Common use of Security and Data Clause in Contracts

Security and Data. 9.1 Instabase has implemented the Enterprise Security Measures detailed at ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/trust/enterprise-security-measures/ to secure Customer Data in connection with Customer’s use of the Software. For further detail, please visit the Instabase Trust Center located at ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/trust. 9.2 Customer represents and warrants that it has obtained all necessary rights and authorizations to submit Customer Data to Instabase for the purposes contemplated by the Agreement. If Customer Data includes any personal data relating to identifiable individuals, Customer is responsible for the lawfulness of such data and for providing notice to individuals and obtaining any necessary consents as required under applicable data protection laws. Customer is solely responsible for the accuracy, content and legality of Customer Data, and Instabase does not assume any obligations with respect to Customer Data other than as expressly set forth in the Agreement or as required by applicable law. 9.3 Customer agrees that it shall not submit any Customer Data to Instabase that (a) contains any worm, virus or other malicious code which is designed to destroy, disable, harm, disrupt the operation of, enable unauthorized access to, erase, destroy or modify any software, hardware, network or technology; or (b) violates applicable laws or any third-party intellectual property, privacy, publicity or other rights. 9.4 Customer shall not submit any Customer Data to Instabase that contains (i) cardholder data as defined under the Payment Card Industry Data Security Standard ("cardholder data") or (ii) protected health information as defined under the Health Insurance Portability and Accountability Act ("PHI") unless Customer has entered into an Order that explicitly permits the submission of such Customer Data. 9.5 Instabase will access, process and use Customer Data in connection with Customer’s use of the Software in accordance with applicable privacy and data protection laws. Instabase’s GDPR Data Protection Addendum (“DPA”), available at ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/trust/DPA, is incorporated by reference and applies to the extent that Customer Data provided by or on behalf of Customer to Instabase includes any personal data that is subject to the General Data Protection Regulation 2016/679 or applicable data protection laws of the United Kingdom or Switzerland. 9.6 Instabase shall be permitted to delete any Customer Data which may be in its possession (e.g., if submitted via a technical services support case) and suspend Customer’s access to the Software, if: (i) Customer is in breach of Section 7 or this Section 9; (ii) removal or blocking of the Customer Data is necessary to protect the security of the Software, Instabase or any third party; or

Security and Data. 9.1 Instabase has implemented the Enterprise Security Measures detailed at ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/trust/enterprise-security-measures/ security to secure Customer Data in connection with Customer’s use of the Software. For further detail, please visit the Instabase Trust Center located at ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/trust. 9.2 Customer represents and warrants that it has obtained all necessary rights and authorizations to submit Customer Data Data, including personal data relating to identifiable individuals, to Instabase for the purposes contemplated by the Agreement. If Customer Data includes any personal data relating to identifiable individuals, Customer is responsible for the lawfulness of such data and for providing has provided notice to individuals and obtaining obtained any necessary consents as required under applicable data protection laws. Customer is solely responsible for the accuracy, content and legality of Customer Data, and Instabase does not assume any obligations with respect to Customer Data other than as expressly set forth in the Agreement or as required by applicable law. 9.3 Customer agrees that it shall not submit any Customer Data to Instabase that (a) contains any worm, virus or other malicious code which is designed to destroy, disable, harm, disrupt the operation of, enable unauthorized access to, erase, destroy or modify any software, hardware, network or technology; or (b) violates applicable laws or any third-party intellectual property, privacy, publicity or other rights. 9.4 Customer shall not submit any Customer Data to Instabase that contains (i) cardholder data as defined under the Payment Card Industry Data Security Standard ("cardholder data") or (ii) protected health information as defined under the Health Insurance Portability and Accountability Act ("PHI") unless Customer has entered into an Order that explicitly permits the submission of such Customer Data. 9.5 Instabase will access, process process, and use Customer Data in connection with Customer’s use of the Software in accordance with applicable privacy and data protection laws. Instabase’s GDPR Data Protection Addendum (“DPA”), available at ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/trust/DPA, is incorporated by reference and applies to the extent that Customer Data provided by or on behalf of Customer to Instabase includes any personal data that is subject to the General Data Protection Regulation 2016/679 or applicable data protection laws of the United Kingdom or Switzerland. 9.6 No more than once each quarter, Customer agrees to provide Instabase with a periodic screenshot of the license page to verify consumption data. The screenshot should clearly display the relevant license information, including the total number of pages used or any other relevant usage metrics agreed upon between the parties. The screenshots shall be provided to Instabase within five (5) business days following the end of each reporting period. 9.7 Instabase shall be permitted to delete any Customer Data which may be in its possession (e.g., if submitted via a technical services support case) and suspend Customer’s access to the Software, if: (i) Customer is in breach of Section 7 or this Section 9; (ii) removal or blocking of the Customer Data is necessary to protect the security of the Software, Instabase or any third party; or

Security and Data. 9.1 Instabase has implemented the Enterprise Security Measures detailed at ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/trust/enterprise-security-measures/ security to secure Customer Data in connection with Customer’s use of the Software. For further detail, please visit the Instabase Trust Center located at ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/trust. 9.2 Customer represents and warrants that it has obtained all necessary rights and authorizations to submit Customer Data Data, including personal data relating to identifiable individuals, to Instabase for the purposes contemplated by the Agreement. If Customer Data includes any personal data relating to identifiable individuals, Customer is responsible for the lawfulness of such data and for providing has provided notice to individuals and obtaining obtained any necessary consents as required under applicable data protection laws. Customer is solely responsible for the accuracy, content and legality of Customer Data, and Instabase does not assume any obligations with respect to Customer Data other than as expressly set forth in the Agreement or as required by applicable law. 9.3 Customer agrees that it shall not submit any Customer Data to Instabase that (a) contains any worm, virus or other malicious code which is designed to destroy, disable, harm, disrupt the operation of, enable unauthorized access to, erase, destroy or modify any software, hardware, network or technology; or (b) violates applicable laws or any third-party intellectual property, privacy, publicity or other rights. 9.4 Customer shall not submit any Customer Data to Instabase that contains (i) cardholder data as defined under the Payment Card Industry Data Security Standard ("cardholder data") or (ii) protected health information as defined under the Health Insurance Portability and Accountability Act ("PHI") unless Customer has entered into an Order that explicitly permits the submission of such Customer Data. 9.5 Instabase will access, process process, and use Customer Data in connection with Customer’s use of the Software in accordance with applicable privacy and data protection laws. Instabase’s GDPR Data Protection Addendum (“DPA”), available at ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/trust/DPA, is incorporated by reference and applies to the extent that Customer Data provided by or on behalf of Customer to Instabase includes any personal data that is subject to the General Data Protection Regulation 2016/679 or applicable data protection laws of the United Kingdom or Switzerland. 9.6 No more than once each quarter, Customer agrees to provide Instabase with a periodic screenshot of the license page to verify consumption data. The screenshot should clearly display the relevant license information, including the total number of pages used or any other relevant usage metrics agreed upon between the parties. The screenshots shall be provided to Instabase within five (5) business days following the end of each reporting period. 9.7 Instabase shall be permitted to delete any Customer Data which may be in its possession (e.g., if submitted via a technical services support case) and suspend Customer’s access to the Software, if: (i) Customer is in breach of Section 7 or this Section 9; (ii) removal or blocking of the Customer Data is necessary to protect the security of the Software, Instabase or any third party; or

Security and Data. 9.1 Instabase has implemented the Enterprise Security Measures detailed at ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/trust/enterprise-security-measures/ to secure Customer Data in connection with Customer’s use of the Software. For further detail, please visit the Instabase Trust Center located at ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/trust. 9.2 Customer represents and warrants that it has obtained all necessary rights and authorizations to submit Customer Data to Instabase for the purposes contemplated by the AgreementAgreement and that Customer Data and the use thereof by Instabase as contemplated in this Agreement does and will not infringe or misappropriate any third party intellectual property or other proprietary rights. If Customer Data includes any personal data relating to identifiable individuals, Customer is responsible for the lawfulness of such data and for providing notice to individuals and obtaining any necessary consents as required under applicable data protection laws. Customer is solely responsible for the accuracy, content and legality of Customer Data, and Instabase does not assume any obligations with respect to Customer Data other than as expressly set forth in the Agreement or as required by applicable law. 9.3 Customer agrees that it shall not submit any Customer Data to Instabase that (a) contains any worm, virus or other malicious code which is designed to destroy, disable, harm, disrupt the operation of, enable unauthorized access to, erase, destroy or modify any software, hardware, network or technology; or (b) violates applicable laws or any third-party intellectual property, privacy, publicity or other rights. 9.4 Customer shall not submit any Customer Data to Instabase that contains (i) cardholder data as defined under the Payment Card Industry Data Security Standard ("cardholder data") or (ii) protected health information as defined under the Health Insurance Portability and Accountability Act ("PHI") unless Customer has entered into an Order that explicitly permits the submission of such Customer Data. 9.5 Instabase will access, process and use Customer Data in connection with Customer’s use of the Software in accordance with applicable privacy and data protection laws. Instabase’s GDPR Data Protection Addendum (“DPA”), available at ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/trust/DPA, is incorporated by reference attached hereto and applies to the extent that Customer Data provided by or on behalf of Customer to Instabase includes any personal data that is subject to the General Data Protection Regulation 2016/679 or applicable data protection laws of the United Kingdom or Switzerland. 9.6 Instabase shall be permitted to delete any Customer Data which may be in its possession (e.g., if submitted via a technical services support case) and temporarily suspend Customer’s access to the Software, if: (i) Customer is in breach of Section 7 or this Section 9; (ii) removal or blocking of the Customer Data is necessary to protect the security of the Software, Instabase or any third party; or

Security and Data. 9.1 Instabase has implemented the Enterprise Hosted Security Measures detailed at ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/trust/enterprise-hosted- security-measures/ to secure Customer Data in connection with Customer’s use Use of the SoftwareSaaS Services. For further detail, please visit the Instabase Trust Center located at ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/trust. 9.2 Customer represents and warrants that it has obtained all necessary rights and authorizations to submit Customer Data to Instabase for the purposes contemplated by the Agreement. If Customer Data includes any personal data relating to identifiable individuals, Customer is responsible for the lawfulness of such data and for providing notice to individuals and obtaining any necessary consents as required under applicable data protection laws. Customer is solely responsible for the accuracy, content and legality of Customer Data, and Instabase does not assume any obligations with respect to Customer Data other than as expressly set forth in the Agreement or as required by applicable law. 9.3 Customer agrees that it shall not submit any Customer Data to Instabase that (a) contains any worm, virus or other malicious code which is designed to destroy, disable, harm, disrupt the operation of, enable unauthorized access to, erase, destroy or modify any software, hardware, network or technology; or (b) violates applicable laws or any third-party intellectual property, privacy, publicity or other rights. 9.4 Customer shall not submit any Customer Data to Instabase that contains (i) cardholder data as defined under the Payment Card Industry Data Security Standard ("cardholder data") or (ii) protected health information as defined under the Health Insurance Portability and Accountability Act ("PHI") unless Customer has entered into an Order that explicitly permits the submission of such Customer Data. 9.5 Customer hereby grants Instabase during the Subscription Term a non-exclusive, worldwide, royalty- free right and license to use, host, reproduce, or display the Customer Data solely for the purpose of operating, improving and providing the SaaS Services. 9.6 Instabase will access, process process, and use Customer Data in connection with Customer’s use of the Software SaaS Services in accordance with applicable privacy and data protection laws. Instabase’s GDPR Data Protection Addendum (“DPA”), available at ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/trust/DPA, is incorporated by reference and applies to the extent that Customer Data provided by or on behalf of Customer to Instabase includes any personal data that is subject to the General Data Protection Regulation 2016/679 or applicable data protection laws of the United Kingdom or Switzerland. 9.6 9.7 Instabase may automatically collect and analyze data about Customer’s Use of the SaaS Services, which data includes technical logs, frequency of logins, number of Models deployed, and engagement with features. Such usage data is anonymized of personal data and Customer Data in accordance with applicable law. 9.8 Instabase shall be permitted to delete any Customer Data which may be in its possession (e.g., if submitted via a technical services support case) and suspend Customer’s access to the Software, SaaS Services if: (i) Customer is in breach of Section 7 or this Section 9; (ii) removal or blocking of the Customer Data is necessary to protect the security of the SoftwareSaaS Services, Instabase or any third party; oror (iii) required to comply with a governmental mandate.

Security and Data. 9.1 Instabase has implemented the Enterprise Security Measures detailed at ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/trust/enterprise-security-measures/ security to secure Customer Data in connection with Customer’s use Use of the SoftwareSaaS Services. For further detail, please visit the Instabase Trust Center located at ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/trust. 9.2 Customer represents and warrants that it has obtained all necessary rights and authorizations to submit Customer Data Data, including personal data relating to identifiable individuals, to Instabase for the purposes contemplated by the Agreement. If Customer Data includes any personal data relating to identifiable individuals, Customer is responsible for the lawfulness of such data and for providing has provided notice to individuals and obtaining obtained any necessary consents as required under applicable data protection laws. Customer is solely responsible for the accuracy, content and legality of Customer Data, and Instabase does not assume any obligations with respect to Customer Data other than as expressly set forth in the Agreement or as required by applicable law. 9.3 Customer agrees that it shall not submit any Customer Data to Instabase that (a) contains any worm, virus or other malicious code which is designed to destroy, disable, harm, disrupt the operation of, enable unauthorized access to, erase, destroy or modify any software, hardware, network or technology; or (b) violates applicable laws or any third-party intellectual property, privacy, publicity or other rights. 9.4 Customer shall not submit any Customer Data to Instabase that contains (i) cardholder data as defined under the Payment Card Industry Data Security Standard ("cardholder data") or (ii) protected health information as defined under the Health Insurance Portability and Accountability Act ("PHI") unless Customer has entered into an Order that explicitly permits the submission of such Customer Data. 9.5 Customer hereby grants Instabase during the Subscription Term a non-exclusive, worldwide, royalty- free right and license to use, host, reproduce, or display the Customer Data solely for the purpose of operating, improving and providing the SaaS Services. 9.6 Instabase will access, process process, and use Customer Data in connection with Customer’s use of the Software SaaS Services in accordance with applicable privacy and data protection laws. Instabase’s GDPR Data Protection Addendum (“DPA”), available at ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/trust/DPA, is incorporated by reference and applies to the extent that Customer Data provided by or on behalf of Customer to Instabase includes any personal data that is subject to the General Data Protection Regulation 2016/679 or applicable data protection laws of the United Kingdom or Switzerland. 9.6 9.7 Instabase may automatically collect and analyze data about Customer’s Use of the SaaS Services, which data includes technical logs, frequency of logins, number of Models deployed, and engagement with features. Such usage data is anonymized of personal data and Customer Data in accordance with applicable law. 9.8 Instabase shall be permitted to delete any Customer Data which may be in its possession (e.g., if submitted via a technical services support case) and suspend Customer’s access to the Software, SaaS Services if: (i) Customer is in breach of Section 7 or this Section 9; (ii) removal or blocking of the Customer Data is necessary to protect the security of the SoftwareSaaS Services, Instabase or any third party; oror (iii) required to comply with a governmental mandate.