, deep learning, and other artificial intelligence technologies, including statistical learning algorithms, models (including large language models), neural networks, and other artificial intelligence tools or methodologies, all software implementations of any of the foregoing, and related hardware or equipment capable of generating various types of content (including text, images, video, audio, or computer code) based on user-supplied prompts.

“AUP” has the meaning set out in Section 3(a).

“Authorized User” means Customer and Customer’s employees, consultants, contractors, and agents (i) who are authorized by Customer to access and use

the Services under the rights granted to Customer under this Agreement and (ii) for whom access to the Services has been purchased hereunder.

“Confidential Information” has the meaning set out in Section 6.

“Customer Data” means information, data, and other content, in any form or medium, that is submitted, entered, posted, or otherwise transmitted by or on behalf of Customer or any other Authorized User through the Services, and any outputs based thereon or derived therefrom, including AI Customer Input and AI Customer Output.

Customer Data does not include Aggregated Statistics. “Feedback” has the meaning set out in Section 8(d). “Fees” has the meaning set out in Section 5.

“Losses” has the meaning set out in Section 10(a)(i).

“Order” means an ordering document or online order entered into between you and us that references this Agreement and describes the Services you are subscribing to.

“Personal Information” means information that: (a) identifies or can be used to identify an individual (including, without limitation, names, signatures, addresses, telephone numbers, email addresses, and other unique identifiers); or (b) can be used to authenticate an individual (including, without limitation, employee identification numbers, government-issued identification numbers, passwords or PINs, user identification and account access credentials or passwords, financial account numbers, credit report information, student information, biometric, health, genetic, medical, or medical insurance data, answers to security questions, an individual’s internet activity or similar interaction history, inferences drawn from other personal information to create consumer profiles, geolocation data, an individual’s commercial, employment, or education history, and other personal characteristics and identifiers. Customer’s business contact information is not by itself deemed to be Personal Information.

“Privacy Policy” has the meaning set out in Section 7.

“Process” means to take any action or perform any operation or set of operations that the Services are capable of taking or performing on any data, information, or other content. “Processing” and “Processed” have correlative meanings.

“Provider IP” means the Services, any documentation relating to the Services, and all intellectual property provided to Customer or any other Authorized User in connection with the foregoing. For the avoidance of doubt, Provider IP includes Aggregated Statistics and any information, data, or other content derived from Provider’s monitoring of Customer’s access to or use of the Services, but does not include Customer Data. Provider IP includes all modifications, enhancements, refinements, adaptations, customizations, improvements, and derivative works of the Services.

“Services” means the services provided by Provider under this Agreement that are reflected in the Order.

“Service Levels” has the meaning set out in Section 4. “Service Suspension” has the meaning set out in Section 2(f). “Term” has the meaning set out in Section 12(a).

“Third-Party Claim” has the meaning set out in Section 10(a)(i).

“Third-Party Products” means any products, technology, content, data, services, information, websites, or other materials that are owned by third parties and are included in, incorporated into, or accessible through the Services, including any third-party AI Technology.

“Training Data” means any and all information, data, materials, text, prompts, images, code, and other content that is used to train, validate, test, retrain, or improve any AI Technology incorporated into or used with, in connection with, or in support of, the Services.

2. Access and Use.

1. Provision of Access. Subject to and conditioned on your payment of Fees and compliance with all other terms and conditions of this Agreement, Provider hereby grants you a non-exclusive, non-transferable right to access and use the Services during the Term, solely for your internal business operations by Authorized Users under these terms and conditions. Provider shall provide you the necessary passwords and access credentials to allow you access to the Services.

2. Documentation License. Subject to the terms and conditions contained in this Agreement, Provider hereby grants you a non-exclusive, non-sublicensable, non-transferable license for Authorized Users to use the Documentation during the Term solely for your internal business purposes in connection with use of the Services.

3. Use Restrictions. You shall not use the Services for any purposes beyond the scope of the access granted in this Agreement. You shall not at any time, directly or indirectly, and shall not permit any Authorized Users to: (i) copy, modify, or create derivative works of the Services or Documentation, in whole or in part; (ii) rent, lease, lend, sell, license, sublicense, assign, distribute, publish, transfer, or otherwise make available the Services or Documentation; (iii) reverse engineer, disassemble, decompile, decode, or duplicate the Services, reproduce Training Data other than Customer Data, engage in model extraction, or otherwise attempt to derive or gain access to any source code, algorithm, model, model weights and parameters, or other underlying AI Technology or component of the Services, in whole or in part; (iv) access or use the Services or any AI Customer Output to develop, train, or improve any other AI Technology; (v) use web scraping, web harvesting, web data extraction or any other method to extract data from the Services or any AI Customer Output; (vi) remove any proprietary notices from the Services; (vii) use the Services to create or generate AI

Customer Output, or use AI Customer Output in a manner, that you know or should know infringes, misappropriates, or otherwise violates any intellectual property right or other right of any person, or that violates any applicable law, regulation, or rule; or (viii) submit, enter, post, or otherwise transmit or Process any Personal Information through the Services.

4. Aggregated Statistics. Notwithstanding anything to the contrary in this Agreement, Provider may monitor Customer’s use of the Services and collect and compile data and information related to Customer’s use of the Services to be used by Provider in an aggregated and anonymized manner, including to compile statistical and performance information related to the provision and operation of the Services (“Aggregated Statistics”). As between Provider and Customer, all right, title, and interest in Aggregated Statistics, and all intellectual property rights therein, belong to and are retained solely by Provider. You agree that Provider may use and make publicly available Aggregated Statistics to the extent and in the manner permitted under applicable law; provided that such Aggregated Statistics do not identify Customer or Customer’s Confidential Information.

5. Reservation of Rights. Provider reserves all rights not expressly granted to Customer in this Agreement. Except for the limited rights and licenses expressly granted under this Agreement, nothing in this Agreement grants, by implication, waiver, estoppel, or otherwise, to Customer or any third party, any intellectual property rights or other right, title, or interest in or to the Provider IP or Third-Party Products.

6. Suspension. Notwithstanding anything to the contrary in this Agreement, Provider may temporarily suspend Customer’s and any other Authorized User’s access to any portion or all of the Services if: (i) Provider reasonably determines that (A) there is a threat or attack on any of the Provider IP; (B) Customer’s or any other Authorized User’s use of the Provider IP disrupts or poses a security risk to the Provider IP, to Provider, or to any other customer or vendor of Provider; (C) Customer or any other Authorized User is using the Provider IP for fraudulent or illegal activities; (D) subject to applicable law, Customer has ceased to continue its business in the ordinary course, made an assignment for the benefit of creditors or similar disposition of its assets, or become the subject of any bankruptcy, reorganization, liquidation, dissolution, or similar proceeding; (E) Provider’s provision of the Services to Customer or any other Authorized User is prohibited by applicable law; or (F) Customer is using the Services in material violation of Section 2(c) or the AUP; (ii) any vendor of Provider has suspended or terminated Provider’s access to or use of any third-party services or products required to enable Customer to access and use the Services; or (iii) in accordance with Section 5 (any such suspension described in subclause (i), (ii), or (iii), a “Service Suspension”). Provider shall use commercially reasonable efforts to provide written notice of any Service Suspension to Customer and to provide updates regarding resumption of access to the Services following any Service Suspension. Provider shall use commercially reasonable efforts to resume providing access to the Services as soon as reasonably possible after the event giving rise to the Services Suspension is cured. Provider will have no liability for any damage, liabilities, losses (including any loss of data or profits), or any other consequences that Customer or any other Authorized User may incur as a result of a Service Suspension.
   
   

3. Customer Responsibilities.

1. Acceptable Use Policy; Provider Policies. The Services may not be used for unlawful, fraudulent, offensive, or obscene activity, as further described and set out in Provider’s acceptable use policy (“AUP”) attached hereto as Exhibit A, which is hereby incorporated herein by reference. You shall comply with all terms and conditions of this Agreement, all applicable laws, rules, and regulations, and all guidelines, standards, requirements, and policies that may be posted on https://www.civio.ai/ from time to time, which are hereby incorporated herein by reference, including the AUP.

2. Account Use. You are responsible and liable for all uses of the Services and Documentation resulting from access provided by you, directly or indirectly, whether that access or use is permitted by or in violation of this Agreement. Without limiting the generality of the foregoing, you are responsible for all acts and omissions of Authorized Users, and any act or omission by an Authorized User that would constitute a breach of this Agreement if taken by you will be deemed a breach of this Agreement by you. You shall use reasonable efforts to make all Authorized Users aware of this Agreement’s provisions as applicable to such Authorized User’s use of the Services and shall cause Authorized Users to comply with such provisions.

3. Use of AI Customer Output. You are solely responsible for (i) evaluating (including by human review) AI Customer Output for accuracy, completeness, and other factors relevant to your use before using, distributing, or relying on the AI Customer Output and (ii) your decisions, actions, and omissions in reliance or based on the AI Customer Output.

4. Passwords and Access Credentials. You are responsible for keeping your passwords and access credentials associated with the Services confidential. You shall not sell or transfer them to any other person or entity. You shall promptly notify us about any unauthorized access to your passwords or access credentials.

5. Third-Party Products. The Services may permit access to Third-Party Products. For purposes of this Agreement, these Third-Party Products are subject to their own terms and conditions which may be presented to you for acceptance by website link or otherwise. The Services may also include or incorporate Third-Party Products licensed or provided by third parties that require us to pass through additional terms to you. You shall comply with all such applicable pass-through terms as made available at https://www.civio.ai/, through the Documentation, or otherwise, as such terms may be updated, modified, or added from time to time. We may add or remove Third-Party Products from time to time. If you do not agree to abide by the applicable terms for any Third-Party Products, then you should not install, access, or use these Third-Party Products or any Services that include or incorporate these Third-Party Products.

4. Service Levels and Support.

Subject to the terms and conditions of this Agreement, Provider shall use commercially reasonable efforts to make the Services available, and provide the support services, in accordance with its Service Levels and Support Policy attached hereto as Exhibit B, which is hereby incorporated by reference.

5. Fees and Payment.

Customer shall pay Provider the fees as described on the Order (“Fees”) within thirty (30) days from the invoice date without offset or deduction. Customer shall make all payments hereunder in US dollars on or before the due date. If Customer fails to make any payment when due, without limiting Provider’s other rights and remedies: (i) Provider may charge interest on the past due amount at the rate of 1.5% per month calculated daily and compounded monthly or, if lower, the highest rate permitted under applicable law; (ii) Customer shall reimburse Provider for all reasonable costs incurred by Provider in collecting any late payments or interest, including attorneys’ fees, court costs, and collection agency fees; and (iii) if the failure continues for five (5) days or more, Provider may suspend, under Section 2(f), Customer’s and all other Authorized Users’ access to any portion or all of the Services until such amounts are paid in full. All Fees and other amounts payable by Customer under this Agreement are exclusive of taxes and similar assessments. Customer is responsible for all sales, use, and excise taxes, and any other similar taxes, duties, and charges of any kind imposed by any federal, state, or local governmental or regulatory authority on any amounts payable by Customer hereunder, other than any taxes imposed on Provider’s income.

6. Confidential Information.

From time to time during the Term, Provider and Customer may disclose or make available to the other party information about its business affairs, products, confidential intellectual property, trade secrets, third-party confidential information, and other sensitive or proprietary information, whether orally or in written, electronic, or other form or media and whether or not marked, designated, or otherwise identified as “confidential” at the time of disclosure (collectively, “Confidential Information”). Without limiting the foregoing, Provider IP is Provider’s Confidential Information and Customer Data is Customer’s Confidential Information. Confidential Information does not include information that, at the time of disclosure is: (a) in the public domain; (b) known to the receiving party; (c) rightfully obtained by the receiving party on a non-confidential basis from a third party; or (d) independently developed by the receiving party. The receiving party shall not disclose the disclosing party’s Confidential Information to any person or entity, except to the receiving party’s employees, agents, or subcontractors who have a need to know the Confidential Information for the receiving party to exercise its rights or perform its obligations hereunder and who are required to protect the Confidential Information in a manner no less stringent than required under this Agreement. Notwithstanding the foregoing, each party may disclose Confidential Information to the limited extent required (i) to comply with the order of a court or other governmental body, or as otherwise necessary to comply with applicable law, provided that the party making the disclosure pursuant to the order shall first have given written notice to the other party and made a reasonable effort to obtain a protective order; or (ii) to establish a party’s rights under this Agreement, including to make required court filings. Each party’s obligations of non-disclosure regarding Confidential Information are effective as of the date the Confidential Information is first disclosed to the receiving party and will expire five years thereafter; provided, however, for any Confidential Information that constitutes a trade secret (as determined under applicable law), those obligations of non-disclosure will survive the termination or expiration of this Agreement for as long as the Confidential Information remains subject to trade secret protection under applicable law.

7. Privacy Policy.

Provider complies with its privacy policy, available at https://www.civio.ai/privacy-policy (“Privacy Policy”), in providing the Services. The Privacy Policy is subject to change as described therein. By accessing, using, and providing information to or through the Services, you acknowledge that you have reviewed and accepted our Privacy

Policy, and you consent to all actions taken by us with respect to your information in compliance with the then-current version of our Privacy Policy.

8. Intellectual Property Ownership; Feedback.

1. Provider IP. Customer acknowledges that, as between Customer and Provider, Provider owns all right, title, and interest, including all intellectual property rights, in and to the Provider IP and, for Third-Party Products, the applicable third-party providers own all right, title, and interest, including all intellectual property rights, in and to the Third-Party Products.

2. Customer Data. Provider acknowledges that, as between Provider and Customer, Customer owns all right, title, and interest, including all intellectual property rights, in and to the Customer Data, subject to the license granted herein. Customer hereby grants to Provider a non-exclusive, royalty-free, worldwide license to (i) reproduce, distribute, and otherwise use and display the Customer Data and Process the Customer Data as may be necessary for Provider to provide the Services to Customer and

(ii) use, modify, and adapt only aggregated and anonymized AI Customer Input and AI Customer Output to train, develop, adapt, modify, enhance, or improve the Services. Notwithstanding anything in this Agreement to the contrary, unless prohibited by applicable law, we may delete Customer Data at any time if we determine that Customer Data violates the terms of this Agreement or that deletion is necessary to comply with applicable law.

3. Feedback. If you or any other Authorized User sends or transmits any communications or materials to us by mail, email, telephone, or otherwise, suggesting or recommending changes to the Services, including without limitation, new features or functionality relating thereto, or any comments, questions, suggestions, or the like (“Feedback”), we are free to use that Feedback. All Feedback is and will be treated as non-confidential. You hereby assign to us on your behalf, and shall cause your Authorized Users to assign to us, all right, title, and interest in, and we are free to use, without any attribution or compensation to you or any third party, any ideas, know-how, concepts, techniques, or other intellectual property rights contained in the Feedback, for any purpose whatsoever, although we are have no obligation to acknowledge receipt of or use any Feedback.
   
   

9. Limited Warranty and Warranty Disclaimer.

1. Limited Provider Warranty. Provider warrants that the Services will conform in all material respects to the documentation provided to Customer regarding the Services when accessed and used by Customer in accordance with this Agreement. Your sole remedy and Provider’s sole liability for breach of the foregoing warranty is for Provider to use reasonable efforts to correct the Services to conform to the Documentation. Provider does not make any representations or guarantees regarding uptime or availability of the Services unless specifically identified in the Service Levels. The remedies set out in the Service Levels are Customer’s sole remedies and Provider’s sole liability for failure of the Services to meet the Service Levels. THE FOREGOING WARRANTY DOES NOT APPLY, AND PROVIDER STRICTLY DISCLAIMS ALL WARRANTIES, WITH RESPECT TO ANY THIRD-PARTY PRODUCTS.
   
   

2. Customer Warranty. You represent, warrant, and covenant that (i) you own or otherwise have and will have all necessary rights, permissions, and consents in and relating to the Customer Data (other than AI Customer Output) so that, as received by Provider and Processed in accordance with this Agreement, it does not and will not infringe, misappropriate, or otherwise violate any intellectual property rights of any third party or violate any applicable law, and (ii) no Customer Data (other than AI Customer Output) contains or will contain any Personal Information.
   
   

3. EXCEPT FOR THE LIMITED WARRANTY SET OUT IN Section 9(a), THE SERVICES AND AI CUSTOMER OUTPUT ARE PROVIDED “AS IS” AND PROVIDER SPECIFICALLY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. PROVIDER SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE. PROVIDER MAKES NO WARRANTY OF ANY KIND THAT THE SERVICES, OR ANY PRODUCTS OR RESULTS OF THE USE THEREOF, INCLUDING ANY AI OUTPUTS, WILL MEET YOUR OR ANY OTHER PERSON’S OR ENTITY’S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY OF YOUR OR ANY THIRD PARTY’S SOFTWARE, SYSTEM, OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE, OR ERROR-FREE, OR THAT ANY ERRORS OR DEFECTS CAN OR WILL BE CORRECTED. YOU ACKNOWLEDGE THAT, GIVEN THE NATURE OF THE SERVICES AND AI TECHNOLOGY, AI CUSTOMER OUTPUT (I) MAY BE INACCURATE,(II) MAY BE THE SAME AS OR SIMILAR TO OUTPUT THE SERVICES GENERATE FOR OTHER CUSTOMERS, (III) MAY NOT QUALIFY FOR INTELLECTUAL PROPERTY PROTECTION, AND (IV) MAY BE SUBJECT TO THIRD PARTY TERMS, INCLUDING, AS APPLICABLE, OPEN SOURCE LICENSES.
   
   

10. Indemnification.

1. Provider Indemnification.

   1. Provider shall indemnify, defend, and hold Customer harmless from and against any and all losses, damages, liabilities, deficiencies, claims, actions, judgments, settlements, interest, awards, penalties, fines, costs, or expenses of whatever kind, including reasonable attorneys’ fees (“Losses”), incurred by Customer resulting from any third-party claim, suit, action, or proceeding (“Third-Party Claim”) that the Services, or Customer’s or any Authorized User’s use thereof in accordance with this Agreement, infringes or misappropriates such third party’s US intellectual property rights, provided that Customer promptly notifies Provider in writing of the Third-Party Claim, cooperates with Provider, and allows Provider sole authority to control the defense and settlement of such Third-Party Claim.

   2. If such a Third-Party Claim is made or Provider reasonably anticipates such a Third-Party Claim will be made, Customer agrees to permit

Provider, at Provider’s sole discretion, to (A) modify or replace the Services, or component or part thereof, to make it non-infringing, or (B) obtain the right for Customer to continue use. If Provider determines that neither alternative is reasonably available, Provider may terminate this Agreement, in its entirety or with respect to the affected component or part, effective immediately on written notice to Customer.

3. This Section 10(a) will not apply to the extent that any such Third-Party Claim arises from (A) Customer’s or any other Authorized User’s use of the Services in combination with any products, services, or software not provided by Provider; (B) modifications to the Services or AI Customer Output other than by Provider; (C) AI Customer Input; (D) Third-Party Products; (E) Customer’s disablement or circumvention of any applicable source citation, filtering, or safety tools or functions of the Services; or (F) your material violation of Section 2(c) or the AUP or applicable laws.

2. Customer Indemnification. Customer shall indemnify, hold harmless, and, at Provider’s option, defend Provider and its officers, directors, employees, agents, affiliates, successors, and assigns from and against any and all Losses arising from or relating to any Third-Party Claim (i) that the AI Customer Input or other Customer Data other than AI Customer Output, or Processing or any other use thereof in accordance with this Agreement, infringes or misappropriates such third party’s US intellectual property rights; or (ii) based on Customer’s or any Authorized User’s negligence or willful misconduct or use of the Services in material violation of the terms of Section 2(c) or the AUP or applicable laws; provided that Customer may not settle any Third-Party Claim against Provider unless Provider consents to such settlement, and further provided that Provider will have the right, at its option, to defend itself against any such Third-Party Claim or to participate in the defense thereof by counsel of its own choice.

3. Sole Remedy. THIS SECTION 10 SETS OUT CUSTOMER’S SOLE REMEDIES AND PROVIDER’S SOLE LIABILITY AND OBLIGATION FOR ANY ACTUAL, THREATENED, OR ALLEGED CLAIMS THAT THE SERVICES INFRINGE, MISAPPROPRIATE, OR OTHERWISE VIOLATE ANY INTELLECTUAL PROPERTY RIGHTS OF ANY THIRD PARTY.
   
   

11. Limitations of Liability.

EXCEPT AS PROHIBITED BY LAW, IN NO EVENT WILL PROVIDER BE LIABLE UNDER OR IN CONNECTION WITH THIS AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR OTHERWISE, FOR ANY:

(a) CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, ENHANCED, OR PUNITIVE DAMAGES; (b) INCREASED COSTS, DIMINUTION IN VALUE OR LOST BUSINESS, PRODUCTION, REVENUES, OR PROFITS; (c) LOSS OF GOODWILL OR REPUTATION; (d) USE, INABILITY TO USE, LOSS, INTERRUPTION, DELAY OR RECOVERY OF ANY DATA, OR BREACH OF DATA OR SYSTEM SECURITY; OR (e) COST OF REPLACEMENT GOODS OR SERVICES, IN EACH CASE REGARDLESS OF WHETHER PROVIDER WAS ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE. EXCEPT AS PROHIBITED BY LAW, IN NO EVENT WILL PROVIDER’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT UNDER ANY

LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR OTHERWISE EXCEED THE TOTAL AMOUNTS PAID TO PROVIDER UNDER THIS AGREEMENT IN THE TWELVE

(12) MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

12. Term and Termination.

1. Term. The term of this Agreement begins on the Effective Date and continues for the period set out in the Order (the “Term”). Services that are specified in the Order to automatically renew will renew for additional successive one-year terms unless earlier terminated pursuant to this Agreement’s express provisions or either party gives the other party written notice of non-renewal at least thirty (30) days prior to the expiration of the then-current services period.

2. Termination. In addition to any other express termination right set out in this Agreement:

   1. Either party may terminate this Agreement, effective on written notice to the other party, if the other party materially breaches this Agreement, and such breach: (A) is incapable of cure; or (B) being capable of cure, remains uncured 30 days after the non-breaching party provides the breaching party with written notice of such breach.

   2. Either party may terminate this Agreement, effective immediately upon written notice to the other party, if the other party: (A) becomes insolvent or is generally unable to pay, or fails to pay, its debts as they become due; (B) files, or has filed against it, a petition for voluntary or involuntary bankruptcy or otherwise becomes subject, voluntarily or involuntarily, to any proceeding under any domestic or foreign bankruptcy or insolvency law; (C) makes or seeks to make a general assignment for the benefit of its creditors; or (D) applies for or has appointed a receiver, trustee, custodian, or similar agent appointed by order of any court of competent jurisdiction to take charge of or sell any material portion of its property or business.

3. Effect of Expiration or Termination. Upon expiration or termination of this Agreement, Customer shall immediately discontinue use of the Provider IP. No expiration or termination of this Agreement will affect Customer’s obligation to pay all Fees that may have become due before that expiration or termination, or entitle Customer to any refund. Provider may retain Customer Data (including backups and system logs) for up to 180 days following termination of this Agreement for the purpose of audit, dispute resolution, legal compliance, or ensuring orderly shutdown. During such period, Customer Data will remain subject to the confidentiality and security obligations of this Agreement.

4. Survival. This Section 12(d), Sections 5, 6, 8, 10, 11, 14, 15, and 17, and any right, obligation, or required performance of the parties in this Agreement which, by its express terms or nature and context is intended to survive termination or expiration of this Agreement, will survive termination or expiration.
   
   

13. Modifications.

You acknowledge and agree that we have the right, in our sole discretion, to modify this Agreement from time to time, and that modified terms become effective on posting. You will be notified of modifications through direct email communication from us. You are responsible for reviewing and becoming familiar with any modifications. Your continued use of the Services after the effective date of the modifications will be deemed acceptance of the modified terms.

14. Export Regulation.

The Services utilize software and technology that may be subject to US export control laws, including the US Export Administration Act and its associated regulations. You shall not, directly or indirectly, export, re-export, or release the Services or the software or technology included in the Services to, or make the Services or the software or technology included in the Services accessible from, any jurisdiction or country to which export, re-export, or release is prohibited by law, regulation, or rule. You shall comply with all applicable federal laws, regulations, and rules, and complete all required undertakings (including obtaining any necessary export license or other governmental approval), prior to exporting, re-exporting, releasing, or otherwise making the Services or the software or technology included in the Services available outside the US.

15. Governing Law and Jurisdiction.

This agreement is governed by and construed in accordance with the internal laws of the State of California without giving effect to any choice or conflict of law provision or rule that would require or permit the application of the laws of any jurisdiction other than those of the State of California.

16. Data Security Policy.

The parties shall adhere to the Data Security Policy attached hereto as Exhibit C and incorporated herein by reference.

17. Miscellaneous.

This Agreement, including the Order, constitutes the entire agreement and understanding between the parties hereto with respect to the subject matter hereof and supersedes all prior and contemporaneous understandings, agreements, representations, and warranties, both written and oral, with respect to such subject matter. In the event of any inconsistency between this Agreement and the Order, the Order controls. Any notices to us must be sent to info@civio.ai or our corporate headquarters address available at https://www.civio.ai/ and must be delivered either in person, by email, certified or registered mail, return receipt requested and postage prepaid, or by recognized overnight courier service, and are deemed given upon receipt by us. Notwithstanding the foregoing, you hereby consent to receiving electronic communications from us. These electronic communications may include notices about applicable fees and charges, transactional information, and other information concerning or related to the Services. You agree that any notices, agreements, disclosures, or other communications that we send to you electronically will satisfy any legal communication requirements, including that such communications be in writing. The invalidity, illegality, or unenforceability of any provision herein does not affect any other provision herein or the validity, legality, or enforceability of such provision in any other jurisdiction. Any failure to act by us with respect to a breach of this Agreement by you or others does not constitute a waiver and will not limit our rights with respect to such breach or any subsequent breaches. This Agreement is personal to you and may not be assigned or transferred for any reason whatsoever without our prior written consent and any action or conduct in violation of the foregoing will be void and without effect. We expressly reserve the right to assign this Agreement and to delegate any of its obligations hereunder.

Introduction

Exhibit A

Acceptable Use Policy

This Acceptable Use Policy (“AUP”) applies to Customers’ and their Authorized Users’ use of the Services. Capitalized terms used but not defined in this AUP have the meaning set out in the Terms of Use (“Agreement”). Specific terms in this AUP do not limit more general terms in this AUP.

Prohibited Uses

You may use the Services only for lawful purposes and in accordance with this AUP and the Agreement. You will not use the Services or any AI Customer Output:

• In any way that violates, or promotes, facilitates, or contributes to violation of, any applicable federal, state, local, or international law, ordinance, or regulation (collectively, “Laws”).

• In any way that is inconsistent with this AUP, including to submit AI Customer Input or generate AI Customer Output prohibited in the Content Standards section of this AUP.

• To build or develop any AI Technology in contravention of, or for use in any manner inconsistent with, this AUP.

• To deceive, defraud, mislead, misinform, or disinform others, including to:

  • impersonate any person;

  • represent, or otherwise deceive or mislead others to think, that AI Customer Outputs are human-generated;

  • engage in academic dishonesty or plagiarism;

  • distribute “spam”; or

  • distribute or promote misinformation or disinformation.

• To engage in, promote, facilitate, incite, or contribute to harassment, discrimination, violence, terrorism, abuse, bullying, threats, intimidation, or hateful behavior, content, or speech.

• In any way that discriminates against, or unlawfully treats differentially or unfavorably, any individual or group in the provision or denial of education, employment, employment benefits, credit, healthcare, housing, insurance, other economic benefits, or other essential goods and services on the basis of age, color, disability, ethnicity, genetic information, language, national origin, race, religion, reproductive health, sex, veteran status, or other classification protected by Law.

• In any way that you know or should know infringes or is likely to infringe any patent, trademark, trade secret, copyright, or other intellectual property or other rights of any person.

• In any way that compromises or violates the legal rights (including the rights of publicity and privacy) of any person, including by:

  • accessing, collecting, soliciting, processing, disclosing, or sharing Personal Information in any manner that does not strictly comply with Laws and any disclosures;

  • conducting unlawful monitoring, tracking, or surveillance of individuals; or

  • using or distributing digital replicas in any manner that does not strictly comply with Laws, including, without limitation, all disclosure, consent, and authorization requirements imposed by Laws.

• For automated decision making, except for business process automation and commercial use cases that do not violate Laws.

• To generate or provide professional advice to end customers.

• To develop, use, operate, produce, market, exchange, or distribute weapons, explosives, or any dangerous, illegal, regulated, or controlled substances, products, or materials.

• For operation or support of, or disruption of or interference with, critical infrastructure, applications, or services, such as electrical, water, gas, and nuclear systems and facilities, road and air traffic control systems, emergency services, and telecommunications.

• To deploy techniques that may materially distort an individual or group’s behavior by impairing their ability to make an informed decision in a way that causes or is reasonably likely to cause significant harm.

• To exploit the vulnerabilities of an individual or group due to their age, disability, or a specific social or economic situation, with the objective, or the effect, of materially distorting their behavior in a manner that causes or is reasonably likely to cause significant harm.

• For social scoring systems based on social behavior or known, inferred, or predicted personality characteristics that cause detrimental or unfavorable treatment that is disproportionate or used in a context unrelated to the context in which the data was originally collected.

• For risk-assessment systems that assess the risk of an individual to commit a crime or re-offend (except in support of a human assessment based on verifiable facts).

• For indiscriminate or untargeted web-scraping for the purposes of creating or enhancing facial recognition databases.

• To categorize individuals or groups based on biometric data or infer characteristics about them such as race, political opinions, religion, or sexual orientation.

• For real-time, remote biometric identification of individuals in publicly accessible spaces for the purpose of law enforcement.

Additionally, you will not:

• Attempt to gain unauthorized access to, interfere with, damage, or disrupt any parts of the Services or any connected or related computer, software, firmware, hardware, device, data, database, system, or network.

• Violate, attempt to violate, or knowingly facilitate the violation of the security, integrity, or availability of the Services or any connected or related computer, software, firmware, hardware, device, data, database, system, or network.

• Introduce or distribute to the Services or use the Services to introduce or distribute any viruses, trojan horses, backdoors, malware, worms, logic bombs, malicious code, or other software, device, technology, or material that is malicious or technologically harmful.

• Circumvent or interfere with features, functionality, filters, or safeguards of the Services that are intended to limit or mitigate violations of Laws or this AUP or other harms resulting from use of the Services.

• Prompt the Services to perform in a way that violates this AUP, the Agreement, or any Law.

• Otherwise attempt to interfere with the proper working of the Services.

Content Restrictions and Standards

You will not use the Services to submit, upload, or input any AI Customer Input, or generate or produce any AI Customer Output, that:

• Violates Laws or promotes or facilitates any activity that violates Laws.

• Is inconsistent with this AUP, including the Prohibited Uses section of this AUP.

• Promotes, describes, or depicts exploitation, abuse, or harm to a child, including:

  • child sexual abuse material; and

  • content impersonating or intended to impersonate a child.

• Is sexually explicit, obscene, indecent, or pornographic, including deepfake nudity and pornography.

• Is deceptive, fraudulent, misleading, or otherwise intended or likely to misinform or disinform others, unless such AI Customer Output contains appropriate disclaimers as required by Laws.

• Includes, describes, or promotes harassment, discrimination, violence, terrorism, abuse, bullying, threats, intimidation, or hateful behavior, content, or speech.

• You know or should know infringes or is likely to infringe any patent, trademark, trade secret, copyright, or other intellectual property or other rights of any person.

• Violates the legal rights (including the rights of publicity and privacy) of any person or contains any material that could give rise to any civil or criminal liability under Law, including, without limitation, digital replicas created or generated in any manner that does not strictly comply with Laws and all consent and authorization requirements imposed by Laws.

• Impersonates any person without authorization, consent, and legal right, or misrepresents your identity or affiliation with any person.

• Gives the impression that it emanates from or is endorsed by us or any person, if this is not the case.

• Includes any viruses, trojan horses, backdoors, malware, worms, logic bombs, malicious code, or other technology or material which is malicious or technologically harmful.

Disclosures and Consents

• You agree to disclose your use of the Services and obtain consent to use the Services as required by, and in accordance with, Laws, when providing the Services to end users or the public.

Monitoring and Enforcement

We may monitor your use of the Services to evaluate your compliance with this AUP and to investigate any suspected or reported violation by you or your Authorized Users. Any violation of this AUP by you or your Authorized Users constitutes a material breach of the Agreement. In addition to our rights under the Agreement, if we, in our sole discretion determine that you have violated this AUP, we may:

• Terminate or suspend your access to all or part of the Services.

• Take appropriate legal action, including without limitation, referral to law enforcement or any authority, for any illegal or unauthorized use of the Services.

• Report any violations of this AUP relating to exploitation or abuse of children, including child sexual abuse material, to the National Center of Missing & Exploited Children (NCMEC) and other relevant authorities and organizations.

Without limiting the foregoing, we have the right to fully cooperate with any law enforcement authorities or court order requesting or directing us to disclose the identity or other information of anyone who accesses or uses the Services. YOU WAIVE AND HOLD HARMLESS PROVIDER AND ITS AFFILIATES, LICENSEES AND SERVICE PROVIDERS FROM ANY CLAIMS RESULTING FROM ANY ACTION TAKEN BY ANY OF THE FOREGOING PARTIES DURING, OR TAKEN AS A CONSEQUENCE OF, INVESTIGATIONS BY EITHER SUCH PARTIES OR LAW ENFORCEMENT OR OTHER AUTHORITIES.

Exhibit B

Service Levels and Support Policy

1. Introduction.

This Service Levels and Support Policy (“Service Policy”) applies to Customers’ and their Authorized Users’ use of the Services. Capitalized terms used but not defined in this Service Policy have the meaning set out in the Terms of Use (“Agreement”). Specific terms in this Service Policy do not limit more general terms in this Service Policy.

2. Service Levels.

Subject to the terms and conditions of the applicable Order and the Agreement, Provider will use commercially reasonable efforts to make the Services Available at least ninety-nine and one half percent (99.5%) of the time as measured over the course of each calendar month during the Term (each such calendar month, a “Service Period”), excluding unavailability as a result of any of the Exceptions described below (the “Availability Requirement”). “Service Level Failure” means a material failure of the Services to meet the Availability Requirement. “Available” means the Services are available for access and use by Customer and its Authorized Users over the internet and operating in material accordance with the applicable Order and the Agreement. For purposes of calculating the Availability

Requirement, the following are “Exceptions” to the Availability Requirement, and neither the Services will be considered un-Available nor any Service Level Failure be deemed to occur in connection with any failure to meet the Availability Requirement or impaired ability of Customer or its Authorized Users to access or use the Services that is due, in whole or in part, to any: (a) act or omission by Customer or any Authorized User/access to or use of the Services by Customer or any Authorized User, or using Customer’s or an Authorized User’s Access Credentials, that does not strictly comply with the applicable Order and the Agreement; (b) Customer's delay in performing, or failure to perform, any of its obligations under the applicable Order and the Agreement; (c) Customer’s or its Authorized User’s internet connectivity; (d) a Force Majeure Event; (e) failure, interruption, outage, or other problem with any software, hardware, system, network, facility, or other matter not supplied by Provider pursuant to the applicable Order and the Agreement; (f) Scheduled Downtime; or (g) disabling, suspension, or termination of the Services pursuant to Section 2(f) of the Agreement. “Force Majeure Event” shall mean any circumstances beyond Provider’s reasonable control, including (i) acts of God;

(ii) flood, fire, earthquake, epidemics, or explosion; (iii) war, invasion, hostilities (whether war is declared or not), terrorist threats or acts, riot or other civil unrest; (iv) government order, law, or actions; (v) embargoes or blockades in effect on or after the date of this Agreement; (vi) national or regional emergency; and (vii) strikes, labor stoppages or slowdowns, or other industrial disturbances.

3. Service Level Failures and Remedies.

In the event of a Service Level Failure, Provider shall issue a credit to Customer in the amount of five percent (5%) of the monthly Fees for the Services due for the Service Period the Service Level Failure occurred (each a “Service Credit”), subject to the following:

1. Provider has no obligation to issue any Service Credit unless: (i) Customer reports the Service Failure to Provider immediately on becoming aware of it; and (ii) requests such Service Credit in writing within 30 days of the Service Level Failure; and
   
   

2. in no event will a Service Level Credit for any Service Period exceed 20 percent of the total Fees that would be payable for that Service Period if no Service Level Failure had occurred.

Any Service Credit payable to Customer under the applicable Order and the Agreement will be issued to Customer within 30 days following the Service Period in which the Service Level Failure occurred. This Section 3 sets forth Provider’s sole obligation and liability and Customer’s sole remedy for any Service Level Failure.

4. Scheduled Downtime.

Provider will use commercially reasonable efforts to: (a) schedule downtime for routine maintenance of the Services between the hours of 9 p.m. and 5 a.m. Pacific Time; and (b) give Customer at least 48 hours prior notice of all scheduled outages of the Services (“Scheduled Downtime”).

5. Service Support.

The Services include Provider’s standard online customer support services. Customer may request support services by contacting support @civio.ai. Provider does not guarantee service response times, except that Provider shall respond to any request for support services no later than the end of the next business day following its receipt of a request from Customer.

6. Data Backup.

The Services do not replace the need for Customer to maintain regular data backups or redundant data archives. PROVIDER HAS NO OBLIGATION OR LIABILITY FOR ANY LOSS, ALTERATION, DESTRUCTION, DAMAGE, CORRUPTION, OR RECOVERY OF CUSTOMER DATA.

Exhibit C

Data Security Policy

7. Introduction.

This Data Security Policy (“Data Security Policy”) applies to Customers’ and their Authorized Users’ use of the Services. Capitalized terms used but not defined in this Data Security Policy have the meaning set out in the Terms of Use (“Agreement”). Specific terms in this Data Security Policy do not limit more general terms in this Data Security Policy.

8. Information Security.

   1. Provider will comply with applicable laws and regulations in its creation, collection, receipt, access, use, storage, disposal, and disclosure of Customer Data.

   2. Provider will employ reasonable security measures in accordance with Provider’s data privacy and security policy as amended from time to time located at https://www.civio.ai/privacy-policy.
      
      

9. Data Breach Procedures.

   1. Provider will notify Customer of any unauthorized access to or disclosure or acquisition of Customer Data (a “Data Breach”) as soon as reasonably practicable after Provider becomes aware of it.

   2. Immediately following Provider’s notification to Customer of a Data Breach, the parties will coordinate with each other, as necessary, to investigate the Data Breach.
      
      

10. Customer Control and Responsibility.

Customer has and will retain sole responsibility for: (a) all Customer Data, including its content and use; (b) all information, instructions, and materials provided by or on behalf of Customer or any Authorized User in connection with the Services; (c) Customer’s Systems; (d) the security and use of Customer’s and its Authorized Users’ access credentials; and (e) all access to and use of the Services and Provider Materials directly or indirectly by or through the Customer Systems or its or its

Authorized Users’ access credentials, with or without Customer’s knowledge or consent, including all results obtained from, and all conclusions, decisions, and actions based on, such access or use. “Provider Materials” means the Services, Documentation, the Order, and

Provider’s Systems and any and all other information, data, documents, materials, works, and other content, devices, methods, processes, hardware, software, and other technologies and inventions, including any deliverables, technical or functional descriptions, requirements, plans, or reports, that are provided or used by Provider or any of it’s subcontractors in connection with the Services or otherwise comprise or relate to the Services or Provider’s Systems. For the avoidance of doubt, Provider Materials include Resultant Data and any information, data, or

other content derived from Provider’s monitoring of Customer’s access to or use of the Services, but do not include Customer Data. “Resultant Data” means data and information related to Customer’s use of the Services that is used by Provider in an aggregate and anonymized manner, including to compile statistical and performance information related to the provision and

operation of the Services. “Systems” means the information technology infrastructure, including computers, software, databases, electronic systems (including database management systems), and networks, of a party whether operated directly by such party or through the use of third-party services.

11. Access and Security.

Customer shall employ all physical, administrative, and technical controls, screening, and security procedures and other safeguards necessary to: (a) securely administer the distribution and use of all access credentials and protect against any unauthorized access to or use of the Services; and (b) control the content and use of Customer Data, including the uploading or other provision of Customer Data for Processing by the Services.