These Terms and Conditions (“T&Cs”) are between Evisort LLC, a Delaware corporation with a principal office at 130 Sutter Street, Floor 2, SanFrancisco, CA 94104 (“Evisort”) and the Customer identified in the Order Form executed between Evisort and Customer. These T&Cs govern the rights and obligations of Evisort and Customer governing Customer’s access to and use of Evisort’s platform and Services, including for any pilot or proof of concept or value, as specified in any Order Form.

Evisort and Customer agree as follows:

‍

1.     Definitions. The definitions hereinapply to the applicable portions of the Agreement.  

1.1.  “Access Credentials” means login information, passwords, security protocols, and policies through which Users access the Evisort Platform and Services.

1.2.  “Affiliate” means an entity that controls, is controlled by, or is under common control with Customer. “Control”means possession of, directly or indirectly, the power to direct management through the ownership of fifty percent (50%) or more of its voting or equity securities, or by contract, voting trust or otherwise.

1.3.  “Agreement” means, collectively, these T&Cs, and including all applicable Order Forms, exhibits, addenda, schedules, or appendices attached here to, and all SOWs executed by the parties.

1.4.  “Evisort Platform” means the Evisort platform-as-a-service environment identified in the Order Form that allowsUsers to access certain features and functions through a web interface.

1.5.   “Customer” means the customer identified on the Order Form.

1.6.  “Customer Content” means (i) the data, information, and content uploaded or submitted to the Evisort Platform by or on behalf of Customer, its Affiliates, and its Users and (ii) the data, information, and content generated by Customer, its Affiliates, and its Users in using the Platform and Services.

1.7.  “Customer Input” means suggestions, enhancement requests, recommendations or other feedback provided by Customer, its Affiliates, and/or its Users related to the operation, features, or functionality of the Evisort Platform and Services.

1.8.  “Confidential Information” means all information, whether in oral, written, or graphic, in non-tangible or electronic form disclosed by one party (the “Disclosing Party”) to the other (the “Recipient”), related to the business, products, services or operations of the Disclosing Party or a third party that has been identified as confidential or that by the nature of the information or the circumstances surrounding disclosure ought reasonably to be treated as confidential, including, without limitation: (a) trade secrets, inventions, ideas, processes, computer source and object code, formulae, data, programs, other works of authorship, know-how, improvements, discoveries, developments, technology designs and techniques; third-party audit reports, and the negotiated terms and pricing under this Agreement; (b) information regarding products (including product roadmaps, Services features, functionality, algorithms, designs, performance, and screenshots thereof), plans for research and development, marketing and business plans, customer lists, investor relationships, budgets, financial statements, contracts, customer relationships, prices, employees, suppliers and agents; (c) all intellectual property, whether or not applied for or granted, including but not limited to patents, copyrights, trademarks, and trade dress; and (d) information regarding the skills and compensation of theDisclosing Party’s employees, contractors, and other agents. For the avoidance of doubt, Customer’s Customer Content is its Confidential Information.

1.9.  “Deliverables” means the training, specifications, configurations, plans, workflows, integrations, and any other document or item identified as a deliverable to be provided to Customer by Evisort under a SOW.

1.10.“Documentation” means the documentation, user manuals, instructions, help files and videos, and other materials that describe the features, functions and operation of the Evisort Platform andServices.

1.11.“Documents” means non-identical documents stored on the Evisort Platform. For the purpose of counting Documents, each unique file (hereafter,“file”) shall count as one Document, except that for any file longer than 100pages in length, the number of pages shall be divided by 100 and then rounded up to the nearest integer for the purpose of calculating the number ofDocuments in the Evisort Platform. For clarification, this means a one hundred (100) page file would count as one (1) Document; a one hundred twenty (120) page file would count as two (2) Documents; and a three-hundred (300) page file would count as three (3) Documents. “Supporting Documents” are attachments to contracts, such as exhibits and appendices, order forms, invoices, that are uploaded by Customer and linked to a Document through an"attachments" field. Supporting Documents do not count as a Document for billing purposes. For avoidance of doubt, Documents that are identical in content, i.e. same individual byte and bit, words, letters, numbers, spacing, formatting, comments (even though the filename, file location or upload date may differ), are considered duplicates and are not counted as separate Documents. To the extent Evisort. provides functionality in the future that allows customers to designate duplicate documents as separate document records, customers' election to do so will cause the documents to be counted as non-identical Documents.

1.12.“Improvements” means all improvements(including verification of such improvements), updates, enhancements, error corrections, bug fixes, prevention of or addressing service or technical problems, release notes, upgrades and changes to the Evisort Platform,Services, and Documentation, as developed by Evisort and made generally available for use without a separate charge to Customers.  

1.13.“Law” means any local, state, national and/or foreign law, treaties, and/or regulations applicable to the respective party.

1.14.“Order Form” means the document signed by an authorized representative of each party that references these T&Cs and identifies the Evisort Platform and specific Service(s) to be provided, theOrder Term,  any special terms, and the fees to be paid.

1.15.“Professional Services” means any professional services provided by Evisort to Customer as described in a SOW, including implementation and related services, but excluding Technical Support.

1.16.“Services” means the services provided by Evisort pursuant to this Agreement through Customer’s use of the Evisort Platform.

1.17.“Service Capacity” means the number ofDocuments that Evisort and Customer agree can be uploaded to the Evisort Platform. The Service Capacity is set forth in the applicable Order Form; if the Service Capacity is not set forth in the Order Form, it shall be set at Evisort’s discretion. Evisort may measure Service Capacity at any point during the applicable Term using this calculation: Documents uploaded to the Evisort Platform at the beginning of the Term plus the number of Documents uploaded to the Evisort Platform during the subsequent 12 calendar months.

1.18.“Site” means Evisort’s website at https://evisort.com, any website linked from https://evisort.com, and any other website that is owned or controlled by Evisort and that provides access to the Evisort Platform.

1.19.“Statement of Work” or “SOW” means each separate statement of work executed by the parties that refers to these T&Cs.

1.20.“Usage Data” means any diagnostic and usage-related information and data from the use, performance and operation of the Evisort Platform and Services that may include, but is not limited to, usage patterns, traffic logs, and User engagement with the Evisort Platform andServices.

1.21.“User” means each of Customer’s andCustomer’s Affiliates’ employees, representatives, consultants, or independent contractors who are provided with Access Credentials by Customer or atCustomer’s direction. The number of Users who may be provided Access Credentials is set forth in the applicable Order Form.. Users are permitted access to and use of the Contract Analytics Module and additionally, if purchased by theCustomer, the Workflow Module.

‍

2.      Customer Rights andObligations. 

2.1.  License Grant to Evisort Platform. Subject to Customer’s compliance with theterms and conditions contained in the Agreement, Evisort grants to Customer andits Affiliates a worldwide, non-exclusive, non-transferable (except to apermitted assignee under this Agreement), limited, revocable license, with noright to sub-license, to access and use the Evisort Platform and any Servicesas specified in the applicable Order Form and to use any Deliverables inconnection with the authorized use of the Evisort Platform and Services duringthe Order Term. Customer will remain fully liable for its Affiliates’compliance with the terms of this Agreement and any breach thereof.

2.2.  Customer Facilities and Equipment. Customer will be responsible for obtainingand maintaining, at Customer’s expense, all of the necessarytelecommunications, computer hardware and software, and Internet connectivityrequired by Customer or any User to access the Evisort Platform and any Services.

2.3.  Access Credentials. Customer will safeguard and ensure thatall its Users safeguard the Access Credentials. Customer shall use commerciallyreasonable efforts to prevent unauthorized access to, or use of, the EvisortPlatform, and notify Evisort promptly of any such unauthorized use known toCustomer. Customer will be responsible for all acts and omissions of Users.

2.4.  Customer Content. Customer is solely responsible for any and allobligations with respect to the accuracy, quality, and legality of CustomerContent. Customer will obtain all licenses, consents, and permissions necessaryto permit Evisort to use the Customer Content to provide the Evisort Platformand Services to Customer and to perform the Professional Services.

2.5.  License in Customer Content. Customer grants to Evisort, on behalf of itself, its customers, and its Users, a limited, non-exclusive license to use the Customer Content solely for purposes of (a) providing the Evisort Platform(including Improvements) and Professional Services; (b) improving, personalizing, and supporting machine learning and analytics features; and (c)performing its rights and obligations under the Agreement. Except for the limited license granted in the preceding sentence, as between Customer and Evisort, Customer reserves all right, title, and interest in and to theCustomer Content.

2.6.  Customer Restrictions. Customer shall not knowingly, and shall not knowingly permit any of its employees, contractors, or Users to, directly or indirectly: (a) act as a reseller or distributor of, or a service bureau for, the Evisort Platform or Services or otherwise use, exploit, make available or encumber the Evisort Platform, Services, or Deliverables to or for the benefit of any third party other than Customer’s customers; (b) reverse engineer, disassemble or decompile the Evisort Platform, Services, or Deliverables or attempt to derive the source code, object code, or underlying design, functionality, or algorithms of any part of the Evisort Platform, Services, or Deliverables (except to the limited extent applicable laws specifically prohibit such restriction); (c) access or use the Evisort Platform or Services without the prior written consent of Evisort if Customer is or becomes a direct competitor to Evisort or its Affiliates; (d) share access, use, or information about the Evisort Platform, Services, Deliverables, or Professional Services with a direct competitor of Evisort or its Affiliates; (e) remove any notice of proprietary rights from the Evisort Platform, Services, or Deliverables; (f)copy, modify, translate or otherwise create derivative works of any part of the Evisort Platform, Services, or Deliverables (other than as necessary or  attendant to Customer’s use of and access to the Evisort Platform and Services pursuant to this Agreement); (g) use the Evisort Platform, Services, or Deliverables in a manner that interferes or attempts to interfere with the proper working of the Evisort Platform orServices, including bypassing or attempting to bypass any privacy settings or measures used to prevent or restrict access to the Evisort Platform; (h) use manual or automated software, devices, robots, spiders, or other processes to“crawl” or “spider” or to retrieve, index, “scrape”, “data mine” or in any way gather information, content or other materials from the Evisort Platform in an unauthorized manner or reproduce or circumvent the navigational structure or presentation of the Evisort Platform; (i) use the Evisort Platform in a manner which interferes with or disrupt its integrity or performance; (j) use or allow the transmission, transfer, export, re-export, or other transfer of any software, technology, or information forming a part of the Evisort Platform orServices in violation of any export control or other laws and regulations of the United States or any other relevant jurisdiction; or (k) use the Evisort Platform to share or store inappropriate materials, including (i) materials containing viruses or other harmful or malicious code; (ii) unsolicited mail(spam); (iii) copyrighted materials to which Customer does not have sufficient rights; (iv) harassing, tortious, or defamatory materials; or (v) other materials prohibited by applicable international, federal, state, or local laws and regulations. Customer’s use of generative artificial intelligence available through the Evisort Platform or Services is additionally subject to Evisort’s AI Prohibited Use Policy available at https://www.evisort.com/ai-prohibited-use-policy.

‍

3.     Evisort’s Rights andObligations. 

3.1.  Evisort Intellectual Property. Except for the license granted to Customer under this Agreement, Evisort reserves all right, title and interest in and to its intellectual property, including the Evisort Platform, Services,Documentation, Usage Data, Deliverables, and Confidential Information. Unless otherwise expressly set forth in an Order Form or SOW, and except for any Customer Content, all Deliverables, work product, or services provided or developed pursuant to the Agreement (including any modifications andImprovements to the Evisort Platform or Services pursuant to subsection 3.2 or any intellectual property developed pursuant to subsection 3.3, and all intellectual property and other proprietary rights derived therefrom), will be the sole and exclusive property of Evisort.

3.2.  Customer Input. Customer herebygrants Evisort a royalty-free, worldwide, transferable, sub-licenseable,irrevocable, perpetual license to use or incorporate into the Evisort Platformand Services any Customer Input.  Evisortwill have no obligation to use Customer Input. Customer will have no obligation to provide Customer Input.  

3.3.  Continuous Development. Customer acknowledges that Evisort may continually develop, deliver, and provide to Customer on-going innovation to the Evisort Platform in the form of new features, functionality, and efficiencies. Accordingly, Evisort reserves the right to modify the Evisort Platform or Services from time to time. Some modifications will be provided to Customer at no additional charge. In the event Evisort adds additional functionality, Evisort may condition the implementation of such new functionality on Customer’s payment of additional fees provided Customer may continue to use the version of the Evisort Platform and Services specified in the Order Form without paying additional fees.

3.4.  Professional Services. Customer may request that Evisort provide certain Professional Services related to Customer’s use of the Evisort Platform and Services. All Professional Services must be agreed to by the parties in a separate SOW.

3.5.  Technical Support. Evisort shall provide Customer with reasonable technical support services for Customer’s access to and use of the Evisort Platform throughout the Order Term (“Technical Support”). Evisort’s Service Level Agreement, which provides a 99.5% uptime commitment and related Technical Support commitments, is available upon request.

‍

4.     Confidential Information.

4.1.  Use and Disclosure. During the Term of the Agreement, eachparty will have access to the other party’s Confidential Information. Except as otherwise expressly permitted, and without limiting each party’s obligations under the Agreement, each Recipient agrees as follows: (a) it will not disclose the Confidential Information of the Disclosing Party to anyone except its employees, service providers, and independent contractors who have a need to know and who are bound by written confidentiality obligations no less restrictive than those herein (each a “Representative”)and (b) it will not use or reproduce the Confidential Information disclosed by the Disclosing Party for any purpose other than exercising its rights and performing its obligations as described herein. Each Recipient will be liable for the acts and omissions of its Representatives with respect to theDisclosing Party’s Confidential Information.

4.2.  Exceptions. The provisions of the foregoing Section 4.1 will not apply to Confidential Information that: (a) becomes generally available to the public through no fault of the Recipient; (b) is lawfully provided to theRecipient by a third party free of any confidentiality duties or obligations;(c) Recipient can prove was already known to the Recipient without restriction at the time of disclosure; or (d) Recipient can prove was independently developed by employees and contractors of Recipient who had no access to the ConfidentialInformation. Notwithstanding the foregoing Section 4.1, each party may discloseConfidential Information to the limited extent required by a court or other governmental body, or as otherwise necessary to comply with applicable law, provided that the party making the disclosure pursuant to the order will first have given written notice (to the extent legally permitted) to the other party and made a reasonable effort to obtain a protective order.

5.     Security and Processing.

5.1.  Security. Evisort has implemented and will maintain a comprehensive information security program as described in Schedule 1 (SecurityPractices) which shall be consistent with industry standards that contain appropriate administrative, technical and physical safeguards reasonably designed to protect Customer Content from unauthorized disclosure. Evisort may update such security policies and safeguards from time to time, provided that any such update does not materially reduce the overall level of security or commitments as described in Schedule 1.

5.2.  Processing. Evisort’s processing of Personal Data shall be governed by the Data Processing Addendum (“DPA”)entered into contemporaneously by the parties hereto. If the parties do not separately execute a DPA contemporaneously with this Agreement, the DPA available at https://evisort.com/legal/dpa shall govern.

5.3.  Subcontractors. Evisort may utilize subcontractors and subprocessors (“Subcontractors”) in the performance of its obligations, provided that Evisort shall remain liable and responsible for the Subcontractors’ acts and omissions to the extent any of such acts or omissions, if performed by Evisort, would constitute a breach of, or otherwise give rise to liability to Evisort under, this Agreement.

6.     Payment Terms.

6.1.  Fees. Customer will pay Evisort the fees specified in theOrder Form or SOW, as applicable, for the Evisort Platform,  Services, and Professional Services in accordance with the terms therein (the “Fees”), along with any applicable sales and use taxes. If Customer’s use of the Evisort Platform exceeds the ServiceCapacity or Number of Users specified in the Order Form or is otherwise contractually obligated to pay additional fees, Customer shall be billed for such additional fees in the manner provided herein. If Customer desires Evisort to perform different or additional Professional Services than the ProfessionalServices described in a SOW, the parties will amend the SOW and any change to the Fees owed by Customer under the SOW will be documented in the amendment.

6.2.  Invoicing. Unless otherwise specified in the Order Form, the payment terms in this Section 6.2 shall apply. Evisort may choose to bill through an invoice that specifies the fees and applicable taxes, and for which full payment must be received by Evisort within thirty (30) days after the invoice date. Unpaid amounts are subject to a finance charge of 1.5% per month on any outstanding balance, or the maximum permitted by law, whichever is lower, plus all expenses of collection, and may result in suspension of access to the Evisort Platform and Services if payment is more than sixty (60) days late. Customer shall be responsible for all taxes associated with the Services other than taxes based on Evisort’s net income. If Customer believes that Evisort has billed Customer incorrectly, Customer must contact Evisort no later than sixty (60) days after the invoice date on the invoice in which the error or problem appeared, in order to receive an adjustment or credit (if applicable).

6.3.  Overages. Should Customer exceed the Service Capacity (an “Overage”), Evisort will invoice the Customer for the increased Service Capacity at the rate specified in the Order Form, prorated to account for any months of the Order Form Term that lapsed prior to the overage. Overages may be invoiced when first incurred or on the same schedule as other invoices due under the Order Form or this Agreement, and will be payable in accordance with this Section 6. Evisort will provide the Customer with alerts upon crossing 80% and 100% of the applicable Service Capacity. If not otherwise specified in the Order Form, the fees for any Overage shall be 1.3 times the per Document fee set forth in the Order Form; if no per Document fee is specified in the Order Form, the per Document fee shall be calculated by dividing the Annual Cost for the Evisort Platform by the original Service Capacity.

7.      Warranties; Disclaimers; Limitations on Liability.

7.1.  General Warranties. Each party warrants that (a) it has the authority to enter into this Agreement and, in connection with its performance of this Agreement, shall comply with all Laws; (b) as of the Effective Date and throughout the Term, it is duly organized, validly existing and in good standing under the laws of its jurisdiction of incorporation or organization; (b) the execution and performance of the Agreement, or use of the Evisort Platform and Services, will not conflict with or violate any provision of any law having applicability to such party; and (c) the Agreement, when executed and delivered, will constitute a valid and binding obligation of such party and will be enforceable against such party in accordance with its terms.

7.2.  Evisort Platform and Services Warranties. Evisort warrants that during the applicable Order term: (a) the overall Evisort Platform will not be materially decreased; (b) to the best of Evisort’s knowledge, the Evisort Platform does not contain, and Evisort will not knowingly introduce, any Malicious Code (collectively, the“Evisort Platform Warranty”). Customer shall use commercially reasonable efforts to notify Evisort in writing no later than 30 days after identifying a deficiency, but Customer’s failure to notify Evisort within that period will not affect Customer’s right to receive warranty remedies unless Evisort is impaired in its ability to correct the deficiency due to Customer’s failure to notify. Notice of breaches of the warranty under item (2) must be made through Evisort’s then-current error reporting system; notices of breaches of any other warranty must be made in writing to Evisort in accordance with the notice provisions of these Terms. TheCustomer’s exclusive remedy and Evisort’s sole liability for breach of the Evisort Platform Warranty are those described in Section 9.2 for the affectedService.

7.3.  Professional Services Warranty. Evisort warrants that: (a) it will perform the Professional Services with reasonable skill and care, and (b) the professional staff it assigns to perform Professional Services will be competent and properly qualified (the “Professional Services Warranty”). If Evisort breaches the Professional Services Warranty, Evisort will correct deficiencies or re-performance of the applicable defective Professional Service at no additional charge to Customer, provided Customer gives Evisort written notice of any deficiencies within thirty (30) days of delivery by Evisort. If Evisort is unable to correct the deficiencies after good faith and reasonable efforts, Evisort will refund Customer prorated amounts paid for the defective portion of an applicable Deliverable or defective Professional Service. Evisort does not warrant that any of the Professional Services or Deliverables provided will be error free or uninterrupted. Customer’s exclusive remedy and Evisort’s sole liability for breach of the Professional Services Warranty or for a deficient deliverable are described in this section.

7.4.  Customer Content. Customer represents and warrants that it has obtained and will maintain throughout the Term, all rights, consents and permissions for Customer to make available the Customer Content to Evisort and for Evisort to use the Customer Content as contemplated herein.

7.5.  Compliance with Laws and Policies. Customer will use the Evisort Platform andServices in accordance with all applicable laws, rules and regulations; as well as any of Evisort’s standard published policies, if any, in effect as of the date Customer and Evisort execute an Order Form and as may be amended by Evisort, in its sole discretion, from time to time. Although Evisort has no obligation to monitor Customer’s use of the Evisort Platform and Services, Evisort may do so and may prohibit any use of the Evisort Platform and Services it believes may be (or alleged to be) in violation of the foregoing.

7.6.  Warranty Disclaimer. EXCEPT AS EXPRESSLY PROVIDED IN THIS AGREEMENT AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EVISORT MAKES NO WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING ANY WARRANTIES OF MERCHANT ABILITY OR FITNESS FOR A PARTICULAR PURPOSE. EVISORT DOES NOT WARRANT THAT THE SERVICE WILL BE ERROR FREE OR UNINTERRUPTED. THE LIMITED WARRANTIES PROVIDED IN THIS AGREEMENT ARE THE SOLE AND EXCLUSIVE WARRANTIES PROVIDED TOTHE CUSTOMER.

7.7.  LIMITATION OF LIABILITY. EXCEPT WITH RESPECT TO (A) DAMAGES CAUSED BY GROSS NEGLIGENCE, WILLFUL MISCONDUCT, OR FRAUD, (B) EITHER PARTY’S INDEMNIFICATION OBLIGATIONS UNDER THIS AGREEMENT, (C) CUSTOMER’S PAYMENT OBLIGATIONS AND (D) EVISORT’S REMEDIATION OBLIGATIONS IN SECTION 7.8, THE FOLLOWING LIMITATION OF LIABILITY CAPS SHALL APPLY: IN NO EVENT SHALL EITHER PARTY OR ITS AFFILIATES’ TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR OTHERWISE, EXCEED THE FEES PAID OR PAYABLE UNDER THIS AGREEMENT DURING THE IMMEDIATELY PRECEDING 12-MONTH PERIOD FOR THE SERVICE FROM WHICH THE CLAIM AROSE (“GENERAL CAP”), EXCEPT THAT FOR BREACH OF EITHER PARTY’S CONFIDENTIALITY, SECURITY, OR PRIVACY OBLIGATIONS, THE BREACHING PARTY’S TOTAL AGGREGATE LIABILITY WILL BE INCREASED TO FEES PAID OR PAYABLE UNDER THE AGREEMENT DURING THE IMMEDIATELY PRECEDING 24-MONTH PERIOD FOR THE SERVICE FROM WHICH THE CLAIM AROSE (“ENHANCED CAP”).

7.8.  EXCLUSION OF DAMAGES. EXCEPT FOR EITHER PARTY’S INDEMNIFICATION OBLIGATIONS UNDER THIS AGREEMENT AND THE DIRECT DAMAGES IDENTIFIED IN SECTION 7.9, IN NO EVENT WILL EITHER PARTY OR ITS AFFILIATES HAVE LIABILITY FOR LOST PROFITS OR REVENUES, LOSS OF USE OR DATA, BUSINESS INTERRUPTION, OR INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL, OR COVER DAMAGES, HOWEVER CAUSED, WHETHER IN CONTRACT, TORT OR OTHERWISE, EVEN IF THE PARTY OR ITS AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE EXCLUSIONS IN THIS SECTION WILL NOT APPLY TO THE EXTENT PROHIBITED BY LAW. CUSTOMER’S PAYMENT OBLIGATIONS WILL NOT BE CONSIDERED EVISORT’S LOST PROFITS.

7.9.  Evisort Remediation Obligations. If unauthorized disclosure of or access to Personal Data is caused by Evisort’s breach of its security, privacy, or data protection obligations under this Agreement, Evisort shall pay the reason able and documented costs incurred by Customer in connection with the following items: (a) costs of any required forensic investigation to determine the cause of the breach; (b) providing notification of the security breach to applicable government and relevant industry self-regulatory agencies, to the media (if required by applicable Law) and to individuals whose Personal Data have been disclosed or accessed (“Affected Individuals”); (c) providing a credit monitoring service to Affected Individuals who elect to receive it for a period of one year after the date on which such individuals were notified of the unauthorized disclosure or access, and (d) operating a call center to respond to questions from Affected Individuals for a period of one year after the date on which such individuals were notified of the unauthorized disclosure or access. Notwithstanding the foregoing, or anything in the Agreement to the contrary, Evisort will have no responsibility to pay costs of remediation to the extent they are due to gross negligence, willful misconduct or fraud by Customer or its employees, agents or contractors.

7.10. Direct Damages. Subject to Section 7.6, and notwithstanding Section 7.7, if either party breaches its obligations under this Agreement, the following will be considered direct damages: (a) amounts paid to affected third parties as damages or settlements in response to claims arising from the breach; (b) amounts paid for fines and penalties imposed by any governmental authority arising from the breach; and (c) reasonable legal fees to defend against third-party claims arising from the breach.

‍

8.     Indemnification.

8.1.  Evisort Indemnity. Evisort will indemnify, defend and holdCustomer, its directors, officers, and employees harmless from and against any and all losses, damages, liability, costs and expenses awarded by a court or agreed upon in settlement, as well as all reasonable and related attorneys’ fees and court costs (collectively “Losses”) arising out of any third party claim alleging that the Evisort Platform, Services, or Deliverables infringe any third party’s intellectual property rights.

8.2.  Exclusions. Section 8.1 will not apply if the alleged claim a rises, in whole or in part, from: (a) a use or modification of the Evisort Platform, Services, or Deliverables by Customer or any User in breach of the Agreement, (b) a combination, operation or use of the Evisort Platform, Services, or Deliverables with other software, hardware or technology not provided by Evisort or reasonably intended to be used together, if the claim would not have arisen but for the combination, operation or use, (c) made in whole or in part in accordance with Customer specifications if the claim would not have arisen but for such specifications, (d) where Customer continues allegedly infringing activity after being notified thereof or after being informed of modifications that would have avoided the alleged infringement, or (e) the Customer Content(any of the foregoing circumstances under clauses (a)-(e) will be collectively referred to as a “Customer Indemnity Responsibility”).

8.3.  Customer Indemnity. Customer will indemnify, defend and hold harmless Evisort, its directors, officers, and employees from and against any and all Losses arising out of any third party claim (a) alleging a Customer breach of any Customer representation or warranty in Section 7, and (b) arising out of any Customer Indemnity Responsibility.

8.4.  Indemnification Process. The foregoing indemnification obligations are conditioned on the indemnified party: (a) notifying the indemnifying party promptly in writing of such action, (b) reasonably cooperating and assisting in such defense; and (c) giving sole control of the defense and any related settlement negotiations to the indemnifying party with the understanding that the indemnifying party may not settle any claim in a manner that admits guilt or otherwise prejudices the indemnified party without its consent.

8.5.  Infringement Remedy. If the Evisort Platform, Services, or a Deliverable are, or in Evisort’s opinion, likely to become, the subject of any infringement-related claim, then Evisort will, at its expense and in its discretion: (a) procure for Customer the right to continue using the Evisort Platform, Service, or Deliverable; (b) replace or modify the infringing technology or material so that the Evisort Platform, Services, or Deliverable become non-infringing and remain materially functionally equivalent; (c) terminate the Order Form pursuant to which the Evisort Platform and Services are provided and give Customer a refund for any pre-paid but unused Fees; or (d) terminate the SOW pursuant to which the Deliverable is provided and give Customer a refund for the Fees paid for such Deliverable. THE PROVISIONS OF THIS SECTION 8.5 STATE EVISORT’S ENTIRE LIABILITY AND CUSTOMER’S EXCLUSIVE REMEDIES FOR ANY CLAIM BY CUSTOMER THAT THE EVISORT PLATFORM OR SERVICES INFRINGE A THIRD PARTY’S INTELLECTUAL PROPERTY RIGHT.

9.     Term and Termination.

9.1.   Term. Subject to earlier termination as provided below, the term of the Agreement will commence on the Effective Date (as defined in theOrder Form or applicable SOW) and shall remain in effect until all Order Forms or statements of work have expired or otherwise been terminated, unless extended pursuant to the written agreement of the parties (“Term”).

9.2.  Termination. Either party may terminate the Agreement: (a) upon 30days’ prior written notice to the other party for a material breach by the other party if such breach remains uncured at the expiration of such notice period; or (b) to the extent permitted by Law, immediately in the event the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors. For clarity, (1) Customer shall have the right to terminate the affected Service for a breach of Service Warranty pursuant to Section 9.2(a) above; and (2) a breach or termination of any SOW will not be considered a material breach or termination of this Agreement. If the Agreement is terminated, all Order Forms and SOWs are simultaneously terminated and Customer shall, as of the date of any termination, immediately cease accessing and otherwise utilizing the Services and Evisort Confidential Information. Upon termination by Customer pursuant to this section, Evisort shall refund Customer any prepaid Fees for the affected Service that was to be provided after the effective date of termination. Termination for any reason will not relieve Customer of the obligation to pay any fees accrued or due and payable to Evisort prior to the effective date of termination and termination for any reason other than for uncured material breach by Evisort or as otherwise stated in this Agreement will not relieve Customer of the obligation to pay all future amounts due under all Order Forms and SOWs.

9.3.  Suspension of Access. At any time during the Term, Evisort may, immediately upon notice to Customer, suspend access to the Evisort Platform or any Service for the following reasons: (a) a threat to the technical security or technical integrity of the Evisort Platform or Services; (b) an uncured material breach of the Agreement is, or (c) breach or violation by Customer of any laws or regulations applicable to Customer’s use of the Platform or Services.

9.4.  Customer Content. Evisort reserves the right to permanently delete any Customer Content thirty (30) days following termination of the Agreement. Upon termination, Evisort shall also promptly delete any CustomerContent upon Customer’s written request. Any data deleted may remain in immutable electronic backups maintained by Evisort and used purely for backup, disaster recovery and data protection purposes for up to an additional ninety (90) days beyond any such deletion or certification. Customer may additionally request, up to thirty (30) days after termination, and provided that Customer has fully paid all outstanding invoices, a copy of its Customer Content, which Evisort will provide via an online shared folder.

9.5.  Effects of Termination. Upon termination or expiration of theAgreement for any reason, (a) any amounts owed to Evisort prior to such termination or expiration and all completed but unpaid Professional Services fees will be immediately due and payable and (b) all licensed and access rights granted will immediately cease to exist. Sections 1, 2.5, 2.6, 4, 6, 7, 8, 9.4,9.5, and 10 will survive any expiration or termination of the Agreement.

‍

10.   General.

10.1. Assignment. Neither party may assign any of its rights or obligations here under, whether by operation of law or otherwise, without the prior written consent of the other party (which consent must not be unreasonably with held or delayed). Not withstanding the foregoing, either party may assign this Agreement in its entirety (including all Order Forms orStatements of Work) upon written notice without consent of the other party in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets so long as the assignee: (a) is an entity registered in a territory in which Evisort is approved to provide the Service; and (b) agrees to be bound in writing by all of the terms of this Agreement and all past due fees are paid in full. Any attempt by a party to assign its rights or obligations under this Agreement other than as permitted by this section will be void. Subject to the foregoing, this Agreement will bind and inure to the benefit of the parties, their respective successors and permitted assigns.

10.2. Publicity. During the Term, Evisort may refer to Customer as an Evisort customer, orally and in recordable format (including in promotion or marketing materials and on Evisort’s website and social media postings).

10.3. Relationship. No agency, partnership, joint venture, or employment is created as a result of the Agreement and neither party has any authority of any kind to bind the other party in any respect whatsoever.

10.4. Notices. Unless expressly stated otherwise, all notices under this Agreement must be in writing and will be deemed to have been given upon: (a) personal delivery; and (b) the third business day after first class mailing. Notices to Evisort must be sent to the address shown in the Order Form addressed to the attention of its Legal Department with a copy sent by email tolegal@evisort.com. Notices to Customer must be sent to the address shown in the Order Form addressed to Customer’s signatory of this Agreement. Each party may modify its recipient of notices by providing notice pursuant to this Agreement.

10.5. Governing Law; Disputes. The Agreement will be governed by the laws of the State of New York without reference to its conflicts of law principles.  Each party hereby waives any right to jury trial in connection with any action or litigation in any way arising out of or related to this Agreement.

10.6. Waivers. All waivers must be in writing. Any waiver or failure to enforce any provision of the Agreement on one occasion will not be deemed a waiver of any other provision or of such provision on any other occasion.

10.7. Severability. If any provision of the Agreement is unenforceable, such provision will be changed and interpreted to accomplish the objectives of such provision to the greatest extent possible under applicable law and the remaining provisions will continue in full force and effect.

10.8. No Third Party Beneficiaries. The parties acknowledge that the covenants set forth in the Agreement are intended solely for the benefit of the parties, their successors and permitted assigns. Nothing herein, whether express or implied, will confer upon any person or entity (including any User or any employee) other than the parties, their successors and permitted assigns, any legal or equitable right whatsoever to enforce any provision of the Agreement.

10.9. Construction. The headings of Sections of the Agreement are forconvenience and are not to be used in interpreting the Agreement. As used inthe Agreement, the word “including” means “including but not limited to.”

10.10. Force Majeure. Neither party will be liable for any failure or delay in performance under this Agreement caused by unforeseeable events beyond that party’s control and where the failure or delay is through no fault of the affected party and could not have been reasonably avoided (“Force Majeure”). Dates by which performance obligations are scheduled to be met will be extended for a period equal to the time lost due to any delay so caused, provided that notice of the Force Majeure event is given in writing within 15 days after theForce Majeure event begins. Such notice shall identify the nature of the Force Majeure event, its expected duration and the probable impact on the performance of the affected party’s obligations.

10.11. Entire Agreement. The Agreement constitutes the entire agreement between the parties regarding the subject hereof and supersedes all prior or contemporaneous agreements, understandings, and communication, whether written or oral. The Agreement may be amended only by a written document signed by both parties.

10.12. Remedies; Injunctive Relief. Except as otherwise provided, remedies provided herein are in addition to, and not exclusive of, any other remedies of a party at law or in equity. Either party may seek interim or temporary injunctive relief in any court of appropriate jurisdiction with respect to any alleged breach of such party’s intellectual property, confidentiality, or proprietary rights under this agreement, as such a breach may cause the non-breaching party irreparable damage with no adequate remedy at law.

10.13. Insurance. During the term of this Agreement, Evisort shall maintain, at the minimum, (a) Commercial General Liability insurance, including Contractual Liability Coverage, with coverage for products liability, completed operations, property damages and bodily injury, including death, with an aggregate limit of no less than $2,000,000, (b) Technology ProfessionalLiability Errors & Omissions policy (which includes Cyber Risk coverage andComputer Security and Privacy Liability coverage) with a limit of no less than$10,000,000 per occurrence and in the aggregate.  (c) Workers’ Compensation insurance as required by applicable law and Employers Liability insurance with limits not less than $1,000,000 per accident/per employee. This policy shall include a waiver of subrogation against Customer, except for those monopolistic states that do not allow it.

Schedule 1

Security Practices at Evisort

1.     SecurityProtocols

1.1   Information Security Program. Evisort shall maintain a comprehensive written information security program, including policies, standards, procedures, and related documents that establish criteria, means, methods, and measures governing the processing and security of Customer Content and the Evisort systems or networks used to process or secure Customer Content in connection with providing the Services (“Evisort Information Systems”). Subcontractors engaged by Evisort in accordance with this agreement will maintain (at a minimum) substantially similar levels of security as applicable and required by these Security Practices.

1.2   Security Controls. In accordance with its information security program, Evisort shall implement appropriate physical, organizational, and technical controls designed to (a) ensure the security, integrity, and confidentiality of Customer Content accessed, collected, used, stored, or transmitted to or by Evisort, and (b) protect Customer Content from known or reasonably anticipated threats or hazards to its security, integrity, accidental loss, alteration, disclosure , and other unlawful forms of processing.Without limiting the foregoing, Evisort will, as appropriate, utilize the following controls:

(a) Fire walls. Evisort will install and maintain firewall(s) to protect data accessible via the Internet.

(b) Updates. Evisort will maintain programs and routines to keep the Evisort information systems up to date with the latest upgrades, updates, bug fixes, new versions, and other modifications.

(c) Anti-malware. Evisort will deploy and use anti-malware software and will keep the anti-malware software up to date. Evisort will use such software to mitigate threats from all viruses, spyware, and other malicious code that are or should reasonably be detected.

(d) Testing. Evisort will regularly test its security programs, processes, and controls to ensure they meet the requirements of these Security Practices.

(e) Access Controls. Evisort will secure data in production Evisort Information Systems by complying with the following:

(i) Evisort will assign a unique ID to each individual with access to systems processing Customer Content.

(ii)    Evisort will restrict access to systems with Customer Content to only those individuals necessary to perform a specified obligation as permitted by this Agreement.

(iii)  Evisort will regularly review the list of individuals and services with access to systems processing Customer Content and remove accounts that no longer require access.

(iv)   Evisort will not use manufacturer supplied defaults for system passwords on any operating systems, software, or other systems, and will mandate the use of system-enforced “strong passwords” in accordance with or exceeding the best practices (described below) on all systems processing Customer Content.

(v)    At a minimum, Evisort production passwords will (i) contain at least eight (8) characters; include at least one capitalized and one lowercase letter, at least one number, and one special symbol; and (ii); be changed whenever an account compromise is suspected or assumed.

(vi)   Evisort will enforce account lockout by requiring additional validation or disabling access to Customer Content when an account exceeds a designated number of incorrect password attempts in a certain period of time.

(f)  Policies. Evisort will maintain and enforce appropriate information security, confidentiality, and acceptable use policies for employees, subcontractors, agents and suppliers that meet the standards set forth in these Security Practices, including methods to detect and log policy violations.

(g) Development. Development and testing environments for Evisort Information Systems will be separate from production environments.

(h) Encryption. Evisort will utilize cryptographic standards mandating authorized algorithms, key length requirements, and key management processes that are consistent with or exceed then-current industry standards, including NIST recommendations, and utilize hardening and configuration requirements consistent in approach with then-current industry standards, including SANS Institute, NIST, or Center for InternetSecurity (CIS) recommendations. Pursuant to such standards, Evisort will encrypt Customer Content at rest within the online Services and only allow encrypted connections to the online Service for the transfer of CustomerContent.

(i)  Remote Access. Evisort will ensure that any access from outside of its protected corporate or production environments to a system or systems processing Customer Content or to Evisort’s corporate or development workstation networks will require appropriate connection controls, such as VPN or multi- factor authentication.

‍

2.    System Availability.

‍Evisort will maintain (or, withrespect to systems controlled by its subcontractors, ensure that such subcontractors maintain) a disaster recovery (“DR”) program designed to recover the Service’s availability following a disaster. At a minimum, such DR program will include the following elements: (a) routine validation of procedures to regularly and programmatically create retention copies of Customer Content for the purpose of recovering lost or corrupted data; (b) inventories, updated at minimum annually, that list all critical Evisort Information Systems; (c) annual review and update of the DR program; and (d) annual testing of the DR program designed to validate the DR procedures and recoverability of the service detailed there

‍

3.     Security INCIDENTS

3.1 Procedure. If Evisort becomes aware of confirmed unauthorized or unlawful access to any Customer Content processed by Evisort Information Systems (a “Security Incident ”), Evisort will promptly (a) notifyCustomer of the Security incident (b) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Incident.

3.2 Unsuccessful Attempts. An unsuccessful attack or intrusion is not a Security Incident subject to this Section 3. An “unsuccessful attack or intrusion” is one that does not result in unauthorized or unlawful access toCustomer Content and may include, without limitation, pings and other broadcast attacks on firewalls or edge servers, port scans, unsuccessful log-on attempts, denial of service attacks, packet sniffing (or other unauthorized access to traffic data that does not result in access beyond IP addresses or TCP/UDP headers), or similar incidents.

3.3 User Involvement. Unauthorized or unlawful access to Customer Content that results from the compromise of a User’s login credentials or from the intentional or inadvertent disclosure of Customer Content by a User is not a Security Incident.

3.4 Notifications. Notification(s) of Security Incidents, if any, will be delivered to one or more of Customer’s Admin users by any reasonable means Evisort selects, including email, as time is typically of the essence. Customers are solely responsible for maintaining accurate contact information in the online Service at all times.

3.5 Disclaimer. Evisort’s obligation to report or respond to aSecurity Incident under this Section 3 is not an acknowledgement by Evisort of any fault or liability of Evisort with respect to the Security Incident.

‍

4.     AUDITING and Reporting

4.1   Monitoring. Evisort monitors the effectiveness of its information security program on an ongoing basis by conducting various audits, risk assessments, and other monitoring activities to ensure the effectiveness of its security measures and controls.

4.2   Audit Reports. Evisort uses external auditors to verify the adequacy of its security measures and controls for certain Services, including the Services provided under the Agreement. The resulting audit will: (a) include testing of the entire measurement period since the previous measurement period ended; (b) be performed according to AICPA SOC2 standards or such other alternative standards that are substantially equivalent to AICPA SOC2; (c) be performed by independent third party security professionals at Evisort’s selection and expense; and (d) result in the generation of a SOC2 or SOC3 report (“Audit Report”), which will be Evisort’s Confidential Information. The Audit Report will be made available to Customer upon written request no more than annually, subject to the confidentiality obligations of the Agreement or a mutually-agreed non-disclosure agreement. Customer may also request a SOC3 report, which, if available from Evisort, will not be subject to such confidential obligations but shall attest to the external auditor’s verification and findings. For the avoidance of doubt, each Audit Report will only discuss Services in existence at the time the Audit Report was issued; subsequently released Services, if within the scope of the Audit Report, will be in the next annual iteration of the Audit Report.

4.3  Penetration Testing. Evisort uses external security experts to conduct penetration testing of certain online Services, including the Services. Such testing will: (a) be performed at least annually; (b) be performed by independent third party security professionals at Evisort’s selection and expense; and (c) result in the generation of a penetration test report (“Pen Test Report”), which will be Evisort’s Confidential Information. Pen Test Summary Reports or attestation letters attesting to the same will be made available to Customer upon written request no more than annually subject to the confidentiality obligations of the Agreement or a mutually-agreed non-disclosure agreement.

4.4   Worldwide Bug Bounty Program. Evisort shall maintain a bug bounty program to proactively detect bugs and vulnerabilities on a proactive basis. The program will operate such that external security experts shall have access to a production-like version of the software by which the Services are provided, with such experts incentivized and rewarded for finding vulnerabilities with monetary rewards. This program will be run on a continuous basis with rewards available at all time to the security experts participating in the program.

‍