VOKOL – CUSTOMER AGREEMENT

This Vokol Customer Agreement (“Agreement”) is entered as of the Effective Date between Vokol, Inc. (“Vokol”) and the organization agreeing to these terms (“Customer”). Capitalized terms not defined in the Agreement have the meanings provided in the Order Form, Customer represents it is lawfully able to enter into this Agreement and, if it is entering into the Agreement for an entity, that it has legal authority to bind that entity. By clicking “I agree,” accepting the Order Form, or using the Services, Customer agrees to this Agreement.

1. Services.

   1.1. Access to Services. Subject to the terms and conditions of this Agreement, Vokol hereby grants Customer a non-transferable right to access and use the Services listed on the Order Form during the Services Term, exercisable solely for internal use by Authorized Users. The Services Term will be listed on the Order Form. For the purposes of the Agreement, (a) “Authorized Users” means identified individuals (such as individual employees or contractors) authorized by Customer to access or use Services, (b) “Order Form” means the ordering document signed by Customer and Vokol or the Vokol webpage that Customer uses to purchase the Services, (c) “Services” means Vokol’s offerings and services made available for purchase or use by Customer, along with any of Vokol’s associated software, tools, developer services, documentation, and websites, but excluding any Third Party Services.

   1.2. Updates to Services. This Agreement will also apply to updates and upgrades of the Services subsequently provided by Vokol to Customer. Vokol may update the functionality, capabilities, user interfaces, usability, and documentation from time to time in its sole discretion in connection with the ongoing development, maintenance, improvement and optimization of the Services.

2. Customer Responsibilities.

   2.1. Customer must provide accurate and current Account information. Customer may not resell or lease access to its Account. Customer will promptly notify Vokol if it becomes aware of unauthorized access to the Account or the Services. An “Account” means the administrative account provided to Customer by Vokol for the purpose of administering the Services.

   2.2. Customer is responsible and liable for all uses of the Services resulting from access or use, directly or indirectly, by Customer, including all activity that occurs under its Account, and whether such access or use is permitted by or in violation of this Agreement. Customer is responsible for all acts and omissions of Authorized Users, and any act or omission by an Authorized User that would constitute a breach of this Agreement if taken by Customer will be deemed a breach of this Agreement by Customer. Customer will, at its expense, be solely responsible for all matters relating to Customer Content, including all costs, obligations and liabilities associated with the processing and transfer of Customer Content with the Services. Customer will be solely responsible for their agreements with Authorized Users, and for obtaining any necessary rights, consents, permissions or authorizations to submit or otherwise make available Customer Content to Vokol for use under this Agreement. Customer is responsible for Inputs and securing all rights, licenses, and permissions required to provide Inputs to the Services, including any applicable publicity clearances and releases. Customer is responsible for all use of Outputs and evaluating Outputs for legality and appropriateness for Customer’s use case, including by utilizing commercially reasonable human review efforts as appropriate. Customer must not, and must not permit its Authorized Users to, use the Services to promote discrimination, bigotry, racism, hatred, harassment, violence, or harm to any individual or group. Customer will use commercially reasonable efforts to prevent unauthorized access to or use of the Services and promptly notify Vokol of any such unauthorized access or use.

3. Fees and Payment.

   3.1. Customer will pay Vokol the applicable Fees in the currency and pursuant to the payment terms on the Order Form. Customer authorizes Vokol to charge Customer for all applicable Fees using the payment method on the Account. Fees are non-refundable except as required by law or as otherwise specifically permitted in the Agreement. Vokol may suspend or terminate the Services if Fees are past due. Customer will provide complete and accurate billing and contact information to Vokol. “Fees” means all fees charged to Customer’s Account in accordance with an Order Form.

   3.2. All Fees are exclusive of taxes and similar assessments. Customer is responsible for all sales, use, and excise taxes, and any other similar taxes, duties, and charges of any kind imposed by any federal, state, or local governmental or regulatory authority on any amounts payable by Customer hereunder, other than any taxes imposed on Vokol’s income.

4. Confidentiality; Privacy.

   4.1. “Confidential Information” means all information disclosed (whether in oral, written, or other tangible or intangible form) by one party (the “Disclosing Party”) to the other party (the “Receiving Party”) or obtained by or on behalf of the Receiving Party, under or in connection with this Agreement, that the Receiving Party knows or reasonably should know is confidential information of the Disclosing Party. Confidential Information does not include information to the extent that it (a) is known to the Receiving Party prior to receipt thereof hereunder; (b) is disclosed to the Receiving Party free of confidentiality obligations by a third party who has the right to make such disclosure; (c) is or becomes publicly known through no fault of the Receiving Party; or (d) is independently developed by persons on behalf of the Receiving Party without use of or reference to the Disclosing Party’s Confidential Information. The Receiving Party will maintain the Confidential Information in confidence during the Term and for a period of 5 years thereafter and will not use or disclose such Confidential Information except as expressly permitted in this Agreement; provided, however, that the nondisclosure and nonuse obligations in this Section 4 with respect to Confidential Information that constitutes a trade secret of the Disclosing Party will continue so long as such Confidential Information remains a trade secret under applicable law (or for a period of 5 years after the Term, if longer). The Receiving Party agrees it will (i) only use the Disclosing Party’s Confidential Information to exercise its rights and fulfill its obligations under this Agreement, (ii) will use the same degree of care in protecting the Confidential Information as the Receiving Party uses to protect its own confidential and proprietary information from unauthorized use or disclosure, but in no event less than reasonable care and (iii) not disclose the Confidential Information to any third party except as expressly permitted in this Agreement. The Receiving Party may disclose Confidential Information only to its affiliates, employees, contractors, and agents who have a need to know and who are bound by confidentiality obligations at least as restrictive as those in this Agreement. The Receiving Party will be responsible for any breach of this Section 4 by its employees, contractors, and agents. The Receiving Party may disclose Confidential Information to the extent required by law, if the Receiving Party uses reasonable efforts to notify the Disclosing Party, to the extent permitted, prior to doing so.

   4.2. Personal Data. All personal data (such as Account login and other personal data collected through the Services) will be processed in accordance with the data processing addendum shown on Exhibit A.

5. Intellectual Property.

   5.1. Services. Customer acknowledges that, as between Customer and Vokol, Vokol owns all right, title, and interest in and to the Services including all modifications, derivative works, upgrades, and updates thereto, all software or materials made available by Vokol and all related intellectual property rights related to the foregoing.

   5.2. Customer Content. Vokol may use Customer Content, and provide necessary access to Third Party Service providers acting on Vokol’s behalf, such as Vokol’s hosting services provider: (a) to develop, improve, provide, maintain and optimize the Services, including to develop and train models using Customer Content to the extent permitted by applicable law and regulation; (b) to prevent or address service or technical problems or at Customer's request in connection with support matters; (c) as compelled by law; or (d) to enforce this Agreement. Subject to the limited licenses granted herein, Customer owns, and Vokol acquires no right, title or interest under this Agreement in or to any Customer Content. “Customer Content” means all media files including audio, images, pictures, videos, and audio-visual content provided by Customer or its Authorized Users to the Services (“Inputs”) and the specific output that is generated by Customer’s or such Authorized Users’ use of the Services (“Outputs”).

   5.3. Use Restrictions. Customer will not, and will not permit Authorized Users to: (a) provide Inputs or upload, post, transmit, or otherwise make available to the Services any other content that (i) is unlawful or tortious, or (ii) Customer does not have a right to make available to Vokol to provide the Services under any applicable law or under contractual or fiduciary relationships; (b) use the Services or Outputs in a manner that may reasonably be expected to, or does, infringe, misappropriate, or otherwise violate any intellectual property, privacy, publicity, or other proprietary rights of any person; (c) sublicense, resell, transfer, time share, or similarly exploit any Services; (d) upload, post, transmit, or otherwise make available any content or information designed to interrupt, interfere with, destroy or limit the functionality of the Services or any other computer software, hardware or telecommunications equipment; (e) reverse engineer, modify, adapt, or hack the Services, or otherwise attempt to gain unauthorized access to the Services; (f) use the Services or its Outputs to build, train, or improve a similar or competitive product or service.; (g) to mislead any person that Output was solely human generated; or (h) in violation of Vokol’s acceptable use policy shown on Exhibit B (the “Acceptable Use Policy”), or any other third party terms, guidelines, policies or the like to which Vokol links in connection with generation of Output.

   5.4. Usage Data. Notwithstanding anything to the contrary in this Agreement, Vokol may monitor Customer's use of the Services, and collect and compile usage and operations data and information related to or generated from Customer's use of the Services (“Usage Data”) to develop, improve, provide, maintain and optimize its products and services. Vokol may not publish Usage Data except in aggregate and anonymized form such that neither Customer nor an Authorized User can be identified.

   5.5. Feedback. If Customer provides Vokol with any ideas for improvement, information, materials, ideas, concepts, techniques, suggestions, or other feedback with respect to the Services or any of Vokol’s products and services (collectively, "Feedback"), Vokol will have the unrestricted right to use such Feedback for any purpose without any obligation or other payment to Customer.

   5.6. Third-Party Services. Third parties may offer products, services, content or technology (including artificial intelligence technologies) through the Services (“Third Party Services”). If you elect, in Customer’s sole discretion, to access or use Third Party Services, Customer’s access and use of Third Party Services are subject to this Agreement and any additional terms applicable to the Third Party Services.

   5.7. Reservation of Rights. Vokol reserves all rights not expressly granted to Customer in this Agreement. Except for the limited rights and licenses expressly granted under this Agreement, nothing in this Agreement grants, by implication, waiver, estoppel, or otherwise, any intellectual property rights or other right, title, or interest in or to the Services.

6. Disclaimer; Indemnification; Limitations of Liability.

   6.1. Disclaimer. THE SERVICES ARE PROVIDED "AS IS" AND VOKOL HEREBY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. VOKOL SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE. VOKOL MAKES NO WARRANTY OF ANY KIND THAT THE SERVICES, OR ANY PRODUCTS OR RESULTS OF THE USE THEREOF, WILL MEET CUSTOMER'S OR ANY OTHER PERSON'S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM, OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE, OR ERROR FREE. VOKOL WILL HAVE NO OBLIGATION TO MAINTAIN, CORRECT, UPDATE, CHANGE, MODIFY OR OTHERWISE SUPPORT THE SERVICES DURING THE TERM. CUSTOMER FURTHER ACKNOWLEDGES THAT THE SERVICES PROVIDED HEREUNDER MAY CONTAIN DEFECTS. SERVICES MAY NOT BE SOLD, TRANSFERRED, OR FURTHER DISTRIBUTED WITHOUT VOKOL’ PRIOR WRITTEN AUTHORIZATION.

   6.2. Indemnification. Customer will, at Customer’s expense and at Vokol’ option, defend, indemnify and hold harmless Vokol and its affiliates, partners, licensors and service providers and each of their officers, employees, independent contractors and agents against any claim, suit or proceeding (“Claim”) arising out of or relating to: (a) Customer’s or any of its Authorized Users’ access to or use of Services; (b) Customer’s breach (or any acts or omissions that, if true, would be a breach) of this Agreement; (c) Customer Content; and (d) Customer’s breach or alleged breach of any applicable law or regulation. Customer may not enter into a settlement under this Section 6.2 without Vokol’ prior written approval. Vokol will provide Customer (i) prompt written notice of, and (ii) all information and assistance reasonably requested by Customer in connection with the defense or settlement of any such Claim.

   6.3. Limitations of Liability. IN NO EVENT WILL VOKOL BE LIABLE UNDER OR IN CONNECTION WITH THIS AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR OTHERWISE, FOR ANY: (A) CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, ENHANCED, OR PUNITIVE DAMAGES; (B) INCREASED COSTS, DIMINUTION IN VALUE OR LOST BUSINESS, PRODUCTION, REVENUES, OR PROFITS; (C) LOSS OF GOODWILL OR REPUTATION; (D) USE, INABILITY TO USE, LOSS, INTERRUPTION, DELAY, OR RECOVERY OF ANY DATA, OR BREACH OF DATA OR SYSTEM SECURITY; (E) COST OF REPLACEMENT GOODS OR SERVICES OR (F) ANY FINES OR OTHER PENALTIES OR CONSEQUENCES IMPOSED BY ANY GOVERNMENT BODY WITH JURISDICTION OVER CUSTOMER, IN EACH CASE REGARDLESS OF WHETHER VOKOL WAS ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE. IN NO EVENT WILL VOKOL’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE EXCEED THE TOTAL AMOUNTS PAID TO VOKOL UNDER THIS AGREEMENT IN THE 6 MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

7. Termination.  

   7.1. The Agreement will remain in effect from the Start Date and continue until the earlier of: (a) the end of the Initial Term and all Renewal Terms (collectively, the “Services Term”); or (b) termination of the Agreement as set forth herein (“Term”). For the purposes of this Agreement, (i) “Initial Term” means the initial term for the Services beginning on the Start Date and continuing for the duration set forth on the Order Form, (ii) “Renewal Term” means a renewal term for the Services following either the Initial Term, or a previous Renewal Term. Note that if Customer renews without a new Order Form, the duration of that Renewal Term will be the same duration of the immediately preceding Initial Term or Renewal Term, and (iii) “Start Date” means the date an Initial Term, or Renewal Term, begins. For clarity, Start Dates are listed on the Order Form. Note that if Customer renews without a new Order Form, the Start Date for that Renewal Term will be calculated based on the original Start Date.

   7.2. Renewal Terms, if any, and whether the Services auto renew, will be listed on the applicable Order Form. Notice of non-renewal or scope reduction must be given at least thirty days before the start of the next Renewal Term. If Customer reduces its license count or quantity, Vokol may adjust or remove pricing offered to Customer based on its prior purchase.

   7.3. Vokol may offer Customer a free trial of certain Services under this Agreement. If the Initial Term is a free trial, Vokol will make such Services available to Customer on a trial basis free of charge until the earlier of (a) the end of the free trial period on the applicable Order Form; (b) the Start Date of any Renewal Term purchased by Customer for Services; or (c) termination of the trial by Vokol in Vokol’s sole discretion. Additional trial terms and conditions may appear on the trial registration web page. Any such additional terms and conditions are incorporated into this Agreement by reference and are legally binding. ANY DATA CUSTOMER ENTERS INTO A SERVICE, AND ANY CONFIGURATIONS OR CUSTOMIZATIONS MADE TO A SERVICE BY OR FOR CUSTOMER DURING YOUR FREE TRIAL WILL BE PERMANENTLY LOST UNLESS CUSTOMER PURCHASES A SUBSCRIPTION TO THE SAME SERVICE AS COVERED BY THE TRIAL BEFORE THE END OF THE TRIAL PERIOD.

   7.4. Either party may terminate this Agreement upon written notice (a) if the other party materially breaches this Agreement and does not cure the breach within thirty (30) days after receiving written notice of the breach or (b) if the other party ceases its business operations or becomes subject to insolvency proceedings. Vokol may suspend Customer’s or any Authorized User’s access to the Services or terminate this Agreement: (i) if required to do so by law; or (ii) to prevent a security risk or other credible risk of harm or liability to Vokol, the Services, or any third party. Vokol will use reasonable efforts to notify Customer of any suspension or termination and give you the opportunity to resolve the issue prior to suspension or termination. 

   7.5. Upon expiration or termination of this Agreement, Customer will immediately discontinue use of Services. No expiration or termination will affect Customer's obligation to pay all Fees that may have become due before such expiration or termination or entitle Customer to any refund. Sections 2 - 8, the DPA and the Acceptable Use Policy will survive expiration or termination.

8. Miscellaneous. This Agreement will be governed by and construed in accordance with the laws of the State of California, without reference to conflict of laws principles. The parties hereby submit to the exclusive jurisdiction of, and venue in, the state and federal courts located in San Francisco, California. EACH PARTY WAIVES ANY RIGHT TO JURY TRIAL OR CLASS OR REPRESENTATIVE ACTION PARTICIPATION IN CONNECTION WITH DISPUTES ARISING OUT OF THIS AGREEMENT. Any notice required or permitted hereunder will be in writing (email sufficient) and will be effective upon receipt at the address of the party to whom notice is being given, as set forth on the attached signature pages or at such other address as such party may have designated by giving notice to the other party as set forth in this Agreement. Notices must be sent via email, first class, airmail, or overnight courier and are deemed given when received. Notices to Customer may also be sent to the applicable Account email address and are deemed given when sent. Notices to Vokol must be sent to support@vokol.ai, with a copy to: Vokol, Inc. 1902 Lincoln Blvd, Ste A 1512, Santa Monica, CA 90405. No amendment to or modification of this Agreement is effective unless it is in writing and signed by an authorized representative of each party; provided that to the extent such modifications do not materially expand Customer’s obligations, increase Customer’s Fees, or limit Customer’s rights under the Agreement, Vokol may make reasonable modifications to this Agreement and will use reasonable efforts to provide Customer with reasonable advance written notice of such modifications (including by posting updates on Vokol’s website or through the Services). No failure or delay by either party in exercising any right under this Agreement will constitute a waiver of that right. If any provision of this Agreement is invalid, illegal, or unenforceable in any jurisdiction, such provision will be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of this Agreement will remain in full force and effect. Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other party, except that (i) Vokol may assign this Agreement to an affiliate without notice or Customer’s consent and (ii) either party may assign this Agreement in connection with a merger or sale of all or substantially all of the respective party’s assets or business, provided that the assigning party provides at least 30 days prior written notice of the assignment. Any purported assignment, transfer, or delegation in violation of the foregoing is null and void. This Agreement may be executed in counterparts, each of which is deemed an original, but all of which together are deemed to be one and the same agreement. There are no intended third party beneficiaries to this Agreement, and it is Customer’s and Vokol’s specific intent that nothing contained in this Agreement will give rise to any right or cause of action, contractual or otherwise, in or on behalf of any third party. Except for payment obligations, neither party will have any liability for failures or delays resulting from conditions beyond such party’s reasonable control, including governmental action or acts of terrorism, earthquake or other acts of God, labor conditions, or power failures. This Agreement is the entire agreement between Customer and Vokol with respect to its subject matter and supersedes all prior or contemporaneous agreements, communications and understandings, whether written or oral. This Agreement hereby incorporates by this reference the DPA, Acceptable Use Policy and relevant Order Forms. Customer agrees that any terms and conditions contained in any purchase order Customer sends to Vokol will not apply to this Agreement and are null and void. If there is a conflict between the documents that make up the Agreement, the documents will control in the following order, the: (a) Order Form; (b) the DPA, (c) the Agreement and (d) Acceptable Use Policy. As used herein, the words “include” and “including” shall be deemed to be followed by the words “without limitation.”

EXHIBIT A - DATA PROCESSING ADDENDUM

In connection with Vokol’s provision of the Services to Customer under the Agreement, Vokol may obtain, access, or otherwise Process Personal Information from, or on behalf of, Customer. Vokol agrees to protect all Personal Information as detailed in this Data Processing Addendum (“DPA”). Capitalized terms used but not defined in this DPA will have the meanings set forth in the Agreement.

1. Data Processing and Protection.  

   1.1. Compliance with Law. Vokol will comply with all Privacy Laws applicable to Vokol’s Processing of Personal Information under the DPA.

   1.2. Limitations on Use. Vokol will Process Personal Information only (i) on Customer’s behalf, (ii) in order to perform the Services and (iii) in accordance with Customer’s instructions as documented, specified, and limited in the Agreement and as described in the attached Schedule 1 (Description of Processing). For clarity, and without limiting the generality of the foregoing, in no event may Vokol: (A) Sell or Share Personal Information; (B) retain, use, or disclose Personal Information to any third party for the commercial benefit of Vokol or any third party; (C) retain, use, disclose, or otherwise Process Personal Information outside of its direct business relationship with Customer or for a commercial purpose other than the business purposes specified in the Agreement and attached Schedule 1; or (D) combine Personal Information with other information that identifies, directly or indirectly, an individual or relates to an identifiable individual that Vokol receives from, or on behalf of, other persons, or collects from its own interaction with the Individual separate from the Services. Vokol certifies that it understands and will comply with the foregoing restrictions.

   1.3. Confidentiality. Vokol will hold Personal Information in strict confidence and impose confidentiality obligations on Vokol Personnel who will be provided access to, or will otherwise Process, Personal Information, including to protect all Personal Information in accordance with the requirements of this DPA (including during the term of their employment or engagement and thereafter).

   1.4. De-identification and Aggregation. Customer permits Vokol to Process Customer Information in de-identified, anonymized and/or aggregated form as part of the Services. Vokol will ensure that any such Customer Information qualifies and remains qualified as de-identified information, anonymized data, de-identified data, and/or aggregate information as defined by Privacy Law. Vokol will make no attempt to re-identify any individual to whom such Customer Information relates, will publicly commit to maintaining and using such Customer Information without attempting to re-identify it, and will take reasonable measures to prevent such re-identification.

   1.5. Information Security Program. Vokol will implement, maintain, monitor and, where necessary, update a comprehensive written information security program that contains appropriate administrative, technical and physical safeguards appropriate to the nature of the Personal Information, including the measures set forth in Schedule 2, that are designed protect Personal Information against anticipated threats or hazards to its security, confidentiality or integrity (such as unauthorized access, collection, use, copying, modification, disposal or disclosure; unauthorized, unlawful or accidental loss, destruction, acquisition or damage; or any other unauthorized form of Processing) (“Information Security Program”). Vokol will assist Customer in meeting Customer’s obligations under the Privacy Laws in relation to the security of Processing Personal Information.

   1.6. Disclosure. Vokol will not disclose or transfer Personal Information to, or allow access to Personal Information by (each, a “Disclosure”) any third party without Customer’s express prior written consent; provided, however, that Vokol may Disclose Personal Information to its affiliates and subcontractors for purposes of providing the Services to Customer, subject to the following conditions: (i) Vokol will maintain a list of the affiliates and subcontractors (with contact information) and will provide this list to Customer upon Customer’s request; (ii) Vokol will provide Customer with at least 30 days’ prior notice of the addition of any affiliate or subcontractor to this list and the opportunity to object to such addition(s); and (iii) if Customer makes such an objection on reasonable grounds and Vokol is unable to modify the Services to prevent Disclosure of Personal Information to the additional affiliate or subcontractor, Customer will have the right to terminate the relevant Processing. If Customer does not object to an added third party, the new third party will be considered an “Authorized Subprocessor.” Vokol will, prior to any Disclosure, enter into an agreement with such third party that is substantially similar to this DPA. Such agreement will be provided to Customer promptly upon request. Vokol will be liable for all actions by such third parties with respect to the Disclosure.

   1.7. Requests or Complaints from Individuals. Vokol will promptly notify Customer in writing, and in any case within five (5) business days of receipt, unless specifically prohibited by Law, if Vokol or any Authorized Sub-processor receives: (i) any requests from an Individual with respect to Personal Information Processed, including, but not limited, to opt-out requests; requests for access and/or rectification, erasure or restriction; requests for data portability and all similar requests; or (ii) any complaint relating to the Processing of Personal Information, including allegations that the Processing infringes on an Individual’s rights. Vokol will not respond to any such request or complaint except to redirect Individual to Customer and/or inform Individual that his/her request was redirected to Customer unless expressly authorized to do so by Customer. Vokol will cooperate with Customer with respect to any action taken relating to an individual’s request or complaint and will seek to implement appropriate processes (including technical and organizational measures) to assist Customer in responding to such requests or complaints.

   1.8. Production Requests. If Vokol receives any order, demand, warrant or any other document requesting or purporting to compel the production of Personal Information (including, for example, by oral questions, interrogatories, requests for information or documents in legal proceedings, subpoenas, civil or criminal investigative demands or other similar processes) by any competent authority (“Production Request”), Vokol will immediately notify Customer (except to the extent prohibited by Law). If the Production Request is not legally valid and binding, Vokol will not respond. If a Production Request is legally valid and binding, Vokol will provide Customer with at least forty-eight (48) hours’ notice prior to the required disclosure, so that Customer may, at its own expense, exercise such rights as it may have under Law to prevent or limit such disclosure. Notwithstanding the foregoing, Vokol will exercise commercially reasonable efforts to prevent and limit any such disclosure and to otherwise preserve the confidentiality of Personal Information and will cooperate with Customer with respect to any action taken relating to such request, complaint, order or other document, including to obtain an appropriate protective order or other reliable assurance that confidential treatment will be accorded to Personal Information.

   1.9. Audit. Customer may provide to Vokol a security assessment questionnaire related to Services, which Vokol will accurately and promptly complete. The questionnaire may include questions seeking verification of compliance with the terms and conditions of this DPA. Upon request, Vokol will also supply a copy of its most recent third-party assessment, such as an ISO 27001/2, SSAE 18 SOC 2, ISAE 3402 SOC 2 or similar assessment, if Vokol has had such an assessment. If, after the original security questionnaire assessment, Customer determines that further assessment is warranted, Customer may request, no more than annually and with thirty (30) days’ prior written notice, at Customer’s cost, an assessment related to Services provided with a scope to be mutually agreed upon. During such a review, Customer may examine policies, procedures and other materials related to specific Services performed, to the extent that such review does not compromise confidentiality obligations to any other customers of Vokol.

   1.10. Regulatory Investigations. Upon notice to Vokol, Vokol will assist and support Customer in the event of an investigation by any law enforcement body or regulator, including a data protection or similar authority, if and to the extent that such investigation relates to Personal Information handled by Vokol on behalf of Customer in accordance with this DPA. Such assistance will be at Customer’s sole expense, except where investigation was required due to Vokol’s acts or omissions, in which case such assistance will be at Vokol’s sole expense.

   1.11. Security Incident. Vokol will notify Customer in writing promptly whenever Vokol reasonably believes that there has been (i) any accidental or unauthorized access, acquisition, use, modification, disclosure, loss, destruction of or damage to Personal Information; or (ii) any other unauthorized Processing of Personal Information (each, a “Security Incident”). After providing notice, Vokol will investigate the Security Incident, take all necessary steps to eliminate or contain the exposure of the Personal Information and keep Customer informed of the status and cause of the Security Incident and all related matters. Vokol further agrees to provide reasonable assistance and cooperation requested by Customer and/or Customer’s designated representatives in the furtherance of any correction, remediation, investigation or recording of any Security Incident and/or the mitigation of any potential damage, including any notification that Customer may determine appropriate to send to affected Individuals, regulators or third parties, and/or the provision of any credit reporting service that Customer deems appropriate to provide to affected Individuals. Unless required by law applicable to Vokol, Vokol will not notify any Individual or any third party other than law enforcement of any potential Security Incident involving Personal Information without first obtaining written permission of Customer.

   1.12. Return or Disposal. Vokol will, as appropriate and as directed by Customer, regularly dispose of Personal Information that is maintained by Vokol but that is no longer necessary to provide the Services. Upon termination or expiration of this DPA for any reason or at any time upon Customer’s request, Vokol will immediately cease handling Personal Information and will return such Personal Information in a manner and format reasonably requested by Customer or, if specifically directed by Customer, will destroy, any or all Customer Information in Vokol’s possession, power or control, except as otherwise required by law applicable to Vokol. If Vokol has such a legal obligation to retain Customer Information beyond the period otherwise specified by this Section, Vokol will notify Customer in writing of that obligation, to the extent permitted by Law, and will return or destroy the Customer Information in accordance with this Section as soon as possible after that legally required retention period has ended. If Vokol disposes of any paper, electronic or other record containing Customer Information, Vokol will do so by taking all reasonable steps (based on the sensitivity of Customer Information) to destroy Customer Information by: (a) shredding; (b) permanently erasing and deleting; (c) degaussing; or (d) otherwise modifying Customer Information in such records to make it unreadable, unreconstructable and indecipherable. Upon request, Vokol will provide a written certification that Customer Information has been returned or securely destroyed in accordance with this DPA.

   1.13. Other. Upon Customer’s request, Vokol will provide assistance and all information in its possession necessary to demonstrate Vokol’s compliance with its obligations under this DPA and the Privacy Laws and assist Customer in meeting its obligations under Privacy Laws, including: (i) registration and notification obligations; (ii) accountability; (iii) ensuring the security of Personal Information; (iv) if required by Privacy Law, establishment and maintenance of a record of Personal Information Processing; and (v) conducting and documenting privacy and data protection impact assessments and related consultations of data protection authorities. Vokol will inform Customer if Vokol believes that any instructions of Customer regarding the Processing of Personal Information would violate Law.

   1.14. Adverse Changes. Vokol will notify Customer in writing promptly if Vokol: (i) has reason to believe it is not or will not be able to comply with any of its obligations under the Privacy Laws or this DPA; or (ii) becomes aware of any circumstances or change in Law that is likely to prevent it from fulfilling its obligations under this DPA. Customer has the right, upon providing notice to Vokol, to take reasonable and appropriate steps to stop and remediate unauthorized Processing of Personal Information, including where Vokol has notified Customer that it can no longer meet its obligations under the Privacy Laws. In the event that this DPA, or any actions to be taken or contemplated to be taken in performance of this DPA, do not or would not satisfy either party’s obligations under the Law applicable to each party, the parties will negotiate in good faith upon an appropriate amendment to this DPA.

   1.15. Data Transfers. With respect to Personal Information originating from the European Economic Area, the United Kingdom, or Switzerland that is Transferred from Customer to Vokol, Vokol agrees to comply with the provisions of Schedule 3.

   1.16. Survival. The obligations of Vokol under this DPA will continue for as long as Vokol continues to have access to, is in possession or control of, or acquires Customer Information, even if all agreements between Vokol and Customer have expired or have been terminated.

   1.17. Conflicts. To the extent the terms of the DPA conflict with the Agreement with regard to the Processing of Personal Information, the terms of the DPA will prevail.

2. Definitions.

   2.1. “Customer Information” means any information owned or controlled by Customer, in any form, format or media (including paper, electronic and other records), that is provided to Vokol or that Vokol has access to, obtains, uses, maintains, or otherwise handles in connection with the performance of Services, including partial copies thereof.

   2.2. “Individual” means any individual about whom Personal Information may be Processed under this DPA.

   2.3. “Law” means any applicable transnational, foreign or domestic federal, state, or local law, statute, code, ordinance, regulation, rule, consent agreement, order, injunction, judgment, decree, ruling, constitution, treaty, or other similar requirement of any governmental authority.

   2.4. “Personal Information” means any Customer Information received under this DPA that identifies, directly or indirectly, an individual or relates to an identifiable individual.

   2.5. “Privacy Law” means any Law relating to the Processing of Personal Information.

   2.6. “Process” or “Processing” means the collection, recording, organization, structuring, alteration, access, disclosure, copying, transfer, storage, deletion, retention, combination, restriction, adaptation, retrieval, consultation, destruction, disposal, sale, sharing, or other use of Personal Information, whether by automated means or otherwise.

   2.7. “Sale” or “Sell” means exchanging, disclosing, making available, transferring, or otherwise providing or communicating Personal Information to a person for monetary or other valuable consideration.

   2.8. “Share” or “Sharing” means sharing, releasing, disclosing, making available, transferring or otherwise providing or communicating Personal Information to a person to target advertising to an individual based on information that identifies, directly or indirectly, that individual or relates to that individual, from that individual’s activities across businesses, distinctly-branded websites, applications, or services, other than the Customer or the Customer’s distinctly-branded websites, applications or services, whether or not for monetary or other valuable consideration.

   2.9. “Vokol Personnel” means any Vokol’s employee, contractor, subcontractor or agent to whom Vokol authorizes to access or Process Customer Information.

   2.10. “Transfer” means the access by, transfer or delivery to or disclosure of Personal Information to a person, entity or system located in a country or jurisdiction other than the country or jurisdiction from which the Personal Information originated.

EXHIBIT A - SCHEDULE 1 DESCRIPTION OF PROCESSING

EXHIBIT A - SCHEDULE 2 SECURITY MEASURES

Description of the security measures implemented by Vokol (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons.

Vokol maintains and enforces various policies, standards and processes designed to secure Personal Information and other Customer Information to which Vokol Personnel are provided access and to protect Personal Information and other Customer Information from accidental loss or destruction.

1. Information Security Policies and Standards. Vokol will implement security requirements for staff and all subcontractors, suppliers, or agents who have access to Personal Information that are designed to ensure a level of security appropriate to the risk and address the requirements detailed in this Schedule. Vokol will conduct periodic risk assessments and review and, as appropriate, revise its information security practices at least annually or whenever there is a material change in Vokol’s business practices that may reasonably affect the security, confidentiality or integrity of Personal Information, provided that Vokol will not modify its information security practices in a manner that will weaken or compromise the confidentiality, availability or integrity of Personal Information.

2. Physical Security. Vokol will maintain commercially reasonable security systems at all Vokol sites at which an information system that uses or houses Personal Information are located. Vokol reasonably restricts access to such Personal Information appropriately and has in place practices to prevent unauthorized individuals from gaining access to Personal Information.

3. Organizational Security.

• Vokol will maintain records specifying which media are used to store Personal Information.

• When media are to be disposed of or reused, Vokol will implement procedures to prevent any subsequent retrieval of any Personal Information stored on the media before they are withdrawn from the inventory. When media are to leave the premises at which the files are located as a result of maintenance operations, procedures will be implemented to prevent undue retrieval of Personal Information stored on them.

• Vokol will implement security policies and procedures to classify sensitive information assets, clarify security responsibilities and promote awareness for employees.

• All Personal Information security incidents are managed in accordance with appropriate incident response procedures.

• Vokol will encrypt, using industry-standard encryption tools, all Personal Information that Vokol: (i) transmits or sends wirelessly or across public networks; (ii) stores on laptops or storage media; and (iii) stores on portable devices, in each case, where technically feasible. Vokol will safeguard the security and confidentiality of all encryption keys associated with encrypted Personal Information.

• Vokol will ensure (i) that Personal Information cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage and (ii) that the target entities for any transfer of Personal Information by means of data transmission facilities can be established and verified.

4. Network Security. Vokol maintains network security using commercially available equipment and industry-standard techniques, including firewalls, intrusion detection and prevention systems, access control lists and routing protocols.

5. Access Control.

• Vokol will maintain appropriate access controls, including, but not limited to, restricting access to Personal Information to the minimum number of Vokol Personnel who require such access. Vokol will maintain a list of the persons who have accessed Personal Information and a list of those who are permitted to access the Personal Information.

• Only authorized staff can grant, modify or revoke access to an information system that uses or houses Personal Information.

• User administration procedures define user roles and their privileges and how access is granted, changed and terminated; address appropriate segregation of duties; and define the logging/monitoring requirements and mechanisms.

• All employees of Vokol are assigned unique User IDs.

• Access rights are implemented adhering to the “principle of least privilege.”

• Vokol will implement commercially reasonable physical and electronic security to create and protect passwords.

• Vokol will establish security procedures to prevent Personal Information Processing systems from being used without authorization, such as through logical access controls.

6. Virus and Malware Controls. Vokol will install and maintain commercially reasonable anti-virus and malware protection software on the system and has in place scheduled malware monitoring and system scanning to protect Personal Information from anticipated threats or hazards and protect against unauthorized access to or use of Personal Information.

7. Personnel.

• Prior to providing access to Personal Information to Vokol Personnel, Vokol will require Vokol Personnel to comply with its Information Security Program.

• Vokol will implement a security awareness program to train personnel about their security obligations. This program will include training about data classification obligations; physical security controls; security practices; and security incident reporting.

• Vokol will clearly define roles and responsibilities for Vokol Personnel. Screening will be implemented before employment with terms and conditions of employment applied appropriately.

• A disciplinary process will be utilized if employees commit a security breach.

8. Business Continuity. Vokol will implement commercially reasonable back-up and disaster recovery and business resumption plans. Vokol will regularly review, test and updates its business continuity plan and risk assessment to ensure that they are up to date and effective.

9. Primary Security Manager. Vokol will notify Customer of its designated primary security manager. The security manager will be responsible for managing and coordinating the performance of Vokol’s obligations set forth in its Information Security Program and in this DPA.

EXHIBIT A - SCHEDULE 3 DATA TRANSFERS

Notwithstanding anything to the contrary in the DPA, where Personal Information is subject to European Economic Area (“EEA”), UK or Swiss Privacy Law, Vokol agrees to comply with the provisions below.

1. Restricted Transfers of Personal Information Subject to GDPR. The EU Standard Contractual Clauses (Module 2 Controller to Processor) ((EU) 2021/914) available at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en (“EU SCCs”), and incorporated herein by reference, will apply to any transfer of Personal Information that is subject to the EU General Data Protection Regulation ((EU) 2016/679) (“GDPR”). Notwithstanding the foregoing, the EU SCCs will not apply to the extent the transfer is covered by (i) a decision adopted by a competent authority with jurisdiction over Customer declaring that a jurisdiction meets an adequate level of protection of Personal Information (an “Adequacy Decision”). The parties agree that the EU SCCs are completed as follows:

   a) Clause 7 (Docking Clause) is retained.

   b) In Clause 9, the parties agree that Option 2 will apply in accordance with Section 1.6 of the DPA.

   c) In Clause 17, the EU SCCs will be governed by the laws of data exporter’s jurisdiction.

   d) In Clause 18, any dispute arising from the EU SCCs will be resolved by the courts of the data exporter’s jurisdiction.

   e) In Annex IA, Customer is the controller and data exporter, Vokol is the processor and data importer.

   f) Annex IB is completed by Schedule 1 to the DPA.

   g) In Annex IC, the data protection authority where Customer is located is the competent supervisory authority.

   h) Annex II is completed by Schedule 2 to the DPA.

2. Restricted Transfers from Switzerland. The EU SCCs, as modified in this section, will apply to any transfer of Personal Information that is subject to the Swiss Federal Act on Data Protection (“FADP”) and is not otherwise subject to an Adequacy Decision.

   a) The term “EU Member State” must not be interpreted in such a way as to exclude data subjects in Switzerland from the possibility for suing their rights in their place of habitual residence (Switzerland) in accordance with Clause 18(c).

   b) References to the GDPR are to be understood as references to the FADP.

   c) In Clause 17, the EU SCCs will be governed by the laws of Switzerland.

   d) In Annex IC, the Swiss Federal Data Protection and Information Commissioner is the competent supervisory authority.

3. Restricted Transfers from the United Kingdom. Where the transfer of Personal Information is subject to the laws of the United Kingdom (including the UK General Data Protection Regulation) and is not otherwise subject to an Adequacy Decision, the parties agree:

   a) The provisions of the UK International Data Transfer Addendum to the EU Commission Standard Contractual Clauses, Version B1.0, in force from March 21, 2022, available at https://ico.org.uk/media/for-organisations/documents/4019539/international-data-transfer-addendum.pdf (“UK Addendum”), including Part 2 ‘Mandatory Clauses’, are herein incorporated by reference and shall apply in full;

   d) In Table 1 of the UK Addendum, the names of the parties, their roles and their details shall be set out in the DPA;

   c) In Tables 2 and 3 of the UK Addendum, Module 2 of the EU SCCs incorporated into this DPA by reference, including the information set out in the attached Schedules, shall apply; and

   d) In Table 4 of the UK Addendum, either party may end the UK Addendum.

4. Conflicts. In the event of any conflict between the terms of the DPA and the terms of the EU SCCs or UK Addendum, the EU SCCs or UK Addendum (as applicable) will control.

EXHIBIT B – ACCEPTABLE USE POLICY

Last Updated: August 7th 2025

This Acceptable Use Policy (“Policy”) and applies to Customer’s access and use of the Services, including any Inputs that Customer provides and Outputs that Customer creates. It also applies to Customer’s use within and outside the Vokol website and the Services, whether directly or indirectly, as well as any attempts to engage in such use. Capitalized but undefined terms used herein have the meanings set forth in the Agreement. 

Prohibited Uses

1. Do not threaten child safety.

For example, this includes accessing or using the Services to:

• Create, distribute or promote sexually explicit material involving minors, or otherwise facilitate or promote the exploitation or sexualization of children, including minor grooming, nudity, or use of any material designed to impersonate a minor. We report material containing apparent child sexual abuse material to the relevant authorities and organizations where required by law or as we may otherwise deem appropriate in Vokol’s reasonable discretion.

• Create, distribute, or share age-inappropriate material, including material that targets minors and promotes sexual material, graphic violence, obscenity, or other mature themes.

• Facilitate or promote child abuse or exploitation in any form.

• Facilitate or otherwise contribute to cyberbullying or harassment of any minor, including without limitation by creating, distributing, or sharing material that shames, humiliates, bullies, or celebrates the suffering of any minor, or material that threatens a minor with bullying or harassment.

2. Do not engage in illegal behavior.

For example, this includes accessing or using the Services to:

• Infringe, misappropriate, or otherwise violate another party's intellectual property rights.

• Violate another party's privacy rights, as defined under applicable law.

• Create or facilitate the exchange of illegal goods, services, or substances, including, without limitation, material that promotes or facilitates transactions in illegal drugs, firearms or explosive weapons, weapon development, other dangerous materials, counterfeit or deceptive goods or services, human trafficking, or sexual services.

3. Do not use the Services to facilitate activities that may significantly affect the wellbeing of others.

For example, this includes accessing or using the Services to:

• Engage in or facilitate the use, acquisition, or exchange of regulated drugs or other controlled goods and services, including advertising, medical advice, or providing instructions on their production. This includes without limitation the marketing or provision of alcohol, tobacco products, controlled substances, prescription medications, recreational drugs, supplements, herbal remedies, and medical devices.

• Provide tailored professional advice without (i) a qualified professional in that field reviewing the Output before it is made available to a consumer or the general public, and (ii) clear disclosure regarding the use and limitations of AI. This includes without limitation:  

  • Financial advice or services, including lending services and cryptocurrency trading;

    • Legal services, including the issuance of legal interpretations or guidance; and 

    • Health or medical advice, including diagnosis, treatment, and mental health services. 

• Facilitate real-money gambling activities or pay day lending. 

• Engage in or facilitate high-stakes automated decisionmaking which may affect an individual’s wellbeing. 

4. Do not engage in fraudulent, predatory, or abusive practices.

For example, this includes accessing or using the Services to:

• Manipulate or deceive others in any manner likely to cause harm, including efforts to gain unauthorized access to non-public information, including credit card details and bank accounts, social security numbers, health data, or other sensitive information.

• Defraud others, including via financial or other scams.

• Evade product guardrails, including voice verification mechanisms.

• Engage in or facilitate unauthorized robocalling, meaning the use of automated dialing systems or artificial/pre-recorded voice messages to place phone calls to individuals or businesses without direct human intervention.

• Promote or facilitate the generation or distribution of spam (including by facilitating "call bombing" or other forms of communication that may overwhelm or disrupt systems or users). Harvest or bulk collect email addresses, phone numbers, or other contact information for the purpose of sending unsolicited communications.

5. Do not engage in unauthorized, deceptive or harmful impersonation.

For example, this includes creating or using Vokol audio output to intentionally replicate the voice of another person: 

• without consent or legal right, including to take unauthorized action on behalf of such individual; 

• in a way that harasses or causes harm to that person, including via unauthorized sexualization; 

• in a manner intended to deceive others about whether the voice was generated by artificial intelligence.

6. Do not engage in voter suppression, candidate impersonation, or political campaigning in the context of elections:

For example, this includes accessing or using the Services to:

• Incite, engage in, or facilitate voter suppression or other disruption of electoral or civic processes, including by creating, distributing, or facilitating the spread of misleading information.

• Impersonate political candidates or elected government officials, regardless of whether authorization was obtained. 

• Engage in political campaigning, including promoting or advocating for a particular candidate, issue, or position, or soliciting votes or financial contributions. 

7. Do not engage in unauthorized network access or surveillance or otherwise threaten the security, availability, or integrity of any network or system.

For example, this includes accessing or using the Services to: 

• a) Attempt to obtain unauthorized access to computer systems and networks, or to facilitate the disruption of critical infrastructure.

• b) Facilitate the creation or use of malware or other harmful code, including without limitation spyware, communications surveillance, or other unauthorized means of monitoring of individuals.

8. Do not create violent, hateful, or harassing material outside of fictional contexts.

For example, this includes accessing or using the Services to:

• Create, distribute, or engage in violent threats, extremism, or terrorism, including material that threatens, incites, or promotes violence against an individual or group.

• Engage in, promote, or facilitate human trafficking, sexual violence, or other exploitation.

• Discriminate based on protected characteristics, including race, national or ethnic origin, religion, age, sex, gender, sexual orientation, or physical ability.

• Promote or facilitate harassment, including material that promotes harassing, threatening, intimidating, predatory, or stalking conduct or that otherwise promotes or celebrates the suffering of individuals or groups of individuals.

• Promote or facilitate self-harm, including suicide or eating disorders.

• Create, promote, or facilitate the spread of misinformation, including denying the existence of specific health conditions and other medical misinformation.

• Promote or facilitate the use of harassing debt collection practices.

• This section does not apply to activity in purely fictional contexts (e.g. violent speech by a character in a book, video game or movie) or when it is part of reporting on newsworthy activity by third parties (e.g. a news anchor reporting on terrorist activities).

Additional Requirements

1. Disclosure: Customer must clearly and prominently disclose to their users they are interacting with AI rather than a human.

2. Human in the loop: Use of the Services to provide tailored professional advice necessitates maintaining a qualified professional in the loop. 

3. Enforcement. Enforcement of this Policy is at Vokol’s sole discretion, and any failure of Vokol to enforce this Policy in every instance does not constitute a waiver of Vokol’s right to enforce it in other instances. This Policy does not create any right or private right of action on the part of any third party or any reasonable expectation that the Services will not contain any material that is prohibited by this Policy or that objectionable material will be promptly removed after it has been posted. Vokol uses a combination of automated systems, user reports, and human review to assess material and usage that may violate this Policy. For users who violate this Policy, Vokol may remove the violating material, and/or suspend access to and use of the Services. For certain material that poses a real-world risk of harm, Vokol reserves the right to contact or cooperate with relevant law enforcement authorities.

Vokol encourages users to report any suspected abuse and misuse to Vokol support@vokol.ai. 

Complaints Handling

If you believe your Account has been incorrectly banned or your material has been incorrectly removed, you can let us know by contacting us at support@vokol.ai.

Updates to this Policy

We may periodically update this Policy. We will notify you of any significant changes in advance or as required by law. You can check the “Last Updated” date at the outset of this Policy to see when it was last updated.