TERMS OF SERVICE

Updated Last - May 12, 2023

EXHIBIT A – TERMS OF SERVICE

These TERMS OF SERVICE (the “Agreement”) are entered into by and between you and SOCIAL AWARENESS GROUP INC., an Alberta corporation with offices at Suite 601, 10526 Jasper Ave., Edmonton, Alberta, Canada, T5J 1Z7 (“Vendor”, “we”, “our”, or “us”). Specific business terms associated with your subscription to the Service (as defined in Section 1.1 below) will be stated in one or more ordering documents executed by the parties (or you and a Reseller) that reference this Agreement and are hereby incorporated into this Agreement by reference (“Order Form”).

For the purposes of this Agreement, “you”, “your”, or “Customer” means the party identified as the customer in the applicable Order Form.

By executing an Order Form that references this Agreement, each party signifies that it has read, understands, and agrees to be bound by its terms.

This Agreement governs all Order Forms and any conflicting or additional terms and conditions are of no force or effect unless agreed to in a writing signed by both parties.

In consideration of the mutual covenants and agreements contained herein, and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties agree as follows:

1.               The Service.

1.1.           Your Subscription. Vendor is the owner and provider of the Vendor cloud-based intelligence tool and service, which is designed to allow customers to input and analyze data (the “Service”). Subject to the terms of this Agreement, Customer may purchase a subscription to the Service as specified in an Order Form. All subscriptions will be for the period described on the Order Form (“Subscription Period”). Subject to the terms of such Order Form and this Agreement, Customer may access and use the Service. Such use and access is permitted only by individuals authorized by Customer to use the Service for Customer’s own internal business operations (and not for the benefit of any third party) (“Users”).  Users may also use Vendor’s generally published technical documentation associated with the Service (“Documentation”) solely for Customer’s internal business purposes.  Customer will not receive or have access to a copy of the code or software that underlies the Service (collectively the “Software”) or receive a copy of the Software itself.  Customer may permit its affiliates’ employees and contractors (provided such contractors are working for the benefit of Customer or such affiliates) to serve as Users, provided Customer remains responsible for compliance by such individuals with all of the terms and conditions of this Agreement.  An “affiliate” means any entity under the control of Customer where “control” means ownership of or the right to control greater than 50% of the voting securities of such entity. Any term capitalized and not defined herein will have the definition given to such term in the applicable Order Form.  For the purposes of this Agreement, a “Reseller” means a resale partner that is authorized by Vendor to resell the Service.

1.2.           Support and Service Level Policy.  Vendor will make commercially reasonable efforts to provide basic technical support for the Service. Support is further described in Exhibit D – Support Policy.

1.3.           Users. As part of the registration process, a single administrative User will receive login credentials from Vendor; such User will have the capability to invite any other Users to create accounts on the Service.  Customer will ensure that its Users are aware of and bound by obligations and/or restrictions stated in this Agreement and Customer will be responsible for breach of any such obligation and/or restriction by a User. Customer will (a) be responsible for ensuring the security of its account and confidentiality of all user IDs and passwords for the Service, (b) prevent unauthorized access to, or use of, the Service, (c) be fully responsible for monitoring and administrating the various uses and Users of the Service, (d) ensure the quality and integrity of Customer Data, and (e) notify Vendor promptly of any unauthorized use of the Service or any breach, or attempted breach, of the security of the Service. Customer is responsible for all activities of its Users on the Service and is responsible for all uses of Customer’s account.  Vendor may access Customer’s account (i) to respond to technical problems, (ii) in connection with providing and maintaining the Service and the development of new Service features and improvements, (iii) at Customer’s request, (iv) to comply with legal or contractual requirements.

1.4.           Vendor’s Ownership.  Vendor owns the Service and the Documentation (collectively the “Vendor Materials”). Vendor retains all right, title and interest (including, without limitation, all patent, copyright, trademarks, trade secret and other intellectual property rights) in and to the Vendor Materials, all related and underlying technology and any updates, enhancements, upgrades, modifications, patches, workarounds, and fixes thereto and all derivative works of or modifications to any of the foregoing. There are no implied licenses under this Agreement and any rights not expressly granted to Customer in this Agreement are expressly reserved by Vendor.

2.               Restrictions.

2.1.           If there are restrictions on Customer’s use of the Service, such as limitations on the number of types of Users, such restrictions will be in the applicable Order Form and Customer agrees to use and access the Service in compliance with those restrictions.

2.2.           Customer may authorize an unlimited number of individuals to access Nisto Link and use our Services on your behalf (each, a “User”), but each User must be an individual who is an employee of your organization or is an independent contractor working for your organization for whose actions your organization is responsible. Each User must have a unique username and password, and usernames and passwords may not be shared. When any User’s employment or other affiliation with your organization ends, your organization must remove that User’s access to your organization’s Nisto Link account promptly.

2.3.           Customer also agrees that it will not, and will not allow Users or third parties to, directly or indirectly (a) modify, translate, copy or create derivative works based on the Service, (b) reverse assemble, reverse compile, reverse engineer, decompile or otherwise attempt to discover the object code, source code, non-public APIs or underlying ideas or algorithms of the Service, except as and only to the extent this restriction is prohibited by law, (c) license, sublicense, sell, resell, rent, lease, transfer, assign, distribute, time share or otherwise commercially exploit or make the Service available to any third party, (d) remove or obscure any copyright, trademark or other proprietary notices, legends or Vendor branding contained in or on the Service, (e) use the Service in any way that violates any applicable federal, state, local or international law or regulation, (f) attempt to gain unauthorized access to, interfere with, damage or disrupt any parts of the Service, including, without limitation, by introducing viruses and other harmful code or by using flood pings, denial-of-service attacks, or similar methods or technology, (g) use or access the Service to build or support and/or assist a third party in building or supporting products or services competitive to the Service or (h) attempt to probe, scan, or test the vulnerability of the Service or any Vendor system or networks.  Vendor may suspend Customer’s access to or use of the Service immediately if there is any use of the Service by Customer or Users that in Vendor’s reasonable judgment threatens the security, integrity or availability of the Service. However, Vendor will use commercially reasonable efforts under the circumstances to (x) provide Customer with notice and an opportunity to remedy such violation or threat prior to any such suspension; (y) where practicable limit the suspension based on the circumstances leading to the suspension; and (z) remove the suspension as quickly as reasonably practicable after the circumstances leading to the suspension have been resolved.

3.               Third Party Applications. The Service may allow you to integrate the Service with third party products, services or applications that are not owned or controlled by Vendor (e.g., Snowflake or Microsoft Azure) (“Third Party Applications”). The providers of such Third Party Applications may require you to to enter into separate agreements in order to use such Third Party Applications. Customer acknowledges and agrees that this Agreement does not apply to Customer’s use of Third Party Application and we do not endorse such Third Party Applications.  If you choose to integrate a Third Party Application into your use of the Service, you represent and warrant that you are entitled to disclose your Third Party Application login information to us and/or grant us access to your Third Party Application in order to effect such integration (including, but not limited to, for use for the purposes described herein) without breach by you of any of the terms and conditions that govern your use of the applicable Third Party Application.   VENDOR EXPRESSLY DISCLAIMS ANY AND ALL REPRESENTATIONS OR WARRANTIES RELATING TO ANY THIRD PARTY APPLICATIONS. YOU WILL LOOK SOLELY TO THE THIRD PARTY PROVIDER OF THE THIRD PARTY APPLICATIONS FOR ANY WARRANTY RELATED ISSUES OR OTHER CLAIMS RELATED THERETO. OTHERWISE, YOUR USE OF THIRD PARTY APPLICATIONS IS AT YOUR OWN RISK. VENDOR WILL HAVE NO LIABILITY OR OTHER OBLIGATION OF ANY KIND ARISING OUT OF OR RELATED TO ANY THIRD PARTY APPLICATIONS OR THE USE OR INABILITY TO USE ANY THIRD PARTY APPLICATIONS.

4.      Payment Obligations.

4.1.           Fees. Customer will pay for access to and use of the Service as set forth in the Order Form (“Fees”). All Fees will be paid in Canadian dollars unless otherwise stated on the Order Form. Payment obligations are non-cancelable and, except as expressly stated in this Agreement, non-refundable. We may modify our Fees or introduce new fees in our sole discretion; however, any new or revised Fees will only become effective upon the renewal of a Subscription Period (“Renewal Period”).

4.2.           Payment. We will invoice you for the Fees and any other applicable fees (e.g. bank transfer fees) in accordance with the Order Form. Customer agrees to pay all invoices submitted in accordance with this Agreement or the Order Form within thirty (30) days after the invoice date. All information that you provide in connection with a purchase or transaction or other monetary transaction with the Service must be accurate, complete, and current. If Customer has executed an Order Form with a Reseller, Customer will pay such Reseller (and not Vendor) in accordance with the terms of such Order Form. Notwithstanding the foregoing, Customer understands and agrees that if Customer does not pay the Reseller in accordance with the applicable Order Form, Vendor will have the right to suspend Customer’s right to use and access the Service and to terminate this Agreement upon notice to Customer.

4.3.           Taxes. Fees stated on the Order Form are exclusive of any taxes, levies, duties, or similar governmental assessments of any nature, including, for example, value-added, sales, use or withholding taxes, assessable by any jurisdiction (collectively, “Taxes”). Customer will be responsible for paying all Taxes associated with its purchases, except for those taxes based on our net income.

4.4.           Failure to Pay. If you fail to pay any Fees in accordance with this Section 4, we may suspend your access to the Service pending payment of such overdue invoices; provided that we give you notice of such non-payment and ten (10) days (from the date of such notice) to remit the overdue Fees in full. If Customer believes that we have billed you incorrectly, Customer must contact us no later than sixty (60) days after the closing date on the first billing statement in which the error or problem appeared, in order to receive an adjustment or credit. Overdue Fees are subject to a finance charge of eighteen (18%) percent annually, compounded monthly on any outstanding balance, or the maximum permitted by law, whichever is lower.

5.      Term and Termination.

5.1.           Agreement Term. This Agreement will become effective on the Subscription Start Date of the first Order Form entered into by the parties and remain effective for the duration of each Order Form including any renewals thereof. If the parties terminate this Agreement, it will automatically terminate all Order Forms.

5.2.           Order Form Term and Renewal. Subscriptions to access and use the Service commence on the start date stated on the applicable Order Form (“Subscription Start Date”) and continue for the duration of the Subscription Period.  Each Order Form will renew as stated on such Order Form. If no renewal terms are stated on the Order Form, each Order Form may be renewed at the end of the then-current Subscription Period upon the written consent of the parties.

5.3.           Termination for Cause. Either party may terminate this Agreement upon written notice to the other party if the other party materially breaches this Agreement and such breach is not cured within thirty (30) days after the non-breaching party provides written notice of such breach.

5.4.           Effect of Termination. If Customer terminates this Agreement as a result of Vendor’s uncured breach, we will refund any unused, prepaid Fees for the remainder of the then-current Subscription Period (as stated on the applicable Order Form). Upon any termination for cause by us, Customer will pay any unpaid Fees covering the remainder of the then-current Subscription Period after the effective date of termination. In no event will any termination relieve Customer of the obligation to pay any Fees payable to us for the period prior to the effective date of termination. Upon any termination of this Agreement, all rights and licenses granted by Vendor hereunder will immediately terminate; Customer will no longer have the right to access or use the Service. Within 30 days of any termination or expiration, Vendor will delete Customer’s passwords and all related information, files and Customer Data, unless Customer requests an earlier deletion in writing.

5.5.           Survival. Sections 1.4, 4, 5, 6.2, 7, 8, 9, 10.2, 10.3, and 11 will survive any termination or expiration of this Agreement.

6.               Warranties and Disclaimers.

6.1.           Vendor Warranties. Vendor represents and warrants that (a) it will comply with all applicable federal, provincial and local Canadian laws and regulations with respect to its business operations under this Agreement and all applicable Canadian laws with respect to its processing and use of Customer Data; (b) the Service will substantially comply in all material respects with the Documentation, (c) it will provide the Support Service in a professional and workmanlike manner, (d) it has used commercially reasonable efforts to ensure that the software underlying the Service and the environment used for the Service contain no Harmful Code, and (e) it uses commercially reasonable efforts to prevent the introduction of Harmful Code into the software underlying the Service and the environment used for the Service.  For purposes of the Agreement, “Harmful Code” means any virus, worm, logic bomb or any other code designed to contaminate other computer programs or computer data, consume computer resources, modify, destroy, record or transmit data in a manner not intended by the computer, system or network, or in some other fashion disrupt the normal operation of a computer, system or network. If the Service is not provided in accordance with the above warranty, Customer will promptly notify Vendor and Vendor will make commercially reasonable efforts to rectify such non-compliance; if Vendor is not able to so modify or otherwise fix the Service, Vendor will terminate this Agreement and refund any unused pre-paid Fees to Customer. The foregoing remedy is Customer’s sole remedy and Vendor’s sole liability if Vendor breaches the terms of Section 6.1.

6.2.           Disclaimer. EXCEPT AS EXPRESSLY PROVIDED FOR HEREIN, THE SERVICES AND ALL RELATED COMPONENTS AND INFORMATION ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS WITHOUT ANY WARRANTIES OF ANY KIND, AND WE EXPRESSLY DISCLAIM ANY AND ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. CUSTOMER ACKNOWLEDGES THAT WE DO NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE. SOME JURISDICTIONS DO NOT ALLOW THE DISCLAIMER OF CERTAIN TYPES OF WARRANTIES. THE FOREGOING DISCLAIMERS WILL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.

7.               Limitation of Liability. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS AGREEMENT, EXCEPT FOR (I) CUSTOMER’S BREACH OF SECTIONS 1.3 OR 2, OR (II) VENDOR’S OBLIGATIONS UNDER SECTION 8, NEITHER PARTY WILL BE LIABLE WITH RESPECT TO ANY CAUSE RELATED TO OR ARISING OUT OF THIS AGREEMENT, WHETHER IN AN ACTION BASED ON A CONTRACT, TORT (INCLUDING NEGLIGENCE AND STRICT LIABILITY) OR ANY OTHER LEGAL THEORY, HOWEVER ARISING, FOR (A) INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES, (B) ANY DAMAGES BASED ON USE OR ACCESS, INTERRUPTION, DELAY OR INABILITY TO USE THE SERVICE, LOST REVENUES OR PROFITS, DELAYS, INTERRUPTION OR LOSS OF SERVICES, BUSINESS OR GOODWILL, LOSS OR CORRUPTION OF DATA, LOSS RESULTING FROM SYSTEM OR SYSTEM SERVICE FAILURE, MALFUNCTION OR SHUTDOWN, FAILURE TO ACCURATELY TRANSFER, READ OR TRANSMIT INFORMATION, FAILURE TO UPDATE OR PROVIDE CORRECT INFORMATION, SYSTEM INCOMPATIBILITY OR PROVISION OF INCORRECT COMPATIBILITY INFORMATION OR BREACHES IN SYSTEM SECURITY, OR (C) ANY DAMAGES THAT IN THE AGGREGATE EXCEED THE TOTAL FEES PAID OR PAYABLE BY CUSTOMER FOR THE SERVICE THAT IS THE SUBJECT OF THE CLAIM DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT WHICH GIVES RISE TO SUCH DAMAGES. THESE LIMITATIONS WILL APPLY WHETHER OR NOT A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.

8.               Indemnification.

8.1.           Vendor’s Indemnification. Vendor will defend Customer and its Users, officers, directors, and employees against any third party claim or action brought against Customer to the extent based on the allegation that the Service infringes such third party’s intellectual property rights (patents, utility models, design rights, copyrights and trademarks or any other intellectual property right) and we agree to pay any settlements with respect to the foregoing indemnification obligations that Vendor agrees to in a writing signed by Vendor’s authorized officer or final judgments awarded to the third party claimant by a court of competent jurisdiction. The foregoing obligations do not apply with respect to the Service or portions or components of either that are (a) not provided by Vendor, (b) combined with other products, processes or materials that are not reasonably contemplated by us or our Documentation, or (c) where Customer’s use of the Service is not in accordance with this Agreement or our Documentation.

8.2.           Procedures. Vendor’s obligations under Section 8.1 are conditioned on Customer (a) providing Vendor with prompt written notice of any claim, (b) granting Vendor the sole control of the defense and settlement of the claim, and (c) providing reasonable information and assistance to Vendor in the defense or settlement of the claim at Vendor’s expense. Notwithstanding anything else to the contrary in this Agreement, any obligation of Vendor to defend, indemnify and hold Customer harmless hereunder is limited to Vendor’s payment for the cost of defense of the third party claim incurred by Vendor and the payment of (i) any settlements agreed to by Vendor in a writing signed by an officer of Vendor, or (ii) final judgments awarded to the third party claimant by a court of competent jurisdiction.

8.3.           Options. If Customer’s use of the Service has become, or in Vendor’s opinion is likely to become, the subject of any claim of infringement, Vendor may at its option and expense, (a) procure for Customer the right to continue using and receiving the Service as set forth hereunder, (b) modify the Service to make it non-infringing, (c) substitute an equivalent for the Service or (d) if Vendor, in its sole discretion, determines that options (a)-(c) are not commercially practicable, terminate this Agreement and refund Customer any pre-paid, unused Fees for the remainder of the then-current Subscription Period.

8.4.           Sole Remedy. NOTWITHSTANDING ANYTHING ELSE TO THE CONTRARY IN THIS AGREEMENT, THIS SECTION 8 STATES VENDOR’S ENTIRE RESPONSIBILITY AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY WITH RESPECT TO INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS UNDER THIS AGREEMENT.

9.               Confidentiality.

9.1.           Definition. Each party (the “Receiving Party”) understands that the other party (the “Disclosing Party”) may disclose business, technical or financial information relating to the Disclosing Party’s business that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure (hereinafter referred to as the “Confidential Information” of the Disclosing Party).  Vendor’s Confidential Information includes non-public information regarding features, functionality and performance of the Service.  Customer’s Confidential Information includes the User Information and Customer Data.  This Agreement and the information in all Order Forms will be deemed the Confidential Information of both parties.  Notwithstanding the above, Confidential Information does not include information that (a) is or becomes generally available to the public without breach of any obligation owed to the Disclosing Party; (b) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party; (c) is received from a third party without breach of any obligation owed to the Disclosing Party; or (d) was independently developed by the Receiving Party without use or reference to the Disclosing Party’s Confidential Information.

9.2.           Protection and Use of Confidential Information. The Receiving Party will (a) protect the Disclosing Party’s Confidential Information using the same degree of care used to protect its own confidential or proprietary information of like importance, but in any case using no less than a reasonable degree of care, (b) limit access to the Confidential Information to those employees, affiliates, Subprocessors (as described in the Data Processing Addendum referenced below), agents, consultants, legal advisors, financial advisors, and contractors (“Representatives”) who need to know such information in connection with this Agreement and who are bound by  confidentiality and non-use obligations just as protective of the Disclosing Party’s Confidential Information as the terms of this Agreement; (c) except as expressly set forth herein, will not disclose any of Disclosing Party’s Confidential Information to any third parties without the Disclosing Party’s prior written consent; and (d) will not use the Disclosing Party’s Confidential Information for any purpose other than to fulfill its obligations under this Agreement. Nothing above will prevent either party from sharing Confidential Information with prospective investors or acquirors; provided, however, that the foregoing are bound to standard confidentiality obligations.

9.3.           Compelled Access or Disclosure. The Receiving Party may access or disclose Confidential Information of the Disclosing Party if it is required by law; provided, however, that the Receiving Party gives the Disclosing Party prior notice of the compelled access or disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party's cost, if the Disclosing Party wishes to contest the access or disclosure.

9.4.           Feedback. You may from time to time provide suggestions, comments or other feedback specifically with respect to the Service (“Feedback”). For the avoidance of doubt, Feedback will only refer to suggestions, comments or other feedback provided to Vendor regarding the Service and will not include your Personal Data.  Vendor may want to incorporate Feedback into its Service and this clause provides us with the necessary license to do so.  You hereby grant to us and our assigns a royalty-free, worldwide, perpetual, irrevocable, fully transferable and sublicenseable right and license to use, disclose, reproduce, modify, create derivative works from, distribute, display and otherwise distribute and exploit any Feedback as we see fit, entirely without obligation or restriction of any kind, except that Vendor will not identify you as the provider of such Feedback.

10.   Data.

10.1.        User Information. In order to use the Service, Customer and its Users are required to provide User Information and other information in order to access the Service. Customer grants Vendor and its subcontractors the right to store, process and retrieve the information associated with Customer’s account, such as IP address, username, password, and any personally identifiable information including, without limitation, name, phone number, or email address (“User Information”), provided to Vendor in connection with Customer’s use of the Service.  Customer represents and warrants that it has obtained express written consent from its Users to transfer User Information to Vendor and to process the User Information as contemplated by the Users’ use of the Service.  Customer (on behalf of its Users) grants us the right to access, use, process, copy, distribute, perform, export and display User Information, only as reasonably necessary (a) to provide the Service to you (including the transfer of User Information to us); (b) to prevent or address service, security, support or technical issues; (c) as required by law; and (d) as expressly permitted in writing by you.

10.2.        Customer Data. The Service is designed to allow Customer to input and analyze data within the Customer’s data warehouse (“Data Warehouse”).  The Customer acknowledges and agrees that data from the Data Warehouse is not stored or cached within the Service.  Any Data Warehouse data that is disclosed to Vendor will be deemed “Customer Data.” Vendor will have access to the Customer Data only if permitted by Customer; the parties anticipate that such access will only be for the purpose of providing support for the Service. To the extent that Customer Data is shared with Vendor, Customer grants Vendor and its licensors a non-exclusive, worldwide, royalty-free, paid-up, transferable right and license to use, process and display such Customer Data for the purpose of providing the Service.   Except as expressly provided herein, Customer will own all right, title and interest in and to the Customer Data.

10.3.        Aggregated Usage Data. As Vendor operates the Service, Vendor collects performance data pertaining to the functioning of the Service (“Aggregated Usage Data”). Provided that the Aggregated Usage Data is aggregated and anonymized, Vendor does not identify Customer as the source of the Aggregated Usage Data, and no personal identifying information of Customer is revealed to any third party, the parties agree that Vendor is free to use the Aggregated Usage Data in any manner.  Vendor owns all right, title, and interest in and to the Aggregated Usage Data.

10.4.        Data Processing Addendum. We will process any User Information and Customer Data that you provide to us in accordance with our data security policy attached hereto as Exhibit B (“Security Addendum”) and the data processing addendum refencing this Agreement, if separately executed by the parties (“Data Processing Addendum”). If there is a conflict between this Agreement and the Data Processing Addendum, the Data Processing Addendum will prevail.

11.            General Terms.

11.1.        Publicity. Provided that Customer gives its prior, written consent, Vendor may identify Customer and use and display Customer’s name, logo, trademarks, or service marks on Vendor’s website and in Vendor’s marketing materials, including without limitation press releases, announcing Customer, why Customer chose Vendor, and how Customer will use Vendor, without Customer's prior written consent. Customer will be given the opportunity to provide input and feedback on the press release, as well as a quote, prior to distribution. Customer will consider participating in a case study, webinar, and other joint marketing activities six to nine months post deployment.

11.2.        Force Majeure. Except for Customer’s payment obligations hereunder, neither us nor Customer will be liable by reason of any failure or delay in the performance of its obligations on account of events beyond the reasonable control of a party, which may include denial-of-service attacks, a failure by a third-party hosting provider or utility provider, pandemics, strikes, shortages, riots, fires, acts of God, war, terrorism, and governmental action.

11.3.        Changes. Customer acknowledges that the Service is an on-line, subscription-based product, and that in order to provide improved customer experience Vendor may make changes to the Service provided, however Vendor will not materially decrease the core functionality of the Service. The Services may be modified from time to time upon reasonable notice to Customer to reflect process improvements or changing practices; however, Vendor agrees any such modifications will not materially decrease Vendor’s obligations or materially reduce Customer’s rights as compared to those reflected in such terms as of the Subscription Start Date of the first Order Form entered into by the parties.

11.4.        Relationship of the Parties. The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the parties.

11.5.        No Third-Party Beneficiaries. There are no third-party beneficiaries to this Agreement; a person who is not a party to this Agreement may not enforce any of its terms under any applicable law.

11.6.        Email Communications. Notices under this Agreement will be provided as follows: (a) all notices regarding the Service will be sent by email, although we may instead choose to provide notice to Customer through the Service, (b) notices to us must be sent to [admin@socialawareness.io], and (c) all notices to Customer will be sent to the email(s) provided through the Service. Notices will be deemed to have been duly given (a) the business day after it is sent, in the case of notices through email; and (b) the same day, in the case of notices through the Service.

11.7.        Amendment and Waivers. No modification or amendment to this Agreement will be effective unless made in writing and signed by an authorized representative of both parties. No failure or delay by either party in exercising any right under this Agreement will constitute a waiver of that right. No waiver under this Agreement will be effective unless made in writing and signed by an authorized representative of the party being deemed to have granted the waiver.

11.8.        Severability. This Agreement will be enforced to the fullest extent permitted under applicable law. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision will be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of this Agreement will remain in effect.

11.9.        Assignment. Neither party will assign or delegate any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other party (not to be unreasonably withheld). Notwithstanding the foregoing, we may assign this Agreement in its entirety (including all Order Forms), without the consent of Customer, in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of our assets. Any purported assignment in violation of this section is void. Subject to the foregoing, this Agreement will bind and inure to the benefit of the parties, their respective successors and permitted assigns.

11.10.      Governing Law and Venue. This Agreement and any disputes arising out of or related hereto, shall be construed and governed by the laws of the Province of Alberta and the laws of Canada applicable therein and the parties irrevocably attorn to the exclusive jurisdiction of the Courts of the Province of Alberta, without regard to conflicts of laws rules or the United Nations Convention on the International Sale of Goods. Each party hereby consents and submits to the exclusive jurisdiction of such courts. Each party also hereby waives any right to jury trial in connection with any action or litigation in any way arising out of or related to this Agreement. In any action or proceeding to enforce rights under this Agreement or alternately, to defend an action brought by you in which we were successful in our defence of said action, we be entitled to recover all our legal fees on a solicitor and his own client full indemnity basis.

11.11.      Entire Agreement. This Agreement, including all referenced pages and Order Forms, if applicable, constitutes the entire agreement between the parties and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. Without limiting the foregoing, this Agreement supersedes the terms of any online agreement electronically accepted by Customer or any Users. However, to the extent of any conflict or inconsistency between the provisions in this Agreement and any other documents or pages referenced in this Agreement, the following order of precedence will apply: (1) the terms of any Order Form (if any), (2) this Agreement and (3) except as expressly stated herein, any other documents or pages referenced in this Agreement. Notwithstanding any language to the contrary therein, no terms or conditions stated in a Customer purchase order, vendor onboarding process or web portal, or any other Customer order documentation (excluding Order Forms) will be incorporated into or form any part of this Agreement, and all such terms or conditions will be null and void.

11.12.      Insurance. During the term of this Agreement, Vendor will comply with the insurance requirements stated in Exhibit C.

EXHIBIT B

SECURITY ADDENDUM

Vendor utilizes infrastructure-as-a-service cloud providers as further described in the Agreement and/or Documentation (each, a "Cloud Provider") and provides the Service to Customer from a VPC hosted by the applicable Cloud Provider (the “Cloud Environment").

Vendor maintains a comprehensive documented security program based on NIST 800-53 (or industry recognized successor framework), under which Vendor implements and maintains physical, administrative, and technical safeguards designed to protect the confidentiality, integrity, availability, and security of the Service and Customer Data (the “Security Program”), including, but not limited to, as set forth below. Vendor regularly tests and evaluates its Security Program, and may review and update its Security Program as well as this Security Policy, provided, however, that such updates will be designed to enhance and not materially diminish the Security Program.

1.              Hosting Location of Customer Data. Vendor hosts Customer Data in its Cloud Environment located in the Canada for storage. Vendor may use any region in Canada the U.S. or Australia to store or process data and Customer hereby consents to the transfer of any data to the U.S. or Canada for storage and processing purposes in accordance with the Agreement.

2.              Encryption.

a.              Encryption of Customer Data. Vendor encrypts Customer Data at-rest using AES 256-bit (or better) encryption. Vendor leverages Transport Layer Security (TLS) 1.2 (or better) for Customer Data in-transit over untrusted networks.

b.              Encryption Key Management. Vendor uses its Cloud Environment’s KMS with unique encryption keys per customer.

3.              System & Network Security.

a.              Access Controls. All Vendor personnel access to the Cloud Environment is via a unique user ID and consistent with the principle of least privilege. All access to the cloud console requires two-factor authentication. Access to the production environment is restricted, requires two-factor authentication.

b.              Endpoint Controls. For access to the Cloud Environment, Vendor personnel use laptops which utilize security controls that may include, but are not limited to, (i) disk encryption, (ii) endpoint detection and response (EDR) tools to monitor and alert for suspicious activities and Malicious Code, (as defined above) and (iii) vulnerability management in accordance with the Section titled, “Vulnerability Management” below.

c.              Separation of Environments. Vendor Computing logically separates production environments from development and testing environments. The Cloud Environment is both logically and physically separate from Vendor's corporate offices and networks.

d.              Firewalls / Security Groups. Vendor will protect the Cloud Environment using industry standard firewall or security groups technology with deny-all default policies to prevent egress and ingress network traffic protocols other than those that are business-required.

e.              Hardening. The Cloud Environment will be hardened using industry-standard practices designed to protect it from vulnerabilities, including by changing default passwords, removing unnecessary software, disabling or removing unnecessary services, and regular patching as described in this Security Policy.

f.               Monitoring & Logging.

● Infrastructure Logs. Monitoring tools or services, are utilized to log certain activities and changes within the Cloud Environment. These logs are further monitored, analyzed for anomalies, and are securely stored to prevent tampering for at least one year.

g.              Vulnerability Detection & Management.

● Anti-Virus & Vulnerability Detection. Vendor’s cloud environment is built to be immutable and auto-updates and designed  to prevent viruses.  Known vulnerabilities are automatically patched at the host level. Vendor does not monitor Customer Data for Malicious Code.

● Penetration Testing & Vulnerability Detection. Vendor may regularly conducts penetration tests throughout the year and engages one or more independent third parties to conduct penetration tests of the Service at least annually.

● Vulnerability Management. Vulnerabilities meeting defined risk criteria trigger alerts and are prioritized for remediation based on their potential impact to the Service. Upon becoming aware of such vulnerabilities, Vendor will use commercially reasonable efforts to address private and public (e.g., U.S.-Cert announced) critical and high vulnerabilities within 30 days, and medium vulnerabilities within 90 days. To assess whether a vulnerability is ‘critical’, ‘high’, or ‘medium’, Vendor leverages the National Vulnerability Database’s (NVD) Common Vulnerability Scoring System (CVSS), or where applicable, the U.S.-Cert rating.

4.              Administrative Controls.

a.              Personnel Agreements. Vendor personnel are required to sign confidentiality agreements. Vendor personnel are also required to adhere to Vendor's information security policy.

b.              Personnel Access Reviews & Separation. Vendor reviews the access privileges of its personnel to the Cloud Environment regularly, and removes access on a timely basis for all separated personnel.

5.              Physical and Environmental Controls.

a.              Cloud Environment Data Centers. Vendor works with the Cloud Providers to ensure the Cloud Provider has appropriate physical and environmental controls for its data centers hosting the Cloud Environment. Vendor regularly reviews those controls as audited under the Cloud Provider's third-party audits and certifications. Each Cloud Provider will have a SOC 2 Type II annual audit and ISO 27001 certification, or industry recognized equivalent frameworks. Such controls, will include, but are not limited to, the following:

● Physical access to the facilities are controlled at building ingress points;

● Visitors are required to present ID and are signed in;

● Physical access to servers is managed by access control devices;

● Physical access privileges are reviewed regularly;

● Facilities utilize monitor and alarm response procedures;

● Use of CCTV;

● Fire detection and protection systems;

● Power back-up and redundancy systems; and

● Climate control systems.

b.              Vendor Computing Corporate Offices. Vendor offices host no Customer Data and have no private connectivity to our Cloud Environments. We do enforce industry standard best practices for office security included but not limited to:

● Physical access to the corporate office is controlled at building ingress points;

● Use of CCTV at building ingress points;

● Fire detection and sprinkler systems; and

● Climate control systems.

6.              Incident Detection & Response.

a.              Security Incident Reporting. If Vendor becomes aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data (a "Security Incident"), Vendor Computing will notify Customer without undue delay, and in any case, where feasible, notify Customer within 72 hours after becoming aware.

b.              Investigation. In the event of a Security Incident as described above, Vendor Computing will promptly take reasonable steps to contain, investigate, and mitigate any Security Incident. Vendor in its sole discretion may engage a third party incident response/forensics company to help with the mitigation/investigation.

c.              Communication and Cooperation. Vendor Computing will provide Customer timely information about the Security Incident to the extent known to Vendor Computing, including, but not limited to, the nature and consequences of the Security Incident, the measures taken and/or proposed by Vendor Computing to mitigate or contain the Security Incident, the status of Vendor Computing's investigation, a contact point from which additional information may be obtained, and the categories and approximate number of data records concerned. Notwithstanding the foregoing, Customer acknowledges that because Vendor Computing personnel do not have visibility to the content of Customer Data, it will be unlikely that Vendor Computing can provide information as to the particular nature of the Customer Data, or where applicable, the identities, number, or categories of affected data subjects. Vendor Computing's communications with Customer in connection with a Security Incident will not be construed as an acknowledgment by Vendor Computing of any fault or liability with respect to the Security Incident.

7.              Customer Rights & Shared Security Responsibilities.

a.              Sensitive Customer Data. Customer Data should not include any sensitive data (as defined by applicable data protection laws); it is the Customer’s responsibility to ensure that any Customer Data containing content regulated by PCI-DSS, FedRAMP, or containing any similarly regulated content is  in compliance with the appropriate regulatory requirements and controls. Customer acknowledges and Vendor makes no warranty and has no third party verified compliance certifications around PCI-DSS, and/or FedRAMP.

b.              Shared Security Responsibilities. Without diminishing Vendor's commitments in this Security Policy, Customer agrees:

● Vendor does not assess or monitor the content of Customer Data to identify information subject to any specific legal, regulatory or other requirements and Customer is responsible for making appropriate use of the Service to ensure a level of security appropriate to the particular content of Customer Data; and

● to be responsible for managing and protecting its User roles and credentials, including but not limited to (i) requiring that all Users keep credentials confidential and not share such information with unauthorized parties, (ii) reporting to Vendor any suspicious activities in the account or if a user credential has been compromised, (iii) appropriately configuring User and role-based access controls, including scope and duration of User access, taking into account the nature of its Customer Data, and (iv) maintaining appropriate password uniqueness, length, complexity, and expiration.

c.              Access to Customer Data. As Vendor does not access the Customer Data it is the Customer’s responsibility to submit deletion requests for the appropriate data subject. Vendor shall promptly notify Customer if Vendor receives a request from a data subject for access to, correction, amendment or deletion of such data subject’s Personal Data. Vendor shall not respond to any such request without Customer's prior consent except to confirm that the request relates to the Customer.

EXHIBIT C

INSURANCE REQUIREMENTS

Vendor will obtain and maintain at its sole cost and expense during the term of this Agreement, and for one year thereafter on all claims-made policies, the following minimum insurance coverage, subject only to standard industry exclusions and deductibles:

                        i.                 Commercial General Liability Insurance written on an occurrence form and including but not limited to operations, products/completed operations, and contractual liability coverage, with limits not less than $1,000,000 in the aggregate;

                       ii.                 Cyber Liability Insurance, including technology errors & omissions, including coverage for: network security liability; privacy liability; privacy regulatory proceeding expenses and fines; technology professional liability (errors and omissions); privacy breach expense reimbursement; and data/information loss and business interruption; and with a total aggregate limit of not less than $5,000,000;

                     iii.                 Workers’ Compensation Insurance coverage at limits in a sufficient amount to meet all applicable statutory requirements; and

                     iv.                 (iv) Employer’s Liability Insurance coverage with limits not less than $1,000,000 per occurrence. 

Upon request, Vendor will provide Customer with a certificate of insurance following execution of this Agreement.  Vendor also will provide a current insurance certificate upon request (not more than once per calendar year) at any time during the duration of this Agreement.  Each contract of insurance will be with an insurer approved to do business that is rated “A-” or better.

EXHIBIT D

ADDITIONAL POLICIES and GUIDELINES

Vendor maintains a comprehensive list of supporting policies and guidelines, which are considered an essential part of the Services Agreement, on the Vendor website https://www.nisto.io. Vendor may from time to time improve or modify these policies and guidelines and will notify the Customer of such changes. The policies and guidelines include but are not limited to:

                        i.                Privacy Policy;

                       ii.                Anti-Spam Policy;

                     iii.                Support Policy;

                     iv.                Trademark Guidelines; and

                       v.                System Requirements and Compatibility.