Sales: +1 646 663 4880

Master Subscription Agreement

Last Updated November 7, 2025

This Master Subscription Agreement (“MSA” or “Agreement”) is between the customer identified in the applicable Order Form (as defined herein) (“Customer,” “you” or “your”) and Kisi, Incorporated. (“Kisi,” “we,” “us,” or “our”), and governs Customer’s access to and use of Kisi’s enterprise Software-as-a-Service platform for physical security, related Hardware (as defined herein), and related hosting and other support services (collectively, the “Services”) made available through Kisi’s and our affiliated third-party websites and desktop or mobile applications (collectively, the “Platform”).

Reference is hereby made to the Kisi End User Agreement (“EUA”) located at https://www.getkisi.com/legal/eula which governs Customers’ End User (as defined herein) behavior in relationship with the Platform, the terms of which are incorporated into this Agreement.

This MSA also references ordering documents between the parties, hereinafter referred to as the “Order Form(s)”, the terms of which are incorporated into this Agreement. In the event of conflict between the Order Form and the MSA, the Order Form will control with respect to the Minimum Commitment, Commitment Date, Rollout Period, Auto-Pay Requirement, True-Up Payment, Discounted Rate, Fallback Rate, Subscription Term, Automatic Annual Price Increase, and related pricing and payment terms.

1. Definitions

The definitions of certain capitalized terms used in this Agreement are set forth below. Others are defined in the body of the Agreement.

1.1. “Documentation” means the online documentation regarding the Hardware, available at https://docs.kisi.io.

1.2. “DPA” means the Data Protection Agreement available at https://www.getkisi.com/legal/dpa or other negotiated data protection agreement, entered into between Kisi and Customer.

1.3. “End User” means an individual authorized by Customer to use the Products on Customer’s behalf.

1.4. “Firmware” means the software developed and maintained by Kisi that is stored on the Hardware and enables the basic functioning of the Hardware and its communication with the Hosted Software.

1.5. “Hardware” means the Kisi hardware products, including but not limited to, Kisi Reader Pro, Kisi Controller, Mobile and Keycards, and other units manufactured by Kisi.

1.6. “Hosted Software” means Kisi’s Software-as-a-Service solution, currently known as “Kisi Dashboard,” and related infrastructure made available to Customer to manage and configure the Hardware.

1.7. “License” has the meaning ascribed to it in Section 2.1 means the end-user right to access and use the Software granted under this EUA, as enabled by the licenses purchased by Customer under the Order Form and MSA

1.8. “License Term” means the length of time indicated in the License SKU set forth on the applicable Purchase Order.

1.9. “Order Form” means the ordering document between Customer and Kisi (or an authorized Reseller acting on behalf of Kisi) that identifies Products, quantities, pricing and special commercial terms (including Minimum Commitment, Commitment Date, True-Up Payment, Discounted Rate, and Fallback Rate). Order Forms may also be referred to as “Quotes.”

1.10. “Products” means, collectively, the Software, Hardware, Usage Statistics, Documentation, and all modifications, updates, and upgrades thereto and derivative works thereof.

1.11. “Purchase Order” means each order document submitted to Kisi by a Reseller on behalf of Customer, and accepted by Kisi, indicating Reseller’s firm commitment to purchase the Products for the prices listed thereon.

1.12. “Reseller” means a third-party authorized by Kisi to resell the Products, to whom Customer has delivered a Purchase Order for such Products.

1.13. “Software” means Firmware and Hosted Software.

1.14. “Software License Plan” means the type of license plan purchased by Customer as set forth in the applicable Order Form, which may correspond to one of Kisi’s standard plans described at: https://www.getkisi.com/pricing.

1.15. “Subscription”: means the recurring license fees paid for using the Software.

1.16. “Subscription Term” means the initial and any renewal period(s) during which Customer is subscribed to the Services, as specified in the applicable Order Form or Purchase Order. Unless otherwise stated, each License Term under such Order Form is coterminous with the applicable Subscription Term. Billing cycles (monthly, annual, or otherwise) are administrative periods for invoicing within the Subscription Term and do not modify its duration. Any price changes or plan adjustments apply upon renewal of the Subscription Term unless otherwise agreed in writing.

1.17. “Support” means the technical support services and resources available at https://help.kisi.io/hc/en-us.

1.18. “Usage Statistics” means routine information regarding the Customer’s use of the Products, including information automatically collected through the Software, such as a User’s IP address, browser type, and how the User interacts with the Software, as well as Hardware-related performance statistics and related data. For clarity, Usage Statistics does not constitute Customer Data.

2. Kisi’s Responsibilities

2.1. Provision of the Services. During the applicable Order Form Term (as defined in Section 7.1 (Term and Order Form Term) below), we grant you and your End Users a revocable, nonexclusive, non-sublicensable, non-transferable, limited license to (a) access and use the Services described in the Order Form, solely in accordance with any usage or license limitations set forth in the Order Form; and (b) access and use any APIs provided by Kisi (the “Kisi API(s)”) to facilitate your use of the Services. The definition “Services” as used in this MSA is comprehensive of the Platform, Software that may be downloadable through the Platform or otherwise provided by Kisi (including the Kisi APIs), technical support, hosting services, and any documentation provided in connection with the Services. You agree that you will not provide access to the Services to any third-party except your (and your authorized Affiliates’) employees and contractors for their internal use in connection with this Agreement (“Authorized Users”) and agree that you are liable for your Authorized Users’ compliance with this Agreement.

2.2. Use of Contractors. Kisi subcontracts with third-party individuals (“Contractors”) to provide certain of its services. You agree that Kisi may sublicense its rights under this Agreement to Contractors, provided that Kisi will (a) be solely responsible for paying and resolving all disputes with Contractors; and (b) enter into a written agreement with each Contractor obligating the Contractor to protect the Customer Content and to comply with Kisi’s policies and Applicable Law (as defined in Section 3.2 (Prohibited Content) below).

2.3. Affiliates. Subject to credit approval by Kisi and your agreement to take full responsibility for Affiliates’ compliance with this Agreement, you may allow your Affiliate to order Services under the terms of this Agreement. Authorized Affiliates will be deemed a “Customer” for the applicable Order Form only. “Affiliate” means an entity that controls, is controlled by, or is under common control with a party, with “control” meaning direct or indirect ownership of (a) more than fifty percent (50%) of an entity’s voting interest; or (b) the right to receive more than fifty percent (50%) of an entity’s profits.

2.4. Support. During an Order Form Term, we will provide you with the maintenance and support services specified in Exhibit A (the “Service Level Agreement”) for the Services described in the Order Form. For informational purposes, Kisi also maintains non-binding performance targets published as its Service Level Commitments (“SLCs”), available at https://www.getkisi.com/legal/slc. Such Service Level Commitments may be updated by Kisi from time to time. In the event of any inconsistency between Exhibit A and the Service Level Commitments, Exhibit A will control.

2.5. Data Security. We will make commercially reasonable efforts to maintain security in accordance with Exhibit B. You agree to assist Kisi in such efforts by making commercially reasonable efforts to prevent unauthorized access to or use of the Services, and agree to notify us promptly of any such unauthorized access or use.

3. Customer’s Responsibilities

3.1. Customer Content. You acknowledge and agree that (a) you, and not Kisi, are entirely responsible for the accuracy, quality, integrity, legality, reliability, appropriateness, and ownership or right to use any video, audio and other materials, information and data (“Content”) uploaded, posted, transmitted or otherwise made available on the Platform and/or through the Services by you or on your behalf by your Affiliates and/or End Users (“Customer Content”); (b) Kisi is not obligated to pre-screen Customer Content, although Kisi reserves the right, in its reasonable discretion, to pre-screen, refuse, or remove any Customer Content; and (c) while Kisi takes reasonable measures to back up Customer Content on the Platform, you are responsible for ensuring that you maintain adequate back-ups of your Customer Content. Subject to the terms of this Agreement, you grant Kisi a worldwide, royalty-free, non-exclusive, perpetual license during the Term to sublicense, copy, reproduce, modify, use, perform, display, distribute and create derivative works of any and all Customer Content as necessary for Kisi to: (i) provide the Services to you; (ii) perform necessary maintenance, calibration, diagnostic and troubleshooting of the Platform, and to monitor its performance; and (iii) to improve the Services, including by training and maintaining Kisi’s platform and other Kisi-owned software. You also acknowledge and agree that we may collect, retain, use and disclose information relating to the performance of the Services and statistics and metrics regarding the Services (e.g., number of files transcribed using the Services across all Kisi customers), provided that such information is solely in an aggregated and anonymized format that does not identify Customer or any individual (“Aggregate Data”). For clarity, “Aggregate Data” means data generated from the processing, analysis, training, or aggregation of Customer Content, provided that such data cannot reasonably be used to identify, extract, or reconstruct Customer Content.

3.2. Prohibited Content. Unless expressly agreed in an Order Form with respect to a certain type of Content, you must not nor permit others - including your Affiliates and/or End Users - to submit, upload, email, transmit or otherwise make available through the Platform: (a) any Content not owned by you or for which you do not have all necessary authorization to make available through the Platform, including in accordance with all applicable intellectual property laws and data laws, regulations and privacy standards; (b) sensitive financial data (e.g., bank account numbers, credit card or debit card numbers, passwords, and other access codes for financial accounts); (c) personal health information subject to protection under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”); (d) Content that violates applicable provisions of foreign, federal, state or local laws, rules, regulations or orders of all governmental bodies, courts, tribunals and arbitrators (“Applicable Law”) or creates a security risk to any person (e.g., by exposing sensitive personal information); (e) illegal content (including but not limited to obscenity, sexual content involving minors); or (f) Content that a reasonable person would find abusive, harassing, threatening, defamatory, libelous, obscene, or otherwise objectionable. Kisi reserves the right to reject and/or remove any Customer Content that Kisi believes, in its reasonable discretion, violates this Section 2.2.

3.3. Restrictions. You agree not to, nor permit any other party - including Affiliates and/or End Users - to: (a) use, or cause others to use, any automated system or software to extract Content from the Platform; (b) interfere with or disrupt the Services or servers or networks connected to the Platform; (c) take any action that negatively affects the ability of others to access or use the Platform; (d) use the Services for any illegal or unauthorized purpose; (e) provide access to the Services to anyone but Authorized Users or End Users; (f) rent, lease, lend, sell or sublicense the Services or otherwise provide access to the Services as part of a service bureau or similar fee-for-service purpose; (g) reverse engineer, decode, decompile, disassemble or otherwise attempt to access or derive the source code or architectural framework of the Platform, Kisi APIs, or any other part of the Services; (h) introduce any malicious code (e.g. viruses, malware) to the Services; or (i) directly or indirectly export, re-export, or use the Platform to provide services in violation of the export laws and regulations of the United States or any other country. You agree that Kisi may establish general practices and limits concerning use of the Platform, including the maximum period that we will retain Customer Content on the Platform and the maximum storage space to be allotted on Kisi's servers on your behalf. If Customer operates in a regulated industry, Customer represents that it has obtained all necessary federal, local and state licenses and/or permits necessary to operate its business and is in compliance (and will use its best efforts to remain in compliance) with all local, state, and (if applicable) federal regulations regarding the conduct of its business. Kisi reserves the right to suspend use of the Platform operating in violation of the obligations of this Section 2.3, following written notice to Customer (which may take the form of an email).

3.4. Account Administration. Customer is responsible for identifying one or more individuals within Customer’s organization who will act as administrator(s) of Customer’s account. Such person(s) will be responsible for, among other things, monitoring and managing access privileges of other Users.

4. Costs, Fees, Payments Terms, and Taxes

4.1. Hardware Costs.

4.1.1. Hardware Product Costs. You will be charged for Kisi Hardware at the time of purchase and as included in the applicable Order Form, unless otherwise agreed upon in writing by you and Kisi or Reseller. Once charged, your Hardware will be subject to the Hardware Warranty and Return policy included in Section 5 of these Terms. These Hardware charges are exclusive of any fees you incur in the installation of Kisi Products and Software License charges and fees.

4.1.2. Installation Costs. Kisi relies on Resellers (or other third parties) for installation services. Any services around installation are provided by Resellers (and other third parties) and any costs related thereto will be settled between Customer and Reseller(s) (and other third parties, as applicable).

4.2. Software Fees.

4.2.1. Software License Fees. All fees for Subscriptions, license quantities, conditional pricing, Minimum Commitments, True-Ups, renewals, and any Fallback Rate are governed exclusively by the Order Form. You agree to pay Kisi the license fees for usage of the Software as stated in the applicable Order Form, in U.S. dollars, unless another currency is specified in the Order Form. All fees are exclusive of applicable taxes, duties, or charges unless otherwise stated. Software License Fees may include conditional pricing constructs as set forth on the applicable Order Form (including a Minimum Commitment, Rollout Period pricing, a True-Up Payment, and a Fallback Rate). To the extent an Order Form includes such constructs, Section 4.13 applies. Fees for Support are included in the cost of the License unless otherwise agreed upon by you and Kisi in writing. As part of a Support case, Kisi’s Support team may access the Customer's account to the extent necessary to solve Customer’s Support case.

4.2.2. Software License Upgrades. Plan features and any automatic upgrades or overage handling are governed by the Order Form or as configured in the Product; any associated fees are charged per the Order Form.

4.2.3. Payment Terms. Invoices submitted by Kisi are due on receipt unless otherwise specified in the applicable Order Form. Kisi will not be required to utilize yours or a third-party’s billing application(s) in order to receive payment, and you agree that (a) Kisi may invoice you for any processing fees for any such billing mechanism that Kisi agrees to use; and (b) you are responsible for any wire transfer fees. Unpaid invoices are subject to a finance charge of 1.5% per month on any outstanding balance, or the maximum permitted by law, whichever is lower. If you dispute any charges you must let Kisi know within thirty (30) days after the date that Kisi invoices you; otherwise, such charges shall be considered undisputed and fully owed by you. If an Order Form specifies a Commitment Date, Customer authorizes Kisi to issue an invoice for any True-Up Payment on or after the Commitment Date and to collect such invoice via Auto-Pay pursuant to Section 4.12. Notwithstanding anything to the contrary, amounts due for True-Up Payments are non-cancellable and non-refundable, except as expressly set forth in Sections 7.3–7.5. The provision of Services under an Order Form is subject to timely payment and satisfactory credit approval of the Customer. Credit approval may be withdrawn upon written notice by Kisi, at any time.

4.2.4. Overdue Payments; Suspension Process. If any undisputed invoice remains unpaid after its due date, Kisi’s suspension procedures under Section 7.3 (Suspension) may apply. Such procedures may include varying levels of account limitations up to and including complete disconnection of Customer’s Services, rendering all hardware and software inoperable. Services will be restored upon full payment of all outstanding amounts and applicable fees.

4.3. Taxes. Customer is responsible for all taxes, duties or other fees imposed, assessed or collected by or under the authority of any governmental body (“Taxes”) imposed on the transaction for the purchase, license or use of the Hardware or the delivery of Services (except Taxes based on Kisi’s net income or otherwise statutorily imposed on Kisi). These Taxes include, but are not limited to, sales, value-added tax (VAT), goods and services tax (GST), and any other applicable taxes.

4.4. Tax Exemptions. If Customer claims exemption from any applicable Taxes, Customer must provide valid and current tax exemption documentation to Kisi prior to invoicing and upon entering into a contract. Failure to provide the necessary documentation before invoicing may result in Taxes being applied to the invoice, and Kisi shall have no obligation to refund or credit any Taxes collected due to the absence of valid exemption documentation. Customer is responsible for ensuring that exemption documentation remains valid and up to date.

4.5. Withholding Taxes. If any Taxes are required to be withheld from any payment to us by law, you shall be entitled to withhold and remit such Taxes to the appropriate government authority. You agree to provide us with official receipts issued by the appropriate government authority or other such evidence as we may reasonably request to establish that such Taxes have been paid.

4.6. Import and Export Duties. You are responsible for all duties, tariffs, and similar charges imposed on the import and export of the hardware or related software, including any customs clearance costs.

4.7. Hardware Regulatory Fees. Certain jurisdictions may require payment of additional fees related to your usage of the Hardware, including but not limited to recycling fees, environmental handling fees, or other regulatory assessments. You are responsible for any such fees where applicable.

4.8. Changes in Taxes or Fees. If any new Taxes or regulatory fees are imposed, or if the applicable rate of any Taxes or fees changes, we reserve the right to adjust the prices to reflect these changes.

4.9. Disputes Related to Taxes. If any dispute arises concerning the application or calculation of Taxes, you agree to work with us to resolve the dispute in accordance with applicable law. However, your payment obligations under this section shall not be contingent upon the resolution of such disputes.

4.10. Duplicative Uploads. You acknowledge and agree that you are responsible for payment for any Services performed because of an accidental duplicative upload of Customer Content or your selection of the incorrect service type.

4.11. Auto-Pay Requirement. Unless an alternative payment arrangement is agreed to by Kisi in a Kisi Order Form, Customer is required to enroll in automatic payment (“Auto-Pay”) for all fees under this Agreement, including recurring fees for Services or subscription and one-time invoices for non-recurring charges, such as hardware purchases or professional services. Auto-Pay also applies to any True-Up Payment, and any Fallback Rate renewals or charges. By enrolling in Auto-Pay, Customer authorizes Kisi to automatically charge the designated payment method on file for all invoices on or after the due date. Customer is responsible for ensuring that the payment method remains valid and up to date. If an Auto-Pay transaction fails due to an expired or invalid payment method, Kisi may (i) charge any other payment method on file, (ii) suspend Services or withhold delivery of products until payment is received, or (iii) apply late fees in accordance with Section 4.2.

4.12. Order Acceptance. All orders for Kisi products and services (each, an “Order”) are deemed accepted—and become a binding contract—on the earliest of: (i) execution of the Order Form by both parties, (ii) Kisi’s provisioning of any Services under the Order, or (iii) Customer’s payment. For clarity, an accepted Order Form that includes a Minimum Commitment creates a binding purchase obligation regardless of whether all amounts are prepaid.

4.13. Conditional Pricing; Minimum Commitment; True-Up; Fallback Rate.

4.13.1. Minimum Commitment; Rollout Period. If the Order Form specifies a Minimum Commitment and a Commitment Date, Customer agrees to purchase no fewer than the Minimum Commitment of Licenses by the Commitment Date. During the Rollout Period, Customer may add any number of Licenses at the Discounted Rate, provided the account is in good standing. For purposes of this Agreement: (i) “License” means the unit of subscription identified on the Order Form, (ii) “Minimum Commitment” means the minimum number of Licenses Customer agrees to purchase as stated in the Order Form, (iii) “Commitment Date” means the date by which the Minimum Commitment must be met, as stated in the Order Form, (iv) “Rollout Period” means the period from the Order Form Effective Date through (and including) the Commitment Date, (v) “Discounted Rate” means the per-License rate specified on the Order Form that applies during the Rollout Period and, after the Commitment Date, if Customer has met or exceeded the Minimum Commitment, and (vi) “Fallback Rate” means the per-License rate specified on the Order Form that applies after the Commitment Date if Customer has not met the Minimum Commitment.

4.13.2. Measurement. On the Commitment Date, Kisi will determine the total number of Licenses purchased by Customer under the Order to date.

4.13.3. True-Up Payment. If the total purchased Licenses are fewer than the Minimum Commitment, Kisi will invoice Customer for the shortfall (the “True-Up Payment”) so that Customer has paid for no fewer than the Minimum Commitment. The True-Up Payment is due in accordance with Section 4.2.3 and collected via Auto-Pay under Section 4.11.

4.13.4. Post-Commitment Pricing. Following the Commitment Date: (i) if Customer has fewer than the Minimum Commitment number of Licenses, all active and additional Licenses will renew and bill at the Fallback Rate going forward; and (ii) if Customer has met or exceeded the Minimum Commitment, active and additional Licenses will continue at the Discounted Rate through the remainder of the Subscription Term, subject to renewal pricing thereafter.

4.14. Non-cancellable; No Refunds. Subscriptions are non-cancellable during the applicable Subscription Term, and no refunds or credits will be issued for prepaid or unused Licenses, except as expressly provided in Sections 7.3–7.5.

4.15. Audit/Verification. Kisi may, upon reasonable notice, review usage and billing records to verify License counts and fees. Kisi may also monitor usage electronically through its systems and logs at any time to ensure compliance with this Agreement. Customer will reasonably cooperate with Kisi in any such verification. Any underpayment or other discrepancy identified will be invoiced and payable in accordance with Section 3.3.

5. Hardware Installation, Warranty & Returns

5.1. Hardware Installation. Kisi may suggest a third party installation service provider. Installation time will vary and is entirely dependent on the third party’s availability. Kisi hereby disclaims liability for any act, omission, or error of the third-party installer and does not guarantee the work of any third-party installer procured from Kisi recommendations. Your sole recourse will be against such third-party installer and the terms of any agreement between you and such third-party installer will govern. Hardware may also be self-installed. Additional terms regarding both Hardware and Product Installation are available at https://www.getkisi.com/docs. For the purpose of clarity and avoidance of doubt, you are solely responsible for the proper installation of the Hardware and hereby waive any right to make claims against Kisi for improper installation.

5.2. Hardware Warranty. Kisi represents to the original purchaser and user of the Hardware that, for five (5) years, or for the period set forth as otherwise set forth in the applicable Documentation from the date of shipment to the location specified on the Purchase Order, the Hardware will be substantially free of defects in materials and workmanship (“Hardware Warranty”). This Hardware Warranty does not apply, and will be deemed void, if any defect or failure results from: (a) improper installation, handling, storage, or maintenance; (b) modification, alteration, or repair by anyone other than Kisi or its authorized service providers; (c) use of the Hardware with non-approved equipment, accessories, or software; (d) accident, abuse, negligence, electrical surge, water damage, or other external causes; or (e) any “customer-induced damage,” including, without limitation, the cutting or improper termination of cables, tampering with wiring, or physical damage to the device enclosure. Customer hereby acknowledges and agrees that the foregoing warranty applies to hardware manufactured by Kisi; to the extent that Customer purchases third-party hardware directly from Kisi, Customer agrees that the warranty provided by the manufacturer of such third party hardware is applicable and such warranty terms may differ from Kisi’s hardware warranty stated herein.

5.3. Remedies. Customer’s sole and exclusive remedy and Kisi’s (and its suppliers’ and licensors') sole and exclusive liability for a breach of the Hardware Warranty will be, in Kisi’s sole discretion, to replace the non-conforming Hardware. Replacement may be made with a new or refurbished product or components. If the Hardware or a component within it is no longer available, then Kisi may replace the Hardware unit with a similar product of similar function. Any Hardware unit that has been replaced under the Hardware Warranty will be covered by the terms of the Hardware Warranty for the longer of (a) 90 days from the date of the delivery, or (b) the remainder of the original Hardware Warranty period.

5.4. Exclusions. The Hardware Warranty does not extend to any non-Kisi proprietary equipment or end of life equipment. These would include the door locks, components on the door locks, and/or any other physical access control system working on the same doors as the Kisi system. Non-Kisi proprietary equipment would be subjected to the warranty terms and conditions of the respective manufacturer.

5.5. Warranty Expiration. Kisi will not be liable for malfunctions on the Hardware once the warranty expires. You will need to purchase new Hardware if you need a replacement on any part of your Kisi system. You will also be liable for any installation costs associated with replacing your existing Hardware with a new one.

5.6. Product Lifecycle & Hardware Warranty

5.6.1. End of Sales. Kisi may discontinue certain hardware models (for example, CPRO1, RPRO1, RPRO2.0) as new generations are introduced. End of Sales does not affect existing devices — they remain supported and functional until End of Service.

5.6.2. End of Service (Decommissioning). If a Kisi device becomes incompatible with the Kisi cloud due to platform or security requirements, Kisi will offer transition options based on the remaining warranty coverage as follows:

5.6.2.1. Within the first year of warranty coverage: Kisi will provide an equivalent replacement device free of charge.

5.6.2.2. After the first year but within three years of warranty coverage: Kisi will offer an equivalent or functionally compatible device at a discounted rate.

5.6.2.3. After three years and irrespective of the warranty coverage period described in Section 5.2: Customers may purchase new hardware from Kisi at standard pricing.

5.6.2.4. In any of the foregoing circumstances, Kisi may, at its discretion, provide refurbished or newer-generation hardware as an equivalent replacement.

5.6.3. Scope & Third-Party Hardware. This policy applies only to Kisi-manufactured hardware. Kisi does not assume responsibility for third-party hardware or accessories, including compatibility, continued operation, or warranty coverage. Issues related to such products are subject to the original manufacturer’s terms and conditions including without limitation any warranty coverage.

5.6.4. Updates. Kisi reserves the right to update this decommissioning policy as technology, security standards, or service requirements evolve.

5.7. Hardware Returns. Customer may return Products purchased directly from Kisi within 30 days from the date of the applicable Purchase Order for any reason. Thereafter, to request a return under the Hardware Warranty, Customer must notify Kisi or, if the Products were purchased from a Reseller, the Customer must notify the Reseller, within the Hardware Warranty period. To initiate a return of a Product purchased directly from Kisi directly to Kisi, Customer or Reseller must send a return request to Kisi at support@getkisi.com and clearly state details on where and when Customer purchased the Hardware, the serial numbers of the applicable Hardware unit(s), Customer’s reason for returning the Hardware, and Customer’s name, mailing address, email address, and daytime phone number. Kisi reserves the right, in its sole discretion, to approve or deny a Hardware Return under the Hardware Warranty. All Hardware Returns will be at your own cost and expense. To be eligible for a refund under the Hardware Warranty, all components of the Hardware must be returned to Kisi, and Kisi reserves the right to inspect all returned Hardware prior to issuing a refund. In the event Kisi determines that the Hardware return reason was not eligible, Kisi may decline to issue a refund. For clarity, Hardware returns do not relieve Customer of any Subscription obligations under the Order Form/MSA unless expressly stated therein.

5.8. Replacement Fee for Functional or Damaged Returns. If Customer returns Hardware within the initial return period under Section 5.7 and Kisi determines that such Hardware is damaged, altered, or otherwise not in its original condition due to misuse, improper installation, or negligence, Kisi may, in its sole discretion, charge Customer a repair or replacement fee or offset such fee against any refund otherwise due. Kisi will notify Customer in writing of any such fee prior to charging or offsetting amounts under this Section. Likewise, in the event Customer returns defective Hardware to Kisi without prior approval from Kisi’s Support team, Kisi reserves the right to charge Customer a replacement fee.

6. Ownership

6.1. Customer Ownership. Kisi acknowledges and agrees that, as between Customer and Kisi, Customer owns all rights, title and interest (including all rights associated with patents and inventions; copyrights, and other works of authorship (including moral rights)); trademarks, service marks, trade dress, trade names, logos and other source identifiers; trade secrets; and all other intellectual property (“Intellectual Property Rights”) in and to (a) the Customer Content; and (b) any translations, transcriptions, or captions or any derivative work of such Customer Content created through the Services (“Work Product”).

6.2. Kisi Ownership. Customer acknowledges and agrees that, as between Kisi and Customer, Kisi owns all right, title and interest (including all Intellectual Property Rights) in and to (a) the Platform; (b) Kisi’s software, and all improvements, enhancements or modifications to it; (c) the Kisi APIs and any software accessible through the Platform; (d) all information, text, links, graphics, photos, audio, video, and other forms of data or communication that users can view, access or otherwise interact with through the Services (except for Customer Content and Work Product); and (e) any and all Intellectual Property Rights related to the Hardware and Software.

6.3. Feedback. You are not obligated to provide Kisi with any suggestions, comments, ideas, improvements or other feedback relating to the Services (“Feedback”). That said, if you (including Authorized Users and End Users) do provide Feedback to Kisi, (a) you acknowledge and agree that Feedback is non-confidential and provided voluntarily by you; and (b) you grant to Kisi a worldwide, perpetual, irrevocable, royalty-free license to any ideas, know-how, concepts, techniques, or other Intellectual Property Rights contained in the Feedback, for usage by Kisi for any purpose whatsoever, including, without limitation, for the improvement, marketing, and promotion of the Services.

6.4. Reservation of Rights. Each of the parties reserves all rights not expressly granted under this Agreement.

7. Term and Termination

7.1. Term and Order Form Term. This MSA is effective on the effective date of the first Order Form (“Order Form Effective Date”) executed by Customer and Kisi, and will remain in effect until terminated in accordance with its terms (the “Initial Term”). Each Order Form will automatically renew for successive periods equal to the initial billing term specified in the applicable Order Form unless: (i) Otherwise stated in the Order Form or this Agreement; or (ii) either party provides the other with written notification of intent to terminate at least thirty (30) days before the end of the then-current Order Form Term (the Initial Term of the Order Form and any subsequent renewal terms, the “Order Form Term”). For clarity, the “Subscription Term” equals the Order Form Term. Renewal pricing will be at Kisi’s then-current rates unless otherwise stated on the Order Form.

7.2. Automatic Annual Price Increase. Notwithstanding anything to the contrary, upon each renewal of the applicable Subscription Term, the then-current fees for the Services will be subject to an automatic price increase of up to 10% over the fees applicable during the immediately preceding Subscription Term, unless otherwise agreed in writing between the parties. This annual price adjustment will continue to apply for so long as the Customer remains subscribed to the Services. Separately, we reserve the right to phase out certain plans at our sole discretion. In such event, we will provide you with thirty (30) days written notice and suggest a new plan which may include different pricing and features. Upon receipt of such written notice, you will have the opportunity to opt-out of the new plan before the end of the notice period.

7.3. Suspension. We reserve the right to suspend your access to the Services: (a) in the event of your breach of Section 3.3 (Restrictions) or your failure to pay undisputed fees when due; (b) to prevent damage to, or degradation of, the Services, or unauthorized access to Customer Content; (c) to comply with Applicable Law; or (d) if our relationship with a third-party services provider expires, terminates for any reason, or requires us to change the way we provide any part of the Services. We will use reasonable efforts to provide you with prior notice of any suspension of the Services, and will restore access to the Services as soon as practicable following the satisfactory resolution of the event giving rise to suspension. If Kisi suspends Services pursuant to subsection (a) above, (i) you remain responsible for all fees you have committed to for the Order Form Term; (ii) if you do not fully address the reasons for the suspension within thirty (30) days after we suspend, we may immediately terminate your license; and (iii) reinstatement of Services after suspension due to non-payment will be subject to a reinstatement fee of $250, in addition to any outstanding balance and applicable late fees. For clarity, suspension due to non-payment may occur in two phases: a “soft shutoff” and a “hard shutoff,” as described in Section 4.2.4. If Kisi suspends Services pursuant to subsections (b) through (d) above, and we are unable to provide you with Services for which you’ve prepaid during the applicable Order Form Term, we will refund you for any unused prepayments, as applicable, for Services you were unable to access during the suspension period.

7.4. Termination for Cause. This MSA or an Order Form may be terminated (a) by the non-breaching party upon a material breach of this Agreement by the other party, which breach, if curable, is not cured within thirty (30) days after receipt of written notice from the non-breaching party; (b) by Kisi immediately upon notice if necessary under subsections (b) through (d) of Section 7.3 (Suspension); or (c) by either party if the other party becomes insolvent or bankrupt; becomes the subject of any proceedings under bankruptcy, insolvency or debtor relief law; has a receiver or manager appointed; makes an assignment for the benefit of creditors; or takes the benefit of any Applicable Law in force for the winding up or liquidation of such party’s business.

7.5. Effect of Termination. Termination of an Order Form does not terminate this MSA or any other Order Form; however, termination of this MSA will result in the immediate termination of all Order Forms. Upon termination, any unpaid balance under any Order Form will immediately become due and payable and all remaining prepaid credits under any Order Form will expire; provided, however, that if this Agreement is terminated by you for Kisi’s uncured material breach under Section 7.4(a) above Kisi will refund you, as applicable, any unused prepaid credits as of the date of termination, or other prepaid fee for the applicable Order Form Term prorated from the date of termination. Any provision that, by its terms, is intended to survive the expiration or termination of this Agreement will survive such expiration or termination, including without limitation Sections 6 (Ownership); 7.5 (Effect of Termination), 8 (Representations; Services Warranty); 9 (Indemnification); 10 (Limitation of Liability); 11 (Confidential Information; Data Protection); 11.6 (Publicity) and 12 (Governing Law; General).

7.6. Non-Cancellability; Quantity Reductions. Except as expressly permitted under this Agreement, subscriptions (and associated License quantities) are non-cancellable during the Subscription Term and may not be reduced. This Section 7.6 is subject to Sections 7.3–7.5 regarding suspension, termination, and applicable refunds.

8. Representations; Service Warranty

8.1. Mutual Representations. Each party represents and warrants that (a) it will comply with all Applicable Laws; and (b) in entering into the Agreement it does not rely on any promise, statement, representation or warranty (whether in writing or not) of any person (whether party to the Agreement or not) relating to the subject matter of the Agreement, other than as stated in the Agreement.

8.2. Kisi Services Warranty. Kisi represents and warrants that we will make commercially reasonable efforts to perform the Services in a professional and workmanlike manner with a level of care, skill, practice and judgment consistent with generally recognized industry standards and practices for similar services. We will use commercially reasonable efforts to remedy any material breach of this Section 6.2 by promptly re-performing the Services as long as you give us notice specifying the breach within a commercially reasonable period after discovering the breach.

8.3. DISCLAIMER. YOU ACKNOWLEDGE THAT THE SERVICES ARE PROVIDED USING AUTOMATED SOFTWARE, AND THEREFORE MAY CONTAIN ERRORS, WITH THE ERROR RATE IN ANY PARTICULAR DELIVERABLE DEPENDENT ON A NUMBER OF FACTORS. THE PLATFORM AND ALL SERVICES PROVIDED UNDER THIS AGREEMENT ARE PROVIDED “AS IS,” “AS AVAILABLE” AND “WITH ALL FAULTS,” AND, TO THE MAXIMUM EXTENT PERMITTED BY LAW, WITH THE EXCEPTION OF THE WARRANTY PROVIDED IN SECTION 5.2 (KISI WARRANTY), KISI HEREBY EXPRESSLY DISCLAIMS ALL WARRANTIES AND REPRESENTATIONS, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION: (A) THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT; AND (B) ANY WARRANTY WITH RESPECT TO THE QUALITY, ACCURACY, CURRENCY OR COMPLETENESS OF THE PLATFORM AND SERVICES OR ANY DATA OR RESULTS OBTAINED THROUGH THE PLATFORM, OR THAT USE OF THE PLATFORM AND SUCH SERVICES WILL BE ERROR-FREE, UNINTERRUPTED, FREE FROM OTHER FAILURES OR WILL MEET CUSTOMER’S OR AUTHORIZED USERS’ REQUIREMENTS. YOU ACKNOWLEDGE AND AGREE THAT YOU ARE SOLELY RESPONSIBLE FOR VERIFYING THE ACCURACY AND COMPLETENESS OF ALL WORK PRODUCT PROVIDED THROUGH THE SERVICES BEFORE TAKING OR OMITTING ANY ACTION BASED UPON SUCH WORK PRODUCT.

8.4. Hardware Warranty. The Hardware (as defined in the EUA) is covered by the Hardware warranty described in the EUA.

9. Indemnification

9.1. Kisi Indemnification. Kisi will defend, indemnify and hold harmless you, your Affiliates and each of your directors, officers, employees, consultants, contractors, agents, or affiliated entities (the “Customer Indemnified Parties”) harmless from and against claims, demands, proceedings, regulatory actions, liabilities, losses, causes of action, damages, fines, judgments, and settlements brought by a third party (a “Claim”), including reimbursement of all reasonable legal fees and expenses, made or brought against a Customer Indemnified Party to the extent resulting from, or alleged to have resulted from, the Services’ infringement of a third-party Intellectual Property Right, unless caused by the combination, operation or use of the Services with other applications, portions of applications, data, product(s) or services not provided by Kisi where the Services would not by itself be infringing. If the use of the Services by Customer has become, or in Kisi’s opinion is likely to become, the subject of any claim of infringement, Kisi may at its option and expense (a) procure for Customer the right to continue using and receiving the Services as set forth hereunder; (b) replace or modify the Services to make it non-infringing (with comparable functionality); or (c) if the options in clauses (a) or (b) are not reasonably practicable, terminate this Agreement in exchange for a refund of, as applicable, any unused prepaid credits or other prepaid fee for the applicable Order Form Term prorated from the date of termination.

9.2. Customer Indemnification. You will defend, indemnify, and hold harmless Kisi, our Affiliates, Contractors, and each of our directors, officers, employees, consultants, contractors, agents, or affiliated entities (the “Kisi Indemnified Parties”) from and against any Claim, including reimbursement of all reasonable legal fees and expenses, made or brought against a Kisi Indemnified Party to the extent resulting from or alleged to have resulted from (a) your breach of Sections 2.2 (Prohibited Content) or 2.3 (Restrictions); (b) use of the Services by you (including your Authorized Users and/or End Users) not in accordance with this Agreement; or (c) the combination, operation or use of the Services with other applications, portions of applications, data, product(s) or services provided by you where the Services would not by itself be infringing.

9.3. Indemnification Procedures. Each party will promptly notify the other in writing of any Claim; provided, however, that failure of the indemnified party to give such prompt written notice will not relieve the indemnifying party of any obligation to indemnify pursuant to this Section 9, except to the extent the indemnifying party has been prejudiced thereby. The indemnifying party will (a) control the defense of the Claim; and (b) obtain the other party’s prior written approval of the indemnifying party’s settlement or compromise of a Claim. The indemnified party will (i) not unreasonably withhold or delay its approval of the request for settlement or compromise; and (ii) assist and cooperate in the defense as reasonably requested by the indemnifying party at the indemnifying party’s expense.

10. Limitation of Liability

10.1. NOTWITHSTANDING ANYTHING IN THIS AGREEMENT TO THE CONTRARY, TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER PARTY OR ANYONE, WHETHER BY BREACH OF WARRANTY, BREACH OF CONTRACT, NEGLIGENCE, OR ANY OTHER LEGAL THEORY OR CAUSE OF ACTION, (A) FOR ANY CONSEQUENTIAL, INCIDENTAL, INDIRECT, SPECIAL OR PUNITIVE DAMAGES OF SUCH OTHER PERSON, INCLUDING, WITHOUT LIMITATION, LOSS OF FUTURE REVENUE, INCOME OR PROFITS, DIMINUTION OF VALUE, OR LOSS OF BUSINESS REPUTATION OR OPPORTUNITY RELATING TO THE BREACH OR ALLEGED BREACH HEREOF, WHETHER OR NOT THE POSSIBILITY OF SUCH DAMAGES HAS BEEN DISCLOSED TO THE OTHER PARTY IN ADVANCE OR COULD REASONABLY HAVE BEEN FORESEEN BY SUCH OTHER PARTY; OR (B) FOR AN AMOUNT THAT EXCEEDS THE TOTAL AMOUNT PAID OR PAYABLE BY YOU TO KISI FOR THE SERVICES THAT ARE THE SUBJECT OF THE CLAIM IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT(S) THAT FIRST GAVE RISE TO THE CLAIM. The limitations of liability stated in this Section 10 do not apply to: (i) a party’s indemnification obligations; (ii) a party’s liability for fraud, gross negligence or intentional misconduct; (iii) a party’s liability for death or personal injury; or (iv) Customer’s obligations with respect to fees due for Services hereunder (except as otherwise provided in this Agreement, e.g., in the event of early termination due to our breach of this Agreement).

11. Confidential Information; Data Protection

11.1. Definition. “Confidential Information” means any information disclosed under the Agreement that (a) if tangible, is clearly marked as “Confidential” or with a similar designation; (b) if intangible, is identified as “Confidential” by disclosure at the time of disclosure and confirmed in writing to recipient as being Confidential Information; or (c) from the relevant circumstances should reasonably be known by recipient to be confidential (e.g., pricing, Company data, business plans, trade secrets, personal data, etc.). Customer’s Confidential Information includes the Customer Content. Kisi’s Confidential Information includes all software, hardware specifications, and technology included in the Services. Confidential Information does not include Aggregate Data as defined in Section 3.1 of this MSA, or information that: (i) was available to the recipient before disclosure of such information to the recipient and free of any confidentiality obligation in favor of the disclosing party and known to the recipient at the time of disclosure; (ii) is made available to the recipient from a third-party not known by the recipient at the time of such availability to be subject to a confidentiality obligation in favor of the disclosing party; (iii) is made available to third parties by the disclosing party without restriction on disclosing such information; (iv) is or becomes available to the public other than as a result of disclosure by the recipient prohibited by this Agreement; or (v) is developed independently by or on behalf of the recipient without reference to the disclosing party’s Confidential Information.

11.2. Non-Disclosure. Recipient will (a) use Confidential Information only for the purposes of furthering the business relationship between the parties; (b) protect Confidential Information using the same degree of care it uses to protect its own Confidential Information of a like nature, but in no event less than a reasonable degree of care; (c) not disclose Confidential Information to any third party except its personnel, consultants, subcontractors (including, with respect to Kisi, the Contractors), and professional advisors who have a need to know in order to carry out their obligations under the Agreement and are bound by agreements respecting confidential information; and (d) not modify, reverse engineer, decompile, create other works from, or disassemble any Confidential Information, to the extent applicable, unless authorized in writing by the disclosing party. If either Kisi or Customer receives a court subpoena, request for production of documents, court order or requirement of a government agency to disclose any Confidential Information, the recipient will give prompt written notice to the other party so that the request can be challenged or limited in scope by Kisi or Customer, as appropriate.

11.3. Data Protection. If Kisi processes Personal Data (as defined in Section 1 of the Kisi Data Processing Addendum located at https://www.getkisi.com/legal/dpa (“Data Processing Addendum” or “DPA”)) on behalf of Customer pursuant to this Agreement, Kisi and Customer will comply with the terms of the DPA, the terms of which are incorporated into this Agreement.

11.4. CCPA. Kisi will not provide Customer with any services or other consideration in exchange for Customer personal data, or otherwise engage in activities that qualifies as a "sale" under the California Consumer Privacy Act (“CCPA”) or other applicable law (hereinafter “selling”). Kisi will not sell any Customer personal data and agrees to refrain from any use or transfers of Customer personal data (including to or from a subprocessor or other third-party) that qualifies as selling. Except as necessary to provide Services to Customer, Kisi (a) will not collect, share or use any Customer personal data; and (b) will not have, derive or exercise any rights or benefits from Customer personal data. As applicable to the Services provided, Kisi will implement reasonable security measures as appropriate under Applicable Laws and reasonably assist Customer with any request received from an individual under the CCPA or other Applicable Law.

11.5. Insurance. During the Term of this Agreement, Kisi will maintain in force requisite insurance coverage for enterprises of similar size and scope.

11.6. Publicity. Kisi agrees that we will not use your name, logo or trademarks without your prior written approval; provided, however, you agree that we may use your name, logo and trademarks in our marketing materials and website to indicate that you are (or were) a Kisi customer, or to identify you in connection with a previously published news article that Kisi re-publishes or links to on the getkisi.com website, in addition to any other publicity agreed to by you in writing, unless and until you request the removal of your name and trademarks.

12. Governing Law; General

12.1. Governing Law; Dispute Resolution. This Agreement is governed by the laws of the State of New York, excluding its conflicts of laws provisions. If any disputes arise, the parties will first attempt to resolve the dispute informally via good faith negotiation. If the dispute has not been resolved after 30 days, the parties will resolve any claim, dispute, or controversy (excluding any claims for injunctive or other equitable relief) by binding confidential arbitration before a single arbitrator administered by JAMS, its successors and assigns, in New York County, New York, unless otherwise agreed by the parties in writing, and pursuant to its arbitration rules. Each party will be responsible for paying any arbitration fees in accordance with the foregoing rules, and the award rendered by the arbitrator may include costs of arbitration, reasonable attorneys’ fees and reasonable costs for expert and other witnesses. Any judgment on the award rendered by the arbitrator may be entered in any court of competent jurisdiction. Nothing in this Section shall be deemed to prevent either party from seeking injunctive or other equitable relief from the courts as necessary to prevent the actual or threatened infringement, misappropriation, or violation of its data security, intellectual property rights or other proprietary rights.

12.2. Assignment. Either party may assign this Agreement to an Affiliate or a successor-in-interest that is not a competitor of the non-assigning party in connection with (a) the sale of all or substantially all of the assigning party’s assets; (b) any change in the ownership of more than fifty percent (50%) of the assigning party’s voting capital stock in one or more related transactions; or (c) the assigning party’s merger with or acquisition by such successor-in-interest. Except for the assignments set forth in the foregoing sentence, neither party will assign the Agreement in whole or in part without the other party’s prior written consent (which consent will not be unreasonably denied, delayed or conditioned). Any attempted assignment in violation of this restriction is void. The Agreement will bind and insure to the benefit of the parties, their respective successors and permitted assigns.

12.3. Entire Agreement. This Agreement contains the entire agreement of the parties with respect to the subject matter hereof and supersedes all previous or contemporaneous oral or written negotiations or agreements with respect to the subject matter hereof. If a conflict exists between any of the terms in the Agreement and other documents, then the Order Form will govern, followed by this MSA, followed by the DPA, followed by the EUA.

12.4. MSA Updates. Kisi may update this Agreement from time to time by posting an updated version at https://www.getkisi.com/legal/msa and providing written notice thereof to Customer. Continued use of the Products after such posting constitutes acceptance of the updated Agreement and such updates will apply to (i) new Order Forms entered into after the updated Agreement is posted, and (ii) renewals of existing Order Forms, unless otherwise agreed in writing; provided, however, any attempt to amend, modify or vary the terms of any Order Form not signed by the authorized representatives of both parties and referencing this Agreement will be void.

12.5. Independent Contractors. The relationship between Kisi and Customer established by this Agreement is solely that of independent contractors. Neither party is in any way the partner or agent of the other, nor is either party authorized or empowered to create or assume any obligation of any kind, implied or expressed, on behalf of the other party, without the express prior written consent of such other party.

12.6. Notices. A notice regarding termination of the Agreement for breach, indemnification, or other legal matter must be sent by electronic mail or overnight postal or courier service, if to Customer at the billing address or email address set forth on the Order Form or the address in Customer’s account records, and if to Kisi at compliance-team@getkisi.com, Attn: General Counsel. Kisi’s routine communications regarding the Services and legal notices will be posted on Kisi’s customer portal or sent by email or post to the individual(s) Customer designates as contact(s) on Customer’s account. Notices are deemed received as of the time posted or delivered, or if that time does not fall within a business day, as of the beginning of the first business day following the time posted or delivered. To count days for notice periods, the business day on which the notice is deemed received counts as the first day.

12.7. No Waiver. The failure of either party to require strict performance by the other party of any provision of this document will not affect the full right to require such performance at any time thereafter, nor will the waiver by either party of a breach of any provision of this document be taken or held to be a waiver of the provision itself.

12.8. Interpretation. In the Agreement, the words “include” and “including” will not be construed as terms of limitation.

12.9. Severability. If any provision of the Agreement is unenforceable, that provision will be modified to render it enforceable to the extent possible to give effect to the parties’ intentions and the remaining provisions will not be affected.

12.10. Force Majeure. Neither party will be liable for any failure to perform under this Agreement to the extent due to any act of God, fire, casualty, flood, war, strike, lock out, failure of public utilities, outages or slow-downs of the internet, outages at any of Kisi’s critical infrastructure providers, injunction or any act, exercise, assertion or requirement of any governmental authority, epidemic, pandemic, destruction of production facilities, insurrection or any other cause beyond the reasonable control of the party invoking this provision.

12.11. Counterparts and Electronic Signatures. Any Order Form, and any amendment to this Agreement or other ancillary agreement among the parties may be executed in one or more counterparts, each of which will be deemed to be an original and all of which, when taken together, will be considered to be one and the same agreement or document.

Exhibit A: Maintenance and Support

1. General

1.1. Contact. Customer may contact Kisi through support@getkisi.com or by calling 646-663-4880. For billing inquiries, please email billing@getkisi.com.

1.2. Hours. Kisi will provide maintenance and support according to the Kisi Care service level associated with the plan you purchase. Kisi Care service levels can be found at https://www.getkisi.com/legal/slc.

2. Uptime & Exclusions

2.1. Uptime. Kisi will use commercially reasonable efforts to minimize downtime of the Platform and to ensure a Monthly Availability Percentage of 99.0%, except as set forth below. The Monthly Availability Percentage is calculated on an aggregate Monthly basis: Monthly Availability Percentage = (total minutes in the month – total number of minutes that the Platform is inoperable in that month) / total minutes in the month.

2.2. Exclusions. The Monthly Availability Percentage excludes: (1) periods of emergency or extraordinary maintenance; (2) issues caused by factors outside Kisi’s reasonable control; (3) issues resulting from Customer’s actions or inactions, or the actions or inactions of a third-party, including, without limitation, Kisi’s suppliers; and (4) issues that result from Customer’s equipment or third-party equipment.

3. Service Level Agreement (SLA)

3.1. Delivery. Kisi endeavors to meet or exceed delivery times as identified below. Kisi will endeavor to respond to support tickets within one-hundred-twenty (120) hours of receipt. Kisi does not provide on-site support services unless expressly agreed in writing.

3.2. Exclusions. The Service Level Agreement excludes: (1) periods of scheduled or emergency maintenance; (2) issues caused by factors outside Kisi’s reasonable control, including acts of God, force majeure events, or actions or omissions of Customer or third parties; (3) failures or interruptions caused by third-party integrations, network connectivity, or internet service providers; and (4) any issues arising from Customer’s misuse of hardware, software, or Services.

3.3. Relationship to SLCs. In the event of any inconsistency between the Service Levels in this Exhibit A and the Service Level Commitments published on Kisi’s website, this Exhibit A will control.

Exhibit B: Security

1. Basic Security Requirements. In addition to Kisi’s security and compliance protocols found here: https://docs.kisi.io/help/security/, Kisi will, consistent with current best industry standards and such other requirements specified by Customer based on the classification and sensitivity of Customer Information (as defined below), maintain physical, administrative and technical safeguards and other security measures to:

1.1. maintain the security and confidentiality of Customer Content and Customer’s Confidential Information (hereinafter collectively defined as ”Customer Information”) accessed, collected, used, stored or transmitted by Kisi, and

1.2. protect that information from known or reasonably anticipated threats or hazards to its security and integrity, accidental loss, alteration, disclosure and all other unlawful forms of processing.

2. Security Controls. Kisi will use commercial best efforts to comply with these requirements:

2.1. Application Firewall. Kisi will install and maintain a working network firewall to protect data accessible through the Internet and will keep all Customer Information protected by the firewall at all times.

2.2. Updates. Kisi will keep its systems and software up-to-date with the latest upgrades, updates, bug fixes, new versions and other modifications necessary to ensure security of the Customer Information.

2.3. Anti-malware. Kisi will at all times use anti-malware software on systems commonly affected by malware and will keep the anti-malware software up-to-date. Kisi will mitigate threats from all viruses, spyware and other malicious code that are or should have reasonably been detected.

2.4. Encryption. Kisi will encrypt data at rest and data sent across open networks in accordance with industry best practices.

2.5. Testing. Kisi will regularly test its security systems and processes to ensure they meet the requirements of this Security Policy.

3. Access Controls. Kisi will secure Customer Information, including by complying with these requirements:

3.1. Kisi will restrict access to Customer Information to only those people with a “need-to-know” to provide the Services or as otherwise agreed by Customer or specified in the Agreement.

3.2. Kisi will not use manufacturer-supplied defaults for system passwords and other security parameters on any operating systems, software or other systems. Kisi will mandate and ensure the use of system-enforced “strong passwords” in accordance with the best practices (described below) on all systems hosting, processing, or that have or control access to Customer Information and will require that all passwords and access credentials are kept confidential and not shared among personnel.

3.3. Kisi will regularly review access logs for signs of malicious behavior or unauthorized access.

4. Network Security Policy. Kisi will maintain and enforce an information and network security policy for employees, subcontractors, suppliers and agents that meets the standards in this Exhibit B, including methods to detect and log policy violations (“Security Policy”).

5. Subcontracts. The terms and conditions of the Security Policy will be binding upon Kisi’s subcontractors, including Contractors, and personnel. Kisi (a) will ensure that its subcontractors and personnel comply with the Security Policy, and (b) will be responsible for all acts, omissions, negligence and misconduct of its subcontractors and personnel.

6. Remote Access. Kisi will ensure that any access from outside protected corporate or production environments to systems holding Customer Information or Kisi’s corporate or development workstation networks requires multi-factor authentication (e.g., requires at least two separate factors for identifying users).

7. Deletion. Kisi will promptly (no more than thirty (30) days after Customer’s written request) permanently and securely delete all Customer Information upon Customer’s request. If requested by Customer, Kisi will certify in writing that all Customer Information has been destroyed.

8. Security Incidents.

8.1. Kisi will inform Customer within reasonable time after detecting any confirmed unauthorized access, collection, acquisition, use, transmission, disclosure, corruption or loss of Customer Information, or breach of any environment containing Customer Information (“Security Incident”).

8.2. Kisi will remedy each Security Incident promptly and provide Customer written details about Kisi’s internal investigation into each Security Incident. With respect to a Security Incident that affects only a subset of customers including Customer, (i) Kisi agrees not to notify any regulatory authority, nor any third party, on behalf of Customer unless Customer specifically requests in writing that Kisi do so, and Customer reserves the right to review and approve the form and content of any notification before it is provided to any party; and (ii) Kisi will cooperate and work together with Customer to formulate and execute a plan to remediate all confirmed Security Incidents.