Master Service Agreement

The following defined terms apply throughout this Agreement:

• Affiliate — any entity that directly or indirectly controls, is controlled by, or is under common control with a Party.
• AI Features — components of the Services that leverage artificial intelligence technologies.
• Applicable Laws — applicable statutes, by-laws, rules, regulations, orders, ordinances or judgments.
• Customer Data — all data and information, including Personal Information, submitted by Customer or its Permitted Users.
• Customer Systems — any devices, networks, IT infrastructure, and all related equipment used by Customer.
• Deliverable — any custom work product or materials specifically created for Customer.
• Documentation — standard technical user manuals, handbooks, and product guides.
• Effective Date — the effective date specified in the initial Order Form.
• Fees — total consideration payable by Customer for the Services.
• Governmental or Regulatory Authority — any national, provincial, state, county, municipal authority.
• Intellectual Property Rights — registered and unregistered rights under patents, copyrights, trademarks.
• Modifications — modifications, improvements, customizations, patches, bug fixes, updates, enhancements.
• Order Form — written quote, proposal, or binding ordering document.
• Permitted Users — any person or entity authorized by Customer to use the Services.
• Personal Information — information about an identifiable individual provided by Customer.
• Residents — individuals who lease, rent, or otherwise occupy residential units managed by Customer.
• Services — products and services ordered by Customer under an Order Form.
• Statement of Work (SOW) — fully executed statement of work specifying Professional Services.
• Website — websites under the Suitespot.io domain.

2.1 Provision of Service and License Grant

Subject to Customer's compliance with the terms of this Agreement and payment of the due Fees, SuiteSpot shall make the Services available to Customer pursuant to this Agreement during the Term, and grants to Customer a revocable, limited, non-sublicensable, non-exclusive, non-transferable right during the Term to allow its Permitted Users to access and use the Services and Documentation solely for Customer's business purposes and in accordance with the terms and conditions herein.

2.2 Restrictions on Use

Customer must not:

• (i) distribute, resell, lease, or make the Services available to unauthorized parties;
• (ii) attempt to gain unauthorized access to, or disrupt the integrity or performance of, the Services;
• (iii) reverse engineer, decompile, disassemble, modify, or create derivative works of the Services;
• (iv) access the Services to build competitive products or copy features or functionality;
• (v) use the Services for unlawful purposes or transmit malicious code;
• (vi) delete or alter proprietary notices in the Services;
• (vii) access or use the Services outside North America unless specifically agreed;
• (viii) rely solely on AI-generated outputs without independent verification.

2.3 Customer Responsibilities

Customer must:

• (a) ensure that it and all Permitted Users access and use the Services in accordance with this Agreement;
• (b) understand that any Permitted User breach constitutes a Customer breach;
• (c) remain solely responsible for accuracy and completeness of all data uploaded;
• (d) maintain all Customer Systems required to enable use of the Services.

2.4 Customer User Account; Responsibility for Permitted Users

(a) SuiteSpot will provide Customer with user accounts ("Customer User Accounts") for access to the Services by Permitted Users. Customer is responsible for managing all Customer User Accounts, ensuring each Permitted User accesses the Services only through their assigned account, and maintaining the confidentiality of all account credentials.

(b) Customer is responsible for identifying and authenticating all Permitted Users. Customer will promptly notify SuiteSpot of any actual or suspected unauthorized use of the SaaS Services.

2.5 SuiteSpot Mobile Application

If Customer or its Permitted Users access the Services through a mobile application, such access is subject to the applicable Mobile App Terms of Use, including, without limitation, and as applicable, any mandatory terms required by the Apple App Store or Google Play Store.

Customer's use of the SuiteSpot Mobile app requires acceptance of software updates and upgrades provided by SuiteSpot ("Mobile Updates").

2.6 Browser and Device Compatibility

SuiteSpot's web SaaS Services, accessible under, but not limited to the suitespot.io domain, are compatible with Microsoft Edge and Google Chrome, and Apple Safari browsers.

Services mobile application ("SuiteSpot Mobile") is available from the Apple AppStore and Google Play Store and is compatible with devices running Apple iOS and Google Android operating systems. SuiteSpot Mobile is supported on the most recent and the previous two major versions of these operating systems.

2.7 Professional Services

If applicable, while on Customer's premises for Professional Services, SuiteSpot personnel shall comply with reasonable Customer's rules and regulations regarding safety, security, and conduct made known to SuiteSpot.

2.8 Third-Party Products

(a) Embedded Third-Party Products
The SaaS Services may contain software products that are owned by third parties that may contain license terms that differ from the terms in this Agreement (collectively "Embedded Third-Party Products"). SuiteSpot agrees to remain responsible for the performance of the Embedded Third-Party Products.

(b) Customer Third-Party Products
Other third-party products may be separately licensed by Customer and integrated with the SaaS Services at Customer's discretion or request ("Customer Third-Party Products"). SuiteSpot shall not be liable for any outage or failure caused by the malfunction or unavailability of such Customer Third-Party Products.

2.9 Subcontractors

SuiteSpot may engage third parties to assist it in providing the Services or any part thereof. The delegating or subcontracting of all or any part of SuiteSpot's obligations under this Agreement to any subcontractor will not relieve SuiteSpot from any obligation or liability under this Agreement.

3.1 Fees and Invoicing

(a) Fees
Customer shall pay the fees set forth in the applicable Order Form ("Fees"). SaaS Services and Support Services are billed on a "per unit per month" (PUPM) basis (the "Unit Price"), unless otherwise specified on an Order Form.

Unless otherwise specified in an Order Form, the Unit Price for any Renewal Term will increase by five percent (5%) above the pricing in the immediately preceding term.

(b) Payment Terms
Unless otherwise specified in an Order Form, Fees are billed annually in advance and are due within thirty (30) days of the invoice date.

Quoted pricing is predicated on annual prepayment; any other billing frequency specified in an Order Form will result in the loss of the annual pricing discount.

Unpaid amounts are subject to a financing charge of 1.5% per month on any outstanding balance, or the maximum permitted by law, whichever is lower, plus collection expenses. All payment obligations are non- cancelable and non-refundable.

(c) Unit Calculation and Minimums
Fees for SaaS Services and Support Services are calculated as the Unit Price multiplied by the greater of: (i) the actual number of Units managed on the SaaS Services; or (ii) the minimum unit count specified in the Order Form.

"Units" refers to Customer's residential Units, which are occupied or intended to be occupied by Residents. If managed on the SaaS Services, Commercial Units (e.g. retail or commercial spaces) are billed at ten (10) times the Unit Price.

(d) True-Ups and Credits
Fees for changes to the number of Units managed in the SaaS Services are calculated pro-rata from the date of the Unit count change through the end of the then-current billing cycle.

Should Customer remove Units such that the total count falls below the amount prepaid, SuiteSpot will issue a pro-rata credit ("Credit") for the unused and prepaid Fees; provided, however, that no Credits will be issued for any reduction in the total Unit count below the minimum unit count specified in the Order Form.

3.2 Taxes

Customer is responsible for all taxes, duties, and governmental assessments associated with its purchases (including sales, use, or withholding taxes), except for taxes based on SuiteSpot's income, employees, or property.

3.3 Disputed Invoices and Suspension

Customer may not withhold or setoff amounts due under this Agreement. Customer must dispute invoices within 30 days of receipt or be deemed to have accepted them.

SuiteSpot may suspend Services if Fees are more than 30 days overdue (except amounts under good faith dispute), without liability, until paid in full.

4.1 Term

(a) Term
This Agreement commences on the Effective Date and continues until all Order Forms and SOWs have expired or this Agreement has been terminated in accordance with this Section 4 ("Term").

(b) Subscription Term
Unless otherwise specified in an Order Form, each subscription continues for a period of one (1) year (the "Initial Term"). Subscriptions automatically renew for successive one (1) year periods (each, a "Renewal Term") unless either Party provides written notice of non-renewal at least sixty (60) days prior to the end of the then-current Initial or Renewal Term.

(c) SOW Term
Each SOW is effective for the term specified therein ("SOW Term"). Termination or expiration of this Agreement will automatically terminate all active SOWs unless the Parties agree otherwise in writing.

4.2 Termination

Either Party may terminate this Agreement (including all Order Forms and SOWs) immediately upon written notice if the other Party: (a) fails to cure a material breach (including but not limited to Customer's non-payment of any Fees due under this Agreement) within thirty (30) days of receiving written notice of such breach; (b) breaches this Agreement in a manner that cannot be cured; or (c) becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation, or assignment for the benefit of creditors.

4.3 Effect of Termination and Data Return

Upon expiration or termination: (a) Customer's right to use the Services ceases and each Party shall return or destroy the other Party's Confidential Information; (b) If Customer terminates for SuiteSpot's uncured material breach, SuiteSpot shall provide a pro-rata refund of any unused and prepaid Fees.

Upon request, SuiteSpot shall make Customer Data available for export in its native format for sixty (60) days after termination. After this period, SuiteSpot shall have no obligation to maintain Customer Data and may delete it unless legally prohibited.

4.4 Survival

Any provision of this Agreement which by its nature should survive termination or expiration shall survive, including: Section 2.2 (Restrictions on Use), Section 3 (Fees and Payment), Sections 4.3 (Effect of Termination and Data Return) and 4.4 (Survival), Section 6 (Confidentiality, Data and Security), Section 7 (Intellectual Property), Section 8 (Warranties and Disclaimers), Section 9 (Indemnification), Section 10 (Limitation of Liability), and Section 11 (General Provisions).

5.1 Support Services and Service Level Agreement

SuiteSpot shall make the Support Services and SaaS Services available in accordance with the support tiers and service levels, including uptime commitments, set forth in Exhibit A.

5.2 Modifications

SuiteSpot may update or Modify the SaaS Services from time to time to improve functionality or security. Such Modifications shall not materially reduce the overall functionality of the SaaS Services as described in the Documentation. Significant updates will be communicated to Customer in advance.

5.3 Suspension

SuiteSpot may suspend Customer's access to the Services: (a) if any undisputed Fees are thirty (30) days or more overdue, provided that SuiteSpot has given Customer at least ten (10) days prior written notice; (b) if necessary to prevent an immediate threat to the security or integrity of the Services; or (c) as required by Applicable Laws.

6.1 Confidentiality

(a) Confidential Information
"Confidential Information" means all non-public business, technical or financial information disclosed by one Party to the other that is designated as confidential or should reasonably be understood to be confidential given the nature of the information and circumstances of disclosure.

Customer's Confidential Information specifically includes Customer Data. Confidential Information does not include information that: (i) is or becomes public through no fault of the receiving Party; (ii) was already known or independently developed without access to the disclosing Party's Confidential Information; or (iii) is received from a third party without confidentiality obligations.

(b) Obligations
Each Party shall: (i) not disclose Confidential Information to any third party except as expressly permitted herein; (ii) protect the other's Confidential Information with at least the same degree of care it uses for its own similar information, but no less than a reasonable standard of care; (iii) use Confidential Information only to fulfill obligations or exercise rights under this Agreement; and (iv) not remove any proprietary legends from the other Party's Confidential Information.

(c) Permitted Disclosures
A Party may disclose Confidential Information to its Affiliates, employees, subcontractors, and professional advisors who have a "need to know" and are bound by confidentiality terms at least as protective as those herein.

SuiteSpot may disclose the existence and commercial terms of this Agreement to its board members, current or potential financing sources, and potential assignees or successors in connection with a potential merger, amalgamation, reorganization or other corporate transaction involving the business or assets of SuiteSpot, provided such parties are bound by confidentiality terms at least as protective as those herein.

If required by Applicable Laws or court order, a Party may disclose Confidential Information provided it gives the other Party reasonable notice and cooperates with the other Party to seek a protective order, where permitted.

(d) Remedy and Return
Each Party acknowledges that a breach of this Section 6.1 may cause irreparable harm for which monetary damages alone would not be a sufficient remedy. Accordingly, the disclosing Party is entitled to seek appropriate equitable relief, including injunctive relief, in addition to any other available remedies.

Upon termination or expiration of this Agreement, each Party shall return or destroy the other Party's Confidential Information within thirty (30) days. Notwithstanding, a Party may retain electronically archived copies of Confidential Information for backup or legal purposes, provided such information remains subject to the confidentiality obligations of this Agreement.

These obligations expire three years after the Agreement ends, except for trade secrets, which remain protected for as long as they qualify as such under Applicable Laws.

6.2 Data Security and Privacy

(a) Ownership and Control
As between the Parties, Customer owns all right, title, and interest in and to Customer Data and all modifications made thereto. Customer grants SuiteSpot a non-exclusive, revocable right during the Term to access and use Customer Data solely to perform its obligations under this Agreement.

Customer acknowledges that it bears sole responsibility for adequately controlling and backing up its Customer Data. SuiteSpot may pull or otherwise receive Customer Data from Customer Third-Party Products, and Customer hereby authorizes SuiteSpot to collect, retain and use such Customer Data solely as permitted herein.

(b) Customer Responsibilities
Customer is and shall remain fully responsible and liable for its Customer Data, and undertakes that it is fully compliant with all privacy and data protection laws, regulations, and industry standards.

Customer shall have sole responsibility for the accuracy, quality, integrity, legality, and reliability, and intellectual property ownership or right to use Customer Data.

Customer shall maintain appropriate physical, administrative, and technical controls, screening, security procedures and other safeguards necessary to: (i) protect all access credentials, user accounts and authentication methods for the Services; (ii) prevent unauthorized access to the Services; and (iii) secure and control the content and use of Customer Data uploaded to or processed through the Services.

Except for SuiteSpot's direct gross negligence, willful misconduct, violation of Applicable Laws, or if directly caused by the Services, SuiteSpot shall not be liable for the unauthorized access to, alteration of, deletion, correction, destruction, corruption, damage, loss, or failure to secure or store Customer Data.

SuiteSpot is not liable for Service failures caused by, without limitation, failures in telecommunications networks, misuse of the Services by Permitted Users, failures related to the Customer System(s) or other events outside SuiteSpot's reasonable control.

(c) Security Standards
SuiteSpot shall maintain appropriate administrative, technical, and physical safeguards consistent with SOC 2 Type II or equivalent industry standards to protect the confidentiality and integrity of Customer Data.

SuiteSpot will maintain and annually renew its SOC 2 Type II compliance report or equivalent control framework throughout the Term and, upon reasonable request and subject to confidentiality protections, provide a copy or equivalent attestation to Customer.

(d) Data Processing Addendum
The Parties' respective obligations regarding the processing of Personal Information are governed by the Data Processing Addendum which includes the Privacy Law Addendum attached hereto as Exhibit B, which is incorporated by reference.

(e) Security Incident Notification
SuiteSpot will notify Customer without undue delay, and in any event within forty-eight (48) hours, of becoming aware of a Security Incident involving Customer Data. Such notification shall include a description of the incident, its impact, and planned remediation steps as further detailed in the procedures set forth in Exhibit B.

(f) Privacy Policy
Personal Information will be treated in accordance with SuiteSpot's Privacy Policy located at suitespot.ai/privacy- policy (the "Privacy Policy"). SuiteSpot may update its Privacy Policy from time to time to align with changing regulatory requirements or industry practices.

SuiteSpot will provide Customer with at least thirty (30) days' prior written notice of any material changes to the Privacy Policy. If a material change to the Privacy Policy adversely affects Customer's rights with respect to Customer Data or Personal Information, Customer may object in writing within the notice period, and the Parties will negotiate in good faith to resolve the concern.

6.3 Aggregated Data and AI Training

(a) Aggregated Data
SuiteSpot may use, process, store, disclose, and create statistical reports, benchmarking data, and performance analytics by de-identifying and combining Customer Data with data from other customers ("Aggregated Data") for the purpose of administering, developing and improving its products.

Aggregated Data: (i) does not identify any individual, company, or specific customer; (ii) cannot be reverse- engineered to reveal Customer's identity or confidential information; and (iii) may be used by SuiteSpot to improve Services, develop new features, and provide industry insights.

Aggregated Data is not Customer Data and is not Customer's Confidential Information.

(b) AI Service Improvement and Customer-Specific Learning
The AI Features may retain and learn from interactions between the Services and Customer's Permitted Users solely to improve the quality, relevance, and accuracy of the AI Features as experienced by that Customer.

Such learned context is logically isolated to Customer's environment and is not shared with, accessible to, or used to benefit any other customer of SuiteSpot.

For clarity, SuiteSpot does not use Customer Data to train general-purpose artificial intelligence or machine learning foundation models. SuiteSpot may separately use Aggregated Data as defined in Section 6.3(a) to improve the overall functionality and performance of the Services.

7.1 SuiteSpot Property

(a) Ownership
SuiteSpot or its licensors retain all right, title, and interest, including all Intellectual Property Rights, in and to: (i) the Services; (ii) Deliverables; (iii) Aggregated Data; (iv) SuiteSpot's Confidential Information; and (v) any Modifications to the foregoing.

Except for the limited rights expressly granted in Section 2.1, Customer acquires no right, title, or interest in or to any SuiteSpot property. All rights not expressly granted by SuiteSpot to Customer under this Agreement are reserved by SuiteSpot.

(b) Feedback
Customer grants to SuiteSpot and its Affiliates a worldwide, perpetual, irrevocable, and royalty-free license to use and incorporate into the Services any suggestions, comments, or feedback provided by Customer or Permitted Users relating to the Services.

Such feedback shall be used in a de-personalized and anonymized manner without identifying Customer or its Permitted Users. SuiteSpot is not obligated to use any feedback.

7.2 Marketing Use

SuiteSpot may use Customer's name and logo on its website and in promotional materials to identify Customer as a SuiteSpot client. Any such use must comply with Customer's standard trademark usage guidelines, if provided.

Any further use, such as a detailed case study or press release, requires Customer's prior written approval.

8.1 Warranties

(a) Mutual Warranties
Each Party represents and warrants to the other that: (i) it has the corporate power and authority to enter into this Agreement and perform its obligations hereunder; (ii) this Agreement has been duly executed and constitutes a legal, valid, and binding obligation of that Party; and (iii) it will comply with all Applicable Laws in performing its obligations under this Agreement.

(b) SuiteSpot Performance Warranty
SuiteSpot warrants that the Services will materially conform to the Documentation. SuiteSpot's sole obligation and Customer's exclusive remedy for a breach of this warranty is for SuiteSpot to use commercially reasonable efforts to correct the non-conformity.

(c) SuiteSpot Malicious Code Warranty
SuiteSpot warrants that it will use commercially reasonable efforts to ensure the Services do not contain any "virus", "trap door", "Trojan Horse", "worm", "self-destruction", or other malicious code designed to disrupt, disable, or damage Customer Systems.

(d) Customer Data Warranty
Customer represents, warrants, and covenants that Customer Data: (i) will only contain Personal Information for which Customer has provided all required notices and disclosures and obtained all applicable consents and authority required by Applicable Laws (including privacy laws) to enable SuiteSpot to provide the Services; and (ii) will not infringe, misappropriate, or otherwise violate any Intellectual Property Rights, or any privacy or other rights of any third party, nor violate any Applicable Laws.

8.2 General Disclaimer

8.3 AI Features Disclaimer

In addition to the disclaimers described in Section 8.2, Customer acknowledges and agrees that AI Features: (i) are machine-generated, may not reflect human review, and may produce incomplete, inaccurate results; (ii) are not intended to provide legal, financial, medical, or compliance advice; and (iii) may reflect inherent limitations or biases in artificial intelligence technologies.

Customer remains solely responsible for verifying the accuracy and applicability of all AI-generated outputs, and for any reliance on such outputs by its Permitted Users. While SuiteSpot uses commercially reasonable efforts to integrate third-party AI Features into the Services, it cannot guarantee their reliability or completeness.

9.1 SuiteSpot Indemnity

(a) Scope of Indemnity
SuiteSpot will indemnify, defend, and hold harmless Customer, its Affiliates, and their respective officers, directors, employees, and agents (the "Customer Indemnified Parties") from and against any and all costs, damages, and reasonable attorneys' fees (collectively, "Losses") incurred by a Customer Indemnified Party arising out of any third-party claim, suit, or proceeding (each, a "Claim") (other than by an Affiliate or a Customer Indemnified Party) arising from: (i) an allegation that the Services, when used in accordance with this Agreement, infringe or misappropriate such third party's Intellectual Property Rights in the United States or Canada; (ii) SuiteSpot's material breach of this Agreement; or (iii) SuiteSpot's violation of Applicable Laws.

SuiteSpot will pay all Losses arising out of any final judgment against Customer or any settlement approved by SuiteSpot; provided that Customer complies with the Indemnification Procedures set forth in Section 9.3.

(b) Exclusions
The foregoing obligation in Section 9.1(a) does not apply to any Claim or Losses arising out of or relating to any: (1) any combination of the Services with products, services, or data not provided or authorized by SuiteSpot, unless the infringement would have resulted solely from the use of the Services alone; (2) any modification of the Services other than by SuiteSpot or with SuiteSpot's express written approval; (3) any use of the Services in a manner not authorized by this Agreement or the Documentation; or (4) any matter for which Customer has an indemnity obligation under Section 9.2.

(c) Mitigation
If an infringement Claim is made or appears likely, SuiteSpot may, at its option: (i) procure the right for Customer to continue using the Services; (ii) modify or replace the Services so they become non-infringing; or (iii) if options (i) and (ii) are not commercially reasonable, terminate the affected Services and provide a pro-rata refund of any prepaid, unused Fees.

9.2 Customer Indemnity

Customer will defend, indemnify, and hold harmless SuiteSpot, and its officers, directors, employees, and agents (the "SuiteSpot Indemnified Parties") from and against any and all Losses incurred by a SuiteSpot Indemnified Party arising out of any third-party Claim (other than by a SuiteSpot Indemnified Party) arising from or relating to: (i) Customer Data or Personal Information, including any claim that such data infringes the intellectual property or privacy rights of a third party; (ii) Customer's material breach of this Agreement; (iii) use of the Services by Customer or any Permitted User in violation of the Documentation or in combination with any third-party software, application, or service not expressly permitted by SuiteSpot; (iv) Customer's violation of Applicable Laws; or (v) any dispute between Customer and its clients, residents, or property owners.

Customer will pay all Losses resulting from any final judgment against SuiteSpot or any settlement approved by Customer; provided that SuiteSpot complies with the Indemnification Procedures set forth in Section 9.3.

9.3 Indemnification Procedure

The Party seeking indemnification (the "Indemnitee") will: (a) provide the other Party (the "Indemnitor") with prompt written notice of the Claim; (b) give the Indemnitor sole control over the defense and settlement of the Claim; and (c) provide all reasonable cooperation and assistance.

The Indemnitee may participate in the defense with its own counsel at its own expense. The Indemnitor may not settle any Claim in a manner that admits liability or imposes any financial or behavioral obligation on the Indemnitee without the Indemnitee's prior written consent (not to be unreasonably withheld).

The Parties acknowledge that the following provisions reflect a fair allocation of risk, form an essential basis of the bargain between the Parties, and that the Fees have been set in reliance upon these limitations. These provisions will survive and continue in full force and effect notwithstanding any failure of consideration or of an exclusive remedy.

10.1 Limitation of Liability

10.2 Exclusion of Damages

10.3 Insurance

During the Term, SuiteSpot shall maintain at its own expense: (a) Commercial General Liability insurance; and (b) Professional Liability (Errors & Omissions) insurance, which includes coverage for technology-based services and products, cybersecurity, and data breach risks.

Such insurance shall be placed with reputable insurers with an A.M. Best rating of at least A- VII or equivalent. Upon Customer's reasonable request, SuiteSpot shall provide certificates of insurance evidencing such coverage.

11.1 Governing Law and Interpretation

This Agreement is governed by the laws of the Province of Ontario and the federal laws of Canada, without regard to conflict of laws principles. Any legal action must be brought exclusively in the courts located in Toronto, Ontario.

However, either Party may seek injunctive or equitable relief in any court of competent jurisdiction to protect its Intellectual Property Rights or Confidential Information. The U.N. Convention on Contracts for the International Sale of Goods does not apply to this Agreement.

Except as otherwise provided in this Agreement, all rights and remedies are cumulative. This Agreement shall be construed neutrally and not for or against either Party as the drafter. The term "including" means "including without limitation," and section headings are for reference only.

If any provision of this Agreement is held to be invalid, illegal, or unenforceable, that provision will be limited or eliminated to the minimum extent necessary, and the remaining provisions will remain in full force and effect.

In the event of a conflict or inconsistency among the components of the Agreement, the following order of precedence shall apply: (1) this Master Service Agreement; (2) the applicable Order Form; (3) the applicable Statement of Work; and (4) the Documentation.

Notwithstanding the foregoing, an Order Form or Statement of Work shall prevail over this Agreement only if it expressly identifies the specific provision of this Agreement it intends to amend.

11.2 Assignment and Relationship

Neither Party may assign this Agreement or its rights hereunder without the other Party's prior written consent, which shall not be unreasonably withheld. Notwithstanding the foregoing, either Party may assign this Agreement in its entirety without consent to an Affiliate or a successor in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets or voting securities.

Any purported assignment in violation of this Section 11.2 is void. This Agreement binds and inures to the benefit of the Parties and their respective permitted successors and assigns.

The relationship of the Parties is that of an independent contractor. Neither Party is an agent or partner of the other, and neither Party will represent to any third party that it has the authority to act on behalf of or bind the other.

11.3 Compliance

Each Party shall comply with all Applicable Laws in performing its obligations under this Agreement. Customer represents and warrants that it is not: (a) located in or a national of any country subject to a government embargo or designated as a "terrorist supporting" country; or (b) listed on any government list of prohibited or restricted parties.

SuiteSpot may suspend the Services if required to comply with such laws.

11.4 Force Majeure

Neither Party is liable for delays or failures in performance caused by events beyond its reasonable control, including acts of God, government actions, floods, fires, earthquakes, civil unrest, acts of terror, strikes, or widespread internet or hosting infrastructure outages ("Force Majeure Event").

This Section 11.4 does not excuse a Party's confidentiality, data security, or payment obligations. The affected Party must: (i) provide prompt notice to the other Party; and (ii) use commercially reasonable efforts to collaborate with the other Party to mitigate the impact and implement workarounds.

11.5 Notices

All notices under this Agreement must be in writing and sent to the addresses specified in the applicable Order Form, as may be updated by written notice to the other Party.

Notices are effective: (a) immediately if delivered in person or by email; (b) one (1) business day after dispatch via an internationally recognized overnight courier; or (c) five (5) business days after being sent by first-class mail, postage prepaid.

Legal notices to SuiteSpot must be sent to LegalNotice@suitespot.ai. Each Party is responsible for keeping its contact information current by providing written notice of any changes to the other Party.

11.6 Entire Agreement and Amendments

This Agreement (including all Order Forms, SOWs, and Documentation) constitutes the complete and exclusive statement of the mutual understanding between the Parties. It supersedes and cancels all prior written and oral agreements, communications, and other understandings relating to its subject matter.

Any terms or conditions included in a Customer purchase order, vendor onboarding portal, or other order documentation are specifically rejected by SuiteSpot and shall be null and void.

No amendment or waiver of this Agreement is effective unless in writing and signed by both Parties. A waiver in one instance does not waive any right on future occasions.

Notwithstanding the foregoing, the following updates may be made via written notice and do not require a formal amendment: (i) changes to a Party's notice address or contact information; (ii) updates to the Documentation; and (iii) modifications to any non-material, administrative terms, provided SuiteSpot gives thirty (30) days' notice via email.

Customer's continued use of the Services after such notice period constitutes acceptance of these administrative updates.

A. Onboarding Lifecycle

Unless otherwise set forth in an Order Form or SOW, SuiteSpot provides a standard onboarding package structured in four phases. Both Parties will use commercially reasonable efforts to achieve "Go-Live" (the date the Services are available for use in a live environment) on the mutually agreed upon timeline.

Customer's active participation is required for timely onboarding. If Customer fails to meet any Exit Criteria within thirty (30) days of SuiteSpot making the relevant deliverables available, SuiteSpot may, at its discretion: (i) charge additional Professional Services fees for time in excess of such 30-day period; or (ii) upon notice, deem the implementation complete and transition Customer to post-onboarding standard technical support.

B. Standard Support Services

SuiteSpot provides ongoing support based on the Tier selected in the applicable Order Form. Support is intended to resolve technical issues and provide product guidance, not to perform manual data entry or administrative tasks available via the user interface ("Self-Serve Actions").

Priority & Configuration Services. Customer may request reasonable configuration assistance that does not require software development ("Configuration Services"). Should any request require software development, it will be reviewed by SuiteSpot's product team, additional charges may apply.

(a) Essential Support Tier: Requests are fulfilled at SuiteSpot's discretion and subject to resource availability.

(b) Enterprise Support Tier: Requests receive priority queuing and expedited handling.

Billable Self-Service Assistance. SuiteSpot reserves the right to charge its hourly Professional Services rate (with a 1-hour minimum duration) for requests to perform Self-Serve Actions on behalf of the Customer.

Support Channels. Support is available during "Business Hours" (Monday to Friday, 9:00 AM – 8:00 PM EST, excluding statutory holidays in the United States and Canada). Requests must be submitted via Email/Ticketing Portal.

C. Additional Professional Services

Scope. Services outside the scope of the Onboarding Lifecycle or the applicable Support Tier are "Additional Professional Services." These include, but are not limited to: (a) custom software development/API integrations; (b) data cleansing and migration; (c) on-site training; (d) additional requirements not identified and mutually agreed to in the onboarding lifecycle; and (e) additional time or resources required due to Customer's failure to satisfy Exit Criteria or provide necessary inputs within 30 days of the mutually agreed project schedule.

Engagement. Professional Services will be defined in a mutually agreed and executed Order Form or SOW specifying the scope, timeline, and Fees.

D. Incident Priority & Response Times

SuiteSpot will use commercially reasonable efforts to handle incidents according to the following priority levels.

All incidents must be reported via the SuiteSpot ticketing portal or emailed to support@suitespot.ai. Response and restoration targets commence when SuiteSpot acknowledges receipt of a verifiable and reproducible error report from Customer.

"Initial Response" means a technical acknowledgement by SuiteSpot personnel, not a final resolution. "Service Restoration" is achieved when a functional workaround is provided and the material functionality is restored for use.

E. Uptime Commitment

SuiteSpot will use commercially reasonable efforts to ensure the SaaS Services are available at least 99.5% of the time, measured monthly (the "Uptime Commitment"). The SaaS Services are deemed available if Permitted Users can log in and access the primary dashboard and their core workflows functionality in Customer's configured environment.

Availability is calculated as: (Total Available Minutes in Month - Excluded Minutes) / (Total Minutes in Month - Excluded Minutes), where "Excluded Minutes" means any period of unavailability attributable to: (a) Scheduled Maintenance or Emergency Maintenance as defined below; (b) issues caused by Customer's own hardware, software, or network connectivity; (c) failures of third-party service providers not under SuiteSpot's direct control; or (d) Force Majeure Events as defined in the Agreement.

F. Maintenance

Scheduled Maintenance
SuiteSpot performs routine system maintenance to ensure SaaS Services stability. SuiteSpot will use commercially reasonable efforts to schedule maintenance between Friday 10:00 PM and Sunday 10:00 PM EST. SuiteSpot will provide, if feasible, at least forty-eight (48) hours' notice for any maintenance.

Emergency Maintenance SuiteSpot may perform unscheduled maintenance at any time to address critical security vulnerabilities or stability issues. SuiteSpot will provide as much notice as is technically feasible under the circumstances.

This Data Processing Addendum ("DPA") is incorporated into and forms part of the Agreement. This DPA sets forth the Parties' obligations with respect to the Processing of Personal Information. This Exhibit includes general data protection terms and specific Privacy Law Terms (Section H) applicable to US and Canadian privacy regulations.

In the event of any conflict between Section H and the remainder of this DPA, Section H shall control solely with respect to the Processing of Personal Information subject to the laws defined therein.

A. Party Acknowledgement and Collaboration

The Parties acknowledge and agree that, in connection with the processing of Personal Information under this Agreement, Customer acts as the "Controller" and SuiteSpot acts as the "Service Provider," "Processor," or "Contractor" (as such terms are defined under Applicable Data Protection Laws) (collectively, "Processor").

SuiteSpot shall process Personal Information only on behalf of Customer, and only in accordance with Customer's documented instructions as set out in this Agreement or as otherwise agreed in writing by the Parties. SuiteSpot shall not sell, retain, use, or disclose such Personal Information for any purpose other than performing its obligations under this Agreement, unless required by law.

The Parties agree to cooperate closely and inform one another of any circumstances that may affect the processing of Personal Information under this Agreement. Each Party will designate a contact point to coordinate this collaboration.

SuiteSpot will process Personal Information only for the contracted business purposes defined in this Agreement and shall not process Personal Information outside the scope of those purposes without Customer's prior written consent.

B. Processing Obligations

SuiteSpot and Customer will each comply with Applicable Data Protection Laws while processing and storing Personal Information under this Agreement.

"Applicable Data Protection Laws" means all privacy and data protection laws applicable to the processing of Personal Information under this Agreement, including PIPEDA, the CCPA (as amended), and other applicable comprehensive state privacy laws in the United States, as may be amended from time to time.

SuiteSpot shall give Customer notice of any legally binding demand for disclosure of Customer Personal Information by law enforcement or a regulatory body within a reasonable time after becoming aware of it, and prior to disclosure where possible. SuiteSpot will reject any requests for disclosure of Customer Personal Information that are not legally binding, unless otherwise required by this Agreement.

SuiteSpot shall delete Customer Personal Information upon receiving a written request from Customer, except where SuiteSpot is permitted to retain such information under Applicable Data Protection Laws for its lawful business needs.

SuiteSpot may use and process Customer Personal Information from time to time to create statistics and analytics, or for purposes of maintaining and improving the Services, provided that SuiteSpot ensures such data is anonymized, pseudonymized, and/or aggregated so that it does not reveal the specific identity of any individual, and that such use complies with Applicable Data Protection Laws.

C. Audit

Upon written request, SuiteSpot will provide Customer with a copy of its most recent audit report (e.g., SOC 2 Type II, ISO 27001, or equivalent) related to the technical and organizational security measures applicable to the Services. Such reports are considered Confidential Information.

If Customer requires additional information after reviewing the report to assess SuiteSpot's compliance, SuiteSpot will provide reasonable additional information upon written request.

D. Notification of Security Incident

SuiteSpot will notify Customer without undue delay, and in any event within forty-eight (48) hours, upon becoming aware of a Security Incident involving Customer Personal Information.

"Security Incident" means any confirmed unauthorized access to, or accidental or unlawful loss, alteration, or disclosure of, Customer Personal Information while in the possession or control of SuiteSpot.

Such notification is not an acknowledgment of fault or liability. SuiteSpot must notify Customer at the email address provided on the Order Form, unless otherwise specified in writing.

Customer must notify SuiteSpot of any Security Incident involving SuiteSpot Personal Information at security@suitespot.ai.

SuiteSpot will promptly provide Customer with all available information about the incident, including a description of its cause, remediation measures, and a plan to mitigate foreseeable risks.

SuiteSpot will take steps to contain and investigate the incident, cooperate with Customer, and notify Customer of any related inspections or investigations by a supervisory authority. Unless necessary for the incident response, SuiteSpot will not communicate with any third party about the incident without Customer's prior written consent and direction.

E. Subcontractors and Suppliers

SuiteSpot has a general right to appoint and engage subcontractors and suppliers to assist in providing the Services. SuiteSpot's engagement of subcontractors does not relieve SuiteSpot of any obligation or liability under this Agreement.

All subcontractors engaged by SuiteSpot to process Customer Personal Information will be bound by written obligations of confidentiality and data protection that are substantially similar to, or greater than, SuiteSpot's obligations under this DPA.

SuiteSpot shall remain solely responsible for the compliance, acts, and omissions of its subcontractors, and for all payments due to them.

F. Rights of Data Subjects

SuiteSpot, acting as Processor, will use commercially reasonable efforts to assist Customer in responding to data subject requests relating to Customer Personal Information, including requests to access, correct, amend, block, or delete Personal Information, as required by Applicable Data Protection Laws.

To the extent SuiteSpot, acting as Processor, does not have the technical ability to perform the required operation on Customer Personal Information (such as correction, amendment, blocking, or deletion) as required by Applicable Data Protection Laws, SuiteSpot will promptly notify Customer in writing and the Parties will coordinate to facilitate such actions where legally permitted.

If SuiteSpot receives a data subject request directly, SuiteSpot will promptly notify Customer and will not respond to such request without Customer's prior written consent and direction, except to confirm that the request has been received and forwarded to the appropriate party.

Where Customer determines it is not required to comply with a data subject erasure request, Customer must notify SuiteSpot in writing at security@suitespot.ai within five (5) days, stating the reason for non-compliance.

SuiteSpot and Customer will each provide commercially reasonable cooperation and assistance to the other in handling Data Subject requests.

G. Data Localization, Retention and Destruction

All processing and storage of Customer Personal Information must be completed in the United States or Canada, unless an Order Form specifies otherwise.

Upon a written request from a Customer Personal Information owner or following the termination of the Agreement and all applicable Order Forms and SOWs, SuiteSpot must destroy or return the Customer Personal Information.

Upon request, SuiteSpot must provide a written confirmation, signed by an officer, that all data has been deleted and rendered unrecoverable in accordance with the industry standard guidelines.

Upon instruction to delete Customer Personal Information, SuiteSpot must delete all such data and render it unrecoverable in accordance with the requirements set in this Section G.

H. Privacy Law Addendum

(a) Duration
This Privacy Law Addendum will remain in effect for the term of the Agreement.

(b) Processor's Data Protection Obligations
SuiteSpot will comply with Applicable Data Protection Laws in its collection, use, retention, and disclosure of Personal Information. SuiteSpot will limit its collection, use, and disclosure of Personal Information to what is reasonably necessary and proportionate to achieve the contracted business purposes defined in the Agreement.

(c) Assistance with Legal Obligations
SuiteSpot will reasonably cooperate and assist Customer in meeting Customer's privacy law compliance obligations and responding to inquiries.

SuiteSpot, acting as Processor, must promptly notify Customer, acting as Controller, if it receives any complaint, notice, or communication that directly or indirectly relates to either Party's compliance with Applicable Data Protection Laws in relation to the Agreement.

(d) Warranties and Certification
SuiteSpot warrants that it has no reason to believe any Applicable Data Protection Law requirements or restrictions prevent it from performing its obligations under the Agreement. Each Party will promptly notify the other Party of any changes to Applicable Data Protection Laws that may adversely affect the performance of the Services under this Agreement.

(e) Miscellaneous
This Privacy Law Addendum prevails over any conflicting terms in the Agreement or DPA regarding the processing of personal information under the Applicable Data Protection Laws.

If a court holds any provision of this addendum to be contrary to law, that provision will be modified and interpreted to best accomplish its original objectives.

No waiver under this addendum is valid unless it is in writing and duly executed by the Party against whom enforcement is sought. Any such waiver will only apply to the specific matter described and will not impair the rights of the Party granting the waiver in any other respect or at any other time.

A delay or forbearance by either Party in exercising any right will not be considered a waiver of that right.