Terms and Conditions

Terms and Conditions

Terms and Conditions

Terms and Conditions

1. Introduction

Polyloop Corporation (“Polyloop,”, “we,” “our,” “us,” “the Platform,” “the Service”) offers a AI driven co-pilot smart software for government and funding eco-systems to measure and evidence their success, as further described in the Polyloop website and its About page (the “Websites”).

These User Terms of Service (“Terms”) are a binding legal contract between you and Polyloop and explain the rules governing your use of the Platform. By accessing or using the Platform and Websites, you acknowledge and agree to be bound by these Terms (as applicable) and confirm you have read and understand our Privacy Statement, which is incorporated by reference. If you do not agree to these Terms, please do not access or use the Service or Websites.

We may revise these Terms from time to time by posting a modified version on our website. If, in Polyloop’s sole discretion, the modifications to these Terms are material, we will provide you with reasonable notice prior to the change taking effect, either by emailing the email address associated with your account or by alerting you through the Service and/or Websites. If you do not agree to or cannot comply with the modified Terms, you must stop using the Service and Websites. Unless otherwise stated elsewhere in these Terms or in our notice, the updated Terms will take effect upon their posting and will apply on a going-forward basis. Your continued use of the Service and Websites after any update to these Terms constitutes your acceptance of such changes.

2. Information About Us and How To Contact Us

2.1 Who we are. We are Polyloop, a company registered in Delaware. Our company identification number is 99-3219173 and our registered office is at 823 Congress Ave St, TX, 78701.

2.2 How to contact us. You can contact us by telephoning our service team at +44(0)2033 550530 or by writing to us at support@polyloop.io AND 823 Congress Ave St, TX, 78701.

2.3 How we may contact you. If we have to contact you, we will do so by telephone or by writing to you at the email address or postal address you provided to us in your order.

2.4 “Writing” includes emails. When we use the words “writing” or “written” in these terms, this includes emails.

3. Our Contract With You

3.1 How We Will Accept Your Order. Our acceptance of your order will take place when we tell you that we are able to provide you with the services. This will also be confirmed in writing in our Letter of Engagement, at which point a contract will be entered into by you and us.

3.2 What the Letter of Engagement Will Contain. The Letter of Engagement will set out the following information:

Our scope of work

Our fees

Indicative timetable to complete the scope of work

Our team

The person who will be our point of contact at your business

3.3 Conflict with Letter of Engagement. If there is a conflict between the terms of the Letter of Engagement and these terms, the Letter of Engagement shall prevail.

4. Account Registration

4.1 Account Registration and Confidentiality. To access the Service and certain parts of our Websites, you must register for a Polyloop account by creating a username and password. You agree to provide us with accurate, complete, and current registration information about yourself. It is your responsibility to ensure that your password remains confidential and secure, and you agree that you will not allow others to access the Service using your Polyloop account. By registering, you agree that you are fully responsible for all activities that occur under your user name and password. We may assume that any communications we receive under your account have been made by you. If you are a workspace or organization owner or administrator, or if you have confirmed in writing that you have the authority to make decisions on behalf of a workspace or organization (“Account Administrator”), you represent and warrant that you are authorized to to do so and agree that Polyloop is entitled to rely on your instructions.

4.2 Unauthorized Account Use. You are responsible for notifying us at support@polyloop.io if you become aware of any unauthorized use of or access to your account. You understand and agree that we may require you to provide information that may be used to confirm your identity and help ensure the security of your account. Polyloop will not be liable for any loss, damages, liability, expenses or attorneys’ fees that you may incur as a result of someone else using your password or account, either with or without your knowledge and/or authorization, and regardless of whether you have advised us of such unauthorized use. You will be liable for losses, damages, liability, expenses and attorneys’ fees incurred by Polyloop or a third party due to someone else using your account. In the event that the Account Administrator or Customer loses access to an account or otherwise requests information about an account, Polyloop reserves the right in its sole discretion to request from the Account Administrator or Customer any verification it deems necessary before restoring access to or providing information about such an account.

5. Your Rights to Make Changes

5.1 If You Wish To Make a Change to the Services, Please Contact Us. We will let you know if the change is possible. If it is possible, we will let you know about any changes to the price of the services, their timing, or anything else which would be necessary as a result of your requested change and ask you to confirm whether you wish to go ahead with the change.

6. Our Rights to Make Changes

6.1 Minor Changes to the Services. We may change the services: (a) to reflect changes in relevant laws and regulatory requirements; and (b) to implement minor technical adjustments and improvements, for example, to address a security threat. These changes will not affect your use of the services.

7. Providing the Services

7.1 When We Will Provide The Services. We will supply the services to you from the date set out in our Letter of Engagement for the time period set out in the Letter of Engagement. The estimated completion date for the services is as set out in the Letter of Engagement or until either you end the contract for the services as described in clause 7 or we end the contract by written notice to you as described in clause 8.

7.2 Compliance with Laws. We will comply with all applicable laws in our supply of the services in accordance with these terms and conditions and the Letter of Engagement. This includes, but is not restricted to, the 1977 Foreign Corrupt Practices Act. We will ensure that we establish, maintain, and enforce policies and procedures adequate to ensure compliance with these acts. We will notify you immediately in writing of any failure to comply with this clause. We will keep appropriate records of our compliance with these obligations and make such records available on request. If we fail to comply with this clause, you will have the right to terminate the Agreement immediately without further liability and without prejudice to any other rights or remedies that may have accrued to your benefit under or in connection with this Agreement. We will refund you in full all sums paid by you for the provision of the services.

7.3 We Are Not Responsible for Delays Outside of Our Control. If our performance of the services is affected by an event outside our control, we will contact you as soon as possible to let you know and will take steps to minimize the effect of the delay. Provided we do this, we will not be liable for delays caused by the event, but if there is a risk of substantial delay, you may contact us to end the contract and receive a refund for any services you have paid for but not received.

7.4 If You Do Not Allow Us Access To Provide Services. If you have asked us to provide the services to you at your business and you do not allow us access to your business premises as arranged (and you do not have a good reason for this), we may charge you additional costs incurred by us as a result. If, despite our reasonable efforts, we are unable to contact you or re-arrange access to your business, we may end the contract and clause 7.3 will apply.

7.5 Information You Must Provide To Us. The data you supply to us must be accurate and in line with our guidance notes. We will not be responsible for checking the accuracy of the data. The data sources are to be clearly identifiable and open to evaluation by us. We must be provided with access to stakeholders upon reasonable notice. You will be responsible for inputting data unless otherwise agreed in the Letter of Engagement.

7.6 What Will Happen If You Do Not Provide Required Information To Us. As we informed you in the Letter of Engagement, we will need certain information from you so that we can provide the services to you. We will contact you in writing to ask for this information. If you do not, within a reasonable time of us asking for it, provide us with this information, or you provide us with incomplete or incorrect information, we may either end the contract (see clause 8.1) or make an additional charge of a reasonable sum to compensate us for any extra work that is required as a result. We will not be responsible for providing the services late or not providing any part of them if this is caused by you not giving us the information we need within a reasonable time of us asking for it.

7.7 Reasons We May Suspend The Services. We may have to suspend the services to: (a) deal with technical problems or make minor technical changes; (b) update the services to reflect changes in relevant laws and regulatory requirements; (c) make changes to the services as requested by you or notified by us to you (see clause 5).

7.8 Your Rights If We Suspend The Services. We will contact you in advance to tell you we will be suspending the services, unless the problem is urgent or an emergency. If we have to suspend the services for longer than three months in any six-month period, we will adjust the price so that you do not pay for services while they are suspended. You may contact us to end the contract if we suspend the services, or tell you we are going to suspend them, in each case for a period of more than three months, and we will refund any sums you have paid in advance for services not provided to you.

7.9 We May Also Suspend The Services If You Do Not Pay. If you do not pay us for the services when you are supposed to (see clause 10.3) and you still do not make payment within ten days of us reminding you that payment is due, we may suspend supply of the products until you have paid us the outstanding amounts. We will contact you to tell you we are suspending supply of the products. We will not suspend the products where you dispute the unpaid invoice (see clause 10.7). We will not charge you for the services during the period for which they are suspended. As well as suspending the services, we can also charge you interest on your overdue payments (see clause 10.6).

8. Your Rights to End the Contract

8.1 You Can Always End The Contract Before The Services Have Been Supplied And Paid For. You may contact us at any time to end the contract for the services, but in some circumstances, we may charge you certain sums for doing so, as described below.

8.2 What Happens If You Have A Good Reason For Ending The Contract. If you are ending the contract for a reason set out below, the contract will end immediately and we will refund you in full for any services which have not been provided or have not been properly provided. The relevant reasons are: (a) We have committed a material breach of our obligation(s) and, in the case of any such breach which is capable of remedy, failed to remedy the breach within 10 days of notification of such breach; (b) we have told you about an upcoming change to the services or these terms which you do not agree to (see clause 5); (c) we have told you about an error in the price or description of the services you have ordered and you do not wish to proceed; (d) we suspend the services for technical reasons, or notify you we are going to suspend them for technical reasons, in each case for a period of more than 2 months; (e) you have a legal right to end the contract because of something we have done wrong; (f) we enter into liquidation, whether compulsory or voluntarily, other than for the purpose of amalgamation or reconstruction without insolvency; (g) we compound or make any arrangements with our creditors; or (h) we cease, or threaten to cease, to carry on business.

8.3 What Happens If You End The Contract Without A Good Reason. If you are not ending the contract for one of the reasons set out in clause 7.2, the contract will end immediately but we may charge you reasonable compensation for the net costs we will incur as a result of your ending the contract.

9. Our Rights to End the Contract

9.1 We May End The Contract If You Break It. We may end the contract at any time by writing to you if: (a) you do not make any payment to us when it is due and you still do not make payment within ten days of us reminding you that payment is due; (b) you do not, within a reasonable time of us asking for it, provide us with information that is necessary for us to provide the services; (c) you do not provide internal resources sufficient to enable us to complete the reporting process; (d) you do not, within a reasonable time, give us access to your property to enable us to provide the services to you; or (e) it becomes apparent that we are unable to perform the services in a manner that is consistent with our company mission. To the extent that you do not perform the above responsibilities, we have the option, where appropriate, of performing those services for you and you agree to pay us an additional amount to reflect our additional services.

9.2 You Must Compensate Us If You Break The Contract. If we end the contract in the situations set out in clause 8.1(a)-(d), we will refund any money you have paid in advance for services we have not provided, but we may deduct or charge you compensation for the net costs we will incur as a result of your breaking the contract.

9.3 We May Stop Providing The Services. We may write to you to let you know that we are going to stop providing the services. We will let you know at least 1 month in advance of our stopping the services and will refund any sums you have paid in advance for services which will not be provided.

10. If There is a Problem with the Services

10.1 How To Tell Us About Problems. If you have any questions or complaints about the services, please contact us on the email set out above.

10.2 Our Guarantee. We offer the following goodwill guarantee which is in addition to your legal rights and does not affect them. In the unlikely event there is any defect with the services: (a) if remedying the defect is impossible or cannot be done within a reasonable time or without significant inconvenience to you, we will refund the price you have paid for the services. (b) in all other circumstances, we will use every effort to repair or fix the defect free of charge, without significant inconvenience to you, as soon as we reasonably can and, in any event, within 1 month. If we fail to remedy the defect by this deadline, we will refund the price you have paid for the services.

11. Acceptable Use Policy. You acknowledge and agree to comply with these Terms, including the following rules regarding acceptable use of the Service and Websites (the “Acceptable Use Policy”).

11.1 Disruption Of The Service. You may not:

access, tamper with, or use non-public areas of the Service and Websites, Polyloop’s computer systems

probe, scan, or test the vulnerability of any network or circumvent any security measure;

access or search the Service and Websites by any means other than Polyloop’s publicly supported interfaces (for example, “scraping”); or

interfere with or disrupt, or attempt to interfere with or disrupt, our infrastructure or the access of any user, host or network, including, without limitation, by sending a virus, overloading, flooding, spamming, mail-bombing the Service and Websites, or by scripting the creation of User Content interferes with the Service and Websites; or

prompt or otherwise attempt to use artificial intelligence (AI) models to act in a manner that violates these Terms or intentionally circumvents safety filters and functionality of the Service.

11.2 Misuse Of The Service And Websites. You may not use the Service and Websites to carry out, promote or support:

any disinformation, deception, or otherwise fraudulent activities;

the impersonation of another person or entity or the misrepresentation of an affiliation with a person or entity (e.g., “spoofing”, “phishing”);

activities that are defamatory, libelous or threatening, or otherwise constitute hate speech, harassment, or stalking;

the violation of any law or the rights of others (including unlawful tracking, monitoring, and identification or the publishing or sharing of another person’s confidential or personal information without their express authorization and permission);

for harm or abuse of a minor, including grooming and child sexual exploitation;

the sending of unsolicited communications, promotions advertisements, or spam;

the publishing or sharing of malicious content;

the promotion or advertisement of products or services other than your own without appropriate authorization; or

the development of services that compete with Polyloop;

11.3 User Content. You may not post any User Content on the Service or Websites (or otherwise make use of the Service or Websites) in a manner that:

is deceptive, fraudulent, illegal, obscene, defamatory, disparaging, libelous, threatening, or pornographic (including child pornography, which, upon becoming aware of, we will remove and report to law enforcement, including the National Center for Missing and Exploited Children);

suggests any content, information or other outputs generated by AI are human-generated;

criticizes others based on their race, ethnicity, national origin, religion, sex, gender, sexual orientation, disability, or medical condition;

contains any personal information of minors under the age of 16;

contains any sensitive personal information as defined by applicable law (such as financial information, payment card numbers, social security numbers, or health information) without Polyloop’s prior written consent granted as part of a Customer Agreement;

contains viruses, bots, worms, or similar harmful materials;

contains any information that you do not have a right to make available under law or any contractual or fiduciary duty; or

could otherwise cause damage to Polyloop or any third party.

11.4 Artificial Intelligence. If you use any AI or machine learning features and functionality (including third-party models) provided by Polyloop (collectively, “Polyloop AI”), you agree to:

implement appropriate human oversight and safeguards to mitigate potential risks associated with your use of Polyloop AI (i.e., impacts on a person’s fundamental rights, health or safety);

remain responsible for all decisions made, advice given, actions taken, and failures to take action based on your use of Polyloop AI;

provide information about your intended use of Polyloop AI and compliance with this Acceptable Use Policy upon request; and

evaluate Polyloop AI outputs for accuracy and appropriateness in light of the probabilistic nature of AI and potential for producing inaccurate content.

More information on Polyloop AI features and how to manage them can be found in the Polyloop Guide.

11.5 Acceptable Use Violations. If we reasonably believe a violation of this Acceptable Use Policy has occurred or may occur in the near future in a manner that may disrupt the Service or Websites for our Customers or other users, we may suspend or terminate your access to the Service and Websites, without any liability to us and in addition to any other remedies that may be available to us. Polyloop reserves the right to notify the applicable Account Administrator of the foregoing.

12. User Content and Feedback

12.1 User Content and Submissions on the Service. The Service allows you to create tasks and submit associated information, text, files, and other materials (collectively, “User Content”) and to share that User Content with others. User Content submitted or otherwise made available to the Service is subject to the following terms:

12.2 Free User Content. Free Users maintain ownership of the User Content that they submit to the Service (“Free User Content”). By submitting Free User Content, Free Users grant Polyloop a license to access, use, copy, reproduce, process, adapt, publish, transmit, and display that Free User Content, in order to provide the Service, and as permitted by Polyloop’s Privacy Statement, including if required to do so by law or in good faith to comply with legal process. We reserve the right to remove any Free User Content on the Service that violates these Terms or that is otherwise objectionable in Polyloop’s sole discretion.

12.3 Managed User Content on the Service. User Content submitted to the Service by Managed Users is Customer Data, which is owned and controlled by the Customer, in accordance with the Customer Agreement.

12.4 Feedback. The Service and the Websites may have certain features that allow you to submit comments, information, and other materials (collectively, “Feedback”) to Polyloop, and/or share such Feedback with other users, or the public. If you submit Feedback, Polyloop may use such Feedback for any purpose without any compensation or obligation to you. We reserve the right to remove any Feedback posted in our public forums for any reason at our sole discretion.

12.5 User Content and Feedback Representations. You represent and warrant that you have all required rights to submit User Content and Feedback without violation or infringement of any third-party rights. You understand that Polyloop does not control, and is not responsible for, User Content or Feedback, and that by using the Service and/or Websites, you may be exposed to User Content or Feedback from other users that is offensive, indecent, inaccurate, misleading, or otherwise objectionable.

13. Price and Payment

13.1 Fees. Customer will pay for access to and use of the Service as set forth on the applicable Order (“Fees”). All Fees will be paid in the currency stated in the applicable Order or, if no currency is specified, United States Dollars (USD). Payment obligations are non-cancelable and, except as expressly stated in this Agreement, non-refundable. Polyloop may modify its Fees or introduce new fees at its sole discretion. Customer always have the right to choose not to renew their subscription if they do not agree with any new or revised Fees.

13.2 Payment. Polyloop Corporation through its third-party payment processor (“Stripe”) will charge Customer for the Fees via credit card, debit card, or ACH payment, pursuant to the credit card or ACH payment information provided by Customer to Polyloop Corporation. Polyloop Corporation will have the right to charge Customer’s credit card or ACH payment method for any services provided to Customer by Polyloop Corporation under the Order, including recurring Fees. It is Customer’s sole responsibility to provide Polyloop Corporation with current and up to date credit card, debit card, or ACH information; failure to provide such information may result in suspension of Customer’s access to the Services. Polyloop Corporation will also have the right to set-off any Fees due from Customer to Polyloop Corporation. If Customer pays the Fees through a Payment Processor such payment processing will be subject to the terms, conditions, and privacy policies of the Payment Processor in addition to this Agreement. Terms and conditions of the payment processor can be found here https://stripe.com/legal/ssa. Polyloop Corporation is not responsible for any error by, or other acts or omissions of, the Payment Processor. Polyloop Corporation reserves the right to correct any errors or mistakes that the Payment Processor makes even if Polyloop Corporation has already requested or received payment. If authorized by Customer through acceptance of an Order, recurring charges (e.g. monthly billing) will be charged to Customer’s payment method without further authorization from Customer, until Customer terminates this Agreement in accordance with its terms or changes its payment method in Customer’s account in the Service.

13.3 Taxes. Fees do not include any taxes, levies, duties or similar governmental assessments of any nature, including, for example, value-added, sales, use or withholding taxes, assessable by any jurisdiction whatsoever (collectively, “Taxes”). Customer is responsible for paying all Taxes associated with its purchases hereunder. If Polyloop Corporation has the legal obligation to pay or collect Taxes for which Customer is responsible under this section, Polyloop Corporation will invoice Customer and Customer will pay that amount unless Customer provides Polyloop Corporation with a valid tax exemption certificate authorized by the appropriate taxing authority in advance. For clarity, Polyloop Corporation is solely responsible for taxes assessable against it based on its income, property, and employees.

13.4 Failure to Pay. If Customer fails to pay any Fees when due, Polyloop Corporation may suspend Customer’s access to the Service pending payment of such overdue amounts. Customer also authorizes Polyloop Corporation to make multiple re-attempts at charging the Customer’s payment instrument if an initial charge attempt is unsuccessful, without any specific limit on the number of retries. If Customer believes that Polyloop Corporation has billed Customer incorrectly, Customer must contact Polyloop Corporation no later than sixty (60) days after the closing date on the first billing statement in which the error or problem appeared, to receive an adjustment or credit. Once Polyloop Corporation receives notice of a disputed invoice, Polyloop Corporation will review such notice and provide Customer with a written decision regarding the dispute, including documentary support for such decision. If Polyloop Corporation reasonably determines that the amounts billed are, in fact, due, Customer will pay such amounts (if they have not done so already) within ten days of Polyloop Corporation notifying Customer in writing of such decision.

13.5 Where To Find The Price For The Services. The price of the services (which does not include VAT) will be the price we have set out in our Letter of Engagement.

13.6 We Will Pass On Changes In The Rate Of Vat. If the rate of VAT changes between your order date and the date we provide the services, we will adjust the rate of VAT that you pay, unless you have already paid for the services in full before the change in the rate of VAT takes effect.

13.7 Additional Fees. If, during the course of our services for you, a need for additional services not set out in the Letter of Engagement is identified, agreement to these additional services will be obtained from you before any expenditure is incurred.

13.8 When You Must Pay And How You Must Pay. The Letter of Engagement will set out our fees. You must pay each invoice within 30 calendar days after the date of the invoice.

13.9 What To Do If You Think An Invoice Is Wrong. If you think an invoice is wrong, please contact us promptly to let us know. You will not have to pay any interest until the dispute is resolved. Once the dispute is resolved, we will charge you interest on correctly invoiced sums from the original due date.

14. Term and Termination

14.1 Agreement Term and Renewals. Subscriptions to access and use the Service commence on the start date stated on the applicable Order (“Subscription Start Date”) and continue for the duration of the Subscription Period. Customer may choose not to renew its Subscription Period by notifying Polyloop Corporation at support@polyloop.io (provided that Polyloop Corporation confirms such cancellation in writing) or by modifying its subscription through Customer’s account within the Service. This Agreement will become effective on the first day of the Subscription Period and remain effective for the duration of the Subscription Period stated on the Order along with any renewals of the Subscription Period and any period that Customer is using the Service even if such use is not under a paid Order (“Term”). If the parties terminate this Agreement, it will automatically terminate all Orders. If Customer cancels or does not renew its paid subscription to the Service, Customer’s subscription will be accessible but will automatically be downgraded to a version of the Service with diminished features and functionality that Polyloop Corporation offers to unpaid subscribers (“Free Version”). If Customer or Polyloop Corporation terminates this Agreement or Customer deletes its workspace within the Service, Customer will not have access to the Free Version.

14.2 Termination. Either party may terminate this Agreement upon written notice to the other party if the other party materially breaches this Agreement and such breach is not cured within thirty (30) days after the breaching party’s receipt of such notice. Polyloop Corporation may terminate Customer’s access to the Free Version at any time upon notice to Customer.

14.3. Effect of Termination. If Customer terminates this Agreement because of Polyloop Corporation’s uncured breach, Polyloop Corporation will refund any unused, prepaid Fees for the remainder of the then-current Subscription Period. If Polyloop Corporation terminates this Agreement because of Customer’s uncured breach, Customer will pay any unpaid Fees covering the remainder of the then-current Subscription Period after the effective date of termination, if any. In no event will any termination relieve the Customer of the obligation to pay any Fees payable to Polyloop Corporation for the period prior to the effective date of termination. Upon any termination of this Agreement, all rights and licenses granted by Polyloop Corporation hereunder will immediately terminate; Customer will no longer have the right to access or use the Service. Within thirty (30) days of termination of this Agreement for cause, upon Customer’s request following termination, or if Customer deletes its workspace within the Service, Polyloop Corporation will delete Customer’s User Information, including passwords and all related information, files, and User Submissions, unless Customer requests an earlier deletion in writing. If Customer is using the Free Version, Polyloop Corporation will retain User Submissions and User Information to facilitate such use. Polyloop Corporation may delete all User Submissions or User Information if Customer maintains an account in the Free Version but such account is not used for a period of one (1) year or more.

14.4 Where To Find The Price For The Services. The price of the services (which does not include VAT) will be the price we have set out in our Letter of Engagement.

14.5 We Will Pass On Changes In The Rate Of VAT. If the rate of VAT changes between your order date and the date we provide the services, we will adjust the rate of VAT that you pay, unless you have already paid for the services in full before the change in the rate of VAT takes effect.

14.6 Additional Fees. If, during the course of our services for you, a need for additional services not set out in the Letter of Engagement is identified, agreement to these additional services will be obtained from you before any expenditure

is incurred.

14.7 When You Must Pay And How You Must Pay. The Letter of Engagement will set out our fees. You must pay each invoice within 30 calendar days after the date of the invoice.

14.8 What To Do If You Think An Invoice Is Wrong. If you think an invoice is wrong please contact us promptly to let us know. You will not have to pay any interest until the dispute is resolved. Once the dispute is resolved we will charge you interest on correctly invoiced sums from the original due date

15. Customer Data & Security

15.1 All Customers Own All Rights, Titles And Interest In Their Data. The Customer shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of their data.

15.2 Loss Or Damage To Data. In the event of any loss or damage to Customer Data, Polyloop Corporation shall use reasonable commercial endeavors to restore the lost or damaged Customer Data from the latest back-up, this will be the Customer's sole and exclusive remedy. Polyloop Corporation shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party.

15.3 Polyloop Corporation Will Comply With Its Privacy Policy. The Privacy Policy may be amended from time to time by Polyloop Corporation at its sole discretion.

15.4 If Polyloop Corporation processes any personal data on the Customer's behalf when performing its obligations under this Agreement, the parties record their intention that the Customer shall be the data controller and Polyloop Corporation shall be a data processor, defined as such:

Data Controller - the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed.

Data Processors - means any natural or legal person who processes the data on behalf of the Data Controller.

15.4.1 To provide services to you, we may need to share your personal information with parties located within the United States, where data protection laws are in place to protect your privacy. We will take reasonable steps to ensure the privacy of your information and will comply with current legislation before any such sharing occurs

15.4.2 If applicable, the Customer shall ensure that relevant third parties within the US have been informed of, and have given their consent to, such use, processing, and transfer, in accordance with all applicable data protection legislation.

15.4.3 Polyloop Corporation will process personal data solely in line with the terms of this Agreement and any lawful instructions reasonably provided by the Customer, ensuring data remains within the US.

15.4.4 Both parties shall implement appropriate technical and organizational measures to prevent unauthorized or unlawful processing of personal data, as well as accidental loss, destruction, or damage.

15.5 The Processor shall implement and maintain adequate security measures to standards no less than those imposed on the Controller under the Data Protection Legislation whilst it continues to Process the Data on behalf of the Controller, such measures shall include (but not be to):

15.5.1 Encryption: Data is encrypted as part of the cloud computing service. This service uses industry-accepted encryption products to protect customer data and communications during transmissions between a customer and Polyloop Corporation, including 128-bit TLS Certificates and 2048-bit RSA public keys at a minimum. Additionally, Customer Data is encrypted during transmission between data centers for replication purposes. All Personal Data is processed through Polyloop Corporation private infrastructure hosted by AWS.

15.5.2 Backup: All data submitted to Polyloop Corporation is automatically replicated on a near real-time basis to a secondary data center site. It is backed up on a regular basis and stored on backup media for 3 days, after which it is securely overwritten or deleted. Any backups are verified for integrity and stored in the same data centers as their instance. At Polyloop Corporation we maintain a weekly backup of data, stored securely with access permissions to key personnel. We have a policy of not moving commercially sensitive data on removable media.

15.5.3 Resilience: All Polyloop Corporation network accelerators, load balancers, web servers and application servers are configured in a redundant configuration. All Customer Data submitted to Polyloop Corporation is stored on a primary database server with multiple active clusters for higher availability. All Customer Data submitted to Polyloop Corporation is stored on highly redundant carrier-class disk storage and multiple data paths to ensure reliability and performance. The Polyloop Corporation development environment provides various protections against malicious code which are implemented in the Polyloop Corporation application with the Web Application Firewall.

15.5.4 Disaster recovery: Polyloop Corporation supports disaster recovery with a dedicated team and a 4 hour recovery point objective (RPO) and 12 hour recovery time objective (RTO). Polyloop Corporation maintains a Business Continuity Plan outlining business risks, detailing the impact and response to any disruption, and appropriate recovery strategies.

15.5.5 Incident notification: Incident detection and response is part of the security procedures that are incorporated into Polyloop Corporation standard practices. Polyloop Corporation also uses security scanners to analyze and monitor the product for potential security issues. Polyloop Corporation maintains security incident management policies and procedures, and will promptly notify their customers of any actual or reasonably suspected unauthorized disclosure of their respective data. In the event of a disruption or other incident, we would notify our customers directly by email based on our customer usage.

16. Proprietary Rights

Polyloop and its licensors exclusively own all right, title, and interest in and to all intellectual property rights in the Service and Websites. You agree to abide by all applicable copyright and other laws, as well as any additional copyright notices or restrictions contained in the Service and Websites. All present and future rights in and to trade secrets, patents, copyrights, trademarks, service marks, know-how, and other proprietary rights of any type under the laws of any governmental authority, domestic or foreign, including without limitation rights in and to all applications and registrations relating to the Service and Websites shall, as between you and Polyloop, at all times be and remain the sole and exclusive property of Polyloop.

17. The Platform. Subject to your compliance with these Terms, we grant you a , non-exclusive, non-sublicensable, non-transferable, and revocable right to access and use the Service and Websites only for your own internal use (or for internal uses authorized by the applicable Account Administrator), and only in a manner that complies with these Terms and all legal requirements that apply to you or your use of the Service and Websites. Polyloop may revoke this license at any time, in its sole discretion.

17.1 Intellectual Property. The copyright in the material contained in the Platform (save for the products/ outcomes of the services) and any trademarks and brands included in that material belongs to us or our licensors. We grant to you a non-exclusive, non-transferable, license to use such IPR for Your own internal business purposes with a right to sub-license such IPR on equivalent terms to an entity within the [company name] Group.

17.1.1 We assign to You by way of present and future assignment, with full title guarantee and free from all third party rights, all intellectual property rights and all other rights in the products and /or outcomes of the services.

17.1.2 We will, promptly at Your request, do (or procure to be done) all such acts and things and the execution of all such other documents as the You may from time to time require for the purpose of securing for You the full benefit of the Agreement, including right, title and interest in and to the intellectual property rights and all other rights assigned to the You in accordance with clause 11.1A.

17.1.2 Accuracy of Information. We will use reasonable endeavors to ensure that the information available on the Platform is, at all reasonable times, accurate. We will use all reasonable endeavors to correct errors and omissions as quickly as practicable after becoming aware or being notified of the same.

17.1.3 Changes to the Platform. We may also change, suspend or discontinue any aspect of the Platform, including the availability of any features, information, database or content or restrict access to parts or all of the platform without notice or liability.

17.2 Our responsibility for loss or damage suffered by you

17.3 We are responsible to you for foreseeable loss and damage caused by us. If we fail to comply with these terms, we are responsible for loss or damage you suffer that is a foreseeable result of our breaking this contract or our failing to use reasonable care and skill, but we are not responsible for any loss or damage that is not foreseeable. Loss or damage is foreseeable if either it is obvious that it will happen or if, at the time the contract was made, both we and you knew it might happen, for example, if you discussed it with us during the sales process.

17.4 We do not exclude or limit in any way our liability for the following:

(a) death or personal injury caused by our negligence or the negligence of our employees, agents or subcontractors;

(b) for fraud or fraudulent misrepresentation;

(c) for breach of your legal rights in relation to the services;

(d) for Our liability under clause 13 (data protection).

17.5 Total Liability. Subject to clause 12.2, Our total liability to you in respect of all other losses arising under or in connection with the services, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, shall in no circumstances exceed the fees received from you.

17.6 We are not liable for business losses. We will have no liability to you for any loss of profit, loss of business, business interruption, or loss of business opportunity.

17.7. Data Protection For the purposes of this clause, the following terms will have the definitions set out below:

“Data” has the meaning given in the Data Protection Legislation and more specifically means data as described in Appendix 1 to be made available by the Controller to the Processor for the purposes of providing the services;

“Data Controller” means the Customer as per the definition in the Data Protection Legislation;

“Data Processor” means the Supplier as per the definition in the Data Protection Legislation;

“Data Protection Legislation” means, for the periods in which they are in force in the United Kingdom, the Data Protection Act 1998, the EU Data Protection Directive 95/46/EC, the Regulation of Investigatory Powers Act 2000, the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000, the Electronic Communications Data Protection Directive 2002/58/EC, the Privacy and Electronic Communications (EC Directive) Regulations 2003, the GDPR and all applicable Laws and regulations relating to processing of personal data and privacy, including where applicable the guidance and codes of practice issued by the Information Commissioner, in each case as amended or substituted from time to time;

“Data Subject” has the meaning given to it by the Data Protection Legislation;

“GDPR” means (a) the General Data Protection Regulations (Regulation (EU) 2016/679) which comes into force on 25 May 2018; and (b) any equivalent legislation amending or replacing the General Data Protection Regulations (Regulation (EU) 2016/679;

“Personal Data” has the meaning as set out in the Data Protection Legislation which forms part of the Data; “Personal Data Breach” has the meaning as set out in the Data Protection Legislation; “Processing” has the meaning as set out in the Data Protection Legislation and “Process” and “Processed” shall be construed accordingly;

“Special Categories of Personal Data” means Sensitive Personal Data or Special Categories of Personal Data, as defined in the Data Protection Legislation, which is Processed by the Data Processor on behalf of the Data Controller pursuant to or in connection with the Agreement;

17.8 Both parties shall duly observe all their obligations under the Data Protection Legislation which arise in connection with the contract and shall not perform their obligations in such a way as to cause the other party to breach any of

its obligations under the Data Protection Legislation.

17.9 With respect to the parties’ rights and obligations under the contract, the Parties agree that [company name] Group is the Data Controllers and that the Polyloop Corporation is the Data Processor.

17.10 The Data Controller shall not disclose any Personal Data to the Data Processor save where it is lawful and in a form which is lawful.

17.11 The subject-matter and duration of the Processing, nature and purpose of the Processing, types of Personal Data, and categories of Data Subjects are set out in Appendix 1 to these Terms and Conditions.

17.12 The Data Controller may make reasonable amends to Appendix 1 by written notice to the Data Processor from time to time as the Data Controller considers necessary to meet the requirements of the Data Protection Legislation.

17.13 The Processor agrees to only Process the Data in accordance with these Terms and Conditions and, subject to the overriding requirements of Data Processing Legislation, undertakes to:

17.14.1 only process the Personal Data for and on behalf of the Controller, strictly in accordance with the written instructions of the Data Controller, unless the Processing is required by applicable laws to which the Data Processor is subject, in which case the Data Processor shall to the extent permitted by such applicable laws inform the Data Controller of that legal requirement before Processing;

17.14.2 ensure that any personnel with access to Personal Data are subject to a duty of confidentiality (whether contractual or statutory) and ensure that access is strictly to those individuals who need to know/access

the Personal Data;

17.14.3 taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Data Processor shall, in relation to the Personal Data, implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred

to in Article 32(1) of the GDPR;

17.14.4 only engage Subcontractors with the prior written consent of the Data Controller and under a written contract,

imposing the same data protection obligations as set out in the Agreement, remaining liable to the Data Controller for compliance of any Sub-Contractor engaged and informing the Data Controller of any changes concerning the addition or replacement of Sub-Contractors giving the Data Controller sufficient opportunity to object to such changes;

17.14.5 assist the Data Controller by appropriate technical and organizational measures, insofar as possible, for the fulfillment of the Data Controller’s obligations to respond to requests for exercising the Data Subject’s rights laid

down in the Data Protection Legislation;

17.14.6 notify the Data Controller within five (5) Working Days if it receives a request from a Data Subject under the Data Protection Legislation in respect of the Personal Data and not respond to any such request without the written authorization of the Data Controller or as required by the Data Protection Legislation to which the Data Processor is subject but only after informing the Data Controller of such legal requirement before responding to the request;

17.14.7 notify the Data Controller without undue delay, and at least within 48 hours, upon becoming aware of a Personal Data Breach, providing the Data Controller with sufficient information to allow it to meet its obligations under the Data Protection Legislation and to enable the Controller to report the breach to the Information

Commissioner’s Office within the 72 hour deadline imposed by the GDPR and assist the Data Controller, as directed, in the investigation, mitigation and remediation of such Personal Data Breach;

17.14.8 assist the Data Controller in ensuring compliance with the obligations pursuant to the Data Protection Legislation taking into account the nature of the Processing for the purposes of the Agreement and the information available

to the Data Processor, including but not to those obligations relating to (a) security of processing; (b) notification of a Personal Data Breach to the Information Commissioner’s Office; (c) communication of a Personal Data Breach to the Data Subject; and (d) Data Protection impact assessments and any subsequent consultations with the Information Commissioner’s Office;

17.14.5 on the expiry or termination of the Agreement, promptly upon request from the Data Controller (at the Data Controller’s discretion) either: (a) return all Personal Data to the Data Controller and delete all existing copies, or procure such deletion; or (b) securely destroy such Personal Data, unless an applicable law requires storage of the Personal Data but only to the extent and for such period as required by such law;

17.14.11 notify the Data Controller of the deletion of Personal Data in accordance with Clause 1.6.9 within 21 days of the expiry or termination of the Agreement;

17.14.12 not transfer Personal Data outside the European Economic Area (EEA) without the prior written consent of the Data Controller;

17.14.13 make available to the Data Controller on request all information necessary to demonstrate compliance with the Data Protection Legislation, and allow for and contribute to audits, including inspections, by the Data Controller or an auditor mandated by the Data Controller including to permit the Data Controller or its external advisers (subject to reasonable and appropriate confidentiality undertakings) to inspect and audit the Data Processor’s data processing activities and those of its agents, subsidiaries and sub-contractors and comply with all

reasonable requests or directions by the Data Controller to enable the Data Controller to verify and procure that the Data Processor is in full compliance with its obligations under the Agreement.

17.15 The Data Processor shall, at all times during and after the term of the Agreement, indemnify the Data Controller and keep the Data Controller indemnified against all losses, damages, costs or expenses and other liabilities (including

legal fees) incurred by, awarded against or agreed to be paid by the Data Controller arising from any breach of the Data Processor’s obligations under this clause except and to the extent that such liabilities have resulted directly from the Data Controller’s instructions.

17.16 The provisions of this clause shall apply during the continuance of the Agreement and indefinitely after its expiry or termination.

18. Other important terms

18.1 You may only transfer your rights under our guarantee to someone else. You may only transfer your rights or your obligations under these terms to another person with our written consent. We may withhold our consent.

18.2 Nobody else has any rights under this contract. This contract is between you and us. Save for [company name] Group (as defined in the Letter of Engagement), no other person shall have any rights to enforce any of its terms. Neither of us will need the consent of any person acquiring rights under our guarantee to end the contract or make any changes to these terms.

18.3 Notices. Any notice or other communication given by us or you shall be in writing, addressed to us or you at the registered office (if it is a company) or its principal place of business (in any other case) or such other address as we

or you may have specified in writing, and shall be delivered personally or sent by prepaid first-class post or other next working day delivery service, or by commercial courier, or e-mail. A notice or other communication shall be

deemed to have been received: if delivered personally, when left at the address referred to in the Letter of Engagement; if sent by pre-paid first class post or other next working day delivery service, at 9.00 am on the second business day after posting; if delivered by commercial courier, on the date and at the time that the courier’s delivery receipt is signed; or, if sent by email, on the sending of the e-mail.

18.4 Exclusive Terms. These terms apply to the Agreement to the exclusion of any other terms that you may seek to impose or incorporate, or which are implied by trade, custom, practice or course of dealing.

18.5 If a court finds part of this contract illegal, the rest will continue in force. Each of the paragraphs of these terms operates separately. If any court or relevant authority decides that any of them are unlawful, the remaining paragraphs will remain in full force and effect.

18.6 Even if we delay in enforcing this contract, we can still enforce it later. If we do not insist immediately that you do anything you are required to do under these terms, or if we delay in taking steps against you in respect of your breaking this contract, that will not mean that you do not have to do those things or prevent us taking steps against you at a later date. For example, if you miss a payment and we do not chase you but we continue to provide the services, we can still require you to make the payment at a later date.

18.7 Dispute Resolution. Any and all disputes relating to this Agreement and/or the subject matter of it, shall in the first instance be referred to the parties contract managers for resolution. Upon such referral the contract managers shall meet within 5 days of such referral to resolve the issue. If the contract managers cannot resolve the issue within 5 days of their meeting, the matter shall be referred to the parties senior management for resolution. If the Senior Managers cannot resolve the issue within 10 days of their meeting over it, the parties shall be free to refer the matter

to meditation or other alternative dispute resolution procedures.

18.8 Which laws apply to this contract and where you may bring legal proceedings. These terms are governed by English law and you can bring legal proceedings in respect of the services in the English courts.

19. WARRANTIES, DISCLAIMER, AND LIMITATION OF LIABILITY

THE SERVICE AND WEBSITES AND USER CONTENT, WHETHER PROVIDED BY POLYLOOP, ITS LICENSORS, ITS VENDORS OR ITS USERS, AND OTHER INFORMATION ON OR ACCESSIBLE FROM THE SERVICE AND WEBSITES ARE PROVIDED “AS IS” WITHOUT WARRANTY, REPRESENTATION, CONDITION, OR GUARANTEE OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT TO ANY IMPLIED WARRANTIES, REPRESENTATIONS, CONDITIONS OR GUARANTEES OF QUALITY, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ALL OF WHICH ARE DISCLAIMED TO THE FULLEST EXTENT PERMITTED BY LAW. SPECIFICALLY, BUT WITHOUT LIMITATION, POLYLOOP DOES NOT WARRANT THAT: (i) THE INFORMATION AVAILABLE ON THE SERVICE AND WEBSITES IS FREE OF ERRORS; (ii) THE FUNCTIONS OR FEATURES (INCLUDING BUT NOT TO MECHANISMS FOR THE DOWNLOADING AND UPLOADING OF USER CONTENT) WILL BE UNINTERRUPTED, SECURE, OR FREE OF ERRORS; (iii) DEFECTS WILL BE CORRECTED, OR (iv) THE SERVICE AND WEBSITES OR THE SERVER(S) THAT MAKE THE SERVICE AND WEBSITES AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. POLYLOOP DOES NOT WARRANT, ENDORSE, GUARANTEE OR ASSUME RESPONSIBILITY FOR ANY PRODUCT OR SERVICE ADVERTISED OR OFFERED BY A THIRD PARTY THROUGH THE SERVICE AND WEBSITES OR ANY WEBSITE FEATURED OR LINKED TO THROUGH THE SERVICE AND WEBSITES, AND POLYLOOP WILL NOT BE A PARTY TO OR IN ANY WAY BE RESPONSIBLE FOR MONITORING ANY TRANSACTION BETWEEN YOU AND THIRD-PARTY PROVIDERS OF PRODUCTS OR SERVICE AND WEBSITES. POLYLOOP WILL NOT BE LIABLE FOR THE OFFENSIVE OR ILLEGAL CONDUCT OF ANY THIRD PARTY. YOU VOLUNTARILY ASSUME THE RISK OF HARM OR DAMAGE FROM THE FOREGOING. THE FOREGOING LIMITATIONS WILL APPLY EVEN IF A REMEDY FAILS OF ITS ESSENTIAL PURPOSE AND TO THE FULLEST EXTENT PERMITTED BY LAW.

IN NO EVENT SHALL POLYLOOP OR ITS AFFILIATES, LICENSORS, VENDORS, OR ANY OF THEIR RESPECTIVE DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, OR OTHER REPRESENTATIVES BE LIABLE TO YOU OR ANY OTHER PERSON OR ENTITY FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES (INCLUDING, BUT NOT TO, DAMAGES FOR LOSS OF PROFITS, LOSS OF DATA, LOSS OF USE, OR COSTS OF OBTAINING SUBSTITUTE GOODS OR SERVICES), ARISING OUT OF OR IN CONNECTION WITH THE SERVICE AND WEBSITES, ANY MATERIALS, INFORMATION, OR RECOMMENDATIONS APPEARING ON THE SERVICE AND WEBSITES, OR ANY LINK PROVIDED ON THE SERVICE AND WEBSITES, WHETHER OR NOT POLYLOOP HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND WHETHER BASED UPON WARRANTY, CONTRACT, TORT, STRICT LIABILITY, VIOLATION OF STATUTE, OR OTHERWISE. THIS EXCLUSION OF LIABILITY SHALL APPLY TO THE FULLEST EXTENT PERMITTED BY LAW. IN ANY EVENT, OUR AGGREGATE LIABILITY WILL NOT EXCEED $100.

Some countries and U.S. jurisdictions do not allow the exclusion of certain warranties or the limitation or exclusion of liability for incidental or consequential damages such as above in this section 9. Accordingly, some of the above limitations may not apply to you.

20. Indemnification

YOU AGREE TO INDEMNIFY, DEFEND, AND HOLD POLYLOOP, ITS AFFILIATES, AND ITS RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, MEMBERS, SHAREHOLDERS, CONTRACTORS, OR REPRESENTATIVES HARMLESS FROM AND AGAINST ANY CLAIM OR DEMAND, INCLUDING WITHOUT LIMITATION, REASONABLE ATTORNEYS’ FEES, MADE IN CONNECTION WITH OR ARISING OUT OF YOUR USE OF THE SERVICE AND WEBSITES, YOUR CONNECTION TO THE SERVICE AND WEBSITES, YOUR VIOLATION OF THE TERMS, YOUR VIOLATION OF AN APPLICABLE LAW, YOUR SUBMISSION, POSTING, OR TRANSMISSION OF USER CONTENT TO THE SERVICE AND WEBSITES, AND/OR YOUR VIOLATION OF ANY RIGHTS OF ANOTHER INDIVIDUAL OR ENTITY. WE RESERVE THE RIGHT TO ASSUME THE EXCLUSIVE DEFENSE AND CONTROL OF SUCH DISPUTES, AND IN ANY EVENT YOU WILL COOPERATE WITH US IN ASSERTING ANY AVAILABLE DEFENSES.

21. Third-Party Links, Services and Websites

The Service and Websites may include information and content provided by third parties, including links to third-party websites, resources, and/or goods and services. Polyloop is not responsible and will not be liable for any damages or losses caused by or relating to, (i) any content, advertising, products, or other materials on or available from such sites or resources, (ii) the availability of or any errors or omissions in such websites or resources, or (iii) any information handling practices or other business practices of the operators of such sites or resources. Your interactions with such third parties will be governed by the third parties’ own terms of service and privacy policies, and any other similar terms.

22. General Terms

22.1 Modifications to the Service. We reserve the right at any time to modify or discontinue, temporarily or permanently, the Service and Websites (or any part thereof), with or without notice. You agree that Polyloop shall not be liable to you or any third party for any modification, suspension or discontinuation of the Service and Websites.

22.2 Controlling Law. These Terms will be governed by the laws of California notwithstanding its conflicts of law principles. However, some countries (including those in the European Union) have laws that require agreements to be governed by the local laws of the consumer’s country. This paragraph does not override those laws.

22.3 Initial Dispute Resolution. Most disputes can be resolved without resort to formal dispute resolution. If you take any issue with us or our Service, you agree that before taking any formal action, you will contact us at support@polyloop.com and provide a brief, written description of the dispute and your contact information (including your username, if your dispute relates to an account). Except for intellectual property and small claims court claims, the parties agree to use their best efforts to settle any dispute, claim, question, or disagreement directly through consultation with Polyloop, and good faith negotiations shall be a condition to either party initiating a lawsuit .

22.4 No Waiver. The failure of Polyloop to exercise or enforce any right or remedy in these Terms does not waive that right or remedy. If any provision of these Terms is found to be invalid or unenforceable, the parties agree that the court should endeavor to give effect, to the maximum extent permitted by law, to the parties’ intentions as reflected in the provision, and the other provisions of these Terms will remain in full force and effect.

22.5 Third-Party Beneficiaries. You agree that, except as otherwise expressly provided in these Terms, there shall be no third-party beneficiaries to these Terms.

22.6 Entire Agreement. These Terms (and all terms and conditions incorporated herein) constitute the entire agreement between you and Polyloop, and supersede any prior agreements between you and Polyloop on the subject matter. To the extent of any conflict or inconsistency between the provisions in these Terms and any other terms or resources referenced in these Terms, the terms contained directly in these Terms will first prevail; provided, however, that if there is a conflict or inconsistency between an applicable Customer Agreement and these Terms, the terms of the Customer Agreement will first prevail, followed by the provisions in these Terms, and then followed by the pages referenced in these Terms (e.g., the Privacy Statement). The applicable Customer will be responsible for notifying Managed Users of those conflicts or inconsistencies and until such time the terms set forth herein will be binding.

22.7 Translations. Any non-English translations of these Terms are provided for convenience only. In the event of any ambiguity or conflict between translations, the English version shall control.

22.8 Miscellaneous. These Terms, and any rights or licenses granted hereunder, may not be assigned or delegated by you. These Terms, and any rights or licenses granted hereunder, may be assigned or delegated by Polyloop without restriction. These Terms bind and inure to the benefit of each party and the party’s successors and permitted assigns. These Terms may not be modified by an oral statement by a representative of Polyloop. No agency, partnership, joint venture or employee-employer relationship is intended or created by these Terms. You agree that any agreements made by and between you and us in electronic form are as legally binding as if made in physical written form. If you are using the Service and Websites for or on behalf of the U.S. government, your license rights do not exceed those granted to non-government consumers. The section titles in these Terms are for convenience only and have no legal or contractual effect. Any provision of these Terms that by its nature is reasonably intended to survive beyond their termination or expiration shall survive. Notwithstanding the generality of the foregoing, the following sections shall survive any termination or expiration of these Terms: Sections 1 (Introduction); 2 (How These Terms Apply); 7 (Proprietary Rights); 8 (User Content and Feedback); 9 (Warranties, Disclaimer, and Limitation of Liability); 10 (Indemnification); and 12 (General Terms).

APPENDIX 1: DATA PROCESSING

This Appendix includes certain details of the Processing of Personal Data as required by the Data Protection Legislation.

1 THE SUBJECT-MATTER AND DURATION OF THE PROCESSING

1.1 The subject-matter and duration of the Processing of Personal Data in accordance with this Agreement shall consist of:

1.1.1 Subject Matter: the provision of services to [company name] Group by Polyloop Corporation , as set out in the Letter of Engagement.

1.1.2 Duration of the Processing: the duration of the processing shall be for the term designated under the agreement between Polyloop Corporation and [company name] Group.

2 THE NATURE AND PURPOSE OF THE PROCESSING

2.1 The subject-matter and duration of the Processing of Personal Data in accordance with this Agreement shall consist of:

2.1.1 Polyloop Corporation will process the Personal Data for the purposes of providing services to [company name] Group, as set out in our Letter of Engagement.

3 THE TYPES OF PERSONAL DATA TO BE PROCESSED

3.1 The types of Personal Data that shall be processed in accordance with this Agreement will be:

3.1.1 The Personal Data that shall be processed in accordance with this Agreement shall include names, telephone numbers, email addresses, job titles.

4 CATEGORIES OF DATA SUBJECTS TO WHOM PERSONAL DATA RELATES

4.1 The categories of individuals whose Personal Data is processed in accordance with this Agreement will be: Employees


1. These terms

1.1 What these terms cover. These are the terms and conditions on which we supply services to you as set out in the Letter of Engagement and upon which you are granted access to Polyloop (“The Platform”).

2. Information about us and how to contact us

2.1 Who we are. We are Policy Platforms Limited, a company registered in Northern Ireland, UK. Our company registration number is NI681353 and our registered office is at Portview Trade Centre, 310 Newtownards Road, Belfast, Northern Ireland, BT4 1HE

2.2 How to contact us. You can contact us by telephoning our service team at +44 (0)2033 550530 or by writing to us at support@polyloop.io AND Reception, Portview Trade Centre, 310 Newtownards Road, Belfast, Northern Ireland, BT4 1HE

2.3 How we may contact you. If we have to contact you we will do so by telephone or by writing to you at the email address or postal address you provided to us in your order.

2.4 “Writing” includes emails. When we use the words “writing” or “written” in these terms, this includes emails.

3. Our contract with you

3.1 How we will accept your order. Our acceptance of your order will take place when we tell you that we are able to provide you with the services. This will also be confirmed in writing in our Letter of Engagement, at which point a contract will be entered into by you and us.

3.2 What the Letter of Engagement will contain. The Letter of Engagement will set out the following information:
– Our scope of work
– Our fees
– Indicative timetable to complete the scope of work
– Our team
– The person who will be our point of contact at your business

3.3 Conflict with Letter of Engagement. If there is a conflict between the terms of the Letter of Engagement and these terms, the Letter of Engagement shall prevail.

4. Your rights to make changes

4.1 If you wish to make a change to the services please contact us. We will let you know if the change is possible. If it is possible we will let you know about any changes to the price of the services, their timing or anything else which
would be necessary as a result of your requested change and ask you to confirm whether you wish to go ahead with the change.

5. Our rights to make changes

5.1 Minor changes to the services. We may change the services:
(a) to reflect changes in relevant laws and regulatory requirements; and
(b) to implement minor technical adjustments and improvements, for example to address a security threat.
These changes will not affect your use of the services.

6. Providing the services

6.1 When we will provide the services. We will supply the services to you from the date set out in our Letter of Engagement for the time period set out in the Letter of Engagement. The estimated completion date for the services is as set out in the Letter of Engagement or until either you end the contract for the services as described in clause 7 or we end the contract by written notice to you as described in clause 8.

6.2 We will comply with all applicable law in our supply of the services in accordance with these terms and conditions and the Letter of Engagement, which for the avoidance of doubt will include, but not be limited to, the Bribery Act 2010 and the Modern Slavery Act 2015. We will ensure that we establish, maintain and enforce policies and procedures which are adequate to ensure compliance with the Modern Slavery Act 2015 and the Bribery Act 2010 and to prevent the concurrence of a Prohibited Act (as defined in the Bribery Act 2010). We will notify You immediately in writing of any failure to comply with this clause. We will keep appropriate records of our compliance with these obligations and make such records available on request. If We fail to comply with this clause, You will have the right to terminate the Agreement immediately without further liability and without prejudice to any other rights or remedies that may have accrued to your benefit under or in connection with this Agreement. We will refund you in full all sums paid by You for the provision of the services.

6.3 We are not responsible for delays outside of our control. If our performance of the services is affected by an event outside our control then we will contact you as soon as possible to let you know and we will take steps to minimise the effect of the delay. Provided we do this we will not be liable for delays caused by the event but if there is a risk of substantial delay you may contact us to end the contract and receive a refund for any services you have paid for but not received.

6.4 If you do not allow us access to provide services. If you have asked us to provide the services to you at your business and you do not allow us access to your business premises as arranged (and you do not have a good reason for this)
we may charge you additional costs incurred by us as a result. If, despite our reasonable efforts, we are unable to contact you or re-arrange access to your business we may end the contract and clause 7.3 will apply.

6.5 Information you must provide to us. The data you supply to us must be accurate and in line with our guidance notes. We will not be responsible for checking the accuracy of the data. The data sources are to be clearly identifiable and
open to evaluation by us. We must be provided with access to stakeholders upon reasonable notice. You will be responsible for inputting data unless otherwise agreed in the Letter of Engagement.

6.6 What will happen if you do not provide required information to us. As we informed you in the Letter of Engagement, we will need certain information from you so that we can provide the services to you. We will contact you in writing to ask for this information. If you do not, within a reasonable time of us asking for it, provide us with this information, or you provide us with incomplete or incorrect information, we may either end the contract (see clause 8.1) or make an additional charge of a reasonable sum to compensate us for any extra work that is required as a result. We will not be responsible for providing the services late or not providing any part of them if this is caused by you not giving us the information we need within a reasonable time of us asking for it.

6.7 Reasons we may suspend the services. We may have to suspend the services to:
(a) deal with technical problems or make minor technical changes;
(b) update the services to reflect changes in relevant laws and regulatory requirements;
(c) make changes to the services as requested by you or notified by us to you (see clause 5).

6.8 Your rights if we suspend the services. We will contact you in advance to tell you we will be suspending the services, unless the problem is urgent or an emergency. If we have to suspend the services for longer than three months in any six month period we will adjust the price so that you do not pay for services while they are suspended. You may contact us to end the contract if we suspend the services, or tell you we are going to suspend them, in each case for a period of more than three months and we will refund any sums you have paid in advance for services not provided to you.

6.9 We may also suspend the services if you do not pay. If you do not pay us for the services when you are supposed to (see clause 10.3) and you still do not make payment within ten days of us reminding you that payment is due, we may suspend supply of the products until you have paid us the outstanding amounts. We will contact you to tell you we are suspending supply of the products. We will not suspend the products where you dispute the unpaid invoice (see clause 10.7). We will not charge you for the services during the period for which they are suspended. As well as suspending the services we can also charge you interest on your overdue payments (see clause 10.6).

7. Your rights to end the contract

7.1 You can always end the contract before the services have been supplied and paid for. You may contact us at any time to end the contract for the services, but in some circumstances we may charge you certain sums for doing so,
as described below.

7.2 What happens if you have good reason for ending the contract. If you are ending the contract for a reason set out below the contract will end immediately and we will refund you in full for any services which have not been provided or have not been properly provided. The relevant reasons are:
(a) We have committed a material breach of our obligation(s) and in the case of any such breach which is capable of remedy, failed to remedy the breach within 10 days of notification of such breach;
(b) we have told you about an upcoming change to the services or these terms which you do not agree to (see clause 5);
(c) we have told you about an error in the price or description of the services you have ordered and you do not wish to proceed;
(d) we suspend the services for technical reasons, or notify you we are going to suspend them for technical reasons, in each case for a period of more than 2 months;
(e) you have a legal right to end the contract because of something we have done wrong;
(f) we enter into liquidation, whether compulsory or voluntarily, other than for the purpose of amalgamation or reconstruction without insolvency;
(g) we compound or make any arrangements with our creditors; or
(h) we cease, or threaten to cease, to carry on business.

7.3 What happens if you end the contract without a good reason. If you are not ending the contract for one of the reasons set out in clause 7.2, the contract will end immediately but we may charge you reasonable compensation for the net costs we will incur as a result of your ending the contract

8. Our rights to end the contract

8.1 We may end the contract if you break it. We may end the contract at any time by writing to you if:
(a) you do not make any payment to us when it is due and you still do not make payment within ten days of us reminding you that payment is due;
(b) you do not, within a reasonable time of us asking for it, provide us with information that is necessary for us to provide the services;
(c) you do not provide internal resources sufficient to enable us to complete the reporting process;
(d) you do not, within a reasonable time, give us access to your property to enable us to provide the services to you; or
(e) it becomes apparent that we are unable to perform the services in a manner that is consistent with our company mission.
To the extent that you do not perform the above responsibilities, we have the option, where appropriate, of performing those services for you and you agree to pay us an additional amount to reflect our additional services.

8.2 You must compensate us if you break the contract. If we end the contract in the situations set out in clause 8.1(a)-(d) we will refund any money you have paid in advance for services we have not provided but we may deduct or charge you compensation for the net costs we will incur as a result of your breaking the contract.

8.3 We may stop providing the services. We may write to you to let you know that we are going to stop providing the services. We will let you know at least 1 month in advance of our stopping the services and will refund any sums you have paid in advance for services which will not be provided.

9. If there is a problem with the services

9.1 How to tell us about problems. If you have any questions or complaints about the services, please contact us on the email set out above.

9.2 Our guarantee. We offer the following goodwill guarantee which is in addition to your legal rights and does not affect them. In the unlikely event there is any defect with the services:
(a) if remedying the defect is impossible or cannot be done within a reasonable time or without significant inconvenience to you we will refund the price you have paid for the services.
(b) in all other circumstances we will use every effort to repair or fix the defect free of charge, without significant inconvenience to you, as soon as we reasonably can and, in any event, within 1 month. If we fail to remedy the defect by this deadline we will refund the price you have paid for the services.

10. Price and payment

10.1. Fees. Customer will pay for access to and use of the Service as set forth on the applicable Order (“Fees”). All Fees will be paid in the currency stated in the applicable Order or, if no currency is specified, Great British Pounds (GBP). Payment obligations are non-cancelable and, except as expressly stated in this Agreement, non-refundable. Polyloop may modify its Fees or introduce new fees at its sole discretion. Customer always has the right to choose not to renew their subscription if they do not agree with any new or revised Fees.

10.2. Payment. Policy Platforms through its third-party payment processor (“Stripe”) will charge Customer for the Fees via credit card, debit card, or ACH payment, pursuant to the credit card or ACH payment information provided by Customer to Policy Platforms. Policy Platforms will have the right to charge Customer’s credit card or ACH payment method for any services provided to Customer by Policy Platforms under the Order, including recurring Fees. It is Customer’s sole responsibility to provide Policy Platforms with current and up to date credit card, debit card, or ACH information; failure to provide such information may result in suspension of Customer’s access to the Services. Policy Platforms will also have the right to set-off any Fees due from Customer to Policy Platforms Limited. If Customer pays the Fees through a Payment Processor such payment processing will be subject to the terms, conditions, and privacy policies of the Payment Processor in addition to this Agreement. Terms and conditions of the payment processor can be found here https://stripe.com/gb/legal/ssa. Policy Platforms Limited is not responsible for any error by, or other acts or omissions of, the Payment Processor. Policy Platforms Limited reserves the right to correct any errors or mistakes that the Payment Processor makes even if Policy Platforms has already requested or received payment. If authorised by Customer through acceptance of an Order, recurring charges (e.g. monthly billing) will be charged to Customer’s payment method without further authorisation from Customer, until Customer terminates this Agreement in accordance with its terms or changes its payment method in Customer’s account in the Service.

10.3. Taxes. Fees do not include any taxes, levies, duties or similar governmental assessments of any nature, including, for example, value-added, sales, use or withholding taxes, assessable by any jurisdiction whatsoever (collectively, “Taxes”). Customer is responsible for paying all Taxes associated with its purchases hereunder. If Policy Platforms has the legal obligation to pay or collect Taxes for which Customer is responsible under this section, Policy Platforms will invoice Customer and Customer will pay that amount unless Customer provides Policy Platforms with a valid tax exemption certificate authorised by the appropriate taxing authority in advance. For clarity, Policy Platforms is solely responsible for taxes assessable against it based on its income, property, and employees.

10.4. Failure to Pay. If Customer fails to pay any Fees when due, Policy Platforms may suspend Customer’s access to the Service pending payment of such overdue amounts. Customer also authorises Policy Platforms to make multiple re-attempts at charging the Customer’s payment instrument if an initial charge attempt is unsuccessful, without any specific limit on the number of retries. If Customer believes that Policy Platforms has billed Customer incorrectly, Customer must contact Policy Platforms no later than sixty (60) days after the closing date on the first billing statement in which the error or problem appeared, to receive an adjustment or credit. Once Policy Platforms receives notice of a disputed invoice, Policy Platforms will review such notice and provide Customer with a written decision regarding the dispute, including documentary support for such decision. If Policy Platforms reasonably determines that the amounts billed are, in fact, due, Customer will pay such amounts (if they have not done so already) within ten days of Policy Platforms notifying Customer in writing of such decision.

11. Term and Termination.

11.1. Agreement Term and Renewals. Subscriptions to access and use the Service commence on the start date stated on the applicable Order (“Subscription Start Date”) and continue for the duration of the Subscription Period. Customer may choose not to renew its Subscription Period by notifying Policy Platforms at support@polyloop.io (provided that Policy Platforms confirms such cancellation in writing) or by modifying its subscription through Customer’s account within the Service. This Agreement will become effective on the first day of the Subscription Period and remain effective for the duration of the Subscription Period stated on the Order along with any renewals of the Subscription Period and any period that Customer is using the Service even if such use is not under a paid Order (“Term”). If the parties terminate this Agreement, it will automatically terminate all Orders. If Customer cancels or does not renew its paid subscription to the Service, Customer’s subscription will be accessible but will automatically be downgraded to a version of the Service with diminished features and functionality that Policy Platforms offers to unpaid subscribers (“Free Version”). If Customer or Policy Platforms terminates this Agreement or Customer deletes its workspace within the Service, Customer will not have access to the Free Version.

11.2. Termination. Either party may terminate this Agreement upon written notice to the other party if the other party materially breaches this Agreement and such breach is not cured within thirty (30) days after the breaching party’s receipt of such notice. Policy Platforms may terminate Customer’s access to the Free Version at any time upon notice to Customer.

11.3. Effect of Termination. If Customer terminates this Agreement because of Policy Platforms’s uncured breach, Policy Platforms will refund any unused, prepaid Fees for the remainder of the then-current Subscription Period. If Policy Platforms terminates this Agreement because of Customer’s uncured breach, Customer will pay any unpaid Fees covering the remainder of the then-current Subscription Period after the effective date of termination, if any. In no event will any termination relieve Customer of the obligation to pay any Fees payable to Policy Platforms for the period prior to the effective date of termination. Upon any termination of this Agreement, all rights and licenses granted by Policy Platforms hereunder will immediately terminate; Customer will no longer have the right to access or use the Service. Within thirty (30) days of termination of this Agreement for cause, upon Customer’s request following termination, or if Customer deletes its workspace within the Service, Policy Platforms will delete Customer’s User Information, including passwords and all related information, files, and User Submissions, unless Customer requests an earlier deletion in writing. If Customer is using the Free Version, Policy Platforms will retain User Submissions and User Information to facilitate such use. Policy Platforms may delete all User Submissions or User Information if Customer maintains an account in the Free Version but such account is not used for a period of one (1) year or more.

11.4 Where to find the price for the services. The price of the services (which does not include VAT) will be the price we have set out in our Letter of Engagement.

11.5 We will pass on changes in the rate of VAT. If the rate of VAT changes between your order date and the date we provide the services, we will adjust the rate of VAT that you pay, unless you have already paid for the services in full before the change in the rate of VAT takes effect.

11.6 Additional Fees. If, during the course of our services for you, a need for additional services not set out in the Letter of Engagement is identified, agreement to these additional services will be obtained from you before any expenditure
is incurred.

11.7 When you must pay and how you must pay. The Letter of Engagement will set out our fees. You must pay each invoice within 30 calendar days after the date of the invoice.

11.8 What to do if you think an invoice is wrong. If you think an invoice is wrong please contact us promptly to let us know. You will not have to pay any interest until the dispute is resolved. Once the dispute is resolved we will charge you interest on correctly invoiced sums from the original due date


12. Customer Data & Security

12.1 All Customers own all rights, titles and interest in their data. The Customer shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of their data.

12.2 In the event of any loss or damage to Customer Data, Policy Platforms shall use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up, this will be the Customer's sole and exclusive remedy. Policy Platforms shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party.

12.3 Policy Platforms will comply with its Privacy Policy. The Privacy Policy may be amended from time to time by Policy Platform at its sole discretion.

12.4 If Policy Platforms processes any personal data on the Customer's behalf when performing its obligations under this Agreement, the parties record their intention that the Customer shall be the data controller and Policy Platforms shall be a data processor, defined as such:

Data Controller - the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed.

Data Processors - means any natural or legal person who processes the data on behalf of the Data Controller.

12.4.1 To provide services to you, we may need to share your personal information with parties located within the European Economic Area (EEA), where data protection laws are equivalent to those in the UK. We will take reasonable steps to ensure the privacy of your information and will comply with current legislation before any such sharing occurs.

12.4.2 If applicable, the Customer shall ensure that relevant third parties within the EEA have been informed of, and have given their consent to, such use, processing, and transfer, in accordance with all applicable data protection legislation.

12.4.3 Policy Platforms will process personal data solely in line with the terms of this Agreement and any lawful instructions reasonably provided by the Customer, ensuring data remains within the EEA.

12.4.4 Both parties shall implement appropriate technical and organisational measures to prevent unauthorised or unlawful processing of personal data, as well as accidental loss, destruction, or damage.

12.5 The Processor shall implement and maintain adequate security measures to standards no less than those imposed on the Controller under the Data Protection Legislation whilst it continues to Process the Data on behalf of the Controller, such measures shall include (but not be limited to):

12.5.1 Encryption: Data is encrypted as part of the cloud computing service. This service uses industry-accepted encryption products to protect customer data and communications during transmissions between a customer and Policy Platforms, including 128-bit TLS Certificates and 2048-bit RSA public keys at a minimum. Additionally, Customer Data is encrypted during transmission between data centres for replication purposes. All Personal Data is processed through Policy Platforms private infrastructure hosted by AWS.

12.5.2 Backup: All data submitted to Policy Platforms is automatically replicated on a near real-time basis to a secondary data centre site. It is backed up on a regular basis and stored on backup media for 3 days, after which it is securely overwritten or deleted. Any backups are verified for integrity and stored in the same data centres as their instance. At Policy Platforms we maintain a weekly backup of data, stored securely with access permissions limited to key personnel. We have a policy of not moving commercially sensitive data on removable media.

12.5.3 Resilience: All Policy Platforms network accelerators, load balancers, web servers and application servers are configured in a redundant configuration. All Customer Data submitted to Policy Platforms is stored on a primary database server with multiple active clusters for higher availability. All Customer Data submitted to Policy Platforms is stored on highly redundant carrier-class disk storage and multiple data paths to ensure reliability and performance. The Policy Platforms development environment provides various protections against malicious code which are implemented in the Policy Platforms application with Web Application Firewall. 

12.5.4 Disaster recovery: Policy Platforms supports disaster recovery with a dedicated team and a 4 hour recovery point objective (RPO) and 12 hour recovery time objective (RTO). Policy Platforms maintains a Business Continuity Plan outlining business risks, detailing the impact and response to any disruption, and appropriate recovery strategies.

12.5.5 Incident notification: Incident detection and response is part of the security procedures that are incorporated into Policy Platforms standard practices. Policy Platforms also uses security scanners to analyse and monitor the product for potential security issues. Policy Platforms maintains security incident management policies and procedures, and will promptly notify their customers of any actual or reasonably suspected unauthorised disclosure of their respective data. In the event of a disruption or other incident, we would notify our customers directly by email based on our customer usage.

13. The Platform

13.1 Intellectual Property. The copyright in the material contained in the Platform (save for the products/ outcomes of the services) and any trademarks and brands included in that material belongs to us or our licensors. We grant to You a
non-exclusive, non-transferable, licence to use such IPR for Your own internal business purposes with a right to sub-licence such IPR on equivalent terms to an entity within the [company name] Group.

13.1.1 We assign to You by way of present and future assignment, with full title guarantee and free from all third party rights, all intellectual property rights and all other rights in the products and /or outcomes of the services.

13.1.2 We will, promptly at Your request, do (or procure to be done) all such acts and things and the execution of all such other documents as the You may from time to time require for the purpose of securing for You the full benefit of the
Agreement, including right, title and interest in and to the intellectual property rights and all other rights assigned to the You in accordance with clause 11.1A.

13.1.2 Accuracy of Information. We will use reasonable endeavours to ensure that the information available on the Platform is, at all reasonable times, accurate. We will use all reasonable endeavours to correct errors and omissions as quickly
as practicable after becoming aware or being notified of the same.

13.1.3 Changes to the Platform. We may also change, suspend or discontinue any aspect of the Platform, including the availability of any features, information, database or content or restrict access to parts or all of the platform without notice or
liability.

13.2 Our responsibility for loss or damage suffered by you

13.3 We are responsible to you for foreseeable loss and damage caused by us. If we fail to comply with these terms, we are responsible for loss or damage you suffer that is a foreseeable result of our breaking this contract or our failing to use reasonable care and skill, but we are not responsible for any loss or damage that is not foreseeable. Loss or damage is foreseeable if either it is obvious that it will happen or if, at the time the contract was made, both we and you knew it might happen, for example, if you discussed it with us during the sales process.

13.4 We do not exclude or limit in any way our liability for the following:
(a) death or personal injury caused by our negligence or the negligence of our employees, agents or subcontractors;
(b) for fraud or fraudulent misrepresentation;
(c) for breach of your legal rights in relation to the services;
(d) for Our liability under clause 13 (data protection).

13.5 Total Liability. Subject to clause 12.2, Our total liability to you in respect of all other losses arising under or in connection with the services, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, shall in no circumstances exceed the fees received from you.

13.6 We are not liable for business losses. We will have no liability to you for any loss of profit, loss of business, business interruption, or loss of business opportunity.

13.7. Data Protection For the purposes of this clause, the following terms will have the definitions set out below: 

“Data” has the meaning given in the Data Protection Legislation and more specifically means data as described in Appendix 1 to be made available by the Controller to the Processor for the purposes of providing the services; “Data Controller” means the Customer as per the definition in the Data Protection Legislation; “Data Processor” means the Supplier as per the definition in the Data Protection Legislation; “Data Protection Legislation” means, for the periods in which they are in force in the United Kingdom, the Data
Protection Act 1998, the EU Data Protection Directive 95/46/EC, the Regulation of Investigatory Powers Act 2000, the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000, the Electronic Communications Data Protection Directive 2002/58/EC, the Privacy and Electronic Communications (EC Directive) Regulations 2003, the GDPR and all applicable Laws and regulations relating to processing of personal data and privacy, including where applicable the guidance and codes of practice issued by the Information Commissioner, in each case as amended or substituted from time to time;
“Data Subject” has the meaning given to it by the Data Protection Legislation;
“GDPR” means (a) the General Data Protection Regulations (Regulation (EU) 2016/679) which comes into force on 25 May 2018; and (b) any equivalent legislation amending or replacing the General Data Protection Regulations
(Regulation (EU) 2016/679; “Personal Data” has the meaning as set out in the Data Protection Legislation which forms part of the Data; “Personal Data Breach” has the meaning as set out in the Data Protection Legislation; “Processing” has the meaning as set out in the Data Protection Legislation and “Process” and “Processed” shall be
construed accordingly; “Special Categories of Personal Data” means Sensitive Personal Data or Special Categories of Personal Data, as defined in the Data Protection Legislation, which is Processed by the Data Processor on behalf of the Data Controller pursuant to or in connection with the Agreement;

13.8 Both parties shall duly observe all their obligations under the Data Protection Legislation which arise in connection with the contract and shall not perform their obligations in such a way as to cause the other party to breach any of
its obligations under the Data Protection Legislation.

13.9 With respect to the parties’ rights and obligations under the contract, the Parties agree that [company name] Group is the Data Controllers and that the Policy Platforms Limited is the Data Processor.

13.10 The Data Controller shall not disclose any Personal Data to the Data Processor save where it is lawful and in a form which is lawful.

13.11 The subject-matter and duration of the Processing, nature and purpose of the Processing, types of Personal Data, and categories of Data Subjects are set out in Appendix 1 to these Terms and Conditions.

13.12 The Data Controller may make reasonable amends to Appendix 1 by written notice to the Data Processor from time to time as the Data Controller considers necessary to meet the requirements of the Data Protection Legislation.

13.13 The Processor agrees to only Process the Data in accordance with these Terms and Conditions and, subject to the overriding requirements of Data Processing Legislation, undertakes to:

13.14.1 only process the Personal Data for and on behalf of the Controller, strictly in accordance with the written instructions of the Data Controller, unless the Processing is required by applicable laws to which the Data Processor is subject, in which case the Data Processor shall to the extent permitted by such applicable laws inform the Data Controller of that legal requirement before Processing;

13.14.2 ensure that any personnel with access to Personal Data are subject to a duty of confidentiality (whether contractual or statutory) and ensure that access is strictly limited to those individuals who need to know/access
the Personal Data;

13.14.3 taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Data Processor shall, in relation to the Personal Data, implement appropriate technical and organisational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred
to in Article 32(1) of the GDPR;

13.14.4 only engage Sub-Contractors with the prior written consent of the Data Controller and under a written contract,
imposing the same data protection obligations as set out in the Agreement, remaining liable to the Data Controller for compliance of any Sub-Contractor engaged and informing the Data Controller of any changes concerning the addition or replacement of Sub-Contractors giving the Data Controller sufficient opportunity to object to such changes;

13.14.5 assist the Data Controller by appropriate technical and organisational measures, insofar as possible, for the fulfilment of the Data Controller’s obligations to respond to requests for exercising the Data Subject’s rights laid
down in the Data Protection Legislation;

13.14.6 notify the Data Controller within five (5) Working Days if it receives a request from a Data Subject under the Data Protection Legislation in respect of the Personal Data and not respond to any such request without the written authorisation of the Data Controller or as required by the Data Protection Legislation to which the Data Processor is subject but only after informing the Data Controller of such legal requirement before responding to the request;

13.14.7 notify the Data Controller without undue delay, and at least within 48 hours, upon becoming aware of a Personal Data Breach, providing the Data Controller with sufficient information to allow it to meet its obligations under the Data Protection Legislation and to enable the Controller to report the breach to the Information
Commissioner’s Office within the 72 hour deadline imposed by the GDPR and assist the Data Controller, as directed, in the investigation, mitigation and remediation of such Personal Data Breach;

13.14.8 assist the Data Controller in ensuring compliance with the obligations pursuant to the Data Protection Legislation taking into account the nature of the Processing for the purposes of the Agreement and the information available
to the Data Processor, including but not limited to those obligations relating to (a) security of processing; (b) notification of a Personal Data Breach to the Information Commissioner’s Office; (c) communication of a Personal Data Breach to the Data Subject; and (d) Data Protection impact assessments and any subsequent consultations with the Information Commissioner’s Office;

13.14.5 on the expiry or termination of the Agreement, promptly upon request from the Data Controller (at the Data Controller’s discretion) either: (a) return all Personal Data to the Data Controller and delete all existing copies, or procure such deletion; or (b) securely destroy such Personal Data, unless an applicable law requires storage of the Personal Data but only to the extent and for such period as required by such law;

13.14.11 notify the Data Controller of the deletion of Personal Data in accordance with Clause 1.6.9 within 21 days of the expiry or termination of the Agreement;

13.14.12 not transfer Personal Data outside the European Economic Area (EEA) without the prior written consent of the Data Controller;

13.14.13 make available to the Data Controller on request all information necessary to demonstrate compliance with the Data Protection Legislation, and allow for and contribute to audits, including inspections, by the Data Controller or an auditor mandated by the Data Controller including to permit the Data Controller or its external advisers (subject to reasonable and appropriate confidentiality undertakings) to inspect and audit the Data Processor’s data processing activities and those of its agents, subsidiaries and sub-contractors and comply with all
reasonable requests or directions by the Data Controller to enable the Data Controller to verify and procure that the Data Processor is in full compliance with its obligations under the Agreement.

13.15 The Data Processor shall, at all times during and after the term of the Agreement, indemnify the Data Controller and keep the Data Controller indemnified against all losses, damages, costs or expenses and other liabilities (including
legal fees) incurred by, awarded against or agreed to be paid by the Data Controller arising from any breach of the Data Processor’s obligations under this clause except and to the extent that such liabilities have resulted directly from the Data Controller’s instructions.

13.16 The provisions of this clause shall apply during the continuance of the Agreement and indefinitely after its expiry or termination.

14. Other important terms

14.1 You may only transfer your rights under our guarantee to someone else. You may only transfer your rights or your obligations under these terms to another person with our written consent. We may withhold our consent.

14.2 Nobody else has any rights under this contract. This contract is between you and us. Save for [company name] Group (as defined in the Letter of Engagement), no other person shall have any rights to enforce any of its terms. Neither of us will need the consent of any person acquiring rights under our guarantee to end the contract or make any changes to these terms.

14.3 Notices. Any notice or other communication given by us or you shall be in writing, addressed to us or you at the registered office (if it is a company) or its principal place of business (in any other case) or such other address as we
or you may have specified in writing, and shall be delivered personally or sent by prepaid first-class post or other next working day delivery service, or by commercial courier, or e-mail. A notice or other communication shall be
deemed to have been received: if delivered personally, when left at the address referred to in the Letter of Engagement; if sent by pre-paid first class post or other next working day delivery service, at 9.00 am on the second business day after posting; if delivered by commercial courier, on the date and at the time that the courier’s delivery receipt is signed; or, if sent by e-mail, on the sending of the e-mail.

14.4 Exclusive Terms. These terms apply to the Agreement to the exclusion of any other terms that you may seek to
impose or incorporate, or which are implied by trade, custom, practice or course of dealing.

14.5 If a court finds part of this contract illegal, the rest will continue in force. Each of the paragraphs of these terms operates separately. If any court or relevant authority decides that any of them are unlawful, the remaining paragraphs will remain in full force and effect.

14.6 Even if we delay in enforcing this contract, we can still enforce it later. If we do not insist immediately that you do anything you are required to do under these terms, or if we delay in taking steps against you in respect of your breaking this contract, that will not mean that you do not have to do those things or prevent us taking steps against you at a later date. For example, if you miss a payment and we do not chase you but we continue to provide the services, we can still require you to make the payment at a later date.

14.7 Dispute Resolution. Any and all disputes relating to this Agreement and/or the subject matter of it, shall in the first instance be referred to the parties contract managers for resolution. Upon such referral the contract managers shall meet within 5 days of such referral to resolve the issue. If the contract managers cannot resolve the issue within 5 days of their meeting, the matter shall be referred to the parties senior management for resolution. If the Senior Managers cannot resolve the issue within 10 days of their meeting over it, the parties shall be free to refer the matter
to meditation or other alternative dispute resolution procedure.

14.8 Which laws apply to this contract and where you may bring legal proceedings. These terms are governed by English law and you can bring legal proceedings in respect of the services in the English courts.


APPENDIX 1: DATA PROCESSING

This Appendix includes certain details of the Processing of Personal Data as required by the Data Protection Legislation.

1 THE SUBJECT-MATTER AND DURATION OF THE PROCESSING

1.1 The subject-matter and duration of the Processing of Personal Data in accordance with this Agreement shall consist of:

1.1.1 Subject Matter: the provision of services to [company name] Group by Policy Platforms Limited, as set out in the Letter of Engagement.

1.1.2 Duration of the Processing: the duration of the processing shall be for the term designated under the agreement between Policy Platforms Limited and [company name] Group.

2 THE NATURE AND PURPOSE OF THE PROCESSING

2.1 The subject-matter and duration of the Processing of Personal Data in accordance with this Agreement shall consist of:

2.1.1 Policy Platforms will process the Personal Data for the purposes of providing services to [company name] Group, as set out in our Letter of Engagement.

3 THE TYPES OF PERSONAL DATA TO BE PROCESSED

3.1 The types of Personal Data that shall be processed in accordance with this Agreement will be:

3.1.1 The Personal Data that shall be processed in accordance with this Agreement shall include names, telephone numbers, email addresses, job titles.

4 CATEGORIES OF DATA SUBJECTS TO WHOM PERSONAL DATA RELATES

4.1 The categories of individuals whose Personal Data is processed in accordance with this Agreement will be: Employees

Terms and Conditions

1. Introduction

Polyloop Corporation (“Polyloop,”, “we,” “our,” “us,” “the Platform,” “the Service”) offers a AI driven co-pilot smart software for government and funding eco-systems to measure and evidence their success, as further described in the Polyloop website and its About page (the “Websites”).

These User Terms of Service (“Terms”) are a binding legal contract between you and Polyloop and explain the rules governing your use of the Platform. By accessing or using the Platform and Websites, you acknowledge and agree to be bound by these Terms (as applicable) and confirm you have read and understand our Privacy Statement, which is incorporated by reference. If you do not agree to these Terms, please do not access or use the Service or Websites.

We may revise these Terms from time to time by posting a modified version on our website. If, in Polyloop’s sole discretion, the modifications to these Terms are material, we will provide you with reasonable notice prior to the change taking effect, either by emailing the email address associated with your account or by alerting you through the Service and/or Websites. If you do not agree to or cannot comply with the modified Terms, you must stop using the Service and Websites. Unless otherwise stated elsewhere in these Terms or in our notice, the updated Terms will take effect upon their posting and will apply on a going-forward basis. Your continued use of the Service and Websites after any update to these Terms constitutes your acceptance of such changes.

2. Information About Us and How To Contact Us

2.1 Who we are. We are Polyloop, a company registered in Delaware. Our company identification number is 99-3219173 and our registered office is at 823 Congress Ave St, TX, 78701.

2.2 How to contact us. You can contact us by telephoning our service team at +44(0)2033 550530 or by writing to us at support@polyloop.io AND 823 Congress Ave St, TX, 78701.

2.3 How we may contact you. If we have to contact you, we will do so by telephone or by writing to you at the email address or postal address you provided to us in your order.

2.4 “Writing” includes emails. When we use the words “writing” or “written” in these terms, this includes emails.

3. Our Contract With You

3.1 How We Will Accept Your Order. Our acceptance of your order will take place when we tell you that we are able to provide you with the services. This will also be confirmed in writing in our Letter of Engagement, at which point a contract will be entered into by you and us.

3.2 What the Letter of Engagement Will Contain. The Letter of Engagement will set out the following information:

Our scope of work

Our fees

Indicative timetable to complete the scope of work

Our team

The person who will be our point of contact at your business

3.3 Conflict with Letter of Engagement. If there is a conflict between the terms of the Letter of Engagement and these terms, the Letter of Engagement shall prevail.

4. Account Registration

4.1 Account Registration and Confidentiality. To access the Service and certain parts of our Websites, you must register for a Polyloop account by creating a username and password. You agree to provide us with accurate, complete, and current registration information about yourself. It is your responsibility to ensure that your password remains confidential and secure, and you agree that you will not allow others to access the Service using your Polyloop account. By registering, you agree that you are fully responsible for all activities that occur under your user name and password. We may assume that any communications we receive under your account have been made by you. If you are a workspace or organization owner or administrator, or if you have confirmed in writing that you have the authority to make decisions on behalf of a workspace or organization (“Account Administrator”), you represent and warrant that you are authorized to to do so and agree that Polyloop is entitled to rely on your instructions.

4.2 Unauthorized Account Use. You are responsible for notifying us at support@polyloop.io if you become aware of any unauthorized use of or access to your account. You understand and agree that we may require you to provide information that may be used to confirm your identity and help ensure the security of your account. Polyloop will not be liable for any loss, damages, liability, expenses or attorneys’ fees that you may incur as a result of someone else using your password or account, either with or without your knowledge and/or authorization, and regardless of whether you have advised us of such unauthorized use. You will be liable for losses, damages, liability, expenses and attorneys’ fees incurred by Polyloop or a third party due to someone else using your account. In the event that the Account Administrator or Customer loses access to an account or otherwise requests information about an account, Polyloop reserves the right in its sole discretion to request from the Account Administrator or Customer any verification it deems necessary before restoring access to or providing information about such an account.

5. Your Rights to Make Changes

5.1 If You Wish To Make a Change to the Services, Please Contact Us. We will let you know if the change is possible. If it is possible, we will let you know about any changes to the price of the services, their timing, or anything else which would be necessary as a result of your requested change and ask you to confirm whether you wish to go ahead with the change.

6. Our Rights to Make Changes

6.1 Minor Changes to the Services. We may change the services: (a) to reflect changes in relevant laws and regulatory requirements; and (b) to implement minor technical adjustments and improvements, for example, to address a security threat. These changes will not affect your use of the services.

7. Providing the Services

7.1 When We Will Provide The Services. We will supply the services to you from the date set out in our Letter of Engagement for the time period set out in the Letter of Engagement. The estimated completion date for the services is as set out in the Letter of Engagement or until either you end the contract for the services as described in clause 7 or we end the contract by written notice to you as described in clause 8.

7.2 Compliance with Laws. We will comply with all applicable laws in our supply of the services in accordance with these terms and conditions and the Letter of Engagement. This includes, but is not restricted to, the 1977 Foreign Corrupt Practices Act. We will ensure that we establish, maintain, and enforce policies and procedures adequate to ensure compliance with these acts. We will notify you immediately in writing of any failure to comply with this clause. We will keep appropriate records of our compliance with these obligations and make such records available on request. If we fail to comply with this clause, you will have the right to terminate the Agreement immediately without further liability and without prejudice to any other rights or remedies that may have accrued to your benefit under or in connection with this Agreement. We will refund you in full all sums paid by you for the provision of the services.

7.3 We Are Not Responsible for Delays Outside of Our Control. If our performance of the services is affected by an event outside our control, we will contact you as soon as possible to let you know and will take steps to minimize the effect of the delay. Provided we do this, we will not be liable for delays caused by the event, but if there is a risk of substantial delay, you may contact us to end the contract and receive a refund for any services you have paid for but not received.

7.4 If You Do Not Allow Us Access To Provide Services. If you have asked us to provide the services to you at your business and you do not allow us access to your business premises as arranged (and you do not have a good reason for this), we may charge you additional costs incurred by us as a result. If, despite our reasonable efforts, we are unable to contact you or re-arrange access to your business, we may end the contract and clause 7.3 will apply.

7.5 Information You Must Provide To Us. The data you supply to us must be accurate and in line with our guidance notes. We will not be responsible for checking the accuracy of the data. The data sources are to be clearly identifiable and open to evaluation by us. We must be provided with access to stakeholders upon reasonable notice. You will be responsible for inputting data unless otherwise agreed in the Letter of Engagement.

7.6 What Will Happen If You Do Not Provide Required Information To Us. As we informed you in the Letter of Engagement, we will need certain information from you so that we can provide the services to you. We will contact you in writing to ask for this information. If you do not, within a reasonable time of us asking for it, provide us with this information, or you provide us with incomplete or incorrect information, we may either end the contract (see clause 8.1) or make an additional charge of a reasonable sum to compensate us for any extra work that is required as a result. We will not be responsible for providing the services late or not providing any part of them if this is caused by you not giving us the information we need within a reasonable time of us asking for it.

7.7 Reasons We May Suspend The Services. We may have to suspend the services to: (a) deal with technical problems or make minor technical changes; (b) update the services to reflect changes in relevant laws and regulatory requirements; (c) make changes to the services as requested by you or notified by us to you (see clause 5).

7.8 Your Rights If We Suspend The Services. We will contact you in advance to tell you we will be suspending the services, unless the problem is urgent or an emergency. If we have to suspend the services for longer than three months in any six-month period, we will adjust the price so that you do not pay for services while they are suspended. You may contact us to end the contract if we suspend the services, or tell you we are going to suspend them, in each case for a period of more than three months, and we will refund any sums you have paid in advance for services not provided to you.

7.9 We May Also Suspend The Services If You Do Not Pay. If you do not pay us for the services when you are supposed to (see clause 10.3) and you still do not make payment within ten days of us reminding you that payment is due, we may suspend supply of the products until you have paid us the outstanding amounts. We will contact you to tell you we are suspending supply of the products. We will not suspend the products where you dispute the unpaid invoice (see clause 10.7). We will not charge you for the services during the period for which they are suspended. As well as suspending the services, we can also charge you interest on your overdue payments (see clause 10.6).

8. Your Rights to End the Contract

8.1 You Can Always End The Contract Before The Services Have Been Supplied And Paid For. You may contact us at any time to end the contract for the services, but in some circumstances, we may charge you certain sums for doing so, as described below.

8.2 What Happens If You Have A Good Reason For Ending The Contract. If you are ending the contract for a reason set out below, the contract will end immediately and we will refund you in full for any services which have not been provided or have not been properly provided. The relevant reasons are: (a) We have committed a material breach of our obligation(s) and, in the case of any such breach which is capable of remedy, failed to remedy the breach within 10 days of notification of such breach; (b) we have told you about an upcoming change to the services or these terms which you do not agree to (see clause 5); (c) we have told you about an error in the price or description of the services you have ordered and you do not wish to proceed; (d) we suspend the services for technical reasons, or notify you we are going to suspend them for technical reasons, in each case for a period of more than 2 months; (e) you have a legal right to end the contract because of something we have done wrong; (f) we enter into liquidation, whether compulsory or voluntarily, other than for the purpose of amalgamation or reconstruction without insolvency; (g) we compound or make any arrangements with our creditors; or (h) we cease, or threaten to cease, to carry on business.

8.3 What Happens If You End The Contract Without A Good Reason. If you are not ending the contract for one of the reasons set out in clause 7.2, the contract will end immediately but we may charge you reasonable compensation for the net costs we will incur as a result of your ending the contract.

9. Our Rights to End the Contract

9.1 We May End The Contract If You Break It. We may end the contract at any time by writing to you if: (a) you do not make any payment to us when it is due and you still do not make payment within ten days of us reminding you that payment is due; (b) you do not, within a reasonable time of us asking for it, provide us with information that is necessary for us to provide the services; (c) you do not provide internal resources sufficient to enable us to complete the reporting process; (d) you do not, within a reasonable time, give us access to your property to enable us to provide the services to you; or (e) it becomes apparent that we are unable to perform the services in a manner that is consistent with our company mission. To the extent that you do not perform the above responsibilities, we have the option, where appropriate, of performing those services for you and you agree to pay us an additional amount to reflect our additional services.

9.2 You Must Compensate Us If You Break The Contract. If we end the contract in the situations set out in clause 8.1(a)-(d), we will refund any money you have paid in advance for services we have not provided, but we may deduct or charge you compensation for the net costs we will incur as a result of your breaking the contract.

9.3 We May Stop Providing The Services. We may write to you to let you know that we are going to stop providing the services. We will let you know at least 1 month in advance of our stopping the services and will refund any sums you have paid in advance for services which will not be provided.

10. If There is a Problem with the Services

10.1 How To Tell Us About Problems. If you have any questions or complaints about the services, please contact us on the email set out above.

10.2 Our Guarantee. We offer the following goodwill guarantee which is in addition to your legal rights and does not affect them. In the unlikely event there is any defect with the services: (a) if remedying the defect is impossible or cannot be done within a reasonable time or without significant inconvenience to you, we will refund the price you have paid for the services. (b) in all other circumstances, we will use every effort to repair or fix the defect free of charge, without significant inconvenience to you, as soon as we reasonably can and, in any event, within 1 month. If we fail to remedy the defect by this deadline, we will refund the price you have paid for the services.

11. Acceptable Use Policy. You acknowledge and agree to comply with these Terms, including the following rules regarding acceptable use of the Service and Websites (the “Acceptable Use Policy”).

11.1 Disruption Of The Service. You may not:

access, tamper with, or use non-public areas of the Service and Websites, Polyloop’s computer systems

probe, scan, or test the vulnerability of any network or circumvent any security measure;

access or search the Service and Websites by any means other than Polyloop’s publicly supported interfaces (for example, “scraping”); or

interfere with or disrupt, or attempt to interfere with or disrupt, our infrastructure or the access of any user, host or network, including, without limitation, by sending a virus, overloading, flooding, spamming, mail-bombing the Service and Websites, or by scripting the creation of User Content interferes with the Service and Websites; or

prompt or otherwise attempt to use artificial intelligence (AI) models to act in a manner that violates these Terms or intentionally circumvents safety filters and functionality of the Service.

11.2 Misuse Of The Service And Websites. You may not use the Service and Websites to carry out, promote or support:

any disinformation, deception, or otherwise fraudulent activities;

the impersonation of another person or entity or the misrepresentation of an affiliation with a person or entity (e.g., “spoofing”, “phishing”);

activities that are defamatory, libelous or threatening, or otherwise constitute hate speech, harassment, or stalking;

the violation of any law or the rights of others (including unlawful tracking, monitoring, and identification or the publishing or sharing of another person’s confidential or personal information without their express authorization and permission);

for harm or abuse of a minor, including grooming and child sexual exploitation;

the sending of unsolicited communications, promotions advertisements, or spam;

the publishing or sharing of malicious content;

the promotion or advertisement of products or services other than your own without appropriate authorization; or

the development of services that compete with Polyloop;

11.3 User Content. You may not post any User Content on the Service or Websites (or otherwise make use of the Service or Websites) in a manner that:

is deceptive, fraudulent, illegal, obscene, defamatory, disparaging, libelous, threatening, or pornographic (including child pornography, which, upon becoming aware of, we will remove and report to law enforcement, including the National Center for Missing and Exploited Children);

suggests any content, information or other outputs generated by AI are human-generated;

criticizes others based on their race, ethnicity, national origin, religion, sex, gender, sexual orientation, disability, or medical condition;

contains any personal information of minors under the age of 16;

contains any sensitive personal information as defined by applicable law (such as financial information, payment card numbers, social security numbers, or health information) without Polyloop’s prior written consent granted as part of a Customer Agreement;

contains viruses, bots, worms, or similar harmful materials;

contains any information that you do not have a right to make available under law or any contractual or fiduciary duty; or

could otherwise cause damage to Polyloop or any third party.

11.4 Artificial Intelligence. If you use any AI or machine learning features and functionality (including third-party models) provided by Polyloop (collectively, “Polyloop AI”), you agree to:

implement appropriate human oversight and safeguards to mitigate potential risks associated with your use of Polyloop AI (i.e., impacts on a person’s fundamental rights, health or safety);

remain responsible for all decisions made, advice given, actions taken, and failures to take action based on your use of Polyloop AI;

provide information about your intended use of Polyloop AI and compliance with this Acceptable Use Policy upon request; and

evaluate Polyloop AI outputs for accuracy and appropriateness in light of the probabilistic nature of AI and potential for producing inaccurate content.

More information on Polyloop AI features and how to manage them can be found in the Polyloop Guide.

11.5 Acceptable Use Violations. If we reasonably believe a violation of this Acceptable Use Policy has occurred or may occur in the near future in a manner that may disrupt the Service or Websites for our Customers or other users, we may suspend or terminate your access to the Service and Websites, without any liability to us and in addition to any other remedies that may be available to us. Polyloop reserves the right to notify the applicable Account Administrator of the foregoing.

12. User Content and Feedback

12.1 User Content and Submissions on the Service. The Service allows you to create tasks and submit associated information, text, files, and other materials (collectively, “User Content”) and to share that User Content with others. User Content submitted or otherwise made available to the Service is subject to the following terms:

12.2 Free User Content. Free Users maintain ownership of the User Content that they submit to the Service (“Free User Content”). By submitting Free User Content, Free Users grant Polyloop a license to access, use, copy, reproduce, process, adapt, publish, transmit, and display that Free User Content, in order to provide the Service, and as permitted by Polyloop’s Privacy Statement, including if required to do so by law or in good faith to comply with legal process. We reserve the right to remove any Free User Content on the Service that violates these Terms or that is otherwise objectionable in Polyloop’s sole discretion.

12.3 Managed User Content on the Service. User Content submitted to the Service by Managed Users is Customer Data, which is owned and controlled by the Customer, in accordance with the Customer Agreement.

12.4 Feedback. The Service and the Websites may have certain features that allow you to submit comments, information, and other materials (collectively, “Feedback”) to Polyloop, and/or share such Feedback with other users, or the public. If you submit Feedback, Polyloop may use such Feedback for any purpose without any compensation or obligation to you. We reserve the right to remove any Feedback posted in our public forums for any reason at our sole discretion.

12.5 User Content and Feedback Representations. You represent and warrant that you have all required rights to submit User Content and Feedback without violation or infringement of any third-party rights. You understand that Polyloop does not control, and is not responsible for, User Content or Feedback, and that by using the Service and/or Websites, you may be exposed to User Content or Feedback from other users that is offensive, indecent, inaccurate, misleading, or otherwise objectionable.

13. Price and Payment

13.1 Fees. Customer will pay for access to and use of the Service as set forth on the applicable Order (“Fees”). All Fees will be paid in the currency stated in the applicable Order or, if no currency is specified, United States Dollars (USD). Payment obligations are non-cancelable and, except as expressly stated in this Agreement, non-refundable. Polyloop may modify its Fees or introduce new fees at its sole discretion. Customer always have the right to choose not to renew their subscription if they do not agree with any new or revised Fees.

13.2 Payment. Polyloop Corporation through its third-party payment processor (“Stripe”) will charge Customer for the Fees via credit card, debit card, or ACH payment, pursuant to the credit card or ACH payment information provided by Customer to Polyloop Corporation. Polyloop Corporation will have the right to charge Customer’s credit card or ACH payment method for any services provided to Customer by Polyloop Corporation under the Order, including recurring Fees. It is Customer’s sole responsibility to provide Polyloop Corporation with current and up to date credit card, debit card, or ACH information; failure to provide such information may result in suspension of Customer’s access to the Services. Polyloop Corporation will also have the right to set-off any Fees due from Customer to Polyloop Corporation. If Customer pays the Fees through a Payment Processor such payment processing will be subject to the terms, conditions, and privacy policies of the Payment Processor in addition to this Agreement. Terms and conditions of the payment processor can be found here https://stripe.com/legal/ssa. Polyloop Corporation is not responsible for any error by, or other acts or omissions of, the Payment Processor. Polyloop Corporation reserves the right to correct any errors or mistakes that the Payment Processor makes even if Polyloop Corporation has already requested or received payment. If authorized by Customer through acceptance of an Order, recurring charges (e.g. monthly billing) will be charged to Customer’s payment method without further authorization from Customer, until Customer terminates this Agreement in accordance with its terms or changes its payment method in Customer’s account in the Service.

13.3 Taxes. Fees do not include any taxes, levies, duties or similar governmental assessments of any nature, including, for example, value-added, sales, use or withholding taxes, assessable by any jurisdiction whatsoever (collectively, “Taxes”). Customer is responsible for paying all Taxes associated with its purchases hereunder. If Polyloop Corporation has the legal obligation to pay or collect Taxes for which Customer is responsible under this section, Polyloop Corporation will invoice Customer and Customer will pay that amount unless Customer provides Polyloop Corporation with a valid tax exemption certificate authorized by the appropriate taxing authority in advance. For clarity, Polyloop Corporation is solely responsible for taxes assessable against it based on its income, property, and employees.

13.4 Failure to Pay. If Customer fails to pay any Fees when due, Polyloop Corporation may suspend Customer’s access to the Service pending payment of such overdue amounts. Customer also authorizes Polyloop Corporation to make multiple re-attempts at charging the Customer’s payment instrument if an initial charge attempt is unsuccessful, without any specific limit on the number of retries. If Customer believes that Polyloop Corporation has billed Customer incorrectly, Customer must contact Polyloop Corporation no later than sixty (60) days after the closing date on the first billing statement in which the error or problem appeared, to receive an adjustment or credit. Once Polyloop Corporation receives notice of a disputed invoice, Polyloop Corporation will review such notice and provide Customer with a written decision regarding the dispute, including documentary support for such decision. If Polyloop Corporation reasonably determines that the amounts billed are, in fact, due, Customer will pay such amounts (if they have not done so already) within ten days of Polyloop Corporation notifying Customer in writing of such decision.

13.5 Where To Find The Price For The Services. The price of the services (which does not include VAT) will be the price we have set out in our Letter of Engagement.

13.6 We Will Pass On Changes In The Rate Of Vat. If the rate of VAT changes between your order date and the date we provide the services, we will adjust the rate of VAT that you pay, unless you have already paid for the services in full before the change in the rate of VAT takes effect.

13.7 Additional Fees. If, during the course of our services for you, a need for additional services not set out in the Letter of Engagement is identified, agreement to these additional services will be obtained from you before any expenditure is incurred.

13.8 When You Must Pay And How You Must Pay. The Letter of Engagement will set out our fees. You must pay each invoice within 30 calendar days after the date of the invoice.

13.9 What To Do If You Think An Invoice Is Wrong. If you think an invoice is wrong, please contact us promptly to let us know. You will not have to pay any interest until the dispute is resolved. Once the dispute is resolved, we will charge you interest on correctly invoiced sums from the original due date.

14. Term and Termination

14.1 Agreement Term and Renewals. Subscriptions to access and use the Service commence on the start date stated on the applicable Order (“Subscription Start Date”) and continue for the duration of the Subscription Period. Customer may choose not to renew its Subscription Period by notifying Polyloop Corporation at support@polyloop.io (provided that Polyloop Corporation confirms such cancellation in writing) or by modifying its subscription through Customer’s account within the Service. This Agreement will become effective on the first day of the Subscription Period and remain effective for the duration of the Subscription Period stated on the Order along with any renewals of the Subscription Period and any period that Customer is using the Service even if such use is not under a paid Order (“Term”). If the parties terminate this Agreement, it will automatically terminate all Orders. If Customer cancels or does not renew its paid subscription to the Service, Customer’s subscription will be accessible but will automatically be downgraded to a version of the Service with diminished features and functionality that Polyloop Corporation offers to unpaid subscribers (“Free Version”). If Customer or Polyloop Corporation terminates this Agreement or Customer deletes its workspace within the Service, Customer will not have access to the Free Version.

14.2 Termination. Either party may terminate this Agreement upon written notice to the other party if the other party materially breaches this Agreement and such breach is not cured within thirty (30) days after the breaching party’s receipt of such notice. Polyloop Corporation may terminate Customer’s access to the Free Version at any time upon notice to Customer.

14.3. Effect of Termination. If Customer terminates this Agreement because of Polyloop Corporation’s uncured breach, Polyloop Corporation will refund any unused, prepaid Fees for the remainder of the then-current Subscription Period. If Polyloop Corporation terminates this Agreement because of Customer’s uncured breach, Customer will pay any unpaid Fees covering the remainder of the then-current Subscription Period after the effective date of termination, if any. In no event will any termination relieve the Customer of the obligation to pay any Fees payable to Polyloop Corporation for the period prior to the effective date of termination. Upon any termination of this Agreement, all rights and licenses granted by Polyloop Corporation hereunder will immediately terminate; Customer will no longer have the right to access or use the Service. Within thirty (30) days of termination of this Agreement for cause, upon Customer’s request following termination, or if Customer deletes its workspace within the Service, Polyloop Corporation will delete Customer’s User Information, including passwords and all related information, files, and User Submissions, unless Customer requests an earlier deletion in writing. If Customer is using the Free Version, Polyloop Corporation will retain User Submissions and User Information to facilitate such use. Polyloop Corporation may delete all User Submissions or User Information if Customer maintains an account in the Free Version but such account is not used for a period of one (1) year or more.

14.4 Where To Find The Price For The Services. The price of the services (which does not include VAT) will be the price we have set out in our Letter of Engagement.

14.5 We Will Pass On Changes In The Rate Of VAT. If the rate of VAT changes between your order date and the date we provide the services, we will adjust the rate of VAT that you pay, unless you have already paid for the services in full before the change in the rate of VAT takes effect.

14.6 Additional Fees. If, during the course of our services for you, a need for additional services not set out in the Letter of Engagement is identified, agreement to these additional services will be obtained from you before any expenditure

is incurred.

14.7 When You Must Pay And How You Must Pay. The Letter of Engagement will set out our fees. You must pay each invoice within 30 calendar days after the date of the invoice.

14.8 What To Do If You Think An Invoice Is Wrong. If you think an invoice is wrong please contact us promptly to let us know. You will not have to pay any interest until the dispute is resolved. Once the dispute is resolved we will charge you interest on correctly invoiced sums from the original due date

15. Customer Data & Security

15.1 All Customers Own All Rights, Titles And Interest In Their Data. The Customer shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of their data.

15.2 Loss Or Damage To Data. In the event of any loss or damage to Customer Data, Polyloop Corporation shall use reasonable commercial endeavors to restore the lost or damaged Customer Data from the latest back-up, this will be the Customer's sole and exclusive remedy. Polyloop Corporation shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party.

15.3 Polyloop Corporation Will Comply With Its Privacy Policy. The Privacy Policy may be amended from time to time by Polyloop Corporation at its sole discretion.

15.4 If Polyloop Corporation processes any personal data on the Customer's behalf when performing its obligations under this Agreement, the parties record their intention that the Customer shall be the data controller and Polyloop Corporation shall be a data processor, defined as such:

Data Controller - the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed.

Data Processors - means any natural or legal person who processes the data on behalf of the Data Controller.

15.4.1 To provide services to you, we may need to share your personal information with parties located within the United States, where data protection laws are in place to protect your privacy. We will take reasonable steps to ensure the privacy of your information and will comply with current legislation before any such sharing occurs

15.4.2 If applicable, the Customer shall ensure that relevant third parties within the US have been informed of, and have given their consent to, such use, processing, and transfer, in accordance with all applicable data protection legislation.

15.4.3 Polyloop Corporation will process personal data solely in line with the terms of this Agreement and any lawful instructions reasonably provided by the Customer, ensuring data remains within the US.

15.4.4 Both parties shall implement appropriate technical and organizational measures to prevent unauthorized or unlawful processing of personal data, as well as accidental loss, destruction, or damage.

15.5 The Processor shall implement and maintain adequate security measures to standards no less than those imposed on the Controller under the Data Protection Legislation whilst it continues to Process the Data on behalf of the Controller, such measures shall include (but not be to):

15.5.1 Encryption: Data is encrypted as part of the cloud computing service. This service uses industry-accepted encryption products to protect customer data and communications during transmissions between a customer and Polyloop Corporation, including 128-bit TLS Certificates and 2048-bit RSA public keys at a minimum. Additionally, Customer Data is encrypted during transmission between data centers for replication purposes. All Personal Data is processed through Polyloop Corporation private infrastructure hosted by AWS.

15.5.2 Backup: All data submitted to Polyloop Corporation is automatically replicated on a near real-time basis to a secondary data center site. It is backed up on a regular basis and stored on backup media for 3 days, after which it is securely overwritten or deleted. Any backups are verified for integrity and stored in the same data centers as their instance. At Polyloop Corporation we maintain a weekly backup of data, stored securely with access permissions to key personnel. We have a policy of not moving commercially sensitive data on removable media.

15.5.3 Resilience: All Polyloop Corporation network accelerators, load balancers, web servers and application servers are configured in a redundant configuration. All Customer Data submitted to Polyloop Corporation is stored on a primary database server with multiple active clusters for higher availability. All Customer Data submitted to Polyloop Corporation is stored on highly redundant carrier-class disk storage and multiple data paths to ensure reliability and performance. The Polyloop Corporation development environment provides various protections against malicious code which are implemented in the Polyloop Corporation application with the Web Application Firewall.

15.5.4 Disaster recovery: Polyloop Corporation supports disaster recovery with a dedicated team and a 4 hour recovery point objective (RPO) and 12 hour recovery time objective (RTO). Polyloop Corporation maintains a Business Continuity Plan outlining business risks, detailing the impact and response to any disruption, and appropriate recovery strategies.

15.5.5 Incident notification: Incident detection and response is part of the security procedures that are incorporated into Polyloop Corporation standard practices. Polyloop Corporation also uses security scanners to analyze and monitor the product for potential security issues. Polyloop Corporation maintains security incident management policies and procedures, and will promptly notify their customers of any actual or reasonably suspected unauthorized disclosure of their respective data. In the event of a disruption or other incident, we would notify our customers directly by email based on our customer usage.

16. Proprietary Rights

Polyloop and its licensors exclusively own all right, title, and interest in and to all intellectual property rights in the Service and Websites. You agree to abide by all applicable copyright and other laws, as well as any additional copyright notices or restrictions contained in the Service and Websites. All present and future rights in and to trade secrets, patents, copyrights, trademarks, service marks, know-how, and other proprietary rights of any type under the laws of any governmental authority, domestic or foreign, including without limitation rights in and to all applications and registrations relating to the Service and Websites shall, as between you and Polyloop, at all times be and remain the sole and exclusive property of Polyloop.

17. The Platform. Subject to your compliance with these Terms, we grant you a , non-exclusive, non-sublicensable, non-transferable, and revocable right to access and use the Service and Websites only for your own internal use (or for internal uses authorized by the applicable Account Administrator), and only in a manner that complies with these Terms and all legal requirements that apply to you or your use of the Service and Websites. Polyloop may revoke this license at any time, in its sole discretion.

17.1 Intellectual Property. The copyright in the material contained in the Platform (save for the products/ outcomes of the services) and any trademarks and brands included in that material belongs to us or our licensors. We grant to you a non-exclusive, non-transferable, license to use such IPR for Your own internal business purposes with a right to sub-license such IPR on equivalent terms to an entity within the [company name] Group.

17.1.1 We assign to You by way of present and future assignment, with full title guarantee and free from all third party rights, all intellectual property rights and all other rights in the products and /or outcomes of the services.

17.1.2 We will, promptly at Your request, do (or procure to be done) all such acts and things and the execution of all such other documents as the You may from time to time require for the purpose of securing for You the full benefit of the Agreement, including right, title and interest in and to the intellectual property rights and all other rights assigned to the You in accordance with clause 11.1A.

17.1.2 Accuracy of Information. We will use reasonable endeavors to ensure that the information available on the Platform is, at all reasonable times, accurate. We will use all reasonable endeavors to correct errors and omissions as quickly as practicable after becoming aware or being notified of the same.

17.1.3 Changes to the Platform. We may also change, suspend or discontinue any aspect of the Platform, including the availability of any features, information, database or content or restrict access to parts or all of the platform without notice or liability.

17.2 Our responsibility for loss or damage suffered by you

17.3 We are responsible to you for foreseeable loss and damage caused by us. If we fail to comply with these terms, we are responsible for loss or damage you suffer that is a foreseeable result of our breaking this contract or our failing to use reasonable care and skill, but we are not responsible for any loss or damage that is not foreseeable. Loss or damage is foreseeable if either it is obvious that it will happen or if, at the time the contract was made, both we and you knew it might happen, for example, if you discussed it with us during the sales process.

17.4 We do not exclude or limit in any way our liability for the following:

(a) death or personal injury caused by our negligence or the negligence of our employees, agents or subcontractors;

(b) for fraud or fraudulent misrepresentation;

(c) for breach of your legal rights in relation to the services;

(d) for Our liability under clause 13 (data protection).

17.5 Total Liability. Subject to clause 12.2, Our total liability to you in respect of all other losses arising under or in connection with the services, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, shall in no circumstances exceed the fees received from you.

17.6 We are not liable for business losses. We will have no liability to you for any loss of profit, loss of business, business interruption, or loss of business opportunity.

17.7. Data Protection For the purposes of this clause, the following terms will have the definitions set out below:

“Data” has the meaning given in the Data Protection Legislation and more specifically means data as described in Appendix 1 to be made available by the Controller to the Processor for the purposes of providing the services;

“Data Controller” means the Customer as per the definition in the Data Protection Legislation;

“Data Processor” means the Supplier as per the definition in the Data Protection Legislation;

“Data Protection Legislation” means, for the periods in which they are in force in the United Kingdom, the Data Protection Act 1998, the EU Data Protection Directive 95/46/EC, the Regulation of Investigatory Powers Act 2000, the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000, the Electronic Communications Data Protection Directive 2002/58/EC, the Privacy and Electronic Communications (EC Directive) Regulations 2003, the GDPR and all applicable Laws and regulations relating to processing of personal data and privacy, including where applicable the guidance and codes of practice issued by the Information Commissioner, in each case as amended or substituted from time to time;

“Data Subject” has the meaning given to it by the Data Protection Legislation;

“GDPR” means (a) the General Data Protection Regulations (Regulation (EU) 2016/679) which comes into force on 25 May 2018; and (b) any equivalent legislation amending or replacing the General Data Protection Regulations (Regulation (EU) 2016/679;

“Personal Data” has the meaning as set out in the Data Protection Legislation which forms part of the Data; “Personal Data Breach” has the meaning as set out in the Data Protection Legislation; “Processing” has the meaning as set out in the Data Protection Legislation and “Process” and “Processed” shall be construed accordingly;

“Special Categories of Personal Data” means Sensitive Personal Data or Special Categories of Personal Data, as defined in the Data Protection Legislation, which is Processed by the Data Processor on behalf of the Data Controller pursuant to or in connection with the Agreement;

17.8 Both parties shall duly observe all their obligations under the Data Protection Legislation which arise in connection with the contract and shall not perform their obligations in such a way as to cause the other party to breach any of

its obligations under the Data Protection Legislation.

17.9 With respect to the parties’ rights and obligations under the contract, the Parties agree that [company name] Group is the Data Controllers and that the Polyloop Corporation is the Data Processor.

17.10 The Data Controller shall not disclose any Personal Data to the Data Processor save where it is lawful and in a form which is lawful.

17.11 The subject-matter and duration of the Processing, nature and purpose of the Processing, types of Personal Data, and categories of Data Subjects are set out in Appendix 1 to these Terms and Conditions.

17.12 The Data Controller may make reasonable amends to Appendix 1 by written notice to the Data Processor from time to time as the Data Controller considers necessary to meet the requirements of the Data Protection Legislation.

17.13 The Processor agrees to only Process the Data in accordance with these Terms and Conditions and, subject to the overriding requirements of Data Processing Legislation, undertakes to:

17.14.1 only process the Personal Data for and on behalf of the Controller, strictly in accordance with the written instructions of the Data Controller, unless the Processing is required by applicable laws to which the Data Processor is subject, in which case the Data Processor shall to the extent permitted by such applicable laws inform the Data Controller of that legal requirement before Processing;

17.14.2 ensure that any personnel with access to Personal Data are subject to a duty of confidentiality (whether contractual or statutory) and ensure that access is strictly to those individuals who need to know/access

the Personal Data;

17.14.3 taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Data Processor shall, in relation to the Personal Data, implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred

to in Article 32(1) of the GDPR;

17.14.4 only engage Subcontractors with the prior written consent of the Data Controller and under a written contract,

imposing the same data protection obligations as set out in the Agreement, remaining liable to the Data Controller for compliance of any Sub-Contractor engaged and informing the Data Controller of any changes concerning the addition or replacement of Sub-Contractors giving the Data Controller sufficient opportunity to object to such changes;

17.14.5 assist the Data Controller by appropriate technical and organizational measures, insofar as possible, for the fulfillment of the Data Controller’s obligations to respond to requests for exercising the Data Subject’s rights laid

down in the Data Protection Legislation;

17.14.6 notify the Data Controller within five (5) Working Days if it receives a request from a Data Subject under the Data Protection Legislation in respect of the Personal Data and not respond to any such request without the written authorization of the Data Controller or as required by the Data Protection Legislation to which the Data Processor is subject but only after informing the Data Controller of such legal requirement before responding to the request;

17.14.7 notify the Data Controller without undue delay, and at least within 48 hours, upon becoming aware of a Personal Data Breach, providing the Data Controller with sufficient information to allow it to meet its obligations under the Data Protection Legislation and to enable the Controller to report the breach to the Information

Commissioner’s Office within the 72 hour deadline imposed by the GDPR and assist the Data Controller, as directed, in the investigation, mitigation and remediation of such Personal Data Breach;

17.14.8 assist the Data Controller in ensuring compliance with the obligations pursuant to the Data Protection Legislation taking into account the nature of the Processing for the purposes of the Agreement and the information available

to the Data Processor, including but not to those obligations relating to (a) security of processing; (b) notification of a Personal Data Breach to the Information Commissioner’s Office; (c) communication of a Personal Data Breach to the Data Subject; and (d) Data Protection impact assessments and any subsequent consultations with the Information Commissioner’s Office;

17.14.5 on the expiry or termination of the Agreement, promptly upon request from the Data Controller (at the Data Controller’s discretion) either: (a) return all Personal Data to the Data Controller and delete all existing copies, or procure such deletion; or (b) securely destroy such Personal Data, unless an applicable law requires storage of the Personal Data but only to the extent and for such period as required by such law;

17.14.11 notify the Data Controller of the deletion of Personal Data in accordance with Clause 1.6.9 within 21 days of the expiry or termination of the Agreement;

17.14.12 not transfer Personal Data outside the European Economic Area (EEA) without the prior written consent of the Data Controller;

17.14.13 make available to the Data Controller on request all information necessary to demonstrate compliance with the Data Protection Legislation, and allow for and contribute to audits, including inspections, by the Data Controller or an auditor mandated by the Data Controller including to permit the Data Controller or its external advisers (subject to reasonable and appropriate confidentiality undertakings) to inspect and audit the Data Processor’s data processing activities and those of its agents, subsidiaries and sub-contractors and comply with all

reasonable requests or directions by the Data Controller to enable the Data Controller to verify and procure that the Data Processor is in full compliance with its obligations under the Agreement.

17.15 The Data Processor shall, at all times during and after the term of the Agreement, indemnify the Data Controller and keep the Data Controller indemnified against all losses, damages, costs or expenses and other liabilities (including

legal fees) incurred by, awarded against or agreed to be paid by the Data Controller arising from any breach of the Data Processor’s obligations under this clause except and to the extent that such liabilities have resulted directly from the Data Controller’s instructions.

17.16 The provisions of this clause shall apply during the continuance of the Agreement and indefinitely after its expiry or termination.

18. Other important terms

18.1 You may only transfer your rights under our guarantee to someone else. You may only transfer your rights or your obligations under these terms to another person with our written consent. We may withhold our consent.

18.2 Nobody else has any rights under this contract. This contract is between you and us. Save for [company name] Group (as defined in the Letter of Engagement), no other person shall have any rights to enforce any of its terms. Neither of us will need the consent of any person acquiring rights under our guarantee to end the contract or make any changes to these terms.

18.3 Notices. Any notice or other communication given by us or you shall be in writing, addressed to us or you at the registered office (if it is a company) or its principal place of business (in any other case) or such other address as we

or you may have specified in writing, and shall be delivered personally or sent by prepaid first-class post or other next working day delivery service, or by commercial courier, or e-mail. A notice or other communication shall be

deemed to have been received: if delivered personally, when left at the address referred to in the Letter of Engagement; if sent by pre-paid first class post or other next working day delivery service, at 9.00 am on the second business day after posting; if delivered by commercial courier, on the date and at the time that the courier’s delivery receipt is signed; or, if sent by email, on the sending of the e-mail.

18.4 Exclusive Terms. These terms apply to the Agreement to the exclusion of any other terms that you may seek to impose or incorporate, or which are implied by trade, custom, practice or course of dealing.

18.5 If a court finds part of this contract illegal, the rest will continue in force. Each of the paragraphs of these terms operates separately. If any court or relevant authority decides that any of them are unlawful, the remaining paragraphs will remain in full force and effect.

18.6 Even if we delay in enforcing this contract, we can still enforce it later. If we do not insist immediately that you do anything you are required to do under these terms, or if we delay in taking steps against you in respect of your breaking this contract, that will not mean that you do not have to do those things or prevent us taking steps against you at a later date. For example, if you miss a payment and we do not chase you but we continue to provide the services, we can still require you to make the payment at a later date.

18.7 Dispute Resolution. Any and all disputes relating to this Agreement and/or the subject matter of it, shall in the first instance be referred to the parties contract managers for resolution. Upon such referral the contract managers shall meet within 5 days of such referral to resolve the issue. If the contract managers cannot resolve the issue within 5 days of their meeting, the matter shall be referred to the parties senior management for resolution. If the Senior Managers cannot resolve the issue within 10 days of their meeting over it, the parties shall be free to refer the matter

to meditation or other alternative dispute resolution procedures.

18.8 Which laws apply to this contract and where you may bring legal proceedings. These terms are governed by English law and you can bring legal proceedings in respect of the services in the English courts.

19. WARRANTIES, DISCLAIMER, AND LIMITATION OF LIABILITY

THE SERVICE AND WEBSITES AND USER CONTENT, WHETHER PROVIDED BY POLYLOOP, ITS LICENSORS, ITS VENDORS OR ITS USERS, AND OTHER INFORMATION ON OR ACCESSIBLE FROM THE SERVICE AND WEBSITES ARE PROVIDED “AS IS” WITHOUT WARRANTY, REPRESENTATION, CONDITION, OR GUARANTEE OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT TO ANY IMPLIED WARRANTIES, REPRESENTATIONS, CONDITIONS OR GUARANTEES OF QUALITY, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ALL OF WHICH ARE DISCLAIMED TO THE FULLEST EXTENT PERMITTED BY LAW. SPECIFICALLY, BUT WITHOUT LIMITATION, POLYLOOP DOES NOT WARRANT THAT: (i) THE INFORMATION AVAILABLE ON THE SERVICE AND WEBSITES IS FREE OF ERRORS; (ii) THE FUNCTIONS OR FEATURES (INCLUDING BUT NOT TO MECHANISMS FOR THE DOWNLOADING AND UPLOADING OF USER CONTENT) WILL BE UNINTERRUPTED, SECURE, OR FREE OF ERRORS; (iii) DEFECTS WILL BE CORRECTED, OR (iv) THE SERVICE AND WEBSITES OR THE SERVER(S) THAT MAKE THE SERVICE AND WEBSITES AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. POLYLOOP DOES NOT WARRANT, ENDORSE, GUARANTEE OR ASSUME RESPONSIBILITY FOR ANY PRODUCT OR SERVICE ADVERTISED OR OFFERED BY A THIRD PARTY THROUGH THE SERVICE AND WEBSITES OR ANY WEBSITE FEATURED OR LINKED TO THROUGH THE SERVICE AND WEBSITES, AND POLYLOOP WILL NOT BE A PARTY TO OR IN ANY WAY BE RESPONSIBLE FOR MONITORING ANY TRANSACTION BETWEEN YOU AND THIRD-PARTY PROVIDERS OF PRODUCTS OR SERVICE AND WEBSITES. POLYLOOP WILL NOT BE LIABLE FOR THE OFFENSIVE OR ILLEGAL CONDUCT OF ANY THIRD PARTY. YOU VOLUNTARILY ASSUME THE RISK OF HARM OR DAMAGE FROM THE FOREGOING. THE FOREGOING LIMITATIONS WILL APPLY EVEN IF A REMEDY FAILS OF ITS ESSENTIAL PURPOSE AND TO THE FULLEST EXTENT PERMITTED BY LAW.

IN NO EVENT SHALL POLYLOOP OR ITS AFFILIATES, LICENSORS, VENDORS, OR ANY OF THEIR RESPECTIVE DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, OR OTHER REPRESENTATIVES BE LIABLE TO YOU OR ANY OTHER PERSON OR ENTITY FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES (INCLUDING, BUT NOT TO, DAMAGES FOR LOSS OF PROFITS, LOSS OF DATA, LOSS OF USE, OR COSTS OF OBTAINING SUBSTITUTE GOODS OR SERVICES), ARISING OUT OF OR IN CONNECTION WITH THE SERVICE AND WEBSITES, ANY MATERIALS, INFORMATION, OR RECOMMENDATIONS APPEARING ON THE SERVICE AND WEBSITES, OR ANY LINK PROVIDED ON THE SERVICE AND WEBSITES, WHETHER OR NOT POLYLOOP HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND WHETHER BASED UPON WARRANTY, CONTRACT, TORT, STRICT LIABILITY, VIOLATION OF STATUTE, OR OTHERWISE. THIS EXCLUSION OF LIABILITY SHALL APPLY TO THE FULLEST EXTENT PERMITTED BY LAW. IN ANY EVENT, OUR AGGREGATE LIABILITY WILL NOT EXCEED $100.

Some countries and U.S. jurisdictions do not allow the exclusion of certain warranties or the limitation or exclusion of liability for incidental or consequential damages such as above in this section 9. Accordingly, some of the above limitations may not apply to you.

20. Indemnification

YOU AGREE TO INDEMNIFY, DEFEND, AND HOLD POLYLOOP, ITS AFFILIATES, AND ITS RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, MEMBERS, SHAREHOLDERS, CONTRACTORS, OR REPRESENTATIVES HARMLESS FROM AND AGAINST ANY CLAIM OR DEMAND, INCLUDING WITHOUT LIMITATION, REASONABLE ATTORNEYS’ FEES, MADE IN CONNECTION WITH OR ARISING OUT OF YOUR USE OF THE SERVICE AND WEBSITES, YOUR CONNECTION TO THE SERVICE AND WEBSITES, YOUR VIOLATION OF THE TERMS, YOUR VIOLATION OF AN APPLICABLE LAW, YOUR SUBMISSION, POSTING, OR TRANSMISSION OF USER CONTENT TO THE SERVICE AND WEBSITES, AND/OR YOUR VIOLATION OF ANY RIGHTS OF ANOTHER INDIVIDUAL OR ENTITY. WE RESERVE THE RIGHT TO ASSUME THE EXCLUSIVE DEFENSE AND CONTROL OF SUCH DISPUTES, AND IN ANY EVENT YOU WILL COOPERATE WITH US IN ASSERTING ANY AVAILABLE DEFENSES.

21. Third-Party Links, Services and Websites

The Service and Websites may include information and content provided by third parties, including links to third-party websites, resources, and/or goods and services. Polyloop is not responsible and will not be liable for any damages or losses caused by or relating to, (i) any content, advertising, products, or other materials on or available from such sites or resources, (ii) the availability of or any errors or omissions in such websites or resources, or (iii) any information handling practices or other business practices of the operators of such sites or resources. Your interactions with such third parties will be governed by the third parties’ own terms of service and privacy policies, and any other similar terms.

22. General Terms

22.1 Modifications to the Service. We reserve the right at any time to modify or discontinue, temporarily or permanently, the Service and Websites (or any part thereof), with or without notice. You agree that Polyloop shall not be liable to you or any third party for any modification, suspension or discontinuation of the Service and Websites.

22.2 Controlling Law. These Terms will be governed by the laws of California notwithstanding its conflicts of law principles. However, some countries (including those in the European Union) have laws that require agreements to be governed by the local laws of the consumer’s country. This paragraph does not override those laws.

22.3 Initial Dispute Resolution. Most disputes can be resolved without resort to formal dispute resolution. If you take any issue with us or our Service, you agree that before taking any formal action, you will contact us at support@polyloop.com and provide a brief, written description of the dispute and your contact information (including your username, if your dispute relates to an account). Except for intellectual property and small claims court claims, the parties agree to use their best efforts to settle any dispute, claim, question, or disagreement directly through consultation with Polyloop, and good faith negotiations shall be a condition to either party initiating a lawsuit .

22.4 No Waiver. The failure of Polyloop to exercise or enforce any right or remedy in these Terms does not waive that right or remedy. If any provision of these Terms is found to be invalid or unenforceable, the parties agree that the court should endeavor to give effect, to the maximum extent permitted by law, to the parties’ intentions as reflected in the provision, and the other provisions of these Terms will remain in full force and effect.

22.5 Third-Party Beneficiaries. You agree that, except as otherwise expressly provided in these Terms, there shall be no third-party beneficiaries to these Terms.

22.6 Entire Agreement. These Terms (and all terms and conditions incorporated herein) constitute the entire agreement between you and Polyloop, and supersede any prior agreements between you and Polyloop on the subject matter. To the extent of any conflict or inconsistency between the provisions in these Terms and any other terms or resources referenced in these Terms, the terms contained directly in these Terms will first prevail; provided, however, that if there is a conflict or inconsistency between an applicable Customer Agreement and these Terms, the terms of the Customer Agreement will first prevail, followed by the provisions in these Terms, and then followed by the pages referenced in these Terms (e.g., the Privacy Statement). The applicable Customer will be responsible for notifying Managed Users of those conflicts or inconsistencies and until such time the terms set forth herein will be binding.

22.7 Translations. Any non-English translations of these Terms are provided for convenience only. In the event of any ambiguity or conflict between translations, the English version shall control.

22.8 Miscellaneous. These Terms, and any rights or licenses granted hereunder, may not be assigned or delegated by you. These Terms, and any rights or licenses granted hereunder, may be assigned or delegated by Polyloop without restriction. These Terms bind and inure to the benefit of each party and the party’s successors and permitted assigns. These Terms may not be modified by an oral statement by a representative of Polyloop. No agency, partnership, joint venture or employee-employer relationship is intended or created by these Terms. You agree that any agreements made by and between you and us in electronic form are as legally binding as if made in physical written form. If you are using the Service and Websites for or on behalf of the U.S. government, your license rights do not exceed those granted to non-government consumers. The section titles in these Terms are for convenience only and have no legal or contractual effect. Any provision of these Terms that by its nature is reasonably intended to survive beyond their termination or expiration shall survive. Notwithstanding the generality of the foregoing, the following sections shall survive any termination or expiration of these Terms: Sections 1 (Introduction); 2 (How These Terms Apply); 7 (Proprietary Rights); 8 (User Content and Feedback); 9 (Warranties, Disclaimer, and Limitation of Liability); 10 (Indemnification); and 12 (General Terms).

APPENDIX 1: DATA PROCESSING

This Appendix includes certain details of the Processing of Personal Data as required by the Data Protection Legislation.

1 THE SUBJECT-MATTER AND DURATION OF THE PROCESSING

1.1 The subject-matter and duration of the Processing of Personal Data in accordance with this Agreement shall consist of:

1.1.1 Subject Matter: the provision of services to [company name] Group by Polyloop Corporation , as set out in the Letter of Engagement.

1.1.2 Duration of the Processing: the duration of the processing shall be for the term designated under the agreement between Polyloop Corporation and [company name] Group.

2 THE NATURE AND PURPOSE OF THE PROCESSING

2.1 The subject-matter and duration of the Processing of Personal Data in accordance with this Agreement shall consist of:

2.1.1 Polyloop Corporation will process the Personal Data for the purposes of providing services to [company name] Group, as set out in our Letter of Engagement.

3 THE TYPES OF PERSONAL DATA TO BE PROCESSED

3.1 The types of Personal Data that shall be processed in accordance with this Agreement will be:

3.1.1 The Personal Data that shall be processed in accordance with this Agreement shall include names, telephone numbers, email addresses, job titles.

4 CATEGORIES OF DATA SUBJECTS TO WHOM PERSONAL DATA RELATES

4.1 The categories of individuals whose Personal Data is processed in accordance with this Agreement will be: Employees


© Policy Platforms Ltd