Terms of Service and Policy

ADEPT ID TERMS OF SERVICE AND POLICY

1. DEFINITIONS AND CONSTRUCTION.
In this Agreement, unless the context otherwise requires, the following words and expressions will have
the following meanings:

   “Affiliate” means any entity or affiliated group, which directly or indirectly (a) controls a party, (b) is controlled by a party or (c) is under common control with a party, for as long as such relationship remains in effect, including any subsidiary thereof.

   “Customer Data” means electronic data and information submitted to the Service by Customer.

   “Output” means any physical or electronic report, file, or other output resulting from Customer’s or AdeptID’s use of the Customer Data in the Service.

   “Professional Services” means those services to be performed by AdeptID in connection with the provision of access to the Service ordered by Customer in an Order Form.

   “Service” means the AdeptID platform.

   “Subscription Term” means the subscription term specified in an Order Form, or otherwise specified.

   “User” means an employee of a Customer who is authorized to administer the Service on Customer’s behalf.

2. AdeptID RESPONSIBILITIES.

2.1 Protection of Customer Data.

   (a) AdeptID will maintain administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Customer Data. Those safeguards will include, but will not be limited to, measures for preventing access, use, modification or disclosure of Customer Data by AdeptID personnel except (i) to provide the Service and prevent or address service or technical problems, (ii) as compelled by law in accordance with the “Confidentiality: Compelled Disclosure” section below, or (iii) as expressly permitted in writing by Customer.

   (b) Notwithstanding the foregoing, Customer acknowledges and agrees that the Service is hosted on, and the Customer Data is stored in, third party cloud servers. AdeptID does not have control over the security of the cloud itself.

3. USE OF SERVICES.

3.1 Subscriptions. Access to the Service is purchased as a subscription upon the terms set forth in an Order Form.

3.2 User Credentials. A User’s user identification may not be shared with any individual other than the specified User. A User identification may be permanently reassigned by Customer to a new individual replacing one who no longer requires ongoing use of the Service on Customer’s behalf.

3.3 Customer Responsibilities. Customer will (a) be responsible for Users’ compliance with this Agreement, (b) use commercially reasonable efforts to prevent unauthorized access to or use of the Service, (c) notify AdeptID within five (5) business days of any known or suspected unauthorized access or use of the Service or any other known or suspected breach of security relating to the data, information or services provided therein and (d) use the Service only in accordance with this Agreement and applicable laws and government regulations.

3.4 Usage Restrictions. Customer will not (a) make the Service available to, or use the Service for the benefit of, anyone other than Customer, (b) sell, resell, license, sublicense, distribute, rent or lease the Service, or include the Service in a service bureau or outsourcing offering, (c) use the Service to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights, (d) interfere with or disrupt the integrity or performance of the Service or third-party data contained therein, (e) attempt to gain unauthorized access to the Service or its related systems or networks, (f) permit direct or indirect access to or use of the Service in a way that circumvents a contractual usage limit, (g) copy the Service or any part, feature, function or user interface thereof, (h) frame or mirror any part of the Service, other than framing on Customer's own intranets or otherwise for its own internal business purposes, (i) access the Service in order to build a competitive product or service, or (j) reverse engineer the Service (to the extent such restriction is permitted by law).

3.5 Customer Data.

   (a) Customer represents, warrants, and covenants that: (i) it has (and will have) provided any notice and obtained all consents and rights required by applicable law to enable AdeptID to lawfully process Customer Data or any other data input into the Services by or on behalf of Customer or its Users pursuant to this Agreement; (ii) it has full right and authority to make the Customer Data or any other data input into the Services by or on behalf of Customer or its Users available to AdeptID under this Agreement; and (iii) AdeptID's processing of the Customer Data or any other data input into the Services by or on behalf of Customer or its Users in accordance with this Agreement will not infringe upon or violate any applicable laws or any rights of any third party.

   (b) The Parties acknowledge and agree that this Agreement does not contemplate that Customer will disclose, or provide access to, any information that is regulated by the General Data Protection Regulation (EU) 2016/679 (“EU Personal Data”) to Licensor. If Customer intends to disclose EU Personal Data hereunder, Customer will provide prior written notice to Licensor and the Parties will negotiate an amendment to this Agreement that will include additional terms (including without limitation any terms required by applicable law) governing such EU Personal Data (a “Personal Data Amendment”). For the avoidance of doubt, Customer shall not disclose or provide access to Licensor to any EU Personal Data unless and until the Parties have entered into a Personal Data Amendment.

4. PROPRIETARY RIGHTS AND LICENSES.

4.1 Reservation of Rights. Subject to the limited rights expressly granted hereunder, AdeptID reserves all of its right, title and interest in and to the Service, including (a) its programming architecture and platform, (b) any improvements, enhancements, modifications or features for the Service or platform developed during the term of this Agreement, and (c) all intellectual property rights in the foregoing. No rights are granted to Customer hereunder other than as expressly set forth herein.

4.2 License by Customer to Host and Use Customer Data. Customer grants AdeptID and its
Affiliates a worldwide, limited-term license to host, copy, transmit and display Customer Data, as
necessary for AdeptID to provide the Service in accordance with this Agreement. In addition, AdeptID
shall have the right collect and analyze data and other information relating to the provision, use and
performance of various aspects of the Service (including, without limitation, information concerning
Customer Data and data derived therefrom), and AdeptID will be free (during and after the term hereof)
to (i) use such information and data to improve and enhance the Service and for other development,
diagnostic and corrective purposes in connection with the Service, and (ii) disclose such data solely in
aggregate or other de-identified form in connection with its business. Subject to the limited licenses
granted herein, AdeptID acquires no right, title or interest from Customer or its licensors under this
Agreement in or to any Customer Data.

4.3 License by Customer to Use Feedback. Customer grants to AdeptID and its Affiliates a
worldwide, perpetual, irrevocable, royalty-free, fully paid up license to use and incorporate into the
Service any suggestion, enhancement request, recommendation, correction or other feedback provided
by Customer or Users relating to the operation of the Service.

5. CONFIDENTIALITY.

5.1 Definition of Confidential Information. “Confidential Information” means all information
disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”), whether orally or in
writing, that is designated as confidential or that reasonably should be understood to be confidential given
the nature of the information and the circumstances of disclosure; including, but not limited to, client lists,
business and marketing plans, software and technical information, product plans and designs, business
processes, and the terms and conditions of this Agreement (including pricing and other terms described
on the Order Form). However, Confidential Information does not include any information that (a) is or
becomes generally known to the public without breach of any obligation owed to the Disclosing Party,
(b) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any
obligation owed to the Disclosing Party, (c) is received from a third party without breach of any obligation
owed to the Disclosing Party, or (d) was independently developed by the Receiving Party.

5.2 Protection of Confidential Information. The Receiving Party will (a) use the same degree of
care to protect the Disclosing Party’s Confidential Information that it uses to protect the confidentiality of
its own Confidential Information (but not less than reasonable care), (b) not use any Confidential
Information of the Disclosing Party for any purpose outside the scope of this Agreement, and (c) except
as otherwise authorized by the Disclosing Party in writing, limit access to Confidential Information of the
Disclosing Party to those of its and its Affiliates’ employees and contractors who need that access for
purposes consistent with this Agreement and who have signed confidentiality agreements with the
Receiving Party containing protections no less stringent than those herein. Neither party will disclose the
terms of this Agreement to any third party other than its Affiliates, legal counsel and accountants without
the other party’s prior written consent, provided that a party that makes any such disclosure to its Affiliate,
legal counsel or accountants will remain responsible for such Affiliate’s, legal counsel’s or accountant’s
compliance with this “Confidentiality” section.

5.3 Compelled Disclosure. The Receiving Party may disclose Confidential Information of the
Disclosing Party to the extent compelled by law to do so, provided the Receiving Party gives the
Disclosing Party prior notice of the compelled disclosure (to the extent legally permitted) and reasonable
assistance, at the Disclosing Party's cost, if the Disclosing Party wishes to contest the disclosure. If the
Receiving Party is compelled by law to disclose the Disclosing Party’s Confidential Information as part of
a civil proceeding to which the Disclosing Party is a party, and the Disclosing Party is not contesting the
disclosure, the Disclosing Party will reimburse the Receiving Party for its reasonable cost of compiling
and providing secure access to that Confidential Information.

6. MUTUAL INDEMNIFICATION.

6.1 Indemnification by AdeptID. AdeptID will defend Customer against any claim, demand, suit or
proceeding made or brought against Customer by a third party alleging that the use of the Service or any
Deliverable in accordance with this Agreement infringes or misappropriates such third party’s patent,
copyright, trademark or trade secret rights (a “Claim”), and will indemnify Customer from any damages,
attorney fees and costs finally awarded against Customer as a result of, or for amounts paid by Customer
under a court-approved settlement of, a Claim, provided Customer (a) promptly gives AdeptID written
notice of the Claim, (b) gives AdeptID sole control of the defense and settlement of the Claim (except that
AdeptID may not settle any Claim unless it unconditionally releases Customer of all liability), and (c) gives
AdeptID all reasonable assistance, at AdeptID’s expense. If AdeptID receives information about an
infringement or misappropriation claim related to the Service, AdeptID may in its discretion and at no cost
to Customer (i) modify the Service so that it no longer infringes or misappropriates, (ii) obtain a license for
Customer’s continued use of the Service in accordance with this Agreement, or (iii) terminate Customer’s
access to the Service upon 10 days’ written notice and refund Customer any fees that Customer prepaid
for access to the Service for the period following the effective date of termination. The above defense and
indemnification obligations do not apply to the extent a Claim arises from Customer’s breach of this
Agreement.

6.2 Indemnification by Customer. Customer will defend AdeptID against any Claim arising from any
breach of this Agreement by Customer, and Customer will indemnify AdeptID from any damages, attorney
fees and costs finally awarded against AdeptID as a result of, or for any amounts paid by AdeptID under a
court-approved settlement of, a Claim provided AdeptID (a) promptly gives Customer written notice of the
Claim, (b) gives Customer sole control of the defense and settlement of the Claim (except that Customer
may not settle any Claim unless it unconditionally releases AdeptID of all liability), and (c) gives Customer
all reasonable assistance, at Customer’s expense.
6.3 Exclusive Remedy. This “Mutual Indemnification” section states the indemnifying party’s sole
liability to, and the indemnified party’s exclusive remedy against, the other party for any type of claim
described in this section.

7. DISCLAIMERS; LIMITATION OF LIABILITY

7.1 Disclaimers. THE SERVICE, OUTPUT, AND OTHER DELIVERABLES ARE PROVIDED “AS
IS,” AND ADEPTID DOES NOT MAKE ANY WARRANTY OF ANY KIND, WHETHER EXPRESS,
IMPLIED, STATUTORY OR OTHERWISE, AND SPECIFICALLY DISCLAIMS ALL IMPLIED
WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE OR NON-INFRINGEMENT, TO THE MAXIMUM EXTENT PERMITTED BY
APPLICABLE LAW.

7.2 Limitation of Liability. ADEPTID'S AGGREGATE LIABILITY ARISING OUT OF OR RELATED
TO THIS AGREEMENT WILL NOT EXCEED THE AMOUNT PAID BY CUSTOMER HEREUNDER IN
THE 6 MONTHS PRECEDING THE INCIDENT GIVING RISE TO LIABILITY. THE ABOVE LIMITATIONS
WILL APPLY WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE
THEORY OF LIABILITY.

7.3 Exclusion of Consequential and Related Damages. IN NO EVENT WILL EITHER PARTY
HAVE ANY LIABILITY TO THE OTHER PARTY FOR ANY LOST PROFITS OR LOST REVENUES OR
FOR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER OR PUNITIVE DAMAGES,
WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF
LIABILITY, EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE
FOREGOING DISCLAIMER WILL NOT APPLY WITH RESPECT TO A BREACH BY EITHER PARTY OF
ITS CONFIDENTIALITY OBLIGATIONS UNDER THIS AGREEMENT, A PARTY’S INDEMNIFICATION
OBLIGATIONS HEREUNDER, OR TO THE EXTENT PROHIBITED BY LAW.

8. TERM AND TERMINATION

8.1 Term. The term of this Agreement is coterminous with the Subscription Term. References in this
Agreement to either the termination of the Subscription Term or the termination of this Agreement will be
interpreted to mean both the termination of the Subscription Term and the termination of this Agreement.

8.2 Renewal. Unless otherwise specified in the Order Form, the Subscription Term will automatically
renew for additional periods equal to the expiring Subscription Term, unless either party gives the other
notice of non-renewal at least 30 days before the end of the scheduled expiration of the expiring
Subscription Term. The pricing during any automatic renewal term will be the same as that during the
immediately prior term unless AdeptID has given Customer written notice of a pricing increase at least 60
days before the end of that prior term, in which case the pricing increase will be effective upon renewal
and thereafter.

8.3 Termination. A party may terminate this Agreement for cause immediately (a) upon material
breach by the other party if such breach is not cured within thirty (30) days of receipt of notice of breach;
(b) if the other party (i) becomes insolvent or admits its inability to pay its debts generally as they become
due, (ii) becomes subject, voluntarily or involuntarily, to any proceeding under any domestic or foreign bankruptcy or insolvency law, which is not fully stayed within seven (7) business days or is not dismissed
or vacated within forty-five (45) business days after filing, (iii) dissolved or liquidated or takes any
corporate action for such purpose, or (iv) makes a general assignment for the benefit of creditors.

8.4 Effect of Termination. In no event will termination relieve Customer of its obligation to pay any
fees payable to AdeptID for the period prior to the effective date of termination.

8.5 Customer Data Portability and Deletion. Upon request by Customer made within sixty (60)
days after the effective date of termination or expiration of this Agreement, AdeptID will make the
Customer Data available to Customer for export or download, subject to Customer’s payment of
AdeptID’s standard data export fees then in effect. After such 60-day period, AdeptID will have no
obligation to maintain or provide any Customer Data, and may in its sole discretion thereafter delete or
destroy all copies of Customer Data in its systems or otherwise in its possession or control, unless legally
prohibited.

8.6 Surviving Provisions. The sections titled “Fees and Payment,” “Proprietary Rights,”
“Confidentiality,” “Disclaimers,” “Mutual Indemnification,” “Limitation of Liability,” “Refund or Payment upon
Termination,” “Customer Data Portability and Deletion,” “Surviving Provisions” and “General Provisions”
will survive any termination or expiration of this Agreement.

9. GENERAL PROVISIONS

9.1 Customer Insurance. Customer will, at its expense, maintain a policy of general liability
insurance and/or professional liability insurance in commercially reasonable amount to insure it, its
employees and agents, against all claims and liabilities arising out of or related to Customer’s use of the
Service. Evidence of such coverage will be presented to AdeptID as requested.

9.2 Export Compliance. The Service, Output, and Deliverables may be subject to export laws and
regulations of the United States and other jurisdictions. AdeptID and Customer each represents that it is
not named on any U.S. government denied-party list. Customer will not permit any User to access or use
the Service in or by a national of a U.S.-embargoed country (currently Cuba, Iran, North Korea, Sudan or
Syria) or in violation of any U.S. export law or regulation.

9.3 Relationship of the Parties. The parties are independent contractors. This Agreement does not
create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the
parties.

9.4 Notices. Except as otherwise specified in this Agreement, all notices related to this Agreement
will be in writing and will be effective upon (a) personal delivery, (b) the third business day after mailing, or
(c) except for notices of termination or an indemnifiable claim (“Legal Notices”), the day of sending by
email. Notices will be addressed to the recipient at the recipient’s address indicated at the beginning of
this Agreement or such other address as the recipient may from time to time specify for Legal Notices.

9.5 Amendment. This Agreement may only be amended in a writing executed by both parties.

9.6 Waiver. No failure or delay by either party in exercising any right under this Agreement will
constitute a waiver of that right.

9.7 Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be
contrary to law, the provision will be deemed null and void, and the remaining provisions of this
Agreement will remain in effect.

9.8 Assignment. Neither party may assign any of its rights or obligations hereunder, whether by
operation of law or otherwise, without the other party’s prior written consent (not to be unreasonably
withheld) and any attempted assignment without such consent will be void and of no effect.
Notwithstanding the foregoing, AdeptID may assign this Agreement in its entirety without the other party’s
consent to an Affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all
or substantially all of its assets. Subject to the foregoing, this Agreement will bind and inure to the benefit
of the parties, their respective successors and permitted assigns.

9.9 Force Majeure. Neither party will be liable for any failure or delay in its performance under this
Agreement (or the performance of or access to the Service), other than payment obligations, due to
causes that are beyond its reasonable control, including, but not limited to, an act of God, act of civil or
military authority, fire, epidemic, flood, earthquake, riot, war, terrorism, sabotage, and governmental
action.

9.10 Governing Law. This Agreement, and any disputes arising out of or related hereto, will be
governed exclusively by the internal laws of the Commonwealth of Massachusetts.

9.11 Venue. Any controversy or claim arising out of or relating to this contract, or the breach thereof,
which cannot be settled through good faith negotiations between the parties in thirty (30) days, shall be
settled by binding arbitration administered by the American Arbitration Association in accordance with its
Commercial Arbitration Rules. The arbitration shall be heard by one arbitrator selected by the AAA in
Boston, Massachusetts. Any party or witness residing outside of Massachusetts may testify via
videoconference. The prevailing party shall be entitled to an award of its attorney’s fees. The award
rendered by the arbitrator shall be non-appealable, and judgment on the award may be entered in any
court having jurisdiction thereof.