PATHLOCK TERMS AND CONDITIONS These Pathlock Terms and Conditions (the “Agreement”) is entered into as of < date> day of 2024 (the “Effective Date”) by and between Pathlock, Inc., a Delaware corporation with its office at One Tabor Center 1200 17th St, Suite 880, Denver, CO 80202 (“Company”), and <> (“Customer”). 1. SOFTWARE-AS-A-SERVICE 1.1 Subject to the terms of this Agreement, Company shall provide Customer the Services specified in Exhibit A of this Agreement. Such use is limited to the Authorized Users and solely for Customer’s internal business purposes Subject to and conditioned on Customer’s and its Authorized Users’ compliance with the terms and conditions of this Agreement, Company hereby grants Customer a non-exclusive, non-transferable, right to access and use the Services, and the Documentation, during the Term of this Agreement, solely for Customer’s internal business purpose. 1.2 Subject to the terms hereof, Company will provide Customer with technical support services in accordance with the terms set forth in Exhibit A of this Agreement. Company shall provide implementation services as per a separate statement of work to be mutually agreed between the parties. 1.3 Company shall provide Customer the necessary passwords and network links to allow Customer and its Authorized Users to access and use the Services, software. 2. CUSTOMER RESPONSIBILITIES 2.1 Customer will maintain a service manager to serve as its primary point of contact for decision making under this Agreement, and who will be responsible for providing all consents and approvals on behalf of Customer as required under this Agreement. Customer represents and warrants that its service manager has all requisite organizational authority and qualifications to perform in such capacity. 2.2 Customer shall not (i) license, sublicense, sell, resell, transfer, assign, distribute, or otherwise commercially exploit or make available to any third party the Services in any way; (ii) modify or make derivative works based upon the Service (iii) reverse engineer or access the Service in order to (a) build a competitive product or service, (b) build a product using similar ideas, features, functions or graphics of the Service, or (c) copy any ideas, features, functions or graphics of the Service. Customer shall be responsible for all activity occurring under Customer’s user accounts and shall abide by all applicable laws and regulations in connection with Customer’s use of the Service, including those related to data privacy, and the transmission of technical or personal data. Customer shall: (i) notify Company immediately of any unauthorized use of any password or account or any other known or suspected use of the Services; (ii) report to Company immediately and use best efforts to stop immediately any copying or distribution of the Services that is known or suspected by Customer and its Authorised users. 2.3 Company provides Services and uses software and technology that may be subject to U.S. export controls administered by the U.S. Department of Commerce, the U.S. Department of Treasury Office of Foreign Assets Control or any other United States or foreign agency or authority. Customer acknowledges and agrees that the Services and software shall not be used, and none of the underlying information, software, or technology may be transferred or otherwise exported or re-exported from the United States in violation of any restrictions, laws or regulations of the United States Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, or any other United States or foreign agency or authority. Customer shall comply with all applicable federal laws, regulations, and rules, and complete all required undertakings (including obtaining any necessary export license or other governmental approval), that prohibit or restrict the export or re-export of the Services or any Customer Data outside the United States. 2.4 Customer shall be responsible for: (a) obtaining and maintaining any equipment and ancillary services required to connect to, access or otherwise use the Services, including, without limitation, modems, hardware, servers, software, operating systems, networking, web servers and the like (collectively, “Equipment”); and (b) maintaining the security of the Equipment, Customer account, passwords (including but not limited to administrative and user passwords) and files, for use of Customer account or the Equipment 2.5 Customer shall be responsible for: (a) all use of the software by all Authorized Users; and (b) ensuring that the Authorized Users are made aware of the relevant terms of this Agreement and comply with them, any terms of use and all reasonable instructions issued by Company to Customer. 2.6 Customer shall immediately notify Company in writing if: (a) any changes to the Authorized Users’ access rights or permissions are required; (b) any Authorized User details become known to anyone other than the relevant Authorized User so that Company can disable those Authorized User details and provide replacement details; or (c) Customer becomes aware of any unauthorized use of the Services or the software by anyone. 2.7 Customer may not sublicense or transfer its rights to access and use the Services, software except as permitted under Section 14.3 2.8 Company shall retain sole control over the operation, provision, maintenance, and management of the Services and the Documentation. Company reserves the right, in its sole discretion, to make any changes to the Services that it deems necessary or useful to (a) maintain or enhance: (i) the quality or delivery of the Services; (ii) the competitive strength of the Services; or (iii) the cost efficiency or performance of the Services; or (b) to comply with applicable laws. Such changes shall not compromise the user-friendliness of the Services. Company may from time to time, with prior notice to Customer, engage third parties to perform Services (each, a “Subcontractor”). 2.9 Customer shall retain sole control over the operation, maintenance, and management of any Customer Equipment, and solely responsible for all access to and use of the Services by any person through the Customer Equipment or any other means controlled by Customer or an Authorized User. 2.10 Company will have no obligation to make any back-up of any data stored or processed by the software (including any Customer Data). 3. HOSTING, MAINTENANCE AND UPDATES 3.1 Customer acknowledges that: (a) Company’s performance depends on Customer performing its obligations under this Agreement; (b) Company makes no commitment that the software will be accessible or usable at any given time, or that access to it will be continuous, uninterrupted or error-free; and (c) Company accepts no liability for any consequences on the software being unavailable due to internet delays. Company shall adhere to the availability targets and the service levels specified in Exhibit-A of this Agreement that shall apply to the software from time to time. Company will provide all credits due to Customer for failure to meet applicable service levels specified in Exhibit-A of this Agreement. Any such targets or service levels shall not apply: (i) if non-access to the Services is caused by internet delays; and (ii) for any downtime or suspension described in Section 8.5. 3.2 Customer agrees that Company is not responsible for failing to provide the Services within any agreed timeframe or for any errors in the Services or its outputs due to delays caused or materially contributed to by Customer and Authorized Users by: (a) providing Company with inaccurate or incomplete information or by using such information with the Services; (b) any information that is provided to Company or used with the Services in the wrong format; (c) failing to make the appropriate staff or assistance available within a reasonable time; or (d) any loss arising from Customer not fulfilling its obligations. 3.3 Company will provide support and maintenance services for the software; including, error corrections and updates and new releases to the Services from time to time as stated in Exhibit-A of this Agreement. 4. CONFIDENTIALITY 4.1 Each party (the “Receiving Party”) understands that the other party (the “Disclosing Party”) has disclosed or may disclose business, technical or financial information relating to the Disclosing Party’s business (hereinafter referred to as “Proprietary Information” of the Disclosing Party). Proprietary Information of Company includes non-public information regarding features, functionality and performance of the Service. Proprietary Information of Customer includes non-public data provided by Customer to Company to enable the provision of the Services (“Customer Data”). The Receiving Party agrees: (a) to protect such Proprietary Information with the same level it takes to protect its own Proprietary Information, but in no case less than reasonable precaution and (b) not to use (except in performance of the Services or as otherwise permitted herein) or divulge to any third person any such Proprietary Information. The Receiving Party shall not disclose the Disclosing Party’s Proprietary Information to any person or entity, except to the Receiving Party’s employees, contractors, directors, officers, agents, and authorized representatives (“Representatives”) who need to know the Proprietary Information to perform its obligations under this Agreement. The Receiving Party shall be responsible for the acts and omissions of its Representatives with respect to the Disclosing Party’s Proprietary Information. The Disclosing Party agrees that the foregoing shall not apply any information that the Receiving Party can document (i) is or becomes generally available to the public, or (ii) was in its possession or known by it prior to receipt from the Disclosing Party, or (iii) was rightfully disclosed to it without restriction by a third party, or (iv) was independently developed without use of any Proprietary Information of the Disclosing Party or (v) is required to be disclosed by law. 4.2 Notwithstanding the foregoing, each Party may disclose Proprietary Information to the extent required in order to (i) comply with the order of a court or other governmental body, or as necessary to comply with applicable law or a subpoena, provided that the Party making the disclosure pursuant to the order shall first give written notice to the other Party, to the extent legally permissible), and make a reasonable effort to obtain a protective order if requested by the Disclosing Party; or (ii) establish a Party’s rights under this Agreement, including to make required court filings. 4.3 On the expiration or termination of this Agreement, the Receiving Party shall promptly return to the Disclosing Party all copies, whether written, electronic, or other form of media, of Disclosing Party’s Proprietary Information, or destroy such copies and certify in writing to the Disclosing Party that such copies of the Proprietary Information have been destroyed. Each Party’s obligations of non-disclosure with respect to Proprietary Information are effective as of the Effective Date and will expire five years from the date first disclosed to the Receiving Party; provided, however, with respect to any Proprietary Information that constitutes a trade secret (as determined under applicable law), such obligations of non-disclosure will survive the termination or expiration of this Agreement for as long as such Confidential Information remains subject to trade secret protection under applicable law. 5. DATA OWNERSHIP; SECURITY 5.1 Customer Data. Customer shall own all right, title and interest in and to the Customer Data, as between Company and Customer. Customer hereby grants to the Company for the duration of this Agreement, a non-exclusive, royalty-free, worldwide license to reproduce, and use and display the Customer Data and perform all acts with respect to Customer Data as may be necessary for Company to provide the Services to Customer, and a non-exclusive, perpetual, irrevocable, royalty-free, worldwide license to reproduce, modify, and otherwise use and display Customer Data incorporated with the Aggregated Statistics. Any external utilization of Customer Data is strictly contingent upon obtaining explicit permission from the Customer. 5.2 Data Processing. To the extent that Customer Data includes any personal data, Customer is solely responsible for ensuring an adequate legal basis for the collection and processing by Company of such personal data. Company shall process the personal data on behalf of Customer as a “processor” or “service provider” as such terms are defined under applicable data protection laws and as per the instructions provided by the Customer. Company shall process Customer personal data solely to perform its obligations under this Agreement or as otherwise authorized under this Agreement and for support, security, and product issues. Company will only use Customer personal data for such permitted purposes or upon the written instructions of Customer. In the event the Company has to process any personal data on behalf of Customer as a “processor”, the parties shall enter a separate “Data Processing Agreement” which shall govern the terms and conditions of use of such personal data by the Company. The personal data will be processed in the territory of _________ and there shall be no transfer of personal data outside the territory of _________ other than accessing the date remotely from other locations. 5.3 Company shall implement technical, administrative, and organizational security measures reasonably designed to protect Customer Proprietary Information from unauthorized access and use, and consistent with industry standard practice considering the scope and nature of Customer Data processed. Notwithstanding the foregoing, Customer acknowledges and accepts that the transmission of data over the Internet is never completely secure, and Company is not responsible for delays or failures resulting from use of the Internet and electronic communications. 5.4 Aggregated Statistics. Notwithstanding anything to the contrary, Company shall have the right to collect and analyze Aggregated Statistics and other information relating to the provision, use and performance of various aspects of the Services and related systems and technologies (including, without limitation, information concerning Customer Data and data derived therefrom), and Company will be free (during and after the term hereof) to (a) use such Aggregated Statistics and data to improve and enhance the Services and for other development, diagnostic and corrective purposes in connection with the Services and other Company offerings, and (b) disclose such Aggregated Statistics solely in aggregate or other de-identified form in connection with its business provided that no such disclosure reasonably identifies Customer, or any end-users or clients of Customer. As between Company and Customer all right, title, and interest in and to Aggregated Statistics, and all intellectual property rights therein, belong to and are retained solely by the Company. Customer acknowledges that Company may compile Aggregated Statistics based on Customer Data input into the Services. 5.5 Feedback. If Customer chooses to provide comments or feedback to Company in relation to the Services or the software (“Feedback”), Customer hereby grants to Company a worldwide, non-exclusive, royalty-free, transferable, sublicensable, perpetual and irrevocable license to use and otherwise exploit the Feedback for any purpose. 6. INTELLECTUAL PROPERTY 6.1 Company shall own and retain all right, title and interest in and to (a) the Services and software, all improvements, enhancements, or modifications thereto, (b) any software, applications, inventions or other technology developed in connection with implementation services or support, and (c) all intellectual property rights related to any of the foregoing. 6.2 Nothing in this Agreement grants any rights, title, or interest in or to (including any license under) any Intellectual Property Rights in or relating to the Services, whether expressly, by implication, estoppel, or otherwise. All right, title, and interest in and to the Services are and will remain with the Company. 6.3 Neither Party may use the other Party’s trademarks, service marks, trade names, logos or other commercial or product designations (collectively, “Marks”) in any publication, advertisement, or public announcement without the other Party’s prior written consent. Notwithstanding the foregoing, Company may reference the Customer in Company’s customer listings with prior written consent of Customer. Company may also place the Customer’s name and logo on Company’s web site, and in marketing materials relating to Company’s products and services after obtaining prior written consent of Customer. Company may also request the Customer’s permission to use the Customer and agreed representatives of the Customer as contactable references in Company’s negotiations with potential customers and other third parties, such permission not to be unreasonably withheld or delayed. The Customer shall grant Company with a right and license to use its Marks only after obtaining a prior written approval/consent of the Customer for the foregoing permitted purposes. 7. PAYMENT OF FEES 7.1 Customer will pay Company the then applicable fees described in a separate Order Form to be mutually agreed between the parties for the Services and implementation services in accordance with the terms therein (the “Fees”). If Customer’s use of the Services exceeds the Service Capacity set forth in the Order Form or any applicable SOW or otherwise requires the payment of additional fees (per the terms of this Agreement), Customer shall be billed for such usage and Customer agrees to pay the additional fees in the manner provided herein. Company reserves the right to change the Fees or applicable charges and to institute new charges and Fees at the end of the Initial Service Term or then current renewal term, upon thirty (30) days prior notice to Customer (which may be sent by email). If Customer believes that Company has billed Customer incorrectly, Customer must contact Company no later than 60 days after the closing date on the first billing statement in which the error or problem appeared, in order to receive an adjustment or credit. Inquiries should be directed to Company’s customer support department. 7.2 Company may choose to bill through an invoice, in which case, full payment for invoices issued in any given month must be received by Company thirty (30) days after the mailing date of the invoice. Unpaid amounts are subject to a finance charge of 1.5% per month on any outstanding balance, or the maximum permitted by law, whichever is lower, plus all expenses of collection and may result in immediate termination of Service. Company shall provide Customer with reminder notice before charging any penalty on any outstanding balance as stated above Customer shall be responsible for all taxes associated with Customer’s use of the Services and other taxes due by the Customer other than U.S. taxes based on Company’s net income and any other taxes that are directed and reasonably expected to be borne by Company. 7.3 All Fees and other amounts payable by Customer under this Agreement are exclusive of sales taxes and similar assessments. Customer is responsible for all sales, use, and excise taxes, and any other similar taxes and charges imposed by federal, state or local governmental or regulatory authority on any amounts payable by Customer hereunder, other than taxes imposed on Company’s income. 8. TERM, TERMINATION AND SUSPENSION 8.1 Term; Renewals. Subject to earlier termination as provided below, this Agreement is for the Initial Service Term as specified in the Order Form, and will be automatically renewed for one (1) year periods (collectively, the “Term”) unless either party gives notice of non-renewal by the later of: (a) three (3) months before the end of the Term, or (b) ten (10) days after the Company gives notice of a Fee increase pursuant to Section 7.1 mentioned above. 8.2 Termination for Breach. In addition to any other remedies it may have, either party may also terminate this Agreement upon thirty (30) days’ notice (or without notice in the case of nonpayment), if the other party materially breaches any of the terms or conditions of this Agreement and fails to cure such breach within thirty (30) days of being notified. Any breach of confidentiality obligations under section 4 of this Agreement shall be excluded from such cure period. 8.3 Termination for Insolvency. Either party may also terminate this Agreement with immediate effect and upon written notice if the other party ceases to operate, declares bankruptcy, or becomes insolvent or otherwise unable to meet its financial obligations. 8.4 Effect of Termination. Customer will pay in full for the Services up to and including the last day on which the Services are provided. Upon any termination, Company will make all Customer Data available to Customer for electronic retrieval for a period of thirty (30) days, but thereafter Company may, but is not obligated to, delete stored Customer Data. All sections of this Agreement which by their nature should survive termination will survive termination, including, without limitation, accrued rights to payment, confidentiality obligations, warranty disclaimers, and limitations of liability. 8.5 Company may suspend the use of or access to the Services and/or the software from time to time: (a) to perform routine or emergency maintenance; (b) to implement service changes and Updates to the software; (c) if Company reasonably believes that Customer’s use of the software could adversely impact other Customers’ use of the software; (d) if there is suspected unauthorized third party access to the software; (e) if Company reasonably believes that it is required to suspend immediately to comply with applicable law; (f) to mitigate issues caused by any acts or omissions of third parties or issues with any Internet infrastructure; (g) if Customer is in default of its payment obligations to Company; or (h) Customer is in breach of its obligations in Section 2 or if the software is, in Company’s reasonable opinion, being misused by the Customer. Any such suspension or resulting downtime will be limited to the minimum extent necessary in the circumstances, as determined by Company. 9. WARRANTIES AND DISCLAIMER 9.1 Each party warrants that: (a) it is a corporation or other entity duly organized and validly existing under the laws of the jurisdiction in which it was incorporated or organized; and (b) it has all requisite corporate power and authority to execute and deliver this Agreement and perform its obligations under this Agreement. 9.2 Customer represents, covenants, and warrants that Customer will use the Services only in compliance with the terms and conditions of this Agreement and all applicable laws and regulations. 9.3 Company warrants to provide Services in a manner which minimizes errors and interruptions in the Services and shall perform the implementation services in a professional and workmanlike manner. Company warrants that the Services, in unmodified form when used solely as authorized by this Agreement, will perform in all material respects in accordance with the specifications in the Documentation for a period of sixty (60) days from the first date of access by Customer. If during this warranty period, Customer demonstrates to Company that the Services do not perform in all material respects in accordance with the Documentation, then Company shall use commercially reasonable efforts to correct such non-performance or replace the Services with equivalent functionality; provided that if the Company determines neither of these options is commercially feasible, then Company shall provide a pro-rata refund of any prepaid Fees, calculated as of the effective date of termination, and terminate this Agreement without further liability. 9.4 Services may be temporarily unavailable for scheduled maintenance or for unscheduled emergency maintenance, either by Company or by third-party providers, or because of other causes beyond Company’s reasonable control, but Company shall use reasonable efforts to provide advance notice in writing or by e-mail of any scheduled service disruption. HOWEVER, COMPANY DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR FREE; NOR DOES IT MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE SERVICES. EXCEPT AS EXPRESSLY SET FORTH IN THIS SECTION, THE SERVICES ARE PROVIDED “AS IS” AND COMPANY DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. 10. INDEMNITIES 10.1 Company Indemnification. Company shall hold Customer harmless from liability to third parties resulting from (a) infringement by the Service of any United States patent or any copyright or misappropriation of any trade secret, (b) gross negligence or willful misconduct in performance, or (c) violation of applicable laws, provided Company is promptly notified of any and all threats, claims and proceedings related thereto and given reasonable assistance and the opportunity to assume sole control over defense and settlement; Company will not be responsible for any settlement it does not approve in writing. The foregoing obligations do not apply with respect to portions or components of the Service (a) not supplied by Company, (b) made in whole or in part in accordance with Customer specifications, (c) that are modified after delivery by Company, (d) combined with other products, processes or materials where the alleged infringement relates to such combination, (e) where Customer continues allegedly infringing activity after being notified thereof or after being informed of modifications that would have avoided the alleged infringement, or (f) where Customer’s use of the Service is not strictly in accordance with this Agreement. If, due to a claim of infringement, the Services are held by a court of competent jurisdiction to be or are believed by Company to be infringing, Company may, at its option and expense (i) replace or modify the Service to be non-infringing provided that such modification or replacement contains substantially similar features and functionality, (ii) obtain for Customer a license to continue using the Service, or (iii) if neither of the foregoing is commercially practicable, terminate this Agreement and Customer’s rights hereunder and provide Customer a refund of any prepaid, unused fees for the Service. THIS SECTION 10.1 SETS FORTH CUSTOMER’S SOLE REMEDIES AND COMPANY’S SOLE LIABILITY AND OBLIGATION FOR ANY ACTUAL, THREATENED, OR ALLEGED CLAIMS THAT THE SERVICES INFRINGE, MISAPPROPRIATE, OR OTHERWISE VIOLATE ANY INTELLECTUAL PROPERTY RIGHTS OF ANY THIRD PARTY. 10.2 Customer Indemnification. Customer hereby agrees to indemnify and hold harmless Company, its affiliates, stakeholders, officers, directors, employees, and agents against any damages, losses, liabilities, settlements and expenses (including without limitation costs and attorneys’ fees) in connection with any claim or action that arises from an alleged violation of the Customer’s obligations hereunder, violation of applicable laws. Company may monitor Customer’s use and Authorized Users use of the Services and prohibit any use of the Services it believes may be (or alleged to be) in violation of the foregoing. 11. LIMITATION OF LIABILITY IN NO EVENT SHALL EITHER PARTY’S AGGREGATE LIABILITY EXCEED THE AMOUNTS ACTUALLY PAID BY CUSTOMER IN THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO SUCH CLAIM. IN NO EVENT SHALL EITHER PARTY AND/OR ITS LICENSORS BE LIABLE TO ANYONE FOR ANY INDIRECT, PUNITIVE, SPECIAL, EXEMPLARY, INCIDENTAL, CONSEQUENTIAL, OR OTHER DAMAGES OF ANY TYPE OR KIND (INCLUDING, REVENUE, PROFITS, USE, OR OTHER ECONOMIC ADVANTAGE) ARISING OUT OF, OR IN ANY WAY CONNECTED WITH THIS SERVICE, INCLUDING BUT NOT LIMITED TO THE USE OR INABILITY TO USE THE SERVICE, OR FOR ANY CONTENT OBTAINED FROM OR THROUGH THE SERVICE, ANY INTERRUPTION, INACCURACY, ERROR, OR OMISSION, REGARDLESS OF CAUSE IN THE CONTENT, EVEN IF THE PARTY FROM WHICH DAMAGES ARE BEING SOUGHT HAVE BEEN PREVIOUSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 12. FORCE MAJEURE Neither party shall be liable for, nor shall either party be considered in breach of this Agreement due to, any failure to perform its obligations under this Agreement as a result of a cause beyond its control, including but not limited to, act of God or a public enemy, act of any military, civil or regulatory authority, change in any law or regulation, fire, flood, earthquake, storm, pandemic, or other like event, disruption or outage of communications (including an upstream server block and Internet or other networked environment disruption or outage), power or other utility, labor problem, or any other cause, whether similar or dissimilar to any of the foregoing, which could not have been prevented with reasonable care and making it impossible, illegal, or otherwise impracticable to perform the obligations of this Agreement.. The party experiencing a force majeure event, shall use commercially reasonable efforts to provide notice of such to the other party. 13. AUDIT Customer agrees to allow Company the right to audit the access and use of the software/Services by the Customer once in a calendar year Customer shall cooperate with the audit, including providing access to any books, computers, records or other information that relate to the access and use of the software/Services by the Company. Company shall ensure that such audit will not unreasonably interfere with Customer’s business activities. In the event the audit reveals unauthorized access, use, reproduction or other exploitation of software or access and use of the software in violation of the terms of this Agreement, Customer shall reimburse Company all cost and expenses incurred by the Company for such audit, in addition to such other rights and remedies that Company may have. 14. MISCELLANEOUS 14.1 If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable. 14.2 No amendment or modification of this Agreement is effective unless it is in writing and signed by an authorized representative of each Party. No waiver by any Party of any of the provisions herein will be effective unless expressly set forth in writing and signed by the Party waiving such provision(s). No failure to exercise any right, remedy, power, or privilege arising under this Agreement will operate as a waiver thereof. 14.3 This Agreement is not assignable, transferable or sublicensable by Customer except with Company’s prior written consent. Company may transfer and assign any of its rights and obligations under this Agreement without consent. 14.4 This Agreement together with its exhibits, the Order Form and any applicable SOW are the complete and exclusive statement of the mutual understanding of the parties and supersede and cancel all previous written and oral agreements, communications and other understandings relating to the subject matter of this Agreement, and that all waivers and modifications must be in a writing signed by both parties, except as otherwise provided herein. In the event of any inconsistency between these Terms and Conditions, the Exhibits, and the Order Form, the following order of precedence governs: (i) the Order Form, (ii) these Terms and Conditions, (iii) any other Exhibits, and (iv) any other documents incorporated herein by reference. 14.5 In any action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover costs and attorneys’ fees. 14.6 All notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; the day after it is sent, if sent for next day delivery by recognized overnight delivery service; and upon receipt, if sent by certified or registered mail, return receipt requested. 14.7 Company is an independent contractor to Customer and is not in any partnership, joint venture, fiduciary, employment, agency or other relationship with Customer. Neither party to this Agreement has the power to bind the other. 14.8 This Agreement shall be governed by the laws of the State of Delaware without regard to its conflict of laws provisions. 14.9 Disputes and claims arising out of or related to this Agreement first will be submitted to senior management of both parties for amicable resolution and settlement. If the parties cannot settle the matter within thirty (30) days of a written request by either party to begin dispute resolution proceedings hereunder, the dispute or claim shall be submitted to and resolved exclusively by confidential arbitration conducted in accordance with American Arbitration Association rules, with one (1) arbitrator appointed to conduct arbitration and arbitration taking place in a mutually agreed location. Any decision in arbitration shall be final and binding upon the parties. Judgment may be entered thereon in any court of competent jurisdiction. 14.10 THE PARTIES EXPRESSLY WAIVE ANY RIGHT TO A TRIAL BY JURY IN ANY PROCEEDING ARISING UNDER OR RELATED TO THIS AGREEMENT. Notwithstanding the foregoing, each party reserves the right to file a suit or action in any court of competent jurisdiction as such party deems necessary to protect its intellectual property rights, or to seek injunctive relief. Each Party acknowledges that a breach or threatened breach of its obligations under Section 4 (Confidentiality) or Section 6 (Intellectual Property), may cause the other Party irreparable harm for which monetary damages may not be an adequate remedy and agrees that, in the event of such breach or threatened breach, the other Party will be entitled to equitable relief, including a restraining order, injunction, specific performance, or other relief that may be available from any court, without the requirement to post bond or other security or provide actional damages or monetary damages are not an adequate remedy. Such remedies are not exclusive and are in addition to all other remedies that m ay be available at law, in equity, or otherwise. 15. DEFINITIONS. "Aggregated Statistics” shall mean data and information related to Customer’s use of the Services that is used by the Company in an aggregate and anonymized manner, including to compile statistical and performance information related to the provision and operation of the Services. "Authorized Users” shall mean Customer’s employees, consultants, contractors, and agents who are authorized by Customer to access and use the Services under the rights granted to Customer pursuant to this Agreement and for whom access to the Services have been purchased under this Agreement. “Documentation” shall mean any manuals, instructions, or other materials that Company makes available to Customer, which describe the functionality, components, features, or requirements of the Services. “Intellectual Property Rights” shall mean any and all registered and unregistered rights granted, applied for, or otherwise now in existence under or related to any patent, copyright, trademark, trade secret, database protection, or other intellectual property rights laws globally. “Services” shall mean the software-as-a-service offering described in Exhibit A. “Third-Party Products” shall mean any third-party products made available through the Service. PATHLOCK INC <> By: By: Name: Piyush Pandey Name: Title: CEO Title: Date: Date: EXHIBIT A PATHLOCK TECHNICAL SUPPORT POLICY “Build customer trust and relationships through Expertise, Communication and Customer Success.” Table of Contents Supported Customers 3 Supported Languages 3 Supported Products 3 Defining a Primary and Secondary Contact 3 Number of Customer Contacts Approved to Contact Pathlock Support 3 Contacting Support 3 Business Hours 4 Holidays 4 Home Region 4 Severity Levels and Response Times 4 Enhancements or Feature Requests – Severity 5 5 Ticket Escalation 5 Ticket Closure 5 Ticket Re-Open 5 Ticket Auto Closure 6 Software Updates 6 Version Support 6 End of Life (EOL) Support 6 Covered Services 6 Not Covered Under this Support Policy 6 Customer Responsibilities 7 Independent Contractors 7 Scheduled Maintenance 7 Upgrades and New Releases 7 Pathlock Cloud Availability 8 Requirements to Apply for Credit 8 Credits Towards Renewal Subscription Cost 8 Definitions 10 Terms 10 Supported Customers Customers that have a valid license or subscription, in good standing (current and supported ERP system) regarding maintenance and/or subscription are supported under this support policy. In instances where a customer does not have a valid license, subscription or not in current and a ticket has been opened, the customer success manager or sales executive will be notified. The ticket will not be worked by support until the customer returns to a good standing status. Supported Languages Support will be provided in English as the standard. If another language is requested by the customer, Pathlock will do so on a “best effort” to provide support in that language. Supported Products All active Pathlock products are covered under this support policy though offerings could vary per product as defined in Table 1. Product Line Legacy Product Name Coverage Available Notes Pathlock Cloud Profile Tailor 24x7 Severity 1 and escalated issues handled 24x7 ASP, A360, PUX 8 am – 8 pm BST 8 am – 8 pm Eastern Time Team availability outside business hours dependent on team availability. Request two (2) weeks’ notice for planned assistance or scheduled assistance if outside of business hours. Greenlight SAST Security Weaver QSoftware * 24/7 response is for Pathlock Cloud (PLC) only and Severity 1 issues as defined in Table 4. Table 1: Coverage Hours by Product Defining a Primary and Secondary Contact To protect our customers and ensure that the Pathlock teams only provide authorized customer personnel access and support and the ability to work on tickets a primary and secondary technical contact will be required. In the case that any personnel require access to the portal or have their access rights removed, the named primary or secondary contact should speak with Pathlock Customer Success, Support Management, or their Sales Executive. Number of Customer Contacts Approved to Contact Pathlock Support The Primary or Secondary technical contact can authorize up to five (5) contacts that Pathlock will assist. If the customer requires more authorized contacts, contact your customer success at: csm@pathlock.com . Contacting Support Pathlock Support can be contacted via the customer portal or by phone. The customer portal is fully mobile friendly to open and manage your tickets. See Table 2 for additional information. For Severity 1 issues Pathlock support should be contacted by phone. In down situations, we want to route you to a live team member as quickly as possible. You can open a ticket via the portal and then contact our team or simply call and we will be happy to open the ticket. Web Access / Region URL or Phone Customer Portal https://support.pathlock.com Americas US +1 303 218 9157 EMEA UK +44 20 4524 5116 APAC India +91 20 7127 9922 Philippines +63 32 887 2014 Table 2: Pathlock Support Phone Numbers by Region Business Hours Pathlock’s support business hours are defined by region in Table 3 below. Business hours are established by the customer’s defined Home Region with the exception of Pathlock Cloud which has 24x7 Support for Severity 1 issues. For customers who have global teams, the response times are defined in Table 4 and follow the customers Home Region and Severity Level response. Region Location Used Business Hours Americas New York, Eastern Time 8 am – 8 pm EMEA UK, BT 8 am – 8 pm APAC India, Bangalore 8 am – 8 pm Holidays Pathlock holidays are statutory as defined by country within a region. Pathlock follows the United States, United Kingdom, and India statutory holidays. During holidays we will cover Severity 1 issues for products that have Severity 1, 24x7 support. All other severities will be responded to during normal business hours as defined in Table 1. Home Region To ensure customers receive the best support for lower severity issues, a Home Region can be defined to align with your helpdesk if does not reside in local company hours. Home Region defaults to the company location of purchase but can be changed to Americas, EMEA or APAC by your Customer Success Manager. The Home Region can be changed but must remain in effect for a minimum of six (6) months from date of change. Table 3: Business Hours Severity Levels and Response Times Customer categorizes support in relation to the severity as defined in Table 4. After review of the problem the severity can be changed by the Pathlock Support Team and properly messaged to the customer ticket owner. To ensure Severity 1 response times are met a call into our support center using any of the phone numbers in Table 2 is required. For Severity 1 issues we want to react as quickly as possible and transfer you to a team member as soon as possible. Failure to call into our support enter for a Severity 1 negates the documented response times. Continue to next page for table. Severity Level Definition Support Response Times Severity 1 (Critical Down) Customer down or a significant percentage (30% or more) business/workforce is negatively affected or inhibited. Not to exceed 1-hour during business hours.* * Need to call into the Pathlock dispatch center for Severity 1 Severity 2 (Business Highly Effected) Product or Subscription Services are stopped or severely impacted, 20% to 30% of the customer users cannot perform their business operations. Not to exceed 4 business hours* *Regional business hours are defined in Table 1. Americas - (US Eastern time) EMEA – (UK BST) APAC – India (IST) Severity 3 (Some effect on Business) Some functionality is affected but customer can continue to work and perform most operations 24 Business Hours (next day) Severity 4 (Minimal Business Effect) Minor issue or impact to the customer or operation. 24 Business Hours (next day) Severity 5 (Enhancement or Feature Request) Feature Request - A requested feature or functionality that the product is not intended or documented to perform 48 Business Hours (two-day response) Table 4: Support Severity Levels and Response Times Enhancements or Feature Requests – Severity 5 Feature or Enhancements requests are reviewed periodically by the Product Management Team. Though support will respond within 48 Business hours, new features, if implemented, are documented in the product release notes. Note that Product Management does review features for product form, fit and feasibility. Ticket Escalation If a ticket needs to be escalated, best method is to contact us via any of our phone numbers in Table 2 and request an escalation. Have your ticket number for the representative so they can quickly escalate. You can additionally request to speak with the Regional Manager or Director to assist with the escalation. The support representative will notify the Regional Manager or Director that an escalation by customer has occurred with the details. If you do not want to contact our call center, you can alter the Severity field in the ticket, but response times may be delayed. Ticket Closure Tickets are closed when an issue is resolved. Customers can request that a ticket remains open for verification up to three (3) day. In these situations, one of our support team members will follow-up on the third day to ensure the ticket can be closed. Ticket Re-Open If an issue reoccurs within ten (10) business days, a customer can call into our support team and have the ticket reopened. For a ticket reopen the issues must be the same. If a ticket is requested to be reopened and the issue differs, a new ticket will be created. Ticket Auto Closure If a ticket is opened and a customer does not respond, a solution is provided with no customer response to the Pathlock’s team outreach over ten (10) business days the ticket will be auto closed. There are three (3) outreaches as defined below: 1. Day 1 within SLA when ticket is originated. 2. Day 3 by Phone and/or Email if no response to Day 1. 3. Day 5 by Phone and/or email if no response to Day 3. The ticket will auto close on day 10. A customer can call in within ten (10) business days and have the ticket reopened. After then (1) business days a new ticket is required. The auto-closed ticket will retain the outreach attempts via phone and email. Software Updates From time-to-time updates are available to our customers. All installation and implementation of the Updates will be performed by Customer. Should Customer require assistance, support is happy to assist but must be scheduled with two (2) weeks’ notice to ensure team member availability. Support will assist/perform any upgrade of two (2) hours or less. If the upgrade is complex or will exceed two hours a SOW from our professional services team will be required. Version Support Technical support is provided on current and one previous (major or minor) release of Pathlock software. Software that was modified, altered, or used upon unsupported platforms as documented in the Product release notes is not supported. End of Life (EOL) Support In instances where the product has met End of Life (EOL) or documented version/product lifecycle, Pathlock reserves the right to not support those releases and it is the customers responsibility to upgrade and become current. Covered Services The following services are covered under this support policy: • Technical assistance or product knowledge via phone, email, or remote sessions for break/fix for Pathlock software issues. • Access to product documentation, support portal and knowledge base. • Resolve technical issues with product as defined by severity and response time in this document. • Defect resolution of product issues based on severity. • Upgraded versions of software, features through major and minor releases. Not Covered Under this Support Policy • Onsite Support • Performance troubleshooting outside of the product such as but not limited to network, internet connectivity, load balancers, ERP Systems or like. • Pathlock is not responsible for problems that occur as a result of the use of the Licensed Software in conjunction with non-Pathlock software or with hardware which is incompatible or not the recommended configuration with the version of the licensed Software provided.: • Software used in violation of the licensing agreement. • Licensed software or hardware that does not meet the defined specifications or requirements for use. (server installed) • System software such as but not limited to operating systems, system utilities and libraries and drivers that are not approved by Pathlock. • Modified license Pathlock software, other than by Pathlock, to work within an environment that it was not designed for. • Pathlock is not responsible for outages, unexpected behavior, feature implementation or issue resolution, that have been created by a non-approved/certified partner or third-party support organization. • Pathlock shall not be obligated to repair or replace any Product if such repair or replacement is caused in whole or in part by: error, neglect, misuse, abuse or negligent acts of the Customer or a third party, including failure by the Customer to follow Pathlock’s installation, operation, or maintenance instructions and specifications, improper or unauthorized connection with any peripheral; external electrical fault; or alteration, modification, service or repair performed otherwise than by Pathlock or with Pathlock’ permission. • Downtime of systems such as but not limited to SAP, Oracle, PeopleSoft that affect Pathlock on-premise or cloud solutions. Customer Responsibilities Customer Obligation to troubleshooting – Customer agrees that it is their responsibility to assist in solving any issue, including: 1. Reproduction of the problem. 2. Diagnosing trouble condition. 3. Isolating use case triggering the problem. 4. Capturing trace data for the problem case. 5. Eliminating customer-created software as the cause of the problem. 6. Collecting any additional data Pathlock needs to fully diagnose root cause. 7. Provide a contact that will be responsible for resolution of the problem. 8. Load test and penetration test are the responsibility of the customer such as but not limited to database access etc. 9. Production go live for Pathlock ASP product. Note: If Customer fails to provide adequate assistance in the aforementioned areas, and the problem is found to be outside of Pathlock’s solution, hourly charges may apply. Independent Contractors Pathlock and Customer are independent contractors, and nothing contained in this Agreement shall be construed to constitute Pathlock and Customer as partners, employer-employee, joint venturers, co-owners or otherwise. Scheduled Maintenance “Scheduled Maintenance” means any time associated with the installation of service packs or major release or version upgrades. All “Scheduled Maintenance” shall be performed during off-peak business hours. In rare instances an emergency patch/upgrade may need to be applied. In these instances, we will notify customers via email to ensure visibility as best possible. Upgrades and New Releases Pathlock will provide best effort to notify Customers with a minimum of thirty-day (30) days’ notice for new releases and service packs. Additionally, Pathlock will provide Customer with a minimum of sixty (60) days’ advance notice of major release and version upgrades. Pathlock Cloud Availability (a) “Availability” is measured on a calendar month basis and is calculated as follows. Availability = Base time – Downtime Base time X 100% (b) “Base time” means 24 hours per day, seven days per week, 365 days per year, less Scheduled Maintenance. (c) “Downtime” means the time during which the Service is not Available. Each instance of Downtime commences when the Service ceases to be Available and ends when the cause of failure is corrected, and the Service is restored to normal operation. Downtime does not include scheduled or emergency maintenance, any outage determined to be a result of Customer’s breach of the Agreement or any other acts or omissions of Customer, or a result of a failure of outside services or equipment outside of Pathlock’s control, including Customer’s Equipment, or any force majeure event. NOTE: Changes in or with functional ERP systems (i.e. Configuration or Upgrades of SAP or Oracle) that affect Pathlock software after said changes are not considered an outage though Pathlock will work as quickly as possible to resolve the issue. Requirements to Apply for Credit Pathlock will provide the Service with Availability of not less than 99.70%. Pathlock will issue to Customer the following credits if Pathlock does not achieve the following levels of availability more than two times in the same calendar month. The customer is: • Required to open a ticket in the support system so that the support team can look at the issue and verify it is not outside the Pathlock solution such as an ISP provider. • Pathlock will credit towards the annual subscription cost based on the below table if failed uptime occurs two (2) times in a calendar month. • The support ticket will be used as verification of outage for subscription credit. • Customer will notify Pathlock in the event of any Downtime. Customer may report Downtime, but under no circumstances will Customer be required to open a trouble ticket or otherwise identify any Downtime or other performance failure. • Upon Customer’s reasonable request, Pathlock will provide to Customer for each applicable period a report showing the calculation of service credits (or showing calculation that does not result in service credits) The service credits are Customer’s sole and exclusive remedy and Pathlock’s sole and exclusive liability for Pathlock’s breach of this Exhibit A. • Customer may terminate the Agreement with regard to the applicable Service(s) if Availability fall below the warranted level for six (6) out of eight (8) consecutive weeks. • Administration of Availability Monitoring. Credits Towards Renewal Subscription Cost Pathlock will issue to Customer the following credits if Pathlock does not achieve the following levels of Availability as defined in Table 4. Monthly Uptime Percentage Service Credit Percentage Less than 99.7% but equal to or greater than 99.0% 5% Less than 99.0% but equal to or greater than 95.0% 10% Less than 95.0% 30% Table 4: Credits based on two outages in a calendar month Appendix Definitions a. “Service” means the support and maintenance services purchased by Customer from Pathlock under the terms of this Agreement. b. “Software” or "Product" means the Pathlock’s licensed software solution that has been agreed between the Parties to be used by Customer. c. “Major Release” means significant software version releases. This includes additional software functionality/capabilities and/or any major Product enhancements that Pathlock may hereafter develop and make generally available to its licensees. A Major Software version may be expressed as 10.X. d. “Update” means any minor functionality, modification, or enhancement of the Product, e. including patches, bug fixes and maintenance releases that Pathlock may hereafter develop and make generally available to its licensees. Updates are represented by a number change to the right of the decimal point of the Version of the Product. An update refers to licensed Software changing from X.1 to X.2 for example. The content and timing of all updates will be determined by Pathlock. f. “Work-Around” means a temporary solution or fix that restores operational capability. A workaround may not require a software fix or correction. Terms a. A Service is “Available” when, and only when, all functionality described in the Documentation is accessible to each Customer user at the Demarcation Point. A Service is not Available if its response or processing time is degraded to the point where users experience a material degradation in their ability to submit data to, have data processed, or receive data back from the Service. b. “Demarcation Point” refers to the point where the public available network infrastructure meets the customer’s internal network infrastructure.