Data Processing Addendum

Date of Last Update: October 1st, 2025

This Data Processing Addendum (“DPA”) is incorporated into, and is subject to the terms and conditions of, the Terms and Conditions (the “Agreement”) between Partner and AI Concierge Labs, Inc. (“Intellica”) (collectively, “the parties”) applicable to the Partner’s use of the Services. This DPA shall be effective for the term of the Agreement. We update these terms of this DPA from time to time. We will let you know via email if you have subscribed to receive email notifications.

1. Definitions

In this DPA:
1. “Partner Personal Data” means Personal Data provided to Intellica in connection with the Services by (i) Partner or (ii) Authorized Users.
2. “Data Protection Law” means all laws that apply to the Processing of Partner Personal Data under the Agreement, including the California Consumer Privacy Act of 2018, as amended and any binding regulations promulgated thereunder and other laws and regulations of the United States and its states, as amended from time to time.
3. “Data Subject” means the individual to whom Partner Personal Data relates.
4. “Personal Data” has the meaning given to it in the Data Protection Law, and includes “Personal Data,” “personally identifiable information,” and equivalent terms as such terms may be defined by the Data Protection Law.
5. “Processing” (including its cognate "Process”) means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
6. “Security Incident” means a breach of Intellica’s security leading to the unauthorized or unlawful access by a third party, or confirmed accidental or unlawful destruction, loss or alteration, of Partner Personal Data in Intellica’s possession, custody or control. “Security Incidents” will not include unsuccessful attempts or activities that do not compromise the security of Partner Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems.
Capitalized terms used but not defined herein have the meaning given to them in the Agreement.

2. Partner’s Instructions

Intellica will Process Partner Personal Data only in accordance with Partner’s instructions. By entering into this DPA, Partner instructs Intellica to Process Partner Personal Data to provide the Services and to perform its other obligations and exercise its rights under the Agreement, including without limitation to (a) carry out Services or the business of which the Services are a part, (b) carry out any benefits, rights, and obligations relating to the Services, (c) maintain records relating to the Services, and (d) comply with any legal or self-regulatory obligations relating to the Services.

3. Processing of Partner Personal Data

Intellica serves as a service provider or processor, meaning that Intellica Processes Partner Personal Data at the direction of and on behalf of Partner, provided however, that nothing in this DPA or the Agreement shall restrict Intellica from using aggregated, de-identified or otherwise anonymized data derived from the Personal data for its own business purposes.
The extent of Partner Personal Data Processed by Intellica is determined and controlled by Partner in its sole discretion and may include names, email addresses, phone numbers, and other Personal Data that Partner may make available through the Services.
Each party will comply with the obligations applicable to it under the Data Protection Law with respect to the Processing of Partner Personal Data. Partner represents and warrants that it has the necessary rights, consents and permissions to use Partner Personal Data and to enable Intellica to Process Partner Personal Data as intended by the parties under the Agreement.
When Intellica Processes Partner Personal Data, it will:
1. Except as permitted by applicable law, the Agreement or this DPA, not (a) “sell” or “share” (each as defined in the Data Protection Law) Partner Personal Data, (b) retain, use, or disclose Partner Personal Data for any purpose other than for the specific purpose of providing the Services, (c) retain, use, or disclose Partner Personal Data outside of the direct business relationship between Partner and Intellica, and (d) combine Partner Personal Data with any Personal Data other than Partner Personal Data;
2. Require Intellica’s personnel who access Partner Personal Data to commit to protect the confidentiality of Partner Personal Data;
3. Provide reasonable assistance necessary for Partner to comply with its obligations under the Data Protection Law;
4. Promptly notify the Partner of any request made by a Data Subject in relation to Partner Personal Data. Intellica will, at the Partner’s written request, provide the Partner with reasonable assistance necessary for the fulfilment of the Partner’s obligation to respond to requests for the exercise of Data Subjects’ rights under the Data Protection Law. Intellica shall not respond to such requests other than confirming with the Data Subject that the request relates to the Partner and Partner Personal Data. Partner shall be solely responsible for responding to such requests;
5. Unless prohibited by law, inform Partner if Intellica receives a request, complaint or other inquiry regarding the Processing of Partner Personal Data;
6. Inform Partner if it can no longer comply with its obligations under this DPA. Upon notice to Intellica, Partner may take reasonable and appropriate steps to remediate Intellica’s use of Partner Personal Data in violation of this DPA; and
7. Upon termination of the Agreement, as instructed by Partner, delete or return Partner Personal Data, except where continued retention of Partner Personal Data is in accordance with applicable law or the Intellica’s policies, in which case Intellica shall retain such Partner Personal Data in accordance with this DPA.

4. Subprocessing

Partner agrees that Intellica may use third-party suppliers to Process Partner Personal Data on its behalf for the provision of the Services (each a “Subprocessor”).
When engaging any Subprocessor, Intellica will enter into a written contract with such Subprocessor containing data protection obligations consistent with those in this DPA with respect to the protection of Partner Personal Data to the extent applicable to the nature of the services provided by such Subprocessor.

5. Data Security

Intellica will implement and maintain technical and organizational measures designed to protect Partner Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Partner Personal Data.
Partner agrees that, without limitation of Intellica’s obligations under Section 5.1 of this DPA, Partner is solely responsible for its use of the Services, including (a) making appropriate use of the Services to ensure a level of security appropriate to the risk in respect of Partner Personal Data; (b) securing the account authentication credentials, systems and devices Partner uses to access the Services; (c) securing Partner’s systems and devices that Intellica uses to provide the Services; and (d) backing up Partner Personal Data. Partner agrees that the Services and Intellica’s security commitments under this DPA are adequate to meet Partner’s needs, including with respect to any security obligations of Partner under the Data Protection Law, and provide a level of security appropriate to the risk in respect of Partner Personal Data.

6. Security Incidents

If Intellica becomes aware of a Security Incident, Intellica will: (a) notify Partner of the Security Incident without undue delay and in any event within 48 hours after becoming aware of it; and (b) take reasonable steps to identify the cause of such Security Incident, minimize harm and prevent a recurrence.
Partner is solely responsible for complying with incident notification requirements applicable to Partner. Intellica’s notification of or response to a Security Incident under this Section will not be construed as an acknowledgement by Intellica of any fault or liability with respect to the Security Incident.

7. Audit

Intellica will make available to Partner, at Partner’s request, reasonable information as necessary to demonstrate compliance with this DPA.
To the extent Intellica makes available to Partner confidential summary reports ("Audit Report") prepared by third-party security professionals, upon request from Partner, Intellica may provide such Audit Report in satisfaction of any audit rights accorded to Partner pursuant to the Data Protection Law. The Audit Report shall be considered Intellica’s confidential information.
If Partner can demonstrate that it requires additional information, beyond the Audit Report, then Partner may request, at Partner's cost, Intellica to provide for an audit subject to reasonable confidentiality procedures. Such audit shall: (i) not include access to any information that could compromise confidential information relating to other Intellica’s customers or suppliers, Intellica's technical and organizational measures, or any trade secrets; and (ii) be performed upon not less than thirty (30) days’ notice, during regular business hours, and in such a manner as not to unreasonably interfere with Intellica’s normal business activities.

8. General

If there is any conflict between this DPA and the Agreement, this DPA will prevail to the extent of that conflict in connection with the Processing of Partner Personal Data.
If any provision of this DPA is found by any court or administrative body of competent jurisdiction to be invalid or unenforceable, then the invalidity or unenforceability of such provision does not affect any other provision of this DPA and all provisions not affected by such invalidity or unenforceability will remain in full force and effect.
Notwithstanding anything to the contrary in the Agreement or this DPA, the liability of each party under this DPA is subject to the limitations of liability set out in the Agreement. Partner acknowledges that Intellica is reliant on Partner for direction as to the extent to which Intellica is entitled to Process Partner Personal Data on behalf of Partner in the provision of the Services. Consequently, Intellica will not be liable under the Agreement for any claim brought by individuals to whom Partner Personal Data relates arising from (a) any action or omission by Intellica in compliance with Partner’s instructions, or (b) from Partner’s failure to comply with its obligations under the Data Protection Law.