1. Overview

This Accelerator Rev AI Data Processing Agreement and its Annexes A, B, and C (“DPA”) is between Accelerator Rev AI Inc. (“Accelerator Rev AI”) and the party executing this agreement as Customer (“Customer”). This DPA reflects the parties’ agreement with respect to the Processing of Personal Data by Accelerator Rev AI on behalf of Customer in connection with the Service under the contemporaneously-executed Terms of Service agreement between the parties (“Agreement”).

This DPA is part of the Agreement and is effective upon execution or another time as specified in the Agreement, an Order, or an executed amendment to the Agreement. In case of any conflict or inconsistency with the terms of the Agreement, this DPA will take precedence over the terms of the Agreement to the extent of such conflict or inconsistency, and it will supersede any previous DPA.

Definitions

a. CCPA means California Civil Code Sec. 1798.100 et seq. as amended (also known as the California Consumer Privacy Act of 2018), including the California Privacy Rights Act amendments to the CCPA.

b. California Personal Information means Personal Data that is subject to the protection of the CCPA.

c. Controller, Processor, Data Subject, Personal Data, Personal Data Breach, Process, and Processing shall have the meaning given to them in the Data Protection Laws.

d. Customer Personal Data means any information relating to an identified or identifiable individual where (i) such information is contained within Customer Data provided under the Agreement; and (ii) is protected as personal data, personal information, or personally identifiable information under applicable Data Protection Laws.

e. Data Protection Laws means all applicable worldwide legislation relating to data protection and privacy which applies to the respective party in the role of Processing Personal Data in question under the Agreement, including without limitation, the European Data Protection Laws, the CCPA, and other US laws; in each case as amended, repealed, consolidated, or replaced from time to time.

f. Europe means the European Union, the European Economic Area and/or their member states, Switzerland, and the United Kingdom.

g. European Data means Personal Data that is subject to the protection of European Data Protection Laws.

h. European Data Protection Laws means data protection laws applicable in Europe, including:

(i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the Processing of personal data and on the free movement of such data, the GDPR;(ii) Directive 2002/58/EC concerning the Processing of personal data and the protection of privacy in the electronic communications sector;(iii) applicable national implementations of (i) and (ii);(iv) GDPR as it forms part of the United Kingdom domestic law by virtue of Section 3 of the European Union (Withdrawal) Act 2018 ("UK GDPR"); and(v) Swiss Federal Data Protection Act on 19 June 1992 and its Ordinance ("Swiss DPA"); in each case, as may be amended, superseded, or replaced.

i. GDPR means the General Data Protection Regulation ((EU) 2016/679), and the retained UK version of the same.

j. Standard Contractual Clauses means the standard contractual clauses annexed to the European Commission’s Decision (EU) 2021/914 of 4 June 2021, currently found at

Standard Contractual Clauses

, as may be amended, superseded, or replaced.

k. UK Addendum means the International Data Transfer Addendum issued by the UK Information Commissioner under section 119A(1) of the Data Protection Act 2018, currently found at

UK Addendum

, as may be amended, superseded, or replaced.

Compliance

Both parties will comply with all applicable requirements of Data Protection Laws. This schedule is in addition to, and does not relieve, remove or replace, a party's obligations or rights under Data Protection Laws.

Controller/Processor

The parties have determined that for the purposes of Data Protection Laws, Accelerator Rev AI shall process the Customer Personal Data as a processor on behalf of the Customer. Customer may be either a Controller or Processor.

Consents

Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of Customer Personal Data to Accelerator Rev AI, and the lawful collection of the same by the Customer using the Accelerator Rev AI Services for the duration and purposes of the Agreement and DPA. The Customer shall indemnify Accelerator Rev AI against all loss and damage (including fines) arising from a failure to do so.

Nature, Scope, Purpose of Processing, and Data Subjects

Annex A sets out the scope, nature, and purpose of Customer Personal Data Processing by Accelerator Rev AI, the duration of the Processing, and the types of Customer Personal Data and categories of Data Subjects.

Customer Instructions

Accelerator Rev AI shall process Customer Personal Data only on the documented instructions of the Customer unless Accelerator Rev AI is required by any applicable laws to otherwise process that Customer Personal Data. The Agreement and DPA are deemed to be the instructions of the Customer; the parties may agree to additional instructions. Accelerator Rev AI shall inform the Customer if, in the opinion of Accelerator Rev AI, the instructions of the Customer breach Data Protection Laws.

Accelerator Rev AI Obligations

Accelerator Rev AI will:

a. Implement and maintain appropriate technical and organizational measures to protect Customer Personal Data from Personal Data Breaches, as described under Annex B to this DPA ("Security Measures"). Notwithstanding any provision to the contrary, Accelerator Rev AI may modify or update the Security Measures at its discretion, provided that such modification or update does not result in a material degradation in the protection offered by the Security Measures.

b. Ensure that any personnel engaged and authorized by Accelerator Rev AI to process Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory or common law obligation of confidentiality.

c. Assist the Customer, insofar as this is reasonably possible (taking into account the nature of the Processing and the information available to Accelerator Rev AI), and at the Customer's cost and written request, in responding to any request from a Data Subject and in ensuring the Customer's compliance with its obligations under Data Protection Laws with respect to security, breach notifications, impact assessments, and consultations with supervisory authorities or regulators.

d. Notify the Customer without undue delay upon becoming aware of a Personal Data Breach involving the Customer Personal Data.

e. At the written direction of the Customer, delete or return Customer Personal Data and copies thereof to the Customer on termination of the Agreement unless Accelerator Rev AI is required by any applicable law to continue to process that Customer Personal Data. For the purposes of this paragraph, Customer Personal Data shall be considered deleted where it is put beyond further use by Accelerator Rev AI.

f. For European Data, assist the Customer in ensuring compliance with Articles 32 to 36 of the GDPR. Make available all information reasonably necessary to demonstrate compliance with this DPA to the Customer and allow for and reasonably contribute to audits, including inspections conducted by the Customer to assess compliance with this DPA to the extent required by Data Protection Laws.

g. Maintain records to demonstrate its compliance with this paragraph.

Service Provider Obligations

The parties agree that if the CCPA applies, Customer is a “business” and Accelerator Rev AI is a “service provider” as defined under the CCPA. Accelerator Rev AI will:

a. Not retain, use, or disclose the California Personal Information it collects pursuant to the Agreement for any purposes other than to perform the Agreement or as otherwise permitted by the CCPA.

b. Not retain, use, or disclose the California Personal Information it collects pursuant to the Agreement outside of the direct business relationship between Accelerator Rev AI and the Customer unless otherwise permitted by the CCPA.

c. Not “sell” or “share” California Personal Information, as those terms are defined in the CCPA, or combine the California Personal Information with personal information obtained from sources other than the Customer, except to the extent necessary to perform the Agreement.

d. Provide reasonable evidence of its compliance with this Section upon the Customer’s request.

Subprocessors

The Customer provides its prior, general authorization for Accelerator Rev AI to appoint subprocessors to process the Customer Personal Data. Accelerator Rev AI shall:

a. Ensure that the terms on which it appoints such subprocessors comply with Data Protection Laws and are consistent with the obligations imposed on Accelerator Rev AI in this DPA.

b. Remain responsible for the acts and omissions of any such subprocessors as if they were the acts and omissions of Accelerator Rev AI.

c. Notify the Customer if Accelerator Rev AI adds or replaces any subprocessors listed in Annex C at least 30 days prior to such changes, provided the Customer has opted in to receive such emails by contacting Accelerator Rev AI.

d. Include substantially the same protections for Customer Personal Data as those in this DPA in any agreements with subprocessors.

European Data: Transfer Mechanisms for Data Transfers/Standard Contractual Clauses

a.

General Provisions

: Accelerator Rev AI will not transfer European Data to any country or recipient not recognized as providing an adequate level of protection for Personal Data (within the meaning of applicable European Data Protection Laws), unless it first takes all such measures as are necessary to ensure the transfer is compliant with applicable European Data Protection Laws.

b.

EEA Transfers

: For European Data subject to the GDPR:

The Customer is the "data exporter," and Accelerator Rev AI is the "data importer."Module Two terms apply if the Customer is a Controller; Module Three terms apply if the Customer is a Processor.Specific clauses in the Standard Contractual Clauses (e.g., governing law, optional language, and annexes) will apply as outlined in the DPA.

c.

UK Transfers

: For European Data subject to the UK GDPR:

The Standard Contractual Clauses are modified and interpreted in accordance with the UK Addendum, which forms an integral part of the Agreement.

d.

Swiss Transfers

: For European Data subject to the Swiss DPA:

References to the GDPR are interpreted as references to the Swiss DPA.

e. If Accelerator Rev AI cannot comply with its obligations under the Standard Contractual Clauses or breaches any related warranties, the Customer may suspend or terminate the affected service in accordance with the Agreement, with reasonable notice to Accelerator Rev AI to cure the non-compliance.

Amendments

Accelerator Rev AI reserves the right to update or modify this DPA to address changes in Data Protection Laws and/or security requirements. Such changes will not materially reduce the overall level of protection for Customer Personal Data.