[24]7.ai, Inc. Platform Service Terms

These Platform Service Terms (the “Platform Terms”) govern Client’s use of the Platform under the written agreement (the “Agreement”) between [24]7.ai, Inc. and its affiliates (“[24]7”) and Client (the counterparty ordering [24]7’s platform services), which makes reference to these Platform Terms. By signing the Agreement, Client agrees to the terms herein. [24]7 may amend these Platform Terms from time to time to reflect changes to applicable law or regulatory requirements or to reflect enhancements or other modifications to the Platform. If any amendment affects Client’s use of the Platform or rights under the Agreement, [24]7 will notify Client by email notice and/or banner or other communication sent within the Platform no less than 30 days prior to the date such amended Platform Terms would become effective, and Client shall have the right to reject any such changes within that time or else such changes shall be deemed accepted 30 days after notice or, if later, on the effective date referenced in such notice. Any term used and not defined in these Platform Terms has the meaning assigned to it in the Agreement.

1. Using the Platform

[24]7 will provide Client an Engagement Cloud Platform account (“Account”) to access the Admin Console through which Client may manage its use of the Platform. The “Admin Console” means the online console(s) and tool(s) provided by [24]7 to Client for administering the Platform under the Agreement. Client may make Client applications available to End Users. An “End User” is any person or entity communicating with Client through the Platform. Client is responsible for (a) maintaining the confidentiality and security of the Account and associated passwords and (b) any use of the Account. Unless otherwise agreed to by the parties in the Agreement, the Platform is provided for Client’s use and that of its End Users, and may not otherwise be sold, leased, sub-licensed, assigned, or transferred to any other party or provided to another party under an application service provider (“ASP”) or service bureau relationship without [24]7’s prior written consent. Unless otherwise permitted in the Agreement, Client will not use, and will not allow End Users to use, the Platform or any Client application to operate or enable any telecommunications service or to place or receive calls from any public switched telephone network. Client shall not grant access to the Platform, including without limitation the Admin Console, to any third party, especially a direct competitor of [24]7, without [24]7’s prior written consent. Nothing in this section is intended to restrict or prohibit Client’s contracting with or use of third-party vendors supplying individual agents for customer care services.

2. Updates to Services and Terms

2.1 Changes to Services; Discontinuation

[24]7 may update the Platform provided the updates do not result in a material reduction of the functionality, performance, availability, or security of the Platform. [24]7 will either replace any discontinued service, application, or material functionality with a substantially similar service, application, or functionality or notify Client at least 6 months before discontinuing any such service, application, or functionality

2.2 Changes to URL Terms

Certain products and services contain terms referenced in the Agreement or these Platform Terms are described at a URL link on [24]7’s website (“URL Terms”). If applicable, such URL Terms are incorporated into the Agreement by this reference. [24]7 may update the URL Terms, provided the updates do not expand the scope of or remove any restrictions on [24]7 or have a material adverse impact on Client’s rights under the URL Terms. [24]7 will notify Client of any material updates to URL Terms.

2.3 Permitted Changes

The above sections regarding “Changes to Services; Discontinuation” and “Changes to URL Terms” do not limit [24]7’s ability to make changes required to comply with applicable law or address a material security risk or that are applicable to new or existing general availability components or functionality.

2.4 Temporary Suspension of Services

[24]7 may suspend access to the Platform (a) if necessary to comply with law(s), (b) if use of the Platform by Client, its End Users, or any other third party user that Client provides access to the Platform does not comply with [24]7’s Acceptable Use Policy (“AUP”), or (c) if Client is in material breach of its obligations under the Agreement. If [24]7 suspends Client’s access to the Platform, then to the extent legally permitted [24]7 will provide Client notice of the cause for suspension without undue delay.

3. Platform Support Packages and Service Levels

[24]7 makes available Platform support services (“Platform Support Services”) in a variety of packages as described on [24]7’s Platform Support description page (www.247.ai/support). [24]7 will provide Platform Support Services to Client during the Term in accordance with the Platform Support Package purchased by Client in the Agreement, or if none specified, the Platform Support Package shall be the “Standard Support Features.” Client is responsible for the technical support of any of its own Client applications and projects.

4. Client Responsibilities. Client’s responsibilities will include, but are not limited to:

4.1 General Responsibilities. Client shall:

(1) Provide [24]7 with required licenses for use with any Client systems that are necessary to support the Platform and related services.

(2) To the extent required by applicable law, prominently and properly provide notice to End Users of the use of virtual agents/bots in connection with the services provided and post a privacy policy on Client’s website to comply with all applicable laws related to the collection of information.

(3) If the Platform is used to incentivize purchases of any kind, configure Platform to identify itself as a virtual agent/bot on the first interaction with End Users.

(4) Client agrees to embed [24]7’s asynchronous JavaScript code (“Tags”) ”) in the header of webpages of Client’s website (or other similar application/technology) to enable data collection and user experience of Engagement Cloud Platform. The use of the terms “tagging” or “to tag” means the act of Client embedding such Tag(s) in the code of Client webpages. Tags, Tagging, and its underlying technology and ontology are the Confidential Information of [24]7. The services may require the “tagging” by Client of all pages on Client’s production website and staging/pre-production website with the [24]7 JavaScript code, including all the subdomains, per [24]7’s best practices.

4.2 Security-Related Responsibilities. Client shall:

(1) Promptly notify [24]7 of any breach of security in connection with the Platform, including unauthorized use of any password or account managed by Client. Client hereby acknowledges and agrees that security of all Client devices, workstations, and other Client equipment is the sole responsibility of Client. Client will respond to any reasonable requests or direction of [24]7 with respect to the security of such items.

(2) Agree to, at a minimum, in respect of Client’s access to, and/or use of, the Platform:

• Appoint authorized Client-user(s) as organizational administrator(s) for granting individuals access to the Platform and implement appropriate procedures for proper access approvals, modifications and terminations by such designated administrators;
• Review the authorization of Client’s individuals having access to the Platform on a monthly basis;
• Investigate suspicious use of the Platform when reported to Client by [24]7;
• Keep Client’s passwords to the Platform confidential and provide mutually acceptable, auditable authentication mechanisms;
• Except as otherwise agreed, not perform tests or assessments or intentionally exploit known vulnerabilities in any capacity (including via Client’s use of a third party);
• Implement anti-virus, FIM, DLP, and other reasonable protective measures on any content or application files generated by Client for consumption by the Platform;
• Provide any relevant certifications, including where applicable PCI and SOC2 compliance, to demonstrate that appropriate standard precautions are in place;
• Take additional industry-standard measures to protect against unauthorized data access, intrusions, hacking, breaches, or other security risks and to contain any unauthorized access or successful hacking, with such measures to be reasonable and appropriate according to the circumstances in which Client operated and the associated risk profile; and
• 24]7 shall have no liability in the event of any incidents or breaches to the extent that they arise out of or are related to any failure by Client to perform the responsibilities as described in this Section.

4.3 Third-Party Messaging Responsibilities

When an End User sends messages to Client or Client responds to the End Users through the Platform utilizing asynchronous channels like Apple Business Messaging and Google Business Messaging (collectively, “Third Party Messaging”) , such messages may result in Apple, Google and/or other third party processors (“Third Party Processors”) receiving PCI data from such End User and the Third Party Processors transmitting such data to [24]7. [24]7’s ability to provide the Platform through Third Party Messaging will depend on Third Party Processors’ continued provision of third party service integration capabilities with Third Party Messaging. In the event that Third Party Processors discontinue, suspend, or terminate third party service integration with Third Party Messaging, then [24]7 may immediately terminate, suspend, and/or discontinue the Platform integration with Third Party Messaging. If utilizing Third Party Messaging, Client shall:

(1) Use reasonable efforts to discourage End Users from transmitting PCI Data through unsecured chat;

(2) Comply with the terms and usage policies of Third Party Messaging as they apply to such party; and,

(3) Obtain its own third party account with Third Party Processors, if required by the third-party service. In such cases where a Third Party Processor requires a third party account directly with Client, Client’s successful creation of the third party account will be a prerequisite to [24]7’s provision of the Platform.

5. Platform License and Ownership

[24]7 retains all ownership of and reserves all rights, including Intellectual Property Rights, in and to the Platform, including all underlying software, technology and related services, and any data generated by [24]7 or its Platform or disclosed in connection therewith. Except for the limited license set forth herein, all Intellectual Property Rights embodied in the Platform or in any [24]7 methods or processes, documentation and other technologies used in providing the Platform that are owned or licensed by [24]7, and all statistical, mathematic and other data driven algorithms, models, tags, intents, intent classifications, analysis, business or logic-based rules, datasets generated or derived from Platform, whether pre-existing, or created after the effective date of the Agreement, including any modifications, enhancements and derivatives thereof constitute “[24]7 Intellectual Property” (as may be further defined in the Agreement) and shall be and remain the exclusive property of [24]7. Further, subject to Client’s rights in Client Data (below), [24]7 will own all rights, title and interest in and to any software programs or tools, utilities, technology, processes, inventions, devices, methodologies, specifications, rules, models, algorithms, documentation, techniques and materials of any kind used or generated by [24]7 or Client in connection with any implementation or use of the Platform. Except for the limited licenses provided herein, no other rights are granted to Client.

6. Client Data Ownership, License, and Storage

Client acknowledges that [24]7 will provide the Platform using data and information provided by Client’s End Users. Data provided by Client or End Users to [24]7 through use of the Platform (“Client Data”) belongs to Client and, as between Client and [24]7, Client retains all Intellectual Property Rights therein. Client shall have sole responsibility for the accuracy, integrity and legality of the Client Data and for assuring that Client has the right to use the Client Data and to provide it to [24]7 without infringing any third party rights. Client grants to [24]7, at no cost, a nonexclusive right to access and use any systems, API’s, internal or external networks, other data feeds or sources or software, and/or assets, including Client Data, that are provided to or required to be used by [24]7 in providing the Platform, and Client further represents and warrants that it has all rights needed to authorize [24]7 to use such items, data, and assets. Client further grants [24]7 a non-transferable, non-exclusive, worldwide license to use, copy, modify, and prepare derivative works of the Client Data in the course of its provision of the Platform to Client, and to provide reports requested by Client. Client is responsible for maintaining, upgrading, and replacing Client’s systems (including security updates) as necessary for [24]7 to provide the Platform. [24]7 DOES NOT REPRESENT, WARRANT OR GUARANTEE THAT THE PLATFORM OR OTHER SERVICES ARE COMPLIANT WITH ANY SPECIFIC DATA PROTECTION LAWS, PRIVACY LAWS, OR DISABILITY ACCESSIBILITY LAWS APPLICABLE TO CLIENT. Client’s data and transcripts will be stored for up to thirteen (13) months from the date that the data and/or transcripts were first recorded. Client will be able to download the data and transcripts at any time during this 13-month period, and [24]7 will not be liable for any deletion of data after such 13-month period has lapsed.

7. Platform Data

All data generated through the Platform (“Platform Data”), including but not limited to survey data, web journey data, outputs, and metadata generated through the Platform, shall be the exclusive property of [24]7 and deemed to be [24]7 Intellectual Property. Client acknowledges that, due to the nature of the Platform, [24]7 collects information (including Platform Data) related to an End User’s access and use of the Platform and may disclose such information internally in aggregate or other anonymized form in connection with [24]7’s support, development, marketing and other business activities. For the avoidance of doubt, Platform Data excludes all data provided by Client (including personally identifiable information of End Users).