Terms of Service

1. Definitions.

1. (a) "Authorized User" means Customer's employees, consultants, contractors, and agents who are authorized by Customer to access and use the Services under the rights granted to Customer pursuant to this Agreement.
2. (b) "Customer Data" means information, data, and other content, in any form or medium, that is submitted, posted, or otherwise transmitted by or on behalf of Customer or an Authorized User through the Services. For avoidance of doubt Customer Data shall also include any Customer's clients data if shared with the Provider, including but not limited to search results, customer queries, and any other data specifically designated for input into the Services.
3. (c) "Documentation" means Provider's user manuals, handbooks, and guides relating to the Services provided by Provider to Customer either electronically or in hard copy form/end user documentation relating to the Services.
4. (d) "Permitted Use" means access to and use of the Services for internal and external business purposes of reviewing, digesting and analyzing Customer Data and data from third party data sources, and generating and receiving Service Products and Results based thereon. As further detailed below, the Services may be used to support, and the Service Products and Results may be shared with, the Customer's end client and third parties.
5. (e) "Provider IP" means the Services, the Documentation, and any and all intellectual property provided to Customer or any Authorized User in connection with the foregoing, and also includes any derivatives, improvements, enhancements or extensions of any of the foregoing. For the avoidance of doubt, Provider IP does not include Customer Data nor does it include any of the Service Products and Results.
6. (f) "Services" means the software-as-a-service offering Orion by Gravity.

2. Access and Use.

1. (a) Provision of Access. Provider hereby grants Customer a non-exclusive, transferable right during the Term to (i) access and use the Services for the Permitted Use, and (ii) implement the Services within Customer's own products and services rendered and provided to its clients and third parties in order for Customer to be able to provide to those clients to receive the results of the Services (Service Products and Results), in the case of both (i) and (ii) in accordance with the terms and conditions herein. Provider shall provide to Customer the necessary passwords and network links or connections to allow Customer to access the Services. Provider does not and shall not limit the number of Authorized Users, provided that only Customer's employees and representatives shall have administrative access to the Services, and Customer's clients shall not be granted administrative access to the Services. For avoidance of doubt, the Customer may present any Service Products and Results (as defined below) as its own product and reports without identifying the Provider and/or its technology.
2. (b) Documentation License. Provider hereby grants to Customer a non-exclusive, sublicensable, transferable license to use the Documentation during the Term for any legal purpose, internal and/or extremal, including, without limitation, to create derivative works and/or for implementation within its own products and services rendered and provided to its clients.
3. (c) Use Restrictions. Customer shall not use the Services for any purposes beyond the scope of the access granted in this Agreement or in any ordering document executed or accepted by the parties that expressly references and incorporates these Terms (e.g., an Order Form, Statement of Work, or online purchase flow) (each, an "Ordering Document"). Customer shall not: (a) reverse engineer, disassemble, decompile any software component of the Services, in whole or in part; or (b) remove any proprietary notices from the Services or Documentation.

3. Service Levels and Support.

During the Term, Provider shall make the Services available in accordance with the service levels set forth in the applicable Ordering Document, or if none are specified, Provider's then-current support and service level policy made available on the Site (as updated from time to time, but not in a manner that materially diminishes support during any then-current subscription term). Throughout the Term, Provider shall maintain a business continuity and disaster recovery plan for the Services reasonably acceptable to Customer and implement such plan in the event of any unplanned interruption of the Services.

4. Backup.

Provider shall conduct or have conducted daily backups of Customer Data and any work product or reports generated by Provider , including Service Products and Reports, as defined below (collectively "Backup Data" ) through the services and perform or cause to be performed other periodic backups of Backup Data in a commercially reasonable location and manner on at least a daily basis. Backup Data shall be stored by the Provider for at least 90 days. On written notice from Customer, Provider shall provide Customer with a copy of the backed-up Backup Data in such machine-readable format as Customer reasonably requests. Provider shall provide all backups at its sole cost and expense.

5. Fees and Payment.

1. (a) Fees. Customer shall pay Provider the fees ("Fees") set forth in the relevant order document or SOW or as otherwise mutually agreed by the Parties. Customer shall pay all undisputed amounts within 45 days of such amounts being invoiced. Customer shall make all payments hereunder in US dollars.
2. (b) Payment Disputes. Customer may withhold from payment any and all payments of Fees that Customer disputes in good faith, pending resolution of such dispute, provided that Customer: (i) timely renders all payments and amounts that are not in dispute; and (ii) works with Provider in good faith to promptly resolve the dispute. Provider shall not fail to perform any obligation hereunder by reason of Customer's good faith withholding of any Fees in accordance with this Section 4(b).
3. (c) Taxes. All Fees and other amounts payable by Customer under this Agreement are exclusive of taxes and similar assessments. Customer is responsible for all sales, use, and excise taxes, and any other similar taxes, duties, and charges of any kind imposed by any federal, state, or local governmental or regulatory authority on any amounts payable by Customer hereunder, other than any taxes imposed on Provider's income.

6. Confidential Information.

1. (a) Confidentiality. In connection with this Agreement, each party (as the"Disclosing Party") may disclose or make available Confidential Information to the other party (as the"Receiving Party"). Subject to 9.2, "Confidential Information" means information in any form or medium (whether oral, written, electronic, or other) that the Disclosing Party considers confidential or proprietary, including information consisting of or relating to the Disclosing Party's technology, trade secrets, know-how, business operations, plans, strategies, customers, and pricing, and information with respect to which the Disclosing Party has contractual or other confidentiality obligations, in each case whether or not marked, designated, or otherwise identified as "confidential". Without limiting the foregoing, (i) all Customer Data (including all Personal Information) as well as any and all reports generated through the use of the Services will remain the Confidential Information of Customer; and (ii) the financial terms in any ordering document executed or accepted by the parties are the Confidential Information of Customer/both parties.
2. (b) Exclusions. Subject to 6(c), Confidential Information does not include information that the Receiving Party can demonstrate by written or other documentary records: (i) was rightfully known to the Receiving Party without restriction on use or disclosure prior to such information's being disclosed or made available to the Receiving Party in connection with this Agreement; (ii) was or becomes generally known by the public other than by the Receiving Party's or any of its Representatives' noncompliance with this Agreement; (iii) was or is received by the Receiving Party on a non-confidential basis from a third party that, to the Receiving Party's knowledge, was not or is not, at the time of such receipt, under any obligation to maintain its confidentiality; or (iv) the Receiving Party can demonstrate by written or other documentary records was or is independently developed by the Receiving Party without reference to or use of any Confidential Information.
3. (c) Customer Data Exception. Notwithstanding the provisions of 9.2 or any other provisions of this Agreement, none of the exclusions set forth in Section 9.2 apply to any Customer Data, whether provided by or on behalf of Customer to Provider or the Services for Processing or generated or derived from such Processing (including all reports generated through the use of the Services) and regardless of whether such Customer Data may be publicly available or otherwise qualify for exclusion under any of the other provisions of Section 9.2.
4. (d) Confidentiality and Use. Each Receiving Party recognizes and agrees that the Confidential Information of the Disclosing Party is critical to the Disclosing Party's business and that neither party would enter into this Agreement without assurance that such information and its value will be protected as provided in Section 9 and elsewhere in this Agreement. As a condition to being provided with any disclosure of or access to Confidential Information, the Receiving Party shall for duration of this Agreement and for as long as the obligations in this Section 9 survives:
   1. (i) not access or use, or permit the access or use of, Confidential Information other than as necessary to exercise its rights or perform its obligations under and in accordance with this Agreement;
   2. (ii) not use or permit the use of any of the Disclosing Party's Confidential Information, directly or indirectly, in any manner to obtain any competitive advantage over the Disclosing Party;
   3. (iii) except as may be permitted by and subject to its compliance with 9.5, not disclose or permit access to Confidential Information other than to its Representatives who: (i) need to know such Confidential Information for purposes of the Receiving Party's exercise of its rights or performance of its obligations under and in accordance with this Agreement; (ii) have been informed of the confidential nature of the Confidential Information and the Receiving Party's obligations under this section; and (iii) are bound by confidentiality and restricted use obligations at least as protective of the Confidential Information as the terms set forth in this section;
   4. (iv) safeguard the Confidential Information from unauthorized use, access, or disclosure using at least the degree of care it uses to protect its similarly sensitive information and in no event less than a reasonable degree of care;
   5. (v) ensure its Representatives' compliance with, and be responsible and liable for any of its Representatives' noncompliance with, the terms of this section; and
   6. (vi) notify the Disclosing Party in writing promptly of any unauthorized disclosure or use of the Disclosing Party's Confidential Information and reasonably cooperate with the Disclosing Party to protect the confidentiality and ownership of all Intellectual Property Rights, privacy rights, and other rights therein.
5. (e) Compelled Disclosures. If the Receiving Party or any of its Representatives is compelled by applicable Law to disclose any Confidential Information, then, to the extent permitted by applicable Law, the Receiving Party shall, to the extent it is legally permissible: (i) promptly, and prior to such disclosure, notify the Disclosing Party in writing of such requirement so that the Disclosing Party can seek a protective order or other remedy, or waive its rights under 6(d); and (ii) provide reasonable assistance to the Disclosing Party, at the Disclosing Party's sole cost and expense, in opposing such disclosure or seeking a protective order or other limitations on disclosure. If the Disclosing Party waives compliance or, after providing the notice and assistance required under this section, the Receiving Party remains required by Law to disclose any Confidential Information, the Receiving Party shall disclose only that portion of the Confidential Information that, on the advice of the Receiving Party's legal counsel, the Receiving Party is legally required to disclose and, upon the Disclosing Party's request, shall use commercially reasonable efforts to obtain assurances from the applicable court or other presiding authority that such Confidential Information will be afforded confidential treatment. No such compelled disclosure by the Receiving Party will otherwise affect the Receiving Party's obligations hereunder with respect to the Confidential Information so disclosed.
6. (f) Return or Destruction of Customer's Confidential Information. Within ten (10) Business Day[s] after Customer's written request at any time and subject to any contrary obligations under applicable Law, Provider shall at Customer's direction promptly return or destroy and erase from all systems it directly or indirectly uses or controls (i) all originals and copies of all documents, materials, and other embodiments and expressions in any form or medium that contain, reflect, incorporate, or are based on Customer's Confidential Information, in whole or in part; or (ii) solely such specific Customer Data, databases, or other collections or articles of Customer's Confidential Information as Customer may request, and provide a written statement to Customer certifying that it has complied with the requirements of this section.

7. Intellectual Property Ownership.

1. (a) Provider IP. Customer acknowledges that, as between Customer and Provider, Provider owns all right, title, and interest, including all intellectual property rights, in and to the Provider IP.
2. (b) Customer Data. Provider acknowledges that, as between Provider and Customer, Customer owns all right, title, and interest, including all intellectual property rights, in and to the Customer Data as well as any data generated and Service Products and Results generated using the Customer Data as part of the Services (as defined below). Customer hereby grants to Provider a non-exclusive, royalty-free, limited license to use the Customer Data solely to the extent necessary for Provider to provide the Services to Customer.
3. (c) Service Products and Results. Provider hereby assigns to the Customer all of Provider's right, title, and interest in any reports, analytics, analysis, data, results, intelligence, summaries, content, information and/or other data and outputs that are generated by the Services based on the Customer Data and that arise, directly or indirectly, from Customer's exercise of the access and use rights granted pursuant to Section 2 of this Agreement (whether on its own behalf and/or on behalf of its clients and/or third parties) (collectively "Service Products and Results"). Customer shall be the sole owner of the Service Products and Results.

   For avoidance of doubt, the Customer shall be free to use such Service Products and Results in any manner it deems appropriate, including, without limitation, by licensing or sublicensing, or assigning its rights, in whole or in part.

4. (d) Feedback. Customer or its Authorized Users may from time to time in their sole discretion elect to provide feedback to Provider related to their respective access to and use of the Services. Examples of feedback may include, without limitation, feedback on Service features or functionality, usability, specifications, style and formatting, reporting, and performance, and may also include suggestions or ideas for improvements or enhancements to the Services. In such case, Provider may access and use the feedback for purposes of providing and improving the Services. Feedback shall not include Customer Data and/or Service Products and Results. Provider shall anonymize and deidentify the feedback such that the Customer and its data are not identifiable.

8. Mutual Representations and Warranties.

Each party represents and warrants to the other party that:

1. (i) it is a duly organized, validly existing, and in good standing as a corporation or other entity under the Laws of the jurisdiction of its incorporation or other organization;
2. (ii)it has, and throughout the Term and any additional periods during which it does or is required to perform the Services will retain, the full right, power, and authority to enter into this Agreement and perform its obligations hereunder;
3. (iii)the execution of this Agreement by its representative whose signature is set forth at the end of this Agreement has been duly authorized by all necessary corporate or organizational action of such party; and
4. (iv)when executed and delivered by both parties, this Agreement will constitute the legal, valid, and binding obligation of such party, enforceable against such party in accordance with its terms.

(b) Provider Warranties:

1. (i) Provider has, and throughout the Term and any additional periods during which Provider does or is required to perform the Services will have, the unconditional and irrevocable right, power, and authority, including all permits and licenses required, to provide the Services and grant and perform all rights and licenses granted or required to be granted by it under this Agreement.
2. (ii)Provider warrants that during the Term of this Agreement the Services and any and all work products and/or deliverables created as part of the Services (i) will conform in all material respects to the Documentation and terms and specifications set forth in any ordering document executed or accepted by the parties that expressly references and incorporates these Terms; and (ii) do not contain any virus or other Harmful Code.
3. "Harmful Code" means any: (a) virus, trojan horse, worm, backdoor, or other software or hardware devices the effect of which is to permit unauthorized access to, or to disable, erase, or otherwise harm, any computer, systems, or software; or (b) time bomb, drop dead device, or other software or hardware device designed to disable a computer program automatically with the passage of time or under the positive control of any Person, or otherwise deprive Customer or Authorized Users of their lawful right to use the Services or Provider Systems.
4. (iii)Provider warrants that it shall maintain security measures that are aligned with best industry practices appropriate for entities offering services such as the Services, which at minimum follow standards such as NIST, include a reequipment to physically or logically separate Customer Data from Provider's and other customers' data and does not use Customer Data to train any AI models.
5. (iv)neither Provider's grant of the rights or licenses hereunder nor its performance of any Services or other obligations under this Agreement does or at any time will: (i) conflict with or violate any applicable Law, including any Law relating to data privacy, data security, or Personal Information; (ii) require the consent, approval, or authorization of any governmental or regulatory authority or other third party; or (iii) require the provision of any payment or other consideration by Customer to any third party, and Provider shall promptly notify Customer in writing if it becomes aware of any change in any applicable Law that would preclude Provider's performance of its obligations hereunder;
6. (v)the Services, Documentation, and all work products and/or deliverables and materials provided by Provider under this Agreement will not infringe, misappropriate, or otherwise violate any intellectual property right or other right of any third party.
7. (vi)Provider will perform all Services in a professional and workmanlike manner in accordance with best industry standards and practices for similar services, using personnel with the requisite skill, experience, and qualifications, and shall devote adequate resources to meet its obligations under this Agreement.

8A. AI Utilization and Data Protection.

1. (i) Definitions Specific to AI Utilization:

   "AI Model": Refers to Provider's proprietary artificial intelligence model, algorithms, and associated technologies provided as part of the Services rendered under the Agreement (including, without limitations, Orion by Gravity)

   "Training Data": Any data used by Provider to train, retrain, improve, or develop its AI Model or any other Vendor products or services.

2. (ii)

   (A) Permitted Use of AI Model and Client Data:Provider shall process Customer Data strictly in accordance with this Agreement for the purpose of providing the Services. Customer Data shall be used by Provider exclusively for the purpose of generating Service Products and Reports for Client.

3. (iii) Restrictions on Client Data Use; Prohibition on Training:

   (A) Customer retains all right, title, and interest in and to all Customer Data. Provider acknowledges that it acquires no rights, express or implied, other than a limited, non-exclusive, revocable license to process Customer Data solely as necessary to perform its obligations under the Agreement.

   (B) Absolute Prohibition on Training Data Use. Notwithstanding any other provision in the Agreement, Provider shall not, under any circumstances, use Customer Data (including any data of the Customer's end clients, or derived data, insights, or patterns extracted from Customer Data) as Training Data. This explicit prohibition extends to the use of Customer Data in any manner, including without limitation in aggregate, anonymized, de-identified, or statistical form, for the purpose of training, retraining, improving, or developing the AI Model or any other Provider AI models, algorithms, software, products, or services. Any such use is strictly prohibited without the express prior written consent of an authorized representative of Customer, granted in a separate, specific addendum to the Agreement.

4. (iv) Data Segregation.Provider shall maintain strict logical and, where feasible, physical segregation of Customer Data from any data used for Provider's internal AI model training or development purposes.
5. (v) Audit Rights for AI Compliance.Customer shall have the right to conduct (or appoint an independent third-party auditor to conduct) an audit of Customer's systems, processes, and records relevant to verifying Provider's compliance with its obligations under Section. Such audits shall be conducted during normal business hours, not unreasonably interfere with Provider's operations, and Customer shall bear the reasonable costs of such audit.

9. Indemnification.

1. (a) Provider shall indemnify, defend, and hold harmless Customer from and against any and all losses, damages, liabilities, costs (including attorneys' fees) ("Losses") incurred by Customer resulting from any third-party claim, suit, action, or proceeding ("Third-Party Claim"): (i) that the Provider IP, AI Models, work product and/or deliverable (including any Service Products and Results), or any use of the Services, AI Models and/or such work product and/or deliverable in accordance with this Agreement: (a) violates any applicable law, and/or (b) infringes or misappropriates third party's rights, including, without limitations, any privacy related rights or intellectual property rights, (ii) that results from Provider's breach of its Security Obligations and/or its obligations under Section 8A, and/or (iii) based on Provider's breach of Sections 6 and/or 7, provided that Customer promptly notifies Provider in writing of such Third-Party Claim, reasonably cooperates with Provider at Provider's expense, and allows Provider sole authority to control the defense and settlement of such Third-Party Claim.
2. (b) If a Third-Party Claim is made or appears possible, Provider shall, at Provider's sole expense, (A) modify or replace the Provider IP and/or such work product and/or deliverable, or component or part thereof, to make it non-infringing while providing equally or more suitable features and functionality, or (B) obtain the right for Customer to continue use.

10. Limitations of Liability.

EXCEPT AS EXPRESSLY OTHERWISE PROVIDED IN THIS SECTION 10, IN NO EVENT WILL EITHER PARTY BE LIABLE UNDER OR IN CONNECTION WITH THIS AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE, FOR ANY CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, ENHANCED, OR PUNITIVE DAMAGES, REGARDLESS OF WHETHER EITHER PARTY WAS ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE. EXCEPT AS EXPRESSLY OTHERWISE PROVIDED IN THIS SECTION 10, IN NO EVENT WILL THE AGGREGATE LIABILITY OF EITHER PARTY ARISING OUT OF OR RELATED TO THIS AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE EXCEED ONE AND A HALF (1.5x) TIMES THE TOTAL AMOUNTS PAID OR PAYABLE TO PROVIDER UNDER ANY ORDERING DOCUMENT EXECUTED OR ACCEPTED BY THE PARTIES THAT EXPRESSLY REFERENCES AND INCORPORATES THESE TERMS IN THE 12 MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO THE CLAIM. The exclusions and limitations in this Section 9 do not apply to (collectively, the "Special Liability Events"): (i) damages resulting from: (a) the Provider's gross negligence and/or willful misconduct, (b) Provider's breach of its confidentiality obligations, breach of applicable laws, including privacy laws, and/or Security Obligations, and/or (ii) claims pursuant to 9.

11. Term and Termination.

1. (a) Term. The term of this Agreement begins on the Effective Date and, unless terminated earlier pursuant to this Agreement's express provisions, will continue in effect until terminated (the "Term"). The subscription period shall be set forth in any relevant ordering document.
2. (b) Termination.In addition to any other express termination right set forth in this Agreement:

   (i) Customer may terminate this Agreement, and/or any relevant ordering document, for convenience, for any reason or no reason, upon 30 days prior written notice to Provider. Upon termination, the Customer shall be released of any and all obligations (including, without limitations, paying for future periods included in the terminated order);

   (ii) either Party may terminate this Agreement, effective on written notice to the other Party, if the other Party materially breaches this Agreement, and such breach remains uncured 30 days after the non-breaching Party provides the breaching Party with written notice of such breach. For avoidance of doubt, Provider's breach of its obligations as stated in the Documentation or other relevant ordering document shall qualify as breach of this Agreement; or

   (iii) Customer may terminate this Agreement, effective immediately upon written notice to the Provider, if the Provider: (A) becomes insolvent or is generally unable to pay, or fails to pay, its debts as they become due; (B) files or has filed against it a petition for voluntary or involuntary bankruptcy or otherwise becomes subject, voluntarily or involuntarily, to any proceeding under any domestic or foreign bankruptcy or insolvency law; (C) makes or seeks to make a general assignment for the benefit of its creditors; or (D) applies for or has appointed a receiver, trustee, custodian, or similar agent appointed by order of any court of competent jurisdiction to take charge of or sell any material portion of its property or business.

3. (c) Effect of Expiration or Termination. Upon expiration or earlier termination of this Agreement, Customer shall immediately discontinue use of the Provider IP. For avoidance of doubt, Customer shall be free to continue using any Service Products and Result in perpetuity.
4. (d) Survival. This Section 11(d) and 1, 5, 6, 7, 9, 10, and 12 survive any termination or expiration of this Agreement. No other provisions of this Agreement survive the expiration or earlier termination of this Agreement.

12. Miscellaneous.

1. (a) Entire Agreement. This Agreement, together with any other documents incorporated herein by reference and all related Exhibits, constitutes the sole and entire agreement of the Parties with respect to the subject matter of this Agreement and supersedes all prior and contemporaneous understandings, agreements, and representations and warranties, both written and oral, with respect to such subject matter. In the event of any inconsistency between the statements made in the body of this Agreement, the related Exhibits, and any other documents incorporated herein by reference, the following order of precedence governs: (i) first, any ordering document executed or accepted by the parties that expressly references and incorporates these Terms, second, this Agreement, excluding its Exhibits; (ii) third, the Exhibits to this Agreement as of the Effective Date; and (iv) fourth, any other documents incorporated herein by reference. The terms and conditions set forth in this Agreement shall take precedence over and override any terms or conditions on any purchase order, standardized form, correspondence or any other document presented by the Provider and any such terms shall be null and void and unenforceable.
2. (b) Notices.All notices, requests, consents, claims, demands, waivers, and other communications hereunder (each, a "Notice") must be in writing and addressed to the Parties at the addresses set forth in the relevant ordering document (or to such other address that may be designated by the Party giving Notice from time to time in accordance with this Section). All Notices must be delivered by personal delivery, nationally recognized overnight courier (with all fees pre-paid), facsimile or email (with confirmation of transmission), or certified or registered mail (in each case, return receipt requested, postage pre-paid). Except as otherwise provided in this Agreement, a Notice is effective only: (i) upon receipt by the receiving Party; and (ii) if the Party giving the Notice has complied with the requirements of this Section.
3. (c) Amendment and Modification; Waiver. No amendment to or modification of this Agreement is effective unless it is in writing and signed by an authorized representative of each Party. No waiver by any Party of any of the provisions hereof will be effective unless explicitly set forth in writing and signed by the Party so waiving. Except as otherwise set forth in this Agreement, (i) no failure to exercise, or delay in exercising, any rights, remedy, power, or privilege arising from this Agreement will operate or be construed as a waiver thereof, and (ii) no single or partial exercise of any right, remedy, power, or privilege hereunder will preclude any other or further exercise thereof or the exercise of any other right, remedy, power, or privilege.
4. (d) Relationship of the Parties. The relationship between the parties is that of independent contractors. Nothing contained in this Agreement shall be construed as creating any agency, partnership, joint venture, or other form of joint enterprise, employment, or fiduciary relationship between the parties, and neither party shall have authority to contract for or bind the other party in any manner whatsoever.
5. (e) Public Announcements. Provider shall not issue or release any announcement, statement, press release, or other publicity or marketing materials relating to this Agreement or, or otherwise use the Customer's trademarks, service marks, trade names, logos, domain names, in each case, without the prior written consent of the Customer.
6. (f) Audit Rights & Security Compliance.

   (i) Third-Party Certifications and Audit Reports. Provider shall, at its sole cost and expense, maintain industry-standard security certifications and attestations relevant to the Services (e.g., SOC 2 Type 1 for Security and Availability, ISO 27001). Upon Customer's written request, Provider shall provide Customer with a copy of its most recent applicable third-party audit reports (e.g., SOC 2 Type 1 report) and/or certification documentation. Provider shall promptly inform Customer in writing of any material adverse findings or qualifications in such reports that directly impact the security or integrity of Customer Data or the Services.

   (ii) Audit Rights. Customer or its designated independent third-party auditor, upon thirty (30) days' prior written notice, shall have the right during Provider's normal business hours to conduct an audit of Provider's facilities, systems, and records directly related to the provision of the Services and the processing of Customer Data. Provider shall provide all reasonable cooperation to Customer or its auditor in connection with such audit, including providing access to relevant personnel, information, and documentation.

   (iii) (c) Remediation of Deficiencies. If any audit, inspection, or third-party report identifies any material non-compliance or security vulnerabilities, Provider shall, at its sole cost and expense, promptly prepare and implement a remediation plan reasonably acceptable to Customer to cure such non-compliance or vulnerability within an agreed-upon timeframe. Provider shall provide Customer with regular updates on the status of such remediation until fully resolved.

7. (g) Data Privacy Compliance. Provider warrants that it shall comply with all applicable Laws relating to data privacy and data security, including those pertaining to Personal Information. Provider acknowledges its role as a processor/service provider (as applicable under relevant data privacy laws, including without limitation GDPR and CCPA) of Customer Data, including Personal Information. Provider shall process Personal Information only on the documented instructions of Customer, unless required by applicable law to do otherwise. Provider shall assist Customer in complying with its obligations under applicable data privacy laws, including by providing reasonable assistance for data subject rights requests, data protection impact assessments, and breach notifications.
8. (h) Severability. If any provision of this Agreement is invalid, illegal, or unenforceable in any jurisdiction, such invalidity, illegality, or unenforceability will not affect any other term or provision of this Agreement or invalidate or render unenforceable such term or provision in any other jurisdiction. Upon such determination that any term or other provision is invalid, illegal, or unenforceable, the Parties shall negotiate in good faith to modify this Agreement so as to effect their original intent as closely as possible in a mutually acceptable manner in order that the transactions contemplated hereby be consummated as originally contemplated to the greatest extent possible.
9. (i) Governing Law; Submission to Jurisdiction. This Agreement is governed by and construed in accordance with the internal laws of the State of Colorado without giving effect to any choice or conflict of law provision or rule that would require or permit the application of the laws of any jurisdiction other than those of the State of Colorado. Any legal suit, action, or proceeding arising out of or related to this Agreement or the right granted hereunder will be instituted exclusively in the federal courts of the United States or the courts of the State of Colorado in each case located in the city of Denver, and each Party irrevocably submits to the exclusive jurisdiction of such courts in any such suit, action, or proceeding.
10. (j) Assignment. Neither Party may assign any of its rights or delegate any of its obligations hereunder, in each case whether voluntarily, involuntarily, by operation of law or otherwise, without the prior written consent of the other Party, which consent shall not be unreasonably withheld, conditioned, or delayed; provided, however, Customer may assign its rights or delegate its obligations, in whole or in part, without such consent, to (i) one or more of its affiliates, or (ii) an entity that acquires all or substantially all of the business or assets of such Party to which this Agreement pertains, whether by merger, reorganization, acquisition, sale, or otherwise. Any purported assignment or delegation in violation of this Section will be null and void. No assignment or delegation will relieve the assigning or delegating Party of any of its obligations hereunder. This Agreement is binding upon and inures to the benefit of the Parties and their respective permitted successors and assigns.
11. (k) Export Regulation. Provider shall comply with all applicable federal laws, regulations, and rules, and complete all required undertakings (including obtaining any necessary export license or other governmental approval), that prohibit or restrict the export or re-export of the Services or any Customer Data outside the US.
12. (l) Equitable Relief. Each Party acknowledges and agrees that a breach or threatened breach by such Party of any of its obligations under 5 might cause the other Party irreparable harm for which monetary damages might not be an adequate remedy and agrees that, in the event of such breach or threatened breach, the other Party will be entitled to equitable relief, including a restraining order, an injunction, specific performance, and any other relief that may be available from any court, without any requirement to post a bond or other security, or to prove actual damages or that monetary damages are not an adequate remedy. Such remedies are not exclusive and are in addition to all other remedies that may be available at law, in equity, or otherwise.
13. (m) Counterparts. This Agreement may be executed in counterparts, each of which is deemed an original, but all of which together are deemed to be one and the same agreement.