Terms of Use

GEOCODIO

SaaS Terms of Service

These Terms of Service constitute an agreement (“Agreement”) by and between Dotsquare LLC, dba Geocodio, with a place of business at 440 Monticello Ave Ste 1802 #43146 Norfolk, Virginia 23510 (“Company”), and the customer that accepts this Agreement (“Customer”). Customer’s use of and Company’s provision of Company’s System (as defined below in Section 1.10) are governed by this Agreement. Company and Customer are at times referred to herein individually as a “party” and together as the “parties.”

Acceptance and Effective Date. This Agreement takes effect when Customer first accepts it, which occurs upon the earliest of Customer (a) creating an account for, or registering to use, the System; (b) clicking “I agree,” “sign up,” or a similar affirmation where this Agreement (or a link to it) is presented; or (c) accessing or using the System (the date of such acceptance, the “Effective Date”). This Agreement remains in effect for as long as Customer maintains an account or uses the System, unless and until terminated as provided herein (the “Term”).

Customer’s Selections. The Services, Plan, Platform, number of authorized Users (Seats), and related options applicable to Customer are those that Customer selects or configures through the System, whether at signup or from time to time through the dashboard, together with Company’s then-current Published Pricing applicable to those selections (collectively, Customer’s “Plan Selection”). The features, usage allowances, credit entitlements, and other terms applicable to a Plan are further described in the Plan Terms Schedule and Company’s Published Pricing.

Organization Accounts and Negotiated Terms. If Customer’s account is, or at any time becomes, part of an organization account, or is otherwise governed by separately negotiated terms agreed in writing between Company and Customer or the applicable organization (including any negotiated agreement, master services agreement, enterprise addendum, or ordering document) (“Negotiated Terms”), then, for so long as such Negotiated Terms remain in effect, those Negotiated Terms will govern and control over this Agreement to the extent of any conflict or inconsistency.

CUSTOMER ACKNOWLEDGES THAT IT HAS READ THIS AGREEMENT, UNDERSTANDS IT, AND AGREES TO BE BOUND BY ITS TERMS BY ACCEPTING IT AS DESCRIBED ABOVE, AND THAT THE PERSON ACCEPTING ON ITS BEHALF HAS BEEN AUTHORIZED TO DO SO. THE PERSON ACCEPTING THIS AGREEMENT ON CUSTOMER’S BEHALF REPRESENTS THAT THEY HAVE THE AUTHORITY TO BIND CUSTOMER TO THESE TERMS AND CONDITIONS.

Definitions

The following capitalized terms shall have the following meanings whenever used in this Agreement.

1.1. “Credit” means prepaid units issued by Company that may be applied toward Customer’s use of certain Services or features that require the consumption of Credits. Credits are the unit by which the price of Lookups and other chargeable usage of the Services is measured and consumed; the number of Credits required for a given Lookup (its “Credit cost”) varies by the type of Lookup and other factors, and the current Credit cost of each type of Lookup is set forth in Company’s Published Pricing and may be changed by Company at any time in accordance with Section 5.4. Credits may be purchased by Customer or included with a subscription plan. The type, quantity, price, expiration, and use of Credits are governed by Customer’s Plan Selection, any applicable Negotiated Terms, and the Plan Terms Schedule.

(a) “Subscription Credits” are Credits included with a Subscription Plan.

(b) “Purchased Credits” are Credits purchased by Customer separately from a Subscription Plan.

1.2. “Customer Data” means data in electronic form input or collected through the System by or from Customer, including without limitation by Customer’s Users.

1.3. “Data Retention Policy” refers to the Company’s data retention policy, available at https://www.geocod.io/data-retention-policy/.

1.4. “Data Sources” refers to the underlying data sources that Geocodio uses as part of its geocoding engine. An up-to-date list of the Data Sources can be found at https://www.geocod.io/data-sources/.

1.5. “Data Updates” means new versions, updates, or upgrades of the System, the software used to provide the System, and/or data appends.

1.6. “Documentation” means Company’s standard user manual related to use of the System, as updated from time to time, as well as other technical specifications materials available on Company’s website at https://www.geocod.io/docs/.

1.7. “Plan” means the subscription plan, pricing structure, or service tier selected by Customer for the Services through the System, as reflected in Customer’s Plan Selection. The features, usage allowances, credit entitlements, and other terms applicable to a Plan are described in the Plan Terms Schedule, Company’s Published Pricing, and any applicable Negotiated Terms.

1.8. “Plan Terms Schedule” refers to that certain description of Company’s plan offerings and applicable terms, which is attached as a schedule to this Agreement, and as may be amended from time-to-time.

1.9. “Privacy Policy” means Company’s privacy policy, as updated from time to time, and currently posted on Company’s website at https://www.geocod.io/gdpr/.

1.10. “System” means Company’s Geocodio platform, which, as of the Effective Date, is designed to perform the Services more fully described in Section 2. Customer shall receive access only to those Services and functions of the System that are specified in Customer’s Plan Selection or any applicable Negotiated Terms.

1.11. “User” means any individual who uses the System on Customer’s behalf or through Customer’s account or passwords, whether authorized or not.

1.12. “Published Pricing” means Company’s then-current pricing, rates, and packaging for the Services as published on Company’s website at https://www.geocod.io/ (or a successor URL), as updated from time to time.

1.13. “Enterprise Customer” means a Customer subscribed to Company’s Enterprise Platform, as reflected in Customer’s Plan Selection or any applicable Negotiated Terms. “Self-Serve Customer” means a Customer subscribed to Company’s Self-Serve Platform (i.e., any Customer that is not an Enterprise Customer). For clarity, the Self-Serve and Enterprise designations refer to the Company platform on which Customer’s account is provisioned and are independent of whether Customer is a Negotiated Customer or a large enterprise.

1.14. “Negotiated Customer” means a Customer whose account is, or at any time becomes, governed by Negotiated Terms, whether such Customer is a Self-Serve Customer or an Enterprise Customer.

1.15. “Lookup” means an individual query or unit of processing performed by the System. Each of the following constitutes a separate Lookup: (a) each geocoding or reverse-geocoding query (for example, a query based on an address, address components, postal code, city/state, or a set of coordinates); (b) each additional data field or data append returned with or in connection with a query; and (c) each component of a Distance calculation (for example, each origin-to-destination pairing within a matrix). Different types of Lookups may consume different numbers of Credits, as described in Section 1.1 and Company’s Published Pricing.

Nature of the System

2.1. System Function. Customer understands that, as of the Effective Date, the System has been designed to perform, among others, the following functions and/or services (“Services”):

(a) Geocoding Services (“Geocoding Services”)

(i) In response to each input query from Customer based on a specific address, address + ZIP, address + city/state, postal code, or city/state, System will provide outputs of: (i) latitude, (ii) longitude, (iii) accuracy type and (iv) accuracy score;

(ii) In response to each input query from Customer based on a geocode (i.e., a set of latitude and longitude coordinates representing a specific geographic location), System may provide outputs of the following (where relevant): (i) address, (ii) city, (iii) county, (iv) state or province, (v) postal code (see Section 2.1(a)(ii)(1) regarding Canadian postal codes), and (vi) country;

(1) Customer understands that, due to upstream licensing restrictions, full postal codes are not supported for Canada. If the user supplies an input without a postal code, only the first three characters (“FSA”) will be returned. If the user supplies a full postal code with their query, Geocodio will check that the FSA matches Geocodio’s internal data, and the user-submitted postal code will be returned with the results for convenience. Customer understands that such postal codes have not been verified.

(iii) Customer may input data via API (JSON) or spreadsheet upload (.CSV, .TSV, .XLS);

(iv) Customer may append any additional data during the query process as provided by the Company during the Term of this contract; and

(v) Unless the Customer has a UK Data Services Attachment, the System currently supports geolocations in the United States, Canada, and Mexico only. Company may freely change geographic coverage, from time to time, without penalty.

(b) Geocoding Services – United Kingdom Data Supplement (“UK Data Services Attachment”).

(i) Enables the use of Geocoding Services with United Kingdom data and/or coordinates.

(c) Distance Services (“Distance Services”)

(i) Provides a Distance API for calculating straight-line (Haversine) and driving distances in miles or kilometers, including travel time, for U.S. and Canadian locations;

(ii) Supports large-scale matrices (up to 50,000 calculations per request), permits permanent storage of results, and supports radius filtering;

(iii) Supports raw address strings, coordinates, and zip codes; and

(iv) Company may freely change geographic coverage, from time to time, without penalty.

Customer shall receive access only to those Services specified in Customer’s Plan Selection or any applicable Negotiated Terms, and on the terms further described in the Plan Terms Schedule. Customer understands that the list of Services in this Section 2.1 may be inexact and is provided for illustrative purposes only. The full scope of the Services is defined and described in the Documentation and may change from time to time as a result of Data Updates or System revisions.

2.2. Service Interruption. Customer understands that, from time to time, access to the System may be temporarily unavailable for scheduled maintenance or for unscheduled emergency maintenance either by Company or by third-party providers, or because of other causes beyond Company’s reasonable control (“Service Interruption”). Company shall use reasonable efforts to provide advance notice in writing or by e-mail of any scheduled Service Interruption.

2.3. Data Updates. Company may update the underlying data and software of the System (i.e., “Data Updates”) from time to time. In the event an update is known in advance to require service downtime, Company will use reasonable efforts to provide Customer with advance notice. Each Data Update will constitute an element of the System and will thereafter be subject to this Agreement’s terms regarding the System, including without limitation license, intellectual property, non-disclosure, warranty, and indemnity terms.

2.4. Method of Delivery. The System is considered prewritten computer software and is only available electronically. The Customer must have Internet access in order to access the Services. The System will not be delivered in a tangible medium.

Customer Support

3.1. General Customer Support. Company shall provide General Customer Support concerning the System for no additional charge as follows:

(a) “General Customer Support” means support relating to the use or output of the System itself. It includes responding to questions about data format or accuracy, such as, by way of example only, why a particular address returned a particular result.

(b) General Customer Support is available Monday–Friday except United States Federal Holidays via email. Customer may initiate a support request by emailing [email protected].

(c) General Customer Support shall not include Customer-specific support related to Customer’s integration of its own hardware, software, or other assets (“Customer Assets”) with the System. Customer shall be solely responsible for (1) writing any code that connects, maintains, or otherwise involves the communication of Customer Assets to the System, and (2) integrating the System with Customer Assets and otherwise maintaining such integration. Customer understands and acknowledges that the System’s performance of the Services may be affected by Customer Assets, as well as Customer’s integration of the System with Customer Assets.

3.2. Written Support Materials. Standard support materials and Documentation concerning the System are also available on Company’s website. Technical documentation can be found at https://www.geocod.io/docs/ and non-technical documentation can be found at https://www.geocod.io/guides/.

Termination

4.1. Termination for Cause. Either party may terminate this Agreement based on the other’s material breach by providing written notice specifying in detail the nature of the breach, and such termination shall be effective (a) after thirty (30) days unless the other party cures such breach, or (b) immediately in the event of non-payment or misuse of the System by Customer in violation of Section 7, below.

4.2. Termination for Convenience. Company may terminate this Agreement, in whole or in part, for convenience at any time and for any reason, by providing written notice of such termination to Customer. In the event of such termination, no refunds shall be provided, and any unused Subscription Credits or Purchased Credits shall be forfeited. No further liability, obligation, or penalty shall accrue to Company as a result of termination under this provision, except as expressly stated herein.

4.3. Effects of Termination. Upon termination of this Agreement for any reason, Customer shall (a) immediately cease all use of the System; (b) delete, destroy, or return all copies of Documentation, and (c) remove or delete all instances of code from the Customer Assets that enable and effectuate communication with the System, including all API keys.

4.4. Survival. The following provisions will survive termination or expiration of this Agreement: (a) any obligation of Customer to pay fees incurred before termination; (b) Sections 6 (Customer Data & Privacy), 7 (Customer’s Responsibilities & Restrictions), 8 (IP & Feedback), 9 (Disclaimers), 10 (Indemnification), 11 (Limitation of Liability), and 12 (Miscellaneous); and (c) any other provision of this Agreement that must survive to fulfill its essential purpose.

Payment and Billing

5.1. Overage Fees.

(a) Where a Customer’s use of the Services exceeds the Credits or other consumption amounts included in Customer’s applicable plan or otherwise available to Customer (an “Overage”), Company will handle such Overage in accordance with the overage handling method reflected in Customer’s Plan Selection or, absent such a selection, in accordance with Company’s then-current Published Pricing and the Plan Terms Schedule.

(b) If the applicable Plan provides for automatic credit replenishment (or similar functionality), and Customer has elected to use such functionality, then when Customer’s available Credits are exhausted or fall below any threshold reflected in Customer’s Plan Selection or as configured by Customer through the System, Company may automatically charge Customer’s designated payment method for additional Credits in the quantities so reflected or configured. Such additional Credits will be added to Customer’s account and applied to Customer’s continued use of the Services. Customer authorizes Company to charge Customer’s payment method for such additional Credits until Customer disables the automatic replenishment feature or terminates the applicable Plan in accordance with the Agreement.

(c) If automatic replenishment does not apply (as reflected in Customer’s Plan Selection or by Customer’s configuration through the System), Customer’s ability to use any Services that require the consumption of Credits shall be suspended once Customer’s available Subscription and/or Purchased Credits have been fully consumed. Access to such Services may resume once Customer purchases additional Credits or otherwise increases its plan capacity. Company shall have no liability for any interruption of Services resulting from the exhaustion of Customer’s Credits.

5.2. Refunds.

(a) General Non-Refundability. Except as expressly provided in this Agreement, including in Section 4.2 (Termination for Convenience), or required by applicable law, all fees paid by Customer are non-refundable, including subscription fees, usage-based fees, and any prepaid amounts. Except as otherwise provided in this Agreement, Customer will not be entitled to any refund, credit, or reimbursement for: (i) partial use of the Services; (ii) unused capacity or usage allowances; or (iii) early termination. Refunds relating to Credits are governed by Section 2 (Credits) of the Plan Terms Schedule.

(b) Plan Changes and Downgrades. Unless otherwise provided in any applicable Negotiated Terms: (a) upgrades take effect upon being made, with any incremental fee and credit grant prorated to the existing renewal date (or, for cross-family or cadence changes, with the unused portion of the prior Plan credited against the first invoice for the new Plan); and (b) downgrades and cancellations take effect at the end of the then-current Subscription Term, with no refund and no proration. Any change in pricing or usage allowance resulting from a downgrade applies beginning at the next renewal.

5.3. Taxes. Amounts due under this Agreement are payable to Company without deduction and are net of any tax, tariff, duty, or assessment imposed by any government authority (national, state, provincial, or local), including without limitation any sales, use, excise, ad valorem, property, withholding, or value added tax withheld at the source.

5.4. Price Adjustment. Company reserves the right to adjust any pricing associated with the Services or Customer’s Plan with sixty (60) days’ notice. Company shall provide notice in advance via email.

Customer Data & Privacy

6.1. Use of Customer Data. Customer shall own all right, title and interest in and to the Customer Data. Company shall own and retain all right, title and interest in and to (a) the System, all improvements, enhancements or modifications thereto; (b) any software, applications, inventions or other technology developed in connection with support; and (c) all intellectual property rights related to any of the foregoing. Notwithstanding anything to the contrary, Company shall have the right to view, access, collect, and analyze data and other information relating to the provision, use and performance of various aspects of the System and related systems and technologies (including, without limitation, information concerning Customer Data and data derived therefrom), and Company may (during and after the Term hereof) (i) use such information and data to provide the System and related technical support and improve and enhance the System and for other development, diagnostic and corrective purposes in connection with the System and other Company offerings, and (ii) disclose such data solely in aggregate or other de-identified form in connection with its business. No rights or licenses are granted except as expressly set forth herein. Notwithstanding the foregoing, Company may disclose Customer Data as required by applicable law or by proper legal or governmental authority. Where permitted, Company shall give Customer prompt notice of any such legal or governmental demand and reasonably cooperate with Customer in any effort to seek a protective order or otherwise to contest such required disclosure, at Customer’s expense.

6.2. Privacy Policy. The Privacy Policy applies only to the System and does not apply to any third-party website or service linked to the System or recommended or referred to through the System or by Company’s staff.

6.3. Risk of Exposure. Customer recognizes and agrees that hosting data online involves risks of unauthorized disclosure or exposure and that, in accessing and using the System, Customer assumes such risks. Company offers no representation, warranty, or guarantee that Customer Data will not be exposed or disclosed through errors or the actions of third parties. Customer hereby acknowledges and assumes this risk and further understands that Company strongly cautions that Customer furnish Company only with such information (whether via API or spreadsheet form) necessary to enable the System to perform data processing in the manner described in Section 2.1. Without limiting any other rights, obligations, or releases contained herein, Customer agrees that Company shall under no circumstances be liable for the disclosure of information furnished by Customer to Company that is not strictly necessary for the data processing described in Section 2.1, and Customer expressly releases Company from all such claims and liabilities.

6.4. Data Accuracy. Company will have no responsibility or liability for the accuracy of data uploaded to the System by Customer, including without limitation Customer Data and any other data uploaded by Users.

6.5. Data Retention and Deletion. Company may periodically aggregate and convert Customer Data to de-identified form, and thereafter may permanently erase Customer Data from its servers. Further, Company may permanently erase Customer Data if Customer’s account is delinquent, suspended, or terminated for 30 days or more. Company’s data retention policy, as updated from time to time, can be found at https://www.geocod.io/data-retention-policy/.

6.6. Excluded Data. Unless Customer has a separate written agreement with the Company stating otherwise, Customer represents and warrants that Customer Data does not and will not include, and Customer has not and shall not upload or transmit to Company’s computers or other media, any data (“Excluded Data”) regulated pursuant to any applicable data privacy laws of any state or nation, including but not limited to the GDPR (EU), UK GDPR, PIPEDA (Canada), HIPAA (US), HITECH (US), Canadian provincial health privacy laws, COPPA (US), and FACTA (US) (the “Excluded Data Laws”). CUSTOMER RECOGNIZES AND AGREES THAT: (a) COMPANY HAS NO LIABILITY FOR ANY FAILURE TO PROVIDE PROTECTIONS SET FORTH IN THE EXCLUDED DATA LAWS OR OTHERWISE TO PROTECT EXCLUDED DATA; AND (b) COMPANY’S SYSTEMS ARE NOT INTENDED FOR MANAGEMENT OR PROTECTION OF EXCLUDED DATA AND MAY NOT PROVIDE ADEQUATE OR LEGALLY REQUIRED SECURITY FOR EXCLUDED DATA.

6.7. Use of Customer Name and References. Company shall have the right to use Customer’s name and logo on Company’s website and other marketing. Customer may revoke this consent in writing via email. Company may ask that Customer serve as a reference account in connection with Company’s regular business development activities, which Customer may decline.

6.8. Business Associate Agreement (HIPAA Compliance). If Customer intends to process data subject to The Health Insurance Portability and Accountability Act of 1996 (HIPAA) using the System, then Customer shall inform Company prior to processing such data in order to obtain a signed Business Associate Agreement (“BAA”) between the parties. The BAA shall be understood to be part of this Agreement, and the Customer Data and Privacy practices therein shall govern this Agreement. Customer agrees that it shall not process data subject to HIPAA without first obtaining a signed BAA with Company. Without limiting the foregoing, Customer shall comply with all HIPAA obligations in connection with its use of the System.

Customer's Responsibilities & Restrictions

7.1. Acceptable Use.

(a) Customer, including without limitation any authorized or unauthorized Users making use of Customer’s account, shall not:

(i) use the System for service bureau or time-sharing purposes or in any other way allow third parties to exploit the System;

(ii) provide System passwords or other log-in information to any third party;

(iii) share non-public System features or content with any third party;

(iv) access the System in order to build a competitive product or service, to build a product using similar ideas, features, functions or graphics of the System, or to copy any ideas, features, functions or graphics of the System;

(v) engage in web scraping or data scraping on or related to the System, including without limitation collection of information through any software that simulates human activity or any bot or web crawler;

(vi) use the System to harass, defame, or defraud Company or any third party or to violate any law or regulation; or

(vii) use the System to process Excluded Data in violation of Section 6.6.

(b) Although Company has no obligation to monitor Customer’s use of the System, in the event that Company suspects any breach of the requirements of this Section 7.1, including without limitation by Users, Company may immediately suspend Customer’s access to the System without advanced notice, in addition to such other remedies as Company may have.

(c) Nothing herein shall require that Company take any action against Customer or any User or other third party for violating this Section 7.1, or this Agreement, but Company is free to take any such action it sees fit.

7.2. Unauthorized Access. Customer shall take reasonable steps to prevent unauthorized access to the System, including without limitation by protecting its passwords and other log-in information. Customer shall notify Company immediately of any known or suspected unauthorized use of the System or breach of its security and shall use best efforts to stop said breach.

7.3. Compliance with Laws. In its use of the System, Customer shall comply with all applicable laws, including without limitation laws governing the protection of personally identifiable information and other laws applicable to the protection of Customer Data.

7.4. Users & System Access. Customer is responsible and liable for: (a) Users’ use of the System, including without limitation unauthorized User conduct and any User conduct that would violate the requirements of this Agreement applicable to Customer; and (b) any use of the System through Customer’s account, whether authorized or unauthorized.

IP & Feedback

8.1. IP Rights in the System. Company retains all right, title, and interest in and to the System, including without limitation all software used to provide the System and all graphics, user interfaces, logos, and trademarks reproduced through the System. This Agreement does not grant Customer any intellectual property license or rights in or to the System or any of its components. Customer recognizes that the System and its components are protected by copyright, trade secrets, and other laws.

8.2. Feedback. Company has not agreed and does not agree to treat as confidential any Feedback (as defined below) Customer or Users provide to Company, and nothing in this Agreement or in the parties’ dealings arising out of or related to this Agreement will restrict Company’s right to use, profit from, disclose, publish, keep secret, or otherwise exploit Feedback, without compensating or crediting Customer or the User in question. As used herein, “Feedback” refers to any suggestion or idea for modifying any of Company’s products or services, including without limitation all intellectual property rights in any such suggestion or idea.

8.3. USPS Data. Company holds a nonexclusive license from the United States Postal Service. The price stated for the Services is neither established, controlled or approved by the United States Postal Service. Company’s advertising is neither approved nor endorsed by the United States Postal Service.

8.4. Data Use. Customer may store, transmit, transform, sell, and otherwise use the results provided by the Company as Customer sees fit during and beyond the Term of this Agreement, provided that such uses are permitted by the underlying Data Sources and applicable law. While Company uses its best efforts to ensure that underlying Data Sources enable such use, Customer understands and agrees that Customer is ultimately responsible for understanding the licenses of underlying Data Sources and providing attribution where required by the underlying Data Sources. Company does not warrant the System or its outputs for any purpose whatsoever.

8.5. If the Customer has a UK Data Services Attachment, such Attachment shall govern the use and storage of UK results.

Disclaimers

CUSTOMER ACCEPTS THE SYSTEM “AS IS” AND AS AVAILABLE, WITH NO REPRESENTATION OR WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY IMPLIED WARRANTY ARISING FROM STATUTE, COURSE OF DEALING, COURSE OF PERFORMANCE, OR USAGE OF TRADE. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING: (a) COMPANY HAS NO OBLIGATION TO INDEMNIFY OR DEFEND CUSTOMER OR USERS AGAINST CLAIMS RELATED TO INFRINGEMENT OF INTELLECTUAL PROPERTY; (b) COMPANY DOES NOT REPRESENT OR WARRANT THAT THE SYSTEM WILL PERFORM WITHOUT INTERRUPTION OR ERROR; AND (c) COMPANY DOES NOT REPRESENT OR WARRANT THAT THE SYSTEM IS SECURE FROM HACKING OR OTHER UNAUTHORIZED INTRUSION OR THAT CUSTOMER DATA WILL REMAIN PRIVATE OR SECURE.

Indemnification

Customer shall defend, indemnify, and hold harmless Company and its affiliates, and their respective officers, directors, and employees, from and against any third-party claims, damages, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising out of or relating to: (a) Customer Data or Customer’s use of the Services in violation of the Agreement; or (b) Customer’s violation of applicable law. Customer’s obligations set forth in this section include retention and payment of attorneys and payment of court costs, as well as settlement at Customer’s expense and payment of judgments. Company will have the right, not to be exercised unreasonably, to reject any settlement or compromise that requires that it admit wrongdoing or liability or subjects it to any ongoing affirmative obligations.

Limitation of Liability

COMPANY’S CUMULATIVE LIABILITY FOR ALL CLAIMS ARISING OUT OF OR RELATED TO THIS AGREEMENT SHALL NOT EXCEED THE AGGREGATE AMOUNT OF FEES FOR SERVICES DELIVERED BY COMPANY ACTUALLY PAID BY CUSTOMER PURSUANT TO THIS AGREEMENT DURING THE TWELVE (12) MONTHS PRIOR TO THE ASSERTION OR INSTITUTION OF SUCH CLAIM. IN NO EVENT WILL COMPANY BE LIABLE FOR LOST PROFITS OR LOSS OF BUSINESS OR FOR ANY CONSEQUENTIAL, INDIRECT, SPECIAL, INCIDENTAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT. THE LIABILITIES LIMITED BY THIS SECTION 11 APPLY: (a) TO LIABILITY FOR NEGLIGENCE; (b) REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT, STRICT PRODUCT LIABILITY, OR OTHERWISE; (c) EVEN IF COMPANY IS ADVISED IN ADVANCE OF THE POSSIBILITY OF THE DAMAGES IN QUESTION AND EVEN IF SUCH DAMAGES WERE FORESEEABLE; AND (d) EVEN IF CUSTOMER’S REMEDIES FAIL OF THEIR ESSENTIAL PURPOSE.

Miscellaneous

12.1. Amendments. Company may amend this Agreement or any of its terms from time to time by providing Customer thirty (30) days advance notice in writing (which may be provided by email or by posting within the System). Customer’s continued use of the System after such amendment(s) becomes effective constitutes and shall be deemed Customer’s affirmative consent to the modified terms.

12.2. Order of Precedence. In the event of any conflict or inconsistency among the documents and terms comprising this Agreement, the following order of precedence will apply unless expressly stated otherwise: (a) any applicable Negotiated Terms; (b) Customer’s Plan Selection and Company’s then-current Published Pricing, solely with respect to the Services, Plans, pricing, quantities, and other commercial terms reflected therein; (c) any addenda, schedules, or exhibits to this Agreement (including the Plan Terms Schedule, SLA Addendum, Enterprise Addendum, Business Associate Agreement, Data Processing Agreement, and any UK Data Services Attachment), each solely with respect to its subject matter; and (d) the body of this Agreement.

12.3. Notices. Notices to Customer shall be sent to the email or other contact address associated with Customer’s account (or as set out in any applicable Negotiated Terms), and may also be provided by posting within the System. Notices to Company may be sent to: [email protected].

12.4. Force Majeure. Company shall not be liable for any delay or failure to perform its obligations under this Agreement due to events beyond its reasonable control, including but not limited to acts of God, natural disasters, pandemics, government actions, strikes, labor disputes, war, terrorism, or power or internet outages (“Force Majeure Events”). Company’s obligations will be suspended for the duration of the Force Majeure Event, and Company shall make reasonable efforts to resume performance as soon as practicable. If the Force Majeure Event continues for more than 90 days, either party may terminate this Agreement upon written notice to the other.

12.5. Assignment & Successors. Customer may not assign, transfer, or delegate any of its rights or obligations under this Agreement without the prior written consent of Company. Any attempted assignment in violation of this provision shall be null and void. Company may assign or transfer this Agreement, in whole or in part, without Customer’s consent, to any affiliate, successor, or purchaser of substantially all of Company’s assets or business. This Agreement shall be binding upon and inure to the benefit of the parties and their permitted successors and assigns.

12.6. Severability. In the event that a provision of this Agreement is held to be invalid or otherwise unenforceable, such provision will be interpreted to fulfill its intended purpose to the maximum extent permitted by applicable law, and the remaining provisions of this Agreement will continue in full force and effect.

12.7. No Waiver. Neither party will be deemed to have waived any of its rights under this Agreement by lapse of time or by any statement or representation other than by an authorized representative in an explicit written waiver. No waiver of a breach of this Agreement will constitute a waiver of any other breach of this Agreement.

12.8. Choice of Law & Jurisdiction. This Agreement and any claims arising will be governed solely by the internal laws of the Commonwealth of Virginia, including without limitation applicable federal law, without reference to any conflicts of laws principles. The parties consent to the exclusive jurisdiction of the federal and state courts located in, or with jurisdiction pertaining to, the Commonwealth of Virginia for the resolution of all disputes arising from this Agreement. In the event of non-payment or the Customer’s violation of the acceptable use terms set forth in Section 7, the Company shall be entitled to recover all reasonable attorneys’ fees, costs, and expenses incurred in enforcing its rights under this Agreement.

12.9. Technology Export. Customer shall not: (a) permit any third party to access or use the System in violation of any U.S. law or regulation; or (b) export any software provided by Company or otherwise remove it from the United States except in compliance with all applicable U.S. laws and regulations. Without limiting the generality of the foregoing, Customer shall not permit any third party to access or use the System in, or export such software to, a country subject to a United States embargo.

12.10. Notice to U.S. Government End Users. The System and Website, including all documentation, are “Commercial Items,” as that term is defined at 48 C.F.R. §2.101, and consist of “Commercial Computer Software” and “Commercial Computer Software Documentation.” The Commercial Computer Software and Commercial Computer Software Documentation are licensed to U.S. Government end users: (a) only as Commercial Items, (b) with the same rights as all other end users, and (c) according to the Terms. Published and Unpublished rights are reserved under the copyright laws of the United States. Manufacturer is Dotsquare LLC, Norfolk, Virginia.

12.11. Capacity. Customer and/or Customer’s agent accepting this Agreement represents that they are at least 18 years of age and have the legal capacity to enter into binding contracts.

12.12. Entire Agreement. This Agreement, together with Customer’s Plan Selection, Company’s Published Pricing, any applicable Negotiated Terms, and the schedules, addenda, and attachments referenced herein, sets forth the entire agreement of the parties and supersedes all prior or contemporaneous writings, negotiations, and discussions with respect to its subject matter. Neither party has relied upon any such prior or contemporaneous communications.

Plan Terms Schedule

This Plan Terms Schedule (“Plan Terms Schedule”) describes the pricing structures, plans, and related terms applicable to the Services. The specific Services, Plans, pricing, and usage allowances applicable to Customer will be reflected in Customer’s Plan Selection, Company’s Published Pricing, and any applicable Negotiated Terms.

1. Plan Types.

a. Unlimited Geocoding.

The Unlimited Geocoding Plan is offered in two platform variants — Self‑Serve and Enterprise — and in two country‑coverage variants — Unlimited Geocoding (North America) and Unlimited Geocoding (North America + UK). All variants share the features described in this Section 1.a. The platform variants differ as described elsewhere in this Schedule, including the cancellation provisions in subsection (ix) and the Seat provisions in Section 1.h; the country‑coverage variants differ only as set out in subsection (viii) below.

i. Under the "Unlimited Geocoding Plan," Customer may, during the applicable Subscription Term, access and use Geocoding Services for a fixed subscription fee, as reflected in Customer's Plan Selection or Published Pricing.

ii. Company shall provide Customer with a limited, non‑exclusive, non‑transferrable, and non‑sublicensable license for and technological access to one (1) dedicated instance of the System, hosted by the Company. This license shall be limited to the number of authorized Users (Seats) reflected in Customer's Plan Selection.

iii. The term "Unlimited" shall be understood to mean "not rate limited," however Customer understands that the Services and Customer's use of the System are limited, in part, by the capability of the resources dedicated to Customer's use. Customer understands that System throughput may depend on multiple factors, and Company recommends an optimal processing level of 4.8M lookups per day, or 200,000 per hour, when optimized according to the Documentation. Customer understands this processing level is dependent on the complexity of the submitted lookups. Customer understands that processing speeds may be sub‑optimal beyond this level.

iv. If Customer desires greater System capacity, Company may provide additional dedicated instances of the System ("Additional Instances") for an additional fee.

v. Distance Services are not included in the Unlimited Geocoding Plan. Credits ("Purchased Credits," or "Subscription Credits" if Customer previously had a Flex Plan) must be used in order to use Distance Services. For Unlimited Plan customers, any geocoding of inputs performed as part of a Distance request is covered by Customer's dedicated instance and does not consume Credits; only the distance components of the request consume Credits.

vi. Unless otherwise provided in any applicable Negotiated Terms, the Unlimited Geocoding Plan does not include any Credits, and Credits are required for the use of Distance Services.

vii. The Unlimited Geocoding Plan applies only to the specific Services or features identified in Customer's Plan Selection and this Schedule. Certain Services, features, functionality, integrations, or resources may remain subject to usage‑based charges, the consumption of Credits, or other fees as specified in Customer's Plan Selection, Company's Published Pricing, any applicable Negotiated Terms, or this Schedule.

viii. Country‑coverage variants. (1) Unlimited Geocoding (North America). This variant includes processing of data related to the United States, Canada, and Mexico only. Internal Users are included at no additional per‑Seat fee, as further described in Section 1.h. (2) Unlimited Geocoding (North America + UK). This variant includes all features of Unlimited Geocoding (North America), plus UK Geocoding Services, within the same dedicated‑instance capacity. UK Geocoding Services require that Customer has signed the UK Data Services Attachment. Per‑User (Seat) fees apply to this variant as set forth in Section 1.h and Customer's Plan Selection (or any applicable Negotiated Terms). Until Customer signs the UK Data Services Attachment, switches to this variant, and pays the associated fees, processing of United Kingdom data is not available.

ix. Upon cancellation or termination of an Unlimited Plan (either variant): (1) Self‑Serve Customers will be automatically transitioned to the Pay‑As‑You‑Go Plan, effective at the end of the then‑current Subscription Term. Upon such transition: (a) any unused Subscription Credits are forfeited; (b) any Purchased Credits survive and may continue to be used on the Pay‑As‑You‑Go Plan, except for UK Geocoding Services; and (c) because the Pay‑As‑You‑Go Plan supports a single User, all additional Users are converted to basic "Member" access. Existing Members may be removed, but Customer may not add additional Users unless and until Customer upgrades to a Plan that supports multiple Users. (2) Enterprise Customers' accounts will enter Demo Plan status, effective at the end of the then‑current Subscription Term, in accordance with Section 1.e (Enterprise Demo Plan).

b. Flex.

i. Under a “Flex Plan,” Company shall provide Customer, during the applicable Subscription Term, with a limited, non-exclusive, non-transferrable, and non-sublicensable license to access and use the System. This license shall be limited to the number of authorized Users (Seats) reflected in Customer’s Plan Selection.

ii. Customer shall receive a specified number of Subscription Credits, as reflected in Customer’s Plan Selection or Published Pricing.

iii. Flex Plan Subscription Credits may be used for any Geocoding Services, UK Geocoding Services, and Distance Services; provided that UK usage requires that Customer has signed a UK Data Services Attachment.

iv. Unused Flex Plan Subscription Credits may be rolled over to a subsequent Subscription Term, provided that Customer’s Flex or Unlimited Plan remains active.

v. Upon cancellation or termination of a Flex Plan:

(1) Self-Serve Customers will be automatically transitioned to the Pay-As-You-Go Plan, effective at the end of the then-current Subscription Term. Upon such transition: (a) any unused Subscription Credits are forfeited; (b) any Purchased Credits survive and may continue to be used on the Pay-As-You-Go Plan, except for UK Geocoding Services; and (c) because the Pay-As-You-Go Plan supports a single User, all additional Users are converted to basic “Member” access. Existing Members may be removed, but Customer may not add additional Users unless and until Customer upgrades to a Plan that supports multiple Users.

(2) Enterprise Customers’ accounts will enter Demo Plan status, effective at the end of the then-current Subscription Term, in accordance with Section 1.e (Enterprise Demo Plan).

c. Pay-As-You-Go.

i. Under the “Pay-As-You-Go Plan,” Company shall provide Customer with a limited, non-exclusive, non-transferrable, and non-sublicensable license to access and use the System. This license shall be limited to the number of authorized Users (Seats) reflected in Customer’s Plan Selection.

ii. Not a Subscription. The Pay-As-You-Go Plan is a usage-based offering and is not a subscription. It has no Subscription Term, no recurring subscription fee, and no minimum commitment. Customer incurs charges under the Pay-As-You-Go Plan only as a result of (a) usage of the Services in excess of the Free Use Limit, calculated at the then-applicable rate and handled in accordance with the overage method applicable to Customer’s Plan Selection or, absent such selection, Company’s then-current Published Pricing; and (b) any Credits Customer elects to purchase. Customer may discontinue use of the Pay-As-You-Go Plan at any time. Account deletion is the sole method of terminating the account, and the account shall be considered to have an effective Term until deletion.

iii. Customer may use the System without a charge and without providing a payment method provided that Customer’s use does not exceed 2,500 daily lookups (“Free Use Limit”) at any time. Customer shall be required to provide a payment method for billing before being permitted to exceed the Free Use Limit. Company reserves the right to modify the Free Use Limit at any time in its sole discretion. Unused Free Use Limit lookups do not roll over and do not constitute Credits.

iv. All usage of the System in excess of the Free Use Limit shall require advance purchase of Credits at the then-applicable rate set forth in Company’s Published Pricing.

v. Pay-As-You-Go Plan Credits may be used for Geocoding Services and Distance Services; provided that Pay-As-You-Go Plan Credits include processing of data related to the United States, Canada, and Mexico only.

(1) Processing of United Kingdom data, i.e., UK Geocoding Services, is not available to Pay-As-You-Go Plan customers.

vi. Purchased Credits shall remain available to Customer until deletion of their account, at which point any unused Purchased Credits shall be forfeited.

Vii. Company reserves the right to update, change, and remove Plan features at any time with or without advance notice.

d. Enterprise Demo Plan.

i. The Enterprise Demo Plan (the “Demo Plan”) is a no-cost, evaluation-only plan that allows prospective Enterprise customers to test the System prior to subscribing to a paid Plan.

ii. Demo Allowance. The Demo Plan includes a one-time allowance of one hundred (100) total lookups (the “Demo Allowance”), measured on a cumulative, all-time basis and not on a per-day basis. The Demo Allowance does not renew, reset, or roll over. Once the Demo Allowance is exhausted, Customer must subscribe to a paid Plan to continue using the Services.

iii. Coverage. The Demo Plan supports Geocoding Services and Distance Services for the United States, Canada, and Mexico only. UK Geocoding Services are not available under the Demo Plan.

iv. Test Data Only. The Demo Plan is intended solely for evaluation. Customer shall process only test or sample data under the Demo Plan and shall not process production, live, personal, or regulated data. The Excluded Data provisions of Section 6.6 apply in full.

v. No Data Processing Attachments. No Business Associate Agreement, Data Processing Agreement, UK Data Services Attachment, or other data processing attachment will be entered into or be effective in connection with the Demo Plan. Customer must subscribe to a paid Plan to obtain any such attachment.

vi. No Additional Credits or Seats. The Demo Plan does not permit the purchase of additional Credits and is limited to one (1) User.

vii. Transition to Demo on Downgrade. An Enterprise account that does not maintain an active Unlimited or Flex Plan — including upon the cancellation, termination, expiration, or downgrade of such Plan — will be transitioned to the Demo Plan, effective at the end of the then-current Subscription Term. Upon such transition: (a) any unused Subscription Credits and Purchased Credits are forfeited; (b) all additional Users are converted to basic “Member” access, and existing Members may be removed but no additional Users may be added unless and until Customer subscribes to a Plan that supports multiple Users; and (c) any data processing attachments terminate in accordance with their terms, and the Demo Plan’s Test Data Only restriction in subsection (iv) applies.

e. UK Data. Access to Company’s UK Geocoding Services is available to Flex and Unlimited Plan customers only, provided that Customer has signed a UK Data Services Attachment.

f. Distance Services.

i. Distance Services may be accessed via Customer’s Free Use Limit, Subscription Credits, or Purchased Credits, as applicable by plan.

ii. Credit pricing for use of Company’s Distance Services shall be as set forth in Company’s Published Pricing or any applicable Negotiated Terms. Company reserves the right to unilaterally change the amount of Credits needed to purchase Distance Services in accordance with Section 5.4.

iii. The Credit cost of a Distance request is computed as the number of origins and destinations multiplied by each other multiplied by the distance multiplier (1 for straightline distance, 2 for driving distance), with any required geocoding cost of the origins and destinations added to the total, except as provided in Section 1.a.v.

g. Users and Seats.

i. The number of Users permitted to access the System is limited to the number of paid Seats reflected in Customer’s Plan Selection or as updated by Customer through the System during the Term. Each Plan includes one (1) User unless additional Seats are specified.

ii. The Pay-As-You-Go Plan is limited to one (1) User; additional Users are not available on the Pay-As-You-Go Plan.

iii. Unlimited Geocoding Plans:

iii.a Unlimited Geocoding (North America) includes internal Users at no additional per-Seat fee and is not subject to per-Seat pricing.

iii.b Unlimited Geocoding (North America + UK) supports additional Seats for internal Users at the per-Seat fee reflected in Customer’s Plan Selection or Published Pricing

iv. Flex Plans support additional Seats at the per-Seat fee reflected in Customer’s Plan Selection or Published Pricing. Flex Seats of the “Full” seat type include an additional Subscription Credit grant per Seat as reflected in Customer’s Plan Selection or Published Pricing; “Lite” seats do not.

v. Seats added during a Subscription Term are anchored to the subscription date and prorated (fee and any Credit grant) to the existing renewal date. Seats removed during a Subscription Term remain active and are billed through the end of the then-current Subscription Term (one-month minimum); no refund or proration applies upon Seat removal. A removed Seat may be reassigned to another User at no additional charge through the end of the then-current Subscription Term.

2. Credits.

a. Purchase of Credits. Customer may obtain Credits either (a) as part of a subscription plan reflected in Customer’s Plan Selection (“Subscription Credits”) or (b) through the purchase of additional Credits during the Term (“Purchased Credits”). The type, quantity, and price of any purchased Credits will be reflected in Customer’s Plan Selection, an invoice, or any applicable Negotiated Terms. Credits represent prepaid units that may be applied toward Customer’s use of designated Services or features that require the consumption of Credits.

b. Use of Credits. Credits may be consumed in connection with Customer’s use of certain Services, features, or functionality, as determined by Company. The rate at which Credits are consumed may vary depending on the type of Credit, Service used, the volume of usage, or other applicable factors described in Customer’s Plan Selection or product documentation. Company may modify the Services that consume Credits or the applicable Credit consumption rates from time to time in connection with updates to the Services. Credits will be deducted automatically from Customer’s available Credit balance as the applicable Services are used.

c. Application of Credits. Unless otherwise provided in any applicable Negotiated Terms: (i) Subscription Credits will be applied automatically to eligible usage first, then Purchased Credits; and (ii) if Customer has no remaining Credits available, Customer’s usage may either result in Overage Fees or suspension of the applicable Services, depending on the overage handling method applicable to Customer’s Plan Selection.

d. Expiration of Credits. Credits represent a limited right to access the Services and do not constitute stored monetary value. Unless otherwise provided in any applicable Negotiated Terms: (i) Subscription Credits roll over as long as the Customer has an active subscription at any level (Flex or Unlimited); and (ii) unused Subscription Credits are forfeited upon downgrade to Pay-As-You-Go (Self-Serve) or to an inactive account without a subscription (Enterprise).

e. Purchased Credits. Purchased Credits shall survive all plan transitions except for Termination.

f. Non-Refundability/Transferability. Credits are non-refundable and non-transferrable, have no cash value, and may not be redeemed for cash or credit except where required by applicable law. Credits may be used only by the Customer entity that purchased the Credits.

g. Effect of Termination. Upon expiration or termination of the Customer’s account: (i) any unused Subscription or Purchased Credits will immediately expire; and (ii) Customer will not be entitled to any refund, credit, or reimbursement for unused Subscription or Purchased Credits.

3. Usage Measurement.

a. Measurement. Customer’s use of the Services will be measured by Company using its standard usage metering systems and methodologies. Company’s records regarding Customer’s Usage and the consumption of Credits will be deemed accurate and binding absent manifest error. Company will make available reasonable documentation describing the applicable usage metrics and how such metrics are measured. Customer may access its usage data at any time via the dashboard.

b. Usage Data. Customer acknowledges that Company may collect and maintain usage data relating to Customer’s access to and use of the Services for purposes including billing, capacity planning, service optimization, and enforcement of the Agreement.

c. Billing Determination. All determinations of usage, Credit consumption, and applicable charges will be made based on Company’s systems of record. Company may calculate Usage on an aggregated basis across applicable time periods, service components, or resources used in connection with the Services.

d. Disputes. Customer must notify Company in writing of any good faith dispute regarding Usage measurements or invoices within thirty (30) days after the applicable invoice date. If Customer does not provide such notice within that period, Customer will be deemed to have accepted the invoice and the underlying Usage measurements.

e. Updates to Measurement Methodology. Company may modify its usage measurement methodologies from time to time in order to reflect improvements to the Services, changes in service architecture, or new product features, provided that such modifications do not materially reduce the functionality of the Services purchased by Customer during the applicable Subscription Term.

4. Plan Modifications.

Customer may upgrade, downgrade, or otherwise modify its Plan, or subscribe to additional Plans, during the applicable Term through the System dashboard, by written or verbal request to Company, or through an invoice or other ordering document accepted by Company (including any Negotiated Terms). A Customer may maintain multiple Plans or ordering arrangements concurrently. Purchased Credits may be combined with any Plan as described in this Schedule. Unless otherwise provided in any applicable Negotiated Terms, any such changes will take effect as specified in Section 5.2(b). Customer may also purchase additional Credits during the Term as provided in this Schedule. Company may modify its available Plans, pricing structures, usage metrics, or Credit consumption models from time to time, provided that any such changes will apply only to new Plan Selections or to renewal terms of existing Plans unless otherwise agreed by the parties.

a. In-Term Changes. During the Term, Customer may initiate changes to its Services and usage — including without limitation adding or removing Users or Seats, purchasing additional Credits, enabling or disabling automatic Credit replenishment, and upgrading or modifying its Plan — through the System dashboard or by written or verbal request to Company. Any such change is a transaction under, and is governed by, this Agreement, the Plan Terms Schedule, and Company’s then-current Published Pricing in effect at the time of the change, and does not require the execution of any separate ordering document. The applicable fees, Credit grants, and proration for any such change will be those in effect under this Agreement and the Plan Terms Schedule at the time the change takes effect. Company’s records of such changes will be deemed accurate and binding absent manifest error. For the avoidance of doubt, nothing in this Section limits either party’s right to memorialize a change in a written ordering document or Negotiated Terms where it considers that appropriate.

5. Subscription Term and Renewal.

a. Subscription Term. The “Subscription Term” is the recurring subscription period applicable to Customer’s Plan (e.g., monthly or annual), as reflected in Customer’s Plan Selection or any applicable Negotiated Terms, beginning on the Effective Date (or, for a particular Plan, the date Customer subscribes to that Plan) and continuing for the selected period, together with each renewal period.

b. Automatic Renewal. Unless otherwise provided in any applicable Negotiated Terms, each subscription Plan automatically renews for successive Subscription Terms of equal length at Company’s then-current Published Pricing, unless Customer cancels or downgrades through the System (or as otherwise permitted) before the end of the then-current Subscription Term. Downgrades and cancellations take effect as provided in Section 5.2(b) of the Agreement.

c. Pay-As-You-Go. The Pay-As-You-Go Plan has no Subscription Term and does not renew, as described in Section 1.d of this Schedule.

SaaS Enterprise Addendum

This SaaS Enterprise Addendum (“Enterprise Addendum”) shall be applicable for Enterprise Customers, i.e., Customers subscribed to Geocodio’s Enterprise Platform, as reflected in Customer’s Plan Selection or any applicable Negotiated Terms. Any conflicts between this Addendum and the Agreement shall be governed by this Addendum.

The following Section 13 is hereby added to the Agreement:

13. SECURITY MEASURES.

13.1. SOC 2 Examination. Company maintains, and will use commercially reasonable efforts to maintain throughout the Subscription Term, a SOC 2 Type II examination of the System and its related controls, performed by an independent third-party auditor on at least an annual basis and covering, at a minimum, the Security Trust Services Criterion (together with any additional Trust Services Criteria identified in the applicable report) (the “SOC 2 Report”).

13.2. Availability of the SOC 2 Report. Upon Customer’s written request, made no more than once in any twelve (12)-month period, Company will make available to Customer a copy of its then-current SOC 2 Report. If the period covered by the most recent SOC 2 Report ended more than three (3) months prior to Customer’s request, Company will, upon request, also provide a bridge (gap) letter covering the intervening period, to the extent Company’s auditor makes one available. Customer may also access the SOC 2 Report via the dashboard.

13.3. Confidentiality of the Report. The SOC 2 Report and any bridge letter are Company’s Confidential Information. Customer shall use them solely to evaluate Company’s security and compliance posture, shall not disclose them to any third party other than Customer’s employees, auditors, or advisors who have a need to know and who are bound by confidentiality obligations no less protective than those set forth herein, and shall protect them with at least the same degree of care Customer uses to protect its own confidential information of like importance.

13.4. Penetration Testing. Company engages a qualified independent third party to conduct external penetration testing of the System on at least an annual basis. Company will remediate validated findings on a risk-prioritized basis consistent with their severity. Upon Customer’s written request, made no more than once in any twelve (12)-month period, Company will make available a summary report or attestation describing the scope, methodology, and high-level results of its most recent penetration test, together with the status of any remediation of material findings. Any such summary or attestation is Company’s Confidential Information and is subject to the confidentiality obligations set forth in Section 13.3 above. For clarity, raw or detailed penetration test reports are not provided, and Customer shall have no right to perform its own penetration testing, vulnerability scanning, or other intrusive testing of the System, whether directly or through a third party.

13.5. Security Controls. Company will maintain administrative, physical, and technical safeguards consistent in all material respects with the controls described in the SOC 2 Report and designed to protect Customer Data against unauthorized access, use, or disclosure.

13.6. Exceptions and Remediation. If a SOC 2 Report or penetration test summary identifies any material exception, qualification, or deviation relevant to the Services, Company will, upon Customer’s written request, provide a reasonable summary of its remediation plan and status.

13.7. Audit in Lieu. The SOC 2 Report constitutes Customer’s sole and exclusive means of auditing or verifying Company’s information-security controls. Company’s provision of the SOC 2 Report satisfies any obligation of Company to undergo security audits or assessments in connection with this Agreement, and Customer shall have no right to conduct on-site audits or penetration testing of the System. Company will use commercially reasonable efforts to respond, no more than once in any twelve (12)-month period, to a reasonable written security questionnaire to the extent the requested information is not already addressed in the SOC 2 Report.