THIS AGREEMENT (“AGREEMENT”) GOVERNS THE USE OF THE XOI PLATFORM AND SERVICES AS DEFINED HEREIN. BY EXECUTING AN ORDER AND/OR BY USING THE XOI PLATFORM OR SERVICE, AS APPLICABLE, CUSTOMER AGREES THAT THE SIGNATORY IS AUTHORIZED TO BIND THE CUSTOMER TO THIS AGREEMENT AND CUSTOMER IS AGREEING TO BE BOUND BY THE TERMS CONTAINED IN THIS AGREEMENT. CUSTOMER SHOULD NOT USE THE XOI PLATFORM AND/OR SERVICES IF IT CANNOT COMPLY WITH THIS AGREEMENT. THIS AGREEMENT IS BETWEEN CUSTOMER AND XOEYE TECHNOLOGIES, INC, DBA XOI TECHNOLOGIES (“XOI”) AND/OR ITS AFFILIATES OR SUBSIDIARIES, AS APPLICABLE. CUSTOMER AGREES AND ACKNOWLEDGES THAT THE TERMS OF THIS AGREEMENT MAY BE MODIFIED BY XOI FROM TIME TO TIME, FOR WHICH XOI WILL PROVIDE CUSTOMER NOTICE THEREOF.

1. Definitions. Capitalized terms used but not defined in this Agreement have the meaning set forth in the applicable Order or Exhibit. The following terms have the meaning set forth below.
   
   1.1 “Assets Under Management” means the total number of customer-owned or customer-managed assets tracked, monitored, or otherwise managed through the Services, as measured in accordance with the Fee Schedule and applicable Order.
   
   
   1.2 “Customer Data” means any of Customer’s information, documents, or electronic files that are provided by or otherwise received from Customer or a User by or through the Services hereunder, including but not limited to all digital media and electronic files and related documentation and accessible via the XOi Platform. For the avoidance of doubt, Customer Data does not include Resultant Data or any other information reflecting the access or use of the XOi Platform by or on behalf of Customer or any User.
   
   1.3 “Intellectual Property” means any and all registered and unregistered rights granted, applied for, or otherwise now or hereafter in existence under or related to any patent, copyright, trademark, trade secret, database protection, or other intellectual property rights laws, and all similar or equivalent rights or forms of protection, in any part of the world.
   
   1.4 “Order” means the executed ordering document for the license of specific XOi Platform and Services which includes all relevant commercial terms.
   
   1.5 “Resultant Data” means (a) data and information related to Customer’s and any User’s use of the XOi Platform that is used by XOi in an aggregate and anonymized manner, including to compile statistical and performance information related to the provision and operation of the XOi Platform, and (b) de-identified Customer Data.
   
   1.6 Services” means the implementation, support, training, and any other service provided by XOi hereunder, including the hosting, management and operation of the XOi Platform for remote electronic access and use by the Customer and its Users.
   
   1.7 “User” means a named employee, consultant, contractor, or agent whom Customer has authorized to access and use the XOi Platform on Customer’s behalf under this Agreement, regardless of whether or not the User actually uses the Platform and for whom access to the Platform has been purchased under this Agreement. The total number of Users is indicated on the Order, which is incorporated herein by reference.
   
   1.8 “XOi Materials” means the Platform, Services, Documentation, and all other information, data, documents, all devices, documents, data, know-how, methods, processes, hardware, XOi Platform, and other technologies and inventions, including any deliverables, technical or functional descriptions, requirements, plans, or reports, that are provided or used by XOi or any Subcontractor in connection with the XOi Platform, Services or otherwise comprise or relate to the XOi Platform or Services. For the avoidance of doubt, XOi Materials include Resultant Data and any information, data, or other content derived from XOi’s monitoring of Customer’s and User’s access to or use of the Services, but do not include Customer Data.
   
   1.9 “XOi Platform” means XOi’s proprietary cloud-hosted platform that allows Customer to manage Users and to capture and organize Customer Data, each provided as a hosted service hereunder, including any associated mobile applications or APIs, and any related development tools/kits, modifications, corrections, enhancements or Updates relating thereto that may be provided hereunder or thereunder, and any derivative works of the foregoing.
2. Service
   
   2.1 XOi Services and Subscription. XOi provides the Customer the right to access the XOi Platform and enable its Users to access the XOi Platform to use the Services solely for internal business purposes and solely by authorized Users in accordance with this Agreement, the applicable Order, and the Acceptable Use Policy attached as Exhibit A. Each Order is incorporated into this Agreement by reference. In the event of a conflict, the Order will control with respect to the commercial terms only, and this Agreement will control all other respects.
   
   2.2 Professional Services. If specified in an Order, XOi will provide professional services in a professional and workmanlike manner consistent with generally accepted industry standards. Unless otherwise stated, professional services are non-refundable.
   
   2.3 Subcontractors. XOi may from time to time in its discretion engage third parties to perform Services (each, a “Subcontractor”) XOi is responsible for the acts of its Subcontractors.
   
   2.4 Third-Party Materials. The Services interoperate with third-party products or services. XOi is not responsible for third-party tools which are governed by their own terms.
   
   
3. Support and Service Level. XOI shall provide Support and SLAs as more fully set forth in Exhibit B. XOi shall deliver to Customer any Updates at no charge unless the Update includes new optional components or functionality for which additional charges apply. XOi may modify or update the XOi Platform from time to time, provided such changes will not materially reduce Customer’s use of the XOi Platform. XOi is not responsible for issues resulting from misuse, non-XOi systems or equipment, Third-Party Materials, general internet problems, or Force Majeure Events.
4. License Grant; Ownership of Intellectual Property
   
   4.1 License Grant. During the Term and subject to the use restrictions set forth in Section (c) below, XOi hereby grants to Customer a non-exclusive, non-transferable , non-sublicensable right and license to (i) access and use the XOi Platform in object code form for its internal business purposes solely in accordance with the Documentation and the terms and conditions herein, and solely for use by Users; and (ii) use the Documentation solely for Customer’s internal business purposes in connection with its use of the Services. All rights in and to the XOi Platform and XOi Materials not expressly granted herein are reserved to XOi. The total number of Users will not exceed the number set forth in the Order, except as expressly agreed to in writing by the parties and subject to any appropriate adjustment of the fees payable hereunder.
   
   4.2 Ownership. Customer owns all right, title and interest in the Customer Data. Customer hereby irrevocably grants all such rights and permissions in or relating to Customer Data as are necessary or useful to XOi, its Subcontractors, its Representatives, and the XOi Personnel to enforce this Agreement and for XOi, its Subcontractors, and the XOi Personnel to exercise its rights and perform its obligations hereunder. All right, title, and interest in and to the XOi Materials, including all Intellectual Property rights therein, are and will remain with XOi and, with respect to Third-Party Materials, the applicable third party providers own all right, title, and interest, including all Intellectual Property rights, in and to the Third-Party Materials. Customer has no right, license, or authorization with respect to any of the XOi Materials except as expressly set forth in this Agreement. All other rights in and to the XOi Materials are expressly reserved by XOi.
   
   4.3 Use Restrictions. Customer shall not, directly, indirectly, alone, or with another party, and shall not permit another party to: (i) copy, modify, or create derivative works or improvements of the XOi Platform, Services, Third-Party Materials, or XOi Materials; (ii) rent, lease, lend, sell, sublicense, assign, distribute, publish, transfer, or otherwise make available the XOi Platform, any Services, Third- Party Materials, or XOi Materials to any another party, including on or in connection with the internet or any time-sharing, service bureau, platform as a service, cloud, or other technology or service; (iii) reverse engineer, disassemble, decompile, decode, adapt, or otherwise attempt to derive or gain access to the source code of the XOi Platform, Third-Party Materials, or XOi Materials, in whole or in part; (iv) bypass or breach any security device or protection used by the XOi Platform, Third-Party Materials, or XOi Materials, or access or use the XOi Platform, XOi Materials, or Third-Party Materials other than by a User through the use of the then-valid Access Credentials; (v) input, upload, transmit, or otherwise provide to or through the XOi Platform, Services, Third-Party Materials, or XOi Materials, any information or materials that are unlawful or injurious, or contain, transmit, or activate any virus, bug, Trojan horse, worm, backdoor, or other harmful or malicious computer code and any time bomb or drop dead device; or (vi) otherwise access or use the XOi Platform, Third-Party Materials, or XOi Materials beyond the scope of the authorization granted hereunder.
5. Payment Terms
   
   5.1 Subscription Fees and Payment Terms. Subscription fees and the duration of Customer’s subscription to the XOi Platform are set forth in the Order. If the Order indicates that Customer will pay by credit card or ACH, Customer hereby authorizes XOi to charge such credit card for all Fees listed in the Order for the Term in accordance with the payment terms set forth in the Order. Invoices will be issued in accordance with the applicable contract and are due upon receipt via credit card or ACH. Credit card payments may be subject to limits at XOi’s discretion. XOi will render invoices on a monthly, quarterly, or annual basis, as determined or as specified in the contract. If the contract does not specify otherwise, all invoices are due upon receipt, and payment will be processed using the payment method provided by the Customer.
   
   5.2 Usage Validation. Customer acknowledges that fees are based in part on Assets Under Management. XOi may reasonably verify Customer’s asset count for purposes of confirming compliance with the applicable pricing tier. Any such verification will be conducted in a commercially reasonable manner and will not unreasonably interfere with Customer’s use of the XOi Platform or Services.
   
   Taxes. If applicable, Customer shall pay or shall reimburse XOi for all sales taxes and other taxes, however characterized by the taxing authority, based upon the license fees or other charges under this Agreement or otherwise incurred on account of Customer’s use of the Services, except for any taxes based upon XOi’s net income or gross receipts or for any franchise or excise taxes owed by XOi.
6. Term and Termination
   
   6.1 Term. This Agreement commences on the Effective Date and, unless terminated earlier as set forth herein, will continue in effect: 1) for the Subscription Period as set forth in the Order, or 2) the expiration of all active Orders. (the “Initial Term”). The term of this Agreement will automatically renew for additional annual periods unless either party gives the other party written notice of its intention not to renew at least thirty (30) days in advance of the expiration of the then current term (each a “Renewal Term,” and together with the Initial Term, the “Term”). During any Renewal Term, the fees for the same services will be at XOi’s then-current rates; however, any increase in fees for the same services shall not exceed ten percent (10%) of the fees applicable during the immediately preceding term, unless otherwise agreed in writing by the parties. Any changes to the scope of services, additional features, or new subscriptions shall be subject to XOi’s then-current pricing and will be reflected in a new or amended Order Form. The termination or expiration of this Agreement does not automatically terminate any applicable Order.
   
   6.2 Termination. Either party may terminate this Agreement and/or an Order: 1) upon thirty (30) days of written notice if the other party is in material breach of this Agreement and fails to cure such breach within the notice period, (2) with immediate effect upon receipt of notice in the event of a breach of Acceptable Use Policy, or (3) with immediate effect if the other party ceases its business operations or becomes subject to insolvency proceedings and the proceedings are not dismissed within sixty (60) days.
   
   6.3 Effect of Termination or Expiration. Upon any expiration or termination of this Agreement and/or the applicable Order for any reason, all Subscriptions and any other rights granted to Customer under such terminated Order will immediately terminate, and Customer will immediately cease to use the Service. Unless terminated due to XOi’s uncured material breach, all amounts related to Services provided which have not yet been paid shall become due and payable and any fees related to the remaining unused, contracted Term shall automatically accelerate and become due and payable. In the event that this Agreement or an Order is terminated due to XOi’s uncured material breach, then Customer shall be entitled to receive a pro rata refund relating the unused portion of any prepaid fees.
   
   6.4 Treatment of Customer Data Following Expiration or Termination. Customer agrees that following expiration or termination of all Subscriptions under the Agreement, XOi may immediately deactivate Customer’s account(s) associated with such Agreement. XOi will make Customer Data available to Customer for export as long as XOi receives written notice within thirty (30) days after the effective date of expiration or termination from Customer. After such thirty (30) day period, XOi will have no obligation to retain Customer Data and will thereafter, unless legally prohibited, be entitled to delete all Customer Data in its systems or otherwise in its possession or under its control. Upon Customer’s request at compliance@xoi.io, XOi will, within thirty (30) days of receipt of such request, securely destroy all Customer Data from its systems.
7. Confidentiality
   
   Each Party (“Receiving Party”) agrees to protect the other Party’s (“Disclosing Party”) Confidential Information using reasonable care and to use such Confidential Information solely for purposes of performing under this Agreement. “Confidential Information” means non-public information disclosed by or on behalf of a Party that is designated as confidential or, that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Confidential Information does not include information that the Receiving Party can demonstrate (a) is or becomes publicly available without breach of this Agreement; (b) was rightfully known to the Receiving Party without restriction or prior to disclosure; (c) is received from a third party without breach of any confidentiality obligation; or (d) is independently developed without use of the Confidential Information. The Receiving Party may disclose Confidential Information to its employees, contractors, and advisors who have a need to know and are bound by confidentiality obligations at least as protective as those set forth herein. Disclosure may also be made as required by law, provided the Receiving Party gives reasonable notice where legally permitted. These confidentiality obligations will survive termination of this Agreement for three (3) years, except with respect to trade secrets, which will remain protected for so long as they remain trade secrets under applicable law.
8. Indemnification
   
   8.1 Indemnification. XOi shall indemnify and defend Customer against any loss, damages claim, settlement payment, cost and expense, interest, award, judgment, fine, fee, and penalty(including reasonable legal expenses), resulting from any claim by an unaffiliated third party (each a “Third Party Claim”) that Customer’s use of the Services in accordance with this Agreement infringes or misappropriates any Intellectual Property or proprietary rights of the unaffiliated third party. The foregoing obligation does not apply to the extent that the alleged infringement or misappropriation arises from: (1) Customer Data or Third-Party Materials, (2) modification of XOi’s Materials other than by XOi, (3) failure to timely implement any modifications, Upgrades or enhancements made available to Customer by or on behalf of XOi, (4) Customer’s or a User’s violation of any laws, rules, and/or regulations applicable to its business, or (5) Customer’s failure or alleged failure to obtain any necessary consent, release, license, or approval from a third party in connection with Customer’s or its Users’ use of the XOi Platform, Services, or XOi Materials. If the XOi Platform becomes the subject of such a claim of infringement or if XOi reasonably believes the XOi Platform may infringe or misappropriate, then XOi may in its sole discretion: (i) procure for Customer the right to use the XOi Platform free of any liability for infringement; (ii) replace or modify the XOi Platform to make it non-infringing but with reasonably comparable functionality; or (iii) if XOi determines that the previous two options are not available on a commercially reasonable basis, terminate Customer’s use of the XOi Platform and grant to Customer a credit for the unused portion of any prepaid fees and refund any deposits paid by Customer for the affected XOi Platform. The foregoing are XOi’s sole obligations and Customer’s sole and exclusive remedies related to intellectual property infringement indemnity.
   
   8.2 Indemnification Process. Customer shall promptly notify XOi in writing of any Thir Party Claim for which such party believes it is entitled to be indemnified. Customer shall cooperate with XOi at the XOi’s sole cost and expense. XOi shall promptly assume control of the defense and shall employ counsel to handle and defend the same, at its sole cost and expense. Customer may participate in and observe the proceedings at its own cost and expense with counsel of its own choosing. The foregoing notwithstanding, the Indemnified Party shall be entitled to participate in the defense of such Third Party Claim and to employ counsel at its own expense to assist in the handling of such claim at its own cost
9. Data Privacy and Security
   
   9.1 Data Processing Addendum. To the extent the XOi Platform stores or processes Personal Data or Company transfers Personal Data outside the European Economic Area or similarly limited transfer jurisdictions to any country not deemed providing an adequate level of protection for Personal Data, the terms of the XOi Data Processing Addendum (attached as Exhibit C) (“DPA”) will apply to such Personal Data, and be incorporated into the Agreement by reference. “Personal Data” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.
   
   9.2 Hosting and Processing. Data is hosted and stored by XOi or its service providers in the United States or elsewhere as otherwise agreed to, in writing, by the parties. In providing the XOi Platform, XOi or its service providers may process all data, including, without limitation, any associated Personal Data, within the European Economic Area, the United States and in other countries and territories where noted.
   
   9.3 Compliance with Laws. Each party agrees to comply with all applicable privacy, data protection, and consumer protection laws and regulations in connection with Company’s offering of the XOi Services and access to the XOi Platform, including without limitation, as applicable, requirements of proper notice and consent to send Personal Data to XOi and compliance with the EU General Data Protection Regulation (Regulation 2016/679).
   
   9.4 Data Rights. XOi does not sell, lease, rent or otherwise share for consideration any Personal Data, including User Data or Company Data. XOi will share Personal Data only as described in its Privacy Policy and only as necessary to perform a business purpose pursuant to applicable privacy laws. For purposes of clarity, the term “sell” as used within this Section will be used in accordance with, and as the term is defined under, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, and any subsequent regulations.
   
   9.5 Security. XOi will maintain appropriate security measures designed to prevent unauthorized access to User Data. XOi will ensure an independent audit is performed of its operations and information security controls in line with SSAE 16 SOC2 Type II and/or similar standard.
   
   9.6 Business Continuity. XOi shall maintain failover systems in place in support of the XOi Platform and consistent with the Agreement and industry standards and shall regularly test such systems during the Term of this Agreement. Additionally, XOi agrees to maintain, update and regularly test a disaster recovery plan consistent with industry standards.
10. Warranties; Disclaimers and Limitations
    
    10.1 Mutual Warranties. Each party represents and warrants that: (i) it is duly organized, validly existing, and in good standing as a corporation or other entity under the laws of the jurisdiction of its incorporation or other organization; (ii) any individual executing the Agreement on its behalf is duly authorized and empowered to execute and deliver the Agreement; and (iii) when executed and delivered by both parties, this Agreement will constitute the legal, valid, and binding obligation of such party, enforceable against such party in accordance with its terms.
    
    10.2 XOi Warranties. XOi warrants during the Term that the XOi Platform and Services will materially conform with its Documentation. Customer’s exclusive remedy for breach of this warranty is for XOi to use commercially reasonable efforts to correct the nonconformity.
    
    10.3 Customer Warranty. Customer warrants to XOi that Customer owns or otherwise has and will have the necessary rights and consents in and relating to the Customer Data so that, as received by XOi and used in accordance with this Agreement, they do not and will not infringe, misappropriate, or otherwise violate any Intellectual Property rights, or any privacy or other rights of any third party or violate any applicable law.
    
    10.4 DISCLAIMER OF WARRANTIES. Other than as expressly set forth in this Agreement, all XOi Platform, Services, and XOi Materials are provided “as is,” and XOi disclaims any and all representation or warranties of any kind, express or implied, including but not limited to, infringement, merchantability, or fitness for a particular purpose.
    
    10.5 LIMITATION OF LIABILITY. EXCEPT FOR (i) EITHER PARTY’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, NEITHER PARTY HAS ANY LIABILITY WITH RESPECT TO A MATTER HEREUNDER FOR ANY LOST PROFITS OR REVENUES OR FOR ANY CONSEQUENTIAL, EXEMPLARY, SPECIAL, INDIRECT, INCIDENTAL, OR PUNITIVE DAMAGES, WHETHER IN CONTRACT, TORT, OR UNDER ANY OTHER THEORY OF LIABILITY, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL THE COLLECTIVE AGGREGATE LIABILITY OF EITHER PARTY ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER ARISING UNDER OR RELATED TO BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR ANY OTHER LEGAL OR EQUITABLE THEORY, EXCEED THE TOTAL AMOUNTS PAID OR PAYABLE BY CUSTOMER TO XOI IN THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE LIABILITY. THE FOREGOING LIMITATIONS APPLY EVEN IF ANY REMEDY FAILS OF ITS ESSENTIAL PURPOSE.
11. General Provisions
    
    11.1 Promotional Materials. Customer agrees that XOi may publicly identify Customer as a customer of XOi and may use Customer’s name, logo, and marks in marketing materials, websites, presentations, case studies, press releases, and other promotional activities without further consent. Customer further agrees to reasonably cooperate with XOi in the development and publication of joint marketing content, including but not limited to testimonials, case studies, and press releases, as requested by XOi. XOi will ensure that any use of Customer’s marks is in accordance with Customer’s branding guidelines as provided to XOi.
    
    11.2 Relationship of the Parties. The relationship between the parties is that of independent contractors. Nothing contained in this Agreement shall be construed as creating any agency, partnership, joint venture, or other form of joint enterprise, employment, or fiduciary relationship between the parties, and neither party shall have authority to contract for or bind the other party in any manner whatsoever.
    
    11.3 Force Majeure. Neither Party shall be liable for failure to perform due to events beyond its reasonable control, including but not limited to natural disasters, war, or pandemics, excluding payment obligations.
    
    11.4 Notices. Any notice or other communications under this Agreement have legal effect only if in writing and, if to XOi, addressed as follows (or to such other address or such other person that XOi may designate from time to time):
    
    333 11th Ave S., St #300, Nashville, TN 37203
    Email: legal@xoi.io
    
    Attention: General Counsel
    If to Customer, notice shall be addressed to such mailing address or email address or person
    that Customer may designate from time to time, and shall be deemed to have been delivered, if by
    email, on the date the email was sent, or if by mail, the date of postmark.
    
    11.5 Assignment. Neither Party may assign this Agreement without the prior written consent of the other, except in connection with an acquisition or merger, sale of substantially all assets, or similar transaction. Any prohibited assignment is void.
    
    11.6 Waiver; Severability. Failure to enforce any provision will not constitute a waiver. If any provision is deemed unenforceable, the remaining provisions will remain in full force and effect.
    
    11.7 Governing Law; Venue. The laws of the State of Tennessee (without giving effect to its conflict of laws principles) govern all matters arising out of or relating to this Agreement. Any claims or actions regarding or arising out of this Agreement must be brought exclusively in a court of competent jurisdiction sitting in Davidson County, Tennessee, and each party to this Agreement submits to the jurisdiction of such courts.
    
    11.8 Entire Agreement. This Agreement, together with any Orders, Exhibits, and any other documents incorporated herein by reference, constitutes the sole and entire agreement between the parties with respect to the subject matter contained in this Agreement. All prior and contemporaneous negotiations and agreements between the parties on the matters contained in this Agreement are superseded by this Agreement. Any amendments must be in writing and signed by both parties.
    
    11.9 Survival of Certain Provisions. Each party hereto covenants and agrees that the provisions in that, by its nature, should survive the expiration or termination of this Agreement, shall survive the expiration or termination of this Agreement.
    
    

Exhibit A
Acceptable Use Policy

This Acceptable Use Policy (the “AUP”) applies to the services accessed through [link and/or app name] (the “Services”) provided by XOEye Technologies, Inc. (“XOi,” “our,” or “we”). Your use of the Services is subject to acceptance of this AUP. XOi may change or modify this AUP at any time and it is your responsibility to check for modifications on a regular basis.

1. PROVISION OF SERVICE
   XOi grants you a limited, revocable license to access and use the Services subject to the applicable Subscription Agreement. Services may only be used for lawful purposes. You agree to comply with all applicable laws, rules, and regulations in connection with your use of the Services. Any material or conduct that in our judgment violates this policy in any manner may result in suspension or termination of the Services or removal of your account with or without notice. Your use of the Services is at your sole risk.
2. ELIGIBILITY
   You must: (a) be at least 18 years of age; and (b) have not been previously suspended or removed from using the XOi Platform or Services.
3. ACCOUNT
   You agree to (a) provide accurate information when creating an account; (b) maintain your account information; (c) maintain the security of your account by not sharing your password or access to your account; (d) promptly notify XOi if you suspect any security breaches related to the Services; and (e) assume responsibility for all activities that occur under your account and accept all risks of unauthorized access.
4. PROHIBITED CONTENT
   You may not upload, use, create, transmit, store, display, distribute, share or otherwise make available any content, descriptions, or information in connection with your use of the Services that:
   • are prohibited by the entity which has procured your access;
   • is illegal or fraudulent or that would support any criminal or civil offense;
   • may create a risk of injury or loss to you, any other person, any animal or any property;
   • may create a risk of injury or loss to you, any other person, any animal or any property;
   • is obscene, pornographic, indecent or sexually explicit;
   • depicts graphic violence, or make any threats to commit violent acts;
   • is offensive, harassing, tortuous or otherwise objectionable to others;
   • you do not have a right to make available;
   • you know is untruthful; or
   • violates the intellectual property or proprietary rights of others, such as your business confidential information.
5. RESTRICTIONS ON USE OF SERVICE
   You are solely responsible for your conduct with respect to the Services. You will not do any of the following:
   • rent, lease, lend, sell, sublicense, or create derivative works of the Services;
   • distribute the Services or make the Services available over a network where it could be used by multiple devices at the same time;
   • modify, disclose, or reverse engineer any part of the Services;
   • remove, alter, or obscure any proprietary rights notice or labels on or in the Services;
   • use the Services in any manner that could negatively affect XOi’s other users or that could impair the functioning of the Services;
   • attempt to gain unauthorized access to the Services or their related systems;
   • impersonate or use the Services by misrepresenting your affiliation with others;
   • build a competitive product or service, or copy any functions of the Services; or
   • disclose to any third party any analysis relating to the Services. If you violate any of the foregoing restrictions, your right to use the Services will immediately and automatically terminate.
6. INTELLECTUAL PROPERTY RIGHTS
   XOi owns all right, title and interest, or has a right to, in and to (i) the XOi Services and XOi Platform; and (ii) any and all XOi patent rights, copyrights, trademark rights, trade secret rights and other intellectual property rights embodied in or related to the foregoing. You will not infringe on the foregoing intellectual property rights. If you violate any of the foregoing restrictions, your right to use the Services will immediately and automatically terminate.
7. FEEDBACK
   From time to time you may provide feedback regarding the Services. XOi will own all rights in such feedback and you waive any rights you may have to such feedback.

Exhibit B
Support and Uptime SLA

XOi will provide support during normal business hours (8:00am – 5:00pm Central), Monday through Friday, for assistance in identifying and resolving Errors in accordance with the priority levels and response times set forth in this Exhibit. XOi will be available to answer questions related to the operational use of the XOi Platform.

1. Definitions.
   For purposes of this Exhibit, the following definitions apply:
   
   1.1 “Actual Quarterly Uptime Percentage” means the sum of the Total Quarterly Time (“A”) minus the Unavailable Quarterly Time (“B”) and plus the Excluded Quarterly Time (“C”), which is then divided by the Total Quarterly Time. Alternatively stated, (A-B+C)/A.
   
   1.2 “Error” means a defect in the XOi Platform that prevents the XOi Platform from performing according to Agreement and the applicable Order. Errors include operation and functionality defects, security defects, viruses and bugs.
   
   1.3 “Excluded Quarterly Time” means the total number of minutes in the applicable calendar quarter during which the XOi Platform and/or Services, as applicable, were unavailable for use due to an excluded event as described in Section 4 Excluded Quarterly Times below.
   
   1.4 “Initial Response” means a written or electronic response from XOi to Company or User regarding a reported or discovered Error acknowledging receipt and priority assignment. An automated response is not considered an initial response.
   
   1.5 “Quarterly Uptime Percentage Threshold” means the percentage listed in Section 2 Service Commitments below under the heading, “Service Commitments”.
   
   1.6 “Resolution” means best efforts by XOi to implement and incorporate a fix into the XOi Platform to restore functionality caused by an Error.
   
   1.7 “Service Credit” means the number of service days that XOi will credit to a Company’s applicable subscription if the Actual Quarterly Uptime Percentage is less than the Quarterly Uptime Percentage Threshold as described in Section 2 Service Commitment. Any days of service will be added to the end of the applicable service term, at no charge to Company.
   
   1.8 “Total Quarterly Time” means the total number of minutes in the applicable calendar quarter.
   
   1.9 “Unavailable Quarterly Time” means the number of minutes in the applicable calendar quarter during which the XOi Platform and/or Services, as applicable, were unavailable for use.
2. Service Commitments. XOi will make the XOi Platform available at a Quarterly Uptime Percentage Threshold of 99.0% of the time each quarter. If XOi’s Actual Quarterly Uptime Percentage is below the Quarterly Uptime Percentage Threshold in a given calendar quarter, then Company will receive a Service Credit as described in the table below. Alternatively, if XOi’s Actual Quarterly Uptime Percentage is below 95.0% in any given calendar quarter, then Company may terminate any impacted Work Order by providing thirty (30) days advance written notice and XOi will issue a prorated refund for XOi Services not rendered. Company must deliver any such termination notice within fourteen (14) days of the close of such calendar quarter. This Section describes Company’s sole remedy for XOi’s failure to meet the Quarterly Uptime Percentage Threshold.123123

3. Support Plan: XOi will provide all necessary resources to support troubleshooting and implementation of the XOi Platform. When Company or an End User reports to XOi an Error with the XOi Platform, XOi will assign the Error a priority level and provide the Company or End User an Initial Response and Resolution as set forth in the table below.

• Priority 1 – Business Critical: This status only applies to applications that are in production. It represents a complete loss of service or a significant feature that is completely unavailable, and no workaround exists. Does not include development issues or problems in non-production environments.
• Priority 2 – Degraded Service: Includes intermittent issues and reduced quality of service. A workaround may be available. Does not include development issues or problems in non-production environments.
• Priority 3 – General Issue: Includes product questions, time sensitive user requests, and development issues.
• Priority 4 – Low Priority: Includes non-time sensitive user and feature requests.

4. Excluded Quarterly Times. Notwithstanding any provision in this Agreement to the contrary, Excluded Quarterly Time will be deemed to have occurred if downtime:
   
   4.1 is caused by factors outside of XOi’s reasonable control, including, without limitation, telecommunications provider-related problems or issues, internet access or related problems occurring beyond the point in the network where XOi maintains access and control over the XOi Services;
   
   4.2 results from any actions or inactions of Company or any third party (except for XOi’s agents and subcontractors);
   
   4.3 results from the Company’s equipment, software or other technology, add-on services, or third-party equipment, software or other technology (except for equipment within XOi’s direct control);
   
   4.4 occurs during XOi’s scheduled maintenance for which XOi will provide at least forty-eight (48) notice;
   
   4.5 occurs during XOi’s emergency maintenance (maintenance that is necessary for purposes of maintaining the integrity or operation of the XOi Services), regardless of the notice provided by XOi;
   
   4.6 results from any alpha, beta, developer preview, development test bed environments, descriptions of similar import or not otherwise generally available XOi features or products; or
   
   4.7 periods of Unavailable Quarterly Time that are less than five (5) minutes of continuous unavailability in duration.

Exhibit C

Data Processing Addendum

This Data Processing Addendum (“Addendum”) forms part of and is incorporated by reference into the Subscription Agreement (defined below) between the XOEye Technologies, Inc., DBA XOi Technologies, that is a party to the Subscription Agreement (“Service Provider”) and the customer entity that is a party to the Subscription Agreement (“Customer”), each a “Party”, and collectively the “Parties.” Service Provider and Customer have agreed to the terms of this Addendum. The terms of this Addendum shall take effect as of the effective date of the Agreement.

NOW THEREFORE, in consideration of the mutual obligations and covenants herein, and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the Parties hereby agree as follows:

1. Definitions.
   
   For purposes of this DPA:
   
   a. “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with a party to this DPA, where “control” refers to direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
   
   b. “Agreement” means the applicable subscription or services agreements between Service Provider and Customer pursuant to which Customer has purchased, subscribed to, or signed up to receive services from Service Provider, and any statements of work, exhibits, schedules, work orders, addenda or amendments thereto, as well as the applicable online Service Provider Terms of Use and any other agreement that incorporates this Addendum by reference.
   
   c. “Data Protection Laws” means all applicable laws and regulations in the United States relating to privacy, data protection, data security, breach notification, or the Processing of personal data, including without limitation, to the extent applicable, the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq., as amended and together with its regulations (“CCPA”), the Colorado Privacy Act and related regulations (“CPA”), the Virginia Consumer Data Protection Act (“VCDPA”), and other federal and state United States laws.
   
   d. “Data Subject” means an identified or identifiable natural person to whom Personal Data relates, and is deemed to also refer to “consumer” as defined in Data Protection Laws.
   
   e. “Personal Data” includes “personal data,” “personal information,” “personally identifiable information,” and analogous terms, as defined by applicable Data Protection Laws, that Service Provider Processes in relation to the Agreement.
   
   f. “Process” and its cognates “Processing,” “Processed,” etc. mean any operation or set of operations performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, creating, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
   
   g. “Security Breach” means any accidental or unlawful acquisition, destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data.
   
   h. “Services” means the services that Service Provider performs on behalf of Customer pursuant to the Agreement.
   
   i. “Subprocessor” means any third party that Service Provider engages to Process Personal Data.
   
   j. The terms “Business,” “Controller,” “Processor,” and “Service Provider” are defined as in Data Protection Laws. “Controller” is deemed to also refer to “Business,” and “Processor” is deemed to also refer to “Service Provider.”
2. Roles of the Parties; Scope and Purposes of Processing.
   
   a. In connection with the XOi Platform and Services outlined in the Agreement, Service Provider will Process certain Personal Data to enable the provision of these Services to Company.
   
   b. The Parties acknowledge that Service Provider may act either as a Processor or an independent Controller, depending on the nature of the Personal Data and the Processing activities:
   • 1. Company is the Controller and Service Provider is the Processor for Personal Data used to validate eligibility for the Services, facilitate billing, provide support and maintenance, and for additional Company Processing requests such as analytics via automated integrations (collectively, “Company Data”).
   • 2. Service Provider is a Controller for all Personal Data collected from Data Subjects through their interactions with the Service Provider Services (collectively, “User Data”).
3. Controller responsibilities.
   
   a. Each Party will comply with Data Protection Laws in its performance under this DPA. When acting as independent Controllers, each Party is responsible for meeting its respective legal obligations regarding the Processing of Personal Data.
   
   b. In its role as Controller, Company will ensure that any Personal Data shared with Service Provider under this Agreement has been lawfully collected and transparently disclosed to the Data Subject.
   
   c. Service Provider will respond to data subject rights requests it receives for User Data as an independent Controller, in accordance with its obligations under Data Protection Laws. For requests related to Company Data, Service Provider will promptly notify Company and provide reasonable assistance to enable Company to fulfill its obligations to the Data Subject as Controller.
   
   d. Service Provider will not sell or share Personal Data, even when acting as a Controller. For the purposes of this subsection, “share” is defined as outlined in the CCPA, specifically referring to the disclosure of Personal Data to third parties for cross-context behavioral advertising or other targeted advertising purposes.
4. Processor responsibilities:
   
   As Processor, Service Provider will:
   
   a. Process Company Data solely for the purpose of providing the Service Provider Services to Company as specified in the Agreement.
   
   b. Limit the Processing of Company Data to what is necessary for performing the Services. Service Provider will not sell Company Data or Process it beyond the scope of its business relationship with Company, except as required by law. If compelled by law, Service Provider will inform Company prior to compliance, unless prohibited from doing so.
   
   c. Ensure that all Service Provider personnel authorized to Process Company Data are bound by confidentiality obligations and appropriate training.
   
   d. Maintain a Subprocessor list, including their activities and locations (the “Subprocessor List”). Company consents to the use of these Subprocessors for the Services and authorizes Service Provider to engage Subprocessors as needed, with general consent from Company. Service Provider will provide Company at least 30 days’ notice before engaging any new Subprocessors. Company may object to a new Subprocessor on reasonable data protection grounds by submitting a written objection within 30 days of receiving the notice. Service Provider will work in good faith to resolve the objection by offering a commercially reasonable change to the Services or configuration. If no resolution is reached within 60 days, Company may terminate the impacted Services and receive a refund for any prepaid fees covering the remainder of the term. If Company does not provide a timely objection notice, Company will be deemed to have authorized Service Provider’s use of the Subprocessor and to have waived its right to object. Service Provider will enter into a written agreement with each Subprocessor that contains data protection obligations equivalent to those in this DPA. Service Provider will remain liable for the actions and omissions of its Subprocessors as if performing the Services directly.
   
   e. Reasonably assist Company in fulfilling its obligations under Data Protection Laws. Upon written request, Service Provider will provide information necessary to demonstrate compliance with this DPA. Service Provider will avoid any Processing that could lead to Company’s non-compliance and will promptly notify Company if it considers an instruction to infringe upon Data Protection Laws.
5. Data Security.
   Service Provider will implement appropriate administrative, technical, physical, and organizational measures to protect Personal Data that are no less restrictive than those in Annex 1. Service Provider will provide the level of protection for Personal Data as is required under Data Protection Laws.
6. Security Breach.
   Service Provider will notify Customer of a Security Breach without undue delay, and in no event later than seventy-two (72) hours. Service Provider will comply with the Security Breach-related obligations directly applicable to it under Data Protection Laws and will assist Customer in Customer’s compliance with its Security Breach-related obligations.
7. Audits.
   Service Provider will make available to Customer all information necessary to demonstrate compliance with this DPA, and may satisfy this obligation by undergoing, and providing to Customer a report reflecting, an annual audit of Service Provider’s policies and technical and organizational measures by a qualified, independent auditor using an appropriate and accepted control standard or framework, such as a SOC-2, Type 2 Report. If Customer has a reasonable objection that the information provided is not sufficient to demonstrate Service Provider’s compliance with this DPA, Service Provider will allow for and contribute to audits, including inspections, conducted by Customer or another auditor mandated by Customer. The Parties agree that such audits and inspections will be: 1) conducted with at least fourteen (14) days’ prior written notice to Service Provider; 2) not more than once in any 12 month period; 3) occur during normal business hours; and 4) be limited to interviews with Service Provider personnel and questionnaires, unless required by a data protection authority or in connection with a Security Breach within Service Provider’s system or that of a Subprocessor that involves Customer Personal Data. In no case will Customer have any right to access by any means whatsoever the information or personal data of a third party or that is otherwise subject to a confidentiality obligation owed to a third party; information or systems that would, in Service Provider’s discretion, compromise Service Provider’s security; or any trade secrets or proprietary business information.
8. Return or Destruction of Personal Data.
   Except to the extent required otherwise by Data Protection Laws, Service Provider will, at Customer’s written request, return to Customer and/or securely destroy all Personal Data.
9. Deidentified Information.
   Customer acknowledges and agrees that Service Provider may, as permitted by Data Protection Laws, and without limiting any data rights provisions set forth in each Agreement, collect, use and process aggregated, de-identified, and other non-identifiable data derived from the Services to improve its operations, enhance the features, functions, and performance of the Services, for benchmarking, reporting across Service Provider’s customer base, to develop industry reports, to develop general statements regarding the performance and capabilities of Service Provider’s products and services across Service Provider’s customer base, and to create new products and services offerings, provided such data is not Personal Data.
10. Miscellaneous.
    
    a. Notwithstanding anything to the contrary in any Agreement or this DPA, the liability of each Party under this DPA is subject to the exclusions and limitations of liability set out in the applicable Agreement.
    
    b. Any claims against Service Provider under this DPA may only be brought by the Customer entity that is a party to the applicable Agreement against the Service Provider entity that is a party to the applicable Agreement.
    
    c. This DPA will be governed by and construed in accordance with laws of the State of Tennessee, and subject to the dispute resolution provisions, if any, set forth in the applicable Agreement, in each case unless required otherwise by Data Protection Laws.
11. Survival.
    The provisions of this DPA survive the termination or expiration of the Agreement for so long as Service Provider or its Subprocessors Process Personal Data.