Search
Ask AI
Terms & Privacy

Software as a Service Agreement (SSA)

Effective Date: as set forth in the Engagement Letter

Last update: 05/18/2026

This Software as a Service Agreement (the "Agreement" or "SSA") is made and entered into on the date set forth as the Effective Date in the Engagement Letter (the "Effective Date") by and between Maestra B.V., a private company with limited liability (besloten vennootschap) organized under the laws of the Netherlands, with its registered office at the address set forth in the Engagement Letter ("Provider"), and the individual or entity identified as the "Customer" in the Engagement Letter.

WHEREAS, Provider provides access to its software-as-a-service offerings to its customers; and

WHEREAS, Customer desires to access certain software-as-a-service offerings described herein, and Provider desires to provide Customer access to such offerings, subject to the terms and conditions set forth in this Agreement.

NOW, THEREFORE, in consideration of the mutual covenants, terms, and conditions set forth herein, and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties agree as follows:

1. Definitions

"Access Credentials" means any user name, identification number, password, license or security key, security token, PIN, or other security code, method, technology, or device, used alone or in combination, to verify an individual’s identity and authorization to access and use the Services.

"Accounting Period" means a calendar month, unless the Engagement Letter expressly provides for a different billing cycle.

"Action" means any claim, action, cause of action, demand, lawsuit, arbitration, inquiry, audit, notice of violation, proceeding, litigation, citation, summons, subpoena, or investigation of any nature, civil, criminal, administrative, regulatory, or other, whether at law, in equity, or otherwise.

"Affiliate" of a Person means any other Person that directly or indirectly, through one or more intermediaries, controls, is controlled by, or is under common control with, such Person. The term "control" (including the terms "controlled by" and "under common control with") means the direct or indirect power to direct or cause the direction of the management and policies of a Person, whether through the ownership of more than fifty percent (50%) of the voting securities of a Person, by contract, or otherwise.

"Agreement" has the meaning set forth in the preamble.

"Anonymized Data" means Customer Data that has been processed, aggregated, or otherwise transformed by Provider such that: (a) it cannot reasonably be used to identify, relate to, or be linked to Customer, any Authorized User, any End Customer, or any other identifiable natural person; (b) the transformation is irreversible using any reasonably available means; and (c) it does not constitute "personal data" within the meaning of the GDPR (and, where applicable, UK GDPR), consistent with Recital 26 of the GDPR. Anonymized Data constitutes Resultant Data, is owned exclusively by Provider, is not Customer Data, and is not Confidential Information of Customer.

"Annex" means each annex attached to this Agreement that contains terms specific to the European Union legal regime, including Annex 1 (EU), Annex 2 (EU), and Annex 3 (EU). Annexes are an integral part of this Agreement.

"Applicable Messaging Laws" has the meaning set forth in Exhibit D (EU).

"Authorized Users" means Customer’s employees, consultants, contractors and agents (a) who are authorized by Customer to access and use the Services under the rights granted to Customer pursuant to this Agreement; and (b) for whom access to the Services has been purchased hereunder.

"Confidential Information" has the meaning set forth in Section 9.1.

"Customer" has the meaning set forth in the preamble.

"Customer Data" means information, data, and other content, in any form or medium, that is collected, downloaded, or otherwise received, directly or indirectly, from Customer or an Authorized User by or through the Services or that incorporates or is derived from the Processing of such information, data, or content by or through the Services. For the avoidance of doubt, Customer Data includes End Customer Data but does not include Resultant Data or any other information reflecting the access or use of the Services by or on behalf of Customer or any Authorized User.

"Customer Failure" has the meaning set forth in Section 4.2.

"Customer Systems" means the Customer’s information technology infrastructure, including computers, software, hardware, databases, electronic systems (including database management systems), and networks, whether operated directly by Customer or through the use of third-party services.

"Deposit" has the meaning set forth in Section 2.9.

"Disclosing Party" has the meaning set forth in Section 9.1.

"Documentation" means any manuals, instructions, or other documents or materials that the Provider provides or makes available to Customer in any form or medium and which describe the functionality, components, features, or requirements of the Services or Provider Materials, including any aspect of the installation, configuration, integration, operation, use, support, or maintenance thereof.

"DPA" means, in respect of any Customer, the Data Processing Agreement applicable to that Customer in accordance with Section 7.4: (i) Annex 1 (EU) where the Customer is established within the European Economic Area; or (ii) Annex 2 (EU) where the Customer is established outside the European Economic Area. Where Annex 3 (EU) (UK Addendum) applies, it forms part of the DPA for the relevant Customer.

"Effective Date" has the meaning set forth in the preamble.

"Engagement Letter" means the document executed between Provider and Customer that sets forth Customer-specific information, including but not limited to Customer name and address, contact details, Effective Date, pricing details, and any deal-specific commercial terms. The Engagement Letter forms part of this Agreement.

"End Customer" means any Person who is a recipient of Customer’s marketing communication through the Services, including any data subject whose Personal Data is Processed through the Services on behalf of Customer.

"End Customer Data" means information, data, and other content, in any form or medium, relating to an End Customer that is collected, transmitted, or otherwise Processed by or on behalf of Customer through the Services. End Customer Data may include End Customer’s Personal Data but excludes Resultant Data.

"Exhibit" means each exhibit attached to this Agreement that contains terms substantively mirroring the corresponding exhibit to Provider’s United States Software as a Service Agreement, with European Union tailoring, including Exhibit A (EU), Exhibit B (EU), Exhibit C (EU), Exhibit D (EU), and Exhibit E (EU). Exhibits are an integral part of this Agreement.

"Fees" has the meaning set forth in Section 8.1.

"Force Majeure Event" has the meaning set forth in Section 16.9(a).

"GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).

"Harmful Code" means any software, hardware, or other technology, device, or means, including any virus, worm, malware, or other malicious computer code, the purpose or effect of which is to (a) permit unauthorized access to, or to destroy, disrupt, disable, distort, or otherwise harm or impede in any manner any (i) computer, software, firmware, hardware, system, or network; or (ii) any application or function of any of the foregoing or the security, integrity, confidentiality, or use of any data Processed thereby; or (b) prevent Customer or any Authorized User from accessing or using the Services or Provider Systems as intended by this Agreement. Harmful Code does not include any Provider Disabling Device.

"Indemnitee" has the meaning set forth in Section 12.3.

"Indemnitor" has the meaning set forth in Section 12.3.

"Integration Period" has the meaning set forth in Section 2.8.

"Intellectual Property Rights" means any and all registered and unregistered rights granted, applied for, or otherwise now or hereafter in existence under or related to any patent, copyright, trademark, trade secret, database protection, or other intellectual property rights laws, and all similar or equivalent rights or forms of protection, in any part of the world.

"Law" means any statute, law, ordinance, regulation, rule, code, order, constitution, treaty, common law, judgment, decree, or other requirement of any government or political subdivision thereof, or any arbitrator, court, or tribunal of competent jurisdiction. References to Law include GDPR and Member State implementations thereof, and (where applicable) UK GDPR and the United Kingdom Data Protection Act 2018.

"Means of Communication" means the operational communication channels set forth in Section 16.4(b), including support@maestra.io, the named Manager or Lead Manager assigned to Customer’s account, and any other channel agreed by the parties for operational communications.

"Losses" means any and all losses, damages, deficiencies, claims, actions, judgments, settlements, interest, awards, penalties, fines, costs, or expenses of whatever kind, including reasonable attorneys’ fees and the costs of enforcing any right to indemnification hereunder and the cost of pursuing any insurance providers.

"Person" means an individual, corporation, partnership, joint venture, limited liability entity, governmental authority, unincorporated organization, trust, association, or other entity.

"Personal Data" means any information relating to an identified or identifiable natural person, as defined under GDPR and (where applicable) UK GDPR.

"Process" means to take any action or perform any operation or set of operations that the Services are capable of taking or performing on any data, information, or other content, including to collect, receive, input, upload, download, record, reproduce, store, organize, compile, combine, log, catalog, cross-reference, manage, maintain, copy, adapt, alter, translate, or make other derivative works or improvements, process, retrieve, output, consult, use, perform, display, disseminate, transmit, submit, post, transfer, disclose, or otherwise provide or make available, or block, erase, or destroy. "Processing" and "Processed" have correlative meanings.

"Provider" has the meaning set forth in the preamble.

"Provider Disabling Device" means any software, hardware, or other technology, device, or means (including any back door, time bomb, time out, drop dead device, software routine, or other disabling device) used by Provider or its designee to disable Customer’s or any Authorized User’s access to or use of the Services automatically with the passage of time or under the positive control of Provider or its designee.

"Provider Indemnitee" has the meaning set forth in Section 12.2.

"Provider Materials" means the Services, Documentation, and Provider Systems and any and all other information, data, documents, materials, works, and other content, devices, methods, processes, hardware, software, and other technologies and inventions, including any deliverables, technical or functional descriptions, requirements, plans, or reports, that are provided or used by Provider or any Subcontractor in connection with the Services or otherwise comprise or relate to the Services or Provider Systems. For the avoidance of doubt, Provider Materials include Resultant Data and any information, data, or other content derived from Provider’s monitoring of Customer’s access to or use of the Services, but do not include Customer Data.

"Provider Personnel" means all individuals involved in the performance of Services as employees, agents, or independent contractors of Provider or any Subcontractor.

"Provider Systems" means the information technology infrastructure used by or on behalf of Provider in performing the Services, including all computers, software, hardware, databases, electronic systems (including database management systems), and networks, whether operated directly by Provider or through the use of third-party services.

"Receiving Party" has the meaning set forth in Section 9.1.

"Representatives" means, with respect to a party, that party’s employees, officers, directors, agents, and legal advisors.

"Resultant Data" means data and information related to Customer’s use of the Services that is used by Provider in an aggregate and anonymized manner, such that it does not identify Customer or any individual, including to: (a) compile statistical and performance information related to the provision, operation, and improvement of the Services; (b) train, develop, improve, and refine Provider’s artificial intelligence, machine learning, and other algorithmic models, technologies, and products; (c) generate benchmarks, analytics, and industry insights; and (d) develop, enhance, and commercialize new and existing products, services, and features. For the avoidance of doubt, Resultant Data must be irreversibly de-identified before it is treated as Resultant Data; pseudonymized data within the meaning of Article 4(5) of the GDPR does not qualify as Resultant Data. Resultant Data is not Customer Data and is not Confidential Information of Customer.

"Service Level Agreement" or "SLA" means any separately-signed service level agreement between Provider and Customer that sets forth specific service level guarantees. The Service Level Agreement is not incorporated into this Agreement by default and applies only if separately executed by the parties.

"Services" means the software-as-a-service offering described in Exhibit A (EU).

"SMS Services Deposit" has the meaning set forth in Section 2.10.

"Subcontractor" has the meaning set forth in Section 2.6.

"Subscriber List" has the meaning set forth in Exhibit D (EU).

"Third-Party Materials" means materials and information, in any form or medium, including any open-source or other software, documents, data, content, specifications, products, equipment, or components of or relating to the Services that are not proprietary to Provider.

"Term" has the meaning set forth in Section 15.1.

2. Services

2.1 Access and Use

Subject to and conditioned on Customer’s and its Authorized Users’ compliance with the terms and conditions of this Agreement, Provider hereby grants Customer a non-exclusive, non-transferable (except in compliance with Section 16.8) right to access and use the Services during the Term, solely for use by Authorized Users in accordance with the terms and conditions herein. Such use is limited to Customer’s internal use. Provider shall provide to Customer the Access Credentials within a reasonable time following the Effective Date.

2.2 Documentation License

Provider hereby grants to Customer a non-exclusive, non-sublicensable, non-transferable (except in compliance with Section 16.8) license to use the Documentation during the Term solely for Customer’s internal business purposes in connection with its use of the Services.

2.3 Service and System Control

Except as otherwise expressly provided in this Agreement, as between the parties:

  1. Provider has and will retain sole control over the operation, provision, maintenance, and management of the Provider Materials; and

  2. Customer has and will retain sole control over the operation, maintenance, and management of, and all access to and use of, the Customer Systems, and sole responsibility for all access to and use of the Provider Materials by any Person by or through the Customer Systems or any other means controlled by Customer or any Authorized User, including any: (i) information, instructions, or materials provided by any of them to the Services or Provider; (ii) results obtained from any use of the Services or Provider Materials; and (iii) conclusions, decisions, or actions based on such use.

2.4 Reservation of Rights

Nothing in this Agreement grants any right, title, or interest in or to (including any license under) any Intellectual Property Rights in or relating to the Services, Provider Materials, or Third-Party Materials, whether expressly, by implication, estoppel, or otherwise. All right, title, and interest in and to the Services, the Provider Materials, and the Third-Party Materials are and will remain with Provider and the respective rights holders in the Third-Party Materials.

2.5 Changes to the Services

Provider reserves the right, in its sole discretion, to make any changes to the Services and Provider Materials that it deems necessary or useful to: (a) maintain or enhance: (i) the quality or delivery of Provider’s services to its customers; (ii) the competitive strength of or market for Provider’s services; or (iii) the Services’ cost efficiency or performance; or (b) to comply with applicable Law. Customer’s continued use of the Services following any such change constitutes Customer’s acceptance of such change, provided that the change is within the scope of this Section 2.5.

2.6 Subcontractors

Provider may from time to time in its discretion engage third parties to perform Services (each, a "Subcontractor").

2.7 Suspension or Termination of Services

Provider may, directly or indirectly, and by use of a Provider Disabling Device or any other lawful means, suspend, terminate, or otherwise deny Customer’s, any Authorized User’s, or any other Person’s access to or use of all or any part of the Services or Provider Materials, without incurring any resulting obligation or liability, if:

  1. Provider receives a judicial or other governmental demand or order, subpoena, or law enforcement request that expressly or by reasonable implication requires Provider to do so (in which case Provider may suspend immediately and without prior notice); or

  2. Provider believes, in its good faith and reasonable discretion, that: (i) Customer or any Authorized User has failed to comply with any term of this Agreement, or accessed or used the Services beyond the scope of the rights granted or for a purpose not authorized under this Agreement; (ii) Customer or any Authorized User is, has been, or is likely to be involved in any fraudulent, misleading, or unlawful activities relating to or in connection with any of the Services (in which case Provider may suspend immediately and without prior notice); or (iii) this Agreement expires or is terminated.

In the case of suspension for payment default (Section 8.4) or for breach of Customer warranties or obligations (Sections 7 and 11.3) not addressed in clause (b)(ii) above, Provider shall provide five (5) business days’ prior written notice of such suspension. Provider may also suspend immediately and without prior notice in any circumstance described in Exhibit D (EU) Section 7. Suspension does not relieve Customer of its payment obligations during the suspension period. Upon Customer’s cure of the cause of suspension, Provider shall promptly restore access. This Section 2.7 does not limit any of Provider’s other rights or remedies, whether at law, in equity, or under this Agreement.

2.8 Integration Period

Following execution of the Engagement Letter, Customer shall have a limited right to access and use the Services without the functionality to send out electronic messages for up to three (3) months from the Effective Date (the "Integration Period"). The Integration Period is provided to allow Customer to integrate the Services with Customer Systems, configure the Services, train Authorized Users, and otherwise prepare for operational use. Customer may not use the Services for commercial messaging or other production purposes during the Integration Period.

The Integration Period shall automatically expire on the earlier of (i) the first day of the fourth month following the Effective Date, or (ii) the date on which Customer requests in writing (which may be by email) for Provider to enable full functionality of the Services. Upon expiration of the Integration Period, the Services shall become available for production use and the Term shall continue on a month-to-month basis pursuant to Section 15.

Customer may terminate this Agreement during the Integration Period at any time by providing written notice (which may be by email) to Provider. Termination during the Integration Period shall be effective on the date of notice, and Provider shall refund any Deposit paid by Customer in full within thirty (30) days from the date of Customer’s written notice. No Fees shall accrue during the Integration Period.

2.9 Deposit

Prior to or upon commencement of the Integration Period, Customer shall pay to Provider a refundable security deposit in the amount set forth in the Engagement Letter (the "Deposit"), which shall be approximately equal to one (1) month of expected Fees based on the Customer’s anticipated use of the Services. Provider shall hold the Deposit as security for Customer’s payment obligations under this Agreement throughout the Term.

Upon any expiration or termination of this Agreement, Provider shall issue a final invoice covering any Fees accrued but not yet paid through the effective date of termination. If Customer pays such final invoice in full within the payment period specified in Section 8.3, Provider shall refund the Deposit to Customer in full within thirty (30) days of receipt of payment. If Customer fails to pay the final invoice within the applicable payment period, Provider may apply the Deposit toward any amounts owed by Customer (including the final invoice and any other accrued Fees, interest, or charges) and shall refund any remaining balance to Customer within thirty (30) days. If the Deposit is insufficient to cover amounts owed, Customer shall pay the difference within fourteen (14) days of Provider’s notice of the shortfall. Provider may adjust the required Deposit amount from time to time to reflect material changes in Customer’s actual use of the Services, on not less than thirty (30) days’ prior written notice.

2.10 SMS Services Deposit

In addition to the Deposit referenced in Section 2.9, Provider may require a separate "SMS Services Deposit" as a condition for activation or continued use of messaging services. The SMS Services Deposit operates as a monthly prepaid balance and is determined by Provider based on Customer’s expected usage volume. Each Accounting Period, Provider shall reconcile actual messaging usage against the prepaid balance, and Customer shall pay the expected next-period usage adjusted for any prior-period over-consumption or shortfall. Provider may adjust the required SMS Services Deposit amount from time to time based on actual usage patterns. Provider may apply any positive remaining balance toward outstanding Fees without requiring Customer’s prior approval. Failure to pay or replenish the SMS Services Deposit when required is grounds for suspension of messaging services pursuant to Section 2.7. Any unused balance shall be refunded or applied to the final invoice upon termination of this Agreement.

3. Use Restrictions; Service Usage and Data Storage

3.1 Use Restrictions

Customer shall not, and shall not permit any Authorized User or any other Person to, access or use the Services or Provider Materials except as expressly permitted by this Agreement and, in the case of Third-Party Materials, the applicable third-party license agreement. For purposes of clarity and without limiting the generality of the foregoing, Customer shall not, except as this Agreement expressly permits:

  1. copy, modify, or create derivative works or improvements of the Services or Provider Materials;

  2. rent, lease, lend, sell, sublicense, assign, distribute, publish, transfer, or otherwise make available any Services or Provider Materials to any Person, including on or in connection with the internet or any time-sharing, service bureau, software as a service, cloud, or other technology or service;

  3. reverse engineer, disassemble, decompile, decode, adapt, or otherwise attempt to derive or gain access to the source code of the Services or Provider Materials, in whole or in part;

  4. bypass or breach any security device or protection used by the Services or Provider Materials or access or use the Services or Provider Materials other than by an Authorized User through the use of his or her own then-valid Access Credentials;

  5. input, upload, transmit, or otherwise provide to or through the Services or Provider Systems, any information or materials that are unlawful or injurious, or contain, transmit, or activate any Harmful Code;

  6. damage, destroy, disrupt, disable, impair, interfere with, or otherwise impede or harm in any manner the Services, Provider Systems, or Provider’s provision of services to any third party, in whole or in part;

  7. remove, delete, alter, or obscure any trademarks, Documentation, warranties, or disclaimers, or any copyright, trademark, patent, or other intellectual property or proprietary rights notices from any Services or Provider Materials, including any copy thereof;

  8. access or use the Services or Provider Materials in any manner or for any purpose that infringes, misappropriates, or otherwise violates any Intellectual Property Right or other right of any third party (including by any unauthorized access to, misappropriation, use, alteration, destruction, or disclosure of the data of any other Provider customer), or that violates any applicable Law;

  9. access or use the Services or Provider Materials for purposes of competitive analysis of the Services or Provider Materials, the development, provision, or use of a competing software service or product or any other purpose that is to Provider’s detriment or commercial disadvantage; or

  10. otherwise access or use the Services or Provider Materials beyond the scope of the authorization granted under this Section 3.1.

3.2 Data Use as Condition of Service

Customer acknowledges and agrees that Provider’s right to create and use Resultant Data and Anonymized Data as set forth in this Agreement, including for AI and machine learning model training, is a material consideration for Provider’s willingness to enter into this Agreement and provide the Services at the Fees set forth herein. Customer shall not, during or after the Term, seek to restrict, limit, or condition Provider’s rights with respect to Resultant Data or Anonymized Data. Nothing in this Section 3.2 limits the rights of data subjects under the GDPR (or, where applicable, UK GDPR).

3.3 Acceptable Use Policy

Customer’s use of the Services is also subject to Provider’s Acceptable Use Policy available at https://maestra.io/documents/acceptable-use-policy/, as may be updated by Provider from time to time, which is incorporated into this Agreement by reference. In the event of a conflict between the Acceptable Use Policy and this Agreement, this Agreement shall prevail.

4. Customer Obligations

4.1 Customer Systems and Cooperation

Customer shall at all times during the Term: (a) set up, maintain, and operate in good repair all Customer Systems on or through which the Services are accessed or used; (b) provide Provider Personnel with such access to Customer’s premises and Customer Systems as is necessary for Provider to perform the Services; and (c) provide all cooperation and assistance as Provider may reasonably request to enable Provider to exercise its rights and perform its obligations under and in connection with this Agreement.

4.2 Effect of Customer Failure or Delay

Provider is not responsible or liable for any delay or failure of performance caused in whole or in part by Customer’s delay in performing, or failure to perform, any of its obligations under this Agreement (each, a "Customer Failure").

4.3 Corrective Action and Notice

If Customer becomes aware of any actual or threatened activity prohibited by Section 3.1, Customer shall, and shall cause its Authorized Users to, immediately: (a) take all reasonable and lawful measures within their respective control that are necessary to stop the activity or threatened activity and to mitigate its effects (including, where applicable, by discontinuing and preventing any unauthorized access to the Services and Provider Materials and permanently erasing from their systems and destroying any data to which any of them have gained unauthorized access); and (b) notify Provider of any such actual or threatened activity.

5. Service Levels

Provider will use commercially reasonable efforts, consistent with industry best practices, to maintain the quality and availability of the Services for Customer. This Agreement does not include any guaranteed uptime or strict service level commitments by default. If Customer requires specific service level guarantees (such as a defined uptime percentage or response time commitment), the parties may enter into a separate written Service Level Agreement for an additional fee or under a separate order. In the absence of such a separately-signed Service Level Agreement, Customer acknowledges that the Services are provided on an "as is" and "as available" basis, and while Provider strives to deliver a reliable and continuously accessible Service, no minimum uptime or uninterrupted availability is promised.

6. No Data Backup Guarantee

Provider may, as an operational convenience and without obligation, perform periodic backups of Customer Data. Customer acknowledges and agrees that (i) any such backups by Provider do not replace the need for Customer to maintain regular data backups or redundant data archives, and (ii) Provider shall have no obligation or liability for any loss, alteration, destruction, damage, corruption, or recovery of Customer Data except as expressly set forth in any separately-signed Service Level Agreement.

7. Security and Data Protection

7.1 Data Protection

Provider acknowledges that it may have access to certain of Customer’s computer and communications systems and networks for the purposes set forth in this Agreement. If any Customer Data is made available or accessible to Provider, its employees, agents or contractors, pertaining to Customer’s business or financial affairs, or to Customer’s projects, transactions, clients, or End Customers, Provider will not store, copy, analyze, monitor or otherwise use that Customer Data except for the purposes set forth in this Agreement for the benefit of Customer. Provider will comply with GDPR and all other applicable data protection Laws (including, where applicable, UK GDPR and the United Kingdom Data Protection Act 2018) with respect to any Customer Data or End Customer Data that Provider receives or has access to under this Agreement or in connection with the performance of the Services. The specific obligations of Provider as a processor of Personal Data on behalf of Customer are set forth in the applicable DPA.

7.2 Customer Control and Responsibility

Customer has and will retain sole responsibility for:

  1. all Customer Data and Personal Data, including its content and use;

  2. all information, instructions, and materials provided by or on behalf of Customer or any Authorized User in connection with the Services;

  3. the Customer Systems;

  4. the security and use of Customer and its Authorized Users’ Access Credentials; and

  5. all access to and use of the Services and Provider Materials directly or indirectly by or through the Customer Systems or its or its Authorized Users’ Access Credentials, with or without Customer’s knowledge or consent, including all results obtained from, and all conclusions, decisions, and actions based on, such access or use.

7.3 Access and Security

Customer shall employ all physical, administrative, and technical controls, screening, and security procedures and other safeguards necessary to: (a) securely administer the distribution and use of all Access Credentials and protect against any unauthorized access to or use of the Services; and (b) control the content and use of Customer Data and End Customer Data, including the uploading or other provision of Customer Data or End Customer Data, as applicable, for Processing by the Services. Customer’s additional obligations with respect to subscriber lists and messaging compliance are set forth in Exhibit D (EU).

7.4 Data Processing Agreement

The Processing of Personal Data under this Agreement is governed by the DPA. Where Customer is established within the European Economic Area, Annex 1 (EU) applies. Where Customer is established outside the European Economic Area, Annex 2 (EU) applies. Where Customer Processes Personal Data of data subjects in the United Kingdom through the Services, Annex 3 (EU) (UK Addendum) applies in addition to the otherwise-applicable Annex. The DPA prevails over the body of this Agreement on any matter of data protection or Personal Data Processing.

8. Fees and Payment

8.1 Fees

Customer shall pay Provider the fees set forth in Exhibit A (EU) and the Engagement Letter (the "Fees") in accordance with this Section 8.

8.2 Taxes

All Fees and other amounts payable by Customer under this Agreement are exclusive of taxes and similar assessments. Without limiting the foregoing, Customer is responsible for all value added tax (VAT), sales tax, use tax, and any other similar taxes, duties, and charges of any kind imposed by any governmental or regulatory authority on any amounts payable by Customer hereunder, other than any taxes imposed on Provider’s income. Customer shall make all payments under this Agreement without withholding or deduction of, or in respect of, any tax unless required by Law. If any such withholding or deduction is required, Customer shall, when making the payment to which the withholding or deduction relates, pay to Provider such additional amount as will ensure that Provider receives the same total amount that it would have received if no such withholding or deduction had been required.

8.3 Invoicing and Payment

Following expiration of the Integration Period, Provider shall invoice Customer monthly in arrears for Fees accrued during the preceding calendar month. Customer shall pay all Fees set forth in each invoice within fourteen (14) calendar days after the date of issuance of the invoice. Customer shall make all payments hereunder in Euros (EUR) by wire transfer or other electronic payment method specified by Provider in the invoice. Customer shall make payments to the address or account specified in the invoice. Bank fees related to the payments between the parties, including any fees of correspondent banks, shall be covered by the sender of the payment (OUR).

8.4 Late Payment

If Customer fails to make any payment when due then, in addition to all other remedies that may be available:

  1. Provider may charge interest on the past due amount at the statutory commercial interest rate then in effect under the laws of the Netherlands (the wettelijke handelsrente as published by De Nederlandsche Bank pursuant to Article 6:119a of the Dutch Civil Code), plus an additional two percent (2%) per annum, calculated daily and compounded monthly;

  2. Customer shall reimburse Provider for all reasonable costs incurred by Provider in collecting any late payments or interest, including attorneys’ fees, court costs, and collection agency fees; and

  3. if such failure continues for fourteen (14) days following written notice thereof, Provider may suspend performance of the Services until all past due amounts and interest thereon have been paid, without incurring any obligation or liability to Customer or any other Person by reason of such suspension.

8.5 No Deductions or Setoffs

All amounts payable to Provider under this Agreement shall be paid by Customer to Provider in full without any setoff, recoupment, counterclaim, deduction, debit, or withholding for any reason (other than any deduction or withholding of tax as may be required by applicable Law).

8.6 Fee Changes

Separately from any changes in Fees due to the amount of data and End Customer records stored in the Services, Provider may update the Fees no more than once annually by providing written notice to Customer at least sixty (60) calendar days prior to the proposed effective date of the change. Exhibit A (EU) and the Engagement Letter shall be deemed amended accordingly upon the effective date of the change, subject to the procedure below.

If Customer does not object in writing within the sixty (60)-day notice period, Customer shall be deemed to have accepted the updated Fees, and the updated Fees shall take effect on the date specified in Provider’s notice. If Customer objects in writing within the sixty (60)-day notice period, the parties shall enter into a good-faith negotiation period of thirty (30) days during which Customer shall continue to pay the Fees at the rate in effect immediately prior to the proposed change. If the parties do not reach mutual agreement within the thirty (30)-day negotiation period, Customer shall continue to pay the Fees at the rate in effect immediately prior to the proposed change until the next price-change cycle or termination under Section 15. The parties may continue to negotiate beyond the thirty (30)-day period by mutual agreement.

Notwithstanding the foregoing, the per-message rates set forth in Exhibit B (EU) for SMS and MMS messaging are subject to a separate update mechanism in light of the rates charged by third-party carriers and aggregators outside Provider’s reasonable control. Provider may update such per-message rates on not less than thirty (30) calendar days’ prior written notice to Customer, except where shorter notice is required by an act or omission of a carrier or aggregator outside Provider’s reasonable control, in which case Provider shall give as much advance notice as is reasonably practicable. The annual cap and deemed-acceptance / negotiation procedure set forth above in this Section 8.6 does not apply to such per-message rate updates.

8.7 Additional Modules and Services

Provider may, at any time during the Term, offer additional modules. Such additional modules may be added to Exhibit A (EU) and to the Engagement Letter upon written notice to Customer and shall become effective as of the date specified in such notice. Subject to agreement with Customer, Provider may render an additional service, the scope and cost of which shall be specified in the corresponding invoice and Engagement Letter amendment.

9. Confidentiality

9.1 Confidential Information

In connection with this Agreement each party (as the "Disclosing Party") may disclose or make available Confidential Information to the other party (as the "Receiving Party"). Subject to Section 9.2, "Confidential Information" means information in any form or medium (whether oral, written, electronic, or other) that the Disclosing Party considers confidential or proprietary, including information consisting of or relating to the Disclosing Party’s technology, trade secrets, know-how, business operations, plans, strategies, customers, and pricing, and information with respect to which the Disclosing Party has contractual or other confidentiality obligations, in each case whether or not marked, designated, or otherwise identified as "confidential". Without limiting the foregoing: all Provider Materials are the Confidential Information of Provider, and the financial terms and existence of this Agreement are the Confidential Information of each of the parties. This Section 9 applies retroactively to any Confidential Information exchanged between the parties prior to the Effective Date in connection with the negotiation of this Agreement.

9.2 Exclusions

Confidential Information does not include information that the Receiving Party can demonstrate by written or other documentary records: (a) was rightfully known to the Receiving Party without restriction on use or disclosure prior to such information’s being disclosed or made available to the Receiving Party in connection with this Agreement; (b) was or becomes generally known by the public other than by the Receiving Party’s or any of its Representatives’ noncompliance with this Agreement; (c) was or is received by the Receiving Party on a non-confidential basis from a third party that, to the Receiving Party’s knowledge, was not or is not, at the time of such receipt, under any obligation to maintain its confidentiality; or (d) was or is independently developed by the Receiving Party without reference to or use of any Confidential Information.

9.3 Protection of Confidential Information

As a condition to being provided with any disclosure of or access to Confidential Information, the Receiving Party shall:

  1. not access or use Confidential Information other than as necessary to exercise its rights or perform its obligations under and in accordance with this Agreement;

  2. except as may be permitted by and subject to its compliance with Section 9.4, not disclose or permit access to Confidential Information other than to its Representatives who: (i) need to know such Confidential Information for purposes of the Receiving Party’s exercise of its rights or performance of its obligations under and in accordance with this Agreement; (ii) have been informed of the confidential nature of the Confidential Information and the Receiving Party’s obligations under this Section 9.3; and (iii) are bound by written confidentiality and restricted use obligations at least as protective of the Confidential Information as the terms set forth in this Section 9;

  3. safeguard the Confidential Information from unauthorized use, access, or disclosure using at least the degree of care it uses to protect its similarly sensitive information and in no event less than a reasonable degree of care;

  4. promptly notify the Disclosing Party of any unauthorized use or disclosure of Confidential Information and take all reasonable steps to cooperate with the Disclosing Party to prevent further unauthorized use or disclosure; and

  5. ensure its Representatives’ compliance with, and be responsible and liable for any of its Representatives’ non-compliance with, the terms of this Section 9.

The Receiving Party’s obligations under this Section 9 shall survive termination or expiration of this Agreement for a period of five (5) years, except that with respect to any Confidential Information that constitutes a trade secret under any applicable Law, such obligations shall continue until such time, if ever, as such Confidential Information ceases to qualify for trade secret protection under one or more such applicable Laws other than as a result of any act or omission of the Receiving Party or any of its Representatives.

9.4 Compelled Disclosures

If the Receiving Party or any of its Representatives is compelled by applicable Law to disclose any Confidential Information then, to the extent permitted by applicable Law, the Receiving Party shall: (a) promptly, and prior to such disclosure, notify the Disclosing Party in writing of such requirement so that the Disclosing Party can seek a protective order or other remedy or waive its rights under Section 9.3; and (b) provide reasonable assistance to the Disclosing Party, at the Disclosing Party’s sole cost and expense, in opposing such disclosure or seeking a protective order or other limitations on disclosure. If the Disclosing Party waives compliance or, after providing the notice and assistance required under this Section 9.4, the Receiving Party remains required by Law to disclose any Confidential Information, the Receiving Party shall disclose only that portion of the Confidential Information that, on the advice of the Receiving Party’s legal counsel, the Receiving Party is legally required to disclose and, on the Disclosing Party’s request, shall use commercially reasonable efforts to obtain assurances from the applicable court or other presiding authority that such Confidential Information will be afforded confidential treatment.

10. Intellectual Property Rights

10.1 Provider Materials and Resultant Data

All right, title, and interest in and to the Provider Materials, including all Intellectual Property Rights therein, are and will remain with Provider and, with respect to Third-Party Materials, the applicable third-party providers own all right, title, and interest, including all Intellectual Property Rights, in and to the Third-Party Materials. Customer has no right, license, or authorization with respect to any of the Provider Materials except as expressly set forth in Section 2.1 or the applicable third-party license, in each case subject to Section 3.1. All other rights in and to the Provider Materials are expressly reserved by Provider.

In furtherance of the foregoing, Customer hereby unconditionally and irrevocably grants to Provider, at the moment of derivation, an assignment of all right, title, and interest in and to the Resultant Data, including all Intellectual Property Rights relating thereto. This assignment survives termination or expiration of this Agreement. Provider may retain and use Resultant Data indefinitely, including after the termination or expiration of this Agreement, for the following purposes:

  1. operating, maintaining, monitoring, and improving the Services;

  2. developing new features, products, and services;

  3. training, testing, and improving artificial intelligence and machine-learning models, including generative artificial intelligence models;

  4. generating benchmarks, industry reports, and aggregated insights, which may be shared with Customer, other Provider customers, or third parties, in each case only in aggregated and anonymized form;

  5. capacity planning, billing analytics, and internal business operations of Provider and its Affiliates; and

  6. marketing and case studies, in each case only in aggregated and anonymized form that does not identify Customer or any End Customer.

Provider may share Resultant Data with its Affiliates for the purposes set forth above. Provider may also disclose Resultant Data to third parties given its irreversibly de-identified nature. Notwithstanding any other provision of this Agreement, Resultant Data shall not be used to identify, or to attempt to identify, any individual End Customer of Customer.

10.2 Customer Data

As between Customer and Provider, Customer is and will remain the sole and exclusive owner of all right, title, and interest in and to all Customer Data, including all Intellectual Property Rights relating thereto, subject to the rights and permissions granted in Section 10.3. For the avoidance of doubt, Customer Data does not include Resultant Data, and nothing in this Section 10.2 limits Provider’s rights in respect of Resultant Data under Section 10.1.

Customer hereby irrevocably grants all such rights and permissions in or relating to Customer Data as are necessary or useful to Provider, its Subcontractors, and Provider Personnel to enforce this Agreement and exercise Provider’s, its Subcontractors’, and Provider Personnel’s rights and perform Provider’s, its Subcontractors’, and Provider Personnel’s obligations hereunder, including for the derivation of Resultant Data.

11. Representations and Warranties

11.1 Mutual Representations and Warranties

Each party represents and warrants to the other party that:

  1. it is duly organized, validly existing, and in good standing as a corporation or other entity under the Laws of the jurisdiction of its incorporation or other organization;

  2. it has the full right, power, and authority to enter into and perform its obligations and grant the rights, licenses, consents, and authorizations it grants or is required to grant under this Agreement;

  3. the execution of this Agreement by its representative has been duly authorized by all necessary corporate or organizational action of such party; and

  4. when executed and delivered by both parties, this Agreement will constitute the legal, valid, and binding obligation of such party, enforceable against such party in accordance with its terms.

11.2 Additional Provider Representations, Warranties, and Covenants

Provider represents, warrants, and covenants to Customer that Provider will perform the Services using personnel of required skill, experience, and qualifications and in a professional and workmanlike manner in accordance with generally recognized industry standards for similar services and will devote adequate resources to meet its obligations under this Agreement. Provider further represents and warrants that it will comply with GDPR and, where applicable, UK GDPR with respect to its Processing of Personal Data on behalf of Customer, as further set forth in the DPA.

11.3 Additional Customer Representations, Warranties, and Covenants

Customer represents, warrants, and covenants to Provider that:

  1. Customer owns or otherwise has and will have the necessary rights and consents in and relating to the Customer Data so that, as received by Provider and Processed in accordance with this Agreement, they do not and will not infringe, misappropriate, or otherwise violate any Intellectual Property Rights, or any privacy or other rights of any third party or violate any applicable Law, including GDPR and (where applicable) UK GDPR;

  2. Customer’s use of the Services for messaging shall comply with Exhibit D (EU) (Sender Compliance and Subscriber List Certification) and all Applicable Messaging Laws; and

  3. Customer is the controller (as defined in GDPR) with respect to any Personal Data Processed through the Services on its behalf, and Customer is responsible for establishing and maintaining the lawful basis for such Processing under Article 6 of the GDPR.

11.4 Disclaimer of Warranties

EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH IN SECTIONS 11.1 AND 11.2, ALL SERVICES AND PROVIDER MATERIALS ARE PROVIDED "AS IS." PROVIDER SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE. WITHOUT LIMITING THE FOREGOING, PROVIDER MAKES NO WARRANTY OF ANY KIND THAT THE SERVICES OR PROVIDER MATERIALS, OR ANY PRODUCTS OR RESULTS OF THE USE THEREOF, WILL MEET CUSTOMER’S OR ANY OTHER PERSON’S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM, OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE, OR ERROR FREE. ALL THIRD-PARTY MATERIALS ARE PROVIDED "AS IS" AND ANY REPRESENTATION OR WARRANTY OF OR CONCERNING ANY THIRD-PARTY MATERIALS IS STRICTLY BETWEEN CUSTOMER AND THE THIRD-PARTY OWNER OR DISTRIBUTOR OF THE THIRD-PARTY MATERIALS.

12. Indemnification

12.1 Provider Indemnification

Provider shall indemnify, defend, and hold harmless Customer from and against any and all Losses incurred by Customer resulting from any Action by a third party (other than an Affiliate of Customer) that Customer’s or an Authorized User’s use of the Services (excluding Customer Data and Third-Party Materials) in accordance with this Agreement infringes or misappropriates such third party’s patents, copyrights, or trade secrets registered, applied for, or protected in the European Union or any Member State of the European Economic Area. The foregoing obligation does not apply to the extent that the alleged infringement arises from:

  1. Third-Party Materials, Customer Data, or End Customer Data;

  2. access to or use of the Provider Materials in combination with any hardware, system, software, network, or other materials or service not provided by Provider or specified for Customer’s use in the Documentation, unless otherwise expressly permitted by Provider in writing;

  3. modification of the Provider Materials other than: (i) by or on behalf of Provider; or (ii) with Provider’s written approval in accordance with Provider’s written specification;

  4. failure to timely implement any modifications, upgrades, replacements, or enhancements made available to Customer by or on behalf of Provider; or

  5. any act, omission, or other matter described in Section 12.2, whether or not the same results in any Action against or Losses by any Provider Indemnitee.

12.2 Customer Indemnification

Customer shall indemnify, defend, and hold harmless Provider and its Subcontractors and Affiliates, and each of its and their respective officers, directors, employees, agents, successors, and assigns (each, a "Provider Indemnitee") from and against any and all Losses incurred by such Provider Indemnitee resulting from any Action by a third party (other than an Affiliate of a Provider Indemnitee) to the extent that such Losses arise out of or result from, or are alleged to arise out of or result from:

  1. Customer Data, including any Processing of Customer Data by or on behalf of Provider in accordance with this Agreement;

  2. any other materials or information (including any documents, data, specifications, software, content, or technology) provided by or on behalf of Customer or any Authorized User, including Provider’s compliance with any specifications or directions provided by or on behalf of Customer or any Authorized User to the extent prepared without any contribution by Provider;

  3. any allegation of facts that, if true, would constitute Customer’s breach of any of its representations, warranties, covenants, or obligations under this Agreement;

  4. negligence or more culpable act or omission (including recklessness or willful misconduct) by Customer, any Authorized User, or any third party on behalf of Customer or any Authorized User, in connection with this Agreement; or

  5. any breach by Customer of Exhibit D (EU) (Sender Compliance and Subscriber List Certification).

12.3 Indemnification Procedure

Each party shall promptly notify the other party in writing of any Action for which such party believes it is entitled to be indemnified pursuant to Section 12.1 or 12.2, as the case may be. The party seeking indemnification (the "Indemnitee") shall cooperate with the other party (the "Indemnitor") at the Indemnitor’s sole cost and expense. The Indemnitor shall promptly assume control of the defense and shall employ counsel reasonably acceptable to the Indemnitee to handle and defend the same, at the Indemnitor’s sole cost and expense. The Indemnitee may participate in and observe the proceedings at its own cost and expense with counsel of its own choosing. The Indemnitor shall not settle any Action on any terms or in any manner that adversely affects the rights of any Indemnitee without the Indemnitee’s prior written consent, which shall not be unreasonably withheld or delayed. If the Indemnitor fails or refuses to assume control of the defense of such Action, the Indemnitee shall have the right, but no obligation, to defend against such Action, including settling such Action after giving notice to the Indemnitor, in each case in such manner and on such terms as the Indemnitee may deem appropriate. The Indemnitee’s failure to perform any obligations under this Section 12.3 will not relieve the Indemnitor of its obligations under this Section 12, except to the extent that the Indemnitor can demonstrate that it has been materially prejudiced as a result of such failure.

12.4 Mitigation

If any of the Services or Provider Materials are, or in Provider’s opinion are likely to be, claimed to infringe, misappropriate, or otherwise violate any third-party Intellectual Property Right, or if Customer’s or any Authorized User’s use of the Services or Provider Materials is enjoined or threatened to be enjoined, Provider may, at its option and sole cost and expense: (a) obtain the right for Customer to continue to use the Services and Provider Materials materially as contemplated by this Agreement; or (b) modify or replace the Services and Provider Materials, in whole or in part, to seek to make the Services and Provider Materials (as so modified or replaced) non-infringing, while providing materially equivalent features and functionality, in which case such modifications or replacements will constitute Services and Provider Materials, as applicable, under this Agreement.

12.5 Sole Remedy

THIS SECTION 12 SETS FORTH CUSTOMER’S SOLE REMEDIES AND PROVIDER’S SOLE LIABILITY AND OBLIGATION FOR ANY ACTUAL, THREATENED, OR ALLEGED CLAIMS THAT THE SERVICES AND PROVIDER MATERIALS OR ANY SUBJECT MATTER OF THIS AGREEMENT INFRINGES, MISAPPROPRIATES, OR OTHERWISE VIOLATES ANY INTELLECTUAL PROPERTY RIGHTS OF ANY THIRD PARTY.

13. Limitations of Liability

13.1 Exclusion of Damages

EXCEPT AS OTHERWISE PROVIDED IN SECTION 13.3, IN NO EVENT WILL EITHER PARTY OR ANY OF ITS LICENSORS, SERVICE PROVIDERS, OR SUPPLIERS BE LIABLE UNDER OR IN CONNECTION WITH THIS AGREEMENT OR ITS SUBJECT MATTER UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE, FOR ANY: (A) LOSS OF PRODUCTION, USE, BUSINESS, REVENUE, OR PROFIT OR DIMINUTION IN VALUE; (B) IMPAIRMENT, INABILITY TO USE OR LOSS, INTERRUPTION, OR DELAY OF THE SERVICES, OTHER THAN FOR THE ISSUANCE OF ANY APPLICABLE SERVICE CREDITS PURSUANT TO A SEPARATELY-SIGNED SERVICE LEVEL AGREEMENT; (C) LOSS, DAMAGE, CORRUPTION, OR RECOVERY OF DATA, OR BREACH OF DATA OR SYSTEM SECURITY; (D) COST OF REPLACEMENT GOODS OR SERVICES; (E) LOSS OF GOODWILL OR REPUTATION; OR (F) CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, ENHANCED, OR PUNITIVE DAMAGES, REGARDLESS OF WHETHER SUCH PERSONS WERE ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE, AND NOTWITHSTANDING THE FAILURE OF ANY AGREED OR OTHER REMEDY OF ITS ESSENTIAL PURPOSE.

13.2 Cap on Monetary Liability

EXCEPT AS OTHERWISE PROVIDED IN SECTION 13.3, IN NO EVENT WILL THE COLLECTIVE AGGREGATE LIABILITY OF EITHER PARTY ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER ARISING UNDER OR RELATED TO BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR ANY OTHER LEGAL OR EQUITABLE THEORY, EXCEED THE GREATER OF (I) THE TOTAL AMOUNTS PAID BY CUSTOMER TO PROVIDER UNDER THIS AGREEMENT IN THE SIX (6) MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO THE CLAIM, OR (II) THE TOTAL FEES THAT WOULD HAVE BEEN PAYABLE BY CUSTOMER FOR A SIX (6) MONTH PERIOD AT THE FEES IN EFFECT ON THE DATE OF THE EVENT GIVING RISE TO THE CLAIM. THE FOREGOING LIMITATIONS APPLY EVEN IF ANY REMEDY FAILS OF ITS ESSENTIAL PURPOSE.

13.3 Exceptions

The exclusions and limitations in Sections 13.1 and 13.2 do not apply to: (a) liability arising from a party’s intent (opzet) or conscious recklessness (bewuste roekeloosheid), which under the laws of the Netherlands cannot be excluded or limited by contract; (b) Provider’s indemnification obligations under Section 12.1; (c) Customer’s indemnification obligations under Section 12.2; (d) Customer’s payment obligations under Section 8; or (e) Customer’s breach of Section 3 (Use Restrictions), Section 9 (Confidentiality), Section 10 (Intellectual Property Rights), or Exhibit D (EU) (Sender Compliance and Subscriber List Certification). The liability of either party to a data subject for material or non-material damages under Article 82 of the GDPR is governed exclusively by GDPR and cannot be limited by this Section 13 as between the parties and the data subject.

14. Reserved

This Section is intentionally left blank.

15. Term and Termination

15.1 Term

This Agreement commences as of the Effective Date and, unless terminated earlier pursuant to any of the Agreement’s express provisions, will continue in effect on a month-to-month basis until terminated by either party in accordance with Section 15.3 (the "Term"). The Term comprises the Integration Period (as defined in Section 2.8) and, upon expiration thereof, the period during which the Services are provided to Customer on a month-to-month basis. There is no fixed initial term, no automatic renewal, and no minimum commitment beyond the obligations and notice periods set forth in this Agreement.

15.2 (Reserved)

This Section is intentionally left blank.

15.3 Termination

In addition to any other express termination right set forth elsewhere in this Agreement:

  1. Provider may terminate this Agreement, effective on written notice to Customer, if Customer: (i) fails to pay any amount when due hereunder, and such failure continues more than fourteen (14) days after Provider’s delivery of written notice thereof; or (ii) breaches any of its obligations under Sections 3.1, 7.2, 7.3, or 9, or Exhibit D (EU);

  2. either party may terminate this Agreement for convenience by providing at least thirty (30) calendar days’ advance written notice (which may be by email) to the other party. The Agreement shall end at the end of the calendar month in which the thirty (30)-day notice period expires (for example, a notice given on March 15 shall result in termination effective April 30). Customer shall pay all Fees accrued through the effective date of termination, and no early-termination fee or acceleration of Fees shall apply. This Section 15.3(b) does not apply during the Integration Period; Customer’s termination rights during the Integration Period are governed exclusively by Section 2.8;

  3. either party may terminate this Agreement, effective on written notice to the other party, if the other party materially breaches this Agreement, and such breach: (i) is incapable of cure; or (ii) being capable of cure, remains uncured thirty (30) days after the non-breaching party provides the breaching party with written notice of such breach;

  4. either party may terminate this Agreement, effective immediately upon written notice to the other party, if the other party: (i) becomes insolvent or is generally unable to pay, or fails to pay, its debts as they become due; (ii) files, or has filed against it, a petition for voluntary or involuntary bankruptcy or otherwise becomes subject, voluntarily or involuntarily, to any proceeding under any domestic or foreign bankruptcy or insolvency Law; (iii) makes or seeks to make a general assignment for the benefit of its creditors; or (iv) applies for or has appointed a receiver, trustee, custodian, or similar agent appointed by order of any court of competent jurisdiction to take charge of or sell any material portion of its property or business; and

  5. Provider may terminate this Agreement upon ninety (90) calendar days’ prior written notice to Customer if Provider, in its sole discretion, discontinues the Services generally (and not for a specific Customer). In such case, Provider shall refund to Customer, on a pro rata basis, any Fees prepaid for the period after the effective date of termination.

15.4 Effect of Termination or Expiration

Upon any expiration or termination of this Agreement, except as expressly otherwise provided in this Agreement:

  1. all rights, licenses, consents, and authorizations granted by either party to the other hereunder will immediately terminate;

  2. Provider shall cease all use of any Customer Data or Customer’s Confidential Information for purposes other than (i) transition to a successor service provider as reasonably requested by Customer, and (ii) Provider’s rights with respect to Resultant Data, which survive in accordance with Section 10.1. Within thirty (30) days after termination Provider shall, at Customer’s written request, return to Customer or destroy all documents and tangible materials containing, reflecting, incorporating, or based on Customer Data or Customer’s Confidential Information; and shall permanently erase all Customer Data and Customer’s Confidential Information from all systems Provider directly or indirectly controls. Notwithstanding the foregoing, Provider may in its discretion retain the Customer Data as backup for the benefit of Customer for up to six (6) months following termination. Provider’s obligations under this Section 15.4(b) do not apply to any Resultant Data, which Provider may retain and use indefinitely in accordance with Section 10.1;

  3. Customer shall immediately cease all use of any Services or Provider Materials and (i) within sixty (60) days return to Provider, or at Provider’s written request destroy, all documents and tangible materials containing, reflecting, incorporating, or based on any Provider Materials or Provider’s Confidential Information; and (ii) permanently erase all Provider Materials and Provider’s Confidential Information from all systems Customer directly or indirectly controls;

  4. notwithstanding anything to the contrary in this Agreement, with respect to information and materials then in its possession or control: (i) the Receiving Party may retain the Disclosing Party’s Confidential Information in its then current state and solely to the extent and for so long as required by applicable Law; and (ii) all information and materials described in this Section 15.4(d) will remain subject to all confidentiality, security, and other applicable requirements of this Agreement;

  5. Provider may disable all Customer and Authorized User access to the Provider Materials;

  6. Provider shall apply the Deposit and any positive remaining balance of the SMS Services Deposit toward any Fees or other amounts then owed by Customer in accordance with Section 2.9 and Section 2.10, and refund any remaining balance to Customer within thirty (30) days. If the Deposit and SMS Services Deposit are insufficient to cover amounts owed, Customer shall pay the difference within fourteen (14) days of Provider’s invoice;

  7. if Customer terminates this Agreement pursuant to Section 15.3(c), Customer shall pay only Fees accrued through the effective date of termination. Provider shall not invoice Customer for any Fees attributable to periods after the effective date of termination; and

  8. if Provider terminates this Agreement pursuant to Section 15.3(a) or 15.3(c), Customer shall pay all Fees accrued but not yet paid up to the effective date of termination, on receipt of Provider’s invoice therefor.

15.5 Surviving Terms

The provisions set forth in the following sections, and any other right or obligation of the parties in this Agreement that, by its nature, should survive termination or expiration of this Agreement, will survive any expiration or termination of this Agreement: Sections 3.1, 9, 10.1, 10.2, 11.4, 12, 13, 15.4, this Section 15.5, and 16; and Customer’s obligations under Sections 2 through 6 of Exhibit D (EU) (Sender Compliance and Subscriber List Certification); and the obligations of either party under the DPA that, by their nature or terms, survive termination.

16. Miscellaneous

16.1 Further Assurances

On a party’s reasonable request, the other party shall, at the requesting party’s sole cost and expense, execute and deliver all such documents and instruments, and take all such further actions, as may be necessary to give full effect to this Agreement.

16.2 Relationship of the Parties

The relationship between the parties is that of independent contractors. Nothing contained in this Agreement shall be construed as creating any agency, partnership, joint venture, or other form of joint enterprise, employment, or fiduciary relationship between the parties, and neither party shall have authority to contract for or bind the other party in any manner whatsoever.

16.3 Customer Success Stories and Publicity

Provider may publish customer success stories and other marketing materials featuring Customer and Customer’s use of the Services. Such materials may include Customer’s name, logo, general business details, quotes (with Customer’s reasonable cooperation), performance metrics, and (with the relevant individuals’ consent) employee names, titles, and photographs. Customer hereby grants Provider a fully-paid, royalty-free, non-exclusive, worldwide license to use such materials for marketing and promotional purposes, in any medium and through any marketing or promotional channel, including without limitation digital advertising, social media, websites, presentations, conferences, webinars, sales materials, and investor communications. Customer warrants that it has obtained all necessary consents from its employees for the use of their names, titles, and photographs.

Before publication of any such materials, Provider shall provide Customer with a reasonable opportunity to review and provide reasonable comments on draft content. Customer shall provide its comments, if any, within ten (10) business days of receipt of the draft. Provider shall give good-faith consideration to Customer’s comments but shall retain final editorial discretion. Provider is not required to remove, recall, amend, or cease distribution of any materials already published, distributed, or used at the time of any revocation, license termination, or termination of this Agreement. Upon termination of this Agreement, Provider shall not create new publications about Customer’s use of the Services, but materials already published may remain in circulation.

16.4 Notices

Notices under this Agreement fall into two categories:

  1. Legal notices, including notices of termination, breach, indemnification claims, suspension, and other formal communications having legal effect, shall be in writing and addressed to Provider at notices@maestra.io (with copy to the address set forth in the Engagement Letter) and to Customer at the address set forth in the Engagement Letter. Such notices shall be deemed effectively given: (i) when received, if delivered by hand, with signed confirmation of receipt; (ii) when received, if sent by an internationally recognized overnight courier, signature required; (iii) when sent, if by email (with confirmation of transmission), if sent during the addressee’s normal business hours, and on the next business day, if sent after the addressee’s normal business hours; or (iv) on the seventh (7th) day after the date mailed by certified or registered mail, return receipt requested, postage prepaid.

  2. Operational communications, including day-to-day instructions, support requests, and other matters not requiring formal legal notice, may be made through email at support@maestra.io, through the named Manager or Lead Manager assigned to Customer’s account, or through such other communication tool as the parties may agree (including Intercom, Slack, or similar). Customer instructions sent by email or messenger are binding on Provider only if they are addressed to support@maestra.io or to the named Manager or Lead Manager (collectively, the “Means of Communication”).

Either party may, on reasonable written request, receive a hard-copy original of this Agreement or any amendment thereto within seven (7) business days of the request. Failure to provide such hard copy shall not affect the validity, enforceability, or binding effect of this Agreement.

16.5 Interpretation

For purposes of this Agreement: (a) the words "include," "includes," and "including" are deemed to be followed by the words "without limitation"; (b) the word "or" is not exclusive; (c) the words "herein," "hereof," "hereby," "hereto," and "hereunder" refer to this Agreement as a whole; (d) words denoting the singular have a comparable meaning when used in the plural, and vice-versa; and (e) words denoting any gender include all genders. Unless the context otherwise requires, references in this Agreement: (x) to sections, exhibits, schedules, attachments, and appendices mean the sections of, and exhibits, schedules, attachments, and appendices attached to, this Agreement; (y) to an agreement, instrument, or other document means such agreement, instrument, or other document as amended, supplemented, and modified from time to time to the extent permitted by the provisions thereof; and (z) to a statute means such statute as amended from time to time and includes any successor legislation thereto and any regulations promulgated thereunder. The parties intend this Agreement to be construed without regard to any presumption or rule requiring construction or interpretation against the party drafting an instrument or causing any instrument to be drafted. The Exhibits, Annexes, schedules, attachments, and appendices referred to herein are an integral part of this Agreement to the same extent as if they were set forth verbatim herein.

16.6 Headings

The headings in this Agreement are for reference only and do not affect the interpretation of this Agreement.

16.7 Entire Agreement; Order of Precedence

The Engagement Letter and this Agreement (including its Exhibits and Annexes) constitute the sole and entire agreement of the parties with respect to the subject matter of this Agreement and supersede all prior and contemporaneous understandings, agreements, representations, and warranties, both written and oral, with respect to such subject matter.

In the event of any inconsistency between the Engagement Letter, the body of this Agreement, the Exhibits, the Annexes, and any other documents incorporated by reference, the following order of precedence governs:

  1. First, the DPA (Annex 1 (EU), Annex 2 (EU), and Annex 3 (EU)), with respect to data protection and Personal Data Processing subject matter; and Exhibit D (EU) (Sender Compliance and Subscriber List Certification), with respect to Subscriber Lists and messaging compliance subject matter;

  2. Second, the body of this Agreement, with respect to Section 12 (Indemnification), Section 13 (Limitations of Liability), Section 7 (Security and Data Protection), and Section 10 (Intellectual Property Rights);

  3. Third, the Engagement Letter, with respect to all other subject matter, including commercial terms, Fees, discounts, term length, and deal-specific service scope;

  4. Fourth, the remainder of the body of this Agreement;

  5. Fifth, the remaining Exhibits and any separately-signed Service Level Agreement; and

  6. Sixth, any other documents incorporated by reference.

Notwithstanding the foregoing, an Engagement Letter shall not modify, waive, or override any provision of the DPA, Exhibit D (EU), or the Sections of this Agreement identified in clause (b) above, except by express specific reference to the provision being modified and with mutual written agreement of the parties’ authorized signatories.

16.8 Assignment

Customer shall not assign or otherwise transfer any of its rights, or delegate or otherwise transfer any of its obligations or performance under this Agreement, in each case whether voluntarily, involuntarily, by operation of law, or otherwise, without Provider’s prior written consent, which consent shall not be unreasonably withheld, conditioned, or delayed. For purposes of the preceding sentence, and without limiting its generality, any merger, consolidation, or reorganization involving Customer (regardless of whether Customer is a surviving or disappearing entity), or any change of control of Customer (whether by sale of equity, sale of assets, or otherwise), will be deemed to be a transfer of rights, obligations, or performance under this Agreement for which Provider’s prior written consent is required. No assignment, delegation, or transfer will relieve Customer of any of its obligations or performance under this Agreement. Any purported assignment, delegation, or transfer in violation of this Section 16.8 is void.

Provider may, without Customer’s consent, assign or transfer this Agreement, in whole or in part, to (i) any Affiliate of Provider, or (ii) any successor in interest in connection with a merger, consolidation, reorganization, sale of all or substantially all of Provider’s assets or equity, or similar transaction. Any other assignment by Provider requires Customer’s prior written consent, which shall not be unreasonably withheld, conditioned, or delayed. This Agreement is binding upon and inures to the benefit of the parties hereto and their respective successors and permitted assigns.

16.9 Force Majeure

(a) No Breach or Default

In no event will either party be liable or responsible to the other party, or be deemed to have defaulted under or breached this Agreement, for any failure or delay in fulfilling or performing any term of this Agreement (except for any obligations to make payments), when and to the extent such failure or delay is caused by any circumstances beyond such party’s reasonable control (a "Force Majeure Event"), including acts of God, flood, fire, earthquake or explosion, war, terrorism, invasion, riot or other civil unrest, embargoes or blockades in effect on or after the date of this Agreement, national or regional emergency, strikes, labor stoppages or slowdowns or other industrial disturbances, pandemic or epidemic, passage of Law or any action taken by a governmental or public authority (including imposing an embargo, export or import restriction, quota, or other restriction or prohibition, or any complete or partial government shutdown), or national or regional shortage of adequate power or telecommunications or transportation. Either party may terminate this Agreement if a Force Majeure Event affecting the other party continues substantially uninterrupted for a period of thirty (30) days or more.

(b) Affected Party Obligations

In the event of any failure or delay caused by a Force Majeure Event, the affected party shall give prompt written notice to the other party stating the period of time the occurrence is expected to continue and use commercially reasonable efforts to end the failure or delay and minimize the effects of such Force Majeure Event.

16.10 No Third-Party Beneficiaries

This Agreement is for the sole benefit of the parties hereto and their respective successors and permitted assigns and nothing herein, express or implied, is intended to or shall confer upon any other Person any legal or equitable right, benefit, or remedy of any nature whatsoever under or by reason of this Agreement, except that data subjects retain such rights as are granted directly to them by applicable Law (including the GDPR and, where applicable, UK GDPR) or by the DPA.

16.11 Amendment and Modification; Waiver

No amendment to or modification of or rescission, termination, or discharge of this Agreement is effective unless it is in writing, identified as an amendment to or rescission, termination, or discharge of this Agreement, and signed by an authorized representative of each party. The foregoing does not apply to (i) updates to Fees made in accordance with Section 8.6 (which take effect through the deemed-acceptance mechanism set forth therein), and (ii) changes to the Services made in accordance with Section 2.5 (which take effect through the continued-use acceptance mechanism set forth therein). No waiver by any party of any of the provisions hereof shall be effective unless explicitly set forth in writing and signed by the party so waiving. Except as otherwise set forth in this Agreement, no failure to exercise, or delay in exercising, any rights, remedy, power, or privilege arising from this Agreement will operate or be construed as a waiver thereof; nor shall any single or partial exercise of any right, remedy, power, or privilege hereunder preclude any other or further exercise thereof or the exercise of any other right, remedy, power, or privilege.

16.12 Severability

If any term or provision of this Agreement is invalid, illegal, or unenforceable in any jurisdiction, such invalidity, illegality, or unenforceability shall not affect any other term or provision of this Agreement or invalidate or render unenforceable such term or provision in any other jurisdiction. Upon such determination that any term or other provision is invalid, illegal, or unenforceable, the parties hereto shall negotiate in good faith to modify this Agreement so as to effect the original intent of the parties as closely as possible in a mutually acceptable manner in order that the transactions contemplated hereby be consummated as originally contemplated to the greatest extent possible.

16.13 Governing Law; Submission to Jurisdiction

This Agreement is governed by and construed in accordance with the internal laws of the Netherlands, without giving effect to any choice or conflict of law provision or rule that would require or permit the application of the laws of any jurisdiction other than the Netherlands. Any legal suit, action, or proceeding arising out of or related to this Agreement or the licenses granted hereunder will be instituted exclusively in the competent courts of Amsterdam, the Netherlands, and each party irrevocably submits to the exclusive jurisdiction of such courts in any such suit, action, or proceeding, notwithstanding Provider’s right to bring any such suit, action, or proceeding before any other competent court. Service of process, summons, notice, or other document by mail to such party’s address set forth in the Engagement Letter shall be effective service of process for any suit, action, or other proceeding brought in any such court.

16.14 Equitable and Interim Relief

Each party acknowledges and agrees that a breach or threatened breach by the other party of any of its obligations under Section 3.1, 7.2, 7.3, or 9 of this Agreement, or by Customer of Exhibit D (EU), would cause the non-breaching party harm for which monetary damages may be inadequate, and that, in the event of such breach or threatened breach, the non-breaching party shall be entitled to seek interim relief, provisional measures, specific performance (nakoming), an injunction, kort geding proceedings, and any other relief that may be available from any competent court, without (to the extent permitted by Dutch procedural law) any requirement to post a bond or other security or to prove actual damages or that monetary damages are not an adequate remedy. Such remedies are not exclusive and are in addition to all other remedies that may be available at law, in equity, or otherwise.

16.15 Attorneys’ Fees

In the event that any action, suit, or other legal or administrative proceeding is instituted or commenced by either party against the other party arising out of or related to this Agreement, the prevailing party is entitled to recover its reasonable attorneys’ fees and court costs from the non-prevailing party, subject to the discretion of the competent court to moderate such recovery under the laws of the Netherlands.

16.16 Counterparts and Electronic Execution

This Agreement may be executed in counterparts, each of which is deemed an original, but all of which together are deemed to be one and the same agreement. A signed copy of this Agreement delivered by email or other means of electronic transmission, including by means of an electronic signature, is deemed to have the same legal effect as delivery of an original signed copy of this Agreement. The parties acknowledge that, pursuant to Article 3:15a of the Dutch Civil Code, electronic signatures and electronic delivery have full legal effect for purposes of this Agreement.

_____________________________________________________________________________________

Attachments

This Agreement incorporates by reference the following Exhibits and Annexes, each of which forms an integral part of this Agreement:

Exhibits (mirrored from Provider’s United States SSA with European Union tailoring):

Exhibit A (EU) — Services and Fees

Exhibit B (EU) — SMS and MMS Costs

Exhibit C (EU) — Information Security Policy (SOC 2 Type II compliance)

Exhibit D (EU) — Sender Compliance and Subscriber List Certification

Exhibit E (EU) — SHAFT Policy

Annexes (European Union-specific; no analogue in the United States SSA):

Annex I (EU) — Data Processing Agreement (Customers established within the European Economic Area)

Annex II (EU) — Data Processing Agreement (Customers established outside the European Economic Area)

Annex III (EU) — UK Addendum to the Data Processing Agreement

Previous versions of the MSA/SSA