Terms and Subscriptions

STANDARD TERMS AND SUBSCRIPTION AGREEMENT

“PENETRATION TESTING AS A SERVICE”

CONTINUOUS. AUTOMATED. SAAS. POWERED BY AI.

WHAT WE DO. We provide continuous, automated Pen Test operations to enable Customers to understand whether critical systems and data are protected, what urgent issues must be immediately triaged or remediated, how to prioritize vulnerabilities and other defensive efforts, whether detection and remediation times are improving, and identify ineffective tools, controls, policies, processes, and training. We invite you to our website to learn and provide feedback.

HOW WE DO IT. How we do it. We identify your cybersecurity weaknesses by safely conducting offensive cyber operations leveraging automation, machine learning, and artificial intelligence. The customer provides Horizon 3 AI initial access, which allows us to act as a supply chain threat, insider threat, advanced persistent threat (APT), or a compromised user. With that initial access, we automatically orchestrate the execution of cyber attack tools & techniques. We laterally move through the enterprise, chaining together harvested credentials, software misconfigurations, exploitable vulnerabilities, and dangerous software defaults just like a cyber threat actor. We leverage graph analytics techniques to efficiently and safely maneuver, identifying verified attack paths that could lead to sensitive data exposure or business systems disruption. We inform the user of these verified attack paths, prioritized by business impact, so they can remediate the threat vectors.

I. BASIC APPLICABILITY.

This document contains Terms (“Terms”) for Horizon 3 AI, Inc. Services, Professional Services, and our Website at https://www.Horizon3.ai/. The Terms are binding between Horizon 3 AI, Inc. (“Horizon3.ai”, “we”, “us”, and “our”) and the Customer and Individual Website Users (“Customer(s)”, “Users(s)”, “you”, “your”, and “yours”). Horizon3.ai Services, including products, reports, and Professional Services are subject to these Terms, which remain in effect at all times while Customers and Individual Users employ Horizon3.ai’s Services, Professional Services or visit our Website; Customers and Individual Users acknowledge you have read, understood, and agree to comply with these Terms and confirm you are of legal age and have authority to agree to these Terms. If we update our Terms, we will post the updates on our Website, and for Customers, through other communications. This document also contains our Customer Subscription Agreement, which is applicable only to Customers and not Individual Users to the Website.

II. HORIZON 3 AI, INC. SERVICES AND RESPONSIBILITIES

Scope Horizon3.ai services include scanning and related analysis for which we use various techniques and software tools. We strive to achieve excellence without negative impacts to Customer systems but can’t guarantee we’ll identify all security issues and vulnerabilities or correctly measure the overall security posture and quality of Customer IT Systems or that we won’t damage systems. Our Services don’t include a review to detect criminal activity, nor do we identify, address, or correct errors or defects in Customer’s IT Systems. Subscribing to Horizon3.ai’s Service does not mean Customer IT Systems are secure from every form of attack.

Commercially Reasonable Efforts We will make commercially reasonable efforts to ensure Services are accessible and functional on a continuous basis, with exception of scheduled maintenance periods. Services may be inaccessible or inoperable due to equipment malfunctions, unscheduled maintenance or repairs, or causes beyond Horizon3.ai’s reasonable control or not reasonably foreseeable, including interruption or failure of telecommunication or digital transmission links, hostile network attacks, network congestion or other failures.

Third-Party Services Features of our Services may allow you to interface or interact with, access, and use compatible third-party services, products, technology, websites, and content. Horizon3.ai is not responsible for compatibility issues, errors, or bugs in our Services or third-party services caused in whole or in part by third-party services or updates or upgrades thereto; Customers are responsible for maintaining third-party services and obtaining licenses and consent necessary for use of third-party Services in connection with the Services.

Service Availability If our Service availability falls below 99.95% in a given month, Customers may apply for a Service Credit within thirty days following the calendar month in which the Service availability fell below the standard. To apply for credit, Customer will provide a detailed description of the incident in a Customer Support case. This is the only remedy for our failure to meet our Service availability standard; credits are not available for amounts that exceed 100% of Customer’s monthly Service fee. Once validated, Service Credit will be applied to Customer’s next payment period.

Service Availability Standard

Service Credit for the Month for Validated Incident

99.95% or above

None

99% – 99.94%

10%

95% – 98.99%

25%

Less than 95%

100%

Feedback We welcome suggestions, comments, and feedback regarding Services and Website via email at info@horizon3.ai. You grant to us a non-exclusive, perpetual, irrevocable, royalty-free license to use feedback from our Website or Services for all purposes, including testing, development, maintenance and Service improvement.

III. CONTENT OWNERSHIP

Ours We own and reserve all right, title, and interest to our Services and Content, including our intellectual property rights. We also maintain the ability to use and disclose general know-how, experience, concepts, and ideas, including methodologies for discovering and identifying vulnerabilities or weaknesses that we obtain in connection performing our obligations.

Yours You own your User and Customer Content and Materials. You warrant that you have all applicable consent and permission for us to collect, store, disclose, process and use any third-party data, including personal data, included in your User Content, and that Horizon3.ai’s use, collection, storage, disclosure, and processing of third-party data, including personal data in connection with Services and Website will not infringe any third-Party rights, or violate law, policy, rule or regulation (including privacy and cybersecurity).

Use of Customer Data and Materials Customer grants Horizon3.ai a limited license to Customer Data and Materials for the sole purpose of performing our Services for Customer. This includes a non-exclusive, worldwide right to use, copy, store, transmit, display, modify, and create derivative works necessary to manage, improve, and provide the Service and related services, as well as to provide support to Customer. Customer Data and Materials will be segregated from all other Horizon3.ai customers and used solely to manage and improve the Service provided to Customer. Customer will provide notice and maintain rights for access to collection, processing, storage, disclosure and use of Customer Materials and warrants that our use of Customer Materials will not violate the law or cause a breach of any agreement between Customer and a third party.

Removal of User Content We will make best efforts to remove User Content from our Services upon termination. Some User Content may not be completely removed; copies may exist. We are not responsible for removal or deletion of (or failure to remove or delete) User Content. To the extent that User Content is not removed by Horizon3.ai, Horizon3.ai shall exercise the same degree of care to protect such User Content as it employs to protect its own data, but no less than a commercially reasonable standard of care.

IV. CUSTOMER AND INDIVIDUAL USER RESPONSIBILITIES

Backup Customer has responsibility for protection and backup of data and equipment used with its IT Systems and will respond as though a real security penetration has occurred if activity from the Service is detected in the Customer systems, or systems monitoring Customer systems.

Third Parties Customer is responsible for equipment, infrastructure, servers, software, licenses and third-party fees related to use of Services. Customer warrants it has the lawful authorization required for Services, and shall, upon request provide such written authorization to Horizon3.ai.

Customer and User Authority You warrant you have the right to enter into this valid and binding Agreement and authorize performance contemplated and that you have the authority to permit the Services to be performed on the data, software, hardware, networks, and other systems to which Customer grants the Services access in connection with this Agreement.

False Information and Prohibited Uses You agree not to provide misleading information and to take reasonable means to secure your password and credentials and will notify us immediately of unauthorized Account use. You agree to use the Service for lawful purposes only.

Unauthorized Account Use You shall not allow anyone to use your Account or our Service to permit a third party to cause or permit the reverse engineering, disassembly, or any similar manipulation or attempt to discover source codes; bypass, alter, or tamper with security features or create any derivative work of our Services or do anything else that might jeopardize Account security; If you become aware of or reasonably suspect any breach of security, immediately notify Horizon3.ai and modify login Information. You shall not allow any third party to: give, sell, rent, lease, timeshare, sublicense, disclose, publish, assign, market, sell, display, transmit, broadcast, transfer or distribute any portion of the Service or the Website to anyone; circumvent, disable or otherwise interfere with security-related features of the Website or Service or features that prevent or restrict use or copying of any content or that enforce limitations on use of the Service or Website; copy, modify, translate, patch, improve, alter, change or create any derivative works of the Service or Website; use any means to access or monitor the Service or Website without prior authorization from Horizon3.ai; take action that may impose an unreasonably large load on Horizon3.ai’s infrastructure; attempt to interfere with the integrity or proper working of our Service or Website, or related activities; or use our Service or Website in an unlawful manner or for harmful, irresponsible or inappropriate purpose.. You are liable for acts of your employees or anyone on your behalf using the Service or Website that would constitute a breach of these Terms if performed by you.

Exports Customer will comply with all applicable laws, regulations and rules that prohibit or restrict the export of the Services or Customer Materials outside the United States and will ensure completion of any necessary export license or other governmental approval.

V. SUBSCRIPTION AGREEMENT

Initial Term Your Agreement becomes effective when you click “I ACCEPT” or by accessing Services and incorporates these Terms and your order form. The initial term begins on the effective date and expires at the end of the initial term on your order form. Following each term, Services may automatically renew if you have agreed to automatic renewal on your order form.

Support Consistent with Para. II, we will use commercially reasonable efforts to ensure Services are available at all times except for planned downtime (with reasonable advance notice to Customer); emergency downtime; and unavailability of Services caused by circumstances beyond our reasonable control. We will provide reasonable technical support in accordance with policy found at https://Horizon3.ai, which we may update from time to time.

Reservation of Rights Title and full, exclusive ownership rights in the Service and the Website and all reproductions, corrections, modifications, enhancements and improvements, and all related patent rights, copyrights, trade secrets, trademarks, service marks, related goodwill, including Horizon3.ai intellectual property incorporated in the Reports and data related to Website use and Service, excluding Customer Data, are exclusive property of Horizon3.ai. Use of the Service or Website does not confer any rights in our technology or intellectual property, other than the limited right of use. Companies names and customers mentioned on the Website are trademarks or commercial logos of their owners.

Monitoring/Law Enforcement We have the right to monitor access and use of our Services and Content and to edit, remove or disable access to Content. We have the right to investigate violations of the Terms or conduct that affects our Services and to cooperate with law enforcement authorities.

Fees Customer agrees to pay the non-refundable fees in your Order Form for an initial term of Service. At the end of the initial term or prior to renewal, we may change or add fees or charges provided we you give sixty days prior notice. Except as provided in your Order Form, we will issue annual invoices to Customer, with all amounts due within thirty days after date of invoice.

Survival Intellectual property, ownership, warranties, and liability limitations survive any termination or expiration of this Agreement.

Termination We may terminate Service without notice if you breach the Terms. We shall not be liable to you or any third party for terminating Service or Website access. You may cancel your Account by emailing us at billing@Horizon3.ai with thirty days written notice.

VI. MUTUAL CONFIDENTIALITY

Except as otherwise provided in these Terms, Horizon3.ai and its Customers are subject to a duty of mutual confidentiality. Confidential information is information that one party provides to the other in connection with this Agreement, orally or in writing, that is designated as confidential or that reasonably should be considered confidential given its nature or the circumstances of disclosure; Confidential Information includes Customer Data. It doesn’t include information that: was, at the date of disclosure, or have subsequently become, generally known or available to the public through no act or failure to act by the receiving party; was rightfully known by the receiving party prior to receiving such information; was rightfully acquired from a third party who has the right to disclose such information; or was independently developed by or for the receiving party without use of or access to any confidential Information of the disclosing Party.

Each party agrees to maintain confidentiality of propriety information received during, or prior to entering into this Agreement including the Services of and know-how disclosed by the other party, trade secrets or proprietary information, that the other party should know or have reason to know is confidential or proprietary based on the circumstances surrounding disclosure, including non-public technical and business information and information obtained as a result of this Agreement.

Agreement details are Confidential but may be disclosed confidentially to advisors, attorneys, actual/bona fide potential acquirers, investors or other funding sources for due diligence.

In the event of a Security Breach, Horizon3.ai will notify Customer without undue delay but no later than twenty-four (24) hours after Horizon3.ai becomes aware of it and will provide Customer with the name and contact information for a representative who shall serve as Customer’s primary security contact and shall be available to assist Customer twenty-four (24) hours per day, seven (7) days per week as a contact in resolving obligations associated with the Security Breach.

Upon termination, the receiving party will return or destroy the disclosing party’s Confidential Information in its possession or control, including permanent removal from any storage devices or other hosting environments in receiving party’s possession or control, and at the request of the disclosing party, certify in writing that such Confidential Information has been returned, destroyed or deleted, except the receiving party shall not be required to destroy or deliver to the disclosing party Confidential Information to the extent required by law, regulation, rule, audit requirements, document retention or other internal compliance policy, or automated backup or archiving procedures; provided that all such Confidential Information and related materials will be held subject to the terms of this Section VI.

VII. WARRANTY AND DISCLAIMER.

Our Services and Content are provided on an “AS IS” basis and Horizon3.ai makes no warranties to Customers and Individual Users, or to any other party regarding Services or Content, whether express or implied, including but not limited to, implied warranties of merchantability, fitness for a particular purpose or non-infringement, and warranties arising out of course of dealing or trade usage. Horizon3.ai does not warrant that our Services (including our Reports) or Professional Services are error-free, bug-free or uninterrupted. Since we don’t guarantee that Services will identify all vulnerabilities and weaknesses in Customer IT Systems, Services should not replace your independent judgment regarding cyber security practices. Our reports are not legal advice or advice from a Certified Information Systems Security Professional.

To perform our Services, we must probe, test, scan, analyze, infiltrate, and intrude Customer IT Systems hosted in the Cloud or by a third party or within the Customer’s IT environment. These intrusions may otherwise constitute a trespass or otherwise violate the law. Since you are consenting to the Services, you are waiving claims against Horizon3.ai for our Services.

We strive to provide Services without adverse effects to Customer IT systems. Due to the nature of our Services, Horizon3.ai does not guarantee that Services will not adversely impact Customer IT systems. Horizon3.ai disclaims all liability and Customer agrees to hold harmless Horizon3.ai with respect to adverse impacts on Customer IT systems including loss of business, connectivity loss, degradation of bandwidth, system losses and crashes, loss of information or access and collection exposure, or other disclosure of User Content or other data or information, including any personal data. We recommend you determine whether to obtain independent legal or professional advice based upon the findings in our Reports.

VIII. LIMITATIONS ON LIABILITY

Basis of the Bargain Limitations on liability are an essential part of the Agreement and apply if the remedies available hereunder are found to fail their essential purpose. Except for the case of a Security Breach, Horizon3.ai is not liable for damages for lost profits, revenues, savings, business opportunity, loss of data or goodwill, computer damage or system failure or the cost of substitute services of any kind arising out of or in connection with these Terms or from the use of or inability to use our Services or Content, whether based on warranty, contract, tort, product liability or another legal theory, and whether or not Horizon3.ai or any other party has been informed of the possibility of damage, even if a limited remedy set forth herein has failed.

In no event will Horizon3.ai’s total liability to Customers and Authorized Users in connection with this agreement, our IP or the provision of Services or Professional Services exceed the fees actually paid by Customer to Horizon3.ai in the twelve-month period preceding the event giving rise to the claim, regardless of the legal or equitable theory on which the claim or liability is based, and whether or not company was advised of the possibility of such loss or damage.

Waiver of Rights Horizon3.ai’s failure to enforce any right or provision of the Terms will not be considered a waiver of such right or provision.

Severability If any provision of this Agreement is held invalid, illegal, or unenforceable, the remaining provisions of this Agreement will remain in full force and effect.

Relationship of the Parties The parties are independent contractors; nothing in this Agreement establishes a partnership, joint venture or agency relationship between the Parties. Neither Party has authority to bind the other without the other party’s prior written consent.

No Third-Party Beneficiaries This Agreement does not confer rights, benefits, remedies, obligations, or liabilities on any person other than the parties, their successors and assignees.

Force Majeure Neither Party will be responsible for any failure or delay in the performance of its obligations under this Agreement (except for any payment obligations) due to causes beyond its reasonable control, which may include, without limitation, labor disputes, strikes, lockouts, shortages of or inability to obtain energy, raw materials or supplies, denial of service or other malicious attacks, telecommunications failure or degradation, pandemics, epidemics, public health emergencies, governmental orders and acts (including government-imposed travel restrictions and quarantines), material changes in law, war, terrorism, riot, or acts of God.

IX. MUTUAL INDEMNIFICATION

Horizon3.ai Indemnification Responsibilities We will defend Customer against any claim, suit or proceeding brought by a third-party alleging Customer’s Use of Services infringes on third-parties rights or obligations and will indemnify and hold harmless Customer against damages and costs awarded against Customer or agreed in settlement with us (including reasonable attorneys’ fees) resulting from such claim.

Exclusions Our indemnification obligations stated in the preceding paragraph will not apply if the underlying third-party claim arises from or as a result of: Customer breach of this Agreement, negligence, willful misconduct or fraud; Customer Materials; Customer failure to use any enhancements, modifications, or updates to the Services that have been provided by us; modifications to the Services by anyone other than Horizon3.ai; or combinations of the Services with software, data or materials not provided by Horizon3.ai.

Customer Indemnification Responsibilities Customer will defend and hold harmless Horizon3.ai against Claims arising from any Customer Materials, including: any Claim that the Customer Materials infringe, misappropriate or otherwise violate any third party’s Intellectual Property Rights or privacy or other rights; any Claim that the collection, use, provision, processing, transmission, disclosure, display or storage of Customer Materials violates any applicable law, policy, rule, regulation or consumer right; or any Claim arising out of the collection, access, storage, processing, exposure, or disclosure of any Customer Materials (including personal data included therein) as a result of the Services; any of Customer’s products or services; any state or federal laws, rules, or regulations related to an intrusion, including the Computer Fraud and Abuse Act, the Electronic Communications Privacy Act, the Cyber Security Enhancement Act, the Digital Millennium Copyright Act, and similar provisions of state law, and any other laws, rules, regulations related to scanning, hacking, cybersecurity or cybercrime; and use of Services by Customer in violation of these Terms, including breach of license restrictions and performance of Services on any software, hardware, networks, or systems that are not Customer Systems, and in each case, will indemnify and hold harmless Horizon3.ai against any damages and costs awarded against us or agreed in settlement by Customer (including reasonable attorneys’ fees) resulting from such claim.

Indemnification Procedures A party seeking defense and indemnity will promptly (and in any event no later than thirty days after becoming aware of facts or circumstances that could reasonably give rise to any claim) notify the other party of the claim for which indemnity is being sought and will reasonably cooperate with the indemnifying party in the defense and/or settlement. The indemnifying party will have the sole right to conduct the defense of any claim for which the indemnifying party is responsible hereunder (provided that the indemnifying party may not settle any claim without the indemnified party’s prior written approval unless the settlement is for a monetary amount, unconditionally releases the indemnified party from all liability without prejudice, does not require any admission by the indemnified party, and does not place restrictions upon the indemnified party’s business, products or services). The indemnified party may participate in the defense or settlement of any such claim at its own expense and with its own choice of counsel or, if the Indemnifying Party refuses to fulfill its obligation of defense, the Indemnified Party may defend itself and seek reimbursement from the indemnifying party.

Equitable Relief If a party’s breach or threatened breach would cause the other party irreparable harm and significant damages for which there may be no adequate remedy under law and that, in the event of such breach or threatened breach, the other party will have the right to seek immediate equitable relief, including a restraining order, an injunction, specific performance and any other relief that may be available from any court, without any requirement to post a bond or other security, or to prove actual damages or that monetary damages are not an adequate remedy.

Dispute Resolution Disputes will be resolved solely by binding, individual arbitration and not in a class, representative or consolidated action. The U.S. Federal Arbitration Act governs enforcement of the Terms, and both parties waive right to a trial by jury or participate in a class action. This arbitration provision shall survive termination of these Terms. As limited exceptions to the Arbitration requirement: Disputes may be resolved in small claims court if it qualifies; any Dispute involving the infringement or misappropriation of our intellectual property rights may be resolved in court and not through arbitration; we each retain the right to seek injunctive or other equitable relief from a court to prevent or enjoin infringement of intellectual property rights. In addition, you retain the right to opt out of arbitration entirely and litigate any Dispute if you provide written notice by email to billing@Horizon3.ai within thirty days from the date you first agree to the Terms. Arbitration will be conducted by the American Arbitration Association under its Consumer Arbitration Rules, except as modified by these Terms. The AAA Rules are available by calling 1-800-778-7879.

Effect of Changes on Arbitration Since we may change Terms from time to time, we may change terms of Dispute Resolution after the date you accept Terms or accept subsequent changes to Terms, you may reject changes by sending written notice to billing@Horizon3.ai within thirty days of the change. By rejecting a change, you agree to Dispute Resolution as of the date you first accepted the Terms or accepted a subsequent change to the Terms.

X. COMPLETE AGREEMENT

These Terms and your Order Form constitute the entire Agreement between Horizon3.ai and you. The Terms supersede and replace all prior oral or written agreements. If any provision of the Terms is held unenforceable by a court of competent jurisdiction, that provision will be enforced to the maximum extent permissible and other provisions will remain in full force and effect. You may not assign or transfer these Terms without Horizon3.ai’s prior written consent.

XI. DEFINITIONS

Account An identity created for a person or entity on our Website and Services.

Aggregate Data Derived or aggregated data in non-attributable form from Customer, Customer Materials, or Customer’s use of Services, including usage data or trends related to our Services.Customer An eligible person or authorized user of a legal entity which has a signed agreement or binding purchase order with Horizon3.ai to provide Services. Customers are eligible if legally authorized to contract with us; and not otherwise barred.

Customer Data Personal Data or Non-Personal Data, as defined in our Privacy Policy available at https://www.horizon3.ai/ or other information relating to the Customer or Customer’s Systems which is collected, processed, accessed, or affected while providing our Service.

Customer IT Systems Systems, infrastructure, and internet or network connected devices or assets owned or operated by or for Customer (incl. third-party hardware, software and devices.

Customer Materials Information, content, and other materials, in any form or medium, accessed by the Customer or submitted, posted, collected, transmitted or provided by or on behalf of Customer in connection with use of our Services, but excluding Aggregate Data and other information, data, data models, content or materials owned or controlled by Company.

Content Data and materials, including reports, analysis, software, or information regarding scans or functionality or activity of our Service, including User Content and visual, audio, numeric, graphical, text or other data displayed or available through the Website for use with our Service.

Individual User An eligible person or entity who accesses our Website and Services without a Subscription Agreement to include trial users. Individual Users are eligible if legally authorized to contract with us and not otherwise barred.

Privacy Policy Describes collection, use, and data and information disclosure in connection with Services / Website. We will update it from time to time; it remains incorporated with the Terms.

Professional Services Our services to help Customer’s implementation, deploy, onboard or other professional services, if any, as set forth in your Order Form.

Reports Output or results of the Service provided to the Customer or generated by the Customer.

Security Breach Means (i) any act or omission that actually results in either the security, confidentiality, or integrity of Customer Data or Customer Materials to be compromised by a party who is a not a party to this Agreement, or (ii) a willful or negligent breach of this Agreement relating to such privacy and data security practices. Without limiting the foregoing, a compromise shall include any unauthorized access to or disclosure or acquisition of Customer Data or Materials.

Services Software-As-A-Service, Professional Services and other security services provided pursuant to Subscription Agreement, such as education services.

Service Credit Percentage of the monthly fees paid for the Service that is awarded to Customer as a credit for future renewals or purchases for a validated claim associated with Services related to breach of the applicable Service Level during that month.

Subscription Agreement Software-as-a-Service Agreement to subscribe to the Horizon3.ai Software- as-a-Service, as described in Section III and your order form.

System Availability Percentage of total time during which Services are available to Customer excluding scheduled maintenance or inaccessibility or inoperability due to equipment malfunctions, unscheduled maintenance or repairs, or causes beyond Horizon3.ai’s reasonable control or not reasonably foreseeable, including interruption or failure of telecommunication or digital transmission links, hostile network attacks, network congestion or other failures.

User Content Data and information you provide to us such as personally identifiable information, materials, and communications you upload or allow access to via Services or Website.

MARCH 15, 2021