Credential Services End User Agreement

1. Definitions

2. Conditions

This Agreement provides the terms of access and use of the Credential Services, which are delivered by ALERT through Guardian Mesh on a web-based basis. In order to access and use the Credential Services, Customer must have placed an Order through an authorized Reseller. No separate software license or SaaS subscription is required. In addition, unless otherwise agreed by ALERT, Customer may require access to certain Third Party Technology that is not ordered from ALERT and is not governed by the terms of this Agreement.

The fees and pricing applicable to Customer's subscription to the Credential Services shall be as set forth in the applicable Order. All payment obligations are governed by the terms agreed between Customer and Reseller.

3. License

Subject to the terms of this Agreement, ALERT grants Customer a revocable, non-exclusive, non-transferable (except for the right to sublicense to Authorized Users), limited license to access and use the Credential Services through Guardian Mesh, including the web-based provisioning flow through the Partner Portal, solely for creating Authorized User Credentials by accessing data from Customer's Account. Except as expressly set forth in this Section 3, no additional or implied license is provided to Customer.

4. Access to Customer's Account and Third Parties

Customer agrees that in order to provide the Credential Services, ALERT will require access to data in Customer's Account ("Data"), including, but not limited to, identifying and credential information related to Authorized Users, and that ALERT is authorized by Customer to: (i) access such Data from the Products; and (ii) make Data available to Wallet Providers and Credential Providers as needed to create the Credential and provide the Credential Services. Customer represents and warrants that it has the necessary consents to provide ALERT, the Wallet Providers, and the Credential Providers with access to the Data as needed to provide the Credential Services. Without limiting the foregoing, Customer is solely responsible for the information contained in Data provided to the Products. Customer further acknowledges and agrees that ALERT is not responsible for the security of Data accessed or stored by the Wallet Providers or Credential Providers, including encryption keys.

Customer acknowledges that it may need to work directly with Wallet Providers and Credential Providers to ensure that its Data is safe and secure in their network/environment. Customer may choose to enter into a specific data security agreement with such third parties as appropriate.

5. Security of Third Party Technology

Customer, and not ALERT, is responsible for procurement, installation, and maintenance of any Third Party Technology required for access to and use of the Credential Services. It is Customer's sole responsibility to secure and monitor Third Party Technology, including any access control infrastructure, for improper use or unauthorized access. Customer acknowledges and agrees that ALERT does not manage the security of Third Party Technology and shall not be responsible or liable for any failure or breach in the security of such technology.

6. Restricted Use

Customer agrees that it shall not, and shall not permit Authorized Users to, use Guardian Mesh, the Partner Portal, or the Credential Services in a way that could:

• Copy, modify, or create an equivalent of any ALERT Product unless specifically authorized by ALERT in writing.
• Make the Credential Services available to anyone other than an Authorized User.
• Use the Credential Services in any manner that could harm or impair ALERT or the Products.
• Interfere or attempt to interfere in any manner with the functionality or proper working of the Products.
• Breach or otherwise bypass any security or authentication measures of the Products.
• Transmit into or use with the Products any viruses, malware, malicious or destructive code, or any other routine, device, or undisclosed feature (e.g., time bomb, software lock, drop dead device, malicious logic, worm, Trojan horse, trap, back door, or software routine) that interferes with or otherwise harms or provides unauthorized access to or causes unauthorized modifications of the Products.
• Distribute content that interferes with or otherwise harms or provides unauthorized access to or causes unauthorized modifications of the operation of the Products or related third-party networks, servers, or other infrastructure.
• Use any robot, spider, data scraping or extraction tool, or similar mechanism with or against the Products.
• Reverse engineer, decompile, disassemble, attempt to gain unauthorized access to, or attempt to discover the underlying source code or structure of the Products.
• Access, use, or otherwise exploit the Products for purposes of competing with or disparaging ALERT, including but not limited to benchmarking, monitoring availability, performance, or functionality, or conducting competitive analysis.
• Commercially sell or resell the Products to any third party.

7. Third Party Wallet Provider Terms

Customer acknowledges that the provisioning of Credentials to Authorized Users' devices is subject to the applicable terms and conditions of the relevant Wallet Providers, including but not limited to Apple, Google, and Samsung. Customer and its Authorized Users agree not to violate the usage limits or controls set forth by the applicable Wallet Provider. ALERT is not responsible for the acts or omissions of any Wallet Provider or for any failure of a Wallet Provider's platform to receive or display Credentials.

8. Intellectual Property

Customer acknowledges and agrees that Guardian Mesh and the Credential Services are licensed, and not sold. Customer does not acquire any ownership interest in Guardian Mesh, the Credential Services, any web-based provisioning tools, or the Partner Portal under this Agreement, or any other rights thereto, other than to use the same in accordance with the license granted and subject to all terms, conditions, and restrictions under this Agreement. ALERT and its licensors and service providers reserve and shall retain their entire right, title, and interest in and to Guardian Mesh, the Credential Services, all web-based provisioning tools, and the Partner Portal, including all copyrights, trademarks, and other intellectual property rights therein or relating thereto, except as expressly granted in this Agreement.

9. Updates

ALERT may from time to time, in its sole discretion, develop and provide Credential Services updates, which may include upgrades, bug fixes, patches, error corrections, and/or new features (collectively, including related documentation, "Updates"). Updates may also modify or delete in their entirety certain features and functionality. Updates to Guardian Mesh and the Credential Services will be deployed by ALERT and made available through the web-based provisioning flow without any action required by Customer or Authorized Users. ALERT will use commercially reasonable efforts to notify Reseller of material Updates through the Partner Portal in advance of their deployment.

10. Support

Customer's primary support contact for the Credential Services is Reseller. Reseller is responsible for providing Tier 1 support directly to Customer, including initial troubleshooting, issue logging, and escalation management. ALERT provides Tier 2 support to Reseller only and has no direct support obligation to Customer. Customer shall direct all support requests to Reseller.

In addition to any disclaimers contained in any applicable Agreement, the parties agree that ALERT does not warrant that Guardian Mesh or the Credential Services will operate error free or without interruption. ALERT does not guarantee the compatibility of any Device with the Credential Services. ALERT is not responsible for the maintenance, operation, or security of any Third Party Technology, including any Wallet Provider platform. The Customer acknowledges and agrees that ALERT is not responsible for and shall not be liable for the acts or omissions of any Credential Provider or Wallet Provider.

11. Limitation of Liability

The parties agree that in no event shall ALERT, its suppliers, or licensors have any liability to Reseller or Customer for any indirect, incidental, punitive, special, or consequential damages including without limitation lost profits, loss of data, loss of functionality, interruption of business, or costs of procurement of substitute goods or services, whether under theory of contract, tort (including negligence), strict liability, or otherwise, arising from or associated in any way with Guardian Mesh or the Credential Services, even if ALERT is advised of the possibility of such damages. The parties agree to the allocation of liability risk set forth in this section. Some jurisdictions do not allow the limitation of liability for certain damages, and as a consequence some of the above limitations may not apply to Customer.

In no event will ALERT's, its supplier's, or licensor's liability for any claim, whether in contract, tort, or any other theory of liability, exceed the aggregate fees paid by Reseller to ALERT for the relevant Customer's subscription to the Credential Services in the twelve (12) month period immediately preceding the incident giving rise to the claim.

The provisions of this Section 11 shall survive the expiration or termination of this Agreement.

12. Indemnification

Indemnification by ALERT

ALERT will defend Customer against any claims, demands, suits, or proceedings made or brought by a third party against Customer to the extent based upon an allegation that Guardian Mesh or the Credential Services as furnished by ALERT and used by Customer within the scope of this Agreement infringes any copyright or any U.S. patent or trademark rights of any third party (a "Claim"), provided that: (i) Customer notifies Reseller and ALERT promptly in writing of the Claim; (ii) ALERT has sole control of the defense and all related settlement negotiations; and (iii) Customer provides ALERT with reasonable assistance, information, and authority necessary to perform the above. ALERT shall pay all amounts awarded by a court of competent jurisdiction or agreed to in a mutually agreed settlement of such Claim. The foregoing states the entire obligation of ALERT and its licensors with respect to any alleged or actual infringement or misappropriation of intellectual property rights by Guardian Mesh or the Credential Services. ALERT and its licensors shall have no liability under this Section to the extent that any Claims are based on: (i) any combination of Guardian Mesh or the Credential Services with products, services, methods, content, or other elements not furnished by ALERT; (ii) alteration or modification of Guardian Mesh or the Credential Services by anyone other than ALERT; (iii) ALERT's compliance with Customer's unique designs or specifications; or (iv) any use of Guardian Mesh or the Credential Services in a manner that violates the terms of this Agreement.

Mitigation Measures

In the event of any Claim or potential Claim covered by this Section, ALERT may, in its discretion, seek to mitigate the impact of such Claim by modifying Guardian Mesh or the Credential Services to avoid the infringement, and/or by suspending or terminating Customer's access upon reasonable notice. In the case of such suspension or termination, ALERT shall refund to Reseller a pro-rated portion of the fees paid by Reseller to ALERT for the affected Customer's subscription, calculated based on the number of days remaining in the then-current subscription term following the effective date of suspension or termination. Reseller shall be responsible for passing through any such refund to Customer in accordance with the terms of their separate agreement. Customer's sole financial remedy under this Section shall be fulfilled through Reseller and ALERT's obligation is limited to refunding Reseller the amounts described herein.

Indemnification by Customer

Customer shall defend, indemnify, and hold harmless ALERT and Reseller against any third party claim, suit, or proceeding arising out of or related to Customer's alleged or actual use of, or misuse of, Guardian Mesh or the Credential Services, including without limitation: (a) claims relating to any breach of this Agreement by Customer, its affiliates, employees, agents, or Authorized Users; (b) claims related to or caused by security breaches in Customer's technology environment, including without limitation unauthorized disclosure or exposure of personally identifiable information or other private information; (c) claims related to infringement or violation of a copyright, trademark, trade secret, or privacy or confidentiality right by written material, images, logos, or other content uploaded to the Credential Services through Customer's Account; and (d) claims that use of the Credential Services through Customer's Account, including by Customer's Authorized Users, harasses, defames, or defrauds a third party or violates the CAN-Spam Act of 2003 or any other applicable law or restriction on electronic advertising, provided that: (a) ALERT or Reseller notifies Customer promptly in writing of the claim; (b) Customer has sole control of the defense and all related settlement negotiations; however Customer shall not make any admission or liability of fault on behalf of Alert or Reseller, without prior written consent or settle a Claim in a manner that imposes any obligation, restriction or liability on Alert or Reseller without their prior written consent; and (c) ALERT and Reseller provide Customer with reasonable assistance, information, and authority necessary to perform the above.

13. Confidentiality

Confidential Information means any non-public information, data, or know-how disclosed by a party to this Agreement to the other party in writing, orally, or by access to the disclosing party's systems or premises, and either identified by the disclosing party as confidential or proprietary, or which should reasonably be expected under the circumstances to be confidential or proprietary, including information disclosed by ALERT to Customer regarding Guardian Mesh, the Credential Services, their design, workflow, and documentation, and any confidential information of ALERT's licensors. Guardian Mesh and the Credential Services (including their specific design and structure) and related documentation are Confidential Information and trade secrets of ALERT and/or its licensors.

With respect to Confidential Information, the receiving party shall: (i) use it solely for the purposes specifically provided in this Agreement; and (ii) not disclose it to any third party, other than employees on a need-to-know basis or consultants, affiliates, advisors, agents, or subcontractors ("Representatives") under nondisclosure agreements at least as strict as this Agreement, provided that such Representatives are not competitors of the disclosing party, for a period of five (5) years from the date of disclosure, or in perpetuity if the Confidential Information constitutes a trade secret under applicable law. The receiving party is liable for any misuse of Confidential Information by its Representatives or other third parties to whom it discloses such information. The foregoing obligations do not apply to information that: (a) was rightfully in the possession of, or was known by, the receiving party prior to its receipt from the disclosing party, free of any obligation of confidence; (b) is or becomes generally known to the public without violation of this Agreement; (c) is obtained by the receiving party from a third party without an obligation to keep such information confidential; or (d) is independently developed by the receiving party without use of the Confidential Information.

This Section will not affect any other nondisclosure agreement between the parties. In the event the receiving party is required to disclose Confidential Information pursuant to applicable law, judicial or governmental order, or valid subpoena, such party will promptly notify the other party to allow intervention in response to such order, but only to the extent such notice is legally permissible. This Agreement does not transfer ownership of Confidential Information or grant a license thereto. Each party will retain all right, title, and interest in and to its own Confidential Information.

14. Compliance with Laws

Customer shall comply with all applicable laws, regulations, and governmental requirements in connection with its access to and use of the Credential Services, including but not limited to those governing data privacy, export controls, and economic sanctions. Customer shall not permit any third party to access or use the Credential Services in violation of any applicable law or regulation, or export the Credential Services except in compliance with all applicable U.S. laws and regulations. Without limiting the foregoing, Customer shall not permit any third party to access or use the Credential Services in, or export such services to, any country subject to a United States embargo or sanction.

15. Term and Termination

Term

This Agreement commences on the date Customer first accesses the Credential Services pursuant to an Order and continues for the subscription term set forth in the applicable Order, unless earlier terminated pursuant to this Section 15. Unless otherwise provided in an Order, this Agreement shall automatically renew for successive one (1) year terms upon expiration of the then-current term, unless either party delivers written notice of non-renewal to the other party at least sixty (60) days prior to expiration of the then-current term.

Termination

Termination for Convenience. ALERT may terminate this Agreement for any reason upon sixty (60) days prior written notice.

Termination for Cause. Either party may terminate this Agreement upon written notice if the other party materially breaches this Agreement and fails to cure such breach within thirty (30) days of receiving written notice specifying the breach in reasonable detail.

Termination for Non-Payment. ALERT reserves the right to suspend or terminate Customer's access to the Credential Services upon fifteen (15) days written notice to Reseller in the event Customer fails to timely pay amounts due to Reseller in connection with the Credential Services and such failure remains uncured. Suspension of access shall not release Customer of its payment obligations under an Order.

Effect of Reseller Agreement Termination. Customer acknowledges that its access to the Credential Services is dependent upon the reseller agreement between ALERT and Reseller remaining in effect. In the event the reseller agreement between ALERT and Reseller is terminated for any reason, ALERT shall provide Customer with no less than sixty (60) days prior written notice and Customer's access to the Credential Services shall continue during such notice period. Following expiration of the notice period, ALERT may in its sole discretion offer to contract directly with Customer for continued access to the Credential Services on terms to be agreed.

Survival

Sections that by their nature survive expiration or termination shall survive any expiration or termination of this Agreement, including without limitation Sections 8, 11, 12, 13, 15, 16, and 17.

Effect of Termination

Termination of this Agreement does not relieve Customer of its obligation to pay any fees accrued prior to the effective date of termination. Upon termination, Customer shall immediately cease all use of the Credential Services and shall delete, destroy, or return all copies of any related documentation in its possession or control within thirty (30) days of the effective date of termination. Customer is solely responsible for creating a backup of any Customer data prior to termination.

16. Title; Ownership and Equitable Relief

Title

ALERT, or its suppliers or licensors, retains all right, title, interest, and intellectual property rights in Guardian Mesh, the Credential Services, and related documentation and other deliverables provided by ALERT under this Agreement, including all modifications, improvements, upgrades, derivative works, and feedback related thereto. Customer hereby assigns to ALERT all right, title, and interest it may have in the foregoing.

Equitable Relief

Customer acknowledges that any breach of its obligations with respect to the proprietary rights of ALERT or its suppliers or licensors may cause irreparable injury for which there may be inadequate remedy at law, and therefore ALERT will be entitled to seek equitable relief in addition to all other rights and remedies available to it.

17. Assignment

Customer may not assign its rights or obligations under this Agreement without the prior written consent of ALERT. ALERT may freely assign its rights and obligations under this Agreement. Any attempted assignment in violation of this Section will be null and void.

18. Governing Law

This Agreement shall be governed and construed by the laws of the State of California, excluding its conflict of law rules and the International Sale of Goods. All suits hereunder will be brought solely in Federal Court for the Northern District of California, or if that court lacks subject matter jurisdiction, in any California State Court located in Fremont, California. The parties hereby irrevocably waive any and all claims and defenses either might otherwise have in any such action or proceeding based upon any alleged lack of personal jurisdiction, improper venue, forum non conveniens, or any similar claim or defense.

19. Force Majeure

Neither party shall be responsible for any resulting loss to the other party if the fulfillment of any of the terms or provisions of this Agreement is delayed or prevented by strikes, work stoppages, shortage of materials, pandemic or epidemic, labor unrest, transportation stoppages, riots, wars, acts of terrorism, national emergency, floods, fires, earthquakes, tornadoes, acts of God, or any other similar cause not within the control of the party whose performance is interfered with (each, a "Force Majeure" event). The party claiming a Force Majeure event shall provide prompt written notice to the other party and shall use commercially reasonable efforts to resume performance as soon as practicable.

20. General

Notices. Notices shall be in writing, sent to the addresses listed in the Order and delivered by overnight mail, courier, first-class mail, or email with confirmed receipt, and are deemed received upon delivery.

Amendments. ALERT reserves the right to modify the terms of this Agreement from time to time. Any modified Agreement will be posted at https://guardianmesh.com/legal/end-user-agreement. ALERT will provide notice of material modifications through the Partner Portal no less than thirty (30) days prior to the effective date of such modifications. Customer's continued access to or use of the Credential Services following the effective date of any modification constitutes Customer's acceptance of the modified Agreement. Customer is responsible for regularly reviewing the Agreement as posted at https://guardianmesh.com/legal/end-user-agreement.

Waiver. The failure of either party to enforce any right under this Agreement will not be deemed a waiver of such right or any other right, including the right to enforce a subsequent breach of the same obligation.

Severability. In the event that any part of this Agreement is found to be unenforceable, the remainder shall continue in effect and such part shall be changed and interpreted so as to best accomplish the objectives of such part to the extent permissible by law and consistent with the intent of the parties.

Relationship of Parties. The parties are independent contractors and this Agreement will not be construed as creating a partnership, joint venture, agency, employment, or teaming relationship between the parties. Neither party shall be deemed to be an agent of the other.

Entire Agreement. This Agreement, together with the applicable Order, constitutes the entire agreement between the parties with respect to the subject matter hereof and supersedes all prior and contemporaneous agreements, proposals, and representations, whether oral or written, relating to such subject matter.