STANDARD TERMS

Last updated: 17/07/2025

These are the standard terms for all customers entering into software development agreements.

DASH HUB PRIZM

This Agreement (the “Agreement”) is entered into under the laws of Scotland by and between Dash Hub Ltd (the “Provider”), a company registered in Scotland with Company Number SC840343, whose registered office is at Park View House, 96 Caledonia Street, Glasgow, G5 0XG, and any person or entity that accesses or uses the Service (the “Customer”).

By accessing or using the Prizm platform, entering into a Software Development Agreement, completing an Order Form, or receiving any platform Outputs (as defined below), the Customer acknowledges and agrees to be bound by the terms of this Agreement.

Where the Customer registers an account or completes an Order Form, the information provided at the time of registration (including legal name, address, and company number, where applicable) shall form part of this Agreement and may be relied upon by either party.

1. DEFINITIONS

For the purposes of this Agreement, the following terms have the meanings set out below:

"Service" or "Prizm Platform" The Provider's software-as-a-service platform known as Prizm, including access to the Prizm Graph and Prizm Generator (collectively the "Platform"). The Service is provided remotely via internet access as a subscription.

"Prizm Graph" The process within the Prizm platform which models the customer's problem domain, application, and context, hosted within the Prizm Platform and surfaced by appropriate means.

"Prizm Generator" The process within the Prizm Platform that generates specified outputs for the Customer (for example, code, documentation, or other deliverables) based on the data and configurations in the Prizm Graph or other inputs.

'Subscription Tier" The subscription plan or level selected by Customer which defines the specific usage limits, support level, and fees applicable to the Service. The Subscription Tier determines the Customer's included Build Points, Graph Instances, and support services, as described in this Agreement and in any appended Schedules.

"Build Points" A unit of usage measurement allocated to the Customer under the Subscription Tier, consumed when using the Prizm Generator or other resource-intensive operations in the Service. Build Points are allotted per subscription period (e.g., per year) as part of the subscription and may be expended as the Customer uses the Generator component or related features.

"Graph Instance" An instance of a domain model within the Prizm Graph component. The Subscription Tier includes a fixed number of Graph Instances that the Customer may run or maintain concurrently (e.g., the number of separate graph databases or projects the Customer can have active at one time). In general, one Graph maps to one discrete application.

"Subscription Term" The initial committed term of the subscription to the Service, being 24 months from the Start Date, subject to earlier termination as provided in this Agreement.

"Start Date" The date on which the Subscription Term begins and the Customer is first granted access to the Service or the Service is used by the Provider on the customer's behalf. This is also the Effective Date of the Agreement if different from the date of this Agreement.

"Break Clause" The contractual option allowing the Customer to terminate the Service after an initial minimum period of twelve (12) months of the Subscription Term, as described in Clause 3.2 below. When the Break Clause is exercised, the Customer may terminate the Agreement without further obligation for the remaining term by ceasing payment after the minimum period, with no refund due for any fees already paid.

"Customer Data" Any data, information, content or material that the Customer or its authorised users input into, upload to, or generate using the Service, including any data sets, domain information, text, or files. Customer Data does not include the Service's underlying software or Provider's pre-existing intellectual property.

"Deliverables" Any specific outputs, work product, or deliverable items that are generated by the Prizm Generator component or otherwise provided by the Provider to the Customer as part of the Service (for example, any reports, code, models, or other materials produced for the Customer's use through the Service).

"Background IP" All intellectual property, materials, platform, software, algorithms, know-how, or content that is owned or developed by the Provider (i) prior to the Effective Date, or (ii) independently of this Agreement, or (iii) generally as part of the Provider's business, which may be used in providing the Service or included in any Deliverables. Background IP includes the Prizm platform, the Graph and Generator platform, and any underlying source code, libraries, templates, or processes of the Provider.

"Third-Party IP" Any intellectual property owned by third parties (not the Provider or the Customer) that is utilised within the Service or incorporated into Deliverables, including third-party software libraries, open-source components, or data that the Service uses or provides under license.

Additional terms are defined elsewhere in this Agreement as needed. In this Agreement, headings are for convenience and will not affect interpretation. The terms "including" or "for example" shall be construed without limitation. References to statutes or laws include their amendments and replacements. The singular includes the plural and vice versa as the context admits.

2. Agreement Duration (Term)

2.1 Initial Term: The subscription will commence on the Effective Date and continue for an initial term of twenty-four (24) months (the "Initial Term"), unless terminated earlier in accordance with this Agreement. Notwithstanding the length of the Initial Term, the Customer has a one-time right to terminate this Agreement at the end of the twelfth (12th) month of the Initial Term (the "Break Clause") by providing the Provider with at least thirty (30) days" prior written notice of termination, effective as of the end of that twelfth month. If the Customer exercises the Break Clause, this Agreement will terminate at the 12-month point without further automatic renewal or penalty (aside from any fees accrued up to the termination date).

2.2 Break Clause (Early Termination Option): The Customer commits to a minimum period of twelve (12) months of Service from the Start Date. Thereafter, at any time after the first 12 months of the Initial Term, the Customer may terminate this Agreement for convenience by simply ceasing to pay the subscription fees for subsequent months. The following terms apply to the Break Clause:

The Customer is not required to provide advance notice of termination under this Break Clause beyond non-payment. Non-payment of the next due subscription fee any time after month 12 shall be deemed an exercise of the Break Clause and will result in termination of Service at the end of the period for which the last paid-up fee covered.

No refund or credit of fees is due to the Customer for any unused portion of the Initial Term if the Customer elects to terminate early under this Break Clause. The Customer acknowledges that any fees paid (including, for example, annual or multi-month prepayments) are earned by the Provider upon receipt and will not be pro-rated or returned upon early termination.

If the Customer has paid fees covering a period beyond the effective termination date (for example, paid for months 24 in advance but terminates at month 15), the Provider will have no obligation to refund the remaining balance. The Customer is advised, therefore, to only prepay beyond 12 months if it fully intends to continue the subscription, as no refunds will be given. (Alternatively, the Customer may choose a monthly billing to retain flexibility after month 12, or may pay the initial 12 months in advance and then transition to monthly payment without penalty.)

2.3 Renewal or Continuation: Unless otherwise specified in writing, the subscription shall automatically renew at the end of the Initial Term for successive 12-month periods on the then-current terms and pricing applicable at renewal, as notified by the Provider at least 60 days in advance.

The Customer may elect, instead of renewal for a 12-month term, to continue the subscription on a rolling month-to-month basis by providing written notice to the Provider at least 30 days prior to the end of the Initial Term (or any subsequent renewal). In such case, the subscription shall continue on the same terms, subject to the Provider's then-current monthly pricing, and may be terminated by the Customer at any time thereafter by ceasing payment. No refund shall be due for any fees already paid.

If the Customer does not exercise the Break Clause during the Initial Term, and does not give notice of election to continue on a monthly basis, the Agreement shall automatically renew for a further 12-month term.

The Provider may vary pricing or terms on renewal by giving at least 60 days written notice. If the Customer continues to access the Service after such notice, the revised terms shall apply. The Customer may not unilaterally vary pricing or terms.

2.4 Termination for Cause: Each party may terminate this Agreement for cause prior to the end of the Term if the other party commits a material breach of the Agreement and (if the breach is remediable) fails to remedy that breach within thirty (30) days after receiving written notice detailing the breach. For clarity, material breach by the Customer includes but is not limited to: failure to pay any fees within 15 days of the due date, violation of the permitted use terms in Clause 4, or any breach of the Provider's intellectual property or confidentiality. Material breach by the Provider includes a persistent failure to provide the core Service as agreed (other than permitted downtime or force majeure events) or any other fundamental breach of the Agreement. Termination for cause shall be without prejudice to any other rights or remedies of the terminating party.

2.5 Effects of Termination: Upon termination or expiration of this Agreement for any reason:

The Provider will deactivate the Customer's access to the Service on the effective termination date (or, in the case of a non-payment Break Clause termination, at the end of the last paid subscription period). The Customer shall immediately cease all use of the Service from that date.

Any fees accrued or owed up to the date of termination (including for the month in which termination occurs, which shall not be prorated) shall become immediately due and payable by the Customer.

The Customer's Customer Data remains the property of the Customer (see Clause 8.4). The Customer is responsible for exporting or retrieving any Customer Data or Deliverables they wish to retain prior to the termination date. The Provider shall make available to the Customer any stored Customer Data for export (in a standard format) upon request within thirty (30) days after termination. After such 30-day period, the Provider may delete or anonymise any remaining Customer Data in its systems, subject to any legal requirements to retain data.

Clauses which by their nature are intended to survive termination (including but not limited to intellectual property provisions, confidentiality, liability limitations, and governing law) shall continue in force.

3. Acceptance and Use of Service

3.1 Acceptance Without Signature: The Customer's access to or use of any part of the Service constitutes acceptance of this Agreement. The Parties agree that no physical signature is required to bind the Customer to these terms. The Customer indicates consent to this Agreement either by affirmatively clicking an "I Agree" (or similar acceptance mechanism) during sign-up, or simply by using the Service after being made aware of the terms. If the individual accepting this Agreement is doing so on behalf of a company or other legal entity, such individual represents that they have the authority to bind that entity to these terms (and "Customer" will refer to that entity).

3.2 Customer Account and Credentials: To use the Service, the Customer may be required to create an account and provide certain information. The Customer is responsible for maintaining the confidentiality of its account credentials and ensuring that any users it authorises comply with the terms of this Agreement. Use of the Service by any person under the Customer's account (such as the Customer's employees or contractors) is deemed use by the Customer, who remains fully liable for all such use.

3.3 Permitted Use: Subject to the Customer's compliance with this Agreement and payment of all applicable fees, the Provider grants the Customer a limited, non-exclusive, non-transferable right during the Term to access and use the Prizm Platform (including the Graph and Generator platform) via the internet, solely for the Customer's own internal business purposes and in accordance with any documentation or usage guidelines provided. The Customer may configure and use the Service to input Customer Data, build knowledge graphs, and generate outputs for its internal use. There is no geographical restriction on access (the Service may be accessed globally via the web), provided that the Customer complies with all export control and applicable laws. No rights are granted to the Customer other than those expressly set out in this Agreement.

3.4 Restrictions: The Customer shall not, and shall not permit any third party to:

Reverse Engineer or Copy: Attempt to copy, modify, duplicate, create derivative works of, frame, mirror, republish, download, transmit or reverse compile, disassemble or otherwise reverse engineer any part of the Prizm Platform, except to the extent expressly permitted by law (and if so permitted, with prior written notice to Provider).

Unauthorised Access: Access or use any portion of the Service or Platform that the Customer has not subscribed to, or exceed the usage limits (Build Points, Graph Instances, etc.) of the Customer's Subscription Tier without authorisation. If additional usage is required, the Customer must upgrade its subscription or purchase top-up Build Points as per Clause 5.3.

Violation of Laws: Use the Service to process or transmit any content that is unlawful, tortious, or in violation of third-party rights (including intellectual property rights and data privacy rights). The Customer is solely responsible for ensuring that its use of the Service (and all Customer Data) complies with applicable laws and regulations.

Abusive Behaviour: Use the Service in a manner that could damage, disable, overburden, or impair the Platform (e.g., by launching automated queries outside of provided APIs, introducing viruses, or performing penetration testing without consent). The Customer shall also not use the Service to develop or train a competing service or otherwise for competitive analysis.

Export Controls & Sanctions: Customer shall not access or use the Service (i) in any embargoed country or region (including Cuba, Iran, North Korea, Syria, Crimea, Donetsk or Luhansk) or (ii) by any person on HM Treasury, UK OFSI, US OFAC, BIS Entity, or similar prohibited-party lists. Customer warrants it is not such a person and will comply with all UK, EU and US export-control laws.

3.5 Acceptable-Use Policy (AUP). Customer shall comply with the Provider's AUP (as updated from time to time and notified to Customer). The AUP prohibits: (a) illegal content or activity; (b) security testing, scraping or automated queries beyond published APIs; (c) generation or distribution of malware; (d) use of the Service to build a competing platform. Provider may suspend the Service immediately if Customer breaches the AUP.

The Provider reserves the right to suspend or limit the Customer's access to the Service (with reasonable notice, except in urgent cases) if the Provider reasonably believes the Customer is violating the above restrictions or any other provision of this Agreement, or if necessary to prevent harm to the Service or other customers. Suspension for cause will not excuse the Customer from paying fees for the subscription during the period of suspension.

4. Scope of Service and Subscription Components

4.1 Service Inclusions: During the Term, the Provider will provide the Customer with access to the Prizm Platform, which includes both Prizm Graph and Prizm Generator, as part of the Customer's subscription. The Customer's subscription bundle covers use of both Platform components; there is no need for separate licenses for Graph or Generator they are included together. The Service may also include any updates, improvements, or new features that the Provider makes generally available to subscribers of the same tier, at no additional charge (unless such new feature is offered as an optional add-on at separate cost, in which case the Customer will be given the choice to opt-in).

4.2 Service Levels and Availability: The Provider shall use reasonable skill and care to ensure the Service is available and performs substantially in accordance with any specifications or documentation provided. While the Provider aims for high availability, the Customer acknowledges that uptime of 100% cannot be guaranteed. The Provider will perform routine maintenance during scheduled maintenance windows (and will endeavour to give advance notice), and may occasionally need to perform emergency maintenance without advance notice to address critical issues. Any service level commitments or uptime targets (if applicable for certain tiers, e.g., enterprise SLAs) will be detailed in a separate service level agreement (SLA). In the absence of a specific SLA, the Service is provided on an "as available" basis with no guaranteed minimum uptime, but the Provider will make commercially reasonable efforts to minimize downtime.

4.3 Support Services: The Provider will provide technical support to the Customer in accordance with the support level associated with the Customer's Subscription Tier. Support will be available to assist the Customer with issues related to the use of the Service and to resolve technical problems. The levels of support are differentiated as follows:

Basic/Standard Support (Email Support): For customers on the standard tiers, support will be provided primarily via email. The Customer may submit support queries by email to the Provider's support address. The Provider will use reasonable efforts to respond to standard support queries within a typical response time (e.g., within one business day). Support hours are Monday"Friday during the Provider's normal business hours (e.g., 9am - 5pm GMT, excluding bank holidays).

Enhanced/Omnichannel Support: For customers on higher-tier plans, Provider offers support through multiple channels, including email and online chat.

Enterprise Support Program: For enterprise-tier subscribers, the Customer will have access to a designated account manager or technical contact at Provider, and support is provided via email, phone, and other agreed channels. Enterprise support may include priority handling of issues, possible 24/7 emergency support for critical issues, and periodic review meetings or success check-ins as part of an enterprise success program. Any guaranteed response or resolution times for enterprise support will be set out in a separate Service Level or Support Schedule if applicable.

The Customer shall direct support requests through its authorized admin users and provide sufficient information for the Provider to troubleshoot issues. The Provider will use commercially reasonable efforts to resolve support requests and bug reports. Feature requests or custom development are outside the standard support scope unless separately agreed.

4.4 Onboarding and Training: Unless otherwise agreed, training and onboarding are optional services and do not modify the core terms of this Agreement.

5. Subscription Usage Limits

5.1 Included Usage: The Customer's subscription includes certain usage entitlements defined by the Subscription Tier, specifically a quota of Build Points and a number of Graph Instances. The exact quantities applicable to the Customer (for example, X Build Points per year and Y Graph Instances) are set forth under the chosen tier. These limits apply as follows:

Build Points Allocation: The Customer is allotted a fixed number of Build Points per billing period as part of the subscription fee. Each time the Customer uses the Prizm Generator or other designated operations, the corresponding number of Build Points will be deducted from the Customer's available balance. The Provider will make available a mechanism for the Customer to track its Build Points usage and remaining balance (for instance, via an online dashboard or usage report), and to estimate the number of Build Points to be consumed by any operation in advance.

Graph Instances Limit: The Customer may create and use up to the number of Graph Instances specified. This means the Customer can have that many separate graphs or projects active concurrently. (For example, if the tier includes 3 Graph Instances, the Customer can maintain up to 3 distinct Graph instances at the same time. To start a fourth, they would need to archive or delete one, or upgrade their tier.) The Graph Instances limit is a concurrent cap, not a per-month refill; it stays constant unless the subscription is upgraded.

5.2 Rollover and Validity of Build Points: Build Points are valid for the full twelve (12) months of the Subscription Term (or Renewal Term, as applicable). Unused Build Points will roll over once into the subsequent twelve (12) month period, provided the subscription remains active and is not terminated.

Upon termination of the subscription for any reason, including exercise of the Break Clause, all unused Build Points shall immediately expire and become invalid. Build Points have no monetary value and are not refundable, creditable, or transferable under any circumstances.

5.3 Exceeding Allotments and Top-Ups: If the Customer exhausts its included Build Points before the end of a billing period and still requires additional usage, or if the Customer requires additional Graph Instances beyond the included cap, the following Top-Up options apply:

Additional Build Points (Top-Up Purchases): The Customer may purchase additional Build Points on a one-time basis. Top-Up Build Points can be purchased in blocks (for example, blocks of 50 points) at the then-current rates specified by the Provider. Upon purchase, these additional points are added to the Customer's available balance and can be used immediately. Unless otherwise specified, purchased Top-Up points will roll over and remain available through the remainder of the Subscription Term, but will expire if unused at the end of the Term.

Upgrading Subscription Tier: Alternatively, if the Customer finds that their usage needs regularly exceed the current allotment, the Customer may upgrade to a higher Subscription Tier (with a higher monthly allotment of Build Points or Graph Instances) by mutual agreement with the Provider. Upgrading will typically require a written amendment and may involve a change in the monthly fee. If upgraded, the new tier's limits apply immediately on a pro-rata basis for the remaining billing period unless otherwise agreed.

Graph Instances Expansion: If the Customer needs additional Graph Instances beyond their plan (e.g., a short-term need for an extra project), the Provider may offer add-on instances for an additional fee per instance per month. Such add-ons, if available, can be arranged case-by-case. Add-on instances are co-terminous with the subscription (i.e., they renew and terminate along with the main subscription unless removed earlier). The Customer may also remove add-on instances by giving notice before the next billing cycle if they are no longer needed (unless a minimum add-on term is stipulated).

5.4 Monitoring and Enforcement: The Provider may monitor the Customer's usage of the Service to ensure compliance with the agreed usage limits. If the Customer exceeds the included usage without arranging a top-up or upgrade, the Provider reserves the right to charge the Customer for the excess usage at the applicable overage rate or to suspend the relevant over-limit activities until the next period. The Provider will notify the Customer if they are exceeding or about to exceed their allotment to provide an opportunity to purchase additional capacity. The Customer agrees to pay any reasonable overage fees incurred for usage beyond the subscription limits, as invoiced by the Provider (such fees will be consistent with the standard top-up pricing).

5.5 Changes to Usage Terms: The rollover and top-up rules set forth are based on the pricing structure currently in effect (as described in the pitch deck/pricing materials provided to the Customer). The Provider will not change the Customer's agreed usage limits or allotments during the Initial Term except by mutual written agreement or if required to do so by law or regulatory authority. Any changes in usage terms for any renewal term or new subscriptions will be communicated in advance and reflected in an updated Schedule or order form.

6. Fees, Invoicing and Payment

6.1 Subscription Fees: The Customer shall pay the Provider the subscription fee for the selected Subscription Tier (the "Subscription Fee"). Unless otherwise specified, the Subscription Fee is payable monthly in advance. The first payment is due on or immediately after the Start Date (or upon receipt of an invoice), and subsequent payments are due on the same day of each month (or the closest business day) for the duration of the Subscription Term.

6.2 Invoicing and Payment Method: The Provider will issue invoices for the Subscription Fee (and any other fees due, such as top-up purchases or taxes) to the billing contact designated by the Customer. Invoices may be delivered electronically via email. Payment shall be made by the Customer in the currency specified (default in GBP, unless another currency is stated in writing) by the due date stated on the invoice (typically 30 days from invoice date, unless otherwise agreed). The Customer may pay by accepted methods such as bank transfer, direct debit, or credit card, as agreed with the Provider. The Provider reserves the right to require automated recurring payment (such as credit card or direct debit) especially for monthly payment plans, to facilitate the "ceasing payment" mechanism of the Break Clause. The Customer is responsible for providing and maintaining accurate billing contact and payment information.

In addition, the Provider may, at its discretion, set up and operate an online payment portal through which Customers may manage their subscriptions, including the setup of automated monthly billing by credit or debit card. The Customer may choose to use this portal to authorise recurring card payments or manage billing preferences. Where the Customer uses the portal for monthly payments, payments will be collected automatically on or around the due date, and invoices or receipts will be generated accordingly. Use of the portal does not waive any other payment obligations under this Agreement. The Customer shall remain responsible for ensuring that valid payment methods are maintained and that sufficient funds are available for successful payment collection. Customers may continue to be invoiced directly outside of the portal, at the Provider's discretion or where agreed in writing. The Provider may transition Customers between portal-based and invoice-based billing by giving reasonable prior notice.

6.3 Taxes: All fees are stated exclusive of any value added tax (VAT), sales tax or equivalent taxes. The Customer is responsible for any such taxes applicable to its purchase of the Service. The Provider will add VAT (at the applicable rate under UK law) to its invoices if the supply of the Service is taxable and the Customer has not provided evidence of a VAT exemption or reverse-charge arrangement. The Customer shall pay any such taxes together with the fees. If the Customer is required by law to withhold any taxes from the fees (for example, withholding tax), the Customer shall gross-up the payment such that the net amount received by the Provider equals the full amount invoiced.

6.4 Late Payment: If any invoiced amount is not received by the Provider by the due date, the Provider may (at its discretion and without limiting its other rights) charge: (a) interest on the overdue amount at a rate of 4% per annum above the Bank of England base lending rate, accruing daily from the due date until payment is made in full (whether before or after judgment); and/or (b) reasonable costs of recovery (such as legal fees or debt collection costs). In addition, if payment is more than 15 days late, the Provider reserves the right to suspend the Service (upon at least 7 days written notice to the Customer) until all overdue amounts are paid. Suspension of Service for late payment will not by itself amount to a termination of the Agreement (unless the Provider explicitly terminates under Clause 2.4 for material breach), and it will not relieve the Customer of its obligation to pay the fees for the suspended period.

6.5 No Refunds; Upgrades and Downgrades: Except as expressly provided in this Agreement, all payments are non-refundable. This includes situations where the Customer does not use the Service to the full extent of the Subscription Tier's allotment or terminates early via the Break Clause. If the Customer upgrades its Subscription Tier or purchases additional services, fees for those will be adjusted pro-rata if mid-period (unless specified otherwise). If the Customer wishes to downgrade to a lower tier, such downgrade will only take effect after the end of the current billing period or Initial Term (downgrades mid-term are generally not permitted due to the commitment of resources). The Provider will discuss any requested changes in good faith but is not obligated to refund or credit fees if the Customer chooses to reduce usage or capacity during a paid-for period.

6.6 Fee Increases: The Provider will not increase the Subscription Fee for the Customer's current Subscription Tier during the Initial Term of 24 months. Any fee increase for a renewal term or changes in pricing for new features or top-up rates will be communicated to the Customer in advance (at least 60 days before such change) and would only take effect after the Initial Term unless the Customer agrees otherwise in writing. If the Customer does not agree to a fee increase for a renewal, the subscription will simply not renew (or will continue on the existing terms if mutually agreed).

7. Intellectual Property Rights

7.1 Ownership of the Service: The Customer acknowledges that as between the Provider and Customer, all intellectual property rights in the Prizm Platform (including the Graph and Generator platform, all software code, algorithms, user interfaces, know-how, designs, and documentation related thereto) and in the Provider's Background IP are and shall remain the exclusive property of the Provider (or its licensors). Except for the limited rights expressly granted to the Customer under this Agreement, no rights or ownership in the Service or any of the Provider's intellectual property are transferred or assigned to the Customer. The Provider reserves all rights in and to its intellectual property not expressly granted. The Customer is not granted any license to use the Provider's trade names, logos, or trademarks except as necessary to identify itself as a legitimate user of the Service.

7.2 License to Use Service: For the duration of the Term, the Provider grants to the Customer a limited, non-exclusive, non-transferable, worldwide license to use the Provider's intellectual property embodied in the Service solely for the purpose of accessing and using the Service as permitted by this Agreement. This license enables the Customer to use the Platform (Graph and Generator) and any associated Provider materials or Background IP that are incorporated in the Service interface, solely in connection with the Service's intended use. The Customer may not use the Provider's IP for any other purpose, and upon termination of the Agreement, this license will automatically terminate (subject to any necessary post-termination usage solely to retrieve Customer Data as noted in Clause 2.5).

7.3 Customer Data and Deliverables: Ownership of Customer Data. All Customer Data shall remain the property of the Customer. The Provider does not claim ownership of the data or content that the Customer uploads into the Service. Ownership of Deliverables. As between the Provider and the Customer, any Deliverables generated specifically for the Customer through the use of the Prizm Generator or provided by the Provider as a result of services (for example, any custom models, code, configurations, or reports created for the Customer) shall be owned by the Customer, subject to the rights of the Provider and third parties in any Background IP or Third-Party IP components as described below. The Provider hereby assigns to the Customer all its right, title, and interest in and to any such Deliverables produced exclusively for the Customer's use, upon the moment of creation or provision to the Customer, provided that the Customer's account is in good standing and all fees due for the creation of such Deliverables (if any separate fees were agreed) have been paid in full. The Provider shall have no liability for any business, regulatory, or technical consequences arising from Customer's deployment, modification or reliance on any Deliverable.

7.4 Provider's Background IP in Deliverables: To the extent any Deliverable provided to the Customer incorporates or is based upon the Provider's Background IP (for example, if a generated code includes Provider's pre-existing library or the Deliverable includes templates or modules developed by Provider), the Provider retains ownership of that Background IP. The Customer will receive a license to use the Background IP only as part of the Deliverable or in conjunction with the Service. Specifically, the Provider grants the Customer a non-exclusive, perpetual, royalty-free license to use, copy, modify, and create derivative works of any Provider Background IP embedded in the Deliverable solely for the Customer's internal business purposes in connection with the Deliverable or outcome for which it was provided. The Customer is not permitted to extract or use the Provider's Background IP separately from the Deliverable or Service or to use it for other purposes (e.g., using Provider's libraries in unrelated projects) without Provider's express written consent.

7.5 Third-Party IP: The Service and Deliverables may include Third-Party IP (for instance, open-source software components, third-party APIs, or data sources). All Third-Party IP remains the property of its respective owners. The Provider warrants that it has all necessary rights or licenses to include and use such Third-Party IP in the Service or Deliverables. To the extent that a Deliverable or the Service includes Third-Party IP that is licensed on specific terms (for example, an open-source license or a commercial third-party license), the Customer's use of that Deliverable or Service component will be subject to those third-party terms. The Provider will either (a) sublicense the Third-Party IP to the Customer on the terms required by the third-party owner, or (b) pass through such terms or provide copies of the applicable license. Any fees for Third-Party IP that are necessary for the Service are included in the Subscription Fee unless explicitly stated otherwise. The Customer agrees to comply with any applicable third-party license terms provided or notified by the Provider insofar as they pertain to use of the Third-Party IP within the Service or Deliverables. If any Third-Party IP requires an attribution, license notice, or other condition, the Provider will inform the Customer and the Customer shall reasonably accommodate such requirement (for example, by not removing a copyright notice embedded in a generated document).

7.6 Customer's IP and License to Provider: The Customer retains ownership of all intellectual property rights in the Customer Data and in any materials or content it provides to the Provider. The Customer hereby grants the Provider a non-exclusive, royalty-free, worldwide license to use, process, store, and transmit the Customer Data solely for the purpose of providing and improving the Service to the Customer. This includes, for example, the right for the Provider to load the Customer Data into the Prizm Graph databases, to analyze it as needed for the Graph component's functions, and to use it to generate outputs via the Generator component as requested by the Customer. The Provider will not use Customer Data for any purpose outside the scope of this Agreement without the Customer's consent. Furthermore, except as needed to provide the Service, the Provider will not disclose Customer Data to any third party (except sub-processors under confidentiality obligations, as discussed in Clause 9) unless required by law or permitted by this Agreement.

7.7 Feedback: The Customer may from time to time provide suggestions, ideas or feedback to the Provider regarding the Service (e.g., suggestions for improvements or new features). The Customer agrees that the Provider shall own all feedback and is free to incorporate any suggestions or feedback into the Service or its business operations without obligation to the Customer, provided that this does not reveal any Customer Confidential Information. Any improvements or modifications to the Service arising from or inspired by Customer's feedback shall be the Provider's exclusive property. This clause does not, however, give the Provider rights to Customer's own products or data " it is only about improvements to Provider's Service.

7.8 No Implied Rights: Except for the express rights granted in this Agreement, neither party grants the other any rights or licenses under its intellectual property. All rights not expressly granted are reserved. The Customer in particular acknowledges that the Provider's Platform (including configuration or customization by Customer within the Platform) may have general application and usage, and nothing in this Agreement will prevent the Provider from providing services or developing materials that are similar to those provided to the Customer, as long as the Provider does not use the Customer's Confidential Information or proprietary Customer Data in doing so.

8. Confidentiality and Data Security

8.1 Confidential Information Defined: In the course of the relationship, either party (the "Disclosing Party") may share or make available to the other party (the "Receiving Party") information that is proprietary or confidential ("Confidential Information"). Confidential Information includes, without limitation: the Customer's Data, business plans, technical data, product ideas, know-how, and any non-public information regarding the Customer's business; and in the case of the Provider, the non-public aspects of the Prizm Platform, the terms of this Agreement, pricing information, product roadmaps, and any non-public data or information provided to the Customer about the Service. Confidential Information does not include information that the Receiving Party can demonstrate: (a) was already lawfully known or in its possession without confidentiality obligations at the time of disclosure; (b) is or becomes publicly known through no wrongful act or breach by the Receiving Party; (c) is independently developed by the Receiving Party without use of or reference to the Disclosing Party's Confidential Information; or (d) is lawfully obtained from a third party who has the right to disclose it without restriction.

8.2 Confidentiality Obligations: The Receiving Party shall: (i) use the Disclosing Party's Confidential Information solely for the purpose of performing its obligations or exercising its rights under this Agreement; (ii) not disclose or permit the disclosure of the Disclosing Party's Confidential Information to any third party without prior written consent from the Disclosing Party, except for disclosures allowed under this Agreement; and (iii) protect the confidentiality of the Disclosing Party's Confidential Information using the same degree of care it uses to protect its own confidential information of a similar nature, and at least a reasonable standard of care. The Receiving Party shall ensure that any of its employees, contractors, or advisers who need access to the Confidential Information for the purposes of this Agreement are bound by confidentiality obligations at least as protective as those herein.

8.3 Permitted Disclosures: Notwithstanding the above, the Receiving Party may disclose Confidential Information to the extent required by law, court order, or regulatory authority, provided that (to the extent legally permitted) the Receiving Party gives prompt written notice to the Disclosing Party to enable the Disclosing Party to seek a protective order or otherwise contest or limit the required disclosure. Also, the Provider may disclose the Customer's contact information and the fact that the Customer is a user of the Service for legitimate business purposes (e.g., financial audits, or with the Customer's consent, as a reference or case study), but will not reveal any sensitive Customer Data or specifics without consent.

8.4 Data Security: The Provider shall implement and maintain reasonable administrative, physical, and technical safeguards to protect the security, confidentiality, and integrity of Customer Data in the Service. These measures will be in accordance with industry standards for enterprise SaaS services and are designed to prevent unauthorised access to or use of Customer Data. The Provider will (a) encrypt Customer Data at rest and in transit where appropriate, (b) maintain access controls such that only authorized personnel with a need to know have access to Customer Data, (c) regularly backup Customer Data and maintain disaster recovery capabilities, and (d) conduct security testing or audits of the Service periodically. If the Customer requires specific security measures or has to comply with certain standards (such as ISO27001 or SOC2) and those are part of the agreed subscription requirements, such details may be set out in an annex or Schedule.

8.5 Data Breach Notification: In the event the Provider becomes aware of a confirmed unauthorised access to or disclosure of Customer Data (a "Data Breach"), the Provider will promptly notify the Customer in accordance with applicable law. The notification will include, to the extent known, details of the breach and the data affected, and the Provider will take reasonable steps to contain and investigate the breach. The Provider will cooperate with the Customer's reasonable requests for further information regarding the breach and actions taken, and will comply with any applicable data breach notification laws.

8.6 Duration of Confidentiality: The obligations in this Clause 8 (Confidentiality) survive for five (5) years after the termination or expiration of this Agreement, except for trade secrets and Customer Data, which shall be kept confidential indefinitely (or for as long as permitted by applicable law).

8.7 Usage Analytics: Provider may collect and use aggregated and de-identified usage metrics for operating, supporting and improving the Service, benchmarking and product development, provided such data does not identify Customer or disclose Customer Data.

9. Data Protection (Personal Data)

9.1 Compliance with Data Protection Laws: Each party shall comply with its respective obligations under applicable data protection and privacy laws in relation to any personal data processed under this Agreement. "Personal data" has the meaning given under the UK General Data Protection Regulation (UK GDPR) and related data protection laws. The Customer warrants that it has obtained all necessary consents or has another lawful basis for the Provider to process any personal data that the Customer inputs into the Service.

9.2 Role of the Parties: The parties acknowledge that, with respect to any personal data included in the Customer Data, the Customer is the data controller (or "controller") and the Provider is a data processor (or "processor"), as those terms are defined in applicable law. The Customer determines the purposes and means of processing such personal data, and the Provider processes it on behalf of the Customer to provide the Service.

9.3 Data Processing Addendum: Where required by law, the parties shall enter into a separate Data Processing Addendum (DPA) or include data processing clauses that meet the requirements of Article 28 of the GDPR (and equivalent provisions of other data protection laws). Such DPA will detail, among other things, the subject-matter and duration of processing, the nature and purpose of processing, the types of personal data and categories of data subjects, and the obligations of the Provider as processor (including instructions from the Customer, confidentiality of processing, security measures, sub-processor approvals, assistance with data subjects" rights and legal compliance, data transfer mechanisms, etc.). If no separate DPA is signed at the time of this Agreement, this Clause 9 shall be considered to include the mandatory provisions, and the Provider agrees to: (a) process personal data only on documented instructions from the Customer; (b) ensure persons processing the data are subject to confidentiality; (c) take appropriate security measures as described in Clause 8.4; (d) not engage sub-processors without general or specific authorisation (and the Provider is hereby authorised to use its affiliated companies and subprocessors in delivering the Service, provided it remains liable for them, and will provide a list of subprocessors on request); (e) assist the Customer with fulfilling data subjects rights and breach notifications as needed; (f) at the Customer's choice, delete or return personal data upon termination (subject to any retention required by law); and (g) make available information necessary to demonstrate compliance and allow for audits by the Customer or auditors (subject to reasonable notice, confidentiality, and costs to be mutually agreed if beyond standard reports).

9.4 International Data Transfers: The Customer acknowledges that the Provider may process personal data in countries outside of the UK or EEA. The Provider will ensure that any transfer of personal data outside the UK/EEA is done in compliance with data protection laws, for example by implementing UK international data transfer addenda or EU Standard Contractual Clauses as appropriate, or by relying on an adequacy decision. Details of transfer safeguards can be included in the DPA or provided upon request.

9.5 Data Subject Requests and Cooperation: If the Provider receives any request or communication from a data subject or supervisory authority relating to the processing of personal data in connection with the Service, it will promptly forward it to the Customer and will not respond except as legally required or as instructed by the Customer. The Provider will reasonably assist the Customer (at the Customer's expense, if the effort is significant) with meeting its compliance obligations, such as responding to data subject access requests or inquiries by regulators, provided that the Provider is given proper notice and instructions.

9.6 Privacy Policy: Use of the Service by the Customer's authorized users may also be subject to the Provider's Privacy Policy (which is available on the Provider's website). The Privacy Policy describes in more detail how the Provider may collect and process certain limited personal data of Customer's personnel (such as account registration details, usage metadata, etc.) as a controller for its own business purposes (e.g., analytics, improving the Service). Such processing is separate from the Provider's role as a processor of Customer Data and is governed by the Privacy Policy. The Customer is responsible for informing its users about any such processing and obtaining any necessary consents.

10. Warranties and Disclaimers

10.1 Provider's Warranties: The Provider warrants that: (a) it has the legal right and authority to enter into this Agreement and to perform its obligations hereunder; (b) the Service, when used in accordance with the documentation and this Agreement, will materially perform as described (i.e., the Platform will function in substantial accordance with the features and service description provided to Customer); (c) it will provide the Service and any related services (like support) with reasonable skill and care, consistent with generally accepted industry practices; and (d) to the best of the Provider's knowledge, the Service and Deliverables do not infringe upon any third-party intellectual property rights. If the Provider is in breach of the warranty in part (d) of this Clause, the indemnity in Clause 11.3 (IP indemnity) shall apply.

10.2 Customer's Warranties: The Customer warrants that: (a) it has the legal authority to enter into this Agreement and, if an entity, that the person agreeing to this Agreement on its behalf is duly authorised to do so; (b) the Customer will use the Service in accordance with all applicable laws and regulations, and only for legitimate business purposes; (c) the Customer's provided data, and use of the Service with that data, will not violate any intellectual property rights or privacy rights of any third party (in other words, the Customer either owns all Customer Data or has obtained all necessary permissions to use and upload it in the Service); and (d) the Customer will not intentionally introduce any harmful code (viruses, malware) into the Service and will follow any security or use guidelines provided by the Provider.

10.3 Disclaimer of Warranties: Except for the express warranties stated in this Agreement, the Service and all related services are provided "as is" and "as available," and the Provider disclaims all other warranties, representations or conditions, whether express or implied, including but not limited to any implied warranties of merchantability, satisfactory quality, fitness for a particular purpose, non-infringement, or arising from any course of dealing or usage of trade.** The Provider does not warrant that the Service will be uninterrupted or error-free, that all defects will be corrected, or that the Service will meet the Customer's requirements or achieve any particular results. The Customer acknowledges that complex software is never wholly free from defects or vulnerabilities, and subject to the Provider's warranties above, the Provider does not warrant that the Service is free of minor bugs or vulnerabilities. The Provider is not responsible for any issues arising from Internet or connectivity problems, or from any third-party services or software not provided by Provider. Provider gives no warranty that AI-generated outputs are unique or non-derivative of existing works; Customer must run its own IP and security review before production use.

10.4 No Guarantee on Deliverable Outcomes: The Customer understands that any outputs generated by the Prizm Generator component (including any AI/ML-driven suggestions or code) are generated based on the input data and algorithms, and while the Provider strives for accuracy and usefulness, the Provider makes no guarantee that any particular Deliverable or output will be fit for the Customer's intended purpose or error-free. It is the Customer's responsibility to review and test any outputs or Deliverables for suitability in its own context.

The Provider disclaims all responsibility for how Deliverables are used or deployed by the Customer, including any consequences of business, legal, or regulatory nature. The Customer assumes full responsibility for reviewing, testing, validating, and securing any code or configuration generated using the Prizm Generator before putting it into live or production use.

10.5 Beta Features: If the Customer is given access to any beta or experimental features in the Service, those are provided "as is" without any warranty and solely at the Customer's risk, and may be subject to additional terms.

10.6 Statutory Rights: Nothing in this Agreement is intended to exclude or limit any condition, warranty or liability that cannot be excluded or limited by law. In particular, if this Agreement is governed by Scottish law, the warranties implied by the Supply of Goods and Services Act 1982 (for example, that services will be provided with reasonable care and skill) are considered only excluded to the maximum extent permitted when not inconsistent with this Agreement's express terms. This Clause is subject to Clause 11.2 below (which preserves liabilities that cannot be limited).

11. Limitation of Liability

11.1 Exclusion of Certain Damages: To the maximum extent permitted by law, in no event shall either party be liable to the other for any: (a) loss of profit, loss of revenue, loss of anticipated savings, loss of business opportunity or goodwill; (b) loss or corruption of data (except that Provider shall remain responsible to use reasonable efforts to backup and secure data as stated in this Agreement); (c) any indirect, consequential, special, incidental or punitive damages; or (d) any fines, penalties or regulatory assessments arising from Customer's failure to comply with export-control, data-protection or other laws, however caused and under any theory of liability (including contract, tort, or strict liability), even if advised of the possibility of such damages. Each party agrees to mitigate any losses it incurs.

11.2 Cap on Liability: Subject to Clauses 11.1 and 11.3, the total aggregate liability of each party to the other for all claims (other than under clause 11.4) arising under or in connection with this Agreement (whether in contract, tort (including negligence) or otherwise) shall not exceed the greater total amount of fees paid or payable by the Customer to the Provider under this Agreement in the 12 months immediately preceding the event (or series of related events) giving rise to the claim, or £100,000. If the event occurs in the first 12 months of the Agreement, the cap shall be the lower of the amount that is actually paid or payable for that initial 12-month period or £100,000. For clarity, this means if, for example, a claim arises after 15 months, we look at fees of months 4-15 (the 12 months preceding) as the cap. If multiple claims arise, they aggregate to this cap. This cap is a cumulative limit for all claims in aggregate, not per claim. Provider's aggregate liability for its indemnity obligations under Clause 11.4 and for any proven breach of Clause 8 (Confidentiality) shall be capped at £1,000,000.

11.3 Unlimited Liabilities: Nothing in this Agreement shall limit or exclude either party's liability for: (i) death or personal injury caused by its negligence or the negligence of its employees or agents; (ii) fraud or fraudulent misrepresentation; (iii) any other type of liability which cannot by law be limited or excluded (such as liability under certain provisions of the Data Protection Act 2018, if applicable, or liability for deliberate breach of confidentiality where excluded by law); (iv) the Customer's obligation to pay fees due (payment obligations are not limited by the cap in Clause 11.2); and (v) Provider's indemnity obligations for intellectual property infringement (in the event the Provider has provided an express indemnity to the Customer for IP claims, such as in Clause 11.4 below, the cap in Clause 11.2 will not apply to amounts paid under that indemnity, up to a higher cap of 200% of the fees paid in the preceding 12 months, unless otherwise stated).

11.4 IP Infringement Indemnity: The Provider shall defend the Customer against any claim by a third party that the Customer's use of the Service (specifically, the Prizm Platform as provided by the Provider) in accordance with this Agreement infringes that third party's UK intellectual property rights (patents, copyrights or trademarks), and shall indemnify and hold the Customer harmless against any damages or costs awarded in final judgment or agreed in settlement of such claim, provided that the Customer: (a) promptly notifies the Provider in writing of the claim; (b) provides the Provider sole control of the defence and settlement of the claim (except that the Provider shall not settle any claim in a manner that admits liability on the Customer or imposes any non-monetary obligation on the Customer without the Customer's consent); and (c) gives the Provider all necessary information and assistance (at the Provider's reasonable expense). For the avoidance of doubt, the indemnity extends to claims alleging that AI-generated Outputs supplied by the Service infringe third-party copyright, provided Customer used the Service in accordance with this Agreement and without further modification of such Output.

Similarly, the Customer shall defend the Provider against any claim by a third party that the Provider's use of any Customer Data or Customer-provided materials in accordance with this Agreement infringes that third party's UK intellectual property rights, and shall indemnify and hold the Provider harmless against any damages or costs awarded in final judgment or agreed in settlement of such claim, subject to the same procedural conditions set out above.

11.5 Acknowledgment: The parties agree that the allocation of risk in this Section 11 is a fundamental part of the bargain, and that the fees and terms would be different if this allocation were not in place. The limitations and exclusions stated here will apply even if any limited remedy in this Agreement fails of its essential purpose.

12. General Provisions

12.1 No Partnership or Agency: Nothing in this Agreement is intended to, or shall be deemed to, establish any partnership, joint venture, or agency relationship between the parties. Each party is acting solely as an independent contractor. Neither party has any authority to act as agent for, or to bind, the other party in any respect.

12.2 Assignment: The Customer may not assign, transfer, or sub-contract any of its rights or obligations under this Agreement, in whole or in part, without the prior written consent of the Provider (such consent not to be unreasonably withheld). The Provider may assign or transfer this Agreement to (i) an affiliate, or (ii) a successor entity in the event of a merger, reorganisation, or sale of all or substantially all of the Provider's assets or business to which this Agreement relates. The Provider shall notify the Customer of any such assignment. Subject to the foregoing, this Agreement will bind and inure to the benefit of the parties respective successors and permitted assigns.

12.3 Subcontracting: The Provider may subcontract certain obligations (such as hosting, support services, etc.) to third parties or affiliates, provided that the Provider remains responsible for the performance of such subcontractors and for the protection of Customer's data as per this Agreement.

12.4 Entire Agreement: This Agreement, including any Schedules appended and any documents incorporated by reference (such as a Data Processing Addendum or SLA, if applicable), constitutes the entire agreement between the parties regarding its subject matter and supersedes all prior or contemporaneous agreements, understandings, negotiations, or discussions (whether written or oral) relating to the same subject. Each party acknowledges that in entering into this Agreement it has not relied on any statement, representation, assurance, or warranty not expressly set out in this Agreement. No terms in any purchase order or other ordering document (except for details like pricing or quantities consistent with this Agreement) shall add to or vary the terms of this Agreement, unless the parties specifically agree in writing to a change.

12.5 Amendments: No modification or amendment of this Agreement shall be effective unless it is in writing and signed or acknowledged (including via electronic acceptance) by both parties. For clarity, an email exchange alone is not sufficient to modify the Agreement unless it's explicitly stated by both parties that it constitutes an amendment.

12.6 Waiver: No failure or delay by either party in exercising any right or remedy under this Agreement shall constitute a waiver of that (or any other) right or remedy. A waiver of any right or remedy is only effective if given in writing and shall not be deemed a waiver of any later breach.

12.7 Severability: If any provision of this Agreement is held by a court of competent jurisdiction to be invalid, illegal, or unenforceable, that provision shall (to the minimum extent necessary) be deemed deleted or modified so that it becomes valid and enforceable, and the remaining provisions of the Agreement shall remain in full force and effect. If such a modification is not possible, the relevant provision shall be deemed severed, and the rest of the Agreement shall remain in effect.

12.8 Force Majeure: Neither party shall be liable for any delay or failure in performing its obligations (except payment obligations) if such delay or failure is caused by events beyond its reasonable control, including, but not limited to, acts of God, war, terrorism, civil unrest, strikes or labour disputes, pandemics, governmental regulations, national or regional emergencies, fire, utility or telecommunications outages, or failures of third-party service providers (a "Force Majeure Event"). In such event, the affected party shall notify the other party as soon as practicable, and performance shall be extended for the duration of the Force Majeure Event. If a Force Majeure Event continues for an extended period (e.g., more than 60 days), either party may have the right to terminate the Agreement upon written notice to the other.

12.9 Third Party Rights: A person or entity who is not a party to this Agreement (other than an affiliate permitted to take benefit of an exclusion or limitation of liability) shall have no rights under the Contracts (Rights of Third Parties) Act 1999 (or any similar legislation in other jurisdictions) to enforce any term of this Agreement. This does not affect any right or remedy of a third party which exists, or is available, apart from that Act.

12.10 Notices: Any formal notice required under this Agreement shall be in writing and shall be delivered to the address of the other party (or, if not specified, to the registered office or principal business address of that party) by hand, by recorded post (or international courier), or by email (with read receipt or acknowledgement required) to an official contact. Notices shall be deemed given: if delivered by hand, on receipt; if by post, two business days after posting (five days if international); if by email, at the time of sending, provided no bounce or error notification is received (but if sent outside of business hours, then on the next business day).

12.11 Governing Law: This Agreement and any disputes or claims (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter shall be governed by and construed in accordance with the laws of Scotland.

12.12 Jurisdiction: The parties irrevocably agree that the courts of Scotland shall have exclusive jurisdiction to settle any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with this Agreement or its subject matter or formation. Each party waives any objection to the jurisdiction of such courts on grounds of inconvenient forum or otherwise.

12.13 Export-Control Compliance: Customer shall not access or use the Service (i) in any embargoed country or region (including Cuba, Iran, North Korea, Syria, Crimea, Donetsk or Luhansk) or (ii) by any person on HM Treasury, UK OFSI, US OFAC, BIS Entity, or similar prohibited-party lists. Customer warrants it is not such a person and will comply with all UK, EU and US export-control laws.

12.14 Anti-Bribery & Corruption: Each party will comply with the UK Bribery Act 2010, US FCPA and all applicable anti-corruption laws, and has not received or been offered any illegal or improper bribe or kickback in connection with this Agreement.

Terms and Conditions v2.1

If you have any questions about this policy or how we handle your data, please contact us at: info@dashhub.co.uk