This Terms of Service, including any exhibits, appendices, and policies that are referenced or attached, forms a binding agreement (“Agreement”) between Pivo Innovation Labs Private Limited (Parent Company of “Mikros”) and the entity (“Company”) executing an order referencing this Agreement (“Order”). This Agreement is effective upon execution of such Order (the “Effective Date”). This Agreement governs all access and use of our website located at https://mikros.ai (the “Site”), the Mikros microlearning platform accessible via the Site (the “Platform”), and all other Mikros services, technology, data, programs, professional services, and materials (collectively, the “Services”). In the event of a conflict between this Agreement and the Order, the Order shall take precedence. Mikros and the Company are each a “Party” and collectively, the “Parties.”

1. Grant of Rights, Intellectual Property

a. License. Subject to the terms of this Agreement, Mikros hereby grants the Company and its Users the limited, non-exclusive, non-transferable, non-assignable, and non-sublicensable right to access and use the Services for its internal business use as set forth in an Order. Except as expressly authorized herein, Mikros retains all rights, title, and interest in and to the Services, Usage Metadata, and Intellectual Property Rights embodied therein or related thereto. "Intellectual Property Rights" means all patents, copyrights, trade secrets, trademarks, service marks, and all other worldwide intellectual property or proprietary rights (registered or not). “Usage Metadata” means aggregated data sets, reports, and analyses that Mikros may create relating to the Services, in a form that is anonymized and does not identify the Company or any individual user.

b. Users. “User” means any individual whom the Company authorizes to use the Services. Users may be administrative users (“Admin Users”) who configure, create, deliver, and analyze courses or learners (“Learner Users”) who complete courses. The Company agrees that the maximum number of Users that the Company authorizes to access and use the Services will not exceed the number of seat licenses the Company has purchased for its Users (the “User Subscriptions”). User Subscriptions may not be used or shared by more than one individual. Any use in excess of the User Subscriptions shall be invoiced at the applicable rate for the additional User Subscriptions, and such additional subscriptions shall be co-terminus with the Company’s current Order term.

c. User Content. The Services enable Users to store, post, and share content such as texts, files, documents, images, music, software, audio, and video (collectively, “User Content”). By providing User Content, the Company represents and warrants that: (i) it owns or has all necessary licenses, rights, consents, and permissions to grant the license herein; and (ii) neither the User Content nor any access or use of the User Content via the Services will infringe, misappropriate, or otherwise violate a third party’s intellectual property rights or rights of publicity or privacy, or result in the violation of any applicable law or regulation. Mikros reserves the right to remove or disable access to any content, including User Content, at any time and without notice or liability, if Mikros, at its sole discretion, considers it in violation of this Agreement. The Company grants Mikros, its affiliates, and their respective agents, suppliers, and subcontractors, a non-exclusive, transferable, worldwide, royalty-free license, with the right to sublicense through multiple tiers, during the applicable Subscription term to (i) access and use, reproduce, format, store, distribute, display, and perform the User Content and associated metadata in order to provide the Services, and (ii) generate Usage Metadata. Subject to the foregoing license, the Company retains all Intellectual Property Rights to its User Content.

d. Feedback. The Company agrees that Mikros owns all Intellectual Property Rights in any feedback, comments, ideas, proposals, suggestions, recommendations, or enhancement requests provided by the Company or its Users (“Feedback”).

e. Third Party Resources. The Services may allow the Company to access and/or integrate with certain third-party products, services, websites, or other resources, including any content, products, or services that they display, link to, or make available (“Third Party Resources”). If the Company chooses to use any Third Party Resources in connection with the Services, access and use of such Third Party Resources will be subject to any applicable agreement between the Company and the third-party provider. Mikros is not responsible for acts, omissions, or any access to or use of the Company’s information by such third-party providers.

2. Fees, Payments, Cancellations

a. Subscription Fees. The Company may purchase a Services subscription from Mikros (“Subscription”) by execution of an Order indicating the subscription fee (“Subscription Fee”), term, and scope. The Company’s Subscription will continue until the Company or Mikros cancels or terminates in accordance with this Agreement.

b. Fee Payments. Unless otherwise specified on an Order, payment terms shall be net thirty (30) days after the date of invoice. All fees, charges, and taxes are payable in Indian Rupees. All payments are non-refundable and non-creditable except as expressly provided in this Agreement or applicable Order. The Company shall notify Mikros within two (2) weeks of receipt of an invoice if the Company disputes any fee or charge. If an undisputed portion of an invoice becomes delinquent and such delinquency is not remedied within fourteen (14) days of notice, Mikros may (i) suspend or terminate Services, (ii) apply a late charge on the unpaid amount equal to the lesser of 1% interest per month or the maximum rate allowed by law, and/or (iii) pursue any other available remedy.

c. Taxes. The Company is responsible for sales, use, GST, value-added, withholding, or similar taxes or levies that apply to the Services covered by each Order, whether domestic or foreign (“Taxes”), other than Mikros’s income tax. If Mikros has a legal obligation to pay or collect Taxes for which the Company is responsible under the Agreement, the appropriate amount shall be computed based on the Company’s “ship to” address, unless the Company provides Mikros with a valid tax exemption certificate authorized by the appropriate taxing authority.

3. Confidentiality

"Confidential Information" means proprietary, nonpublic, or trade secret information, disclosed in written, oral, or visual form, that the disclosing Party, its Affiliates, or agents (each, "Disclosing Party") provides to the other Party, its Affiliates, or agents (each, "Receiving Party") and which is designated as being confidential or that should reasonably have been understood under the circumstances as being confidential. The Receiving Party will not use, copy, or disclose Confidential Information except as permitted herein. Confidential Information remains the sole property of the Disclosing Party. The Receiving Party will protect the Disclosing Party's Confidential Information using no less than reasonable procedures. The Receiving Party may disclose Confidential Information to its employees, consultants, and contractors who have a need to know and who are bound by similarly stringent confidentiality obligations. The Receiving Party also may disclose Confidential Information pursuant to a legal requirement (e.g., subpoena) or to establish rights or obligations under this Agreement; provided, that (1) reasonable prior notice, unless legally prohibited, is provided to the Disclosing Party to permit an opportunity to contest the disclosure and (2) the Receiving Party discloses only to the extent necessary to comply with the legal requirement or to establish its rights or obligations. The Receiving Party will notify the Disclosing Party upon discovery of any unauthorized use or disclosure of Confidential Information and will cooperate to help prevent further unauthorized use or disclosure. The Receiving Party acknowledges that the Disclosing Party's Confidential Information is valuable and unique and that unauthorized use or disclosure may result in irreparable injury to the Disclosing Party for which monetary damages are inadequate.

4. Privacy. Mikros will process any personal information collected from the Company in accordance with the Mikros Privacy Policy at https://mikros.ai/ privacy-policy and the Data Processing Addendum (attached as Exhibit 1).

5. Security

a. Mikros will implement reasonable physical, technical, and organizational safeguards designed to secure the Services from unauthorized access, disclosure, loss, modification, or destruction. The Company will implement reasonable physical, technical, and organizational safeguards designed to keep the Company’s account and Users login credentials confidential and secure. The Company is responsible for all activities that occur under the Company’s account through its and its Users’ login credentials.

b. If a Party discovers that a Security Incident has occurred, that Party will notify the other Party promptly (and in any event within 72 hours of confirmation) unless otherwise prohibited by law or otherwise instructed by a law enforcement or supervisory authority. In addition to providing such notice, the notifying Party will promptly take reasonable steps to investigate and mitigate the effects of the Security Incident. “Security Incident” means a breach of security of the Services or the Company’s account leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, User Content in the possession or control of the Provider.

6. Term & Termination

a. Term. This Agreement will commence on the Effective Date and continue for as long as there are active Orders underneath it unless terminated earlier pursuant to 7 (b) below.

b. Termination. Either Party may terminate this Agreement in whole or part, including any particular Order(s), immediately upon notice to the other Party if the other Party is in material breach of this Agreement and does not cure the breach within thirty (30) days after written notice of the breach.

c. Effect of Termination. Upon termination of this Agreement, (i) the Company’s rights to access or use the Services will immediately terminate, (ii) if termination is by the Company pursuant to 6(b) above, Mikros will issue a pro-rated refund of any pre-paid unused fees, otherwise, the Company shall pay any remaining amounts due hereunder within sixty (60) days of termination, (iii) all liabilities accrued before the date of termination will survive and (iv) upon request, each Receiving Party will return or destroy all copies of the Disclosing Party’s Confidential Information.

7. Representations and Warranties

a. Mutual. Each Party represents and warrants that: (i) it possesses the full right, power, and authority to enter into and perform the Agreement and grant the rights granted herein; (ii) it is not bound by any obligation that would prevent it from entering into or performing its obligations herein; (iii) the execution, delivery, and performance of this Agreement have been duly authorized by all necessary corporate action; and (iv) it will comply with all applicable laws, rules, and regulations in its performance hereunder.

b. By Mikros. Mikros represents and warrants that it will provide the Services in accordance with (i) industry standards, (ii) the specifications included in this Agreement and the Order. Mikros may modify the Services at any time provided that any such modifications shall not materially diminish the core features and functionality of the Services. Should the Company notify Mikros that the Services fail to meet the foregoing warranty, Mikros shall make commercially reasonable efforts to promptly address such non-conformity.

c. Disclaimers. EXCEPT AS SET FORTH ABOVE, THE SERVICES ARE PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND. MIKROS EXPLICITLY DISCLAIMS ALL OTHER WARRANTIES OF ANY KIND, EXPRESSED OR IMPLIED, STATUTORY OR OTHERWISE IN LAW, TO THE FULLEST EXTENT PERMITTED BY LAW. FURTHER, MIKROS DOES NOT WARRANT OR REPRESENT THAT THE SERVICES OR CONTENT WILL MEET THE COMPANY’S REQUIREMENTS, BE AVAILABLE ON AN UNINTERRUPTED, SECURE, ERROR-FREE, OR DEFECT-FREE BASIS, BE FREE OF ANY MALICIOUS CODE, OR BE ACCURATE, COMPLETE, OR RELIABLE. MIKROS, ITS AFFILIATES, AND LICENSORS DO NOT GUARANTEE ANY TEXT (SMS) MESSAGE DELIVERY, TIMELINESS, OR AVAILABILITY, AND ARE NOT RESPONSIBLE FOR ANY LOST OR MISDIRECTED MESSAGES, OR FOR ANY TEXT MESSAGING OR WIRELESS SERVICE CHARGES INCURRED IN CONNECTION WITH THE SERVICES.

Indemnification

a. Indemnification. Each Party (the “Indemnitor”) agrees to defend, indemnify, and hold harmless the other Party, its affiliates, licensors, and service providers, and its and their respective officers, directors, employees, contractors, agents, licensors, suppliers, successors, and assigns (each, an “Indemnitee”) through final judgment or settlement, from and against any third-party claim, action, suit, proceeding, judgments, settlements, losses, damages, expenses (including reasonable legal fees and expenses) and costs (including allocable costs of in-house counsel) ("Claim") brought against an Indemnitee to the extent arising out of or based upon: (i) the Indemnitor’s violation of law in its performance hereunder; (ii) the Indemnitor’s fraud or intentional misconduct; (iii) an infringement claim based upon the Services (in the case of Mikros as the Indemnitor) or the User Content (in the case of the Company as the Indemnitor).

b. Process. The Indemnitee will (i) promptly provide notice to the Indemnitor of any Claim for which indemnity is claimed (provided, that, any delay in providing notice will not relieve the Indemnitor of the Indemnitor’s obligations hereunder, except to the extent that the Indemnitor is materially prejudiced by the delay), (ii) permit the Indemnitor to control the defense of any such Claim and (iii) provide reasonable assistance at the Indemnitor’s reasonable cost. The Indemnitor may control the defense provided that the Indemnitee may fully participate in the defense at its own cost. Notwithstanding the foregoing, the Indemnitor may not consent to entry of any judgment or enter into any settlement that imposes liability or obligations on the Indemnitee or diminishes its rights, without obtaining the Indemnitee's express prior consent, such consent not to be unreasonably withheld or delayed.

9. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL EITHER PARTY BE LIABLE FOR ANY INDIRECT, CONSEQUENTIAL, SPECIAL, EXEMPLARY, OR INCIDENTAL DAMAGES OF ANY KIND, INCLUDING LOST PROFITS, REVENUES, SAVINGS, BUSINESS OPPORTUNITIES, DATA OR GOODWILL, SERVICE INTERRUPTIONS, COMPUTER DAMAGES OR SYSTEM FAILURES, OR REPLACEMENT SERVICES, HOWEVER CAUSED AND REGARDLESS OF THEORY OF LIABILITY, WHETHER OR NOT THE PARTY WAS NOTIFIED OF THE POSSIBILITY OF SUCH DAMAGES, AND WHETHER OR NOT THE REMEDIES PROVIDED FOR HEREIN FAIL OF THEIR ESSENTIAL PURPOSE. THE COMPANY SPECIFICALLY ACKNOWLEDGES THAT MIKROS WILL NOT BE LIABLE FOR ANY USER CONTENT OR USER CONDUCT AND THAT THE RISK OF HARM OR DAMAGE FROM ANY OF THE FOREGOING RESTS SOLELY WITH THE COMPANY. EXCEPT FOR A PARTY’S FRAUD OR WILLFUL MISCONDUCT, EACH PARTY’S AGGREGATE LIABILITY FOR ANY AND ALL CAUSES OF ACTIONS, CLAIMS, AND DAMAGES IN CONNECTION WITH THIS AGREEMENT IS LIMITED TO THE LESSER OF (i) DIRECT DAMAGES PROVEN BY THE OTHER PARTY, OR (ii) THE AMOUNT OF FEES OR CHARGES PAID BY THE COMPANY TO MIKROS DURING THE 12-MONTH PERIOD BEFORE THE DATE ON WHICH ANY CLAIM AROSE, (OR FIFTY THOUSAND INDIAN RUPEES (₹50,000) IF THE COMPANY HAS NOT HAD ANY PAYMENT OBLIGATIONS TO MIKROS).

10. Acceptable Use Policy. The Company agrees not to do, or permit any of its Users to do, any of the following: (i) Post, upload, publish, submit, or transmit any User Content that infringes, misappropriates, or violates Intellectual Property Rights, or any applicable law or regulation or contains any malicious computer code, file, or program; (ii) Disrupt the security or stability of the Services or otherwise circumvent any technological measure implemented to protect the Services or Content; (iii) Send any unsolicited or unauthorized advertising, promotional materials, spam, emails, junk mail, chain letters, or other forms of solicitation, (iv) Rent, lease, distribute, license, sublicense, sell, loan, transfer, assign, distribute, network or otherwise provide access or use of the Services or Content to, or for the benefit of, any third party in any manner not permitted by this Agreement, including without limitation to create a competitive service or product; (v) Forge any TCP/IP packet header or any part of the header information in any email or newsgroup posting, or in any way use the Services or Content to send altered, deceptive, or false source-identifying information; or (vi) Attempt to reproduce, modify, adapt, or create derivative works of the Services or to decipher, decompile, disassemble, reverse engineer, exchange, or translate any software on the Site or used to provide the Services, or remove or tamper with any disclaimers, Intellectual Property Rights notices, proprietary rights notices, or other legal notices in the Services. Mikros reserves the right, but is not obligated, to monitor access to or use of the Services, or to monitor, review, censor, or edit any User Content, to confirm compliance with the foregoing restrictions.

11. Miscellaneous

a. Force Majeure. Neither Party will be liable in damages or have the right to terminate this Agreement for any delay or default in performing hereunder (except for failure to timely pay) if such delay or default is caused by conditions beyond its reasonable control including acts of God, government restrictions (including the denial or cancellation of any export or other necessary license), acts of terrorism, wars, disease, or insurrections.

b. Governing Law and Forum. This Agreement will be construed and enforced in accordance with the laws of India, without regard to its conflict of laws provisions. Each Party agrees that any action, suit, or other proceeding arising from or based upon this Agreement will be brought and maintained only in a court of competent jurisdiction located in the venue of the headquarters of the defendant in the action.

c. Export Compliance. The Services and other technology Mikros makes available, and derivatives thereof, may be subject to export laws and regulations of India and other jurisdictions. The Company represents that the Company and its Users are not named on any Indian government denied-party list. The Company will not permit its Users to access or use the Services in a country embargoed by India or in violation of any Indian export law or regulation.

d. Entire Agreement. This Agreement constitutes the entire and exclusive understanding and agreement between Mikros and the Company regarding the Services and supersedes and replaces all prior oral or written understandings or agreements between Mikros and the Company regarding the Services. Any terms contained in the Company’s purchase order or vendor registration process are expressly disclaimed and shall not apply. Mikros may amend this Agreement from time to time by posting the amended Agreement on our website. Such new terms shall apply to the Company’s continued use of the Services. The Parties’ rights and obligations which by their nature should survive termination will survive termination of this Agreement. Failure or delay to enforce any right or provision of this Agreement will not be considered a waiver of that right or provision. Any waiver will be effective only if in writing and signed by a duly authorized representative of the waiving party. Except as expressly set forth in this Agreement, the exercise by either Party of any of its remedies hereunder will be without prejudice to its other available remedies.

e. Severability; Interpretation. If any provision of this Agreement is held invalid or unenforceable by an arbitrator or a court of competent jurisdiction, that provision will be enforced to the maximum extent permissible and the other provisions will remain in full force and effect. The headings to Sections are for convenience or reference only and do not form a part of this Agreement and will not affect their interpretation. Neither Party will be afforded or denied preference in the construction of this Agreement, whether by virtue of being the drafter or otherwise. For purposes of the Agreement, the words and phrases “include”, “includes”, “including”, and “such as” are deemed to be followed by the words “without limitation”.

f. Relationship of Parties, Assignment. Nothing herein will be deemed to create, or be construed as creating, a joint venture, partnership, employment, or agency relationship between the parties. Neither Party may assign, delegate, or otherwise transfer this Agreement, by operation of law or otherwise, in whole or in part, without our prior written consent of the other party; provided that either party may assign to a successor in interest through the sale or transfer of all or substantially all of its assets or stock on notice to the other Party. Any attempt to assign or transfer the Agreement without such consent will be null and void. This agreement will bind and inure to the benefit of the parties, their successors, and permitted assigns.

g. Notices. Mikros may give general notices related to the Services by posting to the Services. Any legal notices shall be provided to Mikros at: Pivo Innovation Labs Private Limited, [first floor, No.19, Bharathidasan Street,Anna Nagar, Tennur, Tiruchirappalli, Tiruchirappalli, Tamil Nadu, 620017], Attn: Legal Department, with a copy via email to legal@mikros.ai; and to the Company at the address provided on the Order.

Exhibit 1 Data Processing Addendum

1. Roles of the Parties. The Company is the Data Controller and Mikros is the Data Processor in respect of any Personal Data provided by the Company and Users, including User Content (as defined in the Agreement), and Mikros will Process Personal Data solely in accordance with the Agreement or other documented instructions of the Company provided in accordance with the Agreement, or as otherwise required by applicable law. It is the Company’s responsibility to ensure that in accordance with relevant Data Protection Laws, there is a lawful basis for the collection and processing of Personal Data hereunder and the Company has provided appropriate notices to users and other data subjects.

2. Terms of Data Processing. Mikros will:

a. process Personal Data only on the Company’s reasonable documented instructions unless required to do so by law; in such a case, Mikros will inform the Company of that legal requirement before processing, unless prohibited by law on grounds of public interest;

b. ensure that persons authorized to process the Personal Data on Mikros’s behalf have committed themselves to confidentiality obligations or are under an appropriate statutory obligation of confidentiality;

c. implement appropriate technical and organizational measures designed to ensure a level of security for the Personal Data that is appropriate to the risks to individuals that may result from the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, the Personal Data;

d. not engage another processor without notice to the Company. The Company may request a list of sub-processors currently engaged by Mikros by emailing privacy@mikros.ai. The Company may notify Mikros in writing of any objections to new sub-processors (provided the objection is based on reasonable grounds relating to data protection). If we receive such an objection, the Parties will discuss such objections in good faith and Mikros will use reasonable commercial efforts to resolve the objection. If the Parties are unable to resolve the objection, the Company may terminate the affected Services by providing 30 days written notice to Mikros. We will impose obligations on any Data Processor that we appoint on the Company’s behalf that are equivalent to the terms set out herein. We will remain liable for the performance of these processors;

e. at the Data Controller’s election, delete or return all the Personal Data to the Data Controller after the end of providing the Services relating to processing, and delete existing copies except that Mikros will be entitled to retain Personal Data where required by Data Protection Laws or another applicable law, or where such data is required for Mikros’s internal record keeping or where it is necessary for use in any legal proceedings; the Company must notify Mikros of the Company’s request to have Personal Data returned or deleted within 30 days after the effective date of termination; and

Technical Security Measures

Cloud Security

· Cloud Infrastructure Security; All of our services are hosted with Amazon Web Services (AWS). They employ a robust security program with multiple certifications. For more information on our provider’s security processes, please visit AWS Security.

· Data Hosting Security: All of our data is hosted on Amazon Web Services (AWS) databases. These databases are all located in the Singapore region. Please reference the above vendor-specific documentation linked above for more information.

· Encryption at Rest: All databases are encrypted at rest.

· Encryption in Transit: Our applications encrypt in transit with TLS/SSL only.

· Vulnerability Scanning: We perform vulnerability scanning and actively monitor for threats.

· Logging and Monitoring: We actively monitor and log various cloud services.

· Business Continuity and Disaster Recovery: We use our data hosting provider’s backup services to reduce any risk of data loss in the event of a hardware failure. We utilize monitoring services to alert the team in the event of any failures affecting users.

· Incident Response: We have a process for handling information security events which includes escalation procedures, rapid mitigation, and communication.

‍Access Security

· Permissions and Authentication: Access to cloud infrastructure and other sensitive tools are limited to authorized employees who require it for their role. Where available, we have Single Sign-on (SSO), 2-factor authentication (2FA), and strong password policies to ensure access to cloud services are protected.

· Least Privilege Access Control: We follow the principle of least privilege with respect to identity and access management.

· Quarterly Access Reviews: We perform quarterly access reviews of all team members with access to sensitive systems.

· Password Requirements: ‍All team members are required to adhere to a minimum set of password requirements and complexity for access.

· ‍Password Managers: All company issued laptops utilize a password manager for team members to manage passwords and maintain password complexity.

Vendor and Risk Management

· Annual Risk Assessments: We undergo at least annual risk assessments to identify any potential threats, including considerations for fraud.

· Vendor Risk Management: Vendor risk is determined and the appropriate vendor reviews are performed prior to authorizing a new vendor.

Organizational Security Measures

· Third-Party Audits: Our organization undergoes independent third-party assessments to test our security and compliance controls.

· Third-Party Penetration Testing: We perform an independent third-party penetration at least annually to ensure that the security posture of our services is uncompromised.

· Roles and Responsibilities: Roles and responsibilities related to our Information Security Program and the protection of our customer’s data are well defined and documented. Our team members are required to review and accept all of the security policies.

· Security Awareness Training: Our team members are required to go through employee security awareness training covering industry-standard practices and information security topics such as phishing and password management.

· Confidentiality: All team members are required to sign and adhere to an industry-standard confidentiality agreement prior to their first day of work.

· Background Checks: We perform background checks on all new team members in accordance with local laws.