TERMS OF SERVICE

PLEASE READ THESE TERMS OF SERVICE (“TERMS”) CAREFULLY BEFORE USING THE SERVICES OFFERED BY EDRA LABS CORP. (“EDRA LABS”). BY SIGNING UP FOR OUR SERVICES THROUGH AN ONLINE ORDER FORM OR BY MUTUALLY EXECUTING ONE OR MORE ORDER FORMS WITH EDRA LABS WHICH REFERENCE THESE TERMS (EACH, AN “ORDER FORM”), YOU OR THE ENTITY YOU REPRESENT (“CUSTOMER”) AGREE TO BE BOUND BY THESE TERMS (TOGETHER WITH ALL ORDER FORMS, THE “AGREEMENT”) TO THE EXCLUSION OF ALL OTHER TERMS. IF THE TERMS OF THIS AGREEMENT ARE CONSIDERED AN OFFER, ACCEPTANCE IS EXPRESSLY LIMITED TO SUCH TERMS.

  1. Order Forms; Access to the Service

    1. Upon mutual execution, each Order Form shall be incorporated into and form a part of the Agreement. Subject to Customer’s compliance with the terms and conditions of this Agreement (including any limitations and restrictions set forth on the applicable Order Form) Edra Labs grants Customer and its Authorized Users the right to access and use the services specified in each Order Form (collectively, the “Service,” or “Services”) during the applicable Order Form Term (as defined below) for the business purposes of Customer. An “Authorized User” is any employee or contractor of Customer. Customer shall be fully responsible for each Authorized User’s use of the Services.
    2. From time to time, Edra Labs may provide upgrades, patches, enhancements, or fixes for the Services to its customers generally without additional charge (“Updates”), and such Updates will become part of the Services and subject to this Agreement; provided that Edra Labs shall have no obligation under this Agreement or otherwise to provide any such Updates. Customer understands that Edra Labs may cease supporting old versions or releases of the Services at any time in its sole discretion; provided that Edra Labs shall use commercially reasonable efforts to give Customer reasonable prior notice of any major changes.

  2. Implementation

    1. Upon payment of any applicable fees set forth in each Order Form, Edra Labs agrees to use reasonable commercial efforts to provide standard implementation assistance for the Service only if and to the extent such assistance is set forth on such Order Form (“Implementation Assistance”).
    2. Customer acknowledges and agrees that the Service may operate with or using application programming interfaces (APIs) and associated services operated or provided by third parties (“Third Party Services”). Edra Labs is not responsible for the operation of such Third Party Services nor the availability or operation of the Service to the extent such availability and operation is dependent upon Third Party Services. Edra Labs does not make any representations or warranties with respect to Third Party Services.

  3. Support

    Edra Labs will make the Service available and provide support to Customer in accordance with Exhibit A.

  4. Ownership; Restrictions; Feedback

    As between the parties, Edra Labs retains all right, title, and interest in and to the Services, and all software, products, works, and other intellectual property and moral rights related thereto or created, used, or provided by Edra Labs for the purposes of this Agreement, including any copies and derivative works of the foregoing. Any software which is distributed or otherwise provided to Customer hereunder shall be deemed a part of the “Services” and subject to all of the terms and conditions of this Agreement. No rights or licenses are granted except as expressly and unambiguously set forth in this Agreement. Customer may from time to time provide suggestions, comments or other feedback to Edra Labs with respect to the Service (“Feedback”). Feedback, even if designated as confidential by Customer, shall not create any confidentiality obligation for Edra Labs notwithstanding anything else. Customer shall, and hereby does, grant to Edra Labs a nonexclusive, worldwide, perpetual, irrevocable, transferable, sublicensable, royalty-free, fully paid up license to use and exploit the Feedback for any purpose.

  5. Fees; Payment

    Customer shall pay Edra Labs fees for the Service as set forth in each Order Form (“Fees”). Unless otherwise specified in an Order Form, all Fees shall be invoiced in advance and all invoices issued under this Agreement are payable in U.S. dollars within thirty (30) days from date of invoice. Past due invoices are subject to interest on any outstanding balance of the lesser of 1.5% per month or the maximum amount permitted by law. Customer shall be responsible for all taxes associated with Service (excluding taxes based on Edra Labs’s net income). All Fees paid are non-refundable and are not subject to set-off.

  6. Restrictions

    1. Except as expressly set forth in this Agreement, Customer shall not (and shall not permit any third party to), directly or indirectly: (i) reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code, object code, or underlying structure, ideas, or algorithms of the Service (except to the extent Applicable Laws specifically prohibit such restriction); (ii) modify, translate, or create derivative works based on the Service; (iii) copy, rent, lease, distribute, pledge, assign, or otherwise transfer or encumber rights to the Service; (iv) use the Service for the benefit of a third party; (v) remove or otherwise alter any proprietary notices or labels from the Service or any portion thereof; (vi) use the Service to build an application or product that is competitive with any Edra Labs product or service; (vii) interfere or attempt to interfere with the proper working of the Service or any activities conducted on the Service; (viii) bypass any measures Edra Labs may use to prevent or restrict access to the Service (or other accounts, computer systems or networks connected to the Service); (ix) use the Service in violation of any applicable local, state, national and foreign laws, treaties and regulations (including those related to data privacy, international communications, export laws and the transmission of technical or personal data laws) (“Applicable Laws”); (x) use the Service in a manner that violates any third party intellectual property, privacy, contractual or other proprietary rights; or (xi) submit to or otherwise provide to Edra Labs any data or content that is in violation of Applicable Laws or otherwise inappropriate for the Services, including without limitation, any Sensitive Data; “Sensitive Data” means any (a) special categories of data enumerated in European Union Regulation 2016/679, Article 9(1) or any successor legislation; (b) protected health information as defined in the Health Insurance Portability and Protection Act, as amended; (c) payment cardholder information or financial account information, including bank account numbers or other personally identifiable financial information; (d) social security numbers, driver’s license numbers, or other government identification numbers; (e) other information subject to regulation or protection under specific laws such as the Children’s Online Privacy Protection Act or the Gramm-Leach-Bliley Act, in each case as amended, or related rules or regulations; or (f) any data similar to the above protected under Applicable Laws.
    2. Customer is responsible for all of Customer’s activity in connection with the Service, including but not limited to uploading Customer Data onto the Service and/or providing Edra Labs with access to Customer Data. Customer is responsible for the use of the Service by any person to whom Customer has given access to the Service.

  7. Customer Data

    1. For purposes of this Agreement, “Customer Data” shall mean any data, information or other material provided, uploaded, or submitted by Customer to the Service in the course of using the Service, and “Output” shall mean the data, information, actions, or results created or generated by the Service from the Customer Data. Customer shall retain all right, title and interest in and to the Customer Data, including all intellectual property rights therein. Customer shall be fully responsible for the accuracy, quality, integrity, legality, reliability, appropriateness, lawfulness, and intellectual property ownership or right to use of all Customer Data. Customer Data shall be Customer’s Proprietary Information (defined below).
    2. Edra Labs shall use commercially reasonable efforts to maintain the security and integrity of the Service and the Customer Data. Customer is responsible for the use of the Service by any person to whom Customer has given access to the Service, even if Customer did not authorize such use. Customer agrees and acknowledges that Customer Data may be irretrievably deleted if Customer’s account is ninety (90) days or more delinquent.
    3. Notwithstanding anything to the contrary, Customer acknowledges and agrees that Edra Labs may internally process Customer Data, including combining or transforming Customer Data solely as necessary to provide the Service to Customer. Edra Labs will not use Customer Data for any purpose other than providing the Service.

  8. Term; Termination

    This Agreement shall commence upon the Effective Date set forth in the initial Order Form executed by the Parties, and, unless earlier terminated in accordance herewith, shall continue until the final expiration or termination of all Order Forms associated with this Agreement.

    Following the Initial Term (as defined in the Order Form), Customer may terminate this Agreement for convenience upon providing Edra Labs at least ninety (90) days’ prior written notice. In the event Customer terminates the agreement for convenience, the Platform Access Fee (as set forth in the Order Form) will not be refunded.

    In the event of a material breach of this Agreement by either party, the non-breaching party may terminate this Agreement by providing written notice to the breaching party, provided that in case of a breach capable of cure, the breaching party does not materially cure such breach within thirty (30) days of receipt of such notice.

    Without limiting the foregoing, Edra Labs may suspend or limit Customer’s access to or use of the Service if (i) Customer’s account is more than thirty (30) days past due, or (ii) Customer’s use of the Service results in (or is reasonably likely to result in) damage to or material degradation of the Service (meaning a significant reduction in availability, security, or performance of the Service that materially impairs Edra Labs’s ability to provide access to the Service to other customers); provided that in the case of subsection (ii): (a) Edra Labs shall use reasonable good faith efforts to work with Customer to resolve or mitigate the damage or degradation in order to resolve the issue without resorting to suspension or limitation; (b) prior to any such suspension or limitation, Edra Labs shall use commercially reasonable efforts to provide notice to Customer describing the nature of the damage or degradation; and (c) Edra Labs shall reinstate Customer’s use of or access to the Service, as applicable, if Customer remediates the issue within thirty (30) days of receipt of such notice.

    All provisions of this Agreement which by their nature should survive termination shall survive termination, including, without limitation, accrued payment obligations, ownership provisions, warranty disclaimers, indemnity and limitations of liability.

  9. Indemnification

    Each party (“Indemnitor”) shall defend, indemnify, and hold harmless the other party, its affiliates and each of its and its affiliates’ employees, contractors, directors, suppliers and representatives (collectively, the “Indemnitee”) from all liabilities, claims, and expenses paid or payable to an unaffiliated third party (including reasonable attorneys’ fees) (“Losses”), that arise from or relate to any third-party claim resulting from: (i) the Customer Data, Output, or Customer’s use of the Service (in the case of Customer as Indemnitor); or (ii) the Service (in the case of Edra Labs as Indemnitor), infringes, violates, or misappropriates any third party intellectual property right. Each Indemnitor’s indemnification obligations hereunder shall be conditioned upon the Indemnitee providing the Indemnitor with: (i) prompt written notice of any claim (provided that a failure to provide such notice shall only relieve the Indemnitor of its indemnity obligations if the Indemnitor is materially prejudiced by such failure); (ii) the option to assume sole control over the defense and settlement of any claim (provided that the Indemnitee may participate in such defense and settlement at its own expense); and (iii) reasonable information and assistance in connection with such defense and settlement (at the Indemnitor’s expense). The foregoing obligations of Edra Labs do not apply with respect to the Service or any information, technology, materials or data (or any portions or components of the foregoing) to the extent (i) not created or provided by Edra Labs (including without limitation any Customer Data), (ii) made in whole or in part in accordance to Customer specifications, (iii) modified after delivery by Edra Labs, (iv) combined with other products, processes or materials not provided by Edra Labs (where the alleged Losses arise from or relate to such combination), (v) where Customer continues allegedly infringing activity after being notified thereof or after being informed of modifications that would have avoided the alleged infringement.

  10. Disclaimer

    EXCEPT AS EXPRESSLY SET FORTH HEREIN, THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” AND ARE WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES IMPLIED BY ANY COURSE OF PERFORMANCE, USAGE OF TRADE, OR COURSE OF DEALING, ALL OF WHICH ARE EXPRESSLY DISCLAIMED. CUSTOMER ACKNOWLEDGES THAT THE OUTPUTS MAY CONTAIN ERRORS AND MISSTATEMENTS AND MAY BE INCOMPLETE OR INACCURATE. BEFORE LEVERAGING ANY OUTPUTS, CUSTOMER OR ANY AUTHORIZED USER IS RESPONSIBLE FOR MAKING ITS OWN DETERMINATION THAT THE OUTPUTS ARE SUITABLE, AND CUSTOMER IS SOLELY RESPONSIBLE FOR ANY RELIANCE ON THE ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY OUTPUTS.

  11. Limitation of Liability

    EXCEPT FOR THE PARTIES’ INDEMNIFICATION AND CONFIDENTIALITY OBLIGATIONS, IN NO EVENT SHALL EITHER PARTY, NOR ITS DIRECTORS, EMPLOYEES, AGENTS, PARTNERS, SUPPLIERS OR CONTENT PROVIDERS, BE LIABLE UNDER CONTRACT, TORT, STRICT LIABILITY, NEGLIGENCE OR ANY OTHER LEGAL OR EQUITABLE THEORY WITH RESPECT TO THE SUBJECT MATTER OF THIS AGREEMENT (I) FOR ANY LOST PROFITS, DATA LOSS, COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR SPECIAL, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES OF ANY KIND WHATSOEVER, SUBSTITUTE GOODS OR SERVICES (HOWEVER ARISING), (II) FOR ANY DIRECT DAMAGES IN EXCESS OF (IN THE AGGREGATE) THE FEES PAID (OR PAYABLE) BY CUSTOMER TO EDRA LABS HEREUNDER IN THE TWELVE (12) MONTHS PRIOR TO THE EVENT GIVING RISE TO A CLAIM HEREUNDER.

  12. Confidentiality

    The Parties undertake to keep confidential any information and documents of the respective other party, which are either to be regarded as confidential due to the nature of the information or the circumstances of their disclosure or have been designated or marked as confidential by the disclosing party, such as business and/or trade secrets and to use them exclusively for the purposes allowed under this Agreement and not to make them accessible to third parties except as permitted below. The receiving party shall undertake reasonable technical and organizational measures designed to protect the integrity, security and confidentiality of confidential information, and inform the disclosing party in case of an unauthorized access or any other breach of confidentiality obligation. Confidential information on the part of Customer shall include, in particular, the technical components and the source codes of Customer, any technical documentation, training material and information provided by Customer and Customer Data. The receiving party is entitled to disclose confidential information of the disclosing party (i) its employees, contractors, representatives or consultants on a need to know basis if and to the extent such disclosure is indispensable for the performance of this Agreement and if they are bound by the confidentiality obligations at least as protective as those contained herein (ii) in a legal proceeding, (iii) if the disclosure is mandatory by law or (iv) upon prior written approval of the disclosing party. The duty of confidentiality shall commence upon gaining knowledge of the confidential information and will continue for the entire term of this Agreement. In addition, the duty of confidentiality shall remain in place for three (3) years from termination or the end of the Agreement term. In particular, any business secrets shall be treated confidentially for as long as they are business secrets.

  13. Miscellaneous

    This Agreement represents the entire agreement between Customer and Edra Labs with respect to the subject matter hereof and supersedes all prior or contemporaneous communications and proposals (whether oral, written or electronic) between Customer and Edra Labs with respect thereto. The Agreement shall be governed by and construed in accordance with the laws of the State of Delaware, excluding its conflicts of law rules, and the parties consent to exclusive jurisdiction and venue in the state and federal courts located in Wilmington, Delaware. All notices under this Agreement shall be in writing and shall be deemed to have been duly given when received, if personally delivered or sent by certified or registered mail, return receipt requested; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; or the day after it is sent, if sent for next day delivery by recognized overnight delivery service. Notices must be sent to the contacts for each party set forth on the Order Form. Either party may update its address set forth above by giving notice in accordance with this section. Except as otherwise provided herein, this Agreement may be amended only by a writing executed by both parties. Except for payment obligations, neither party shall be liable for any failure to perform its obligations hereunder where such failure results from any cause beyond such party’s reasonable control, including, without limitation, the elements; fire; flood; severe weather; earthquake; vandalism; accidents; sabotage; power failure; denial of service attacks or similar attacks; Internet failure; acts of God and the public enemy; acts of war; acts of terrorism; riots; civil or public disturbances; strikes lock-outs or labor disruptions; any laws, orders, rules, regulations, acts or restraints of any government or governmental body or authority, civil or military, including the orders and judgments of courts. Neither party may assign any of its rights or obligations hereunder without the other party’s consent; provided that (i) either party may assign all of its rights and obligations hereunder without such consent to a successor-in-interest in connection with a sale of substantially all of such party’s business relating to this Agreement, and (ii) Edra Labs may utilize subcontractors in the performance of its obligations hereunder. No agency, partnership, joint venture, or employment relationship is created as a result of this Agreement and neither party has any authority of any kind to bind the other in any respect. In any action or proceeding to enforce rights under this Agreement, the prevailing party shall be entitled to recover costs and attorneys’ fees. If any provision of this Agreement is held to be unenforceable for any reason, such provision shall be reformed only to the extent necessary to make it enforceable. The failure of either party to act with respect to a breach of this Agreement by the other party shall not constitute a waiver and shall not limit such party’s rights with respect to such breach or any subsequent breaches.

  14. Security

    The Company maintains a formalized information security policy to comply with various regulatory and business requirements. This security policy protects all sensitive and confidential data stored, accessed, or transmitted by our software platform, including its applications, components, infrastructure, and underlying code. The Company has designed a risk assessment program to assess the organization’s enterprise-level risk at least annually or upon significant changes to the environment. This program is designed to identify and assess threats to and vulnerabilities in systems and in service. The Company takes responsibility for implementing appropriate technical and organizational safeguards to ensure the protection of sensitive information. Employees of the Company are required to read and accept the terms of a confidentiality agreement upon hire that states they are prohibited from disclosing any company data from the systems and system components to which they have access. The Company maintains strict control access to restrict private information to privileged users. These users are required to abide by their assigned responsibilities related to their elevated access. The Company has established a Data Handling, Retention, and Disposal Program to manage information in accordance with applicable laws, regulations, policies, and standards. This program establishes a formal data retention schedule and implements a data classification standard to ensure the confidential data is secured. The Company retains sensitive and confidential data only for as long as necessary to fulfill its purposes unless otherwise required by law or to meet legal and client contractual obligations. The Company segments its network to prevent direct or unauthorized connections between an external network and its information systems, in particular confidential data in cloud environments. The Company maintains a vulnerability management program to ensure the confidentiality, integrity, and availability (CIA) of the organization’s information systems landscape, which includes all critical system resources. The program includes internal and external scans, penetration testing, and issue remediation for the purposes of identifying, detecting, classifying, prioritizing, remediating, validating, and continuously monitoring vulnerabilities. The Company conducts independent third-party penetration tests at least annually on any systems with Confidential data or with a critical risk rating to identify security vulnerabilities.

  15. Infrastructure

    Edra provisions dedicated infrastructure per client in the AWS region of the client's choice. Each client has a separate, dedicated Virtual Private Cloud with all data stored in an S3 bucket that is only accessible to services inside this VPC. No customer data ever gets stored or retained anywhere outside of the VPC. Edra engineers do all the data work on the AWS infrastructure, connecting through an SSM connection. All infrastructure is provisioned through terraform, runs on GitHub actions which defines users, their permissions, as well as permissions for GitHub Actions. Client data is encrypted and exists in S3 buckets that are private except to individual services which explicitly request access to them. Users can only access S3 buckets for projects they are explicitly added to in the central access management repository.

  16. Networking

    VPC has a public and private subnet pair in each availability zone for high availability. Backend services (i.e., servers) only exist in private subnets. All traffic to the backend services is managed by a load balancer in the public subnet. Only services which are explicitly defined in terraform are registered with the load balancer and have the ability to request traffic. Edra uses security groups to prohibit all access to our VPC, with the exception of: the load balancer which accepts HTTPS traffic and forwards it to the appropriate backend services (which are in a private subnet) and return traffic for requests we send from our VPC via a NAT gateway.

  17. Access

    Edra uses Okta with MFA as the SSO provider that is used to login to GitHub, AWS and any applications with access to customer data. All AWS access is managed through a central terraform GitHub repository. Users can only access S3 buckets for projects they are explicitly added to in the central access management repository, following least privileged access policy. Edra uses Amazon GuardDuty as a threat detection service that continuously monitors AWS accounts, workloads, and data stored in Amazon S3 for malicious activity and unauthorized behavior including VPC Flow Logs, AWS CloudTrail management and data event logs and DNS logs.

Exhibit A – Service Level Statement

  1. Service Level Commitment

    1. Edra Labs’s goal is to provide 99% uptime with respect to the Services during each calendar month of the Order Form Term, excluding Regularly Scheduled Maintenance and any Excusable Delay (each defined below).
    2. Regularly Scheduled Maintenance and Excusable Delays do not count as downtime. “Excusable Delay” means any delay or failure in the Services that is due to causes beyond Edra Labs’s reasonable control, including, but not limited to, issues caused by third-party telecommunications, model, hosting, and/or internet service provider(s), delays or failures involving hardware or software not within Edra Labs’s possession or control, acts of God, acts of the public enemy, acts of any governmental authority in its sovereign capacity, fires, floods, power outages, hurricanes, earthquakes, epidemics, quarantine restrictions, strikes or other labor disputes and freight embargoes. “Regularly Scheduled Maintenance” means planned downtime, which shall be any period outside of the hours of 6:00 a.m. to 9:00 p.m. Pacific Time, Monday through Friday and 8:00 a.m. to 5:00 p.m. Pacific Time Saturday, Sunday, and holidays for which Edra Labs gives eight (8) hours or more notice that the Services will be unavailable.
    3. Edra Labs in its sole discretion may take the Services down for unscheduled maintenance and in that event will exercise reasonable efforts to notify Customer in advance. Such unscheduled maintenance will be counted against the uptime guarantee. Customer is solely responsible for providing, at its own expense, all network access to the Services, including, without limitation, acquiring, installing and maintaining all telecommunications equipment, hardware, software and other equipment as may be necessary to connect to, access and use the Services.
    4. Exclusive Remedy: Customers may receive service credits only for up to two calendar months of Fees in any given calendar year. If Edra Labs fails to meet its uptime commitments to Customer in two consecutive months, Customer may terminate this Agreement and will be entitled to a pro-rated refund of the unused Fees. THIS EXHIBIT A SETS FORTH CUSTOMER’S SOLE AND EXCLUSIVE REMEDY, AND EDRA LABS’S ENTIRE LIABILITY, FOR ANY FAILURE TO MEET THE FOREGOING AVAILABILITY GUARANTEES.

  2. Credit Request

    In order to receive a credit under this Exhibit A, Customer must request it by emailing Edra Labs at support@edra.ai within ten days of the end of the applicable month. Customers who are past due or in default with respect to any payment or any material contractual obligations to Edra Labs are not eligible for any credit under this Service Level Statement. Edra Labs shall calculate any service level downtime using Edra Labs’s system logs and other records. Service credits will be applied on Customer’s next invoice following Edra Labs’s receipt of Customer’s request for credit and Edra Labs’s verification that the Service Level was not met.