Platform Agreement - Payments Data License Addendum (August 2022)

EXHIBIT A

TERMS AND CONDITIONS

1. Scope. These Terms and Condition are a part of the Transaction Information License Addendum entered into by and between Licensee and Payrix.

2. Definitions. Capitalized terms used in these Terms and Conditions shall have the meaning ascribed to such terms in this Section 2 or elsewhere in these Terms and Conditions or the Addendum.

2.1 “Affiliate” means, with respect to Payrix and Company, as applicable, any other entity that controls, is controlled by, or is under common control with Payrix or Company. For purposes of this Section, "control" means possessing, directly or indirectly, the power to direct or cause the direction of the management, policies or operations of an entity, whether through ownership of voting securities, by contract or otherwise.

2.2 “Change Event” means (a) any modification in Payrix’s rights or obligations under a Data Supplier Contract (as defined in Section 8 of these Terms and Conditions), where such modification occurs after the Addendum Effective Date (e.g., Payrix experiences a change in its data usage rights as a result of a modification to the terms of a Data Supplier Contract, where such modification is made after the Addendum Effective Date); (b) Payrix’s compliance with a new or amended Law (including Payrix’s compliance with a new judicial interpretation of a Law), which new or amended Law takes effect after the Addendum Effective Date; (c) a change in Payrix’s interpretation of a Law that is in effect as of the Addendum Effective Date or a change in Payrix’s interpretation of its rights or obligations under its Data Supplier Contracts, as such Law or contractual rights or obligations exist and are interpreted by Payrix as of the Addendum Effective Date (i.e. a change resulting from Payrix’s incorrect interpretation or understanding of its data usage rights under a Data Supplier Contract or its obligations under Law as of the Addendum Effective Date, where such Data Supplier Contract or Law is in effect as of the Addendum Effective Date); (d) Licensee’s use of the Transaction Information, any Data Element, or a Data Product, or a Sales Partner’s use of a Data Product, in a manner or for a purpose that does not comply with Law; or (e) any change in Payrix’s data governance, risk, or compliance practices or policies as applied to the license and use of the Transaction Information, excluding any changes or circumstances otherwise contemplated by subsection (a), (b), (c), or (d) of this Section.

2.3 “Commencement Date” means the date the Transaction Information is first delivered or made available to Company or Licensee.

2.4 “Daily Information” is defined in Section 3 of the Addendum.

2.5 “Data Product(s)” means an aggregated and anonymized data product, service, or report created by (or on behalf of) Licensee and sold by Licensee (or its Sales Partners) that utilizes, is derived from, or is based on the Transaction Information, provided the output of the data product or service (e.g., product response, report, analysis, algorithm, etc.) does not transmit or disclose any Data Element. Each Data Product shall be comprised of a grouping of not less than thirty (30) anonymized individuals, households, or devices, and each Data Product shall be approved by Payrix in advance. The Data Product(s) set forth in Section 5 of the Addendum have been pre-approved by Payrix as of the Addendum Effective Date. In the event that Licensee knows or reasonably suspects that the requirements of this Section 2.5 have not been satisfied, Company shall promptly notify Payrix in writing.

2.6 “Intellectual Property” means all U.S. patents, registered trademarks, trade secrets, and copyrights.

2.7 “Law(s)” means all federal, state, and local laws applicable to a party or, in the case of an Affiliate, customer, or Sales Partner, to such Affiliate, customer, or Sales Partner, as applicable, in exercising its rights and/or carrying out its responsibilities hereunder.

2.8 “Sales Partner(s)” means an entity with which Licensee has a contractual arrangement authorizing the Sales Partner to sell Licensee’s Data Products in accordance with the terms of the Addendum.

2.9 “Personal Data” means any information that: (i) relates to or is about any identified or identifiable individual, household, or device; or (ii) is protected under Laws, including: (a) “nonpublic personal information,” as that term is defined under the Gramm-Leach-Bliley Act and its implementing rules and official guidance; (b) “Protected Health Information,” as that term is defined in the Health Insurance Portability and Accountability Act of 1996 and the Health Information Technology for Economic and Clinical Health Act or their implementing rules and official guidance; and/or (c) “personal information” as that term is defined in the California Consumer Privacy Act and its implementing regulations and any other similar consumer privacy law passed by any other state. Personal Data includes, without limitation, any identified names, contact information (including, without limitation, e-mail addresses, postal addresses and telephone numbers), government identification numbers, financial account numbers, payment card account numbers and expiration dates, credit report information, biometric information, IP addresses, network, and hardware identifiers, and geolocation information or any such information that can be reasonably linked to any identified individual, household, or device.

2.10 “Terms and Conditions” means these Exhibit A terms and conditions to the Addendum which are part of the Addendum and which may also be referred to as the Addendum.

3. Transaction Information.

3.1 Data. Payrix will deliver and/or make available the Transaction Information to Licensee pursuant to the terms and conditions set forth in the Addendum, including these Terms and Conditions and Attachments. Payrix will use commercially reasonable efforts not to deliver any Personal Data to Licensee. In the event Payrix delivers Personal Data to Licensee, Company shall promptly notify Payrix, return any such Personal Data, and certify to Payrix in writing that it has destroyed such data, which certification documentation shall be reasonably approved by Payrix in advance.

3.2 Transmittal Standards. The parties shall mutually agree upon standards and procedures related to the transmittal of the Transaction Information (e.g., connectivity, transmittal method, and/or file format/layout). Licensee acknowledges and agrees that its failure to comply with the mutually agreed upon data transmittal standards may negatively impact its ability to receive the Transaction Information. In the event that Licensee requests changes to the then-current delivery method for the Transaction Information, the parties will mutually agree upon the scope of the project and the corresponding fees, if any, by way of an amendment to the Addendum.

3.3 Changes to Addendum. Notwithstanding anything to the contrary set forth in the Addendum and these Terms and Conditions, in order to address or respond to Payrix’s reasonable and good faith concerns regarding a Change Event, Payrix may take any of the actions described in Sections 3.3.1 and/or 3.3.2 of these Terms and Conditions, upon the provision of advance written notice to Licensee, and Licensee shall have thirty (30) days after the delivery of such notice to implement and comply with any such change, unless a shorter period is required by Law or Payrix’s Data Supplier Contracts.

3.3.1 Delivery; Data Elements. To address or respond to a Change Event, Payrix may: (i) change or modify any Data Element (as defined in Section 3 of the Addendum), (ii) suspend or permanently cease its delivery of any Data Element, and/or (iii) require Licensee to cease its use of any previously delivered Data Element and to return or destroy the same in accordance with the requirements of Section 11.3 of these Terms and Conditions.

3.3.2 Markets and/or Permitted Uses. To address or respond to a Change Event, Payrix may change the terms of the Addendum and these Terms and Conditions to restrict or prohibit: (i) the permitted markets, industries, and customers to which Data Products can be sold, and/or (ii) the permitted use cases to which Data Products can be applied or used to facilitate.

3.3.3 Termination Resulting from Changes to the Addendum.

3.3.3.1 If Licensee fails to timely comply with any change to the Addendum or these Terms and Conditions made pursuant to this Section 3.3 of these Terms and Conditions, Payrix shall be entitled to immediately terminate the Addendum.

3.3.3.2 Excluding any changes made as a result of a Change Event described subsection (b) or (d) of Section 2.2 of these Terms and Conditions, if Payrix makes any change to the Addendum or these Terms and Conditions in response to a Change Event, Company shall have thirty (30) days to terminate the Addendum (measured from the date of Licensee’s receipt of Payrix’s first notification of the change). Any exercise by Company of the termination right set forth in this Section 3.3.3.2. must be made in good faith taking into consideration the commercial impact of the change. In the event Company does not timely exercise this termination right, it shall immediately lapse and be void upon the expiration of the 30-day period. The foregoing termination right shall be Licensee’s sole and exclusive remedy.

4. License Grant.

4.1 License Grant.

4.1.1 Transaction Information. Subject to the terms and conditions of the Addendum, Payrix hereby grants Licensee a perpetual (subject to Payrix’s termination and suspension rights set forth herein), revocable (but only as specifically set forth herein), non- exclusive, non-transferable, non-sublicensable (except as otherwise permitted in Section 15 of these Terms and Conditions), limited right and license to: (i) access and use the Transaction Information to reproduce, copy, analyze, incorporate, modify, and display the Transaction Information for the purpose of creating Data Products; (ii) integrate the Transaction Information with other data sets or data elements derived, owned, or controlled by Licensee, either now or in the future, for the purpose of creating Data Products, and modify the Transaction Information so as to achieve such integration; (iii) market, promote, license, distribute, and sell Data Products, either directly or via Sales Partners, but only to and for the ultimate use by Licensee’s or Sales Partner’s customers for such purposes (e.g., “use cases”) and in such markets that Payrix has approved in advance. Licensee’s compliance with all terms of the Addendum shall at all times be a condition precedent to Licensee’s grant of (and ability to exercise) the license rights set forth herein. Licensee shall not license, sell, or disclose the Transaction Information or any Data Element other than as a fully integrated part of a Data Product. Prior to providing a customer or Sales Partner with access to (or, in the case of a Sales Partner, the ability to sell) a Data Product, Licensee shall cause its customers and Sales Partners to agree to terms that are at least as protective of Payrix and its rights hereunder as the terms of Sections 4, 6, 8, 12, 18.1 and Attachment 1 of these Terms and Conditions, and, with respect to a Sales Partner’s ability to sell a Data Product and a customer’s ability to use a Data Product (whether a customer of Licensee or a Sales Partner), terms that are at least as restrictive as the permitted sale, distribution, and usage rights set forth in the Addendum. For the sake of clarity, the terms of the Addendum that apply to Licensee’s ability to market, promote, license, distribute, and/or sell any Data Product shall be equally applicable to each Sales Partner. Any failure to comply with the requirements of the Addendum by a Sales Partner shall constitute a breach of the Addendum by Licensee. Licensee shall be fully responsible and liable for the performance or non-performance of its Sales Partners and such performance or non-performance shall be deemed Licensee’s hereunder.

4.1.2 Retained Rights. Except as specifically provided in this Section 4.1 of these Terms and Conditions, Licensee shall not directly or through a third party use, sell, resell, license, distribute, or otherwise transfer the Transaction Information either on its own or as part of a Data Product or any other integrated or derived product or service. Payrix retains all rights not expressly granted hereunder, including without limitation, the right to develop, create, market, supply, distribute, operate, or sell the Transaction Information or any product or service that is based on or derived from the Transaction Information, including any research, analysis, or report that is based on or derived from the Transaction Information and any integrated products that contain or utilize the Transaction Information and/or other data sets, or otherwise authorize or assist any third party in doing.

4.1.3 Distribution of Data Products. As between the parties, Licensee shall be solely responsible for: (i) the pricing of Data Products sold to Licensee’s customers, and for invoicing and collecting fees from such customers; and (ii) the development, marketing, licensing, sale, maintenance, and distribution related to the provision of Data Products to its customers.

4.1.4 Payrix Competitors. Notwithstanding anything to the contrary in the Addendum, Licensee shall be prohibited from marketing, promoting, licensing, distributing, and/or selling any Data Product to any Payrix Competitor. For the purposes of the Addendum, “Payrix Competitor” means Fiserv, Jack Henry, Yodlee, Google, Facebook, Acxiom, and Global Payments and any of their current or future parent companies, subsidiaries, or affiliates.

5. Fees.

5.1 Company shall timely pay all fees and charges set forth in the Addendum under heading “Fees”. Fees shall be invoiced on a monthly basis beginning on the Commencement Date and shall be paid as provided in the Addendum. Fees, costs, and expenses owed by Licensee are exclusive of charges for materials, work, hardware, or software not otherwise detailed in these Terms and Conditions, the Addendum, or a Statement of Work.

5.2 Payrix may increase fees from time to time upon advance written notice to Licensee.

5.3 If the Commencement Date is delayed for more than ninety (90) days after the Addendum Effective Date (or the Addendum Effective Date of the applicable amendment to the Addendum), and such delay is due to the actions or inactions of Licensee, Payrix’s obligation to deliver the Transaction Information shall be correspondingly delayed.

5.4 Payrix shall electronically debit the account specified by Company (“Payrix Payment Account”) to satisfy any fees, charges or other amounts owed to Payrix. Company shall maintain sufficient funds in the Payrix Payment Account to cover any amounts owed to Payrix, and is solely responsible for properly applying all credits and debits made to the Payrix Payment Account by Payrix. Company shall provide Payrix Payment Account information sufficient for Payrix to initiate ACH transfer within thirty (30) days after execution of the Addendum, and shall notify Payrix of any change in Payrix Payment Account information within three (3) business days. In the event Payrix does not collect amounts owed from the Payrix Payment Account, Company must pay such amounts via electronic payment within thirty (30) days of the invoice date. For any amount not paid within thirty (30) days after its due date, Company shall pay a late fee equal to the lesser of one and one-half percent (1½%) per month of the unpaid amount or the maximum interest rate allowed by Law.

5.5 All charges and fees to be paid by Company under the Addendum are exclusive of any applicable withholding, sales, use, excise, value added, or other taxes. Any such taxes for which Payrix is responsible by Law or contract to collect from Company shall be billed by Payrix and paid by Company. Company agrees to reimburse Payrix for any taxes, penalties and interest assessed by any taxing authority arising out of the Addendum, except to the extent any such penalties and/or interest result from Payrix’s inaction or delay. Payrix shall pay and hold Company harmless for any taxes on Payrix property, income, or payroll. Company agrees to hold Payrix harmless for any sales, use, excise, value added, or other taxes assessed by a taxing authority arising out of the Addendum. In the event of any assessment by a taxing authority, both parties agree to cooperate with each other to resolve issues in order to minimize such assessment.

6. Specific Use Limitations.

6.1 Neither Licensee nor any Sales Partner or customer shall use or sell the Transaction Information or any Data Product, as applicable, to facilitate any of the uses, purposes, or business types listed in Attachment 1.

6.2 Licensee shall not reverse engineer, decompile, analyze or otherwise use the Transaction Information to familiarize itself with the nature, character, or quality of the Transaction Information.

6.3 Licensee shall cause each customer and Sales Partner to agree not to reverse engineer, decompile, analyze or otherwise use a Data Product to familiarize itself with the nature, character, or quality of a Data Product.

6.4 Licensee shall not use the Transaction Information (or any non-public information derived from the Transaction Information), Payrix’s Confidential Information, or a Data Product to (i) trade (or permit any third party to trade) in securities issued by Payrix or its Affiliates, including Fidelity National Information Services, Inc., or any other entity, whether publicly or privately held; or (ii) make estimations, determinations, or recommendations or provide other advice relating to securities issued by Payrix or its Affiliates, including Fidelity National Information Services, Inc., or any other entity, whether publicly or privately held.

6.5 The parties agree that the Transaction Information is de-identified and de-personalized and does not include Personal Data under any applicable Law and that the Addendum does not reflect a sale or selling of personal information under the California Consumer Privacy Act or any similar Law.

6.6 Licensee shall, and shall cause each customer and Sales Partner to agree, not attempt to personalize or re-personalize the data included in the Transaction Information or a Data Product (as applicable), otherwise attempt to identify the individuals or entities about whom the Transaction Information or the Data Product relates or from whom the Transaction Information was obtained or otherwise pertains to, or take any other action that might cause the Transaction Information or any Data Product to be considered Personal Data under any applicable Law.

6.7 Licensee shall not sell, use, store, transmit, or otherwise disclose the Transaction Information or a Data Product outside of the United States or sell, disclose or allow the use of a Data Product outside of the United States.

6.8 Customers shall only be entitled to use a Data Product in furtherance of such customer’s own internal business purposes and not for further resale or the benefit of any other third party.

6.9 Licensee shall not use the Transaction Information, or sell a Data Product that can be used, as part of a decision to grant or deny an account or other benefit, for employment purposes, or for any other purpose contemplated by the FCRA.

7. Security Requirements.

7.1 Licensee agrees to maintain appropriate administrative, technical and physical safeguards for all Transaction Information provided under the Addendum and data derived from the Transaction Information (as further described in this Section 7, the “Security Safeguards”). The Security Safeguards shall: (i) ensure the confidentiality of the Transaction Information; (ii) protect against any anticipated threats or hazards to the security or integrity of the Transaction Information; (iii) prevent unauthorized access to the Transaction Information; and (iv) ensure proper destruction of the Transaction Information in compliance with all Laws and industry standards.

7.2 The Security Safeguards described above will also include: (a) access controls to the Transaction Information, including controls to identify and permit access only to authorized individuals and controls to prevent access to the Transaction Information through improper means; (b) employee controls and training; (c) physical access restrictions at locations where Transaction Information is located or stored; (d) encryption of Transaction Information when appropriate, but in any event as legally required; and (e) a disaster recovery plan as appropriate to protect against loss or damage to the Transaction Information due to potential hazards such as fire or water damage or technological failures. Such Security Safeguards must also include fully up to date: (i) anti-virus/malware devices; (ii) DMZ subnet and firewall controls; (iii) IDS/IPS controls; (iv) patch management controls; (v) physical security controls; (vi) application Whitelisting Controls; and (vii) change management controls. Licensee will contract with an appropriately qualified third-party information security assurance vendor to perform, on an annual basis, an information security assessment that includes penetration testing and shall take all reasonable steps to remediate any vulnerabilities identified in such assessments and testing. Licensee will present an attestation letter or executive summary to Payrix upon request. If Payrix determines that any remediation efforts are necessary, Licensee and Payrix will mutually agree upon a remediation plan, and Licensee will remediate all identified issues in accordance with the remediation plan.

7.3 Licensee shall promptly notify Payrix of any actual or reasonably suspected unauthorized access to Transaction Information or data derived therefrom and report any actual or reasonably suspected system compromise that may expose the Transaction Information to unauthorized persons or that may expose Payrix or its data suppliers to security vulnerabilities. In the event of any unauthorized access to Transaction Information, Payrix shall have the right to take any action it deems necessary or appropriate to mitigate the potential ramifications resulting therefrom, including, without limitation, suspending the provision of the Transaction Information and providing notice to regulators and/or impacted data suppliers and/or consumers.

7.4 Upon Payrix’s request, Licensee shall provide documentation of its security policies and practices with regard to the Transaction Information and how the Transaction Information is being used, stored and protected.

7.5 Licensee shall comply with the Payment Card Industry Data Security Standard requirements (as amended from time to time) (“PCI DSS”) in its storage and use of the Transaction Information. The requirements of this Section 7.5 shall be included in the definition of “Security Safeguards.” In addition, Licensee shall comply with the following:

7.5.1 Where applicable and/or requested by Payrix ,Licensee will submit its Report of Compliance (“ROC”) within ten (10) days of the execution of the Addendum and will have a ROC prepared, and provide to Payrix such updated ROC, annually thereafter;

7.5.2 Where applicable, Licensee will publish to Visa’s Global Service Provider registry and maintain ‘Green Status’ in such registry; and

7.5.3 As applicable, if Licensee fails to maintain ‘Green Status’ in the Visa Global Service Provider registry, Payrix may immediately terminate the Addendum.

8. Warranties; Disclaimer.

8.1 Licensee represents and warrants, and shall cause all customers and Sales Partners to represent and warrant, that: (i) it will not request, use, sell, provide, retain, or archive any Transaction Information or Data Product, as applicable, in any manner that is not specifically provided for in the Addendum; and (ii) it will comply with all applicable Laws in its handling and use of the Transaction Information or Data Product, as applicable, and otherwise in performing its obligations (or in the case of customers and Sales Partners, its requirements) under the Addendum. Licensee further represents and warrants that it is a data aggregator that procures a material portion of its data from third parties other than Payrix.

8.2 Payrix represents and warrants that (i) each Data Element that comprises the Transaction Information is sourced from data that Payrix acquires through contracts with its data suppliers (the “Data Supplier Contract(s)”); (ii) subject to Section 3.3 of these Terms and Conditions, Payrix has the appropriate rights under its Data Supplier Contracts to deliver the Transaction Information as set forth herein; and (iii) Payrix will comply with all applicable Laws in the performance of its obligations hereunder.

8.3 Each party represents and warrants that it is duly organized and validly existing in good standing and has full corporate power and authority to enter into and perform its obligations under the Addendum.

8.4 EXCEPT AS EXPRESSLY PROVIDED IN THE ADDENDUM (WHICH INCLUDES THESE TERMS AND CONDITION AND ATTACHMENTS HERETO), PAYRIX DISCLAIMS ANY AND ALL WARRANTIES, CONDITIONS, OR REPRESENTATIONS (EXPRESS OR IMPLIED, ORAL OR WRITTEN) WITH RESPECT TO THE TRANSACTION INFORMATION AND PAYRIX’S PERFORMANCE HEREUNDER, INCLUDING, WITHOUT LIMITATION, ANY AND ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS OR SUITABILITY FOR ANY PARTICULAR PURPOSE, OR ERROR FREE OPERATION (EVEN IF CREATED BY THE INTERNATIONAL SALE OF GOODS CONVENTION, AND WHETHER OR NOT PAYRIX KNOWS, HAS REASON TO KNOW, HAS BEEN ADVISED, OR IS OTHERWISE IN FACT AWARE OF ANY SUCH PURPOSE), WHETHER ALLEGED TO ARISE BY LAW, BY REASON OF CUSTOM OR USAGE IN THE TRADE, OR BY COURSE OF DEALING.

9. Limitation of Liability.

9.1. EXCEPT FOR LIABILITY INCURRED IN CONNECTION WITH: (i) LICENSEE’S BREACH OF SECTION 4 OF THESE TERMS AND CONDITIONS (LICENSE GRANT); (ii) LICENSEE’S OR PAYRIX’S BREACH OF SECTION 12 OF THESE TERMS AND CONDITIONS (CONFIDENTIAL INFORMATION); (iii) LICENSEE’S OR PAYRIX’S BREACH OF SECTION 9 OF THESE TERMS AND CONDITIONS (WARRANTIES; DISCLAIMERS); (IV) LICENSEE’S OR PAYRIX’S BREACH OF SECTION 13 OF THESE TERMS AND CONDITIONS (INTELLECTUAL PROPERTY); (v) LICENSEE’S BREACH OF SECTION 8 OF THESE TERMS AND CONDITIONS (SECURITY REQUIREMENTS); (vi) A CLAIM FOR WHICH A PARTY OWES AN OBLIGATION OF INDEMNITY PURSUANT TO SECTION 11 OF THESE TERMS AND CONDITIONS (INDEMNIFICATION); (VII) A CLAIM ARISING OUT OF LICENSEE’S OR PAYRIX’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, AND (viii) THE AMOUNT OF FEES OR LIQUIDATED DAMAGES LICENSEE OWES HEREUNDER, EACH PARTY’S TOTAL LIABILITY UNDER OR RELATED TO THE ADDENDUM IS LIMITED IN ALL CASES AND IN THE AGGREGATE TO THE AMOUNT OF FEES PAID HEREUNDER DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE DATE OF THE EVENT THAT IS THE BASIS FOR THE FIRST CLAIM. EACH PARTY’S TOTAL AGGREGATE LIABILITY UNDER OR RELATED TO THE ADDENDUM INCURRED IN CONNECTION WITH THE FOREGOING SUBSECTIONS (ii), (iii), (iv), (v) AND (vi) IS LIMITED IN ALL CASES TO THE AMOUNT OF FEES PAID HEREUNDER DURING THE TWENTY-FOUR (24) MONTH PERIOD IMMEDIATELY PRECEDING THE DATE OF THE EVENT THAT IS THE BASIS FOR THE FIRST CLAIM. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THE ADDENDUM, EXCEPT FOR ANY DAMAGES RESULTING FROM LICENSEE’S BREACH OF SECTION 4 OF THESE TERMS AND CONDITIONS (LICENSE GRANT), IN NO EVENT WILL EITHER PARTY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, OR PUNITIVE DAMAGES (INCLUDING BUT NOT LIMITED TO, DAMAGES FOR LOSS OF BUSINESS PROFITS OR REVENUE, REPUTATION OR GOOD WILL, BUSINESS INTERRUPTION, LOSS OF INFORMATION, OR OTHER PECUNIARY LOSS), EVEN IF SUCH PARTY WAS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. FOR THE SAKE OF CLARITY, THE IMMEDIATELY PRECEDING DISCLAIMER OF DAMAGES SHALL NOT RELIEVE LICENSEE OF ANY OBLIGATION TO PAY ANY FEES, REVENUE SHARE OR LIQUIDATED DAMAGES DUE HEREUNDER.

9.2. LICENSEE SHALL REQUIRE EACH SALES PARTNER AND CUSTOMER (INCLUDING EACH SALES PARTNER’S CUSTOMERS) TO AGREE TO TERMS SUBSTANTIALLY SIMILAR TO THE FOLLOWING: “THE TOTAL LIABILITY OF LICENSOR’S THIRD-PARTY DATA SUPPLIERS (AND THEIR RESPECTIVE SUBCONTRACTORS) ARISING OUT OF OR RESULTING FROM THE USE OF A DATA PRODUCT IS LIMITED IN ALL CASES AND IN THE AGGREGATE TO THE AMOUNT OF FEES PAID FOR THE DATA PRODUCT AT ISSUE DURING THE SIX (6) MONTHS THAT PRECEDED THE DATE OF THE EVENT THAT IS THE BASIS FOR THE FIRST SUCH CLAIM.”

10. Indemnification.

10.1. Licensee shall defend Payrix and its successors and assigns and each of the officers, employees, directors, agents and shareholders of the foregoing, in their individual capacities or otherwise (each, an “Payrix Indemnified Party”), from and against any and all Claims (as defined in this Section 10.1) asserted by a third party against an Payrix Indemnified Party, and shall indemnify and hold harmless the Payrix Indemnified Party from and against any damages, costs, and expenses incurred by the Payrix Indemnified Party in connection with the defense of such Claim, or that is awarded against the Payrix Indemnified Party by a final court judgment or that is paid or payable by the Payrix Indemnified Party in connection with an agreement settling such Claims in accordance with this Section 10 (including reasonable attorneys’ fees and legal costs). As used in this Section 10.1, the term “Claim” means any action, litigation, allegation or claim by a third party alleging, resulting from, or based on: (i) Licensee’s or any Sales Partner’s or customer’s use of Transaction Information or a Data Product, as applicable; (ii) Licensee’s or any Sales Partner’s or customer’s failure to comply with Laws; or (iii) Licensee’s or any Sales Partner’s or customer’s failure to comply with the requirements of the Addendum.

10.2. Payrix shall defend Company and its permitted successors and assigns, and each of the officers, employees, directors, agents and shareholders of the foregoing, in their individual capacities or otherwise (each, a “Licensee Indemnified Party”), from and against any and all Claims (as defined in this Section 10.2) asserted by a third party against a Licensee Indemnified Party, and shall indemnify and hold harmless the Licensee Indemnified Party from and against any damages, costs, and expenses incurred by the Licensee Indemnified Party in connection with the defense of such Claim, or that is awarded against the Licensee Indemnified Party by a final court judgment or that is paid or payable by the Licensee Indemnified Party in connection with an agreement settling such Claims in accordance with this Section 10 (including reasonable attorneys’ fees and legal costs). As used in this Section 10.2, the term “Claim” means any action, litigation, allegation or claim by a third party alleging or based on: (i) any breach by Payrix of its representations and warranties set forth in Section 8.2 of these Terms and Conditions, above; or (ii) any claim or allegation that the Transaction Information provided by Payrix hereunder infringes an Intellectual Property right; provided, however, that Payrix shall not be liable for any infringement or alleged infringement that results from: (a) use of the Transaction Information provided hereunder in a manner or for a purpose that is not compliant with the terms of the Addendum; (b) use of the Transaction Information provided hereunder in combination with computer programs, processes, hardware, software, data, systems, or services owned, licensed or provided by someone other than Payrix; (c) Licensee’s or any Partner’s or customer’s data, products, or services, including any Data Product; or (d) modification, change, amendment, customization, or adaptation of the Transaction Information not made wholly by Payrix. If a claim of infringement has been asserted, or in Payrix’s reasonable good faith opinion is about or likely to be asserted, Payrix may, at its option, and in addition to any indemnity obligation stated above: (1) procure for Company the right to continue using the Transaction Information provided hereunder; (2) replace or modify the Transaction Information provided hereunder so that it becomes noninfringing; or (3) terminate the Addendum upon written notice to Company.

10.3. The obligation to indemnify and defend under Sections 10.1 and 10.2 of these Terms and Conditions is contingent upon: (i) the indemnified party’s promptly notifying the indemnifying party in writing of any claim subject to such indemnity obligation (provided that, any failure to provide such prompt notice shall not relieve the indemnifying party’s indemnification obligation except to the extent the indemnifying party is materially prejudiced by such failure); (ii) the indemnifying party having sole control over the defense and settlement of the claim; (iii) the indemnified party reasonably cooperating during defense and settlement efforts; and (iv) the indemnified party not making any admission, concession, consent judgment, default judgment or settlement of the claim or any part thereof.

11. Confidential Information.

11.1. Each party shall treat any information received from the other that is designated as “confidential” at or prior to disclosure (“Confidential Information”) as strictly confidential. Payrix designates the Transaction Information, each Data Element, and all information relating to its systems and the nature of the services provided hereunder as its Confidential Information. Additionally, the terms of the Addendum and the existence and nature of the contemplated business arrangement(s) shall be designated as the Confidential Information of each party, subject to the permitted disclosures set forth herein.

11.2. Each party shall: (i) restrict disclosure of the other party’s Confidential Information to its employees and agents solely on a “need to know” basis in accordance with the Addendum; (ii) advise its employees and agents of their confidentiality obligations; (iii) require its agents to protect and restrict the use of the other party’s Confidential Information in substantially the same manner as set forth herein; (iv) use the same degree of care to protect the other party’s Confidential Information as it uses to safeguard its own Confidential Information of similar importance; (v) establish procedural, physical and electronic safeguards designed to prevent the compromise or unauthorized disclosure of Confidential Information; and (vi) notify the other party of any unauthorized possession or use of its Confidential Information as soon as possible following confirmation of that unauthorized use or possession. For clarification, nothing in this Section is intended to modify, limit or reduce Licensee’s obligations under Section 8 of these Terms and Conditions with respect to the Transaction Information.

11.3. Confidential Information shall remain the property of the party from or through whom it was provided. Except for the Transaction Information, neither party shall be obligated to preserve the confidentiality of any information that: (i) was known to be or in the party’s possession prior to the disclosure by the other party; (ii) is or later becomes generally known or part of the public domain; (iii) was or is independently developed by such party without reference to the other party’s Confidential Information; (iv) is released for disclosure with the other party’s written consent; or (v) is received from a third party to whom it was disclosed by the other party without restriction. Disclosure of Confidential Information shall be permitted if it is: (a) required by applicable law, rule or regulation; (b) in connection with the tax treatment or tax structure of the Addendum; or (c) in response to a valid order of a U.S. court or other governmental body, provided the owner receives written notice and is afforded a reasonable opportunity to obtain a protective order, except as otherwise provided in Section 13.2 of these Terms and Conditions, below. Upon termination or expiration of the Addendum, except as otherwise provided in Section 14.3.1.1 of these Terms and Conditions, each party shall destroy the other party’s Confidential Information in a manner designed to preserve its confidentiality, or, at the other party’s written request and expense, return it to the disclosing party. Licensee shall provide Payrix with a signed certification of its compliance with the foregoing requirement, which certification shall be reasonably preapproved by Payrix.

11.4. If Licensee determines the Addendum must be disclosed or made publicly available under applicable securities Law, Licensee may do so, provided Licensee omits all pricing, service level and information relating to the Transaction Information from any such disclosure or public filing, unless such omission is prohibited by Law.

12. Use and Ownership of Intellectual Property.

12.1. Any intellectual property rights that existed prior to the Addendum Effective Date shall belong solely to the party owning them at that time. Neither party shall be entitled to any intellectual property right of the other party.

12.2. As between Payrix and Licensee, the Transaction Information and Payrix’s Confidential Information are and shall remain the sole and exclusive property of Payrix.

12.3. As between Payrix and Licensee, the Data Products are and shall remain the sole and exclusive property of Licensee, subject to Payrix’s and/or its data suppliers’ ownership and intellectual property rights, as applicable, in and to the Transaction Information.

12.4. Neither Licensee nor any of its Sales Partners or customers shall use the trademarks, service marks, logos, names, or any other of Payrix’s and/or its Affiliates’ proprietary designations, whether registered or unregistered, without Payrix’s prior written consent. This includes the use of Payrix’s and its Affiliates’ names, logos or marks in any Data Product, marketing campaign or collateral, press release, announcement, website or other forum or materials. Neither Licensee nor any of its Sales Partners shall identify Payrix, whether directly, indirectly or impliedly, as a business partner, licensor, or other source of its data.

13. Audit.

13.1. As Payrix deems it reasonable from time to time, but only during the Term of the Addendum and for a period of one (1) year thereafter, or for as long as Licensee is storing or retaining Transaction Information, Payrix shall be entitled to request specific information and documentation relating to Licensee’s compliance with the terms of the Addendum. Licensee shall use commercially reasonable efforts to provide to Payrix any information reasonably requested by Payrix pursuant to this Section within fifteen (15) days of Payrix’s request. Any information disclosed by Licensee to Payrix pursuant to this Section shall be considered Licensee’s Confidential Information. In addition, Payrix shall be entitled to conduct on-site audits at Licensee’s premises relating to Licensee’s compliance with Sections 2.5, 4, 6, 8 or Attachment 1 of these Terms and Conditions. On-site audits shall be conducted no more than once annually, unless a material breach of Sections 2.5, 4, 6, 8 or Attachment 1 of these Terms and Conditions has been confirmed or a Regulator or an Payrix data supplier has requested an audit.

13.2. Payrix is subject to continuing oversight and supervisory authority by various regulatory agencies (each, a “Regulator”). Licensee acknowledges and agrees that when requested by a Regulator, the Addendum and any information related to the Addendum may be disclosed by Payrix to a Regulator, or by Payrix to an Payrix data supplier, without prior notice to Licensee and without disclosure to Licensee of the Regulator’s request.

14. Term and Termination

14.1. Term. The Addendum is effective as of the Addendum Effective Date and shall remain in effect for the Term of the Agreement unless otherwise terminated as set forth in this Section 14. Upon the expiration or termination of the Addendum, Payrix shall not be obligated to deliver Transaction Information.

14.2 Termination; Suspension.

14.2.1 Either party may terminate the Addendum on thirty (30) days advance written notice if the other party: (i) fails to cure a material breach within thirty (30) days of receiving written notice to do so; (ii) is the subject of a dissolution, reorganization, insolvency or bankruptcy action that is not dismissed within forty-five (45) days of being filed; (iii) suffers the appointment of a receiver, conservator or trustee; or (iv) commits any act related to the Addendum with the intent to defraud the other party. In addition, either party terminate immediately terminate the Addendum if the other party discontinues performance under the Addendum because of a binding order of a court or regulatory body.

14.2.2 In the event that Payrix has a reasonable and good faith belief that Licensee or any Sales Partner or customer has failed to comply with (i) applicable law, rule or regulation or (ii) any of the requirements set forth in Sections 2.5, 4, 6, 8 or Attachment 1 of these Terms and Conditions, and in addition to any termination rights that Payrix has hereunder, then Payrix shall be entitled to immediately suspend Licensee’s right to access and use the Transaction Information for any purpose, as set forth below. Within one (1) business day of effecting this suspension, Payrix will provide Company with an explanation of the reason(s) giving rise to the suspension. In order for the suspension to remain in effect, Payrix shall be required to audit Company within seven (7) business days of Payrix’s provision of its explanation to Company to determine whether a failure of the type described in subsections (i) or (ii) above actually occurred. In the event Payrix determines that there was no failure of the type described in subsections (i) or (ii), Payrix will immediately restore Licensee’s right to access and use the Transaction Information. In the event Payrix determines that a failure of the type described in subsections (i) or (ii) above did occur, the suspension shall remain in effect until such time as the suspected non-compliance has been remediated to Payrix’s reasonable satisfaction. In the event Payrix determines that the failure giving rise to the suspension is solely and directly attributable to a particular Sales Partner or customer, with no contribution from Licensee, Payrix shall restore Licensee’s right to access and use the Transaction Information and will only cause Licensee to suspend such Sales Partner’s or customer’s right to sell, access and/or use Data Products, as applicable, for any purpose until such time as the failure has been remediated to Payrix’s reasonable satisfaction.

14.3 Post Termination/Expiration Obligations and Responsibilities. Termination or expiration of the Addendum shall not relieve either party from any obligation that accrued through the date of termination or expiration or from any terms and conditions in the Addendum (as the same may be modified from time to time) that expressly continue beyond termination or expiration. Subject to the foregoing, and further subject to the license rights and use restrictions set forth in the Addendum, upon the termination or expiration of the Addendum, Licensee shall have the continuing perpetual right to use the Transaction Information that it received up to the date the Addendum terminates or expires. Notwithstanding the foregoing, and except as otherwise provided in the immediately following sentence, in the event that the Addendum is terminated by either (i) Payrix, for a reason that is specifically allowed herein or (ii) Company, for a reason that is not specifically allowed herein (e.g., for convenience), all of Licensee’s rights in and to the Transaction Information shall immediately terminate and be revoked and Licensee shall promptly destroy the Transaction Information (including all copies, in whatever medium) in a manner designed to preserve its confidentiality, or at Payrix’s written request, return such Transaction Information to Payrix, including all copies. For the sake of clarity, in the event that Company terminates the Addendum pursuant to Section 3.3.3.2 of these Terms and Conditions, Licensee shall have the continuing perpetual right to use the Transaction Information that it received up to the date the Addendum terminates, subject to the license rights and use restrictions applicable to the Transaction Information as set forth herein. Licensee shall provide Payrix with a signed certification of its compliance with the requirements of this Section, which certification shall be reasonably pre-approved by Payrix. The immediately preceding return or destruction requirement shall not apply to any Data Element that has been combined and aggregated with a data set or a Data Product to such a degree that the Data Element itself, its nature, or its representative characteristics can no longer be identified, obtained, or ascertained, whether through reverse engineering, data analytics or other data science practices.

15. Assignment. Licensee shall not assign, subrogate or transfer any interest, obligation or right arising out of the Addendum without prior written consent from Payrix, which consent shall not be unreasonably withheld. Absent Payrix’s consent, any attempted assignment, subrogation or transfer shall be void from its inception. Subject to the foregoing, the terms of the Addendum shall be binding upon and inure to the benefit of permitted successors and assigns. Company shall be entitled to assign the Addendum to any of its Affiliates upon the provision of written notice to Payrix.

16. Public Relations. Neither party, nor any Sales Partner, will directly or indirectly make any public statement or public disclosure (including, without limitation, through any press releases, advertising, customer list, web page, blog or other promotional or marketing material of any kind) regarding the existence or content of, or relating to any matter or subject arising from, the Addendum, or use the other party’s name in public, whether explicitly or implicitly, without the written approval of such other party.

17. Changes. Except as otherwise provided herein, changes to the Addendum may only be made in a writing signed by both parties.

18. No Export; Unlawful Activity.

The Transaction Information and Payrix’s Confidential Information are subject to export controls under applicable laws. Except as otherwise specifically set forth herein, Licensee shall not export (or allow to be exported) any Transaction Information, Payrix Confidential Information, or Data Product.

Neither Licensee nor any of its directors, officers, agents, employees or other persons associated with or acting on its behalf: (i) have received or will receive any unlawful contribution, gift, entertainment or other payment from Payrix; (ii) is a governmental entity; or (iii) is in violation of, or will violate any applicable anti-corruption or anti-bribery laws, rules or regulations. Payrix shall have the right to immediately terminate the Addendum or any other relationship with Licensee if this Section is breached.

19. Severability. If any provision of the Addendum is unenforceable in any respect under any Laws, such enforceability shall not affect any other provision of the Addendum, and the Addendum shall be construed as if such unenforceable provision had not been included to the extent necessary to bring it within the requirements of such Laws. The Addendum shall not be construed more strongly against either party, regardless of who is more responsible for its preparation. The headings that appear in the Addendum are inserted for convenience only and do not limit or extend its scope.

20. Independent Status. Payrix is an independent contractor. Neither Payrix nor any of its representatives are an employee, partner or joint venturer of Licensee. Payrix has the sole obligation to supervise, manage and direct the performance of its obligations under the Addendum. Payrix reserves the right to determine who will be assigned to perform its obligations, and to make replacements or reassignments as it deems appropriate. Each party shall be solely responsible for payment of compensation to its respective personnel, and assumes full responsibility for payment of all federal, state, local and foreign taxes or contributions imposed or required under unemployment insurance, social security and income tax laws with respect to such personnel. Neither party shall be an agent of the other, nor have any authority to represent the other in any matter.

21. Governing Law and Disputes. The Addendum shall be governed by the laws of the State of Florida, without regard to internal principles relating to conflict of laws. Any dispute, difference, controversy or claim arising out of or relating to the Addendum shall be settled by binding arbitration before a single arbitrator in Jacksonville, Florida in accordance with the

Commercial Arbitration Rules (including Procedures for Large, Complex Commercial Disputes) of the American Arbitration Association. Judgment on any resulting award may be entered into by any court having jurisdiction over the parties or their respective property. The arbitrator shall decide any issues submitted in accordance with the provisions and commercial purposes of the Addendum, and shall not have the power to award damages other than those described in the Addendum.

22. Survival; Waiver. Termination of the Addendum shall not impact any right or obligation arising prior to termination, and in any event Sections 2, 3.3, and 4-24 of these Terms and Conditions shall survive termination of the Addendum (except as otherwise set forth herein). No waiver of any provisions of the Addendum and no consent to any default under the Addendum shall be effective unless in writing and signed by the party against whom such waiver or consent is claimed. No course of dealing or failure to strictly enforce any provision of the Addendum shall be construed as a waiver of such provision or impair the right of either party to enforce such provision at a later time. Waiver by a party of any default by the other party shall not be deemed a waiver of any other default. Sections 8.2 and 10.2 of these Terms and Conditions shall survive termination of the Addendum for a period of two (2) years.

Transaction Information License Addendum – Attachments

Attachment 1 – List of Excluded Business Types

Neither Licensee nor any Sales Partner shall provide a Data Product to any of the following:

1. Any company or individual listed as a Specially Designated national or blocked person on the Office of Foreign Asset Control (OFAC) website http://www.treas.gov/offices/enforcement/ofac/sdn/index.html).

2. Any company or individual that has been involved in fraud, or other unethical business practices.

3. Any company operating out of a residence (e.g., home-based business).

4. Any Marijuana dispensary.

5. Any company or individual that is located outside of the United States or Canada or that will use the Data Product outside of the United States or Canada.

6. Any agency of a foreign government.

7. Any weapons dealer, seller or distributor.

8. Any investment firm, company or fund.

In the event that Licensee or a Sales Partner provides a Data Product to any entity or individual included in this Attachment 1, Licensee shall promptly retrieve, take back or cause such entity or individual to destroy such Data Product and provide written certification of the same to Payrix, which certification documentation shall be reasonably pre-approved by Payrix.