1.1.1. Affiliate: means any entity which directly or indirectly controls, is controlled by, or is under common control with the subject entity; and "control" for the purposes of this definition means direct or indirect ownership or control of more than 50% of the voting interest of the subject entity, provided that any such Affiliate shall be deemed an Affiliate only for so long as such control lasts. Customer Affiliates may purchase subscriptions to the Hosted Application that are subject to the terms and conditions of this Agreement by executing an Order Form hereunder.

1.1.2. Applicable Laws: means all applicable local, state, provincial, federal, and international laws and regulations.

1.1.3. Authorized User: means any Representative or other person or entity acting on Customer's behalf who is authorized by Customer to use the Services and who has been supplied with access to the Services either by Customer or by Avalara at Customer's written request.

1.1.4. Confidential Information: means all confidential and proprietary information of a disclosing party or any of its Affiliates disclosed by or on behalf of such party to the receiving party, whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure, including Customer Data, the Auditor's Report, the terms and conditions of this Agreement (including pricing and other terms reflected in all Order Forms hereunder), business and marketing plans, technology and technical information, product designs, and business processes. Notwithstanding anything to the contrary, the Services, Documentation, and Zeroe Platform are deemed to be Confidential Information of Zeroe. Confidential Information shall not include any information that: (i) is or becomes generally known to the public without breach of any obligation owed to the disclosing party; (ii) was known to the receiving party without restriction prior to its disclosure by the disclosing party and without breach of any obligation owed to the disclosing party; (iii) was independently developed by the receiving party without either use of or reference to any Confidential Information or breach of any obligation owed to the disclosing party; or (iv) is received from a third party without restriction and without breach of any obligation owed to the disclosing party.

1.1.5. Content: Means any information provided by Zeroe through its services, including, for example, forms, laws, explanations, answers, matrices, rates, rules, fees, ontologies, taxonomies, decision trees, history and changes, emissions jurisdiction boundary information, information about applicable regulations, responses to questions posed, and anything provided through a custom library and/or through a customized research engagement.

1.1.6. Customer: means the party set forth on the cover page executing this Agreement and a corresponding Order Form. Alternatively, where a Customer Affiliate elects to execute an Order Form subject to this Agreement, any reference herein to Customer shall be deemed to refer to such Customer Affiliate instead.

1.1.7. Customer Data: means any data, information or material provided or submitted by Customer, Customer Affiliates and/or their Users to the Zeroe Platform while using the Services.

1.1.8. Documentation: means the Zeroe product documentation relating to the operation and use of the Services, including technical program or interface documentation, operating instructions, update notes, and support knowledge base and updated from time to time by Zeroe in accordance with Section 7.1.

1.1.9. Intellectual Property means all trade secrets, Inventions, patents and patent applications, trademarks and service marks (whether registered or unregistered and including any goodwill acquired in such marks), trade names, trade dress, copyrights, moral rights, rights in Inventions, and all other intellectual property and proprietary rights (whether registered or unregistered, any application for the foregoing, and all rights to enforce the foregoing), and all other equivalent rights that may exist anywhere in the world.

1.1.10. Invention means any work of authorship, invention, know-how, device, design, algorithm, method, process, improvement, concept, idea, expression, or discovery, whether or not copyrightable or patentable and whether or not reduced to practice.

1.1.11. Order Form means an order form mutually executed by Zeroe or a Zeroe Affiliate and Customer or a Customer Affiliate evidencing the purchase of subscriptions to the Services specifying, among other things, the Subscription Term, the number of Users, the applicable fees, and the billing period and any other commercial terms as agreed to between the parties. Each Order Form, once mutually executed, shall be governed by and become part of this Agreement and is hereby incorporated by this reference.

1.1.12. Personal Information means any information that relates to an identified or identifiable natural person or that reasonably could be used to identify that person, or other data or information defined as personal information under Applicable Laws.

1.1.13. Professional Services means services supplemental to the Services, including professional consulting services, to be performed for Customer by Zeroe's employees or contractors, as specified in the applicable Order Form and Statement of Work. Performance of Professional Services is governed by Zeroe's Professional Services Terms and Conditions, located at zeroe.io/legal

1.1.14. Services means applications and associated content (as identified on an Order Form) to be provided by Zeroe to Customer as a subscription service and made accessible on a website designated by Zeroe or by other means as described in the Order Form.

1.1.15. Statement of Work (SOW) means a document mutually executed by Zeroe or a Zeroe Affiliate and Customer or a Customer Affiliate, detailing the specific services to be provided, including but not limited to the scope of work, deliverables, timelines, and payment terms. Each SOW, once mutually executed, shall be governed by and become part of this Agreement and is hereby incorporated by this reference.

1.1.16. Subscription Term means the period(s) during which Customer is authorized to use the Services pursuant to an Order Form.

1.1.17. Support means the technical support as specified on the Order Form in accordance with the terms in Exhibit A-1.

1.1.18. Users means employees of Customer and its Affiliates and their representatives, consultants, contractors, subcontractors, or agents who are authorized to use the Services by Customer or its Affiliates.

1.1.19. Updates means updates of the Services for repairs, enhancements, or new features applied by Zeroe to Customer's instances, including updates to the Documentation as a result of such updates, at no additional fee during the Subscription Term. Updates shall not include additional new functionality or upgrades to modules or applications that Customer has not already subscribed to in an Order Form and for which Zeroe requires a separate charge from its other customers generally for such new modules or applications.

1.1.20. Zeroe Platform means any software and hardware that enables Zeroe to provide Customer with access to and use of the Services as contemplated by this Agreement.

2.1. Provision of the Services. Zeroe will make available to Customer, and Customer and its Affiliates are authorized to use the Services during the Subscription Term as set forth in an applicable Order Form for their internal business purposes in accordance with the Documentation.

2.2. Support, Uptime & Updates. Zeroe shall: (i) provide the level of support specified in the Order Form in accordance with Exhibit A-1; (ii) provide Updates at no additional charge during the Subscription Term in accordance with Exhibit A-1.

2.3. Security. Zeroe has implemented and shall maintain a written information security program of policies, procedures, and controls ("Security Policy") governing the processing, storage, transmission, and security of Customer Data. The Security Policy as of the Effective Date is set forth in Exhibit A-3. The Security Program shall include industry standard practices designed to protect Customer Data from unauthorized access, acquisition, use, disclosure, or destruction. Zeroe may periodically review and update the Security Program to address new and evolving security technologies, changes to industry standard practices, and changing security threats, provided that any such update does not materially reduce the overall level of security provided to Customer as described herein.

2.4. Breach Notification. Zeroe shall report to Customer's support contacts the accidental or unlawful alteration, unauthorized disclosure of, or access to Customer Data ("Breach") within 24 hours, after Zeroe determines that a Breach has occurred, unless restricted by law. Accordingly, Zeroe shall share information about the nature and consequences of the Breach that Customer reasonably requests to enable it to notify affected individuals, government agencies and/or credit bureaus. Customer has sole control over the content of Customer Data and is solely responsible for determining whether to notify impacted individuals and the applicable regulatory bodies or enforcement commissions and for providing such notice. The Customer shall ensure that the support contacts are current and ready to receive any breach notification from Zeroe.

2.5. Audit Report. Zeroe shall engage at its expense, an independent firm to conduct, on an annual basis, an audit of Zeroe's operations with respect to the Services and have such firm SOC 2 Type 2 reports, which shall cover Zeroe's security policies, procedures, and controls. Customers may request access to a current copy of the Auditor's Report.

2.6. Insurance Program. Zeroe has in place and shall maintain during the Agreement an industry standard insurance program to help manage risk. Upon request, Zeroe shall promptly furnish Customer with a certificate evidencing the coverages set forth above.

3.1. User Accounts. Customer is responsible for activity occurring under its User accounts and shall ensure that it and its Users abide by all laws, treaties, and regulations applicable to Customer's use of the Services. Customer shall: (i) notify Zeroe promptly of any unauthorized use of any password or account or any other breach of security; (ii) notify Zeroe promptly and use reasonable efforts to promptly stop any unauthorized use, copying, or distribution of the Services that is known or suspected by Customer or its Users; (iii) not impersonate another Zeroe user or provide false identity information to gain access to or use the Services or Zeroe Platform; and (iv) restrict each User account to only one authorized User at a time.

3.2. Restrictions. Except as otherwise permitted under this Agreement, Customer shall not (i) license, sublicense, sell, resell, transfer, rent, lease, assign (except as provided in Section 11.4 (Assignment)), distribute, disclose, or otherwise commercially exploit the Services; (ii) copy, modify or make derivative works based upon the Services; (iii) "frame" or "mirror" the Services on any other server or device; (iv) access the Services for competitive purposes or use the Services for application service provider, timesharing or service bureau purposes, or any purpose other than its own internal use, (v) decompile, disassemble, reverse engineer or attempt to discover any source code or underlying ideas or algorithms of the Services, (vi) remove, obscure or modify a copyright or other proprietary rights notice in the Services; (vii) use the Services to send or store infringing, obscene, threatening, libelous, or otherwise unlawful material; (viii) use the Services to create, use, send, store, or run material containing software viruses, worms, Trojan horses or otherwise engage in any malicious act or disrupt the security, integrity or operation of the Services or the Zeroe Platform; (ix) attempt to gain or permit unauthorized access to the Services or its related systems or networks; or (x) permit or assist any other party (including any User) to do any of the foregoing.

3.3. Third Party Interactions.

4.1. Billing and Payment of Fees. Zeroe shall issue invoices and Customer shall pay subscription fees annually in advance as further specified (including amount, currency, and payment terms) in the Order Form. All payment obligations are non-cancellable, and all amounts paid are non-refundable except as otherwise specified in this Agreement. Customer may dispute in good faith an invoice in writing within no more than 60 days of the date of the invoice containing the amount in question to be eligible to receive an adjustment or credit. If an undisputed invoice is more than 30 days overdue, Zeroe may, without limiting its other rights and remedies, provide 60 days' notice to suspend the Services until such undisputed invoice is paid in full.

4.2. Taxes. Zeroe's fees are exclusive of all taxes, levies, or duties imposed by taxing authorities, including for example, value-added, sales, use or withholding taxes, assessable by any jurisdiction whatsoever (collectively, "Taxes") and Customer shall be responsible for payment of all Taxes associated with this Agreement and all Order Forms, except that Zeroe is solely responsible for taxes assessable against Zeroe based on Zeroe's net income, property, and employees. If Customer is legally entitled to an exemption from any sales, use, or similar transaction tax, upon signing an Order Form, Customer shall provide to Zeroe with a legally sufficient tax exemption certificate for each taxing jurisdiction, and Zeroe shall not charge Customer any taxes from which it is exempt. If any deduction or withholding is required by law, Customer shall notify Zeroe and shall pay Zeroe any additional amounts necessary to ensure that the net amount that Zeroe receives, after any deduction and withholding, equals the amount Zeroe would have received if no deduction or withholding had been required. Upon request, the Customer shall provide documentation showing that the withheld and deducted amounts have been paid to the relevant taxing authority.

5.1. Zeroe's Intellectual Property Rights. As between Zeroe and Customer, all rights, title, and interest in and to the Services, Documentation, and Zeroe Platform (including all rights therein, and all derivatives, translations, modifications, and enhancements thereof) are, and shall remain, owned exclusively by Zeroe notwithstanding any other provision in this Agreement, Order Form, or statement of work hereunder. This Agreement is not a sale and does not convey to Customer any rights of ownership in or related to the Services, Zeroe Platform, or Documentation. The Zeroe name, logo and product names are trademarks of Zeroe, and no right or license is granted to use them. All rights not expressly granted to Customer are reserved by Zeroe. Zeroe alone shall own all rights, title, and interest in and to any suggestions, enhancement requests, feedback, or recommendations provided by Customer or any third party relating thereto.

5.2. Customer Data. As between Customer and Zeroe, Customer exclusively owns all rights, title, and interest in and to all Customer Data. Customer shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness, and intellectual property ownership of and right to use all Customer Data and hereby warrants that it has and will continue to have all rights and consents necessary to allow Zeroe to use all such data as contemplated by this Agreement. Customer hereby grants to Zeroe the right and license to reproduce, use, process, transfer, and store Customer Data solely for the purposes of performing Zeroe's obligations under this Agreement and any other activities expressly agreed to by Customer.

5.3. Use of Aggregate Data. Customer agrees that as part of providing the Services, Zeroe may collect, use, and disclose quantitative data derived from the use of the Services for service improvements, industry analysis, benchmarking, analytics and supporting Customer's usage of the Services. All data disclosed will be in aggregate and anonymous form only and will not identify the Customer or its specific Users or its relationships.

6.1. Obligations. Except with the disclosing party's prior written permission, the receiving party shall not disclose or use any Confidential Information of the disclosing party for any purpose outside the scope of this Agreement to anyone other than to its and its Affiliates' directors, officers, employees, representatives, and advisors (collectively "Representatives") who have a need-to-know such Confidential Information and are bound by obligations of confidentiality at least as stringent as those herein, and provided the receiving party shall remain liable to the disclosing party for any breach of the confidentiality and non-use obligations by any such Representatives. Each party agrees to protect the confidentiality of the Confidential Information of the other party in the same manner that it protects the confidentiality of its own proprietary and confidential information of like kind (but in no event using less than reasonable care). If the receiving party is compelled by law to disclose Confidential Information of the disclosing party, it shall provide the disclosing party with prior written notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at disclosing party's cost, if the disclosing party wishes to contest the disclosure, and any information so disclosed shall continue to be treated as Confidential Information for all other purposes.

6.2. Remedies. Except as expressly provided in this Agreement, if the receiving party discloses or uses (or threatens to disclose or use) any Confidential Information of the disclosing party in breach of confidentiality protections hereunder, the disclosing party shall have the right, in addition to any other remedies available to it, to seek injunctive relief to enjoin such acts, it being specifically acknowledged by the parties that any other available remedies may be inadequate.

7.1. Zeroe's Obligations. Zeroe warrants, during the Subscription Term, that: (i) Customer's production instances of the Services shall materially conform to the Documentation; and (ii) the functionality of the Services at the time of the Order Form shall not materially decrease during the Subscription Term.

7.2. Procedure. To submit a warranty claim under this Section, the Customer shall provide written notice of a warranty claim specifying the non-conformity. If the non-conformity persists without relief more than 30 days after written notice of a warranty claim provided to Zeroe under this Section, then Customer may terminate the affected Services, and Zeroe, as its sole liability in connection with a breach of this warranty, shall refund to Customer any prepaid subscription fees covering the remainder of the Subscription Term of the affected subscription after the effective date of termination. Notwithstanding the foregoing, this warranty shall not apply to any non-conformity due to any modification of or defect in the Services that is made or caused by someone other than Zeroe (or someone acting at Zeroe's direction).

7.3. Disclaimer of warranties. Except as expressly set forth in this agreement, Zeroe does not make any other representation, warranty, or guaranty, as to the reliability, timeliness, quality, suitability, availability, accuracy or completeness of the services, Zeroe platform, updates, documentation, support and/or any other Zeroe services provided or offered hereunder. Except as expressly set forth herein, the services provided hereunder are provided strictly on an "as is" basis and all conditions, representations and warranties, whether express, implied, statutory or otherwise, including, without limitation, any implied warranty of merchantability, fitness for a particular purpose, title, non-infringement of third party rights or any warranties arising from usage of trade, course of dealing or course of performance, are hereby disclaimed to the maximum extent permitted by applicable law.

8.1. Zeroe's Obligations. Subject to Section 8.3, Zeroe shall: (a) defend Customer, its officers, directors, and employees against any third party suit, claim, or demand (each a "Claim") that alleges the Services used in accordance with this Agreement and the applicable Order Form infringe any issued patent, copyright, trademark or misappropriate any trade secret of, such third party; and (b) pay any court-ordered award of damages or settlement amount which may include any expense, liability, loss, damage, costs or reasonable attorney's fees, each to the extent payable to a third party, to the extent arising from such Claims. Notwithstanding the foregoing, if Zeroe reasonably believes that Customer's use of any portion of the Services is likely to be enjoined by reason of any Claims then Zeroe may, at its expense and in its sole discretion: (i) procure for Customer the right to continue using the Services; (ii) replace the same with other products having substantially equivalent functions that are not subject to any Claims of infringement; or (iii) modify the applicable Services so that there is no longer any infringement, provided that such modification does not materially and adversely affect the functional capabilities of the Services as set out herein or in the applicable Order Form. If (i), (ii), and (iii) above are not available on commercially reasonable terms in Zeroe's judgment, Zeroe may terminate the affected Services and refund to Customer the fees paid by Customer covering the remaining portion of the applicable Subscription Term for the affected Services after the date of termination. The foregoing indemnification obligation of Zeroe shall not apply: (1) if the Hosted Application is modified by any party other than Zeroe (or someone acting at Zeroe's direction), but solely to the extent the alleged infringement is related to such modification; (2) if the Hosted Application is combined with other non-Zeroe products, applications, or processes not authorized in writing by Zeroe, but solely to the extent the alleged infringement is related to such combination; (3) to the extent the Claim arises in connection with any unauthorized use of the Hosted Application, or use that is not in compliance with any applicable laws, regulations, and/or Documentation; (4) to any third-party products, processes or materials (except for such third-party items provided by Zeroe within the Services); or (5) to any Claims arising as a result of the content of the Customer Data. THIS SECTION SETS FORTH ZEROE'S SOLE LIABILITY AND CUSTOMER'S SOLE AND EXCLUSIVE REMEDY WITH RESPECT TO ANY CLAIM OF INTELLECTUAL PROPERTY INFRINGEMENT.

8.2. Customer's Obligations. Subject to Section 8.3, Customer shall: (a) defend Zeroe, its officers, directors, and employees against any Claim that arises from the Customer Data; and (b) pay any court-ordered award of damages or settlement amount which may include any expense, liability, loss, damage, costs, or reasonable attorney's fees, each to the extent payable to a third party, to the extent arising from such Claims. Customer's indemnification obligation shall not apply: (1) if the Customer Data is modified by Zeroe or by any party under Zeroe's control, without Customer's authorization but solely to the extent the Claim is caused by such modification; or (2) to the extent the Claim arises as a result of any use or disclosure of the Customer Data by Zeroe not contemplated by this Agreement.

8.3. Process. Each party's indemnity obligations are subject to the following: (i) the indemnified party shall promptly notify the indemnifier in writing of any Claims (provided, however, that the failure to give prompt written notice shall not limit the rights to indemnification except to the extent that the indemnifier is materially prejudiced by such failure); (ii) the indemnifier shall have sole control of the defense and all related settlement negotiations with respect to any Claims (provided that the indemnifier may not settle any Claims that require the indemnified party to admit any civil or criminal liability or incur any financial obligation without the indemnified party's consent, which consent shall not be unreasonably withheld); and (iii) the indemnified party shall cooperate fully to the extent necessary at the indemnifier's cost in such defense and settlement.

9.1. LIMITATIONS OF LIABILITY. TO THE EXTENT PERMITTED BY LAW, NEITHER PARTY'S TOTAL AND AGGREGATED LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT OR THE SERVICES PROVIDED HEREUNDER WHETHER BASED ON CONTRACT, TORT (INCLUDING NEGLIGENCE) OR ANY OTHER LEGAL OR EQUITABLE THEORY, SHALL EXCEED THE AMOUNTS ACTUALLY PAID BY AND/OR DUE FROM CUSTOMER UNDER THIS AGREEMENT IN THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO SUCH LIABILITY UNDER THIS AGREEMENT. THE EXISTENCE OF MORE THAN ONE CLAIM SHALL NOT ENLARGE THIS LIMIT. THE FOREGOING SHALL NOT LIMIT CUSTOMER'S OBLIGATION TO PAY FEES LEGALLY OWED UNDER THIS AGREEMENT.

9.2. EXCLUSION OF DAMAGES. TO THE EXTENT PERMITTED BY LAW, IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY INDIRECT, PUNITIVE, SPECIAL, EXEMPLARY, INCIDENTAL, CONSEQUENTIAL, COVER, BUSINESS INTERRUPTION, OR OTHER SIMILAR DAMAGES OF ANY TYPE OR KIND (INCLUDING, WITHOUT LIMITATION, LOSS OF REVENUE, PROFITS, USE, GOODWILL OR OTHER ECONOMIC ADVANTAGE), REGARDLESS OF THE CAUSE, ARISING OUT OF OR IN CONNECTION WITH THE AGREEMENT OR THE SERVICES PROVIDED HEREUNDER, EVEN IF THE PARTY HAS BEEN PREVIOUSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR EVEN IF A PARTY'S REMEDY OTHERWISE FAILS OF ITS ESSENTIAL PURPOSE.

9.3. LIMITATION OF LIABILITY EXCLUSIONS. NOTWITHSTANDING THE FOREGOING, NOTHING HEREIN SHALL LIMIT A PARTY'S LIABILITY FOR ITS (A) GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, (B) FRAUD OR FRAUDULENT MISREPRESENTATION, (C) DEATH OR BODILY INJURY CAUSED BY NEGLIGENCE, (D) OBLIGATIONS EXPRESSLY STATED UNDER SECTION 8 (INDEMNIFICATION), OR (E) INFRINGEMENT BY A PARTY OF THE OTHER PARTY'S INTELLECTUAL PROPERTY RIGHTS.

10.1. Term. The Agreement commences on the Effective Date and continues until all Order Forms subject to this Agreement have expired or terminated unless this Agreement is earlier terminated in accordance with Section 10. User subscriptions commence on the subscription start date specified in the relevant Order Form and continue for the Subscription Term specified therein. Unless otherwise provided in the Order Form, user subscriptions shall automatically renew for additional periods of one year on the same terms unless either party gives the other notice of non-renewal or a new price quote at least 30 days prior to the end of the relevant Subscription Term.

10.2. Termination. A party may immediately terminate this Agreement for cause: (i) upon 30 days written notice of a material breach to the other party if such breach remains uncured at the expiration of such period; or (ii) if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors that is not dismissed within 60 days of its commencement or an assignment for the benefit of creditors. Upon any termination for cause by Customer, Zeroe shall refund any prepaid fees covering the remainder of the Subscription Term after the effective date of termination. Termination shall not relieve Customer of the obligation to pay any fees accrued or payable to Zeroe prior to the effective date of termination.

10.3. Return of Customer Data. The Customer will have a period of 60 days after the effective date of termination of the Agreement ("Transition Period") to download any Customer Data. Upon such request, at no additional cost to Customer, Zeroe will promptly make available for download transactional records from standard objects included in the outbound integrations (e.g., requisitions, orders, invoices, expenses) in industry-standard format (e.g., JSON, CSV) at time of decommissioning along with attachments in their native format (e.g., PDF, JPEG). For clarity, such data will not include system-generated log files or Zeroe-specific configuration data. After the Transition Period, Zeroe shall have no obligation to maintain or provide any Customer Data and may thereafter, unless legally prohibited, delete all Customer Data in its systems or otherwise in its possession or under its control. For purposes of clarification, archival copies of Customer Data will be maintained subject to Zeroe's standard data backup and retention processes and subject to Zeroe's confidentiality obligations herein.

10.4. Transition Services. Additionally, if the Customer elects to purchase transition services upon termination of the Agreement, Zeroe shall provide transition services to facilitate the orderly and complete transfer of the Customer Data to Customer or to any replacement provider designated by Customer ("Transition Services"), provided that the scope and fees of the Transition Services shall be mutually agreed in a statement of work prior to commencing Transition Services. Notwithstanding the provisions of this Section, in no event shall Zeroe be required to disclose any of its Confidential Information or provide a license under any of its intellectual property to Customer or any third party as part of the Transition Services. For the avoidance of doubt, if Customer elects to receive Transition Services, Customer shall continue to pay pro-rated subscription fees for the use of the Services during the transition period.

10.5. Survival. Upon expiration or termination of the Agreement, Sections 1 (Definitions), 3.2 (Restrictions), 4.1 (Billing and Payment of Fees), 5 (Proprietary and Other Rights), 6 (Confidential Information), 7.3 (Disclaimer of Warranties), 8 (Indemnification), 9 (Limitations of Liability), 10 (Term; Termination), and 11 (General Provisions) of this Agreement shall survive.

11.1. Compliance with Laws. Each party shall comply with all applicable laws and government regulations in connection with providing and using the Services and/or Zeroe Platform, including without limitation all applicable laws and regulations related to (i) export controls; (ii) any economic or financial sanctions or restrictions or trade embargoes imposed, administered, or enforced from time to time by (a) the Office of Foreign Assets Control of the US Treasury Department, the US State Department, or any other agency of the US government; (b) the United Nations, (c) the European Union or any member state thereof; or (d) the United Kingdom; and (iii) anti-bribery and corruption.

11.2. Force Majeure. No party shall be liable or responsible to the other party, nor be deemed to have defaulted under or breached this Agreement, for any failure or delay in fulfilling or performing any term of this Agreement, when and to the extent such failure or delay is caused by or results from acts beyond the affected party's reasonable control (a "Force Majeure Event"). The party suffering a Force Majeure Event shall use reasonable efforts to mitigate against the effects of such Force Majeure Event. For the avoidance of doubt, a Force Majeure Event does not limit the Customer's obligations to pay fees duly owed to Zeroe. If the effects of the Force Majeure Event continue unmitigated for a period of 30 consecutive days, then either party may terminate this Agreement and/or any Order Form upon written notice to the other party, and Zeroe, as its sole liability, shall refund any prepaid fees covering the remainder of the Subscription Term of the affected subscription after the effective date of termination.

11.3. Notice. Except as provided elsewhere in this Agreement, either party may give notice by written communication sent by next-day mail delivered by a nationally recognized delivery service: (i) if to Customer, to Customer's address on record in Zeroe's account information or (ii) if to Zeroe, to Unit 208, Level 1, Gate Avenue, South Zone, DIFC, Dubai, UAE, addressed to the attention of: Legal Department, with an email copy legal@zeroe.io. Such notice shall be deemed to have been given upon the expiration of 48 hours after mailing.

11.4. Assignment. Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other party (not to be unreasonably withheld). Notwithstanding the foregoing, either party may assign this Agreement in its entirety (including all Order Forms), without consent of the other party, to its Affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets. Subject to the foregoing, this Agreement shall bind and inure to the benefit of the parties, their respective successors, and permitted assigns.

11.5. Governing Law, Jurisdiction and Dispute Resolution. The Governing Law, and Place of Jurisdiction shall be determined according to where the Customer is domiciled:

This Agreement, and any disputes related to this Agreement or any Order Form, will be governed by the applicable Governing Laws above, without regard to conflicts of laws rules or the United Nations Convention on the International Sale of Goods.

Any disputes, actions, claims, or causes of action arising out of or in connection with this Agreement shall be submitted to and finally settled by arbitration using the English language in accordance with the Arbitration Rules and Procedures of the applicable Forum above, then in effect, by one or more commercial arbitrator(s) with substantial experience in the industry and in resolving complex commercial contract disputes. Judgment upon the award so rendered may be entered in a court having jurisdiction, or application may be made to such court for judicial acceptance of any award and an order of enforcement. Notwithstanding the foregoing, each party shall have the right to institute an action in any court of proper jurisdiction for injunctive relief.

11.6. Entirety. The Agreement comprises the entire agreement between Customer and Zeroe and supersedes all prior or contemporaneous negotiations, discussions or agreements, whether written or oral, between the parties regarding the subject matter contained herein. In case of any conflict between this Agreement and the Order Form, the Order Form shall govern. No text or information set forth on any other purchase order, preprinted form or document shall add to or vary the terms and conditions of this Agreement. Modifications and amendments to this Agreement shall be enforceable only if they are in writing and are signed by authorized representatives of both parties. If any provision of this Agreement is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision(s) shall be construed, as nearly as possible, to reflect the intentions of the invalid or unenforceable provision(s), with all other provisions remaining in full force and effect. Customer agrees that Customer's purchase of any subscription is neither contingent upon the delivery of any future functionality or features nor dependent upon any oral or written comments made by Zeroe with respect to future functionality or features. The parties are independent contractors, and no joint venture, partnership, employment, or agency relationship exists between Customer and Zeroe as a result of the Agreement or use of the Services or Zeroe Platform. There are no third-party beneficiaries to this Agreement. The failure of a party to enforce any right or provision in this Agreement shall not constitute a waiver of such right or provision.

1.1. Support Region means:

• 1.1.1. EMEA if the entity entering into the Agreement with Zeroe is incorporated in Europe, the Middle East, or Africa;
• 1.1.2. AMER if the entity is incorporated in North America or South America (collectively, the "Americas");
• 1.1.3. APAC if the entity is incorporated in any country within South Asia or the Asia Pacific Region.

1.2. Business Day means each day when Support Services are available in the applicable Support Region, as specified in Section 2 below.

1.3. Business Hours means the working hours in the applicable Support Region, as specified in Section 2 below.

1.4. Incident means any defect, non-conformity, or malfunction of all or part of the Solution while the Solution is being used in accordance with the Agreement and Zeroe's instructions. Incidents are categorized into three levels: "Critical", "Major", and "Minor" as defined in Section 3 below.

1.5. Initial Response Time or IRT means the number of hours during Business Hours it takes for Zeroe to provide an initial response after Customer submits an Incident report in accordance with this Policy.

1.6. Subsequent Response Time or SRT means the number of hours during Business Hours it takes for Zeroe to send a follow-up response or update after the previous communication. The SRT applies only while the Incident status is 'Open' and awaiting a response from Zeroe, unless otherwise agreed upon within the ticket.

1.7. Premium Support means the premium support services that Customer may have purchased from Zeroe.

2.1. Zeroe will provide Support Services to Customer within the Support Region applicable to Customer as specified below:

• 2.1.1. EMEA: Support Services are available from 09:00 to 18:00 (Central European Time), Monday through Friday, excluding bank holidays.
• 2.1.2. AMER: Support Services are available from 09:00 to 18:00 (Eastern Standard Time), Monday through Friday, excluding federal holidays in the United States.
• 2.1.3. APAC: Support Services are available from 09:00 to 18:00 (Singapore Standard Time), Monday through Friday.

3.1. Incident Classification:

3.2. Incidents shall be categorized as follows:

All Incidents shall be addressed within the following response times, applicable during Business Hours within the respective Support Region:

4.1. Standard Support Response Times

4.2. Incident Classification Review: Zeroe's support specialists will review the classification of each Incident upon ticket creation. If an Incident classification is amended, Customer will be notified through the ticket system.

4.3. Incident Reporting: Incidents may be raised through Zeroe's ticketing system available within the Solution.

4.4. Response Time Compliance: Zeroe will use commercially reasonable efforts to meet the specified response times.

5.1. Corrective Maintenance: Zeroe will use commercially reasonable efforts to perform corrective maintenance as necessary to address Incidents under Section 3. Zeroe shall provide Customer with prior notice of any scheduled maintenance. Where downtime is required for essential maintenance, Zeroe will aim to perform maintenance during out-of-hours periods to minimize disruption. Zeroe will determine the resources, tools, methods, and performance requirements for all maintenance activities.

5.2. Maintenance Exclusions:

1.1. Accountability: Zeroe has appointed dedicated security personnel who serve as the primary point of contact for all information security matters. These personnel are responsible for designing, enforcing, and controlling security policies, standards, and procedures applicable at Zeroe. The security team continuously identifies and quantifies operational and technical risks and adjusts policies accordingly to ensure adequate coverage of identified risks.

1.2. Risk Management: Risks are continuously assessed and quantified. An annual review is conducted, including a gap analysis against the security controls. The security roadmap is prioritized and informed by this gap analysis.

1.3. Policies: Zeroe maintains written information security policies consistent with industry standards, which are periodically reviewed and updated to ensure their continued relevance.

1.4. Compliance: Zeroe develops and maintains security and privacy compliance programs to ensure alignment with industry standards, undergoes independent audits from certified third parties, and ensures compliance with applicable standards, regulations, and laws. Supporting evidence of these compliance efforts will be made available to Customer upon request.

2.1. Confidentiality: Zeroe enforces the "least privilege principle" wherever possible, which includes network configuration, application access to data stores, and Zeroe employee privileges for internal systems. Customer data is accessible only by authorized personnel, including Customer Success Managers (CSM) assigned to named accounts, support teams upon customer request, and authorized engineers for troubleshooting. Access to production data is logged for accountability.

2.2. Integrity: Zeroe strives to maintain the accuracy and consistency of customer data over time. Daily backups are performed on all persistent storage systems, and changes made to data are recorded in Zeroe's built-in audit trail feature to ensure accountability.

2.3. Availability: The Solution is hosted on industry-leading cloud platforms that provide reliable service availability SLAs. Zeroe ensures service continuity by distributing services across multiple availability zones to mitigate the risk of service disruption.

2.4. Business Continuity and Disaster Recovery: Zeroe utilizes Infrastructure-as-Code principles to enable rapid recovery in another region or on a different service provider if required. Customer data is backed up across multiple geographic regions, with a recovery point objective (RPO) of six (6) hours and a recovery time objective (RTO) of thirty (30) hours in case of a disaster.

2.5. Data Residency & Sovereignty: Zeroe adheres to data residency requirements, utilizing regional data centers to ensure that data remains within designated geographic zones. If Customer opts for a private cloud deployment, Customer is responsible for ensuring compliance with data residency and sovereignty laws.

3.1. Zeroe operates a continuous security assurance program to provide a security posture proportional to the identified risks. This program includes activities such as:

• Coordinated vulnerability disclosure policy.
• Static and dynamic code testing.
• Vulnerability scanning.
• Peer reviews for every system change.
• End-to-End and Unit testing.
• Security-sensitive project reviews by the security team.

Third-party security audits are conducted annually. Zeroe's vulnerability mitigation objectives are as follows:

• Critical vulnerabilities: Mitigated within five (5) days.
• High-impact vulnerabilities: Mitigated within thirty (30) days.
• Medium-impact vulnerabilities: Mitigated within ninety (90) days.

3.2. Security & Privacy Training: All Zeroe employees undergo security training to address common security threats. Training is provided during onboarding and as part of annual awareness sessions according to a risk-driven training plan.

3.3. Employee Security Measures: Employees are subject to Zeroe's data privacy and computer security policies, which include measures such as:

• Full encryption of employee computer storage devices.
• Compliance with malware protection best practices.
• Use of company-approved password management software.

3.4. Off-boarding Process: Upon employment termination, employee access to Zeroe systems is promptly revoked.

3.5. Third-Party Service Providers: Zeroe takes commercially reasonable steps to select and retain third-party service providers that maintain security measures consistent with those outlined in this Policy. Vendors undergo a security vetting process that aligns with the goods or services being provided.

4.1. ISO 27001 and SOC Compliance: All customer data is hosted on industry-leading providers that are SOC2, ISO 27001, and ISO 27018 compliant.

4.2. Identification and Authorization Controls: Zeroe uses encryption for data transmission and employs multi-factor authentication. Privileges are assigned through role-based access control, adhering to the least privilege principle. Access privileges are reviewed annually.

4.3. Minimal Exposure: Zeroe applies the least exposure principle, minimizing the attack surface and reducing the potential for vulnerabilities.

4.4. Network Segregation: Production networks are isolated from R&D networks, and development environments do not hold production data.

4.5. Data Encryption:

• In Transit: Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols ensure encryption during data transmission.
• At Rest: Data is encrypted using Transparent Data Encryption (TDE) or cloud-native tools such as AWS Key Management Service or Azure Key Vault.

4.6. Backup System: Daily backups of all databases are conducted, with restoration tests performed as part of the release process.

4.7. Versioned Change Management: Zeroe uses Infrastructure-as-Code for infrastructure management, ensuring uniform deployment and correct configuration. Code undergoes peer reviews and is deployed using Continuous Integration/Continuous Deployment (CI/CD) methods.

4.8. Development Environments: Production and staging environments are strictly separated, and non-production environments do not contain production data.

4.9. Static Dependency Checking: Zeroe monitors third-party libraries for vulnerabilities, updating dependencies as necessary.

4.10. Service Continuity and Disaster Recovery: Zeroe's cloud infrastructure is designed to recover from the loss of an availability zone without service interruption. In the event of a regional outage, Zeroe can restore services in another region within a reasonable time.

4.11. Physical Security: Zeroe's production environments are hosted with providers that comply with stringent physical security standards. Physical security controls are also enforced at Zeroe's offices and for work-from-home employees.

4.12. Human Resources Security: Background checks are conducted for all employees, and a whistleblowing policy encourages reporting of illegal or unethical behavior. A need-to-know policy limits exposure of customer data to authorized personnel.

4.13. Secure Data Disposal: Customer data is securely deleted from production environments three months after contract termination or immediately upon Customer's request.

5.1. Availability: Customer assumes full responsibility for ensuring server uptime, redundancy, and failover strategies.

5.2. Server Security: Customer is responsible for implementing security measures for the server, including firewall configurations, intrusion detection, and other security protocols.

5.3. Server Maintenance: Customer handles server-related functions, including hardware maintenance, backups, and disaster recovery.

5.4. Compliance and Certifications: Customer ensures the server infrastructure complies with applicable standards.

5.5. Support Limitations: Zeroe's support covers software-related issues only. Issues arising from Customer's server infrastructure are outside the scope of Zeroe's responsibilities.

6.1. User Access Rights System: Zeroe offers fine-grained access controls on customer data, allowing restricted access to specific models or parts of a model.

6.2. Secure Authentication System: Zeroe supports SAML 2.0 Single-Sign-On (SSO) and enforces password complexity and reset protocols to protect against attacks.

6.3. Security Audit Logging: Zeroe maintains comprehensive audit logging to track user activities and detect unauthorized access.

6.4. Built-In Backup System: Zeroe performs daily backups of customer data, stored across multiple regions for redundancy.

7.1. Security Incident Detection: Security events are monitored by a Security Operation Center (SOC) with alerts for sensitive security events.

7.2. Incident Management Process: Zeroe follows incident management procedures, including roles and responsibilities for affected teams and escalation protocols.

7.3. Customer Notification: Customers are notified of security incidents without undue delay, with regular updates provided during incident resolution.

7.4. Vulnerability Disclosure/Incident Reporting: Security notifications can be sent to Zeroe at security@zeroe.io.