Terms and Conditions

2.1 Licence Grant

Subject to Customer's compliance with these Terms and Conditions and payment of all applicable Fees, Knogin grants to Customer a limited, non-exclusive, non-transferable, revocable licence to access and use the Platform during the Subscription Term solely for Customer's internal business purposes and in accordance with the applicable Licence Metrics, deployment model, and Territory specified in the Order Form.

2.2 Authorised Users

Customer may permit Authorised Users to access and use the Platform in accordance with these Terms and Conditions. Customer shall ensure that all Authorised Users comply with these Terms and Conditions and shall be responsible for all acts and omissions of its Authorised Users.

2.3 Government Customer Provisions

Where Customer is a Government Customer:

• (a)the Platform is provided as commercial computer software and commercial computer software documentation, as applicable;
• (b)if Customer is a United States Government agency, use, duplication, and disclosure of the Platform is subject to the restrictions set forth in FAR 52.227-19 and DFARS 227.7202;
• (c)Customer acknowledges that the Platform may be subject to additional terms required by applicable government procurement regulations, which shall be set forth in a Government Addendum to these Terms and Conditions; and
• (d)Knogin reserves the right to require execution of additional security documentation, background checks, or certifications as a condition of providing access to certain Platform features.

2.4 Licence Restrictions

Except as expressly permitted by these Terms and Conditions or applicable law, Customer shall not, and shall not permit any third party to:

• (a)copy, modify, adapt, translate, or create derivative works of the Platform;
• (b)reverse engineer, disassemble, decompile, or otherwise attempt to derive the source code, underlying ideas, algorithms, file formats, or non-public APIs of the Platform;
• (c)sell, resell, licence, sublicense, distribute, rent, lease, loan, or otherwise transfer or make available the Platform to any third party;
• (d)use the Platform to provide bureau, service bureau, time-sharing, hosted, or managed services to third parties without Knogin's prior written consent;
• (e)remove, alter, or obscure any proprietary notices, labels, or marks on the Platform;
• (f)access the Platform in order to build a competitive product or service or for competitive analysis;
• (g)use the Platform in violation of applicable laws, regulations, or third-party rights;
• (h)use the Platform to store or transmit any content that is unlawful, harmful, threatening, defamatory, or otherwise objectionable;
• (i)interfere with or disrupt the integrity, security, or performance of the Platform or any third-party systems connected thereto;
• (j)attempt to gain unauthorised access to the Platform or its related systems or networks; or
• (k)use the Platform in excess of the Licence Metrics or outside the Territory specified in the Order Form.

3.1 Deployment Options

The Platform may be deployed in the following configurations, as specified in the applicable Order Form:

• (a)SaaS (Cloud-Hosted): Knogin hosts the Platform in its cloud infrastructure and provides access via secure internet connection.
• (b)On-Premises: Customer deploys and operates the Platform within Customer's own infrastructure pursuant to a separate on-premises licence agreement.
• (c)Hybrid: A combination of SaaS and on-premises deployment, with specific components hosted by Knogin and others deployed within Customer's infrastructure.

3.2 Multi-Tenant Architecture

For SaaS deployments, Customer acknowledges that the Platform operates on a multi-tenant architecture in which Customer Data is logically separated from other customers' data. Knogin implements technical and organisational measures to ensure the security and segregation of Customer Data.

3.3 Feature Flags and Tenant Configuration

Customer's access to specific Platform modules, features, and capabilities is controlled through feature flags and tenant configuration as specified in the Order Form. Knogin may enable or disable features in accordance with Customer's subscription tier and applicable compliance requirements.

3.4 Data Residency

For SaaS deployments, Customer Data shall be stored and processed in the geographic region specified in the Order Form. Where Customer requires data residency in a specific jurisdiction, such requirements shall be documented in the Order Form and subject to additional terms and Fees where applicable.

3.5 Updates and Maintenance

Knogin may update, modify, or enhance the Platform from time to time. For SaaS deployments, such updates shall be applied automatically. Knogin shall provide reasonable advance notice of material changes that may affect Customer's use of the Platform. Scheduled maintenance windows shall be communicated in accordance with the Service Level Agreement.

4.1 General Obligations

Customer shall:

• (a)ensure that its use of the Platform complies with all applicable laws, regulations, and industry standards;
• (b)obtain and maintain all necessary licences, consents, and permissions required for its use of the Platform;
• (c)implement and maintain appropriate technical and organisational security measures to protect access credentials and prevent unauthorised access to the Platform;
• (d)notify Knogin promptly of any unauthorised use or security breach relating to Customer's account or access credentials;
• (e)make regular back-up copies of Customer Data and be solely responsible for data management and recovery;
• (f)cooperate with Knogin in the provision of support and maintenance services; and
• (g)comply with the Documentation and all reasonable instructions from Knogin regarding use of the Platform.

4.2 Acceptable Use Policy

Customer shall not, and shall ensure that its Authorised Users do not, use the Platform:

• (a)in any manner that violates applicable local, state, national, or international law or regulation;
• (b)for any purpose that violates fundamental human rights as set forth in the Universal Declaration of Human Rights;
• (c)in a manner that violates constitutional rights or protections applicable in Customer's jurisdiction, including but not limited to protections against unlawful search and seizure;
• (d)to conduct surveillance, monitoring, or data collection activities that are not authorised by applicable law or proper legal process;
• (e)to target individuals based on race, ethnicity, national origin, religion, sexual orientation, gender identity, disability, or other protected characteristics, except where expressly permitted by applicable law for legitimate law enforcement purposes;
• (f)to store, process, or transmit malware, viruses, or other harmful code;
• (g)to engage in any activity that interferes with or disrupts the Platform or the servers and networks connected thereto;
• (h)to access or attempt to access any systems, data, or information not intended for Customer's use;
• (i)to circumvent any technological measures designed to protect the Platform or third-party rights;
• (j)to resell, redistribute, or sublicense access to the Platform without Knogin's prior written consent; or
• (k)for any purpose other than Customer's legitimate internal business or law enforcement operations.

4.3 Suspension for Violation

Knogin may suspend Customer's access to the Platform immediately and without prior notice if Knogin reasonably believes that Customer has violated the Acceptable Use Policy or that continued access poses a risk to the security, integrity, or availability of the Platform. Knogin shall notify Customer of such suspension and the reasons therefor as soon as reasonably practicable.

4.4 Compliance Certifications

Customer acknowledges that access to certain Platform features may require Customer to maintain specific compliance certifications, security clearances, or other qualifications. Customer shall notify Knogin promptly if Customer's compliance status changes in any material respect.

5.1 Roles and Responsibilities

The parties acknowledge and agree that:

• (a)with respect to Personal Data processed through the Platform, Customer is the Controller and Knogin is the Processor;
• (b)Customer shall determine the purposes and means of processing Personal Data and shall ensure that such processing has a valid legal basis under applicable data protection law; and
• (c)Knogin shall process Personal Data only in accordance with Customer's documented instructions as set forth in these Terms and Conditions and any applicable DPA.

5.2 Applicable Data Protection Frameworks

Depending on Customer's jurisdiction, use case, and the nature of the data processed, the following data protection frameworks may apply:

• (a)GDPR: For processing of Personal Data of individuals in the European Economic Area;
• (b)Law Enforcement Directive (LED): For processing of Law Enforcement Data by competent authorities in the European Union;
• (c)UK Data Protection Act 2018: For processing of Personal Data in the United Kingdom, including Part 3 provisions for law enforcement processing;
• (d)Irish Data Protection Act 2018: For processing subject to Irish jurisdiction, including Part 5 provisions implementing the LED; and
• (e)other applicable national or regional data protection laws as specified in the Order Form or Government Addendum.

5.3 GDPR Compliance

Where GDPR applies to Customer's use of the Platform:

• (a)Knogin shall process Personal Data only on documented instructions from Customer, unless required to do so by applicable law;
• (b)Knogin shall ensure that persons authorised to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
• (c)Knogin shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk;
• (d)Knogin shall assist Customer in responding to requests from data subjects exercising their rights under GDPR;
• (e)Knogin shall assist Customer in ensuring compliance with Articles 32-36 of GDPR, taking into account the nature of processing and information available to Knogin;
• (f)at Customer's choice, Knogin shall delete or return all Personal Data upon termination and delete existing copies unless applicable law requires retention; and
• (g)Knogin shall make available to Customer all information necessary to demonstrate compliance with Article 28 of GDPR and allow for and contribute to audits, including inspections, conducted by Customer or an auditor mandated by Customer.

5.4 Law Enforcement Directive Compliance

Where Customer is a competent authority processing Law Enforcement Data through the Platform:

• (a)Customer acknowledges sole responsibility for ensuring that processing has a valid legal basis under the LED and applicable national implementing legislation;
• (b)Customer shall implement appropriate safeguards to distinguish between different categories of data subjects (suspects, convicted persons, victims, witnesses, and others);
• (c)Knogin shall implement logging mechanisms to record collection, alteration, consultation, disclosure, combination, and erasure operations on Law Enforcement Data;
• (d)access to audit logs shall be restricted to authorised personnel and made available for verification of lawfulness of processing; and
• (e)Customer shall ensure that any international transfers of Law Enforcement Data comply with Chapter V of the LED and applicable national implementing legislation.

5.5 International Data Transfers

Where Customer Data is transferred outside the European Economic Area, United Kingdom, or other jurisdiction with data export restrictions:

• (a)such transfers shall only be made in accordance with applicable data protection law;
• (b)Knogin shall ensure that appropriate transfer mechanisms are in place, which may include Standard Contractual Clauses (Module 2: Controller to Processor or Module 3: Processor to Processor) as adopted by the European Commission;
• (c)where required, Knogin shall conduct Transfer Impact Assessments and implement supplementary measures to ensure an essentially equivalent level of protection; and
• (d)specific transfer mechanisms and data residency requirements shall be documented in the applicable Order Form or DPA.

6.1 Incorporation

This Section 6 constitutes the Data Processing Agreement between Customer (as Controller) and Knogin (as Processor) in accordance with Article 28 of GDPR and applies to all processing of Personal Data by Knogin on behalf of Customer.

6.2 Subject Matter and Duration

The subject matter of processing is the provision of the Platform and related services to Customer. The duration of processing shall be the Subscription Term plus any period required for data return or deletion in accordance with Section 15.

6.3 Nature and Purpose of Processing

Knogin processes Personal Data for the purpose of providing the Platform and related services to Customer, including storage, organisation, structuring, retrieval, consultation, use, disclosure by transmission, alignment, combination, restriction, and erasure as necessary to deliver the contracted services.

6.4 Types of Personal Data

The types of Personal Data processed depend on Customer's use of the Platform and may include:

• (a)identification data (names, aliases, identification numbers, photographs);
• (b)contact data (addresses, telephone numbers, email addresses);
• (c)location data (GPS coordinates, address history, movement patterns);
• (d)financial data (bank account details, transaction records);
• (e)communication data (message content, call records, social media data);
• (f)biometric data (fingerprints, facial images) where applicable;
• (g)criminal offence data (arrest records, conviction history, incident reports); and
• (h)any other categories of Personal Data uploaded to the Platform by Customer.

6.5 Categories of Data Subjects

The categories of data subjects may include:

• (a)Customer's employees and personnel;
• (b)subjects of Customer's investigations or operations;
• (c)victims, witnesses, and other individuals relevant to Customer's activities;
• (d)third parties whose data is collected through Customer's use of the Platform; and
• (e)any other categories of data subjects determined by Customer's use case.

6.6 Customer Instructions

Customer instructs Knogin to process Personal Data as necessary to provide the Platform and related services in accordance with these Terms and Conditions. Customer may issue additional written instructions regarding processing, provided that such instructions are consistent with these Terms and Conditions and do not require Knogin to violate applicable law. Knogin shall inform Customer if, in its opinion, an instruction infringes applicable data protection law.

6.7 Sub-processors

Customer provides general authorisation for Knogin to engage Sub-processors to perform specific processing activities on behalf of Customer. A current list of Sub-processors is available upon request and shall be updated in accordance with this section. Knogin shall notify Customer of any intended changes concerning the addition or replacement of Sub-processors at least thirty (30) days prior to such change, giving Customer the opportunity to object. If Customer objects to a new Sub-processor on reasonable grounds relating to data protection, the parties shall discuss the objection in good faith with a view to achieving resolution. If resolution cannot be reached, Customer may terminate the affected services by providing written notice within thirty (30) days of Knogin's notification. Knogin shall impose data protection obligations on Sub-processors that are no less protective than those set forth in this DPA.

6.8 Security Measures

Knogin shall implement and maintain appropriate technical and organisational measures to protect Personal Data against Security Incidents, including:

• (a)encryption of Personal Data in transit and at rest;
• (b)access controls and authentication mechanisms;
• (c)network security and intrusion detection;
• (d)physical security of data processing facilities;
• (e)personnel security and training;
• (f)incident response and business continuity procedures;
• (g)regular security testing and vulnerability assessments; and
• (h)such other measures as are appropriate to the nature, scope, context, and purposes of processing.

6.9 Data Subject Rights Assistance

Knogin shall assist Customer in responding to requests from data subjects exercising their rights under applicable data protection law, including rights of access, rectification, erasure, restriction, portability, and objection. Knogin shall notify Customer promptly if it receives a request from a data subject relating to Customer Data, unless prohibited by law. Knogin shall not respond directly to data subject requests except as instructed by Customer or required by applicable law.

6.10 Security Incident Notification

Knogin shall notify Customer without undue delay, and in any event within seventy-two (72) hours of becoming aware of a Security Incident affecting Customer Data. Such notification shall include, to the extent known: (i) a description of the nature of the Security Incident; (ii) the categories and approximate number of data subjects and Personal Data records affected; (iii) the name and contact details of Knogin's data protection officer or other point of contact; (iv) a description of the likely consequences; and (v) a description of the measures taken or proposed to address the Security Incident. Knogin shall cooperate with Customer and provide reasonable assistance in Customer's investigation and remediation of the Security Incident.

6.11 Audit Rights

Knogin shall make available to Customer all information necessary to demonstrate compliance with the obligations set forth in this DPA. Knogin shall allow for and contribute to audits, including inspections, conducted by Customer or an auditor mandated by Customer, subject to the following conditions: (i) Customer shall provide at least thirty (30) days' prior written notice of any audit request; (ii) audits shall be conducted during normal business hours and shall not unreasonably interfere with Knogin's operations; (iii) Customer and its auditors shall comply with Knogin's reasonable security and confidentiality requirements; (iv) audit scope shall be limited to matters relevant to compliance with this DPA; and (v) Customer shall bear its own costs of any audit, unless the audit reveals material non-compliance by Knogin. As an alternative to on-site audits, Knogin may provide relevant certifications, audit reports, or third-party assessments demonstrating compliance with applicable security and data protection requirements.

7.1 Security Programme

Knogin maintains a comprehensive information security programme designed to protect the confidentiality, integrity, and availability of the Platform and Customer Data. This programme includes:

• (a)a formal information security management system aligned with ISO 27001;
• (b)policies and procedures addressing access control, change management, incident response, business continuity, and other security domains;
• (c)regular risk assessments and security reviews;
• (d)personnel security measures including background checks, training, and confidentiality agreements;
• (e)physical security controls at data processing facilities; and
• (f)vendor and supply chain security management.

7.2 Security Certifications

Knogin maintains the following security certifications and attestations, copies of which are available upon request:

• (a)ISO 27001: Information Security Management System certification;
• (b)SOC 2 Type II: Annual attestation covering Security, Availability, Confidentiality, and Privacy Trust Services Criteria; and
• (c)such additional certifications as may be required for specific customer segments or use cases, including readiness for CJIS, FedRAMP, Cyber Essentials Plus, and other government security frameworks.

7.3 Customer Compliance Enablement

For Government Customers and other customers subject to specific compliance requirements: Knogin provides documentation, technical controls, and configuration options to enable Customer to meet applicable compliance obligations; Customer acknowledges that compliance with requirements such as CJIS Security Policy, FedRAMP, or CMMC requires Customer actions beyond Knogin's controls; Knogin shall execute additional security addenda, including the CJIS Security Addendum, where required by applicable regulations; and specific compliance features, configurations, and requirements shall be documented in the applicable Order Form or Government Addendum.

7.4 Penetration Testing

Knogin conducts annual third-party penetration testing of the Platform. Upon Customer's written request and subject to confidentiality obligations, Knogin shall provide a summary of penetration testing results and remediation status. Critical and high-severity findings shall be remediated within thirty (30) days of identification, and material non-remediation shall be disclosed to Customer.

7.5 Vulnerability Management

Knogin maintains a vulnerability management programme including:

• (a)continuous vulnerability scanning of Platform infrastructure and applications;
• (b)timely application of security patches and updates;
• (c)prioritisation of remediation based on risk severity (CVSS scoring); and
• (d)monitoring of security advisories and threat intelligence.

7.6 Insurance

Knogin maintains Cyber Liability Insurance with minimum coverage of EUR 5,000,000 per claim, covering network security liability, privacy liability, and data breach response costs; Technology Errors and Omissions Insurance with minimum coverage of EUR 2,000,000 per claim; and Commercial General Liability Insurance with minimum coverage of EUR 1,000,000 per occurrence. Upon Customer's reasonable request, Knogin shall provide certificates of insurance evidencing such coverage.

8.1 Applicability

This Service Level Agreement applies to SaaS deployments of the Platform. On-premises and hybrid deployments may be subject to separate service level terms as specified in the applicable Order Form.

8.2 Uptime Commitment

Knogin commits to a monthly uptime target of 99.9% for the Platform, calculated as: Monthly Uptime Percentage = (Maximum Available Minutes - Downtime) / Maximum Available Minutes x 100. Where Maximum Available Minutes means the total number of minutes in the applicable calendar month, and Downtime means the total number of minutes during which the Platform is unavailable for use by Customer, excluding Scheduled Maintenance and Excluded Events.

8.3 Scheduled Maintenance

Knogin shall perform scheduled maintenance during standard maintenance windows (Sundays 02:00-06:00 UTC). Knogin shall provide at least seventy-two (72) hours' advance notice of scheduled maintenance expected to impact Platform availability. Emergency maintenance may be performed with shorter notice where necessary to protect the security, integrity, or availability of the Platform. Scheduled maintenance time is not counted as Downtime for purposes of calculating Monthly Uptime Percentage.

8.4 Excluded Events

The following events are excluded from Downtime calculations:

• (a)scheduled maintenance performed in accordance with Section 8.3;
• (b)circumstances beyond Knogin's reasonable control, including Force Majeure events;
• (c)failures attributable to Customer's systems, networks, or equipment;
• (d)Customer's failure to implement required configurations, updates, or security measures;
• (e)suspension of service in accordance with these Terms and Conditions; and
• (f)issues arising from Customer's use of the Platform in violation of these Terms and Conditions or the Documentation.

8.5 Service Credits

If Knogin fails to meet the monthly uptime commitment, Customer shall be entitled to service credits, applied automatically to Customer's next invoice. See Schedule B for the Service Credit table.

8.6 Service Credit Limitations

Service credits shall be applied automatically without requiring Customer to submit a claim. The maximum aggregate service credits in any calendar month shall not exceed 100% of the monthly Fees for that month. Service credits are the sole and exclusive remedy for failure to meet the uptime commitment. Service credits may not be exchanged for cash and shall expire if not used within twelve (12) months.

8.7 Chronic Service Failures

If the Platform fails to achieve the 99.9% uptime target for three (3) or more months in any rolling ninety (90) day period, Customer may terminate the affected services upon thirty (30) days' written notice and receive a pro-rata refund of prepaid Fees for the terminated portion of the Subscription Term.

8.8 Support Services

Knogin provides technical support in accordance with the support tier specified in the Order Form. Standard support includes: Priority 1 (Critical): Platform unavailable or core functionality severely impaired, target initial response 1 hour; Priority 2 (High): Major feature unavailable or significantly degraded, target initial response 4 hours; Priority 3 (Medium): Non-critical functionality affected, target initial response 8 business hours; Priority 4 (Low): General questions or enhancement requests, target initial response 2 business days. Enhanced support tiers with expanded coverage hours and faster response times are available for additional Fees.

9.1 Fees

Customer shall pay the Fees specified in the applicable Order Form in consideration for access to and use of the Platform. Fees may be structured as:

• (a)Per-User/Per-Seat Fees: Based on the number of Authorised Users;
• (b)Per-Agency Fees: Fixed fees based on Customer's organisation or agency;
• (c)Tiered Pricing: Based on feature packages, usage volumes, or other metrics; or
• (d)such other pricing structure as specified in the Order Form.

9.2 Invoicing

Unless otherwise specified in the Order Form: annual subscription Fees shall be invoiced in advance at the beginning of each Subscription Term or renewal period; monthly subscription Fees shall be invoiced in advance at the beginning of each calendar month; Professional Services Fees shall be invoiced upon completion of milestones specified in the applicable statement of work, or monthly in arrears for time-and-materials engagements; and invoices shall be sent to the billing contact specified by Customer.

9.3 Payment Terms

For commercial customers, payment is due within thirty (30) days of invoice date. For Government Customers, payment terms shall be in accordance with applicable government payment regulations and as specified in the Order Form, which may include extended payment terms of up to sixty (60) or ninety (90) days. All payments shall be made in the currency specified in the Order Form. Payments shall be made by electronic funds transfer to the bank account specified by Knogin.

9.4 Late Payment

If Customer fails to pay any undisputed amount when due, Knogin may charge interest at the rate of 2% per annum above the European Central Bank's main refinancing operations rate (or the maximum rate permitted by applicable law, if lower), calculated daily from the due date until receipt of payment. Knogin may suspend Customer's access to the Platform if any undisputed payment remains outstanding for more than sixty (60) days after the due date, upon providing fourteen (14) days' prior written notice to Customer.

9.5 Taxes

All Fees are exclusive of applicable taxes, levies, or duties. Customer shall be responsible for all sales, use, VAT, GST, withholding, and similar taxes arising from this agreement, excluding taxes based on Knogin's net income. If Customer is required by law to withhold any taxes from payments to Knogin, the Fees payable shall be increased such that Knogin receives the full amount specified in the Order Form after withholding. Where applicable, Knogin shall issue VAT-compliant invoices.

9.6 Fee Changes

Fees for renewal Subscription Terms may be increased by up to 3% annually upon sixty (60) days' prior written notice before the applicable renewal date. Additional fee increases beyond 3% shall require Customer's consent. Fees for the initial Subscription Term and any multi-year commitment periods shall remain fixed for the duration of such period.

9.7 Disputes

Customer shall notify Knogin in writing within thirty (30) days of receipt of an invoice of any disputed amounts, specifying the nature and basis of the dispute. Customer shall pay all undisputed amounts in accordance with the payment terms. The parties shall negotiate in good faith to resolve any fee disputes.

9.8 Government Customer Provisions

For Government Customers: if funds are not appropriated or otherwise made available to support continued performance of this agreement, Customer may terminate this agreement by providing written notice to Knogin; Customer shall return any Knogin-provided equipment or materials within thirty (30) days of such termination; and Customer shall not be liable for any termination charges or penalties arising solely from non-appropriation of funds.

10.1 Knogin Intellectual Property

Knogin and its licensors retain all right, title, and interest in and to the Platform, Documentation, and all related Intellectual Property Rights. No rights are granted to Customer except as expressly set forth in these Terms and Conditions. Customer acknowledges that the Platform contains valuable trade secrets and confidential information of Knogin.

10.2 Customer Data

Customer retains all right, title, and interest in and to Customer Data. Customer grants Knogin a non-exclusive, worldwide, royalty-free licence to use, copy, store, transmit, display, and process Customer Data solely as necessary to provide the Platform and related services to Customer. Knogin shall not use Customer Data for any purpose other than providing services to Customer, except as required by applicable law.

10.3 Feedback

If Customer provides suggestions, ideas, enhancement requests, or other feedback regarding the Platform ("Feedback"), Knogin shall have a royalty-free, worldwide, perpetual, irrevocable licence to use, modify, and incorporate such Feedback into the Platform without restriction or obligation to Customer.

10.4 Aggregate Data

Knogin may compile aggregate, anonymised, and de-identified data derived from Customer's use of the Platform for purposes of improving the Platform, conducting research, and generating industry benchmarks, provided that such data cannot reasonably be used to identify Customer or any individual.

11.1 Confidentiality Obligations

Each party agrees to: hold the other party's Confidential Information in strict confidence; not disclose Confidential Information to any third party except as permitted herein; use Confidential Information only for the purpose of exercising rights and performing obligations under these Terms and Conditions; and protect Confidential Information using at least the same degree of care used to protect its own confidential information, but in no event less than reasonable care.

11.2 Permitted Disclosures

A party may disclose Confidential Information: to its employees, contractors, and agents who need to know such information for purposes of these Terms and Conditions and who are bound by confidentiality obligations no less protective than those herein; to its professional advisers on a need-to-know basis; to the extent required by applicable law, regulation, or legal process, provided that the disclosing party (to the extent permitted) provides prompt notice to the other party and cooperates in seeking protective treatment; and with the other party's prior written consent.

11.3 Exclusions

Confidential Information does not include information that: is or becomes publicly available through no fault of the receiving party; was rightfully in the receiving party's possession prior to disclosure; is rightfully obtained by the receiving party from a third party without breach of any confidentiality obligation; or is independently developed by the receiving party without use of or reference to the disclosing party's Confidential Information.

11.4 Duration

Confidentiality obligations shall survive termination of these Terms and Conditions for a period of five (5) years, except that obligations regarding trade secrets shall continue for so long as such information remains a trade secret under applicable law.

11.5 Return of Confidential Information

Upon termination of these Terms and Conditions or upon the disclosing party's request, the receiving party shall promptly return or destroy all Confidential Information and certify such return or destruction in writing, except to the extent retention is required by applicable law or necessary for legitimate archival purposes.

12.1 Exclusion of Certain Damages

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER PARTY SHALL BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING DAMAGES FOR: LOSS OF PROFITS, REVENUE, OR BUSINESS; LOSS OF GOODWILL OR REPUTATION; LOSS OF DATA OR COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; BUSINESS INTERRUPTION; OR ANY OTHER ECONOMIC LOSS, ARISING OUT OF OR IN CONNECTION WITH THESE TERMS AND CONDITIONS, REGARDLESS OF WHETHER SUCH DAMAGES WERE FORESEEABLE OR WHETHER A PARTY WAS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

12.2 Liability Cap

SUBJECT TO SECTIONS 12.3 AND 12.4, EACH PARTY'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR IN CONNECTION WITH THESE TERMS AND CONDITIONS, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), BREACH OF STATUTORY DUTY, OR OTHERWISE, SHALL NOT EXCEED: THE GREATER OF: (i) THE TOTAL FEES PAID OR PAYABLE BY CUSTOMER DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM; OR (ii) EUR 500,000.

12.3 Super Cap for Data Protection

NOTWITHSTANDING SECTION 12.2, EACH PARTY'S LIABILITY FOR CLAIMS ARISING FROM: BREACH OF DATA PROTECTION OBLIGATIONS UNDER SECTION 5 OR SECTION 6; SECURITY INCIDENTS RESULTING FROM A PARTY'S GROSS NEGLIGENCE OR WILFUL MISCONDUCT; OR REGULATORY FINES OR PENALTIES IMPOSED ON A PARTY AS A RESULT OF THE OTHER PARTY'S BREACH OF DATA PROTECTION OBLIGATIONS, SHALL NOT EXCEED THREE TIMES (3X) THE TOTAL FEES PAID OR PAYABLE BY CUSTOMER DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

12.4 Unlimited Liability

THE LIMITATIONS IN SECTIONS 12.1 AND 12.2 SHALL NOT APPLY TO: EITHER PARTY'S LIABILITY FOR FRAUD, FRAUDULENT MISREPRESENTATION, OR WILFUL MISCONDUCT; EITHER PARTY'S LIABILITY FOR DEATH OR PERSONAL INJURY CAUSED BY ITS NEGLIGENCE; CUSTOMER'S OBLIGATION TO PAY FEES; EITHER PARTY'S INDEMNIFICATION OBLIGATIONS UNDER SECTION 13; OR CUSTOMER'S LIABILITY FOR USE OF THE PLATFORM IN VIOLATION OF THE LICENCE RESTRICTIONS OR ACCEPTABLE USE POLICY.

12.5 Basis of the Bargain

THE PARTIES ACKNOWLEDGE THAT THE LIMITATIONS OF LIABILITY IN THIS SECTION 12 REFLECT THE ALLOCATION OF RISK BETWEEN THE PARTIES AND ARE AN ESSENTIAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN THE PARTIES. KNOGIN WOULD NOT PROVIDE THE PLATFORM WITHOUT THESE LIMITATIONS.

12.6 Irish Law Considerations

Customer acknowledges that, pursuant to the Sale of Goods and Supply of Services Act 1980 and relevant Irish case law, the limitations of liability set forth herein have been determined to be fair and reasonable having regard to: the relative bargaining power of the parties; whether Customer had an opportunity to negotiate the terms; the availability of insurance; and trade custom and practice in the software industry.

13.1 Knogin Indemnification

Knogin shall defend, indemnify, and hold harmless Customer and its officers, directors, employees, and agents from and against any third-party claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising from: any claim that the Platform, as provided by Knogin and used by Customer in accordance with these Terms and Conditions, infringes any valid patent, copyright, or trademark of a third party; and Knogin's gross negligence or wilful misconduct in the performance of its obligations under these Terms and Conditions.

13.2 Knogin Remedies for Infringement Claims

If the Platform is, or in Knogin's opinion is likely to be, subject to an infringement claim, Knogin may at its option and expense: procure for Customer the right to continue using the Platform; modify or replace the Platform to make it non-infringing while maintaining substantially equivalent functionality; or if neither of the foregoing is commercially reasonable, terminate Customer's access to the affected portion of the Platform and refund any prepaid Fees for the terminated portion.

13.3 Knogin Indemnification Exclusions

Knogin's indemnification obligations shall not apply to claims arising from: use of the Platform in combination with software, hardware, data, or materials not provided by Knogin, where the claim would not have arisen but for such combination; modifications to the Platform made by anyone other than Knogin; use of a version of the Platform other than the then-current version, if the claim would have been avoided by use of the current version; Customer Data or Customer's use of the Platform in violation of these Terms and Conditions; or Customer's continued use of the Platform after being notified to cease use due to an infringement claim.

13.4 Customer Indemnification

Customer shall defend, indemnify, and hold harmless Knogin and its officers, directors, employees, and agents from and against any third-party claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising from: Customer Data, including any claim that Customer Data infringes or misappropriates any third-party rights; Customer's use of the Platform in violation of these Terms and Conditions, applicable law, or third-party rights; any dispute between Customer and a third party relating to Customer's operations or activities; and Customer's gross negligence or wilful misconduct.

13.5 Indemnification Procedure

The indemnification obligations in this Section 13 are subject to: the indemnified party providing prompt written notice to the indemnifying party of any claim (provided that failure to provide prompt notice shall not relieve the indemnifying party of its obligations except to the extent materially prejudiced); the indemnifying party being given sole control of the defence and settlement of the claim (provided that the indemnifying party shall not settle any claim that imposes any obligation on the indemnified party without the indemnified party's prior written consent, not to be unreasonably withheld); and the indemnified party providing reasonable cooperation at the indemnifying party's expense.

13.6 Sole Remedy

THIS SECTION 13 SETS FORTH THE ENTIRE LIABILITY OF EACH PARTY AND THE SOLE AND EXCLUSIVE REMEDY OF THE OTHER PARTY FOR ANY CLAIMS COVERED BY THIS SECTION.

14.1 Term

These Terms and Conditions commence on the Effective Date and continue for the initial Subscription Term specified in the Order Form, and thereafter shall automatically renew for successive renewal periods equal to the initial Subscription Term (or one year, if shorter), unless either party provides written notice of non-renewal at least sixty (60) days prior to the end of the then-current term.

14.2 Termination for Cause

Either party may terminate these Terms and Conditions immediately upon written notice if: the other party commits a material breach of these Terms and Conditions and fails to cure such breach within thirty (30) days of receiving written notice specifying the breach; the other party becomes insolvent, makes an assignment for the benefit of creditors, or becomes subject to bankruptcy, receivership, or similar proceedings that are not dismissed within ninety (90) days; the other party ceases to carry on business; or continued performance becomes impossible or impracticable due to Force Majeure for a period exceeding ninety (90) days.

14.3 Termination for Convenience

Customer may terminate these Terms and Conditions for convenience by providing ninety (90) days' prior written notice, subject to payment of all Fees for the remainder of the then-current Subscription Term. For Government Customers, termination for non-appropriation of funds shall be permitted as set forth in Section 9.8.

14.4 Suspension

Knogin may suspend Customer's access to the Platform immediately without prior notice if: Customer's use of the Platform poses a security risk to the Platform or any third party; Customer's use of the Platform may adversely impact the Platform or the systems or content of any other Knogin customer; Customer is in material breach of the Acceptable Use Policy; or such suspension is required to comply with applicable law or an order from a court or governmental authority. Knogin shall notify Customer of the reasons for suspension as soon as reasonably practicable and shall restore access promptly once the circumstances giving rise to the suspension have been resolved.

14.5 Effect of Termination

Upon termination or expiration of these Terms and Conditions: all rights and licences granted to Customer shall immediately terminate; Customer shall immediately cease all use of the Platform; each party shall return or destroy the other party's Confidential Information in accordance with Section 11.5; Knogin shall make Customer Data available for export in accordance with Section 15; and accrued rights, remedies, obligations, and liabilities of the parties shall not be affected.

14.6 Survival

The following provisions shall survive termination or expiration of these Terms and Conditions: Section 1 (Definitions), Section 10 (Intellectual Property Rights), Section 11 (Confidentiality), Section 12 (Limitation of Liability), Section 13 (Indemnification), Section 14.5 (Effect of Termination), Section 14.6 (Survival), Section 15 (Data Return and Deletion), Section 19 (Governing Law and Dispute Resolution), and Section 20 (General Provisions), together with any other provisions that by their nature should survive.

15.1 Data Export Period

Upon termination or expiration of these Terms and Conditions for any reason, Knogin shall make Customer Data available for export for a period of ninety (90) days following the effective date of termination ("Data Export Period").

15.2 Export Formats

During the Data Export Period, Customer may export Customer Data in standard machine-readable formats. Knogin shall provide reasonable assistance to facilitate data export upon Customer's request.

15.3 Deletion of Customer Data

Following the expiration of the Data Export Period, Knogin shall delete all Customer Data from Knogin's systems within thirty (30) days, except: where retention is required by applicable law; where Customer Data is contained in backup systems, in which case deletion shall occur in accordance with Knogin's standard backup rotation schedule (not to exceed ninety (90) days); where required for Knogin to exercise or defend legal claims; or to the extent permitted by this Section 15, security metadata (including IP addresses, usernames, and access logs) may be retained for up to two (2) years for security and audit purposes.

15.4 Certification

Upon Customer's written request, Knogin shall provide written certification that Customer Data has been deleted in accordance with this Section 15.

15.5 Extended Retention

If Customer requires extended retention of Customer Data beyond the Data Export Period, such services may be available for additional Fees as specified in the Order Form or as agreed between the parties.

16.1 Export Compliance

Customer acknowledges that the Platform may be subject to export control laws and regulations, including: the EU Dual-Use Regulation (Regulation (EU) 2021/821); the U.S. Export Administration Regulations (EAR); the U.S. International Traffic in Arms Regulations (ITAR), if applicable; and other applicable national export control regimes.

16.2 Customer Representations

Customer represents and warrants that: Customer is not located in, organised under the laws of, or a resident of any country or territory subject to comprehensive sanctions by the European Union, United Nations, or United States; Customer is not designated on any sanctions list maintained by the European Union, United Nations, or United States, including the EU Consolidated List, UN Security Council Consolidated List, U.S. Office of Foreign Assets Control (OFAC) Specially Designated Nationals List, or U.S. Bureau of Industry and Security Entity List; Customer shall not export, re-export, or transfer the Platform in violation of applicable export control laws; and Customer shall not use the Platform for any purpose prohibited by applicable export control or sanctions laws.

16.3 Government End-Use

Customer shall not use or permit the use of the Platform for any end-use prohibited by applicable export control laws, including use in connection with the design, development, production, or use of nuclear, chemical, or biological weapons, or missile technology, except as authorised by applicable law and government licenses.

17.1 Compliance with Anti-Corruption Laws

Each party shall comply with all applicable anti-corruption and anti-bribery laws, including: the Criminal Justice (Corruption Offences) Act 2018 (Ireland); the UK Bribery Act 2010; the U.S. Foreign Corrupt Practices Act (FCPA); and other applicable anti-corruption laws in jurisdictions where the parties operate.

17.2 Prohibited Conduct

Neither party shall, directly or indirectly: offer, promise, give, or authorise the giving of any payment, gift, or other thing of value to any government official, political party, or any other person for the purpose of improperly influencing any official act or decision, or securing any improper advantage; accept or agree to accept any such payment, gift, or thing of value; or engage in any conduct that would constitute a violation of applicable anti-corruption laws.

17.3 Records and Audit

Each party shall maintain accurate books and records sufficient to demonstrate compliance with this Section 17 and shall make such records available for audit upon reasonable request.

17.4 Breach

Any breach of this Section 17 shall constitute a material breach of these Terms and Conditions entitling the non-breaching party to terminate immediately without liability.

18.1 Force Majeure Events

Neither party shall be liable for any failure or delay in performing its obligations under these Terms and Conditions (other than payment obligations) to the extent such failure or delay results from circumstances beyond the reasonable control of the affected party, including: acts of God, natural disasters, epidemics, or pandemics; war, terrorism, civil unrest, or armed conflict; government actions, embargoes, or sanctions; strikes, labour disputes, or industrial action (other than involving the affected party's own employees); failure of third-party telecommunications or internet services; cyberattacks or widespread internet disruptions beyond the affected party's control; or other events beyond the reasonable control of the affected party.

18.2 Notice and Mitigation

The affected party shall: promptly notify the other party of the Force Majeure event and its expected duration; use reasonable efforts to mitigate the effects of the Force Majeure event; and resume performance as soon as reasonably practicable after the Force Majeure event ceases.

18.3 Prolonged Force Majeure

If a Force Majeure event continues for more than ninety (90) days, either party may terminate these Terms and Conditions upon thirty (30) days' written notice without liability, and Customer shall be entitled to a pro-rata refund of any prepaid Fees for the terminated portion of the Subscription Term.

19.1 Governing Law

These Terms and Conditions and any dispute or claim arising out of or in connection with them or their subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of Ireland, without regard to its conflict of laws principles.

19.2 Informal Resolution

Before initiating formal dispute resolution, the parties shall attempt to resolve any dispute through good faith negotiations. A party wishing to initiate dispute resolution shall provide written notice to the other party describing the dispute in reasonable detail. The parties' respective senior executives shall meet (in person or by video conference) within thirty (30) days of such notice to attempt to resolve the dispute.

19.3 Arbitration

If the parties are unable to resolve a dispute through informal negotiations within sixty (60) days of the initial notice (or such longer period as the parties may agree), either party may submit the dispute to binding arbitration as follows: Arbitration Rules: Arbitration shall be conducted under the Rules of Arbitration of the International Chamber of Commerce (ICC) or, where agreed by the parties, the Arbitration Rules of Arbitration Ireland; Seat: The seat of arbitration shall be Dublin, Ireland; Language: The arbitration shall be conducted in English; Arbitrators: Disputes involving amounts less than EUR 1,000,000 shall be decided by a sole arbitrator, disputes involving amounts of EUR 1,000,000 or more shall be decided by a panel of three (3) arbitrators; Confidentiality: The arbitration proceedings, all submissions, and any award shall be confidential; and Enforcement: The arbitral award shall be final and binding, and judgment upon the award may be entered in any court having jurisdiction.

19.4 Exceptions to Arbitration

Notwithstanding Section 19.3: either party may seek injunctive or other equitable relief in any court of competent jurisdiction to protect its intellectual property rights or Confidential Information; either party may bring an action in any court of competent jurisdiction to enforce an arbitral award; and claims that are required by applicable law to be resolved in a particular forum shall be resolved in that forum.

19.5 Government Customer Provisions

For Government Customers, where arbitration is prohibited by applicable law or regulation: disputes shall be resolved exclusively in the courts of Ireland; and the parties consent to the exclusive jurisdiction of the Irish courts.

20.1 Entire Agreement

These Terms and Conditions, together with the Order Form, any DPA, and any schedules, exhibits, or addenda attached hereto or incorporated by reference, constitute the entire agreement between the parties with respect to the subject matter hereof and supersede all prior or contemporaneous agreements, representations, and understandings, whether written or oral.

20.2 Amendments

These Terms and Conditions may not be amended or modified except by a written instrument signed by authorised representatives of both parties, provided that Knogin may update these Terms and Conditions from time to time by posting updated terms on its website, with such updates becoming effective upon the earlier of: (a) Customer's acceptance of the updated terms; or (b) the next renewal of the Subscription Term.

20.3 Waiver

No failure or delay by either party in exercising any right or remedy under these Terms and Conditions shall constitute a waiver of that right or remedy. Any waiver must be in writing and signed by an authorised representative of the waiving party.

20.4 Severability

If any provision of these Terms and Conditions is held to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect. The parties shall negotiate in good faith to replace the invalid provision with a valid provision that achieves the original intent to the maximum extent permitted by law.

20.5 Assignment

Customer may not assign or transfer these Terms and Conditions or any rights or obligations hereunder without Knogin's prior written consent, except that Customer may assign these Terms and Conditions to a successor in connection with a merger, acquisition, corporate reorganisation, or sale of all or substantially all of Customer's assets, provided the assignee agrees to be bound by these Terms and Conditions. Knogin may assign these Terms and Conditions without restriction. Any attempted assignment in violation of this Section shall be void.

20.6 Subcontracting

Knogin may subcontract the performance of its obligations under these Terms and Conditions to third parties, provided that Knogin shall remain responsible for the performance of such obligations and the acts and omissions of its subcontractors.

20.7 Independent Contractors

The parties are independent contractors. Nothing in these Terms and Conditions shall be construed to create a partnership, joint venture, agency, or employment relationship between the parties.

20.8 Third-Party Beneficiaries

These Terms and Conditions do not create any third-party beneficiary rights, except that Knogin's Affiliates and licensors are intended third-party beneficiaries of Sections 10 (Intellectual Property Rights) and 12 (Limitation of Liability).

20.9 Notices

All notices required or permitted under these Terms and Conditions shall be in writing and shall be deemed given when: delivered personally; sent by email (with confirmation of receipt); sent by overnight courier (signature required); or sent by registered or certified mail, return receipt requested. Notices to Knogin shall be sent to: Knogin Cybersecurity Limited, Dublin, Ireland, Attention: Legal Department, Email: legal@knogin.com. Notices to Customer shall be sent to the address or email specified in the Order Form or as otherwise designated in writing by Customer.

20.10 Language

These Terms and Conditions are executed in English. If these Terms and Conditions are translated into any other language, the English version shall control in the event of any conflict or inconsistency.

20.11 Counterparts

These Terms and Conditions may be executed in counterparts, each of which shall be deemed an original, and all of which together shall constitute one agreement. Electronic signatures shall be deemed original signatures for all purposes.

20.12 Order of Precedence

In the event of any conflict between these Terms and Conditions and any Order Form, DPA, or other document incorporated by reference, the following order of precedence shall apply (from highest to lowest priority): the DPA (with respect to data protection matters); the Order Form (with respect to commercial terms); any Government Addendum (for Government Customers); these Terms and Conditions; and the Documentation.

20.13 Publicity

Neither party shall issue any press release or public announcement regarding the existence or terms of these Terms and Conditions without the other party's prior written consent, except as required by applicable law or stock exchange rules. Knogin may include Customer's name and logo in its customer lists for marketing purposes, unless Customer notifies Knogin in writing of its objection.