Customer User Agreement

0. PARTIES AND EFFECTIVE DATE

0.1 This Customer User Agreement ("Agreement") is entered into by and between TalenTrack Solutions, LLC, a Texas limited liability company with its principal place of business in Texas ("Provider"), and the customer identified in the applicable Order ("Customer").

0.2 This Agreement is effective as of the effective date set forth in the applicable Order ("Effective Date").

1. DEFINITIONS

1.1 "Affiliate" means an entity that directly or indirectly controls, is controlled by, or is under common control with a party.

1.2 "Applicable Law" means all applicable federal, state, and local laws, regulations, and guidance, including but not limited to Title VII, EEOC regulations and guidance, OFCCP requirements, the Fair Credit Reporting Act (if applicable), the Texas Labor Code, the Texas Data Privacy and Security Act (TDPSA), and similar laws governing employment, privacy, and automated decision tools.

1.3 "Authorized Users" means Customer's employees, contractors, and agents permitted to use the Services under this Agreement.

1.4 "Customer Data" means any de-identified data, content, or information provided by or on behalf of Customer to the Services, including HR and hiring data, demographic data, applicant/candidate information, and decision outcomes.

1.5. "Customer Data Retention" means the length of time Customer Data is retained by Provider which shall be for 10 calendar days after report generation.

1.6 "Deliverables" means reports and outputs generated by the Services for Customer (e.g., adverse impact analyses, demographic insights, and compliance reports).

1.7 "Documentation" means Provider's comprehensive library of training videos in the online training portal covering topics such as data security, step‑by‑step 'how‑to' workflows, data handling best practices, and clear explanations of the scientific measures used.

1.8 "Order" means an order form, SOW, or other document referencing this Agreement that sets out the Services, subscription terms, and fees.

1.9 "Personal Data" means information that relates to an identified or identifiable individual, as defined under Applicable Law.

1.10 "Services" means Provider's hosted software platform and related services identified in an Order.

1.11 "Subprocessor" means a third party engaged by Provider to process Customer Data in connection with the Services.

2. ACCESS AND LICENSE

2.1 Subscription Grant. Subject to this Agreement and the applicable Order, Provider grants Customer a non-exclusive, non-transferable, limited right for Authorized Users to access and use the Services and Documentation during the Subscription Term solely for Customer's internal HR, talent, compliance, analytics, and governance purposes.

2.2 Restrictions. Customer will not (and will not allow any third party to): (a) copy, modify, decompile, disassemble, or reverse engineer the Services; (b) circumvent technical controls, security, or usage limits; (c) use the Services to build a competing product or for benchmarking except as permitted by law; (d) use the Services with data that violates Applicable Law; (e) resell, sublicense, or time-share the Services; or (f) remove or obscure proprietary notices.

2.3 Authorized Users. Customer is responsible for all use of the Services by Authorized Users and for the confidentiality and security of their accounts and credentials.

3. CUSTOMER RESPONSIBILITIES

3.1 Lawful Use; Decision-Maker Control. The Services are decision-support tools. Customer remains solely responsible for all employment-related decisions and for ensuring that any decision processes comply with Applicable Law and Customer policies. Customer will not rely solely on Services outputs to make employment decisions.

3.2 Data Accuracy; Source Systems. Customer is responsible for (a) the accuracy, quality, legality, and integrity of Customer Data; (b) obtaining all necessary notices and permissions; and (c) ensuring that data extracts and integrations from source systems are correct and authorized.

3.3 Sensitive & Demographic Data Handling. Where Customer processes demographic or sensitive attributes (e.g., race, ethnicity, gender, protected classes), Customer shall (a) collect such data lawfully and transparently; (b) obtain informed consent where required; (c) use such data solely for fairness assessment, analytics, and compliance; and (d) configure role-based access, minimization, and retention consistent with the Documentation and Applicable Law.

3.4 Configuration & Documentation. Customer is responsible for configuring analysis parameters (e.g., selection rates, reference groups, thresholds, time windows, job families) and documenting Customer's decision-making policies. Provider may provide default templates (e.g., four-fifths rule) that Customer can adjust.

3.5 Third-Party Tools. If Customer uses third-party ATS/HRIS or automated employment decision tools (AEDTs) with the Services, Customer is responsible for third-party compliance (e.g., notice and bias audit obligations) and any required impact assessments.

4. PROVIDER RESPONSIBILITIES

4.1 Provision of Services. Provider will provide the Services substantially in accordance with the Documentation and will use commercially reasonable efforts to make the Services available in accordance with any service level commitments set forth in the Order.

4.2 Security. Provider will implement and maintain administrative, technical, and physical safeguards designed to protect the security, confidentiality, and integrity of Customer Data.

4.3 Support. Provider will provide standard support as defined in the Order or Documentation.

5. ACCEPTABLE USE POLICY (AUP)

5.1 General. Customer and all Authorized Users must comply with this AUP when accessing or using the Services. Provider may suspend or terminate access for violations, with or without notice, in addition to any other remedies.

5.2 No Unlawful or Discriminatory Use. Do not use the Services to violate any Applicable Law, including anti-discrimination, equal employment opportunity, privacy, wage-and-hour, or labor laws (including Texas law).

5.3 No Misuse of Demographic Data. Do not use demographic or sensitive attributes for any purpose other than fairness analysis, monitoring, and compliance; do not attempt to re-identify individuals where data is de-identified or aggregated; apply minimum cohort thresholds where available.

5.4 No Automated Decisions Without Oversight. Do not use the Services to make solely automated employment decisions that produce legal or similarly significant effects without appropriate human oversight, transparency, and lawful basis.

5.5 Security; No Interference. Do not probe, scan, or test system vulnerabilities; do not bypass security or access controls; do not introduce malware or disrupt, overload, or interfere with the Services.

5.6 No Reverse Engineering or Benchmarking. Do not reverse engineer, decompile, disassemble, or attempt to derive source code or models, or benchmark the Services to create a competing product, except as permitted by law.

5.7 No Infringing or Harmful Content. Do not upload content that infringes third-party rights, is illegal, deceptive, defamatory, harassing, or otherwise harmful.

5.8 Respect Rate Limits and Quotas. Do not circumvent technical limits, usage caps, or metering.

5.9 Export Controls and Sanctions. Do not use or provide access to the Services in violation of U.S. export control or sanctions laws.

5.10 Third-Party Systems. Do not misuse integrations, APIs, or connectors, or exceed permissions for connected ATS/HRIS and related systems.

5.11 Credentials and Access. Keep credentials confidential; do not share accounts except as permitted; implement least-privilege access for Authorized Users.

6. COMPLIANCE FEATURES AND LIMITATIONS

6.1 Adverse Impact Detection. The Services provide configurable adverse impact analyses (including impact ratio comparisons such as the four-fifths rule and other statistical measures). Customer must interpret results in context and may need to perform additional validation, job-relatedness analyses, or business-necessity assessments.

6.2 Demographic Insights. Demographic analytics are intended for fairness monitoring, compliance, and workforce insights. Customer is responsible for segregation of duties, de-identification, role-based access, and aggregation limits to reduce re-identification risk.

6.3 EEOC & HR Compliance Reporting. The Services streamline report generation; however, Provider does not guarantee compliance outcomes. Customer remains responsible for meeting all filing, notice, bias-audit, validation, retention, and disclosure obligations, and for maintaining legally required documentation.

6.4 No Legal Advice. Provider does not provide legal, compliance, or HR advisory services. Deliverables and in-product guidance are for informational purposes only.

6.5 AEDT Disclosures. Where laws require disclosure, testing, or audits for automated employment decision tools (e.g., NYC Local Law 144 and similar laws), Customer is responsible for performing or commissioning any required audit, posting required notices, and ensuring lawful deployment and monitoring.

7. INTELLECTUAL PROPERTY

7.1 Ownership of Services. Provider and its licensors own all rights, title, and interest in and to the Services, Documentation, and underlying IP. No rights are granted except as expressly provided.

7.2 Ownership of Customer Data. Customer owns all rights, title, and interest in Customer Data.

7.3 Deliverables. Subject to Customer's compliance with this Agreement and full payment of fees, Provider grants Customer a non-exclusive, non-transferable license to use Deliverables for Customer's internal business purposes. Provider may use aggregated, de-identified data derived from Customer Data to improve and operate the Services, provided that no Customer or data subject is identified.

7.4 Feedback. Customer grants Provider a royalty-free, worldwide, irrevocable license to use and incorporate Feedback into the Services without obligation.

8. FEES AND PAYMENT

8.1 Fees. Customer will pay the fees set forth in the Order. Fees are non-cancelable and non-refundable

8.2 Overages & True-Up. If usage exceeds purchased limits (e.g., number of employees, job requisitions, or analyses), Provider may invoice overages or require a true-up at renewal.

9. TERM AND TERMINATION

9.1 Subscription Term. The Customer can choose either a twelve (12) month membership or a month-to- month membership (3-month minimum). Each Order has the Subscription Term stated therein and will auto-renew for successive terms of twelve (12) months or one (1) month depending on the membership unless either party provides at least thirty (30) days' notice of termination prior to renewal. This Agreement begins on the Effective Date and continues until terminated as provided herein.

9.2 Termination. An Order may be terminated as follows, each a termination:

a. Customer exercised the thirty (30) day notice of termination for auto-renewal as set forth herein;

b. Either party may terminate an Order upon written notice if the other party materially breaches and fails to cure within thirty (30) days or ten (10) days for payment breaches.

9.3 Effect of Termination. Upon termination, Customer's access to the Services will cease. Thereafter, Provider will delete or de-identify Customer Data within ten (10) calendar days of termination.

10. WARRANTIES; DISCLAIMERS

10.1 Mutual Authority. Each party represents it has full power and authority to enter into this Agreement.

10.2 Services Warranty. Provider warrants that during the Subscription Term the Services will perform materially in accordance with the Documentation. Customer's exclusive remedy and Provider's entire liability for breach of this warranty is re-performance of the Services or termination of the affected Order and a pro-rata refund of prepaid, unused fees.

10.3 Disclaimers. EXCEPT AS EXPRESSLY PROVIDED, THE SERVICES, DELIVERABLES, AND ALL RELATED MATERIALS ARE PROVIDED 'AS IS.' PROVIDER DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE. PROVIDER DOES NOT WARRANT THAT THE SERVICES WILL BE ERROR-FREE OR THAT THEIR USE WILL ENSURE LEGAL COMPLIANCE OR FAIRNESS IN ANY PARTICULAR DECISION.

11. INDEMNIFICATION

11.1 By Customer. Customer will defend Provider against claims arising from (a) Customer's violation of Applicable Law; (b) Customer Data (including lack of necessary rights/consents); (c) employment decisions made by Customer; or (d) use of the Services in violation of this Agreement; and will pay damages finally awarded or approved in settlement.

11.2 Procedures. The indemnified party must (a) promptly notify the indemnifying party; (b) allow control of the defense; and (c) provide reasonable cooperation. The indemnifying party will not settle any claim that imposes non-monetary obligations without consent (not unreasonably withheld).

11.3 Infringement Remedies. If the Services are enjoined, Provider may, at its option, procure the right to continue, modify to avoid infringement, or terminate the affected Order and refund prepaid, unused fees.

12. LIMITATION OF LIABILITY

12.1 TO THE MAXIMUM EXTENT PERMITTED BY LAW: (A) NEITHER PARTY WILL BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, COVER, OR PUNITIVE DAMAGES, OR FOR LOST PROFITS, REVENUE, GOODWILL, OR DATA, EVEN IF ADVISED OF THE POSSIBILITY; AND (B) EACH PARTY'S TOTAL LIABILITY UNDER THIS AGREEMENT WILL NOT EXCEED THE AMOUNTS PAID OR PAYABLE BY CUSTOMER TO PROVIDER UNDER THE APPLICABLE ORDER IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO LIABILITY. THESE LIMITATIONS DO NOT APPLY TO (I) CUSTOMER'S PAYMENT OBLIGATIONS; (II) EITHER PARTY'S INDEMNIFICATION OBLIGATIONS; OR (III) CUSTOMER'S BREACH OF SECTION 2.2 (RESTRICTIONS) OR VIOLATION OF PROVIDER IP RIGHTS.

13. CONFIDENTIALITY

13.1 Confidential Information. Customer grants Provider access to its confidential information during the Subscription Term and for thirty (30) days thereafter to perform under this Agreement and the Order. Customer Data and Personal Data supplied by Customer is Customer Confidential Information.

14. DATA GOVERNANCE; PRIVACY; AI USE

14.1 Security. Security controls include access management, encryption in transit and at rest, logging/monitoring, vulnerability management, incident response, and data retention/deletion practices.

14.2 Fairness and Bias Controls. The Services provide configurable parameters, audit logs, explainability notes, impact ratio calculations, and sampling analysis tools. Customer is responsible for (a) interpreting statistical significance; (b) ensuring selection procedures are job-related and consistent with business necessity; (c) documenting any less discriminatory alternatives considered; and (d) conducting periodic monitoring.

14.3 Prohibited Use. Customer will not use the Services to make automated decisions that produce legal or similarly significant effects without appropriate human oversight, transparency, and lawful basis, nor to intentionally discriminate or retaliate against any individual.

15. OPEN SOURCE; THIRD-PARTY SERVICES

15.1 Open Source. The Services may include open source components governed by applicable open source licenses, which will be provided upon request or via the Documentation.

15.2 Third-Party Integrations. Third-party services, ATS/HRIS, or connectors are provided by third parties under their terms, and Provider is not responsible for their performance or compliance.

16. EXPORT; SANCTIONS; GOVERNMENT

16.1 Export Controls. Each party will comply with U.S. export control and sanctions laws.

16.2 U.S. Government Rights. If Customer is a U.S. government entity, the Services are 'commercial computer software' and are licensed with only those rights customarily provided to the public.

17. PUBLICITY

17.1 Provider may use Customer's name and logo in a customary customer list, case studies, and marketing materials, subject to Customer's reasonable brand guidelines. Any detailed press release requires prior written consent.

18. DISPUTE RESOLUTION; GOVERNING LAW (TEXAS)

18.1 Governing Law. This Agreement is governed by the laws of the State of Texas, without regard to conflicts of laws principles.

18.2 Venue. The parties consent to exclusive jurisdiction and venue in the state and federal courts located in Harris County, Texas.

18.3 Injunctive Relief. A breach of confidentiality or IP rights may cause irreparable harm; the non-breaching party may seek injunctive relief without posting bond.

19. MISCELLANEOUS

19.1 Assignment. Neither party may assign without the other's consent, except to an Affiliate or in a merger, acquisition, or sale of substantially all assets.

19.2 Notices. Notices must be in writing and delivered to the addresses in the Order (or updated by notice).

19.3 Force Majeure. Neither party is liable for delays or failures due to causes beyond its reasonable control.

19.4 Entire Agreement; Amendment. This Agreement, together with all Orders and incorporated exhibits, is the parties' entire agreement. Amendments must be in writing and signed.

19.5 Severability; Waiver. If a provision is unenforceable, the remainder remains in effect. A waiver must be in writing and is not a continuing waiver.