Master Subscription Agreement

This Master Subscription Agreement ("Agreement") is between DELINE8.AI LIMITED, a private limited company registered in Ireland with company number 790770 and registered address at Troyswood, Kilkenny, R95 H7Y0, Ireland ("deline8"), and the customer entity identified on an Order Form that references this Agreement ("Customer"). This Agreement is effective as of the date of the first Order Form executed by the parties that references this Agreement ("Effective Date").

By executing an Order Form that references this Agreement, by clicking acceptance, or by using the Services, Customer agrees to this Agreement. If the individual accepting this Agreement is doing so on behalf of an entity, such individual represents that they have authority to bind that entity and its affiliates to this Agreement. Customer represents and warrants it is a business customer and not a consumer.

1. Contract Structure and Order of Precedence

1.1 This Agreement governs Customer’s access to and use of the Services. The parties may enter into one or more ordering documents (each, an "Order Form") that reference this Agreement and specify the Services, subscription term, quantities (e.g., Cloud Assets), fees, and any applicable tier.

1.2 The following order of precedence applies in case of conflict:

1. The applicable Order Form

2. The Data Processing Addendum (DPA) for data protection matters

3. The Service & Support Levels Agreement ("SLA") for service credits and support obligations

4. This Agreement

5. The Documentation

1.3 The DPA is incorporated by reference and will control over this Agreement with respect to the processing of personal data.

2. Definitions

2.1 “Aggregated Data” means data or information derived from Customer Data or use of the Services that has been de-identified and/or aggregated so that it cannot reasonably be used to identify Customer, a Permitted User, or any individual.

2.2 “Cloud Asset” means the unit of measurement used for pricing and usage limits of the Services, as described in the Documentation (e.g., a virtual machine, container host, defined number of serverless functions, or a managed database).

2.3 “Confidential Information” means non-public business, technical or financial information disclosed by one party ("Disclosing Party") to the other ("Receiving Party") that is marked or otherwise identified as confidential or should reasonably be understood to be confidential given the nature of the information and the circumstances of disclosure.

2.4 “Customer Data” means electronic data, configurations, metadata, logs and other information submitted by or for Customer to the Services, or collected by the Services from Customer’s designated technology environments. Customer Data excludes Aggregated Data.

2.5 “Documentation” means the user guides, specifications and support documents for the Services made available by deline8 and updated from time to time.

2.6 “Output” means the reports, analyses and other results generated by the Services for Customer, including any “Certified Risk Report.”

2.7 “Permitted User” means an individual who is an employee, contractor or agent of Customer or its Affiliates whom Customer authorizes to use the Services under Customer’s account.

2.8 “Platform” means deline8’s AI-powered software-as-a-service platform for Predictive Infrastructure Intelligence, including assessment modules, user interfaces, and underlying technology.

2.9 “Services” means the subscription-based services provided by deline8 via the Platform, as identified in an Order Form, including access to assessment modules described in the Documentation.

2.10 “SLA” means deline8’s then-current Service & Support Levels Agreement applicable to the Services: deline8.ai/legal.

2.11 “Support Policy” means deline8’s then-current support offering applicable to the purchased tier.

2.12 “Affiliate” means an entity that directly or indirectly controls, is controlled by, or is under common control with a party, where control means ownership of more than 50% of the voting interests.

3. Access Rights and Use

3.1 Grant. Subject to this Agreement and payment of applicable fees, deline8 grants Customer a limited, non-exclusive, non-transferable, non-sublicensable right during the subscription term to access and use the Services for Customer’s internal business purposes. Customer may allow its Affiliates’ Permitted Users to use the Services under Customer’s account, provided Customer remains responsible for all use and all usage counts toward the applicable limits.

3.2 Service Tiers. Features, usage limits (including Cloud Assets), and deliverables depend on the tier purchased, as specified in the applicable Order Form and Schedule 1. The Free or Freemium Tier is provided for evaluation only and is subject to Section 18 (Free Trial) and Section 19 (Beta Features) as applicable.

3.3 Accounts and Users. Customer is responsible for: (a) configuring and administering user accounts; (b) all actions of its Permitted Users; and (c) maintaining the security of access credentials. Customer will promptly notify deline8 of any unauthorized access or use.

4. Acceptable Use and Restrictions

Customer will not, and will not permit any third party to:

1. Reverse engineer, decompile, disassemble or otherwise attempt to derive source code or underlying algorithms of the Services (except to the extent such restrictions are prohibited by applicable law).

2. Modify or create derivative works of the Services or Documentation.

3. Rent, lease, sell, sublicense, assign, distribute, or make the Services available to any third party, except as expressly permitted in this Agreement.

4. Use the Services for the benefit of any third party or in a service bureau or time-sharing arrangement.

5. Access the Services to build a competitive product or service or to copy any features, functions or graphics.

6. Use the Services to store or transmit infringing, unlawful, harmful, or privacy-invasive content, or to store or transmit malware or other malicious code.

7. Interfere with or disrupt the integrity or performance of the Services.

8. Attempt to gain unauthorized access to the Services or related systems or networks.

9. Conduct performance, vulnerability or benchmark testing without deline8’s prior written consent.

10. Circumvent or attempt to circumvent usage limits or metering.

11. Violate applicable laws (including privacy, export, and sanctions laws) in connection with use of the Services.

12. Security testing of Customer’s own environments via the Services is permitted; separate penetration testing of the Services requires deline8’s prior written consent.

5. Customer Data; Data Return/Deletion

5.1 Ownership. As between the parties, Customer owns all rights, title and interest in and to Customer Data.

5.2 License to Provide Services. Customer grants deline8 a worldwide, non-exclusive, limited-term license to host, copy, transmit and process Customer Data as reasonably necessary to provide, maintain, secure and support the Services and as otherwise permitted under this Agreement.

5.3 Responsibilities. Customer is responsible for the accuracy, quality, and legality of Customer Data and the means by which Customer acquired the data, including obtaining all necessary rights and consents.

5.4 Data Return and Deletion. Upon termination or expiry of the applicable subscription, Customer may request export of Customer Data within 30 days. deline8 will make Customer Data available in a commonly used machine-readable format. After such 30-day period, deline8 will delete Customer Data from active systems within 60 days and from backups in accordance with standard retention cycles, except where retention is required by law. Upon request, deline8 will confirm deletion.

6. Aggregated Data

deline8 may collect, create and use Aggregated Data for purposes of operating, analyzing, improving, supporting and enhancing the Services, and for developing industry benchmarks and reports, provided that deline8 does not use Aggregated Data to identify Customer, any Permitted User, or any individual and does not attempt to re-identify such data.

7. Security and Data Protection

7.1 Security. deline8 will maintain an information security program with administrative, physical and technical safeguards designed to protect the security, confidentiality and integrity of Customer Data. Security measures are further described in the Documentation and/or Security Overview.

7.2 DPA. The deline8 Data Processing Addendum located at [insert URL to DPA] (as updated from time to time in accordance with its terms) is incorporated by reference and applies to the extent deline8 processes personal data on Customer’s behalf. In the event of conflict between this Agreement and the DPA regarding processing of personal data, the DPA controls.

7.3 Subprocessors. Customer authorizes deline8 to use subprocessors to provide the Services. deline8 remains responsible for its subprocessors’ performance. Current subprocessors are listed at [insert URL]. deline8 will provide prior notice of changes by updating that page and/or by email subscription. Customer may object on reasonable data protection grounds within 15 days; if unresolved, Customer may terminate the affected Services and receive a pro-rata refund of prepaid, unused fees.

8. Intellectual Property; Outputs

8.1 Ownership. As between the parties, deline8 and its licensors own all right, title and interest in and to the Platform, Services, Documentation, models, methodologies, and Aggregated Data, together with all related intellectual property rights. No rights are granted to Customer other than as expressly stated in this Agreement.

8.2 Outputs. Customer may access and use Outputs generated by the Services for Customer’s internal business purposes. Subject to Customer’s compliance with this Agreement and payment of applicable fees, deline8 grants Customer a perpetual, worldwide, royalty-free license to use, copy, and distribute Outputs (including any “Certified Risk Report”), excluding deline8’s underlying software, models and methodologies, for Customer’s internal business purposes and to share with Customer’s Affiliates, auditors, insurers, regulators, and actual or prospective investors, acquirers and professional advisors, in each case under reasonable confidentiality obligations. Customer remains responsible for any sharing of Outputs.

8.3 “Certified” Disclaimer. “Certified” in “Certified Risk Report” refers to deline8’s internal methodology and processes and does not imply any legal, regulatory, or third-party certification or assurance.

8.4 Feedback. If Customer or a Permitted User provides feedback or suggestions regarding the Services, deline8 may use them without restriction and Customer assigns all right, title, and interest in such feedback to deline8.

9. Fees, Taxes, Usage and Payment

9.1 Fees. Customer will pay the fees set out in each Order Form. Except as expressly stated in this Agreement or an Order Form: fees are non-cancellable and non-refundable; quantities purchased cannot be decreased during a subscription term; and fees are based on purchased quantities, not actual usage.

9.2 Taxes. Fees are exclusive of VAT and other applicable taxes. Customer is responsible for all taxes, duties and similar charges arising from the transactions under this Agreement (excluding taxes based on deline8’s net income). If Customer is required to withhold taxes, Customer will gross-up payments so that deline8 receives the full amount it would have received absent withholding.

9.3 Usage and Overage. deline8 may monitor and measure Customer’s consumption of Cloud Assets. If, during any calendar month of the subscription term, Customer’s usage exceeds the quantity of Cloud Assets set forth in the applicable Order Form, Customer will be invoiced for such overage at the per-unit rates specified in the Order Form (or if not specified, deline8’s then-current standard rates). Furthermore, commencing from the month in which the overage occurred, the quantity of Cloud Assets purchased for the remainder of the subscription term will be automatically increased to the new peak quantity, and fees for the remainder of the subscription term will be adjusted and invoiced on a pro-rata basis.

9.4 Invoicing and Payment. Unless otherwise stated in the Order Form, fees will be invoiced in advance and are due within 30 days of invoice date. Late payments accrue interest at the lesser of 1.5% per month or the maximum rate permitted by law. Customer must notify deline8 of any good-faith disputed amounts within 15 days of invoice; undisputed portions remain payable.

9.5 Verification. Customer will maintain reasonable records of usage under this Agreement. No more than once in any 12-month period and on at least 15 days’ notice, deline8 may request reasonable usage reports or conduct a remote review limited to usage data to verify compliance with usage limits.

10. Suspension

deline8 may suspend the Services, in whole or in part, upon notice if: (a) undisputed amounts are overdue by more than 10 days after notice; (b) Customer’s use poses a material security risk to the Services or any third party; (c) Customer’s use violates Section 4 or applicable law; or (d) suspension is required by law or government order. deline8 will limit the suspension to what is reasonably necessary and will restore Services promptly once the condition is remedied.

11. How do we use cookies?

The SLA applicable to Customer’s tier are located at deline8.ai/legal and are incorporated by reference. Service credits, if any, are Customer’s sole and exclusive remedy for any failure to meet the SLA.

12. Confidentiality

12.1 Obligations. The Receiving Party will: (a) use Confidential Information solely for performance under this Agreement; (b) protect Confidential Information using at least the same degree of care it uses to protect its own confidential information, but no less than a reasonable standard of care; and (c) not disclose Confidential Information to any third party except to its and its Affiliates’ employees, contractors, advisors and prospective investors/acquirers who need to know it and are bound by confidentiality obligations no less protective than those herein. The Receiving Party is responsible for their compliance.

12.2 Exceptions. Confidential Information does not include information that: (a) is or becomes public through no breach of this Agreement; (b) was known to the Receiving Party without restriction before receipt; (c) is received from a third party without breach of any duty; or (d) was independently developed by the Receiving Party without use of the Disclosing Party’s Confidential Information.

12.3 Compelled Disclosure. The Receiving Party may disclose Confidential Information pursuant to a valid court order or governmental demand, provided it (where legally permitted) promptly notifies the Disclosing Party and cooperates, at the Disclosing Party’s expense, in seeking protective treatment. The Receiving Party will disclose only what it is legally required to disclose.

12.4 Equitable Relief; Survival. The parties agree that breach of this Section may cause irreparable harm for which monetary damages are inadequate and that injunctive relief is appropriate. Confidentiality obligations survive for 5 years after disclosure, except that trade secrets remain protected as long as they qualify as trade secrets.

13. Warranties; Disclaimer

13.1 Limited Warranty. deline8 warrants that during the subscription term the Services will perform in all material respects in accordance with the applicable Documentation. Customer’s exclusive remedy for breach of this warranty is for deline8 to use commercially reasonable efforts to correct the nonconformity, or if deline8 cannot do so within a reasonable time, Customer may terminate the affected Services and receive a pro-rata refund of prepaid, unused fees for the remainder of the subscription term.

13.2 Disclaimer. Except as expressly provided in Section 13.1, the Services, Platform, Outputs and Documentation are provided “as is” and “as available.” deline8 disclaims all warranties, whether express, implied, statutory or otherwise, including implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. deline8 does not warrant that the Services will be uninterrupted or error-free or that Outputs will be accurate or complete. Customer is solely responsible for use of Outputs and for independently evaluating their suitability for Customer’s purposes.

14. Indemnities

14.1 By deline8 (IP Infringement). deline8 will defend Customer against any third-party claim alleging that Customer’s authorized use of the Services infringes a third party’s intellectual property rights, and will pay amounts finally awarded by a court or agreed in settlement by deline8. If a claim is made or appears likely, deline8 may (at its option): (a) procure the right for Customer to continue using the Services; (b) modify or replace the Services so they are non-infringing and substantially equivalent; or (c) terminate the affected Services and provide a pro-rata refund of prepaid, unused fees. This Section does not apply to claims arising from: (i) Customer Data; (ii) combinations with products, services, data or processes not provided by deline8; (iii) modifications not made or authorized by deline8; or (iv) use after deline8 has provided a non-infringing alternative. This Section states Customer’s sole and exclusive remedy for third-party IP infringement claims.

14.2 By Customer. Customer will defend deline8 against any third-party claim arising from or relating to: (a) Customer Data (including claims that Customer Data infringes or violates third-party rights or law); or (b) Customer’s use of the Services in breach of Section 4 or applicable law; and will pay amounts finally awarded or agreed in settlement by Customer.

14.3 Process. The indemnified party will: (a) promptly notify the indemnifying party of the claim; (b) grant the indemnifying party sole control of the defense and settlement (provided settlement fully releases the indemnified party and does not impose any admission of liability or non-monetary obligation on the indemnified party without its consent); and (c) provide reasonable cooperation at the indemnifying party’s expense. Failure to comply with (a) will relieve the indemnifying party only to the extent it is prejudiced.

15. Limitation of Liability

15.1 Exclusion. Neither party is liable to the other for indirect, incidental, special, consequential, exemplary or punitive damages, or for lost profits, revenues, goodwill, or data, arising out of or related to this Agreement, even if advised of the possibility of such damages.

15.2 General Cap. Except for liabilities specified in Section 15.3 (Exclusions from Cap) and Section 15.4 (Expanded Cap), each party’s aggregate liability arising out of or related to this Agreement will not exceed the total fees paid or payable by Customer under this Agreement for the Services giving rise to the liability during the 12-month period immediately preceding the first event giving rise to the liability.

15.3 Exclusions from Cap. Nothing in this Agreement limits or excludes liability for: (a) death or personal injury caused by negligence; (b) fraud or willful misconduct; (c) any other liability that cannot be limited or excluded under applicable law; (d) Customer’s payment obligations under this Agreement; or (e) deline8’s obligations under Section 14.1 (IP indemnity).

15.4 Expanded Cap. For any claims arising from a party's breach of its obligations under Section 7 (Security and Data Protection) or Section 12 (Confidentiality), each party’s aggregate liability will not exceed two times (2x) the total fees paid or payable by Customer under this Agreement during the 12-month period immediately preceding the first event giving rise to the liability.

16. Term, Renewal and Termination

16.1 Term. This Agreement starts on the Effective Date and continues until all subscriptions under Order Forms have expired or been terminated.

16.2 Subscription Term; Renewal. Each subscription term is set forth in the applicable Order Form and will automatically renew for successive periods equal to the expiring term unless either party gives notice of non-renewal at least 30 days before the end of the then-current term. deline8 may update fees for a renewal term by giving notice at least 45 days before renewal.

16.3 Termination for Cause. Either party may terminate this Agreement or an affected Order Form for material breach if the other party does not cure within 30 days after written notice. Either party may terminate immediately if the other party becomes insolvent, enters bankruptcy or similar proceedings, or ceases business.

16.4 Effect of Termination. Upon termination or expiry of a subscription, Customer will stop using the Services and pay all fees due. Section 5.4 governs data return and deletion. Termination is without prejudice to other remedies.

17. Insurance

During the term of this Agreement, deline8 will maintain, at its own expense, the following insurance coverage: (a) Commercial General Liability, including contractual liability, with limits of at least €1,000,000 per occurrence; (b) Technology Errors & Omissions / Professional Indemnity with limits of at least €2,000,000 per claim and in the aggregate; and (c) Cyber Liability with limits of at least €2,000,000 per claim and in the aggregate. Upon reasonable request, deline8 will provide Customer with a certificate of insurance evidencing such coverage.

18. Changes to Services; Documentation

deline8 may make updates or modifications to the Services and Documentation. deline8 will not materially reduce core functionality of the Services purchased during a subscription term without providing functionally equivalent alternatives or a pro-rata refund if Customer elects to terminate the affected Services.