Acceptance of Terms

BY INDICATING YOUR ACCEPTANCE OF THIS AGREEMENT OR ACCESSING OR USING ANY RAGNEROCK OFFERINGS, YOU ARE ACCEPTING ALL OF THE TERMS AND CONDITIONS OF THIS AGREEMENT, INCLUDING THE BINDING ARBITRATION TERMS SET FORTH IN SECTION 13.3. IF YOU DO NOT AGREE TO THESE TERMS AND CONDITIONS, YOU MAY NOT USE ANY RAGNEROCK OFFERINGS. YOU AGREE THAT THIS AGREEMENT IS ENFORCEABLE LIKE ANY WRITTEN AGREEMENT SIGNED BY YOU.

IF YOU ARE USING ANY RAGNEROCK OFFERINGS AS AN EMPLOYEE, CONTRACTOR, OR AGENT OF A CORPORATION, PARTNERSHIP OR SIMILAR ENTITY, THEN YOU MUST BE AUTHORIZED TO SIGN FOR AND BIND SUCH ENTITY IN ORDER TO ACCEPT THE TERMS OF THIS AGREEMENT, AND YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO DO SO. THE RIGHTS GRANTED UNDER THIS AGREEMENT ARE EXPRESSLY CONDITIONED UPON ACCEPTANCE BY SUCH AUTHORIZED PERSONNEL.

Agreement

These Ragnerock Terms of Service (“Agreement”) are entered into by and between Ragnerock, Inc., a Delaware corporation (“Ragnerock”), and the entity or person placing an order for, or accessing, any Ragnerock Offerings (“Customer” or “you”). This Agreement consists of the terms and conditions set forth below, any ancillary documents (e.g., attachments, addenda, exhibits) expressly referenced as part of the Agreement, and any Order Forms that reference this Agreement.

The “Effective Date” of this Agreement is the date which is the earlier of (a) Customer’s initial access to any Ragnerock Offering through any online provisioning, registration or order process or (b) the effective date of the first Order Form referencing this Agreement.

Modifications to this Agreement: From time to time, Ragnerock may modify this Agreement. Unless otherwise specified by Ragnerock, changes become effective for Customer upon renewal of the then-current Subscription Term or upon the effective date of a new Order Form after the updated version of this Agreement goes into effect. Ragnerock will use reasonable efforts to notify Customer of the changes through communications via Customer’s Account, email or other means. Customer may be required to click to accept or otherwise agree to the modified Agreement before renewing a Subscription Term or upon the effective date of a new Order Form, and in any event continued use of any Ragnerock Offering after the updated version of this Agreement goes into effect will constitute Customer’s acceptance of such updated version.

Open-Source Software: Ragnerock may make available certain open-source software development kits (SDKs) or libraries for use in connection with the Service. Such open-source software is licensed under its own applicable open-source license terms (e.g., the MIT License) and is not governed by this Agreement. In the event of any conflict between the terms of an applicable open-source license and this Agreement with respect to such open-source software, the open-source license terms shall control solely with respect to that software.

1. Use of Service

1.1. Service Provision and Access

Ragnerock will make the Service available to Customer for the Subscription Term solely for use by Customer and its Users in accordance with the terms and conditions of this Agreement, the Documentation, and the applicable Order Form. Customer may permit its Contractors and Affiliates to serve as Users provided that any use of the Service by each such Contractor or Affiliate is solely for the benefit of Customer or such Affiliate. Customer shall be responsible for each User’s compliance with this Agreement, and acts or omissions by any User shall be deemed acts by Customer. Customer’s account administrator(s) may add, remove, and manage Users within Customer’s Account in accordance with the Documentation.

1.2. Affiliates

Customer Affiliates may purchase Ragnerock Offerings from Ragnerock by executing an Order Form which is governed by the terms of this Agreement. This will establish a new and separate agreement between the Customer Affiliate and Ragnerock. If the Customer Affiliate resides in a different country than Customer, then the Order Form may include modifications to terms applicable to the transaction(s) (including, but not limited to, tax terms and governing law).

1.3. Compliance with Applicable Laws

Ragnerock will provide the Ragnerock Offerings in accordance with its obligations under laws and government regulations applicable to Ragnerock’s provision of such Ragnerock Offerings to its customers generally, including, without limitation, those related to data privacy and data transfer, international communications, and the exportation of Ragnerock Offerings, without regard to Customer’s particular use of the Ragnerock Offerings and subject to Customer’s use of the Ragnerock Offerings in accordance with this Agreement.

1.4. General Restrictions

Customer will not (and will not permit any third party to):

(a) sell, rent, lease, license, distribute, provide access to, sublicense, or otherwise make available the Service to a third party (except as set forth in the Documentation for Service features expressly intended to enable Customer to provide its third parties with access to Customer Data) or in a service bureau or outsourcing offering;

(b) use the Service to provide, or incorporate the Service into, any substantially similar cloud-based data analysis, document intelligence, or AI-powered workflow platform offered as a competing service for the benefit of a third party; provided, however, that Customer may build and offer its own products and services that incorporate functionality powered by the Service;

(c) reverse engineer, decompile, disassemble, or otherwise seek to obtain the source code or non-public APIs to the Service, except to the extent expressly permitted by applicable law (and then only upon advance written notice to Ragnerock);

(d) remove or obscure any proprietary or other notices contained in the Service;

(e) use any Ragnerock Offerings in violation of the Acceptable Use Policy set forth in Section 15 of this Agreement; or

(f) use the Service, or any output thereof, in a manner that violates any applicable law, regulation, or third-party rights.

1.5. Customer-Provided Services

The Service may permit Customer to provide credentials or connection information for third-party services for use in connection with the Service, including third-party AI providers, databases, and object storage services (collectively, “Customer-Provided Services” or “BYO Services”). When Customer elects to use Customer-Provided Services:

(a) Customer is solely responsible for its relationship with the providers of such Customer-Provided Services, including compliance with the terms of service, acceptable use policies, and data processing agreements of such providers;

(b) Customer is solely responsible for the security of any credentials, API keys, connection strings, or other authentication information provided to Ragnerock in connection with Customer-Provided Services;

(c) Ragnerock will act as a pass-through with respect to Customer-Provided Services and disclaims all liability for any data processed, stored, transmitted, or lost through Customer-Provided Services, including any acts or omissions of the providers thereof; and

(d) any Customer Data processed or stored through Customer-Provided Services will additionally be governed by the terms and conditions of the applicable Customer-Provided Service provider.

2. Customer Data

2.1. Rights in Customer Data

As between the parties, Customer or its licensors retain all right, title and interest (including any and all intellectual property rights) in and to the Customer Data and any modifications made thereto in the course of operation of the Service. Subject to the terms of this Agreement, Customer hereby grants to Ragnerock a non-exclusive, worldwide, royalty-free right to process the Customer Data solely to the extent necessary to provide the Ragnerock Offerings to Customer, to prevent or address service or technical problems therein, or as may be required by law. Ragnerock will not use Customer Data for any other purpose, including training or improving AI models, unless Customer has entered into a separate written agreement with Ragnerock expressly authorizing such use.

2.2. Use Obligations

(a) In General

Customer’s use of the Ragnerock Offerings and all Customer Data will comply with applicable laws, government regulations, and any other legal requirements, including but not limited to, any data localization or data sovereignty laws, regulations, and any other third-party legal requirements applicable to Customer. Customer is solely responsible for the accuracy, content and legality of all Customer Data. Customer warrants that Customer has and will have sufficient rights in the Customer Data to grant the rights to Ragnerock under this Agreement and that the processing of Customer Data by Ragnerock in accordance with this Agreement will not violate any laws or the rights of any third party. Without limiting the foregoing, Customer warrants that it has obtained all necessary consents, authorizations, and legal rights required to upload and process Customer Data through the Service, including any employee communications, personally identifiable information, or data subject to workplace monitoring or financial regulatory requirements.

(b) HIPAA Data

Customer agrees not to process any HIPAA Data in the Service unless Customer has entered into a BAA with Ragnerock. Unless a BAA is in place, Ragnerock will have no liability under this Agreement for HIPAA Data, notwithstanding anything to the contrary in this Agreement or in HIPAA or any similar federal or state laws, rules or regulations. If Customer is permitted to process HIPAA Data in the Service, then Customer may process HIPAA Data in the Service only by providing it as Customer Data. Upon mutual execution of the BAA, the BAA is incorporated by reference into this Agreement and is subject to its terms.

(c) Regulatory Data

Customer agrees not to process any data subject to specific regulatory recordkeeping, supervision, or surveillance requirements under applicable laws and regulations, including but not limited to SEC Rule 17a-4, FINRA Rules 3110 and 3120, SEC Rule 204-2, or comparable regulatory requirements (“Regulatory Data”), unless Customer has entered into a Regulatory Compliance Addendum with Ragnerock. Unless a Regulatory Compliance Addendum is in place, Ragnerock will have no liability under this Agreement for Regulatory Data, notwithstanding anything to the contrary in this Agreement. Upon mutual execution of the Regulatory Compliance Addendum, such addendum is incorporated by reference into this Agreement and is subject to its terms. For the avoidance of doubt, even where a Regulatory Compliance Addendum is in place, Customer remains solely responsible for its own compliance with all applicable regulatory obligations.

2.3. Data Privacy

The parties shall comply with the DPA. The DPA is incorporated by reference into this Agreement.

2.4. Data Residency

Customer Data is processed and stored in the United States. Ragnerock will provide Customer with reasonable advance notice of any change to the geographic location in which Customer Data is processed or stored.

3. Security

The parties shall comply with the Security Addendum. Ragnerock will maintain commercially reasonable administrative, physical, and technical safeguards to protect the security, confidentiality, and integrity of Customer Data. In the event of a Security Incident (as defined in the DPA) involving Customer Data, Ragnerock will notify Customer without undue delay and in no event later than seventy-two (72) hours after becoming aware of the Security Incident. Ragnerock’s notification will include, to the extent known, the nature of the Security Incident, the categories and approximate number of data records affected, and the measures taken or proposed to be taken to address the Security Incident.

4. Intellectual Property

4.1. Ragnerock Technology

Customer agrees that Ragnerock or its suppliers retain all right, title and interest (including all patent, copyright, trademark, trade secret and other intellectual property rights) in and to the Ragnerock Technology. Except for the express limited rights set forth in this Agreement, no right, title or interest in any Ragnerock Technology is granted to Customer. Customer acknowledges that the Service is offered as an online, hosted solution, and that Customer has no right to obtain a copy of the underlying computer code for the Service. Ragnerock may freely use and incorporate any suggestions, comments or other feedback about the Ragnerock Offerings voluntarily provided by Customer or Users into the Ragnerock Technology without any obligation to Customer.

4.2. Usage Data

Notwithstanding anything to the contrary in this Agreement, Ragnerock may collect and use Usage Data to develop, improve, support, and operate its products and services. Usage Data will not include the content of Customer Data; it will include only metadata about how the Service is used (e.g., query frequency, feature utilization, performance metrics). Ragnerock may not share any Usage Data that includes Customer’s Confidential Information with a third party except (a) in accordance with Section 5 (Confidentiality) of this Agreement, or (b) to the extent the Usage Data is aggregated and anonymized such that Customer and Customer’s Users cannot be identified.

4.3. Customer Reference

Ragnerock may use and display Customer’s name, logo, trademarks, and service marks on Ragnerock’s website and in Ragnerock’s marketing materials in connection with identifying Customer as a customer of Ragnerock. Upon Customer’s written request, Ragnerock will promptly remove any such marks from Ragnerock’s website and, to the extent commercially feasible, Ragnerock’s marketing materials.

5. Confidentiality

5.1. Protection of Confidential Information

Each party (as “Receiving Party”) will use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but not less than reasonable care) to: (a) not use any Confidential Information of the other party (the “Disclosing Party”) for any purpose outside the scope of this Agreement; and (b) except as otherwise authorized by the Disclosing Party in writing, limit access to Confidential Information of the Disclosing Party to those of its and its Affiliates’ employees and contractors who need that access for purposes consistent with this Agreement and who are bound by obligations of confidentiality to the Receiving Party containing protections not materially less protective of the Confidential Information than those herein.

5.2. Compelled Disclosure

If Receiving Party is required by law, regulation, court order, or governmental or regulatory authority (including, without limitation, any examination or inquiry by the SEC, FINRA, or other financial regulatory body) to disclose Confidential Information, then Receiving Party shall, to the extent legally permitted, provide Disclosing Party with advance written notice and cooperate in any effort to obtain confidential treatment of the Confidential Information. The parties acknowledge that in certain regulatory examination scenarios, the Receiving Party may not be legally permitted to provide advance notice, and such inability shall not constitute a breach of this Agreement.

5.3. Equitable Relief

The Receiving Party acknowledges that disclosure of Confidential Information would cause substantial harm for which damages alone would not be a sufficient remedy, and therefore that upon any such disclosure by the Receiving Party, the Disclosing Party will be entitled to seek appropriate equitable relief in addition to whatever other remedies it might have at law.

5.4. Survival

The obligations of confidentiality set forth in this Section 5 shall survive any expiration or termination of this Agreement for so long as the Confidential Information remains confidential.

6. Fees and Payment; Taxes; Payment Disputes

6.1. Credits and Fees

Customer purchases Credits to use the Service. Credits are consumed through various forms of platform usage as described in the Documentation. All Fees and payment terms are as set forth in the applicable Order Form or, for self-service purchases, as set forth in the Service at the time of purchase. Except as expressly set forth in this Agreement and to the extent permitted by law, all payment obligations are non-cancelable, all Fees paid are non-refundable, and unused Credits are not subject to refund. Ragnerock may, in its sole discretion, issue refunds or credits on a case-by-case basis.

6.2. Credit Expiration

Unless otherwise specified in an applicable Order Form, Credits expire twelve (12) months from the date of purchase. Expired Credits are forfeited and are not subject to refund or credit.

6.3. Auto-Reload

Customer may configure the Service to automatically purchase additional Credits when Customer’s Credit balance falls below a threshold specified by Customer. Customer may configure the threshold amount, the reload amount, and a maximum monthly purchase limit. Auto-reload purchases are triggered only when Customer initiates an action that incurs usage. Customer is solely responsible for configuring auto-reload settings, and all charges incurred through auto-reload are subject to the same terms as any other Credit purchase under this Agreement.

6.4. Payment Terms

For self-service purchases, payment is due at the time of purchase via credit card or other payment method accepted by Ragnerock. For purchases made pursuant to an Order Form, payment terms are as set forth in the applicable Order Form. If Customer issues a purchase order, such purchase order is for Customer’s internal purposes only, and Ragnerock rejects any purchase order terms that add to or conflict with this Agreement or the applicable Order Form.

6.5. Taxes

Fees do not include Taxes. Customer is responsible for paying all Taxes associated with its purchases hereunder, including without limitation all use or access of the Ragnerock Offerings by its Users. If Ragnerock has the legal obligation to pay or collect Taxes for which Customer is responsible under this section, Ragnerock will invoice Customer and Customer will pay that amount unless Customer provides Ragnerock with a valid tax exemption certificate authorized by the appropriate taxing authority. Taxes will not be deducted from payments to Ragnerock, except as required by applicable law, in which case Customer will increase the amount payable as necessary so that, after making all required deductions and withholdings, Ragnerock receives and retains (free from any liability for Taxes) an amount equal to the amount it would have received had no such deductions or withholdings been made.

6.6. Payment Disputes

Ragnerock will not exercise its rights under Section 7.2 (Termination for Cause) or Section 7.5 (Suspension of Service) with respect to non-payment by Customer in the event of a Payment Dispute. If the parties are unable to resolve such Payment Dispute within thirty (30) days, each party shall have the right to seek any remedies it may have under this Agreement, at law or in equity. For clarity, any undisputed amounts must be paid in full.

7. Term and Termination

7.1. Term

This Agreement is effective as of the Effective Date and will remain in effect until terminated in accordance with its terms. For self-service Customers, the Subscription Term is month-to-month and renews automatically unless terminated by either party. For Customers under an Order Form, the Subscription Term is as specified in the applicable Order Form. If there is no Order Form currently in effect, either party may terminate this Agreement upon written notice to the other party.

7.2. Termination for Cause

Either party may terminate this Agreement (including all related Order Forms) if the other party: (a) fails to cure any material breach of this Agreement (including a failure to pay Fees) within thirty (30) days after written notice (without limiting Section 6.6 (Payment Disputes)); (b) ceases operation without a successor; or (c) seeks protection under any bankruptcy, receivership, trust deed, creditors’ arrangement, composition, or comparable proceeding, or if any such proceeding is instituted against that party and is not dismissed within sixty (60) days (to the extent such termination is not prohibited by law). Except where an exclusive remedy is specified, the exercise by either party of any remedy under this Agreement, including termination, will be without prejudice to any other remedies it may have under this Agreement, by law or otherwise.

7.3. Termination for Convenience

Self-service Customers may terminate this Agreement at any time by providing written notice to Ragnerock or by canceling their Account through the Service. For Order Form Customers, termination for convenience is governed by the terms of the applicable Order Form.

7.4. Effect of Termination; Credit Refunds

For any termination of this Agreement by Customer for cause in accordance with Section 7.2(a), Customer shall be entitled to a refund of the value of any unused, unexpired Credits. If Ragnerock terminates this Agreement for cause due to Customer’s breach, all unused Credits are forfeited and no refund shall be due.

7.5. Customer Data Retrieval

Upon written notice to Ragnerock, Customer will have up to thirty (30) calendar days from termination or expiration of this Agreement to access the Service solely to the extent necessary to retrieve Customer Data (“Retrieval Right”). If Customer exercises its Retrieval Right, this Agreement and the applicable Order Form shall continue in full force and effect for the duration of the Retrieval Right. Ragnerock shall have no further obligation to make Customer Data available after the later of (a) the effective date of termination of this Agreement, or (b) the Retrieval Right period, if applicable, and thereafter Ragnerock shall promptly delete the Customer Data, including from backups within a commercially reasonable timeframe. After the Retrieval Right period, Customer will have no further access to Customer Data and shall cease use of and access to the Ragnerock Offerings (including any related Ragnerock Technology) and delete all copies of Documentation, any associated passwords or access codes, and any other Ragnerock Confidential Information in its possession.

7.6. Suspension of Service

In addition to any of its other rights or remedies set forth in this Agreement, Ragnerock reserves the right to suspend provision of the Ragnerock Offerings: (a) if any Fees are thirty (30) days or more overdue (and are not otherwise subject to Section 6.6 (Payment Disputes)); (b) if Ragnerock deems such suspension necessary as a result of Customer’s breach of Sections 1.4 (General Restrictions), 1.5 (Customer-Provided Services), or 2.2 (Use Obligations); (c) if Ragnerock reasonably determines suspension is necessary to avoid material harm to Ragnerock or its customers, including if the Service is experiencing denial of service attacks or other disruptions outside of Ragnerock’s control; or (d) as required by law or at the request of governmental entities.

7.7. Survival

The following sections will survive any expiration or termination of this Agreement: 1.4 (General Restrictions), 4 (Intellectual Property), 5 (Confidentiality), 6.1 (Credits and Fees), 6.2 (Credit Expiration), 6.5 (Taxes), 7 (Term and Termination), 8.3 (Warranty Disclaimer), 10 (AI-Specific Terms, to the extent applicable), 11 (Indemnification), 12 (Limitation of Remedies and Damages), 13 (General Terms), and 14 (Definitions).

8. Warranty

8.1. Service Warranty

Ragnerock warrants that the Service will operate in substantial conformity with the applicable Documentation. If Ragnerock is not able to correct any reported non-conformity with this warranty, either party may terminate the applicable Order Form, and Customer, as its sole remedy, will be entitled to receive a refund of the value of any unused, unexpired Credits. This warranty will not apply if the error or non-conformance was caused by: (i) Customer’s misuse of the Service; (ii) modifications to the Service by Customer or any third party; (iii) Customer-Provided Services or other external services or applications; or (iv) any services or hardware of Customer or any of its third parties used by Customer in connection with the Service.

8.2. Mutual Warranty

Each party warrants that it has validly entered into this Agreement and has the legal power to do so.

8.3. Warranty Disclaimer

TO THE EXTENT PERMITTED BY LAW AND EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, EACH RAGNEROCK OFFERING IS PROVIDED “AS IS,” AND RAGNEROCK MAKES NO OTHER WARRANTIES, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. RAGNEROCK DOES NOT WARRANT THAT THE USE OF ANY RAGNEROCK OFFERING WILL BE UNINTERRUPTED OR ERROR-FREE, NOR DOES RAGNEROCK WARRANT THAT IT WILL REVIEW THE CUSTOMER DATA FOR ACCURACY. WITHOUT LIMITING THE FOREGOING, RAGNEROCK EXPRESSLY DISCLAIMS ANY WARRANTY REGARDING THE ACCURACY, COMPLETENESS, RELIABILITY, OR FITNESS FOR ANY PURPOSE OF ANY AI-GENERATED OUTPUTS PRODUCED BY OR THROUGH THE SERVICE, AS FURTHER SET FORTH IN SECTION 10 (AI-SPECIFIC TERMS).

9. Support and Availability

During a Subscription Term, Ragnerock will provide Customer the level of support for the Service set forth in the applicable Order Form or Customer’s selected support tier, in accordance with the Support Policy. Ragnerock will use commercially reasonable efforts to meet the availability commitments set forth in the Service Level Agreement (SLA). The Support Policy and SLA are available at https://ragnerock.com/legal/support-policy and https://ragnerock.com/legal/sla, respectively, and are incorporated by reference into this Agreement.

10. AI-Specific Terms

10.1. AI Processing

Customer acknowledges that the Service utilizes artificial intelligence and machine learning technologies, including third-party AI services, as a core component of the Service. Ragnerock uses AI Sub-processors to provide certain features and functionality of the Service.

10.2. AI Sub-processor Management

Ragnerock maintains a list of AI Sub-processors at https://www.ragnerock.com/legal/sub-processors (the “Sub-processor List”). Ragnerock will provide Customer with at least thirty (30) days’ advance written notice before adding or replacing an AI Sub-processor. If Customer reasonably objects to a new or replacement AI Sub-processor, the parties will work in good faith to resolve Customer’s concerns. If the parties are unable to resolve Customer’s objection within thirty (30) days of Customer’s notice of objection, Customer may terminate this Agreement (or the affected Order Form) upon written notice, and Ragnerock will refund to Customer the value of any unused, unexpired Credits.

10.3. No Training on Customer Data

Ragnerock and its AI Sub-processors will not use Customer Data to train, improve, or fine-tune any AI or machine learning models, unless Customer has entered into a separate written agreement with Ragnerock expressly authorizing such use. This prohibition extends to all AI Sub-processors engaged by Ragnerock in connection with the Service. Ragnerock will ensure that its agreements with AI Sub-processors contain terms prohibiting the use of Customer Data for training purposes.

10.4. Customer-Provided AI Services

Customer may provide credentials for its own third-party AI providers for use in connection with the Service. When Customer elects to use a Customer-Provided AI service: (a) Ragnerock will route applicable processing requests through Customer’s designated AI provider in lieu of Ragnerock’s default AI Sub-processor; (b) Customer is solely responsible for ensuring that the Customer-Provided AI service meets Customer’s requirements regarding data handling, retention, privacy, and security; (c) Ragnerock disclaims all liability arising from or relating to the acts or omissions of any Customer-Provided AI service, including any training, retention, or other use of Customer Data by such service; and (d) the terms and conditions of the Customer-Provided AI service provider shall govern the processing of Customer Data through such service.

10.5. AI Output Disclaimer

The Service provides AI processing capabilities, and Customer is solely responsible for the design, configuration, and validation of AI workflows created through the Service. Ragnerock does not guarantee the accuracy, completeness, timeliness, reliability, or fitness for any particular purpose of any AI Outputs. Customer acknowledges that AI Outputs may contain errors, omissions, or inaccuracies and that Customer is solely responsible for reviewing, validating, and verifying all AI Outputs before relying on or acting upon them. Customer assumes all responsibility for decisions made based on AI Outputs, including any regulatory, legal, financial, or operational consequences thereof.

10.6. Ownership of AI Outputs

As between the parties, AI Outputs derived from Customer Data belong to the Customer, subject to Customer’s underlying rights in the input data and any applicable third-party rights. Ragnerock retains no ownership interest in AI Outputs derived from Customer Data. For the avoidance of doubt, this Section does not grant Customer any rights in the underlying Ragnerock Technology used to produce the AI Outputs.

11. Indemnification

11.1. Indemnification by Ragnerock

Ragnerock will defend Customer against any claim by a third party alleging that the Service, when used in accordance with this Agreement, infringes any intellectual property right of such third party and will indemnify and hold harmless Customer from and against any damages and costs awarded against Customer or agreed in settlement by Ragnerock (including reasonable attorneys’ fees) resulting from such claim. If Customer’s use of the Service results (or in Ragnerock’s opinion is likely to result) in an infringement claim, Ragnerock may either: (a) substitute functionally similar products or services; (b) procure for Customer the right to continue using the Service; or if (a) and (b) are not commercially reasonable, (c) terminate this Agreement and refund to Customer the value of any unused, unexpired Credits. The foregoing indemnification obligation of Ragnerock will not apply to the extent the applicable claim is attributable to: (1) the modification of the Service by any party other than Ragnerock or based on Customer’s specifications or requirements; (2) the combination of the Service with products or processes not provided by Ragnerock; (3) any use of the Service in non-conformity with this Agreement; (4) any action arising as a result of Customer Data; or (5) Customer-Provided Services. This section sets forth Customer’s sole remedy with respect to any claim of intellectual property infringement.

11.2. Indemnification by Customer

Customer will defend Ragnerock against any claim by a third party arising from or relating to: (a) any Customer Data; (b) any Customer-offered product or service used in connection with the Service; (c) Customer-Provided Services; or (d) Customer’s failure to comply with applicable laws, regulations, or regulatory obligations, including but not limited to SEC, FINRA, or other financial regulatory requirements. Customer will indemnify and hold harmless Ragnerock from and against any damages and costs awarded against Ragnerock or agreed in settlement by Customer (including reasonable attorneys’ fees) resulting from such claim.

11.3. Indemnification Procedures

In the event of a potential indemnity obligation under Section 11, the indemnified party will: (a) promptly notify the indemnifying party in writing of the claim, (b) allow the indemnifying party the right to control the investigation, defense and settlement (if applicable) of such claim at the indemnifying party’s sole cost and expense, and (c) upon request of the indemnifying party, provide all necessary cooperation at the indemnifying party’s expense. Failure by the indemnified party to notify the indemnifying party of a claim under Section 11 shall not relieve the indemnifying party of its obligations under Section 11. However, the indemnifying party shall not be liable for any litigation expenses the indemnified party incurred before such notice was given, or for any damages and/or costs resulting from any material prejudice caused by the delay or failure to provide notice. The indemnifying party may not settle any claim that would bind the indemnified party to any obligation (other than payment covered by the indemnifying party or ceasing to use infringing materials) or require any admission of fault by the indemnified party, without the indemnified party’s prior written consent, such consent not to be unreasonably withheld, conditioned or delayed.

12. Limitation of Remedies and Damages

EXCEPT AS TO “EXCLUDED CLAIMS,” TO THE MAXIMUM EXTENT PERMITTED BY LAW, AND NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT:

(A) NEITHER PARTY NOR ITS AFFILIATES SHALL BE LIABLE TO THE OTHER PARTY OR ITS AFFILIATES FOR ANY LOSS OF USE, LOST OR INACCURATE DATA, INTERRUPTION OF BUSINESS, COSTS OF DELAY, COVER COSTS, LOST PROFITS, OR ANY INDIRECT, SPECIAL, INCIDENTAL, RELIANCE, PUNITIVE, EXEMPLARY OR CONSEQUENTIAL DAMAGES OF ANY KIND, EVEN IF INFORMED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE;

(B) SUBJECT TO SUBSECTION (C) BELOW, EACH PARTY’S AND ITS AFFILIATES’ TOTAL LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE) SHALL NOT EXCEED THE AMOUNT ACTUALLY PAID OR PAYABLE TO RAGNEROCK IN THE PRIOR 12 MONTHS UNDER THE APPLICABLE ORDER FORM(S) TO WHICH SUCH LIABILITY RELATES (“GENERAL LIABILITY CAP”);

(C) IN THE CASE OF “DATA PROTECTION CLAIMS,” EACH PARTY’S AND ITS AFFILIATES’ TOTAL LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE) SHALL NOT EXCEED TWO TIMES (2X) THE AMOUNT ACTUALLY PAID OR PAYABLE TO RAGNEROCK IN THE PRIOR TWELVE (12) MONTHS UNDER THE APPLICABLE ORDER FORM(S) TO WHICH SUCH LIABILITY RELATES (“DATA PROTECTION CLAIMS CAP”);

(D) IN NO EVENT SHALL EITHER PARTY (OR ITS RESPECTIVE AFFILIATES) BE LIABLE FOR THE SAME EVENT UNDER BOTH THE GENERAL LIABILITY CAP AND THE DATA PROTECTION CLAIMS CAP. THOSE CAPS SHALL NOT BE CUMULATIVE; IF A PARTY (AND/OR ITS AFFILIATES) HAS ONE OR MORE CLAIMS SUBJECT TO THE “GENERAL LIABILITY CAP” AND THE “DATA PROTECTION CLAIMS CAP,” THE MAXIMUM TOTAL LIABILITY FOR ALL CLAIMS IN THE AGGREGATE SHALL NOT EXCEED THE “DATA PROTECTION CLAIMS CAP”;

(E) THE PARTIES AGREE THAT SECTION 12 WILL APPLY REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE AND WILL APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS AGREEMENT IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE; AND

(F) THE APPLICABLE MONETARY CAPS SET FORTH IN SECTION 12 SHALL APPLY, ON AN AGGREGATED BASIS, ACROSS THIS AGREEMENT AND ANY AND ALL SEPARATE AGREEMENT(S) GOVERNING CUSTOMER’S USE OF THE RAGNEROCK OFFERINGS ENTERED INTO BETWEEN RAGNEROCK AND ANY CUSTOMER AFFILIATES, INCLUDING WITHOUT LIMITATION, AS CONTEMPLATED BY SECTION 1.2 (AFFILIATES).

13. General Terms

13.1. Assignment

This Agreement will bind and inure to the benefit of each party’s permitted successors and assigns. Neither party may assign this Agreement without the advance written consent of the other party, except that either party may assign this Agreement in its entirety in connection with a merger, reorganization, acquisition, or other transfer of all or substantially all of such party’s assets or voting securities to such party’s successor; and Ragnerock may assign this Agreement in its entirety to any of its Affiliates. Each party shall promptly provide notice of any such assignment. Any attempt to transfer or assign this Agreement except as expressly authorized under this section will be null and void.

13.2. Severability; Interpretation; Conflicts

If an arbitrator or a court of competent jurisdiction holds any provision of this Agreement to be unenforceable or invalid, that provision will be limited to the minimum extent necessary so that this Agreement will otherwise remain in effect. Section headings are inserted for convenience only and shall not affect interpretation of this Agreement. Except for the DPA, the Security Addendum, and the Support Policy, each of which shall govern solely with respect to the subject matter therein, this Agreement governs and controls in the event of a conflict with any other ancillary documents or provisions applicable to the Ragnerock Offerings unless otherwise expressly agreed in writing by the parties.

13.3. Dispute Resolution

(a) Generally

Each party agrees that before it seeks any form of legal relief (except for a provisional remedy as explicitly set forth below) it shall provide written notice to the other party of the specific issue(s) in dispute (and reference the relevant provisions of this Agreement which are allegedly being breached). Within thirty (30) days after such notice, knowledgeable executives of the parties shall hold at least one meeting (in person or by video- or tele-conference) for the purpose of attempting in good faith to resolve the dispute. The parties agree to maintain the confidential nature of all disputes and disagreements between them, including, but not limited to, informal negotiations, mediation or arbitration, except as may be necessary to prepare for or conduct these dispute resolution procedures or unless otherwise required by law or judicial decision. The procedures in this Section 13.3(a) shall not apply to claims subject to indemnification under Section 11 (Indemnification) or prior to a party seeking a provisional remedy related to claims of misuse, misappropriation or ownership of intellectual property, trade secrets or Confidential Information.

(b) Binding Arbitration

IF THE DISPUTE IS NOT RESOLVED PURSUANT TO SECTION 13.3(A) WITHIN THIRTY (30) DAYS, THEN: EACH PARTY (I) EXPRESSLY AND IRREVOCABLY AGREES THAT, EXCEPT AS EXPLICITLY PROVIDED HEREIN, ANY DISPUTES OR CLAIMS ARISING HEREUNDER OR RELATING TO THE RAGNEROCK OFFERINGS INCLUDING WITHOUT LIMITATION PAYMENT DISPUTES OR DISPUTES UNDER SECTION 11 (INDEMNIFICATION) (COLLECTIVELY, “DISPUTES”) WILL BE DETERMINED SOLELY AND EXCLUSIVELY IN BINDING, INDIVIDUAL ARBITRATION PURSUANT TO THE U.S. FEDERAL ARBITRATION ACT AND FEDERAL ARBITRATION LAW AND NOT IN A CLASS, REPRESENTATIVE, OR CONSOLIDATED ACTION OR PROCEEDING (EXCEPT THAT EITHER PARTY MAY ELECT TO PROCEED IN SMALL CLAIMS COURT IF THE DISPUTE QUALIFIES), AND (II) WAIVES THE RIGHT TO A TRIAL BY JURY.

Either party may commence an arbitration proceeding by filing a demand for arbitration with the Judicial Arbitration and Mediation Services (“JAMS”). Arbitration of Disputes for total damages: (1) of $250,000 or less will be conducted under the then-applicable JAMS “Streamlined Arbitration Rules & Procedures”; and (2) exceeding $250,000, will be conducted under the then-applicable JAMS “Comprehensive Arbitration Rules & Procedures,” located at https://www.jamsadr.com/. Arbitration hearings will be conducted in Cook County, Illinois, U.S.A. The arbitrator(s) shall have the exclusive authority to decide all issues relating to the interpretation, applicability, enforceability, formation, existence, validity, and scope of the parties’ agreement to arbitrate. Payment of all arbitration filing, administrative, and arbitrator fees will be governed by applicable JAMS rules. The award rendered by the arbitrator(s) will be final and binding, and judgment may be entered upon it and enforced under applicable law in accordance with Section 13.4 of this Agreement. If the class action waiver in this Section 13.3(b) is found to be unenforceable, then the entirety of this Section 13.3(b) shall be null and void. Notwithstanding the foregoing, the parties expressly and irrevocably agree that a party may seek injunctive or other equitable relief in court in accordance with Section 13.4 below to enjoin misuse, misappropriation or ownership of intellectual property, trade secrets or Confidential Information.

13.4. Governing Law; Jurisdiction and Venue

This Agreement will be governed by the laws of the State of Illinois, U.S.A. without regard to the conflict of laws provisions thereof. Except with respect to any claims subject to arbitration in accordance with Section 13.3(b), the exclusive jurisdiction and venue for any actions will be the state and federal courts located in Cook County, Illinois, U.S.A. and Ragnerock and Customer each expressly and irrevocably consent to, and waive any objection to, jurisdiction and venue in such courts.

13.5. Notice

Any notice or communication required or permitted under this Agreement will be in writing to the parties at the addresses set forth in this Agreement or at such other address as may be given in writing by either party to the other in accordance with this section and will be deemed to have been received by the addressee upon: (a) personal delivery; (b) the second business day after being mailed or couriered; or (c) the day of sending by email, except for notices of breach (other than for non-payment) or an indemnifiable claim, which for clarity must be made by mail or courier. Email notifications to Ragnerock shall be to legal@ragnerock.com.

13.6. Amendments; Waivers

No supplement, modification, or amendment of this Agreement will be binding, unless executed in writing by a duly authorized representative of each party to this Agreement, except as expressly set forth herein. No waiver will be implied from conduct or failure to enforce or exercise rights under this Agreement, nor will any waiver be effective unless in a writing signed by a duly authorized representative on behalf of the party claimed to have waived. No terms or conditions stated in a Customer purchase order, vendor onboarding process or web portal, or any other Customer order documentation (excluding Order Forms) shall be incorporated into or form any part of this Agreement, and all such terms or conditions shall be null and void.

13.7. Entire Agreement

This Agreement is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements and communications relating to the subject matter of this Agreement. Ragnerock may change and update the Service (in which case Ragnerock may update the applicable Documentation accordingly), subject to the warranty in Section 8.1 (Service Warranty). For clarity, all URL terms expressly referenced herein include any updates made thereto, as posted to https://www.ragnerock.com/legal or a successor website designated by Ragnerock.

13.8. Third-Party Beneficiaries

There are no third-party beneficiaries under this Agreement, except to the extent expressly stated in this Agreement.

13.9. Force Majeure

Neither party will be liable to the other for any delay or failure to perform any obligation under this Agreement (except for a failure to pay Fees) if the delay or failure results from any cause beyond such party’s reasonable control, including but not limited to acts of God, labor disputes or other industrial disturbances, systemic electrical, telecommunications, or other utility failures, earthquake, storms or other elements of nature, blockages, embargoes, riots, public health emergencies (including pandemics and epidemics), acts or orders of government, acts of terrorism, or war.

13.10. Independent Contractors

The parties to this Agreement are independent contractors. There is no relationship of partnership, joint venture, employment, franchise or agency created hereby between the parties. Neither party will have the power to bind the other or incur obligations on the other party’s behalf without the other party’s prior written consent.

13.11. Export Control

Each party agrees to comply with all export and import laws and regulations, including without limitation, those of the United States, applicable to such party in connection with its respective provision or use of the Service under this Agreement. Without limiting the foregoing, Customer represents and warrants that it: (a) is not listed on, or majority-owned by any entity listed on, any U.S. government list of prohibited or restricted parties; (b) is not located in (or a national of) a country that either is subject to a U.S. government embargo or has been designated by the U.S. government as a “state sponsor of terrorism”; (c) will not (and will not permit any third parties to) access or use the Service in violation of any U.S. export embargo, prohibition or restriction; and (d) will not submit to the Service any information that is controlled under the U.S. International Traffic in Arms Regulations.

13.12. Execution

The parties may execute any documents hereunder in counterparts, each of which will be deemed an original and all of which together will be considered one and the same agreement. The parties will be bound by signatures made by hand or electronic means, which may be transmitted to the other party by mail, hand delivery, email and/or any electronic method and will have the same binding effect as any original ink signature.

14. Definitions

“Account” means Customer’s account in the Service in which Customer stores and processes Customer Data and manages Users.

“Affiliate” means an entity that, directly or indirectly, owns or controls, is owned or is controlled by, or is under common ownership or control with a party. As used in this definition, “control” means the power to direct the management or affairs of an entity and “ownership” means the beneficial ownership of more than fifty percent (50%) of the voting equity securities or other equivalent voting interests of an entity.

“AI Outputs” means any data, analysis, insights, classifications, summaries, extractions, or other results generated by AI processing through the Service.

“AI Sub-processor” means a third-party artificial intelligence or machine learning service provider used by Ragnerock to process Customer Data in connection with providing the Service.

“BAA” means a business associate agreement governing the parties’ respective obligations with respect to any HIPAA Data processed by Customer in the Service in accordance with the terms of this Agreement.

“Confidential Information” means all information that is identified as confidential at the time of disclosure by the Disclosing Party or reasonably should be known by the Receiving Party to be confidential or proprietary due to the nature of the information disclosed and the circumstances surrounding the disclosure, including without limitation information relating to technology, customers, business plans, promotional and marketing activities, finances and other business affairs, or third-party information that a party is obligated to keep confidential. All Customer Data will be deemed Confidential Information of Customer without any marking or further designation. All Ragnerock Technology and the terms and conditions of this Agreement will be deemed Confidential Information of Ragnerock without any marking or further designation. Confidential Information shall not, however, include information that the Receiving Party can demonstrate: (a) was rightfully in its possession or known to it prior to receipt of the Confidential Information; (b) is or has become public knowledge through no fault of the Receiving Party; (c) is rightfully obtained by the Receiving Party from a third party without breach of any confidentiality obligation; or (d) is independently developed by employees of the Receiving Party who had no access to the Confidential Information.

“Contractor” means Customer’s and its Affiliates’ independent contractors and consultants.

“Credits” means the prepaid units of value purchased by Customer and consumed through various forms of platform usage as described in the Documentation.

“Customer Data” means any data or data files of any type that are uploaded by or on behalf of Customer for storage or processing in the Service.

“Customer-Provided Services” or “BYO Services” means third-party services (including AI providers, databases, and object storage services) for which Customer provides credentials or connection information to Ragnerock for use in connection with the Service.

“Data Protection Claims” means any claims arising from a party’s breach of Section 2.3 (Data Privacy), Section 3 (Security), Section 5 (Confidentiality) and/or the BAA (if any), where such breach results in the unauthorized disclosure of Customer Data, or breach of Section 2.2 (Use Obligations).

“Data Protection Claims Cap” is defined in Section 12 (Limitation of Remedies and Damages).

“Disclosing Party” is defined in Section 5 (Confidentiality).

“Documentation” means Ragnerock’s technical documentation and usage guides expressly designated by Ragnerock as applicable to the Service, as made available at https://docs.ragnerock.com or such other URL as Ragnerock may designate.

“DPA” means the Customer Data Processing Addendum, made available at https://www.ragnerock.com/legal/dpa.

“Effective Date” is defined in the preamble to this Agreement.

“Excluded Claims” means obligations and claims based on: (a) a party’s breach of its obligations in Section 5 (Confidentiality) (but excluding obligations and claims relating to Customer Data); (b) either party’s express obligations under Section 11 (Indemnification); and/or (c) liability which, by law, cannot be limited (e.g., tort claims for gross negligence and intentional misconduct).

“Fees” means the fees payable by Customer to Ragnerock for the applicable Ragnerock Offerings, including the purchase price for Credits and any fees set forth in an Order Form.

“General Liability Cap” is defined in Section 12 (Limitation of Remedies and Damages).

“HIPAA” means the Health Insurance Portability and Accountability Act, as amended and supplemented.

“HIPAA Data” means any patient, medical or other protected health information regulated by HIPAA or any similar federal or state laws, rules or regulations.

“Order Form” means the Ragnerock ordering document governed by this Agreement that is signed by Ragnerock and Customer and specifies the Ragnerock Offerings procured by Customer, including any applicable pricing, Credits, and Subscription Term.

“Payment Dispute” means Customer’s reasonable and good faith dispute over the applicability of certain charges that have not yet been paid by Customer which Customer is diligently cooperating to resolve.

“Ragnerock Offerings” means the Service and any support and other ancillary services provided by Ragnerock.

“Ragnerock Technology” means the Service, Documentation, and any and all related and underlying technology and documentation in any Ragnerock Offerings; and any derivative works, modifications, or improvements of any of the foregoing.

“Receiving Party” is defined in Section 5 (Confidentiality).

“Regulatory Compliance Addendum” means the supplemental agreement governing Customer’s processing of data subject to specific regulatory requirements, including but not limited to requirements under SEC, FINRA, or comparable regulatory frameworks.

“Regulatory Data” is defined in Section 2.2(c).

“Security Addendum” means the Ragnerock Security Addendum, made available at https://www.ragnerock.com/legal/security.

“Service” means the generally available software-as-a-service offering hosted by or on behalf of Ragnerock and ordered by or for Customer as set forth in an Order Form or through self-service registration.

“Sub-processor List” means the list of sub-processors maintained by Ragnerock at https://www.ragnerock.com/legal/sub-processors, as updated from time to time in accordance with Section 10.2.

“Subscription Term” means the period of time during which Customer is authorized to access the Service, as specified in the applicable Order Form or, for self-service Customers, on a month-to-month basis.

“Support Policy” means the Ragnerock Support Policy made available at https://ragnerock.com/legal/support-policy.

“Taxes” means taxes, levies, duties, tariffs, or similar governmental assessments of any nature, including, for example, any sales, use, GST, value-added, withholding, or similar taxes, whether domestic or foreign, or assessed by any jurisdiction, but excluding any taxes based on net income, property, or employees of Ragnerock.

“Usage Data” means usage and operations data in connection with Customer’s use of the Service, including query logs, feature utilization metrics, and performance metadata. Usage Data expressly excludes the content of Customer Data.

“User” means the persons designated and granted access to the Service by or on behalf of Customer, including, as applicable, any of its and its Affiliates’ Contractors.

15. Acceptable Use Policy

This Acceptable Use Policy applies to all use of the Ragnerock Offerings. Customer agrees that it and its Users will not, and will not attempt to:

15.1. Prohibited Activities

(a) Use the Ragnerock Offerings for any purpose that is unlawful, fraudulent, or prohibited by this Agreement;

(b) Use the Ragnerock Offerings to store, transmit, or process any data or content that infringes, misappropriates, or violates any third party’s intellectual property rights, privacy rights, or other legal rights;

(c) Use the Ragnerock Offerings to transmit any viruses, worms, malware, or other malicious code, or to interfere with, disrupt, or create an undue burden on the Service or the networks or systems connected to the Service;

(d) Attempt to gain unauthorized access to the Service, other Accounts, or any related systems or networks, including through password mining, credential stuffing, or any other means;

(e) Circumvent, disable, or otherwise interfere with any security features of the Service, including any features that prevent or restrict use, copying, or access;

(f) Use the Ragnerock Offerings in any manner that could damage, overburden, or impair the Service or interfere with any other party’s use of the Service, including through denial-of-service attacks or similar methods;

(g) Use the Ragnerock Offerings to send unsolicited communications, spam, or other unauthorized messages;

(h) Use the Ragnerock Offerings to facilitate market manipulation, insider trading, front-running, or any other activity that violates applicable securities laws and regulations;

(i) Use the Ragnerock Offerings to circumvent regulatory surveillance, recordkeeping, or supervisory requirements applicable to Customer or its Users under applicable laws and regulations, including SEC, FINRA, or other financial regulatory requirements;

(j) Use the Ragnerock Offerings to process any data in violation of applicable data protection or privacy laws, including but not limited to the GDPR, CCPA, or other applicable privacy regulations;

(k) Remove, alter, or obscure any proprietary notices, labels, or markings on the Service;

(l) Benchmark, test, or evaluate the Service for the purpose of competing with Ragnerock or publishing performance comparisons without Ragnerock’s prior written consent; or

(m) Assist, encourage, or enable any third party to do any of the foregoing.

15.2. Enforcement

Ragnerock reserves the right, but is not obligated, to investigate any suspected violation of this Acceptable Use Policy. Ragnerock may, in its sole discretion, suspend or terminate Customer’s access to the Ragnerock Offerings for any violation of this Acceptable Use Policy in accordance with Section 7.6 (Suspension of Service). Ragnerock’s failure to enforce any provision of this Acceptable Use Policy shall not constitute a waiver of Ragnerock’s right to enforce such provision at a later time.

15.3. Reporting

Customer shall promptly notify Ragnerock of any known or suspected violation of this Acceptable Use Policy by contacting legal@ragnerock.com.