Mindmatrix Terms of Use

Last updated February 28, 2025

Prior to using the Mindmatrix Platform, please read these terms of service. These terms are incorporated by reference into the Subscription & Services Master Agreement ("SSMA") and/or Statement of Work ("SOW") executed by the party identified as Customer in the SSMA (the "Customer") and Mindmatrix, Inc., and its subsidiaries and affiliates ("Mindmatrix"). Pursuant to these terms, Customer shall have the right to access and use the Mindmatrix platform. These terms, the SSMA, SOW, and any related Addendums, together form a binding and executed written agreement between Customer and Mindmatrix, effective as of the last date of execution of the SSMA.

1. Definitions:

   1. "Authorized Partner" means any third-party channel partners of Customer for which Customer has issued an Authorized Partner license to enable their access and use of the Mindmatrix Platform and any Mindmatrix Content.

   2. "Customer Content" means information, data, text, content, videos, images, audio clips, photos, graphics, and / or other types of content, information and/or data posted, provided and/or uploaded to the Mindmatrix Platform by Customer, or which is provided to Mindmatrix by Customer to be uploaded on their behalf.

   3. "Intellectual Property Rights" mean any and all now known or hereafter existing

      1. rights associated with works of authorship, including copyrights, mask work rights, and moral rights,

      2. trademark or service mark rights

      3. trade secret rights

      4. patents, patent rights, and industrial property rights

      5. layout design rights, design rights, and other proprietary rights of every kind and nature other than trademarks, service marks, trade dress, and similar rights.

   4. "Partner Content" means information, data, text, content, videos, images, audio clips, photos, graphics, and/or other types of content, information and/or data posted, provided and/or uploaded to the Mindmatrix Platform by an Authorized Partner to and through the Mindmatrix Platform or which is provided to Mindmatrix by Customer or Authorized Partner to be uploaded on their behalf.

   5. "Partner Portal" means any interface of the Mindmatrix Platform to which Authorized Partners are provided access.

   6. "Mindmatrix Content" means the owned or licensed content available to Customer and Authorized Partners through the Mindmatrix Platform, including without limitation any

      1. support and training documentation whether in physical or digital format (including videos or other digital media files), or

      2. any analytics derived from aggregated anonymized inputs to and usage of the Mindmatrix Platform by its customers.

2. Mindmatrix Platform

   1. Mindmatrix Platform. Mindmatrix shall make the Mindmatrix Platform available to Customer pursuant to the terms and conditions of this Agreement. Customer's subscription purchase to the Mindmatrix Platform is not dependent on any future functionality or features.

   2. Customer Access. Mindmatrix will make the Mindmatrix Platform available, on a subscription basis, to Customer and individuals who are authorized by Customer to use the Mindmatrix Platform on behalf of the Customer and who have been supplied user identification and passwords by Customer (or by Mindmatrix at Customer's request), including employees, consultants, contractors, and agents of Customer ("Users" or "Admin Users"). Mindmatrix hereby grants Customer and its Users a limited, non-exclusive right to access the Mindmatrix Platform and receive support during the Service Term, including the specific access rights and limitations set forth in the SSMA. Professional Services may be purchased by Customer at Mindmatrix's then current rates and shall be detailed in the corresponding SOW (the "Professional Services" or "Services").

   3. Authorized Partner Access. Customer may invite Authorized Partners to access the Mindmatrix Platform using the registration process to be established during the initial implementation process, and subsequent updates to this registration process, if any. The number of Authorized Partner licenses initially purchased by Customer will be specified in the corresponding SOW to be mutually agreed upon with Mindmatrix. If at any time during the SSMA term, Customer wishes to increase the number of Authorized Partner licenses, it may do so by contacting Mindmatrix directly. Unless specifically agreed to in the SOW.

3. Use of Content

   1. Customer Content. Customer retains all rights, title, and interest in and to any Customer Content uploaded into the Mindmatrix Platform and/or provided to Mindmatrix in connection with any Professional Services engagement (except for the Mindmatrix Content), as well as Customer's other Confidential Information provided to Mindmatrix during the term of this Agreement and/or any related Orders. Customer is responsible for the collection of and nature of its Customer Content and any Authorized Partner's content. Customer acknowledges Mindmatrix's Privacy Policy as available at https://www.mindmatrix.net/
      mindmatrix-privacy-policy/. Customer hereby grants Mindmatrix a limited license, during the term of this Agreement and any related SOWs, to use the Customer Content solely in connection with the provision of the Services to be provide to Customer by Mindmatrix. Upon termination of Services by Customer, Customer shall have up to the effective date of termination to retrieve its Customer Content from the Mindmatrix Platform. After such termination date, Mindmatrix shall have no obligation to maintain or provide any Customer Content and shall thereafter, unless legally prohibited, delete all Customer Content in Mindmatrix's systems (the "Systems") or otherwise in its possession or control.

   2. Mindmatrix Content. Mindmatrix shall provide Customer and the Authorized Partner access to the Mindmatrix Content. Customer:

      1. will only use the Mindmatrix Content as provided by Mindmatrix;

      2. will not and infringe or misappropriate the Intellectual Property Rights Mindmatrix or of others in the Mindmatrix Content;

      3. will not use the Mindmatrix Content to violate the privacy, publicity, or other rights of third parties or any other law, statute, ordinance or regulation;

      4. will not use the Mindmatrix Platform or the Mindmatrix Content to send unsolicited email messages including unsolicited bulk emails, where such emails could reasonably be expected to provoke complaints ("spam");

      5. will not use or allow the Mindmatrix Platform or the Mindmatrix Content to become defamatory or harmful to minors, obscene, or pornographic; and

      6. will not misrepresent the source of the Mindmatrix Content. Customer will ensure that Authorized Partners comply with the terms of this Section when using the Mindmatrix Content.

4. Customer Responsibilities

   1. Security. Customer will notify Mindmatrix immediately if it learns of any unauthorized use of the Mindmatrix Platform or any other known or suspected breach of security, including as outlined in Schedule B (Data Processing Agreement). Mindmatrix reserves the right to take any action Mindmatrix deems necessary or reasonable to ensure the security of the Mindmatrix Platform and Customer's account, including suspending Customer's access, changing passwords, or requesting additional information to authorize activities related to Customer's account.

   2. Restrictions. Customer will not directly or indirectly use the Mindmatrix Platform or the Mindmatrix Content to create, or assist a third party to create, any software, service, product, or solution that competes with the Mindmatrix Platform.

   3. Credentials. Customer shall use all reasonable effort to ensure that its Users protect their unique user identification name and not make them available to persons or entities not authorized to use the Mindmatrix Platform. Mindmatrix will only store user's passwords in encrypted form. Mindmatrix personnel will not be able to read User's passwords.

   4. Use Guidelines. Customer and its Users shall use the Mindmatrix Platform for internal business purposes as contemplated by this Agreement and shall not:

      1. willfully tamper with the security of the Mindmatrix Platform or tamper with other customer accounts of Mindmatrix,

      2. access data on the Mindmatrix Platform not intended for Customer,

      3. attempt to probe, scan or test the vulnerability of any Systems or to breach the security or authentication measures without proper authorization;

      4. willfully render any part of the Mindmatrix Platform unusable;

      5. lease, distribute, license, sell or otherwise commercially exploit the Mindmatrix Platform or make the Mindmatrix Platform available to a third party other than as contemplated in this Agreement;

      6. attempt to reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code, object code, or underlying structure, ideas or algorithms in the Mindmatrix Platform;

      7. share the Mindmatrix Platform with any third party not explicitly authorized by Mindmatrix or otherwise for the benefit of a third party.

5. Confidentiality

   1. As used herein, "Confidential Information" means all confidential information of a party ("Disclosing Party") disclosed to the other party ("Receiving Party") that is either designated in writing as confidential or due to its subject or content would reasonably be considered confidential in nature. Confidential Information shall not include information which:

      1. is known publicly;

      2. is generally known in the industry before disclosure;

      3. has become known publicly, without fault of the Receiving Party, subsequent to disclosure by the Disclosing Party; or

      4. has been otherwise lawfully known or received by the Receiving Party.

   2. The Receiving Party shall not disclose or use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement, except with the Disclosing Party's prior written permission. The Receiving Party agrees to keep confidential all Confidential Information disclosed to it by the Disclosing Party, and to protect the confidentiality thereof in the same manner as it protects the confidentiality of its own (at all times exercising at least a reasonable degree of care in the protection of Confidential Information). If the Receiving Party is compelled by law to disclose Confidential Information of the Disclosing Party, it shall provide the Disclosing Party with prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at Disclosing Party's cost, if the Disclosing Party wishes to contest the disclosure. The Receiving Party agrees that monetary damages for breach of confidentiality hereunder may not be adequate and that, if necessary, the Disclosing Party shall be further entitled to injunctive relief.

6. Data Protection

   1. To the extent Mindmatrix processes any personal identifiable information ("PII") under this Agreement, Mindmatrix and Customer shall comply with their respective obligations outlined in Schedule B (Data Processing Agreement) attached hereto. Any PII that constitutes Confidential Information shall be subject to the terms of Schedule B, attached hereto.

7. Warranties

   1. Customer's Warranties. Customer represents, and warrants Customer has all rights and licenses necessary to upload the Customer Content and to grant the User and Authorized Partner licenses granted hereunder. In addition, Customer represents, warrants that the Customer Content:

      1. will not and do not infringe or misappropriate the Intellectual Property Rights of others;

      2. will not and do not violate the privacy, publicity, or other rights of third parties or any other law, statute, ordinance or regulation;

      3. are not and will not become defamatory or harmful to minors, obscene, or pornographic;

      4. will not and do not misrepresent the source of the Customer Content; and

      5. will not violate, or encourage anyone to use the Mindmatrix Platform to conduct illegal activity or any conduct that would violate any applicable law or regulation or would give rise to civil liability.

   2. Mindmatrix Warranties. Mindmatrix warrants that the Mindmatrix Platform will operate in a manner consistent with general industry standards reasonably applicable to the provision hereof. Mindmatrix also warrants that the Mindmatrix Content is the property of Mindmatrix, or that it has the proper licenses to use and sub-license the Mindmatrix Content.

   3. Data Security and Warranty. Mindmatrix has implemented Appropriate Security Measures and maintains the Mindmatrix Platform with and at reputable third-party Internet service providers and co-location facilities. "Appropriate Security Measures" means commercially reasonable efforts to ensure that the Customer Content will be maintained accurately, as well as technical and physical controls to protect Customer Content against destruction, loss, alteration, unauthorized disclosure to third parties or unauthorized access by employees or contractors employed by Mindmatrix, whether by accident or otherwise in accordance with Schedule C attached hereto.

   4. Additional Warranties. Additional warranties are contained in the corresponding SSMA between Mindmatrix and Customer, and as such are incorporated by reference into this Agreement.

   5. Disclaimer of Warranties. Disclaimers of Warranties are contained in the corresponding SSMA between Mindmatrix and Customer, and as such are incorporated by reference into this Agreement.

8. INDEMNIFICATION

   1. Mindmatrix Indemnity. Mindmatrix shall defend, indemnify, and hold harmless (at Mindmatrix's expense), Customer and its officers, directors and employees from and against any claims, suits, or proceedings brought by a third party ("Claims") and all expenses, damages, costs, and liabilities relating thereto (including reasonable attorneys' fees) ("Losses"), in each case alleging that Customer's use of the Mindmatrix Platform in accordance with its intended purpose infringes any Intellectual Property rights of a third party. Mindmatrix shall have no liability for any Claim or demand arising from

      1. the use or combination of the Mindmatrix Platform or any part thereof with software, hardware, or other materials not developed or authorized by Mindmatrix if the Mindmatrix Platform or use thereof would not infringe without such combination;

      2. modification of the Mindmatrix Platform not authorized by Mindmatrix or performed by a party other than Mindmatrix, if the use of unmodified Mindmatrix Platform would not constitute infringement;

      3. caused by the Customer Content.

   2. Customer Indemnity. Customer agrees to indemnify, defend and hold Mindmatrix harmless against any loss, damage or costs (including reasonable attorney's fees) incurred in connection with Claims made or brought against Mindmatrix by a third party arising from or relating to the Customer's Content or the negligent use of the Mindmatrix Content or the Mindmatrix Platform by Customer and its Authorized Partners.

   3. Mutual Provisions. Each party's indemnity obligations may be further defined in explicit terms in the corresponding SSMA between Mindmatrix and Customer, and as such are incorporated by reference into this Agreement.

9. Limitation of Liability

   EXCEPT FOR DAMAGES ARISING FROM BREACHES OF CONFIDENTIALITY, EITHER PARTY'S INDEMNIFICATION OBLIGATIONS, OR ANY CLAIMS ARISING OUT OF GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, IN NO EVENT SHALL EITHER PARTY'S LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY EXCEED THE AMOUNT PAID OR PAYABLE BY CUSTOMER HEREUNDER IN THE TWELVE MONTHS PRECEDING THE INCIDENT GIVING RISE TO LIABILITY. IN NO EVENT SHALL EITHER PARTY HAVE ANY LIABILITY TO THE OTHER PARTY FOR ANY LOST PROFITS OR REVENUES OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER OR PUNITIVE DAMAGES HOWEVER CAUSED, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, AND WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING DISCLAIMER SHALL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW. NO ACTION AGAINST EITHER PARTY ARISING OUT OF THESE TERMS MAY BE BROUGHT BY THE OTHER PARTY MORE THAN TWO YEARS AFTER THE CAUSE OF ACTION BECOMES KNOWN.

10. TERM AND TERMINATION

    1. Term. Customer's initial term for the Mindmatrix Platform is contained in the SSMA between Mindmatrix and Customer, and as such is incorporated by reference into this Agreement.

    2. Termination. The conditions under which this Agreement may be terminated are contained in the corresponding SSMA between Mindmatrix and Customer, and as such are incorporated by reference into this Agreement.

    3. Survival. Sections 3, 4, 5, 6, 7, 8, 10, 11, and 12 shall survive the termination of the Agreement.

11. GENERAL PROVISIONS

    1. This Agreement, inclusive of the SSMA, SOW, any Addendums or additions thereto, constitutes the entire agreement and sets forth the entire understanding between Customer and Mindmatrix with respect to the subject matter hereof and supersedes all prior agreements and discussions with respect thereto.

    2. The parties to this Agreement are independent contractors and this Agreement does not create a joint venture or partnership between the parties; no party is by virtue of this Agreement authorized as an agent, employee or representative of the other party.

    3. If any provision of this Agreement is held to be unenforceable or illegal by a court of competent jurisdiction, such provision shall be modified to the extent necessary to render it enforceable, or shall be severed from this Agreement, and all other provisions of this Agreement shall remain in full force and effect.

SCHEDULE A

Mindmatrix Service Level Agreement

This Service Level Agreement ("SLA") between Mindmatrix and Customer governs the use of the Mindmatrix Platform under the provisions of this Agreement inherent and presented in the Mindmatrix Platform. Unless otherwise provided herein, this SLA is subject to the provisions of the SSMA and any corresponding SOWs.

1. DEFINITIONS

   1. "Maintenance" means scheduled unavailability of the Platform, as announced by Mindmatrix prior to the Platform becoming unavailable.

   2. "Monthly Uptime Percentage" is calculated by subtracting from 100% the percentage of minutes during the month in which the Platform is unavailable (average 43,800 minutes / month x 0.1%). Monthly uptime percentage measurements exclude downtime resulting directly or indirectly from any SLA exclusion.

   3. "Service Credit" means a credit denominated in US dollars, calculated as set forth below, that Mindmatrix may credit back to the Client.

   4. "Unavailable" and "Unavailability" mean, for app services and databases, when Client's service or database is not running or not reachable as a result of some action or inaction on the part of Mindmatrix. This excludes any down time noted below in section 6, "SLA Exclusions."

2. UPTIME

   1. Mindmatrix will use commercially reasonable efforts to make the Platform, running in dedicated environments, available with a monthly uptime percentage of at least 99.9% during any monthly billing cycle (the "Service Commitment").

   2. Subject to any identified exclusions contained herein, if Mindmatrix does not meet the Service Commitment, Customer will be eligible to receive a service credit as identified herein.

   3. A monthly uptime percentage of 99.9% means that Mindmatrix guarantees that Customer will experience no more than 43.84 min/month of unavailability. The formula for said calculation is stated in section 1, "Definitions."

3. SERVICE COMMITMENT AND SERVICE CREDITS.

   1. ervice Credits are calculated as a percentage of the total charges due on Customer's invoice for the monthly billing cycle in which the unavailability occurred, applied proportionally to the services that were unavailable, in accordance with the schedule below:

      1. For monthly uptime percentage less than 99.9%, but equal to or greater than 99.5%, Customer will be eligible for a service credit of 10% of the charges attributable to the affected resources.

      2. For monthly uptime percentage less than 99.5%, Customer will be eligible for a service credit of 25% of the charges attributable to the affected resources.

   2. Mindmatrix will apply any service credits against future payments for Mindmatrix Platform access otherwise due from Customer. Service credits will not entitle Customer to any refund or other payment from Mindmatrix.

   3. A service credit will be applicable and issued only if the credit amount for the applicable monthly billing cycle is greater than one dollar ($1 USD). Service credits may not be transferred or applied to any other account.

4. SOLE REMEDY

   1. Unless otherwise provided in the Terms, Customer's sole and exclusive remedy for any unavailability, non-performance, or other failure by Mindmatrix to provide Mindmatrix Platform access is the receipt of a service credit (if eligible) in accordance with the terms of this SLA.

5. CREDIT REQUEST AND PAYMENT PROCEDURES

   1. To receive a service credit, Customer must submit a claim by emailing:
      billing@Mindmatrix.net.

   2. To be eligible, the credit request must be received by Mindmatrix by the end of the second billing cycle after which the incident occurred and must include the following data:

      1. the Customer account name

      2. the words "SLA Credit Request" in the subject line

      3. the dates and times of each unavailability incident that Customer is claiming

      4. logs that document the errors and corroborate Customer's claimed outage (any confidential or sensitive information in these logs should be removed or replaced with asterisks)

   3. If the monthly uptime percentage of such request is confirmed by Mindmatrix and is less than the service commitment as defined herein, Mindmatrix will issue the Service Credit to Customer within one billing cycle following the month in which the request is confirmed by Mindmatrix.

   4. Customer's failure to provide the request and other information as required above will disqualify Customer from receiving a Service Credit.

6. SERVICE LEVEL AGREEMENT EXCLUSIONS

   1. The service commitment does not apply to any unavailability meeting the following criteria:

      1. resulting from suspension or remedial action, as described in this Agreement,

      2. caused by factors outside of Mindmatrix reasonable control, including any force majeure event, Internet access, or problems beyond the demarcation point of the Mindmatrix network,

      3. resulting from any actions or inactions of Customer or any third party,

      4. resulting from equipment, software or other technology owned, licensed, or deployed by Customer or any third party other than third party equipment, software, or other technology within the direct control of Mindmatrix

      5. resulting from any Maintenance.

   2. If availability is impacted by factors other than those used in Mindmatrix monthly uptime percentage calculation, then Mindmatrix may, at its sole discretion, issue a Service Credit taking into consideration such factors.

SCHEDULE B

Data Processing Agreement

This Data Processing Agreement ("DPA") forms part of the Terms of Service (the "Agreement") between Mindmatrix and Customer (collectively the "Party" or "Parties" to the Agreement and this DPA) and shall be effective on the date both parties execute the corresponding SSMA and / or SOW. All capitalized terms not defined in this DPA shall have the meanings set forth in the Agreement.

With respect to the Processing of Personal Data, the parties agree as follows:

1. As used in this DPA:

   1. "CCPA" means the California Consumer Privacy Act of 2018, Cal. Civ. Code § 1798.100 et seq.

   2. "Data Breach" means any breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data Processed by Mindmatrix or a Sub-processor.

   3. "Data Controller" means an entity that determines the purposes and means of the Processing of Personal Data.

   4. "Data Processor" means an entity that Processes Personal Data on behalf of a Data Controller.

   5. "Data Protection Laws" means all data protection and privacy laws applicable to the Processing of Personal Data under this DPA, including, where and to the extent applicable, GDPR and CCPA.

   6. "EEA" means, for the purposes of this DPA, the member states of the European, as well as Iceland, Liechtenstein, and Norway.

   7. "EU Standard Contractual Clauses" means the standard contractual clauses annexed to Commission Implementing Decision (EU) (2021/914) of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant Regulation (EU) 2016/679 of the European Parliament and of the Council, as entered into by the parties under this DPA.

   8. "GDPR" means Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (General Data Protection Regulation) and any EU member state law implementing the same, and for the purpose of this DPA includes the corresponding laws of the United Kingdom (including the UK GDPR and Data Protection Act 2018).

   9. "Personal Data" means any information relating to an identified or identifiable natural person, including information that constitutes "personal information" under CCPA or other Data Protection Laws, that is included in Customer Inputs and that Mindmatrix Processes on behalf of Customer in the course of providing the Services (as defined herein).

   10. "Processing" has the meaning given to it in the Data Protection Laws and "process," "processes" and "processed" shall be interpreted accordingly.

   11. "Services" means the products and services described in the Agreement and any Order Form, Statement of Work, or Schedule, including Mindmatrix Analytics, Mindmatrix Platform, Customer use of Mindmatrix Technology, and professional services.

   12. "Sub-processor" means any Data Processor engaged by Mindmatrix to assist in fulfilling its obligations with respect to providing the Services pursuant to the Agreement or this DPA.

   13. "UK Standard Contractual Clauses" means the IDTA or UK Addendum issued under the UK Data Protection Act 2018 published pursuant to the European Commission for the transfer of personal data to processors established in third countries, as modified by the UK Information Commissioner and entered into by the parties under this DPA.

2. Relationship with the Agreement

   1. The parties agree that this DPA supplements the MSA. Commercial terms in the MSA remain enforceable unless expressly modified herein.

   2. Except for the changes made by this DPA, the Agreement remains in full force and effect. If there is any conflict between this DPA and the Agreement, this DPA shall prevail with respect to the conflict.

   3. Any claims brought by the parties under or in connection with this DPA are subject to the terms and conditions, including but not limited to the exclusions and limitations of liability, set forth in the Agreement, provided that in no event shall any party limit its liability with respect to any individual's data protection rights under this DPA or otherwise.

   4. Except as may be otherwise provided pursuant to Mindmatrix's compliance with applicable data transfer mechanisms in Section 9, no one other than a party to this DPA, its successors and permitted assignees shall have any right to enforce any of its terms.

   5. This DPA shall be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless required otherwise by applicable Data Protection Laws.

3. Roles of the Parties; Processing of Personal Data by Customer and Mindmatrix

   1. As between Mindmatrix and Customer, Customer is the Data Controller of Personal Data and Mindmatrix is the Data Processor of Personal Data. Mindmatrix shall Process Personal Data only as a Data Processor acting at Customer's direction. Mindmatrix shall not retain, use, or disclose Personal Data for any purpose other than for the specific purpose of performing the Services as described in the Agreement and this DPA, including retaining, using, or disclosing Personal Data for a commercial purpose other than providing the Services.

   2. Customer acknowledges that an Authorized Partner of Customer may upload Personal Data (such as contact data for sales leads) to the Mindmatrix Platform through the Mindmatrix Platform or Partner Portal in connection with the Authorized Partner's use of the Services, and that Mindmatrix will Process that Personal Data on the Authorized Partner's behalf in accordance with the terms of a separate agreement between Mindmatrix and the Authorized Partner. The Authorized Partner may choose to make certain of that Personal Data available to Customer through the Mindmatrix Platform (such as when the Authorized Partner registers a sales lead or deal with Customer), in which case:

      1. Customer acknowledges that the Authorized Partner and Customer are each Data Controllers with respect to that Personal Data, and

      2. notwithstanding any terms in this DPA, Mindmatrix will also process that Personal Data at that Authorized Partner's direction in accordance with that separate agreement.

   3. Customer agrees that:

      1. it shall comply with its obligations as a Data Controller under Data Protection Laws in respect of its Processing of Personal Data and any Processing instructions it issues to Mindmatrix; and,

      2. it has provided notice and obtained all consents and rights necessary under Data Protection Laws for Mindmatrix to Process Personal Data and provide the Services. Customer shall immediately notify Mindmatrix and cease Processing Personal Data in the event any required authorization or legal basis for Processing is revoked or terminates.

   4. Mindmatrix shall Process Personal Data only for the purposes described in the Agreement or in accordance with Customer's other documented lawful instructions unless Processing is required by applicable law, in which case Mindmatrix shall to the extent permitted by applicable laws inform Customer of that legal requirement before the relevant Processing. Customer hereby instructs Mindmatrix to Process Personal Data as necessary in order to provide and improve the Services, to fulfill its obligations under the Agreement and this DPA, and for legitimate purposes relating to the operation, support and/or use of the Services such as billing, account management, and technical support.

   5. The details of the Processing of Personal Data, including the subject matter, duration, nature, and purposes of the Processing; the categories of Data Subjects; and the types of Personal Data are set forth in Schedule 1 to this DPA.

4. Data Security

   Each Party shall take appropriate technical and organizational measures against unauthorized or unlawful Processing of Personal Data or its accidental loss, destruction, or damage. Mindmatrix shall implement and maintain commercially reasonable technical and organizational security measures designed to protect Personal Data from Data Breaches, to help ensure the ongoing confidentiality, integrity, and availability of the Personal Data and Processing systems, in accordance with Mindmatrix's security standards, including, the security measures described in Schedule 2 to this DPA. Notwithstanding the above, Customer agrees that it is responsible for its secure use of the Services, including securing its account authentication credentials, protecting the security of Personal Data when in transit, and taking any appropriate steps to securely encrypt or backup Personal Data, as well as the security obligations outlined in the Agreement.

5. Data Breach Response

   Mindmatrix shall notify Customer without undue delay and no later than 72 hours after becoming aware of any Data Breach. Mindmatrix shall make reasonable efforts to identify the cause of the Data Breach and shall undertake such steps as Mindmatrix deems necessary and reasonable in order to remediate the cause of such Data Breach. Mindmatrix shall provide information related to the Data Breach as it becomes available to Customer in a timely fashion and as reasonably necessary for Customer to maintain compliance with Data Protection Laws.

6. Confidentiality of Data Processing

   Mindmatrix shall ensure that any person who is authorized by Mindmatrix to Process Personal Data (including its staff, agents, and subcontractors) shall be under an appropriate obligation of confidentiality.

7. Return or Deletion of Data

   Upon termination or expiration of the Agreement, Mindmatrix shall (at Customer's election) delete or return, if feasible, to Customer all Personal Data remaining in its possession or control, save that this requirement shall not apply:

   1. to the extent Mindmatrix is required by applicable law to retain some or all of the Personal Data;

   2. if Mindmatrix is Processing the Personal Data on behalf of an Authorized Partner acting as a co-Data Controller pursuant to a separate data protection agreement; or

   3. to Personal Data Mindmatrix has archived on back-up systems, which will be deleted in accordance with Mindmatrix's standard data retention policies and procedures. In all such cases, Mindmatrix shall maintain the Personal Data securely and limit Processing to the purposes that prevent deletion or return of the Personal Data. The terms of this DPA shall survive for so long as Mindmatrix continues to retain any Personal Data.

8. Sub-processing

   Customer agrees that this DPA constitutes Customer's written general authorization for Mindmatrix to engage Sub-processors to Process Personal Data on Customer's behalf, including the Sub-processors. Mindmatrix shall:

   1. take commercially reasonable measures to ensure that Sub-processors have the requisite capabilities to Process Personal Data in accordance with this DPA;

   2. enter into a written agreement with the Sub-processor imposing data protection terms that require the Sub-processor to protect the Personal Data to the standard required by Data Protection Laws;

   3. remain responsible for its compliance with the obligations of this DPA and for any acts or omissions of the Sub-processor that cause Mindmatrix to breach any of its obligations under this DPA; and

   4. notify Customer in the event that it intends to engage different or additional Sub-processors that will Process Personal Data pursuant to this DPA, which may be done by email or through another mechanism made available by Mindmatrix to Customer that enables Customer to receive such notifications. Customer must raise any objection to such Sub-processors within thirty (30) calendar days of Mindmatrix's notification. Customer's objection shall only be effective if submitted to Mindmatrix in writing, specifically describing Customer's reasonable belief that Mindmatrix's proposed use of the Sub-processor(s) will materially, adversely affect Customer's compliance with applicable Data Protection Laws. In any such case, the parties will make reasonable efforts to reconcile the matter. In the event Customer's concern cannot be resolved, Mindmatrix may terminate the Agreement with no penalty and Customer shall immediately pay all fees and costs accrued or payable to Mindmatrix prior to the effective date of termination.

9. Third Party Integrations

   1. Mindmatrix may, from time to time, choose to integrate with certain third-party applications, (such as Google, CRMs, ERPs, etc.) via APIs, for the purpose of providing or improving the Platform's functionality. In such instances, any exchange of personal data (as described in Schedule B-1, sections 2 and 3) shall be protected by the privacy provisions contained in this Schedule B and Schedule C contained herein.

10. International Transfers

    1. Mindmatrix may Process Personal Data anywhere in the world where Mindmatrix or its Sub-processors maintain data Processing operations. Mindmatrix shall at all times provide an adequate level of protection for the Personal Data Processed, in accordance with the requirements of Data Protection Laws.

    2. To the extent Mindmatrix's performance or Customer's use of the Services requires the transfer of Personal Data from within the EEA or Switzerland to the United States or any other country that has not been designated by the European Commission or Swiss Federal Data Protection Authority (as applicable) as providing an adequate level of protection for Personal Data (an "EEA Restricted Transfer"), Mindmatrix and Customer hereby enter into the EU Standard Contractual Clauses under Module 2 (Transfer Controller to Processor), which are incorporated by reference herein and will apply to the EEA Restricted Transfer(s), and are hereby completed as follows:

       1. Customer is the "data exporter" and Mindmatrix is the "data importer."

       2. For the purpose of Section II, Clause 8.1, the Agreement and this DPA constitute the final and complete instructions to Mindmatrix for the Processing of Personal Data as of the date of this DPA. Any additional or alternate instructions must be mutually agreed upon separately in writing and signed by both parties.

       3. For the purpose of Section II, Clause 8.9, the parties agree that any audits or inspections will be conducted in accordance with Section 13 ("Information to Demonstrate Compliance; Audits and Inspections") of this DPA.

       4. For the purpose of Section II, Clause 9, the parties select Option 2 and agree that Mindmatrix may engage Subprocessors in accordance with Section 8 ("Sub-processing") of this DPA.

       5. For the purpose of Section IV, Clause 17, the parties select Option 2, and if the data exporter's Member State does not allow for third-party beneficiary rights, then the law of Ireland shall apply.

       6. For the purpose of Section IV, Clause 18, the parties agree that disputes arising from the Standard Contractual Clauses shall be resolved by the courts of Ireland.

       7. Annex I is deemed to be completed with the details set out in Schedule 1 to this DPA.

       8. Annex II (Technical and Organisational Measures Including Technical and Organisational Measures to Ensure the Security of the Data) is deemed to be completed with the Technical and Organizational Security Measures set out in Schedule 2 to this DPA.

       9. If and to the extent an EEA Restricted Transfer involves Personal Data originating from Switzerland and is subject to the Swiss Federal Act on Data Protection of 19 June 1992 (the "FADP"), the EU Standard Contractual Clauses are deemed to be supplemented with an additional annex that provides as follows:

    3. for purposes of Clause 13 and Annex I.C, the competent Supervisory Authority is the Swiss Federal Data Protection and Information Commissioner;

    4. the term "member state" as used in the EU Standard Contractual Clauses must not be interpreted in such a way as to exclude Data Subjects in Switzerland from the possibility of suing for their rights in their place of habitual residence (Switzerland) in accordance with Clause 18.c;

    5. references in the EU Standard Contractual Clauses to the GDPR should be understood as references to the FADP; and

    6. until entry into force of the revised FADP of 25 September 2020, the EU Standard Contractual Clauses also protect the data of legal entities.

       1. In the event of any conflict between this DPA and the EU Standard Contractual Clauses, the EU Standard Contractual Clauses will prevail with respect to any EEA Restricted Transfer.

    7. To the extent Mindmatrix's performance or Customer's use of the Services requires the transfer of Personal Data from within the United Kingdom to the United States or any other country that has not been designated by the European Commission as providing an adequate level of protection for Personal Data (a "UK Restricted Transfer"), the terms of this Section 3 will apply.

       1. When the parties are lawfully permitted to rely on the UK Standard Contractual Clauses to conduct the UK Restricted Transfer, Mindmatrix hereby enters into the UK Standard Contractual Clauses, which are incorporated by reference herein, with Customer. For the purpose of any such UK Restricted Transfer, the UK Standard Contractual Clauses will be completed as follows:

    8. Customer will be considered the "Data Exporter" and Mindmatrix will be considered the "Data Importer."

    9. References in the UK Standard Contractual Clauses to "the law of the Member State in which the data exporter is established" shall hereby be deemed to mean "the law of the United Kingdom"; and any other obligation in the UK Standard Contractual Clauses determined by the law of the Member State in which the data exporter is established shall hereby be deemed to refer to an obligation under UK data protection laws.

    10. The details of Appendix 1 are set forth in Schedule 1.

    11. The details of Appendix 2 are set forth in Schedule 2.

        1. When Section 3.1 of this Addendum does not apply, but the parties are lawfully permitted to rely on the EU Standard Contractual Clauses to conduct UK Restricted Transfers, subject to the completion and execution of a "UK Addendum to the EU Commission Standard Contractual Clauses" issued by the UK Information Commissioner's Office under S119A(1) Data Protection Act 2018 ("UK Addendum"), then Mindmatrix hereby enters into the EU Standard Contractual Clauses and the UK Addendum, which are incorporated by reference herein, with Customer with respect to such UK Restricted Transfers. For the purpose of any such UK Restricted Transfer, the EU Standard Contractual Clauses will be completed as set forth in Section 9.2, subject to the amendments specified by the UK Addendum.

        2. When neither Section 3.1 nor Section 9.3.2 of this Addendum apply, then Mindmatrix shall cooperate with Customer to promptly implement appropriate safeguards for the UK Restricted Transfer as required or permitted by the UK GDPR.

11. Data Protection Authority Inquiries

    Mindmatrix shall provide commercially reasonable cooperation to assist Customer in its response to any requests from data protection authorities with authority relating to the Processing of Personal Data under the Agreement and this DPA. In the event that any such request is made directly to Mindmatrix, Mindmatrix shall not respond to such communication directly without Customer's prior authorization, unless legally compelled to do so. If Mindmatrix is required to respond to such a request, Mindmatrix shall promptly notify Customer and provide it with a copy of the request unless legally prohibited from doing so.

12. Individual Rights and Requests

    To the extent Customer does not have the ability to independently correct, amend, or delete Personal Data, or block or restrict Processing of Personal Data, then at Customer's written direction and to the extent required by Data Protection Laws, Mindmatrix shall comply with any commercially reasonable request by Customer to facilitate such actions. To the extent legally permitted, Customer shall be responsible for any costs arising from Mindmatrix's or its Sub-processors' provision of such assistance. Mindmatrix shall, to the extent legally permitted, promptly notify Customer if it receives a request from an individual data subject for access to, correction, amendment or deletion of that person's Personal Data, or a request to restrict Processing. Mindmatrix shall provide Customer with commercially reasonable cooperation and assistance in relation to handling of a data subject's request, to the extent legally permitted and to the extent Customer does not have the ability to address the request independently. To the extent legally permitted, Customer shall be responsible for any costs arising from Mindmatrix's provision of such assistance.

13. Data Protection Impact Assessments; Prior Consultations with Data Protection Authorities

    Upon Customer's written request, Mindmatrix shall provide Customer with commercially reasonable cooperation and assistance as needed to fulfil Customer's obligation under any Data Protection Laws to carry out a data protection impact assessment related to Customer's use of the Services, to the extent Customer does not otherwise have access to the relevant information and such information is available to Mindmatrix. Mindmatrix shall provide reasonable assistance to Customer in the cooperation or prior consultation with a data protection authority, to the extent such consultation is required under any Data Protection Laws.

14. Information to Demonstrate Compliance; Audits and Inspections

    1. a. Mindmatrix shall provide written responses (on a confidential basis) to all commercially reasonable requests for information made by Customer regarding Processing of Personal Data, including responses to information security reviews, that are necessary to confirm Mindmatrix's compliance with this DPA.

    2. b. Mindmatrix shall cooperate with audits and inspections performed by Customer or a vendor of Customer reasonably acceptable to Mindmatrix that are necessary to confirm Mindmatrix's compliance with this DPA, provided however, that any such audit or inspection:

       1. may not be performed unless necessary to determine Mindmatrix's compliance with this DPA and Customer reasonably believes that Mindmatrix is not complying with this DPA;

       2. must be conducted at Customer's sole expense and subject to reasonable fees and costs charged by Mindmatrix;

       3. conducted at a date and time and for a duration mutually agreed by the parties; and

       4. must be performed in a manner that does not cause any damage, injury, or disruption to Mindmatrix's premises, equipment, personnel, or business. Notwithstanding the foregoing, Mindmatrix will not be required to disclose any proprietary or privileged information to Customer or an agent or vendor of Customer. Customer shall not exercise its rights under this Section more than once per year.

15. Law Enforcement and Other Governmental Requests

    If a law enforcement or other governmental agency sends Mindmatrix a demand for Personal Data (for example, through a subpoena or court order), Mindmatrix may attempt to redirect the law enforcement agency to request that data directly from Customer. As part of this effort, Mindmatrix may provide Customer's basic contact information to the law enforcement agency. If compelled to disclose Personal Data to a law enforcement agency, then Mindmatrix shall give Customer reasonable notice of the demand to allow Customer to seek a protective order or other appropriate remedy unless Mindmatrix is legally prohibited from doing so. Mindmatrix will not voluntarily disclose Personal Data in response to a request or demand from a law enforcement or governmental agency unless compelled to do so by applicable law to which Mindmatrix is subject.

16. Customer Obligations

    Customer shall ensure that Customer is entitled to transfer the relevant Personal Data to Mindmatrix so that Mindmatrix may lawfully use, process, and transfer the Personal Data in accordance with the Agreement on the Customer's behalf, and acknowledges that Mindmatrix is reliant on Customer for direction as to the extent to which Mindmatrix is entitled to use and process Personal Data. The Customer shall not provide to Mindmatrix any "Sensitive Data" or "Special Categories" of Personal Data as defined by GDPR and any national laws adopted pursuant to GDPR, including racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health or condition, sexual life, or the commission or alleged commission of any crime or offense.

DPA – SCHEDULE B-1

DETAILS OF THE PROCESSING

1. List of Parties

   The data exporter is Customer, acting as a Controller and using the Services provided by Mindmatrix, including the Mindmatrix Platform, pursuant to the Agreement.

   The data importer is Mindmatrix, acting as a Processor and the provider of Services used by Customer pursuant to the Agreement.

2. Categories of Data Subjects

   The Categories of Data Subjects may include the following:

   • Employees, contractors, and contact persons of:
     • Customer
     • Customer's Authorized Partners
   • Prospects and customers of Customer and Authorized Partners who are natural persons and who will receive communications and content on Customer's behalf through the use of the Services.

3. Types of Personal Data

   The Personal Data may include the following categories of data:

   • Business contact details
   • Personal contact details
   • Social media identifiers
   • Professional information such as job function, title, and employee identification number; and user enrolment in the Services
   • Device information, such as device identifiers
   • Analytics information, such as cookie IDs and data concerning internet usage and engagement with communications

   The Personal Data will not contain any sensitive or special categories of data.

4. Nature and Purposes of Processing

   Mindmatrix will Process Personal Data as necessary to perform the Services under the Agreement, including for the purposes of: (a) setting up, operating, monitoring, and providing the Services; (b) communicating with Customer Users; (c) improving the performance of the Platform, and (d) executing other agreed-upon written instructions of Customer.

5. Period for which Personal Data Will be Retained

   Personal Data will be retained for the duration of the Agreement and subject to Section 7 (Return or Deletion of Data) of the DPA.

6. Frequency of the transfer (e.g., whether the data is transferred on a one-off or continuous basis)

   Transfers will be made on a continuous basis

7. For transfers to Subprocessors, the subject matter, nature, and duration of the processing

   The subject matter, nature, and duration of processing undertaken by Subprocessors will be the same as set forth in the DPA and this Schedule 1 with respect to Mindmatrix.

8. Competent Supervisory Authority

   Under the EU Standard Contractual Clauses entered by the parties pursuant to the DPA under Module 2 (Transfer Controller to Processor), the supervisory authority will be the competent supervisory authority that has supervision over Customer in accordance with Clause 13 of the EU Standard Contractual Clauses.

SCHEDULE C

TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES

Mindmatrix has implemented and shall maintain an information security program designed to protect against unauthorized or unlawful Processing of Personal Data or its accidental loss, destruction, or damage, including the measures described below.

1. Physical Security Controls

   Policies, procedures, and physical and technical controls designed to limit physical access to information systems and facilities in which they are housed to properly authorized persons, including:
   • A badge-based access control system to control physical access and movement into and throughout Mindmatrix's facilities; and
   • Processes and procedures to promptly remove facility access rights from terminated personnel.

2. Access Controls

   Policies, procedures, and technical controls to ensure that all members of Mindmatrix's workforce who require access to Personal Data have appropriately controlled access, and to prevent those workforce members and others who should not have access from obtaining access, including:
   • Role-based access policies that restrict user access to systems and resources based on job responsibilities;
   • Processes to grant and revoke access rights based on business need, and to regularly review user access rights to ensure ongoing alignment with business needs;
   • Strong authentication procedures for production environments that require a username, password, and multifactor authentication; and
   • The use of firewall and intrusion detection systems to log access events for review by authorized Mindmatrix personnel.

3. Security Awareness and Training

   A security awareness and training program for members of Mindmatrix's workforce (including management), which includes training on how to implement and comply with Mindmatrix's security program, and which all workforce members are required to undergo upon initial hire and annually thereafter.

4. Security Incident Procedures

   Policies and procedures to detect, respond to, and otherwise address security incidents, including:

   • deployment of an intrusion detection system to log access events and to monitor and restrict inbound internet traffic;
   • documented procedures to identify, escalate, and respond to suspected or known security incidents, mitigate harmful effects of security incidents; and
   • documented procedures to analyze the root cause of security incidents and to implement changes to existing controls, where appropriate, to better respond to future threats.

5. Contingency Planning

   Policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages Personal Data or systems that contain Personal Data, including:

   • documented business continuity and disaster recovery plans that include procedures to restore data and the functionality of affected systems, including procedures to rebuild systems, update software, install patches, and change configurations, as needed;
   • documented policies and procedures for the backup and recovery of data maintained in cloud-based environments, including periodic backups of production services, files, and databases, and the storage of backups in a separate data center; and
   • periodic testing of Mindmatrix's business continuity and disaster recovery plans.

6. Device and Media Controls

   Policies and procedures that govern the receipt and removal of hardware and electronic media that contain Personal Data into and out of a Mindmatrix facility, and the movement of these items within a Mindmatrix facility, including policies and procedures to address the final disposition of Personal Data, and/or the hardware or electronic media on which it is stored, and procedures for removal of Personal Data from electronic media before the media are made available for re-use.

7. Audit controls

   Hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic information, including:
   • logging of system access activity, including user authentication, failed user login attempts, and access control list changes; and
   • regular reviews of the logs for unusual or suspicious activity.

8. Data Integrity

   Policies and procedures to ensure the confidentiality, integrity, and availability of Personal Data and protect it from disclosure, improper alteration, or destruction.

9. Transmission Security

   Technical security measures to guard against unauthorized access to Personal Data that is being transmitted over an electronic communications network, including:

   • the use of encrypted VPNs to help ensure the security and integrity of the data passing over public networks;
   • protection of web-based traffic through industry-standard encryption protocols; and
   • deployment of antivirus software on servers, laptops, and desktops to detect and prevent the transmission of data or files that contain virus signatures recognized by the antivirus software.

10. Storage Security

    Technical security measures to guard against unauthorized access to Personal Data in storage, including:

    • encryption of data at rest in hosted environments;
    • use of a key management system to securely manage the lifecycle of encryption keys; and
    • use of full device, hard drive encryption to protect the confidentiality and integrity of information maintained on approved mobile devices.

11. Assigned Security Responsibility

    Designation of a security official responsible for the development, implementation, and maintenance of Mindmatrix's security program.

12. Testing

    Regular testing and monitoring of the effectiveness of Mindmatrix's security program, including through AICPA SOC 2 Type II audits of Mindmatrix's solution performed by an external third-party auditor, and through periodic vulnerability scans and risk assessments designed to identify reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of the Personal Data, and to ensure that these risks are addressed.

13. Adjustments to the Program

    Monitoring, evaluation, and adjustment, as appropriate, of Mindmatrix's security program in light of any relevant changes in technology or industry security standards, the sensitivity of the Personal Data, internal or external threats to Mindmatrix or the Personal Data, and Mindmatrix's own changing business arrangements, such as mergers and acquisitions, alliances and joint ventures, outsourcing arrangements, and changes to information systems.