This Agreement governs your use of Cloudasys cloud infrastructure services, including but not limited to Virtual Private Servers (VPS), Infrastructure as a Service (IaaS), Disaster Recovery as a Service (DRaaS), and GPU Hosting services (collectively, the "Services").

1. DEFINITIONS

The following terms shall have the meanings set forth below:

"Account" means the customer account created to access and manage the Services.

"Authorized User" means any individual authorized by Customer to access and use the Services under Customer's Account.

"Cloud Command" means Cloudasys's proprietary management platform for provisioning, monitoring, and managing cloud infrastructure services.

"Customer Data" means all data, files, software, configurations, and other content uploaded, stored, processed, or transmitted by Customer or its Authorized Users through the Services.

"Effective Date" means the date on which Customer first accepts this Agreement or begins using the Services, whichever occurs first.

"Order Form" means a written ordering document (including an online order, checkout, or subscription confirmation) executed by the parties or accepted by Customer through Cloud Command that specifies the Services purchased, quantities, fees, and Subscription Period.

"Production Services" means Services provisioned under a paid subscription and not designated by Cloudasys as Trial, Demo, Beta, or Preview.

"Service Addendum" means a written addendum executed by the parties that modifies or adds terms for a specific Service.

"Service Credits" means credits issued to Customer as compensation for failure to meet the Service Level Agreement, calculated as a percentage of the monthly fee for the affected Service.

"Statement of Work" or "SOW" means a written document executed by the parties describing professional services (if any) to be performed, deliverables, timeline, and fees.

"Subscription Period" means the monthly billing period during which Customer has subscribed to the Services.

"Trial Account" or "Demo Account" means a non-production account provided for evaluation purposes on separate infrastructure.

"Virtual Machine" or "VM" means a virtualized computing instance provisioned as part of the Services.

2. SERVICES

2.1 Service Offerings

Cloudasys provides the following cloud infrastructure services:

• (a) Virtual Private Server (VPS): Dedicated virtual machines with specified CPU, memory, and storage resources for hosting applications and workloads.
• (b) Infrastructure as a Service (IaaS): Scalable compute, storage, and networking resources that can be provisioned and managed through Cloud Command.
• (c) Disaster Recovery as a Service (DRaaS): An optional infrastructure service that provides Customer with replication, failover, and recovery capabilities between Cloudasys datacenter locations. Failover capabilities may include customer-initiated or automated actions depending on Customer configuration and purchased features. DRaaS enables Customer to configure replication frequency, retention periods, and recovery workflows according to Customer's own requirements. DRaaS is a set of infrastructure capabilities and does not constitute a guarantee of disaster recovery, business continuity, or loss avoidance. Cloudasys does not design, manage, validate, or guarantee Customer's disaster recovery strategy unless expressly agreed in writing.
• (d) GPU Hosting: Virtual machines equipped with graphics processing units for compute-intensive workloads including machine learning, rendering, and scientific computing.

2.2 Service Modifications

Cloudasys reserves the right to modify, enhance, or discontinue any aspect of the Services at any time. For material changes that adversely affect Customer's use of the Services, Cloudasys will provide at least thirty (30) days' prior written notice. Continued use of the Services after such notice constitutes acceptance of the modified terms.

2.3 Beta and Preview Features

Cloudasys may offer beta or preview features that are not yet generally available. Such features are provided "as-is" without warranty and may be modified or discontinued without notice. Beta features should not be used for production workloads.

3. TRIAL AND DEMO ACCOUNTS

3.1 Trial Period

Cloudasys may offer Trial Accounts for evaluation purposes. Trial periods range from fourteen (14) to ninety (90) days as determined by Cloudasys at its sole discretion. The specific trial duration will be communicated at the time of account creation.

3.2 Trial Infrastructure

Trial Accounts are provisioned on separate infrastructure from production environments and are intended solely for evaluation and testing purposes.

TRIAL INFRASTRUCTURE IS NOT DESIGNED FOR PRODUCTION USE.

3.3 Prohibited Data on Trial Accounts

CUSTOMER EXPRESSLY AGREES NOT TO STORE, PROCESS, OR TRANSMIT ANY OF THE FOLLOWING ON TRIAL OR DEMO ACCOUNTS:

• (a) Production data or live business-critical information;
• (b) Protected Health Information (PHI) or data subject to HIPAA;
• (c) Payment card data or information subject to PCI-DSS;
• (d) Personally Identifiable Information (PII) of third parties, except anonymized or synthetic test data;
• (e) Any data that, if disclosed, could cause harm to individuals or organizations.

3.4 Trial Termination

At the conclusion of the trial period, Customer must either convert to a paid subscription or export all data. Cloudasys reserves the right to delete all Trial Account data without notice upon expiration of the trial period.

3.5 No Service Level Agreement for Trials

Trial and Demo Accounts are not subject to the Service Level Agreement set forth in Section 7 of this Agreement. No Service Credits will be issued for Trial Account downtime or performance issues.

4. ACCOUNT REGISTRATION AND SECURITY

4.1 Account Creation

To use the Services, Customer must create an Account by providing accurate, complete, and current information. Customer represents and warrants that all registration information is truthful and that Customer has the authority to enter into this Agreement.

4.2 Account Security

Customer is solely responsible for:

• (a) Maintaining the confidentiality of Account credentials, including usernames and passwords;
• (b) Restricting access to Customer's Account and computing devices;
• (c) All activities that occur under Customer's Account, whether authorized or unauthorized;
• (d) Immediately notifying Cloudasys of any suspected unauthorized access or security breach.

4.3 Authorized Users

Customer may designate Authorized Users to access the Services under Customer's Account. Customer is responsible for ensuring that all Authorized Users comply with this Agreement and remains liable for all actions taken by Authorized Users.

5. CUSTOMER OBLIGATIONS

5.1 General Obligations

Customer agrees to:

• (a) Use the Services only for lawful purposes and in accordance with this Agreement;
• (b) Maintain accurate and current billing and contact information;
• (c) Comply with all applicable local, state, national, and international laws and regulations;
• (d) Implement appropriate security measures for Customer's applications and data;
• (e) Cooperate with Cloudasys in investigating any suspected violations of this Agreement.

5.2 Customer Data Responsibility

Customer retains all ownership rights to Customer Data. Customer is solely responsible for the accuracy, quality, integrity, legality, and intellectual property ownership of all Customer Data. Cloudasys is not responsible for the content of Customer Data or any loss, corruption, or damage to Customer Data except as expressly provided in this Agreement.

5.3 Backup Responsibility

CUSTOMER IS SOLELY RESPONSIBLE FOR MAINTAINING INDEPENDENT BACKUPS OF ALL CUSTOMER DATA.

While Cloudasys offers optional backup and snapshot services, these are supplementary and do not relieve Customer of the obligation to maintain independent backups. Cloudasys strongly recommends implementing a comprehensive backup strategy that includes off-site copies. Cloudasys is not liable for any loss, corruption, deletion, or inability to recover Customer Data except to the extent caused solely by Cloudasys's gross negligence or willful misconduct.

5.4 Customer-Defined Recovery Objectives

If Customer utilizes Disaster Recovery as a Service (DRaaS), Customer is solely responsible for determining, configuring, testing, and maintaining its own recovery point objectives (RPOs), recovery time objectives (RTOs), replication schedules, retention periods, and recovery procedures. Cloudasys does not monitor, validate, or warrant that Customer's configured recovery objectives will meet Customer's business continuity requirements. Customer acknowledges that successful disaster recovery depends on Customer's proper configuration, regular testing, operational readiness, and factors beyond Cloudasys's control. Customer is responsible for conducting periodic disaster recovery tests and validating recovery procedures; failure to test may materially affect recovery outcomes. Cloudasys does not perform disaster recovery testing for Customer unless expressly agreed in writing. Cloudasys has no obligation to review, warn, or notify Customer regarding Customer's DRaaS configuration, replication frequency, or retention settings.

6. ACCEPTABLE USE POLICY

6.1 Prohibited Activities

Customer agrees not to use the Services to:

• (a) Violate any applicable law, regulation, or third-party rights;
• (b) Transmit viruses, malware, ransomware, or other malicious code;
• (c) Engage in any activity that disrupts, damages, or interferes with the Services or other customers' use of the Services;
• (d) Attempt to gain unauthorized access to any systems, networks, or accounts;
• (e) Send unsolicited bulk email (spam), phishing attempts, or other fraudulent communications;
• (f) Host, store, or distribute child sexual abuse material or any content exploiting minors;
• (g) Engage in cryptocurrency mining without prior written approval from Cloudasys;
• (h) Operate open proxies, open relays, or Tor exit nodes without prior written approval;
• (i) Conduct port scanning, vulnerability scanning, or penetration testing of systems other than Customer's own, or of Cloudasys infrastructure without prior written authorization;
• (j) Infringe upon any patent, trademark, copyright, or other intellectual property rights.

6.2 Resource Abuse

Customer agrees not to:

• (a) Consume resources in a manner that negatively impacts other customers or the stability of the infrastructure;
• (b) Attempt to bypass resource limits or quotas through technical means;
• (c) Use the Services for benchmarking or competitive analysis without prior written approval.

6.3 Network Abuse

Customer agrees not to:

• (a) Launch denial of service (DoS) or distributed denial of service (DDoS) attacks;
• (b) Engage in IP spoofing or packet manipulation;
• (c) Exceed bandwidth allocations or generate excessive network traffic that impacts other users.

6.4 Enforcement

Cloudasys reserves the right to investigate any suspected violation of this Acceptable Use Policy. Upon determination of a violation, Cloudasys may, at its sole discretion and without prior notice: (a) suspend or terminate Customer's access to the Services; (b) remove or disable access to any content; (c) report violations to law enforcement; and/or (d) take any other action Cloudasys deems appropriate. Customer remains liable for all fees incurred prior to suspension or termination. Cloudasys may update this Acceptable Use Policy from time to time; continued use of the Services after any such update constitutes acceptance of the revised policy.

7. SERVICE LEVEL AGREEMENT

7.1 Uptime Commitment

Cloudasys commits to maintaining ninety-nine point nine-five percent (99.95%) availability for Production Services during each calendar month (UTC), measured as: (Total Minutes in Month - Downtime Minutes) / Total Minutes in Month × 100.

7.2 Definitions

"Downtime" means a period of five (5) or more consecutive minutes during which Customer's Virtual Machines within Production Services are inaccessible due to Cloudasys infrastructure failure. Downtime is measured from the earlier of (i) the time Customer reports the issue through the designated support channels, or (ii) the time Cloudasys's monitoring systems record the affected Virtual Machine(s) as unavailable, until service is restored, as determined by Cloudasys's logs. Customer reports must be submitted through Cloudasys support channels designated for incident reporting, which are the support portal within Cloud Command and the support email address listed in Section 20. For purposes of this SLA, "inaccessible" means Customer is unable to establish network connectivity to the Virtual Machine and the Virtual Machine does not respond to standard network requests, as verified by Cloudasys. Inaccessibility does not include issues caused by Customer's configuration, operating system, applications, guest firewall rules, security controls, or third-party services. Downtime does not include performance degradation that does not render Customer's Virtual Machines within Production Services inaccessible.

7.3 Service Credits

If Cloudasys fails to meet the uptime commitment, Customer may request Service Credits according to the following schedule. All uptime measurements are calculated in Coordinated Universal Time (UTC). Calendar months for SLA measurement are determined in UTC. SLA calculations are based on calendar months (UTC) and may not align with Customer's Subscription Period or billing cycle:

7.4 Credit Request Process

To receive Service Credits, Customer must submit a written request to Cloudasys support within thirty (30) days of the incident. The request must include: (a) the dates and times of the Downtime; (b) the affected services; and (c) any relevant logs or documentation. Cloudasys will review the request and, if the claim is validated, apply credits to Customer's next invoice. Service Credits will not be issued automatically.

7.5 Credit Limitations

Service Credits are Customer's sole and exclusive remedy for any failure to meet the uptime commitment. Service Credits may not exceed fifty percent (50%) of the monthly fee for the affected Service in any single month. For purposes of Service Credits, "monthly fee for the affected Service" means the recurring base subscription fee for that Service, excluding usage-based charges, taxes, and third-party fees. Credits are non-transferable and have no cash value.

7.6 Exclusions

The uptime commitment does not apply to:

• (a) Scheduled Maintenance, meaning maintenance announced at least seventy-two (72) hours in advance;
• (b) Emergency Maintenance, meaning unplanned maintenance required to address a security risk, stability risk, or imminent service-impacting condition;
• (c) Downtime caused by factors outside Cloudasys's reasonable control, including force majeure events;
• (d) Failures resulting from Customer's actions, configurations, or third-party services;
• (e) Trial, Demo, or Beta accounts;
• (f) Accounts with outstanding balances or in violation of this Agreement;
• (g) Network issues outside of Cloudasys's datacenter facilities.

For clarity, the Service Level Agreement applies only to infrastructure availability of Production Services. The SLA does not apply to recovery outcomes, failover success, data consistency, recovery time, recovery point objectives, or business continuity results associated with Disaster Recovery as a Service (DRaaS).

7.7 No Guarantee of Recovery Outcomes

CLOUDASYS DOES NOT GUARANTEE THAT USE OF DRaaS WILL RESULT IN SUCCESSFUL RECOVERY, FAILOVER, OR CONTINUITY OF CUSTOMER OPERATIONS.

DRaaS provides infrastructure capabilities only. Actual recovery outcomes depend on Customer's configurations, testing, operational readiness, and external factors beyond Cloudasys's control. Customer is solely responsible for validating that DRaaS configurations meet Customer's business requirements through regular testing and verification.

7.8 Scheduled Maintenance

Cloudasys performs routine maintenance to ensure optimal performance and security. Whenever possible, maintenance will be scheduled during off-peak hours (typically between 12:00 AM and 6:00 AM Mountain Time). Customer will receive advance notice via email for scheduled maintenance windows. Cloudasys may also provide maintenance and incident updates through Cloud Command and/or a public status page, in addition to email.

8. BILLING AND PAYMENT

8.1 Subscription Fees

Customer agrees to pay all fees associated with the Services as set forth in the applicable pricing schedule or Order Form. All fees are quoted in United States Dollars (USD) unless otherwise specified.

8.2 Billing Cycle

Services are billed monthly in advance. Customer's billing date is established on the date of initial subscription. For subscriptions initiated after the twenty-eighth (28th) day of any month, the billing date defaults to the twenty-eighth (28th) of each subsequent month.

8.3 Automatic Payment

By subscribing to the Services, Customer authorizes Cloudasys to automatically charge the payment method on file on each billing date. Customer is responsible for maintaining accurate and current payment information.

8.4 Usage-Based Charges

Certain Services include usage-based components that are billed in addition to the base subscription fee:

• (a) Snapshots: Snapshot storage is charged at a minimum of $1.99 USD per snapshot per month. If storage consumption exceeds the minimum threshold, charges are calculated based on actual storage used. All snapshots are billed assuming a thirty (30) day retention period.
• (b) Snapshot Early Deletion Credits: If Customer deletes a snapshot before the thirty (30) day billing period concludes, a pro-rated credit will be applied to Customer's account for the unused portion.
• (c) Backups: Backup storage is billed per storage bucket based on the selected backup plan and storage consumption.

8.5 Late Payment

Payment is due on the billing date. If payment is not received within fifteen (15) days of the billing date, the following shall apply:

• (a) A late fee of ten percent (10%) of the outstanding balance will be added to Customer's account;
• (b) Cloudasys may suspend Customer's access to the Services until payment is received;
• (c) Cloudasys reserves the right to terminate the Agreement and delete Customer Data pursuant to Sections 10 and 11.

8.6 Taxes

All fees are exclusive of applicable taxes, levies, or duties. Customer is responsible for paying all such taxes, excluding taxes based on Cloudasys's net income. If Cloudasys is required to collect or pay taxes on Customer's behalf, such amounts will be invoiced to Customer.

8.7 Price Changes

Cloudasys reserves the right to modify pricing at any time. For existing subscriptions, price changes will take effect at the start of the next billing cycle following at least thirty (30) days' written notice. Customer's continued use of the Services after the price change constitutes acceptance of the new pricing.

8.8 Disputes

If Customer believes any invoice contains an error, Customer must notify Cloudasys in writing within thirty (30) days of the invoice date. Failure to dispute an invoice within this period constitutes acceptance of the charges.

8.9 No Refunds

Except as expressly provided in this Agreement (including Service Credits under Section 7), all fees are non-refundable. Customer will not receive a refund for any partial month of service or unused resources upon termination.

9. DATA AND SECURITY

9.1 Data Ownership

Customer retains all right, title, and interest in and to Customer Data. Cloudasys acquires no rights to Customer Data except the limited rights necessary to provide the Services.

9.2 Data Location

Customer Data is stored in Cloudasys datacenter facilities located in the United States. The specific datacenter location may vary based on the Services selected and availability. Customer may request information about data location by contacting Cloudasys support.

9.3 Security Measures

Cloudasys implements commercially reasonable physical, technical, and administrative security measures designed to protect the Services infrastructure against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:

• (a) Physical security controls at datacenter facilities, including access controls, surveillance, and environmental monitoring;
• (b) Network security measures including firewalls, intrusion detection, and traffic monitoring;
• (c) Encryption of data in transit using industry-standard TLS protocols;
• (d) Regular security assessments and vulnerability scanning of infrastructure components.

9.4 Datacenter Compliance

Cloudasys utilizes datacenter facilities that maintain SOC 2 compliance certifications. Copies of datacenter compliance reports may be available upon request subject to confidentiality restrictions.

9.5 Customer Security Responsibility

CLOUDASYS PROVIDES INFRASTRUCTURE SERVICES ONLY. CUSTOMER IS SOLELY RESPONSIBLE FOR:

• (a) Security of applications, software, and configurations deployed on the Services;
• (b) Access controls and authentication for Customer's virtual machines and applications;
• (c) Operating system patching, updates, and security configurations;
• (d) Application-level encryption and data protection;
• (e) Compliance with industry-specific regulations applicable to Customer's business.

9.6 No Compliance Certifications

THE SERVICES ARE NOT DESIGNED, CERTIFIED, OR WARRANTED TO MEET THE REQUIREMENTS OF ANY SPECIFIC REGULATORY FRAMEWORK, INCLUDING BUT NOT LIMITED TO HIPAA, PCI-DSS, SOC 2, OR SIMILAR CERTIFICATIONS.

Customers requiring compliance with such frameworks are responsible for implementing appropriate controls and should consult with qualified professionals to ensure their use of the Services meets applicable requirements.

9.7 Data Processing

Cloudasys will process Customer Data only as necessary to provide the Services and in accordance with Customer's documented instructions. Cloudasys will not access, use, disclose, or process Customer Data for any purpose other than providing the Services except as required by law.

9.8 Third-Party Services

Customer may integrate third-party services, applications, or backup solutions with the Services. Cloudasys is not responsible for the security, availability, or performance of any third-party services, including but not limited to third-party backup solutions or cloud synchronization services that are not directly provided by Cloudasys.

9.9 Third-Party Service Providers and Managed Service Providers

If Customer engages a third-party managed service provider (MSP), consultant, IT professional, or partner to design, configure, manage, or maintain Customer's use of the Services, including disaster recovery configurations, Cloudasys shall have no responsibility or liability for such third party's actions, recommendations, configurations, or failures. Customer remains solely responsible for the actions of any third party acting on Customer's behalf. Customer is solely responsible for any representations, warranties, service levels, recovery commitments, or other promises Customer or its MSP makes to any third party regarding the Services.

9.10 Security Incident Notification

In the event of a security incident affecting Cloudasys infrastructure, Cloudasys will notify affected Customers in accordance with applicable law. Cloudasys will provide notices to the email address associated with Customer's Account, and Customer is responsible for keeping such contact information current. Failure to receive notice due to outdated or inaccurate contact information shall not constitute a failure by Cloudasys to provide notice.

CUSTOMER ACKNOWLEDGES AND AGREES THAT:

• (a) Cloudasys is not responsible for notifying Customer's end users, clients, or any third parties of security incidents;
• (b) Cloudasys is not responsible for Customer's regulatory notification obligations, including but not limited to notifications to data protection authorities or affected individuals;
• (c) Cloudasys's incident response obligations are limited to the infrastructure layer and do not extend to Customer applications, data, or configurations;
• (d) Customer is solely responsible for developing and executing its own incident response plan for incidents affecting Customer Data or applications.

9.11 No Professional or Advisory Services

THE SERVICES ARE INFRASTRUCTURE SERVICES ONLY. CLOUDASYS DOES NOT PROVIDE AND THIS AGREEMENT DOES NOT INCLUDE:

• (a) Professional services, consulting, or advisory services of any kind;
• (b) Design, architecture, or implementation services for Customer's applications or systems;
• (c) Disaster recovery planning, business continuity consulting, or recovery strategy development;
• (d) Security assessments, compliance audits, or regulatory guidance;
• (e) Managed services beyond the infrastructure Services expressly described herein.

Any technical assistance, documentation, or guidance provided by Cloudasys support personnel is provided for informational purposes only and does not constitute professional advice. Customer should consult qualified professionals for matters requiring specialized expertise. Notwithstanding the foregoing, if the parties execute a Statement of Work, the scope and terms of those services will be governed by that SOW and any applicable Service Addendum.

10. DATA RETENTION AND DELETION

10.1 Active Account Data

While Customer's Account is active and in good standing, Cloudasys will retain Customer Data in accordance with the Services being provided.

10.2 Post-Termination Retention

Upon termination or expiration of this Agreement, Cloudasys will retain Customer Data for a period of seven (7) calendar days (the "Retention Period"). This includes:

• (a) Virtual Machines and associated disk images;
• (b) Snapshots created through the Services;
• (c) Backups stored on Cloudasys infrastructure.

10.3 Data Export

Customer is solely responsible for exporting or migrating Customer Data prior to termination. During the Retention Period, Customer may request data export assistance, which may be subject to additional fees.

10.4 Data Deletion

Following the Retention Period, Cloudasys will delete all Customer Data from its systems. This deletion is permanent and irreversible. Cloudasys shall have no liability for the deletion of Customer Data in accordance with this Section.

10.5 Exclusions from Retention

The data retention obligations in this Section do not apply to:

• (a) Third-party backup solutions or cloud synchronization services not directly provided by Cloudasys;
• (b) Data stored outside of Cloudasys infrastructure;
• (c) Trial or Demo Account data, which may be deleted immediately upon expiration.

11. TERM AND TERMINATION

11.1 Term

This Agreement commences on the Effective Date and continues on a month-to-month basis until terminated by either party in accordance with this Section.

11.2 Termination for Convenience

Either party may terminate this Agreement for any reason by providing written notice at least thirty (30) days prior to the desired termination date. Termination will be effective at the end of the billing cycle following the notice period.

11.3 Termination for Cause

Either party may terminate this Agreement immediately upon written notice if:

• (a) The other party materially breaches this Agreement and fails to cure such breach within thirty (30) days of receiving written notice;
• (b) The other party becomes insolvent, files for bankruptcy, or ceases business operations.

11.4 Immediate Termination by Cloudasys

Cloudasys may suspend or terminate Customer's access immediately, without prior notice, if:

• (a) Customer violates the Acceptable Use Policy (Section 6);
• (b) Customer's use poses a security risk to Cloudasys or other customers;
• (c) Required by law enforcement or legal process;
• (d) Customer's account has been delinquent for more than fifteen (15) days.

11.5 Effect of Termination

Upon termination:

• (a) Customer's access to the Services will cease;
• (b) All outstanding fees become immediately due and payable;
• (c) Customer Data will be handled in accordance with Section 10;
• (d) Sections that by their nature should survive will survive termination, including but not limited to Sections 9 (Data), 12 (IP), 13 (Confidentiality), 14 (Warranties), 15 (Liability), and 16 (Indemnification).

12. INTELLECTUAL PROPERTY

12.1 Cloudasys Property

Cloudasys retains all right, title, and interest in and to the Services, including all software, technology, documentation, interfaces, and intellectual property embodied therein. This Agreement does not grant Customer any rights to use Cloudasys's trademarks, logos, or brand features.

12.2 Customer Property

Customer retains all right, title, and interest in and to Customer Data and any intellectual property created by Customer independent of the Services.

12.3 Feedback

If Customer provides suggestions, ideas, or feedback regarding the Services ("Feedback"), Cloudasys may use such Feedback without restriction or compensation. Customer hereby grants Cloudasys a perpetual, irrevocable, royalty-free license to use, modify, and incorporate Feedback into the Services.

12.4 License to Customer Data

Customer grants Cloudasys a limited, non-exclusive license to access, use, and process Customer Data solely as necessary to provide the Services in accordance with this Agreement.

13. CONFIDENTIALITY

13.1 Confidential Information

"Confidential Information" means any non-public information disclosed by one party to the other, whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and circumstances of disclosure. Confidential Information includes, but is not limited to: business plans, technical data, pricing information, customer lists, and Customer Data.

13.2 Protection Obligations

Each party agrees to: (a) maintain the confidentiality of the other party's Confidential Information; (b) use such information only as necessary to fulfill its obligations under this Agreement; (c) protect such information using the same degree of care it uses to protect its own confidential information, but in no event less than reasonable care.

13.3 Exclusions

Confidential Information does not include information that: (a) is or becomes publicly available without breach of this Agreement; (b) was known to the receiving party prior to disclosure; (c) is independently developed without use of the disclosing party's Confidential Information; (d) is lawfully obtained from a third party without confidentiality restrictions.

13.4 Required Disclosure

A party may disclose Confidential Information if required by law, court order, or governmental authority, provided the disclosing party gives the other party prompt notice (where legally permitted) and reasonable assistance in opposing the disclosure.

14. WARRANTIES AND DISCLAIMERS

14.1 Cloudasys Warranties

Cloudasys represents and warrants that:

• (a) It has the authority to enter into this Agreement and provide the Services;
• (b) The Services will be performed in a professional and workmanlike manner consistent with industry standards;
• (c) The Services will substantially conform to the documentation provided by Cloudasys.

14.2 Customer Warranties

Customer represents and warrants that:

• (a) Customer has the authority to enter into this Agreement;
• (b) Customer owns or has the necessary rights to use Customer Data;
• (c) Customer's use of the Services will comply with all applicable laws and this Agreement.

14.3 DISCLAIMER OF WARRANTIES

EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE." CLOUDASYS DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE OF TRADE.

CLOUDASYS DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR SECURE. CLOUDASYS DOES NOT WARRANT THAT ANY DEFECTS WILL BE CORRECTED OR THAT THE SERVICES WILL MEET CUSTOMER'S REQUIREMENTS.

15. LIMITATION OF LIABILITY

15.1 EXCLUSION OF CONSEQUENTIAL DAMAGES

TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA, OR OTHER INTANGIBLE LOSSES, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

15.2 LIABILITY CAP

TO THE MAXIMUM EXTENT PERMITTED BY LAW, CLOUDASYS'S TOTAL CUMULATIVE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT, OR OTHERWISE, SHALL NOT EXCEED THE TOTAL AMOUNT PAID BY CUSTOMER TO CLOUDASYS DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

15.3 Exceptions

The limitations in this Section 15 do not apply to: (a) Customer's payment obligations; (b) either party's indemnification obligations; (c) breaches of confidentiality obligations; (d) violations of the other party's intellectual property rights; or (e) claims arising from gross negligence or willful misconduct.

15.4 Basis of the Bargain

Customer acknowledges that the fees reflect the allocation of risk set forth in this Agreement and that Cloudasys would not enter into this Agreement without these limitations.

16. INDEMNIFICATION

16.1 Customer Indemnification

Customer shall defend, indemnify, and hold harmless Cloudasys and its officers, directors, employees, and agents from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from:

• (a) Customer's use of the Services;
• (b) Customer Data or any content Customer provides through the Services;
• (c) Customer's violation of this Agreement;
• (d) Customer's violation of any applicable law or third-party rights;
• (e) Any security incident arising from Customer's credentials, configurations, or failure to maintain reasonable security controls.

16.2 Cloudasys Indemnification

Cloudasys shall defend, indemnify, and hold harmless Customer from any third-party claim that the Services, as provided by Cloudasys, infringe any valid United States patent or copyright, provided that Customer: (a) promptly notifies Cloudasys of the claim; (b) grants Cloudasys sole control of the defense and settlement; and (c) provides reasonable cooperation.

16.3 Limitations on Cloudasys Indemnification

Cloudasys's indemnification obligation does not apply to claims arising from: (a) modifications to the Services not made by Cloudasys; (b) combination of the Services with third-party products or services; (c) Customer Data; (d) Customer's continued use of allegedly infringing Services after being notified of alternatives.

17. INTERNATIONAL CUSTOMERS

17.1 International Access

The Services are operated from the United States. Customers accessing the Services from outside the United States do so at their own initiative and are responsible for compliance with local laws.

17.2 Data Transfer

By using the Services, international customers consent to the transfer and processing of Customer Data in the United States. Customer represents that it has obtained any necessary consents for such transfer from individuals whose data is included in Customer Data.

17.3 Currency

All prices and payments are in United States Dollars (USD). International customers are responsible for any currency conversion fees or foreign transaction fees charged by their payment provider.

17.4 Export Compliance

Customer agrees to comply with all applicable export laws and regulations. Customer shall not access or use the Services in any country subject to comprehensive United States trade sanctions or by any person designated on a prohibited parties list maintained by the United States government.

18. DISPUTE RESOLUTION

18.1 Governing Law

This Agreement shall be governed by and construed in accordance with the laws of the State of Colorado, United States, without regard to its conflict of law principles.

18.2 Informal Resolution

Before initiating any formal dispute resolution proceedings, the parties agree to attempt to resolve any dispute informally by contacting each other directly. A party with a dispute must send written notice describing the nature of the dispute and proposed resolution. The parties shall engage in good faith negotiations for at least thirty (30) days before pursuing other remedies.

18.3 Arbitration

Any dispute not resolved through informal negotiation shall be finally resolved by binding arbitration administered by the American Arbitration Association ("AAA") in accordance with its Commercial Arbitration Rules. The arbitration shall be conducted by a single arbitrator in Denver, Colorado. The arbitrator's decision shall be final and binding, and judgment may be entered in any court of competent jurisdiction.

18.4 Class Action Waiver

TO THE MAXIMUM EXTENT PERMITTED BY LAW, CUSTOMER AGREES THAT ANY DISPUTE RESOLUTION PROCEEDINGS WILL BE CONDUCTED ONLY ON AN INDIVIDUAL BASIS AND NOT IN A CLASS, CONSOLIDATED, OR REPRESENTATIVE ACTION.

18.5 Injunctive Relief

Notwithstanding the foregoing, either party may seek injunctive or other equitable relief in any court of competent jurisdiction to protect its intellectual property rights or Confidential Information.

18.6 Venue

For any matters not subject to arbitration (including actions permitted under Section 18.5), the parties consent to the exclusive jurisdiction of the state and federal courts located in Denver, Colorado.

19. GENERAL PROVISIONS

19.1 Entire Agreement

This Agreement, together with any Order Forms, Service Addenda, or Statements of Work incorporated by reference, constitutes the entire agreement between the parties and supersedes all prior or contemporaneous agreements, representations, and understandings. Customer acknowledges that it is not relying on any oral or informal representations not expressly set forth in this Agreement or an applicable Order Form, Service Addendum, or Statement of Work.

19.2 Amendment

Cloudasys may modify this Agreement at any time by posting a revised version on its website. Material changes will be communicated via email or through the Services. Continued use of the Services after changes become effective constitutes acceptance of the modified Agreement.

19.3 Assignment

Customer may not assign or transfer this Agreement without Cloudasys's prior written consent. Cloudasys may assign this Agreement in connection with a merger, acquisition, or sale of all or substantially all of its assets. Any attempted assignment in violation of this Section is void.

19.4 Waiver

The failure of either party to enforce any right or provision of this Agreement shall not constitute a waiver of such right or provision. Any waiver must be in writing and signed by the waiving party.

19.5 Severability

If any provision of this Agreement is held invalid or unenforceable, the remaining provisions shall continue in full force and effect. The invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable.

19.6 Force Majeure

Neither party shall be liable for any failure or delay in performance due to causes beyond its reasonable control, including but not limited to: acts of God, natural disasters, war, terrorism, riots, embargoes, acts of civil or military authorities, fire, floods, epidemics, strikes, or failures of third-party telecommunications or power supply. This Section does not excuse Customer's payment obligations.

19.7 Notices

All notices under this Agreement must be in writing. Legal notices to Cloudasys must be sent to: Cloudasys, LLC, 834-F S Perry Street #1427, Castle Rock, CO 80104, United States, or to legal@cloudasys.com. Support requests should be directed to support@cloudasys.com. Notices to Customer will be sent to the email address associated with Customer's Account. Email notices are deemed received on the next business day after sending, provided no bounce-back or delivery failure notice is received by the sender. Notices sent by certified mail (return receipt requested) are deemed received upon delivery as shown by the carrier's records.

19.8 Independent Contractors

The parties are independent contractors. Nothing in this Agreement creates a partnership, joint venture, agency, or employment relationship between the parties.

19.9 Third-Party Beneficiaries

This Agreement does not confer any rights or benefits on any third party, except as expressly stated herein.

19.10 Headings

Section headings are for convenience only and do not affect the interpretation of this Agreement.

19.11 Language

This Agreement is written in English. If translated into another language, the English version shall prevail in case of conflict.

19.12 Order of Precedence

If any Order Form, Service Addendum, or Statement of Work executed by the parties conflicts with the terms of this Agreement, the Order Form, Service Addendum, or Statement of Work shall control with respect to the specific Service or transaction to which it applies. Such conflict shall not affect the interpretation of this Agreement as applied to any other Service or transaction.

20. CONTACT INFORMATION

For questions about this Agreement or the Services, please contact: