THIS AGREEMENT GOVERNS YOUR USE OF THE PROOF SERVICES. BY ACCEPTING THIS AGREEMENT, EITHER BY INDICATING YOUR ACCEPTANCE OR BY EXECUTING AN ORDER FORM OR STATEMENT OF WORK THAT REFERENCES THIS AGREEMENT, YOU AGREE TO THE TERMS OF THIS AGREEMENT AND WILL BE REFERRED TO AS "YOU" OR "COMPANY" IN THIS AGREEMENT. "PARTY" OR "PARTIES" SHALL MEAN, INDIVIDUALLY, THE COMPANY OR PROOF AS THE CONTEXT REQUIRES AND, COLLECTIVELY, THE COMPANY AND PROOF. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF COMPANY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND COMPANY TO THESE TERMS AND CONDITIONS. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, YOU MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICES AS DEFINED BELOW.

POI Technologies LLC, doing business as "Proof" provides customizable technology, services and analytics solutions to track, measure, and verify impact. These deliverables are executed by members of the Proof team. The purpose of this letter which includes Schedule A hereto (this "Agreement") is to confirm the engagement of Proof, with respect to impact technology services to "Company," the terms and conditions set forth herein.

"Proof" is a registered trademark of Proof of Impact, Inc.

a. Proof offers its customers a choice between different service offerings as set forth on its website from time to time that range from a free service to one with customized provisions. The services to be provided by Proof to its customers are as set forth in the specifications for each such service offering or in the case of a bespoke service, as agreed between Company and Proof at the time of entry into this Agreement.

b. Proof hereby agrees to provide the services set forth in connection with the service offering selected by the Company or as agreed with Proof when entering into this Agreement (the "Services"). The provisions of this Agreement shall govern the relationship between Proof and Company.

a. In consideration of the Services provided by Proof in furtherance of this Agreement, Company hereby agrees to pay Proof the fees set forth on the Proof website in connection with the Service selected by the Company or, in the case of a bespoke Service, such fees as agreed between Company and Proof at the time.

b. At the time of entry into this Agreement by the Parties, unless otherwise agreed, Proof shall provide Company with an invoice for the annual subscription amount associated with the Service selected by the Company or agreed to with Proof. Payment shall be made by Company to Proof within fourteen (14) days after the date of receipt of such invoice from Proof.

c. By providing a payment method, Company expressly authorizes Proof to charge the applicable fees on said payment method as well as taxes and other charges incurred thereto as provided for under the terms of this Agreement, all of which depend on your particular subscription and utilized services.

a. This Agreement shall commence on the date Company accepts the provisions of this Agreement by selecting its service offering via the Proof website and continue thereafter for a period of 12 months.

b. Free or other unpaid accounts may be terminated at any time by written notice from one Party to the other.

c. Subscription accounts will automatically renew for successive one-year terms (each, a "Renewal Term" and together with the Initial Term, the "Term") thereafter unless a Party notifies the other Party no less than 90 days in advance of the end of the then-current Initial Term or Renewal Term, as applicable, of its intent to terminate the Agreement.

d. Please note that from the date of termination of this Agreement, you may not be able to use or access the platform and you will not be entitled to a refund of any unused fees that you may have paid.

e. The expiration or termination of the term of this Agreement shall not adversely affect Proof's right to receive any compensation or other amounts owed hereunder accrued prior to the date of such expiration or termination. Proof's fees are exclusive of all taxes, levies, or duties imposed by taxing authorities, and Company shall be responsible for payment of all such taxes, levies, or duties, even if such amounts are not listed by Proof. If payment is not received by the due date, Proof reserves the right to, in addition to taking any other action at law or equity, to (i) suspend its provision of the Services to Company until overdue amounts are paid in full; and/or, (ii) terminate this Agreement.

a. Scope of Confidentiality. Each Party agrees to regard and preserve as confidential all business, technical, financial and client information related to the activities of the other party (the “Disclosing Party”), that may be obtained by such party (the “Receiving Party”) from any source or may be developed as a result of this Agreement (“Confidential Information” of the Disclosing Party). The Receiving Party agrees to hold such information in trust and confidence for the Disclosing Party and not to disclose such Confidential Information to any person, firm or enterprise, or use, directly or indirectly, any such Confidential Information other than in furtherance of the purposes of this Agreement for its own benefit or the benefit of any other party, unless otherwise authorized in writing by the Disclosing Party, and even then, to limit access to and disclosure of such Confidential Information to the Receiving Party’s employees, consultants (who themselves are under a duty of confidentiality) and professional advisors on a need-to-know basis only. Confidential Information shall not be considered confidential if such information: (i) is, or becomes, generally available to the public other than as a direct or indirect result of the information being disclosed by the Receiving Party in breach of this Agreement (except that any compilation of otherwise public information in a form not publicly known shall still be treated as Confidential Information); (ii) it was available to the Receiving Party on a non-confidential basis prior to disclosure by the Disclosing Party; (iii) it was, is, or becomes available to the Receiving Party on a non-confidential basis from a person who, to the Receiving Party’s knowledge, is not under any confidentiality obligation in respect of that information; (iv) it was lawfully in the possession of the Receiving Party before the information was disclosed by the Disclosing Party; (v) it is developed by or for the Receiving Party independently of the information disclosed by the Disclosing Party; (vi) is the subject of an request, investigation, review or the like by a competent government regulator or is the subject of a court or other tribunal proceeding; or, (vii) the parties agree in writing that the information is not confidential.

b. Remedy. Each Party acknowledges and agrees that, in the event of a breach or threatened breach of any of the foregoing provisions, the other Party will have no adequate remedy in damages and, accordingly, shall be entitled to injunctive relief against such breach; provided, however, that no specification of a particular legal or equitable remedy shall be construed as a waiver, prohibition or limitation of any other legal or equitable remedies in the event of a breach hereof.

a. Proof employees, consultants, directors, officers, agents, professional advisors, shareholders, partners, members and Affiliates (each such person being referred to as a “Covered Person”) shall have no liability arising out of or connected with, or claimed to arise out of or to be connected with, any act performed or omitted to be performed under this Agreement or otherwise relating to the business or affairs of Company or its Affiliates, save in instances of gross negligence or willful misconduct on the part of the relevant Covered Person (and where a cause of action in favor of Company otherwise exists at law against such Covered Person).

b. Subject to clauses 4(b) and 5(c), neither Party shall be liable to the other under (or in connection with) the Agreement (whether for breach of contract, negligence, misrepresentation, statutory duty or otherwise) and regardless of the nature of the claim, for any amounts in the aggregate exceeding $15,000, or the last three full months of fees paid under this Agreement by the Company, whichever is lower.

c. Notwithstanding clause 5(b), nothing in this Agreement either limits or excludes the liability of: (i) either Party in relation to an indemnity given by it under section 6; or (ii) the Company for its section 2 fee obligations. Further, the Parties agree that nothing in this Agreement is intended to or has the effect of limiting or excluding liability in any way or to an extent that is prohibited by applicable law.

a. Indemnification by Proof. Proof will indemnify, hold harmless and defend the Company from and against any and all Losses arising out of or relating to any claim from a third party (other than one of the Company’s Affiliates) arising from or relating to any proven infringement of the intellectual property rights of such third party by Company’s use of the Services in accordance with this Agreement. This indemnity is subject to the Company (i) providing Proof with prompt written notice of any claim; (ii) providing Proof with sole control and defense of the claim, including any settlement; (iii) not making any admission of liability or otherwise knowingly acting in any manner which prejudices Proof’s ability to fully defend the claim; (iv) providing Proof with any reasonable cooperation Proof requires. Proof may (at any time) in Proof’s sole discretion: (i) modify the Service so that it no longer infringes or misappropriates, (ii) obtain a license for Company’s continued use of that Service in accordance with this Agreement, or (iii) terminate the Company’s subscription or other use to that Service upon written notice and refund the Company any prepaid fees or relating to such part of the Services which have not been provided by the effective date of termination. This section 6(a) shall not apply to the extent the relevant claim arises as a result of any: (i) use or exploitation of the Services by the Company or any of its authorized users in any manner which breaches this Agreement; or (ii) combination or integration of the Services with anything not provided by Proof where such combination or integration of the Services is not otherwise contemplated by this Agreement.

b. Indemnification by The Company. The Company will indemnify, keep indemnified, hold harmless and defend Proof from and against any and all Losses arising out of or relating to any and all liabilities, damages, losses, costs, fees (including legal fees), and expenses relating to any third-party legal proceeding to the extent arising from (a) any Content or Data routed into or used with the Services solely by the Company or anyone acting on the Company’s behalf, (b) the Company’s misuse of the Services, or (c) the Company’s violation of this Agreement.

As part of their subscription with Proof, all Proof clients and users will receive access to the Proof Sustainability Community (“Community”). The Community is an integrated part of the platform experience, where professionals engage with each other to achieve their business and impact goals. Appropriate conduct is expected in line with the Circle Community Terms of Service, and the community is moderated to ensure that a respectful and professional environment is maintained.

You agree to comply with all law, and regulation applicable to you regarding your use of Proof Community.

Except as otherwise provided herein, this Agreement may be amended, and any right or claim hereunder waived, only by a written instrument signed by Proof and Company.

a. This Agreement and all acts and transactions pursuant hereto and the rights and obligations of the parties hereto and any claim therefrom shall be governed, construed and interpreted in accordance with the laws of the State of Delaware, without giving effect to principles of conflicts of law. Each of the parties to this Agreement consents to the exclusive jurisdiction and venue of United States District Court for the Southern District of Florida or the Florida state court located in Miami, Florida with jurisdiction over the dispute. The parties waive any objection based on Forum Non Conveniens and any objection to venue in connection therewith.

b. Each party hereby irrevocably waives, to the fullest extent permitted by applicable law, any and all right to trial by jury in any legal proceeding arising out of or relating to this Agreement or the transactions contemplated hereby.

All notices required or shall be deemed to have been duly given when delivered e-mail with delivery receipt.

In this Agreement, capitalized terms shall have the meanings set out below or if not defined herein, the meanings set forth elsewhere in the Agreement:

“Affiliate” an entity that directly or indirectly controls, is directly or indirectly controlled by, or is under common direct or indirect control with, a party. For purposes of this Agreement, “control” of any entity shall mean ownership of a majority of the voting equity interests or profit interests in such entity.

“Agreement” means as defined in the Introduction to this Agreement. Also applicable to agreements with an EU nexus only or if otherwise agreed between the parties) the Data Processing Policy.

“Content” messages, information, data, text, software, music, audio, photographs, graphics, video, messages or other materials stored or transmitted via the Services in any medium.

“Fine” any and all fines, penalties, refunds, charges, debits, deductions, legal fees and costs incurred by or other sums payable to a Service Provider or regulator.

“Losses” all losses, damages, liabilities, costs, expenses, Fines and penalties (including without limitation reasonable legal fees and costs).

“Service(s)” means as defined in Section 1(b) of this Agreement.

Data Processing Policy

This Data Processing Policy (“Policy”) sets out the terms and conditions that will apply to the processing of personal data by Proof on behalf of the Company, in connection and in furtherance with the Agreement. This Policy contains the mandatory clauses required by Article 28(3) of the General Data Protection Regulation ((EU) 2016/679) (“GDPR”) for contracts between controllers and processors.


1. Definitions and interpretation

1.1 In this Policy, the term ‘Data Protection Legislation’ means all applicable privacy and data protection laws including: (i) any data protection legislation from time to time in force in the UK and European Union including the UK Data Protection Act 2018 or any successor legislation; (ii) (for so long as and to the extent that the law of the European Union has legal effect in the UK) the GDPR and any other directly applicable European Union regulation relating to privacy, as amended, replaced or updated from time to time.

1.2 The terms ‘controller’, ‘processor’, ‘personal data’, ‘data subject’, ‘Special Categories of Personal Data’ and ‘processing’ shall have the meaning set out in the Data Protection Legislation (and the terms Process and Processed shall be construed accordingly).

1.3 This Policy is subject to the Agreement and is incorporated into the Agreement. Interpretations and defined terms set forth in the Agreement apply to the interpretation of this Policy.

1.4 In the case of conflict or ambiguity between any of the provisions of this Policy and the provisions of the Agreement, the provisions of this Policy will prevail.

1.5 A reference to writing or written includes email.


2. Personal data types and processing purposes

2.1 The Company and Proof acknowledge that for the purpose of the Data Protection Legislation, the Company is the ‘controller’ and Proof is the ‘processor’. Proof and the Company shall each comply with all Data Protection Legislation in processing personal data in connection with the Agreement.

2.2 The Company retains control of the personal data and remains responsible for its compliance obligations under the applicable Data Protection Legislation, including providing any required notices and obtaining any required consents, and for the processing instructions it gives to Proof. The Company shall comply with all of Proof’s reasonable security rules and regulations in place from time to time in respect of access to and use of the Services including those relating to restrictions on password use. Proof shall own anonymized aggregate results derived from the Company data used specifically for market level research and analytics.

2.3 This clause describes the subject matter, duration, nature and purpose of processing and the personal data categories and data subject types in respect of which Proof may process in connection with the Agreement.

i. Subject matter of processing: processing of personal data in connection with the provision of the Services under the Agreement;

ii. Duration of Processing: for the duration of the Agreement;

iii. Nature of Processing: the processing of personal data as provided by the Company utilizing text algorithms that apply analytical techniques to clean, aggregate, restructure, and transform raw data, and to summarize a data subject’s data footprint with aggregated insights and results from the data provided. The aggregated insights are ascertained by analysing data using segmentation and predictive algorithms, including regression, classification and clustering information to enable better decision making. Proof may store anonymized and/or enriched impact data on a blockchain. The Company may opt out of such tokenization.

Proof will undertake best efforts to store personal data provided by Company in respect of the Services in accordance with any reasonable written instructions received by Proof from Company.

iv. Purpose: for the purpose of providing the Services under the Agreement;

v. Personal Data Categories: As a general proposition, Proof does not process personal data beyond the scope of the Agreement, and will not retain sensitive data for any purpose. However, if such processing on the part of Proof occurs either per specific instruction of the Company or inadvertently, such personal data that may include full name, email address, employer, contact information, Agreement details, date of birth, residence and domicile and any other details that the Company provides to Proof. The company agrees that it shall obtain any and all required consents prior to provision or submission of any Special Categories of Personal Data to Proof in connection with the Agreement.


3. Proof’s obligations

3.1 Without prejudice to the generality of clause 2.1, Proof shall, in relation to any personal data processed in connection with the performance by Proof of its obligations under the Agreement:

(a) process that personal data only on the written instructions or within the scope of the Agreement of the Company unless Proof is required by Applicable Laws to otherwise process that personal data. Where Proof is relying on laws of a member of the UK, the European Union or European Union law as the basis for processing personal data, Proof shall promptly notify the Company of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit Proof from so notifying the Company;

(b) ensure that it has in place appropriate technical and organizational measures to protect against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorized or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures;

(c) ensure that all personnel who have access to and/or process personal data are obliged to keep the personal data confidential; and

(d) where such personal data processed is subject to the Data Protection Legislation, not transfer any personal data outside of the European Economic Area unless the prior written consent of the Company has been obtained and the following conditions are fulfilled:

(i) the Company or Proof has provided appropriate safeguards in relation to the transfer;

(ii) the data subject has enforceable rights and effective legal remedies;

(iii) Proof complies with any obligations it may have under the Data Protection Legislation by providing an adequate level of protection to any personal data that is transferred; and,

(iv) Proof complies with reasonable instructions notified to it in advance by the Company with respect to the processing of the personal data;

(e) assist the Company, at the Company’s cost, in responding to any request from a data subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;

(f) notify the Company without undue delay on becoming aware of a personal data breach;

(g) at the written direction of the Company, delete or return personal data and copies thereof to the Company on termination of the Agreement unless required by Applicable Law to store the personal data; and

(h) maintain complete and accurate records and information to demonstrate its compliance with this clause 3.

3.2 Proof may conduct site audits of its personal data processing practices and the information technology and information security controls for all facilities and systems used in complying with its obligations under this Policy, including, but not limited to, obtaining a network-level vulnerability assessment performed by a recognized third-party audit firm based on recognized industry best practices.

3.3 Proof may only authorize a third party (subcontractor) to process the personal data in connection with the Agreement if:

i. the Company is provided with an opportunity to object to the appointment of each subcontractor within 5 days after Proof supplies the Company with full details regarding such subcontractor;

ii. Proof enters into a written contract with the subcontractor that contains terms substantially the same as those set out in this Policy, in particular, in relation to requiring appropriate technical and organizational data security measures, and, upon the Company’s written request, provides the Company with copies of such contracts;

iii. Proof maintains control over all personal data it entrusts to the subcontractor;

and

iv. the subcontractor’s contract terminates automatically on termination of Contract for any reason.

3.4 Where the subcontractor fails to fulfill its obligations under such written agreement, Proof remains fully liable to the Company for the subcontractor’s performance of its agreement obligations.


4. Term and termination

4.1 This Policy will remain in full force and effect so long as:

i. the Agreement remains in effect; or

ii. Proof retains any personal data related to the Agreement in its possession or control.

4.2 Any provision of this Policy that expressly or by implication should come into or continue in force on or after termination of the Agreement in order to protect personal data will remain in full force and effect.