Verbatim AI API Terms of Service

Last Updated: May 1st, 2025

These API Terms and Conditions are an agreement between Verbatim AI, a Digital Labs company (“Verbatim AI”) and you (“Customer”) that governs Customer’s access to and use of the API Platform and other Verbatim AI Materials (each, as defined below). By creating an account to use the Verbatim AI Materials or by accessing or using the Verbatim AI Materials, Customer agrees to be bound by these API Terms and Conditions. If you are an individual using the Verbatim AI Materials on behalf of an entity, then “Customer” includes you and the entity, and you represent to Verbatim AI that (a) you are an authorized representative of the Customer entity with the authority to bind the Customer entity to these API Terms and Conditions, and (b) you agree to these API Terms and Conditions on the entity’s behalf.

These API Terms and Conditions also refer to and incorporate the Data Processing Agreement (“DPA”), and any other guidelines or policies we may provide in writing and any ordering document signed by Customer and Verbatim AI or Verbatim AI webpage that Customer uses to purchase access to the Verbatim AI Materials (the “Order,” and together with the DPA and these API Terms and Conditions, the “Agreement”).

DEFINITIONS. As used herein, the following capitalized terms shall carry the indicated meanings, and other capitalized terms shall have the meaning set forth for such term elsewhere in the Agreement:

“API Documentation” means any reference materials relating to integration with the API Platform which may be provided by Verbatim AI to Customer from time to time.

“API Key” or " API token" means each unique identifier or credential issued by Verbatim AI to Customer that must be sent as part of each Call.

“API Platform” means Verbatim AI’s proprietary API integration platform intended to allow software applications that are integrated with the API Platform to send requests to and receive responses from multiple open-source large language models (“LLMs”);

“Call” means any request for a response or result from the API Platform enabled by Verbatim AI to be sent to the API Platform, as set forth in the API Documentation.

“Customer Application” means the software and other applications that Customer integrates with the API Platform.

“Response” means a response sent by the API Platform in response to a Call.

USE OF PLATFORM.

Right to Use. Subject to all terms and conditions of the Agreement, including Customer’s compliance with all payment obligations hereunder, Customer may, on a non-exclusive and non-transferable (except in connection with a permitted assignment under Section 10.4) basis during the term of the Agreement: (i) internally use the API Documentation for purposes of enabling and maintaining the integration between the Customer Application and the API Platform, and (ii) following the successful completion of such integration, use the Customer Application to send Calls and receive and display corresponding Responses within the Customer Application through the API Platform, in each case through use of the API Key provided by Verbatim AI and in accordance with the most current API Documentation. Customer acknowledges and agrees that Verbatim AI reserves the right to suspend or terminate Customer’s access to the API Platform and the other Verbatim AI Materials for any or no reason.

Restrictions. Customer is solely responsible for all content, including but not limited to code, video, images, information, data, text, software, messages, or other materials (“Customer Content”) that Customer or its users transmits via the API Platform. Customer’s use of the API Platform may also be subject to license and use restrictions set forth in the applicable LLM license. Verbatim AI reserves the right to investigate and take appropriate legal action against anyone who, in Verbatim AI’s sole discretion, violates this Section 2.2, including without limitation, removing the offending Customer Content from Verbatim AI’s website or API Platform, suspending or terminating the account of such violators, and reporting them to applicable law enforcement authorities. Customer has no right or license to, and shall not nor permit others to:

upload or transmit any Customer Content that: (i) infringes any intellectual property or other proprietary rights of any party; (ii) is prohibited under any law or contractual or other relationships; (iii) contains software viruses or any other computer code, files, or programs designed to interrupt, destroy, or limit the functionality of any computer software or hardware or telecommunications equipment; (iv) poses or creates a privacy or security risk to any person; (v) constitutes unsolicited or unauthorized advertising, promotional materials, commercial activities and/or sales, “junk mail,” “spam,” “chain letters,” “pyramid schemes,” “contests,” “sweepstakes,” or any other form of solicitation; (vi) is unlawful, harmful, threatening, abusive, harassing, tortious, excessively violent, defamatory, vulgar, obscene, pornographic, libelous, invasive of another’s privacy, hateful racially, ethnically or otherwise objectionable; or (vii) in the sole judgment of Verbatim AI, is objectionable or which restricts or inhibits any other person from using or enjoying Verbatim AI’s website or the API Platform, or which may expose Verbatim AI or its users to any harm or liability of any type;

copy, distribute, rent, lease, lend, sublicense, transfer or make derivative works of the API Platform, API Documentation, API Key, or any related materials provided by Verbatim AI (collectively, the “Verbatim AI Materials”) or use any of the foregoing on a service bureau basis;

decompile, reverse engineer, or disassemble the Verbatim AI Materials or otherwise attempt to discover the source code of the Verbatim AI Materials;

use the Verbatim AI Materials to create or make available an application programming interface or other product or service similar to, or that would otherwise be a substitute for, the API Platform;

engage in any activity with the Verbatim AI Materials that interferes with, disrupts, damages or accesses in an unauthorized manner the servers, networks or other properties or services of Verbatim AI or any third party;

violate, encourage the violation of, or offer guidance on violating any applicable local, state, national, or international law, or any regulations having the force of law;

pretend to be someone or something else, or provide false information or misrepresent Customer’s connection to a person or entity;

solicit personal information from anyone under the age of 18;

gather or accumulate email addresses or any contact details of other users from Verbatim AI’s website or the API Platform through electronic or alternative methods with the intent of dispatching unsolicited emails or other unrequested communications; or

utilize the API Platform to generate harmful or offensive content (as determined solely by Verbatim AI) or any content that breaches a Verbatim AI policy; or employ the API Platform (or any aspect thereof or the technology within) in a way that infringes upon, wrongfully appropriates, or otherwise breaches the intellectual property rights or any other rights of individuals, or contravenes any applicable laws.

Customer Account. To use the Verbatim AI Materials, Customer will need to create an account (“Account”). Customer agrees to provide Verbatim AI with accurate, complete and updated information in Customer’s Account. Customer is solely responsible for any activity on its Account and for maintaining the confidentiality and security of Customer’s password. Verbatim AI is not liable for any acts and omissions by Customer in connection with its Account. Customer shall immediately notify Verbatim AI if Customer expects its account or password have been stolen, misappropriated or otherwise compromised, or in case of any actual or suspected unauthorized use of Customer’s Account.

API Key. Customer is responsible for the compliance with this Agreement of any and all persons accessing the API Platform using any API Key. Customer shall use all reasonable means to secure API Keys, and shall promptly notify Verbatim AI if it suspects that any API Key has been compromised.

Data. Customer agrees that Verbatim AI may use and disclose all data submitted to the API Platform through the Customer Application as follows: (i) Verbatim AI may use and disclose such data as is reasonably necessary or desirable for purposes of providing the functionality of the API Platform to Customer and end users of the Customer Application during the term of the Agreement (and for such additional period set forth in Section 9.2, if applicable); (ii) Verbatim AI may use such data for its internal business purposes (e.g., for informing its product development efforts); (iii) Verbatim AI may engage in analysis and processing of such data and disclose the results of such analysis and processing; provided that such results do not identify Customer or any of its employees, agents, clients or end users; and (iv) Verbatim AI may disclose such data to the extent required by applicable law or legal process. Unless otherwise agreed in writing by the parties, Verbatim AI does not receive any “Personal Data” through the API Platform (including about any authorized end user who submits data to the API Platform), as such term is defined in the DPA, and instead receives log information and metadata relating to any Call. Notwithstanding the foregoing, the parties agree that the DPA applies to the extent that Personal Data is received by Verbatim AI from Customer or end users of Customer through the API Platform.

INTELLECTUAL PROPERTY. As between the parties, Verbatim AI retains all right title and interest, including all intellectual property rights, in and to the Verbatim AI Materials and any and all improvements, modifications or enhancements thereto, well as all related software programs, data, documentation, specifications, descriptions, algorithms, methods, processes, techniques and know-how (the “Verbatim AI Property”). Verbatim AI shall be free to use, implement and exploit in any manner any and all ideas, suggestions, recommendations and/or feedback from Customer and/or its personnel relating to the Verbatim AI Property. As between the parties, Customer retains all intellectual property rights in and to all Customer Content (subject to Verbatim AI’s ownership of any Verbatim AI Materials contained therein).

FEES.

Usage Fees. Customer agrees to pay the fees charged to its Account according to the prices and terms on the Pricing Page, or as otherwise stated in an Order. All price changes will be effective thirty (30) days after they are posted, unless such changes are made for legal reasons, in which case, they will be effective immediately. Verbatim AI has the right to correct pricing errors or mistakes even after issuing an invoice or receiving payment. Customer hereby authorizes Verbatim AI and its third-party payment processor(s) to charge the payment method provided through Customer’s Account on a monthly basis (or other periodic basis set forth in an Order), but Verbatim AI may reasonably change the date on which the charge is posted. If Verbatim AI issues an invoice, Customer shall pay such invoice within thirty (30) days of the invoice date. Any payments due to Verbatim AI under the Agreement not received by the date due will be subject to a late fee of 1.5% per month, or the maximum charge permitted by law, whichever is less. All payments are non-refundable and must be made in U.S. dollars.

Taxes. Customer is responsible for paying any and all withholding, sales, value added or other taxes, duties or charges applicable to the fees payable by Customer under this Agreement, other than taxes based on Verbatim AI’s income.

CONFIDENTIALITY

Confidential Information. Each party (the “receiving party”) shall keep confidential and not disclose to any third party all information and materials provided or made available by the other party (the “disclosing party”) which the receiving party should reasonably understand to be confidential or proprietary to the disclosing party due to its content and/or the circumstances surrounding its disclosure (“Confidential Information”). Without limitation, the API Documentation, API Keys, features, functionality and performance of the API Platform, and any information regarding potential or actual modifications or updates to any of the foregoing constitutes Confidential Information of Verbatim AI. “Confidential Information” shall not include any Personal Data provided by Customer or end users of Customer.

Protection of Confidential Information. The receiving party agrees: (i) to protect the confidentiality of the disclosing party’s Confidential Information with at least the same degree of care that it utilizes with respect to its own similar confidential information; (ii) not to disclose or otherwise permit any other person or entity access to, in any manner, the Confidential Information, or any part thereof in any form whatsoever, except that such disclosure or access shall be permitted to an employee of the receiving party requiring access to the Confidential Information in the course of his or her employment in connection with this Agreement and who has signed an agreement obligating the employee to maintain the confidentiality of the confidential information of third parties in the receiving party’s possession; (iii) to notify the disclosing party promptly and in writing of the circumstances surrounding any suspected possession, use or knowledge of the Confidential Information or any part thereof at any location or by any person or entity other than those authorized by this Agreement; and (iv) not to use the Confidential Information for any purpose other than as explicitly set forth herein.

Exceptions. Confidential Information shall not include information that: (a) was rightfully possessed by the receiving party without restrictions before it was received from the disclosing party, as supported by documentary evidence; (b) is independently developed by the receiving party without reference to or use of the disclosing party’s information or data, as supported by documentary evidence; (c) is subsequently furnished to the receiving party by a third party not under any obligation of confidentiality with respect to such information or data, and without restrictions on use or disclosure; or (d) is or becomes available to the general public otherwise than through any act or default of the receiving party. In addition, the receiving party shall not be in breach of this Section 5 for any disclosure of Confidential Information required by law or legal process, provided that in the event of such requirement the receiving party shall (other than to the extent prohibited by law) provide prior written notice to the disclosing party and reasonably cooperate, at the disclosing party’s expense, with any efforts by the disclosing party to contest or limit such disclosure requirement (e.g., a protective order).

Injunctive Relief. Because the unauthorized use, transfer or dissemination of any Confidential Information provided may diminish substantially the value of such information and may irreparably harm the disclosing party, the disclosing party shall, without limiting its other rights or remedies, be entitled to equitable relief, including but not limited to injunctive relief, with respect to any actual or threatened breach of the provisions of this Section 5 by the receiving party.

REPRESENTATIONS AND WARRANTIES. Each party represents and warrants to the other party that: (i) it has the requisite power and authority and the legal right to enter into the Agreement and to perform its obligations hereunder; and (ii) the entry into the Agreement and the performance of such party’s obligations hereunder do not conflict with, or constitute a default under, any contractual obligation of such party.

LIMITATION OF LIABILITY; DISCLAIMERS.

EXCEPT AS EXPRESSLY SET FORTH HEREIN, THE API PLATFORM, API KEYS, AND API DOCUMENTATION ARE PROVIDED “AS IS” AND “WITH ALL FAULTS” AND Verbatim AI MAKES NO EXPRESS OR IMPLIED WARRANTIES OF ANY KIND WITH RESPECT THERETO OR THE SUBJECT MATTER OF THIS AGREEMENT AND DISCLAIMS ALL OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT OR FITNESS FOR A PARTICULAR PURPOSE. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, Verbatim AI MAKES NO REPRESENTATION OR WARRANTY THAT THE API PLATFORM SHALL BE ERROR-FREE, THAT DEFECTS WILL BE CORRECTED OR THAT ACCESS TO THE API PLATFORM WILL BE UNINTERRUPTED. CUSTOMER ACKNOWLEDGES AND AGREES THAT Verbatim AI SHALL HAVE NO LIABILITY RESULTING FROM ANY FAILURE OR DEFECT IN THE API PLATFORM, API KEYS, OR API DOCUMENTATION.

OTHER THAN INDEMNIFICATION OBLIGATIONS UNDER SECTION 8 OR A BREACH OF SECTION 5, AND LIABILITY ARISING FROM A PARTY’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW: (I) IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR SPECIAL, INCIDENTAL, CONSEQUENTIAL OR OTHER INDIRECT DAMAGES ARISING OUT OF OR RELATING TO THIS AGREEMENT, INCLUDING WITHOUT LIMITATION ANY LOST PROFITS OR BUSINESS, REGARDLESS OF THE FORESEEABILITY OR ANY NOTICE OF SUCH DAMAGES AND REGARDLESS OF THE THEORY OF LIABILITY; AND (II) THE TOTAL AGGREGATE LIABILITY OF EACH PARTY ARISING OUT OF OR RELATED TO THIS AGREEMENT WILL NOT EXCEED THE AMOUNTS PAID BY CUSTOMER TO Verbatim AI UNDER THE AGREEMENT, REGARDLESS OF THE THEORY OF LIABILITY.

INDEMNIFICATION. Customer agrees to indemnify and hold harmless Verbatim AI and its directors, officers, employees or agents (the “Verbatim AI Indemnitees”) from and against any liabilities, damages, interest, losses, costs, expenses (including reasonable attorneys’ fees) to the extent arising out of Customer’s use of the Verbatim AI Materials or Responses or from the Customer Application.

TERM & TERMINATION

Term. This Agreement shall commence upon the earlier of Customer’s online acceptance of these API Terms and Conditions, the effective date of and Order or the date Customer first uses the API Platform or other Verbatim AI Materials and shall continue until terminated in accordance with Section 9.2.

Termination Rights. This Agreement may be terminated at any time by either party, effective immediately upon notice, if the other party: breaches any of its material obligations under this Agreement and the breach is not cured within thirty (30) days from written notice of such breach from the other party (provided that Verbatim AI may terminate the Agreement immediately if Customer breaches Section 2.1). Verbatim AI may terminate the Agreement for any or no reason by providing written notice to Customer at least thirty (30) days before the desired termination date (“Termination for Convenience”) or immediately if the Verbatim AI Materials or the provision thereof under the Agreement are suspected to infringe or otherwise violate a third party’s intellectual property rights or violate applicable laws, rules or regulations. For six (6) months immediately following a Termination for Convenience, each party shall continue to perform its obligations under this Agreement with respect to Customer’s then existing and current users of the API Platform through the Customer Application and all terms of this Agreement shall govern such performance; provided, that Customer may not implement new uses of the API Platform or other Verbatim AI Materials during such six (6) month period including any new customer sales or extensions for existing customers. Nothing in this Section 9.2 limits Verbatim AI’s termination or suspension rights under Section 2.1.

Effect of Expiration or Termination. Upon the expiration or termination of this Agreement, each party shall return to the other party all Confidential Information of the other party and all copies thereof. For the avoidance of doubt, Verbatim AI may retain the data submitted to the API Platform through the Customer Application and continue to use and disclose such data solely in accordance with Section 2.5(ii)-(iv). Expiration or termination of this Agreement shall be without prejudice to any rights which shall have accrued to the benefit of a party prior to such expiration or termination. Sections 2.2, 2.4, 2.5, 3, 4, 5, 7, 8, 9.2, 9.3 and 10, survive any expiration or termination of the Agreement.

MISCELLANEOUS

10.1.Governing Law; Dispute Resolution. This Agreement shall be governed by the laws of France. The parties shall try in good faith to resolve any dispute or claim related to or arising out of this Agreement, or the interpretation, making, performance, breach or termination thereof, amicably by themselves. If the dispute or claim cannot be resolved by the parties themselves, then it shall be adjudicated exclusively by the state and federal courts located in France, Commercial court of Grenoble. Notwithstanding the foregoing, the parties may apply to any court of competent jurisdiction for temporary or permanent injunctive relief without breach of this Section 10.1.

10.2.Severability. In the event any one or more of the provisions of this Agreement are unenforceable, it shall be stricken from this Agreement but the remainder of the Agreement shall be unimpaired.

10.3.Waiver. No waiver of any term of this Agreement shall bind the party making such waiver unless in writing and signed by the party making such waiver. Any such waiver shall be effective only in the specific instance and for the specific purpose given. No waiver by a party hereto of any breach or default of any of the covenants or agreements herein set forth shall be deemed a waiver as to any subsequent and/or similar breach or default.

10.4.Assignment. Neither party may assign any of its rights or obligations under this Agreement without the prior written consent of the other party, except that either party may assign its rights and obligations under this Agreement without the consent of the other party to an affiliate of the assigning party or as part of any merger (by operation of law or otherwise), consolidation, reorganization, change in control or sale of all or substantially all of its assets related to this Agreement or similar transaction. The Agreement shall be binding upon and inure to the benefit of the permitted successors and assigns of the parties.

10.5.Independent Contractors. The relationship of the parties hereto is that of independent contractors. The parties hereto are not deemed to be agents, partners or joint venturers of the others for any purpose as a result of this Agreement or the transactions contemplated thereby.

10.6.Notices. All requests and notices required or permitted to be given to the parties hereto shall be given in writing and shall be delivered to the other party, effective on receipt. Customer shall send notices to: 115 Sansome St. Suite 900, San Francisco, CA 94104 (US); DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland (EU); or by e-mail to api@Verbatim AI.ai.

10.7.Force Majeure. In the event that either party is prevented from performing, or is unable to perform, any of its obligations under the Agreement due to any cause beyond the reasonable control of the party invoking this provision, the affected party’s performance shall be excused and the time for performance shall be extended for the period of delay or inability to perform due to such occurrence.

10.8.Publicity. Verbatim AI may reproduce and display Customer’s trademarks and logos on its websites and other marketing materials for the purpose of identifying Customer as a Customer of the API Platform.

10.9.Headings. The captions to the several sections in these API Terms and Conditions are not a part of the Agreement, but are included merely for convenience of reference only and shall not affect its meaning or interpretation.

10.10.Amendment. Verbatim AI may modify these API Terms and Conditions from time to time in which case Verbatim AI will update the “Last Revised” date at the top of these API Terms and Conditions. If Verbatim AI makes changes that are material, Verbatim AI will use reasonable efforts to attempt to notify Customer, such as by email and/or by placing a prominent notice on the first page of its website. However, it is Customer’s sole responsibility to review these API Terms and Conditions from time to time to view any such changes. The updated API Terms and Conditions will be effective as of the time of posting, or such later date as may be specified in the updated API Terms and Conditions. Customer’s continued access or use of the Verbatim AI Materials after the modifications have become effective will be deemed Customer’s acceptance of the modified API Terms and Conditions.

10.11.Entire Agreement. The Agreement constitutes the entire agreement between the parties with regard to the subject matter hereof. In entering into the Agreement, neither party is relying on any statements, representations or warranties not contained herein. In the event of any conflict between the terms of an Order, these API Terms and Conditions and the DPA, the following order of precedence shall apply unless explicitly overridden by the terms of the Order with reference to the specific affected sections of the API Terms and Conditions or DPA: (i) the DPA, (ii) the API Terms and Conditions and (iii) the Order.

DATA PROCESSING ADDENDUM

This Data Processing Addendum (“DPA”) forms part of and is incorporated into the API Terms and Conditions and any Order entered into between Customer and Verbatim AI governing Customer’s use of the API Platform (the “Agreement”). To the extent that Verbatim AI processes any Personal Data in connection Customer’s use of the API Platform, this DPA sets forth Customer’s instructions for the processing of such Personal Data and the rights and obligations of both Parties. Except as expressly set forth in this DPA, the API Terms and Conditions and Order shall remain unmodified and in full force and effect. In the event of any conflicts between this DPA and the API Terms and Conditions or an Order, this DPA will govern to the extent of the conflict.

Definitions. For the purposes of this DPA, the following terms shall have the meanings set out below. Capitalized terms used but not defined in this DPA shall have the meanings given in the API Terms and Conditions. All other capitalized terms in this DPA not otherwise defined in the API Terms and Conditions shall have the corresponding meanings given to them in Privacy Laws.

“Controller to Processor Clauses” means (i) in respect of transfers of Personal Data subject to the GDPR, the standard contractual clauses for the transfer of Personal Data to third countries set out in Commission Decision 2021/914 of 4 June 2021, specifically including Module 2 (Controller to Processor) (“EU SCCs”); and (ii) in respect of transfers of Personal Data subject to the UK GDPR, the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (version B.1.0) issued by the UK Information Commissioner (“UK Addendum”), in each case as amended, updated or replaced from time to time.

“EU/UK Privacy Laws” means, as applicable: (i) the General Data Protection Regulation 2016/679 (the “GDPR”); (ii) the Privacy and Electronic Communications Directive 2002/58/EC; (iii) the UK Data Protection Act 2018, the UK General Data Protection Regulation as defined by the UK Data Protection Act 2018 as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (together with the UK Data Protection Act 2018, the “UK GDPR”), and the Privacy and Electronic Communications Regulations 2003; and (iv) any relevant law, directive, order, rule, regulation or other binding instrument which implements any of the above, in each case, as applicable and in force from time to time, and as amended, consolidated, re-enacted or replaced from time to time.

“Personal Data” means any information that Verbatim AI processes on behalf of Customer to provide the API Platform that is defined as “personal data,” “personal information” or “personally identifiable information” under any Privacy Law.

“Privacy Laws” means, as applicable, EU/UK Privacy Laws, US Privacy Laws and any similar law of any other jurisdiction which relates to data protection, privacy or the use of Personal Data and requires Controllers and Processors to agree to specific contractual commitments regarding the processing of Personal Data, in each case, as applicable and in force from time to time, and as amended, consolidated, re-enacted or replaced from time to time.

“Processor to Processor Clauses” means (i) in respect of transfers of Personal Data subject to the GDPR, the standard contractual clauses for the transfer of personal data to third countries set out in Commission Decision 2021/914 of 4 June 2021, specifically including Module 3 (Processor to Processor); and (ii) in respect of transfers of Personal Data subject to the UK GDPR, the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (version B.1.0) issued by the UK Information Commissioner, in each case as amended, updated or replaced from time to time.

“Third Country” means any country or territory outside of the scope of the data protection laws of the European Economic Area or the UK, as relevant, excluding countries or territories approved as providing adequate protection for Personal Data by the relevant competent authority from time to time.

“EU Privacy Laws” means, as applicable, the GDPR and any similar law of any other state related to the processing of Personal Data, in each case, as applicable and in force from time to time, and as amended, consolidated, re-enacted or replaced from time to time.

The terms “Business,” “Controller,” “Processor,” “Sell,” “Service Provider,” and “Share” shall have the meaning given to them under applicable Privacy Laws.

Amendments. Customer agrees that Verbatim AI may make modifications to this DPA if changes are required for Verbatim AI to continue to process the Personal Data as contemplated by the Agreement or this DPA in compliance with Privacy Laws, or to address the legal interpretation of the Privacy Laws.

Roles of the Parties. The Parties acknowledge that in relation to any Personal Data received from Customer in providing the API Platform, for purposes of Privacy Laws, Customer is the Controller or Business and Verbatim AI is the Service Provider or Processor.

Customer Obligations: Customer shall comply with all Privacy Laws in providing Personal Data to Verbatim AI in connection with its use of the API Platform, including any integration between the Customer Application and the API Platform. Customer represents and warrants that (a) all Personal Data was collected and at all times processed and maintained by or on behalf of Customer in compliance with all Privacy Laws, including with respect to any obligations to provide notice to and/or obtain consent from individuals and (b) Customer has complied with Privacy Laws in, including having a lawful basis for, disclosing the Personal Data to Verbatim AI and enabling Verbatim AI to process the Personal Data as set out in the Agreement and this DPA. Customer shall notify Verbatim AI without undue delay if Customer makes a determination that the processing of Personal Data under the Agreement does not or will not comply with Privacy Laws, in which case, Verbatim AI shall not be required to continue processing such Personal Data.

Processing of Personal Data. The Parties agree that the details of processing are as described in Annex 1. In processing Personal Data under the Agreement, Verbatim AI shall:

only process Personal Data on documented instructions from Customer, for the limited and specific purpose described in Annex 1, unless otherwise permitted to process such Personal Data by applicable Privacy Laws, and at all times in compliance with Privacy Laws and the terms of this DPA, providing the same level of privacy protection as is required by Privacy Laws;

notify Customer promptly if it makes a determination that (i) it can no longer comply with Customer’s instructions for the processing of Personal Data, its obligations under Privacy Laws or the terms of this DPA or (ii) if it believes that the instruction of Customer infringes applicable Privacy Laws;

to the extent required by Privacy Laws, grant Customer the right to take reasonable and appropriate steps to help ensure that Verbatim AI uses the Personal Data in a manner consistent with Customer’s obligations under this DPA and Privacy Laws, and stop and remediate any unauthorized use of the Personal Data;

require that each employee or other person processing Personal Data is subject to an appropriate duty of confidentiality with respect to such Personal Data.

Prohibitions. To the extent required by Privacy Laws, Verbatim AI shall not (a) Sell or Share Personal Data, (b) retain, use, or disclose the Personal Data outside of the direct business relationship between Verbatim AI and Customer and for any purpose other than for the specific purpose of providing the API Platform to Customer or (c) combine the Personal Data received from, or on behalf of, Customer with any Personal Data that may be collected from Verbatim AI’s separate interactions with the individual(s) to whom the Personal Data relates or from any other sources.

Use of Subcontractors.

Customer hereby grants Verbatim AI general written authorization to engage the subcontractors set out in Annex 2, subject to the requirements of this Section 7.

If Verbatim AI appoints a new subcontractor or intends to make any changes concerning the addition or replacement of any subcontractor, it shall provide Customer with seven business days’ prior written notice, during which Customer can object to the appointment or replacement on reasonable and documented grounds related to the confidentiality or security of Personal Data or the subcontractor’s compliance with Privacy Laws (and if Customer does not so object, Verbatim AI may proceed with the appointment or replacement).

Verbatim AI shall engage subcontractors only pursuant to a written agreement that contains obligations on the subcontractor which are no less onerous on the relevant subcontractor than the obligations on Verbatim AI under this DPA.

In the event Verbatim AI engages a subcontractor to carry out specific processing activities on behalf of Customer pursuant to EU/UK Privacy Laws, where that subcontractor fails to fulfil its obligations, Verbatim AI shall remain fully liable under applicable EU/UK Privacy Laws to Customer for the performance of that subcontractor’s obligations.

Assistance. Verbatim AI shall, in relation to the processing of Personal Data and to enable Customer to comply with its obligations which arise as a result thereof, provide assistance to Customer, through appropriate technical and organizational measures, in entering into this DPA and:

notifying Customer of, and (if authorized by Customer) responding to, requests from individuals pursuant to their rights under Privacy Laws, including by providing, deleting or correcting the relevant Personal Data, or by enabling Customer to do the same, insofar as this is possible;

implementing reasonable security procedures and practices appropriate to the nature of the Personal Data to protect the Personal Data from unauthorized or illegal access, destruction, use, modification, or disclosure;

to the extent required by Privacy Laws, conducting data protection impact assessments and, if required, prior consultation with relevant competent authorities; and

notifying relevant competent authorities and/or affected individuals of Personal Data breaches.

Security Measures. Verbatim AI shall, taking into account the state-of-the-art, the costs of implementation and the nature, scope, context and purpose of the processing, implement appropriate technical, physical and organizational measures designed to provide a level of security appropriate to the risk, as set out in Annex 3, or otherwise agreed and documented between Customer and Verbatim AI from time to time, and shall continue to comply with them during the term of the Agreement. Verbatim AI shall provide data protection and security training to those employees and other persons authorized to access Personal Data.

Access and Audits. Upon reasonable written request of Customer, Verbatim AI shall allow for and contribute to inspections and audits regarding Verbatim AI’s compliance with its obligations under this DPA and Privacy Laws by, on Customer’s request, providing to Customer such information in Verbatim AI’s possession as is reasonably necessary to demonstrate such compliance and/or arranging for a qualified and independent auditor to conduct an assessment of Verbatim AI’s policies and technical and organizational measures for such compliance, using an appropriate and accepted control standard or framework and assessment procedure for such assessments. Verbatim AI will provide a report of such assessment to Customer upon reasonable request. Customer shall be permitted to request such information and/or audit no more than once every 12 months, upon 30 days’ advance written notice to Verbatim AI, and only after the Parties come to agreement on the scope of the audit and provided the auditor is bound by a duty of confidentiality. Notwithstanding the foregoing, in no event shall Vendor be required to give Customer access to information, facilities or systems to the extent doing so would cause Vendor to be in violation of confidentiality obligations owed to other customers or its legal obligations.

Deletion of Personal Data. At Customer’s choice and direction, Verbatim AI shall delete or return all Personal Data to Customer as requested at the end of the provision of the API Platform to Customer, unless retention of the Personal Data is required by law, in which case, Verbatim AI shall notify Customer without undue delay of such legal requirement and shall upon the expiration of such retention obligation immediately delete or return the Personal Data, at Customer’s choice and direction.

Data Transfers. To the extent Verbatim AI processes Personal Data subject to EU/UK Privacy Laws in a Third Country, and it is acting as data importer, Verbatim AI shall comply with the data importer’s obligations set out in the Controller to Processor Clauses, which are hereby incorporated into and form part of this DPA, and:

for the purposes of Annex I or Part 1 (as relevant), Customer is a controller and Verbatim AI is a processor, and the parties, contact person’s details and processing details set out in the Agreement, this DPA and Annex 1 shall apply and the Start Date is the effective date of the Agreement;

if applicable, for the purposes of Part 1 of the UK Addendum, the relevant Addendum EU SCCs (as such term is defined in the UK Addendum) are the EU SCCs as incorporated into this DPA by virtue of this Section 12;

for the purposes of Annex II or Part 1 (as relevant), the technical and organizational security measures, and the technical and organizational measures taken by Verbatim AI to assist Customer, as each are set out in Annex 3, shall apply;

if applicable, for the purposes of Annex III or Part 1 (as relevant), the list of authorized sub-contractors set out in Annex 2 shall apply; and

if applicable, for the purposes of: (i) Clause 9, Option 1 (“Specific prior authorization”) is deemed to be selected and a notice period of 30 days shall apply; (ii) Clause 11(a), the optional wording in relation to independent dispute resolution is deemed to be included; (iii) Clause 13 and Annex I.C, the competent supervisory authority shall be the Irish regulator; (iv) Clauses 17 and 18, Option 1 is deemed to be selected and the governing law and the competent courts shall be Irish law and Irish courts, respectively; (vi) Part 1, Customer as exporter may terminate the UK Addendum pursuant to Section 19 of such UK Addendum.

To the extent Verbatim AI appoints an affiliate or third-party subcontractor to process the Personal Data in a Third Country, Verbatim AI shall execute the Processor to Processor Clauses with any relevant subcontractor (including affiliates) it appoints on behalf of Customer. At Customer’s request, Verbatim AI shall enter separately into the Controller to Processor Clauses with Customer and shall take any other alternative or additional steps reasonably requested by Customer in order to ensure that Verbatim AI’s processing of Personal Data takes place in accordance with the requirements of Privacy Laws.

Annex 1

Details of Processing

Nature of the processing

The provision of the API Platform to Customer as set out in the Agreement.

Purpose(s) of the processing

The provision of the API Platform to Customer as set out in the Agreement.

Categories of individuals whose Personal Data is processed

Users of API Platform.

Categories of Personal Data processed

Email address for users of the API Platform and information provided by users in unstructured data

Types of Personal Data subject to the processing that are considered “sensitive” or “special category” under Privacy Laws

None.

Frequency (e.g. one-off or continuous) and duration of the processing

On a continuous basis, for the duration of the term of the Agreement and any post-termination retention period as set out in the Agreement.

The subject matter, nature and duration of processing carried out by any sub-processors authorized pursuant to Section 7 is as set out in this Annex 1 and in Annex 2.

Annex 2

Authorized Subcontractors

Subcontractor Name: Google Cloud Platform

Type of Service: Cloud infrastructure

Location: Worldwide

Annex 3

Security Measures

Verbatim AI maintains reasonable Security Measures in proportionate measure to the risk presented by the processing of Personal Data and otherwise relies on security measures implemented and maintained by subcontractors set out in Annex 2, including Google Cloud Platform.