Aim SaaS Agreement

Effective date: October 2025

This Software as a Service (“SaaS”) agreement  (the "Agreement”) governs Customer’s use of the Aim Security platform for artificial intelligence (“AI“) to monitor and protect users’ activities with generative AI based applications (“Services”).  Aim Security is referred to as “Company” and “Customer” refers to the legal entity that is ordering the Services from Company either directly or through a reseller or partner.  Customer and Aim Security may each be referred to individually as a “Party” and together as the “Parties.” All other capitalized terms have the definitions set forth in this Agreement.

By accessing and/or using the Services, Customer acknowledges that its representative that is placing the order for the Services has the authority to bind Customer to the terms of this Agreement and has read, understood, and agrees to be bound by this Agreement. Aim Security reserves the right to modify this Agreement and will provide notice of material changes as described below.

  1. Access Use Rights.
    During the applicable Term, as specified in an ordering form or quote  (“Ordering Document”), and solely for Customer’s internal business use, Company grants to Customer a limited, worldwide, non-exclusive, non-sublicensable, non-transferable, non-assignable right to access and use the Services. Company will provide user manuals, handbooks, and/or guides describing the specifications and use of the Services either electronically or in hard copy form (“Documentation”). Customer’s use of the Services and Documentation is limited to Customer’s employees, consultants, contractors, and agents who are authorized by Customer to access and use the Services (“Authorized User(s)”). Customer shall ensure that its Authorized Users use the Services in accordance with this Agreement and the Documentation and shall remain liable for the acts and omissions of its Authorized Users.  
  2. Title and Ownership.
    The Services, Documentation, and/or any copies thereof, including without limitation any derivative works made, as well as any enhancements, improvements, corrections, modifications, alterations, revisions, extensions and updates thereto, are not for sale and shall remain Company’s sole and exclusive property. This Agreement does not convey to Customer any interest in or to any rights not explicitly expressed.  Except for the limited use rights granted hereunder, Customer shall not assert any right, title, or interest in or to the Services, or any portion thereof. Nothing herein constitutes a waiver of Company's intellectual property rights under any law. Company reserves all rights not expressly granted herein to the Services and Documentation.
  3. Account Setup.
    n order to access the Services, Customer may be required to set up an administrative account with Company, by submitting the information requested in the Services interface ("Account"), and each Authorized User may need to set up a user account (each, a "User Account", and references herein to the Account shall be deemed to include all such User Accounts if applicable). Customer represents, warrants and covenants that all information submitted during the registration process is, and will thereafter remain, complete, lawful and accurate. Customer shall be responsible and liable for all activities that occur under or in the Account. Customer will require that all Authorized Users keep user ID and password information strictly confidential and secured and not share such information with any unauthorized person. Any unauthorized access or use of the Services must be immediately reported to the Company.
  4. Customer Responsibilities.
    Customer shall be solely responsible for the actions of its Authorized Users while using the Services and the contents of its transmissions through the Services (including, without limitation, Customer Data as defined below), and any resulting charges. Customer agrees: (i) to abide by all local, state, national, and international laws and regulations applicable to Customer's use of the Services, including without limitation all laws and administrative regulations (U.S. and applicable foreign) relating to the export and import laws, technical and/or personal data, and all applicable anticorruption laws (e.g., the U.S. Foreign Corrupt Practices Act and the U.K. Bribery Act of 2010), and not to ship, transfer, or export the Services or any component thereof or use the Services, including without limitation to, sell, distribute, export or download Services into (or to a resident of) Cuba, Iran, Iraq, Libya, North Korea, Sudan, Lebanon, Syria or the Ukrainian regions of Crimea, Donetsk, Luhansk, Kherson and Zaporizhzhia; (ii) not to upload or distribute in any way files that contain viruses, corrupted files, or any other similar software or programs that may damage the operation of the Services; (iii) not to use the Services for illegal purposes; (iv) not to interfere or disrupt networks connected to the Services; (v) not to post, promote or transmit through the Services any unlawful, defamatory, privacy invasive, tortious or otherwise objectionable information or content of any kind or nature; (vi) not to transmit or post any material that encourages conduct that could constitute a criminal offense or give rise to civil liability; (vii)not to interfere with another customer's or other entity’s use and enjoyment of the Services; (viii) not to engage in contests, chain letters or post or transmit "junk mail," "spam," or unsolicited mass distribution of email through or in any way using the Services; (ix) not to probe, scan or test any vulnerability of the Services, including, without limitation, performing penetration, stress or load testing, including by introducing software or automated agents or scripts, other than those expressly permitted by the Documentation, without the prior written consent of Company; (x) not to perform or publish any performance or benchmark tests or analyses relating to the Service, other than solely for Customer’s internal use; (xi) not to use the Services for anything other than Customer’s internal business use; and (xii) to comply with all regulations, policies and procedures of networks through which Customer connects to, or uses in connection with the Services. Customer: (a) represents and warrants that it is not listed on any U.S. government list of prohibited or restricted parties or located in (or a national of) a country that is subject to a U.S. government embargo or that has been designated by the U.S. government as a “terrorist supporting” country; (b) agrees not to access or use Services in violation of any U.S. export embargo, prohibition, or restriction; and (c) will not submit to the Services any information controlled under the U.S. International Traffic in Arms Regulations.
  5. License Restrictions.
    Except as otherwise specified in this Agreement, expressly permitted in writing by Company, Customer shall not, and shall not permit any other party to:
    1. Disassemble, decompile, decrypt, or reverse engineer, or in any way attempt to discover or reproduce source code for, any part of the Services; adapt, modify, or prepare derivative works based on any of the Services, Documentation or related Company intellectual property rights; or use any of the Services or Company intellectual property to create any computer program or other material that performs, replicates, or utilizes the same or substantially similar functions as the Services;
    2. Alter, remove, or suppress any copyright, confidentiality, or other proprietary notices, marks or any legends placed on, embedded or otherwise appearing in the Services or Documentation; or fail to ensure that all such notices and legends appear on all full or partial copies of the Services or Documentation;
    3. Sell, sublicense, lease, assign, delegate, transfer, distribute, encumber, or otherwise transform any of the Services or Documentation or any of the rights or obligations granted to or imposed on Customer hereunder; or
    4. Copy any part or content of the Services, reports, or Documentation other than for Customer’s own internal business purposes.
  6. Hosting.
    The Services are hosted by a third-party hosting services provider selected by Company ("Hosting Provider"), and accordingly the availability of the Services will be in accordance with the Hosting Provider's then-current uptime commitments.  
  7. Notice and Consent.
    Each Party hereby warrants, represents and, to the extent relevant, covenants, that it has and will (i) provide(d) all appropriate notices, (ii) obtain(ed) all required informed consents and/or (will) have any and all ongoing legal bases, and (iii) complied/comply at all times with any and all applicable privacy and data protection laws and regulations, to allow  the other Party to use and process the data for the provision of the Services and the performance of this Agreement.
  8. Fees.
    Customer shall pay the access or other fees specified in an Ordering Document without offset or deduction (“Fees”). All Fees and other amounts payable by Customer under an Ordering Document are exclusive of taxes and similar assessments. Customer is responsible for all sales, use, and excise taxes, and any other similar taxes, duties, and charges of any kind imposed by any federal, state, or local governmental or regulatory authority on any amounts payable by Customer hereunder other than Company’s income. Should Customer be required to withhold or deduct any portion of the payments due to Company, Customer shall gross up such amount so that after such deduction, Company will receive an amount equal to the sum it would have received had no withholdings or deductions been made.
  9. Term.
    This Agreement shall commence on the Effective Date and will continue for the term set forth in an Ordering Document (the "Term"); thereafter, unless otherwise set forth in the Order Form, the Agreement shall renew for additional successive twelve (12) month periods, unless either party provides notice of termination in writing at least 30 days prior to the end of the then current Term. Upon termination or expiration of this Agreement the Services access right granted to Customer under this Agreement shall expire, and Customer shall discontinue any further use thereof, and Company shall have no further obligations to Customer.  
  10. Customer Data.
    All data, information and other content, in any form or medium, that is submitted, posted, or otherwise transmitted by or on behalf of Customer or an Authorized User through the use of the Services (the “Customer Data”) are and shall remain the property of Customer and Customer represents that it has the required rights and permissions in order to permit Company to process, transfer and access the Customer Data as permitted hereunder. Customer hereby authorizes Company and grants Company a non-exclusive right and license for the Term only, to access, process and use Customer Data on Customer’s behalf, for the sole purpose of providing the Services as contemplated hereunder all in accordance with the Company’s data processing agreement which is attached hereto as Schedule 1.
  11. Usage Data.
    Notwithstanding anything to the contrary in this Agreement, Company may monitor Customer's use of the Services and collect and compile analytics data regarding such use for purposes of improving the Services and monitoring authorized use of the Servies (“Usage Data”). All right, title, and interest in Usage Data, and all intellectual property rights therein, belong to and are retained solely by Company. Customer acknowledges that Company may compile Usage Data based on Customer Data input into the Services. Customer agrees that Company may use Usage Data to the extent and in the manner permitted under applicable law; provided that such Usage Data does not identify Customer or disclose Customer's Confidential Information.
  12. Anonymous Data.
    Any anonymous information, which is derived from or related to Customer’s use of the Services (i.e., metadata, aggregated and/or analytics information), which is not personally identifiable information, may be used for providing the Services, for development, and/or for statistical purposes and shall be Company's exclusive property.
  13. Feedback.
    If Customer provides Company with any feedback in connection with the Services or Documentation, whether orally or in writing, including questions, comments, feedback data, reports, or suggestions regarding the design and proposed functionality of the Services ("Feedback"), Company may use such Feedback to improve the Services and other products.
  14. Warranties.
    Each Party represents and warrants to the other Party that: (a) it has the right to enter into the Agreement and perform its obligations hereunder in the manner contemplated by the Agreement; (b) the Agreement does not conflict with any other agreement entered into by it; (c) in the performance of its obligations hereunder, it will comply with all applicable laws, regulations and ordinances; and (d) it has obtained all licenses, authorizations, approvals, consents and/or permits required to perform its obligations or utilize the rights granted under the Agreement and for the use of any Services provided by Company as contemplated under the Agreement. Company further represents and warrants that during the Term the Services will be accessible to Customer and the Services will perform substantially in accordance with the Documentation. Company does not warrant that the use of the Services will be uninterrupted or error-free or protect against unauthorized access, loss or alteration of data. Customer’s exclusive remedy under this Section will be for Company to use commercially reasonable efforts to correct any errors; provided, in the event Company is unable to correct the nonconformity within 30 days, Customer shall have the right to terminate the applicable order and receive a pro rata refund of any remaining prepaid Fees upon written notice to Company. The above warranty does not apply if a warranty issue arises as a result of: (a) the use by Customer of any product, hardware or software that was not authorized by Company in advance; (b) modifications made to the Services by Customer or its third parties not authorized by Company in advance; (c) accident, abuse or improper use of the Services by Customer or its Authorized Users; or (d) Customer’s or its third parties’ code contained within or delivered with any integrated product not authorized by Company in advance.
  15. Disclaimer of Warranties.
    THE LIMITED WARRANTY AND EXCLUSIVE REMEDY SET FORTH IN SECTION 14 ARE MADE FOR THE BENEFIT OF CUSTOMER ONLY AND ARE EXPRESSLY SUBJECT TO CUSTOMER’S PAYMENT OBLIGATIONS, CUSTOMER’S OBLIGATIONS TO MAINTAIN ITS CUSTOMER ENVIRONMENT AND TO HAVE TIMELY INSTALLED ANY UPDATES PROVIDED BY COMPANY AND ALLOWED COMPANY TO PERFORM ALL SYSTEM MAINTENANCE SERVICES. COMPANY STRICTLY DISCLAIMS ALL WARRANTIES WITH RESPECT TO ANY THIRD-PARTY PRODUCTS AND ALL OTHER WARRANTIES, REPRESENTATIONS, CONDITIONS AND OTHER TERMS, WRITTEN OR ORAL, OR EXPRESS, IMPLIED, STATUTORY, COLLATERAL OR OTHERWISE, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, INTEROPERABILITY, DATA ACCURACY, OR FITNESS FOR A PARTICULAR PURPOSE WITH RESPECT TO ANY PRODUCT, SERVICES, SUPPORT, OR ANY COMPONENTS THEREOF.
  16. Exclusion and Limitation of Liability.
    IN NO EVENT WILL EITHER PARTY HAVE ANY LIABILITY TO THE OTHER PARTY UNDER THIS AGREEMENT FOR ANY LOST PROFITS OR REVENUE, OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER OR PUNITIVE DAMAGES, UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, WHETHER SUCH DAMAGE WAS FORESEEABLE AND WHETHER EITHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. NEITHER PARTY’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT WILL EXCEED THE AMOUNT PAID BY CUSTOMER HEREUNDER IN THE 12 MONTHS PRECEDING THE INCIDENT. THE ABOVE LIMITATIONS WILL APPLY WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY BUT WILL NOT LIMIT CUSTOMER’S PAYMENT OBLIGATIONS.
  17. Non-Excluded Liability.
    NOTHING IN SECTION 16 SHALL EXCLUDE OR LIMIT LIABILITY FOR (I) PERSONAL INJURY OR DEATH CAUSED BY GROSS NEGLIGENCE OR WILLFUL MISCONDUCT OR (II) FRAUD.
  18. Confidentiality.
    Each Party may obtain or receive access to non-public information ("Confidential Information") from the other Party. The receiving party shall take reasonable measures, at least as protective as those taken to protect its own confidential information, but in no event less than reasonable care, to protect the other disclosing party’s Confidential Information from disclosure to a third party. Neither Party shall use or disclose the Confidential Information of the other Party except for performing its obligations under this Agreement. Confidential Information shall not apply to and/or shall terminate if such information: (a) was already lawfully known to the receiving party at the time of disclosure by the disclosing party; (b) was disclosed to the receiving party by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of the receiving party has become, generally available to the public; or (d) was independently developed by the receiving party without access to, or use of, the disclosing party’s Confidential Information. Receiving party will disclose Confidential Information only to those of its employees and consultants on a need-to-know basis, and who are bound by confidentiality obligations at least as protective as the provisions of this Agreement. Receiving party will be and remain responsible for any noncompliance by its employees, Authorized Users, or consultants.
  19. Termination.
    This Agreement may be terminated as follows:
    1. By Company immediately if Customer breaches Sections 4 or 5; or  
    2. By Company for non-payment for more than 7 days past the due date on any applicable amount; or  
    3. To comply with any applicable law;
    4. By either Party for material breach hereof, which has not been cured within thirty (30) days after written notice of such breach; or  
    5. By either Party at any time if the other Party makes an assignment for the benefit of creditors or commences or has commenced against it any proceeding in bankruptcy or insolvency.
  20. Service Suspension.
    In the event Customer (i) fails to pay any amounts past due, (ii) is in breach of Sections 4 or 5, or (iii) where Company reasonably considers Customer’s use of the Services could pose a security risk to Company, its systems or any third party, Company shall have the right to immediately suspend without notice any or all related Services provided to Customer hereunder without any right of offset or refund of Fees.
  21. Force Majeure.
    Except for any payments due hereunder, neither Party shall be responsible for delay or failure in performance caused by any government act, law, regulation, order, or decree, by communication line or power failures beyond its reasonable control, or by fire, flood, or other natural disasters or by other causes beyond its reasonable control, nor shall any such delay or failure be considered a breach of this Agreement.  
  22. Assignment.
    Neither this Agreement nor any rights granted hereunder may be sold, leased, assigned, or otherwise transferred, in whole or in part, by Customer, and any such attempted assignment shall be void and of no effect without the advance written consent of Company.  Notwithstanding the foregoing, (a) such consent shall not be required if Customer assigns this Agreement in connection with a merger, or sale of all its stock or all or substantially all of its assets; provided, (i) the surviving entity is not a direct competitor of Company, (ii) any such assignee has the financial and other abilities required to perform Customer’s obligations and agrees to be bound in writing to Customer’s obligations under this

    Agreement, and (iii) at the time of assignment, Customer is not in breach of this Agreement and (b) Company may assign this Agreement or any order issued hereunder to a successor in a merger or acquisition.  In no event shall this Agreement, or any rights or privileges hereunder, be an asset of Customer under any bankruptcy, insolvency, or reorganization proceedings, or in any other manner whatsoever; however, this Agreement shall be binding upon and inure to the benefit of the Parties, their legal representatives, and permitted transferees, successors, and assigns.  
  23. Notices.
    All notices or other communications required hereunder shall be made in writing and shall be deemed to be effectively given  (i) if made to Company via email to legal@aim.security with return receipt confirmation on the date of Company’s receipt of confirmation and (ii) to Customer via email to the contact listed in the Customer’s Account with return receipt confirmation on the date of Customer’s receipt of confirmation.
  24. Equitable Relief.
    Customer acknowledges that a breach or threatened breach of any of its obligations under Section 4 or 5, would cause Company irreparable harm for which monetary damages would not be an adequate remedy and agrees that in the event of such breach or threatened breach, Company will be entitled to equitable relief, including a restraining order, an injunction, specific performance and any other relief that may be available from any court, without any requirement to post a bond or other security, or to prove actual damages or that monetary damages are not an adequate remedy. Such remedies are not exclusive and are in addition to all other remedies that may be available at law, in equity or otherwise.
  25. General.
    This Agreement contains the entire agreement between the Parties with respect to the subject matter hereof.  This Agreement may be modified only by a subsequent written agreement signed by the Parties.  If any provision of this Agreement is held to be unenforceable, the remaining provisions shall continue unaffected. The Parties do not intend that any agency or partnership relationship be created between them by this Agreement.  This Agreement shall be governed by and construed in accordance with the laws of the State of Delaware and the competent courts in Wilmington, Delaware shall have exclusive jurisdiction over any action arising under or relating to this Agreement. No waiver of rights arising under this Agreement shall be effective unless in writing and signed by the Party against whom such waiver is sought to be enforced. No failure or delay by either Party in exercising any right, power or remedy under this Agreement shall operate as a waiver of any such right, power or remedy and/or prejudice any rights of such Party. Company may, in its sole discretion, modify or update the terms of this Agreement from time to time and if any changes are material, Company will update the “last modified” date at the top of this page and provide notice to Company in accordance with Section 26 (Notices). Customer’s continued use of the Services after any such notice constitutes acceptance of the modifications. If Customer does not agree to any future changes, Customer shall notify Company and discontinue access or use of the Services. Sections 4, 5, 7, 8, 13, 14, 15, 16, 17, 21, 26, 27 and 28 of this Agreement shall survive the expiration or termination of this Agreement.