RelayHub Master Services Agreement

BY INDICATING YOUR ACCEPTANCE OF THIS AGREEMENT OR ACCESSING OR USING ANY RELAYHUB OFFERINGS, YOU ARE ACCEPTING ALL OF THE TERMS AND CONDITIONS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO THESE TERMS AND CONDITIONS, YOU MAY NOT USE ANY RELAYHUB OFFERINGS. YOU AGREE THAT THIS AGREEMENT IS ENFORCEABLE LIKE ANY WRITTEN AGREEMENT SIGNED BY YOU.

IF YOU ARE USING ANY RELAYHUB OFFERINGS AS AN EMPLOYEE, CONTRACTOR, OR AGENT OF A CORPORATION, PARTNERSHIP, LIMITED LIABILITY COMPANY OR SIMILAR ENTITY, THEN YOU MUST BE AUTHORIZED TO SIGN FOR AND BIND SUCH ENTITY IN ORDER TO ACCEPT THE TERMS OF THIS AGREEMENT, AND YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO DO SO. THE RIGHTS GRANTED UNDER THIS AGREEMENT ARE EXPRESSLY CONDITIONED UPON ACCEPTANCE BY SUCH AUTHORIZED PERSONNEL.

Agreement

These RelayHub Terms of Service ("Agreement") are entered into by and between RelayHub (see Section 14 for this and other capitalized defined terms) and the entity or person (other than a Reseller) placing an order for, or accessing, any RelayHub Offerings ("Customer" or "you"). This Agreement consists of the terms and conditions set forth below and any ancillary documents (e.g., attachments, addenda, exhibits) expressly referenced as part of the Agreement, and any Order Forms that reference this Agreement.

This Agreement incorporates the following exhibits:

• Exhibit A: Acceptable Use Policy
• Exhibit B: Data Processing Addendum
• Exhibit C: Security Addendum
• Exhibit D: Support Policy

The "Effective Date" of this Agreement is the date which is the earlier of (a) Customer's initial access to any RelayHub Offering (as defined below) through any online provisioning, registration or order process, or (b) the effective date of the first Order Form referencing this Agreement.

Modifications to this Agreement: From time to time, RelayHub may modify this Agreement. Unless otherwise specified by RelayHub, changes become effective for Customer upon renewal of the then-current Subscription Term or upon the effective date of a new Order Form after the updated version of this Agreement goes into effect. RelayHub will use reasonable efforts to notify Customer of the changes through communications via Customer's Account, email or other means. Customer may be required to click to accept or otherwise agree to the modified Agreement before renewing a Subscription Term or upon the effective date of a new Order Form, and in any event continued use of any RelayHub Offering after the updated version of this Agreement goes into effect will constitute Customer's acceptance of such updated version.

1. Use of Service

1.1 Service Provision and Access; Client Software. RelayHub will make the Service available to Customer for the Subscription Term solely for use by Customer and its Users in accordance with the terms and conditions of this Agreement, the Documentation and the Order Form. Customer may permit its Contractors and Affiliates to serve as Users provided that any use of the Service by each such Contractor or Affiliate is solely for the benefit of Customer or such Affiliate. Customer shall be responsible for each User's compliance with this Agreement, and acts or omissions by any User shall be deemed acts by Customer. To the extent Customer installs Client Software in connection with its use of the Service, RelayHub grants to Customer and its Users a limited, non-transferable, non-sublicensable, non-exclusive license during the Subscription Term to use the object code form of the Client Software internally in connection with Customer's and its Affiliates' use of the Service, subject to the terms and conditions of this Agreement and the Documentation.

1.2 Affiliates. Customer Affiliates may purchase RelayHub Offerings from RelayHub by executing an Order Form which is governed by the terms of this Agreement. This will establish a new and separate agreement between the Customer Affiliate and RelayHub. If the Customer Affiliate resides in a different country than Customer, then the Order Form may include modifications to terms applicable to the transaction(s) (including, but not limited to, tax terms and governing law).

1.3 Compliance with Applicable Laws. RelayHub will provide the RelayHub Offerings in accordance with its obligations under laws and government regulations applicable to RelayHub's provision of such RelayHub Offerings to its customers generally including, without limitation, those related to data privacy and data transfer, international communications, and the exportation of RelayHub Offerings, without regard to Customer's particular use of the RelayHub Offerings and subject to Customer's use of the RelayHub Offerings in accordance with this Agreement.

1.4 Sample Data; Third-Party Applications. RelayHub may make Sample Data available for Customer. Customer acknowledges that Sample Data is example data only which may not be complete, current, or accurate. Customer will not, and will not permit any third party to, copy or export any Sample Data. Customer agrees that RelayHub may delete or require Customer to cease using Sample Data at any time upon advance notice. RelayHub may also provide URL links or interconnectivity within the Service to facilitate Customer's use of Third-Party Applications, at Customer's sole discretion. Notwithstanding the foregoing, any procurement or use of Third-Party Applications is solely between Customer and the applicable party, and RelayHub will have no liability for such Third-Party Applications under this Agreement.

1.5 General Restrictions. Customer will not (and will not permit any third party to): (a) sell, rent, lease, license, distribute, provide access to, sublicense, or otherwise make available the Service (or any Deliverables, if applicable) to a third party (except as set forth in an SOW, as applicable) or in a service bureau or outsourcing offering; (b) use the Service to provide, or incorporate the Service into, any substantially similar cloud-based service for the benefit of a third party; (c) reverse engineer, decompile, disassemble, or otherwise seek to obtain the source code or non-public APIs to the Service, except to the extent expressly permitted by applicable law (and then only upon advance written notice to RelayHub); (d) remove or obscure any proprietary or other notices contained in the Service; or (e) use any RelayHub Offerings in violation of the Acceptable Use Policy.

2. Customer Data

2.1 Rights in Customer Data. As between the parties, Customer or its licensors retain all right, title and interest (including all intellectual property rights) in and to the Customer Data and any modifications made thereto in the operation of the Service. Subject to the terms of this Agreement, Customer hereby grants to RelayHub a non-exclusive, worldwide, royalty-free right to process the Customer Data solely to the extent necessary to provide the RelayHub Offerings to Customer, to prevent or address service or technical problems therein, or as may be required by law.

2.2 Use Obligations.

(a) In General. Customer's use of RelayHub Offerings and all Customer Data will comply with applicable laws, government regulations and any other legal requirements including but not limited to, any data localization or data sovereignty laws, regulations and any other third-party legal requirements applicable to Customer. Customer is solely responsible for the accuracy, content and legality of all Customer Data. Customer warrants that Customer has and will have sufficient rights in the Customer Data to grant the rights to RelayHub under this Agreement and that the processing of Customer Data by RelayHub in accordance with this Agreement will not violate any laws or the rights of any third party.

(b) HIPAA Data. Customer agrees not to process any HIPAA Data in the Service unless Customer has entered into a BAA with RelayHub. Unless a BAA is in place, RelayHub will have no liability under this Agreement for HIPAA Data, notwithstanding anything to the contrary in this Agreement, in HIPAA or in any similar federal or state laws, rules or regulations. If Customer is permitted to process HIPAA Data in the Service, then Customer may process HIPAA Data in the Service only by providing it as Customer Data. Upon mutual execution of the BAA, the BAA is incorporated by reference into this Agreement and is subject to its terms.

2.3 Data Privacy. The parties shall comply with the DPA.

3. Security

The parties shall comply with the Security Addendum.

4. Intellectual Property

4.1 RelayHub Technology. Customer agrees that RelayHub or its suppliers retain all right, title and interest (including all patent, copyright, trademark, trade secret and other intellectual property rights) in and to the RelayHub Technology. Except for the express limited rights set forth in this Agreement, no right, title or interest in any RelayHub Technology is granted to Customer. Further, Customer acknowledges that the Service is offered as an online, hosted solution, and that Customer has no right to obtain a copy of the underlying computer code for the Service, except (if applicable) for the Client Software in object code format. RelayHub may freely use and incorporate any suggestions, comments or other feedback about the RelayHub Offerings voluntarily provided by Customer or Users into the RelayHub Technology.

4.2 Usage Data. Notwithstanding anything to the contrary in this Agreement, RelayHub may collect and use Usage Data to develop, improve, support, and operate its products and services. RelayHub may not share any Usage Data that includes Customer's Confidential Information with a third party except (a) in accordance with Section 5 (Confidentiality) of this Agreement, or (b) to the extent the Usage Data is aggregated and anonymized such that Customer and Customer's Users cannot be identified.

4.3 Customer Reference. RelayHub may identify Customer as its customer to other RelayHub customers or prospective customers, including for purposes of facilitating Customer-controlled data sharing hereunder. Without limiting the foregoing, RelayHub may use and display Customer's name, logo, trademarks and service marks on RelayHub's website and in RelayHub's marketing materials in connection with identifying Customer as a customer of RelayHub. Upon Customer's written request, RelayHub will promptly remove any such marks from RelayHub's website and, to the extent commercially feasible, RelayHub's marketing materials.

5. Confidentiality

Each party (as "Receiving Party") will use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but not less than reasonable care) to: (a) not use any Confidential Information of the other party (the "Disclosing Party") for any purpose outside the scope of this Agreement; and (b) except as otherwise authorized by the Disclosing Party in writing, limit access to Confidential Information of the Disclosing Party to those of its and its Affiliates' employees and contractors who need that access for purposes consistent with this Agreement and who are bound by obligations of confidentiality to the Receiving Party containing protections not materially less protective of the Confidential Information than those herein. If Receiving Party is required by law, regulation or court order to disclose Confidential Information, then Receiving Party shall, to the extent legally permitted, provide Disclosing Party with advance written notice and cooperate in any effort to obtain confidential treatment of the Confidential Information including, without limitation, the opportunity to seek appropriate administrative or judicial relief. The Receiving Party acknowledges that disclosure of Confidential Information would cause substantial harm for which damages alone would not be a sufficient remedy and therefore that, upon any such disclosure by the Receiving Party, the Disclosing Party will be entitled to seek appropriate equitable relief in addition to whatever other remedies it might have at law.

6. Fees and Payment; Taxes; Payment Disputes

6.1 Fees and Payment. All Fees and payment terms are as set forth in the applicable Order Form. Except as expressly set forth in this Agreement and to the extent permitted by law, all payment obligations are non-cancelable and Fees are non-refundable. If Customer issues a purchase order upon entering into an Order Form, then: (i) any such purchase order submitted by Customer is for its internal purposes only, and RelayHub rejects, and in the future is deemed to have rejected, any purchase order terms to the extent they add to or conflict in any way with this Agreement or the applicable Order Form, and such additional or conflicting terms will have no effect; (ii) it shall be without limitation to RelayHub's right to collect Fees owing hereunder; (iii) it shall be for the total Fees owing under the applicable Order Form; and (iv) on request, RelayHub will reference the purchase order number on its invoices (solely for administrative convenience), so long as Customer provides the purchase order reasonably in advance of the invoice date. RelayHub will invoice Customer using the billing contact information set forth in the applicable Order Form or as updated by Customer in the Service.

6.2 Taxes. Fees do not include Taxes. Customer is responsible for paying all Taxes associated with its purchases hereunder including, without limitation, all use or access of the RelayHub Offerings by its Users. If RelayHub has the legal obligation to pay or collect Taxes for which Customer is responsible under this section, RelayHub will invoice Customer and Customer will pay that amount unless Customer provides RelayHub with a valid tax exemption certificate authorized by the appropriate taxing authority. Taxes will not be deducted from payments to RelayHub except as required by applicable law, in which case Customer will increase the amount payable as necessary so that, after making all required deductions and withholdings, RelayHub receives and retains (free from any liability for Taxes) an amount equal to the amount it would have received had no such deductions or withholdings been made. Upon RelayHub's request, Customer will provide RelayHub its proof of withholding tax remittance to the respective tax authority. Where applicable, Customer will provide its VAT/GST Registration Number(s) on the Order Form to confirm the business use of the purchased services.

6.3 Payment Disputes. RelayHub will not exercise its rights under Section 7.2 (Termination for Cause) or Section 7.5(a) (Suspension of the RelayHub Offerings) with respect to non-payment by Customer if Customer is disputing the applicable charges reasonably and in good faith and is cooperating diligently to resolve the dispute. If the parties are unable to resolve such a dispute within thirty (30) days, each party shall have the right to seek any remedies it may have under this Agreement, at law or in equity, irrespective of any terms that would limit remedies on account of a dispute. For clarity, any undisputed amounts must be paid in full.

6.4 Reseller Orders. Customer may procure certain RelayHub Offerings through a Reseller pursuant to a Reseller Arrangement. RelayHub will only be obligated to provide the RelayHub Offerings to Customer in connection with a Reseller Arrangement if RelayHub and Reseller have executed an Order Form for such purchase. Customer acknowledges and agrees that, solely in connection with the purchase by Customer through a Reseller Arrangement: (a) RelayHub may share information with Reseller related to Customer's use and consumption of the RelayHub Offerings; (b) notwithstanding anything to contrary in this Agreement, references to "Customer" in each of the defined terms "Fees" and "Order Form" in this Agreement shall be replaced with "Reseller," and all payments of fees, refunds and credits, if any, are payable by or to the Reseller; (c) this Agreement governs Customer's use of the RelayHub Offerings, notwithstanding anything to the contrary in the Reseller Arrangement; and (d) Reseller is not authorized to make any changes to this Agreement or otherwise authorized to make any warranties, representations, promises or commitments on behalf of RelayHub or in any way concerning the RelayHub Offerings.

7. Term and Termination

7.1 Term. This Agreement is effective as of the Effective Date and will remain in effect until terminated in accordance with its terms. If there is no Order Form currently in effect, either party may terminate this Agreement upon written notice to the other party. Each Order Form will terminate upon expiration of the applicable Subscription Term unless expressly stated otherwise therein or in this Agreement.

7.2 Termination for Cause. Either party may terminate this Agreement (including all related Order Forms) if the other party: (a) fails to cure any material breach of this Agreement (including a failure to pay Fees) within thirty (30) days after written notice (without limiting Section 6.3 (Payment Disputes)); (b) ceases operation without a successor; or (c) seeks protection under any bankruptcy, receivership, trust deed, creditors' arrangement, composition, or comparable proceeding, or if any such proceeding is instituted against that party and is not dismissed within sixty (60) days (to the extent such termination is not prohibited by law). Except where an exclusive remedy is specified, the exercise by either party of any remedy under this Agreement, including termination, will be without prejudice to any other remedies it may have under this Agreement, by law or otherwise. For any termination of this Agreement by Customer for cause in accordance with Section 7.2(a), Customer shall be entitled to a refund of any prepaid unused Fees for the Service purchased hereunder.

7.3 Effect of Termination; Customer Data Retrieval. Upon written notice to RelayHub, Customer will have up to thirty (30) calendar days from termination or expiration of this Agreement to access the Service solely to the extent necessary to retrieve Customer Data ("Retrieval Right"). If Customer exercises its Retrieval Right, this Agreement and the applicable Order Form shall continue in full force and effect for the duration of the Retrieval Right. RelayHub shall have no further obligation to make Customer Data available after the latter of (a) the effective date of termination of this Agreement, or (b) the Retrieval Right period, if applicable, and thereafter RelayHub shall promptly delete the Customer Data. After the Retrieval Right period, Customer will have no further access to Customer Data and shall cease use of and access to the RelayHub Offerings (including any related RelayHub Technology) and delete all copies of Client Software, Documentation, any associated passwords or access codes, and any other RelayHub Confidential Information in its possession. Notwithstanding any termination or anything to the contrary in this Agreement or any Order Form, Customer shall pay for all its use of the RelayHub Offerings.

7.4 Survival. The following sections will survive any expiration or termination of this Agreement: 1.4 (General Restrictions), 4 (Intellectual Property), 5 (Confidentiality), 6.1 (Fees and Payment), 6.2 (Taxes), 7 (Term and Termination), 8.3 (Warranty Disclaimer), 11 (Indemnification), 12 (Limitation of Remedies and Damages), 13 (General Terms), and 14 (Definitions).

7.5 Suspension of the RelayHub Offerings. In addition to any of its other rights or remedies (including, without limitation, any termination rights) set forth in this Agreement, RelayHub reserves the right to suspend provision of the RelayHub Offerings: (a) if any Fees are thirty (30) days or more overdue (and are not otherwise subject to Section 6.3 [Payment Disputes]); (b) if RelayHub deems such suspension necessary as a result of Customer's breach of Sections 1.4 (General Restrictions) or 2.2 (Use Obligations); (c) if RelayHub reasonably determines suspension is necessary to avoid material harm to RelayHub or its customers, including if the Service is experiencing denial of service attacks, mail flooding, or other attacks or disruptions outside of RelayHub's control; or (d) as required by law or at the request of governmental entities.

8. Warranty

8.1 Service Warranty. RelayHub warrants that: (a) the Service will operate in substantial conformity with the applicable Documentation; and (b) Technical Services and Deliverables will be provided in a professional and workmanlike manner and substantially in accordance with the specifications in the applicable SOW. If RelayHub cannot correct any reported non-conformity with this warranty, either party may terminate the applicable Order Form or SOW (as applicable), and Customer as its sole remedy will be entitled to receive a refund of any prepaid unused Fees for the applicable Service or Technical Services purchased thereunder. This warranty will not apply if the error or non-conformance was caused by: (i) Customer's misuse of the Service or Deliverables; (ii) modifications to the Service or Deliverables by Customer or any third party; (iii) External Offerings; or (iv) any services or hardware of Customer or any of its third parties used by Customer in connection with the Service or Deliverables. For Technical Services and Deliverables, this warranty will not apply unless Customer provides written notice of a claim within thirty (30) days after expiration of the applicable SOW.

8.2 Mutual Warranty. Each party warrants that it has validly entered into this Agreement and has the legal power to do so.

8.3 Warranty Disclaimer. TO THE EXTENT PERMITTED BY LAW AND EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, EACH RELAYHUB OFFERING, THE CLIENT SOFTWARE AND SAMPLE DATA ARE PROVIDED "AS IS," AND RELAYHUB MAKES NO OTHER WARRANTIES, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. RELAYHUB DOES NOT WARRANT THAT THE USE OF ANY RELAYHUB OFFERING WILL BE UNINTERRUPTED OR ERROR-FREE, NOR DOES RELAYHUB WARRANT THAT IT WILL REVIEW THE CUSTOMER DATA FOR ACCURACY.

9. Support and Availability

During a Subscription Term, RelayHub will provide Customer the level of support for the Service set forth in the applicable Order Form, in accordance with the Support Policy.

10. Technical Services

10.1 Provision of Technical Services. RelayHub will perform the Technical Services for Customer as set forth in each applicable SOW, subject to the terms and conditions of this Agreement.

10.2 Assistance. Customer acknowledges that timely access to applicable Customer Materials, resources, personnel, equipment or facilities is necessary for the provision of Technical Services. Customer agrees to provide such access and to reasonably cooperate with RelayHub during a Technical Services project. RelayHub will have no liability for any delay or deficiency to the extent resulting from Customer's breach of its obligations under Section 10.

10.3 Customer Materials. Customer hereby grants RelayHub a limited right to use any Customer Materials solely for the purpose of providing Technical Services to Customer. Customer will retain any of its rights (including all intellectual property rights) in and to the Customer Materials. Customer Materials comprising Confidential Information will be subject to Section 5 (Confidentiality). Customer warrants that Customer has and will have sufficient rights in the Customer Materials to grant the rights to RelayHub under this Agreement and that the Customer Materials will not violate any third-party rights.

10.4 Access to Customer Data under an SOW. With respect to access to any Customer Data under an SOW, Customer is solely responsible for ensuring that both the duration and scope of access is strictly limited to the access required under the specific SOW. Customer agrees that it will not grant RelayHub access to Customer Data unless specifically required and noted in an SOW, and that Customer will grant any such access only during the term of the applicable Technical Services project. Unless otherwise specified in an SOW, Customer must ensure that: (a) any access to Customer Data that it grants is limited to read-only access in Customer's development environment for the Service (and Customer will not grant access to any other environment, such as its test, production or disaster recovery); and (b) Customer will not grant access to any Customer Data that is unencrypted or contains sensitive data, including without limitation, any personal data, credit card or other financial account information, or protected health information. To the extent access to Customer Data is granted, unless otherwise specified in an SOW, Customer will provide RelayHub with: (i) secure Customer workstations and networks for accessing Customer Data that are monitored, managed, configured, supported and maintained by Customer; and (ii) unique user ID/passwords to each RelayHub resource that requires access to Customer Data, and these credentials will be solely managed by Customer.

10.5 License to Deliverables. The Technical Services RelayHub performs (e.g., providing guidance on configuring the Service) and the resulting Deliverables are generally applicable to RelayHub's business and are part of RelayHub Technology. Subject to the terms and conditions of this Agreement (including the restrictions in Section 1.4 [General Restrictions]), RelayHub hereby grants Customer a limited, non-exclusive, royalty-free, non-transferable worldwide license to use the Deliverables internally solely in connection with such Customer's use of the Service during the period in which such Customer has valid access to the Service. The parties may mutually agree to SOWs with additional terms and restrictions related to the use of Deliverables provided as part of that project, in which case those terms and restrictions will also apply for purposes of those Deliverables only.

10.6 Change Orders; Other Terms. Customer may submit written requests to RelayHub to change the scope of Technical Services under an existing SOW. RelayHub will promptly notify Customer if it believes that the requested change requires an adjustment to the fees, schedule, assumptions or scope for the performance of the Technical Services. Neither party is bound by changes to an SOW unless the parties have entered into a Change Order with respect thereto. RelayHub may use subcontractors to deliver Technical Services but will remain responsible for their performance of those Technical Services under the applicable terms and conditions of this Agreement. For clarity, Customer will be responsible for any fees for the Service that are generated as part of the Technical Services.

11. Indemnification

11.1 Indemnification by RelayHub. RelayHub will defend Customer against any claim by a third party alleging that the Service or any Deliverable, when used in accordance with this Agreement, infringes any intellectual property right of such third party and will indemnify and hold harmless Customer from and against any damages and costs awarded against Customer or agreed in settlement by RelayHub (including reasonable attorneys' fees) resulting from such claim. If Customer's use of the Service or Deliverable results (or in RelayHub's opinion is likely to result) in an infringement claim, RelayHub may either: (a) substitute functionally similar products or services; (b) procure for Customer the right to continue using the Service or Deliverable; or if (a) and (b) are not commercially reasonable, (c) terminate this Agreement, or the applicable Order Form or SOW, and refund to Customer any prepaid unused Fees for the applicable Service or Deliverable. The foregoing indemnification obligation of RelayHub will not apply to the extent the applicable claim is attributable to: (1) the modification of the Service or Deliverable by any party other than RelayHub or based on Customer's specifications or requirements; (2) the combination of the Service or Deliverable with products or processes not provided by RelayHub; (3) any use of the Service or Deliverables in non-conformity with this Agreement; or (4) any action arising as a result of Customer Data, or any deliverables or components not provided by RelayHub. This section sets forth Customer's sole remedy with respect to any claim of intellectual property infringement.

11.2 Indemnification by Customer. Customer will defend RelayHub against any claim by a third party arising from or relating to any Customer Data, Customer Materials or any Customer-offered product or service used in connection with the Service and will indemnify and hold harmless RelayHub from and against any damages and costs awarded against RelayHub or agreed in settlement by Customer (including reasonable attorneys' fees) resulting from such claim.

11.3 Indemnification Procedures. In the event of a potential indemnity obligation under Section 11, the indemnified party will: (a) promptly notify the indemnifying party in writing of the claim, (b) allow the indemnifying party the right to control the investigation, defense and settlement (if applicable) of such claim at the indemnifying party's sole cost and expense, and (c) upon request of the indemnifying party, provide all necessary cooperation at the indemnifying party's expense. Failure by the indemnified party to notify the indemnifying party of a claim under Section 11 shall not relieve the indemnifying party of its obligations under Section 11. However, the indemnifying party shall not be liable for any litigation expenses the indemnified party incurred before such notice was given or for any damages and/or costs resulting from any material prejudice caused by the delay or failure to provide notice to the indemnifying party in accordance with this section. The indemnifying party may not settle any claim that would bind the indemnified party to any obligation (other than payment covered by the indemnifying party or ceasing to use infringing materials) or require any admission of fault by the indemnified party without the indemnified party's prior written consent, such consent not to be unreasonably withheld, conditioned or delayed. Any indemnification obligation under Section 11 will not apply if the indemnified party settles or makes any admission with respect to a claim without the indemnifying party's prior written consent.

12. Limitation of Remedies and Damages

EXCEPT AS TO "EXCLUDED CLAIMS," TO THE MAXIMUM EXTENT PERMITTED BY LAW, AND NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT:

A. NEITHER PARTY NOR ITS AFFILIATES SHALL BE LIABLE TO THE OTHER PARTY OR ITS AFFILIATES FOR ANY LOSS OF USE, LOST OR INACCURATE DATA, INTERRUPTION OF BUSINESS, COSTS OF DELAY, COVER COSTS, LOST PROFITS, OR ANY INDIRECT, SPECIAL, INCIDENTAL, RELIANCE, PUNITIVE, EXEMPLARY OR CONSEQUENTIAL DAMAGES OF ANY KIND, EVEN IF INFORMED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE;

B. SUBJECT TO SUBSECTION (C) BELOW, EACH PARTY'S AND ITS AFFILIATES' TOTAL LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE) SHALL NOT EXCEED THE AMOUNT ACTUALLY PAID OR PAYABLE TO RELAYHUB IN THE PRIOR 12 MONTHS UNDER THE APPLICABLE ORDER FORM(S) OR SOW TO WHICH SUCH LIABILITY RELATES ("GENERAL LIABILITY CAP");

C. IN THE CASE OF "DATA PROTECTION CLAIMS," EACH PARTY'S AND ITS AFFILIATES' TOTAL LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE) SHALL NOT EXCEED TWO TIMES (2X) THE AMOUNT ACTUALLY PAID OR PAYABLE TO RELAYHUB IN THE PRIOR TWELVE (12) MONTHS UNDER THE APPLICABLE ORDER FORM(S) OR SOW TO WHICH SUCH LIABILITY RELATES ("DATA PROTECTION CLAIMS CAP");

D. IN NO EVENT SHALL EITHER PARTY (OR ITS RESPECTIVE AFFILIATES) BE LIABLE FOR THE SAME EVENT UNDER BOTH THE GENERAL LIABILITY CAP AND THE DATA PROTECTION CLAIMS CAP. SIMILARLY, THOSE CAPS SHALL NOT BE CUMULATIVE; IF A PARTY (AND/OR ITS AFFILIATES) HAS ONE OR MORE CLAIMS SUBJECT TO THE "GENERAL LIABILITY CAP" AND THE "DATA PROTECTION CLAIMS CAP," THE MAXIMUM TOTAL LIABILITY FOR ALL CLAIMS IN THE AGGREGATE SHALL NOT EXCEED THE "DATA PROTECTION CLAIMS CAP";

E. THE PARTIES AGREE THAT SECTION 12 WILL APPLY REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE AND WILL APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS AGREEMENT IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE; AND

F. THE APPLICABLE MONETARY CAPS SET FORTH IN SECTION 12 SHALL APPLY, ON AN AGGREGATED BASIS, ACROSS THIS AGREEMENT AND ANY AND ALL SEPARATE AGREEMENT(S) GOVERNING CUSTOMER'S USE OF THE RELAYHUB OFFERINGS ENTERED INTO BETWEEN RELAYHUB AND ANY CUSTOMER AFFILIATES INCLUDING, WITHOUT LIMITATION, AS CONTEMPLATED BY SECTION 1.2 (AFFILIATES).

G. NOTWITHSTANDING ANY OTHER PROVISION OF THIS SECTION 12 OR ANY OTHER PROVISION OF THIS AGREEMENT, RELAYHUB SHALL HAVE NO LIABILITY WHATSOEVER UNDER ANY THEORY OF LIABILITY—AND NO DATA PROTECTION CLAIM, EXCLUDED CLAIM, OR ANY OTHER CLAIM SHALL ARISE AGAINST RELAYHUB—WITH RESPECT TO ANY DATA INCIDENT, UNAUTHORIZED ACCESS, PRIVACY VIOLATION, DATA LOSS, OR SIMILAR HARM THAT ARISES FROM OR IS ATTRIBUTABLE TO THE ACTS, OMISSIONS, SECURITY FAILURES, OR DATA HANDLING PRACTICES OF ANY THIRD-PARTY AI MODEL PROVIDER ACCESSED THROUGH THE SERVICE UNDER CUSTOMER'S BYOK CONFIGURATION. CUSTOMER'S SOLE RECOURSE FOR ANY SUCH CLAIM LIES AGAINST THE APPLICABLE AI MODEL PROVIDER UNDER CUSTOMER'S OWN AGREEMENT WITH THAT PROVIDER. FOR THE AVOIDANCE OF DOUBT, (I) AMOUNTS CUSTOMER PAYS DIRECTLY TO OR INCURS WITH ANY AI MODEL PROVIDER ARE NOT "FEES" PAID OR PAYABLE TO RELAYHUB AND SHALL NOT BE USED IN CALCULATING ANY LIABILITY CAP UNDER THIS AGREEMENT, AND (II) RELAYHUB'S ROLE AS A CONNECTIVITY AND ROUTING LAYER DOES NOT RENDER IT A PARTY TO, OR JOINTLY LIABLE UNDER, ANY AGREEMENT BETWEEN CUSTOMER AND ANY AI MODEL PROVIDER.

13. General Terms

13.1 Assignment. This Agreement will bind and inure to the benefit of each party's permitted successors and assigns. Neither party may assign this Agreement without the advance written consent of the other party, except that either party may assign this Agreement in its entirety in connection with a merger, reorganization, acquisition, or other transfer of all or substantially all such party's assets or voting securities to such party's successor. Each party shall promptly provide notice of any such assignment. Any attempt to transfer or assign this Agreement except as expressly authorized under this section will be null and void.

13.2 Severability; Interpretation; Conflicts. If a court of competent jurisdiction holds any provision of this Agreement to be unenforceable or invalid, that provision will be limited to the minimum extent necessary so that this Agreement will otherwise remain in effect. Section headings are inserted for convenience only and shall not affect interpretation of this Agreement. Except for the Acceptable Use Policy, the DPA, the Offering-Specific Terms, the Security Addendum and the Support Policy, each of which shall govern solely with respect to the subject matter therein, this Agreement governs and controls in the event of a conflict with any other ancillary documents or provisions applicable to the RelayHub Offerings unless otherwise expressly agreed in writing by the parties.

13.3 Dispute Resolution. Each party agrees that before it seeks any form of legal relief (except for a provisional remedy as explicitly set forth below) it shall provide written notice to the other party of the specific issue(s) in dispute (and reference the relevant provisions of the contract between the parties which are allegedly being breached). Within thirty (30) days after such notice, knowledgeable executives of the parties shall hold at least one meeting (in person or by video- or tele-conference) for the purpose of attempting in good faith to resolve the dispute. The parties agree to maintain the confidential nature of all disputes and disagreements between them including, but not limited to, informal negotiations, mediation or arbitration, except as may be necessary to prepare for or conduct these dispute resolution procedures or unless otherwise required by law or judicial decision. The dispute resolution procedures in this section shall not apply to claims subject to indemnification under Section 11 (Indemnification) or prior to a party seeking a provisional remedy related to claims of misappropriation or ownership of intellectual property, trade secrets or Confidential Information.

13.4 Governing Law; Jurisdiction and Venue. This Agreement will be governed by the laws of the State of Texas and the United States without regard to conflicts of law provisions thereof, and without regard to the United Nations Convention on Contracts for the International Sale of Goods; and the jurisdiction and venue for actions related to the subject matter hereof will be the state and federal courts located in Dallas County, Texas, and both parties hereby submit to the personal jurisdiction of such courts.

13.5 Notice. Any notice or communication required or permitted under this Agreement will be in writing to the parties at the addresses set forth in this Agreement or at such other address as may be given in writing by either party to the other in accordance with this section and will be deemed to have been received by the addressee upon: (a) personal delivery; (b) the second business day after being mailed or couriered; or (c) the day of sending by email, except for notices of breach (other than for non-payment) or an indemnifiable claim, which for clarity must be made by mail or courier. Email notifications to RelayHub shall be to legal@weeksahead.ai.

13.6 Amendments; Waivers. No supplement, modification or amendment of this Agreement will be binding unless executed in writing by a duly authorized representative of each party to this Agreement, except as expressly set forth herein. No waiver will be implied from conduct or failure to enforce or exercise rights under this Agreement, nor will any waiver be effective unless in a writing signed by a duly authorized representative on behalf of the party claimed to have waived. No terms or conditions stated in a Customer purchase order, vendor onboarding process or web portal, or any other Customer order documentation (excluding Order Forms) shall be incorporated into or form any part of this Agreement, and all such terms or conditions shall be null and void, notwithstanding any language to the contrary therein, whether signed before or after this Agreement.

13.7 Entire Agreement. This Agreement is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements and communications relating to the subject matter of this Agreement. Notwithstanding the foregoing, Optional Offerings may be made available for Customer's use in its sole discretion. RelayHub may change and update the Service (in which case RelayHub may update the applicable Documentation accordingly), subject to the warranty in Section 8.1 (Service Warranty). For clarity, all URL terms expressly referenced herein include any updates made thereto, as posted to relayhub.ai/legal or a successor website designated by RelayHub.

13.8 Third-Party Beneficiaries. There are no third-party beneficiaries under this Agreement, except to the extent expressly stated in this Agreement.

13.9 Force Majeure. Neither party will be liable to the other for any delay or failure to perform any obligation under this Agreement (except for a failure to pay Fees) if the delay or failure results from any cause beyond such party's reasonable control, including but not limited to acts of God, labor disputes or other industrial disturbances, systemic electrical, telecommunications, or other utility failures, earthquake, storms or other elements of nature, blockages, embargoes, riots, public health emergencies (including pandemics and epidemics), acts or orders of government, acts of terrorism, or war.

13.10 Independent Contractors. The parties to this Agreement are independent contractors. There is no relationship of partnership, joint venture, employment, franchise or agency created hereby between the parties. Neither party will have the power to bind the other or incur obligations on the other party's behalf without the other party's prior written consent and neither party's employees are eligible for any form or type of benefits including, but not limited to, health, life or disability insurance offered by the other party to its employees.

13.11 Export Control. Each party agrees to comply with all export and import laws and regulations including, without limitation, those of the United States applicable to such party in connection with its respective provision or use of the Service under this Agreement. Without limiting the foregoing, Customer represents and warrants that it: (a) is not listed on, or majority-owned by any entity listed on, any U.S. government list of prohibited or restricted parties; (b) is not located in (or a national of) a country that either is subject to a U.S. government embargo or has been designated by the U.S. government as a "state sponsor of terrorism"; (c) will not (and will not permit any third parties to) access or use the Service in violation of any U.S. export embargo, prohibition or restriction; and (d) will not submit to the Service any information that is controlled under the U.S. International Traffic in Arms Regulations.

13.12 U.S. Government Terms; Federal Government End Use Provisions. To the extent Customer is an agency of or otherwise represents the United States federal government (i) it hereby agrees that the Service qualifies as a "commercial product" as defined by FAR Part 2.101 or the state law corollary, and (ii) RelayHub provides the RelayHub Offerings, including all related software and, to the extent applicable, the RelayHub Technology, for ultimate federal government end use solely in accordance with the following: Government technical data and software rights related to the RelayHub Offerings include only those rights customarily provided to the public as defined in this Agreement. This customary commercial license is provided in accordance with the United States Federal Acquisition Regulation ("FAR") section 12.211 (Technical Data) and FAR section 12.212 (Software) and, for Department of Defense transactions, the United States Defense Federal Acquisition Regulation Supplement ("DFARS") section 252.227-7015 (Technical Data Commercial Items) and DFARS section 227.7202-3 (Rights in Commercial Computer Software or Computer Software Documentation). If a government agency has a need for rights not granted under these terms, it must negotiate with RelayHub to determine if there are acceptable terms for granting those rights, and a mutually acceptable written addendum specifically granting those rights must be included in any applicable agreement.

13.13 Execution. The parties may execute any documents hereunder in counterparts, each of which will be deemed an original and all of which together will be considered one and the same agreement. The parties will be bound by signatures made by hand or electronic means, which may be transmitted to the other party by mail, hand delivery, email and/or any electronic method and will have the same binding effect as any original ink signature.

13.14 Product and Company Rebranding. RelayHub reserves the right to rename or rebrand the Service, any RelayHub Offerings, or the company name at any time. Any such change shall be communicated to Customer by written notice and will not affect the validity, interpretation, or enforceability of this Agreement or any Order Form. Following such notice, all references in this Agreement and any related Order Forms to the prior product, service, or company name shall automatically be deemed to refer to the successor or replacement name, and no formal amendment shall be required to give effect to such change. For the avoidance of doubt, this Agreement and all rights and obligations hereunder shall survive and continue in full force and effect notwithstanding any such renaming or rebranding.

14. Definitions

"Acceptable Use Policy" or "AUP" means RelayHub's acceptable use policy, made available at relayhub.ai/legal/acceptable-use-policy.

"Account" means Customer's account in the applicable Service in which Customer stores and processes Customer Data.

"Affiliate" means an entity that, directly or indirectly, owns or controls, is owned or is controlled by, or is under common ownership or control with a party. As used in this definition, "control" means the power to direct the management or affairs of an entity and "ownership" means the beneficial ownership of more than fifty percent (50%) of the voting equity securities or other equivalent voting interests of an entity.

"BAA" means a business associate agreement governing the parties' respective obligations with respect to any HIPAA Data processed by Customer in the Service in accordance with the terms of this Agreement.

"Change Order" means a change order or amendment to an SOW that is agreed to and signed in writing by both parties with respect to any Technical Services to be performed hereunder.

"Client Software" is any desktop client software that is made available to Customer by RelayHub for installation on Users' computers to be used in connection with the applicable Service.

"Confidential Information" means all information that is identified as confidential at the time of disclosure by the Disclosing Party or reasonably should be known by the Receiving Party to be confidential or proprietary due to the nature of the information disclosed and the circumstances surrounding the disclosure. All Customer Data will be deemed Confidential Information of Customer without any marking or further designation. All RelayHub Technology and the terms and conditions of this Agreement will be deemed Confidential Information of RelayHub without any marking or further designation. Confidential Information shall not, however, include information that the Receiving Party can demonstrate: (a) was rightfully in its possession or known to it prior to receipt of the Confidential Information; (b) is or has become public knowledge through no fault of the Receiving Party; (c) is rightfully obtained by the Receiving Party from a third party without breach of any confidentiality obligation; or (d) is independently developed by employees of the Receiving Party.

"Contractor" means Customer's and its Affiliates' independent contractors and consultants.

"Customer Data" means any data or data files of any type that are uploaded by or on behalf of Customer for storage or processing in the Service.

"Customer Materials" means any materials provided to RelayHub in connection with Technical Services.

"Data Protection Claims" means any claims arising from a party's breach of Section 2.3 (Data Privacy), Section 3 (Security), Section 5 (Confidentiality) and/or the BAA (if any), where such breach results in the unauthorized disclosure of Customer Data, or breach of Section 2.2 (Use Obligations).

"Data Protection Claims Cap" is defined in Section 12 (Limitation of Remedies and Damages).

"Deliverables" means the guides, code (including SQL queries) or other deliverables that RelayHub provides to Customer in connection with Technical Services, but excludes any compilers, assemblers, interpreters or similar tools RelayHub may use to develop Deliverables.

"Disclosing Party" is defined in Section 5 (Confidentiality).

"Documentation" means RelayHub's technical documentation and usage guides expressly designated by RelayHub as applicable to the Service at docs.relayhub.ai.

"DPA" means the Customer Data Processing Addendum, made available at relayhub.ai/legal.

"Excluded Claims" means obligations and claims based on: (a) a party's breach of its obligations in Section 5 (Confidentiality) (but excluding obligations and claims relating to Customer Data); (b) either party's express obligations under Section 11 (Indemnification); and/or (c) liability which, by law, cannot be limited (e.g., tort claims for gross negligence and intentional misconduct).

"External Offerings" means separate or third-party data, databases, services, offerings or applications that are independent from, but inter-operate with the Service, and may be procured or used by Customer. For clarity, External Offerings are subject to separate terms, and RelayHub has no liability with respect thereto under this Agreement.

"FAR" and "DFARS" are respectively as defined in Section 13.12 (U.S. Government Terms).

"Fees" means the fees payable by Customer to RelayHub for the applicable RelayHub Offerings. For Technical Services, the applicable Fees are as set forth in the relevant Order Form or SOW, and "Fees" also includes travel, lodging, meal and other expenses incurred in providing Technical Services, but only if the applicable SOW specifies that expenses are reimbursable.

"General Liability Cap" is defined in Section 12 (Limitation of Remedies and Damages).

"HIPAA" means the Health Insurance Portability and Accountability Act, as amended and supplemented.

"HIPAA Data" means any patient, medical or other protected health information regulated by HIPAA or any similar federal or state laws, rules or regulations.

"Offering-Specific Terms" means the Offering-Specific Terms located at relayhub.ai/legal that supplement this Agreement (e.g., Customer-controlled data sharing, Previews), or form an independent agreement (e.g., External Offerings), as indicated in the applicable Offering-Specific Terms.

"Optional Offerings" means optional features, functionality or other offerings that Customer may use in connection with or as part of the Service, and subject to the applicable Offering-Specific Terms.

"Order Form" means the RelayHub ordering document (and/or SOW, if applicable) governed by this Agreement that is signed by RelayHub and Customer and specifies the RelayHub Offerings procured by Customer.

"Preview(s)" means products, features, services, software, regions or cloud deployments that RelayHub does not yet make generally available (e.g., those that are labeled as "private preview," "public preview," "pre-release" or "beta").

"Receiving Party" is defined in Section 5 (Confidentiality).

"Reseller" means a RelayHub-authorized distributor, referral partner or reseller selling RelayHub Offerings to Customer.

"Reseller Arrangement" means a separate agreement between Customer and Reseller, which may specify different terms than this Agreement regarding invoicing, taxes and payments.

"Retrieval Right" is defined in Section 7.3 (Effect of Termination; Customer Data Retrieval).

"Sample Data" means any data (including from third-party sources) provided or made available to Customer by RelayHub solely for Customer's internal testing, evaluation, and other non-production use of the Service during the Subscription Term, which RelayHub may delete or require Customer to cease using at any time upon advance notice.

"Security Addendum" means the RelayHub Security Addendum, made available at relayhub.ai/legal/security-addendum.

"Service" means the generally available software-as-a-service offering hosted by or on behalf of RelayHub and ordered by or for Customer as set forth in an Order Form.

"RelayHub" means Weeks Ahead Ventures LLC.

"RelayHub Offering(s)" means the Service, Technical Services (including any Deliverables), and any support and other ancillary services (including, without limitation, services to prevent or address service or technical problems) provided by RelayHub.

"RelayHub Technology" means the Service, Documentation, Client Software, Deliverables, and all related and underlying technology and documentation in any RelayHub Offerings; and any derivative works, modifications, or improvements of any of the foregoing.

"SOW" or "Statement of Work" means a statement of work mutually agreed by Customer and RelayHub for the provision of Technical Services and that is governed by this Agreement.

"Subscription Term" means the period during which Customer is authorized to access the relevant RelayHub Offering(s), as specified in the applicable Order Form.

"Support Policy" means the RelayHub Support Policy and Service Level Agreement between RelayHub and Customer.

"Taxes" means taxes, levies, duties or similar governmental assessments of any nature, including, for example, any sales, use, GST, value-added, withholding, or similar taxes, whether domestic or foreign, or assessed by any jurisdiction, but excluding any taxes based on net income, property, or employees of RelayHub.

"Technical Services" means the training, consulting, configuration or other professional services provided by RelayHub to Customer under an Order Form or SOW.

"Third-Party Applications" means separate or third-party data, services, offerings, storage, software, networks, or applications (and other consulting services related thereto) made available by or on behalf of Customer or to Customer that inter-operate with the Service and are subject to an independent agreement or supplemental terms to this Agreement.

"Usage Data" means usage and operations data in connection with the Customer's use of the Service, including query logs and metadata (e.g., object definitions and properties).

"User" means the persons designated and granted access to the Service by or on behalf of Customer, including, as applicable, any of its and its Affiliates' Contractors.

"VAT/GST Registration Number" means the value added tax/GST registration number of the business location(s) where Customer is legally registered and the ordered services are used for business use.

RelayHub / Weeks Ahead Ventures, LLC

Version 1.0 • Effective Date: Upon Execution of Order Form

This Acceptable Use Policy ("AUP") governs Customer's and its Users' use of the RelayHub platform, associated services, and any content generated through them (collectively, the "Services"). This AUP is incorporated by reference into the RelayHub Terms of Service or other governing written agreement between RelayHub / Weeks Ahead Ventures LLC ("Provider" or "RelayHub") and Customer (the "Agreement"). Capitalized terms not defined herein have the meanings given in the Agreement.

Customer is responsible for ensuring that all Users comply with this AUP. Use of the Services constitutes acceptance of this AUP.

1. Prohibited Uses

Customer and its Users may not use the Services to:

1.1 Illegal Activity

• Violate any applicable local, state, national, or international law or regulation
• Engage in, facilitate, or promote any fraudulent, deceptive, or illegal activity
• Infringe the intellectual property, privacy, publicity, or other rights of any third party
• Violate any export control laws or sanctions regulations, including those administered by the U.S. Office of Foreign Assets Control (OFAC)

1.2 Harmful or Offensive Content

• Generate, upload, transmit, or store content that is unlawful, threatening, abusive, harassing, defamatory, or obscene
• Generate content that sexualizes minors or that could be used to exploit or harm children
• Create or distribute content designed to harass, intimidate, or harm any individual or group
• Generate content that promotes violence, discrimination, or hatred based on race, ethnicity, national origin, religion, gender, sexual orientation, disability, or other protected characteristics

1.3 Security and System Integrity

• Attempt to gain unauthorized access to the Services, Provider's infrastructure, or any third-party systems
• Upload, transmit, or generate malware, viruses, ransomware, spyware, or any other malicious code
• Conduct or facilitate any denial-of-service attack, network scanning, or penetration testing against Provider or any third party without express written authorization
• Circumvent, disable, or interfere with any security feature, access control, or usage limit of the Services
• Use the Services to probe, scan, or test the vulnerability of any system or network

1.4 AI Model Misuse

• Use AI-generated outputs to deceive, defraud, or impersonate any person or entity without disclosure
• Attempt to extract, reverse engineer, or reconstruct the underlying weights, parameters, or training data of any AI model accessed through the Services
• Use the Services or any AI-generated outputs to build or train a competing AI model or service
• Attempt to circumvent or "jailbreak" AI model safety mechanisms or content filters
• Generate content designed to spread disinformation, propaganda, or coordinated inauthentic behavior at scale

1.5 Data and Privacy Violations

• Upload or process Personal Data in violation of applicable data protection laws or without the required legal basis
• Upload HIPAA Data, payment card data (PCI-DSS), or other regulated data categories unless a separate written addendum authorizing such use has been executed with Provider
• Collect, harvest, or scrape Personal Data from the Services or from any third party without authorization
• Use the Services to process Personal Data of individuals who have not provided appropriate consent or for purposes inconsistent with the original collection purpose

1.6 Service Integrity and Fair Use

• Resell, sublicense, share access to, or otherwise make the Services available to unauthorized third parties
• Use the Services in a manner that imposes an unreasonable or disproportionate load on Provider's infrastructure
• Automate access to the Services in a manner that exceeds reasonable use or that bypasses intended rate limits or usage controls
• Use the Services for any purpose that competes with Provider's business or that is intended to damage Provider's reputation or relationships

2. Customer Data Responsibilities

Customer is solely responsible for all Customer Data uploaded to or processed through the Services. Customer represents and warrants that:

• Customer has all rights, licenses, and permissions necessary to upload and process Customer Data through the Services
• Customer Data does not and will not violate any applicable law or infringe any third-party rights
• Customer will not upload Customer Data that Customer knows or reasonably should know contains malware, malicious code, or harmful content
• Customer will configure workspace permissions, access controls, and data scoping settings appropriately for the sensitivity of the data being processed, in accordance with the Documentation

3. API Key Responsibilities (BYOK)

The Services operate on a Bring Your Own Key ("BYOK") model under which Customer provides API keys for Customer's chosen AI model providers. Customer agrees that:

• Customer is solely responsible for the security, confidentiality, and proper management of all API keys configured in the Services
• Customer will only configure API keys for AI model providers that Customer is authorized to use and for which Customer has accepted the applicable provider's terms of service
• Customer will promptly rotate or revoke any API key that Customer believes may have been compromised and will notify Provider at security@relayhub.ai
• Provider is not responsible for any costs, overages, or liability arising from Customer's use of third-party AI model providers through Customer's API keys
• Customer will not configure API keys with broader permissions than necessary for the intended use of the Services
• RelayHub stores conversation content, including prompts and responses, in its own infrastructure for service delivery purposes and in accordance with its obligations under this Agreement. When Customer uses the Services to send prompts to a third-party AI model provider, those prompts and the resulting responses are transmitted to and from that provider for inference purposes. RelayHub has no visibility into, control over, or responsibility for how any AI model provider stores, uses, retains, processes, or otherwise handles Customer Data or prompts after receipt by that provider. Customer's use of any AI model provider through the Services is additionally governed by Customer's own agreements, privacy notices, and terms of service with that provider. RelayHub expressly disclaims all liability for any data incident, privacy violation, unauthorized disclosure, or other harm arising from or related to a third-party AI model provider's handling of Customer Data or prompts.

4. Compliance with Laws

Customer is responsible for ensuring that its use of the Services complies with all applicable laws and regulations, including without limitation:

• Data protection and privacy laws, including the California Consumer Privacy Act (CCPA/CPRA) and, where applicable, the EU General Data Protection Regulation (GDPR)
• Sector-specific regulations applicable to Customer’s industry (e.g., financial services, healthcare)
• Export control laws and trade sanctions
• Laws governing the use of AI-generated content in Customer's jurisdiction, including applicable disclosure requirements

Customer acknowledges that Provider's provision of the Services does not constitute legal, financial, medical, or other professional advice, and that Customer is responsible for obtaining appropriate professional guidance in connection with Customer's use of AI-generated outputs.

5. Reporting Violations

If Customer becomes aware of any violation of this AUP — including by its own Users — Customer shall promptly notify Provider at:

• Email: legal@weeksahead.ai
• Security incidents: security@relayhub.ai

Provider may independently investigate suspected violations and may take any action it deems appropriate, including suspension of access, as described in Section 6 below.

6. Enforcement

Provider reserves the right to investigate suspected violations of this AUP. If Provider reasonably determines that Customer or any User has violated this AUP, Provider may, without limiting any other remedies available under the Agreement:

• Provide written notice and require Customer to cure the violation within a specified timeframe
• Suspend or restrict Customer's or the offending User's access to the Services pending resolution
• Terminate the Agreement in accordance with its terms
• Report the activity to applicable law enforcement or regulatory authorities where required by law or in Provider's reasonable judgment

Provider's failure to enforce any provision of this AUP in any instance shall not constitute a waiver of Provider's rights to enforce such provision in the future.

7. Updates to this Policy

Provider may update this AUP from time to time. Changes will be posted at relayhub.ai/legal/acceptable-use-policy and will become effective upon posting or on such later date as specified by Provider. Provider will use reasonable efforts to notify Customer of material changes. Continued use of the Services after an updated AUP takes effect constitutes Customer's acceptance of the updated policy.

8. Contact

Questions regarding this AUP should be directed to:

• RelayHub / Weeks Ahead Ventures LLC
• 2123 West Sherman Drive, Aubrey, TX 76227
• legal@weeksahead.ai
• relayhub.ai/legal

RelayHub / Weeks Ahead Ventures, LLC

Version 1.0 | Effective Date: [as set in the applicable Order Form] | Confidential

1. Purpose and Scope

This Data Processing Addendum ("DPA") forms part of, and is incorporated into, the RelayHub Terms of Service or other written agreement (the "Agreement") between Weeks Ahead Ventures LLC ("RelayHub") and the customer entity identified in the applicable Order Form ("Customer"). This DPA governs RelayHub's processing of Personal Data on behalf of Customer in connection with the provision of the RelayHub platform and associated services (collectively, the "Services").

In the event of a conflict between this DPA and the Agreement, this DPA shall govern with respect to the subject matter herein.

2. Definitions

"Personal Data" means any information relating to an identified or identifiable natural person that is uploaded to, processed by, or generated through Customer's use of the Services, including without limitation employee data, customer data, and any data contained in documents uploaded to the platform.

"Processing" means any operation or set of operations performed on Personal Data, including collection, recording, storage, retrieval, use, disclosure, or deletion.

"Controller" means the entity that determines the purposes and means of processing Personal Data. Customer is the Controller with respect to all Personal Data uploaded or generated by Customer's use of the Services.

"Processor" means the entity that processes Personal Data on behalf of the Controller. RelayHub acts as Processor with respect to Personal Data submitted by Customer to the Services.

"Sub-processor" means any third party engaged by RelayHub to process Personal Data in connection with the Services.

"Applicable Data Protection Laws" means all data protection and privacy laws applicable to the processing of Personal Data under this DPA, including without limitation the California Consumer Privacy Act (CCPA/CPRA) and, where applicable, the EU General Data Protection Regulation (GDPR) and UK GDPR.

3. Roles and Responsibilities

3.1 Customer as Controller

Customer is the Controller of all Personal Data processed through the Services. Customer is solely responsible for:

• Determining the lawful basis for processing Personal Data through the Services
• Ensuring that any Personal Data submitted to the Services has been collected in accordance with Applicable Data Protection Laws
• Providing any required notices to data subjects regarding processing by RelayHub as Processor
• Ensuring that Customer's use of the Services complies with all Applicable Data Protection Laws
• Configuring the platform's access controls, workspace permissions, and data scoping settings appropriately for the sensitivity of the data being processed

3.2 RelayHub as Processor

RelayHub processes Personal Data solely on behalf of Customer and only as necessary to provide the Services, in accordance with Customer's documented instructions as set forth in this DPA and the Agreement. RelayHub shall not process Personal Data for any other purpose, including for RelayHub's own commercial purposes.

RelayHub confirms that it does not sell, rent, or share Customer's Personal Data with third parties for their independent use, and does not use Customer Data to train, fine-tune, or improve any AI models — whether operated by RelayHub or any third-party model provider.

4. Processing Instructions

RelayHub shall process Personal Data only on documented instructions from Customer. Customer's instructions are set forth in the Agreement, this DPA, and any applicable Order Form. RelayHub shall promptly notify Customer if it believes an instruction infringes Applicable Data Protection Laws, to the extent RelayHub is able to identify such infringement.

Customer acknowledges that the operation of the Services, including routing requests to Customer's designated AI model using Customer-supplied API keys, constitutes a documented processing instruction for the purposes of this DPA.

5. Sub-processors

5.1 Authorized Sub-processors

Customer hereby grants RelayHub general authorization to engage the following Sub-processors in connection with the delivery of the Services. The RelayHub platform is architected as a Bring Your Own Key (BYOK) platform: Customers supply their own API keys for the AI model(s) of their choosing. Accordingly, the AI models are not Sub-processors of RelayHub — they are independent services engaged directly by Customer under Customer's own agreements with those AI Models. RelayHub's Sub-processors are limited to the infrastructure services set forth below:

5.2 Changes to Sub-processors

RelayHub shall notify Customer of any intended addition or replacement of Sub-processors by updating the Sub-processor list at relayhub.ai/legal/sub-processors or by direct notice to Customer at least 30 days prior to the change taking effect. Customer may object to the addition of a new Sub-processor within 15 days of receiving notice by providing written notice to legal@weeksahead.ai specifying the reasonable grounds for objection. If the parties cannot resolve the objection, Customer may terminate the Agreement with respect to the affected services without penalty.

6. Security Measures

6.1 Technical and Organizational Measures

RelayHub implements and maintains technical and organizational security measures designed to protect Personal Data against unauthorized access, disclosure, alteration, or destruction. These measures include:

• Dedicated cloud instance per Customer — Customer data is logically and physically isolated from all other customers. No shared multi-tenant storage of Customer Data.
• Encryption at rest — Customer Data is encrypted at rest using AES-256 via Google-Managed Encryption Keys (GMEK) on Google Cloud Platform.
• Encryption in transit — All data transmitted between Customer and the Services, and between the Services and AI model Sub-processors, is encrypted using TLS 1.2 or higher.
• Role-based access control (RBAC) — Access to Customer Data within the platform is controlled at the workspace level. Administrators may define and restrict access by role, user, and workspace.
• Full audit logging — The platform maintains comprehensive audit trails of all AI interactions, including user identity, timestamp, model used, and workspace context.
• SSO integration — The platform supports Single Sign-On (SSO) via Microsoft, Google, and other SAML-compatible providers, enabling Customer to enforce their own authentication policies.
• BYOK (Bring Your Own Key) — Customers who elect BYOK manage their own encryption keys via their designated key management infrastructure. RelayHub does not hold or have access to Customer-managed encryption keys.
• Personnel access controls — Access to Customer instances is restricted to a single designated engineer. Access is limited strictly to logs, technical support, and troubleshooting purposes, requires multi-factor authentication, and is logged in full.

6.2 BYOK Modification of Security Obligations

Where Customer has elected BYOK, RelayHub's security obligations with respect to encryption at rest are modified as follows: Customer bears sole responsibility for the management, rotation, backup, and availability of their encryption keys. RelayHub shall not be liable for any data loss, inaccessibility, or breach resulting from Customer's mismanagement, loss, revocation, or expiration of encryption keys. Service Level Availability (SLA) commitments exclude downtime attributable to BYOK key failures.

7. Confidentiality of Processing

RelayHub ensures that all personnel authorized to process Personal Data are subject to appropriate confidentiality obligations, whether by contract or professional duty, and receive training on data protection requirements relevant to their role. RelayHub shall not permit any personnel to process Personal Data except as necessary to provide the Services or as required by applicable law.

8. Data Subject Rights

As Controller, Customer is responsible for receiving and responding to data subject requests (including requests to access, correct, delete, or port Personal Data) from individuals whose data is processed through the Services. RelayHub shall, to the extent technically feasible and within a reasonable timeframe, assist Customer in responding to such requests by providing Customer with the tools to access, export, and delete Personal Data within the platform.

Where a data subject contacts RelayHub directly with a request relating to their Personal Data, RelayHub shall promptly forward the request to Customer at the legal notice address on file and shall not respond to the data subject directly except as required by applicable law.

9. Personal Data Breach Notification

In the event RelayHub becomes aware of a confirmed or reasonably suspected Personal Data breach affecting Customer Data, RelayHub shall:

• Notify Customer without undue delay and, where feasible, within 72 hours of becoming aware of the breach, at the contact address registered in Customer's account or as specified in the Order Form
• Provide Customer with reasonably available information about the nature of the breach, the categories and approximate number of data records affected, the likely consequences of the breach, and the measures taken or proposed to address it
• Cooperate with Customer's reasonable investigation of the breach and take commercially reasonable steps to mitigate the impact
• Preserve all logs and records reasonably determined to be relevant to the breach for a minimum of one year

RelayHub's notification of a breach shall not constitute an admission of fault or liability. RelayHub shall provide all reasonably available information about the breach, including the nature of the affected data to the extent determinable from platform logs and audit records.

Customer is responsible for registering and maintaining a current notification email address within the Services. Failure to do so may impair RelayHub's ability to provide timely notice.

10. International Data Transfers

The Services are hosted and operated in the United States. If Customer is located outside the United States or processes Personal Data of individuals located in the European Economic Area (EEA), United Kingdom, or other jurisdictions with data transfer restrictions, Customer is responsible for ensuring that the transfer of Personal Data to RelayHub complies with Applicable Data Protection Laws.

11. Data Retention and Deletion

11.1 Retention During Term

RelayHub retains Customer Data for the duration of the Agreement and any post-termination data retrieval period as specified in the Agreement. RelayHub does not retain Personal Data beyond what is necessary to provide the Services, except where required by applicable law or to maintain audit logs as required under this DPA or the Security Addendum.

11.2 Deletion Upon Request

Customer may request deletion of specific Personal Data at any time by submitting a written request to legal@weeksahead.ai. RelayHub shall use commercially reasonable efforts to delete the specified data within 30 days of receiving the request, except where retention is required by applicable law.

11.3 Deletion Upon Termination

Upon expiration or termination of the Agreement and, following the conclusion of any applicable data retrieval period, RelayHub shall delete all Customer Data from its systems. RelayHub's deletion mechanism is complete termination of the Customer's dedicated virtual machine instance, which results in immediate and irreversible deletion of all Customer Data, including conversation content, metadata, and audit logs. There is no backup retention — deleted instances cannot be restored. Customer may also request immediate VM termination and full deletion at any time during the Agreement term by written request to legal@weeksahead.ai, which RelayHub shall execute within one (1) business day.

12. Audit Rights

Upon written request and no more than once per calendar year (unless Customer has a reasonable good-faith belief that a breach has occurred), RelayHub shall provide Customer with documentation evidencing RelayHub's compliance with its obligations under this DPA, which may include: the RelayHub's most recent SOC 2 audit report (once available), a completed security questionnaire (SIG or CAIQ), and relevant data flow documentation.

Customer may also request a direct audit of RelayHub's applicable controls. RelayHub and Customer shall mutually agree on the scope, timing, and confidentiality terms of any such audit. RelayHub may charge a reasonable fee for audits requiring significant RelayHub resources. All audit reports and findings shall be treated as RelayHub's Confidential Information.

13. California Consumer Privacy Act (CCPA / CPRA)

To the extent that Customer's Personal Data includes Personal Information of California residents as defined under the CCPA, the following additional terms apply:

• RelayHub is a "Service Provider" under the CCPA. RelayHub processes Customer’s Personal Information solely for the business purpose of providing the Services as described in the Agreement and this DPA
• RelayHub shall not sell or share Customer's Personal Information, retain, use, or disclose Customer's Personal Information for any purpose other than providing the Services, or combine Customer's Personal Information with Personal Information received from other sources except as permitted under the CCPA
• RelayHub certifies that it understands and will comply with the restrictions set forth in this Section 13.

14. Liability

Each party's liability under this DPA is subject to the limitations of liability set forth in the Agreement. To the extent permitted by applicable law, the Data Protection Claims Cap as defined in the Agreement applies to all claims arising under this DPA.

15. Term and Termination

This DPA is effective as of the Effective Date and remains in effect for the duration of the Agreement. This DPA automatically terminates upon expiration or termination of the Agreement. Sections 7 (Confidentiality), 11 (Data Retention and Deletion), and 14 (Liability) shall survive termination.

16. General

This DPA is governed by the same governing law and jurisdiction as the Agreement. In the event of any conflict between this DPA and the Agreement, this DPA governs with respect to data processing matters. This DPA may be updated by RelayHub from time to time, provided that updates shall not materially diminish the protections afforded to Customer hereunder. RelayHub will provide reasonable notice of material changes.

Agreed and Accepted

Confidential | Weeks Ahead Ventures LLC | legal@weeksahead.ai | relayhub.ai/legal

This Security Addendum¹ ("Security Addendum") forms part of, and is subject to, the Master Subscription Agreement, the RelayHub Terms of Service, the RelayHub Evaluation Terms of Service, or the RelayHub Server Terms of Service between Weeks Ahead Ventures LLC ("RelayHub") and the legal entity defined as "Customer" thereunder together with all Customer Affiliates who are signatories to an Order Form for their own Service Account or Server Software license pursuant to such agreement (collectively, for purposes of this Security Addendum, "Customer", and together with RelayHub, the "Parties" and each a "Party" [such agreement, the "Agreement"]). All capitalized terms not defined in this Security Addendum shall have the meanings set forth in the Agreement.

RelayHub utilizes infrastructure-as-a-service cloud as further described in the Agreement and/or Documentation (each, a "RelayHub Cloud") and provides the Service to Customer using a VPC/VNET and storage hosted by the applicable RelayHub Cloud (the "Cloud Environment").

RelayHub maintains a comprehensive documented security program under which RelayHub implements and maintains physical, administrative and technical safeguards designed to protect the confidentiality, integrity, availability and security of the Service and Customer Data (the "Security Program") including, but not limited to, as set forth below. RelayHub regularly tests and evaluates its Security Program and may review and update its Security Program as well as this Security Addendum provided, however, that such updates shall be designed to enhance and not materially diminish the Security Program.

RelayHub provides Server Software to Customer for use installed in a Customer-managed environment. When Customer uses Server Software, Customer accepts sole responsibility for the types of security controls and procedures defined in Sections 1 through 9 of this Security Addendum.

1. RelayHub's Audits & Certifications

1.1 RelayHub is currently in the process of obtaining SOC 2 compliance certification. RelayHub is presently building on and operating with SOC 2-compliant infrastructure and processes. Upon completion of certification, RelayHub will deliver the applicable third-party audits ("Third-Party Audits") reports to Customer upon written request. RelayHub will notify Customer of certification milestones as they are received.

1.2 Third-Party Audits are made available to Customer as described in Section 9.2.1.

1.3 To the extent RelayHub decides to discontinue a Third-Party Audit, RelayHub will adopt or maintain an equivalent, industry-recognized framework.

2. Hosting Location of Customer Data

2.1 Hosting Location. The hosting location of Customer Data is the production Cloud Environment in the Region offered by RelayHub and selected by Customer on an Order Form or as Customer otherwise configures via the services.

3. Encryption

3.1 Encryption of Customer Data. RelayHub encrypts Customer Data at-rest using AES 256-bit (or better) encryption. RelayHub uses Transport Layer Security (TLS) 1.2 (or better) for Customer Data in-transit to/from the Service over untrusted networks.

4. System & Network Security

4.1 Access Controls

• (a) All RelayHub personnel access to the Cloud Environment is via a unique user ID, consistent with the principle of least privilege, requires a VPN, as well as multi-factor authentication and passwords meeting or exceeding PCI-DSS length and complexity requirements.
• (b) RelayHub personnel will not access Customer Data except (i) as reasonably necessary to provide RelayHub Offerings under the Agreement or (ii) to comply with the law or a binding order of a governmental body.

4.2 Endpoint Controls. For access to the Cloud Environment, RelayHub personnel use RelayHub-issued laptops which utilize security controls that include, but are not limited to, (i) disk encryption, (ii) endpoint detection and response (EDR) tools to monitor and alert for suspicious activities and Malicious Code (as defined below), and (iii) vulnerability management in accordance with Section 4.7.3 (Vulnerability Management).

4.3 Separation of Environments. RelayHub logically separates production environments from development environments. The Cloud Environment is both logically and physically separate from RelayHub's corporate offices and networks.

4.4 Firewalls / Security Groups. RelayHub shall protect the Cloud Environment using industry standard firewall or security groups technology with deny-all default policies to prevent egress and ingress network traffic protocols other than those that are business-required.

4.5 Hardening. The Cloud Environment shall be hardened using industry-standard practices to protect it from vulnerabilities, including by changing default passwords, removing unnecessary software, disabling or removing unnecessary services, and regular patching as described in this Security Addendum.

4.6 Monitoring & Logging

4.6.1 Infrastructure Logs. Monitoring tools or services, such as host-based intrusion detection tools, are utilized to log certain activities and changes within the Cloud Environment. These logs are further monitored, analyzed for anomalies, and are securely stored to prevent tampering for at least one year.

4.6.2 User Logs. As further described in the Documentation, RelayHub also captures logs of certain activities and changes within the Account and makes those logs available to Customer for Customer's preservation and analysis.

4.7 Vulnerability Detection & Management

4.7.1 Anti-Virus & Vulnerability Detection. The Cloud Environment leverages advanced threat detection tools with daily signature updates, which are used to monitor and alert for suspicious activities, potential malware, viruses and/or malicious computer code (collectively, "Malicious Code"). RelayHub does not monitor Customer Data for Malicious Code.

4.7.2 Penetration Testing & Vulnerability Detection. RelayHub intermittently conducts penetration tests and may engage independent third parties to conduct penetration tests of the Service. RelayHub also runs daily vulnerability scans for the Cloud Environment using updated vulnerability databases.

4.7.3 Vulnerability Management. Vulnerabilities meeting defined risk criteria trigger alerts and are prioritized for remediation based on their potential impact to the Service. Upon becoming aware of such vulnerabilities, RelayHub will use commercially reasonable efforts to address private and public (e.g., U.S.-CERT announced) critical and high vulnerabilities within 30 days, and medium vulnerabilities within 90 days. To assess whether a vulnerability is 'critical', 'high', or 'medium', RelayHub leverages the National Vulnerability Database's (NVD) Common Vulnerability Scoring System (CVSS), or where applicable, the U.S.-CERT rating.

5. Administrative Controls

5.1 Personnel Security. RelayHub requires criminal background screening on its personnel as part of its hiring process, to the extent permitted by applicable law.

5.2 Personnel Training. RelayHub maintains a documented security awareness and training program for its personnel, including, but not limited to, onboarding and on-going training.

5.3 Personnel Agreements. RelayHub personnel are required to sign confidentiality agreements. RelayHub personnel are also required to sign RelayHub's information security policy, which includes acknowledging responsibility for reporting security incidents involving Customer Data.

5.4 Personnel Access Reviews & Separation. RelayHub reviews the access privileges of its personnel to the Cloud Environment at least quarterly and removes access on a timely basis for all separated personnel.

5.5 RelayHub Risk Management & Threat Assessment. RelayHub's risk management process is modeled on NIST 800-53. RelayHub's security committee meets regularly to review reports and material changes in the threat environment, and to identify potential control deficiencies to make recommendations for new or improved controls and threat mitigation strategies.

5.6 External Threat Intelligence Monitoring. RelayHub reviews external threat intelligence, including US-CERT vulnerability announcements and other trusted sources of vulnerability reports. U.S.-CERT announced vulnerabilities rated as critical or high are prioritized for remediation in accordance with Section 4.7.3 (Vulnerability Management).

5.7 Change Management. RelayHub maintains a documented change management program for the Service.

5.8 Vendor Risk Management. RelayHub maintains a vendor risk management program for vendors that process Customer Data designed to ensure each vendor maintains security measures consistent with RelayHub's obligations in this Security Addendum.

6. Physical & Environmental Controls

6.1 Cloud Environment Data Centers. To ensure the RelayHub Cloud has appropriate physical and environmental controls for its data centers hosting the Cloud Environment, RelayHub regularly reviews those controls as audited under the RelayHub Cloud's third-party audits and certifications. Following receipt of RelayHub's SOC-2 certification, each RelayHub Cloud shall have a SOC 2 Type II annual audit and ISO 27001 certification, or industry recognized equivalent frameworks. Such controls shall include, but are not limited to, the following:

• (1) Physical access to the facilities are controlled at building ingress points;
• (2) Visitors are required to present ID and are signed in;
• (3) Physical access to servers is managed by access control devices;
• (4) Physical access privileges are reviewed regularly;
• (5) Facilities utilize monitor and alarm response procedures;
• (6) Use of CCTV;
• (7) Fire detection and protection systems;
• (8) Power back-up and redundancy systems; and
• (9) Climate control systems.

6.2 RelayHub Corporate Offices. While Customer Data is not hosted at RelayHub's corporate offices, RelayHub's technical, administrative, and physical controls for its corporate offices shall include, but are not limited to, the following:

• (1) Physical access to the corporate office is controlled at office ingress points;
• (2) Badge access is required for all personnel and badge privileges are reviewed regularly;
• (3) Visitors are required to sign in;
• (4) Use of CCTV at building ingress points;
• (5) Tagging and inventory of RelayHub-issued laptops and network assets;
• (6) Fire detection and sprinkler systems; and
• (7) Climate control systems.

7. Incident Detection & Response

7.1 Security Incident Reporting. If RelayHub becomes aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data (a "Security Incident"), RelayHub shall notify Customer without undue delay, and in any case, where feasible, notify Customer within 72 hours after becoming aware. To facilitate timely notification, Customer must register and maintain an up-to-date email within the Service for this type of notification. Where no such email is registered, Customer acknowledges that the means of notification shall be at RelayHub's reasonable discretion (which may include using the Customer-designated email address associated with the Global Admin roles of the affected Account(s)) and RelayHub's ability to timely notify shall be negatively impacted.

7.2 Investigation. In the event of a Security Incident as described above, RelayHub shall promptly take reasonable steps to contain, investigate, and mitigate any Security Incident. Any logs determined to be relevant to a Security Incident, shall be preserved for at least one year.

7.3 Communication and Cooperation. RelayHub shall provide Customer timely information about the Security Incident to the extent known to RelayHub including, but not limited to, the nature and consequences of the Security Incident, the measures taken and/or proposed by RelayHub to mitigate or contain the Security Incident, the status of RelayHub's investigation, a contact point from which additional information may be obtained, and the categories and approximate number of data records concerned. Notwithstanding the foregoing, Customer acknowledges that because RelayHub personnel may not have visibility to the content of Customer Data, it may be unlikely that RelayHub can provide information as to the particular nature of the Customer Data, or where applicable, the identities, number, or categories of affected data subjects. Communications by or on behalf of RelayHub with Customer in connection with a Security Incident shall not be construed as an acknowledgment by RelayHub of any fault or liability with respect to the Security Incident.

8. Deletion of Customer Data

8.1 By Customer Request. RelayHub shall promptly delete any Customer Data upon receipt of a written request from the Customer for the deletion of Customer Data.

8.2 By RelayHub. Subject to applicable provisions of the Agreement, upon the later of (i) expiration or termination of the Agreement and (ii) expiration of any post-termination "Retrieval Period" set forth in the Agreement, RelayHub shall promptly delete any remaining Customer Data.

9. Customer Rights & Shared Security Responsibilities

9.1 Customer Penetration Testing. Customer may provide a written request for a penetration test of its Account ("Pen Test") by submitting such request via a support ticket. Following receipt by RelayHub of such request, RelayHub and Customer shall mutually agree in advance on details of such Pen Test, including the start date, scope and duration, as well as reasonable conditions designed to mitigate potential risks to confidentiality, security, or other potential disruption of the Service or RelayHub's business. Pen Tests and any information arising therefrom are deemed RelayHub's Confidential Information. If Customer discovers any actual or potential vulnerability in connection with a Pen Test, Customer must immediately disclose it to RelayHub and shall not disclose it to any third-party.

9.2 Customer Audit Rights

9.2.1 Upon written request and at no additional cost to Customer, RelayHub shall provide Customer, and/or its appropriately qualified third-party representative (collectively, the "Auditor"), access to reasonably requested documentation evidencing RelayHub's compliance with its obligations under this Security Addendum in the form of, as applicable, (i) RelayHub's SOC 2 Type II audit report (ii) RelayHub's most recently completed industry standard security questionnaire, such as a SIG or CAIQ; and (iii) data flow diagrams for the Service (collectively with Third-Party Audits, the "Audit Reports").

9.2.2 Customer may also send a written request for an audit of RelayHub's applicable controls, including inspection of its facilities. Following receipt by RelayHub of such request, RelayHub and Customer shall mutually agree in advance on the details of the audit, including the reasonable start date, scope and duration of and security and confidentiality controls applicable to any such audit. RelayHub may charge a fee (rates shall be reasonable, taking into account the resources expended by RelayHub) for any such audit. Audit Reports, any audit, and any information arising therefrom shall be considered RelayHub's Confidential Information.

9.2.3 Where the Auditor is a third-party (or Customer is using a third-party to conduct an approved Pen Test under Section 9.1), such third party may be required to execute a separate confidentiality agreement with RelayHub prior to any audit, Pen Test, or review of Audit Reports, and RelayHub may object in writing to such third party if in RelayHub's reasonable opinion the third party is not suitably qualified or is a direct competitor of RelayHub. Any such objection by RelayHub will require Customer to appoint another third party or conduct such audit, Pen Test, or review itself. Any expenses incurred by an Auditor in connection with any review of Audit Reports, or an audit or Pen Test, shall be borne exclusively by the Auditor.

9.3 Sensitive Customer Data. Use of the Service to meet requirements of PCI-DSS, HIPAA, FedRAMP, State Authorizing Programs, the International Traffic in Arms Regulations (ITAR), the Defense Federal Acquisition Regulation Supplement (DFARS), the Criminal Justice Information Services (CJIS) Security Policy, Internal Revenue Service Publication 1075 (IRS 1075) or other similar heightened standards ("Heightened Standards"), may require additional controls which shall be implemented by Customer. Customer must implement all appropriate Customer-configurable security controls, including IP whitelisting and MFA for all User interactive logins (e.g., individuals authenticating to the Service) to protect Customer Data subject to such Heightened Standards. Additionally, to the extent the Documentation or the Agreement (as amended) sets forth specific requirements related to Heightened Standards (e.g., additional agreements required by RelayHub and/or requirements to use designated Editions and/or Regions of the Service), Customer must satisfy such requirements before providing RelayHub any Customer Data subject to such Heightened Standards.

9.4 Shared Security Responsibilities. Without diminishing RelayHub's commitments in this Security Addendum, Customer agrees:

• (1) RelayHub has no obligation to assess the content, accuracy or legality of Customer Data, including to identify information subject to any specific legal, regulatory or other requirement. Customer is responsible for making appropriate use of the Service to ensure a level of security appropriate to the particular content of Customer Data including, where appropriate, implementation of encryption functionality, including any customer-managed encryption key capabilities offered by the Service (as described in the Documentation), pseudonymization of Customer Data and configuration of the Service to back-up Customer Data;
• (2) Customer is responsible for managing and protecting its User roles and credentials, including but not limited to (i) ensuring that all Users keep credentials confidential and not share such information with unauthorized parties, (ii) promptly reporting to RelayHub any suspicious activities related to Customer’s Account (e.g., a user credential has been compromised) by submitting a support ticket and designating it as a Severity Level 1 in accordance with the Support Policy, (iii) appropriately configuring User and role-based access controls, including scope and duration of User access, taking into account the nature of its Customer Data, and (iv) maintaining appropriate password uniqueness, length, complexity, and expiration;
• (3) To promptly update its Server Software and Client Software whenever RelayHub announces an update.

This RelayHub Support Policy ("Support Policy") describes RelayHub's support offering in connection with Customer-reported bugs, defects or errors in the Service ("Error(s)"). RelayHub shall provide technical support for the Service ("Support") in accordance with this Support Policy and the applicable written subscription agreement between RelayHub and Customer for the Service ("Agreement"). Customer shall receive RelayHub's general Support offering, "Standard Support," as designated in the applicable Order Form ("Support Level"). However, RelayHub may provide more limited support for free trial and evaluation use of the Service in its discretion. RelayHub may update this Support Policy from time to time.

Capitalized terms not defined in this Support Policy have the meaning given to them in the Agreement (including its associated addenda, policies and other terms referenced therein).

I. Support

A. Testing. As further described in the Documentation, RelayHub has processes designed to perform robust testing and validation before each Service release to minimize Errors.

B. General Support Offering ("Standard Support"). Customer shall designate at least one primary contact who will have administrator privileges and may designate additional contacts ("Customer Contact(s)"). RelayHub shall provide English-speaking remote assistance to Customer Contacts for questions or issues arising from any Error, as further described in this Support Policy, including troubleshooting, diagnosis and recommendations for potential workarounds for the Subscription Term. RelayHub shall also provide the specific entitlements for the corresponding Support Level procured by Customer as further described in this Support Policy and the tables below. If Customer reasonably believes RelayHub's Support team ("RelayHub Support") is failing to provide timely and commercially reasonable responses in accordance with this Support Policy, Customer may escalate the Support Case by contacting their designated account representative or by emailing mitch@weeksahead.ai directly. Escalated Support Cases will be reviewed by RelayHub's management team and addressed on a priority basis.

C. Contacting RelayHub Support. Customer Contacts may contact RelayHub Support for assistance with Support Cases by the following methods: (1) submitting a Support request via email to support@relayhub.ai; (2) submitting a Support request to the RelayHub web page and Support portal located at relayhub.ai/support. All Customer Contacts must be reasonably proficient in the use and functionality of the Service and familiar with the Documentation and shall use reasonable diligence to ensure a perceived Error is not an issue with Customer equipment, software or internet connectivity.

D. Submission of Support Cases. Each Support Case shall: (1) designate the Severity Level of the Error in accordance with the definitions in Table 1; (2) identify the Account that experienced the error; (3) include information sufficiently detailed to allow RelayHub Support to effectively assess the Error (including any relevant error messages, but not export-controlled data, personal data (other than as required herein), sensitive data, other regulated data, or Customer Data); and (4) provide accurate contact information for the Customer Contact(s) most familiar with the issue. The Customer Contact(s) shall also give RelayHub any other important Support Case information in a timely manner. Information submitted pursuant to a Support Case is not Customer Data. Unless Customer expressly designates the Severity Level, the Support Case will have a default designation of Severity Level 4. If Customer believes the issue to be related to Client Software (as defined in the Agreement), then the Support Case shall also include the applicable Client Software log files. If a Customer Contact submits a Support Case related to enhancement or feature requests, RelayHub will deem the Support Case closed once the request has been forwarded internally.

E. Other Support and Training. RelayHub also offers various support and training resources such as documentation, community forums, FAQs and user guides available at docs.relayhub.ai. Additionally, RelayHub offers fee-based consultation and training services via Statements of Work.

Table 1: Error Severity Level Definitions

Table 2: Severity Level Response Times

F. Error Response. Upon receipt of a Support Case, RelayHub Support will assess the Error based on the information submitted and the definitions in Table 1, and if RelayHub believes Customer's Severity Level designation is incorrect, RelayHub will promptly notify Customer. If Customer then identifies a reasonable basis for disagreeing with the Severity Level proposed by RelayHub, the parties each will make a good faith effort to promptly discuss, escalate internally, and mutually agree on the appropriate Severity Level designation. RelayHub shall then use commercially reasonable efforts to meet the Initial Response Time Target set forth in Table 2 above for the applicable Severity Level, as measured during the applicable Region RelayHub Support hours set forth in Table 3 below ("Business Hours", and each in-Region day having Business Hours is a "Business Day").

Table 3: RelayHub Support Hours

II. Support Exclusions

RelayHub is not responsible for failures of the Service to the extent they arise from:

• A. Customer's failure to process Customer Data in the Service in accordance with RelayHub's recommendations for use of the Service — though, upon being notified of such a case, RelayHub will endeavor to help Customer address the failure (e.g., with additional recommendations);
• B. Customer or User equipment;
• C. Third-party acts, or services and/or systems not provided by or on behalf of RelayHub. For the avoidance of doubt, this exclusion (C) does not apply to the acts, services or systems of Provider's designated cloud infrastructure providers;
• D. Force Majeure events — i.e., any cause beyond such party’s reasonable control, including but not limited to acts of God, labor disputes or other industrial disturbances, systemic electrical, telecommunications, or other utility failures, earthquake, storms or other elements of nature, blockages, embargoes, riots, public health emergencies (including pandemics and epidemics), acts or orders of government, acts of terrorism, or war;
• E. Evaluation, free trial, or proof-of-concept use of the Service; or
• F. Use of Service features or functionality that are subject to Preview Terms (e.g., beta functionality not intended for production use).

Contact

For questions about this agreement or any of its exhibits, please contact us: