TERMS OF SERVICE

THIS TERMS OF SERVICE AGREEMENT GOVERNS CUSTOMER’S ACQUISITION AND USE OF JENTECH INC SERVICES. CAPITALIZED TERMS HAVE THE DEFINITIONS SET FORTH HEREIN.

IF CUSTOMER REGISTERS FOR A FREE TRIAL OF JENTECH INC SERVICES OR FOR FREE SERVICES, THE APPLICABLE PROVISIONS OF THIS AGREEMENT WILL ALSO GOVERN THAT FREE TRIAL OR THOSE FREE SERVICES.

BY ACCEPTING THIS AGREEMENT, BY (1) CLICKING A BOX INDICATING ACCEPTANCE, (2) EXECUTING AN ORDER FORM THAT REFERENCES THIS AGREEMENT, OR (3) USING FREE SERVICES, CUSTOMER AGREES TO THE TERMS OF THIS AGREEMENT. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT IS ACCEPTING ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, SUCH INDIVIDUAL REPRESENTS THAT THEY HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS, IN WHICH CASE THE TERM “CUSTOMER” SHALL REFER TO SUCH ENTITY AND ITS AFFILIATES. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT DOES NOT HAVE SUCH AUTHORITY, OR DOES NOT AGREE WITH THESE TERMS AND CONDITIONS, SUCH INDIVIDUAL MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICES.

Jentech Inc’s direct competitors are prohibited from accessing the Services, except with Jentech Inc’s prior written consent. In addition, the Services may not be accessed for purposes of monitoring their availability, performance or functionality, or for any other benchmarking or competitive purposes.

This Agreement was last updated on January 20, 2022. These Terms of Service (“Agreement”) set forth the terms and conditions effective between Customer and Jentech Inc, a Delaware corporation having a principal place of business at 1968 S. Coast Hwy. #1796, Laguna Beach, CA 92651 (“Company”) as of the date of Customer’s accepting this Agreement. Either party may be referred to individually as the “Party” or collectively as “the Parties.”

1. DEFINITIONS

“ Affiliate ” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity.

“ Control ”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

“ Agreement ” means this Terms of Service.

“ Beta Services ” means Company services or functionality that may be made available to Customer to try at its option at no additional charge which is clearly designated as beta, pilot, limited release, developer preview, non-production, evaluation, or by a similar description.

“ Content ” means information obtained by Company from publicly available sources or its third party content providers and made available to Customer through the Services, Beta Services or pursuant to an Order Form, as more fully described in the Documentation.

“ Customer ” means in the case of an individual accepting this Agreement on his or her own behalf, such individual, or in the case of an individual accepting this Agreement on behalf of a company or other legal entity, the company or other legal entity for which such individual is accepting this Agreement, and Affiliates of that company or entity (for so long as they remain Affiliates) which have entered into Order Forms.

“ Customer Data ” means electronic data and information submitted by or for Customer to the Services, excluding Content and Non-Company Applications.

“ Documentation ” means the applicable Service’s Trust and Compliance documentation at https://www.jentech.io/legal?p=trust and its usage guides and policies, as updated from time to time, accessible via login to the applicable Service.

“ Free Services ” means Services that Company makes available to Customer free of charge. Free Services exclude Services offered as a free trial and Purchased Services.

“ Malicious Code ” means code, files, scripts, agents or programs intended to do harm, including, for example, viruses, worms, time bombs and Trojan horses.

“ Non-Company Application ” means a Web-based, mobile, offline or other software application functionality that interoperates with a Service, that is provided by Customer or a third party. Non-Company Applications, other than those obtained or provided by Customer, will be identifiable as such.

“ Order Form ” means an ordering document or online order specifying the Services to be provided hereunder that is entered into between Customer and Company or any of their Affiliates, including any addenda and supplements thereto. By entering into an Order Form hereunder, an Affiliate agrees to be bound by the terms of this Agreement as if it were an original party hereto.

“ Purchased Services ” means Services that Customer or Customer’s Affiliate purchases under an Order Form or online purchasing portal, as distinguished from Free Services or those provided pursuant to a free trial.

“ Services ” means the products and services that are ordered by Customer under an Order Form or online purchasing portal, or provided to Customer free of charge (as applicable) or under a free trial, and made available online by Company, including associated Company offline or mobile components, as described in the Documentation. “Services” exclude Content and Non-Company Applications.

“ User ” means, in the case of an individual accepting these terms on his or her own behalf, such individual, or, in the case of an individual accepting this Agreement on behalf of a company or other legal entity, an individual who is authorized by Customer to use a Service, for whom Customer has purchased a subscription (or in the case of any Services provided by Company without charge, for whom a Service has been provisioned), and to whom Customer (or, when applicable, Company at Customer’s request) has supplied a user identification and password (for Services utilizing authentication). Users may include, for example, employees, consultants, contractors and agents of Customer, and third parties with which Customer transacts business.

2. COMPANY RESPONSIBILITIES

2.1 Provision of Purchased Services . Company will (a) make the Services and Content available to Customer pursuant to this Agreement, and the applicable Order Forms and Documentation, (b) provide applicable Jentech standard support for the Purchased Services to Customer at no additional charge, and/or upgraded support if purchased, (c) use commercially reasonable efforts to make the online Purchased Services available 24 hours a day, 7 days a week, except for: (i) planned downtime (of which Company shall give advance electronic notice), and (ii) any unavailability caused by circumstances beyond Company’s reasonable control, including, for example, an act of God, act of government, flood, fire, earthquake, civil unrest, act of terror, strike or other labor problem (other than one involving Company employees), Internet service provider failure or delay, Non-Company Application, or denial of service attack, and (d) provide the Services in accordance with laws and government regulations applicable to Company’s provision of its Services to its customers generally (i.e., without regard for Customer’s particular use of the Services), and subject to Customer’s use of the Services in accordance with this Agreement, the Documentation and the applicable Order Form.

2.2 Protection of Customer Data. Company will maintain appropriate administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Customer Data, as described in the Documentation. Those safeguards will include, but will not be limited to, measures designed to prevent unauthorized access to or disclosure of Customer Data (other than by Customer or Users). Except with respect to an enterprise subscription, the terms of the data processing addendum at https://www.jentech.io/legal?p=dpa (“DPA”) are hereby incorporated by reference and shall apply to the extent Customer Data includes Personal Data, as defined in the DPA. To the extent Personal Data from the European Economic Area (EEA), the United Kingdom and Switzerland are processed by Company, its Processor Binding Corporate Rules, the EU-US and/or Swiss-US Privacy Shield, and/or the Standard Contractual Clauses shall apply, as further set forth in the DPA. For the purposes of the Standard Contractual Clauses, Customer and its applicable Affiliates are each the data exporter, and Customer's acceptance of this Agreement, and an applicable Affiliate's execution of an Order Form, shall be treated as its execution of the Standard Contractual Clauses and Appendices. Upon request by Customer made within 30 days after the effective date of termination or expiration of this Agreement, Company will make Customer Data available to Customer for export or download as provided in the Documentation. After such 30-day period, Company will have no obligation to maintain or provide any Customer Data, and as provided in the Documentation will thereafter delete or destroy all copies of Customer Data in its systems or otherwise in its possession or control, unless legally prohibited.

2.3 Company Personnel. Company will be responsible for the performance of its personnel (including its employees and contractors) and their compliance with Company’s obligations under this Agreement, except as otherwise specified in this Agreement.

2.4 Beta Services. From time to time, Company may make Beta Services available to Customer at no charge. Customer may choose to try such Beta Services or not in its sole discretion. Any use of Beta Services is subject to the Beta Services terms at https://www.jentech.io/legal?p=bsa (“BSA”)

2.5 Free Trial. If Customer registers on Company’s or an Affiliate’s website for a free trial, Company will make the applicable Service(s) available to Customer on a trial basis free of charge until the earlier of (a) the end of the free trial period for which Customer registered to use the applicable Service(s), or (b) the start date of any Purchased Service subscriptions ordered by Customer for such Service(s), or (c) termination by Company in its sole discretion. Additional trial terms and conditions may appear on the trial registration web page. Any such additional terms and conditions are incorporated into this Agreement by reference and are legally binding.

ANY DATA CUSTOMER ENTERS INTO THE SERVICES, AND ANY CUSTOMIZATIONS MADE TO THE SERVICES BY OR FOR CUSTOMER, DURING CUSTOMER’S FREE TRIAL WILL BE PERMANENTLY LOST UNLESS CUSTOMER PURCHASES A SUBSCRIPTION TO THE SAME SERVICES AS THOSE COVERED BY THE TRIAL, PURCHASES APPLICABLE UPGRADED SERVICES, OR EXPORTS SUCH DATA, BEFORE THE END OF THE TRIAL PERIOD. CUSTOMER CANNOT TRANSFER DATA ENTERED OR CUSTOMIZATIONS MADE DURING THE FREE TRIAL TO A SERVICE THAT WOULD BE A DOWNGRADE FROM THAT COVERED BY THE TRIAL (E.G., FROM ENTERPRISE EDITION TO PROFESSIONAL EDITION); THEREFORE, IF CUSTOMER PURCHASES A SERVICE THAT WOULD BE A DOWNGRADE FROM THAT COVERED BY THE TRIAL, CUSTOMER MUST EXPORT CUSTOMER DATA BEFORE THE END OF THE TRIAL PERIOD OR CUSTOMER DATA WILL BE PERMANENTLY LOST.

NOTWITHSTANDING THE “REPRESENTATIONS, WARRANTIES, EXCLUSIVE REMEDIES AND DISCLAIMERS” SECTION AND “INDEMNIFICATION BY COMPANY” SECTION BELOW, DURING THE FREE TRIAL THE SERVICES ARE PROVIDED “AS-IS” WITHOUT ANY WARRANTY AND COMPANY SHALL HAVE NO INDEMNIFICATION OBLIGATIONS NOR LIABILITY OF ANY TYPE WITH RESPECT TO THE SERVICES FOR THE FREE TRIAL PERIOD UNLESS SUCH EXCLUSION OF LIABILITY IS NOT ENFORCEABLE UNDER APPLICABLE LAW IN WHICH CASE COMPANY’S LIABILITY WITH RESPECT TO THE SERVICES PROVIDED DURING THE FREE TRIAL SHALL NOT EXCEED $1,000.00. WITHOUT LIMITING THE FOREGOING, COMPANY AND ITS AFFILIATES AND ITS LICENSORS DO NOT REPRESENT OR WARRANT TO CUSTOMER THAT: (A) CUSTOMER’S USE OF THE SERVICES DURING THE FREE TRIAL PERIOD WILL MEET CUSTOMER’S REQUIREMENTS, (B) CUSTOMER’S USE OF THE SERVICES DURING THE FREE TRIAL PERIOD WILL BE UNINTERRUPTED, TIMELY, SECURE OR FREE FROM ERROR, AND (C) USAGE DATA PROVIDED DURING THE FREE TRIAL PERIOD WILL BE ACCURATE. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THE “LIMITATION OF LIABILITY” SECTION BELOW, CUSTOMER SHALL BE FULLY LIABLE UNDER THIS AGREEMENT TO COMPANY AND ITS AFFILIATES FOR ANY DAMAGES ARISING OUT OF CUSTOMER’S USE OF THE SERVICES DURING THE FREE TRIAL PERIOD, ANY BREACH BY CUSTOMER OF THIS AGREEMENT AND ANY OF CUSTOMER’S INDEMNIFICATION OBLIGATIONS HEREUNDER.

CUSTOMER SHALL REVIEW THE APPLICABLE SERVICE’S DOCUMENTATION DURING THE TRIAL PERIOD TO BECOME FAMILIAR WITH THE FEATURES AND FUNCTIONS OF THE SERVICES BEFORE MAKING A PURCHASE.

2.6 Free Services. Company may make Free Services available to Customer. Use of Free Services is subject to the terms and conditions of this Agreement. In the event of a conflict between this section and any other portion of this Agreement, this section shall control. Free Services are provided to Customer without charge up to certain limits as described in the Documentation. Usage over these limits requires Customer’s purchase of additional resources or services. Customer agrees that Company, in its sole discretion and for any or no reason, may terminate Customer’s access to the Free Services or any part thereof. Customer agrees that any termination of Customer’s access to the Free Services may be without prior notice, and Customer agrees that Company will not be liable to Customer or any third party for such termination. Customer is solely responsible for exporting Customer Data from the Free Services prior to termination of Customer’s access to the Free Services for any reason, provided that if Company terminates Customer’s account, except as required by law Company will provide Customer a reasonable opportunity to retrieve its Customer Data.

NOTWITHSTANDING THE “REPRESENTATIONS, WARRANTIES, EXCLUSIVE REMEDIES AND DISCLAIMERS” SECTION AND “INDEMNIFICATION BY COMPANY” SECTION BELOW, THE FREE SERVICES ARE PROVIDED “AS-IS” WITHOUT ANY WARRANTY AND COMPANY SHALL HAVE NO INDEMNIFICATION OBLIGATIONS NOR LIABILITY OF ANY TYPE WITH RESPECT TO THE FREE SERVICES UNLESS SUCH EXCLUSION OF LIABILITY IS NOT ENFORCEABLE UNDER APPLICABLE LAW IN WHICH CASE COMPANY’S LIABILITY WITH RESPECT TO THE FREE SERVICES SHALL NOT EXCEED $1,000.00. WITHOUT LIMITING THE FOREGOING, COMPANY AND ITS AFFILIATES AND ITS LICENSORS DO NOT REPRESENT OR WARRANT TO CUSTOMER THAT: (A) CUSTOMER’S USE OF THE FREE SERVICES WILL MEET CUSTOMER’S REQUIREMENTS, (B) CUSTOMER’S USE OF THE FREE SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE OR FREE FROM ERROR, AND (C) USAGE DATA PROVIDED THROUGH THE FREE SERVICES WILL BE ACCURATE. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THE “LIMITATION OF LIABILITY” SECTION BELOW, CUSTOMER SHALL BE FULLY LIABLE UNDER THIS AGREEMENT TO COMPANY AND ITS AFFILIATES FOR ANY DAMAGES ARISING OUT OF CUSTOMER’S USE OF THE FREE SERVICES, ANY BREACH BY CUSTOMER OF THIS AGREEMENT AND ANY OF CUSTOMER’S INDEMNIFICATION OBLIGATIONS HEREUNDER.

3. USE OF SERVICES AND CONTENT

3.1 Subscriptions. Unless otherwise provided in the applicable Order Form or Documentation, (a) Purchased Services and access to Content are purchased as subscriptions for the term stated in the applicable Order Form or in the applicable online purchasing portal, (b) subscriptions for Purchased Services may be added during a subscription term at the same pricing as the underlying subscription pricing, prorated for the portion of that subscription term remaining at the time the subscriptions are added, and (c) any added subscriptions will terminate on the same date as the underlying subscriptions. Customer agrees that its purchases are not contingent on the delivery of any future functionality or features, or dependent on any oral or written public comments made by Company regarding future functionality or features.

3.2 Usage Limits. Services and Content are subject to usage limits specified in Order Forms and Documentation. If Customer exceeds a contractual usage limit, Company may work with Customer to seek to reduce Customer’s usage so that it conforms to that limit. If, notwithstanding Company’s efforts, Customer is unable or unwilling to abide by a contractual usage limit, Customer will execute an Order Form for additional quantities of the applicable Services or Content promptly upon Company’s request, and/or pay any invoice for excess usage in accordance with the “Invoicing and Payment” section below.

3.3 Customer Responsibilities. Customer will (a) be responsible for Users’ compliance with this Agreement, Documentation and Order Forms, (b) be responsible for the accuracy, quality and legality of Customer Data, the means by which Customer acquired Customer Data, Customer’s use of Customer Data with the Services, and the interoperation of any Non-Company Applications with which Customer uses Services or Content, (c) use commercially reasonable efforts to prevent unauthorized access to or use of Services and Content, and notify Company promptly of any such unauthorized access or use, (d) use Services and Content only in accordance with this Agreement, Documentation, the Acceptable Use Policy at https://www.jentech.io/legal?p=aup and incorporated by reference, Order Forms and applicable laws and government regulations, and (e) comply with terms of service of any Non-Company Applications with which Customer uses Services or Content. Any use of the Services in breach of the foregoing by Customer or Users that in Company’s judgment threatens the security, integrity or availability of Company’s services, may result in Company’s immediate suspension of the Services, however Company will use commercially reasonable efforts under the circumstances to provide Customer with notice and an opportunity to remedy such violation or threat prior to any such suspension.

3.4 Usage Restrictions. Customer will not (a) make any Service or Content available to anyone other than Customer or Users, or use any Service or Content for the benefit of anyone other than Customer or its Affiliates, unless expressly stated otherwise in an Order Form or the Documentation, (b) sell, resell, license, sublicense, distribute, make available, rent or lease any Service or Content, or include any Service or Content in a service bureau or outsourcing offering, (c) use a Service or Non-Company Application to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights, (d) use a Service or Non-Company Application to store or transmit Malicious Code, (e) interfere with or disrupt the integrity or performance of any Service or third-party data contained therein, (f) attempt to gain unauthorized access to any Service or Content or its related systems or networks, (g) permit direct or indirect access to or use of any Services or Content in a way that circumvents a contractual usage limit, or use any Services to access or use any of Company intellectual property except as permitted under this Agreement, an Order Form, or the Documentation, (h) modify, copy, or create derivative works based on a Service or any part, feature, function or user interface thereof, (i) copy Content except as permitted herein or in an Order Form or the Documentation, (j) frame or mirror any part of any Service or Content, other than framing on Customer's own intranets or otherwise for its own internal business purposes or as permitted in the Documentation, (k) except to the extent permitted by applicable law, disassemble, reverse engineer, or decompile a Service or Content or access it to (1) build a competitive product or service, (2) build a product or service using similar ideas, features, functions or graphics of the Service, (3) copy any ideas, features, functions or graphics of the Service, or (4) determine whether the Services are within the scope of any patent.

3.5 Removal of Content and Non-Company Applications. If Customer receives notice that Content or a Non-Company Application must be removed, modified and/or disabled to avoid violating applicable law, third-party rights, or the Acceptable Use Policy, Customer will promptly do so. If Customer does not take required action in accordance with the above, or if in Company’s judgment continued violation is likely to reoccur, Company may disable the applicable Content, Service and/or Non-Company Application. If requested by Company, Customer shall confirm such deletion and discontinuance of use in writing and Company shall be authorized to provide a copy of such confirmation to any such third party claimant or governmental authority, as applicable. In addition, if Company is required by any third party rights holder to remove Content, or receives information that Content provided to Customer may violate applicable law or third-party rights, Company may discontinue Customer’s access to Content through the Services.

4. NON-COMPANY PRODUCTS AND SERVICES

4.1 Non-Company Products and Services. Company or third parties may make available (for example, through a Marketplace or otherwise) third-party products or services, including, for example, Non-Company Applications and implementation and other consulting services. Any acquisition by Customer of such products or services, and any exchange of data between Customer and any Non-Company provider, product or service is solely between Customer and the applicable Non-Company provider. Company does not warrant or support Non-Company Applications or other Non-Company products or services, whether or not they are designated by Company as “certified” or otherwise, unless expressly provided otherwise in an Order Form. Company is not responsible for any disclosure, modification or deletion of Customer Data resulting from access by such Non-Company Application or its provider.

4.2 Integration with Non-Company Applications. The Services may contain features designed to interoperate with Non-Company Applications. Company cannot guarantee the continued availability of such Service features, and may cease providing them without entitling Customer to any refund, credit, or other compensation, if for example and without limitation, the provider of a Non-Company Application ceases to make the Non-Company Application available for interoperation with the corresponding Service features in a manner acceptable to Company.

5. FEES AND PAYMENT

5.1 Fees. Customer will pay all fees specified in Order Forms. Except as otherwise specified herein or in an Order Form, (i) fees are based on Services and Content subscriptions purchased and not actual usage, (ii) payment obligations are non- cancelable and fees paid are non-refundable, and (iii) quantities purchased cannot be decreased during the relevant subscription term.

5.2 Invoicing and Payment. Customer will provide Company with valid and updated credit card information, or with a valid purchase order or alternative document reasonably acceptable to Company. If Customer provides credit card information to Company, Customer authorizes Company to charge such credit card for all Purchased Services listed in the Order Form for the initial subscription term and any renewal subscription term(s) as set forth in the “Term of Purchased Subscriptions” section below. Such charges shall be made in advance, either annually or in accordance with any different billing frequency stated in the applicable Order Form. If the Order Form specifies that payment will be by a method other than a credit card, Company will invoice Customer in advance and otherwise in accordance with the relevant Order Form. Unless otherwise stated in the Order Form, invoiced fees are due net 30 days from the invoice date. Customer is responsible for providing complete and accurate billing and contact information to Company and notifying Company of any changes to such information.

5.3 Overdue Charges. If any invoiced amount is not received by Company by the due date, then without limiting Company’s rights or remedies, (a) those charges may accrue late interest at the rate of 1.5% of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower, and/or (b) Company may condition future subscription renewals and Order Forms on payment terms shorter than those specified in the “Invoicing and Payment” section above.

5.4 Suspension of Service and Acceleration. If any charge owing by Customer under this or any other agreement for services is 30 days or more overdue, (or 10 or more days overdue in the case of amounts Customer has authorized Company to charge to Customer’s credit card), Company may, without limiting its other rights and remedies, accelerate Customer’s unpaid fee obligations under such agreements so that all such obligations become immediately due and payable, and suspend Services until such amounts are paid in full, provided that, other than for customers paying by credit card or direct debit whose payment has been declined, Company will give Customer at least 10 days’ prior notice that its account is overdue, in accordance with the “Manner of Giving Notice” section below for billing notices, before suspending services to Customer.

5.5 Payment Disputes. Company will not exercise its rights under the “Overdue Charges” or “Suspension of Service and Acceleration” section above if Customer is disputing the applicable charges reasonably and in good faith and is cooperating diligently to resolve the dispute.

5.6 Taxes. Company’s fees do not include any taxes, levies, duties or similar governmental assessments of any nature, including, for example, value-added, sales, use or withholding taxes, assessable by any jurisdiction whatsoever (collectively, “Taxes”). Customer is responsible for paying all Taxes associated with its purchases hereunder. If Company has the legal obligation to pay or collect Taxes for which Customer is responsible under this section, Company will invoice Customer and Customer will pay that amount unless Customer provides Company with a valid tax exemption certificate authorized by the appropriate taxing authority. For clarity, Company is solely responsible for taxes assessable against it based on its income, property and employees.

6. PROPRIETARY RIGHTS AND LICENSES

6.1 Reservation of Rights. Subject to the limited rights expressly granted hereunder, Company, its Affiliates, its licensors and Content Providers reserve all of their right, title and interest in and to the Services and Content, including all of their related intellectual property rights. No rights are granted to Customer hereunder other than as expressly set forth herein.

6.2 Access to and Use of Content. Customer has the right to access and use applicable Content subject to the terms of applicable Order Forms, this Agreement and the Documentation.

6.3 License by Customer to Company. Customer grants Company, its Affiliates and applicable contractors a worldwide, limited-term license to host, copy, use, transmit, and display any Non-Company Applications and program code created by or for Customer using a Service or for use by Customer with the Services, and Customer Data, each as appropriate for Company to provide and ensure proper operation of the Services and associated systems in accordance with this Agreement. If Customer chooses to use a Non-Company Application with a Service, Customer grants Company permission to allow the Non-Company Application and its provider to access Customer Data and information about Customer’s usage of the Non-Company Application as appropriate for the interoperation of that Non-Company Application with the Service. Subject to the limited licenses granted herein, Company acquires no right, title or interest from Customer or its licensors under this Agreement in or to any Customer Data, Non-Company Application or such program code.

6.4 License by Customer to Use Feedback. Customer grants to Company and its Affiliates a worldwide, perpetual, irrevocable, royalty-free license to use and incorporate into its services any suggestion, enhancement request, recommendation, correction or other feedback provided by Customer or Users relating to the operation of Company’s or its Affiliates’ services.

6.5 Trademark License. For any Term, or any Renewal Term, Company hereby grants to Customer a non-exclusive license in the U.S. territory to use and display the Company Logos and Marks as defined in 6.6 below in accordance with Company’s Trademark Policy published at https://www.jentech.io/legal?p=trd and incorporated herein by reference. Customer may not transfer, assign, license, or sublicense the Company Logos and Marks to any third party, in whole or in part, or permit any third party to do so. Company reserves the right to terminate this license at any time upon notice in its sole and absolute discretion. Any use of the Company Logos and Marks that exceeds the scope of the license grant set forth herein shall constitute a material breach of this Agreement.

6.6 Ownership of Logos and Marks. Customer acknowledges and agrees that Company owns all right, title, and interest in the logos and trademarks used by Company in conjunction with the marketing and advertising of the Services (“Company Logos and Marks”).

7. CONFIDENTIALITY

7.1 Definition of Confidential Information. “Confidential Information” means all information disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Confidential Information of Customer includes Customer Data; Confidential Information of Company includes the Services and Content, and the terms and conditions of this Agreement and all Order Forms (including pricing). Confidential Information of each party includes business and marketing plans, technology and technical information, product plans and designs, and business processes disclosed by such party. However, Confidential Information does not include any information that (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party, (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party, (iii) is received from a third party without breach of any obligation owed to the Disclosing Party, or (iv) was independently developed by the Receiving Party. For the avoidance of doubt, the non-disclosure obligations set forth in this “Confidentiality” section apply to Confidential Information exchanged between the parties in connection with the evaluation of additional Company services.

7.2 Protection of Confidential Information. As between the parties, each party retains all ownership rights in and to its Confidential Information. The Receiving Party will use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but not less than reasonable care) to (i) not use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement and (ii) except as otherwise authorized by the Disclosing Party in writing, limit access to Confidential Information of the Disclosing Party to those of its and its Affiliates’ employees and contractors who need that access for purposes consistent with this Agreement and who have signed confidentiality agreements with the Receiving Party containing protections not materially less protective of the Confidential Information than those herein. Neither party will disclose the terms of this Agreement or any Order Form to any third party other than its Affiliates, legal counsel and accountants without the other party’s prior written consent, provided that a party that makes any such disclosure to its Affiliate, legal counsel or accountants will remain responsible for such Affiliate’s, legal counsel’s or accountant’s compliance with this “Confidentiality” section. Notwithstanding the foregoing, Company may disclose the terms of this Agreement and any applicable Order Form to a subcontractor or Non-Company Application Provider to the extent necessary to perform Company’s obligations under this Agreement, under terms of confidentiality materially as protective as set forth herein.

7.3 Compelled Disclosure. The Receiving Party may disclose Confidential Information of the Disclosing Party to the extent compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of the compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party's cost, if the Disclosing Party wishes to contest the disclosure. If the Receiving Party is compelled by law to disclose the Disclosing Party’s Confidential Information as part of a civil proceeding to which the Disclosing Party is a party, and the Disclosing Party is not contesting the disclosure, the Disclosing Party will reimburse the Receiving Party for its reasonable cost of compiling and providing secure access to that Confidential Information.

8. REPRESENTATIONS, WARRANTIES, EXCLUSIVE REMEDIES AND DISCLAIMERS

8.1 Representations. Each party represents that it has validly entered into this Agreement and has the legal power to do so.

8.2 Company Warranties. Company warrants that during an applicable subscription term (a) this Agreement, the Order Forms and the Documentation will accurately describe the applicable administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Customer Data, (b) Company will not materially decrease the overall security of the Services, (c) the Services will perform materially in accordance with the applicable Documentation, and (d) subject to the “Integration with Non-Company Applications” section above, Company will not materially decrease the overall functionality of the Services. For any breach of a warranty above, Customer’s exclusive remedies are those described in the “Termination” and “Refund or Payment upon Termination” sections below.

8.3 Disclaimers. EXCEPT AS EXPRESSLY PROVIDED HEREIN, NEITHER PARTY MAKES ANY WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND EACH PARTY SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. CONTENT AND BETA SERVICES ARE PROVIDED “AS IS,” AND AS AVAILABLE EXCLUSIVE OF ANY WARRANTY WHATSOEVER.

9. MUTUAL INDEMNIFICATION

9.1 Indemnification by Company. Company will defend Customer against any claim, demand, suit or proceeding made or brought against Customer by a third party alleging that any Purchased Service infringes or misappropriates such third party’s intellectual property rights (a “Claim Against Customer”), and will indemnify Customer from any damages, attorney fees and costs finally awarded against Customer as a result of, or for amounts paid by Customer under a settlement approved by Company in writing of, a Claim Against Customer, provided Customer (a) promptly gives Company written notice of the Claim Against Customer, (b) gives Company sole control of the defense and settlement of the Claim Against Customer (except that Company may not settle any Claim Against Customer unless it unconditionally releases Customer of all liability), and (c) gives Company all reasonable assistance, at Company’s expense. If Company receives information about an infringement or misappropriation claim related to a Service, Company may in its discretion and at no cost to Customer (i) modify the Services so that they are no longer claimed to infringe or misappropriate, without breaching Company’s warranties under “Company Warranties” above, (ii) obtain a license for Customer’s continued use of that Service in accordance with this Agreement, or (iii) terminate Customer’s subscriptions for that Service upon 30 days’ written notice and refund Customer any prepaid fees covering the remainder of the term of the terminated subscriptions. The above defense and indemnification obligations do not apply if (1) the allegation does not state with specificity that the Services are the basis of the Claim Against Customer; (2) a Claim Against Customer arises from the use or combination of the Services or any part thereof with software, hardware, data, or processes not provided by Company, if the Services or use thereof would not infringe without such combination; (3) a Claim Against Customer arises from Services under an Order Form for which there is no charge; or (4) a Claim against Customer arises from Content, a Non-Company Application or Customer’s breach of this Agreement, the Documentation or applicable Order Forms.

9.2 Indemnification by Customer. Customer will defend Company and its Affiliates against any claim, demand, suit or proceeding made or brought against Company by a third party alleging (a) that any Customer Data or Customer’s use of Customer Data with the Services, (b) a Non-Company Application provided by Customer, or (c) the combination of a Non-Company Application provided by Customer and used with the Services, infringes or misappropriates such third party’s intellectual property rights, or arising from Customer’s use of the Services or Content in an unlawful manner or in violation of the Agreement, the Documentation, or Order Form (each a “Claim Against Company”), and will indemnify Company from any damages, attorney fees and costs finally awarded against Company as a result of, or for any amounts paid by Company under a settlement approved by Customer in writing of, a Claim Against Company, provided Company (a) promptly gives Customer written notice of the Claim Against Company, (b) gives Customer sole control of the defense and settlement of the Claim Against Company (except that Customer may not settle any Claim Against Company unless it unconditionally releases Company of all liability), and (c) gives Customer all reasonable assistance, at Customer’s expense. The above defense and indemnification obligations do not apply if a Claim Against Company arises from Company’s breach of this Agreement, the Documentation or applicable Order Forms.

9.3 Exclusive Remedy. This “Mutual Indemnification” section states the indemnifying party’s sole liability to, and the indemnified party’s exclusive remedy against, the other party for any third party claim described in this section.

10. LIMITATION OF LIABILITY

10.1 Limitation of Liability. IN NO EVENT SHALL THE AGGREGATE LIABILITY OF EACH PARTY TOGETHER WITH ALL OF ITS AFFILIATES ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE TOTAL AMOUNT PAID BY CUSTOMER AND ITS AFFILIATES HEREUNDER FOR THE SERVICES GIVING RISE TO THE LIABILITY IN THE TWELVE MONTHS PRECEDING THE FIRST INCIDENT OUT OF WHICH THE LIABILITY AROSE. THE FOREGOING LIMITATION WILL APPLY WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY, BUT WILL NOT LIMIT CUSTOMER'S AND ITS AFFILIATES’ PAYMENT OBLIGATIONS UNDER THE “FEES AND PAYMENT” SECTION ABOVE.

10.2 Exclusion of Consequential and Related Damages. IN NO EVENT WILL EITHER PARTY OR ITS AFFILIATES HAVE ANY LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT FOR ANY LOST PROFITS, REVENUES, GOODWILL, OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER, BUSINESS INTERRUPTION OR PUNITIVE DAMAGES, WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY, EVEN IF A PARTY OR ITS AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR IF A PARTY’S OR ITS AFFILIATES’ REMEDY OTHERWISE FAILS OF ITS ESSENTIAL PURPOSE. THE FOREGOING DISCLAIMER WILL NOT APPLY TO THE EXTENT PROHIBITED BY LAW.

11. TERM AND TERMINATION

11.1 Term of Agreement. This Agreement commences on the date Customer first accepts it and continues until all subscriptions hereunder have expired or have been terminated.

11.2 Term of Purchased Subscriptions. The term of each subscription shall be as specified in the applicable Order Form. Except as otherwise specified in an Order Form, subscriptions will automatically renew for additional periods equal to the expiring subscription term or one year (whichever is shorter), unless either party gives the other written notice (email acceptable) at least 30 days before the end of the relevant subscription term. Except as expressly provided in the applicable Order Form, renewal of promotional or one-time priced subscriptions will be at Company’s applicable list price in effect at the time of the applicable renewal. Notwithstanding anything to the contrary, any renewal in which subscription volume or subscription length for any Services has decreased from the prior term will result in re-pricing at renewal without regard to the prior term’s per-unit pricing.

11.3 Termination. A party may terminate this Agreement for cause (i) upon 30 days written notice to the other party of a material breach if such breach remains uncured at the expiration of such period, or (ii) if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors.

11.4 Refund or Payment upon Termination. If this Agreement is terminated by Customer in accordance with the “Termination” section above, Company will refund Customer any prepaid fees covering the remainder of the term of all Order Forms after the effective date of termination. If this Agreement is terminated by Company in accordance with the “Termination” section above, Customer will pay any unpaid fees covering the remainder of the term of all Order Forms to the extent permitted by applicable law. In no event will termination relieve Customer of its obligation to pay any fees payable to Company for the period prior to the effective date of termination.

11.5 Surviving Provisions. The sections titled “Free Services,” “Fees and Payment,” “Proprietary Rights and Licenses,” “Confidentiality,” “Disclaimers,” “Mutual Indemnification,” “Limitation of Liability,” “Refund or Payment upon Termination,” “Removal of Content and Non-Company Applications,” “Surviving Provisions” and “General Provisions” will survive any termination or expiration of this Agreement, and the section titled “Protection of Customer Data” will survive any termination or expiration of this Agreement for so long as Company retains possession of Customer Data.

12. GENERAL PROVISIONS

12.1 Export Compliance. The Services, Content, other Company technology, and derivatives thereof may be subject to export laws and regulations of the United States and other jurisdictions. Company and Customer each represents that it is not named on any U.S. government denied-party list. Customer will not permit any User to access or use any Service or Content in a U.S.-embargoed country or region (currently Cuba, Iran, North Korea, Sudan, Syria or Crimea) or in violation of any U.S. export law or regulation.

12.2 Anti-Corruption. Neither party has received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from an employee or agent of the other party in connection with this Agreement. Reasonable gifts and entertainment provided in the ordinary course of business do not violate the above restriction.

12.3 Entire Agreement and Order of Precedence. This Agreement is the entire agreement between Company and Customer regarding Customer’s use of Services and Content and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. The parties agree that any term or condition stated in a Customer purchase order or in any other Customer order documentation (excluding Order Forms) is void. In the event of any conflict or inconsistency among the following documents, the order of precedence shall be: (1) the applicable Order Form, (2) this Agreement, and (3) the Documentation. Titles and headings of sections of this Agreement are for convenience only and shall not affect the construction of any provision of this Agreement.

12.4 Relationship of the Parties. The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties. Each party will be solely responsible for payment of all compensation owed to its employees, as well as all employment-related taxes.

12.5 Third-Party Beneficiaries. There are no third-party beneficiaries under this Agreement.

12.6 Waiver. No failure or delay by either party in exercising any right under this Agreement will constitute a waiver of that right.

12.7 Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision will be deemed null and void, and the remaining provisions of this Agreement will remain in effect.

12.8 Assignment. Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the other party’s prior written consent (not to be unreasonably withheld); provided, however, either party may assign this Agreement in its entirety (including all Order Forms), without the other party’s consent to its Affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets. Notwithstanding the foregoing, if a party is acquired by, sells substantially all of its assets to, or undergoes a change of control in favor of, a direct competitor of the other party, then such other party may terminate this Agreement upon written notice. In the event of such a termination, Company will refund Customer any prepaid fees covering the remainder of the term of all subscriptions for the period after the effective date of such termination. Subject to the foregoing, this Agreement will bind and inure to the benefit of the parties, their respective successors and permitted assigns.

12.9 Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the State of California, USA, without regard to conflicts of law principles.

12.10 Manner of Giving Notice. Except as otherwise specified in this Agreement, all notices related to this Agreement will be in writing and will be effective upon (a) personal delivery, (b) the second business day after mailing, or (c), except for notices of termination or an indemnifiable claim (“Legal Notices”), which shall clearly be identifiable as Legal Notices, the day of sending by email. Billing-related notices to Customer will be addressed to the relevant billing contact designated by Customer. All other notices to Customer will be addressed to the relevant Services system administrator designated by Customer.

12.11 Agreement to Governing Law and Jurisdiction. Each party agrees to the applicable governing law above without regard to choice or conflicts of law rules, and to the exclusive jurisdiction of the applicable courts above.

Privacy Regulations Reference

Last updated: January 20, 2022

This reference document has been written to put helpful information regarding our products and privacy regulations in one place. Please also view our full  Privacy policy .

If you have any questions, comments, or concerns about our  Privacy policy , your data, or your rights with respect to your information, please email us at  [email protected] .

European Union General Data Protection Regulation (GDPR)

Jentech Inc is an American company and our data infrastructure is currently based in the US. That means if you are in another country in the world and you use our products, your data are transferred to the US. The EU has stronger privacy laws than the US and a core tenet of the GDPR is that if you transfer any personal data of EU residents out of the EU, you must protect it to the same level as guaranteed under EU law. There are two factors to this:

1. The practices that businesses take handling personal data; and
2. The laws of the countries where you transfer the EU personal data to

Practices we have at Jentech Inc

Please read our  Privacy Policy  in full. Some highlights:

• We never have and never will sell customer data.
• We don’t run ads for other services in our products.
• We limit the data we collect: if we don’t need it, we don’t ask for it.
• We limit the permissions our apps request on your devices.
• We put a lot of security measures into place including in-transit encryption, encryption at-rest, and requiring employees and contractors to sign non-disclosure agreements.
• When you email us at [email protected] , a real person will get back to you. No bots.

We do work with sub-processors. The links to our current sub-processors can be found at the end of this page.

Data processing addendum

We have incorporated a Data Processing Addendum (DPA) to our  Terms of Service . This addendum is in effect when the General Data Protection Regulation applies to your use of Jentech Inc Services to process Customer Data as defined in the DPA. The DPA includes the European Commission’s Standard Contractual Clauses (both controller-processor and controller-controller) to extend GDPR privacy principles, rights, and obligations everywhere personal data is processed.

California Consumer Privacy Act (CCPA)

In the CCPA, there is an important distinction between what are referred to as “service providers”, “businesses”, and “third parties”. You can see how the regulation defines these words by visiting the California Attorney General’s website: https://www.oag.ca.gov/privacy/ccpa.

Under the CCPA, Jentech Inc is a “service provider.” That means when we process data you provide, we do so solely for the purpose you signed up for. Our business model is simple: we charge a recurring subscription fee to our customers. We do not sell personal information or use your data for any other commercial purposes unless with your explicit permission.

The CCPA also grants residents of California with additional rights related to their information. We grant those rights to all of our customers and detail them in our Privacy policy . Our Privacy policy also explains the information we collect in order to provide our services and clearly lists the only times we access or share your data.

US Health Insurance Portability and Accountability Act (HIPAA)

Our products are currently not  HIPAA -compliant and we do not have immediate plans to become so.

Subprocessors

Jentech Inc uses third party subprocessors to provide our services. We enter into data processing agreements including GDPR Standard Contractual Clauses with each subprocessor, and require the same of them.

You can see which subprocessors we use by application by viewing the following linked lists:

Core Assistant subprocessors

Paymance subprocessors

PRIVACY POLICY

(Updated on January 20, 2022)

This Privacy Policy (the “Privacy Policy” or the “Policy”) explains what information Jentech Inc and its affiliated companies (together, “Jentech” or “we” and sometimes “us”) collect about you and why, what we may do with that information and how we handle your data.

This Privacy Policy applies to the information that we obtain through your use of services, including our website ( https://www.jentech.io/ ), products including Paymance and Core Assistant, platforms, apps, and web-based tools (collectively the “Services”). Please familiarize yourself with our policies, and if you have any questions contact us at mailto:[email protected] . This policy is incorporated by reference into our Terms of Service.

1. Information We Collect Generally

We collect the following information:

Account and Profile Information : We collect information about you and your company when you register for an account, create or modify your profile, and make purchases through our Services. Information we collect includes your name, username, address, email address, company, title, phone number, and payment card details. You may provide this information directly through our Services or in some cases another user (such as an administrator) creating an account on your behalf may provide it. If you provide information (including personal information) about someone else, you confirm that you have the authority to act for them and to consent to the collection and use of their personal information as described in this Privacy Policy.

Data and Content : We collect and store data and content that you create, input, submit, post, upload, transmit, or store in the process of using our Services. Such material may include any personal or other sensitive information submitted using our Services.

Other submissions : We collect other data that you may submit to our Services or us directly, such as when you request customer support or communicate with us via email or social media sites.

2. Information we collect from your use of our Services

We collect the following Information when you use our Services:

Web Logs and Analytics Information : We record certain information and store it in log files when you interact with our Services. This information may include Internet protocol (IP) or other device addresses or ID numbers as well as browser type, Internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, your mobile carrier, and system configuration information. We and our analytics providers also collect and store analytics information when you use our Services to help us improve our Services.

Cookies and Other Tracking Technologies : We use various technologies to collect information, including cookies that we save to your computer or mobile device. Cookies are small data files stored on your hard drive or in device memory. We use cookies to improve and customize our Services and your experience; to allow you to access and use the Services without re-entering your username or password; and to count visits and understand which areas and features of the Services are most popular. We may also associate the information we store in cookies with personal information you submit while on our Services. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from websites you visit. If you do not accept cookies, however, you may not be able to use all aspects of our Services.

3. Information we collect from other sources

We may obtain information, including personal information, from third parties such as our partners and service providers, and combine it with other information we collect from you.

4. How We Use Information We Collect

We may use the information we collect for a variety of purposes, including to:

• Provide, operate, maintain, improve, personalize, and promote our Services;
• Develop new products, services, features, and functionality;
• Enable you to access and use our Services;
• Process and complete transactions, and send you related information, including purchase confirmations and invoices;
• Communicate with you, including responding to your comments, questions, and requests; providing customer service and support; providing you with information about services, including technical notices, updates, security alerts, administrative messages, or advertising or marketing messages; and providing other news or information about us and our select partners;
• Monitor and analyze trends, usage, and activities in connection with our Services; and
• Investigate and prevent fraudulent transactions, unauthorized access to our Services, and other illegal activities.

We may also use the information we collect for other purposes about which we notify you.

5. Information Sharing and Disclosures

(a) Outside Companies, Organizations, Individuals : We will share your personal information with companies, organizations, or individuals outside of Jentech when we have your consent to do so.

(b) Service Providers : We may share your information with service providers and other third parties who perform services on our behalf, such as infrastructure, analytics, marketing, and advertising services. We provide your payment information to our service providers for payment processing and verification. Service providers such as analytics providers may collect information about your online activities over time and across different online services when you use our Services.

(c) Compliance with Laws and Law Enforcement Requests : We may disclose your information (including your personal information) to a third party if:

• We believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request;
• To enforce our agreements, policies and terms of service;
• To protect the security or integrity of Jentech's products and services;
• To protect the property, rights, and safety of Jentech, our customers or the public from harm or illegal activities;
• To respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person; or
• To investigate and defend ourselves against any third-party claims or allegations.

(d) Business Transfers : We may share or transfer your information (including your personal information) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. We will notify you of such a change in ownership or transfer of assets by posting a notice on our website.

6. Your use

When you use our Services, certain features allow you to make some of your content accessible to the public or other users of the Services. We urge you to consider the sensitivity of any information prior to sharing it publicly or with other users.

7. Access by your administrator

Your account administrator may be able to:

• Access information in and about your account;
• Disclose, restrict, or access information that you have provided or that is made available to you when using your account, including your content; and
• Control how your account may be accessed or deleted.

8. Aggregate or Non-identifying Data

We may share aggregate or other non-personal information that does not directly identify you with third parties in order to improve the overall experience of our Services.

9. The Choices You Have With Your Information

You may decline to share certain personal information with us, in which case we may not be able to provide to you some of the features and functionality of our Services. You may update or correct your personal information at any time by accessing the account settings page on the website or within our platform. You may opt out of receiving promotional communications from Jentech by using the unsubscribe link within each email. Even after you opt out from receiving promotional messages from us, you will continue to receive administrative messages from us regarding the Services.

10. Children’s Privacy

Our Services are not directed to individuals under 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please contact us at  [email protected] .

11. International Users

Our Services are hosted in the United States and intended for users located within the United States. If you choose to use the Services from the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your information outside of those regions to the United States for storage and processing. By providing your information, you consent to any transfer and processing in accordance with this Policy.

12. California Privacy Rights

California Civil Code Section 1798.83 permits Jentech customers who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at [email protected] .

13. Changes to this Privacy Policy

We may change this Privacy Policy from time to time. If we make any changes, we will notify you by revising the version and date at the top of this Privacy Policy and, in some cases, where appropriate we may provide you with additional notice (such as adding a statement to the log-in screen or sending you an email notification). Your continued use of our Services after the revised Policy has become effective indicates that you have read, understood, and agreed to the current version of this Policy.

14. Contact Information

Please contact us with any questions or comments about this Policy, your personal information, our use and disclosure practices, or your consent choices by email at [email protected] .

ACCEPTABLE USE POLICY

(Updated on January 20, 2022)

This Acceptable Use Policy explains the terms for acceptable use as adopted by Jentech Inc (“Company”). It is incorporated by reference into the Jentech Inc Terms of Service.

Customer and Authorized Users are required to abide by the following guidelines for acceptable use of the Software Platform and Services (also referenced as the “Services”):

1. Prohibited Content

Neither Customer nor Authorized Users may upload any data to the Software Platform containing any of the following content:

1. Content that infringes a third party's rights (e.g., copyright) according to applicable law;
2. Excessively profane content;
3. Hate-related or violent content;
4. Content advocating racial or ethnic intolerance;
5. Content intended to advocate or advance computer hacking or cracking;
6. Gambling;
7. Other illegal activity, including without limitation illegal export of controlled substances or illegal software;
8. Drug paraphernalia;
9. Phishing;
10. Malicious content;
11. Other material, products or services that violate or encourage conduct that would violate any criminal laws, any other applicable laws, or any third-party rights.

2. Prohibited Actions

Neither Customer nor any Authorized User may allow any third party to:

1. Generate or facilitate unsolicited commercial email ("spam") through the Software Platform. Such activity includes, but is not limited to:
   1. sending email in violation of the CAN-SPAM Act or any other applicable anti-spam law;
   2. imitating or impersonating another person or his, her or its email address, or creating false accounts for the purpose of sending spam;
   3. data mining any web property (to find email addresses or other user account information;
   4. sending unauthorized mail via open, third-party servers;
   5. sending emails to users who have requested to be removed from a mailing list;
   6. selling, exchanging or distributing to a third party the email addresses of any person without such person's knowing and continued consent to such disclosure; and
   7. sending unsolicited emails to significant numbers of email addresses belonging to individuals and/or entities with whom you have no preexisting relationship.
2. Send, upload, distribute or disseminate or offer to do the same with respect to any unlawful, defamatory, harassing, abusive, fraudulent, infringing, obscene, or otherwise objectionable content
3. Intentionally distribute viruses, worms, defects, Trojan horses, corrupted files, hoaxes, or any other items of a destructive or deceptive nature;
4. Conduct or forward pyramid schemes and the like;
5. Transmit content that may be harmful to minors;
6. Impersonate another person (via the use of an email address or otherwise) or otherwise misrepresent yourself or the source of any email;
7. Illegally transmit another's intellectual property or other proprietary information without such owner's or licensor's permission;
8. Use the Services to violate the legal rights (such as rights of privacy and publicity) of others;
9. Promote or encourage illegal activity;
10. Interfere with other users' enjoyment of the Services;
11. Perform significant load testing without first obtaining Company’s written consent (email permitted), as otherwise these may be treated as denial-of-service attacks;
12. Sell, trade, resell or otherwise exploit the Services for any unauthorized commercial purpose;
13. Modify, adapt, translate, or reverse engineer any portion of the Services;
14. Remove any copyright, trademark or other proprietary rights notices contained in or on the Services;
15. Reformat or frame any portion of the web pages that are part of the Software Service's administration display;
16. Use the Services in connection with illegal peer-to-peer file sharing;
17. Use the Services to "mine" bitcoins and other cryptocurrencies;
18. Display any content on the Services that contains any hate-related or violent content or contains any other material, products or services that violate or encourage conduct that would violate any criminal laws, any other applicable laws, or any third party rights;
19. Modify without prior written authorization any third party logo or marks;
20. Use the Services to operate an "open proxy" or any other form of Internet proxy service that is capable of forwarding requests to any end user or third party-supplied Internet host;
21. Use the Services to access a third party web property for the purposes of web scraping, web crawling, web monitoring, or other similar activity through a web client.
22. Use the Services, or any interfaces provided with the Service, to access any third party product or service in a manner that violates such third party terms of service.

CUSTOMER AND AUTHORIZED USERS ACKNOWLEDGE AND AGREE THAT COMPANY HAS THE FULL AND FINAL DISCRETION AS TO WHETHER ANY USE USES VIOLATE THIS ACCEPTABLE USE POLICY.

3. No Security Violations

Neither Customer nor Users may use the Services to violate the security or integrity of any network, computer or communications system, software application, or network or computing device (each, a “System” ). Prohibited activities include:

1. Unauthorized Access: Accessing or using any System without permission, including attempting to probe, scan, or test the vulnerability of a System or to breach any security or authentication measures used by a System.



ACCEPTABLE USE POLICY

(Updated on January 20, 2022)

This Acceptable Use Policy explains the terms for acceptable use as adopted by Jentech Inc (“Company”). It is incorporated by reference into the Jentech Inc Terms of Service.

Customer and Authorized Users are required to abide by the following guidelines for acceptable use of the Software Platform and Services (also referenced as the “Services”):

1. Prohibited Content

Neither Customer nor Authorized Users may upload any data to the Software Platform containing any of the following content:

1. Content that infringes a third party's rights (e.g., copyright) according to applicable law;
2. Excessively profane content;
3. Hate-related or violent content;
4. Content advocating racial or ethnic intolerance;
5. Content intended to advocate or advance computer hacking or cracking;
6. Gambling;
7. Other illegal activity, including without limitation illegal export of controlled substances or illegal software;
8. Drug paraphernalia;
9. Phishing;
10. Malicious content;
11. Other material, products or services that violate or encourage conduct that would violate any criminal laws, any other applicable laws, or any third-party rights.

2. Prohibited Actions

Neither Customer nor any Authorized User may allow any third party to:

1. Generate or facilitate unsolicited commercial email ("spam") through the Software Platform. Such activity includes, but is not limited to:
   1. sending email in violation of the CAN-SPAM Act or any other applicable anti-spam law;
   2. imitating or impersonating another person or his, her or its email address, or creating false accounts for the purpose of sending spam;
   3. data mining any web property (to find email addresses or other user account information;
   4. sending unauthorized mail via open, third-party servers;
   5. sending emails to users who have requested to be removed from a mailing list;
   6. selling, exchanging or distributing to a third party the email addresses of any person without such person's knowing and continued consent to such disclosure; and
   7. sending unsolicited emails to significant numbers of email addresses belonging to individuals and/or entities with whom you have no preexisting relationship.
2. Send, upload, distribute or disseminate or offer to do the same with respect to any unlawful, defamatory, harassing, abusive, fraudulent, infringing, obscene, or otherwise objectionable content
3. Intentionally distribute viruses, worms, defects, Trojan horses, corrupted files, hoaxes, or any other items of a destructive or deceptive nature;
4. Conduct or forward pyramid schemes and the like;
5. Transmit content that may be harmful to minors;
6. Impersonate another person (via the use of an email address or otherwise) or otherwise misrepresent yourself or the source of any email;
7. Illegally transmit another's intellectual property or other proprietary information without such owner's or licensor's permission;
8. Use the Services to violate the legal rights (such as rights of privacy and publicity) of others;
9. Promote or encourage illegal activity;
10. Interfere with other users' enjoyment of the Services;
11. Perform significant load testing without first obtaining Company’s written consent (email permitted), as otherwise these may be treated as denial-of-service attacks;
12. Sell, trade, resell or otherwise exploit the Services for any unauthorized commercial purpose;
13. Modify, adapt, translate, or reverse engineer any portion of the Services;
14. Remove any copyright, trademark or other proprietary rights notices contained in or on the Services;
15. Reformat or frame any portion of the web pages that are part of the Software Service's administration display;
16. Use the Services in connection with illegal peer-to-peer file sharing;
17. Use the Services to "mine" bitcoins and other cryptocurrencies;
18. Display any content on the Services that contains any hate-related or violent content or contains any other material, products or services that violate or encourage conduct that would violate any criminal laws, any other applicable laws, or any third party rights;
19. Modify without prior written authorization any third party logo or marks;
20. Use the Services to operate an "open proxy" or any other form of Internet proxy service that is capable of forwarding requests to any end user or third party-supplied Internet host;
21. Use the Services to access a third party web property for the purposes of web scraping, web crawling, web monitoring, or other similar activity through a web client.
22. Use the Services, or any interfaces provided with the Service, to access any third party product or service in a manner that violates such third party terms of service.

CUSTOMER AND AUTHORIZED USERS ACKNOWLEDGE AND AGREE THAT COMPANY HAS THE FULL AND FINAL DISCRETION AS TO WHETHER ANY USE USES VIOLATE THIS ACCEPTABLE USE POLICY.

3. No Security Violations

Neither Customer nor Users may use the Services to violate the security or integrity of any network, computer or communications system, software application, or network or computing device (each, a “System” ). Prohibited activities include:

1. Unauthorized Access: Accessing or using any System without permission, including attempting to probe, scan, or test the vulnerability of a System or to breach any security or authentication measures used by a System.
2. Interception: Monitoring of data or traffic on a System without permission.
3. Falsification of Origin: Forging TCP/IP packet headers, e-mail headers, or any part of a message describing its origin or route. This prohibition does not include the use of aliases or anonymous remailers.
4. Hacking: Interfering with the security-related features of the Service.

4. No Network Abuse

Neither Customer nor Users may make network connections to any users, hosts, or networks unless such Customer or Users has advance permission to communicate with them. Prohibited activities include:

1. Monitoring or Crawling: Monitoring or crawling of a System that impairs or disrupts the System being monitored or crawled.
2. Denial of Service (DoS): Inundating a target with communications requests so the target either cannot respond to legitimate traffic or responds so slowly that it becomes ineffective.
3. Intentional Interference: Interfering with the proper functioning of any System, including any deliberate attempt to overload a system by mail bombing, news bombing, broadcast attacks, or flooding techniques.
4. Operation of Certain Network Services: Operating network services like open proxies, open mail relays, or open recursive domain name servers.
5. Avoiding System Restrictions: Using manual or electronic means to avoid any use limitations placed on a System, such as access and storage restrictions.
6. Domain Impersonation: Creating applications pointing at domains you do not own or lawfully control.
7. Malware: Uploading or otherwise any disseminating viruses, adware, spyware, worms, or other malicious code.

5. No Trolling

Customer and Authorized Users agree not to:

1. Access the Services to bring an intellectual property infringement claim against Jentech Inc or any of Jentech Inc’s affiliates, customers, vendors, business partners, or licensors;
2. Develop or create a competing product or service;
3. Copy, modify, create a derivative work of, reverse engineer, decompile, translate, disassemble, or otherwise attempt to extract the source code of the Services or any component thereof;
4. Sub-license, resell, or distribute the Services or any component thereof separate from any integrated application;
5. Violate, or encourage others to violate, any right of a third party, including by infringing or misappropriating any third party intellectual property right;
6. Post, upload, or distribute any Content or other content that is unlawful, defamatory, libelous, inaccurate, or that a reasonable person could deem to be objectionable, profane, indecent, pornographic, harassing, threatening, embarrassing, hateful, or otherwise inappropriate; and
7. Perform any fraudulent activity, including impersonating any person or entity or claiming a false affiliation; misrepresenting the source, identity or content of information transmitted via the Services; accessing any other Software Service account without permission, or falsifying Authorized User’s age or date of birth.

6. Our Monitoring and Enforcement

Company reserves the right, but does not assume the obligation, to investigate any violation of this policy or misuse of the Services or Jentech Site. Company may:

1. Investigate violations of this policy or misuse of the Services;
2. Remove, disable access to, or modify any content or resource that violates this Policy or any other agreement Company has with Customer or Users for use of the Services; and
3. Report any activity that Company suspects violates any law or regulation to appropriate law enforcement officials, regulators, or other appropriate third parties. Company’s reporting may include disclosing appropriate customer information. Company may cooperate with appropriate law enforcement agencies, regulators, or other appropriate third parties to help with the investigation and prosecution of illegal conduct by providing network and systems information related to alleged violations of this policy.

7. Reporting of Violations of this Policy

If Customer or Authorized User become aware of any violation of this policy, Customer shall immediately notify Company of the violation and provide Company with assistance, as requested, to stop or remedy the violation.

To report any violation of this policy, please email us at [email protected]

TRADEMARK POLICY

(Updated on January 20, 2022)

This Trademark Policy grants customers of Jentech Inc (“Company”) permission to use the Jentech Inc Logos and Marks in connection with the Software Services and the trademark license granted therein. It is incorporated by reference into the Jentech Inc Terms of Service.

1. Definitions

For the purposes of this Trademark Policy, " Jentech Inc Logos and Marks " means the following trademarks, service marks, service or trade names, logos, product names, or designations of Jentech Inc and its affiliates:

1. The logos in the form shown below (the " Logos "); and

   

2. "Jentech," "Jentech Inc," and any other Jentech Inc Logos and Marks and Services made available from time to time.

2. Scope

The scope of the trademark license grants Customer the right to display the Jentech Inc Logos and Marks on Customer’s website in order to identify Customer’s business relationship with Company. Customer’s use of the Jentech Inc Logos and Marks shall comply with the most up-to-date versions of the Terms of Service, this Trademark Policy, and any other applicable terms, conditions, or policies that Company may issue from time to time.

3. Acknowledgement

Customer understands and agrees that, without prior notice and at Company’s sole discretion:

1. Company may modify this Trademark Policy at any time;
2. Company may modify or terminate Customer’ limited license grant to use the Jentech Inc Logos and Marks, at any time in Company’s sole discretion, for any reason or for no reason at all; and
3. Company reserves the right to take any and all actions including, without limitation, legal proceedings, against any use of the Jentech Inc Logos and Marks that does not comply with this Trademark Policy or the Terms of Service.

4. No Affiliation or Endorsement

Customer shall refrain from displaying the Jentech Inc Logos and Marks in any manner that implies that Customer is related to, affiliated with, sponsored or endorsed by Company, or in a manner that could reasonably be interpreted to suggest that Customer’s content, application, web site, product or service, has been authored or edited by Company, or represents Company’s views or opinions.

5. No Disparagement

Customer shall use the Jentech Inc Logos and Marks at all times in a manner designed to maintain the highest standard, quality, and reputation that is associated with the Jentech Inc Logos Marks. Customer shall not use the Jentech Inc Logos and Marks to disparage Company, Company’s products, or Company’s services.

6. No Dominant Display; JENTECH INC Logo or Mark Differentiation

Customer shall refrain from displaying the Jentech Inc logo or mark as the largest or most prominent trademark in any materials (including, without limitation, any web site or product literature) associated with Customer’s content, application, software tool or other software application. When using any Jentech Inc logo or mark (other than the Logo, with respect to which the formatting requirements are set forth below), Customer must distinguish the Jentech Inc mark from the name of Customer’s content and/or other surrounding text by capitalizing the first letter of the Jentech Inc mark, capitalizing or italicizing the entire Jentech Inc mark, placing the Jentech Inc mark in quotes, or using a different style or color of font for the Jentech Inc mark.

7. Formatting Requirements with Respect to the Logos and Marks

1. No Modification. Jentech Inc will make the Logo images available to Customer. Customer may not remove, distort, or modify any element of the Logo; however, Customer may alter the file format itself, for ease of use.
2. Spacing. The Logo must appear by itself, with reasonable spacing (at least the height of the Logo) between each side of the Logo and other graphic or textual elements.
3. Alt/Title Attribute. The alternative text (alt/title attribute of the image tag) should either be set to the following text or be left blank: "Powered by Jentech".

8. Permissible Uses of the Jentech Inc Logos and Marks

Except for the Logo (with respect to which the formatting requirements are set forth above), Customer may only use the Jentech Inc Logos and Marks in a relational phrase using "for" or one of the limited number of equivalent naming conventions, as set forth below; 

Example of Permissible Use: "Commissions - powered by Paymance."

Customer may replace "powered by" in the example above with any of the following, so long as the term Customer uses is accurate when used with the applicable Jentech Inc Logos and Marks: "for use with"; "with"; "compatible with"; "works with"; "for"; "built on"; "built with"; "developed on"; "developed with."

Customer may replace "Paymance" in the examples above with any of the Jentech Inc Logos and Marks, so long as Customer’s usage of the Jentech Inc Logos and Marks is accurate.

9. Hyperlinking

Customer shall link each use of the Jentech Inc Logos and Marks directly to the following URL, wherever technically feasible:  https://www.jentech.io/ . Customer may open the URL in a new browser window. Customer may not link the Jentech Inc Logos and Marks to any web site other than the primary URL for the applicable Service. Customer may not frame or mirror any of Jentech Inc’s web site pages.

10. No Combination

Customer shall refrain from hyphenating, combining, or abbreviating the Jentech Inc Logos and Marks. Customer shall not incorporate the Jentech Inc Logos Marks into the name of Customer’s organization, or into Customer’s services, products, trademark, or logos. The foregoing prohibition includes the use of the Jentech Inc Logos and Marks in the name of any application, service or product, or in a URL. 

11. Attribution

Customer shall include the following statement in any materials that include the Jentech Inc Logos and Marks: "This logo or mark is the trademark of Jentech Inc or its affiliates in the United States and/or other countries." In addition, the Jentech Inc Logos and Marks must be designated with the ™/"tm" notice.

12. No Misleading Use

Customer shall refrain displaying the Jentech Inc Logos and Marks in any manner that is misleading, unfair, defamatory, infringing, libelous, disparaging, obscene, or otherwise objectionable as determined by Company in its sole discretion.

13. Trade Dress

Customer shall refrain from imitating the trade dress or "look and feel" of any of Company web sites or pages contained in any of Company web sites, including without limitation, the branding, color combinations, fonts, graphic designs, product icons or other elements associated with Company.

14. Compliance with Law; Appropriate Activities

Customer shall refrain from using the Jentech Inc Logos and Marks in any manner that violates any United States or foreign, federal, state, provincial, municipal, local, or other, law or regulation. Without limiting the foregoing, or any provision in the Terms of Service, Customer shall refrain from displaying any Jentech Inc Logos and Mark on Customer’s site if such site contains or displays adult content or promotes illegal activities, gambling, or the sale of tobacco or alcohol to persons under twenty-one (21) years of age.

15. Reservation of Rights

All use by Customer of the Jentech Inc Logos and Marks including any goodwill associated therewith, shall inure to the benefit of Company.

16. No Challenges

Customer agrees that Customer will not, at any time, challenge or encourage, assist, or otherwise induce third parties to challenge the Jentech Inc Logos and Marks (except to the extent such restriction is prohibited by law), nor shall Customer attempt to register any trademarks, service marks, trade names, logos, product names, service names, legends, domain names, other designations, or abbreviations of any of the foregoing, or other distinctive brand features that are confusingly similar in any way (including, but not limited to, sound, appearance, and spelling) to the Jentech Inc Logos and Marks.

17. Contact Information

If Customer has questions regarding its obligations under this Trademark Policy, or questions about any Optimera mark, please email Company at [email protected] .

Beta Services Agreement

THIS BETA SERVICES AGREEMENT GOVERNS CUSTOMER’S USE OF AND PARTICIPATION IN ANY PILOT TESTING AND/OR DEVELOPING THE COVERED SERVICES, AS DEFINED BELOW. CAPITALIZED TERMS HAVE THE DEFINITIONS SET FORTH HEREIN.

BY ACCEPTING THIS AGREEMENT, BY (1) CLICKING A BOX INDICATING ACCEPTANCE, (2) ACKNOWLEDGING ACCEPTANCE OF THIS AGREEMENT IN A SEPARATE DOCUMENT REFERENCING OR INCORPORATING THE TERMS OF THIS AGREEMENT AND/OR (3) PARTICIPATING IN A DATA SCIENCE PROGRAM OR USING A NON-GA SERVICE, CUSTOMER AGREES TO THE TERMS OF THIS AGREEMENT. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT IS ACCEPTING ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, SUCH INDIVIDUAL REPRESENTS THAT THEY HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS, IN WHICH CASE THE TERM “CUSTOMER” SHALL REFER TO SUCH ENTITY AND ITS AFFILIATES. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT DOES NOT HAVE SUCH AUTHORITY, OR DOES NOT AGREE WITH THESE TERMS AND CONDITIONS, SUCH INDIVIDUAL MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICES.

Jentech’s direct competitors are prohibited from accessing the Covered Services, except with Jentech’s prior written consent. In addition, the Covered Services may not be accessed for purposes of monitoring their availability, performance or functionality, or for any other benchmarking or competitive purposes.

This Agreement was last updated on January 20, 2022. It is effective between Customer and Jentech Inc, a Delaware corporation having a principal place of business at 1968 S. Coast Hwy. #1796, Laguna Beach, CA 92651 (“Company”) as of the date of Customer’s accepting this Agreement.

1. Definitions.

“ Affiliate ” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

“ Agreement ” means this Beta Services Agreement.

“ Content ” means information obtained by Jentech from publicly available sources or its third party content providers and made available to Customer through the Covered Services, as may be more fully described in the Documentation.

“ Covered Services ” means, collectively, the Data Science Programs, Non-GA Service and Non-GA Software.

“ Customer ” means in the case of an individual accepting this Agreement on his or her own behalf, such individual, or in the case of an individual accepting this Agreement on behalf of a company or other legal entity, the company or other legal entity for which such individual is accepting this Agreement.

“ Customer Data ” means electronic data and information submitted by or for Customer to the Data Science Programs or Non-GA Services, excluding (i) Content, (ii) reports, data, assessments, analyses or compilations, collected by, derived from, created by or returned by the Covered Services, including any derivative works thereof, and (iii) Non-Company Applications. Notwithstanding anything to the contrary, electronic data and information submitted by or for Customer to Non-GA Software is not Customer Data (or Your Data, or any comparable defined term) under the Terms of Service or this Agreement.

“ Data Science Programs ” means those projects undertaken by Company, in which Customer shall allow Company to access and use Customer Data, for the purposes of (i) building, analyzing, reviewing, running, training, testing and improving algorithms and machine learning models to be used in GA Successor and Non-GA Services and/or Non-GA Software and (ii) performing analyses on the Customer Data.

“ Documentation ” means the applicable GA Service’s Trust and Compliance documentation, and its usage guides and policies, as updated from time to time, accessible via login to the applicable Service. “GA Service” means the products and services that are ordered by Customer under an Order Form (as defined in the Terms of Service), governed by a separate Terms of Service (“TOS”) between Company and Customer and made available online by Company, including associated Company offline or mobile components, as described in the Documentation.

“ GA Services ” exclude NonGA Services and/or Non-GA Software, Content and Non-Company Applications.

“ GA Successor Service ” means any successor version of a Non-GA Service or a product or service derived from the Data Science Program that Company may make available as a GA Service.

“ Non-Company Application ” means a Web-based or offline software application that is provided by Customer or a third party and which may interoperate with the Covered Services, including, for example, an application that is developed by or for Customer or is listed on a marketplace. Non-Company Applications may also be referred to as Third Party Applications.

“ Non-GA Service ” means an application, feature, function or other technology that Company and/or its affiliate (i) has made available to Customer, (ii) has not made generally available to its customers, and (iii) has designated as pilot, beta, limited release, developer preview, or by description of similar import. Non-GA Service excludes Content, Non-GA Software and Non-Company Applications.

“ Non-GA Software ” means software products that Company and/or its Affiliates (i) has made available to Customer for deployment on Customer’s premise, and all related Documentation for and any support and maintenance releases of the same software products (but excluding any Data Science Programs, GA Service or Non-GA Service, Content, Non-Company Application, Customer infrastructure and third-party hosting providers), (ii) has not made generally available to its customers, and (iii) has designated as pilot, beta, limited release, developer preview, or by description of similar import.

“ Users ” means individuals who are authorized by Customer to use the Covered Services, and have been supplied user identifications and passwords by Customer (or by Company at Customer's request). Users may include but are not limited to employees, consultants, contractors and agents of Customer.

2. Use of Non-GA Service and Content. Company shall make the Non-GA Service, and Content available to Customer, and, in the case of the Non-GA Software, Company shall grant Customer a non-transferable, non-sublicensable, non-exclusive license to use the NonGA Software in object code form, at no charge, subject to (i) the terms of this Agreement and (ii) the Documentation applicable to the Covered Services and the GA Services used in conjunction with the Covered Services. Customer shall allow only Users to access the Non-GA Service and/or Non-GA Software, and only for the purpose(s) described by Company. Non-GA Services and/or Non-GA Software are for evaluation purposes only, are provided as-is, are not supported, and may be subject to additional terms as set forth in supplemental exhibits.

3. Protection of Customer Data. Company will maintain appropriate administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Customer Data, as described in the Security, Privacy and Architecture for Non-GA Services Offered Under the Beta Services Agreement at https://www.jentech.io/legal?p=bsa . Those safeguards will include, but will not be limited to, measures designed to prevent unauthorized access to or disclosure of Customer Data (other than by Customer or Users). The terms of the Data Processing Addendum at https://www.jentech.io/legal?p=dpa (“DPA”) are hereby incorporated by reference and shall apply to the extent Customer Data includes Personal Data, as defined in the DPA. To the extent Personal Data from the European Economic Area (EEA), the United Kingdom and Switzerland are processed by Company, the Standard Contractual Clauses shall apply, as further set forth in the DPA. For the purposes of the Standard Contractual Clauses, Customer and its Authorized Affiliates (as defined in the DPA) are each the data exporter, and Customer's acceptance of this Agreement shall be treated as its acceptance of the Standard Contractual Clauses and appendices.

4. External-Facing Services. To the extent applicable to the Covered Services, Customer will comply with, and be responsible for Users’ compliance with, Company’s Acceptable Use Policy at https://www.jentech.io/legal?p=aup , and be solely responsible for complying with applicable law in any use of cookies or other tracking technologies on such websites.

5. Non-Company Applications and Content. Access to and use of Content and Non-Company Applications shall be governed by the applicable sections of the Customer’s Terms of Service for the corresponding GA Service and any applicable Documentation.

6. License Granted by Customer. The license to host, copy, transmit and display Customer Data and any Non-Company Applications set forth in the Terms of Service governing the use of GA Services shall apply to Customer Data or any Non-Company Application submitted or provided to Company (in the case of a Non-Company Application), for use with the Covered Services. Company represents and warrants that it has measures in place as described in the Documentation to prevent sharing of Customer Data with other customers, unless authorized to do so in writing by Customer. With respect solely to the Data Sciences Program, (i) Customer acknowledges that Company may access Customer Data submitted to the Covered Services in connection with the Data Sciences Program for the purpose of training and improving the Covered Services and any other of Company’s current and future features, products and/or services; and (ii) Customer unconditionally grants to Company a perpetual, irrevocable, non-exclusive, worldwide, royalty-free, license to use Customer Data to perform and compile analyses of the Customer Data for use and incorporation into current and future products or services.

7. Proprietary Rights. Subject to the limited rights expressly granted under this Agreement, Company and its licensors reserve all rights, title and interest in and to the Covered Services (including reports, data, assessments, analyses or compilations of Customer Data, collected by, derived from, created by or returned by the Covered Services, including any derivative works thereof) and Content, including all related intellectual property rights. No rights are granted to Customer hereunder other than as expressly set forth herein. Subject to the limited licenses granted herein, Company acquires no right, title or interest from Customer or its licensors under this Agreement in or to Customer Data, Non-Company Applications or program code.

8. Feedback and Training. Customer agrees to provide ongoing feedback to Company regarding the Covered Services. Company shall have a royalty-free, worldwide, irrevocable, perpetual license to use and incorporate into the Covered Services and GA Successor Services any suggestion, enhancement request, recommendation, correction or other feedback provided by Customer or Users, relating to the operation of the Covered Services and GA Successor Services for use by Company and users of its offerings. At Company’s reasonable request, Users shall participate in training at no charge.

9. Protection of Confidential Information. Information that is disclosed by one party (the “Disclosing Party”) to the other party (the “Receiving Party”) in connection with this Agreement that is identified as confidential or that would reasonably be understood to be confidential based on the nature of the information or the circumstances surrounding its disclosure, is Confidential Information of the Disclosing Party. The Covered Services and all information provided or disclosed to Customer relating to the Covered Services is Confidential Information of Company and the Customer Data is Confidential Information of the Customer. The Receiving Party shall use the same degree of care to protect such Confidential Information that it uses to protect the confidentiality of its own confidential information of like kind (but in no event less than reasonable care) (i) not to use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement, and (ii) except as otherwise authorized by the Disclosing Party in writing, to limit access to Confidential Information of the Disclosing Party to those of its and its affiliates’ Users, and other employees, contractors and agents who need such access for purposes consistent with this Agreement and who have signed confidentiality agreements with the Receiving Party containing protections no less stringent than those herein. The Receiving Party may disclose Confidential Information of the Disclosing Party if it is compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party's cost, if the Disclosing Party wishes to contest the disclosure. If the Receiving Party is compelled by law to disclose the Disclosing Party’s Confidential Information as part of a civil proceeding to which the Disclosing Party is a party, and the Disclosing Party is not contesting the disclosure, the Disclosing Party will reimburse the Receiving Party for its reasonable cost of compiling and providing secure access to such Confidential Information. Confidential Information does not include any information that (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party, (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party, (iii) is received from a third party without breach of any obligation owed to the Disclosing Party, or (iv) was independently developed by the Receiving Party.

10. Term. This Agreement shall commence on the Effective Date and will remain in effect unless terminated in accordance with the section entitled “Termination and Notices”. Notwithstanding the foregoing, Customer’s right to use any particular Non-GA Service and/or Non-GA Software under this Agreement will commence on the date Company makes such Non-GA Service and/or Non-GA Software available to Customer, and will end on the earlier of (a) the date the applicable GA Successor Service and/or Non-GA Software becomes generally available, or (b) termination in accordance with the section entitled “Termination and Notices”. At the time of termination, the Customer shall destroy all copies of Non-GA Software. As a result of the Customer’s participation in Data Science Programs and the grants given by the Customer under this Agreement, Company may develop Non-GA Services or GA Services utilizing Customer Data which may be made available beyond the Term.

11. Termination and Notices. Either party may terminate this Agreement at any time without cause upon thirty (30) days’ written notice to the other. Either party may terminate Customer’s right to use any particular Covered Service by providing written notice (email acceptable) of such termination to the other party; the notifying party will endeavor to provide such notice thirty (30) days before the termination date. If requested by Company in connection with any such termination, Customer will cooperate reasonably with Company to disable the Non-GA Service and/or Non-GA Software.

12. Customer Responsibilities. Customer is responsible for all activities that occur in User accounts and for Users' compliance with this Agreement and for use of the Covered Services in accordance with the terms of the Terms of Service. For the avoidance of doubt the sections entitled “Customer Responsibilities” and “Usage Restrictions” in the Terms of Service shall apply to the Covered Services.

13. Third Party Infrastructure and Platforms. Customer acknowledges and agrees that the infrastructure used by Company to host Customer Data submitted to the Covered Services may be provided by a third-party hosting provider, such as, for example, Amazon Web Services, Inc.

14. No Warranty. THE COVERED SERVICES AND CONTENT ARE PROVIDED “AS-IS,” EXCLUSIVE OF ANY WARRANTY WHATSOEVER WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE. COMPANY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. COMPANY DISCLAIMS ALL LIABILITY FOR ANY HARM OR DAMAGES CAUSED BY ANY THIRDPARTY HOSTING PROVIDERS. The Covered Services may contain bugs or errors. Any participation in or use of the Covered Services or Content is at Customer’s sole risk. Customer acknowledges that Company may discontinue the Covered Services at any time in its sole discretion, and may never make an applicable GA Successor Service available.

15. No Damages. IN NO EVENT SHALL COMPANY HAVE ANY LIABILITY HEREUNDER TO CUSTOMER FOR ANY DAMAGES WHATSOEVER, INCLUDING BUT NOT LIMITED TO DIRECT, INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR DAMAGES BASED ON LOST PROFITS, DATA OR USE, HOWEVER CAUSED AND, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, WHETHER OR NOT CUSTOMER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES UNLESS SUCH DISCLAIMER OF LIABILITY IS NOT ENFORCEABLE UNDER APPLICABLE LAW IN WHICH CASE COMPANY’S LIABILITY WITH RESPECT TO THIS AGREEMENT SHALL NOT EXCEED $1,000.00.

16. Relationship to Other Agreements. Customer may be or become entitled to receive access to other Company services or the GA Successor Service under a separate agreement with Company. In such case, that separate agreement will govern Customer’s access to the other Company services or the GA Successor Service, but will not govern Customer’s access to the Covered Services or Content accessed via the Covered Services, except as otherwise noted in this Agreement.

17. Assignment. Customer may not assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of Company (not to be unreasonably withheld).

18. Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the State of California, USA, without regard to conflicts of law principles.

19. Agreement to Governing Law and Jurisdiction. Each party agrees to the applicable governing law above without regard to its conflicts of laws rules, and to the exclusive jurisdiction of the applicable courts above.

20. Third Party Beneficiaries. There are no third-party beneficiaries under this Agreement.

21. Entire Agreement and Order of Precedence. This Agreement constitutes the entire agreement between the parties, and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. No modification, amendment, or waiver of any provision of this Agreement shall be effective unless in writing and signed by the party against whom the change is to be asserted. In the event of any conflict or inconsistency among the following documents, the order of precedence shall be: (1) any exhibit, schedule or addendum to this Agreement, (2) the body of this Agreement and (3) the Documentation. Titles and headings of sections of this Agreement are for convenience only and shall not affect the construction of any provision of this Agreement.

22. Survival. The following provisions: “Proprietary Rights,” “Protection of Confidential Information,” “Customer Responsibilities,” “No Warranty,” “No Damages,” and “Relationship to Other Agreements” shall survive the termination of this agreement.

23. Manner of Giving Notice. Except as otherwise specified in this Agreement, all notices related to this Agreement will be in writing and will be effective upon (a) personal delivery, (b) the second business day after mailing, or (c), except for notices of termination or an indemnifiable claim (“Legal Notices”), which shall clearly be identifiable as Legal Notices, the day of sending by email. Billing-related notices to Customer will be addressed to the relevant billing contact designated by Customer. All other notices to Customer will be addressed to the relevant Services system administrator designated by Customer.

Jentech iOS Apps

End User License Addendum

Last Updated: January 20, 2022

This Jentech iOS Apps End User License Addendum (“Mobile Addendum”) is between you and Jentech, Inc. (“Jentech”) and governs your use of Jentech’s mobile applications for iOS including its Paymance app and Core Assistant app (collectively, the “Jentech iOS Apps”). This Mobile Addendum is an addendum to Jentech’s Terms of Service ( www.jentech.io/legal?p=tos ).

Parties . This Mobile Addendum is between you and Jentech only, and not Apple, Inc. (“Apple”). Jentech, not Apple, is solely responsible for the Jentech iOS Apps and their content. Although Apple is not a party to this Mobile Addendum, Apple has the right to enforce this Mobile Addendum against you as a third party beneficiary relating to your use of the Jentech iOS Apps.

Terms of Service . To use the Jentech iOS Apps, you may be required to register to become a Jentech member. In doing so, you must accept Jentech’s Terms of Service.

Privacy . Jentech may collect and use information concerning your use of the Jentech iOS Apps as set forth in its Privacy Policy ( https://www.jentech.io/legal?p=prv ).

Limited License . Jentech grants you a limited, non-exclusive, non-transferable, revocable license to use the Jentech iOS Apps for your personal, non-commercial purposes. You may only use the Jentech iOS Apps on an iPhone, iPod Touch, iPad, or other Apple device that you own or control and as permitted by the Apple App Store Terms of Service.

Warranty . The Jentech iOS Apps are provided for free on an “as is” basis. As such, Jentech disclaims all warranties about the Jentech iOS Apps to the fullest extent permitted by law. To the extent any warranty exists under law that cannot be disclaimed, Jentech, not Apple, shall be solely responsible for such warranty.

Maintenance and Support . Because the Jentech iOS Apps are free to download and use, Jentech does not provide any maintenance or support for them. To the extent that any maintenance or support is required by applicable law, Jentech, not Apple, shall be obligated to furnish any such maintenance or support.

Third Party Terms of Agreement . You must comply with applicable third party terms of agreement when using the Jentech iOS Apps.

Third Party Intellectual Property Claims . Jentech shall not be obligated to indemnify or defend you with respect to any third party claim arising out or relating to the Jentech iOS Apps. To the extent Jentech is required to provide indemnification by applicable law, Jentech, not Apple, shall be solely responsible for the investigation, defense, settlement, and discharge of any claim that the Jentech iOS Apps or your use of it infringes any third party intellectual property right.

Product Claims . Jentech does not make any warranties concerning the Jentech iOS Apps. To the extent you have any claim arising from or relating to your use of the Jentech iOS Apps, Jentech, not Apple, is responsible for addressing any such claims, which may include, but are not limited to:

1. any product liability claim;
2. any claim that the Jentech iOS Apps fail to conform to any applicable legal or regulatory requirement; and
3. any claim arising under consumer protection or similar legislation.

Nothing in this Mobile Addendum shall be deemed an admission that you may have such claims.

U.S. Legal Compliance . You represent and warrant that (i) you are not located in a country that is subject to a U.S. Government embargo, or that has been designated by the U.S. Government as a “terrorist supporting” country; and (ii) you are not listed on any U.S. Government list of prohibited or restricted parties.

Contact Information . Should you have any questions, complaints, or claims relating to the Jentech iOS Apps, please contact us at [email protected].

JENTECH INC DATA PROCESSING ADDENDUM

(Revision January 2022)

This Data Processing Addendum (“ DPA ”) is part of the Terms of Service and Privacy Policy, both as updated from time to time, or other written or electronic agreement between Jentech and Customer for the purchase and/or use of online services (including associated Jentech mobile components) from Jentech (identified either as “Services” or otherwise in the applicable agreement, and hereinafter defined as “ Services ”) (the “ Agreement ”) to reflect the parties’ agreement with regard to the Processing of Personal Data.

Customer enters into this DPA on behalf of itself and, to the extent required under applicable Data Protection Laws and Regulations, in the name and on behalf of Customer’s Authorized Affiliates, if and to the extent Jentech processes Personal Data for which such Authorized Affiliates qualify as the Controller. For the purposes of this DPA only, and except where indicated otherwise, the term “Customer” shall include Customer and Authorized Affiliates. All capitalized terms not defined herein shall have the meaning set forth in the Agreement. In the course of providing the Services to Customer pursuant to the Agreement, Jentech may Process Personal Data on behalf of Customer and the Parties agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.

DATA PROCESSING TERMS

1. DEFINITIONS

“ Affiliate ” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

“ Authorized Affiliate ” means any of Customer’s Affiliate(s) which (a) is subject to the data protection laws and regulations of the European Union, the European Economic Area and/or their member states, Switzerland and/or the United Kingdom, and (b) is permitted to use the Services pursuant to the Agreement between Customer and Jentech, but has not signed its own Order Form with Jentech and is not a “Customer” as defined under this DPA.

“ CCPA ” means the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq., and its implementing regulations.

“ Controller ” means the entity which determines the purposes and means of the Processing of Personal Data.

“ Customer Data ” means what is defined in the Agreement as “Customer Data” or “Your Data”, provided that such data is electronic data and information submitted by or for Customer to the Services. This DPA does not apply to Content or Non-Company Applications as defined in the Agreement or, if not defined in the Agreement, as defined in the Terms of Service at https://www.jentech.io/legal?p=tos .

“ Data Protection Laws and Regulations ” means all laws and regulations, including laws and regulations of the European Union, the European Economic Area and their member states, Switzerland and the United Kingdom, applicable to the Processing of Personal Data under the Agreement.

“ Data Subject ” means the identified or identifiable person to whom Personal Data relates.

“ GDPR ” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), including as implemented or adopted under the laws of the United Kingdom.

“ Jentech ” means the Jentech Inc entity which is a party to this DPA, being Jentech Inc, a Delaware corporation, also referenced as “Company” in Terms of Service at https://www.jentech.io/legal?p=tos .

“ Personal Data ” means any information relating to (i) an identified or identifiable natural person and, (ii) an identified or identifiable legal entity (where such information is protected similarly as personal data or personally identifiable information under applicable Data Protection Laws and Regulations), where for each (i) or (ii), such data is Customer Data.

“ Processing ” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“ Processor ” means the entity which Processes Personal Data on behalf of the Controller, including as applicable any “service provider” as that term is defined by the CCPA.

“ Security, Privacy and Architecture Documentation ” means the Security, Privacy and Architecture Documentation applicable to the specific Services purchased by Customer, as updated from time to time, and accessible via Jentech’s Trust and Compliance webpage at https://www.jentech.io/legal?p=tcd or as otherwise made reasonably available by Jentech.

“ Standard Contractual Clauses ” means the agreements entered into by and between Customer and Jentech, Inc and attached hereto as Schedules 3 and 4 for the international transfer of personal data to third countries which according to the European Commission, the Swiss Federal Council, and/or the UK Government do not ensure an adequate level of data protection.

“ Sub-processor ” means any Processor engaged by Jentech.

“ Supervisory Authority ” means an independent public authority which is established by an EEA State pursuant to the GDPR, the UK’s Information Commissioner’s Office and/or the Swiss Federal Data Protection and Information Commissioner.

2. PROCESSING OF PERSONAL DATA

2.1 Roles of the Parties. The parties acknowledge and agree that with regard to the Processing of Personal Data, Customer is always a Controller of Personal Data and Jentech is either a Controller or a Processor depending on the type of and purpose for which the Personal Data are Processed. In particular, the parties acknowledge and agree that Jentech Processes Personal Data as a:

2.1.1 Processor : in the course of providing the Services to Customer. Where Jentech is Processing Personal Data as a Processor clauses 2.2 and 3 through 12 of this DPA shall apply to the Processing of Personal Data by Jentech; and

2.1.2 Controller : for purposes of Customer account management and billing, direct marketing, Customer support services, data analytics, information security, product fulfilment, in connection with surveys, competitions and blogs. Where Jentech is Processing Personal Data as a Controller clauses 2.2, 11, and 12.3 of this DPA shall apply to the Processing of Personal Data by Jentech.

2.2 Customer’s Processing of Personal Data . Customer shall, in its use of the Services:

2.2.1 Process Personal Data in accordance with the requirements of Data Protection Laws and Regulations. For the avoidance of doubt, Customer’s instructions for the Processing of Personal Data (where Jentech is Processing Personal Data as a Processor) shall comply with Data Protection Laws and Regulations;

2.2.2 have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Customer acquired Personal Data;

2.2.3 have provided adequate notices to, and obtained valid consents from, any data subjects, relating to the Processing (including the sharing) of Personal Data by Customer and as applicable, to the transfer of such Personal Data outside of the EEA/Switzerland/UK; and

2.2.4 shall not, by act or omission, cause Jentech to violate any Data Protection Laws and Regulations, notices provided to, or consents obtained from, data subjects as result of Processing the Personal Data.

3. JENTECH’S PROCESSING OF PERSONAL DATA

3.1 Jentech shall treat Personal Data as confidential information and shall only Process Personal Data on behalf of and in accordance with Customer’s documented instructions for the following purposes: (i) Processing in accordance with the Agreement; (ii) Processing initiated by Customers and/or Invited Users in their use of the Services; and (iii) Processing to comply with other documented reasonable instructions provided by Customer (e.g., via email) where such instructions are consistent with the terms of the Agreement.

3.2 Details of the Processing . The subject-matter of Processing of Personal Data by Jentech is the performance of the Services pursuant to the Agreement. The duration of the Processing, the nature and purpose of the Processing, the types of Personal Data and categories of Data Subjects Processed under this DPA are further specified in Schedule 2 (Details of the Processing) to this DPA.

4. DATA SUBJECT REQUESTS

Jentech shall, to the extent legally permitted, promptly notify Customer if Jentech receives a request from a Data Subject to exercise the Data Subject’s right of access, right to rectification, restriction of Processing, erasure (“right to be forgotten”), data portability, object to the Processing, or its right not to be subject to an automated individual decision making (“Data Subject Request”). Taking into account the nature of the Processing, Jentech shall assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Customer’s obligation to respond to a Data Subject Request under Data Protection Laws and Regulations. In addition, to the extent Customer, in its use of the Services, does not have the ability to address a Data Subject Request, Jentech shall upon Customer’s request provide commercially reasonable efforts to assist Customer in responding to such Data Subject Request, to the extent Jentech is legally permitted to do so and the response to such Data Subject Request is required under Data Protection Laws and Regulations. To the extent legally permitted, Customer shall be responsible for any costs arising from Jentech’s provision of such assistance.

5. JENTECH PERSONNEL

5.1 Confidentiality . Jentech shall ensure that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data, have received appropriate training on their responsibilities and have executed written confidentiality agreements. Jentech shall ensure that such confidentiality obligations survive the termination of the personnel engagement.

5.2 Reliability . Jentech shall take commercially reasonable steps to ensure the reliability of any Jentech personnel engaged in the Processing of Personal Data.

5.3 Limitation of Access . Jentech shall ensure that Jentech’s access to Personal Data is limited to those personnel performing Services in accordance with the Agreement.

5.4 Data Protection Officer . Based on Jentech’s processing activities, Jentech is not required to appoint a Data Protection Officer. Jentech reserves the right to voluntarily appoint a Data Protection Officer in the future. For questions about this DPA, GDPR compliance, data privacy, Privacy Shield, or any other privacy issues please send an email to [email protected] .

6. SUB-PROCESSORS

6.1 Appointment of Sub-processors . Customer acknowledges and agrees that (a) Jentech’s Affiliates may be retained as Sub-processors; and (b) Jentech and Jentech’s Affiliates respectively may engage third-party Sub-processors in connection with the provision of the Services. Jentech or a Jentech Affiliate has entered into a written agreement with each Sub-processor containing data protection obligations not less protective than those in this DPA with respect to the protection of Customer Data to the extent applicable to the nature of the Services provided by such Sub-processor.

6.2 List of Current Sub-processors and Notification of New Sub-processors . Jentech shall make available to Customer the current list of Sub-processors for the Jentech Services. Such Sub-processor lists shall include the identities of those Sub-processors and their country of location (“ Sub-processor Documentation ”). Customer may find on Jentech’s webpage at https://www.jentech.io/legal?p=tcd , under the applicable Jentech Service, the Sub-processor Documentation. Jentech, through notification to the Customer shall provide notification of a new Sub-processor(s) before authorizing any new Subprocessor(s) to Process Personal Data in connection with the provision of the applicable Services.

6.3 Objection Right for New Sub-processors . Customer may object to Jentech’s use of a new Sub-processor by notifying Jentech promptly in writing within ten (10) business days after receipt of Jentech’s notice in accordance with the mechanism set out in Section 6.2. In the event Customer objects to a new Sub-processor, as permitted in the preceding sentence, Jentech will use reasonable efforts to make available to Customer a change in the Services or recommend a commercially reasonable change to Customer’s configuration or use of the Services to avoid Processing of Personal Data by the objected-to new Sub-processor without unreasonably burdening the Customer. If Jentech is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, Customer may terminate the applicable Agreement with respect only to those Services which cannot be provided by Jentech without the use of the objected-to new Sub-processor by providing written notice to Jentech. Jentech will refund Customer any prepaid fees covering the remainder of the term of such Agreement following the effective date of termination with respect to such terminated Services, without imposing a penalty for such termination on Customer.

6.4 Liability . Jentech shall be liable for the acts and omissions of its Sub-processors to the same extent Jentech would be liable if performing the services of each Sub-processor directly under the terms of this DPA, except as otherwise set forth in the Agreement.

7. SECURITY

7.1 Controls for the Protection of Customer Data . Jentech shall maintain appropriate technical and organizational measures for protection of the security (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Customer Data), confidentiality and integrity of Customer Data, as set forth in the Security, Privacy and Architecture Documentation. Jentech regularly monitors compliance with these measures. Jentech will not materially decrease the overall security of the Services during a subscription term.

7.2 Third-Party Certifications and Audits . Jentech has obtained the third-party certifications and audits set forth in the Security, Privacy and Architecture Documentation. Upon Customer’s written request at reasonable intervals, and subject to the confidentiality obligations set forth in the Agreement, Jentech shall make available to Customer that is not a competitor of Jentech (or Customer’s independent, thirdparty auditor that is not a competitor of Jentech) a copy of Jentech’s then most recent third-party audits or certifications, as applicable.

8. CUSTOMER DATA INCIDENT MANAGEMENT AND NOTIFICATION

Jentech maintains security incident management policies and procedures specified in the Security, Privacy and Architecture Documentation and the Agreement. Jentech shall, notify Customer without undue delay, and in compliance with applicable laws, after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data, including Personal Data, transmitted, stored or otherwise Processed by Jentech or its Sub-processors of which Jentech becomes aware (a “Customer Data Incident”). Jentech shall make reasonable efforts to identify the cause of such Customer Data Incident and take those steps as Jentech deems necessary and reasonable in order to remediate the cause of such a Customer Data Incident to the extent the remediation is within Jentech’s reasonable control. The obligations herein shall not apply to incidents that are caused by Customer or Customer’s Invited Users.

9. RETURN AND DELETION OF CUSTOMER DATA

Jentech shall return Customer Data to Customer and, to the extent allowed by applicable law, delete Customer Data in accordance with the procedures and timeframes specified in the Security, Privacy and Architecture Documentation.

10. AUTHORIZED AFFILIATES

10.1 Contractual Relationship . The parties acknowledge and agree that, by entering into the DPA, the Customer enters into the DPA on behalf of itself and, as applicable, in the name and on behalf of its Authorized Affiliates, thereby establishing a separate DPA between Jentech and each such Authorized Affiliates subject to the provisions of the Agreement and this Section 10. Each Authorized Affiliate agrees to be bound by the obligations under this DPA and, to the extent applicable, the Agreement. For the avoidance of doubt, by Customer entering into this DPA, an Authorized Affiliate is not and does not become a party to the Agreement, and is only a party to the DPA. All access to and use of the Services and Content by Authorized Affiliates must comply with the terms and conditions of the Agreement and any violation of the terms and conditions of the Agreement by an Authorized Affiliate shall be deemed a violation by Customer.

10.2 Communication . The Customer that is the contracting party to the Agreement shall remain responsible for coordinating all communication with Jentech under this DPA and be entitled to make and receive any communication in relation to this DPA on behalf of its Authorized Affiliate.

10.3 Rights of Authorized Affiliates . Where an Authorized Affiliate becomes a party to the DPA with Jentech, it shall to the extent required under applicable Data Protection Laws and Regulations be entitled to exercise the rights and seek remedies under this DPA, subject to the following:

10.3.1 Except where applicable Data Protection Laws and Regulations require the Authorized Affiliate to exercise a right or seek any remedy under this DPA against Jentech directly by itself, the parties agree that (i) solely the Customer that is the contracting party to the Agreement shall exercise any such right or seek any such remedy on behalf of the Authorized Affiliate, and (ii) the Customer that is the contracting party to the Agreement shall exercise any such rights under this DPA not separately for each Authorized Affiliate individually but in a combined manner for all of its Authorized Affiliates together (as set forth, for example, in Section 10.3.2, below).

10.3.2 The parties agree that the Customer that is the contracting party to the Agreement shall, when carrying out an on-site audit of the procedures relevant to the protection of Personal Data, take all reasonable measures to limit any impact on Jentech and its Sub-processors by combining, to the extent reasonably possible, several audit requests carried out on behalf of different Authorized Affiliates in one single audit.

11. LIMITATION OF LIABILITY

Each party’s and all of its Affiliates’ liability, taken together in the aggregate, arising out of or related to this DPA, and all DPAs between Authorized Affiliates and Jentech, whether in contract, tort or under any other theory of liability, is subject to the limitations of liability set forth in the Agreement, and such limitations apply to the aggregate liability of that party and all of its Affiliates under the Agreement and all DPAs together.

For the avoidance of doubt, Jentech’s and its Affiliates’ total liability for all claims from the Customer and all of its Authorized Affiliates arising out of or related to the Agreement and each DPA shall apply in the aggregate for all claims under both the Agreement and all DPAs established under this Agreement, including by Customer and all Authorized Affiliates, and, in particular, shall not be understood to apply individually and severally to Customer and/or to any Authorized Affiliate that is a contractual party to any such DPA.

Also for the avoidance of doubt, each reference to the DPA in this DPA means this DPA including its Schedules and Appendices.

12. EUROPEAN SPECIFIC PROVISIONS

12.1 GDPR . Jentech will Process Personal Data in accordance with Data Protection Laws and Regulations including the GDPR requirements directly applicable to Jentech’s provision of its Services.

12.2 Data Protection Impact Assessment . Upon Customer’s request, Jentech shall provide Customer with reasonable cooperation and assistance needed to fulfill Customer’s obligation under the GDPR, or other Data Protection Laws and Regulations, to carry out a data protection impact assessment related to Customer’s use of the Services, to the extent Customer does not otherwise have access to the relevant information, and to the extent such information is available to Jentech. Jentech shall provide reasonable assistance to Customer in the cooperation or prior consultation with the Supervisory Authority in the performance of its tasks relating to Section 12.2 of this DPA, to the extent required under the GDPR or other Data Protection Laws and Regulations.

12.3 Transfer mechanisms for data transfers . Subject to the additional terms in Schedule 1, Jentech makes available the transfer mechanisms listed below which shall apply, to any transfers of Personal Data under this DPA from the European Economic Area and/or their member states, Switzerland and the United Kingdom to countries which do not ensure an adequate level of data protection within the meaning of Data Protection Laws and Regulations of the foregoing territories, to the extent such transfers are subject to such Data Protection Laws and Regulations:

12.3.1 The Standard Contractual Clauses set forth in Schedule 3 to this DPA apply to transfers of personal data made in connection with the Processing described in clause 2.1.1 of this DPA subject to the additional terms in Schedule 1;

12.3.2 The Standard Contractual Clauses set forth in Schedule 4 to this DPA apply to transfers of personal data made in connection with the Processing described in clause 2.1.2 of this DPA (other than as described in clause 12.3.3 below) subject to the additional terms in Schedule 1; and

12.3.3 Article 49(1)(b) of the GDPR (the transfer is necessary for the performance of a contract), and the equivalent provisions in the Data Protection Laws and Regulations, applies to transfers of personal data made in connection with product fulfilment, in connection with surveys, newsletters and blogs, in connection with providing Customer support to prospective Customers, and in connection with recruiting for prospective new hires.

List of Schedules

Schedule 1: Transfer Mechanisms for European Data Transfers

Schedule 2: Details of the Processing

Schedule 3: Standard Contractual Clauses (processors)

Schedule 4: Standard Contractual Clauses (controllers)

SCHEDULE 1

TRANSFER MECHANISMS FOR EUROPEAN DATA TRANSFERS

1. ADDITIONAL TERMS FOR SCC SERVICES

1.1 Customers covered by the Standard Contractual Clauses . The Standard Contractual Clauses and the additional terms specified in this Section 1 of this Schedule 1 apply to (i) the legal entity that has entered into the Standard Contractual Clauses as a data exporter and its Invited Users and (ii) all Affiliates, including, but not limited to, Invited Users of Customer established within the European Economic Area, Switzerland and the United Kingdom, which have entered into Agreements for the SCC Services. For the purpose of the Standard Contractual Clauses and this Schedule 1, the aforementioned entities shall be deemed “data exporters”.

1.2 Instructions . This DPA and the Agreement are Customer’s complete and final documented instructions to Jentech for the Processing of Personal Data. Any additional or alternate instructions must be agreed upon separately. For the purposes of Clause 5(a) of Schedule 3, the following is deemed an instruction by the Customer to process Personal Data: (a) Processing in accordance with the Agreement; (b) Processing initiated by Users in their use of the Services and (c) Processing to comply with other reasonable documented instructions provided by Customer (e.g., via email) where such instructions are consistent with the terms of the Agreement.

1.3 Appointment of new Sub-processors and List of current Sub-processors . Pursuant to Clause 5(h) of Schedule 3 and Annex A of Schedule 4, Customer acknowledges and expressly agrees that (a) Jentech’s Affiliates may be retained as Sub-processors; and (b) Jentech and Jentech’s Affiliates respectively may engage third-party Subprocessors in connection with the provision of the Services. For purposes of Clause 5(h) of Schedule 3, Jentech shall make available to Customer the current list of Subprocessors in accordance with Section 6.2 of this DPA

2.4 Notification of New Sub-processors and Objection Right for new Sub-processors . Pursuant to Clause 5(h) of Schedule 3, Customer acknowledges and expressly agrees that Jentech may engage new Sub-processors as described in Sections 6.2 and 6.3 of the DPA.

2.5. Copies of Sub-processor Agreements . The parties agree that the copies of the Subprocessor agreements that must be provided by Jentech to Customer pursuant to Clause 5(j) of Schedule 3 may have all commercial information, or clauses unrelated to the Standard Contractual Clauses in Schedule 3 or their equivalent, removed by Jentech beforehand; and, that such copies will be provided by Jentech, in a manner to be determined in its discretion, only upon request by Customer.

2.6. Audits and Certifications . The parties agree that the audits described in Clause 5(f) and Clause 12(2) of Schedule 3 and Clause II(g) of Schedule 4 shall be carried out in accordance with Clause 7.2 of the DPA.

2.7. Certification of Deletion . The parties agree that the certification of deletion of Personal Data that is described in Clause 12(1) of Schedule 3 shall be provided by Jentech to Customer only upon Customer’s request.

2.8. Conflict . In the event of any conflict or inconsistency between the body of this DPA and any of its Schedules (not including the Standard Contractual Clauses) and the Standard Contractual Clauses in Schedule 4, the Standard Contractual Clauses shall prevail.

SCHEDULE 2

DETAILS OF THE PROCESSING

Nature and Purpose of Processing

Jentech will Process Personal Data as necessary to perform the Services pursuant to the Agreement, as further specified in the DPA, and as further instructed by Customer in its use of the Services.

Duration of Processing

Subject to Section 8 of the DPA, Jentech will Process Personal Data for the duration of the Agreement, unless otherwise agreed upon in writing.

Categories of Data Subjects

Customer may submit Personal Data to the Services, the categories, extent and detail of which is determined and controlled by Customer in its sole discretion.

Type of Personal Data

Customer may submit Personal Data to the Services, the type, extent and detail of which is determined and controlled by Customer in its sole discretion.

SCHEDULE 3

STANDARD CONTRACTUAL CLAUSES

Standard Contractual Clauses (processors)

For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection.

The entity identified as “Customer” in the DPA (the data exporter)

and

Jentech, Inc, 1968 S. Coast Hwy. #1796, Laguna Beach, CA 92651, USA (the data importer)

each a “party”; together “the parties”,

HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.

Clause 1

Definitions

For the purposes of the Clauses:

(a) ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;

(b) ‘the data exporter’ means the controller who transfers the personal data;

(c) ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;

(d) ‘the subprocessor’ means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;

(e) ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;

(f) ‘technical and organizational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Clause 2

Details of the transfer

The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.

Clause 3

Third-party beneficiary clause

1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.

2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.

3. The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.

4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

Clause 4

Obligations of the data exporter

The data exporter agrees and warrants:

(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;

(b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;

(c) that the data importer will provide sufficient guarantees in respect of the technical and organizational security measures specified in Appendix 2 to this contract;

(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful 15 destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;

(e) that it will ensure compliance with the security measures;

(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;

(g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;

(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;

(i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and

(j) that it will ensure compliance with Clause 4(a) to (i).

Clause 5

Obligations of the data importer

The data importer agrees and warrants:

(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(c) that it has implemented the technical and organizational security measures specified in Appendix 2 before processing the personal data transferred;

(d) that it will promptly notify the data exporter about:

(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,

(ii) any accidental or unauthorized access, and

(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorized to do so;

(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;

(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;

(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;

(h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;

(i) that the processing services by the subprocessor will be carried out in accordance with Clause 11;

(j) to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.

Clause 6

Liability

1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.

2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity. The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.

3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.

Clause 7

Mediation and jurisdiction

1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:

(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;

(b) to refer the dispute to the courts in the Member State in which the data exporter is established.

2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

Clause 8

Cooperation with supervisory authorities

1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.

2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.

3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).

Clause 9

Governing Law

The Clauses shall be governed by the law of the Member State in which the data exporter is established.

Clause 10

Variation of the contract

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

Clause 11

Subprocessing

1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor’s obligations under such agreement.

2. The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.

3. The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.

4. The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.

Clause 12

Obligation after the termination of personal data processing services

1. The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.

2. The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.

APPENDIX 1 TO THE STANDARD CONTRACTUAL CLAUSES

This Appendix forms part of the Clauses.

The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix.

Data exporter

The data exporter is (please specify briefly your activities relevant to the transfer):

Data exporter is (i) the Customer which as a legal entity or as an individual has entered into the Standard Contractual Clauses as a data exporter and, (ii) all Affiliates (as defined in the Agreement) of Customer established within the European Economic Area (EEA) and Switzerland that have purchased Services on the basis of one or more subscription(s).

Data importer

The data importer is (please specify briefly activities relevant to the transfer):

Jentech is a cloud-based software-as-a-service provider of collaboration and communication software which processes personal data upon the instruction of the data exporter in accordance with the terms of the Agreement.

Data subjects

The personal data transferred concern the following categories of data subjects (please specify):

As defined in Schedule 2 of the DPA

Categories of data

The personal data transferred concern the following categories of data (please specify):

As defined in Schedule 2 of the DPA

Special categories of data (if appropriate)

The personal data transferred concern the following special categories of data (please specify):

Data exporter may submit special categories of data to Jentech, the type, category, extent and detail of which is determined and controlled by the data exporter in its sole discretion.

Processing operations

The personal data transferred will be subject to the following basic processing activities (please specify):

The objective of Processing of Personal Data by data importer is the performance of Jentech’s Services pursuant to the Agreement.

APPENDIX 2 TO THE STANDARD CONTRACTUAL CLAUSES

This Appendix forms part of the Clauses.

Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):

Data importer will maintain administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Personal Data uploaded to the Services, as described in the Security, Privacy and Architecture Documentation applicable to the specific Services purchased by data exporter. Data Importer will not materially decrease the overall security of the Services during a subscription term.

SCHEDULE 4

STANDARD CONTRACTUAL CLAUSES

Standard Contractual Clauses (controllers)

Data transfer agreement

between

The entity identified as “ Customer ” in the DPA (the data exporter )

and

Jentech, Inc, 1968 S. Coast Hwy. #1796, Laguna Beach, CA 92651, USA (hereinafter the “ data importer ”)

each a “party”; together “the parties”.

Definitions

For the purposes of the clauses:

a) “personal data”, “special categories of data/sensitive data”, “process/processing”, “controller”, “processor”, “data subject” and “supervisory authority/authority” shall have the same meaning as in Directive 95/46/EC of 24 October 1995 (whereby “the authority” shall mean the competent data protection authority in the territory in which the data exporter is established);

b) “the data exporter” shall mean the controller who transfers the personal data;

c) “the data importer” shall mean the controller who agrees to receive from the data exporter personal data for further processing in accordance with the terms of these clauses and who is not subject to a third country’s system ensuring adequate protection;

d) “clauses” shall mean these contractual clauses, which are a free-standing document that does not incorporate commercial business terms established by the parties under separate commercial arrangements.

The details of the transfer (as well as the personal data covered) are specified in Annex B, which forms an integral part of the clauses.

I. Obligations of the data exporter

The data exporter warrants and undertakes that:

a) The personal data have been collected, processed and transferred in accordance with the laws applicable to the data exporter.

b) It has used reasonable efforts to determine that the data importer is able to satisfy its legal obligations under these clauses.

c) It will provide the data importer, when so requested, with copies of relevant data protection laws or references to them (where relevant, and not including legal advice) of the country in which the data exporter is established.

d) It will respond to enquiries from data subjects and the authority concerning processing of the personal data by the data importer, unless the parties have agreed that the data importer will so respond, in which case the data exporter will still respond to the extent reasonably possible and with the information reasonably available to it if the data importer is unwilling or unable to respond. Responses will be made within a reasonable time.

e) It will make available, upon request, a copy of the clauses to data subjects who are third party beneficiaries under clause III, unless the clauses contain confidential information, in which case it may remove such information. Where information is removed, the data exporter shall inform data subjects in writing of the reason for removal and of their right to draw the removal to the attention of the authority. However, the data exporter shall abide by a decision of the authority regarding access to the full text of the clauses by data subjects, as long as data subjects have agreed to respect the confidentiality of the confidential information removed. The data exporter shall also provide a copy of the clauses to the authority where required.

II. Obligations of the data importer

The data importer warrants and undertakes that:

a) It will have in place appropriate technical and organizational measures to protect the personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and which provide a level of security appropriate to the risk represented by the processing and the nature of the data to be protected.

b) It will have in place procedures so that any third party it authorizes to have access to the personal data, including processors, will respect and maintain the confidentiality and security of the personal data. Any person acting under the authority of the data importer, including a data processor, shall be obligated to process the personal data only on instructions from the data importer. This provision does not apply to persons authorized or required by law or regulation to have access to the personal data.

c) It has no reason to believe, at the time of entering into these clauses, in the existence of any local laws that would have a substantial adverse effect on the guarantees provided for under these clauses, and it will inform the data exporter (which will pass such notification on to the authority where required) if it becomes aware of any such laws.

d) It will process the personal data for purposes described in Annex B, and has the legal authority to give the warranties and fulfil the undertakings set out in these clauses.

e) It will identify to the data exporter a contact point within its organization authorized to respond to enquiries concerning processing of the personal data, and will cooperate in good faith with the data exporter, the data subject and the authority concerning all such enquiries within a reasonable time. In case of legal dissolution of the data exporter, or if the parties have so agreed, the data importer will assume responsibility for compliance with the provisions of clause I(e).

f) At the request of the data exporter, it will provide the data exporter with evidence of financial resources sufficient to fulfil its responsibilities under clause III (which may include insurance coverage).

g) Upon reasonable request of the data exporter, it will submit its data processing facilities, data files and documentation needed for processing to reviewing, auditing and/or certifying by the data exporter (or any independent or impartial inspection agents or auditors, selected by the data exporter and not reasonably objected to by the data importer) to ascertain compliance with the warranties and undertakings in these clauses, with reasonable notice and during regular bu ^[1] siness hours. The request will be subject to any necessary consent or approval from a regulatory or supervisory authority within the country of the data importer, which consent or approval the data importer will attempt to obtain in a timely fashion.

h) It will process the personal data, at its option, in accordance with:

i. the data protection laws of the country in which the data exporter is established, or

ii. the relevant provisions ¹ of any Commission decision pursuant to Article 25(6) of Directive 95/46/EC, where the data importer complies with the relevant provisions of such an authorization or decision and is based in a country to which such an authorization or decision pertains, but is not covered by such authorization or decision for the purposes of the transfer(s) of the personal data ² , or

iii. the data processing principles set forth in Annex A.

Data importer to indicate which option it selects: Option (iii)

Initials of data importer: ............................................................................................ ;

i) It will not disclose or transfer the personal data to a third party data controller located outside the European Economic Area (EEA) unless it notifies the data exporter about the transfer and

i. the third party data controller processes the personal data in accordance with a Commission decision finding that a third country provides adequate protection, or

ii. the third party data controller becomes a signatory to these clauses or another data transfer agreement approved by a competent authority in the EU, or

iii. data subjects have been given the opportunity to object, after having been informed of the purposes of the transfer, the categories of recipients and the fact that the countries to which data is exported may have different data protection standards, or

iv. with regard to onward transfers of sensitive data, data subjects have given their unambiguous consent to the onward transfer

III. Liability and third party rights

a) Each party shall be liable to the other parties for damages it causes by any breach of these clauses. Liability as between the parties is limited to actual damage suffered. Punitive damages (i.e. damages intended to punish a party for its outrageous conduct) are specifically excluded. Each party shall be liable to data subjects for damages it causes by any breach of third party rights under these clauses. This does not affect the liability of the data exporter under its data protection law.

b) The parties agree that a data subject shall have the right to enforce as a third party beneficiary this clause and clauses I(b), I(d), I(e), II(a), II(c), II(d), II(e), II(h), II(i), III(a), V, VI(d) and VII against the data importer or the data exporter, for their respective breach of their contractual obligations, with regard to his personal data, and accept jurisdiction for this purpose in the data exporter’s country of establishment. In cases involving allegations of breach by the data importer, the data subject must first request the data exporter to take appropriate action to enforce his rights against the data importer; if the data exporter does not take such action within a reasonable period (which under normal circumstances would be one month), the data subject may then enforce his rights against the data importer directly. A data subject is entitled to proceed directly against a data exporter that has failed to use reasonable efforts to determine that the data importer is able to satisfy its legal obligations under these clauses (the data exporter shall have the burden to prove that it took reasonable efforts).

IV. Law applicable to the clauses

These clauses shall be governed by the law of the country in which the data exporter is established, with the exception of the laws and regulations relating to processing of the personal data by the data importer under clause II(h), which shall apply only if so selected by the data importer under that clause.

V. Resolution of disputes with data subjects or the authority

a) In the event of a dispute or claim brought by a data subject or the authority concerning the processing of the personal data against either or both of the parties, the parties will inform each other about any such disputes or claims, and will cooperate with a view to settling them amicably in a timely fashion.

b) The parties agree to respond to any generally available non-binding mediation procedure initiated by a data subject or by the authority. If they do participate in the proceedings, the parties may elect to do so remotely (such as by telephone or other electronic means). The parties also agree to consider participating in any other arbitration, mediation or other dispute resolution proceedings developed for data protection disputes.

c) Each party shall abide by a decision of a competent court of the data exporter’s country of establishment or of the authority which is final and against which no further appeal is possible.

VI. Termination

a) In the event that the data importer is in breach of its obligations under these clauses, then the data exporter may temporarily suspend the transfer of personal data to the data importer until the breach is repaired or the contract is terminated.

b) In the event that:

i. the transfer of personal data to the data importer has been temporarily suspended by the data exporter for longer than one month pursuant to paragraph (a);

ii. compliance by the data importer with these clauses would put it in breach of its legal or regulatory obligations in the country of import;

iii. the data importer is in substantial or persistent breach of any warranties or undertakings given by it under these clauses;

iv. a final decision against which no further appeal is possible of a competent court of the data exporter’s country of establishment or of the authority rules that there has been a breach of the clauses by the data importer or the data exporter; or

v. a petition is presented for the administration or winding up of the data importer, whether in its personal or business capacity, which petition is not dismissed within the applicable period for such dismissal under applicable law; a winding up order is made; a receiver is appointed over any of its assets; a trustee in bankruptcy is appointed, if the data importer is an individual; a company voluntary arrangement is commenced by it; or any equivalent event in any jurisdiction occurs

then the data exporter, without prejudice to any other rights which it may have against the data importer, shall be entitled to terminate these clauses, in which case the authority shall be informed where required. In cases covered by (i), (ii), or (iv) above the data importer may also terminate these clauses.

c) Either party may terminate these clauses if (i) any Commission positive adequacy decision under Article 25(6) of Directive 95/46/EC (or any superseding text) is issued in relation to the country (or a sector thereof) to which the data is transferred and processed by the data importer, or (ii) Directive 95/46/EC (or any superseding text) becomes directly applicable in such country.

d) The parties agree that the termination of these clauses at any time, in any circumstances and for whatever reason (except for termination under clause VI(c)) does not exempt them from the obligations and/or conditions under the clauses as regards the processing of the personal data transferred.

VII. Variation of these clauses

The parties may not modify these clauses except to update any information in Annex B, in which case they will inform the authority where required. This does not preclude the parties from adding additional commercial clauses where required.

VIII. Description of the Transfer

The details of the transfer and of the personal data are specified in Annex B. The parties agree that Annex B may contain confidential business information which they will not disclose to third parties, except as required by law or in response to a competent regulatory or government agency, or as required under clause I(e). The parties may execute additional annexes to cover additional transfers, which will be submitted to the authority where required. Annex B may, in the alternative, be drafted to cover multiple transfers.

ANNEX A

DATA PROCESSING PRINCIPLES

1. Purpose limitation: Personal data may be processed and subsequently used or further communicated only for purposes described in Annex B or subsequently authorized by the data subject.

2. Data quality and proportionality: Personal data must be accurate and, where necessary, kept up to date. The personal data must be adequate, relevant and not excessive in relation to the purposes for which they are transferred and further processed.

3. Transparency: Data subjects must be provided with information necessary to ensure fair processing (such as information about the purposes of processing and about the transfer), unless such information has already been given by the data exporter.

4. Security and confidentiality: Technical and organizational security measures must be taken by the data controller that are appropriate to the risks, such as against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, presented by the processing. Any person acting under the authority of the data controller, including a processor, must not process the data except on instructions from the data controller.

5. Rights of access, rectification, deletion and objection: As provided in Article 12 of Directive 95/46/EC, data subjects must, whether directly or via a third party, be provided with the personal information about them that an organization holds, except for requests which are manifestly abusive, based on unreasonable intervals or their number or repetitive or systematic nature, or for which access need not be granted under the law of the country of the data exporter. Provided that the authority has given its prior approval, access need also not be granted when doing so would be likely to seriously harm the interests of the data importer or other organizations dealing with the data importer and such interests are not overridden by the interests for fundamental rights and freedoms of the data subject. The sources of the personal data need not be identified when this is not possible by reasonable efforts, or where the rights of persons other than the individual would be violated. Data subjects must be able to have the personal information about them rectified, amended, or deleted where it is inaccurate or processed against these principles. If there are compelling grounds to doubt the legitimacy of the request, the organization may require further justifications before proceeding to rectification, amendment or deletion. Notification of any rectification, amendment or deletion to third parties to whom the data have been disclosed need not be made when this involves a disproportionate effort. A data subject must also be able to object to the processing of the personal data relating to him if there are compelling legitimate grounds relating to his particular situation. The burden of proof for any refusal rests on the data importer, and the data subject may always challenge a refusal before the authority.

6. Sensitive data: The data importer shall take such additional measures (e.g. relating to security) as are necessary to protect such sensitive data in accordance with its obligations under clause II.

7. Data used for marketing purposes: Where data are processed for the purposes of direct marketing, effective procedures should exist allowing the data subject at any time to “opt-out” from having his data used for such purposes.

8. Automated decisions: For purposes hereof “automated decision” shall mean a decision by the data exporter or the data importer which produces legal effects concerning a data subject or significantly affects a data subject and which is based solely on automated processing of personal data intended to evaluate certain personal aspects relating to him, such as his performance at work, creditworthiness, reliability, conduct, etc. The data importer shall not make any automated decisions concerning data subjects, except when:

a) i. such decisions are made by the data importer in entering into or performing a contract with the data subject, and

ii. the data subject is given an opportunity to discuss the results of a relevant automated decision with a representative of the parties making such decision or otherwise to make representations to that parties.

or

b) where otherwise provided by the law of the data exporter.

ANNEX B

DESCRIPTION OF THE TRANSFER

Data subjects

The personal data transferred concern the following categories of data subjects:

As defined in Schedule 2 of the DPA

Purposes of the transfer(s)

The transfer is made for the following purposes:

As defined in Clause 12.3.2 of the DPA

Categories of data

The personal data transferred concern the following categories of data:

As defined in Schedule 2 of the DPA

Recipients

The personal data transferred may be disclosed only to the following recipients or categories of recipients on a need-to-know basis:

As defined in the Security, Privacy and Architecture Documentation

Sensitive data

The personal data transferred concern the following categories of sensitive data:

Data exporter may submit special categories of data to Jentech, the type, category, extent and detail of which is determined and controlled by the data exporter in its sole discretion.

Data protection registration information of data exporter

Not applicable

Additional useful information

Not applicable

Contact points for data protection enquiries

As set out in DPA

1. “Relevant provisions” means those provisions of any authorization or decision except for the enforcement provisions of any authorisation or decision (which shall be governed by these clauses).

2. However, the provisions of Annex A.5 concerning rights of access, rectification, deletion and objection must be applied when this option is chosen and take precedence over any comparable provisions of the Commission Decision selected.

What is MFA and how does it work?

MFA is an effective way to increase protection for user accounts against common threats like phishing attacks, credential stuffing, and account takeovers. It adds another layer of security to your login process by requiring users to enter two or more pieces of evidence — or factors — to prove they are who they say they are. One factor is something the user knows, such as their username and password combination. Other factors are verification methods that the user has in their possession, such as an authenticator app or security key. A familiar example of MFA at work is the two factors needed to withdraw money from an ATM. Your ATM card is something that you have and your PIN is something you know.

By tying user access to multiple, different types of authentication factors, it’s much harder for a bad actor to access your Jentech Inc product accounts. For example, even if a user’s password is stolen, the odds are very low that an attacker will also be able to guess or hack a code from the user’s authentication app.

What's the difference between MFA and 2FA?

You may be more familiar with the concept of two-factor authentication, or 2FA. MFA and 2FA both protect against unauthorized access by requiring a user to provide multiple authentication factors to prove their identity. The only difference between them is the number of factors that are needed to log in. MFA requires two or more factors, providing options for many combinations of authentication mechanisms. 2FA, on the other hand, is a subset of MFA that requires two factors only.

Does Jentech Inc require customers to enable MFA?

Yes, all users who log in to Jentech Inc products (including Core Assistant and Paymance) through the user interface must use multi-factor authentication (MFA).

Why is Jentech Inc requiring MFA?

There is nothing more important than the trust and success of our customers. We understand that the confidentiality, integrity, and availability of each customer's data is vital to their business, and we take the protection of that data very seriously. As the global threat landscape evolves, it's important for our customers to understand that the types of attacks that can cripple their business and exploit consumers are on the rise. As businesses transition to remote work environments, it's more important than ever to implement stronger security measures.

A key part of your security strategy is safeguarding access to your Jentech Inc product user accounts. On their own, usernames and passwords no longer provide sufficient protection because of their susceptibility to common threats like phishing attacks. That's where MFA comes in. It's one of the simplest, most effective ways to prevent unauthorized account access and safeguard your data and your customers' data. We believe that now is the time for MFA.
 

What's the complete list of login types and environments that are affected by the MFA requirement?

See the following tables for full details about how login types and environments are affected by the requirement.

MFA Requirements for Login Types and Authentication Methods

Is MFA required for Jentech Inc products that are accessed via single sign-on (SSO)?

Yes, the MFA requirement applies to all users who access a Jentech Inc product’s user interface, whether by logging in directly or via SSO. If your Jentech Inc products are integrated with SSO, ensure that MFA is enabled for all your Jentech Inc users. Customers are fully responsible for the protection of accounts that are accessed using their SSO identity provider (IdP).

Are logins to Jentech Inc mobile and desktop apps included in the MFA requirement?

Yes. All Jentech Inc mobile and desktop apps that are accessed via user interface logins are included in the MFA requirement. This includes the Core Assistant and Paymance apps. Note that subsequent app usage is often handled with token exchanges via API calls, without requiring a new login.

Do we have to use the same MFA solution for all our Jentech Inc users?

The crux of the MFA requirement is that all of your Jentech Inc product users must provide a strong verification method in addition to their password when they access Jentech Inc products. If needed, you can accomplish this by deploying multiple MFA solutions. For example, if you have a mix of SSO and non-SSO users, you should ensure that MFA is enabled for your SSO users. MFA functionality for the users who log in directly is automatically enforced. 

How to setup MFA?

When you log in on a new device, you will be asked to enter a Login Code. Jentech Inc’s products, Core Assistant or Paymance, will send you this Login Code in an SMS text, or you can get it from a special authenticator app on your device.

Choose SMS Text or an Authenticator App

There are two different ways to get your Login Code — from an SMS text message, or from a separate app on your phone, called an authenticator app.

Authenticator Apps

Generate a security code using a trusted app like Google Authenticator ( iOS / Android)  or Duo ( iOS / Android ).

Authenticator apps are a good choice if you can’t always receive an SMS text message — like if you use Jentech Inc products on a tablet, or you travel abroad

If you lose your device or delete the authenticator app, then you will not be able to get your Login Codes!

SMS Verification

Jentech Inc products can send you Login Codes in SMS text messages to the mobile number that’s linked to your Jentech Inc product account. (Standard messaging and data rates may apply.)

Getting your Login Codes from SMS text messages is convenient, but if you do not have good mobile service, then you might have trouble.

Why a Recovery Code is Important

A recovery code is a backup way to log in case you can’t get your Login Code from a text message or your authenticator app.

We strongly recommend that you make a recovery code and keep it in a safe place.

Please Note: we don’t offer support for lost recovery codes

We use single sign-on (SSO) for Jentech Inc products. Does SSO satisfy the MFA requirement?

On its own, SSO does not satisfy the MFA requirement. With a well-implemented SSO strategy, you can reduce some of the risks associated with weak or reused passwords, and make it easier for your users to log in to frequently used applications. But if your SSO implementation relies on user credentials alone, it can leave user accounts vulnerable to common attacks such as phishing or credential stuffing. 

If your Jentech Inc products are integrated with SSO, ensure that MFA is enabled for all your Salesforce users. 

Can we use a password manager as an alternative to MFA?

A password manager plays an important role in your defense-in-depth strategy, but it's not a substitute for MFA. Password managers help drive sound and secure password practices. You can use this type of tool to ensure that users create strong and hard-to-predict passwords, don't reuse passwords, and change passwords on a recommended schedule. But passwords — even strong ones — aren't sufficient protection against unauthorized account access because they can be compromised by common threats like phishing attacks, credential stuffing, and malware. Password managers don't provide the enhanced login security that you get by requiring two or more authentication factors via MFA.

Can users register multiple verification methods?

Yes. In fact, we encourage users to register multiple verification methods so they have a backup in case they forget or lose their primary method.