Terms & Privacy

EXHIBIT D

Subscriber List Certification & Messaging Compliance (SMS/MMS)

Еffective as of November 5, 2025

This EXHIBIT (“EXHIBIT D”) forms part of, and is incorporated by reference into, the Maestra Software as a Service Agreement available at  https://maestra.io/msa/ (the “SaaS Agreement”) between Maestra.io LLC (“Maestra”) and the customer entity identified in the SaaS Agreement or any applicable Order Form (“Customer”). This EXHIBIT applies whenever Customer uploads or causes to be uploaded any Subscriber List (as defined below) or uses the Services to transmit SMS/MMS or similar messaging. This EXHIBIT is effective as of the Effective Date of the SaaS Agreement, the effective date of an Order Form that references messaging features, or the date Customer first uploads a Subscriber List, whichever occurs earlier. No separate signature is required; execution of the SaaS Agreement or an Order Form, or use of the applicable features, constitutes Customer’s acceptance of this EXHIBIT.

  1. Definitions

    Capitalized terms not defined in this EXHIBIT have the meanings given in the SaaS Agreement.

    “Applicable Messaging Laws” means all applicable laws, rules, regulations, self-regulatory codes, carrier rules, and industry guidelines governing SMS/MMS messaging and electronic marketing, including, without limitation, the U.S. Telephone Consumer Protection Act (TCPA) and its implementing regulations, FCC rules and orders, state telemarketing and privacy laws, the CTIA Messaging Principles and Best Practices, and, where applicable, Canada’s Anti-Spam Legislation (CASL), the EU/UK GDPR and ePrivacy rules, and any successors or amendments.

    “Subscriber List” means any list of mobile telephone numbers (and related data) that Customer provides to Maestra for messaging.

    “Consent” means valid, provable permission required under Applicable Messaging Laws for the specific type of message, channel, and sender, including any required disclosures and records.

  2. Certification Regarding Subscriber Lists

    Customer certifies that:

    • Authority. The individual accepting or causing acceptance of this EXHIBIT on Customer’s behalf is authorized to do so.

    • Lawful collection. Each number in any Subscriber List uploaded to Maestra was collected in compliance with Applicable Messaging Laws, including any requirements for prior express consent or prior express written consent and required disclosures/acknowledgments.

    • Exclusion of opt-outs. Subscriber Lists exclude numbers that have opted out, revoked consent, or otherwise requested not to receive messages; Customer will promptly honor and propagate all opt-out requests across its systems and uploads.

    • No purchased/rented/scraped lists. Subscriber Lists will not include numbers obtained from purchased, rented, or scraped lists, nor numbers collected without compliant marketing-text disclosures.

    • Use at Customer’s risk. Customer understands Maestra does not provide legal advice, does not review or verify Subscriber Lists for compliance, and Customer uploads and uses Subscriber Lists at its own risk.

  3. Representations and Warranties

    Customer represents, warrants, and covenants that:

    1. it possesses and will maintain all rights and Consents necessary to use Subscriber Lists for messaging through Maestra;

    2. all message content, cadence, targeting, and campaign configuration are Customer’s responsibility and will comply with Applicable Messaging Laws;

    3. it will maintain accurate sender identification and required disclosures in all opt-in flows and messages (e.g., brand identification, message frequency, HELP/STOP keywords, link to terms/privacy, and carrier fee disclosures, as required);

    4. it will take all reasonable measures to exclude from any Subscriber List any telephone number appearing on do-not-call registries — including federally established do-not-call lists (and any applicable state equivalents), by using Maestra’s built-in DNC/suppression features where available, as well as numbers on Customer’s internal do-not-contact/suppression lists and any carrier/aggregator prohibitions; and

    5. it will maintain procedures to promptly capture, process, and propagate revocations of Consent.

  4. Recordkeeping; Audit Cooperation

    Customer will retain contemporaneous records sufficient to prove Consent, opt-in source, date/time stamps, disclosures presented, and any revocations (including timestamps and channel). Upon reasonable written request from Maestra (e.g., in response to a carrier inquiry, regulator request, or third-party claim), Customer will provide relevant records within ten (10) business days (or sooner if required by the requesting authority).

  5. Allocation of Responsibility; Sender of Record

    As between the parties, Customer is the sender/advertiser for all messages initiated via Customer’s Maestra account(s). Customer is solely responsible for Subscriber Lists, message content, call-to-action flows, frequency, segmentation, targeting, and suppression management. Maestra provides a platform and delivery orchestration only and does not originate messages independently of Customer’s instructions.

  6. Indemnification; Fines and Pass-Through Costs

    This Section supplements (and does not limit) the indemnification in the SaaS Agreement. Customer will indemnify, defend, and hold harmless Maestra, its Affiliates, and their respective officers, directors, employees, and agents from and against any and all losses, damages, liabilities, fines, penalties, assessments (including carrier or aggregator fines), costs, and expenses (including reasonable attorneys’ fees) arising out of or related to: (i) the Subscriber Lists (including any allegation of insufficient or invalid Consent); (ii) Customer’s messaging practices, content, or failure to honor opt-out requests; or (iii) Customer’s breach of this EXHIBIT or the SaaS Agreement. Maestra may pass through to Customer any carrier/aggregator penalties attributable to Customer’s traffic.

  7. Suspension; Remediation

    If Maestra reasonably determines that Customer’s messaging practices or Subscriber Lists present undue compliance or carrier risk, Maestra may suspend message sending in whole or in part on written notice. The parties will cooperate in good faith on a remediation plan. Nothing herein requires Maestra to transmit messages that, in its reasonable judgment, would violate Applicable Messaging Laws or carrier/aggregator rules.

  8. Order of Precedence; Conflicts

    If there is any conflict between this EXHIBIT and the SaaS Agreement or an Order Form, the following order of precedence will apply: (a) the Order Form (if it expressly overrides this EXHIBIT), (b) this EXHIBIT (solely with respect to Subscriber Lists and messaging compliance), and then (c) the remainder of the SaaS Agreement.

  9. Updates; Survival

    Maestra may update this EXHIBIT in accordance with the SaaS Agreement’s change-management or modification provisions; where the SaaS Agreement does not provide such a mechanism, changes will require mutual written agreement, except for updates mandated by Applicable Messaging Laws or carrier/aggregator rules. Customer’s obligations under Sections 2–6 survive termination or expiration of the SaaS Agreement.